Start Up No.876: Apple’s Taiwanese bug, YouTube v fake news?, Surface… Go?, HPs eternal computer, and more

Take your seats: what happens when the semi-private becomes the very public? Photo by Matthew Hurst on Flickr.

A selection of 11 links for you. Freely given. I’m @charlesarthur on Twitter. Observations and links welcome.

Former Apple employee charged with theft of trade secrets related to autonomous car project • Mac Rumors

Juli Clover:


Xiaolang Zhang was hired at Apple in December of 2015 to work on Project Titan, developing software and hardware for use in autonomous vehicles. Zhang specifically worked on Apple’s Compute Team, designing and testing circuit boards to analyze sensor data.

He was provided with “broad access to secure and confidential internal databases” due to his position, which contained trade secrets and intellectual property for the autonomous driving project that he ultimately ended up stealing.

In April 2018, Zhang took family leave from Apple following the birth of his child, and during that time, he visited China. Shortly after, he told his supervisor at Apple he was leaving the company and moving to China to work for XMotors, a Chinese startup that also focuses on autonomous vehicle technology.

Zhang’s supervisor felt that he had “been evasive” during the meeting, which led Apple’s New Product Security Team to begin an investigation, looking into Zhang’s historical network activity and analyzing his Apple devices, which were seized when he resigned.

Apple found that just prior to Zhang’s departure, his network activity had “increased exponentially” compared to the prior two years he had worked at Apple. He accessed content that included prototypes and prototype requirements, which the court documents specify as power requirements, low voltage requirements, battery system, and drivetrain suspension mounts.


Arrested at the airport as he was about to leave for China. Neil Cybart has dug into the court filing, which shows there are 5,000 Apple employees who know about “Project Titan” (the self-driving vehicle project) and 2,700 who have access to the Project Titan database. Here’s the full court filing.

link to this extract

iPhone crashing bug likely caused by code added to appease Chinese gov’t • Ars Technica

Dan Goodin:


The iOS 11.4.1 update Apple released Monday was most notable for making it harder for law enforcement to access locked iPhones. On Tuesday, security researcher Patrick Wardle illuminated another fix. He said his fix addressed code Apple added likely to appease the Chinese government; this is the code that caused crashes on certain iDevices when users typed the word Taiwan or received messages containing a Taiwanese flag emoji.

“Though its impact was limited to a denial of service (NULL-pointer dereference), it made for an interesting case study of analyzing iOS code,” Wardle, a former hacker for the National Security Agency, wrote in a blog post. “And if Apple hadn’t tried to appease the Chinese government in the first place, there would be no bug!”

Wardle, who is now a macOS and iOS security expert at Digital Security, said he was perplexed when a friend first reported her fully patched, non-jailbroken device crashed every time she typed Taiwan or received a message with a Taiwanese flag. He had no trouble reproducing the remotely triggerable bug, which crashed any iOS application that processed remote messages, including iMessage, Facebook Messenger, and WhatsApp. Wardle did, however, find that only devices with certain region-specific configurations were affected.


link to this extract

Exclusive: Apple to deploy 1Password to all 123,000 employees, acquisition talks underway • BGR

Jonathan Geller:


According to our source, after many months of planning, Apple plans to deploy 1Password internally to all 123,000 employees. This includes not just employees in Cupertino, but extends all the way to retail, too. Furthermore, the company is said to have carved out a deal that includes family plans, giving up to 5 family members of each employee a free license for 1Password. With more and more emphasis on security in general, and especially at Apple, there are a number of reasons this deal makes sense. We’re told that 100 Apple employees will start using 1Password through this initiative starting this week, with the full 123,000+ users expected to be activated within the next one to two months.

Apple had very specific requirements for this deal, code-named B2, all around, as you would expect. Some of these include a maximum 4-hour response time (SLA) through customer support for Apple employees, translations of all 1Password support pages into all major international languages, and plenty more. In fact, since AgileBits wasn’t even prepared for this kind of influx of users, the company turned to a third-party call management service that will help to provide phone support in order to fulfill the contractual requirements of the deal.


Quite a scoop for Geller (usual caveats apply). If Apple is buying Agilebits, it will mean a really strong password solution. Wonder what it will mean for Troy Hunt’s HaveIBeenPwned site, which has a partnership (API) connection with 1Password.
link to this extract

We are all public figures now • Ella Dawson


I don’t think there is any such thing as a “private person” anymore. The vast majority of us constantly groom our internet presence, choosing the right filter on Instagram for our brunch and taking polls of our friends about our next Facebook profile picture. We don’t think about this as a public act when we have only 400 connections on LinkedIn or 3,000 followers on Tumblr. No one imagines the Daily Mail write-up or the Jezebel headline. We actively create our public selves, every day, one social media post at a time. Little kids dream of becoming famous YouTubers the same way I wanted to be a published author when I was twelve.

But there are also those of us who don’t choose this. We keep our accounts locked, our Instagram profile set to “friends only.” Maybe we learned a lesson when a post took off and left the safe haven of our community, picked apart in a horrifying display of context collapse. Maybe we are hiding from something: a stalker, an abusive ex, our family members who don’t know our true queer identity. To some of us, privacy is as vital as oxygen. Without it we are exposed—butterflies with our wings pinned to the corkboard, our patterns scrutinized under a magnifying glass. For what? For entertainment? For someone else’s mid-workday escapism? For a starring role in someone else’s bastardized rom com?

A woman boarded a plane in New York and stepped off that plane in Dallas. She chatted with a stranger, showed him some family photos, brushed his elbow with her own. She wore a baseball cap over her face and followed him back on Instagram. At no point did she agree to participate in the story Rosey Blair was telling. After the fact, when the hunt began and the woman took no part in encouraging it the way Holden did, Blair tweeted a video in which she drawled, “We don’t have the gal’s permish yet, not yet y’all, but I’m sure you guys are sneaky, you guys might…”


link to this extract

Stop live-tweeting strangers flirting • The Atlantic

Taylor Lorenz:


Everyone loves a rom-com, though, especially one they can follow along live on Twitter. But real life isn’t like the movies, and while the public has an endless thirst for fairy-tale romances, the type of love-at-first-sight-sweep-you-off-your-feet romance perpetuated by most rom-coms is unrealistic, false, and destructive to forming healthy relationships. Real life romance and heartbreak can rarely be captured in 140 (or 280) characters.

The real-life people involved in these threads also never agreed to star in an epic love story. Projecting this myth onto unsuspecting couples, the way that Blair and Hardaway did, is cruel and unfair, especially because, even though they could overhear the conversation, as a third party they can’t fully understand what was actually occurring between Holden and Helen.

What sounds like romantic banter to an eavesdropper could be a nightmare for one or both of the people involved. Blair repeatedly implies in her thread that Helen is flirting with Holden, but was she? Who is to say this woman wasn’t simply politely entertaining the man next to her for fear of being rude? Or perhaps she has a partner at home. She should be allowed to casually flirt or make a new friend without people on the internet suggesting that she had sex with a stranger in a plane bathroom.


Put that way, it’s a horrendous invasion of privacy – or what should be a limited expectation of some privacy.
link to this extract

YouTube to crack down on fake news, backing ‘authoritative’ sources • The Guardian

Alex Hern:


YouTube is investing $25m (£18.8m) in journalism on its platform, focusing on helping news organisations produce online videos and changing its site to better support trusted news providers.

As well as the investment, which will be partly used to fund a working group to spearhead news product features, the company is changing how its site works to “make authoritative sources readily accessible”.

The service, owned by Google, will heavily promote videos from vetted news sources on the site’s Top News and Breaking News sections “to make it easier to find quality news”, and create new features – initially only in the US – to help distribute local news.


This isn’t going to make any difference as long as its recommendation algorithm is built around maximising the time people spend on the site: it will still send people to extreme junk.
link to this extract

Apple combines machine learning and Siri teams under Giannandrea • TechCrunch

Matthew Panzarino:


Apple is creating a new AI/ML team that brings together its Core ML and Siri teams under one leader in John Giannandrea.

Apple confirmed this morning that the combined Artificial Intelligence and Machine Learning team, which houses Siri, will be led by the recent hire, who came to Apple this year after an eight-year stint at Google, where he led the Machine Intelligence, Research and Search teams. Before that he founded Metaweb Technologies and Tellme.

The internal structures of the Siri and Core ML teams will remain the same, but they will now answer to Giannandrea. Apple’s internal structure means that the teams will likely remain integrated across the org as they’re wedded to various projects, including developer tools, mapping, Core OS and more. ML is everywhere, basically.


The real surprise is more that this wasn’t done sooner, but maybe they needed him to find his way around.
link to this extract

Microsoft’s $399 Surface Go aims to stand out from iPads or Chromebooks • The Verge

Tom Warren:


Microsoft’s new Surface Go is finally official after months of rumors and leaks. It’s an inexpensive 10-inch tablet designed to be a smaller and less powerful version of the Surface Pro. While the exterior of the Surface Go makes it look like a baby Surface Pro, Microsoft has changed a lot inside. The base model is priced at $399, but it only ships with 4GB of RAM, 64GB of slower eMMC storage, and a less powerful Intel Pentium Gold processor. Prices quickly jump to over $600 after adding the all important Type Cover, more RAM, a faster SSD, and other Surface add-ons. With these specs and price points in mind, who exactly is the Surface Go for?

Microsoft isn’t targeting its Surface Go at any particular customer from what I can tell. It’s not an iPad killer, it’s not going directly after Chromebooks, and it’s not really challenging $400 Windows laptops…

…It’s natural to compare the Surface Go to Apple’s iPad, but the two are not like-for-like competitors. Apple’s base model iPad is priced at $329. If you only want a pure tablet, the Surface Go won’t offer the best experience as it doesn’t have the 1.3 million apps that are designed and optimized for the iPad. Let’s face it: if you’re going to buy just a tablet, the iPad is the only one worth buying right now.


OK, that’s one way of “standing out from” iPads and Chromebooks. It’s a good enough product for the price, but who, truly, is it for? Sadly, there’s no outside comment (from, say, analysts who watch the marketplace) so you’ll just have to guess.
link to this extract

The unstoppable TI-84 Plus: how an outdated calculator still holds a monopoly on classrooms • The Washington Post

Matt McFarland:


In the ruthlessly competitive world of technology, where companies rush the latest gadget to market and slash prices to stay competitive, the TI-84 Plus is an anomaly.

Texas Instruments released the graphing calculator in 2004, and continues to sell it today. The base model still has 480 kilobytes of ROM and 24 kilobytes of RAM. Its black-and-white screen remains 96×64 pixels. For 10 years its MSRP has been $150, but depending on the retailer, today it generally sells for between $90 and $120. The only changes have come in software updates.

Amazon calls the TI-84 Plus a No. 1 best-seller. Texas Instruments says that this year the TI-84 Plus C Silver Edition has become its best-selling calculator, and that the TI-84 is its most popular family of calculators. The TI-84 Plus C Silver Edition is slightly more expensive than the base model, has a color screen, rechargeable battery and significantly more memory.

Even with a 320×240 pixel screen, 128 kilobytes RAM and 4 megabytes ROM, overall the TI-84 line of calculators appears unnecessarily expensive given the components. Apple — which is notorious for high margins on its products — sells an iPod touch for $199 that comes with 16 gigabytes of memory and a four-inch screen with a resolution of 1136-by-640 pixels. That’s a dramatically better piece of hardware with a less significant gap in price.


Wonderful. And yes, it’s still in use in English schools too.
link to this extract

Facebook Dating will fail! • Medium

Amit Shafrir:


Facebook is a media company whose main business model is generating revenue via ads. The best way to monetize a successful dating service is via direct payment from users. Subscriptions, one-off payments, etc.

Monetization is simply not in Facebook’s DNA. It never has been, and they have no experience in it.
Successfully monetizing a dating service is mostly about understanding human psychology. Knowing WHAT to offer to WHOM and at WHAT time. There is an art and a science to successful monetization.

My sense is that Facebook is not treating this opportunity with the gravitas that its potential merits. It is limiting itself to a small subset of its vast userbase of over 2 billion, and to a subset of potential functionality.

It is not clear why Facebook is not seeing this for the opportunity it is. Here’s a small back of the envelope calculation: If Facebook gets just 10% of its user base, that is, 200 million users to use this service, and if it is able to extract an ARPU of $2/month (doable in my opinion) — that would generate $4.8bn of incremental revenues. Given that Facebook would not have to incur any costs of acquisition, it’s likely that a clear majority of this revenue would be translated into EBITDA-say 80%=$3.84bn. With a current multiple of 29, that adds $111bn to its market cap of $571bn, an increase of 20%!

Unless something radically changes, I predict that Facebook’s efforts on the dating front will fail, and that is saddening. Done right, FBDate could be the ultimate dating service out there.


He’s right, it could be huge; but the disconnect between the business models is, as he says, big.
link to this extract

Digital Tulips? Returns to investors in ICOs • SSRN

Hugo Benedetti and Leonard Kostovetsky at Boston College’s School of Management:


We created a dataset on 4,003 executed and planned ICOs, which raised a total of $12bn in capital, nearly all since January 2017. We find evidence of significant ICO underpricing, with average returns of 179% from the ICO price to the first day’s opening market price, over a holding period that averages just 16 days. Even after imputing returns of -100% to ICOs that don’t list their tokens within 60 days and adjusting for the returns of the asset class, the representative ICO investor earns 82%. After trading begins, tokens continue to appreciate in price, generating average buy-and-hold abnormal returns of 48% in the first 30 trading days. We also study the determinants of ICO underpricing and relate cryptocurrency prices to Twitter followers and activity. While our results could be an indication of bubbles, they are also consistent with high compensation for risk for investing in unproven pre-revenue platforms through unregulated offerings.


It’s a short paper, and finds 56% of ICOs are dead as a doornail just 120 days after they start. So where has the $6bn that people put into those ones gone, exactly? Logically, it must be in the hands of those who saw the average 82% returns; and the zero (or -100%) returns must be in the hands of a much bigger group.

Even so, 82%? That’s crazy. There is a get-rich-quick element to cryptocurrencies, pretty much equally matched by a get-poor-quick one. (Read the full paper.)
link to this extract

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Errata, corrigenda and ai no corrida: none notified

5 thoughts on “Start Up No.876: Apple’s Taiwanese bug, YouTube v fake news?, Surface… Go?, HPs eternal computer, and more

  1. re Password Manager, this screams single point of failure, I can’t get myself to put all my eggs in that basket, especially a basket that comes with a rent. I can’t help but think our online IDs should be managed and secured the same way our IRL IDs are: by the government. it’s certainly not perfect, but it isn’t worse than umpteen badly secured servers, or one expensive, no-liability, security-through-obscurity server with pushed client updates and a bad track record ( ).

    Re Surface Go: That kind of device has been around for a while (say Asus’ 2013 Transformer Book T100). Not sure what the use case is for something 3x more expensive than a Chromebook, 2x more expensive than a Windows laptop, and that has few tablet/Mobile apps. Not sure how it fits with Windows on ARM tablets either. I can see verticals using the S.Go when a Real Surface is overkill or too expensive (a few truckloads of tablets are cheaper than rewriting a legacy win32 app), but not consumers, not students…

    • I’m with you on the single point of failure – though I use iCloud Keychain, which arguably is the same thing. (Thinks: why is Apple using 1PW if it has iCloud Keychain for its staff?) But can’t agree on “let the government manage”. That introduces multiple potential points of failure, plus the potential for rampant abuse if you have an administration which doesn’t care about human rights for some humans. One can cite multiple examples of those.

      • I speak from the cushy position of a European democracy (we still have *some* standards), but if a government is screwed to the point it can’t be trusted with logins (because of incompetence or evilness), aren’t logins are very secondary issue ? And isn’t the point moot anyway in that case ? Look at China: they force Apple to locate their servers there on a government-owned server platform, opening the stage for China’s equivalent of National Security Letters, extreme surveillance and hacking… I’m not sure the gov. having the passwords would make that big of a difference. Actually, I’m sure it wouldn’t.

        Also, the alternatives are:
        – most people around me have extremely weak passwords, and/or forget them, re-use them, … It’d be a public service to make that go away.
        – entrust passwords to a myriad private corps… because on average those are less evil & incompetent than govs ? Because regular users are supposed to do due diligence about each corp’s security ?
        – entrust passwords to a specialist entity, hoping it’s worth the cost, won’t get hacked (incl. that the evil gov won’t flip or infiltrate a single employee), will support all your apps and OSes and IoT…
        None of this can work.

        Icing on the cake, once you’ve got universal secure IDs, a bunch of possibilities become available to all (payments, red tape, managed tracking info, e-voting audits…)

  2. I’m repeatedly puzzled at the expectation that tech can solve even alleviate political issues. See: Arab Spring: Twitter didn’t prevent that from fizzling out. See: French Revolution: I don’t think we had Twitter back then.

  3. I’m on a roll. Arab Spring happened mostly because of old media, and because dictatorships were neither aware of nor competent with social media, so they got temporarily blindsided that one time. That’s been fixed and then some now, hence Trump and Brexit. Wouldn’t you prefer Russian trolls posing as US citizens had a few more hoops to jump rather than just create a fake account on Twitter and buy a few 100K followers ?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.