Start Up: North Korea’s hacking goes on, YouTube’s garbage fire, 8m Xs?, Google’s podcast plan, and more

The Apple Watch Edition: no longer available in a dedicated store! Photo by Shinya Suzuki on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Plus one trying to sell you something. I’m @charlesarthur on Twitter. Observations and links welcome.

As two Koreas shake hands, Hidden Cobra hackers wage espionage campaign • Ars Technica

Dan Goodin:


As Kim Jong Un became the first North Korean leader to step into South Korea, his generals continue to oversee teams of increasingly advanced hackers who are actively targeting the financial, health, and entertainment industries in the US and more than a dozen other countries. The so-called GhostSecret data reconnaissance campaign, exposed Tuesday by security firm McAfee, remains ongoing. It is deploying a series of previously unidentified tools designed to stealthily infect targets and gather data or possibly repeat the same type of highly destructive attacks visited upon Sony Pictures in 2014.

Last month, McAfee reported finding Bankshot, a remote-access trojan attributed to Hidden Cobra—a so-called advanced persistent threat group tied to North Korea—infecting Turkish banks. In this week’s report, the security firm said the same malware was infecting organizations all over the world. McAfee researchers also found never-before-seen malware that was infecting the same organizations. One tool included many of the capabilities of Bankshot, including its ability to compromise computers that connect to the SWIFT banking network and permanently wipe data from infected computers. The tool also had digital fingerprints found in Destover, the name given to malware that was used in the Sony Pictures intrusion.

Coinciding with the McAfee discovery, according to a ThaiCERT advisory published Wednesday, Thailand officials seized a server inside the Thammasat University in Bangkok that was being used to communicate with computers infected in the GhostSecret campaign. The server used the same IP address range that was used in the Sony Pictures hack. Thai officials are in the process of analyzing the server now.


North Korea might (though I doubt it) give up its nukes, but it won’t give up its hacking capability, which it has identified as one of the two weapons of the 21st century. Nukes are the other.)

Massive plug: I wrote about North Korea’s attitude to hacking in my upcoming book, Cyber Wars. You can pre-order it!

Aleks Krotoski, who presents the BBC’s Digital Human series, read it and calls it “A terrifying analysis of the dark cyber underworld.” Can’t argue with that. (Unless you buy it and read it. Then you can argue.)
link to this extract

YouTube struggles with plan to clean up mess that made it rich • Bloomberg

Lucas Shaw and Mark Bergen:


Much like Facebook and Twitter, however, YouTube has long prioritized growth over safety. Hany Farid, senior adviser to the Counter Extremism Project, which works with internet companies to stamp out child pornography and terrorist messaging, says that of the companies he works with, “Google is the least receptive.” With each safety mishap, he says, YouTube acts freshly shocked. “It’s like a Las Vegas casino saying, ‘Wow, we can’t believe people are spending 36 hours in a casino.’ It’s designed like that.”

That’s not how Google or YouTube see things. Over the past year, YouTube has made the most sweeping changes since its early days, removing videos it deemed inappropriate and stripping away the advertising from others. But to date, both the video-sharing service and its corporate parent have struggled to articulate how their plan will make things better. Only recently, as Washington has edged closer to training its regulatory eye on Silicon Valley, did YouTube executives agree to walk Bloomberg Businessweek through its proposed fixes and explain how the site got to this point. Conversations with more than a dozen people at YouTube, some of whom asked not to be identified while discussing sensitive internal matters, reveal a company still grappling to reach a balance between contributors’ freedom of expression and society’s need to protect itself.

“The whole world has become a lot less stable and more polarized,” says Robert Kyncl, YouTube’s chief business officer. “Because of that, our responsibility is that much greater.”
In interviews at the San Bruno complex, YouTube executives often resorted to a civic metaphor: YouTube is like a small town that’s grown so large, so fast, that its municipal systems—its zoning laws, courts, and sanitation crews, if you will—have failed to keep pace. “We’ve gone from being a small village to being a city that requires proper infrastructure,” Kyncl says. “That’s what we’ve been building.”

But minimal infrastructure was a conscious choice, according to Hunter Walk, who ran YouTube’s product team from 2007 to 2011. When the markets tanked in 2008, Google tightened YouTube’s budgets and took staffers off community safety efforts—such as patrolling YouTube’s notorious comments section—in favor of projects with better revenue potential. “For me, that’s YouTube’s original sin,” Walk says. “Trust and safety has always been a top priority. This was true 10 years ago and it remains true today,” YouTube said in an emailed statement.


link to this extract

The facts about a recent counterfeiting case brought by the U.S. government • Microsoft

Frank Shaw is Microsoft’s head of communications:


here are some facts of the case worth noting – all of which are spelled out in detail in the court documents.

Microsoft did not bring this case: U.S. Customs referred the case to federal prosecutors after intercepting shipments of counterfeit software imported from China by Mr. Lundgren.

Lundgren established an elaborate counterfeit supply chain in China: Mr. Lundgren traveled extensively in China to set up a production line and designed counterfeit molds for Microsoft software in order to unlawfully manufacture counterfeit discs in significant volumes.

Lundgren failed to stop after being warned: Mr. Lundgren was even warned by a customs seizure notice that his conduct was illegal and given the opportunity to stop before he was prosecuted.

Lundgren pleaded guilty: The counterfeit discs obtained by Mr. Lundgren were sold to refurbishers in the United States for his personal profit and Mr. Lundgren and his codefendant both pleaded guilty to federal felony crimes.

Lundgren went to great lengths to mislead people: His own emails submitted as evidence in the case show the lengths to which Mr. Lundgren went in an attempt to make his counterfeit software look like genuine software. They also show him directing his co-defendant to find less discerning customers who would be more easily deceived if people objected to the counterfeits.


This relates to the story from last week. Lundgren clearly not quite the innocent that some (including, er, me) made out.
link to this extract

Source: Apple will produce only 8 million iPhone X units In Q2 • Fast Company

Mark Sullivan:


a supply chain source with direct knowledge of Apple’s plans [says] the company has ordered the production of only 8 million iPhone X units in calendar Q2 of 2018.

This source says Apple ordered the production of too many units of the iPhone X in the last calendar quarter of 2017, and is now trying to “burn off” the inventory that has piled up at its resellers.

Apple sold 77.3 million total iPhones during the 2017 holiday quarter. Apple CEO Tim Cook said the X outsold all other iPhone models every week of the first quarter after the device’s launch on November 3, 2017, launch. And a high average sale price of $796 across all iPhone models suggested that the X, Apple’s most expensive phone, was indeed a heavy seller. Above Avalon analyst Neil Cybart says that the X contributed about 35% of total phone sales during the holiday quarter, which works out to about 27 million phones.

But as the global smartphone market has ceased to grow, and as smartphone owners hold on to their current devices longer, consumers may be less apt to part with more than a grand for a phone.

Our source says Apple is disappointed with sales of the iPhone X, and doubts have grown within the company that releasing a $1,000-plus smartphone in the current global smartphone market was a winning idea…

…Cybart also stresses that Apple pundits shouldn’t judge new iPhones on the same scale as the blockbuster iPhone 6.

“We have entered the iPhone’s Goldilocks era,” Cybart said. “Status quo is the new normal when it comes to unit sales. While Apple may still report quarterly iPhone unit sales growth from time to time, especially if year-over-year compares are favorable, the growth would not represent some kind of step increase in sales. As long as Apple is able to expand the iPhone installed base, the company will be able to offset some of the sales pressure from a slowing iPhone upgrade rate.”


That’s it, really: capture a huge chunk of revenues and profits, pull people through to upgrade every other year, incrementally grow the user base. The smartphone wars aren’t hot any more.

I’m also increasingly persuaded that the iPhone X will, like the iPhone 5, be a one-year product, replaced by other OLED models in the autumn. Apple wants to move people onto OLED, and no home button.
link to this extract

Silicon Valley can’t be trusted with our history • Buzzfeed

Evan Hill:


The internet has slowly unraveled since 2011: image-hosting sites went out of business, link shorteners shut down, tweets got deleted, and YouTube accounts were shuttered. One broken link at a time, one of the most heavily documented historical events of the social media era could fade away before our eyes.

It’s the paradox of the internet age: Smartphones and social media have created an archive of publicly available information unlike any in human history — an ocean of eyewitness testimony. But while we create almost everything on the internet, we control almost none of it.

In the summer of 2017, observers of the Syrian civil war realized that YouTube was removing dozens of channels and tens of thousands of videos documenting the conflict. The deletions occurred after YouTube announced that it had deployed “cutting-edge machine learning technology … to identify and remove violent extremism and terrorism-related content.” But the machines went too far.

“What’s disappearing in front of our eyes is the history of this terrible war,” Chris Woods, the director of the reporting and advocacy organization Airwars, said at the time. Not only were the deleted videos a resource for journalists and a public chronicle of the violence, they were potential evidence for war crimes trials. YouTube restored most of the channels following the outcry but has continued to delete footage at a slower pace — about 200,000 videos of the conflict have been memory-holed, observers estimated in March.

Our access to information is incredibly broad but shockingly fleeting. A tweet that was meant to be forgotten within minutes resurfaces years later to cost someone their job, while a video providing unambiguous evidence of war crimes disappears without a trace.


link to this extract

The last Apple Watch boutique is closing, and good riddance • Macworld

Leif Johnson:


Far on the other side of the world, an Apple store is dying. It’s not the usual blocky space filled with randos checking their email on carefully arranged display iMacs, but rather the last dedicated Apple Watch boutique in Tokyo’s Isetan Shinjuku department store. Apple probably would prefer you not know about it, and indeed most of the world learned about its May 13 shutdown not through an official announcement but rather from a tweet depicting a simple printout. Only three of these stores ever existed—the last two died back in London’s Selfridges and Paris Galeries Lafayette early last year—and this one’s closure seems to mark the last gasp of Apple’s push into explicit luxury marketing.

Good riddance. May we never see its like again.

Never before was Apple so unintentionally successful at making a mockery of itself than it was in the early days of the Apple Watch. Even The Onion may not have anticipated that a company known for pricey items would slather an Apple Watch in 18-karat gold and slap a $10,000 to $17,000 price tag on it. Apple, a company known for making devices that people seek out of their own volition, found itself practically begging celebrities like Beyoncé and Karl Lagerfeld to slap its lavish new watches on their wrists. It was embarrassing, in a way, as it reeked of the trend of celebrities praising their sponsored non-Apple devices from the comfort of their iPhones, save that this time Apple was on the receiving end.

But more importantly, never before had Apple strayed so far from Steve Jobs’ claim to Fortune in 2008 that “Apple’s DNA has always been to try to democratize technology.”


Indeed – the Edition never fitted into the Apple aim of being like Andy Warhol’s description of Coca-Cola: that everyone could drink it and it would be the same product.
link to this extract

Exclusive: ‘LG Watch Timepiece’ hybrid coming, all details confirmed •

Dominik Bosnjak:


The analog basis of its setup ensures both accurate time tracking and long battery life, with the wearable capable of lasting up to a hundred days on a single charge while operating in Watch Mode which effectively has Wear OS (almost) completely disabled. Once its 240 mAh battery is depleted, the device will still be able to continue tracking time for close to a hundred hours, i.e. roughly four days. Below the physical watch hands is a circular 1.2-inch LCD panel with a resolution of 360 by 360 pixels amounting to a pixel density of 300 pixels per inch. As this is still a Wear OS-powered offering, its screen can display all watch faces and complications you can install from the Google Play Store. The analog watch hands themselves can relay extra information as well, thus effectively being able to serve as an at-glance compass, barometer, altimeter, timer, or a stopwatch, among other applications…

…The hybrid smartwatch will be equipped with 4GB of eMMC storage, 768MB of LPDDR3 RAM, and Qualcomm’s Snapdragon 2100, the same 1.1GHz system-on-chip whose four cores have been powering Android Wear (now Wear OS) wearables since 2016, much to the dismay of some industry watchers.

The device won’t have cellular capabilities and will instead only support Wi-Fi 802.11 b/g/n and Bluetooth 4.2 for wireless connectivity, in addition to being equipped with a USB Type-C 2.0 port.


This feels like LG almost being in the analogue watch world. But that two-year-old chip powering it? Indicative of the low demand from OEMs for Android Wear.
link to this extract

Overcast 4.2: The privacy update •

Marco Arment on the latest update to his podcast playing app, which aims to stymie big-data-hungry advertisers and producers:


In most podcast apps, podcasts are downloaded automatically in the background. The only data sent to a podcast’s publisher about you or your behavior is your IP address and the app’s name. The IP address lets them derive your approximate region, but not much else.

They don’t know exactly who you are, whether you listened, when you listened, how far you listened, or whether you skipped certain parts.

Some large podcast producers are trying very hard to change that.

I’m not.

Big data ruined the web, and I’m not going to help bring it to podcasts. Publishers already get enough from Apple to inform ad rates and make content decisions — they don’t need more data from my customers. Podcasting has thrived, grown, and made tons of money for tons of people under the current model for over a decade. We already have all the data we need.

One of the ways publishers try to get around the limitations of the current model is by embedding remote images or invisible “tracking pixels” in each episode’s HTML show notes. When displayed in most apps, the images are automatically loaded from an analytics server, which can then record and track more information about you.

In Overcast 4.2, much like Mail (and for the same reason), remote images don’t load by default. A tappable placeholder shows you where each image will load from, and you can decide whether to load it or not.

I believe I’ve done this in the most secure way possible — I’m actually displaying the show notes using a strict Content Security Policy — and I would love to hear from anyone who finds a way to inject auto-loading remote images or execute arbitrary JavaScript in show notes.


link to this extract

Instant translation, lookahead scrubbing, and more: the future of Google Podcasts • Pacific Content

Steve Pratt:


According to Google Podcasts Product Manager Zack Reneau-Wedeen, in the future, Google will have the ability to “transcribe the podcast and use that to understand more details about the podcast, including when they are discussing different topics in the episode.

“It’s important to say that this technology is still improving, and some of our vision here is probably a little more long-term than what we’ve talked about so far. Still, it’s an exciting motivator for us to try to make these experiences possible.”

Imagine this: Google’s AI “listens” to every podcast published, converts all spoken word content into timestamped, searchable text, and indexes the contents of every episode. All the content of all episodes of all podcasts become searchable, sort of like a text article. And not just the entire episode: by analyzing podcast transcripts and/or publisher-created chapter markers, Google could begin to understand specific segments or topics within episodes.

In the future, Google Search and Google Assistant could allow listeners to go beyond finding the right episode of a podcast. It could help them jump straight to the right section that is of interest to them. This could be particularly useful on a smart speaker like Google Home, when a user may want a specific answer to a voice query and might prefer a specific piece of audio content as an answer instead of an entire podcast episode.

Zack gave an example: “There’s this great episode of You Made it Weird with Pete Holmes, where [Green Bay Packers’ Quarterback] Aaron Rodgers talks with Pete about all sorts of things, including that he tried ‘The Impossible Burger’ and thought it was very tasty.

“Suppose you’re a Packers fan and you asked a smart speaker, ‘How does The Impossible Burger taste?’ What if you actually got Aaron Rodgers telling you what he thinks of The Impossible Burger?”


What if you did? It’s a daft example. It’s not useful at all. Podcast transcripts would be peculiar; only if they were important interviews would they be in the least bit useful.
link to this extract

Sonos prepares for IPO as soon as June • WSJ

Maureen Farrell:


Sonos has raised about $110m in primary funding from investors, including Index Ventures and KKR & Co. Last fall, the company’s chief executive, Patrick Spence, told The Wall Street Journal that its 2017 revenue was on track to cross $1bn, helped by sales of its $699 Playbase, a wireless speaker for TVs.

Sonos, which would likely look to raise several hundred million dollars in proceeds from the IPO, would have a market value of about $2.5bn to $3bn, a person familiar with the deal said. Still, pricing can typically change up until the night before an IPO begins trading.

Sonos’s likely near-term offering is expected to take place as the IPO market, particularly for technology companies, is heating up after a streak of weak issuance. For years, U.S. tech companies increasingly sought private capital or sold themselves to competitors or private-equity firms in lieu of trying to raise capital from public investors.

This week, five companies, including electronic-signature technology company DocuSign Inc., are set to debut. Many companies that have gone public this year or are in the planning stages have existed for more than a decade—DocuSign, for example, was started in 2003, and Sonos was founded in 2002.


That’s a long, long path to an IPO. And through it all, Sonos hasn’t truly added anything to what it does. It had multi-room from the start; it has offered more and more streaming services, but that’s because more and more have come online. So why now? Perhaps the appetite for hardware IPOs is greater than it was. Or Sonos is running out of some sort of runway.
link to this extract

Warning signs for TSB’s IT meltdown were clear a year ago – insider • The Guardian

Samuel Gibbs:


When Sabadell bought TSB for £1.7bn in March 2015, it put into motion a plan it had successfully executed in the past for several other smaller banks it had acquired: merge the bank’s IT systems with its own Proteo banking software and, in doing so, save millions.

Sabadell was warned in 2015 that its ambitious plan was high risk and that it was likely to cost far more than the £450m Lloyds was contributing to the effort.

“It is not overly generous as a budget for that scale of migration,” John Harvie, a director of the global consultancy firm Protiviti, told the Financial Times in July 2015. But the Proteo system was designed in 2000 specifically to handle mergers such as that of TSB into the Spanish group, and Sabadell pressed ahead.

By the summer of 2016, work on developing the new system was meant to be well under way and December 2017 was set as a hard-and-fast deadline for delivery.

“The time period to develop the new system and migrate TSB over to it was just 18 months,” the insider said. “I thought this was ridiculous. TSB people were saying that Sabadell had done this many times in Spain. But tiny Spanish local banks are not sprawling LBG legacy systems.”

To make matters worse, the Sabadell development team did not have full control – and therefore a full understanding – of the system they were trying to migrate customer data and systems from because Lloyds Banking Group was still the supplier.

“This turned what was a super-hard systems job [into] a clusterfuck in the making,” the insider said.

By March 2017, the nightmare for customers that was going to unfold a year later appeared inevitable. “It was unbelievable – hardly even a prototype or proof of concept, yet it was supposed to be fully tested and working by May before the integration work started,” the insider continued. “Senior staff were furious about the state it was in. Even logging in was problematic.”


Hard-and-fast deadline for delivery. Sprawling systems. Lack of understanding. Hard to think why this project abruptly crashed, so that a week after all the accounts were switched to the new system, it still isn’t working for millions of customers.

That’s what hard-and-fast deadlines get you in the IT world.
link to this extract

Errata, corrigenda and ai no corrida: none notified

7 thoughts on “Start Up: North Korea’s hacking goes on, YouTube’s garbage fire, 8m Xs?, Google’s podcast plan, and more

  1. Strongly disagree on podcast transcripts: I’d find them very useful. For videos too, please.

    First, I personally like to read more than listen or watch. So anything that gets info off my damn speakers and onto my screen is a win. I understand this is a minority taste, and skews older and non-native speaker, but I’m not dead yet, nor alone. And about that non-native speaker thing, auto-transcripts could/should lead to auto-subtitles/translation, which could interestingly broaden my sources, if I can discover that even more foreign stuff.

    Second, with ever more content created in audio form, it makes sense to make it searchable. The burger example isn’t dumb, it’s illustrative. People really search for the most meaningless little tidbits, and what matters is how often people search for it, not how meaningful it is. My brother asked me for a reco for a µSD card yesterday, if there’s a podcast about that, I didn’t get to it. And now your search for the meaning of life can include podcasts ! (spoiler: it’s 42)

  2. I’ll try again:

    I strongly disagree about the usefulness of podcast transcripts:

    1- I’d use them, because I’d much rather read than listen or watch, so currently if your content is audio or video, you’re ruling me out. That’s because of taste, habit, work flow, and because being a non-native speaker I can’t multitask English audio anyway.

    2- The example is not that idiotic. I had to research µSD cards for my brother the other day, if a review was a podcast or a video, I probably didn’t get to it. And if I were audio/video-oriented, those are harder to surface via search unless carefully tagged by hand. I’s probably a good thing if it’s done automatically. You’re free to use the feature to search for the meaning of life, the universe, and everything.

    3- auto-transcripts are the first step towards auto-translations and auto-subtitles. I’d love having access to some Indian and Chinese content. And content creators would love having all those listeners/watchers.

  3. So it’s a technical issue. I guessed as much. I have 10-20% of comments not show up, but detected as dupes if I try to re-post them.

    I’m guessing WordPress has an infestation of gnomes looking for stuff to put in orphan socks.

    • I could only find one of your in the Spam section (853 junky comments trapped in there). It might be your IP is triggering it; I honestly don’t know. I’d have expected that your having been approved here previously would work for you.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.