Start Up No.930: Saudi Arabia under investigation, Facebook says 14 million hacked, Watch faces for all, the rise of real citizen journalism, and more

Plenty of TV and films, but what is needed to get games on there? Photo by tua ulamac on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 13 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Facebook says fewer users impacted by recent cyberattack than first thought • WSJ

Kirsten Grind:


In a blog post Friday, Facebook said 30 million users had their access tokens stolen, as opposed to the original estimate of 50 million. The tokens are digital keys that keep people logged into social-media site.

The company said hackers “exploited a vulnerability” in its computer code between July 2017 and September 2018. Facebook discovered the attack Sept. 25 and stopped it two days later.

“We now know that fewer people were impacted than we originally thought,” Guy Rosen, vice president of product management, said in the blog post.

Of the 30 million involved, Facebook said 14 million were the most affected. They had their names and contact details—including phone numbers and email addresses—accessed, along with such data as their gender and relationship status, as well as the last 10 places they checked into and 15 most recent searches. Fifteen million others had their names and contacts accessed. The attackers didn’t get any information from the million remaining users who were vulnerable in the security breach.


Fourteen. Million.
link to this extract

Silicon Valley’s Saudi Arabia problem • The New York Times

Anand Giridharadas:


Long before the dissident Saudi journalist Jamal Khashoggi vanished, the kingdom has sought influence in the West — perhaps intended, in part, to make us forget what it is. A medieval theocracy that still beheads by sword, doubling as a modern nation with malls (including a planned mall offering indoor skiing), Saudi Arabia has been called “an ISIS that made it.” Remarkably, the country has avoided pariah status in the United States thanks to our thirst for oil, Riyadh’s carefully cultivated ties with Washington, its big arms purchases, and the two countries’ shared interest in counterterrorism. But lately the Saudis have been growing their circle of American enablers, pouring billions into Silicon Valley technology companies.

While an earlier generation of Saudi leaders, like Prince Alwaleed bin Talal, invested billions of dollars in blue-chip companies in the United States, the kingdom’s new crown prince, Mohammed bin Salman, has shifted Saudi Arabia’s investment attention from Wall Street to Silicon Valley. Saudi Arabia’s Public Investment Fund has become one of Silicon Valley’s biggest swinging checkbooks, working mostly through a $100 billion fund raised by SoftBank (a Japanese company), which has swashbuckled its way through the technology industry, often taking multibillion-dollar stakes in promising companies. The Public Investment Fund put $45 billion into SoftBank’s first Vision Fund, and Bloomberg recently reported that the Saudi fund would invest another $45 billion into SoftBank’s second Vision Fund.

SoftBank, with the help of that Saudi money, is now said to be the largest shareholder in Uber. It has also put significant money into a long list of start-ups that includes Wag, DoorDash, WeWork, Plenty, Cruise, Katerra, Nvidia and Slack.


NYT note: Mr. Giridharadas is the author of “Winners Take All: The Elite Charade of Changing the World.”

“An ISIS that made it” is pretty brutal. And yet..
link to this extract

Jamal Khashoggi, his Apple Watch, government headfakes and.. climate change • Medium

I wrote about this case, and the speculation that Khashoggi himself recorded his murder:


OK, now we need him to have begun pressing Record on his Watch, to have had a Watch that was either connected to the Wi-Fi or had a cell connection. He had intentionally left his phone outside, with his fiancee (standard practice in consulates: in general you’re not allowed to take phones inside, and he might also have been being cautious, not wanting the Saudis to get any chance of accessing his contacts).

Another alternative some might offer: he had the Walkie-Talkie function on, and was doing this with his fiancée. (It would have to go to her phone.)

Though I’d love to be wrong, I don’t think this scenario pans out. As much as anything, it requires his Watch’s cell connection to be dramatically good inside a building, which tends not to be the case for any phone. The Wi-Fi scenario doesn’t work unless he’d previously joined the Wi-Fi there, and I don’t think they would offer that.

Most of all, though, this scenario — him recording his killing on his Apple Watch — doesn’t ring true for me because it would mean his fiancee would have been able to access it. If she were the one who had these recordings, don’t you think she’d be raising absolute hell?


Saudi Arabia’s behaviour here is reprehensible. The good news? There’s something concrete that you, individually, can do to affect it.
link to this extract

Exploring custom watchOS Watch faces • David Smith


I’ve given a lot of thought to custom watch faces for watchOS over the years but always ultimately just moved on because I believed that Apple will never allow for them. The usual reasons I’ve heard given are:

• Apple likes to control the aesthetics of the device,
• there’d be too much copyright/copycat issues,
• they require too low level connection to the system to be performant,
• and they aren’t necessary.

Whether or not any of these are good, valid, or beneficial reasons honestly doesn’t interest me too much now. Because I spent the better part of this week making my own watch faces, and it was glorious! This is the most fun I’ve had in development in a long time.

There is something delightful about solving a problem that is superficially so simple and constrained. The constraint leads to lots of opportunities for creative thinking. Ultimately you just need to communicate the time but how you do that can take countless different forms. It reminds me of the various ‘UI Playgrounds’ that have existed in app design. For a while it was twitter clients, then podcast players and weather apps.

Here are a few of the designs I’ve come up with this week..


He and Steven Troughton-Smith have been blasting through for the past few days; Stroughton-Smith has a git repo which lets you install your own Watch faces (if you have an Apple Developer account). It’s impressive stuff. A selection below, which other developers are expanding on. (See Troughton-Smith’s feed on Twitter for more.)

It’s really persuasive: yes, Apple ought to open this up.
link to this extract

Bitcoin must die • Slugger O’Toole

Andrew Gallagher:


In many pre-industrial societies cowry shells were used as currency. This had the unfortunate side effect that you could literally fish money out of the sea. In more advanced shell currencies, the shells had to be laboriously worked in order to make them valuable. This stabilised the currency, but only by pegging it directly to the value of the hours spent grinding down shells by hand, time that could have been more productively used elsewhere.

And this is why Bitcoin, and all other proof-of-work schemes, must die. It is the computational equivalent of shell currency, the only difference being that the value is dependent on electricity consumed rather than hours worked. Shell currencies, like rhino horns and tiger bones, are objectively worthless and irrational demand for them is an immoral waste of resources, both human and environmental.

Hashcash puzzles are objectively worthless, but irrational demand for them is incinerating the earth…

…If Bitcoin were to cease trading tomorrow, 0.5% of the world’s electricity demand would simply disappear. This is roughly equivalent to the output of ten coal-fired power plants, emitting 50 million tonnes of CO2 per year – which would cover one year’s worth of the carbon emission cuts required to limit temperature rises this century to 2C. It is not a solution by itself, but it would be a good year’s work.

Bitcoin is made from ashes, and if ashes were legal tender, humanity would burn everything in sight and call it progress.


Making bitcoin illegal on climate grounds would be quite something to see.
link to this extract

Theranos criminal case is broader than publicly disclosed, prosecutors say • Bloomberg

Joel Rosenblatt:


The government’s criminal fraud case against former Theranos chief executive officer Elizabeth Holmes and former president Ramesh “Sunny” Balwani runs deeper than what’s been publicly disclosed, prosecutors said.

After a hearing Friday in San Jose, California, Holmes and Balwani lost a bid to block the Justice Department from combing through more than 200,000 company documents. The judge also ordered lawyers for both sides to work out a procedure by which protected and confidential documents are shielded from prosecutors.

U.S. Magistrate Judge Susan van Keulen rejected Holmes’s and Balwani’s request after the hearing. In her order, she also referenced undisclosed “charges and activities” in the government’s broad, ongoing investigation that may extend beyond the former Theranos executives.

The ruling could give prosecutors additional leverage at trial or in any plea deal, including any potential agreement by one defendant of the former couple to aid the prosecution of the other.


If you read John Carreyrou’s ‘Bad Blood’, his book about Theranos, Balwani comes across as one of the most unpleasant yet also incompetent people you’d ever hope not to meet. If you haven’t read it, put it on your Christmas list.
link to this extract

Citizen journalists – the fighters on the frontline against Russia’s attacks • The Guardian

Carole Cadwalldr:


what has become plain is that the British government shows no sign of even acknowledging the scale or complexity of the national security threat we face, let alone how to deal with it, as Hillary Clinton – the target of the GRU’s operation – appeared to acknowledge when she spoke in Oxford last week.

She described how the foundation of western liberal democracy is under assault and made pointed remarks at both the nature of Russia’s attacks on Britain and Britain’s failure to investigate, name-checking both Damian Collins, head of the select committee for the Department of Culture, Media and Sport, for warning of “a crisis in British democracy” and Tom Watson, the deputy Labour leader, who have both called for a public inquiry with “Mueller-style” powers.

What Bellingcat exposes is how citizen investigations are not only surpassing traditional mainstream organisations, they also seem streets ahead of government agencies. Investigators who use publicly available sources have been quietly joining a citizen’s battle against this flood not just of disinformation, but of corporate secrets, dark money thinktanks, networks of political influence, Trump-Russia collusion, overspending in the referendum, up to and including mass murder.

This month, BBC Africa Eye published a stunning investigation using techniques Bellingcat has developed, identifying the location and identity of men who’d killed two women and two young children through forensic analysis of online sources.

And, less hi-tech but also hugely valuable, the entire Cambridge Analytica investigation owes a huge debt to open source investigators. After Harry Davies published his first article in the Guardian about the firm in 2015, it was Paul-Olivier Dehaye, a professor of maths in Geneva, who was profoundly troubled by the way personal data was being abused, who took it upon himself to produce an open-source document that he made freely available to journalists.


I think that government sources are as good as ever at identifying who’s behind stuff – bear in mind that it was the UK police who released the photos of the Salisbury suspects, and I bet that MI5/6 knew it would trigger a citizen investigation. What’s changed is, as Cadwalldr says, our ability to identify people, things and places and make that public.
link to this extract

What developers say Apple needs to do to make the Apple TV a gaming console • Ars Technica

Samuel Axon:


[Strange Flavour CEO Aaron] Fothergill told Ars something similar. He called the Apple TV “easy to write for.” When asked about the success of his company’s Apple TV titles, he said, “We didn’t make millions or even hundreds of thousands, but it covered the cost of the extra work to tweak them for Apple TV, and for a two-man team, it’s useful.”

He indicated that creating universal apps that work across iOS and the Apple TV is easy, and he talked up the box’s power as a “mini console.” Fothergill said he was able to use Xbox 360 assets in his Apple TV games “as-is” and run the games at 60fps.

But when asked what Apple needs to do to improve things, Fothergill had some thoughts. He said Apple should do a better job of supporting Game Center across platforms, and he added, “I also like the idea of game controllers (ideally Apple ones) being bundled with the Apple TV as an actual Apple option. So there’s an Apple TV being sold specifically for games.”

Developer Patrick Hogan told Ars that he believes Apple needs to do three things:

• Include an Apple-branded, full-featured controller with every Apple TV.
• Market the Apple TV as a gaming platform.
• “Spend a lot of money on funding platform exclusives, ports, and presence at every major gaming expo and conference to break the chicken-egg problem of getting customers to make it viable to devs.”

Other developers Ars spoke with also made these same recommendations with varying emphasis—for example, some didn’t believe that a controller has to be included with every Apple TV and that simply offering optional gaming bundles of the device would be effective with the right marketing message behind them.


So basically to make it a gaming console, it needs to include a gaming controller. Who’d have thought?
link to this extract

Crafty kids are finding ingenious ways to thwart Apple’s ‘Screen Time’ feature • The Next Web

Bryan Clark:


A Reddit thread with nearly 9,000 upvotes features a number of crafty kids who’ve bypassed the digital nanny features. One father revealed one of the hacks.

His son, a seven-year-old, deletes the games he’s been locked out of and then re-downloads it from the App Store. With iCloud, he doesn’t miss a beat, as all of his games are stored on a server waiting for him to resume play. Apple, unfortunately, overlooked this clever hack entirely. Once the game is re-downloaded, it starts the clock over again for the day.

This could, however, be thwarted by setting Install Apps to Not Allowed within Screen Time’s settings.

Another child uses the YouTube iMessage App to send himself videos. While YouTube is blocked, he’s free to view the videos within Apple‘s own messaging app. Maybe it’s time to block iMessage?

One parent, on Apple’s support forum, asked how to outsmart a child who was resetting his phone‘s time and date to trick the device into thinking it was a new day. There doesn’t seem to be a fix for this one, at least based on the responses in the forum post.


Still, at least this shows what happens when you give someone an incentive to find a workaround. These kids are going to make terrific project managers.
link to this extract

Exclusive: iPad Pro Face ID details, 4K HDR video over USB-C, AirPod-like Apple Pencil 2 pairing, more [Update: A12X processor] • 9to5Mac

Guilherme Rambo:


Unlike the iPhone, however, the [new] iPad Pro will not have a notch.

Even though the new 2018 iPad Pro models will sport thinner bezels, those bezels will still be wide enough to accommodate the TrueDepth camera system necessary for Face ID.

The 2018 iPad Pro will include Face ID with the same image signal processor as the iPhone XS, iPhone XS Max and iPhone XR. Further, we can confirm that Face ID on the new iPad Pro will work in both portrait and landscape orientations, though it won’t work upside down.

The Face ID setup process on the new iPad Pros will be very similar to the process introduced with the iPhone X. Notably, despite post-setup support for landscape Face ID, the setup process must be completed in portrait orientation.

It’s not clear if the new landscape support requires a special hardware feature, or if it can be made available to iPhones with a simple software update.

With its USB-C port, the 2018 iPad Pro will be able to output 4K HDR video to external displays. To accommodate this feature, there will be a new panel in the settings app where users will be able to control resolution, HDR, brightness and other settings for connected external displays…

…The new iPad Pro will have a brand new connector for accessories. The Magnetic Connector will be at the back of the iPad and will allow for the connection of different accessories, such as a new version of the Smart Keyboard and other third-party accessories.


Also will have an A12X processor, like the A12 in latest iPhones. Some confirmation of the fact of the devices from Asian certification:


The new model numbers that we have spotted on MIIT are A1876, A1980, and A1993. These three model numbers have certification date of September 29, 2018, which makes them quite new in comparison to the previous leaks that carried model numbers from last year. As we mentioned in the beginning, we have also spotted a new Bluetooth Device with model number A2051 in the listing and as of now we are not able to decode what it is exactly.


Bluetooth device could be new AirPods, could be the new Pencil. Now we just need Apple to actually get on and launch them.
link to this extract

Estimating project costs? If statements should cost $10,000 each • Dave Rupert

Dave Rupert:


“Whoa, whoa, whoa, that would never work” I hear you say. But there’s never been an easier way to convey the scope and cost of a project than if-statement based billing. What is an if-statement? An if-statement is the most essential unit of business logic. A small piece of logic that will linger in your codebase for the life of the entire project. Larger software applications have more business logic, thus are more expensive. We can use if-statements as a proxy for complexity and bill accordingly. At the end of the day developers can count up the number of if-statements and invoice the corresponding cost centers.

What about small projects, you say? Well, the beauty of this is something simple like a blog is actually free! Free website? Yes, please.

But let’s say your app has a logged-in or logged-out state, well, that’s at least 2 if-statements. Starting price: $20,000. Never before has it been this easy to price and scope out complex stateful apps!

Do you build Component Systems? Simple static components are free. But most components increase their cost due to the The Nine States of Design. Each component likely has a mix of “none”, “one”, “some”, “too many”, “error”, and “done” states. That’s a lot of logic and use cases packed into a little module, so it’s gonna cost ya. But you’ll rest assured that you’ve covered all your bases as well as billed appropriately.

Need an if-statement with 2 conditionals? Look, I’m not a scam artist so I’ll give you the second conditional at half-price. But if it gets any more complex than that and we have to build a big juicy Karnaugh Map, that gets into bitwise operators (which are generally a terrible idea in JavaScript) and will double the cost per switch case.


This is both hilarious and yet also true.
link to this extract

Instagram ads are awful • Tumblr

James Whatley has a collection:


Instagram ads are awful.

With additional contributions from Kevin Systrom.


Consists of ads ripped from Instagram, along with uplifting words from Systrom, Instagram’s (of course now departed) co-founder.

Yup, they’re awful.
link to this extract

Thoughts on Google’s Call Screening feature • Excursions

Amit Gawande has an objection:


I don’t understand Google’s “Call Screening” feature. How does it solve the spam calls problem? Don’t I have to be equally attentive when the call arrives? I don’t think the problem is I have to receive the call, problem is I get the call in the first place.

Rather I am more distracted, reading transcripts and making decisions. It looks to be targeted at the automated machine-driven calls. Human spammers/scammers will still have to be handled.

In most cases, the spam calls I get start with a person, a human, asking if it indeed is me. Then goes on to specify the call is about some information related to my account or a service I am using. And then comes the “offer for you” part. I tend to disconnect right at first step when someone wants to know if me is indeed me.

What’s to say the call screening will transcribe something like “This is xyz from abc bank and this is a service information call”?

Anyway, no doubt Google has a great technology at its hands and the showcase via this use case sounds a lot coherent than the general duplex demo we saw during I/O. I am just perplexed how everyone seems to be already sold that this solves the problem which it isn’t even targeting.


Just to reiterate, Call Screening is something you have to activate when a call comes in; it tells the caller it’s an automated service:


“The person you’re calling is using a screening service and will get a copy of this conversation. Go ahead and say your name and why you’re calling,” the Google bot will say. As the caller responds, the digital assistant will transcribe the caller’s message for you.”


As Gawande says, this means you still have to pay attention – you’re just not having to talk directly to a human. Really clever – but not a solution, sadly. This turns my thinking on Call Screening around 180 degrees.

link to this extract

Errata, corrigenda and ai no corrida: none notified

10 thoughts on “Start Up No.930: Saudi Arabia under investigation, Facebook says 14 million hacked, Watch faces for all, the rise of real citizen journalism, and more

  1. Re. Bitcoin’s ungreenness: I’m curious, how does it compare to physical coins and bills, and to other electronics infrastructure (credit card, SWIFT etc…) ?

    I understand Bitcoin specifically is about changing energy into money. But I’m not buying the ecology issue at face value, not any more than I bought it about when it got raised 3-4 yrs ago reading entertainment (reading, videos, games) on a PC: you want me to what… read a book ? Go hiking ? Is that greener ?

    • Also, more generally, is that even an issue if energy pricing is fair and reflects all costs ? Isn’t money, at its core, a tool to ensure the efficient allocation of resources ?

      I understand energy pricing needs to reflect all externalities (pollution etc), and a social policy must be tacked on to ensure individuals have enough to live (ie everyone gets a discount rate for the amount of water necessary fo washing and cooking but not for swimming pools nor gardening).

      To me, the issue is not that blockchain sucks up energy, but that the price for that energy is faulty.

      • Market failures happen. Climate change is a result of enormous market failure: those causing it don’t have to pay for it (it’s an externality) and even worse, it tends not to happen to those causing it (it’s geographically unequally distributed). Bitcoin mining is, as you said, about faulty pricing. But that’s been the case for decades.

  2. If I might snark a bit, funny how there’s no time to cover the Pixel’s actual launch, but enough time to cover leaks about the iPad Pro.

    In general: enough with leaks, not just Apple’s, unless it’s a really innovative product à la Samsung tablet that folds into a phone. On the Android side, this week’s leaks have been all about Aus, Xiaomi and others’ gaming phones, to scupper Razer who just released theirs (with a multicolor LED logo on the back !)

    Incidentally those folding tablet leaks might make me revise my negative outlook on the ergonomics of the thing: I can’t see a phone that unfolds into a bigger phone being nice, but a tablet that folds into a phone… that’s different. It’s going to be as expensive as 3 phones + 3 tablets w/o offering all that battery, screen real estate and CPU power, but I can see a use case for the packing-space obsessed.

  3. re. Call screening, my elderly mom is being besieged by scammers, we’re talking at least one call a day, sometimes 4, about charities, energy audits, retirement planning, crap on sale… It’s very stressful because those thieves master the art of passing themselves off as the Real Thing: “Calling you on behalf of Electricité de France…”… I think that call screening feature would help tremendously.

    Her paper mail is the same, and could use a mailbot.

    That’s stressful for her, and for us her kids; towards the end, my fading father got scammed for thousands in the short time he could still use the credit card but not quite realize what for nor for how much. For sale: W2 encyclopedia and tens of bottle of so-so wine. Mom once agreed to a home audit, the guy got abusive and threatening we she refused to buy a new boiler on the spot.

  4. Can someone tell me why Apple or Android can not implement a simple call screening service based on one’s Contacts. Calls not in your Contacts go to voicemail. Done. In fact Apple do this with their Do Not disturb service, and it’s easy enough to set this for 24hr days but that means all your contacts can disturb you all day and night. What’s stopping them?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.