A selection of 12 links for you. Do not use for secret visits. I’m @charlesarthur on Twitter. Observations and links welcome.
While I’m highly selective about my interactions on Facebook and Twitter, with LinkedIn I tend to be more liberal about okaying requests to connect. I’ve reasoned that since LinkedIn is for business networking, the more people I network with, the better it is for my career and business relationships. I suspect that’s the feeling shared by the millions of others LinkedIn users who frequent the site for similar reasons.
But then I came across a report from SecureWorks, an Atlanta-based cybersecurity subsidiary of Dell (the computer company), titled “The Curious Case of Mia Ash: Fake Persona Lures Middle Eastern Targets.” According to the July 27 report, SecureWorks says it observed phishing campaigns targeted at Middle East and North Africa that delivered PupyRAT, the codename for a nasty bit of malware that targets Windows, Linux, OS X and Android systems, using a fake person named “Mia Ash.”
In short, this report reveals that a known Iranian hacker group called Cobalt Gypsy created the fake LinkedIn profile of a woman it dubbed Mia Ash and identified as a celebrated photographer. When I checked out Mia Ash’s profile, it looked like so many others I’ve scanned on both LinkedIn and other social media networks over the years.
The fake profile’s goal was to connect with individuals working in Middle Eastern companies, then trick users into opening a Word document using their company’s email in order to deliver the malware. The malware could then infect their company’s network and potentially allow malefactors entry into the network to steal information, or do who knows what else.
It turns out this wasn’t the first time Cobalt Gypsy had targeted LinkedIn users. Some years ago, the hacker group used agents posing as recruiters on the social networking service to lure their targets into downloading malware-laden job applications. Their goal was the same: to try and get users to open a Word document that used their company email addresses to deliver the payload. In this case, the fake LinkedIn persona was someone called “Timothy Stokes,” whose profile identified him as a recruiter for a well known company.
Yeah, trusting LinkedIn but not the others looks like something of a category error.
link to this extract
The AR-15 assault rifle was engineered to create what one of its designers called “maximum wound effect.” Its tiny bullets – needle-nosed and weighing less than four grams – travel nearly three times the speed of sound. As the bullet strikes the body, the payload of kinetic energy rips open a cavity inside the flesh – essentially inert space – which collapses back on itself, destroying inelastic tissue, including nerves, blood vessels and vital organs. “It’s a perfect killing machine,” says Dr. Peter Rhee, a leading trauma surgeon and retired captain with 24 years of active-duty service in the Navy.
Rhee is most famous at home for saving the life of Arizona Rep. Gabby Giffords after she was shot point-blank in the head with a handgun fired by a mass shooter in 2011. “A handgun [wound] is simply a stabbing with a bullet,” says Rhee. “It goes in like a nail.” With the high-velocity rounds of the AR-15, he adds, “its as if you shot somebody with a Coke can.”
Versions of the AR-15 have been the U.S. military’s standard-issue assault rifle in every war since Vietnam. But only in the past dozen years have semi-automatic models become a fixture of American life. Gun-makers – emboldened by Congress and cloaked in the Second Amendment – have elevated the AR-15 into an avatar of civilian manhood, independence and patriotism. In the process, this off-patent combat rifle has become an infinitely customizable weapon platform that now accounts for nearly one in five guns sold in America.
The federal government has deemed them “semi-automatic assault rifles” with magazine capacities that serve “no sporting purpose.” But the National Rifle Association now simply calls the AR-15 “America’s Rifle.”
Fascinating; your long read for the day. Also, it’s open source! The patent expired ages ago.
link to this extract
Eric Smith, director – Tablets and Touchscreens said, “Global tablet shipments declined 5% annually from 46.9m units in Q3 2016 to 44.6m in Q3 2017, but grew 2% quarter on quarter from 43.7m in Q2 2017.
The global tablet market has reduced the high negative growth rates of the past couple of years and Apple just strung together two straight quarters of year-on-year growth. During Q3 2017, Huawei and Amazon also kept up their pace of strong gains in their respective corners of the Android market, while Lenovo bounced back to positive growth with good footing in the Android and Windows segments.
Windows tablet demand is experiencing a slump overall, compared to this time last year as consumer market pricing and marketing have failed to connect to consumers while enterprise demand is still swift for pricier 2-in-1 tablet form factors.”
IDC had broadly similar numbers earlier this week. What’s useful here is the insight that it’s Windows which isn’t going further in the tablet market. Also Samsung: it’s really struggling – can’t topple Apple, can’t compete with the low-priced whitebox Android tablets.
link to this extract
One late morning in May 2016, the leaders of the Democratic National Committee huddled around a packed conference table and stared at Robert Johnston. The former Marine Corps captain gave his briefing with unemotional military precision, but what he said was so unnerving that a high-level DNC official curled up in a ball on her conference room chair as if watching a horror movie.
At 30, Johnston was already an accomplished digital detective who had just left the military’s elite Cyber Command, where he had helped stanch a Russian hack on the US military’s top leadership. Now, working for a private cybersecurity company, he had to brief the DNC — while it was in the middle of a white-knuckle presidential campaign — about what he’d found in the organization’s computer networks.
Their reaction was “pure shock,” Johnston recalled. “It was their worst day.”
Although the broad outlines of the DNC hack are now well-known, its details have remained mysterious, sparking sharp and persistent questions. How did the DNC miss the hack? Why did a private security consultant, rather than the FBI, examine its servers? And how did the DNC find Johnston’s firm, CrowdStrike, in the first place?
Johnston’s account — told here for the first time, and substantiated in interviews with 15 sources at the FBI, the DNC, and the Defense Department — resolves some of those questions while adding new information about the hack itself.
Johnston has a perfectly reasonable explanation for why the FBI wasn’t called in: it was the middle of the campaign, and it would have been sayonara servers. This, at a time when the FBI was still investigating Clinton’s use of a private email server. Imagine the mess the press would have made of that.
link to this extract
Pandora has lost $1bn in four years and is worth less than ever. Can it be salvaged? • Music Business Worldwide
Pandora has posted net losses of $473.6m so far in a ‘transformative’ 2017 – which has seen it part ways with CEO Tim Westergren and other top execs, as well as the sale of its Ticketfly business to Eventbrite.
Although this figure includes a one-time Q2 goodwill impairment write down of $132m related to the net assets of Ticketfly (and other one-time expenses), it’s a very alarming indication of the firm’s long-term sustainability.
As is, it doesn’t have any sustainability.
It now looks almost guaranteed that Pandora, which lost $90m in Q4 2016, will post net losses in excess of half a billion dollars in this calendar year. Yikes.
The new regime at the top of Pandora includes some very smart and respected people – not least Greg Maffei, the recently-appointed Chairman of the company’s board.
Maffei is also Chairman of SiriusXM, which acquired an effective 16% stake in Pandora when it invested $480m in the flailing business back in June.
The question now is what Maffei and other newbies at the top of Pandora can do to transform a company which is haemorrhaging money, value and users at a frightening rate.
“Pandora is very much a business in transition, and there are tangible challenges,” admitted new CEO Roger Lynch (pictured, main) to investors last week.
It’s a business in transition to being shut down or sold. Streaming music is a fungible good now.
link to this extract
Facebook’s machinery operates on a scale far beyond normal human interactions. And the results of its People You May Know algorithm are anything but obvious. In the months I’ve been writing about PYMK, as Facebook calls it, I’ve heard more than a hundred bewildering anecdotes:
• A man who years ago donated sperm to a couple, secretly, so they could have a child — only to have Facebook recommend the child as a person he should know. He still knows the couple but is not friends with them on Facebook.
• A social worker whose client called her by her nickname on their second visit, because she’d shown up in his People You May Know, despite their not having exchanged contact information.
• A woman whose father left her family when she was six years old — and saw his then-mistress suggested to her as a Facebook friend 40 years later.
• An attorney who wrote: “I deleted Facebook after it recommended as PYMK a man who was defense counsel on one of my cases. We had only communicated through my work email, which is not connected to my Facebook, which convinced me Facebook was scanning my work email.”
Connections like these seem inexplicable if you assume Facebook only knows what you’ve told it about yourself. They’re less mysterious if you know about the other file Facebook keeps on you—one that you can’t see or control.
“Mysterious” isn’t the word I’d use; “creepy” feels more like it. The way it’s done is “shadow profiling”, using everything about you from everywhere, from people who just clicked “share contacts” on installing the app.
link to this extract
Apple, seeking a breakthrough product to succeed the iPhone, aims to have technology ready for an augmented-reality headset in 2019 and could ship a product as early as 2020.
Unlike the current generation of virtual reality headsets that use a smartphone as the engine and screen, Apple’s device will have its own display and run on a new chip and operating system, according to people familiar with the situation. The development timeline is very aggressive and could still change, said the people, who requested anonymity to speak freely about a private matter.
While virtual reality immerses the user in a digital world, augmented reality overlays images and data on the real one. The applications for AR are endless, from a basketball fan getting stats while watching a game to a mechanic streaming instructions on how to fix a specific piece of equipment. Apple isn’t the only company working on the technology. Google, which drew derision for $1,500 smart glasses a few years ago, is developing a business-oriented variant. Startup Meta has developed a headset with a focus on education and medical uses.
2020? Why the hurry?
link to this extract
Apple is working on a redesigned, high-end iPad for as early as 2018 that incorporates key iPhone X features such as slimmer edges and facial recognition, according to people familiar with the matter.
However, the new version of the tablet is unlikely to include an OLED screen, which provides more vivid colors and sharper clarity, the people said. They asked not to be identified talking about private product development.
At least one new iPad model with a screen size similar to the 10.5-inch iPad Pro is planned to include Face ID for unlocking the device, making payments, and sending animated emojis. The feature would replace the iPad home button that has come with a fingerprint scanner since 2014, one of the people said. The updated tablet is expected to be released later next year, a little more than a year after the last major iPad Pro upgrade, the people said.
Gurman’s supply-chain sources strike again. This will have been in the works since early this year. A couple of obvious questions: will the “notch” for the face recognition be on the long or the short side? And what specific stage of the manufacturing and testing stage has this iPad version reached that Gurman (or sources) has found out now?
link to this extract
The only reason provided comes from a Logitech employee with the username Logi_WillWong, who explains in a response post from September 8, 2017 that Logitech will not be renewing a “technology certificate license” that expires in March. No details were provided about how this certificate license allows the Harmony Link to function, but it appears that without it, those devices will not work as promised. “The certificate will not be renewed as we are focusing resources on our current app-based remote, the Harmony Hub,” Logi_WillWong added, which seems to indicate that the shutting down of the Harmony Link system is a way to get more customers on the newer Harmony Hub system.
But customers are calling out Logitech for bricking a device that works perfectly fine for most of them, presumably in the hopes of forcing an upgrade to a new device. While out-of-warranty customers can get a discount on a Harmony Hub, according to an updated response posted yesterday on the Logitech support forum from Logi_WillWong, those still under warranty can receive a free Harmony Hub from Logitech as a replacement for their Harmony Link.
The Harmony Link system predates the Harmony Hub by a few years and allows users to control televisions, sound systems, and even VCRs and Blu-ray players from the free companion mobile app. The Harmony Hub expands on those capabilities by adding more IoT device support, making things like Roku players, Hue smart lights, and Sonos systems controllable via the remote app. The Harmony Link isn’t available to purchase from Logitech’s website anymore, and it’s listed as “discontinued by manufacturer” on Amazon.
The forced end-of-life of the Harmony Link is a harsh reminder that companies like Logitech have the power to make useful yet older devices obsolete for whatever reason they see fit.
Also a harsh reminder that companies like this ignore the press when it comes to explaining why they’re doing stuff.
link to this extract
By making some tweaks to your settings, you can configure the iPhone X so that it barely drains any battery. In fact, depending on your usage, you’ll be able to squeeze two days of battery life or perhaps even more out of your iPhone. The trick was noted by Twitter user Neil Hughes a few days ago, and we’ll explain how it works.
There are three things you need to do in order to make this happen. First, you’ll need to switch your screen to grayscale. In the Settings app, go to General > Accessibility > Display Accommodations. Tap Color Filters, then slide the toggle next to “Color Filters” to on. Now, tap the “Grayscale” option that appears below.
Next, you’ll want to invert the display’s colors. Still within Display Accommodations in the Settings app, tap Invert Colors and then slide the toggle next to “Classic Invert” to on.
Finally, on the main menu screen in the settings app, scroll down to Battery and enable “Low Power Mode” in the battery section. This will restrict background processes so that first- and third-party apps use as little energy as possible. Also, if you want to take things a step further, apply an all-white wallpaper to your home screen and lock screen. It’ll turn to pure black when you invert your colors, thus conserving power by preventing as many pixels as possible from lighting up.
The launch of Snap’s new physical product, Spectacles, was what made me realize that the Snapchat app’s unlabeled press-it-and-see-what-happens UI is no mistake.
Just look at the vending machine:
A credit card reader and three buttons: hit one of those massive glowing pads to get a pair of Spectacles of that color. Like the Snapchat app, the machine has no text, no obvious instructions, no clarity. The machine assumes itself is a big enough deal that it’s your fault if you don’t know.
Same with the banner:
Snap pulled a Cloverfield on us for the Spectacles launch, teasing the Snapchat ghost with eyes on billboards around the US without being explicit with exactly what’s going on.
Tying this back to design, and the choices Snap’s making for its brand identify, it makes more sense the more you think about it.
Positioned as a rare place where your content is totally hidden from the public, the reasons for Snapchat’s arcane, exclusive design are clear. It’s not a social media platform in the same way that Facebook is, and that’s mainly because of its total lack of discovery.
What I mean by that is there is no way to find users without knowing their phone number or their handle: two pretty private pieces of information. And if/when your grandma does try to add you, you’ll still need to accept the request. Not that she will add you, because she’s not figured out how to get into the bloody thing.
November 2017: Snap, having been walloped by the easier-to-use Instagram Stories, say it’s redesigning its app to be easier to use.
Design is how it works. If it works.
link to this extract
Digital currencies and the wallets that hold them have become an increasingly attractive target for digital pickpockets, resulting in millions of real dollars’ worth of lost currency. A $50 million heist of Ethereum currency last year exploiting weaknesses in the cryptocurrency’s underlying software threatened to break the Bitcoin competitor. But a new security bug in a popular Ethereum wallet platform has caused what amounts to a bank freeze on scores of high-value wallets. Today, Parity Technologies Ltd., the developer of cryptographic “wallets” for the digital currencies Bitcoin and Ethereum, announced that an “accidental” triggering of a bug affecting certain Parity wallets had broken them, making it impossible to transfer Ethereum funds out of them.
As a result, 1 million ETH have become frozen in wallets—roughly $280 million (US) worth of digital currency. Of that, about $90 million belongs to Parity founder and former Ethereum core developer Gavin Woods’ Initial Coin Offering (ICO) Polkadot, according to Tuur Demeester, editor in chief at Adamant Research.
The bug specifically affects multi-signature wallets created with a digital contract after July 20. Multi-signature wallets have cryptographic security measures that require multiple users to sign a transaction in order for it to be processed and approved—an approach that allows for escrow contracts to control payments from accounts belonging to a group.
Errata, corrigenda and ai no corrida: none notified
You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.