Start Up: inside the Equifax hack, CCleaner compromised, Google’s auction offer, and more

A Kinect sensor. Soon you can put one in your pocket. Photo by bm.iphone on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

The iPhone X’s notch is basically a Kinect • The Verge

Paul Miller:


Apple’s iPhone X provides a nice little illustration of how sensor and processing technology has evolved in the past decade. In June 2009, Microsoft unveiled this:

In September 2017, Apple put all that tech in this:

Well, minus the tilt motor.

Microsoft’s original Kinect hardware was powered by a little-known Israeli company called PrimeSense. PrimeSense pioneered the technology of projecting a grid of infrared dots onto a scene, then detecting them with an IR camera and acsertaining depth information through a special processing chip.


Terrific observation. (And Apple did buy Primesense, in 2013.)
link to this extract

Samsung finally lets us disable the Bixby button • SamMobile

Adnan F:


The dedicated Bixby button on the Galaxy S8 and Galaxy S8+ didn’t really serve any meaningful purpose until last month when Bixby Voice was rolled out globally. Before the global release of Bixby Voice, the dedicated button could only be used for Bixby Home.

Most users didn’t feel the need for Bixby Home to have a dedicated key. Third-party apps were developed that allowed them to remap the button to launch any app of their choice. Samsung was quick to clamp down on those apps for reasons that our editor in chief explained in great detail.

I bemoaned recently that the Bixby button was driving me nuts and many of our readers agreed with me. I don’t like how it gets in the way and that you can’t avoid accidental presses of the button. However, it’s time for us to rejoice.

Samsung is finally allowing us to disable the Bixby button, to an extent.


Hooray? Except further down the story..


The implementation appears to be random right now. Some of our devices have got this toggle after the update. Some haven’t.


link to this extract

Apple’s removal of the App Store from iTunes screws over users, publishers, and developers • BirchTree

Matt Birchler:


Take a website like MacStories. This is a great website for discovering new iOS apps, and this week will especially be big since iOS 11 is coming out and tons of your favorite apps will be updated to take advantage of new features.

Here’s the thing though, you really shouldn’t read MacStories on a desktop anymore. Why? Well, because if you are on your MacBook Pro and read an article about an app you think looks great and want to buy, you have no course of action to actually get that app. Your 3 options are:

• Remember the app name and search the App Store on your iOS device for that app (and hope the App Store search brings up the right one)
• Remember the URL for the MacStories page, load that on your iOS device, and tap the link from the article on that device
• Save the App Store link to a read later service like Pocket and open the link on your iPhone or iPad

None of those options are great for the users or MacStories. Each option is worse than it was before, where you could tap/click an App Store link from any device and install the app from there. In this new reality, users have to do more work to get new apps if they don’t discover them on their iOS device, and the most likely solution (searching the App Store manually) cuts out the affiliate link MacStories used in their article.


Um.. AirDrop the link to yourself? (Drag the URL to the AirDrop page on Finder. On the phone you get the option to save it to iCloud Drive, Dropbox, Slack, and any other URL-capable app) Message it to yourself? But yes, things are broken at present.
link to this extract

‘We’ve been breached’: inside the Equifax hack • WSJ

AnnaMaria Andriotis, Michael Rapoport and Robert McMillan:


Although investigators are still grappling with who might be behind the Equifax break-in, the scale of the breach, sophistication of the hack and nature of the stolen data all point toward a state-sponsored actor, says a person familiar with the investigation.

In March, the Justice Department charged two officers with Russia’s Federal Security Service, alleging the hack was part of an information-collection operation. A Russian official said the charges were part of an attempt to raise “the theme of ‘Russian hackers’ in the domestic political squabbles in the U.S.”

“Credit bureaus are the tracks that the [credit] trains run on, and we should make sure those roads and tracks are sound if we’re going to run a whole economy over them,” said Louis Hyman, a consumer-credit historian at Cornell University…

…One large firm that links credit-card networks, merchants and lenders saw a spike in fraudulent activity from late May to early June, according to people familiar with the matter.

The firm was getting phone calls from people who said they had an account there and provided all four pieces of personal information typically needed for identity verification: name, address, date of birth and Social Security number. Equifax has said the same type of information was exposed.

Callers then asked the large firm to change the bank-deposit number for what they claimed was their business, people familiar with the matter say. The callers said the change was needed because they had changed banks.

The firm usually gets about a dozen such calls per year, but it was suddenly getting a dozen per week, these people say.


So likely a lot of people have been hit already. The state-sponsored idea is novel.
link to this extract

Hackers compromised free CCleaner software, Avast’s Piriform says • Reuters

Joseph Menn:


More than 2 million people downloaded tainted versions of Piriform’s program, which then directed the computers to get instructions from servers under the hacker’s control, Piriform said.

Piriform said it worked with law enforcement and cut off communication to the servers before any malicious commands were detected. This came after security researchers at Cisco Systems Inc (CSCO.O) and Morphisec Ltd alerted Piriform’s parent Avast Software of the hack last week.

The malicious program was slipped into legitimate software called CCleaner, which cleans up junk programs and advertising cookies to speed up devices.

CCleaner is the main product made by London’s Piriform, which was bought in July by Prague-based Avast, one of the world’s largest computer security vendors. At the time of the acquisition, the company said 130 million people used CCleaner…

…In a blog post, Piriform confirmed that two programs released in August were compromised. It advised users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 to download new versions. A spokeswoman said that 2.27 million users had downloaded the August version of CCleaner while only 5,000 users had installed the compromised version of CCleaner Cloud.


link to this extract

After crisis and collapse, Jack Heuer’s time has come again • FT

Simon de Burton:


Mr Heuer [as in Tag Heuer, the watches] has already experienced one calamity in the watch industry. In 1958, at the age of 26, he had gone to work for Heuer, the company founded in 1860 by his great-grandfather, Edouard. Twenty years later, the “quartz crisis”, when Japanese companies’ cheap quartz-powered watches destroyed historical Swiss brands, brought a 22% drop in Swiss watch exports and coincided with a 20% fall in the value of the Swiss franc against the dollar. In 1982, the financial situation defeated him: Heuer-Leonidas was sold to the first of a succession of owners, before being taken over by TAG. As he writes in his autobiography: “I was five months away from my 50th birthday and ruined.”

Now, almost four years after officially retiring as TAG Heuer’s honorary chairman, a role he had held since 2001, he will step aside for good at the end of this year. So how does he compare the difficulties faced by today’s watch industry to those he battled 35 years ago?

“I think the big difference this time is that there is both a technical challenge from the smartwatch [comparable to the arrival of quartz] and a mental slowdown with the end consumer — people have become used to being able to see the precise time on their mobile phones and perhaps feel they no longer have a need for a traditional watch.

“To me, that is a more disturbing factor than the competition from the smartwatch. In fact, I think it could be a potential killer for the industry because, unlike the smartwatch, the mobile phone does nothing to help the worldwide development of wristwatch sales — and I don’t think that danger has yet been fully addressed.”


link to this extract

iPhone X: the demo gods are cheeky • Monday Note

Jean-Louis Gassée:


Over time, I came to see how random the correlation between a demo’s success and the market’s reaction to the product is. Two good examples are the well-received Mac Portable demo where I assembled the machine on stage or, even better, the BeBox demo performed at the Agenda conference by my colleague Steve Horowitz that got a standing ovation. Market success didn’t follow.

On the other hand, we have Steve Jobs’ exquisitely edited and rehearsed Apple 2.0 demos. The best example is the January 2007 iPhone intro; a thrilling demo that marked the beginning of a new era, of more than one billion iPhones sold. The video is here, a resonant classic, the master at the top of his expository powers.

This brings us back to the aptly named iPhone X, ten years later. As it turns out, Face ID didn’t fail Federighi. A stagehand had unwittingly and repeatedly triggered Face ID when arranging the device before the presentation. As designed, a security algorithm kicked in when the camera had seen too much of the stagehand’s unrecognized face and thus it sent Federighi to the security code entry screen. Both disconcerting and reassuring.

I haven’t had the opportunity to form a Third Impression of the new iPhone X, that is putting my money on the table, getting the product and using it long enough to reach a stable gut-level feel, the one that triggers the ultimate marketing weapon: Word of Mouth.


It is very interesting to listen to John Gruber’s podcast with Craig Federighi, Apple’s software chief, who has been using the iPhone X for some time, and who says you get completely used to face-unlocking being automatic.

And I don’t want to seem fulsome, but Federighi’s recovery at the iPhone X onstage demo – when it didn’t unlock after what had probably been a summer when it unlocked every time for him – was one of the all-time presentation recoveries. Imagine how unnerving it would be if something that had always worked suddenly didn’t. Yet he had the presence of mind to not go with the passcode, but switch to the backup. It’s the only time I’ve ever seen him wrongfooted, and he handled it with aplomb.
link to this extract

There isn’t a long waiting list for the iPhone 8 yet • Business Insider

Kif Leswing:


If you were to log on to on Monday and order the newest iPhone, you wouldn’t have to wait very long until you received your new device.

In fact, some iPhone 8 models will still arrive by Friday, the first day it hits retail stores, even if it was ordered several days after pre-orders started.

This suggests there will be no shortage of iPhone 8 models this fall and that the iPhone 8 will be easier to find than previous new iPhone models. 

“The pre-order lead times are playing out as we expected with similar to the lead times as the smaller size iPhone’s over the past three years, but shorter lead times than the larger Plus sizes,” Loup Ventures founder Gene Munster wrote in a research post on Monday.


Anyone would think they had an entirely different phone coming out soon.
link to this extract

Google offers to auction off shopping ad spaces to rivals • WSJ

Natalia Drozdiak:


Google has proposed overhauling its shopping search results so that rivals can bid for space to display products for sale, as part of the tech giant’s efforts to comply with the European Union’s antitrust order, according to people familiar with the matter.

Under the proposal, Google would bid against rivals to display products for sale in the space above its general search results, according to the people. Google would set itself a price cap that it wouldn’t be able to bid above, but competitors could do so if they wished.

Rival shopping sites have hit back, saying an auction-based remedy wouldn’t assuage the EU regulator’s demands that the company treat its competitors’ offerings and its own shopping service equally.

The European Commission ordered Google to make the changes to its search results by late September as part of its decision to fine Google a record €2.42bn ($2.89bn) in June for discriminating against rival comparison-shopping sites in its search ranking…

…“While we have yet to see details of Google’s proposal, it seems unlikely that Google could have devised an auction-based remedy that does not fall far short of the equal treatment standard stipulated by the [commission’s] decision,” said Shivaun Raff, chief executive of, a comparison-shopping website that was the first company to file a formal antitrust complaint about Google to the EU.

The auction-based remedy could force Google’s competitors to bid away the majority of their profits to Google, Ms. Raff said. Google could set a high price cap for its own bids, pushing the bids of competitors higher.


As the story points out, this is essentially the same failed proposal Google made a few years ago with the previous competition commissioner, and it’s just as absurd. Competitors want access to the free spot at the top of the organic results, which Google presently awards to its Shopping site in a sort of technological nepotism. Competitors like Foundem argue that there should be a clear algorithmic explanation of how that top spot is chosen, so everyone can compete fairly for it.

This will cause another round of complaints, and meanwhile the rivals are ground down further by Google’s monopoly.
link to this extract

How Baidu will win China’s AI race—and, maybe, the world’s • WIRED

In August, Jessi Hempel interviewed Qi Lu, who left Microsoft to become chief operating officer at Baidu, having seen Microsoft’s Cortana effort fall behind Amazon’s (to the surprise of many at Microsoft, and Google):


Hempel: don’t you think that Amazon’s handicap is on its back end, in that it can’t keep up on the technology side with Google and Microsoft?

Qi Lu: I worked on Cortana four and a half years ago. At the time we all were like, “Amazon, yeah, that technology is so far behind.” But one thing I learned is that in this race to AI, it’s actually more about having the right application scenarios and the right ecosystems. Google and Microsoft, technologically, were ahead of Amazon by a wide margin. But look at the AI race today. The Amazon Alexa ecosystem is far ahead of anybody else in the United States. It’s because they got the scenario right. They got the device right. Essentially, Alexa is an AI-first device.

Microsoft and Google made the same mistake. We focused on Cortana on the phone and PC, particularly the phone. The phone, in my view, is going to be, for the foreseeable future, a finger-first, mobile-first device. You need an AI-first device to solidify an emerging base of ecosystems.

It’s become so much clearer, living in China, what AI-first really means. It means you interact with the technology differently from the start. It has to be voice or image recognition, facial recognition, in the first interactions. You can use a screen or touch, but that’s secondary.

At Baidu [headquarters], it’s all face recognition-based. At the vending machine at Baidu, you can buy stuff with voice and a face. And we’re also working on a cafeteria project. Our goal is, when you go to a cafeteria, you walk away with food…

…JH: How does the US market for voice technology compare to the Chinese market?

QL: The home environment is very different. Because we’re talking about voice interactions. The acoustic environment, the pattern of noises, will be very different. Alexa, Echo, and Cortana are optimized for American homes. In my view, this only works in North America and maybe a portion of Europe. Essentially, the assumption is that you have spacious homes; you have several rooms. In China, that’s not the case at all. For our target, even for the young generation with high incomes, typically they have 60 square meters [645 square feet], sometimes 90 square meters [970 square feet].

We have better opportunities to globalize DuerOS, because guess what? A home in Japan, a home in India, or a home in Brazil, is a lot closer to a home in China than a home in North America.


link to this extract

Video autoplay policy changes • Google Developers


As you may have noticed, web browsers are moving towards stricter autoplay policies in order to improve the web experience for users, minimize the incentives to install extensions that block ads, and reduce data consumption on expensive and/or constrained networks.

With these new autoplay policies, the Chrome team aims to provide a greater control to users over content playing in their browser. Those will also benefit publishers who have legitimate autoplay use cases.

Chrome’s autoplay policies are simple:

• Muted autoplay is always allowed.
• Autoplay with sound is allowed if any of the following conditions are met:
– User has interacted with the site (click, tap, etc.)
– Media Engagement Index threshold is crossed (desktop only)
– Site has been installed using the “Add to Homescreen” flow (mobile only)
• Top frame can delegate autoplay permission to their iframes to allow autoplay with sound.


The link to “noticed” is to the Safari team’s noticed about how they’re making video policies even tighter. Not only are people annoyed by autoplay videos; they’re also the source of a huge amount of ad fraud (autoplaying videos with sound off with display positions far off your screen). Chrome ought to be ahead of Safari on this, since it’s in Google’s interest if there isn’t ad fraud – isn’t it?

link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.