Start Up: release the Twitter bot memo, Dell to re-IPO?, bitcoin in Kentucky and S Korea, and more

Another Donkey Kong record is gone – but not broken. Photo by D Begley on Flickr.

»You can sign up to receive each day’s Start Up post by email (arriving at about 0800GMT each weekday). You’ll need to click a confirmation link, so no spam.«

A selection of 11 links for you. Super blood blue moon bowl. I’m @charlesarthur on Twitter. Observations and links welcome.

How Twitter bots and Trump fans made #releasethememo go viral • Politico

Renuka Rayasam:


Computational propaganda—defined as “the use of information and communication technologies to manipulate perceptions, affect cognition, and influence behavior”—has been used, successfully, to manipulate the perceptions of the American public and the actions of elected officials.

The analysis below, conducted by our team from the social media intelligence group New Media Frontier, shows that the #releasethememo campaign was fueled by, and likely originated from, computational propaganda. It is critical that we understand how this was done and what it means for the future of American democracy.

In the space of a few hours on January 18, #releasethememo exploded on Twitter, evolving over the next few days from being a marker for discussion on Nunes’ memo through multiple iterations of an expanding conspiracy theory about missing FBI text messages and imaginary secret societies plotting internal coups against the president. #releasethememo provided an organizational framework for this comprehensive conspiracy theory, which, in its underpinnings, is meant to minimize and muddle concerns about Russian interference in American politics.

The rapid appearance and amplification of this messaging campaign, flagged by the German Marshall Fund’s Hamilton68 dashboard as being promoted by accounts previously linked to Russian disinformation efforts, sparked the leading Democrats on the House and Senate Intelligence Committees to write a letter to Twitter and Facebook asking for information on whether or not this campaign was driven by Russian accounts. Another report, sourced to analysis said to be from Twitter itself, identified the hashtag as an “organic” “American” campaign linked to “Republican” accounts. Promoters of #releasethememo rapidly began mocking the idea that they are Russian bots. (There are even entirely new accounts set up to tweet that they are not Russian bots promoting #releasethememo, even though their only content is about releasing the supposed memo.)

But this back and forth masks the real point. Whether it is Republican or Russian or “Macedonian teenagers”—it doesn’t really matter. It is computational propaganda—meaning artificially amplified and targeted for a specific purpose—and it dominated political discussions in the United States for days.


link to this extract

Dell says it will explore IPO or merger with VMWare • Reuters

Liana Baker and Sonam Rai:


Dell, the world’s largest privately held technology company, is under pressure to boost profitability after its debt-laden acquisition of data storage provider EMC Corp for $67bn in 2016 failed to meet financial targets, hurt by intensifying price competition.

Combining with VMware would provide access to VMWare’s $11.6bn in cash, helping Dell trim its $52.5bn debt pile. Last month’s US tax reform made servicing that debt more expensive due to caps on deducting interest expense.

The combination would also make Dell a publicly listed company, offering a path for private equity firm Silver Lake to begin selling down its 18% stake if it chooses to. Silver Lake helped bankroll Dell CEO Michael Dell in taking the company private in 2013 in a $24.9bn leveraged buyout.


link to this extract

‘King of Kong’ star Billy Mitchell lied, claims Donkey Kong world-record analysis • Venturebeat

Jeff Grubb:


MAME’s INP recording capability enables players to rewind their mistakes, continue playing, and then stitch together a final recording that looks like one, unbroken playthrough. Scorekeepers like Young often do accept results performed on MAME, but they typically require independent, in-person verification or live video on a service like Twitch that shows the game and the player all at the same time.

Mitchell has not verified his score in any of those alternative ways with the exception of a witness by the name of Todd Rogers. If that name is familiar, it’s probably because Rogers just made headlines for a high-score scandal of his own. The scorekeeping website Twin Galaxies revealed this week that it is removing all of Rogers records after an analysis revealed his submitted score of 5.51 seconds in the Atari game Dragster is technically impossible.

Beyond that, Mitchell doesn’t have a lot of proof to back up his claims.

“While many people have seen Billy play in public, there are no known independent, impartial, objective witnesses to any of the The Big 3 WR games,” reads Young’s post. “He has never scored over 1,000,000 in a live venue. Billy claimed the 1.047M was done in front of scores of people, but that he had no access to the inside of the machine…so how did he set up the direct feed? The 1.05 was supposedly done at an actual convention, but Billy was conveniently playing in another room. The 1.062 was done in arcade in Florida, but the only live footage from that day was staged (the Boomer board swap) and shows no evidence of a direct feed setup.”


If you haven’t seen King of Kong, you’re missing a treat (which won’t age). If you have, this is an amazing coda.
link to this extract

‘Bitcoin is my potential pension’: what’s driving people in Kentucky to join the craze • Washington Post

Chico Harlan:


He had invested in bitcoin almost two years earlier, so now Jacob Melin had a new house, a new truck, a new consulting business and a line of people coming into his office, trying to become wealthy as quickly as he had. One person said he expected to use a modest investment to “retire in 12 to 18 months.” Another said he wanted to use the proceeds to start a business. And a father of two talked about paying off his own student loans and buying several acres of land — all the things he did not see a chance to do with his income as a software salesman.

“Us little guys working our butts off, we can’t get ahead,” Cedric Knight, 35, told Melin. “This is a once-in-a-lifetime opportunity to change my life.”

Knight and others visiting Melin were pinning their hopes on a new form of currency whose potential value the world was only beginning to recognize. Millions of people around the world are chasing after fortune by investing in bitcoin — which has soared by more than 2,500% in value in the past two years — and other digital instruments known as cryptocurrencies.


Melin is 22. He dropped out of his economics course three years ago and invested his college fund of $20k in bitcoin. Which rocketed to $16,000.

On Sunday evening it headed below $8,000. He might need the car.
link to this extract

South Korea’s crypto craze explained by Seoul’s largest investor • Crypto Ambit

Mr Crypto Ambit:


I asked Simon [Seojoon Kim, CEO of Hashed] if he thought there was any possibility that the government would move forward with a ban in the future. He thinks that in the future, the government will be stewards of the crypto-economy as opposed to adversaries of it; his logic seems solid.

Whether the government likes it or not, Korea is already heavily invested in cryptocurrencies and there’s nothing anyone can do to change that. It’s also impossible to ignore the fact that Koreans have prospered more from the cryptocurrency boom than any other nation in the world. At the same time, given their level of exposure, they would be disproportionately affected by a major market downturn. Basically, the only thing the government can do is support the growth of the cryptocurrency market because a healthy market is good for South Koreans.

If America or China banned trading, only a small percentage of their populations would be affected. A Korean ban would create widespread panic and could cause systemic damage to the Korean economy. Not to mention that South Korea is a democracy, so any politician that takes an anti-cryptocurrency stance is likely to find themselves without a job come election time.


South Korea’s government long ago banned gambling – so it found an outlet in buying cryptocurrency (especially bitcoin), and now about 30% of South Koreans own some, compared to perhaps 1% in the US or China. That makes them, and the economy, very vulnerable to shifts in value. If I were a North Korean leader I’d be looking to hammer bitcoin’s price at the appropriate time with a giant selloff.
link to this extract

ChromeOS is almost ready to replace Android on tablets • The Verge

Nick Statt:


Google has played with the idea for years without ever seeming to decide that one platform should supersede the other. In essence, however, Android remains Google’s dominant mobile OS, while Chrome OS has been taking on more responsibility as Chromebooks have steadily become more capable and tablet-like.

But this wondrous future of a perfect blend of mobile, tablet, and PC operating systems in a hardware package that converts on the fly is still frustratingly out of reach. Features like split-screen in tablet mode are great, and the absence of that feature was one of the main criticisms we had of Google’s flashy and expensive new Pixelbook 2-in-1, which arrived back in October. But Android apps on Chrome aren’t as flexible as they could be across all computing formats, as they still lack adequate stylus support.

Still, it’s clear the vision Google has here is for tablets, 2-in-1s, and standard Chromebook laptops to become one unified device category powered by Chrome OS. Yet another clue suggesting the strategy arrived last week with a now-deleted image of an Acer tablet running Chrome OS, which would make it the first standalone tablet device to do so. The image, snapped at the technology and education expo in London, means we may get a Google or even Pixel-branded Chrome OS tablet in the near future, perhaps unveiled at Google I/O in May.


Putting ChromeOS onto tablets makes perfect sense – Android tablets are in a downward spiral.
link to this extract

Apple Music on track to overtake Spotify in US subscribers • WSJ

Anne Steele:


Apple’s subscriber-account base in the US has been growing about 5% monthly, versus Spotify’s 2% clip, according to the people familiar with the numbers. Assuming those growth rates continue, Apple will overtake Spotify in accounts this summer.

Apple’s popular devices have helped add subscribers to its music service, which is preloaded on all iPhones, Apple Watches and other hardware the company sells.

One question lingering in the industry is what metrics Spotify will have to disclose once it becomes a publicly traded company. The service has periodically released global subscriber totals and just last month touted a new high of 70 million.

Apple Music told The Wall Street Journal it now has 36 million, up from the 30 million it last reported in September.

But both companies’ numbers are increased by counting individual users who are part of family plans and people with discounted subscriptions bundled with other services. In some countries, mobile-phone plans can include an Apple Music subscription; Spotify offers students in the U.S. a subscription plan that includes video-service Hulu. Neither company publicly breaks out figures for the US or any other single market…

…By one standard, Apple Music has already passed Spotify. Including people who are still in free or deeply discounted trial periods leading up to paid subscription, Apple Music has a slight edge on Spotify in the US, according to one of the people familiar with the figures.

Apple Music has three to four times the number of such trial users as Spotify, according to this person, in part because it doesn’t offer a free tier. Also, all Apple Music subscribers are entered automatically into a free initial three-month period. Excluding those trial users, Spotify is ahead, but by a small amount—and that gap is closing.


Two things: this shows the power of the default, especially in a country where the iPhone has about 40% share of the installed base; and the many free rivals in the US, which means Spotify’s free tier isn’t quite as attractive. Some of those rivals are going to fold soon though (Pandora? IHeartMusic?), which might give Spotify some new breathing space.
link to this extract

Smart homes and vegetable peelers • Benedict Evans

Benedict Evans has been thinking about what needs to be smart in the home:


Should everything ‘smart’ in my home talk to everything else, and perhaps be controlled through one unified UI? The obvious answer is ‘of course it will all be one system’ but really, it depends what they are, and on what the right way to interact with that device itself might be. Some things would ideally need no interaction at all, some need to be interacted with directly, some can be controlled remotely, and some might get some value from talking to other devices but others might not. And many might fit into several of these.

Hence, the front door locks by itself, after all, so it should perhaps unlock by itself as I walk up the path, and there should really be no UI at all to that. A lot of smart home stuff should be invisible – you should never see it or talk to it. But then, the door might tell the alarm that you’re home so you don’t need to disarm it yourself. If you do need to interact deliberately, is voice or a screen the right model – and does that mean a screen on the device itself or just your phone? An oven that lets you tell it what you’re cooking might want a screen on the device, but also be accessed from your phone to check progress, and also talk to Alexa: ‘pre-heat the oven to 350 degrees please, and turn it off 30 minutes after I put the dish in’. Conversely, a connected camera clearly doesn’t need a screen on the device itself, but also doesn’t work well with an Echo unless the Echo has a screen, in which case why not use a phone (or use the Google Assistant app on your phone)? Then, there are also lots of use cases where talking might be less friction than anything else – it might be nice to say  ‘Alexa, turn on the lights’ or, again, ‘Alexa, pre-heat the oven to 350 degrees’. But is it better to say ‘turn on the bathroom light’ or to walk into the bathroom and have a dumb IR sensor turn it on automatically? To have a phone that senses movement and location and tells the garage door to open, or to say ‘open the door’ – and would it be Siri or Google in the car and Alexa in the kitchen? Will there be lots of Venn diagrams, or one unified system, or many disconnected appliances?


Another point he makes is that there aren’t necessarily network effects from smart home devices – ie, just because you have an Echo it doesn’t mean your neighbour’s or friend’s home will benefit by also having an Echo (or similar). Which means it’s not a winner(s)-take-all market like smartphones.
link to this extract

How and why to write a Rude Q&A • Scott Berkun

Berkun learnt this trick (to be done before you have a big presentation, as a defence against aggressive inquisition) at Microsoft:


How to create a RQA

1. Ask friends who you know love to give tough feedback for their input. Some people are naturals at this task and enjoy coming up with the rudest, most confrontational questions the world has ever seen. You might be offended or hurt by what they come up with, but that’s okay – better to be offended/surprised now, in an RQA than in a demo, pitch meeting or public setting.

2. Make sure to include questions that are unfair or based on erroneous, but popular, assumptions. Reporters, clients, and the public all have their share of unfair questions and erroneous information, and you want to be ready for them.

3. Spend more time on the answers than the questions. The answers take more time because the responses need to be more polite and mature than the questions themselves. They also need to carefully refute assumptions in the questions without being dismissive.


This is terrific advice.
link to this extract

SEC Consult SA-20180201-0 :: multiple critical vulnerabilities in whole Vibratissimo smart sex toy product range • SEC Full Disclosure mailing list


Vulnerability overview/description:
1) Customer Database Credential Disclosure: The credentials for the whole Vibratissimo database environment were exposed on the internet. Due to the fact, that the PHPMyAdmin interface was exposed as well, an attacker could have been able to connect to the database and dump the whole data set. The dataset contains for example the following data:

– Usernames
– Session Tokens
– Cleartext passwords
– chat histories
– explicit image galleries, which are created by the users themselves

2) Exposed administrative interfaces on the internet: An administrative interface for databases was available without any filtering to the whole internet. In combination with other vulnerabilities an attacker could have been able to get access to the whole database data and even take over the server.

3) Cleartext Storage of Passwords: The user passwords were stored unhashed in cleartext in the database. If an attacker gained access to the database (e.g. via credential disclosure), he could have been able to retrieve the plaintext passwords of users and abuse their privileges in the system.

4) Unauthenticated Bluetooth LE Connections: The sex toys are connected without prior authentication to the app, which is the standard use case. For example one of the identified Bluetooth services allows [it] to read the current device temperature. Other services, which can be accessed without prior authentication are:

-) Setting the “intensity” of the current vibration pattern
-) Reading various values (Temperature, etc)

5) Insufficient Authentication Mechanism: The Android application is using a type of authentication, which is against known best practice. The username and password are sent with every request to the server to authenticate and authorise the request. There is no session management implemented. However, the authentication credentials are transmitted via an encrypted SSL/TLS connection.


Yes, these really are some (not all) of the flaws in an internet-connected vibrator. Still, at least the credentials go over SSL/TLS, eh?
link to this extract

Here’s why Alexa won’t light up during Amazon’s Super Bowl ad • Bloomberg

Brad Stone:


A September 2014 Amazon patent titled “Audible command filtering” describes techniques to prevent Alexa from waking up “as part of a broadcast watched by a large population (such as during a popular sporting event),” annoying customers and overloading Amazon’s servers with millions of simultaneous requests.

The patent broadly describes two techniques. The first calls for transmitting a snippet of a commercial to Echo devices before it airs. Then the Echo can compare live commands to the acoustic fingerprint of the snippet to determine whether the commands are authentic. The second tactic describes how a commercial itself could transmit an inaudible acoustic signal to tell Alexa to ignore its wake word.

About a year ago, a Reddit user calling himself Asphyhackr did a little more legwork and concluded that Amazon was creatively employing this second technique. By running Alexa commercials through digital audio editing software, Asphyhackr discovered that Alexa ads transmit weakened levels of sound in an upper portion of the audio spectrum, between 3,000 and 6,000 hertz, outside the most sensitive range of human hearing.

Asphyhackr speculated that Amazon could be tipping Alexa off to ignore certain commands if it detects artificial gaps or bumps in the spectrum. To test his theory, he recorded someone saying “Alexa” and used a so-called band-stop filter that reduced frequencies just in this high region of the spectrum. When he played back the recording, “My echo would not wake, even sitting right next to the speakers!” he wrote.


This is smart by Amazon; it also points to ways to disable Echo devices remotely, if you can pipe such a noise in to a house. The hacks of the future are always in plain sight.
link to this extract

Errata, corrigenda and ai no corrida: none notified.

1 thought on “Start Up: release the Twitter bot memo, Dell to re-IPO?, bitcoin in Kentucky and S Korea, and more

  1. Error in the Alexa article – “weakened levels of sound in an upper portion of the audio spectrum, between 3,000 and 6,000 hertz, outside the most sensitive range of human hearing.”

    That’s reversed. That *is* roughly the most sensitive range.

    “with a peak sensitivity around 3500 -4000 Hz.”

    “The high sensitivity region at 2-5kHz is very important for the understanding of speech. ”

    I think the writer misread the relevant intensity chart, to mean the opposite of what it does. That is, took “least amount needed to be detected” as “least sensitive”.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.