The first iPhone X review – well, impression – is in. Face front. Photo by MarkGregory007 on Flickr.

A selection of 11 links for you. Question: do colloids collude? I’m @charlesarthur on Twitter. Observations and links welcome.

Apple’s iPhone X: the first field report • WIRED

Steven Levy was one of the first reviewers of the original iPhone, and has been using an iPhone X since last Tuesday:

»

Does [Face ID] work? Pretty much. It seems reliable at fending off intruders. I have thrust my phone into several people’s faces—though considerably fewer than the million punims that Apple says I’d have to try before a false positive—and it has not fallen for any of them. I even offered up my own head shot to the camera: no go. How it has dealt with my own real-life face is another matter. There have been times when, despite a clear view of my face, the iPhone X has ghosted me. (Apple tells me that perhaps I wasn’t making what the iPhone X considers eye contact. I wouldn’t want it to turn on every time my face was within camera range, would I?)

Eventually I devised a strategy. When waking my iPhone I think of it as De Niro’s mirror in Taxi Driver. You talkin’ to me? Well, I’m the only one here! I then see if the little lock icon on the screen has released its latch. Alternatively, a good way to see when you’ve been recognized is to notice the generic messages on the lock screen saying “you have a notification” from Facebook, Gmail, or wherever. When you and your iPhone X make that turn-on connection, those flesh out with the actual content of the message…

…A decade hence, when it’s time for the iPhone 20 (XX?), we’ll already be on the road to what comes after the smartphone; the X might be a halfway point to that future. And that’s why, despite the fact that the iPhone X at present is no more than a great upgrade to the flagship device of the digital age, I can’t easily dismiss Tim Cook’s effusions that this is more than just another iteration.

It’s no accident that some of the most impressive expressions of the new phone’s technology is in the realm of augmented reality, where the digital world adds layers onto the physical one.

«

What’s notable is that to demonstrate what’s radical about it, he’d do the animated poo emoji thing. But that’s a real sign of where it’s all heading: superimpose things on reality.
link to this extract

CCP Games ending VR efforts after building its biggest titles • UploadVR

Ian Hamilton:

»

In what can only be characterized as one of the biggest blows to the budding VR industry, CCP Games is shelving its VR efforts.

The Iceland-based creator of EVE Online is one of VR’s biggest proponents and earliest developers, producing some of the industry’s most prominent titles including Rift-first space battle game EVE: Valkyrie, mobile VR turret shooter Gunjack and PlayStation-first sports game Sparc. The company is closing its Atlanta office and selling its Newcastle office, according to a report by the Iceland Monitor. The decision affects around 100 employees.

«

Well well. This is dramatic.
link to this extract

Russian content on Facebook may have reached 126 million users — far more than first disclosed, company testimony says • The Washington Post

Craig Timberg and Elizabeth Dwoskin:

»

Facebook plans to tell lawmakers on Tuesday that 126 million of its users may have seen content produced and circulated by Russian operatives, many times more than what the company previously disclosed about the reach of the disinformation campaign during the 2016 presidential election, according to documents obtained by the Washington Post.

Google on Monday acknowledged for the first time that its platforms were also compromised, revealing that Russian trolls uploaded over a thousand videos to YouTube on 18 different channels.

The disclosures, which are contained in draft testimonies obtained by The Washington Post ahead of three Capitol Hill hearings this week, come as tech giants face mounting pressure to more fully investigate how Russians used their platforms to influence American voters and reveal more of their findings to the public.

Previously, Facebook had focused its disclosures on Russian ads. The company has said that 470 accounts and pages run by a Russian troll farm had purchased roughly 3,000 ads, which the company said reached an estimated 10 million users. But the troll farm, known as the Internet Research Agency, also published free content. Researchers estimated that the spread of free content was far greater than that of ads and that Facebook has been under pressure to share more about those posts.

«

link to this extract

Facebook’s Mark Zuckerberg makes another appearance in China • WSJ

Alyssa Abkowitz:

»

Later that evening, Mr. Zuckerberg posted a picture of himself with Tsinghua students – drawing several comments that pointed to the obstacles Facebook must overcome for any return of its social-networking platform to China.

“If you think you can ever convince them about opening up to a free speech platform like Facebook, forget it,” one commenter wrote. “They just had a 19th Congress that reaffirmed their commitment for censorship and weeding out dissent.”

Mr. Zuckerberg has said he considers China crucial to Facebook’s future, and his participation on the Tsinghua board may be a sign that he hasn’t given up on hopes of re-entering the country’s market, said Mark Natkin, managing director at Marbridge Consulting in Beijing.

“I think he’s someone who likes a challenge and who is accustomed to beating the system,” Mr. Natkin said. “The arrangement with Tsinghua is probably one of many ways he has come to believe it may help his company in China.”

Mr. Zuckerberg was appointed to the board in 2014 and attended its annual meeting in 2015.

In addition to Mr. Zuckerberg, Western business leaders present included Apple Inc. Chief Executive Tim Cook, Blackstone Group Chief Executive Stephen A. Schwarzman and former U.S. Treasury Secretary Hank Paulson. During the meeting, Mr. Xi said he was looking forward to U.S. President Donald Trump’s visit to China next month, and said China wanted to deepen its cooperation with the U.S. and resolve their conflicts, according to CCTV’s evening broadcast.

«

That’s a lot of executives milling around Xi. They don’t seem to be doing the same around Trump. Just an observation.
link to this extract

Thread Reader • TTTThreads

»

Thread Reader helps you unroll a full Twitter thread on a dedicated beautifully designed page to allow an easy read of the whole story.

Enter any tweet from the thread.

«

For those who have been struggling with epics such as Seth Abramson’s 130+ tweet threads, this is what you really want. Being able to enter *any* tweet from the thread makes life a lot simpler than trying to find the end of it (which is required for my previous favourite on this, Spooler.)
link to this extract

Gotta have standards? Security boffins not API about bloated browsers • The Register

Richard Chirgwin:

»

The W3C introduces API standards that end up mostly unused, doing nothing more than loading up the code base with vulnerabilities.

That’s the conclusion of a paper by University of Illinois, Chicago researchers to be presented next week at the ACM’s Conference on Computer and Communications Security in Dallas.

While the research – “Most Websites Don’t Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security” – which you can find here at arXiv, focuses on Firefox, its findings are relevant across the board.

Graduate computer science student Peter Snyder and colleagues Cynthia Taylor and Chris Kanich structure the paper as a cost-benefit analysis of having 74 APIs with which browser authors need contend. On the benefit side, they measured the proportion of websites that use a feature (thereby making browser support important); on the cost side, they tried to measure the security exposure a feature created.

The “cost” side takes a couple of characteristics into account, including the number of historical CVEs associated with a feature (since that hints that it’s hard to code to the API securely); and the number of API entry points and lines of code that are associated with a feature, since that indicates more complex code.

Their headline finding should chill browser authors: “Blocking 15 of the 74 standards avoids 52.0% of code paths related to previous CVEs, and 50.0% of implementation code identified by our metric, without affecting the functionality of 94.7% of measured websites.”

«

So: browsers are getting unnecessarily complicated, and that’s making them vulnerable to exploits. But because some sites want toys, they’re pushing for it.
link to this extract

Data Viz Project • datavizproject

»

A ollection of data visualizations to get inspired and find the right type.

«

They’re fascinating, and man are they plentiful. Also, each one has examples of how you’d use them. There are dozens. (One for you, Sophie.)
link to this extract

Chasm of comprehension • Remains of the Day

Eugene Wei:

»

 In the future, diagnosing why Autopilot or other self-driving algorithms made certain choices will likely only become more and more challenging as the algorithms rise in complexity.

At times, when I have my Tesla in Autopilot mode, the car will do something bizarre and I’ll take over. For example, if I drive to work out of San Francisco, I have to exit left and merge onto the 101 using a ramp that arcs to the left almost 90 degrees. There are two lanes on that ramp, but even if I start in the far left lane and am following a car in front of me my car always seems to try to slide over to the right lane.

Why does it do that? My only mental model is the one I know, which is my own method for driving. I look at the road, look for lane markings and other cars, and turn a steering wheel to stay in a safe zone in my lane. But thinking that my car drives using that exact process says more about my limited imagination than anything else because Autopilot doesn’t drive the way humans do. This becomes evident when you look at videos showing how a self-driving car “sees” the road.

When I worked at Flipboard, we moved to a home feed that tried to select articles for users based on machine learning. That algorithm continued to be to tweaked and evolved over time, trying to optimize for engagement. Some of that tweaking was done by humans, but a lot of it was done by ML.

At times, people would ask why a certain article had been selected for them? Was it because they had once read a piece on astronomy? Dwelled for a few seconds on a headline about NASA? By that point, the algorithm was so complex it was impossible to really offer an explanation that made intuitive sense to a human, there were so many features and interactions in play.

As more of the world comes to rely on artificial intelligence, and as AI makes great advances, we will walk to the edge of a chasm of comprehension.

«

link to this extract

Bug in Google’s bug tracker lets researcher access list of company’s vulnerabilities • Motherboard

Lorenzo Franceschi-Bicchierai:

»

Alex Birsan, a security researcher, found three vulnerabilities inside the Google Issue Tracker, the company’s internal platform where employees keep track of requested features or unpatched bugs in Google’s products. The largest one of these was one that allowed him to access the internal platform at all. The company has quickly patched the bugs found by Birsan, and there’s no evidence anyone else found the bugs and exploited them.

Still, these were bad bugs, especially the one that gave him access to the bug-tracking platform, which could have provided hackers with a list of vulnerable targets at Google.

“Exploiting this bug gives you access to every vulnerability report anyone sends to Google until they catch on to the fact that you’re spying on them,” Birsan told Motherboard in an online chat. “Turning those vulnerability reports into working attacks also takes some time/skill. But the bigger the impact, the quicker it gets fixed by Google. So even if you get lucky and catch a good one as soon as it’s reported, you still have to have a plan for what you do with it.”

«

Reminiscent of Microsoft being hacked so that its bug list could be seen. This is obviously the two-step way to finding big weaknesses.
link to this extract

This doctor diagnosed his own cancer with an iPhone ultrasound • MIT Technology Review

Antonio Regalado:

»

Earlier this year, vascular surgeon John Martin was testing a pocket-sized ultrasound device developed by Butterfly Network, a startup based in Guilford, Connecticut, that he’d just joined as chief medical officer.

He’d been having an uncomfortable feeling of thickness on his throat. So he oozed out some gel and ran the probe, which is the size and shape of an electric razor, along his neck.

On his smartphone, to which the device is connected, black-and gray images quickly appeared. Martin is not a cancer specialist. But he knew that the dark, three-centimeter mass he saw did not belong there. “I was enough of a doctor to know I was in trouble,” he says. It was squamous-cell cancer.

The device he used, called the Butterfly IQ, is the first solid-state ultrasound machine to reach the market in the U.S. Ultrasound works by shooting sound into the body and capturing the echoes. Usually, the sound waves are generated by a vibrating crystal. But Butterfly’s machine instead uses 9,000 tiny drums etched onto a semiconductor chip.

«

Medicine is changing. The IQ cost about $2,000. The nearest comparison is a Philips portable which costs $6,000. And of course they’re looking to add AI to make it even more usable. (Though I hope they don’t rely on headphone jacks.)
link to this extract

Robert Mueller’s show of strength: a quick and dirty analysis • Lawfare

Susan Hennessey and Benjamin Wittes:

»

Before we dive any deeper into the Manafort-Gates indictment—charges to which both pled not guilty to today—or the Papadopoulos plea and stipulation, let’s pause a moment over these two remarkable claims, one of which we must still consider as allegation and the other of which we can now consider as admitted fact. President Trump, in short, had on his campaign at least one person, and allegedly two people, who actively worked with adversarial foreign governments in a fashion they sought to criminally conceal from investigators. One of them ran the campaign. The other, meanwhile, was interfacing with people he “understood to have substantial connections to Russian government officials” and with a person introduced to him as “a relative of Russian President Vladimir Putin with connections to senior Russian government officials.” All of this while President Trump was assuring the American people that he and his campaign had “nothing to do with Russia.”

The release of these documents should, though it probably won’t, put to rest the suggestion that there are no serious questions of collusion between the Trump campaign and the Russian government in the latter’s interference on the former’s behalf during the 2016 election. It also raises a profound set of questions of its own about the truthfulness of a larger set of representations Trump campaign officials and operatives have made both in public, and presumably, under oath and to investigators.

«

Lawfare is a very thorough, quite wonk-ish US legal site. Hennessey and Wittes are reasonably neutral voices in this maelstrom. So this is probably the one to read.
link to this extract

Errata, corrigenda and ai no corrida: apparently half of you reading the email do open it. Well done! For those of you who don’t.. hmm, this is a puzzler.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Oxycontin, from Purdue Pharma, has laid waste to millions of lives in the US. Now they want to expand. Photo by redfishingboat on Flickr.

(A search on Flickr for “Oxycontin” turned up something called the “Oxycontin Express”, which turned out to be this programme. Very relevant.)

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Yes, we’re back! A selection of 11 links for you. Unlike our holiday, doesn’t contain food poisoning. I’m @charlesarthur on Twitter. Observations and links welcome.

Why Snapchat Spectacles failed • TechCrunch

Josh Constine:

»

How come only 0.08% of Snapchat’s users bought its camera sunglasses? Hundreds of thousands of pairs of Spectacles sit rotting in warehouses after the company bungled the launch. Initial hype and lines for its roving, limited time only Snapbot vending machines led Snap to overestimate demand but underdeliver on quality and content.

Massive piles of assembled and unassembled video-recording sunglasses sit unsold, contributing to Snap’s enormous costs and losses, says The Information. Internal Snap data shows less than 50% of buyers kept using Spectacles a month after purchase, Business Insider’s Alex Heath reports. A “sizeable” percentage stopped after just a week, with a source calling the retention rate “shockingly low”.

What was the problem?

Karl Lagerfeld’s photo of Snap CEO Evan Spiegel donning Spectacles for their September 2016 reveal

«

Gee, can’t imagine. All the tech writers said they were F.A.B.
link to this extract

Dear Google, when are you going to fix Android Wear? • AndroidAuthority

Adam Doud:

»

Smartwatches are in a funny state. They’re not really all that popular amongst the populace at large, but they’re not exactly busts either. The Apple watch is still the big seller in terms of market penetration. Android Wear is no slouch either, with many OEMs producing a wide array of options. There’s just one problem. The Android Wear software is just not good.

To me, the root problem with Android Wear devices is that they’re trying too hard to be watches. We use the term “smartwatch” to describe these devices, but all they really are – and all they really need to be – are small screens on your wrist. Sure, they can tell time – that’s fine. But the power of the smartwatch isn’t the “watch” part— it’s the “smart” part. Getting notifications and apps running on a screen on your wrist is far more powerful than knowing how long it is until the Blackhawks game starts.

«

Actually, the first paragraph contains a canard. Apple’s Watch is selling fine. Android Wear is an absolute dog. The app (which is needed to run the watch) passed the 5m downloads mark in September 2016, having started in July 2014 or so. But it hasn’t added another 5m. It’s not selling.

Their “problem” is the users. They don’t care about what it offers.
link to this extract

Google’s sentiment analyzer thinks being gay is bad • Motherboard

Andrew Thompson:

»

Google’s sentiment analyzer isn’t always effective and sometimes produces biased results.

Two weeks ago, I experimented with the API for a project I was working on. I began feeding it sample texts, and the analyzer started spitting out scores that seemed at odds with what I was giving it. I then threw simple sentences about different religions at it.

When I fed it “I’m Christian” it said the statement was positive:

When I fed it “I’m a Sikh” it said the statement was even more positive:

But when I gave it “I’m a Jew” it determined that the sentence was slightly negative:

The problem doesn’t seem confined to religions. It similarly thought statements about being homosexual or a gay black woman were also negative:

Being a dog? Neutral. Being homosexual? Negative:

I could go on, but you can give it a try yourself: Google Cloud offers an easy-to-use interface to test the API.

«

Google apologised, in a response. This is a classic example of “garbage in, garbage out” – and as we start to build these systems into subsystems, it could become pernicious. Worse: unlike public opinion, which shifts over time (track opinion about abortion, gay marriage and marijuana legalisation) these systems wouldn’t shift their position. They’d be embalmed views of how we should think, from how we used to think.
link to this extract

Investigation: WannaCry cyber attack and the NHS • National Audit Office (NAO)

»

The key findings of the investigation are:

• The Department was warned about the risks of cyber attacks on the NHS a year before WannaCry and although it had work underway it did not formally respond with a written report until July 2017. The Department and Cabinet Office wrote to trusts in 2014, saying it was essential they had “robust plans” to migrate away from old software, such as Windows XP by April 2015. In March and April 2017, NHS Digital had issued critical alerts warning organisations to patch their systems to prevent WannaCry. However, before 12 May 2017, the Department had no formal mechanism for assessing whether local NHS organisations had complied with their advice and guidance and whether they were prepared for a cyber attack.

• The attack led to disruption in at least 34% of trusts in England although the Department and NHS England do not know the full extent of the disruption. On 12 May, NHS England initially identified 45 NHS organisations including 37 trusts that had been infected by the WannaCry ransomware. In total at least 81 out of 236 trusts across England were affected. A further 603 primary care and other NHS organisations were infected by WannaCry, including 595 GP practices. However, the Department does not know how many NHS organisations could not access records or receive information, because they shared data or systems with an infected trust. NHS Digital told us that it believes no patient data were compromised or stolen…
…
• The Department had developed a plan, which included roles and responsibilities of national and local organisations for responding to an attack, but had not tested the plan at a local level. As the NHS had not rehearsed for a national cyber attack it was not immediately clear who should lead the response and there were problems with communications. Many local organisations could not communicate with national NHS bodies by email as they had been infected by WannaCry or had shut down their email systems as a precaution, though NHS Improvement did communicate with trusts’ Chief Executive Officers by telephone. Locally NHS staff shared information through personal mobile devices, including using the encrypted WhatsApp application.

«

That last bit is deliciously ironic given ministers’ repeated calls to be able to tap into it. Turns out mobile is the last resort – and reliable.
link to this extract

#wannacry: cyber defence failure or organisational lapse? • Medium

Vladimiro Sassone on the National Audit Office report into Wannacry:

»

This particular attack — as several others before — was known, not particularly sophisticated, and has only affected organisations which did not take the recommended precautions. Once a vulnerability is in the public domain, you either close it by applying the relevant patch, or stand as a sitting duck borrowing time on your good luck.

Admittedly, for organisations like the NHS this represents a big cultural change. These are organisations used to procure their equipment and then expect to use it flawlessly for tens of years, without giving it a further thought. The reality is that IT does not work that way. IT systems can be extremely complex, and therefore (for reasons too long to explain here) are not perfect, are reachable from the global network, and therefore are exposed to all sort of malicious behaviours and attacks, and so need constant revision. When a critical piece software becomes no longer supported, it has essentially reached the end of its useful life, and must be replaced, even if at the naked eye it may still appear as perfectly viable. This is true of PCs running the obsolete Windows XP, as well as of other scary situations with health devices and implants not designed with security and upgradability in mind.

«

(Sassone is based at the University of Southampton, in the cyber security controls effectiveness project; they’ve produced a paper on what SME networks need for cybersecurity.)

I’m writing a book on hacking, and ransomware is one of the chapters – with a focus on hospitals. The NHS problem is hydra-headed: million-pound equipment you replace once every 20 years uses old interfaces; small numbers of IT staff; large numbers of temporary staff who might not know what not to click; old equipment. It’s a nightmare.
link to this extract

Why we need a 21st-century Martin Luther to challenge the church of tech • The Guardian

John Naughton (professor of the public understanding of technology at the Open University) is aiming to create a modern form of Martin Luther’s 95 theses:

»

One thing above all stands out from those theses. It is that if one is going to challenge an established power, then one needs to attack it on two fronts – its ideology (which in Luther’s time was its theology), and its business model. And the challenge should be articulated in a format that is appropriate to its time. Which led me to think about an analogous strategy in understanding digital technology and addressing the problems posed by the tech corporations that are now running amok in our networked world.

These are subjects that I’ve been thinking and writing about for decades – in two books, a weekly Observer column, innumerable seminars and lectures and a couple of academic research projects. Many years ago I wrote a history of the internet, motivated partly by annoyance at the ignorant condescension with which it was then viewed by the political and journalistic establishments of the time. “Don’t you think, dear boy,” said one grandee to me in the early 1990s, “that this internet thingy is just the citizens band [CB] radio de nos jours?”

“You poor sap,” I remember thinking, “you have no idea what’s coming down the track.”

«

The church door to which they will be pinned is 95theses.co.uk, on 31 October. I’m looking forward to it. The two extracted in the article (“No.19: the technical is political”; “No.92: Facebook is many things, but a ‘community’ it ain’t”) are mouthwatering.

(Disclosure: I have known John for years, and was a visiting fellow last academic year at Cambridge on his Technology & Democracy project.)
link to this extract

The family that built an empire of pain • The New Yorker

Patrick Radden Keefe on the Sackler family, who own Purdue Pharma, which makes Oxycontin, which is widely abused – and has led to opioid abuse being declared both an epidemic in the US in 2011, and a national emergency (finally) by Trump earlier this month:

»

Purdue developed a pill of pure oxycodone, with a time-release formula similar to that of MS Contin. The company decided to produce doses as low as ten milligrams, but also jumbo pills—eighty milligrams and a hundred and sixty milligrams—whose potency far exceeded that of any prescription opioid on the market. As Barry Meier writes, in “Pain Killer,” “In terms of narcotic firepower, OxyContin was a nuclear weapon.”

Before releasing OxyContin, Purdue conducted focus groups with doctors and learned that the “biggest negative” that might prevent widespread use of the drug was ingrained concern regarding the “abuse potential” of opioids. But, fortuitously, while the company was developing OxyContin, some physicians began arguing that American medicine should reëxamine this bias. Highly regarded doctors, like Russell Portenoy, then a pain specialist at Memorial Sloan Kettering Cancer Center, in New York, spoke out about the problem of untreated chronic pain—and the wisdom of using opioids to treat it.

“There is a growing literature showing that these drugs can be used for a long time, with few side effects,” Portenoy told the Times, in 1993. Describing opioids as a “gift from nature,” he said that they needed to be destigmatized. Portenoy, who received funding from Purdue, decried the reticence among clinicians to administer such narcotics for chronic pain, claiming that it was indicative of “opiophobia,” and suggesting that concerns about addiction and abuse amounted to a “medical myth.”

In 1997, the American Academy of Pain Medicine and the American Pain Society published a statement regarding the use of opioids to treat chronic pain. The statement was written by a committee chaired by Dr. J. David Haddox, a paid speaker for Purdue.

Richard Sackler worked tirelessly to make OxyContin a blockbuster, telling colleagues how devoted he was to the drug’s success. The F.D.A. approved OxyContin in 1995, for use in treating moderate to severe pain. Purdue had conducted no clinical studies on how addictive or prone to abuse the drug might be.

But the F.D.A., in an unusual step, approved a package insert for OxyContin which announced that the drug was safer than rival painkillers, because the patented delayed-absorption mechanism “is believed to reduce the abuse liability.” David Kessler, who ran the F.D.A. at the time, told me that he was “not involved in the approval.” The F.D.A. examiner who oversaw the process, Dr. Curtis Wright, left the agency shortly afterward. Within two years, he had taken a job at Purdue.

«

This is a long read. But it’s astonishing in its depth, and the myriad ways in which the US medical industry has been coöpted by this company and drug. The scary ending: Purdue is now looking for sales abroad because the US is slowing down – and the UK is in its sights.
link to this extract

Colliding neutron stars could settle cosmology’s biggest controversy • Quanta Magazine

Natalie Wolchover on how measurements for the Hubble constant – how quickly the universe is expanding – might be determined; currently the two best estimates are 67 and 73 (the story explains the units that go with it):

»

The crashing stars serve as “standard sirens,” as Holz and Scott Hughes of the Massachusetts Institute of Technology dubbed them in a 2005 paper, building on the work of Bernard Schutz 20 years earlier. They send rushes of ripples outward through space-time that are not dimmed by gas or dust. Because of this, the gravitational waves transmit a clean record of the strength of the collision, which allows scientists to “directly infer the distance to the source,” Holz explained. “There is no distance ladder, and no poorly understood astronomical calibrations. You listen to how loud the [collision] is, and how the sound changes with time, and you directly infer how far away it is.” Because astronomers can also detect electromagnetic light from neutron-star collisions, they can use redshift to determine how fast the merged stars are receding. Recessional velocity divided by distance gives the Hubble constant.

From the first neutron-star collision alone, Holz and hundreds of coauthors calculated the Hubble constant to be 70 kilometers per second per megaparsec, give or take 10. (The major source of uncertainty is the unknown angular orientation of the merging neutron stars relative to the LIGO detectors, which affects the measured amplitude of the signal.) Holz said, “I think it’s just pure luck that we’re smack in the middle,” between the cosmic-distance-ladder and cosmic-microwave-background Hubble estimates. “We could easily shift to one side or the other.”

The measurement’s accuracy will steadily improve as more standard sirens are heard over the next few years, especially as LIGO continues to ramp up in sensitivity. According to Holz, “With roughly 10 more events like this one, we’ll get to 1% [of error],” though he stresses that this is a preliminary and debatable estimate.

«

If we can fix the Hubble constant, we might have an idea of the composition of the universe. Then again, we might just be more confused about the differences between the early one, and the current one.
link to this extract

This new Twitter account hunts for bots that push political opinions • Quartz

Keith Collins:

»

One account features a photo of a middle-aged woman, and a bio that reads “Patriot, self employed, loving mother and grandmother.”

Another has a photo of a younger woman in sunglasses, described in the bio as a “NonProfit Exec born to LEGAL Immigrants who owned laundromat for 30 yrs to earn our #AmericanDream. #PresidentTrump #ProIsrael #ThankAVet #BackTheBlue #MAGA.”

Both Twitter accounts frequently tweet or retweet in support of US president Donald Trump and in opposition to everything from immigrants, to the National Football League, to CNN. They’ve both had accounts on Twitter since 2012—and they both appear to be bots.

They were identified by a new bot created by Quartz, @probabot_, which searches Twitter for accounts that tweet about politics and scores them using Botometer, a classification tool that applies machine learning to determine how likely a given account is to be a bot.

«

Could we lend it to Twitter?
link to this extract

No, Apple’s machine learning engine can’t surface your iPhone’s secrets • iMore

Rene Ritchie on this article in Wired, which posits that Apple’s CoreML machine learning system could be used maliciously:

»

Theoretically, finding and extracting a few photos might be easier to hide than simply pulling a large number or all photos. So could trickle uploading over time. Or based on specific metadata. Or any other sorting vector.

Just as theoretically, ML and neural networks could be used to detect and combat these kinds of attacks as well.

»

For an example of where that could go wrong, thing of a photo filter or editing app that you might grant access to your albums. With that access secured, an app with bad intentions could provide its stated service, while also using Core ML to ascertain what products appear in your photos, or what activities you seem to enjoy, and then go on to use that information for targeted advertising.

«

Also nothing unique to Core ML. Smart spyware would try to convince you to give it all your photos right up front. That way it wouldn’t be limited to preconceived models or be at risk of removal or restriction. It would simply harvest all your data and then run whatever server-side ML it wanted to, whenever it wanted to.

That’s the way Google, Facebook, Instagram, and similar photo services that run targeted ads against those services already work.

«

Just recently, iMore has found itself writing two kinds of stories: “here’s how to” and “No, here’s why this story about Apple is bogus”. As he says, people are overthinking this. A service (malicious or otherwise) that says “let us see all your photos and do wonderful things to them!” is going to get a lot more of your photos than one which tries to subvert CoreML. But people are desperate to find a new angle on anything Apple-y.
link to this extract

Google defends Pixel 2 XL screen, promises updates for audio issues • Ars Technica

Ron Amadeo:

»

The end result of the complaints (and news articles) is that every Pixel 2 and 2 XL will come with a two-year warranty, and Google will push out some software updates to alleviate some of the other Pixel problems.

LG is far behind Samsung when it comes to producing quality OLED panels for smartphones, but for some reason Google still chose to slap an inferior component onto its flagship smartphone. Here are the most common complaints we’ve seen out there as a result:

• The display is grainy or “dirty” looking at low brightness.
• It experiences image burn-in after just a few weeks.
• There’s a blue shift to the display when looked at off-angle.
• The colors are “dull.” (This one is more of a personal preference.)

Mario Queiroz, Google Hardware’s VP of product management, said on the Pixel forums that while he thinks the Pixel 2 XL display is “beautiful,” Google is taking some steps to address some of these issues.

For the display burn-in, Queiroz says Google’s investigation found that “the Pixel 2 XL display shows that its decay characteristics are similar to OLED panels used in comparable products” and that “the differential aging is in line with that of other premium smartphones and should not affect the normal, day-to-day user experience of the Pixel 2 XL.”

«

Well, this has been a whole saga during the past week. LG-made p-OLED panels on the Pixel XL seem to show burn-in (many reviewers bore this out). And people complain they look dull. The former seems to be down to LG not being great at OLED (its V30 drew similar complaints); the latter, to not trying to have oversaturated colours on the OLED.

Given the small numbers the Pixel 2 sells in, comparatively, this is hardly a great start.

link to this extract

Errata, corrigenda and ai no corrida: none notified. Either that, or I’ve forgotten.

The Pixel 2 XL’s screen is being criticised. Is that fair? Photo by portalgda on Flickr

Welcome! The Overspill is on holiday next week. You can refresh this page (or gaze at your inbox) but it won’t make it appear.

A selection of 12 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Everyone’s mad at Google and Sundar Pichai has to fix it • Bloomberg

Mark Bergen and Brad Stone:

»

Pichai probably didn’t figure that defusing political and cultural grenades would be such a big part of the job. But while some critics charged that Google waffled on the issue and let it boil over into a PR nightmare, others saw a surer hand in Damore’s firing. Scott Galloway, a New York University professor and author of The Four, a critical book about big technology companies, compliments Pichai’s response. “It was a crisp, clear decision; he made it fast,” he says. “Google would be the scariest company in the world if you didn’t believe they had adult supervision.”

Pichai’s solution to the gnawing problems of fake news and illicit content that slip through Google artificial intelligence is, no surprise, more artificial intelligence. He thinks humans will succeed in training AI and that it’ll all be worth the effort. Like other technologists, he believes AI can do far more for both Google and the world, dramatically improving transportation, health care, agriculture, and any other field that uses computers. And he’s reshaped the company on the premise that the age of AI will usher in opportunities that dwarf even the size of the internet economy.

«

A curiously unfocussed interview; there’s no core to it. They can’t seem to decide what, if any, theme there is about Google. Pixel launch? James Damore? Fake news? They don’t quite pin anything down.
link to this extract

Debunking misinformation about the Pixel 2 XL’s display • Medium

Daniel Matte has long experience with displays of all varieties:

»

There is nothing inherently bad about OLED color accuracy, period. The Phil Schiller keynote slide on OLED displays was 100% nonsense. In Apple’s defense, they were really talking about the quality of their competitors’ displays in general. The slide made it look like these were inherent OLED issues, which was extremely misleading to consumers. Companies try to sell you a product, not teach and inform.

OLED displays have been better than LCDs for the past few years. OLED has improved massively over many years but still has tons of issues. Both these sentences are true.

Samsung and Apple both always ship awesome displays. Google devices have had both good and bad displays over the years. I would strongly recommend not reflexively being biased towards any brand or product, though, if you actually want to understand the technology.

AnandTech has covered OLED displays in extreme depth over the years, so if you want to learn about OLED and all displays my highest recommendation would be to read their articles (you can search for various previous device reviews). You can also follow @nexusCFX on Twitter.

Android didn’t have color management until Oreo. Now it does. We’re good here. (There’s much more work still to be done for HDR support for Android P.)

Because they have color management (and other factors), both the new Pixels target the Display P3 color space (which is currently correct for “wide color”), not sRGB. Google’s marketing even says this. How good the specific panel calibrations turn out to be is a separate question. Vlad Savov’s review unit is clearly extremely green and looks awful. I won’t cover the work that needs to go into calibrating displays at the factory level here.

«

link to this extract

New findings show Google organic clicks shifting to paid • Moz

Brian Wood:

»

Looking at 2015 vs 2017 data for all keywords ranking organically on the first page, we’ve seen a dramatic change in CTR. Below we’ve normalized our actual CTR on a 1–10 scale, representing a total drop of 25% of click share on desktop and 55% on mobile.

Organic receives 25% less desktop CTR and 55% less mobile CTR compared to two years ago.

The much larger drop on mobile is particularly relevant because we’ve seen large traffic shifts to mobile over the last two years as well. The overall percentage drop plays out somewhat similarly across the first page of results; however, the top four were most heavily impacted…

…It’s important to note that paid ads are not getting all the clicks that organic is not. In addition to the small number of people who click beyond the first page, a surprising number do not click at all. Our best guess is that all ads combined now get about the same percentage of clicks (for our results) as all organic results combined.

«

In other words, Google is stuffing its results page with ads. Another point: they’re seeing more and more Google Shopping ad clickthroughs.
link to this extract

Edisun Microgrids – Series.c • SeedInvest

»

At Edisun Microgrids, we believe solar can be a major source of the world’s energy because every day the sun provides more than 10,000 times the energy the world needs. The key is making solar cost-effective and available on-demand.  Edisun’s solutions address these hurdles and through them, we are aiming to drive down the cost of solar energy to make clean power more affordable than fossil fuels.

Our technology is a new solar tracking system named PV Booster™ that points solar panels directly at the sun all day long. By enabling the panels to continuously face the sun, PV Booster increases clean energy production by 30% and improves the economics of solar by 20%. We designed PV Booster to meet the unique needs of the underserved Commercial and Industrial (C&I) rooftop solar market – a trillion-dollar opportunity in the US alone.

«

I don’t recommend investing in this; though it’s an attractive idea to make solar panels follow the sun, you’ll probably see improvements of 30% in output through general improvements over the next couple of years. Notable though that Bill Gross – who came up with the “ads against what you search for” model which Google adopted – is one of the investors. Gross is a smart guy. I still don’t recommend investing.
link to this extract

Mr. Robot: This is how the hacks are created on the show • Verdict

Amelia Heathman:

»

When you first meet Elliot Alderson, played by the enigmatic Rami Malek, in Mr Robot, he is explaining to a local café owner about how he hacked his laptop to find the huge swathes of child porn in his possession.

Before long, the viewer is taken down the cyber rabbit hole into an underground world featuring cyber terrorism, murder, and the failures of society, all presided over by Mr Robot.

Ahead of the premiere of season three tonight, Verdict spoke to one of the show’s technical consultants, Ryan Kazanciyan (left), chief security architect at security firm Tanium, about the Mr Robot hacks and how it is changing perceptions of hacking.

«

Good points in particular about how hacking has become something we take as part of the landscape; it’s part of the zeitgeist.
link to this extract

Facebook and Apple can’t agree on terms, so Facebook’s subscription tool will only launch on Android phones • Recode

Peter Kafka:

»

Facebook’s effort to help media companies sell subscriptions has hit a snag: Apple.

The two companies are butting heads over Facebook’s plan for a new subscription tool in its mobile app. The tool will put paywalls around some articles in Facebook’s news feed, and then send users to publishers’ sites to buy subscriptions.

The issue: Apple wants to take as much as 30% of any subscription revenue Facebook helps generate. Facebook wants all of the money to go to publishers.

People familiar with both companies say they’ve been discussing the impasse for months. In the meantime, Facebook says it is rolling out a version of the subscription tool that will work on Android phones in the next few weeks; it says it will work with publishers including the Washington Post, Hearst and Tronc.

That tool will allow publishers to use two kinds of paywalls around “Instant Articles” that Facebook hosts on its mobile apps — a “metered” version, which turns on after Facebook users have read 10 of the publisher’s articles in a month, and a “freemium” version, where publishers can put paywalls around individual articles.

In both cases, users who hit the paywall will be sent to the publisher’s site to sign up for a subscription.

«

Apple’s 30% thing is becoming quite the problem. I suspect it wants to do this through Apple News, not let Facebook get all the glory – and data.
link to this extract

What is CamperForce? Amazon’s nomadic retiree army • WIRED

Jessica Bruder:

»

Chuck [Stout] still remembers the call from Wells Fargo that brought the 2008 financial crisis crashing down on his head. He had invested his $250,000 nest egg in a fund that supposedly guaranteed him $4,000 a month to live on. “You have no more money,” he recalls his banker saying flatly. “What do you want us to do?” Unable to think of a better answer, Chuck told him, “Well, shove your foot up your ass.” Then he hung up.

Barb had lost her savings too, some $200,000 in investments. And with the travel industry flattened by the Great Recession, bookings at Carolina Adventure Tours dwindled. By the time Barb and Chuck got married in 2009, they were upside down on their mortgage and grappling with credit card debt.

The couple was facing bankruptcy, which scared Chuck to death. It brought back the terror of growing up poor—the pervasive insecurity he’d stamped out by going to work at 16. But by 2012, they had run out of options. After filing their papers, Chuck and Barb began liquidating their lives…

…Whatever survived the purge had to fit in their new dwelling: a 29-foot 1996 National RV Sea Breeze motor home, which Barb’s brother sold to them for $500. The rig had dry-rotted tires, a dead generator, and a leak in the gas line. Back when the Stouts had money, they’d idly fantasized about becoming carefree vagabonds in a nice RV. Their current situation didn’t quite align with that dream, but they embraced it anyway. Perhaps, Barb reflected, this was destiny—the universe pushing them toward the lifestyle they’d wanted all along. She decided to call their next move “Barb and Chuck’s Great Adventure.”

«

Just as a story of middle America, this would be absorbing. And then Amazon arrives.
link to this extract

Twitter was warned repeatedly about this fake account run by a Russian troll farm and refused to take it down • Buzzfeed

Kevin Collier:

»

Twitter took 11 months to close a Russian troll account that claimed to speak for the Tennessee Republican Party even after that state’s real GOP notified the social media company that the account was a fake.

The account, @TEN_GOP, was enormously popular, amassing at least 136,000 followers between its creation in November 2015 and when Twitter shut it down in August, according to a snapshot of the account captured by the Internet Archive just before the account was “permanently suspended.”

Some of its tweets were deliberately outrageous, the archive shows, such as one in December 2016 that claimed that unarmed black men killed by police officers deserved their fate. It also trafficked in deliberate fake news, claiming just before it was shut down that a photo of the Cleveland Cavaliers’ NBA championship parade was actually a crowd waiting to hear Donald Trump speak.

Twitter, already under fire, along with Facebook, for being slow to recognize its role in Russian election meddling, declined to comment. A spokesperson told BuzzFeed News that the company does not comment on individual accounts.

@TEN_GOP gained enough support from the far right that when it was finally shut down, commentators like Reddit’s pro-Trump r/the_donald forum expressed outrage. Jack Posobiec, a pro-Trump internet activist who himself has more than 213,000 Twitter followers, questioned the action when Twitter temporarily suspended the account in July.

«

Posobiec then deleted every one of this tweets referring to that account after Buzzfeed approached him for this story.
link to this extract

Apple Watch hits cellular snag in China • WSJ

Yang Jie and Yoko Kubota:

»

For the first time, the Apple Watch can have an independent cellular connection, allowing people to use it to make voice calls, send and receive text and data even if the watch isn’t wirelessly connected to an iPhone.

But in China, the feature was abruptly cut off for new subscribers, without explanation, after a brief availability with one telecom company.

Industry analysts say the suspension likely stemmed from Chinese government security concerns to do with tracking users of the device, which uses different technology than standard mobile phones.

China strictly regulates mobile phones and all three major telecom service providers are state-owned companies. To get a SIM—subscriber identity module—card to operate the phone, users must register under their real names with a network carrier.

The latest Apple Watch poses a challenge to the existing user identification system, industry analysts said. The watch contains a new and tiny version of the SIM card, called embedded SIM, or eSIM. The eSIM is embedded in the watch by Apple, not by carriers.

The benefit of a device carrying an eSIM is that, with software, users can choose a telecom operator and a communications plan. But in China, that new system raises the question of how carriers and regulators can track the device user’s identity.

“The eSIM (system) isn’t mature enough yet in China,” one analyst said. “The government still needs to figure out how they can control the eSIM.”

«

Just in case anyone needed a riposte to some of the articles that have been running suggesting China is a wonderful place to be.
link to this extract

Trying to understand the hype around Google’s Pixel Buds • BirchTree

Matt Birchler on how Google-focussed outlets represent the new wireless (except for the wire) headphones:

»

The Pixel buds are said to have better battery life than the competition because of the wired connection between the earbuds, but they have the exact same advertised life as the AirPods (5 hours, and 24 extra hours of charge in the case). He goes on to say the cost of the Pixel Buds is undercutting the competition. The Pixel Buds cost $159, which again is exactly the same as AirPods.

The Verge calls the Pixel Buds “more pragmatic” than AirPods. How, exactly? They cost the same, have the same battery life, seem to have lower build quality, and are not “truly” wireless headphones, but have a special integration into Google’s Translate app. The feature seems cool, but since you still need to unlock your phone, open the Google Translate app, select your languages, and the other person still has to hold a button and talk into your phone, I don’t see how this is a revolution in translation services.

As far as I can tell, Google’s “AI-powered headphones” (The Verge’s words, not mine) are no smarter than any other bluetooth headphones out there, and certainly not smarter than their main competitors, Apple’s AirPods. The Google Assistant and translation features are 100% run on the phone, just like AirPods, and the only difference is the audio is routed to the headphones, not your phone speakers. You know, exactly like you’d expect when having headphones connected to your phone…

…I’m prepared to be wrong about these, and maybe I’ll get a pair next year to try them out, but as of right now there seems to be a lot of buying into Google’s marketing jargon by many publications out there.

«

I think it’s what people call “grading on a curve”. AirPods are truly the most Apple-y product in ages: the perfect integration of hardware and barely-visible software (which does plenty of heavy lifting, quietly).
link to this extract

How gridlock, social media giants and the Clintons made the internet ripe for Russian meddling • Daily Beast

Lachlan Markay and Andrew Desiderio:

»

[Marc] Elias [a Democratic lawyer who led Hillary Clinton’s team and found a way to coordinate with an in-theory-independent political ad group], indeed, is a recurring character in much of the drama that has led the social media political landscape to this current point. He also represented Google before the FEC in 2010 in what was the last instance of the FEC affirmatively ruling on a case involving the “small items” exemption for a major digital advertiser. In that case, Elias convinced the commission to exempt Google from disclosure rules as long as the pages to which its ads redirected did disclose who was behind them.

That case was specific to Google and did not establish broadly applicable rules for ad disclosure on social media, search engines, and similar platforms. The year after its Google ruling, the FEC opened up an initial comment period on such rules, but never ended up codifying them. It’s now reopened that comment period in what disclosure advocates hope will be an earnest effort to address the issue.

“That’s really the whole reason for campaign finance rules besides corruption and the like—but it is in part transparency so people can determine if there’s corruption, as well as just the ability to know who’s behind campaigns so they can make thoughtful decisions when they’re voting,” Ravel added. “All of these things are being done purposefully, in my view, to ultimately deregulate campaign finance completely.”

Divisions at the FEC remain deep, and the commission currently has just five members, meaning all but one of them would have to vote in favor of a regulatory proposal for it to go into effect.
A number of experts believe that Republican commissioner Matthew Peterson could rally a coalition to support a rule imposing additional disclosure requirements on digital political ads. But Trump has nominated Peterson to a federal judgeship, and it’s not likely that he’ll remain on the commission long enough to vote on a final rule.

«

It all began, as the standfirst notes, with a blog years ago demanding Bill Clinton’s impeachment. Political ads in the US are a mess, disclosure-wise.
link to this extract

Open Data Institute study shows role for PDF with Open Data • Public Policy blog by Adobe

John Joliffe is Adobe’s European Government Relations lead:

»

Earlier this year we blogged about an exciting project we had kicked off with the Open Data Institute in London, to explore how PDF could be better used to help international policies on Open Data. The final ODI report on Best Practices for PDF and Data has just been published.

We’re particularly happy that the report confirms what we have known for some time, that PDF can already achieve at least 3 stars on the 5 Star Open Data scale, on a par with other well-used formats such as .csv. And it’s exciting to see a PDF with data published to Data Mill North, proving that PDF with data can be more valuable in some cases than just publishing the raw data itself.

We think the report will be welcome news for many in government and beyond who already work with PDF or who need to publish open data that is both human- and machine-readable,.

The report highlights two use cases in particular: the first relating to the role of PDF in the English Planning system, which was conducted in collaboration with the Department for Communities and Local Government. The second relating to the complex needs of scientific publishers.

But the work is only just beginning. The ODI has kicked off a public process to capture additional use cases where PDF is essential, with a view to showing how PDF can address their open data needs too.

«

I know that the idea that a PDF could be as machine-readable as a CSV (comma-separated variables) file sounds like nonsense. But Tom Forth has been doing work on creating PDFs which contain the data files as attachments. He has built an open-source tool which lets you add and remove them. TYou can have something human-legible which also has the data onboard. That’s useful.

It’s also a potential security threat, I’d guess, but that’s how this stuff rolls: one step forward, half a step back.
link to this extract

Errata, corrigenda and ai no corrida: in case you missed the warning up above, The Overspill is on holiday next week. So this is a sort of pre-emptive corrigenda.

Until yesterday, AlphaGo was the best known Go player on the planet. No longer. Photo by kenming_wang on Flickr.

A selection of 11 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Hey Siri: an on-device DNN-powered voice trigger for Apple’s personal assistant • Apple

“Siri Team”:

»

The “Hey Siri” feature allows users to invoke Siri hands-free. A very small speech recognizer runs all the time and listens for just those two words. When it detects “Hey Siri”, the rest of Siri parses the following speech as a command or query. The “Hey Siri” detector uses a Deep Neural Network (DNN) to convert the acoustic pattern of your voice at each instant into a probability distribution over speech sounds. It then uses a temporal integration process to compute a confidence score that the phrase you uttered was “Hey Siri”. If the score is high enough, Siri wakes up. This article takes a look at the underlying technology. It is aimed primarily at readers who know something of machine learning but less about speech recognition.

«

Some interesting detail here about battery use, especially on the Watch. Something of a contrast with Google’s offering today. Different challenges: one about rulespace, one about power constraint.
link to this extract

SolarCity: Tesla’s solar boondoggle • Fool.com

Travis Hoium:

»

Tesla’s $2.6bn acquisition of SolarCity was supposed to create a vertically integrated clean energy company. But since the buyout Tesla has been shutting down SolarCity’s operations around the country. This month, Tesla will lay off about 200 workers in a Roseville, California operations center that was once a hub for SolarCity. This is on top of thousands of layoffs over the past year. 

Elon Musk has argued that the best solar strategy is to sell solar in stores, getting EV buyers to pick up a solar system along the way. But Tesla has barely rolled out solar sales in-store across the country and it’s not clear the new retail strategy will result in anywhere near the sales SolarCity made on its own. 

The main thing SolarCity had going for it was a massive sales and installation organization. A vast majority of employees worked in these roles and they’re the ones responsible for growing the company into a nationwide organization. 

If Tesla’s vision was to move solar sales from the SolarCity sales staff to its own stores then why buy SolarCity at all? And if you’re selling solar systems in a store, why buy a company with thousands of its own installers? Why not use a contracted installer like Home Depot or Lowe’s does to install the kitchen counters they sell in-store? 

«

Solar isn’t a self-fit. It’s too complex. In a way, it’s the modern form of the alumin(i)um sidings business captured in the film Tin Men. Except it really does help.
link to this extract

Why Puerto Rico’s electric grid stood no chance against Maria • FiveThirtyEight

Maggie Koerth-Baker:

»

Being an island has also, historically, limited the types of energy resources Puerto Rico could use and raised their cost. The island’s electricity is almost entirely generated by burning fossil fuels, mostly oil — and all of that fuel has to be imported. When the cost of oil goes up, so do electric bills. Even if you burn natural gas — which is a cheaper energy source than coal or oil — that still costs more when you have to haul it across an ocean. Until 2012, the Autoridad de Energía Eléctrica didn’t have facilities that could burn natural gas, anyway.

All of this helps to explain why Puerto Rico’s grid was in such bad shape before Maria hit — and why it will take so long to rebuild. The AEE has long been under political pressure to not raise prices, said José Román Morales, interim president of the Puerto Rico Energy Commission, a government body formed in 2014 as a regulator for the AEE and private electric generation companies. That made sense in some ways: Electricity is crucial, and Puerto Ricans, in general, don’t have a lot of spare cash — the median income is just $19,350, and more than 40% of the population lives below the poverty line.

But those pressures, combined with the realities of running an electric grid on an island, created problems. The AEE didn’t raise its base rate — the part of the electric bill that’s meant to cover basic operating costs and maintenance — between 1989 and January 2017. But the price consumers actually pay — the total bill — still went up over that time period because of rising fuel prices. Puerto Ricans became trapped in a feedback loop where the AEE had less and less money to keep the grid working well, but consumers had more and more reason (from their perspective) to demand that the agency not raise rates.

«

And it got worse. Another problem: solar fields and wind turbines don’t fare well in hurricanes. (Would some sort of tidal barrier work better?)
link to this extract

AlphaGo Zero: learning from scratch • DeepMind

Demis Hassabis and David Silver:

»

The paper introduces AlphaGo Zero, the latest evolution of AlphaGo, the first computer program to defeat a world champion at the ancient Chinese game of Go. Zero is even more powerful and is arguably the strongest Go player in history.

Previous versions of AlphaGo initially trained on thousands of human amateur and professional games to learn how to play Go. AlphaGo Zero skips this step and learns to play simply by playing games against itself, starting from completely random play. In doing so, it quickly surpassed human level of play and defeated the previously published champion-defeating version of AlphaGo by 100 games to 0.

It is able to do this by using a novel form of reinforcement learning, in which AlphaGo Zero becomes its own teacher. The system starts off with a neural network that knows nothing about the game of Go. It then plays games against itself, by combining this neural network with a powerful search algorithm. As it plays, the neural network is tuned and updated to predict moves, as well as the eventual winner of the games.

This updated neural network is then recombined with the search algorithm to create a new, stronger version of AlphaGo Zero, and the process begins again. In each iteration, the performance of the system improves by a small amount, and the quality of the self-play games increases, leading to more and more accurate neural networks and ever stronger versions of AlphaGo Zero.

«

This is mindblowing. OK, a limited rulespace – Go has fewer than most serious games – but utterly incredible to create the best Go player ever.

Though I was watching The Incredibles on Wednesday, where Mr Incredible is used to train better and better Omnidroids until it can kill him. It always feels like a subtle warning.
link to this extract

Crafty app developers are ripping off big-name brands • The Economist

»

Some apps fill a gap in the market. Selfridges, a chain of British fashion stores, for instance, has a legitimate app for Apple devices but not for Android ones. RadioShack, an American electronics retailer that filed for bankruptcy in February 2015, has a website but not an official app. Three imitation apps have by now sprouted under the shop’s name.

Other developers simply copy an existing app and hope users will fail to notice. The Economist found that half of the 50 top-selling apps in Google Play had fakes. These included ones with tweaked names (“MyGoogleTranslate” rather than “Google Translate”) and a bogus Netflix app that uses a weird Halloween-themed font for the logo. Google says it is reviewing these apps and will take action where necessary.

Fake apps are often stuffed with malicious code. Academics from a research group, SerVal, at the University of Luxembourg, estimate that around a fifth of all Android app-based malware is hidden in fake apps. The malware facilitates various money-making schemes. The most egregious are designed to steal the passwords that unlock users’ bank accounts. But it is more common for scams to profit from ordinary advertising, particularly on Android devices, says Eliran Sapir of Apptopia, a tech firm. Adverts in the smartphone’s web browser get quietly replaced by similar ones chosen by the fake-app developer.

«

link to this extract

Ad industry insiders profited from an ad fraud scheme that researchers say stole millions • Buzzfeed

Craig Silverman:

»

Some of the world’s biggest brands were ripped off by a digital fraud scheme that used a network of websites connected to US advertising industry insiders to steal what experts say could be millions of dollars, a BuzzFeed News investigation has found.

Approximately 40 websites used special code that triggered an avalanche of fraudulent views of video ads from companies such as P&G, Unilever, Hershey’s, Johnson & Johnson, Ford, and MGM, according to data gathered by ad fraud investigation firm Social Puncher in collaboration with BuzzFeed News. Over 100 brands saw their ads fraudulently displayed on the sites, and roughly 50 brands appeared multiple times.

Documents obtained by BuzzFeed News reveal that the CEO of an ad platform and digital marketing agency is an owner of 12 websites that earned revenue from the fraudulent views, and his company provided the ad platform used by sites in the scheme. Another key player is a former employee of a large ad network who runs a group of eight sites that were part of the fraud, and who consults for a company with another eight sites in it. That company is owned by a model and online entrepreneur who played Bob Saget’s girlfriend on the HBO show Entourage. A final site researchers identified in the scheme is owned by the cofounder of one of the 20 largest ad networks in the United States.

«

I keep thinking that (a) this is the tip of the iceberg (b) this time it will lead the online ad industry to clean up its act. The second one never happens. But the iceberg seems bigger and bigger.
link to this extract

Watchdog slams HMRC, Amazon over ‘dismal’ response to UK biz hurt by online VAT fraud • The Register

Kat Hall:

»

HMRC, Amazon and eBay have not done enough to crack down on overseas sellers evading VAT in the UK, a “dismal” failure that has hit British businesses hard, the House of Commons’ Public Accounts Committee said today.

The select committee’s report, Tackling online VAT fraud and error, warned that online sellers who do not charge VAT when using online marketplaces are undercutting prices offered by UK businesses by up to 20%, “forcing many to lay off staff or even go out of business”.

HMRC estimates that UK taxpayers lost up to £1.5bn in 2015-16 from online VAT fraud. But the committee said the taxman’s estimate of the full impact of fraud is “out of date and flawed”.

Meg Hillier MP, chair of the PAC, said the response of HMRC and the marketplaces where fraudsters operate “has been dismal.”

…All online marketplaces should force non-EU traders selling goods to customers in the UK to display a valid VAT number. ”In the absence of a legal requirement to do so we would expect online marketplaces to implement this measure voluntarily,” it said.

As The Register has previously reported, goods sold via online marketplaces are in many cases held in warehouse “fulfilment centres” physically based in the UK. However, HMRC does not know how many fulfilment houses there are in the UK, estimating the number to be somewhere between 500 and 3,000.

«

Not a trivial amount in these days of austerity.
link to this extract

Google serves fake news ads in an unlikely place: fact-checking sites • The New York Times

Daisuke Wakabayashi and Linda Qiu:

»

The fake news ads all worked the same way: They would display headlines at the top of the fact-checking sites that, once clicked, took readers to sites that mimicked the logos and page designs of legitimate publications. The fake stories began with headlines and large photos of the celebrities in question, but after a few sentences, they transitioned into an ad for an anti-aging skin cream.

The fake publishers used Google’s AdWords system to place the advertisements on websites that fit their broad parameters, though it’s unclear if they specifically targeted the fact-checking sites. But that Google’s systems were able to place fake news ads on websites dedicated to truth-squadding reflects how the internet search giant continues to be used to spread misinformation. The issue has been in the spotlight for many internet companies, with Facebook, Twitter and Google all under scrutiny for how their automated ad systems may have been harnessed by Russians to spread divisive, false and inflammatory messages.

The Snopes and PolitiFact ads show how broad the problem of online misinformation can be, said David Letzler, research scientist at Impact Radius, a digital marketing intelligence firm. “Even websites whose mission is to promote accountability can inadvertently wind up getting used by snake oil salesmen,” he said.

«

link to this extract

Facebook and Google helped anti-refugee campaign in swing states • Bloomberg

Benjamin Elgin and Vernon Silver:

»

In the final weeks of the 2016 election campaign, voters in swing states including Nevada and North Carolina saw ads appear in their Facebook feeds and on Google websites touting a pair of controversial faux-tourism videos, showing France and Germany overrun by Sharia law. French schoolchildren were being trained to fight for the caliphate, jihadi fighters were celebrated at the Arc de Triomphe, and the “Mona Lisa” was covered in a burka.

“Under Sharia law, you can enjoy everything the Islamic State of France has to offer, as long as you follow the rules,” intoned the narrator of one ad.

Unlike Russian efforts to secretly influence the 2016 election via social media, this American-led campaign was aided by direct collaboration with employees of Facebook and Google. They helped target the ads to more efficiently reach the intended audiences, according to internal reports from the ad agency that ran the campaign, as well as five people involved with the efforts.

«

Completely legal. Except the content isn’t true. But it’s all money. Who’s going to complain about that?

Every day brings more data about how Trump’s narrow electoral college victory – a smattering of votes in a few states – was enabled by the narrow targeting of untruths. It’s a victory built on the abuse of the new technology. I imagine the same was said about the first TV political ads; except everyone could see those. With these ads, we don’t know who sees them.
link to this extract

Google Pixel 2 XL review: A conflicted second coming • Pocket-lint

Chris Hall on the LG-made larger Google phone with its strangely tuned p-OLED display:

»

all eyes will be drawn to the colour balance on that display. Daily use feels lacklustre: the app icons just don’t look like the right tone and showing the phone to people they immediately assume you’re on battery saving mode or night light, when you’re not. That’s not an experience you get when watching movies where things are much better, although that’s an experience you’ll have to hunt for.

The result is that the Pixel 2 XL feels like a device that hasn’t quite delivered. It’s a twist in design that’s not as effective as others, the screen doesn’t look great and a camera that, although clever, only really keeps pace with others on the market. For an Android fan that’s likely to be a disappointment: the Pixel 2 XL was supposed to be the device to fend off the iPhone X. As it is, it doesn’t feel like it’s a strong enough rival.

That makes it hard to highly recommend the Pixel 2 XL, not at its £799 asking price.

«

link to this extract

The war to sell you a mattress is an internet nightmare • Fast Company

David Zax:

»

“Casper Sues Sleepopolis with Federal Lawsuit,” read the headline on the page I opened. The post was written by a guy named Derek Hales, the site’s proprietor. Derek’s photo showed a pale, skinny twentysomething with freckles and short red hair. I clicked around on his site. Derek Hales evidently took mattress reviewing seriously, rating the firmness of mattresses on a scale from one to 10, cutting them open to measure the exact thickness of the foam.

I returned to the page outlining the lawsuit.

“From the very first day Sleepopolis launched I knew I wanted to build something different,” wrote Derek. “Reviews rooted in honesty, transparency, integrity, and clarity, without the marketing speak or fluff. Guided by these principles I feel like Sleepopolis readers have the right to know that Casper Sleep has filed a federal lawsuit in New York, suing both Sleepopolis and me, personally.”

So it was true. I scratched my head. Casper was on its way to becoming a $750m company. It was the hottest of the bed-in-a-box disruptors, with investments from celebrities like Ashton Kutcher and Nas. And it was picking on some skinny blogger from Arizona?

«

This is your compulsory long read for today. Read it, and consider how many other sites might have been subverted in just the same way as happens in this story.

It’s also a terrific piece of journalism.
link to this extract

Errata, corrigenda and ai no corrida: email subscribers won’t have received Tuesday’s edition due to WordPress’s interface. (OK, I missed a tick off a box.) It’s here, if you missed it.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

From oil discovery to this guy (and a lawsuit): Auto-Tune had quite the genesis. Photo by Joe Shlabotnik on Flickr

A selection of 11 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

The flawed system behind the Krack Wi-Fi meltdown • WIRED

Lily Hay Newman:

»

“If there is one thing to learn from this, it’s that standards can’t be closed off from security researchers,” says Robert Graham, an analyst for the cybersecurity firm Erratasec. “The bug here is actually pretty easy to prevent, and pretty obvious. It’s the fact that security researchers couldn’t get their hands on the standards that meant that it was able to hide.”

The WPA2 protocol was developed by the Wi-Fi Alliance and the Institute of Electrical and Electronics Engineers (IEEE), which acts as a standards body for numerous technical industries, including wireless security. But unlike, say, Transport Layer Security, the popular cryptographic protocol used in web encryption, WPA2 doesn’t make its specifications widely available. IEEE wireless security standards carry a retail cost of hundreds of dollars to access, and costs to review multiple interoperable standards can quickly add up to thousands of dollars.

«

I’ve got an inkling what happened here. The proposal for WEP was widely available before being chosen as a standard, and it was demonstrated to be utterly flawed before becoming a standard. (Buy my book next year!)

I wonder if the IEEE was so embarrassed by that episode that it decided to erect paywalls around standards so that they wouldn’t be so open to examination by any random person who might be able to critique them – or, equally, to prevent a hacker discovering a zero-day and never disclosing it.
link to this extract

The mathematical genius of Auto-Tune • Priceonomics

Zachary Crockett on the inventor of this much-used product, who first retired – after making his fortune in oil discovery – in 1989:

»

Others who’d made an attempt at creating software had used a technique called feature extraction, where they’d identify a few key “variables” in the sound waves, then correlate them with the pitch. But this method was overly-simplistic, and didn’t consider the finer minutia of the human voice. For instance, it didn’t recognize dipthongs (when the human voice transitions from one vowel to another in a continuous glide), and, as a result, created false artifacts in the sound.

Hildebrand had a different idea. 

As an oil engineer, when dealing with massive datasets, he’d employed autocorrelation (an attribute of signal processing) to examine not just key variables, but all of the data, to get much more reliable estimates. He realized that it could also be applied to music:

“When you’re processing pitch, you add wave cycles to go sharp, and subtract them when you go flat. With autocorrelation, you have a clearly identifiable event that tells you what the period of repetition for repeated peak values is. It’s never fooled by the changing waveform. It’s very elegant.”

While elegant, Hildebrand’s solution required an incredibly complex, almost savant application of signal processing and statistics. When we asked him to provide a simple explanation of what happens, computationally, when a voice signal enters his software, he opened his desk and pulled out thick stacks of folders, each stuffed with hundreds of pages of mathematical equations.

“In my mind it’s not very complex,” he says, sheepishly, “but I haven’t yet found anyone I can explain it to who understands it. I usually just say, ‘It’s magic.’”

«

A great long read.
link to this extract

Apple Watch vs. Android Wear: why most all smartwatches suck for small wrists • iMore

Serenity Caldwell:

»

If wearable technology is the next big thing for our tech-connected society, why is Apple the only company paying attention to the smaller-wristed set? Lady or dude, there are quite a few people on this earth whose arms don’t resemble the trunk of a Sequoia tree — many of whom would be excited to use a smartwatch.

And for that reason, I love that Apple supports multiple sizes for the Apple Watch. Smartwatches are one of the more personal technology purchases available out there today, and the company is committed to making them accessible to people young, old, large, or small. Engineering LTE inside a 38mm Series 3 was no small feat; Apple could have limited it to the 42mm set, but it chose to attack the problem and make it accessible to all.

I can’t say the same for the rest of the smartwatch market. I’ve been looking avidly across the Android Wear (and Android Wear-adjacent, like Fitbit) lines since 2015 for alternative smartwatch options, but have struck out every time.

It’s not that I dislike my Apple Watch — it’d probably be my favorite smartwatch even if I were limited to a 42mm size. But I want to like Android Wear. Competition is good, and Android Wear does some smart things with notifications that I’d love to see over on the Apple side. Its hardware (mostly) isn’t terribly-designed, either: On the contrary, for those with applicably-sized wrists, the watches look quite natural.

«

The Android OEMs don’t have the incentive – they aren’t selling about an order of magnitude fewer than Apple – and (Huawei possibly excepted; Samsung doesn’t use Android Wear) they don’t have the technological capability.

Apart from that, nothing’s stopping them.
link to this extract

Russian journalists publish massive investigation into St. Petersburg troll factory’s U.S. operations • Meduza

“Meduza”

»

The Internet Research Agency, Russia’s infamous “troll farm,” reportedly devoted up to a third of its entire staff to meddling in U.S. politics during the 2016 presidential election. At the peak of the campaign, as many as 90 people were working for the IRA’s U.S. desk, sources told RBC, revealing that the entire agency employs upwards of 250 people. Salaries for staff working in the U.S. department apparently range from 80,000 to 120,000 rubles ($1,400 to $2,100) per month.

The head of the IRA’s U.S. desk is apparently a man originally from Azerbaijan named Dzheikhun Aslanov (though he denies any involvement with the troll factory).

In August and September this year, Facebook, Instagram, and Twitter suspended 118 communities and accounts run by the St. Petersburg “troll factory,” disabling a network capable of reaching 6 million subscribers. In 2016, at the height of the U.S. presidential campaign, this network reportedly produced content that reached 30 million people each week.

A source also told RBC that the Internet Research Agency spent almost $80,000 over two years, hiring roughly 100 local American activists to stage about 40 rallies in different cities across the United States. The activists were hired over the Internet, communicating in English, without their knowledge that they were accepting money or organizing support from a Russian organization. According to RBC, internal records from the IRA verify its role in these activities.

The main activity in the troll factory’s U.S. desk was to incite racial animosity (playing both sides of the issue), and promoting the secession of Texas, objections to illegal immigration, and gun rights.

«

link to this extract

An ex St. Petersburg ‘troll’ speaks out: Russian independent TV network interviews former troll at the Internet Research Agency • Meduza

“Meduza”:

»

According to “Max”, the IRA’s [Russia’s Internet Research Agency] “foreign desk” had open orders to “influence opinions” and change the direction of online discussions. He says this department within the agency considered itself above the “Russian desk,” which he claims is generally “bots and trolls.” The foreign desk was supposedly more sophisticated. “It’s not just writing ‘Obama is a monkey’ and ‘Putin is great.’ They’ll even fine you for that kind of [primitive] stuff,” Max told Dozhd. People in his department, he says, were even trained and educated to know the nuances of American social polemics on tax issues, LGBT rights, the gun debate, and more.

Max says that IRA staff were tasked with monitoring tens of thousands of comments on major U.S. media outlets, in order to grasp the general trends of American Internet users. Once employees got a sense of what Americans naturally discussed in comment forums and on social media, their job was to incite them further and try to “rock the boat.”

According to Max, the Internet Research Agency’s foreign desk was prohibited from promoting anything about Russia or Putin. One thing the staff learned quickly was that Americans don’t normally talk about Russia: “They don’t really care about it,” Max told Dozhd. “Our goal wasn’t to turn the Americans toward Russia,” he claims. “Our task was to set Americans against their own government: to provoke unrest and discontent, and to lower Obama’s support ratings.”

«

link to this extract

Publishers are already feeling pain from Apple’s move against ad tracking • Digiday

Ross Benes:

»

Programmatic publishers’ ad rates have taken a hit since Apple updated its Safari browser last month to prevent third parties from tracking users for more than 24 hours after a user visited a website. Although Apple’s move hurts publishers reliant on third-party data that advertisers depend on to target niche audiences at scale, publishers that sell their inventory directly say they aren’t affected by the Safari update.

“It has already had an impact on our revenue, and that will only be compounded as adoption [of Safari’s update] increases,” said Paul Bannister, co-founder of CafeMedia, which sells more than half of its impressions programmatically. “It’s hard to quantify what it will end up as since it’s so early still and lots of other variables are at play, but it’s a [measurable] impact.”

Because users didn’t update their operating systems all at once and Apple released the update near the end of a quarter, when ad rates tend to be higher, gauging the impact of Safari’s tracking change isn’t as simple as comparing monthly CPMs. Apple did not reply to an interview request for this story.

Bannister said CPMs on Safari are about 10% lower than what he’d expect them to be heading into the fourth quarter. CafeMedia gets about a third of its mobile traffic from Safari, which is in line with industry averages, according to NetMarketShare.

Since Apple’s Safari update, Ranker saw the gap between its yields on iOS and Android (which doesn’t use the Safari browser) increase by 8% in favor of Android, said Ranker CEO Clark Benson, who estimated that Apple’s move could potentially lead to a 1% to 2% drop in overall ad revenue.

«

I’m standing at the production line for the world’s tiniest violins, where output has been increased substantially.
link to this extract

Exclusive: Microsoft responded quietly after detecting secret database hack in 2013 • Reuters

Jospeh Menn:

»

Microsoft’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago, according to five former employees, in only the second known breach of such a corporate database.

The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it to Reuters in separate interviews. Microsoft declined to discuss the incident.

The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system. Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins.

The Microsoft flaws were fixed likely within months of the hack, according to the former employees. Yet speaking out for the first time, these former employees as well as US officials informed of the breach by Reuters said it alarmed them because the hackers could have used the data at the time to mount attacks elsewhere, spreading their reach into government and corporate networks.

“Bad guys with inside access to that information would literally have a ‘skeleton key’ for hundreds of millions of computers around the world,” said Eric Rosenbach, who was US deputy assistant secretary of defense for cyber at the time.

«

Smart move by the hackers.
link to this extract

Toshiba smacks down down ‘ransomware killed flash factory’ report • The Register

Simon Sharwood:

»

Taiwan’s Digitimes, which often finds news from deep in the supply chain, on Monday reported that Toshiba halted production for three to six weeks while it sorted out a ransomware mess. Doing so, the report suggested, saw production of 100,000 wafers deferred.

The outlet pondered that the supposed shutdown may be helping contribute to ongoing high memory prices.

Analyst firm DRAMeXchange, which specialises in solid-state memory, reached in to the supply chain and found no evidence of missing shipments. The firm’s senior research manager Alan Chen said “there is no module supplier suspending quotes or shipments after knowing this information.”

Chen didn’t rule out a disruption of some sort, saying “This incident is expected to be resolved immediately with Toshiba quickly ramping up production to lower or fully compensate for the wafer deficit.”

But Toshiba did smack it down: the company’s media relations team told The Register “There is no such a fact that Toshiba Memory’s Yokkaichi Operation is suspending its production line as reported in DigiTimes.”

«

Hasn’t quite denied the ransomware report, though. Only that it hasn’t suspended production. People scoff at Digitimes, but it’s well-sourced within the supply chain.
link to this extract

The new MacBook keyboard is ruining my life • The Outline

Casey Johnston:

»

My [MacBook Pro] was getting its third diagnostic test in 45 minutes. The problem was not that its logic board was failing, that its battery was dying, or that its camera didn’t respond. There were no mysteriously faulty innerworkings. It was the spacebar. It was broken. And not even physically broken — it still moved and acted normally. But every time I pressed it once, it spaced twice.

“Maybe it’s a piece of dust,” the Genius had offered. The previous times I’d been to the Apple Store for the same computer with the same problem — a misbehaving keyboard — Geniuses had said to me these exact same nonchalant words, and I had been stunned into silence, the first time because it seemed so improbable to blame such a core problem on such a small thing, and the second time because I couldn’t believe the first time I was hearing this line that it was not a fluke. But this time, the third time, I was ready. “Hold on,” I said. “If a single piece of dust lays the whole computer out, don’t you think that’s kind of a problem?”

In every other computer I’ve owned before I bought the latest MacBook Pro last fall, fixing this would have begun by removing the key and peering around in its well to see if it was simply dirty. Not this keyboard. In fact, all of Apple’s keyboards are now composed of a single, irreparable piece of technology. There is no fixing it; there is only replacing half the computer.

«

This seems to be a problem. Rather as with USB-C, Apple jumped in, but the water hasn’t been lovely.
link to this extract

A startup funded by iPod creator Tony Fadell is suing Andy Rubin’s new company over smartphone trade secrets • Reuters

Stephen Nellis:

»

Keyssa has been working since 2009 on a chip for mobile phones to transfer large amounts of data without using wires or Wi-Fi connections. In August, Keyssa said it was partnering with Samsung, Foxconn parent Hon Hai Precision Industry and others to make its technology a standard feature on mobile phones.

In September, the Essential Phone was released. One of the first devices on the market to feature a wireless connector, the phone uses it to communicate with a camera accessory the company released at the same time.

Keyssa alleged in its lawsuit that Essential engaged in technology and design discussions with Keyssa for 10 months but ultimately ended the relationship. In November 2016, Essential said it would use a competing chip from SiBEAM, a division of Lattice Semiconductor, the lawsuit alleges.

Keyssa alleged that despite Essential’s use of a different chip, the final Essential Phone design incorporates many of the techniques developed by Keyssa to make wireless connectors function well in a phone, from antenna designs to methods for testing phones on the manufacturing line.

«

Headline from CNBC, but story from Reuters. Essential is really getting hit by trucks.
link to this extract

Apple explored buying a medical-clinic startup as part of a bigger push into health care • CNBC

Christina Farr:

»

The discussions have been happening inside Apple’s health team for more than a year, one of the people said. It is not yet clear whether Apple would build out its own network of primary care clinics, in a similar manner to its highly successful retail stores, or simply partner with existing players.

It’s also possible Apple will just decide not to make this move.

Some experts see a move into primary care as a way to build out its retail footprint. Apple’s worldwide network of more than 300 stores has been one of its most important sales channels.

Canaan’s Nina Kjellson, a prominent health tech investor who has no knowledge of Apple’s plans, believes the move is plausible. “It would help build credibility with Apple Watch and other health apps,” she explained.

“Apple has cracked a nut in terms of consumer delight, and in the health care setting a non-trivial proportion of satisfaction comes from the quality of interaction in the waiting room and physical space,” she continued.

«

It seems a bit excessive to buy that sort of chain, though maybe they would be good for selling the Watch. Also perhaps if there were apps much more tightly tailored for health and more particularly medical needs.
link to this extract

Errata, corrigenda and ai no corrida: none notified

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Yes, it’s green-on-black typing. You know what that means? Hacking. Photo by Christiaan Colen on Flickr.

A selection of 13 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Apple says ‘KRACK’ Wi-Fi vulnerabilities are already patched in iOS, macOS, watchOS, and tvOS betas • Mac Rumors

Juli Clover:

»

Apple has already patched serious vulnerabilities in the WPA2 Wi-Fi standard that protects many modern Wi-Fi networks, the company told iMore’s Rene Ritchie this morning.

The exploits have been addressed in the iOS, tvOS, watchOS, and macOS betas that are currently available to developers and will be rolling out to consumers soon.

Disclosed just this morning by researcher Mathy Vanhoef, the WPA2 vulnerabilities affect millions of routers, smartphones, PCs, and other devices, including Apple’s Macs, iPhones, and iPads.

Using a key reinstallation attack, or “KRACK,” attackers can exploit weaknesses in the WPA2 protocol to decrypt network traffic to sniff out credit card numbers, usernames, passwords, photos, and other sensitive information. With certain network configurations, attackers can also inject data into the network, remotely installing malware and other malicious software.

«

Slightly pushing it with the use of “already” there, given that this has been disclosed for months for vendors to get on top of it. But perhaps they couldn’t fix it in time for 11.0.
link to this extract

41% of Android phones are vulnerable to ‘devastating’ Wi-Fi attack • The Verge

Tom Warren:

»

Android 6.0 and above contains a vulnerability that researchers claim “makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices.” 41% of Android devices are vulnerable to an “exceptionally devastating” variant of the Wi-Fi attack that involves manipulating traffic. Attackers might be able to inject ransomware or malware into websites thanks to the attack, and Android devices will require security patches to protect against this. Google says the company is “aware of the issue, and we will be patching any affected devices in the coming weeks.”

Although most devices appear to be vulnerable to attacks reading Wi-Fi traffic, the exploit doesn’t target access points. The attack exploits vulnerabilities in the 4-way handshake of the WPA2 protocol, a security handshake that ensures client and access points have the same password when joining a Wi-Fi network.

As this is a client-based attack, expect to see a number of patches for devices in the coming weeks. Researchers sent out notifications to specific vendors in July, and a broad notification was distributed in late August. Security researchers note that it’s not worth changing your Wi-Fi password as this won’t help prevent attacks, but that it’s worth updating router firmware and all client devices to the latest security fixes.

«

link to this extract

Wi-Fi (WPA2 security) is broken – here’s the companies that have already fixed it • Charged

Owen Williams:

»

The implications of this new attack are pretty scary sounding, and the news is still developing but a few things are fairly clear:

• Almost every mobile/desktop device on the planet is affected and needs patching
• Your router will need a software update at some point
• Nobody will know how to update their router, or how to check if it’s patched

If you’re affected (and you almost certainly are) it’s important to check if your devices can be patched immediately. Not just your router, but whatever you’re using to get online too. 

To be clear, however, the most important fix to apply is the one for your phones, laptops and other devices. The data transmitted by these devices could now be exposed. 

«

There are quite a few sites which are keeping rolling lists of who has and hasn’t offered an update. The risk, of course, is to people who are using old devices which will never get an update. There’s also some risk to products – hello Internet of Things! – which can’t or won’t be updated.

The crack is nothing like as bad as that affecting WEP (which was flawed even before it was released; it could be cracked by anyone within an hour). But it is significant.

link to this extract

Malta car bomb kills Panama Papers journalist • The Guardian

Juliette Garside:

»

The journalist who led the Panama Papers investigation into corruption in Malta was killed on Monday in a car bomb near her home.

Daphne Caruana Galizia died on Monday afternoon when her car, a Peugeot 108, was destroyed by a powerful explosive device which blew the car into several pieces and threw the debris into a nearby field.

A blogger whose posts often attracted more readers than the combined circulation of the country’s newspapers, Caruana Galizia was recently described by the Politico website as a “one-woman WikiLeaks”. Her blogs were a thorn in the side of both the establishment and underworld figures that hold sway in Europe’s smallest member state.

Her most recent revelations pointed the finger at Malta’s prime minister, Joseph Muscat, and two of his closest aides, connecting offshore companies linked to the three men with the sale of Maltese passports and payments from the government of Azerbaijan.

No group or individual has come forward to claim responsibility for the attack…

…In a statement, Muscat condemned the “barbaric attack”, saying he had asked police to reach out to other countries’ security services for help identifying the perpetrators.

“Everyone knows Ms Caruana Galizia was a harsh critic of mine,” Muscat at a hastily convened press conference, “both politically and personally, but nobody can justify this barbaric act in any way”.

«

link to this extract

The world once laughed at North Korean cyberpower. No more • The New York Times

David Sanger, David Kirkpatrick and Nicole Perlroth:

»

just as Western analysts once scoffed at the potential of the North’s nuclear program, so did experts dismiss its cyberpotential — only to now acknowledge that hacking is an almost perfect weapon for a Pyongyang that is isolated and has little to lose.

The country’s primitive infrastructure is far less vulnerable to cyberretaliation, and North Korean hackers operate outside the country, anyway. Sanctions offer no useful response, since a raft of sanctions are already imposed. And Mr. Kim’s advisers are betting that no one will respond to a cyberattack with a military attack, for fear of a catastrophic escalation between North and South Korea.

“Cyber is a tailor-made instrument of power for them,” said Chris Inglis, a former deputy director of the National Security Agency, who now teaches about security at the United States Naval Academy. “There’s a low cost of entry, it’s largely asymmetrical, there’s some degree of anonymity and stealth in its use. It can hold large swaths of nation state infrastructure and private-sector infrastructure at risk. It’s a source of income.”

Mr. Inglis, speaking at the Cambridge Cyber Summit this month, added: “You could argue that they have one of the most successful cyberprograms on the planet, not because it’s technically sophisticated, but because it has achieved all of their aims at very low cost.”

It is hardly a one-way conflict: By some measures the United States and North Korea have been engaged in an active cyberconflict for years.

«

I’m writing a book about hacking (to be published next year); one of the chapters is about the Sony Pictures hack in late 2014, which was by North Korea. At the time, lots of people dismissed the idea. But they overlooked Kim Jong-un’s understanding when he took over that cyberwarfare has gigantic returns – and huge deniability. It’s almost the opposite of nuclear weapons.
link to this extract

Dead-end UX: the big problem that Facebook, Twitter, and others need to solve • Co.Design

»

I think I broke my Facebook.

That might sound like something your Luddite aunt would say, but I’m being serious. It started about two years ago, when, in a fit of annoyance at all the baby pictures flooding my news feed, I systematically unfollowed every single person and organization in my network except the actual news outlets. That promptly turned my sprawling social network of friends, frenemies, and strangers into a mere news reader plugged into just a half-dozen publications. Problem solved! No more updates about people’s lives.

Two years later, this seems like a grave mistake. I find myself curious about what people are doing. I’m falling behind in real-life conversations about what’s happening with friends. Put another way, it’s literally impossible for me to use Facebook for its original purpose. There’s a follow-on effect that I didn’t realize either: If you unfollow people on Facebook, you drop out of their Facebook feed as well. So now, whenever I have something I really want to share–a new job, or the final draft of the book I’ve been writing for years–I’m met with crickets. I’m stranded on the digital equivalent of a deserted island.

There’s no obvious way to get off this island. I could manually re-follow everyone I unfollowed. But even if I do that, I have no idea if Facebook automatically makes them follow me. For all intents and purposes, my Facebook is ruined. And I suspect that over time, you’re ruining yours without even realizing it.

«

And in time, you’ll find yourself stuck in a form of this situation – he calls it dead-end UX – which makes it no fun to use that network. And then you’ll abandon it. But he has a great idea for fixing it.
link to this extract

Foxconn begins shipping iPhone X, says report • Digitimes

Steve Shen:

»

Foxconn Electronics (Hon Hai) has started shipping iPhone X devices, with the first batch of 46,500 units already being shipped out from Zhengzhou and Shanghai to the Netherlands and United Arab Emirates (UAE), respectively, according to a China-based Xinhuanet.com report.

Apple said previously that it will begin to take pre-sale orders for iPhone X on October 27 and start delivering the devices on November 3.

However, the first-batch shipments of the iPhone X units were much lower than the previous iPhone models, which apparently will make the iPhone X one of the most difficult-to-find smartphone these days, according to a Chinese-language Commercial Times report.

Although Foxconn has ramped up its output of iPhone X to 400,000 units a week recently from the previous 100,000 units, the increased production still cannot meet market demand, said the report, citing data from Rosenblatt.

«

Those are really tiny numbers compared to the demand that’s sure to be out there.
link to this extract

‘Worse than KRACK’ — Google and Microsoft hit by massive five-year-old encryption hole • Forbes

Thomas Fox-Brewster:

»

to former NSA staffer and chief of cybersecurity company RenditionSec, Jake Williams, the ROCA issue is more severe than KRACK. The latter was only executable within Wi-Fi range, while it’s uncertain as to whether patches will be rolled out widely for ROCA, given it’s a more esoteric issue, he added. The vulnerability has also been present in affected devices since at least 2012.

Williams theorized two attacks over ROCA. First, by abusing code signing certificates, used to validate software is coming from a legitimate, trusted source. “Given a code signing certificate’s public key (which an organization has to publish), an attacker could derive the private key allowing them to sign software impersonating the victim,” Williams said. Given the kinds of attacks that have recently relied on fake software updates (remember the NotPetya ransomware and the CCleaner infection), this could be a serious threat.

An attacker could also potentially fool a Trusted Platform Module (TPM) — a specialized chip on a computer or smartphone that stores RSA encryption keys – to run malicious, untrusted code, Williams added. “The TPM is used to ensure the code used to boot the kernel is valid. Bypassing a TPM could allow the attacker to perform an inception style attack where they virtualize the host operating system. There are dozens of other variations of attacks, but these Infineon chips are huge in hardware security modules (HSMs) and TPMs,” he warned.

«

This is the article to read if you want to understand this (very serious) pitch.
link to this extract

Latest Adobe Flash vulnerability allowed hackers to plant malware • Engadget

Mallory Locklear:

»

Kaspersky Labs reports that a new Adobe Flash vulnerability was exploited by a group called BlackOasis, which used it to plant malware on computers across a number of countries. Kaspersky says the group appears to be interested in Middle Eastern politics, United Nations officials, opposition activists and journalists, and BlackOasis victims have so far been located in Russia, Iraq, Afghanistan, Nigeria, Libya, Jordan, Tunisia, Saudi Arabia, Iran, the Netherlands, Bahrain, United Kingdom and Angola.

The attack took place on October 10th and the malware planted by BlackOasis is a commercial product called FinSpy or FinFisher, typically sold to governments and law enforcement agencies. Kaspersky notified Adobe of the vulnerability and it has since released a Flash Player security update for Windows, Macintosh, Linux and Chrome OS. Kaspersky said that it believes BlackOasis, which it has been tracking since last year, was behind a similar exploit in September.

«

There is no longer any rational reason to keep using Flash. Honestly, there isn’t. It’s a mess of vulnerabilities.
link to this extract

US buyers favor iPhone 7 over 8: research • Reuters

Supantha Mukherjee and Tanya Agrawal:

»

“Many respondents indicated that a meaningful portion of customers are buying iPhone 7 in lieu of the new iPhone 8, given the lack of significant enhancements in the new phone,” KeyBanc analyst John Vinh wrote in a client note.

Vinh also said feedback from stores indicated that customers were waiting to purchase the iPhone X or to compare the iPhone X with other models before buying the iPhone 8.

Apple last month introduced the iPhone 8 and iPhone 8 Plus, which resemble the iPhone 7 but have a glass back for wireless charging. While iPhone 8 starts from $699 in the United States, iPhone 7 is retailing from $549 after a price cut.

The iPhone X, a glass and stainless steel device with an edge-to-edge display, will start shipping from Nov. 3. The 10th-anniversary iPhone is priced from $999 – Apple’s most expensive mobile till date.

One investor in Apple’s shares played down any concern around a dip in sales of the iPhone 7 or 8, given the much-anticipated debut of iPhone X.

“Worrying about any small down-tick in margins from the sale of the iPhone 7 or 8 is a wrong-headed way to look at it as iPhone X is really the flagship device where we’re going to see a strong upgrade cycle,” said Jason Ware, chief investment officer of Albion Financial Group.

«

link to this extract

The scale of tech winners • Benedict Evans

On the fact that the big tech companies nowadays are a lot bigger than the past ones (specifically, Microsoft + Intel):

»

Scale means these companies can do a lot more. They can make smart speakers and watches and VR and glasses, they can commission their own microchips, and they can think about upending the $1.2tr car industry. They can pay more than many established players for content – in the past, tech companies always talked about buying premium TV shows but didn’t actually have the cash, but now it’s part of the marketing budget. Some of these things are a lot cheaper to do than in the past (smart speakers, for example, are just commodity smartphone components), but not all of them are, and the ability to do so many large experimental projects, as side-projects, without betting the company, is a consequence of this scale, and headcount.

On the other hand, that the market is big enough for four tech giants, not just one (Wintel) partnership, means we have four companies aggressively competing and cooperating with each other, and driving each other on, and each trying somehow to commoditise the others’ businesses. None of them quite pose a threat to the others’ core – Apple won’t do better search than Google and Amazon won’t do better operating systems than Apple. But the adjacencies and the new endpoints that they create do overlap, even if these companies get to them from different directions, and as consumers we all benefit. If I want a smart speaker, I can choose from two with huge, credible platforms behind them today, and probably four in six months, each making them for different reasons with different philosophies. No-one applied that kind of pressure to Microsoft.

How do the mice do when there are four elephants fighting it out? As we saw with first GoPro and now perhaps Sonos, if you’re riding the smartphone supply chain cornucopia but can’t construct a story further up the stack, around cloud, software, ecosystem or network effects, you’re just another commodity widget maker. And the aggressive competition in advertising products from Google, Facebook and now to some extent Amazon has taken a lot of the oxygen away from anyone else.

«

link to this extract

While Apple is taking away buttons, we found a way to add one • Astro HQ

Savannah Reising on the company’s search for a new UI element for its iPad app:

»

We set out to find an alternative to the Astropad ring. The obvious first option was to make a new gesture, but we realized pretty quickly that there was limited room for this. Every edge of the iPad is already occupied with an existing gesture: swipe up for your dock, left to search, and down for notifications. We really needed something novel to work with.

Our Astro HQ cofounder Giovanni Donelli said that the idea to turn the camera into a button came like lightning, “I had been staring at a white bezel iPad for so long, and I kept wishing there was another home button we could use. My eyes kept falling on the camera, and I really wanted to touch it!” Giovanni built an initial prototype of the Camera Button within an hour.

Turning the camera into a reliably functioning button didn’t come without challenges. In total, we spent four months of continuous engineering efforts to get past these hurdles…

«

Once you see it, it’s completely obvious – like all the great ideas. Though this does remind me of the Camera+ hack, which years ago found a way to make the camera fire by pressing the volume button. Apple then blocked it. Then, uh, stole it: you can now take pictures on iPhones by pressing the volume button. Not sure if Astro is going to go through the same. Hope not.
link to this extract

My Oculus Rift has migrated from my desk, to my closet, to storage • Forbes

Paul Tassi:

»

A few years ago, my wife convinced me that we had to buy a $400 juicer. It’ll make us healthier, the juice will taste great, and it’ll be fun to use, she said. I eventually agreed, and we made some carrot juice and orange juice that did taste pretty good. But after dumping eight pounds of pulp into the trash, we put it in a box and never used it again. Now, every time she wants to buy X or Y questionable, expensive thing, my go-to snarky reply is “remember the juicer?”

Unfortunately, now I have my own juicer.

It’s called the Oculus Rift.

«

This story surely repeated many times around the world.
link to this extract

Errata, corrigenda and ai no corrida: Sophie Warnes’s newsletter is called Fair Warning, not Fiar Warning. You should still sign up, however it’s spelled.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

USB-C from USB-A: where did it all go wrong? Photo by sniggie on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Google, Facebook, and Twitter need a new approach to tackling chaos • WIRED

Karen Wickre:

»

As the October 1 massacre in Las Vegas unfolded, Google displayed “news” results from rumor mills like 4Chan, and Facebook promulgated rumors and conspiracy theories, sullying the service on which, according to Pew Research, 45% of American adults get their news. Meanwhile, the rapid-fire nature of Twitter led users to pass along false information about missing people in the aftermath.
All of these cases signify the central place a number of digital services have staked out in our lives. We trust our devices: We trust them to surface the correct sources in our information feeds, we trust them to deliver our news, and we trust them to surface the opinions of our friends. So the biggest and most influential platforms falling prey to manipulations upsets that trust—and the order of things.

It’s hard to square the global power, reach, and ubiquity of these massive platforms with their youth: Google just turned 19. Facebook is 13. Twitter is 11 and a half. (None, in other words, out of their teens!) Until recently, widespread digital malfeasance was relatively rare on these young platforms. But in a world that increasingly seems dystopian, we now expect security breaches, hacks, purposeful fakery— all of it more or less constantly across the online services and tools we use. Whether the aim is financial, political, or even just hacking for hacking’s sake, the fact that so many of us live and work online means we are, collectively, an attractive and very large target.

«

link to this extract

Fixing Twitter: why Twitter is broken and why reputation systems can help (part 1 of 2) • Chuq Von Rospach

von Rospach has handled lots of communities – first at Apple, then at Palm:

»

Ultimately the problem at Twitter is a policy problem and a community management problem, which is why it’s been of interest to me. The first challenge of community management is that it doesn’t scale well. A community manager can handle a small group — depending on the population into a few tens of thousands — successfully, but as the group continues to grow the ability to cover it well and consistently becomes a challenge.

Now, grow that problem from tens of thousands to tens or hundreds of millions. You literally couldn’t hire enough talent to cover a community that size the way you would a smaller one. Youtube has 300 hours of video uploaded to it per minute. Stop and imagine the scale of a group charged to review and approve that content.

So you can’t hire your way out of the problem. You need technology. Technology pushes us in the other direction, though, where companies become overly reliant on algorithms to solve the problem. A good example of this kind of thinking is the most recent complaint about Facebook where it was found people could target ads to groups like “Jew Hater”. Facebook’s answer to this? More human oversight. Where did this problem come from? Building a system that assumed that the technology would prevent problems. Which it did: only it can only solve problems the humans know to program it for, and this wasn’t one of them.

So the answer to solving these problems is to use technology to amplify and leverage a human component.

My tool of choice? A reputation system driven by a Machine Learning setup…

…A quick digression on this challenge: back when I was working as Community Manager at Palm, I went to a meeting with a product manager to talk about proposed pages to the App Store. Her proposal was to add buttons for people to report apps that were abusive or contained inappropriate materials. Her plan was if we got those reports, those apps would be pulled from the store for evaluation.

My first question to her was “How do you think this will work when developers start flagging their competitors to get them pulled from the store?” And her response was simply “They’d do that?”

That was, I think, the moment I realized I needed to leave Palm. And here’s an important hint for success: don’t let people who aren’t community users and managers design your communities. Bad things will happen.

«

Read the second part too.
link to this extract

Qualcomm seeks China iPhone ban, expanding Apple legal fight • Bloomberg

Ian King:

»

Qualcomm’s suits are based on three non-standard essential patents, it said. They cover power management and a touch-screen technology called Force Touch that Apple uses in current iPhones, Qualcomm said. The inventions “are a few examples of the many Qualcomm technologies that Apple uses to improve its devices and increase its profits,” Trimble said.

Apple said the claim has no merit. “In our many years of ongoing negotiations with Qualcomm, these patents have never been discussed,” said Apple spokesman Josh Rosenstock. “Like their other courtroom maneuvers, we believe this latest legal effort will fail.”

Qualcomm made the filings at the Beijing court on Sept. 29. The court has not yet made them public.

“This is another step to get Apple back to the negotiating table,” said Mike Walkley, an analyst at Canaccord Genuity Inc. “It shows how far apart they are.”

There’s little or no precedent for a Chinese court taking such action at the request of a U.S. company, he said. Chinese regulators would also be concerned that a halt of iPhone production would cause layoffs at Apple’s suppliers such as Hon Hai Precision Industry Co., which are major employers.

«

Not quite sure how Qualcomm can claim that Force Touch touches (aha) its patents – if that were the case wouldn’t more non-Apple phones use it? And it seems like an odd time to notice this, two years after it was introduced. But everyone reckons that if Apple loses this case, it’ll settle at once.
link to this extract

Want to see something crazy? Open this link on your phone with WiFi turned off • Medium

Philip Neustrom:

»

Want to see something crazy? Open this link on your phone with WiFi turned off:
https://bit.ly/crazymobiledemo

Click “Begin,” enter the ZIP code and then click “See Underlying Data.”

What you should see is your home address, phone number, cell phone contract details, and — depending on what kind of cell phone towers you’re currently connected to — a latitude and longitude describing the current location of your cell phone…

…In 2003, news came to light that AT&T was providing the DEA and other law enforcement agencies with no-court-warrant-required access to real time cell phone metadata. This was a pretty big deal at the time.

But what these services show us is even more alarming: US telcos appear to be selling direct, non-anonymized, real-time access to consumer telephone data to third party services — not just federal law enforcement officials — who are then selling access to that data.

Given the trivial “consent” step required by these services and unlikely audit controls, it appears that these services could be used to track or de-anonymize nearly anyone with a cell phone in the United States with potentially no oversight.

«

I haven’t confirmed that this works (because I’m not in the US). But others are very worried by it.
link to this extract

After second bungle, IRS suspends Equifax’s “taxpayer identity” contract • Ars Technica UK

David Kravets:

»

Last week we brought news that the Internal Revenue Service awarded a $7.2m contract to Equifax to allow Equifax to “verify taxpayer identity.” The contract was awarded days after Equifax announced it had exposed the personal data, including Social Security numbers, of about 145 million people.

The tax-collecting agency is now temporarily suspending the contract because of another Equifax snafu. The Equifax site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which, when clicked, infected visitors’ computers with adware that was detected by just three of 65 antivirus providers. The development means that at least for now, taxpayers cannot open new Secure Access accounts with the IRS. Secure Access allows taxpayers to retrieve various online tax records and provides other “tax account tools” to those who have signed up.

An “alert” on the IRS website says the Secure Access service “is unavailable for new users at this time.” The alert notes that taxpayers who already have an account can “continue the login process.”

The message ends by saying “We apologize for any inconvenience.”

«

Equifax might begin to suffer death by a thousand cuts if stuff like this continues. At the very least, it’s a toxic brand right now for consumers.
link to this extract

The impossible dream of USB-C • Marco.org

Marco Arment:

»

I love the idea of USB-C: one port and one cable that can replace all other ports and cables. It sounds so simple, straightforward, and unified.

In practice, it’s not even close.

USB-C normally transfers data by the USB protocol, but it also supports Thunderbolt… sometimes. The 12-inch MacBook has a USB-C port, but it doesn’t support Thunderbolt at all. All other modern MacBook models support Thunderbolt over their USB-C ports… but if you have a 13-inch model, and it has a Touch Bar, then the right-side ports don’t have full Thunderbolt bandwidth.

If you bought a USB-C cable, it might support Thunderbolt, or it might not. There’s no way to tell by looking at it. There’s usually no way to tell whether a given USB-C device requires Thunderbolt, either — you just need to plug it in and see if it works.

«

And he hasn’t even got onto power charging yet. USB-C is a hot mess, and quite how it got into this hot mess is surely an object lesson in how not to design “standards”.
link to this extract

Sorting visualizations album • Imgur

The fabulously named Fishy McFishFace provides visual illustrations of a number of the different sorting algorithms in broad use in computing:

»

First up: Bubble Sort
Generally one of the very first algorithms learned when you’re introduced to this stuff in programming classes. Bubble sort finds the largest value in a set and “bubbles” it to the top. For this visualization, that’s the far right side. Everything further along the line than that value gets shifted down one spot, and then the algorithm goes back to the start and finds the next largest value to put at the end of what’s left. You can see the unsorted portion slowly being shifted down to the left, one iteration at a time, while the completely sorted portion grows from the right.

«

also includes Cocktail Sort, Radix Sort, Quick Sort, Insertion Sort and many more. (Via Sophie Warne’s Fiar Warning newsletter. The visuals for each one are amazing; one starts guessing which is the fastest. You should sign up.)
link to this extract

A new iPhone X feature was just discovered and it’s sheer brilliance • BGR

Zach Epstein:

»

Apple really had to get creative to manage an iPhone X design that is almost all screen. In fact, a number of the company’s solutions to various design problems are strokes of brilliance. The perfect example is the way Apple manage to eliminate the bottom bezel that’s present on every other smartphone on the market. This bezel exists because there’s a display controller component at the bottom of every screen, and displays won’t function without them.

So how did Apple do it? Check out this image:

Apple used flexible display panels in the iPhone X so that it could fold the bottom of the screen underneath itself. This way, the display controller is actually positioned behind the screen itself, rather than behind a bottom bezel.

«

It’s very clever. All the talk about “flexible displays”, and Apple actually gets on and uses it. (Samsung hasn’t got rid of the bottom bezel, despite inventing this technology.)

The BGR story also discovers something it claims was “just uncovered” by Phone Arena – that notifications on the iPhone X lockscreen are only shown in full to the person whose face unlocks the screen. It’s neat, true, but it was being demonstrated when the phones were unveiled.
link to this extract

Following heavy criticism, OnePlus makes changes to its data collection policy • AndroidAuthority

Brian Reigh:

»

the company’s co-founder has taken to the official OnePlus forum to address some of the concerns. Specifically, Carl Pei says that there will be some much-needed changes in how the company collects user data in the future:

»

By the end of October, all OnePlus phones running OxygenOS will have a prompt in the setup wizard that asks users if they want to join our user experience program. The setup wizard will clearly indicate that the program collects usage analytics. In addition, we will include a terms of service agreement that further explains our analytics collection. We would also like to share we will no longer be collecting telephone numbers, MAC Addresses and WiFi information.

«

Pei emphasizes again that for existing users, usage analytics collection can be turned off by going into Settings – Advanced – Join user experience program. For new users, you will have the option to disable it during the initial setup.

Not to condone the company’s unauthorized collection of personal data, but information like reboot and charging timestamps could be useful for “after-sales support” indeed. However, I can’t help but conclude that the collection of phone numbers, MAC addresses, and Wi-Fi information was, plainly put, gross misconduct on the company’s part. And Pei’s simply stating that the company would stop collecting the said data from now on doesn’t absolve him from his duty owed to consumers to explain why it was necessary in the first place.

«

Reigh has said it all. Just stop collecting this data now.
link to this extract

Google is permanently removing Home Mini’s top touch functionality due to always-recording bug • 9to5Google

Justin Duino:

»

On October 10, Google confirmed that one of the Home Mini’s features — the ability to trigger Assistant by tapping on the top of the speaker — was defective on a select number of units. As the bug was causing the smart speaker to essentially listen and record its surroundings 24/7, Google quickly pushed out an update to disable this feature.

Google has now reached out to let us know that it has permanently removed the Assistant-specific touch functionality and will not bring it back…

»

We take user privacy and product quality concerns very seriously. Although we only received a few reports of this issue, we want people to have complete peace of mind while using Google Home Mini.

We have made the decision to permanently remove all top touch functionality on the Google Home Mini. As before, the best way to control and activate Google Home Mini is through voice, by saying “Ok Google” or “Hey Google,” which is already how most people engage with our Google Home products. You can still adjust the volume by using the touch control on the side of the device.

«

«

This stemmed from the experience of Artem Russakovskii of Android Police, as noted here last week. Google should probably be glad he discovered it: imagine the outcry if it had gone into full production with this happening.
link to this extract

Errata, corrigenda and ai no corrida: none notified

What’s happened to the mainframe programmers of the past? Photo by John Sloan on Flickr

Web readers! For next week, you can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Unharassed. I’m @charlesarthur on Twitter. Observations and links welcome.

Equifax website borked again, this time to redirect to fake Flash update • Ars Technica

Dan Goodin:

»

In May credit reporting service Equifax’s website was breached by attackers who eventually made off with Social Security numbers, names, and a dizzying amount of other details for some 145.5 million US consumers. For several hours on Wednesday, and again early Thursday morning, the site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors’ computers with adware that was detected by only three of 65 antivirus providers.

Randy Abrams, an independent security analyst by day, happened to visit the site Wednesday evening to check what he said was false information he had just found on his credit report. Eventually, his browser opened up a page on the domain hxxp//:centerbluray.info that looked like this:

He was understandably incredulous. The site that previously gave up personal data for virtually every US person with a credit history was once again under the influence of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo. Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he’d see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once.

«

The reason why people are prepared to believe they need a Flash update is that since 2010 the number of “critical” flaws has been over 50 annually – implying an update once a week on average. In 2015 the number of “critical” (not just trivial) flaws hit 294 – that’s roughly one update every working day.

So nobody is going to be surprised by a page that tells them to update Flash Player – except if they don’t have Flash Player installed. Which is the correct approach.

As for Equifax getting its site hacked – perhaps that shouldn’t be installed either.
link to this extract

Startup Magic Leap seeks $1bn funding, working on debut product • Reuters

Heather Somerville:

»

The new financing round comes as Magic Leap readies a long-awaited debut product, a headset that shows images overlaid against the real world, known as augmented reality. The company has been working on prototypes for years but has not yet had a product for consumers to buy. Despite this, it has raised $1.4bn from investors such as venture capital firm Andreessen Horowitz and e-commerce company Alibaba, giving it a valuation last year of $4.5bn.

Magic Leap has come under scrutiny for misleading investors with dazzling demonstrations of technology that will not actually be in the final product, and releasing marketing videos that purported to be Magic Leap technology but were actually created by special effects companies, according to a report in December by news site The Information.

While the company has been working in secret for years, releasing little information about its launch date, competitors such as Facebook Inc’s Oculus have gained ground.

«

Flipping biscuits. Even more money? If they don’t come up with a product some time soon they’re going to need the most astounding pivot in the history of the wheel.
link to this extract

The EPA owes us a reason for killing clean power plan • Bloomberg

Cass Sunstein:

»

When a company emits a ton of carbon dioxide, what damage has it caused, exactly? The answer is called the “social cost of carbon,” which may be the most important number that you’ve never heard of.

If the number is large, regulation of greenhouse gas emissions will be amply justified. If it is small, not so much. In proposing to scrap the Obama administration’s Clean Power Plan, the Environmental Protection Agency recently announced that the social cost of carbon is close to zero. Well, a bit higher than that, but not a lot.

More remarkably still, the EPA offered hardly any reasons for its decision. As Ring Lardner once put it: “Shut up, he explained.”…

…In 2010, the group [convened in part by Sunstein to price that social cost] produced a central value of $21 for the social cost of carbon. By 2016, new research resulted in an update, yielding a figure of $36.

For policy, that number matters, because it can play a big role in deciding on whether to go forward with numerous regulations — and in producing the chosen level of stringency. The group’s estimate was also upheld in court.

But science and economics continue to evolve. A more recent estimate, by Yale economist William Nordhaus (often mentioned as a candidate for the Nobel Prize), finds that the $36 figure is just a bit too high; he favors $31. Other experts think that $36 is far too low, with estimates ranging to $200 or higher.

The EPA’s figure under President Donald Trump? Maybe $1. Maybe as high as $6.

How did it get there? The EPA knew enough not to deny that climate change is occurring. The major driver behind its low number was its decision to consider only damage to the US – and to ignore damage to people in every other nation on the face of the planet.

«

“America First. Screw everyone else.”
link to this extract

The giant Piccadilly billboard is going to track cars to target ads • WIRED UK

Matthew Reynolds:

»

Cameras concealed within the screen will track the make, model and colour of passing cars to deliver more targeted adverts. Brands can even pre-program triggers so that specific adverts are played when a certain model of car passes the screen, according to Landsec, the company the owns the screens.

The giant screen replaces six separate screens that previously wrapped around the buildings at Piccadilly Circus, each one dedicated to a different brand. “This screen can be electronically carved up as opposed to having individual screens,” says Landsec portfolio director Vasiliki Arvaniti.

This also means that the entire screen can be taken up by a single advert – something that had been tried on earlier versions of the display, but didn’t really work with six screens of different sizes, made by different manufacturers…

…Landsec won’t say when exactly it’s planning on switching on the screen for the first time as it doesn’t want to cause overcrowding in the West End. When the screen does finally flicker into life, however, it’ll also provide free public Wi-Fi to people in the area.

That giveaway isn’t entirely altruistic, however. The big screen advertisers will be also sponsor the Wi-Fi landing page, so getting away from those adverts just got a little bit trickier.

«

No such thing as a free lunch, or free Wi-Fi.
link to this extract

Rejecting Sonos’ private data slurp basically bricks bloke’s boombox • The Register

Thomas Claburn:

»

Sonos’ policy change, outlined by chief legal officer Craig Shelburne, allows the gizmo manufacturer to slurp personal information about each owner, such as email addresses and locations, and system telemetry – collectively referred to as functional data – in order to implement third-party services, specifically voice control through Amazon’s Alexa software, and for its own internal use.

“If you choose not to provide the functional data, you won’t be able to receive software updates,” a Sonos spokesperson explained at the time. “It’s not like if you don’t accept it, we’d be shutting down your device or intentionally bricking it.”

A handful of customers, however, have managed to brick their Sonos speakers by refusing to accept the data harvesting terms accompanying version 7.4+ of the firmware and then subsequently updating their Sonos mobile app to a version out of sync with their legacy firmware.

In an email to The Register, a reader by the name of Dave wrote: “You should know that in the latest update it is now impossible to use the player without updating, effectively bricking my three devices. Numerous attempts to contact Sonos have met with silence on the issue, and the phone number in the app for support is no longer valid.”

The Register prodded a Sonos spokesperson, who reiterated that Sonos is not bricking the devices of privacy policy refuseniks.

However, the spinner acknowledged that a few people who have updated their apps, manually or through automatic updates, have ended up with software on their handsets that isn’t compatible with their firmware – which did not update because they would not accept the privacy policy change.

«

Easy to get this wrong. Also problematic.
link to this extract

Isis is facing near total defeat in Iraq and Syria – but it has been beaten and come back before • The Independent

Patrick Cockburn:

»

Isis is suffering heavy defeats but it would be premature to believe that it is totally out of business. Its commanders will have foreseen that, however hard they fought, they would lose Mosul and Raqqa in the end. To fight on they have prepared bunkers, weapons caches and food stocks in the deserts and semi-deserts between Iraq and Syria where they can hope to ride out the storm and perhaps make a comeback in a few years’ time. Isis succeeded in doing this before, after being defeated by the US and anti-Isis Sunni Arabs in 2006-08 but returning stronger than ever after 2011 when the political situation in the region favoured it once again.

This might happen a second time as the unwieldy combination of different states and movements, which includes everybody from the US and Iran to the Syrian army, Hezbollah in Lebanon and the Iraqi Shia paramilitaries, begins to fall apart. Nevertheless a rebirth of Isis looks unlikely because its explosion onto the world stage over the last three years so shocked international and regional powers that they will be wary of allowing Isis to recreate itself.

Isis does still have strengths: the latest recording of its leader Abu Bakr al-Baghdadi indicates that he is still alive and, so long as this is true, it will be difficult to declare his Caliphate quite dead.

«

link to this extract

Retiring mainframe programmers: should I care? • InfoQ

Don Denoncourt:

»

Shouldn’t those old mainframe applications just be rewritten? It ain’t that easy. Yeah, I know, you’ve heard about rewrites for years. But the reason why most of those Visual Basic, dBase III, and PHP apps (that’s right, I’m saying they weren’t mainframe apps) were rewritten every 5 years is because they weren’t written that well to begin with. Meanwhile, the mainframe apps have been running well for decades. The Return On Investment (ROI) for rewrites of mainframe applications just hasn’t been there. Case in point: In the mid ‘80s I wrote a traffic system for Hanover Brands Inc. that is still in use today.

But then there’s this retiring and expiring thing. Why not just bite the bullet and do the rewrite?

Rewrites are never easy and, for huge applications, they are often failures. Just a few weeks ago, I did a rewrite of a little, itty, bitty, PHP application to Ruby and Rails. Now, I’m pretty good with Ruby and OK with PHP but, even though it was just over a thousand lines, I still missed stuff. Mainframe Cobol and RPG applications are a wee bit more complex. It is common for an RPG program to be ten, and Cobol to be twenty, thousand lines long.

Multiply that by hundreds and hundreds of programs and you have an application that has a mega-million lines. Worse that that, many of those programs were written before modular programming techniques became available.

Typically, all variables in one of these behemoths are global. I remember, dozen years or so ago, I had a jest-quest in articles and seminars of a Diogenes-like search for a local variable in mainframe code. Diogenes never found an honest man and I had problems finding local variables in circa-70s code.

«

link to this extract

How Israel caught Russian hackers scouring the world for US secrets • The New York Times

Nicole Perlroth and Scott Shane:

»

Kaspersky’s researchers noted that [Israeli] attackers had managed to burrow deep into the company’s computers and evade detection for months. Investigators later discovered that the Israeli hackers had implanted multiple back doors into Kaspersky’s systems, employing sophisticated tools to steal passwords, take screenshots, and vacuum up emails and documents.

In its June 2015 report, Kaspersky noted that its attackers seemed primarily interested in the company’s work on nation-state attacks, particularly Kaspersky’s work on the “Equation Group” — its private industry term for the N.S.A. — and the “Regin” campaign, another industry term for a hacking unit inside the United Kingdom’s intelligence agency, the Government Communications Headquarters, or GCHQ.

Israeli intelligence officers informed the N.S.A. that in the course of their Kaspersky hack, they uncovered evidence that Russian government hackers were using Kaspersky’s access to aggressively scan for American government classified programs, and pulling any findings back to Russian intelligence systems. They provided their N.S.A. counterparts with solid evidence of the Kremlin campaign in the form of screenshots and other documentation, according to the people briefed on the events.

«

Israel worked with the US on Stuxnet; it would make sense that it would tell the US what it found.
link to this extract

The confrontation that fueled the fallout between Kaspersky and the U.S. government • Cyberscoop

Patrick Howell O’Neill:

»

In the first half of 2015, Kaspersky was making aggressive sales pitches to numerous U.S. intelligence and law enforcement agencies, including the FBI and NSA, multiple U.S. officials told CyberScoop. The sales pitch caught officials’ attention inside the FBI’s Counterterrorism Division when Kaspersky representatives boasted they could leverage their product in order to facilitate the capture of targets tied to terrorism in the Middle East. While some were intrigued by the offer, other more technical members of the intelligence community took the pitch to mean that Kaspersky’s anti-virus software could effectively be used as a spying tool, according to current U.S. intelligence officials who received briefings on the matter.

The flirtation between the FBI and Kaspersky went far enough that the bureau began looking closely at the company and interviewing employees in what’s been described by a U.S. intelligence official as “due diligence” after Counterterrorism Division officials viewed Kaspersky’s offerings with interest.

The examination of Kaspersky was immediately noticed in Moscow. In the middle of July 2015, a group of CIA officials were called into a Moscow meeting with officials from the FSB, the successor to the KGB. The message, delivered as a diplomatic démarche, was clear: Do not interfere with Kaspersky.

The démarche is not public and has not been previously reported on. A démarche typically comes from a foreign ministry and is addressed to another country’s diplomats in an effort to send a message and often to lodge a protest. Officials told CyberScoop that the 2015 document was worded as an objection to what the Russians deemed malicious interference against the Moscow company.

«

The whole Kaspersky incident is deeply puzzling.
link to this extract

Facebook and Twitter could face ‘online abuse levy’ – BBC News

Jane Wakefield:

»

Facebook and Twitter could be asked to pay for action against the “undeniable suffering” social media can cause, the culture secretary has said.

Cyber-bullying, trolling, abuse and under-age access to porn will be targeted in plans drawn up by Karen Bradley to make the online world safer. Ms Bradley wants social media groups to sign up to a voluntary code of practice and help fund campaigns against abuse. She also wants social media platforms to reveal the scale of online hate.

Almost a fifth of 12 to 15-year-olds have seen something they found worrying or nasty, and almost half of adults have seen something that has upset or offended them, on social media – according to the government.

Despite promising to introduce new laws regulating the internet in the Conservative Party’s manifesto, Ms Bradley told the BBC that legislating would take “far too long”. She said that the plan was for a “collaborative approach” with internet groups, adding that she sees a “willingness from them”.
She added: “Many of them say: ‘When we founded these businesses we were in our 20s, we didn’t have children… now we’re older and we have teenagers ourselves we want to solve this”.

«

What fresh nonsense is this? What sort of government thinks something is so important that it isn’t going to legislate it because that’s too slow? It’s like the negation of what government is for.

“Voluntary” codes are the classic “observe in letter but not spirit” thing. And on American companies? It’s a PR front which will change little.
link to this extract

Errata, corrigenda and ai no corrida: none notified

What if your phone is spying on you? Or a home device? Or you’re being phished? Or a government is after your data? Photo by ShellyS on Flickr.

A selection of 10 links for you. Word of the day: surveillance. I’m @charlesarthur on Twitter. Observations and links welcome.

OnePlus OxygenOS built-in analytics • Chris Moore

Moore was doing a holiday hack project, and happened to leave his OnePlus2 phone’s internet traffic going through an analyser, which showed some heading for open.oneplus.net:

»

OK, so it looks like they’re collecting timestamped (the ts field is the event time in milliseconds since unix epoch, which we’ll be seeing more of) metrics on certain events, some of which I understand – from a development point of view, wanting to know about abnormal reboots seems legitimate – but the screen on/off and unlock activities feel excessive. At least these are anonymised, right? Well, not really – taking a closer look at the ID field, it seems familiar; this is my phone’s serial number. This I’m less enthusiastic about, as this can be used by OnePlus to tie these events back to me personally (but only because I bought the handset directly from them, I suppose).

I leave the traffic proxied for some time, to see what other information is collected, and boy am I in for a shock…
[picture shows the data flow…]

Amongst other things, this time we have the phone’s IMEI(s), phone numbers, MAC addresses, mobile network(s) names and IMSI prefixes, as well as my wireless network ESSID and BSSID and, of course, the phone’s serial number. Wow, that’s quite a bit of information about my device, even more of which can be tied directly back to me by OnePlus and other entities.

It gets worse.
[picture shows more data slows]

Those are timestamp ranges (again, unix epoch in milliseconds) of the when I opened and closed applications on my phone. From this data we can see that on Tuesday, 10th Jan 2017, I had Slack open between 20:25:40 UTC and 20:25:52 UTC, and the Microsoft Outlook app open between 21:38:41 UTC and 21:38:53 UTC, to take just two examples, again stamped with my phone’s serial number.

It gets even worse.

«

Basically, surveilling you; you have to remove the OnePlus Device Manager app, which isn’t trivial.

Next question: how many other Android smartphones do this on the quiet? If OnePlus does, presumably other Oppo and vivo phones do too. And those sites will be targets for hackers.
link to this extract

Equifax says 15.2 million UK records exposed in cyber breach • Reuters

John McCrank:

»

Credit reporting agency Equifax Inc said on Tuesday that 15.2 million client records in Britain were compromised in the massive cyber attack it disclosed last month, including sensitive information affecting nearly 700,000 consumers.

The US-based company said 14.5 million of the records breached, which dated from 2011 to 2016, did not contain information that put British consumers at risk.

Overall, around 145.5 million people, mostly in the United States, had their information compromised, including Social Security numbers, birth dates and addresses.

«

Marvellous. Expect phishing attacks based around this soon too.
link to this extract

Google is nerfing all Home Minis because mine spied on everything I said 24/7 [Update] • Android Police

Artem Russakovskii:

»

Without fail, every time a new listening device comes to market, some tinfoil hat-wearer points out how perfect they would be as modern-day Trojan horses for any of the three-letter acronym organizations – NSA, CIA, FBI – you name it. Manufacturers, on their part, assure us their devices are perfectly safe and only listen when prompted. We brush the concerns off and move on with our lives, but not before granting our smart pineapples (did you know “pineapple” is the codename for Google Home?) access to the smart rice maker, smart vacuum, and smart toothbrush.

I didn’t give too much thought to these privacy concerns because they all sounded theoretical and unlikely. My four Google Homes and three Echos sat quietly on their respective desks and counters, and only turned on when one of three things happened:

• I called out a hotword (Alexa for Echos and Hey or OK Google for Homes).
• A video I was watching or podcast I was listening to did this (I’m looking at you, Marques!)
• They heard a noise or word that they thought sounded like a hotword but in reality was not. This happened once or twice every few days.

That is until last week, when a 4th case came along – 24/7 recording, transmission to Google’s servers, and storing on them of pretty much everything going on around my Home Mini, which I had just received at the Made by Google October 4th launch event.

«

The Home Mini was recording everything, and storing it on Google’s servers. Google says it was a hardware flaw on the batches given out at the “Made by Google” events introducing this. Russakovskii estimates that’s at least 4,000 of them. It has disabled the long-press functionality as a result.
link to this extract

Deputy attorney general Rosenstein’s “responsible encryption” demand is bad and he should feel bad • Electronic Frontier Foundation

Kurt Opsahl takes Rod Rosenstein’s recent speech, which introduced the idea of “responsible encryption”, to task:

»

For a long time, people have had communications that were not constantly available for later government access. For example, when pay phones were ubiquitous, criminals used them anonymously, without a recording of every call. Yet, crime solving did not stop. In any case, law enforcement has been entirely unable to provide solid examples of encryption foiling even a handful of actual criminal prosecutions.

Finally, in his conclusion, Rosenstein misstates the law and misunderstands the Constitution.

»

Allow me to conclude with this thought: There is no constitutional right to sell warrant-proof encryption. If our society chooses to let businesses sell technologies that shield evidence even from court orders, it should be a fully-informed decision.

«

This is simply incorrect. Code is speech, and courts have recognized a Constitutional right to distribute encryption code. As the Ninth Circuit Court of Appeals noted:

»

The availability and use of secure encryption may … reclaim some portion of the privacy we have lost. Gov’t efforts to control encryption thus may well implicate not only the First Amendment rights … but also the constitutional rights of each of us as potential recipients of encryption’s bounty.

«

Here, Rosenstein focuses on a “right to sell,” so perhaps the DOJ means to distinguish “selling” under the commercial speech doctrine, and argue that First Amendment protections are therefore lower. That would be quite a stretch, as commercial speech is generally understood as speech proposing a commercial transaction. Newspapers, for example, do not face weaker First Amendment protections simply because they sell their newspapers.

«

If you’re wondering why Rosenstein’s name seems familiar, he’s the one who wrote the memo post-justifying Trump’s decision to fire James Comey as head of the FBI. Misstating the law and misunderstanding the US constitution seems like par for the course for someone who did that.
link to this extract

iOS Privacy: steal.password – Easily get the user’s Apple ID password, just by asking • Felix Krause

»

How can you protect yourself

• Hit the home button, and see if the app quits:
-If it closes the app, and with it the dialog, then this was a phishing attack
-If the dialog and the app are still visible, then it’s a system dialog. The reason for that is that the system dialogs run on a different process, and not as part of any iOS app.
• Don’t enter your credentials into a popup, instead, dismiss it, and open the Settings app manually. This is the same concept, like you should never click on links on emails, but instead open the website manually
• If you hit the Cancel button on a dialog, the app still gets access to the content of the password field. Even after entering the first characters, the app probably already has your password.

Initially I thought faking those alerts requires the app developer to know your email. Turns out some of those auth popups don’t include the email address, making it even easier for phishing apps to ask for the password.

Proposal

Modern web browsers already do an excellent job protecting users from phishing attacks. Phishing within mobile apps is a rather new concept, and therefore still pretty unexplored.

• When asking for the Apple ID from the user, instead of asking for the password directly, ask them to open the settings app
• Fix the root of the problem, users shouldn’t constantly be asked for their credentials. It doesn’t affect all users, but I myself had this issue for many months, until it randomly disappeared.
• Dialogs from apps could contain the app icon on the top right of the dialog, to indicate an app is asking you, and not the system. This approach is used by push notifications; also, this way, an app can’t just send push notifications as the iTunes app.

«

This is still bad, and Apple’s security people should have stamped it out ages ago. I suspect they couldn’t and so their pivot has been to try to persuade people to enable two-factor authentication on accounts.

But as Krause points out, even if you’ve got 2FA, that won’t protect any accounts where you’ve used the same username/password combination.
link to this extract

AirPods can activate Google Assistant on your Android device with this app • Android Police

Corbin Davenport:

»

The app is called ‘AirpodsForGA,’ and it allows you to trigger Google Assistant by double-tapping on either AirPod. That’s the same shortcut used to activate Siri when paired with an iPhone. It’s worth noting that you could already use the ‘OK Google’ hotword to open Google Now/Assistant on AirPods (at least according to this review), but this is obviously quicker. Due to limitations with Android’s media button events, this app doesn’t always work when the phone is unlocked, but it should work fine when locked.

I’m unable to test the app myself, since I don’t own a pair of AirPods, but there’s four Play Store reviews saying it works great.

«

Complaints (in the comments) are that it goes to full volume when Google Assistant talks in your ear. But that might be a one-off. (The rest of the comments are pretty predictable. The smartphone wars are still being fought, like Japanese soldiers in the jungle, in the comments sections of fan sites.)
link to this extract

Traditional PC market further stabilizes as top companies consolidate share • IDC

»

Worldwide shipments of traditional PCs (desktop, notebook, workstation) totaled 67.2m units in the third quarter of 2017 (3Q17), which translates into a slight year-over-year decline of 0.5%, according to the International Data Corporation (IDC) Worldwide Quarterly Personal Computing Device Tracker. The results were better than projections of a 1.4% decline, and further demonstrate the trend of market stabilization in recent quarters. Improvement in emerging markets as well as back-to-school promotions helped boost results.

The component shortages of recent quarters have continued to improve and did not factor as a significant hindrance to production volumes. Nonetheless, higher component prices and inventory in some markets meant limited shipments and validated IDC assumptions about a muted third quarter. Not surprisingly, competitive pressures further cemented the dominance of the top five PC companies, which accounted for nearly 75% of the total traditional PC market…

…”The U.S. traditional PC market exhibited lower overall growth, contracting 3.4% in 3Q17,” said Neha Mahajan, senior. research analyst, Devices & Displays. “Despite the overall contraction, Chromebooks remain a source of optimism as the category gains momentum in sectors outside education, especially in retail and financial services.”

«

Gartner says the decline was worse – it puts the decline at 3.6% – but has almost exactly the same shipment figure for the quarter, at 67.0m. Gartner doesn’t include Chromebooks in its figures, so it’s a little hard to see the source of IDC’s enthusiasm; IDC doesn’t show Acer (which ships a lot of Chromebooks) as outselling Apple.

Also of note: Gartner says Lenovo’s PC shipments have declined year-on-year in eight of the past 10 quarters. IDDC puts HP ahead of Lenovo all of this year.

Even so, this looks like the market bottoming out. Though it always then finds a new bottom.
link to this extract

White-box tablet players turn to new markets for survival • Digitimes

Sammi Huang and Joseph Tsai:

»

With first-tier tablet brand vendors’ product ASP dropping, rising competition from large-size smartphones and prices for key components – including panels and memory – hiking, white-box tablet players are struggling.

Some white-box players have already turned to new market segments such as those for smart speakers, smartphones, car-use electronics, wearables, gaming and education applications.

Digitimes Research’s figures show that Apple, Samsung Electronics and Amazon will be the top-3 tablet vendors worldwide in 2017, while China-based Huawei will be number four, surpassing Lenovo.

«

Lenovo really is struggling to make things happen. PCs, smartphones, tablets – nothing is quite energising.
link to this extract

TCL sells shares of handset business unit to strategic partners • Digitimes

Jean Chu and Steve Shen:

»

China-based TCL Group has disclosed that it has transferred up to 49% of its holdings in TCL Communication Technology Holdings to three strategic partners for HK$490 million (US$62.79m).

TCL will sell an 18% stake of its handset business unit to Unisplendour Technology Venture Capital, an investment arm of Tsinghua Unigroup, for HK$180m.

Meanwhile, TCL will also release an 18% and 13% stake of TCL Communication Technology to Oriente Grande Investment Fund and Vivid Victory Developments for HK$180m and HK$130m, respectively, according to the announcement.

Oriente Grande Investment Fund is the holding company of China-based handset ODM Wingtech Group.

TCL Communication Technology posted revenues of CNY6.87 billion (US$1.043bn) in the first half of 2017, decreasing 26.1% from a year earlier. Net losses for the January-June period totaled CNY852 million (US$130m).

«

This is tucked away, but it’s significant. TCL has been pushing a lot of phones in China and the rest of Asia; it has been among the world’s top 10 in volume. What this makes clear is that it’s been making a loss on that. So now it’s found some people to pump some money in.

The hope on the part of both is that this cash infusion will push it over the line into profitability. The concern should be that profitless commoditisation is going to continue at the low end of the market, where TCL is currently stuck with scores of other OEMs. A consolidation might not be far off.
link to this extract

A look at Microsoft’s unreleased ‘all screen’ Lumia Windows phone • Windows Central

Zac Bowden on a phone that would have been unusual in 2014:

»

The standout feature of this device is easily its design. Featuring an almost “all-screen” front, this Lumia is a stunner. It’s a super clean, minimalist and futuristic design that definitely doesn’t belong on a sub-$200 Windows phone in 2014. Holding this device feels like you’re holding nothing but a screen, and that’s what makes this Lumia different from all the rest.

Of course, when I say “all screen,” I’m being a little overzealous. It’s almost all screen, except for the bottom bezel, which is pretty large. This phone has a big “chin,” which is a pretty standout defect in this phone’s design. Even with the chin, it would’ve been considered “all screen” in 2014.

There’s a reason for the larger-than-usual bottom bezel, however: it’s where the front-facing camera sits. Yes, this phone has a front-facing camera on the bottom bezel. There’s no room for it at the top, and pretty much every phone these days comes with a front camera of some sort.

«

What might have been is always fascinating. The front camera problem is perhaps what caused Microsoft to kill this. That, and the reality that it would have lost a ton of money.
link to this extract

Errata, corrigenda and ai no corrida: none notified

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Not hacker central, but passport control in North Korea. Its hackers are busy elsewhere. Photo by (stephan) on Flickr.

A selection of 11 links for you. Effervescence! I’m @charlesarthur on Twitter. Observations and links welcome.

Allies’ wartime operational plan presumably stolen by N.K. hackers last year: lawmaker • Yonhap News

»

North Korean hackers are believed to have stolen a large amount of classified military documents, including the latest South Korea-U.S. wartime operational plan, last year, a ruling party lawmaker said Tuesday.

Citing information from unnamed defense officials, Democratic Party Rep. Lee Cheol-hee said that the hackers broke into the Defense Integrated Data Center in September last year to steal the secret files, such as Operational Plans 5015 and 3100.

OPLAN 5015 is the latest Seoul-Washington scheme to handle an all-out war with Pyongyang, which reportedly contains detailed procedures to “decapitate” the North Korean leadership. OPLAN 3100 is Seoul’s plan to respond to the North’s localized provocations.

Lee said that 235 gigabytes of military documents were taken with the content of nearly 80% of them yet to be identified. Also among them were contingency plans for the South’s special forces, reports to allies’ top commanders, and information on key military facilities and power plants, he added.

“The Ministry of National Defense has yet to find out about the content of 182 gigabytes of the total (stolen) data,” the lawmaker said in a statement.

«

North Korea’s hacking capabilities have been underestimated since 2011 – when Kim Jong-un, its youngest leader ever, who was tutored in the west, took over. Those facts aren’t coincidence.
link to this extract

New app Smartify hailed as “Shazam for the art world” • Dezeen

Gunseli Yalcinkaya:

»

An app has launched that allows users to instantly identify artworks and access information about them, by simply scanning them with a smartphone.

Smartify launched at the Royal Academy of Arts in London last week. It has been described by its creators as “a Shazam for the art world”, because – like the app that can identify any music track – it can reveal the title and artist of thousands of artworks.

It does so by cross-referencing them with a vast database that the company is constantly updating.

Smartify is already in use in over 30 of the world’s major galleries and museums, including the National Gallery in London, the Rijksmuseum in Amsterdam, The Met in New York and LACMA in Los Angeles.

The company refuses to reveal exactly how it works, but said that it creates “visual fingerprints” to differentiate between each artwork.

«

I was present at the very first live test of Shazam (in a pub in Dean Street in 2003 or so); I didn’t think it could work because it would need constant updates from the record companies. What I missed was that the record companies would want people to know what they were hearing, and so helped to update Shazam’s database.

Not so sure that the same applies for art. But I’ve been wrong before…
link to this extract

The iPhone X’s notch already works • BGR

Chris Smith:

»

the side effect of Apple’s decision to introduce both an all-screen iPhone design and the Face ID functionality this year is the ugly “notch.” There’s no way to defend it, especially when it comes to the iPhone X’s user interface.

But the phone’s notch has a second, possibly unintended purpose that is becoming more evident as we approach the iPhone X’s November 3rd release date.

The notch gives the iPhone X a unique design that will be easily recognized by anyone. Rather than being an all-screen device that has only generic features, the iPhone X has the camera sensor at the top that breaks the display line at the top of the phone.

iPhone fans can easily tell when someone is using an iPhone X. So can iPhone haters. A glance at the notch is enough to confirm the phone is indeed Apple’s best iPhone to date. And it’s even easier to spot the iPhone X in the wild right now.

«

Yes. Exactly this. Apple is a company which not only wants you to enjoy using your device; it wants other people to know you’re using it too. Why else the bright white of EarPods, and then AirPods? Why else the huge fights with Samsung over the “design patent” of the iPhone, and particularly the roundness of the corners? If there was one thing that infuriated Apple executives in the past decade, it was Samsung’s blatant copying of the appearance of the iPhone 3GS.

The notch is a subtle nudge to anyone not using the phone that this one is different. Smith has put his finger on it; people like Marco Arment and John Gruber who find the notch unconscionable are missing the point. Design is how it works: the notch works to tell people that this is the iPhone X.

If you don’t believe me, watch out for how many phones next year try to “extend” their screen above the front-facing camera, which is of course centred, because why not? Oh, you say it looks like the iPhone X?
link to this extract

iPhone: designed for misuse? • ROUGH TYPE

Nick Carr on Jony Ive’s comment that “constant use” of one’s phone might constitute “misuse”:

»

Maybe I’m the cynic, but it’s hard not to conclude, from everything we know about the iPhone and its development and refinement, that it has in fact been consciously and meticulously designed to encourage people to use it as much as possible. Here, for example, is how Apple is promoting the new iPhone X at its web store:

If Apple’s “vision” has always been to create a phone “so immersive the device itself disappears into the experience,” it’s hard for me to credit Ive’s suggestion that people are misusing it by immersing themselves in it. If “constant use” is a misuse of the iPhone, then the device has been designed for misuse. And the future we’re supposed to welcome will be one in which the smartphone becomes all the more encompassing, the line between gadget and experience all the more blurred.

If Ive is sincere in his belief that people should be more disciplined in their use of smartphones — and I believe he is — I’m sure he’ll be able to find elegant ways to use design features to deter constant use.

«

I guess you could always limit its battery life 🤔
link to this extract

Google’s $19bn black box is worrying investors • Bloomberg

Shira Ovide on Google’s TAC – traffic acquisition costs:

»

These Google traffic fees are the result of contractual arrangements parent company Alphabet Inc. makes to ensure its dominance. The company pays Apple to make Google the built-in option for web searches on Apple’s Safari browsers for Mac computers, iPhones and other places. Google also pays companies that make Android smartphones and the phone companies that sell those phones to make sure its search box is front and center and to ensure its apps such as YouTube and Chrome are included in smartphones.

In the last year, Google has paid these partners $7.2bn, more than three times the comparable cost in 2012. Details of these financial arrangements are secret, but analysts think that the biggest culprit in the recent cost uptick is a revised agreement Google struck with Apple a couple of years ago. Analysts think this contract costs Google $3bn to $4bn a year, or perhaps much more.

Lately some Google watchers have said investors shouldn’t panic about the traffic fees. Baird recently estimated the growth rate of traffic acquisition costs is likely to ease off this year or in early 2018, in part because Google is past the worst of the cost increases from its revised Apple contract. 

But there’s another wild card that may push those costs up. European antitrust authorities are investigating whether Google’s arrangements with Android phone manufacturers and phone companies constitute an abuse of the company’s power. Companies enter these arrangements with Google voluntarily. But if manufacturers want to include some popular Google apps such as the Google Play app store, they are often required to take other Google apps, too, and set Google search as the default option.

«

Notice two things this implies. First, that Apple gets half of the smartphone TAC, even though it has about a quarter of the installed base, and Android the remainder. Second, that Google’s TAC will rise if the EC forces Google to let Android OEMs install whatever they want and Google finds itself competing to have its app store and search prominently placed. The latter will hit its bottom line – possibly quite hard.
link to this extract

Nokia plans to cut up to 310 jobs, halt VR camera development • Reuters

Jussi Rosendahl:

»

Nokia plans to reduce up to 310 jobs from its Nokia Technologies unit and halt development of its virtual reality camera “OZO” and hardware, the Finnish company said on Tuesday.

The unit has about 1,090 employees and the potential cuts are expected to affect staff in Finland, the United States and Britain. Nokia employed about 102,000 employees as of end-June.

The unit will continue to focus on digital health and patent and brand licensing business, Nokia said.

“The slower-than-expected development of the VR market means that Nokia Technologies plans to reduce investments and focus more on technology licensing opportunities,” it said in a statement.

«

In other news, IDC says the company sold a grand total of 1.5m Nokia-branded phones in the first half of 2017. Its new focus: “digital health” following its acquisition of Withings. Wish them luck.
link to this extract

Who gets held accountable when a facial recognition algorithm fails? And how? • Medium

Ellen Broad:

»

The Georgetown Law Center for Privacy and Technology in the US has estimated that half of all US adults — 112 million people — are already enrolled in unregulated facial recognition networks.
So maybe it’s too late to stop facial recognition happening. Let’s talk about how desperately facial recognition is in need of regulation instead.

We know facial recognition technology is capable of bias and error.

In the US, studies have shown that facial recognition algorithms are consistently less accurate identifying African American faces. Joy Buolamwini, an MIT Media Lab researcher, has talked eloquently about the challenges she faced getting a robot she trained using widely available facial recognition software to recognise her face. She’s black. Stories about facial recognition technology mistakenly identifying Asian faces as people blinking, tagging black people as primates and failing to register black faces in frame at all have gone viral.

There are a few reasons for these kinds of errors. Datasets used to train facial recognition algorithms might not have enough diverse faces within them. People designing the systems might inadvertently incorporate their own bias. Default camera settings don’t properly expose dark skin.

When we talk about using Australian driver’s licence photos to build a national facial recognition database, this potential for error matters.

«

The future is tumbling towards us like the rock chasing Indiana Jones in Raiders of the Lost Ark.
link to this extract

Regulate Facebook like AIM • Motherboard

Louise Matsakis:

»

The FCC imposed the restrictions on AOL [forcing it to be interoperable with other instant messaging systems] because the merger with Time Warner created the largest biggest media business in the country. Government regulators feared that the behemoth would become a powerful monopoly, particularly when it came to instant messaging. At the time, AOL had over 140 million customers—or 90% of the market— using AIM as well as its other chat service, ICQ, combined.

The FCC’s decision to force AOL to remain open provides a blueprint for how the government could similarly regulate today’s gigantic internet platforms, like Facebook.

Stoller said you can look at Facebook—with its over 2 billion monthly users—as having egregious control over our relationships on the internet, or what he calls the “social grid.” If Facebook were forced to make room for other services on its platform in the same way AOL made room for other chat apps, new services could emerge.

“Facebook has to allow people to access their relationships however they want through other businesses or tools that are not controlled by Facebook,” Stoller said. “Having them control and mediate the structure of those relationships—that’s not right.”

Of course, people can opt out of Facebook and choose to use other, smaller social networks. But those businesses are essentially unable to thrive because of the hold Facebook has on how we communicate online.

«

This is a good idea – though as Ben Thompson points out in his subscriber newsletter at Stratechery, the FCC ruling in fact said AIM had to be open if it added *new* features; it didn’t have to open up its existing features. What prevented AIM being dominant was the shift away from PCs, and the addition of new services which did things it couldn’t.
link to this extract

37,000 Chrome users downloaded a fake Adblock Plus extension • Engadget

»

If you use Adblock Plus with Chrome and downloaded the extension pretty recently, you may want to check what you’ve installed. Apparently, a fake Adblock Plus extension made it through Google’s verification process and lived in the official Chrome Web Store alongside the real one. Google has taken down the phony listing after SwiftOnSecurity tweeted about it and put the company on blast, but by then, it has already been up long enough to fool 37,000 people. That’s a drop in the bucket for a service that has 10 million users, but it sounds like trouble for those who were unlucky enough to download it.

SwiftOnSecurity says the fake extension was created by a “fraudulent developer who clones popular name and spams keywords.” Indeed, it’s pretty hard to tell that it’s fake, since its developer’s name is “Adblock Plus,” and it has a considerable number of reviews.

«

link to this extract

Plastic-eating caterpillars could save the planet • The Economist

»

Past attempts to use living organisms to get rid of plastics have not gone well. Even the most promising species, a bacterium called Nocardia asteroides, takes more than six months to obliterate a film of plastic a mere half millimetre thick. Judging by the job they had done on her bag, Dr Bertocchini suspected wax-moth caterpillars would perform much better than that.
To test this idea, she teamed up with Paolo Bombelli and Christopher Howe, two biochemists at Cambridge University. Dr Bombelli and Dr Howe pointed out that, like beeswax, many plastics are held together by methylene bridges (structures that consist of one carbon and two hydrogen atoms, with the carbon also linked to two other atoms). Few organisms have enzymes that can break such bridges, which is why these plastics are not normally biodegradable. The team suspected wax moths had cracked the problem.

One of the most persistent constituents of rubbish dumps is polyethylene, which is composed entirely of methylene bridges linked to one another. So it was on polyethylene that the trio concentrated. When they put wax-moth caterpillars onto the sort of film it had taken Nocardia asteroides half a year to deal with, they found that holes appeared in it within 40 minutes.

«

Of course, this could also go horribly wrong, and we’d find ourselves trying to breed something to kill the caterpillars, and then something to kill that, and so on.
link to this extract

Apple strikes deal with Spielberg’s Amblin for ‘Amazing Stories’ reboot • WSJ

Joe Flint and Tripp Mickle:

»

The tech giant has struck a deal with Mr. Spielberg’s Amblin Television and Comcast Corp.’s NBCUniversal television production unit to make new episodes of “Amazing Stories,” a science fiction and horror anthology series that ran on NBC in the 1980s, according to people familiar with the matter.

The agreement between Apple, Amblin and NBCUniversal calls for 10 episodes of “Amazing Stories.” Mr. Spielberg will likely be an executive producer for new the version of the show, which he created, the people said.

The budget for “Amazing Stories” will be more than $5 million an episode, according to an executive involved in the project.

“Amazing Stories” is the first show to be greenlit by Apple since it poached Sony Corp.’s top Hollywood television executives Zack Van Amburg and Jamie Erlicht in June to help spearhead the tech company’s push into original programming.

Apple gave the duo, who helped produce “Breaking Bad,” a budget of roughly $1bn to develop original programming over the next year. They have also been tasked with building out a video strategy that is expected to include a streaming service that rivals Netflix Inc., Amazon.com Inc. and others.

«

A billion dollars to develop original programming? Apple TV, the hardware, might seem like “a hobby” to some, but Apple is beginning to look serious about spending on TV content. However, TV series are notoriously hit-and-miss (hence the many pilots that appear on US TV every year, and the few that survive to be commissioned). That explains the taste for a “reboot” – hey, these people liked it when they were kids!
link to this extract

Errata, corrigenda and ai no corrida: none notified

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.