Start Up: towards better passwords, Pixel sans jack?, TomTom’s wearable trouble, Ive’s round work at Apple, and more

Google is phasing out Instant Search suggestions. Photo by FindYourSearch on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Passwords Evolved: Authentication Guidance for the Modern Era • Troy Hunt

Hunt takes a long look at the whole password topic; this is one about blocking previously breached passwords:


Getting back to the whole credential stuffing thing for a moment, once passwords are disclosed they must be considered “burned”, that is they should never be used again. Ever. Once they’re out there in the wild, an untold number of other parties now have those credentials which therefore significantly heightens the risk anyone uses them now faces. Imagine having access to a billion email address and password pairs taken from actual data breaches as I highlighted in the credential stuffing post:

NIST talks about the problem as follows:


When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised. For example, the list MAY include, but is not limited to: Passwords obtained from previous breach corpuses.


In layman’s terms, this means that when someone registers or changes their password, you should be checking to ensure it’s not a password that’s previously appeared in a data breach. It doesn’t matter that it may not have been the user who is presently registering that used the password in the breach, the mere fact that it has now been leaked publicly increases the chances of it being used in an attack. They also mention that the password shouldn’t be a dictionary word or a “context-specific word”; when I wrote about CloudPets leaving their database publicly exposed, I pointed out how even bcrypt hashes were easily crackable by using a small password dictionary including words such as “cloudpets”. Don’t let people use a password which is the name of the service they’re signing up to because they will!


If you consider that pretty much every password has been used and breached for six or seven characters, it shows the problem’s breadth.
link to this extract

Google has dropped Google Instant Search • Search Engine Land


After launching Google Instant — Google’s method of showing search results as you type them — several years ago, Google has removed the feature from search effective today.

Google Instant launched in 2010 under the leadership of Marissa Mayer. Mayer called this change a “fundamental shift in search” and the news was covered across all major media when it launched.

Now with the changes in how searchers use mobile — and over 50% of all Google searches being on mobile — Google decided to do away with this feature. A Google spokesperson told Search Engine Land:


We launched Google Instant back in 2010 with the goal to provide users with the information they need as quickly as possible, even as they typed their searches on desktop devices. Since then, many more of our searches happen on mobile, with very different input and interaction and screen constraints. With this in mind, we have decided to remove Google Instant, so we can focus on ways to make Search even faster and more fluid on all devices.



Alternative explanation: Google Instant got the company into huge amounts of boiling-hot water because the suggestions from the autocomplete were so horrendously biased that it sought a fix – and there is no fix except to remove it.
link to this extract

TomTom could be stepping back from wearable tech and action cams • Wareable

Hugh Langley:


TomTom is reassessing its place in the sports wearables market, following disappointing sales. Wareable has also learned that a handful of key executives have left the company, and that the company shelved plans for a Bandit 2 action camera.

TomTom’s Q2 earnings revealed a 20% year-on-year decline in consumer revenue, with TomTom quoting a poor performance in its Sports segment. “The wearables market has fallen short of expectations,” said TomTom CEO Harold Goddijn in an investors call, “and because of this and because we want to focus on Automotive, Licensing and Telematics businesses, we are reviewing strategic options for our Sports business.”

Needless to say that doesn’t sound good, and Goddijn did not rule out possibly closing the Sports segments. “We need to look at it,” he said. “We can’t carry on as we are going at the moment.”


Langley found that a ton of execs in that space have left the company. We look forward to Fitbit’s results in the next few days. Contenders in the wearable market are dropping like flies.
link to this extract

Points to keep in mind when reading any upcoming story about Elon Musk • West Coast Stat Views



This is a good time to reiterate a few basic points to keep in mind when covering Elon Musk:

1.    Other than the ability to make a large sum of money through some good investments, Elon Musk has demonstrated exceptional talent in three (and only three) areas: raising capital for enterprises; creating effective, fast-moving, true-believer corporate cultures; generating hype.

2.    Though SpaceX appears to be doing all right, Musk does not overall have a good track record running profitable businesses. Furthermore, his companies (and this will come as a big slap in the face of conventional wisdom) have never been associated with big radical technological advances. SpaceX is doing impressive work, but it is fundamentally conventional impressive work. Before the company was founded, had you spoken with people in the aerospace community and asked them “what is closest to being Mars ready, who has it, and who are the top people in the field?”, the answers would have been the type of engine SpaceX currently uses, TRW (which sued SpaceX for stealing their intellectual property), and the chief rocket scientist SpaceX lured away from TRW. By the same token, Tesla is pretty much doing what all of the other major players in the auto industry are doing in terms of technology.

3.    From the beginning, Musk has always had a tendency to exaggerate and overpromise. Smart, skeptical journalist like Michael Hiltzik and the reporters at the Gawker remnants have taken any claim from Elon Musk with a grain or two (or 20) of salt.

4. That said, in recent years things have gotten much, much worse. Musk has gone from overselling feasible technology and possibly viable business plans to pitching proposals that are incredibly unlikely then supporting them with absurdly unrealistic estimates and sometimes mere handwaving.


I haven’t paid Musk much attention, to be honest. I’m not sure point 2 has much weight: building successful businesses isn’t about radical technological advances; often, those two are opposed, because RTAs are costly and pay off slowly. (Mark has other points to make too, though.)
link to this extract

Trump, Scott Walker to reveal Foxconn factory plans in Wisconsin • CNBC

Justin Solomon and Anita Balakrishnan:


Apple-supplier Foxconn will announce a plant in Wisconsin on Wednesday evening, accompanied by President Donald Trumpand Wisconsin Gov. Scott Walker, a source with knowledge of the announcement told CNBC.

U.S. House Speaker Paul Ryan, R-Wis., will also be present at the announcement in Washington, a source said. No exact location for the plant has been chosen — but the area of southeast Wisconsin between Milwaukee and Chicago is under consideration, according to a source.

A source said that seven states were considered for the expansion, but Wisconsin appears to be a preliminary winner, and Ohio is a contender. About 10,000 jobs could be created.

The Wall Street Journal reported that Foxconn may be eyeing a new U.S. plant for display panels.

Foxconn is also known as Hon Hai Precision, a longtime supplier to Apple and other electronics companies that has come under scrutiny in the past over labor practices in China. It is unclear if Apple is involved in Wednesday’s announcement.


link to this extract

How Jony Ive masterminded Apple’s new headquarters • WSJ

Christina Passariello:


In the early days of planning, Ive and [Steve] Jobs shared “drawings, books, and created expressions of feelings,” says [Jobs’s widow Lauren] Powell Jobs, who often witnessed the longtime partners collaborating. Some principles were a given, such as the belief that natural light and fresh air make workers happier and more productive. The prototyping prerequisite made for a logical match with Foster + Partners, which also practices modeling and prototyping. Norman Foster visited Ive in his top-secret design studio during one of their early meetings. It emerged that the two design gurus have other interests in common, including a love of the work of English painter Bridget Riley, whose graphic black-and-white art plays tricks on the mind.

From the beginning, Ive had an “absolute obsession with the idea that it was built like a product, not like a piece of architecture,” says industrial designer Marc Newson, one of Ive’s oldest friends, who has contributed to Apple designs in recent years.

Ive takes a subtly British dig at other tech campuses sprouting across Silicon Valley. “A lot of the buildings that are being built at the moment are products of software-only cultures,” says Ive. “Because we understand making, we’ll build [a prototype] and try it and use it, and see what works and what doesn’t.” Facebook commissioned Frank Gehry to make its headquarters, with unfinished plywood walls and cables and cords that dangle from the ceiling. Bjarke Ingels’s and Thomas Heatherwick’s plan for Google’s new campus calls for a giant metal roof canopy.

Ive was used to taking on projects in new domains—such as music players and smartphones—so designing a campus didn’t feel like a leap. In fact, Ive thinks the line separating product design from architecture shouldn’t be so rigid. Architecture is “a sort of product design; you can talk about it in terms of scale and function and materials, material types,” he says. “I think the delineation is a much, much softer set of boundaries that mark our expertise.”

…The desire for light and air, crossed with the need for enough density to house 12,000 employees, gave shape to Apple Park’s main building. Ive, tracing an infinity sign in the air, says they considered complex forms, including a trilobal design, a sort of giant fidget spinner. Ultimately they decided that only a ring shape could give the feeling of being close to the elements.


link to this extract

Decoding the Enigma with Recurrent Neural Networks • Github

Sam Greydanus:


Now we’re ready for something a lot more complex: the Nazi Enigma. Its innards consisted of three rotating alphabet wheels, several switchboards, and ten cables. All told, the machine had 150,738,274,900,000 possible configurations!

How the Enigma works. Note that the three wheels can rotate as the decoding process unfolds

Background. Breaking the Enigma was an incredible feat – it even inspired the 2014 film The Imitation Game starring Benedict Cumberbatch as Alan Turing. Turing was one of the most important figures in the project. He also introduced the notion of Turing-completeness. In an ironic twist, we’ll be using a Turing-complete algorithm (the LSTM) to decode the Enigma.

We’ll train the model on only one permutation of switchboards, cables, and wheels. The keyword, then, is three letters which tell the model the initial positions of the wheels.

Basic training objective where “EKW” is the keyword. The keyword defines the initial positions of the three alphabet wheels

Making it happen. I synthesized training data on-the-fly using the crypto-enigma Python API and checked my work on a web-based Enigma emulator. I used each training example only once to avoid the possibility of overfitting.

The model needed to be very large to capture all the Enigma’s transformations. I had success with a single-celled LSTM model with 3000 hidden units. Training involved about a million steps of batched gradient descent: after a few days on a k40 GPU, I was getting 96-97% accuracy!


Greydanus has done a lot of interesting stuff in this space. He’s an undergraduate physics student at Dartmouth College in the US. His next project: trying to get RNNs to decode RSA-encoded text.
link to this extract

Biased AI is a threat to civil liberties. The ACLU has a plan to fix it • FastCo Design

Diana Budds:


The ACLU is primarily concerned with three areas where AI is at work: criminal justice; equity as it relates to fair housing, fair lending, and fair credit; and surveillance. The partnership is nascent, so the organization is still formulating exactly how it will address these themes. For starters, it will launch a fellowship related to AI and form working groups around these areas. It will also host workshops to help determine its position on these issues–like, for instance, how to frame questions that arise as municipalities begin to adopt AI and how to support civil liberties advocates as they look to the ACLU for guidance on how technology should be restricted, deployed, or designed.

Goodman points out that as AI matures and becomes more affordable, more organizations and jurisdictions are incorporating it into their practices, opening up the floodgates for more bias to enter society. “We’re at the [AI] adoption moment,” she says. “In some ways we’re at the beginning of the new era where the rules of the road are being established with respect to how AI is involved with government.”


Particularly worrying are the uses of AI in policing, sentencing, financing and lending. All are likely to increase any biases if they use the existing systems – which, in general, are biased against minorities.
link to this extract

Google Pixel 2 ditching 3.5 mm headphone jack, if these CAD renders are accurate • AndroidAuthority

“Team AA”:


The devices in the renders clearly adhere to Google’s design language, featuring that unmistakable two-piece back plate, and circular rear fingerprint scanner. They don’t differ too much from last year’s iterations in terms of appearance, though there are some new additions, namely, front-firing stereo speakers and an all-new camera.

It had been speculated that the new Pixel phones, or at least the larger XL variant, would come with dual cameras. This doesn’t seem to be the case, and instead, it looks like they will feature a large, single lens. This should provide for some exceptional photo quality, if its anything like the original Pixel’s camera, but some might be disappointed to see that it protrudes slightly from the handset’s body.

Now, here’s the real interesting part. Remember how Google took a jab at Apple’s removal of the 3.5 mm headphone jack last year in its Pixel commercial? Well, it appears that the search giant has ditched the 3.5 mm standard this year and went with just a single USB Type-C port. We hope that this means the new Pixel duo will be IP68-certified, because, otherwise, a lot of fans will probably be outraged.


If – and it’s always a big if with “renders” – this is the case, how are people going to use their corded headphones? Will there be a USB-C-to-3.5mm adapter in the box? But if there is, does that save on the expense of the 3.5mm socket? Apple has the advantage that (1) it has a line of Bluetooth headphones – more than one if you include Beats (2) its margins mean it could afford to include a Lightning-to-3.5mm adapter with every iPhone 7. That’s not the same for Google, even on the Pixel, because its volumes are so small in comparison.

Possibly Google has decided that the Pixel is used far more in modern cars (have Bluetooth) and at home (with Bluetooth speakers) and that if you use corded headphones it’s time to move on. If, of course, “the renders” are correct.
link to this extract

Creating the honest man • Süddeutsche Zeitung

Kai Strittmatter:


China’s future is already being rehearsed here. Rongcheng is one of three dozen pilot projects in China. In this town, they are creating the honest man. “People first need to gain an understanding of what we’re doing here,” Director Huang Chunhui says in Rongcheng. The Office of Honesty goes by another name these days, he explains, because “as we went along, we noticed that the name was somehow too vague”. So Huang now heads the “Office of Creditworthiness”. They are working on fine-tuning the system. Director Huang draws an egg on a piece of paper, cutting off the top and bottom of the egg with a stroke of his pen. “This is society,” he says. “At the top, you’ve got model citizens. And at the bottom, you’ll find the people that we need to educate.”

Then he explains the system. Each company and person in China is to take part in it. Everyone will be continuously assessed at all times and accorded a rating. In Rongcheng, each participant starts with 1000 points, and then their score either improves or worsens. You can be a triple-A citizen (“Role model of Honesty”, with more than 1050 points), or a double-A (“Outstanding Honesty”). But if you’ve messed up often enough, you can drop down to a C, with fewer than 849 points (“Warning Level”), or even a D (“Dishonest”) with 599 points or less. In the latter case, your name is added to a black list, the general public is informed, and you become an “object of significant surveillance”. This is how the Rongcheng municipality’s handbook “Administrative Measures for the Trustworthiness of Natural Persons” describes it.

“Mr. Director,  what type are you then?” “Hmm”, he answers. “The last time I checked, I think I was triple-A.” He rummages through his wallet and pulls out a plastic card. “Here is the ID for our public bicycle rental system. As a triple-A citizen, I don’t have to pay a deposit and can ride a bicycle for an hour and a half free of charge.” One of his employees rushes to his side and cites the system’s founding document from 2014: ““Allow the trustworthy to roam everywhere under heaven while making it hard for the discredited to take a single step”. The director nods.


Yes, it is like the Black Mirror “Nosedive” episode – except that that didn’t include government oversight, which is implied here. (Via Nick Carr, whose analysis is also worth reading.)
link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.