Start Up: WPA2 v paywalls, how Russia rocket the US, Apple’s Safari ad squeeze, and more


From oil discovery to this guy (and a lawsuit): Auto-Tune had quite the genesis. Photo by Joe Shlabotnik on Flickr

A selection of 11 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

The flawed system behind the Krack Wi-Fi meltdown • WIRED

Lily Hay Newman:

»

“If there is one thing to learn from this, it’s that standards can’t be closed off from security researchers,” says Robert Graham, an analyst for the cybersecurity firm Erratasec. “The bug here is actually pretty easy to prevent, and pretty obvious. It’s the fact that security researchers couldn’t get their hands on the standards that meant that it was able to hide.”

The WPA2 protocol was developed by the Wi-Fi Alliance and the Institute of Electrical and Electronics Engineers (IEEE), which acts as a standards body for numerous technical industries, including wireless security. But unlike, say, Transport Layer Security, the popular cryptographic protocol used in web encryption, WPA2 doesn’t make its specifications widely available. IEEE wireless security standards carry a retail cost of hundreds of dollars to access, and costs to review multiple interoperable standards can quickly add up to thousands of dollars.

«

I’ve got an inkling what happened here. The proposal for WEP was widely available before being chosen as a standard, and it was demonstrated to be utterly flawed before becoming a standard. (Buy my book next year!)

I wonder if the IEEE was so embarrassed by that episode that it decided to erect paywalls around standards so that they wouldn’t be so open to examination by any random person who might be able to critique them – or, equally, to prevent a hacker discovering a zero-day and never disclosing it.
link to this extract


The mathematical genius of Auto-Tune • Priceonomics

Zachary Crockett on the inventor of this much-used product, who first retired – after making his fortune in oil discovery – in 1989:

»

Others who’d made an attempt at creating software had used a technique called feature extraction, where they’d identify a few key “variables” in the sound waves, then correlate them with the pitch. But this method was overly-simplistic, and didn’t consider the finer minutia of the human voice. For instance, it didn’t recognize dipthongs (when the human voice transitions from one vowel to another in a continuous glide), and, as a result, created false artifacts in the sound.

Hildebrand had a different idea. 

As an oil engineer, when dealing with massive datasets, he’d employed autocorrelation (an attribute of signal processing) to examine not just key variables, but all of the data, to get much more reliable estimates. He realized that it could also be applied to music:

“When you’re processing pitch, you add wave cycles to go sharp, and subtract them when you go flat. With autocorrelation, you have a clearly identifiable event that tells you what the period of repetition for repeated peak values is. It’s never fooled by the changing waveform. It’s very elegant.”

While elegant, Hildebrand’s solution required an incredibly complex, almost savant application of signal processing and statistics. When we asked him to provide a simple explanation of what happens, computationally, when a voice signal enters his software, he opened his desk and pulled out thick stacks of folders, each stuffed with hundreds of pages of mathematical equations.

“In my mind it’s not very complex,” he says, sheepishly, “but I haven’t yet found anyone I can explain it to who understands it. I usually just say, ‘It’s magic.’”

«

A great long read.
link to this extract


Apple Watch vs. Android Wear: why most all smartwatches suck for small wrists • iMore

Serenity Caldwell:

»

If wearable technology is the next big thing for our tech-connected society, why is Apple the only company paying attention to the smaller-wristed set? Lady or dude, there are quite a few people on this earth whose arms don’t resemble the trunk of a Sequoia tree — many of whom would be excited to use a smartwatch.

And for that reason, I love that Apple supports multiple sizes for the Apple Watch. Smartwatches are one of the more personal technology purchases available out there today, and the company is committed to making them accessible to people young, old, large, or small. Engineering LTE inside a 38mm Series 3 was no small feat; Apple could have limited it to the 42mm set, but it chose to attack the problem and make it accessible to all.

I can’t say the same for the rest of the smartwatch market. I’ve been looking avidly across the Android Wear (and Android Wear-adjacent, like Fitbit) lines since 2015 for alternative smartwatch options, but have struck out every time.

It’s not that I dislike my Apple Watch — it’d probably be my favorite smartwatch even if I were limited to a 42mm size. But I want to like Android Wear. Competition is good, and Android Wear does some smart things with notifications that I’d love to see over on the Apple side. Its hardware (mostly) isn’t terribly-designed, either: On the contrary, for those with applicably-sized wrists, the watches look quite natural.

«

The Android OEMs don’t have the incentive – they aren’t selling about an order of magnitude fewer than Apple – and (Huawei possibly excepted; Samsung doesn’t use Android Wear) they don’t have the technological capability.

Apart from that, nothing’s stopping them.
link to this extract


Russian journalists publish massive investigation into St. Petersburg troll factory’s U.S. operations • Meduza

“Meduza”

»

The Internet Research Agency, Russia’s infamous “troll farm,” reportedly devoted up to a third of its entire staff to meddling in U.S. politics during the 2016 presidential election. At the peak of the campaign, as many as 90 people were working for the IRA’s U.S. desk, sources told RBC, revealing that the entire agency employs upwards of 250 people. Salaries for staff working in the U.S. department apparently range from 80,000 to 120,000 rubles ($1,400 to $2,100) per month.

The head of the IRA’s U.S. desk is apparently a man originally from Azerbaijan named Dzheikhun Aslanov (though he denies any involvement with the troll factory).

In August and September this year, Facebook, Instagram, and Twitter suspended 118 communities and accounts run by the St. Petersburg “troll factory,” disabling a network capable of reaching 6 million subscribers. In 2016, at the height of the U.S. presidential campaign, this network reportedly produced content that reached 30 million people each week.

A source also told RBC that the Internet Research Agency spent almost $80,000 over two years, hiring roughly 100 local American activists to stage about 40 rallies in different cities across the United States. The activists were hired over the Internet, communicating in English, without their knowledge that they were accepting money or organizing support from a Russian organization. According to RBC, internal records from the IRA verify its role in these activities.

The main activity in the troll factory’s U.S. desk was to incite racial animosity (playing both sides of the issue), and promoting the secession of Texas, objections to illegal immigration, and gun rights.

«

link to this extract


An ex St. Petersburg ‘troll’ speaks out: Russian independent TV network interviews former troll at the Internet Research Agency • Meduza

“Meduza”:

»

According to “Max”, the IRA’s [Russia’s Internet Research Agency] “foreign desk” had open orders to “influence opinions” and change the direction of online discussions. He says this department within the agency considered itself above the “Russian desk,” which he claims is generally “bots and trolls.” The foreign desk was supposedly more sophisticated. “It’s not just writing ‘Obama is a monkey’ and ‘Putin is great.’ They’ll even fine you for that kind of [primitive] stuff,” Max told Dozhd. People in his department, he says, were even trained and educated to know the nuances of American social polemics on tax issues, LGBT rights, the gun debate, and more.

Max says that IRA staff were tasked with monitoring tens of thousands of comments on major U.S. media outlets, in order to grasp the general trends of American Internet users. Once employees got a sense of what Americans naturally discussed in comment forums and on social media, their job was to incite them further and try to “rock the boat.”

According to Max, the Internet Research Agency’s foreign desk was prohibited from promoting anything about Russia or Putin. One thing the staff learned quickly was that Americans don’t normally talk about Russia: “They don’t really care about it,” Max told Dozhd. “Our goal wasn’t to turn the Americans toward Russia,” he claims. “Our task was to set Americans against their own government: to provoke unrest and discontent, and to lower Obama’s support ratings.”

«

link to this extract


Publishers are already feeling pain from Apple’s move against ad tracking • Digiday

Ross Benes:

»

Programmatic publishers’ ad rates have taken a hit since Apple updated its Safari browser last month to prevent third parties from tracking users for more than 24 hours after a user visited a website. Although Apple’s move hurts publishers reliant on third-party data that advertisers depend on to target niche audiences at scale, publishers that sell their inventory directly say they aren’t affected by the Safari update.

“It has already had an impact on our revenue, and that will only be compounded as adoption [of Safari’s update] increases,” said Paul Bannister, co-founder of CafeMedia, which sells more than half of its impressions programmatically. “It’s hard to quantify what it will end up as since it’s so early still and lots of other variables are at play, but it’s a [measurable] impact.”

Because users didn’t update their operating systems all at once and Apple released the update near the end of a quarter, when ad rates tend to be higher, gauging the impact of Safari’s tracking change isn’t as simple as comparing monthly CPMs. Apple did not reply to an interview request for this story.

Bannister said CPMs on Safari are about 10% lower than what he’d expect them to be heading into the fourth quarter. CafeMedia gets about a third of its mobile traffic from Safari, which is in line with industry averages, according to NetMarketShare.

Since Apple’s Safari update, Ranker saw the gap between its yields on iOS and Android (which doesn’t use the Safari browser) increase by 8% in favor of Android, said Ranker CEO Clark Benson, who estimated that Apple’s move could potentially lead to a 1% to 2% drop in overall ad revenue.

«

I’m standing at the production line for the world’s tiniest violins, where output has been increased substantially.
link to this extract


Exclusive: Microsoft responded quietly after detecting secret database hack in 2013 • Reuters

Jospeh Menn:

»

Microsoft’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago, according to five former employees, in only the second known breach of such a corporate database.

The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it to Reuters in separate interviews. Microsoft declined to discuss the incident.

The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system. Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins.

The Microsoft flaws were fixed likely within months of the hack, according to the former employees. Yet speaking out for the first time, these former employees as well as US officials informed of the breach by Reuters said it alarmed them because the hackers could have used the data at the time to mount attacks elsewhere, spreading their reach into government and corporate networks.

“Bad guys with inside access to that information would literally have a ‘skeleton key’ for hundreds of millions of computers around the world,” said Eric Rosenbach, who was US deputy assistant secretary of defense for cyber at the time.

«

Smart move by the hackers.
link to this extract


Toshiba smacks down down ‘ransomware killed flash factory’ report • The Register

Simon Sharwood:

»

Taiwan’s Digitimes, which often finds news from deep in the supply chain, on Monday reported that Toshiba halted production for three to six weeks while it sorted out a ransomware mess. Doing so, the report suggested, saw production of 100,000 wafers deferred.

The outlet pondered that the supposed shutdown may be helping contribute to ongoing high memory prices.

Analyst firm DRAMeXchange, which specialises in solid-state memory, reached in to the supply chain and found no evidence of missing shipments. The firm’s senior research manager Alan Chen said “there is no module supplier suspending quotes or shipments after knowing this information.”

Chen didn’t rule out a disruption of some sort, saying “This incident is expected to be resolved immediately with Toshiba quickly ramping up production to lower or fully compensate for the wafer deficit.”

But Toshiba did smack it down: the company’s media relations team told The Register “There is no such a fact that Toshiba Memory’s Yokkaichi Operation is suspending its production line as reported in DigiTimes.”

«

Hasn’t quite denied the ransomware report, though. Only that it hasn’t suspended production. People scoff at Digitimes, but it’s well-sourced within the supply chain.
link to this extract


The new MacBook keyboard is ruining my life • The Outline

Casey Johnston:

»

My [MacBook Pro] was getting its third diagnostic test in 45 minutes. The problem was not that its logic board was failing, that its battery was dying, or that its camera didn’t respond. There were no mysteriously faulty innerworkings. It was the spacebar. It was broken. And not even physically broken — it still moved and acted normally. But every time I pressed it once, it spaced twice.

“Maybe it’s a piece of dust,” the Genius had offered. The previous times I’d been to the Apple Store for the same computer with the same problem — a misbehaving keyboard — Geniuses had said to me these exact same nonchalant words, and I had been stunned into silence, the first time because it seemed so improbable to blame such a core problem on such a small thing, and the second time because I couldn’t believe the first time I was hearing this line that it was not a fluke. But this time, the third time, I was ready. “Hold on,” I said. “If a single piece of dust lays the whole computer out, don’t you think that’s kind of a problem?”

In every other computer I’ve owned before I bought the latest MacBook Pro last fall, fixing this would have begun by removing the key and peering around in its well to see if it was simply dirty. Not this keyboard. In fact, all of Apple’s keyboards are now composed of a single, irreparable piece of technology. There is no fixing it; there is only replacing half the computer.

«

This seems to be a problem. Rather as with USB-C, Apple jumped in, but the water hasn’t been lovely.
link to this extract


A startup funded by iPod creator Tony Fadell is suing Andy Rubin’s new company over smartphone trade secrets • Reuters

Stephen Nellis:

»

Keyssa has been working since 2009 on a chip for mobile phones to transfer large amounts of data without using wires or Wi-Fi connections. In August, Keyssa said it was partnering with Samsung, Foxconn parent Hon Hai Precision Industry and others to make its technology a standard feature on mobile phones.

In September, the Essential Phone was released. One of the first devices on the market to feature a wireless connector, the phone uses it to communicate with a camera accessory the company released at the same time.

Keyssa alleged in its lawsuit that Essential engaged in technology and design discussions with Keyssa for 10 months but ultimately ended the relationship. In November 2016, Essential said it would use a competing chip from SiBEAM, a division of Lattice Semiconductor, the lawsuit alleges.

Keyssa alleged that despite Essential’s use of a different chip, the final Essential Phone design incorporates many of the techniques developed by Keyssa to make wireless connectors function well in a phone, from antenna designs to methods for testing phones on the manufacturing line.

«

Headline from CNBC, but story from Reuters. Essential is really getting hit by trucks.
link to this extract


Apple explored buying a medical-clinic startup as part of a bigger push into health care • CNBC

Christina Farr:

»

The discussions have been happening inside Apple’s health team for more than a year, one of the people said. It is not yet clear whether Apple would build out its own network of primary care clinics, in a similar manner to its highly successful retail stores, or simply partner with existing players.

It’s also possible Apple will just decide not to make this move.

Some experts see a move into primary care as a way to build out its retail footprint. Apple’s worldwide network of more than 300 stores has been one of its most important sales channels.

Canaan’s Nina Kjellson, a prominent health tech investor who has no knowledge of Apple’s plans, believes the move is plausible. “It would help build credibility with Apple Watch and other health apps,” she explained.

“Apple has cracked a nut in terms of consumer delight, and in the health care setting a non-trivial proportion of satisfaction comes from the quality of interaction in the waiting room and physical space,” she continued.

«

It seems a bit excessive to buy that sort of chain, though maybe they would be good for selling the Watch. Also perhaps if there were apps much more tightly tailored for health and more particularly medical needs.
link to this extract


Errata, corrigenda and ai no corrida: none notified

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s