A selection of 13 links for you. Lucky for some. I’m @charlesarthur on Twitter. Observations and links welcome.
Apple is preparing a new digital video service that will marry original content and subscription services from legacy media companies, according to people familiar with the matter. Owners of Apple devices, such as the iPhone, iPad and Apple TV will find the still-in-the-works service in the pre-installed “TV” application, said the people, who asked not to be named because the details of the project are private.
The product will include Apple-owned content, which will be free to Apple device owners, and subscription “channels,” which will allow customers to sign up for online-only services, such as those from HBO and Starz.
Apple plans to debut the revamped app early next year, the people said. An Apple spokesman declined to comment.
As Bloomberg reported in May, the subscription channels will essentially copy Amazon’s Prime Video Channel Subscriptions. Customers will be able to access all of their content from within the TV app so they won’t need to download individual apps from multiple media providers.
Sensible enough. It’s tempting to feel this is late to the game – Netflix, Amazon, YouTube. But then again, one thought that about Spotify; Apple Music is going OK. Having that installed base is a huge weapon.
link to this extract
Millions of security cameras, DVRs, and NVRs contain vulnerabilities that can allow a remote attacker to take over devices with little effort, security researchers have revealed today.
All vulnerable devices have been manufactured by Hangzhou Xiongmai Technology Co., Ltd. (Xiongmai hereinafter), a Chinese company based in the city of Hangzhou.
But end users won’t be able to tell that they’re using a hackable device because the company doesn’t sell any products with its name on them, but ships all equipment as white label products on which other companies put their logo on top.
Security researchers from EU-based SEC Consult say they’ve identified over 100 companies that buy and re-brand Xiongmai devices as their own.
All of these devices are vulnerable to easy hacks, researchers say. The source of all vulnerabilities is a feature found in all devices named the “XMEye P2P Cloud.”
The XMEye P2P Cloud works by creating a tunnel between a customer’s device and an XMEye cloud account. Device owners can access this account via their browser or via a mobile app to view device video feeds in real time.
When I was writing Cyber Wars, Xiongmai cropped up as a company which had been criticised for the (lack of) security in devices it built. I tried getting in touch. Nothing.
link to this extract
The team had been building computer programs since 2014 to review job applicants’ resumes with the aim of mechanizing the search for top talent, five people familiar with the effort told Reuters.
Automation has been key to Amazon’s e-commerce dominance, be it inside warehouses or driving pricing decisions. The company’s experimental hiring tool used artificial intelligence to give job candidates scores ranging from one to five stars – much like shoppers rate products on Amazon, some of the people said.
“Everyone wanted this holy grail,” one of the people said. “They literally wanted it to be an engine where I’m going to give you 100 resumes, it will spit out the top five, and we’ll hire those.”
But by 2015, the company realized its new system was not rating candidates for software developer jobs and other technical posts in a gender-neutral way.
That is because Amazon’s computer models were trained to vet applicants by observing patterns in resumes submitted to the company over a 10-year period. Most came from men, a reflection of male dominance across the tech industry.
So more accurate to say that the AI tool revealed bias against women. But then kept on doing the same: it would penalise those CVs which included “women’s”. Eventually they realised they couldn’t get it right.
link to this extract
The writer (herself a former checker) had noted the restaurant’s “Venice Beach aesthetic”: fact or opinion? Canby designated it a “workable possible impression,” but worth checking. Radcliffe had an eleven-o’clock phone call scheduled with the chef, Justin Bazdarich, and Canby gave him something akin to an acting lesson: “You have to project confidence, so the person doesn’t start quarrelling with everything that you ask.”
“I’m more nervous about this than I am about going onstage tonight,” Radcliffe said.
Canby had to go; he deputized a checker named Parker Henry to supervise Radcliffe. On her computer, they checked a few easy facts from the restaurant’s Web site, which indicated that, yes, the brunch menu includes a “bowls” section. Then they ducked into a windowless fact-checking library and dialled Bazdarich.
“Hi, Justin. I’m Dan, at The New Yorker,” Radcliffe began, twiddling a red pencil. “Some of these questions are going to feel very boring and prosaic to you,” he warned. “So bear with me. First off, your surname: is that spelled B-A-Z-D-A-R-I-C-H?” (It is.) “Does the restaurant serve guacamole?” (Yes.) “In the dip itself, would it be right to say there are chilies in adobo and cilantro?” (No adobo, but yes to the cilantro.) “Is there a drink you serve there, a Paloma?” (Yes.) “And that’s pale, pink, and frothy, I believe?” (Correct.) “Is brunch at your place—which, by the way, sounds fantastic—served seven days a week?” (Yes.) “That’s great news,” Radcliffe said, “for the accuracy of this, and for me.”
what if an app wants to do things related to making phone calls and sending text messages? Should that app have the ability to access your potentially sensitive call logs and SMS data simply through a normal permissions request notification?
Google thinks that is too open-ended, which is why it is specifying a new policy which will prevent applications from even asking for access to your call logs and/or SMS data unless you choose to make that app the default service for making phone calls or sending texts.
This will hopefully prevent apps you’ve downloaded but don’t use often from continuing to monitor your call logs and SMS data after you’ve installed them and given them permission to do so.
Granted, there are still ways rogue developers could abuse this policy, but it will at least make things a little more difficult…
…right now a developer could create an app which uses SMS in some way but doesn’t need to be set as the default service. The app can ask for access to SMS data, the user can agree, and even though the user may never use that app again, it will continuously have access to their data.
In other words, this new policy isn’t 100% secure, but it’s certainly better than the current policy. And, either way, it’s the user’s responsibility to only grant permissions to trustworthy apps.
Typically terrible writeup. “Hopefully”? And no, it’s Google’s responsibility to write an OS which treats call and SMS data as something that shouldn’t be accessible to other apps. Android is ten years old now. This shouldn’t be something it’s just discovering.
link to this extract
According to a new report from technology research group, Juniper Research, the cryptocurrency “industry is on the brink of an implosion.”
The research highlights some key market metrics, all of which display cryptocurrencies as being on a downward spiral.
“During Q1 2018, cryptocurrency transactions totaled just over $1.4trn, compared with less than $1.7trn for 2017 as a whole,” the report notes. “However, by Q2 2018, transaction values had plummeted by 75%, to under $355bn.”
Juniper is expecting a further 47% drop in transaction values for Q3 2018 compared to the previous quarter.
The researchers claim economic uncertainty typically encourages growth, yet even “strained China-US trade relations and Brexit-related troubles” failed to rouse any interest in the cryptocurrency industry…
…Daily Bitcoin transaction volumes have fallen from nearly 360,000 per day in late 2017 to around 230,000 in September 2018.
That many? Still?
link to this extract
During the past few months, the Securities and Exchange Commission has significantly widened its crackdown on certain initial coin offerings, putting hundreds of cryptocurrency startups at risk.
The SEC sent out a slew of initial information-seeking subpoenas at the start of 2018. Now the agency has returned to many of those companies, and subpoenaed many more—focusing on those that failed to properly ensure they sold their token exclusively to accredited investors.
The agency is exerting pressure on many of those companies to settle their cases. In response, dozens of companies have quietly agreed to refund investor money and pay a fine. But many startups that have been subpoenaed say they are left in the dark struggling to satisfy the SEC’s demands, and are uncertain of how others are handling it, according to conversations with more than 15 industry sources as part of a joint investigation by Yahoo Finance and Decrypt.
The sources, many of whom are employees of companies that were subpoenaed by the SEC or are attorneys for those companies, requested anonymity, because the SEC restricts them from discussing the matter.
So the chickens are coming home to roost, except they have big teeth and can lock you in jail.
link to this extract
What’s in a number: how love for expensive cars and number plates revealed the second Skripal suspect’s indentity • Conflict Intelligence Team
A few days ago we published a photo of a driver’s license beloning to Anatoliy Vladimirovich Chepiga (the Skripal poisioning suspect under alias of “Ruslan Boshirov”), which an anonymous source sent to us via email. Using the full driver’s license data, we verified that it was, in fact, valid…
Our readers used an online OSAGO vehicle insurance database and the driver’s license data to find out that the driver’s license [ was really registered to Anatoliy Vladimirovich Chepiga…
The same database revealed that during 2016-2017 Chepiga had an OSAGO insurance policy for a vehicle with state registration number Т 705 ТТ 99 and VIN code X4XKS494000H01806.
A Yandex search quickly yielded a publicly available photograph of a BMW X5 with this number plate…
There is a variety of online services that allow to use partial information on a vehicle to find out its more or less full history. Among them are Avtokod, Avtoteka, Telegram bot AvinfoBot and others. We used all those services to find information on X4XKS494000H01806 VIN-code of Chepiga’s car which was already known from OSAGO database. It turned out that from June 2017, a BMW X5 with this VIN code belonged to Darya Torbenko (Emelyanova). The car’s ex-owner Chepiga kept the T 705 TT 99 number, while Torbenko received a new number — К 912 ХР 777. The sale and purchase deal was concluded in June 2017. In October, Torbenko changed her last name…
Knowing that Chepiga kept the Т 705 ТТ 99 number, we used the same services to check if he had bought a new car. Searching the car’s registration number at Avtoteka, we found out that currently this number belongs to a 2017 Mercedes GL-Klasse, VIN code WDC1668241A988448:
Using the vehicle’s VIN code for the Avtokod website search, we found more information on the car, in particular a list of traffic violation fines with fine ruling numbers
What does a fine ruling number give us? We can search those numbers in a fine check service at Avtokod.mos.ru to see photographs of the traffic violation and, crucially, the first name and patronymic of the violating driver…
Well, this is weird. We know that the number Т 705 ТТ 99 belongs to Anatoliy Vladimirovich Chepiga. However, the violating driver for both is a certain Aleksandr Evgenyevich [Александр Евгеньевич], which is, incidentally, the same name and patronymic as given in the fake passport of Chepiga’s presumed colleague «Aleksandr Evgenyevich Petrov». How do we find information on this Aleksandr Evgenyevich? Last year, Russian media reported on a massive insurance company data leak. Reportedly, among the leaked info was not only text data, but document photos as well.
This is amazing, open-sourced investigation made possible by access to data. You want to bring criminals to justice? Use the government’s own surveillance of citizens against it. The original post has lots of photos to back up the data here.
link to this extract
In 2017 and the first half of this year, Google shipped about 5 million Pixel smartphones worldwide, according to the research firm IDC. Apple sells as many iPhones in about eight days as Google did in 18 months — and even Apple has a relatively small minority market share in smartphones.
Small numbers aren’t confined to Google, either. Journalists like me can’t stop talking about the “runaway success” of the Echo devices, Amazon.com Inc.’s rapidly expanding lineup of voice-activated home doodads. Amazon sold about 3.6m of the two most popular Echo models from April to June, Strategy Analytics estimated. Fitbit, a company that journalists like me stopped talking about long ago, sold 2.7m motion-tracking gadgets in the same period.
Yes, Amazon’s hardware sales are growing and Fitbit numbers are shrinking, but you get the point. For most software or internet tech empires, hardware is a niche hobby, and it will remain so for the foreseeable future.
That leaves the question of why tech companies that built fortunes on areas other than computing hardware are bothering at all. I wasn’t sure about Microsoft’s Surface line for a long time, but I have been convinced that the company successfully spurred new ideas in what a computer could and should be, even as Microsoft sells relatively few personal computers on its own. I’m not completely sold on the strategic merits of Amazon’s Echo gadgets, but it’s clear that the company wants a pole position if computers controlled by voice become the prevalent form of human interaction with machines.
As for Google, I was unsure of the merits of the company jumping into hardware with both feet when the Alphabet unit unveiled its first self-branded smartphone two years ago, and I’m still not sure what the company is doing.
Indeed, if Google doesn’t spread the Pixel computational love to the rest of the Android OEMs, what is the point? Experimentation?
link to this extract
This year the back is all glass, but the two-tone look remains thanks to two different treatments to the glass. The top is bare, shiny glass and a fingerprint magnet, while the rest of the phone has a soft-touch, satin-like matte coating.
The coating feels great, but it doesn’t seem very durable. There were already visible scratches on both of the demo units I photographed, which you can see, and it’s easy to damage the back with something as mundane as a USB-C cable. Both of the demo phones I photographed at the show already had several scratches on them. Harsh camera lighting is pretty much the worst-case scenario for finding scratches, but I’ve never seen demo units this beat up before at a launch. I was disappointed by the change from metal to glass, but this is a double whammy: all the fragility of glass with none of the scratch-resistant hardness…
…I’m sad to say the front design is just as disappointing in real life as it is in pictures. Google has turned in two phones that just aren’t up to the 2018 competition. The Pixel 3 XL follows the notch display trend, but Google has the biggest notch in the industry. The cutout extends so far into the display that it doesn’t fit inside a normal Android status bar, so the bar is twice as tall as normal, which looks ridiculous. The width of the notch means you only get to see three notification icons on the screen before you run out of space. Combined with the 3 XL’s sizable bottom bezel, I don’t think there’s a single 2018 phone in the Pixel 3’s price range you can point to and call a worse design. Google is pretty much at the back of the pack here.
He likes the displays, though. (Phew.) Thinks they switched to Samsung, away from LG for the Pixel 2, which had terrible screen issues.
Also, there’s no 3.5mm headphone jack – it’s USB-C headphones for you, or Bluetooth ones. I seem to remember Google making a big play of keeping the jack a couple of years ago. What changed, exactly?
link to this extract
Our connected life is certainly getting more complex with time. With the convenience of smart/Wi-Fi enabled devices comes the trouble of keeping everything up-to-date. Some companies choose to stick with manual updates, forcing you to manually approve every minor version change. Others opt for automatic updates, removing the guesswork and friction out of the process. Sonos used to be part of the first category, but now the company has added an option for seamless updates.
In the latest Sonos app update to v9.2 (APK Mirror), there’s a new Automatic Updates toggle under System Updates. Flip it on and you can set your Sonos updates to happen overnight to avoid disrupting your listening during the day.
Same on iOS. Thank the flipping stars for that. I love Sonos’s stuff, but the nagging about updates and the impossibility of just letting it get on and do it has been a pain for ages.
link to this extract
[Jamal] Khashoggi flew back to Istanbul from London on Monday evening, Oct 1. The following morning, he spoke again with consul worker Sultan, who told him to collect the document at 1 p.m the same day.
Outside the consulate, a low rise building at the edge of one of Istanbul’s business districts, Khashoggi handed Cengiz his two mobile phones, the fiancee told Reuters. He left instructions that she should call Aktay, the Erdogan aide, if he didn’t reappear. Khashoggi was wearing his black Apple Watch, connected to one of the phones, when he entered the building.
A senior Turkish government official and a senior security official said the two inter-connected devices are at the heart of the investigation into Khashoggi’s disappearance.
“We have determined that it was on him when he walked into the consulate,” the security official said. Investigators are trying to determine what information the watch transmitted. “Intelligence services, the prosecutor’s office and a technology team are working on this. Turkey does not have the watch so we are trying to do it through connected devices,” he said.
Tech experts say an Apple Watch can provide data such as location and heart rate. But what investigators can find out depends on the model of watch, whether it was connected to the internet, and whether it is near enough an iPhone to synchronize.
The Saudi regime has denied up and down that it knows where Khashoggi is – or was. Non-Saudi CCTV at front and back shows him going in, but not out; the Saudi consulate says “oh wow, our internal CCTV wasn’t working that day.”
But open source data (such as flight trackers available to everyone, showing two private flights arriving and departing Turkey and Riyadh that day) – and his Apple Watch – could be enough to demonstrate what increasingly is feared: a despotic regime killed a vociferous opponent. If the Apple Watch’s signal died inside the consulate, or went somewhere else, it tells you all you need to know.
link to this extract
Pluckrose, Lindsay, and Boghossian [who perpetrated the “Sokhal Squared” effort to get hoax papers published in social science journals] will tell you that the crisis in the humanities they’ve ginned up is very current and real, but things get real curious when you scratch the surface. Jason Wilson’s piece in the Guardian from March outlines how the right-wing outrage machine draws in media hucksters and funds right-wing campus activists alike. In that piece, Boghossian is quoted as saying that the target of his hoaxes is “all disciplines infected by postmodernism, and women’s studies and gender studies in particular.” That’s right — hoaxes, plural. Last year, Boghossian and Lindsay employed the same tactic with a fake paper that argued the penis is less of a physical organ than it is something “a social construct isomorphic to performative toxic masculinity.”
Sensing a theme yet? Their long-running, multi-year media circus, based upon a deeply-held well… grievance, resonates with the broadly-held suspicions that some of the stuff that happens on campus is a bit crap — and anything remotely feminist comes first. Because looking around at the world in late 2018, gender doesn’t seem to be any kind of problem for anybody.
But — and I say this confidently — nobody in the humanities actually reads journals the way they do in science. You search journal databases by keywords. You read one paper from a new journal issue. You use what works. You skip over the paper that’s obviously rushed. You know that, in many areas, much more effort goes into book chapters. You know that some journals barely peer-review at all. This includes science journals, where hoaxes have also been perpetrated.
The hoaxers know all of this very well; they’re anything but stupid. The goal is plainly obvious: They don’t want these fields to exist.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
Errata, corrigenda and ai no corrida: none notified