Start Up: Clifford Stoll got it right, swiping in iOS 11, ARKit!, Microsoft v Fancy Bear, and more

Does this look like a promising avenue for a hack to you? Photo by haleyhughes on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Augment that if you dare. I’m @charlesarthur on Twitter. Observations and links welcome.

A smart fish tank left a casino vulnerable to hackers • CNN

Selena Larson:


Hackers attempted to steal data from a North American casino through a fish tank connected to the internet, according to a report from security firm Darktrace.

Despite extra security precautions set up on the fish tank, hackers still managed to compromise the tank to send data to a device in Finland before the threat was discovered and stopped.
“Someone used the fish tank to get into the network, and once they were in the fish tank, they scanned and found other vulnerabilities and moved laterally to other places in the network,” Justin Fier, director for cyber intelligence and analysis at Darktrace, explained to CNN Tech.

As internet-connected gadgets and appliances become more common, there are more ways for bad guys to gain access to networks and take advantage of insecure devices. The fish tank, for instance, was connected to the internet to automatically feed the fish and keep their environment comfortable — but it became a weak link in a the casino’s security.

The unnamed casino’s rogue fish tank is one of nine unusual threats that Darktrace identified on corporate networks published in a report Thursday.


link to this extract

IoT thermostat bug allows hackers to turn up the heat • Newsky Security blog

Ankit Anubhav:


With the ever-increasing impact of smart and connected devices in our daily lives, Cybersecurity has a variety of security challenges to deal with. The field of traditional computer security deals with a myriad of issues like data theft or sabotage. However, when it comes to IoT security, the consequences of a successful attack can be even more diverse. In this post, we discuss an IoT Smart Thermostat bug and how a hacker leveraged it to raise the control temperature by 12C (~22F) degrees.


Turns out to be pretty straightforward. Shodan, the search engine that lets you search for IoT systems, is something of a hazard in that respect. The bug has been patched, but it won’t be the last.
link to this extract

In 1995, this astronomer predicted the Internet’s greatest failure • Medium

Rob Howard:


The problem for the people who chose to troll [Silicon Snake Oil author Clifford] Stoll, however, is that a lot of his predictions and criticisms of the web were spot on. Read this quote from 1995, and tell me it couldn’t be written (and praised) today:

“Your word gets out, leapfrogging editors and publishers. Every voice can be heard cheaply and instantly. The result? Every voice is heard. The cacophony more closely resembles citizens band radio, complete with handles, harassment, and anonymous threats. When most everyone shouts, few listen.”

This was written in reference to Usenet, an early Internet message board, but could apply to Twitter, Reddit, and countless other social platforms today without changing a single character. A few months ago, Ev Williams, the founder of Medium and co-founder of Twitter, said almost the exact same thing:

“I thought once everybody could speak freely and exchange information and ideas, the world is automatically going to be a better place. I was wrong about that.”

In the same article, Williams told The New York Times: “The Internet is broken.” If only someone had seen this coming.

As a scientist, Stoll had been using forms of the Internet since its inception in the ’70s. He wasn’t off-base in calling it a “wasteland of unfiltered data.” He was 20 years ahead of his time.


I interviewed Stoll at the time of Silicon Snake Oil; there wasn’t any agreement on whether the internet was a good or bad thing. For most people it was barely a “thing” at all.
link to this extract

iOS 11: An alternative to swiping notifications, and why Apple changed this behavior • Finer Things in Tech

David Chartier on a UI change in iOS 11 which at first seems peculiar:


In iOS 11’s Notification Center, Apple removed the ability to swipe left on a notification in order to reveal buttons for Clear and View. I found an alternative. I think I know why Apple changed this behavior, and I like it better now.

The solution: 3D Touch or tap-and-hold.

Previously, swiping left on a notification felt slightly problematic. It was sometimes easy to swipe too far or not far enough, resulting in unintended behavior.

In iOS 11, you can either 3D Touch a notification or, for those on devices without 3D Touch, including iPads, tap-and-hold. This has two advantages.

First, the notification is now displayed with all available functionality. Instead of having to choose whether to clear or interact with the notification (say, to reply to a message or mark a task complete), you now get to see the notification’s full content, all available actions, and a convenient and easy to tap (X) in the upper right of the notification box.


I think the second advantage is easier navigation. Now, a swipe left anywhere in Notification Center results in launching the Camera app. A swipe right anywhere takes you to the Today widget page. From my testing, it seems impossible now to accidentally swipe a notification when you wanted the camera, and vice versa.


This makes sense. What you don’t want in an interface is ambiguity, or being able to do two different things through the same action: it confuses people.
link to this extract

ARKit Furniture dropping app; ARKit direction demo • Made With ARKit


ARKit Furniture dropping app, by Asher Vo.

But you might find the Starbucks one more interesting – if you assume this is how it would look through glasses. Don’t want to be walking along with this on your phone, ideally.


link to this extract

Putin’s hackers now under attack—from Microsoft • Daily Beast

Kevin Poulsen:


Last year attorneys for the software maker quietly sued the hacker group known as Fancy Bear in a federal court outside Washington DC, accusing it of computer intrusion, cybersquatting, and infringing on Microsoft’s trademarks.  The action, though, is not about dragging the hackers into court. The lawsuit is a tool for Microsoft to target what it calls “the most vulnerable point” in Fancy Bear’s espionage operations: the command-and-control servers the hackers use to covertly direct malware on victim computers.  These servers can be thought of as the spymasters in Russia’s cyber espionage, waiting patiently for contact from their malware agents in the field, then issuing encrypted instructions and accepting stolen documents.

Since August, Microsoft has used the lawsuit to wrest control of 70 different command-and-control points from Fancy Bear. The company’s approach is indirect, but effective. Rather than getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been taking over the Internet domain names that route to them. These are addresses like “livemicrosoft[.]net” or “rsshotmail[.]com” that Fancy Bear registers under aliases for about $10 each.  Once under Microsoft’s control, the domains get redirected from Russia’s servers to the company’s, cutting off the hackers from their victims, and giving Microsoft a omniscient view of that servers’ network of automated spies.

“In other words,” Microsoft outside counsel Sten Jenson explained in a court filing last year,  “any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server.”


link to this extract

Should you force quit your iOS apps? Let’s look at the data • BirchTree

Matt Birchler decided that this needs some SCIENCE:


I first closed all apps on my iPhone 7 Plus to get a good base line. I then launched 50 apps and closed them as soon as they finished opening. These apps ranged from Facebook to Twitter to Google Photos to Snapchat and many more. It was a wide range of apps, and I tried to get a good spread of apps most people would use. I waited 2 minutes for all apps to finish any last second background functions, and then started recording CPU usage in Instruments on my Mac. I recorded for 15 minutes.

Next, I closed all apps from the multitasking screen. I then turned off the screen and waited 2 more minutes for any “straggling” tasks to complete. I then started recording the phone’s CPU usage again with Instruments for Mac. The test ran for 15 minutes and I saved all the data to a CSV.

I used Instruments’ Activity Monitor and CPU Activity Log tools for these specific tests.

I ran this test 2 more times to confirm these results were not anomalies. Subsequent testing resulted in nearly identical results…

…there is little difference in the CPU usage between either test. Each test had a few spikes in usage over the test, each about 10 minutes apart.

The test with all apps closed had both the biggest spike in CPU usage, hitting 68% CPU for a few seconds. It also had the highest continuous minute of usage from the 13:57-14:57 time codes, 42%.

Average CPU usage over the 15 minute spans was:

• All apps closed: 7.321%
• Zero apps closed: 7.929%


Turns out Wi-fi uses 3x more CPU than all 50 apps. Want to save battery life? Turn that off when you don’t need it.
link to this extract

Fitbit hit with lawsuit over haptic feedback patents • ReadWrite

David Curry:


Fitbit has been hit with a lawsuit from Immersion, a developer of haptic feedback technology, claiming that the Alta HR and Charge 2 maker has infringed on its patents.

Immersion asks for Fitbit to cease manufacturing of all infringing devices, which, we suspect, includes all fitness trackers currently on the market. Fitbit makes use of haptic feedback for notifications, breathing exercises, and touch control, found on all trackers.

“We are disappointed that Fitbit rejected our numerous attempts to negotiate a reasonable license for Fitbit’s products, but it is imperative that we protect our intellectual property both within the U.S. and through the distribution chain in China,” said Immersion CEO, Victor Viegas.

It should be noted it is not the first time Immersion has taken a large tech company to court over haptic feedback technology. In 2016, it took Apple to court over its 3D Touch technology; some media outlets have labelled Immersion a patent troll.


Yet more problems for Fitbit.
link to this extract

Burglary, robbery, kidnapping and a shoot-out over… a domain name?! • The Register

Kieren McCarthy:


A home break-in that resulted in two men being shot – one of whom was later charged with burglary, robbery and kidnapping – was the result of a domain name dispute, cops have said.

Sherman Hopkins, 43, broke into a house in Cedar Rapids, Iowa, America, last month armed with a gun, it is alleged. Rather than making off with some jewelry or a flatscreen TV, however, it is claimed Hopkins confronted the owner – 26-year-old Ethan Deyo – and, at gunpoint, attempted to get him to transfer a domain name to an unnamed third party.

“Hopkins forced Deyo to log on to his computer and tried to coerce Deyo to transfer a domain name,” a criminal complaint filed this week by the Linn County Attorney’s Office states, although it fails to say what the domain name was.

We called the police department and asked. They wouldn’t tell us the name but noted it was “valuable.” “We will release the name of the domain after our investigation is complete,” a police spokesman told The Register.

Right now, the cops are looking into the details of the third person that Deyo was asked to transfer the name to and whether that person “had an influence” on Hopkins’ alleged behavior.


“Had an influence” 👀
link to this extract

Vinod Khosla: Venture capital has less sexual harassment than other industries • Recode

Theodore Schleifer:


To hear Vinod Khosla tell it, sexual harassment isn’t quite as common in venture capital as you might think.

As a spate of allegations rock the business, Khosla said he was “a little surprised” by the revelations, but is still arguing that venture capital is relatively a safer space for women than other fields are today.

“I did not know that there was any discrimination,” Khosla said, adding that it was “rarer than in most other businesses.”

“I’ve never done a statistical survey,” Khosla admitted to an audience at a trade event in Palo Alto Thursday evening. But he said he is quizzing women about their experiences and it was nevertheless his “impression” that the problem was not quite as prevalent as a percentage as it is in other industries, such as autos or finance.

Harassment allegations have already ejected two prominent venture capitalists from rival firms in recent weeks, and firms today describe an industry on edge and waiting for more shoes to drop.


I’m betting that Khosla’s wrong.
link to this extract

People who tried to take panorama shots and ended up opening the gates of hell • Sad And Useless

We’ll try just one. There are many.

link to this extract

Errata, corrigenda and ai no corrida: none notified

2 thoughts on “Start Up: Clifford Stoll got it right, swiping in iOS 11, ARKit!, Microsoft v Fancy Bear, and more

  1. Regarding “If only someone had seen this coming.”: That’s unfair. People *do* see it coming. And when they point it out at the start of the hype cycle, at best they get ignored, at worst they get personally attacked by the nastier hype-mongers. Stoll wasn’t the only person back then pointing out potential problems (cough). The last chapter of Lessig’s book _Code_ was all about decrying a restrictive mindset. The problem is that there is absolutely no benefit to being right – snake-oil sellers collect their profits, but accurate prophets typically ends up at a loss.

  2. About turning off wifi: using 3G/4G is much more of a battery drain than Wifi. I live 5′ away from the Tube and work 2mins away. There’s a couple of public Wifi-access points on my walk to and from the Tube, plus the Virgin w-ifi on the Tube. I spend about 10 minutes a day without Wi-Fi.
    I made an experience the other month and turned off cellular data for 30 days. It didn’t affect me the least (I have Wi-Fi calling with my carrier) – well, I saved 20 quid (am on Three PAYG) and had much better battery life.
    Keep up the good work!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.