Start Up No.922: how Tesco Bank was hacked, Microsoft’s black Surface, Amazon’s rippling pay rise, Trump’s tax fiddles, and more

Surprise! Over half the online complaints about this film came from bots and trolls. Photo by Brian Crawford on Flickr.

A selection of 9 links for you. Tax that return. I’m @charlesarthur on Twitter. Observations and links welcome.

Microsoft Surface Pro 6 announced with a new matte black finish, quad-core processors • The Verge

Tom Warren:


Microsoft’s Surface chief, Panos Panay, says the company has overhauled the inside of the Surface Pro 6 so it has improved cooling. That means the Surface Pro 6 now supports quad-core processors, and Microsoft claims it will be 67% faster than the previous model.

This new internal design should also help improve battery life. Microsoft says the Surface Pro 6 will last for 13.5 hours on battery life. While there’s an internal redesign, the outside looks very familiar. It’s still 1.7 pounds, and it has the same 12.3-inch display and up to 16GB of RAM inside.

Unfortunately, the Surface Pro 6 will include the same connectivity and external design as the existing model, which means there are still no USB-C ports. It’s surprising Microsoft still isn’t adopting USB-C in its flagship Surface Pro, especially given the company has introduced this new connector on both the Surface Go and Surface Book 2.


“Matte black finish” is the key point for the headline? And still USB-C can’t get any love.
link to this extract

Amazon’s $15-per-hour minimum wage will change how Americans see work • Bloomberg

Conor Sen:


Amazon’s move may have ripple effects in a way that fast food companies and other retailers haven’t because of the influence of Amazon in the corporate world and in the minds of upper-middle-class Americans. Even as Walmart has arguably been a better corporate citizen in moving its company in more of a pro-worker direction than Amazon has in recent years, Amazon is seen as an innovative and sexy technology company in a way that Walmart isn’t. Amazon making a big public move to raise worker pay will get broader cohorts of companies to do the same. Look for this as companies start to report third-quarter earnings over the next few weeks.

If $15 an hour becomes the new standard for entry-level wages in corporate America, its impact may be felt most broadly among middle-class workers. Average hourly earnings for non-managerial workers in the U.S. were $22.73 an hour in August. The historically low level of jobless claims and unemployment, combined with $15 an hour becoming an anchor in people’s minds, could make someone people earning around that $22 mark feel more secure in their jobs. Instead of worrying about losing their job and being on the unemployment rolls for a while, or only being able to find last-ditch work that pays $9 or $10 an hour, the “floor” may be seen as a $15 an hour job.

That creates a whole new set of options for middle-class households. In 2017, the real median household income in the U.S. was $61,372, which is roughly what two earners with full-time jobs making $15 an hour would make. A $15-an-hour floor might embolden some workers to quit their jobs to move to another city even without a job offer there. It might let some workers switch to part-time to focus more time on education, gaining new skills or child care.


Of course in the US they’d also need some confidence about health care, which is never a given when you move in the US.
link to this extract

Eleven takeaways from the NYT’s investigation into Trump’s wealth • The New York Times

Russ Buettner, Susanne Craig and David Barstow:


The Trumps created a company that siphoned cash from the empire.

The first major component was creating a company called All County Building Supply & Maintenance. On paper, All County was Fred Trump’s purchasing agent, buying everything from boilers to cleaning supplies. But All County was, in fact, a company only on paper, records and interviews show — a vehicle to siphon cash from Fred Trump’s empire by simply marking up purchases already made by his employees. Those millions in markups, effectively untaxed gifts, then flowed to All County’s owners — Donald Trump, his siblings and a cousin.

Lee-Ford Tritt, a leading expert in gift and estate tax law at the University in Florida, said the Trumps’ use of All County was “highly suspicious” and could constitute criminal tax fraud. “It certainly looks like a disguised gift,” he said.

All County also had an insidious downside for Fred Trump’s tenants. He used the padded invoices to justify higher rent increases in rent-regulated buildings, records show.

Mr. Harder, the president’s lawyer, disputed The Times’s reporting: “Should The Times state or imply that President Trump participated in fraud, tax evasion or any other crime, it will be exposing itself to substantial liability and damages for defamation.”


And there’s loads more. Trump didn’t respond to multiple requests for comment. Wonder what his up-to-date tax returns would show. Wonder if Robert Mueller is looking at those.
link to this extract

Vigilante engineer stops Waymo from patenting key lidar technology • Ars Technica

Mark Harris:


Following a surprise left-field complaint by Eric Swildens, the US Patent and Trademark Office (USPTO) has rejected all but three of 56 claims in Waymo’s 936 patent, named for the last three digits of its serial number. The USPTO found that some claims replicated technology described in an earlier patent from lidar vendor Velodyne, while another claim was simply “impossible” and “magic.”

Swildens, who receives no money or personal advantage from the decision, told Ars that he was delighted at the news. “The patent shouldn’t have been filed in the first place,” he said. “It’s a very well written patent. However, my personal belief is that the thing that they say they invented, they didn’t invent.”

The 936 patent played a key role in last year’s epic intellectual property lawsuit with Uber. In December 2016, a Waymo engineer was inadvertently copied on an email from one of its suppliers to Uber, showing a lidar circuit design that looked almost identical to one shown in the 936 patent…

…Remarkably, Swildens does not work for Uber or for Velodyne, nor for any other self-driving developer—he works for a small cloud computing startup. Swildens became interested in the patent when it surfaced during the Uber case, and he saw how simple Waymo’s lidar circuit seemed to be. “I couldn’t imagine the circuit didn’t exist prior to this patent,” he told Wired last year.

Swildens’ research uncovered several patents and books that seemed to pre-date the Waymo patent. He then spent $6,000 of his own money to launch a formal challenge to 936. Waymo fought back, making dozens of filings, bringing expert witnesses to bear, and attempting to re-write several of the patent’s claims and diagrams to safeguard its survival.

The USPTO was not impressed. In March, an examiner noted that a re-drawn diagram of Waymo’s lidar firing circuit showed current passing along a wire between the circuit and the ground in two directions—something generally deemed impossible.


As everyone on Twitter has been saying, not all heroes wear capes.
link to this extract

Star Wars: The Last Jedi abuse blamed on Russian trolls and ‘political agendas’ • The Guardian

Andrew Pulver:


Morten Bay, a research fellow at the University of Southern California (USC), analysed Twitter activity about the film and concluded that more than 50% of posts are by “bots, trolls/sockpuppets or political activists using the debate to propagate political messages supporting extreme rightwing causes and the discrimination of gender, race or sexuality. A number of these users appear to be Russian trolls.”

The supposed fan hostility to The Last Jedi is a well-known phenomenon, with actors such as Kelly Marie Tran experiencing extreme levels of abuse, and campaigns cropping up to lower the film’s rating on critics’ aggregators and fund a remake. However, Bay’s research indicates that not only are negative comments on social media about the film in a minority, but the “anti-Jedi” campaign has been designed to serve a wider political purpose. “The study finds evidence of deliberate, organised political influence measures disguised as fan arguments,” Bay writes. The likely objective of these measures is increasing media coverage of the fandom conflict, thereby adding to and further propagating a narrative of widespread discord and dysfunction in American society.”


Related: Twitter has tweaked its rules on fake accounts and behaviour ahead of the US mid-term elections. Notable (to me at least) that Del Harvey, its veep of Trust & Safety, is a co-author: she has been very busy in the past few months, having been away (literally) for some time before. Now “challenging” 9.4m accounts per week.
link to this extract

The Big Disruption • Medium


Something is fishy at Anahata—and it’s not just the giant squid that serves as a mascot for the world’s largest tech company. A prince in exile is working as a product manager. The sales guys are battling with the engineers. The female employees are the unwitting subjects of a wild social experiment. The VPs are plotting against each other. And the yoga-loving, sex-obsessed CEO is rumored to be planning a moon colony, sending his investors into a tizzy. Is it all downhill from here? Or is this just the beginning of a bold new phase in Anahata’s quest for global domination?


Jessica Powell used to work at Google. I have to say that I think it would be hard for her satire (available in its entirety on Medium, for free) to do better than The Circle.
link to this extract

This is how cyber attackers stole £2.26m from Tesco Bank customers • ZDNet

Danny Palmer:


the FCA’s newly published report into the Tesco Bank attack details how hackers were able to make off with over £2m over the course of 48 hours in November 2016.

The attack started at 02:00 on Saturday, 5 November 2016; by 04:00, Tesco Bank’s fraud analysis and detection system started sending automatic text messages to the bank’s personal current account holders asking them to call about “suspicious activity” on their accounts, which is how the bank itself first became aware of the attack.

As the fraud attempts increased, the calls quickly overwhelmed Tesco Bank’s fraud prevention line. Although Tesco Bank’s controls stopped almost 80% of the unauthorised transactions, the attack affected 8,261 out of 131,000 Tesco Bank personal current accounts.

The attackers most likely used an algorithm which generated authentic Tesco Bank debit card numbers and, using those virtual cards, they attempted to make thousands of unauthorised debit card transactions.

The FCA said Tesco Bank’s failures include the way in which the bank distributed debit card numbers and mistakes made in the reaction to the attack which meant that no action was taken for almost a day after the incident was first uncovered.

A number of deficiencies in the way Tesco Bank handled security left customers vulnerable to cyber attackers in an incident that was “largely avoidable”, said the FCA analysis of the incident which Tesco Bank had to this point been tight-lipped about – to the frustration of other financial institutions.


And 21 hours (that’s to 11pm on the day of an attack that started 0200) for the Financial Crime Operations Team to contact the Fraud Strategy Team. “In the meantime, nothing had been done to stop the attack.” Attack (or at least fake transaction) source: Brazil.

But it gets worse. Oh, yes.
link to this extract

Why a new fake news law in Singapore could be a big test for Facebook, Google, and Twitter • Buzzfeed News

Craig Silverman:


In early September, Kirsten Han began seeing messages on Facebook and Twitter calling her a “treacherous sow” and saying she should be executed for treason.

“You bloody rotten stinking traitors trying to get foreigners to overthrow the Singapore government and trying to destroy people live [sic] here,” read one Facebook comment. “You batch of traitors deserve death and nothing else.”

Han is a Singaporean journalist and activist, and a frequent critic of the ruling party’s approach to press freedom and use of the death penalty. She’s used to online criticism, but this was more extreme in tone and content. It also struck her as a case study in how the government itself can be a source of false allegations.

It began with a Facebook post from Han’s business partner, Ping Tjin Thum. Thum is a Singaporean academic based at the University of Oxford who was admitted to Harvard at 16 and competed in the Olympics for Singapore. He and Han run a small, member-funded nonprofit media company called New Naratif that reports on Southeast Asia and advocates for democracy in the region.

At the end of August, Han, Thum, and other activists from Singapore traveled to Malaysia to meet the newly elected prime minister. After they returned, Thum wrote on Facebook that he’d encouraged the prime minister “to take leadership in Southeast Asia for the promotion of democracy, human rights, freedom of expression, and freedom of information.”


It’s going to be a law that only applies to people the government doesn’t like, one suspects.
link to this extract

Apple Watch apps instantly went 64-bit thanks to obscure Bitcode option • Venturebeat

Jeremy Horwitz:


An obscure feature in Apple’s Xcode development software enabled Apple Watch apps to make an instant transition from 32-bit to 64-bit last month, an unheralded win for Apple Watch developers inside and outside the company. The “Enable Bitcode” feature was introduced to developers three years ago, but the Accidental Tech Podcast suggests that it was quietly responsible for the smooth launch of software for the Apple Watch Series 4 last month.

Support for Bitcode was originally added to Xcode 7 in November 2015, subsequently becoming optional for iOS apps but mandatory for watchOS and tvOS apps. Bitcode is an “intermediate representation” halfway between human-written app code and machine code. Rather than the developer sending a completely compiled app to the App Store, enabling Bitcode provides Apple with a partially compiled app that it can then finish compiling for whatever processors it wants to support.

The feature was forward-thinking enough that reports of its existence in 2015 called its most obvious use, “recompil[ing] bitcode-encoded App Store apps without any work from developers … unlikely to happen.” But that’s exactly what did happen in September 2018 with the release of the Apple Watch Series 4, which transitioned from the 32-bit Apple S3 processor to the 64-bit Apple S4. There was no waiting period for new 64-bit apps after the release of the new Watch last month, and developers didn’t even have to recompile their 32-bit apps; the apps just worked, and noticeably faster than before, on the new devices.


The Series 4 has a dual-core 64-bit processor, which is why 64-bit apps run faster. (The introuction of the 64-bit 5S led to 32-bit apps crashing more often.)
link to this extract

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Errata, corrigenda and ai no corrida: none notified

2 thoughts on “Start Up No.922: how Tesco Bank was hacked, Microsoft’s black Surface, Amazon’s rippling pay rise, Trump’s tax fiddles, and more

  1. Black looks manly and serious, and works for Lenovo, but it shows lint and dust… My black tablets always look dirty, which they are I guess, but my off-white tablet at least hides it.

    Is Amazon’s $15/hr also for subcontractors ? I though AMZ used the usual trick of subcontracting iffy practices, so I’m not sure that $15 is very relevant if it doesn’t apply to contractors too.

    Apple couldn’t say Bytecode like everybody else, so they had to name it bitcode. That’s the exact same way Android and MS Metro work; except Android recompiles at install time on the target device (hence its support for any CPU: ARM, x86, MIPS,… ). I’m not sure if/when Metro compiles at all or just interprets, but it also supports ARM or x86 from the same code. Apple just does it server-side because they have few devices to support.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.