You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
Apparently Google marked yesterday’s Overspill as “junk” for some people because it contained a “bad link”. We don’t know which that was. We only do well-behaved links. But please go and retrieve it and mark it “Not Spam”.
A selection of 12 links for you. No bad links! I’m @charlesarthur on Twitter. Observations and links welcome.
Months ago I discovered a flaw hackers can use to access a company’s internal communications. The flaw only takes a couple of clicks to potentially access intranets, social media accounts such as Twitter, and most commonly Yammer and Slack teams.
The bug is still out there. It isn’t something that can be fixed right away. Over the past few months, I contacted dozens of companies and affected vendors as part of their bug bounty programs in order to get their setup fixed. Due to the number of affected companies it was not possible to contact everyone. On the recommendation of some of my hacker heroes, and with approval of the affected vendors, I’m publishing this blog so everyone affected can act immediately. Introducing what I’ve been calling Ticket Trick.
Haven’t seen this replicated. However, pretty much every amateur hacker on the planet will presently be trying to get into every company’s Slack systems as of, oh, about ten days ago when this was published.
link to this extract
Intriguing title, no? These are the first eleven words of Neal Stephenson’s novel Seveneves, which set up the remaining 600 pages as an extended treatise on the future of humanity as it copes with certain annihilation. I thoroughly recommend it, as long as you can deal with hundreds of pages of orbital mechanics. In this post I will numerically explore this post-lunar age, to verify for myself if it would be as deadly as described.
In the novel, one day the moon breaks up into 7 roughly equal-sized pieces. These pieces continue peacefully orbiting the Earth for a while, and eventually two pieces collide. This collision causes a piece to fragment, making future collisions more likely. The process repeats, at what Stephenson says is an exponential rate, until the Earth is under near-constant bombardment from meteorites, wiping out (nearly) all life on Earth.
How likely is this? Let’s simulate the process numerically.
Now I want to read the book.
link to this extract
Instagram used a user’s image which included the text “I will rape you before I kill you, you filthy whore!” to advertise its service on Facebook, the latest example of social media algorithms boosting offensive content.
Guardian reporter Olivia Solon recently discovered that Instagram, which is owned by Facebook, made an advertisement out of a photo she had posted of a violent threat she received in an email, which said “Olivia, you fucking bitch!!!!!!!” and “I Will Rape You”.
Instagram selected the screenshot, which she posted nearly a year ago, to advertise the photo-sharing platform to Solon’s sister this week, with the message, “See Olivia Solon’s photo and posts from friends on Instagram”.
Yeeaah. You can see what happened. It got loads of “engagement” – as in, people responding. So that means it must be good, right? Unfortunate for IG that it did it now, and did it with a Guardian reporter.
Researchers say Islamic State supporters have found an ephemeral platform to share propaganda: Using Instagram’s “stories” feature, which causes posts to disappear in 24 hours.
With successive military defeats in Iraq and Syria, many of its recruits dead or on the run and its Twitter and Facebook accounts being shut down, the group’s propaganda drive is increasingly homemade. But a recent analysis found the networks of people inspired by the group remain strong elsewhere.
The software analysis identified more than 50,000 accounts linked to Islamic State supporters posting Instagram stories, according to Andrea Stroppa, who is part of the software research group called Ghost Data. Of those 50,000, just over 10,000 are described as strongly-linked to IS — they follow core IS accounts and are followed back, and about 30% of their posted content is about the group.
“They send a message that they know will disappear but they know who the audience is. They are using these stories because they know it is a safe channel to share information,” said Stroppa, who is also affiliated with the World Economic Forum.
There is no sign that the majority of the posts are from Islamic State’s central propaganda units — rather, they tend to be personal snapshots with little production value, like a clip of the IS trademark black flag, or a bloody photo showing what happens to “traitors.”
50,000 is still quite a lot, given that those actually fighting will be one-tenth of that or less.
link to this extract
Here are 9 things we’ll be working on over the next few months:
1. We are actively working with the US government on its ongoing investigations into Russian interference. We have been investigating this for many months, and for a while we had found no evidence of fake accounts linked to Russia running ads. When we recently uncovered this activity, we provided that information to the special counsel. We also briefed Congress — and this morning I directed our team to provide the ads we’ve found to Congress as well. As a general rule, we are limited in what we can discuss publicly about law enforcement investigations, so we may not always be able to share our findings publicly. But we support Congress in deciding how to best use this information to inform the public, and we expect the government to publish its findings when their investigation is complete.
2. We will continue our investigation into what happened on Facebook in this election. We may find more, and if we do, we will continue to work with the government. We are looking into foreign actors, including additional Russian groups and other former Soviet states, as well as organizations like the campaigns, to further our understanding of how they used our tools. These investigations will take some time, but we will continue our thorough review.
3. Going forward — and perhaps the most important step we’re taking — we’re going to make political advertising more transparent. When someone buys political ads on TV or other media, they’re required by law to disclose who paid for them. But you still don’t know if you’re seeing the same messages as everyone else. So we’re going to bring Facebook to an even higher standard of transparency. Not only will you have to disclose which page paid for an ad, but we will also make it so you can visit an advertiser’s page and see the ads they’re currently running to any audience on Facebook. We will roll this out over the coming months, and we will work with others to create a new standard for transparency in online political ads.
Lying to machines: how Apple’s new “Do Not Disturb while driving” feature will shape your soul • Don’t Eat The Fruit
I’d like to think that the “Do Not Call While Driving” feature will at least cause drivers to think about how much they use their phones in the car. But my prediction is that in the next few weeks, millions of people will begin doing the exact same thing that I, to my shame, did. It’ll start small with a “legitimate” purpose, but eventually it’ll snowball and people will just tap “I’m Not Driving” as unthinkingly as we all check the “I’ve Read the Terms and Conditions” box.
Unfortunately, this will come quite naturally to us, not because we’re liars, but because of the way computer user interfaces (UI) are designed. Over the past few decades of computer use, we’ve been presented with thousands of buttons that say “OK” and checkboxes that say “I’ve read …” This has taught us that interacting with computers and devices means tapping whatever button is in the way of what we want.
This probably wasn’t terribly significant when the stakes were low, and it might seem hyperbolic to call it “lying.” But when we bend the truth about reading the Terms and Conditions, there aren’t kids in the roads or oncoming vans full of people.
It starts with the little things, then it grows, and pretty soon you’re president.
link to this extract
Like your iPhone, your Apple Watch has a Wi-Fi antenna inside of it, which allows it to connect directly to Wi-Fi networks (or via your iPhone) rather than always using your cellular data.
Where the two devices differ is in how they can connect: The Apple Watch doesn’t have an Auto-Join Wi-Fi screen, or a place to select networks. Nor does it have an option to dictate or Scribble in passwords. In short: Your Apple Watch can’t connect to Wi-Fi unless your iPhone has first connected to it.
Essentially, when your iPhone connects to a Wi-Fi hotspot and enters in the password while you’re also connected to Apple Watch, your iPhone syncs that information over to your Watch.
Apple Watch can then access that information and connect to a network — even if you visit that location in the future with only your watch. That way, you can use all of your Apple Watch’s online capabilities in Wi-Fi areas (like Messages, Maps, and any third-party apps) whether you have a GPS + Cellular model or a Series 0 Apple Watch.
Sounds easy enough, right? Unfortunately, there are a few limitations.
It seems like it grabs onto open Wi-Fi networks (eg Starbucks) that you’ve previously joined, but can’t authenticate, and so gets stuck. Neil Cybart, though, points out that the people who had trouble with the LTE calling were using AT&T – and thinks there’s something going on there. We’ll have to see how things go in the UK.
link to this extract
Craig Federighi says 3D Touch app switcher gesture will return in future update to iOS 11 • Mac Rumors
Federighi, replying to an email from MacRumors reader Adam Zahn, said Apple had to “temporarily drop support” for the gesture due to an unidentified “technical constraint.”
Question from Zahn: Could we at least make the 3D Touch app switch gesture an option in iOS 11 so that I could retain the ability to switch apps that way instead of having to double tap the home button?
Response from Federighi: Hi Adam,
We regretfully had to temporarily drop support for this gesture due to a technical constraint. We will be bringing it back in an upcoming iOS 11.x update.
Thanks (and sorry for the inconvenience)!
On devices that support 3D Touch running iOS 9 or iOS 10, users can press deeply on the left side of the screen, drag to the right, and release to quickly access the App Switcher.
This is interesting; I thought that it had been removed because on an edge-to-edge screen (ie, the iPhone X) it would be too easy to trigger. Apparently not.
link to this extract
The Food environment assessment tool (Feat) has been developed by CEDAR [Centre for Diet and Activity Research) and the MRC Epidemiology Unit at the University of Cambridge. It allows for detailed exploration of the geography of food retail access across England.
Feat is underpinned by the latest scientific evidence about how food access in our neighbourhoods affects our dietary choices, body weight and health. It will allow you to map, measure and monitor access to food outlets at a neighbourhood level, including changes over time.
It is designed around the needs of professionals in public health, environmental health and planning roles, locally and nationally. Use it to:
• generate local evidence for use in the development of Obesity Strategies, Local and Neighbourhood Plans, JSNAs and Strategic Planning Documents.
• support planning decisions
• compare food access between neighbourhoods, and see where is changing fastest
• target interventions, and test the effectiveness of planning policies
The Japanese company said the microchip unit would be sold for 2 trillion yen, or roughly $18bn. The structure of the deal is complicated, and Toshiba said it would retain partial control of the business. It was not clear on Wednesday how much would end up being owned by outside investors.
Those investors primarily include Bain Capital, the American buyout firm, and two organizations controlled by the Japanese government, the Innovation Network Corporation of Japan and the Development Bank of Japan.
While they were the only buyers identified by Toshiba on Wednesday, others, including Apple and the South Korean semiconductor company SK Hynix, are negotiating to potentially purchase smaller stakes, the person close to the deliberations said.
The business, Toshiba Memory Corporation, is an important manufacturer of flash memory chips, which are used in millions of smartphones and other digital devices.
Toshiba needs money from the sale to repair its tattered finances. A gaping hole in its balance sheet caused by bad bets on American nuclear power projects has threatened the future of the technology company, one of Japan’s biggest and most storied.
The deal’s more convoluted elements appeared to stem from Toshiba’s desire to retain a significant degree of control over the chip business.
One way that will happen is that Toshiba said it would join Bain and its partners in creating the special purpose company that will buy the unit. In effect, that means it will keep a portion of the unit for itself, though it did not say how much. Many analysts expect it to be a minority stake.
DRAM is so strategic now that nobody wants to cash out. Apple fronted $7bn to be in this and to win it: it needs chip prices to go down, or at least be predictable. Samsung makes its own chips – which puts it in a powerful position when there’s a world shortage of memory.
If you’re wondering why: consider that there used to be about 350m PCs sold, which would have around 8-16GB of RAM.
Now consider a world with 1.5bn smartphones sold, each having a minimum of 2GB of RAM. It’s an order of magnitude bigger. Those who saw that ramp coming are coining it – except Toshiba’s nuclear business screwed the rest of it.
link to this extract
The findings, portions of which were to be made public Wednesday at an international avionics conference in St. Petersburg, Fla., are the culmination of a four-year study intended to help reduce pilot workload and devise eye-tracking technology to identify pilot mistakes. Dutch government researchers, engineers from French equipment maker Thales SA and a host of other international experts also are developing cutting-edge systems able to alert pilots if they become distracted, sleepy or stray from normal procedures.
Without such advances, “the crew is no longer able to manage all the information” today’s jetliners spew out, Eric Parelon, a senior Thales manager, told an international safety conference in Brussels earlier this year. To further improve safety and enhance pilot decision making, he said, various touch-screen variants are essential because “information has to be provided in a completely different way” than in the past.
Pilots from more than 60 carriers participated in extensive simulator sessions run by the Netherlands Aerospace Centre depicting airborne emergencies, unexpected changes in runway assignments and other stressful situations. Sometimes with only one or two swipes of cockpit displays, pilots were able to respond—even setting up complex instrument approaches for entirely new destinations—while maintaining situational awareness and reducing workload, according to Wilfred Rouwhorst, a senior Dutch researcher.
And this is even in turbulence. But probably won’t come in for a decade. Though younger pilots are apparently keen on it.
link to this extract
The transfer [of about 2,000 HTC staff] to Google [for a $1.1bn payment] will reduce headcount by about 19%, according to Bloomberg Gadfly calculations. Those are probably among the most expensive people on the payroll; arguably they also add the most value. To be clear, HTC still has a solid team of engineers that works on its branded devices, such as its flagship U11 smartphone, which isn’t touched by the sale. “Powered by HTC” is the division primarily tasked with building products for non-HTC brand devices, such as the Google Pixel.
For HTC, the main point of this deal is to cut costs. It will do that with a 30% to 40% reduction in operating expenses, Shen said.
Unfortunately, based on financial results for the past six quarters, a 40% improvement in op-ex [operating expenditure] still isn’t enough to swing HTC to profit. Deeper cuts are needed. A 35% cut in the second quarter would have put the company in the black (barely) for that period, but revenue for the most recent two months indicate that this June quarter bounce was a fluke rather than a trend. HTC may well move in and out of profit, but there’s nothing to indicate this can be sustained.
If HTC management thinks it can still make money on smartphones, they’re deluded. The Vive is the only hope, but it’s going to be quite the tightrope walk. Google, meanwhile, has yet to show it can be a player in the smartphone world.
link to this extract
Errata, corrigenda and ai no corrida: none notified