Start Up: Uber’s secrets stealer, dumb smart homes, 3m lost bitcoins, impossible intelligence, and more

Apple’s got a problem with High Sierra’s root password: there isn’t one. Photo by autowitch on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 13 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Judge stalls Uber trade-secret theft trial after discovering biz ran a trade-secret stealing op • The Register

Kieren McCarthy:


A judge today delayed the start of a trade-secret theft case against Uber – after evidence that the upstart operated a secret trade-secret-stealing unit was revealed at the last minute.

US district judge William Alsup said it would be a “huge injustice” for the trial to start as scheduled next week, after he was sent a letter by the US Attorney for Northern California last week that shed light on Uber’s secretive Strategic Services Group.

“If even half of what’s in that letter is true it would be a huge injustice to force Waymo to go to trial and not be able to prove the things that are said in that letter,” Alsup said during a hearing Tuesday morning in Uber’s home city, San Francisco.

Further intrigue followed the testimony of Uber’s former security analyst Richard Jacobs who Judge Alsup threatened to subpoena to give testimony and appears to have been the source of the information about the secretive unit…

…According to the security analyst, Uber actively sought to steal trade secrets from its rivals and set up the unit to do so.

The unit worked in parallel to Uber, and used “anonymous servers” that were separate from the main company to carry out its work. The unit also ran its own Wickr messaging service that was “invisible… not part of the regular server system,” and which automatically deleted messages, covering its trails.

The judge and Waymo’s lawyer quizzed Jacobs at the hearings, asking about specific allegations including that Uber had acquired the code base of rival operators as well as details of their drivers and business metrics.


Ooof. That’s a black op.
link to this extract

Don’t lock yourself out of your smart home: always carry a key • iMore

Serenity Caldwell:


Philips Hue is an example of a smart home system that degrades well: When the company’s lighting products are on and connected to their Internet-enabled bridge, they can be controlled from an app, Siri, Alexa, and Google Assistant. If the internet goes down, they can still be controlled by the switch of their parent light.

Same with Nest’s thermostat: Even if the internet goes down, Nest is still hard-wired into your wall so that you can adjust the temperature manually.

In theory, the same goes for smart locks: Most of them attach to the rear of a deadbolt, so your original key stays intact; should the lock’s smarts fail for any reason, you’ll still have the key.

But bringing automation and intelligent sensors to the smart home game has changed our habits. If you have a door that automatically locks behind you and knows when you return, you’re less likely to think about bringing its key when you go empty the garbage.

Unfortunately, that trust can quickly evaporate.


The obvious question: if you need a key to get into your smart lock, why not just use an old-fashioned lock?
link to this extract

macOS High Sierra ‘root’ security bug: Stop and do this NOW • iMore

Rene Ritchie:


This is a zero-day exploit. Lemi Orhan Ergin tweeted to Apple’s support account that he had discovered a way to log into a Mac running High Sierra by using the superuser “root” and then clicking the login button repeatedly. (Mac’s running Sierra or earlier versions of the OS are not affected.)

Ergin should absolutely have disclosed this to Apple and given the company a chance to patch it before it went public, and Apple should never have allowed the bug to shop, but none of that matters right now.

Here’s what’s important: The “root” account allows super-user access to your system. It’s supposed to be disabled by default on macOS. For whatever reason, it’s not on High Sierra. Instead, “root” is enabled and currently allows access to anyone without a password.

So, anybody who has physical access to your Mac or can get through via screen sharing, VNC, or remote desktop, and enters “root” and hits login repeatedly, can gain complete access to the machine.

Setting “root” password “fixes” the problem.


Apple is working on a fix. You can fix it in three steps in the Terminal. Personally? Not going to bother. You can’t get into it from the login window; you need to have access (via those methods mentioned) to the machine. Those are off, and screen lock keeps intruders away. Yeah, come at me.

Crappy of Ergin, though.
link to this extract

Lost: four million bitcoins gone forever study says • Fortune

Jeff John Roberts and Nicolas Rapp:


Just as gold bars are lost at sea or $100 bills can burn, bitcoins can disappear from the Internet forever. When all 21 million bitcoins are mined by the year 2040, the actual amount available to trade or spend will be significantly lower.

According to new research from Chainalysis, a digital forensics firm that studies the bitcoin blockchain, 3.79 million bitcoins are already gone for good based on a high estimate—and 2.78 million based on a low one. Those numbers imply 17% to 23% of existing bitcoins, which are today worth around $8,500 each, are lost.

While others have speculated about the number of lost bitcoins, the Chainalysis findings are significant because they rely on a detailed empirical analysis of the blockchain, where all bitcoin transactions are recorded.


That’s a lot of value. 7,500 are lost on a hard drive in a Welsh landfill. (That’s $75m at present prices.)
link to this extract

June 2016: how Yahoo derailed Tumblr • Mashable

Seth Fiegerman, in June 2016:


several Tumblr staffers we spoke with are quietly fantasizing about the social network getting spun off if Yahoo is sold as expected [to Verizon – a sale which has since gone through], however unlikely that spinoff scenario may be. The most popular rumor is that Karp would buy back Tumblr – though no one knows if he can afford it – to save his company from the grips of Yahoo, or whichever new owner comes along next.

Tumblr’s stumbles under Yahoo may go down as a cautionary tale, both for the perils of a large corporation buying a hot startup and for Silicon Valley’s belief that any social network reaching hundreds of millions of people will inevitably generate boatloads of cash one day. Tumblr was slow to monetize before it was acquired, struggled to grow revenue enough to meet its new parent company’s expectations in the first year and struggled even more to keep up with ambitious goals when Yahoo began to meddle.

The massive Tumblr acquisition may also come to highlight Mayer’s broader management missteps in making flashy bets, trusting deputies with limited knowledge of a product to oversee it and some mix of arrogance or denial in failing to quickly right those wrongs when necessary.

“It’s such a black eye,” says one former Yahoo executive. “It didn’t have to be this way.”


This doesn’t quite explain why Tumblr is seeing falling engagement. Stopped being the hot thing? Wasn’t mobile enough? Perhaps the latter, given how bad Yahoo has been at mobile.
link to this extract

Tesla truck will need energy of 4,000 homes to recharge, says study • FT

Peter Campbell and Nathalie Thomas:


One of Europe’s leading energy consultancies has estimated that Tesla’s electric haulage truck will require the same energy as up to 4,000 homes to recharge, calculations that raise questions over the project’s viability. 

The US electric carmaker unveiled a battery-powered truck earlier this month, promising haulage drivers they could add 400 miles of charge in as little as 30 minutes using a new “megacharger” to be made by the company. 

John Feddersen, chief executive of Aurora Energy Research, a consultancy set up in 2013 by a group of Oxford university professors, said the power required for the megacharger to fill a battery in that amount of time would be 1,600 kilowatts.

That is the equivalent of providing power for 3,000-4,000 “average” houses, he told a London conference last week, and is 10 times as powerful as Tesla’s current network of “superchargers” for its electric cars. 

Tesla declined to comment on the calculations.


Either a super-slow recharge, or you’ll have to deliver stuff to power stations a lot.
link to this extract

It’s OK to hate your spreadsheet – The Fieldbook Blog • Medium

Jason Crawford:


You’ve been thinking about moving to a “real” client tracking system (or CRM, or inventory). But nothing out there tracks your process as closely as the custom spreadsheet you made for yourself.

We understand, and we created Fieldbook just for you. Fieldbook is an online database that’s as easy to use as a spreadsheet, and lots of people like you have switched to it from Excel or Google Sheets, solving their spreadsheet headaches without giving up their customizations.
But we’ve learned from talking to our customers that it’s not always obvious how to move from a spreadsheet to a database system like Fieldbook, or how to reorganize your sheets to take full advantage of the features it offers.

That’s why we’re launching a new campaign called “I Hate My Spreadsheet”: We’ll take anyone’s ugly, frustrating spreadsheet and turn it into a tidy, delightful Fieldbook database—for free.

Our data experts will split up complex sheets into smaller ones, collect scattered info in one place for searchability, and eliminate data duplication. We do all the work, you don’t pay a cent until you’ve had a chance to try it and decide you want to keep it.


If you’ve got one of those spreadsheets…
link to this extract

Brands heed social media. They’re advised not to forget word of mouth • The New York Times

Janet Morrissey:


On average, 19% of a brand’s sales — or between $7trn and $10trn in annual consumer spending in the United States — are driven by social conversations, both online and offline, according to a new study conducted by Engagement Labs, a Canadian company that analyzes conversations around brands.

The study, which looked at 170 brands, found that companies often wrongly saw social media as an accurate and sufficient guide for tracking consumer sentiment. Often, though, that social conversation might be much different from what people are saying in private conversations with friends and family, the study said.

“The danger is you can make some pretty big mistakes if you assume the conversations happening online are also happening offline,” said Brad Fay, chief research officer at Engagement Labs and a co-author of the study. “Very often, they’re heading in different directions.”

The most negative and most outrageous comments often get the most traction on social media. And sometimes, people post comments about a topic just to get a reaction or to reflect an “image” or appear “cool” to their social media followers, when their actual views may be the opposite.


Terrible headline. Social media is word of mouth, but not representative. I like Jesse Singal’s take on this study and article:


people don’t know what to make of certain online conversations simply because so many standard conversational norms and rules and guardrails have been upended (20 years ago, it was much harder to bombard someone with death threats knowing that there was almost zero chance of being held accountable for it). So sometimes they respond similarly to how they would were the conversation in question taking place offline — traditionally, if a company got what felt like a flood of complaints, it probably meant something meaningful, because the cost of communicating with a company was higher. Today, I could send 100 angry tweets to a 100 companies in the next hour if I wanted.


link to this extract

Huawei says it can do better than Apple’s Face ID • Engadget

Jon Fingas:


Huawei has a history of trying to beat Apple at its own game (it unveiled a “Force Touch” phone days before the iPhone 6s launch), and that’s truer than ever now that the iPhone X is in town. At the end of a presentation for the Honor V10, the company teased a depth-sensing camera system that’s clearly meant to take on Apple’s TrueDepth face detection technology. It too uses a combination of infrared and a projector to create a 3D map of your face, but it can capture 300,000 points in 10 seconds — that’s 10 times as many as the iPhone X captures.

It’s secure enough to be used for payments (unlike the OnePlus 5T), and almost as quick to sign you in as the company’s fingerprint readers at 400 milliseconds. Even the silly applications of the tech promise to be better. The company showed off a not-so-subtle Animoji clone that could tell when you were sticking out your tongue in addition to tracking the usual facial expressions.




There’s one major catch to this system: it’s not actually part of a product yet. Huawei’s Honor team showed the system without mentioning what phones would use it, let alone when they would ship.


Ah. Remember Huawei’s Force Touch implementation which it demonstrated before Apple? Still isn’t shipping in volume. Don’t hold your breath on this one.
link to this extract

Inside Airbnb’s Russian money-laundering problem • Daily Beast

Joseph Cox:


Scammers are leveraging Airbnb to launder dirty cash from stolen credit cards, according to posts on underground forums and cybersecurity researchers consulted by The Daily Beast.

The news shows how fraudsters will seize any opportunity they can, especially when there is an opening for pushing cash through online services, which sometimes require relatively little effort, a computer, and just a bit of creativity.

“People [have] been doing it forever,” one current and experienced credit-card scammer told The Daily Beast.

The Daily Beast found a number of recent posts on several Russian-language crime forums, in which users were looking for people to collaborate with to abuse Airbnb’s service. According to Rick Holland, VP of strategy from cybersecurity firm Digital Shadows, these operations rely on an individual or group using legitimate or stolen Airbnb accounts to request bookings and make payments to their collaborating Airbnb host. The host then sends back a percentage of the profits, despite no one staying in the property. 

In essence, it’s a way to extract value out of stolen credit cards. In another case, fraudsters might buy electronic goods such as iPhones with stolen cards to then resell at a profit. This is the same idea of laundering funds, just with Airbnb.


link to this extract

How often do consumers intentionally click mobile ads? • eMarketer


A new survey found that most consumers say they rarely or never mean to click on ads served up on their phones.

Button, a mobile partnership platform that facilitates discovery and transactions for brands, and App Annie, a mobile app data and insights provider, surveyed 1,106 US smartphone users ages 18 to 73. The study found that for the most part, consumers aren’t too keen on mobile ads.

Take millennials, for example. More than four in 10 said they rarely click on a mobile ad, and another 17% said they never did.

While there were some (31%) who said they sometimes click on a mobile ad, very few (10%) did so regularly.

This was the case for older consumers as well. In fact, baby boomers were the least likely to engage with mobile ads. Nearly a quarter said they never did, while another 49% said they rarely did so. Just 4% said they clicked on a mobile ad at least somewhat often.

Meanwhile, ads promoting mobile apps tell a somewhat different story. The study found that when it comes to those types of ads, consumers are more engaged than with ads in general. But even that engagement rate is declining.


Frankly, I’m surprised it’s that high. Given these are self-reported, these may be on the low side – people hit ads all the time because they’re under their fingers.
link to this extract

Google says a fix has been identified for Pixel 2 and Pixel 2 XL random reboots • Android Police

Richard Gao:


Quite a few people have been experiencing random reboots on their Pixel 2 and Pixel 2 XL smartphones, and they’ve all been left to helplessly wait for the problem to be resolved. However, Google is saying that it’s now identified a fix, though specifics weren’t discussed.

Orrin, a community manager in Google Product Forums’ Pixel User Community, relayed the above message to a number of threads that had been created about random reboots. Aside from the facts that a fix has been discovered and that a fix will be rolling out in a couple of weeks, we still don’t have any information about why this was occurring and what the fix does.


Given the tiny number of phones that Google has sold, this laundry list of problems is just amazing.
link to this extract

The impossibility of intelligence explosion • Medium

François Chollet:


What would happen if we were to put a freshly-created human brain in the body of an octopus, and let in live at the bottom of the ocean? Would it even learn to use its eight-legged body? Would it survive past a few days? We cannot perform this experiment, but given the extent to which our most fundamental behaviors and early learning patterns are hard-coded, chances are this human brain would not display any intelligent behavior, and would quickly die off. Not so smart now, Mr. Brain.

What would happen if we were to put a human — brain and body — into an environment that does not feature human culture as we know it? Would Mowgli the man-cub, raised by a pack of wolves, grow up to outsmart his canine siblings? To be smart like us? And if we swapped baby Mowgli with baby Einstein, would he eventually educate himself into developing grand theories of the universe? Empirical evidence is relatively scarce, but from what we know, children that grow up outside of the nurturing environment of human culture don’t develop any intelligence beyond basic animal-like survival behaviors. As adults, they cannot even acquire language.

If intelligence is fundamentally linked to specific sensorimotor modalities, a specific environment, a specific upbringing, and a specific problem to solve, then you cannot hope to arbitrarily increase the intelligence of an agent merely by tuning its brain — no more than you can increase the throughput of a factory line by speeding up the conveyor belt.


link to this extract

Errata, corrigenda and ai no corrida: none notified

3 thoughts on “Start Up: Uber’s secrets stealer, dumb smart homes, 3m lost bitcoins, impossible intelligence, and more

  1. “Crappy of Ergin, though”. Come on, Apple has made its vulnerability-reporting program impossible to get into (it’s invite-only) and low-paying (the exploits are worth several times more on the black market)… and hackers this snubbed by Apple are supposed to play nice ?
    Apple is trying to save money and bother… hackers are just following suit.

    • It’s true there’s no bounty program for vulnerabilities on the Mac.
      Even so: a bug which leaves millions of machines immediately vulnerable is one of those cases where you’d think “responsible disclosure” might apply. There would be multiple ways to get noticed – someone resourceful about doing so might email someone or multiple people at the top of the company.
      Publicising it this way superficially looks clever, but doesn’t make you popular with security researchers. I bet it doesn’t leave Apple’s security engineers happy, once they’re over their embarrassment.
      I think the suggestion that “Apple is trying to save money and bother” is unproven. It’s not short of money; what it treats as precious, though, is focus. That seems to be more difficult as the number of OSs has grown.

  2. I liked François Chollet piece on intelligence explosion. But the formal structure is:
    1) intelligence is not a general thing, there are only skills
    2) therefore, you can’t make something get smart rapidly, just slowly gain skills

    There’s something to be said for #1, but it’s only a partial truth. There’s plenty of evidence in cognitive testing in both people and animals that cognitive skills are highly correlated. If you are good at one thing, you tend to be good at another. So basing your entire article on #1 as an absolute given, with only analogy proof to justify it, and apparently oblvious to the fact there is a lot of empirical data on this subject, made the thesis fundamentally flawed. If interesting. There’s a real point there. Just can’t oversell it.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.