Start Up: a Wi-Fi worm, Twitter flaps, Samsung’s struggle, North Korea v tech, open Flash?, and more

California’s smog may be getting a $3bn cleanup, via subsidies for electric vehicles. Photo by Metro Transportation Library on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. See? Friday already with no extra effort. I’m @charlesarthur on Twitter. Observations and links welcome.

Broadpwn: remotely compromising Android and iOS via a bug in Broadcom’s Wi-Fi chipsets • Exodus Intelligence

Nitay Artenstein:


As modern operating systems become hardened, attackers are hard at work looking for new, powerful and inventive attack vectors. However, remote exploits are not a simple matter. Local attacks benefit from an extensive interaction with the targeted platform using interfaces such as syscalls or JavaScript, which allows the attacker to make assumptions about the target’s address space and memory state. Remote attackers, on the other hand, have a much more limited interaction with the target. In order for a remote attack to be successful, the bug on which it is based needs to allow the attacker to make as few assumptions as possible about the target’s state.

This research is an attempt to demonstrate what such an attack, and such a bug, will look like.
Broadpwn is a fully remote attack against Broadcom’s BCM43xx family of WiFi chipsets, which allows for code execution on the main application processor in both Android and iOS. It is based on an unusually powerful 0-day that allowed us to leverage it into a reliable, fully remote exploit.


This is the attack for which Apple provided a security update last week, I believe. (Android update status: unknown.) It’s potentially devastating: a Wi-Fi worm which only requires you to associate with the attacking Wi-Fi network.
link to this extract

It looks like the state of California is bailing out Tesla • Business Insider

Wolf Richter:


The California state Assembly passed a $3bn subsidy program for electric vehicles, dwarfing the existing program. The bill is now in the state Senate. If passed, it will head to Governor Jerry Brown, who has not yet indicated if he’d sign what is ostensibly an effort to put EV sales into high gear, but below the surface appears to be a Tesla bailout.

Tesla will soon hit the limit of the federal tax rebates, which are good for the first 200,000 EVs sold in the US per manufacturer beginning in December 2009 (IRS explanation). In the second quarter after the manufacturer hits the limit, the subsidy gets cut in half, from $7,500 to $3,750; two quarters later, it gets cut to $1,875. Two quarters later, it goes to zero.

Given Tesla’s ambitious US sales forecast for its Model 3, it will hit the 200,000 vehicle limit in 2018, after which the phase-out begins. A year later, the subsidies are gone. Losing a $7,500 subsidy on a $35,000 car is a huge deal. No other EV manufacturer is anywhere near their 200,000 limit. Their customers are going to benefit from the subsidy; Tesla buyers won’t.

This could crush Tesla sales.


You can argue it both ways – it’s a bailout, but it’s also making California’s air less polluted by proxy. So taxpayers are paying, in a roundabout way, for cleaner air. If they buy an electric car, they get a refund – and more – on that taxation. Subsidies are odd things.
link to this extract

Twitter fails to grow its audience, again • Bloomberg

Sarah Frier:


Twitter Inc. failed to attract more monthly users in the second quarter, spooking investors looking for evidence that the company is on a sustainable long-term growth path. The shares tumbled the most in nine months, even as quarterly revenue topped analysts’ projections.

A long-term turnaround depends on Twitter expanding its audience. That number stands at 328 million monthly active users — the same as in the prior quarter, the San Francisco-based company said in a statement Thursday. Revenue fell 4.7% and the company’s net loss also widened, affected by a $55m writedown of the value of its investment in SoundCloud, the German music streaming service.

Twitter is still working to prove that it can build a sustainable, growing business…

…“It’s a niche platform,’’ said Brian Wieser, an analyst at Pivotal Research. “It always was and always will be.’’


Takeover target in a few years’ time? Or will it just be left to stumble on, not quite burning enough cash to flame out?
link to this extract

Sense of crisis felt at Samsung Electronics despite Its best-ever performances • BusinessKorea

Michael Henh:


Samsung Electronics announced on July 27 that the company chalked up operating profit of 14.1trn won (US$12.6bn) in the second quarter of this year. The figure was the highest among non-financial companies in the world. However, the absence of vice chairman Lee Jae-yong who is the highest decision maker at Samsung casts a dark shadow on Samsung. Large-scale investment plans have virtually vanished at Samsung.

“A large investment in the semiconductor industry a few years ago made Samsung what the company is today. Now is the time to prepare for the future, but now Samsung’s business activities are virtually put on hold,” said a senior Samsung Electronics official.

The disappearance of Samsung’s large-scale M&A announcements is also largely due to the absence of its owner. Samsung shelled out 9trn won (US$8.1bn) last year to acquire Harman, a global electronic auto parts company, and secured competitiveness by acquiring 10 small and large companies over the past five years. However, Samsung Electronics’s investment has not been made since the vice chairman Lee’s arrest. Current investments were like the implementation of agendas that were planned in the past.


Surprising, but the article makes a good case that Samsung Electronics is not progressing – even if it is profiting.
link to this extract

Opinion: why North Korea should worry the tech world • PC Magazine

Tim Bajarin:


Some years back, on a trip to Asia, which included a stop in South Korea, I asked a top tech official what concerns him the most. He said the collapse of North Korea and the fact that millions of North Koreans would rush over the border and paralyze South Korea’s region and economy. As a result, I have been watching North Korea’s efforts to advance its nuclear program, and what I fear is more than just saber-rattling.

In April, President Trump spoke with Chinese President Xi Jinping and reportedly told him that if China doesn’t help solve the North Korean problem, the US will address the issue on its own. Now, I don’t profess in the slightest to know what it means to “go it alone,” but as Secretary of State Rex Tillerson has said, “all options are on the table” when it comes to dealing with North Korea.

Given the fact that our current administration is unpredictable and has little experience in dealing with a crisis like the one we have in North Korea, anything is possible, including some type of strike to try and take out its nuclear sites…

…A good friend of mine, who travels to this area of the world 10 to 12 times a year and really understands the political side of these countries, says that the only way to normalize North Korea, which may sound counterintuitive, is to help it find a way to feel more secure. North Korea will focus on prosperity and abandon its nuclear ambitions only when it feels safe and a part of the northeast Asian economy. More sanctions or military action will not end well. This is a wise observation, and I would hope that our current administration has someone inside that understands this option.


This point about making North Korea feel safe, rather than threatened, is counterintuitive; but it makes perfect sense.
link to this extract

Adobe Flash fans want a chance to fix its one million bugs under an open source license • Gizmodo

Tom McKay:


While Adobe is finally mercy killing Flash, its multimedia software that helped power countless web applications like games and videos faced but widespread criticism for its rapid decline in usefulness and growing number of security vulnerabilities, some fans want to keep it alive as an open-source project for the future.

A petition circulated by web developer Juha Lindstedt is asking Adobe not to pull the software off the market entirely, but instead release it as an open-source project which could fix its many problems. Over 900 people have already starred it on Github.

“Flash is an important piece of Internet history and killing Flash Player means future generations can’t access the past,” Linstedt wrote. “Games, experiments and websites would be forgotten.”

“Open sourcing Flash would be a good solution to keep Flash projects alive safely for archive reasons,” Lindstedt added. “Don’t know how, but that’s the beauty of open source: You never know what will come up after you go open source!”


This would be an excellent move. It is an important part of web history.
link to this extract

Apple Glasses Are Inevitable • Above Avalon

Neil Cybart:


Augmented reality glasses check off all of the boxes for a product in Apple’s wheelhouse and are deserving of a rare green light to market. 

• Hardware and software integration. There is room for Apple to create value by controlling both the hardware and software comprising AR glasses. The sum will be greater than its parts.
• Wearables manufacturing. Apple is learning quite a bit about manufacturing techniques and materials from Apple Watch and AirPods. These lessons can be transferred over to glasses, an item that will need to include a plethora of technology yet remain light.
• AR technology. Apple’s big bet on AR will represent the catalyst for turning glasses and sunglasses into something more. An engaged base of iOS developers experimenting with ARKit will give Apple Glasses a hospitable app environment.
• Personal technology evolution. AR glasses represent the evolution of Apple’s decades-long quest to make technology more personal – allowing people to get more out of technology without having it take over their lives.
• Fashion and luxury themes. Apple Watch has taught Apple much about how to get people to wear personal technology.
• Health/Medical. The ability to improve one’s vision fits within Apple’s expanding interest in health and medical.
• Retail demoes. Nearly 500 Apple Retail stores offer prime demo areas for customers to try on various glasses. 


I bet that a demo area for augmented reality glasses in an Apple Store would be crowded the whole day long. Glasses plus AirPods plus, perhaps, Watch.
link to this extract

Apple patent reveals the exciting possibility of augmented reality smartglasses • Patently Apple

Jack Purcher:


Apple acquired Metaio the creator of ‘Thermal Touch’ and a new Augmented Reality Interface for Wearables and beyond back in 2015. Their technology is thought to be behind Apple’s push into augmented reality and ARKit. This year a Metaio patent application surfaced under Apple for moving furniture in augmented reality. Apple was also granted a patent for indoor navigation that covered new capabilities for a future iDevice camera allowing it to recognize building names or paintings and then adding AR identifying markers on the user’s iDevice photos.

Today another original Metaio patent application under Apple has surfaced relating augmented reality. More specifically it covers a method for representing points of interest in a view of a real environment on a screen of an iPhone with interaction functionality. The buzz is that the patent covers AR smartglasses as noted in our cover graphic, something that Apple has been adding to a series of new and updated trademarks of late


Augmented reality glasses from Apple seem like an inevitability, as Cybart says above.
link to this extract

YouTube’s head of music confirms YouTube Red and Google Play Music will merge • The Verge

Micah Singleton:


YouTube’s head of music confirmed that the company is planning on merging its Google Play Music service with YouTube Red to create a new streaming offering. During a panel session for the New Music Seminar conference in New York, Lyor Cohen stated that the company needed to merge the two services to help educate consumers and bring in new subscribers.

“The important thing is combining YouTube Red and Google Play Music, and having one offering,” Cohen said when asked about why YouTube Red isn’t more popular with music users. He didn’t address whether or not the two apps would merge — but it seems very unlikely.

Right now, YouTube’s music ecosystem is unnecessarily complicated. There’s YouTube Red, which removes ads from videos and lets you save them offline, while also giving you access to Google Play Music for free. Then there’s YouTube Music, which anyone can use, but it gets better if you’re signed up for YouTube Red. And YouTube TV is also a thing — an entirely separate thing — but it’s not available everywhere yet.

The merger has been rumored within the industry for months, and recently picked up steam after Google combined the teams working on the two streaming services earlier this year.


“Help educate consumers and bring in new subscribers” implies that people don’t know about these subscription services and that they need them. Badly?
link to this extract

Opinion: I’m not happy about the lack of a headphone jack on the Pixel 2, but I’ll gladly live with it • 9to5 Google

Ben Schoon:


I fully understand where people are coming from with the loss of a headphone jack. It’s an important part of a mobile device as it’s probably the most common way to output audio on the planet. People rely on it daily in their cars, with their earbuds, and in plenty of other situations. Losing it is not fun, and I can see how it could be a deal-breaker.

That said, I’m honestly fine with it going away at this point. A year ago, I wouldn’t have said the same thing. Why? At that point, alternate methods of audio output weren’t as commonplace, or cheap. A pair of Bluetooth earbuds were pretty expensive, and USB-C audio output was still a mess.

Now, however, we’ve reached the point where those aren’t issues. Just the other day I saw a pair of Bluetooth headphones in a retail shop for just $10 (and I regret not picking them up to see if they were any good). That, and a quick look at Amazon, shows that the costs of audio in a post-headphone jack world are decreasing.


Not surprising that the justifications would start rolling in – if you’re writing for a site reliant on people who like Google, you’re not likely to diss it – but I particularly enjoyed him saying later in the piece that the Pixel 2 lacking a headphone jack would drive other OEMs to follow suit.

The Pixel 2 is going to sell a few million, based on past experience. I don’t think its influence will be that big. And other Android OEMs have already ditched the jack for some models – notably Motorola at the lower end.
link to this extract

Errata, corrigenda and ai no corrida: re last week’s commentary about Spotify v Netflix: I suggested that Netflix’s advantage is that it can upsell people on 4K video. Lots of you responded that its real advantage is that it creates its own content – which means that it reaps all the profit, whereas Spotify has to keep paying labels and musicians.

The logical conclusion: Spotify should start its own record label.

2 thoughts on “Start Up: a Wi-Fi worm, Twitter flaps, Samsung’s struggle, North Korea v tech, open Flash?, and more

  1. One issue with the disappearing headphone jack is that FM radios used wired headsets as antennas, so a jack is required for that feature, which is still relevant today – I use it several times per week, though no longer daily.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.