Start Up: iPad FacePro at WWDC?, 3D printing Marines, Toys’R’Us in trouble, Fitbit tries again, and more

Maybe stop sharing your bike rides on Strava? Photo by RaINsday on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 8 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Cyclists warned to beware sharing data on ride-tracking apps • Sky News

Lorna Shaddick:


Police and cybersecurity firms are warning cyclists to be careful with the data they share on ride-tracking apps because they could be helping bike thieves.

Peter Murtagh, from Dublin, is a keen triathlete – but recently had his top of the range racing and road bikes stolen in a daring, daylight raid on his house.

“I came downstairs and noticed one of my bikes, it was gone. That was in the front of the house,” Mr Murtagh told Sky News.

“Little did I know, the thieves were still in the house, they’d got in with a crowbar, they broke three windows and they stole my second bike too.”

Mr Murtagh cannot prove it, but thinks he might know why the thieves knew exactly where to look.
He had been using an app that logs cycling data, called Strava, to track his cycling speeds and compete against other users – but her did not realise his settings were the default ones – which are “public”.

The setting meant that the start and end of his rides could easily be seen online. He had also recorded the make and model of his top of the range time-trial bikes.


This is a perennial: I found stories of exactly the same content – Strava, high-priced bikes, theft – dating back to 2014. You’ll recall the stories of Strava’s defaults locating secret military bases; now it says it’s going to remove some of that data. Doesn’t get the bikes back though, does it?
link to this extract

Marines’ love affair with 3D printing: small is cheap, and beautiful • Breaking Defense

Sydney Freedberg:


Why are the Marines in love with 3D printing? Like most romances, it starts with the small things, things too small for the conventional supply system to manage, like a two-cent plastic button that preempts a $11,000 repair. Big defense contractors, take notice.

“There’s an intercom in most helicopters,” said Gen. Robert Neller, commandant of the Marine Corps. Ground-pounders like him tend to hit the buttons too hard and break them. But the Pentagon supply system doesn’t deal in replacing individual buttons. “You’ve got to buy the whole faceplate of the intercom,” Neller said. “It costs $11,000.”

The only hitch? The parts weren’t approved for installation on an aircraft. “I said, put the button on,” Neller told the National Defense Industrial Association last week. “Print a bag of them and hang them there.”

Neller’s No. 2, Gen. Glenn Walters, has his own longtime love affair with 3D printing. His favorite anecdote is a Marine Corps tank unit that had six 70-ton M1 Abrams tanks idled because of a broken impeller fan needed to clear the air filter. Ordering a single spare fan through the normal system would cost $1,400 and take 18 months. Instead, Walters said, a young female sergeant in the 1st Maintenance Battalion took the initiative to find a contractor “who could 3D print that thing for about $300 dollars and delivered all of them in seven days.”

“My eyes are watering with what our young people can do right now,” Walters told the McAleese/Credit Suisse conference last week. “I have an engineering background, but I’m telling you, some of these 21- and 22-year-olds are well ahead of me.”


As they should be. 3D printing finding its place: low-cost replacement.
link to this extract

Toys ‘R’ Us misses vendor payments • Bloomberg

Matthew Townsend:


Toys “R” Us Inc. has missed payments to some suppliers in recent days as its U.S. division heads toward a likely liquidation, according to people with knowledge of the situation.

The payments stopped without explanation, said the people, who asked not to be identified because the matter is private. Some of the people said they can’t get anyone to respond to questions at the retailer, which filed for bankruptcy in September and faces a $5bn debt load. Toymakers Mattel Inc. and Hasbro Inc. touched their daily lows on the news.

Toys “R” Us also recently stopped negotiating settlements with vendors on money owned before it filed for bankruptcy, some of the people said. A representative for Wayne, New Jersey-based Toys “R” Us declined to comment.

The bleak situation lends evidence to the notion that Toys “R” Us is moving toward winding down its U.S. operations for good.


Over-leveraged retailers are in some deep brown stuff. If Toys’R’Us goes down, it’s going to be like a neutron bomb hitting toymakers.
link to this extract

iPad Pro with Face ID will ‘likely’ debut at WWDC 2018 in early June • Mac Rumors

Joe Rossignol:


Apple’s rumored iPad Pro with Face ID will likely be released in the second quarter of 2018, according to Rosenblatt Securities analyst Jun Zhang.

iPad Pro with Face ID mockups via Ben Geskin and Carlos Guerra

If accurate, the timeframe suggests Apple will unveil the new iPad Pro models at its annual Worldwide Developers Conference, which will take place June 4-8 at the McEnery Convention Center in San Jose, California. Apple similarly unveiled its current iPad Pro lineup at WWDC last year.

Zhang expects the revamped iPad Pro to have slimmer bezels and no home button, in line with the iPhone X. The revamped design will likely be featured on both the 10.5-inch and 12.9-inch iPad Pro, although his research note didn’t specify.

Apple’s plans to release an iPad Pro with Face ID were first revealed by KGI Securities analyst Ming-Chi Kuo, who said the refresh would occur in 2018. Bloomberg’s Mark Gurman was a bit more specific, noting the iPad Pro with Face ID would debut “a little more than a year” after the current models.

The 10.5-inch iPad Pro and second-generation 12.9-inch iPad Pro launched in June 2017, so it’s not entirely clear if “a little more than a year” meant WWDC 2018 or Apple’s annual September event where it introduces new iPhones.

The new iPad Pro models will likely retain LCDs instead of OLED displays due to supply, cost, and technological constraints. It’s unclear if the tablets will have a notch for the TrueDepth sensor housing, or if the device will have uniformly slim bezels on all four sides with enough room for the components.


Would FaceID on an iPad be more useful than TouchID? I rarely use an iPad in portrait orientation, and hardly ever pick it up that way. And given the number of times I unlock it while it’s in landscape (with the keyboard attached), this doesn’t look like a great idea.

But then people said that about FaceID..
link to this extract

Fitbit’s Versa is the smartwatch the Ionic should have been • TechCrunch

Brian Heater:


The Versa looks exactly like the leaks predicted, with a smaller casing design that has more in common with Pebble’s design language (and, for that matter, the Apple Watch) than the fugly Ionic. It’s a “squircle,” and more to the point it’s thin and light, and will fit a lot more wrists than its last device. That will, hopefully, help broaden the product’s appeal for many among the female user base who may have been put off by the unwieldiness of the Ionic.

In fact, the company’s doubling down with its appeal for a female audience. Version 2.0 of the watch operating system brings targeted tracking for female users that incorporates menstrual cycle data into the overall health tracking picture. The company also, thankfully, began delivering on the promise of more apps a few months back, which means the product will have a stronger foundation than anemic selection Ionic offered over time. The new OS should bring improved, personalized reminders as well, though that’s “coming later in 2018,” according to the company.

The Versa’s screen measures 1.34 inches — which makes it smaller than Apple’s 38mm model. It’s certainly light though, as advertised, and the design language is a major upgrade over the Ionic. It’s actually got most of the Ionic’s features on-board, as well, including both fitness and sleep tracking, heart-rate monitoring and onscreen workouts. The company claims the battery should last around four days on a charge, with normal use — though we’ll be happy to put that claim to the test when we get a review unit.


Looks a zillion times better than the Ionic, and priced at $200 it might have a chance. And Fitbit needs it to be a hit – the fitness band business is dying on its feet.
link to this extract

How conservative activists catfished Twitter • Gizmodo

Kashmir Hill on how Project Veritas – which tried to disprove the Roy Moore accusations (and ended up showing how well-reported they were) and has had to pay $100,000 to someone it recorded without consent – targeted people from Twitter:


While Project Veritas’s findings weren’t particularly shocking, how they were obtained was. Project Veritas didn’t just fake-recruit its targets, it fake-seduced them. Many of the male employees were secretly recorded while on dates at dimly-lit restaurants, sipping wine. Based on the number of times he appears in the videos in different locations and dress, one security engineer, Clay Haynes, appears to have been enamored enough with the operative pumping him for information to go out with her at least three times. All of the Veritas operatives’ faces are blurred, but you can see his date’s jangly bracelets and long blond hair. It’s unclear just how far the seduction of Haynes went, but they became serious enough to go on a double date to Morton’s Steakhouse with her friend, a disguised James O’Keefe.

“NO ONE should have to experience this,” said Haynes via Facebook message. Haynes, who is still employed by Twitter, ultimately opted not to talk to me at the company’s request.

Beyond the questionable journalistic ethics of exploiting people’s desires for work and love, Project Veritas’s tactics broke the law, says John Nockleby, a professor who specializes in privacy at Loyola Law School-Los Angeles. While consent laws for recording conversations vary from state to state, California is a two-party consent state, meaning you have to tell someone if you’re recording them, or face up to a year of jail time and a $2,500 fine. “You’re allowed to do video in a public place without getting consent, but not take audio, unless it’s someone like a politician giving a speech to a crowd,” Nockleby told me by phone. “In California, even in a public place, if you’re audio recording without consent, that’s not legal.”


link to this extract

YouTube doesn’t know why Alex Jones videos are appearing at the top of its search results • Vice

David Gilbert:


An InfoWars video claiming that Antifa members are the “prime suspects” in the mysterious package bombings in Austin, Texas appeared at the top of search results Monday on YouTube — and the company has no idea why.

The video appeared as the third result when VICE News searched for the term “Austin explosions” on Monday evening. Another Infowars video was listed fourth in the search results.

The videos were posted by Ron Gibson, who is part of Jones’ Free Speech Systems YouTube network. His channel alone has over 158,000 subscribers and the video which was appearing on YouTube’s search results has been viewed more than 9,000 times.

In the first video Jones asks: “Is Antifa behind the third bombing in Austin?” before answering his own question by calling them “prime suspects.” His evidence? “They are violent, they call for violence, they call for attacking gentrification, any old white people moving into East Austin.” He goes on to say that the accusation is “not a conspiracy theory” despite providing no supporting evidence

Jones also says Antifa is “listed as a terror group.”


(Narrator’s voice: “it’s not listed as a terror group.”)

YouTube really needs to start getting its crap together. The radicalisation problem looks exactly like this. Divisive, inflammatory, untrue content. But hey, it’s all stuff you can sell ads against, right?

Also: you really must click through to the story for its wonderful illustration around the headline.
link to this extract

Russian pleads guilty to aiding massive hacks in US • Daily Beast

Kevin Poulsen:


Jurijs Martisevs, a 36-year-old Moscovite arrested on a trip to Latvia, helped run a service called Scan4you that filled a crucial niche in the underground economy. Before deploying a piece of malware, hackers need to know it won’t be immediately detected and quarantined by the dozens of consumer and commercial security products on the market. That’s where Scan4you comes in. For fifteen cents a pop, a hacker could upload their pre-launch code to Scan4you, which would then automatically check it against 30 different security scanners and report back the results.

Armed with that information, a hacker can make iterative changes to their code until the detection rate is sufficiently low, or even zero. Scan4you was the most successful of a slew of similar offerings advertised on underground forums, and operated from at least 2009 until the arrest of Martisevs and a co-defendant last year.

“Throughout its lifetime, the service has had thousands of users,” reads a statement of facts agreed to by Martisevs, “and has received and scanned millions of malicious files.”

According to Martisevs’ plea documents, Scan4you’s customers included some serious players, including the perpetrators of a national retail breach in November 2013. The retailer is unnamed, but the timing and description coincides with that month’s massive Target hack. The hackers submitted variations of their credit card stealing code to Scan4you four times over the course of two weeks before finally deploying the malware on Black Friday weekend. The Target breach ultimately netted thieves some 40 million credit and debit cards, and resulted in a $10 million consumer class action against Target.

Ruslans Bondars, Martisevs’ co-defendant, was allegedly the creator and technical brains behind Scan4you. Bondars is a Latvian national extradited along with Martisevs. He’s in custody pending a May trial date.


The Feds may have the full database of malware, and even customer details. That would be a hell of a thing.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.