Start Up No.933: Twitter’s Russian data, Facebook’s video flaw, Essential thins out, NPC explained, and more


Futurism hasn’t been as good at predicting social trends as technological ones. Howcome? Photo by Luke Jones on Flickr.

A selection of 12 links for you. Your 2020 presidential campaign slogan is the last text you sent: mine is “I’ll clean that up.” Vote! I’m @charlesarthur on Twitter. Observations and links welcome.

Twitter just published millions of Russia- and Iran-linked tweets so researchers can study election interference • Buzzfeed News

Davey Alba:

»

Twitter published data sets Wednesday containing millions of tweets, photos, videos, and the names of thousands of accounts with potential election-meddling information operations that the company found on its platform since 2016.

Twitter had previously disclosed that election-meddling information operations had been detected, but said in a new blog post that opening up the data sets for scrutiny by independent researchers, academics, and journalists could help bring more understanding about foreign interference in political conversations on the platform.

“It is clear that information operations and coordinated inauthentic behavior will not cease,” wrote Vijaya Gadde, the legal, public policy, and trust and safety lead at Twitter, and Yoel Roth, Twitter’s head of site integrity, in the blog post. “These types of tactics … will adapt and change as the geopolitical terrain evolves worldwide and new technologies emerge.” But, Gadde and Roth said, the company would continue to “proactively combat nefarious attempts to undermine the integrity of Twitter” and partner with civil society, government, researchers, and industry peers to understand nefarious online political campaigns.

«

From the Twitter post:

»

These large datasets comprise 3,841 accounts affiliated with the IRA, originating in Russia, and 770 other accounts, potentially originating in Iran. They include more than 10 million Tweets and more than 2 million images, GIFs, videos, and Periscope broadcasts, including the earliest on-Twitter activity from accounts connected with these campaigns, dating back to 2009.

«

It’s about 365GB in total, so get those hard drives ready. There’s also some Brexit stuff in there too.
link to this extract


Did Facebook’s faulty data push news publishers to make terrible decisions on video? • Nieman Journalism Lab

Laura Hazard Owen:

»

“We’re entering this new golden age of video,” Zuckerberg told BuzzFeed News in April 2016. “I wouldn’t be surprised if you fast-forward five years and most of the content that people see on Facebook and are sharing on a day-to-day basis is video.”

But even as Facebook executives were insisting publicly that video consumption was skyrocketing, it was becoming clear that some of the metrics the company had used to calculate time spent on videos were wrong. The Wall Street Journal reported in September 2016, three months after the Fortune panel, that Facebook had “vastly overestimated average viewing time for video ads on its platform for two years” by as much as “60 to 80 percent.” The company apologized in a blog post: “As soon as we discovered the discrepancy, we fixed it.”

A lawsuit filed by a group of small advertisers in California, however, argues that Facebook had known about the discrepancy for at least a year — and behaved fraudulently by failing to disclose it.

That could have had enormous consequences — not just for advertisers, who were making decisions about whether to shift resources from television to Facebook, but also for news organizations, who were simultaneously grappling with decisions about how to allocate editorial staff and what kinds of content creation to prioritize. Publishers’ “pivot to video” was driven largely by a belief that if Facebook was seeing users, in massive numbers, shift to video from text, the trend must be real for news video too — even if people within those publishers doubted the trend internally based on their own experiences, and even as research conducted by outside organizations continued to suggest that the video trend was overblown and that readers preferred text.

«

Sometimes the overestimation was far bigger: inflated from 2 seconds average to 17.5s. That’s the difference between “damn, stop and go back” to “let’s see what this is like”. And also an ad shown, or not.

There are also extracts from court filings, because a number of advertisers are extremely pissed off with Facebook. But it’s the publishers, and the journalists who lost their jobs because they were writing text rather than shooting video (I’m thinking of you, Mashable), who should be more pissed off.
link to this extract


Trivial authentication bypass in libssh leaves servers wide open • Ars Technica

Dan Goodin:

»

There’s a four-year-old bug in the Secure Shell implementation known as libssh that makes it trivial for just about anyone to gain unfettered administrative control of a vulnerable server. While the authentication-bypass flaw represents a major security hole that should be patched immediately, it wasn’t immediately clear what sites or devices were vulnerable since neither the widely used OpenSSH nor Github’s implementation of libssh was affected…

…A search on Shodan showed 6,351 sites using libssh, but knowing how meaningful the results are is challenging. For one thing, the search probably isn’t exhaustive. And for another, as is the case with GitHub, the use of libssh doesn’t automatically make a site vulnerable.

Rob Graham, who is CEO of the Errata Security firm, said the vulnerability “is a big deal to us but not necessarily a big deal to the readers. It’s fascinating that such a trusted component as SSH now becomes your downfall.”

[A researcher at the security firm NCC, Peter] Winter-Smith agreed. “I suspect this will end up being a nomination for most overhyped bug, since half the people on Twitter seem to worry that it affects OpenSSH and the other half (quite correctly!) worry that GitHub uses libssh, when in fact GitHub isn’t vulnerable.”

«

The bypass is: when it asks you for verification, you tell it you’re verified. Like that. A four-year old bug in open source code used all over the place.
link to this extract


Android Creator’s startup Essential Products cuts about 30% of staff • Bloomberg

Mark Gurman:

»

The reductions affect staff in the company’s hardware, marketing, and sales divisions, the people said. They asked not to be identified discussing private moves. The company has about 120 employees, according to its website.

The cuts come several months after the company canceled plans for a second version of its smartphone and paused development of a home smart device that would compete with Amazon.com Inc. and Google.

“This has been a difficult decision to make. We are very sorry for the impact on our colleagues who are leaving the company and are doing everything we can to help them with their future careers,” an Essential spokeswoman wrote in an email. “We are confident that our sharpened product focus will help us deliver a truly game changing consumer product.”

«

There’s confidence, and there’s being wrong.
link to this extract


Futurism’s blind spot: why could we predict self-driving cars, but not women in the workplace? • Nautilus

Tom Venderbilt:

»

as the economist Robert Fogel famously noted, if the railroad had not been invented, we would have done almost as well, in terms of economic output, with ships and canals. Or we assume that modern technology was wonderfully preordained instead of, as it often is, an accident. Instagram began life as a Yelp-style app called Burbn, with photos an afterthought (photos on your phone, is that a thing?). Texting, meanwhile, started out as a diagnostic channel for short test messages—because who would prefer fumbling through tiny alphanumeric buttons to simply talking?1

Transportation seems to be a particular poster child of fevered futurist speculation, bearing a disproportionate load of this deferred wish fulfillment (perhaps because we simply find daily travel painful, reminding us of its shared root with the word “travail”). The lament for the perpetually forestalled flying car focuses around childlike wishes (why can’t I have this now?), and ignores massive externalities like aerial traffic jams, and fatality rates likely to be higher than terrestrial driving.

The “self-driving car,” it is promised, will radically reshape the way we live, forgetting that, throughout history, humans have largely endeavored to keep their daily travel time within a stable bound.4 “Travelators,” or moving walkways, were supposed to transform urban mobility; nowadays, when they actually work, they move (standing) people in airports at a slower-than-walking speed. In considering the future of transportation, it is worth keeping in mind that, today, we mostly move around thanks to old technology. As Amazon experiments with aerial drone delivery, its “same day” products are being moved through New York City thanks to that 19th-century killer app: the bicycle.

Edgerton notes that the “innovation-centric” worldview—those sexy devices that “changed the world”—runs not merely to the future, but also the past. “The horse,” he writes, “made a greater contribution to Nazi conquest than the V2.” We noticed what was invented more than what was actually used.

«

link to this extract


Genome hackers show no one’s DNA is anonymous anymore • WIRED

Megan Molteni:

»

the amount of DNA information housed in digital data stores has exploded, with no signs of slowing down. Consumer companies like 23andMe and Ancestry have so far created genetic profiles for more than 12 million people, according to recent industry estimates. Customers who download their own information can then choose to add it to public genealogy websites like GEDmatch, which gained national notoriety earlier this year for its role in leading police to a suspect in the Golden State Killer case.

Those interlocking family trees, connecting people through bits of DNA, have now grown so big that they can be used to find more than half the US population. In fact, according to new research led by Erlich, published in Science, more than 60% of Americans with European ancestry can be identified through their DNA using open genetic genealogy databases, regardless of whether they’ve ever sent in a spit kit.

“The takeaway is it doesn’t matter if you’ve been tested or not tested,” says Erlich, who is now the chief science officer at MyHeritage, the third largest consumer genetic provider behind 23andMe and Ancestry. “You can be identified because the databases already cover such large fractions of the US, at least for European ancestry.”

«

Give it a few more years and governments trying to track people (spies? Murderous assassins?) down will publish DNA taken from the scene and, little sigh, say that they don’t seem to have any more leads and leave it to open source journalists.
link to this extract


What Is NPC, the pro-Trump internet’s new favourite insult? • The New York Times

Kevin Roose:

»

Last week, a trolling campaign organized by right-wing internet users spilled over onto Twitter. The campaign, which was born in the fever swamps of 4chan and Reddit message boards, involved creating hundreds of fictional personas with gray cartoon avatars, known as NPCs. These accounts posed as liberal activists and were used to spread — among other things — false information about November’s midterm elections.

Over the weekend, Twitter responded by suspending about 1,500 accounts associated with the NPC trolling campaign. The accounts violated Twitter’s rules against “intentionally misleading election-related content,” according to a person familiar with the company’s enforcement process. The person, who would speak only anonymously, was not authorized to discuss the decision.

If you’re confused, you’re not alone. Here, we try to unpack the NPC meme, what it means and why it’s causing trouble on Twitter.

«

Just doing my job keeping you informed of memeulations on the intertubes, folks.
link to this extract


Kanye West and Donald Trump and the rise of human clickbait • NY Mag

Max Read:

»

The point, anyway, isn’t that Kanye’s seeming manic episodes are “actually” publicity stunts — or, for that matter, that his publicity stunts are “actually” manic episodes. The point is that, on Twitter, it was impossible for people to distinguish between the two. The connection between eccentricity, erratic behavior, celebrity, and attention is not, obviously, a new dynamic — think of Tom Cruise or Charlie Sheen. But social media, and the news its dominance incentivizes, has created an environment in which the quickest and surest way toward blanket coverage of you and your output is acting in a way consistent with mental illness, regardless of whether or not you would be diagnosed as ill in a clinical setting. This is as true in business, where erratic behavior and market manipulation are two sides of the same coin — just ask Elon Musk — or in politics, where a particularly obsessive set of theories about Donald Trump can net you tens of thousands of followers, as it is in entertainment. What’s necessary to succeed in an economy where attention is the reserve currency is a set of attributes that appear with no small frequency in the DSM.

«

(The DSM is the Diagnostic and Statistical Manual of Mental Disorders, used by the American Psychiatric Association.)
link to this extract


I’m an Amazon employee. My company shouldn’t sell facial recognition tech to police • Medium

It’s a great year for important anonymous letters to publications about what’s going on inside well-known but often impenetrable organisations:

»

When a company puts new technologies into the world, it has a responsibility to think about the consequences. Amazon, where I work, is currently allowing police departments around the country to purchase its facial recognition product, Rekognition, and I and other employees demand that we stop immediately.

A couple weeks ago, my co-workers delivered a letter to this effect, signed by over 450 employees, to Jeff Bezos and other executives. The letter also contained demands to kick Palantir, the software firm that powers much of ICE’s deportation and tracking program, off Amazon Web Services and to institute employee oversight for ethical decisions.

We know Bezos is aware of these concerns and the industry-wide conversation happening right now. On stage, he acknowledged that big tech’s products might be misused, even exploited, by autocrats. But rather than meaningfully explain how Amazon will act to prevent the bad uses of its own technology, Bezos suggested we wait for society’s “immune response.”

If Amazon waits, we think the harm will be difficult to undo.

After all, our concern isn’t one about some future harm caused by some other company: Amazon is designing, marketing, and selling a system for dangerous mass surveillance right now…

…We know from history that new and powerful surveillance tools left unchecked in the hands of the state have been used to target people who have done nothing wrong; in the United States, a lack of public accountability already results in outsized impacts and over-policing of communities of color, immigrants, and people exercising their First Amendment rights. Ignoring these urgent concerns while deploying powerful technologies to government and law enforcement agencies is dangerous and irresponsible.

«

There’s also an interview with the article writer.
link to this extract


Larger smartphones increase in consumer acceptance • Strategy Analytics

»

A new report from the User Experience Strategies (UXS) group at Strategy Analytics surveying consumers in the US, Western Europe, China and India has explored consumer smartphone size preference. Flagship device sizes between 5.0in and 5.5in continue to be preferred by most, especially in China and India where a device of 5.5in is considered ‘ideal’ by most. Consumers in all markets surveyed are showing greater interest in larger devices compared to 2017.

Key report findings:

• A larger percentage of respondents in the US and Western Europe found larger devices to be an ideal size in 2018, compared to 2017.
• Half of respondents in India found devices with a screen size of 5.5in ideal in 2018, compared to half of respondents citing 5.0in as ideal in 2017.
• Around half of respondents in China found devices with a screen size of 5.5” ideal in 2018, compared to only a third in 2017.

Christopher Dodge, Associate Director and report author commented, “The primary drivers for larger displays are likely to be stemming from greater productivity and entertainment capabilities, thinner more ergonomic smartphone designs, increased screen resolution, clarity, and quality, and the overall increase in resourcefulness. Smartphones are becoming the control hub for more and more connected devices/services.”

«

The fact that, without anything else happening, people are more accepting of large screens suggests that all this stuff is just custom and habit. Look back at reviews of the first Galaxy Note, such as this one (from 2011):

»

Now, those mobile devices we couldn’t live without have screens that are much, much larger. Sometimes, though, we secretly wish they were even bigger still.

Samsung’s new GT-N7000 Galaxy Note is the handset those dreams are made of – if you happen to share that dream about obnoxiously large smartphones, that is.

«

Obnoxiously large. FIVE POINT THREE INCHES. (The iPhone at the time was 4in.) Among the cons: “Awkward to use for phone calls.”

link to this extract


Instagram has a massive harassment problem • The Atlantic

Taylor Lorenz on the problems at the only other social network with more than a billion users:

»

When Instagram introduces new features, the moderation-team members receive no warning, Andy [who works as a moderator; that’s not his real name] said. Consequently, they are left scrambling to understand how they work and what constitutes harassment on each format. “When the Questions feature rolled out, same way as every other new feature, we had no idea,” he said. “We didn’t know which part is the question, which is the answer, who says what? That makes such a big difference on whether you’re going to delete or ignore the post. The mods are just totally not kept up to date on how people use features.”

Alex, the current Instagram employee who asked to be referred to by a pseudonym, said the company prioritizes growth above all else, often at costs to user experience. “The focus is still on getting people to spend more time, getting more users, getting more revenue. That doesn’t change much internally,” Alex said. “There’s been a lot of effort to shape the narrative, but the reality is that it doesn’t drive business impact.”

At Instagram and Facebook, Alex said, “features can make whatever progress … but can’t hurt the other metrics. A feature might decrease harassment 10 percent, but if it decreases users by 1 percent, that’s not a trade-off that will fly. Internally right now, no one is willing to make that trade-off.”

Allie, a former employee at Instagram, agreed. “Instagram has terrible tools. I think people haven’t really focused on it much because so many harassment campaigns are just more visible on other platforms,” she said. Throughout her time there, she said, “many of the efforts to reduce harassment were oriented toward PR, but very few engineering and community resources were put toward actually decreasing harassment.”

«

link to this extract


Panasonic’s human blinkers help people concentrate in open-plan offices • Dezeen

Natashah Hitti:

»

Panasonic’s Future Life Factory is developing wearable blinkers, designed to limit your sense of sound and sight, and help you focus on what’s directly in front of you.

The prototype device, called Wear Space, is designed to keep people distraction-free when working in busy spaces or open-plan offices by blocking them off from their immediate surroundings.

It was created by Panasonic’s design studio Future Life Factory, in collaboration with Japanese fashion designer Kunihiko Morinaga.

Panasonic hopes that by using the partition to cut the user’s horizontal field of vision by about 60%, it will encourage them to concentrate on the work in front of them.

“As open offices and digital nomads are on the rise, workers are finding it ever more important to have personal space where they can focus,” said the company. “Wear Space instantly creates this kind of personal space – it’s as simple as putting on an article of clothing.”

«

Ian Bogost’s comment on Twitter: “now you’re a draft horse”. Amazing.
link to this extract


Errata, corrigenda and ai no corrida: none notified

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Start Up No.932: Uber v Google, Dragonfly confirmed, machine learning’s killer app?, Turkey nudges Saudis, and more


Patisserie Valerie has some odd ingredients in its accounts. Photo by matthew midgley on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 13 links for you. Or 1101 in binary. I’m @charlesarthur on Twitter. Observations and links welcome.

Did Uber steal Google’s intellectual property? • The New Yorker

Charles Duhigg:

»

After [the former DARPA Grand Challenge for self-driving vehicles participant, Anthony] Levandowski arrived at Google, his plan was to send out hundreds of cars, equipped with cameras, to photograph America’s roads. Then he encountered Google’s bureaucracy.

The company was less than a decade old, but it had almost seventeen thousand employees, including a thick layer of middle managers. Levandowski recently told me, “One of the reasons they wanted us was because Larry Page knew we were scrappy—we would cut through red tape.” Page, Google’s co-founder and chief executive, often complained that the company had become bloated, and had lost the hacker mentality that had fuelled its initial success. By the time Levandowski arrived, Google’s apparatchiks were in ascent.

“Hiring could take months,” Levandowski told me. “There was a program called WorkforceLogic, and just getting people into the system was super-complicated. And so, one day, I put ads on Craigslist looking for drivers, and basically hired anyone who seemed competent, and then paid them out of my own pocket. It became known as AnthonyforceLogic.” Around this time, Levandowski went to an auto dealership and bought more than a hundred cars. One of his managers from that period told me, “When we got his expense report, it was equal to something like all the travel expenses of every other Google employee in his division combined. The accountants were, like, ‘What the hell?’ But Larry said, ‘Pay it,’ and so we did. Larry wanted people who could ignore obstacles and could show everyone that you could do something that seemed impossible if you looked for work-arounds.”

Levandowski and his team were asked to map a million miles of U.S. roads within a year. They finished in nine months, and then set up an enormous office in Hyderabad, India, to begin mapping every street on earth.

«

This isn’t the heart of the story – this is back in 2007 – but it illustrates something pertinent about both Levandowski and Page, particularly the latter: he’ll forgive if you get the results.

It also goes into Silicon Valley’s culture, which it says is built on one big idea: betrayal.
link to this extract


Apple ‘deeply apologetic’ over account hacks in China • WSJ

Yoko Kubota:

»

Apple apologized over the hacking of some Chinese accounts in phishing scams, almost a week after it emerged that stolen Apple IDs had been used to swipe customer funds.

In its English statement Tuesday, Apple said it found “a small number of our users’ accounts” had been accessed through phishing scams. “We are deeply apologetic about the inconvenience caused to our customers by these phishing scams,” Apple said in its Chinese statement.

The incident came to light last week when Chinese mobile-payment giants Alipay and WeChat Pay said some customers had lost money.

The victims of the scams, Apple said Tuesday, hadn’t enabled so-called two-factor authentication—a setting that requires a user to log in with a password and a freshly-generated code to verify their identity.

The Cupertino, Calif.-based company didn’t specify how many users were hit or how much money was stolen, nor did it offer details about how the hackers acquired the users’ Apple IDs and passwords. To help prevent unauthorized access to their accounts, Apple said, people should enable two-factor authentication.

«

It was a pretty safe bet that the people who got phished hadn’t enabled 2FA. (And that it was phishing rather than hacking.) Strange, since Apple pushes a reminder in the Settings app. This is interesting PR, though: apologising for something the customer got wrong and that Apple couldn’t control.
link to this extract


Google CEO Sundar Pichai says Project Dragonfly, the censored Chinese search engine, works • The Washington Post

Brian Fung:

»

“If Google were to operate in China, what would it look like? What queries will we be able to serve?” chief executive Sundar Pichai said during an event hosted by Wired on Monday night. “It turns out we’ll be able to serve well over 99% of the queries.”

The announcement could prompt more questions from U.S. policymakers, some of whom have accused Google of being evasive about Project Dragonfly. Meanwhile, Google and its peers in the tech industry are facing intense scrutiny over its approach to user privacy and data, with some federal lawmakers proposing legislation that could impose new restrictions on tech companies’ handling of customer information.

Like many other firms, Google is eyeing China as a massive market opportunity. China, which has an estimated population of 1.4 billion, is already heavily dependent on Google’s Android operating system; in 2013, 9 out of 10 smartphones in China were running Android. But Google’s position in mobile could eventually erode as Chinese competitors have sought to develop alternatives to Android. Gaining broader access to Chinese audiences could give Google more opportunities to serve online advertising and sell mobile apps.

«

link to this extract


The Magic Leap con • Gizmodo

Brian Merchant:

»

As many have noted, the hardware is still extremely limiting. The technology underpinning these experiences seems genuinely advanced, and if it were not for a multi-year blitzkrieg marketing campaign insisting a reality where pixels blend seamlessly with IRL physics was imminent, it might have felt truly impressive. (Whether or not it’s advanced enough to eventually give rise to Leap’s prior promises is an entirely open question at this point.) For now, the field of vision is fairly small and unwieldy, so images are constantly vanishing from view as you look around. If you get too close to them, objects will get chopped up or move awkwardly. And if you do get a good view, some objects appear low res and transparent; some looked like cheap holograms from an old sci-fi film. Text was bleary and often doubled up in layers that made it hard to read, and white screens looked harsh—I loaded Google on the Helio browser and immediately had to shut my eyes.

According to Magic Leap, over 1,000 people had signed up to be here. Why?, I wanted to ask all of them at once. Do you think this is the future? Do you really?

«

I’ll reiterate my prediction that pretty soon Magic Leap will pivot to industrial applications, which might exist.
link to this extract


It turns out that Facebook could in fact use data collected from its Portal in-home video device to target you with ads • Recode

Kurt Wagner:

»

Last Monday, we wrote: “No data collected through Portal — even call log data or app usage data, like the fact that you listened to Spotify — will be used to target users with ads on Facebook.”

We wrote that because that’s what we were told by Facebook executives.

But Facebook has since reached out to change its answer: Portal doesn’t have ads, but data about who you call and data about which apps you use on Portal can be used to target you with ads on other Facebook-owned properties.

“Portal voice calling is built on the Messenger infrastructure, so when you make a video call on Portal, we collect the same types of information (i.e. usage data such as length of calls, frequency of calls) that we collect on other Messenger-enabled devices. We may use this information to inform the ads we show you across our platforms. Other general usage data, such as aggregate usage of apps, etc., may also feed into the information that we use to serve ads,” a spokesperson said in an email to Recode.

That isn’t very surprising, considering Facebook’s business model. The biggest benefit of Facebook owning a device in your home is that it provides the company with another data stream for its ad-targeting business.

«

I’m shocked, shocked to learn that data collection for targeting ads is going on in this Facebook device.
link to this extract


Will compression be machine learning’s killer app? • Pete Warden’s blog

Warden used to be chief technology officer for a company called Jetpac, which used neural networks to do interesting stuff with Instagram photos; then Google bought it, and he’s working on machine learning there:

»

One of the other reasons I think ML is such a good fit for compression is how many interesting results we’ve had recently with natural language. If you squint, you can see captioning as a way of radically compressing an image. One of the projects I’ve long wanted to create is a camera that runs captioning at one frame per second, and then writes each one out as a series of lines in a log file. That would create a very simplistic story of what the camera sees over time, I think of it as a narrative sensor.

The reason I think of this as compression is that you can then apply a generative neural network to each caption to recreate images. The images won’t be literal matches to the inputs, but they should carry the same meaning. If you want results that are closer to the originals, you can also look at stylization, for example to create a line drawing of each scene. What these techniques have in common is that they identify parts of the input that are most important to us as people, and ignore the rest.

It’s not just images.

There’s a similar trend in the speech world. Voice recognition is improving rapidly, and so is the ability to synthesize speech. Recognition can be seen as the process of compressing audio into natural language text, and synthesis as the reverse. You could imagine being able to highly compress conversations down to transmitting written representations rather than audio. I can’t imagine a need to go that far, but it does seem likely that we’ll be able to achieve much better quality and lower bandwidth by exploiting our new understanding of the patterns in speech.

«

link to this extract


Google to charge phonemakers for Google Play app store in EU • Financial Times

Rochelle Toplensky:

»

With more than 80% of the world’s smartphones running on the Android operating system, the product is vital to Google’s future revenues and profitability.

Google denied any wrongdoing and has appealed against the EU’s decision to the European Court of Justice. But on Tuesday a company spokesperson said that from October 29, Android phonemakers “wishing to distribute Google apps” would also be able to build “non-compatible, or forked, smartphones and tablets for the EEA”.

The spokesperson added that phonemakers would also be able to able to license Google Play separately from Google’s search engine and Chrome for an unspecified fee.

With Tuesday’s announcement, Google addressed each of the practices that Ms Vestager deemed illegal. However, critics say the changes are unlikely to upend the global smartphone industry.

Thomas Vinje, a lawyer at Clifford Chance whose clients have raised competition concerns over Google’s Android contracts, said: “The bottom line is that Google’s so-called remedies would mean that both Android and Google’s other dominant mobile products will remain immune from effective competition.

“No manufacturer will produce a device based on a forked version of Android only for Europe,” he added.

«

Vinje is probably correct.
link to this extract


Five ways Google Pixel 3 camera pushes the boundaries of computational photography • Digital Photography Review

Rishi Sanyal:

»

With the launch of the Google Pixel 3, smartphone cameras have taken yet another leap in capability. I had the opportunity to sit down with Isaac Reynolds, Product Manager for Camera on Pixel, and Marc Levoy, Distinguished Engineer and Computational Photography Lead at Google, to learn more about the technology behind the new camera in the Pixel 3.

One of the first things you might notice about the Pixel 3 is the single rear camera. At a time when we’re seeing companies add dual, triple, even quad-camera setups, one main camera seems at first an odd choice.

But after speaking to Marc and Isaac I think that the Pixel camera team is taking the correct approach – at least for now. Any technology that makes a single camera better will make multiple cameras in future models that much better, and we’ve seen in the past that a single camera approach can outperform a dual camera approach in Portrait Mode, particularly when the telephoto camera module has a smaller sensor and slower lens, or lacks reliable autofocus [like the Galaxy S9].

«

This isn’t actually a test of the Pixel 3. Plenty of interesting things here; will they come to the wider range of Android, though? The Pixel is a fraction of a fraction of Android sales.

We’re also approaching the point where it’s only the low-light pictures that show substantial differences between generations. (Thanks stormyparis for the link.)
link to this extract


The Google Pixel 3 is a very good phone. But maybe phones have gone too far • Buzzfeed News

Mat Hohan:

»

The world is on fire but the new Google Pixel 3 — a Good Phone, which I do recommend you buy if you like Android and can afford it, although its updates are mostly incremental — in my pocket is cool to the touch. A dark slab of metal and glass. It comes alive when I rub my finger across the back of it.

And then!

“We’re doomed,” a colleague texts me on Signal*. A push alert from a well-regarded news site has more details on the alleged murder and dismemberment of a Saudi journalist. On Nextdoor, several neighbors report that their drinking water has tested positive for unsafe levels of pesticides. The Citizen app prompts me to record video of an angry naked man rampaging in the shit-strewn streets of San Francisco. Facebook is hacked and our information is out there. Everyone on Twitter is angry, you fucking cuck. You idiot. You tender, triggered snowflake. Everyone on Instagram is posturing, posing. You are less beautiful than they. The places you go are not as interesting. You should feel bad because you are worse in every way. The world is dying; come see it, come see it.

I don’t recall exactly when my phone became such a festival of stress and psychological trauma, but here we are.

«

If you haven’t read – or had forgotten – Honan’s piece from CES Las Vegas, called “Fever Dream of a Guilt-Ridden Gadget Reporter“, it’s time to enjoy that too. Sample paragraph:

»

I try to remember all the products I’ve talked about that I won’t even bother to cover—and that nobody’s going to buy. There were some Bluetooth speakers. Or maybe they were WiFi. But there was definitely a helmet cam. And a waterproof phone. And a tablet and an ultrabook and an OLED TV. There was ennui upon ennui upon ennui set in this amazing temple to technology.

«

That was January 2012. Never change, Mat.
link to this extract


Turkey releases passport scans of men it says were involved in journalist’s killing • Washington Post

Souad Mekhennet and Kareem Fahim:

»

Turkish officials have provided The Washington Post with scans of passports that they say were carried by seven men who were part of a Saudi team involved in the killing of journalist Jamal Khashoggi inside the Saudi Consulate in Istanbul on Oct. 2.

These passport scans add to the information made public by Turkey as it seeks to fill out the narrative of what happened to Khashoggi, a Post contributor who vanished after entering the consulate to obtain a document he needed for his upcoming wedding.

The Post is publishing the passport scans but obscuring the faces and names of the men because it has not independently verified their identities.

Within days of Khashoggi’s disappearance, Turkish investigators said they had pieced together most of the mystery, concluding that he had been killed inside the consulate and dismembered.

Turkey said a 15-member team dispatched from Saudi Arabia played a role in the killing. Turkish officials have confirmed that the 15 names reported in the Turkish media are those of the suspected team members, and their alleged involvement is part of the evidence cited by Turkey that Saudi Arabia was responsible for Khashoggi’s death.

«

Turkey’s playing an interesting game here. “Sources close to the investigation” have also released security camera footage, which claims to show a big people carrier with blacked-out windows leaving the consulate and then arriving at the consul’s home.

Turkey knows it can make Saudi Arabia uncomfortable, and embarrass the US if Trump says it’s fine, and then it releases video or audio. Saudi Arabia knows this; the US knows it. Turkey can keep dripping out this stuff for ages, to keep the story in the headlines.

So what does Turkey want in exchange for not doing this? Something political, of course. But what?
link to this extract


Too smooth: the red flag at Patisserie Valerie which was missed • FT Alphaville

Dan McCrum:

»

With the benefit of hindsight, however, there is one aspect of the company’s figures which looks odd: average sales per store barely changed in five years, even as the number of them doubled. Expansion, the addition of different brands, economic vagaries – through it all a Patisserie Valerie cafe took sales of about £600k a year.

In the year to September 2014, when there were 128 stores on average, each contributed revenues of £598k. Last year, 192 stores contributed an average £596k each.

Here’s the progression of sales, to £114m last year:

And here’s the average revenue per store, as the group’s total number of sites went from 89 to 206:

The metric was remarkably stable, suspiciously so we might now say. Business is rarely that smooth, as weather, the ebb and flow of competition, and even politics (a Brexit effect?) play a role.

«

This is part of the “Someone is wrong on the internet” series – a series title too wonderful for words. Patisserie Valerie is a chain of retail cake shops (so, as the story says, pretty much zero inventory) which a week ago discovered it has £20m less than it thought.
link to this extract


July 2017: Russian national and bitcoin exchange charged in 21-count indictment for operating alleged international money laundering scheme and allegedly laundering funds from hack of Mt. Gox • USAO-NDCA | Department of Justice

July 2017:

»

A grand jury in the Northern District of California has indicted a Russian national and an organization he allegedly operated, BTC-e, for operating an unlicensed money service business, money laundering, and related crimes…

…“Mr. Vinnik is alleged to have committed and facilitated a wide range of crimes that go far beyond the lack of regulation of the bitcoin exchange he operated.  Through his actions, it is alleged that he stole identities, facilitated drug trafficking, and helped to launder criminal proceeds from syndicates around the world,” said Chief Don Fort, IRS Criminal Investigation.  “Exchanges like this are not only illegal, but they are a breeding ground for stolen identity refund fraud schemes and other types of tax fraud.  When there is no regulation and criminals are left unchecked, this scenario is all too common. The takedown of this large virtual currency exchange should send a strong message to cyber-criminals and other unregulated exchanges across the globe.”

“BTC-e was noted for its role in numerous ransomware and other cyber-criminal activity; its take-down is a significant accomplishment, and should serve as a reminder of our global reach in combating transnational cyber crime,” said Special Agent in Charge of the USSS Criminal Investigative Division Michael D’Ambrosio. “We are grateful for the efforts of our law enforcement partners in achieving this significant result.”

“The arrest of Alexander Vinnik is the result of a multi-national effort and clearly displays the benefits of global cooperation among US and international law enforcement,” said FBI Special Agent in Charge Hess.

«

OK, so that was more than a year ago. But you can bet that if there’s money laundering on one bitcoin exchange, then given how many there are around, it will be happening on others. Which brings us to…
link to this extract


Is the price of bitcoin based on anything at all? • Medium

Jeff Wise, writing back in August on the puzzle about Tether – the cryptocoin which claims to be back by a dollar for every “dollar” worth of Tether:

»

The white paper that heralded Tether’s creation explicitly calls for regular audits. Without them, anyone buying Tether is effectively operating on faith. Think about it: you can barely rent an apartment without going through a credit check and proving you can cover the cost. You’d think the market would demand some concrete assurances about the issuance of $2.7bn worth of currency.

Let’s assume, though, that Tether really does have $2.7bn sitting in a safe somewhere. Where did it all come from? The most innocent answer is that some deep-pocketed investors decided they wanted to invest in cryptocurrency, but rather than simply buy some with dollars, they instead opted to buy Tether first and then use that to purchase the crypto.

Just why anyone would do that remains unclear, especially since, as UC Berkeley computer science researcher Nicholas Weaver has pointed out on Lawfareblog.com, “[O]ne has to believe that they did this even though these unregulated exchanges have a history of getting hacked, with customers losing their investments.”

A less innocent answer is that the investors couldn’t go to a banked exchange because their funds came from illegal activity, so they used Tether to turn their ill-gotten gains into untraceable crypto loot. In other words, money laundering.

Perhaps the most troubling answer for crypto investors is that Tether minted currency out of thin air, used it to buy other cryptocurrency, sold that cryptocurrency, and used the proceeds to create its reserves. That is, assuming the reserves actually exist at all.

In a sense, though, it doesn’t matter whether the money is in the bank or not. Tether’s terms of service state, “We do not guarantee any right of redemption or exchange of tethers by us for money.” Even if the money is in the vault, Tether holders have no claim to it.

«

Increasingly I suspect that Tether/Bitfinex’s official location in Panama means that it is a gigantic money laundering operation for, eh, shall we say drug cartel money? This would explain its occasional gigantic wafts of money, and its desperate search for a bank that will actually hold its reserves. And why it persists.
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up No.931: Facebook and Myanmar, inside Google+, the voice resistance, Palm reborn!, Reddit’s product manager regrets, and more


Anki, which brought you self-driving Scalextric cars, has a new product. Photo by Ian Hughes on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Myanmar’s military said to be behind Facebook campaign that fuelled genocide • The New York Times

Paul Mozur:

»

They posed as fans of pop stars and national heroes as they flooded Facebook with their hatred. One said Islam was a global threat to Buddhism. Another shared a false story about the rape of a Buddhist woman by a Muslim man.

The Facebook posts were not from everyday internet users. Instead, they were from Myanmar military personnel who turned the social network into a tool for ethnic cleansing, according to former military officials, researchers and civilian officials in the country.

The Myanmar military were the prime operatives behind a systematic campaign on Facebook that stretched back half a decade and that targeted the country’s mostly Muslim Rohingya minority group, the people said. The military exploited Facebook’s wide reach in Myanmar, where it is so broadly used that many of the country’s 18 million internet users confuse the Silicon Valley social media platform with the internet. Human rights groups blame the anti-Rohingya propaganda for inciting murders, rapes and the largest forced human migration in recent history.

While Facebook took down the official accounts of senior Myanmar military leaders in August, the breadth and details of the propaganda campaign — which was hidden behind fake names and sham accounts — went undetected. The campaign, described by five people who asked for anonymity because they feared for their safety, included hundreds of military personnel who created troll accounts and news and celebrity pages on Facebook and then flooded them with incendiary comments and posts timed for peak viewership.

«

Off the back of this, I got into a discussion on Twitter with Antonio Garcia Martinez, ex-Facebook, who is in many ways the person who speaks for Facebook (he understands its id). It seems there’s no simple way to challenge this; we live in a world where it’s too late to prevent this happening.
link to this extract


Trend watch: where are we using voice assistants? • CivicScience

»

With the voice assistant landscape continuously changing, what is the sentiment towards using them and on what types of devices are people using them most frequently?

CivicScience surveyed over 5,300 Americans on their experience with voice assistants and looked into how demographics come into play, as well as on what devices they use voice assistants with.

«

51% haven’t used and aren’t interested? That’s quite a crimping on the total addressable market.

link to this extract


The future’s so bright, I gotta wear blinders • ROUGH TYPE

Nick Carr:

»

A few years ago, the technology critic Michael Sacasas introduced the term “Borg Complex” to describe the attitude and rhetoric of modern-day utopians who believe that computer technology is an unstoppable force for good and that anyone who resists or even looks critically at the expanding hegemony of the digital is a benighted fool. (The Borg is an alien race in Star Trek that sucks up the minds of other races, telling its victims that “resistance is futile.”) Those afflicted with the complex, Sacasas observed, rely on a a set of largely specious assertions to dismiss concerns about the ill effects of technological progress. The Borgers are quick, for example, to make grandiose claims about the coming benefits of new technologies (remember MOOCs?) while dismissing past cultural achievements with contempt (“I don’t really give a shit if literary novels go away”).

To Sacasas’s list of such obfuscating rhetorical devices, I would add the assertion that we are at “the beginning.” By perpetually refreshing the illusion that progress is just getting under way, gadget worshippers like Kelly are able to wave away the problems that progress is causing. Any ill effect can be explained, and dismissed, as just a temporary bug in the system, which will soon be fixed by our benevolent engineers. (If you look at Mark Zuckerberg’s responses to Facebook’s problems over the years, you’ll find that they are all variations on this theme.) Any attempt to put constraints on technologists and technology companies becomes, in this view, a short-sighted and possibly disastrous obstruction of technology’s march toward a brighter future for everyone — what Kelly is still calling the “long boom.” You ain’t seen nothing yet, so stay out of our way and let us work our magic.

«

Is there such a thing as a pragmatic pessimist? If so then Nick Carr fits the bill.
link to this extract


Tiny new Palm at Verizon positioned as ‘accessory’ smartphone and we guess that’s a thing now? • Android Police

Corbin Davenport:

»

Last year, TCL announced that new devices with Palm branding would launch in 2018, and the first phone leaked a few months ago. The tiny 3.3-inch Palm phone is now official, and it’s coming to Verizon next month for a whopping $349.99.

Rather than being an independent phone, it functions as a ‘Connected device,’ similar to a smartwatch. You have to pay an extra $10/month, and it will receive the same phone calls and SMS messages as your main phone. TCL is positioning it as a secondary device for when you need a break from your regular phone.

«

A… what? So a smartwatch, basically. Except phone-shaped and won’t fit on your wrist. The basketball player Stephen Curry launched it… with a tweet from an iPhone.

Nope.
link to this extract


Vector, Anki’s cute robot companion, is available today • Engadget

Imad Khan:

»

Anki’s Vector, the $2m Kickstarter darling, is out today, and he’s ready to be your best friend. Vector is the follow-up to Anki’s first Robot, Cozmo. While Cozmo was more focused on being a toy for kids, Vector aims to be a robot assistant. It will even have Alexa integration by the end of the year, giving it access to a larger trove of information to be able to answer more questions.

Vector’s defining characteristic are its large, expressive eyes. The Wall-E-esque nature of the robot gives it an adorable personality. And even while you’re typing away at your desk, Vector will be doing its own thing, exploring and messing around. It can even do tricks, like pop a wheelie.

Vector has a front-facing camera that can recognize your face, as well as a four-microphone array on top for voice commands. And whenever Vector runs low on battery, he’ll truck on over to a charging port and juice up.

Anki will be updating Vector throughout its lifespan.

«

Anki was the company which wowed Apple’s WWDC back in 2013 when they showed their self-driving cars – the very neat Anki Drive, a sort of Scalextric where the cars figured out the track themselves – but since then it doesn’t seem to have had that many hits. Interesting company; maybe the crowdfunding model is the right way to find what people really want.
link to this extract


Zimbabwe’s attempt to tackle ‘bad’ currency deepens economic woes • Financial Times

David Pilling and Joseph Cotterill:

»

Zimbabwe is in the grip of a new economic crisis as the value of the country’s local currency collapses and shop shelves are stripped bare after a panic-buying spree last week.

Attempts to resolve the country’s complex currency system — in which non-dollar-backed electronic money and local “bond notes” are rapidly losing value — have been undermined by mixed messages from the government. The latest crisis is reviving memories of hyperinflation and undermining the new administration’s message that the country is “open for business”.

Amid a desperate shortage of dollars, even local KFC outlets were forced to shut up shop, unable to access the funds to buy chicken.

The problems began this month when Mthuli Ncube, Zimbabwe’s finance minister, said he was dividing bank accounts into two types — ones containing “good” and “bad” dollars. The “good” accounts are those backed by real inflows of dollars, remitted by millions of Zimbabweans in the diaspora. The “bad” accounts are those holding electronic money, known as RTGS, or real-time gross settlement.

Zimbabwe has been a dollarised economy for almost a decade since the government scrapped the local currency after a hyperinflationary meltdown.

«

Maybe if they tried some cryptocu.. no, forget it.
link to this extract


From memes to Infowars: how 75 fascist activists were “red-pilled” • bellingcat

Robert Evans:

»

An online community develops its own lingo over time. Among fascist activists “red-pilling” means converting someone to fascist, racist and anti-Semitic beliefs. The term originates with “The Matrix,” a popular 1999 film. The protagonist is offered the choice between a red pill, which will open his eyes to the reality of a machine-dominated world, and a blue pill, which will return him to ignorance and safety. The definition of “red pill,” as used by fascists, is rather elastic. Films and songs are described as “red pilled” if they reinforce a far-right worldview. At least one poster referred to amphetamines as red-pilled.

There appears to be no agreed-upon standard for when a human being is red-pilled. Most fascist activists agree that acknowledgement of the Jewish Question, or JQ, is critical. This means believing that Jewish people are at the center of a vast global conspiracy. The end goal of this conspiracy is usually described as “white genocide”, but there are numerous variations.

https://discordleaks.unicornriot.ninja/discord/view/984086?q=redpilled#msg

Red pilling is described as a gradual process. Individual people can be red-pilled on certain issues and not others. Stefan Molyneux, a popular author and far-right YouTube personality, is seen as being red-pilled on race and “the future of the west” even though he is not considered as a fascist. Prominent YouTuber PewPewDie is also often considered red-pilled. It is accepted that media personalities need to hide their outright fascist beliefs, or “power level”, in order to have a chance at red-pilling the general population (usually called “normies”).

«

This really is a quite depressing dive into a weird subculture. Being able to bring small groups with common thinking together is the internet’s strength, but also its failing. And there’s plentiful evidence that any online group tends to get dragged to the extreme views held within it. Also: YouTube is a big part of this process.
link to this extract


Google Pixel 3 and 3 XL review: the best camera gets a better phone • The Verge

Dieter Bohn likes the camera and thinks it scratches easily and yada yada but this I found worthwhile:

»

By far, the coolest software feature on the Pixel 3 (which is also coming to the Pixel 2) is Call Screening. When a phone call comes in, you can tap a button to screen it. When you do, a semi-robotic voice will speak to your caller and ask them why they’re calling. You watch this happen via text in real time on your screen, and the caller’s response is similarly transcribed for you as they speak.

When the call is active, you can tap a few pre-canned buttons to ask follow-up questions, hit a button to answer, or hit a button to hang up. It’s seriously useful and seriously impressive. Like everybody else, I get a ton of spam calls, and I sometimes feel like those unknown numbers might actually be real. It’s richly, darkly satisfying to know that I’m forcing a robocall to talk to a Google robot.

«

Dan Seifert, a senior editor at The Verge, raved about this feature on Twitter. Though “there’s a lot of spam calling, let’s make it easier to screen them” slightly reminds me of the American solution to the fact that it’s years behind getting electronic payments between people sorted out, and so relies on cheques a lot.

Solution: produce software that OCRs the cheques. Not “sort out the electronic payment system”?
link to this extract


Now that Google+ has been shuttered… • Morgan Knutson

Knutson was a designer on Google – which he was assigned to when he joined Google in 2012. He didn’t enjoy the experience of dealing with the office politics:

»

Now that Google has been shuttered, I should air my dirty laundry on how awful the project and exec team was.

I’m still pissed about the bait and switch they pulled by telling me I’d be working on Chrome, then putting me on this god forsaken piece of shit on day one.
This will be a super slow burn that goes back many years. I’ll continue to add to over the next couple of days. I’ll preface it with a bunch of backstory and explain what I had left behind, which made me more unhappy about the culture I had come into.

«

It’s a long thread (on Twitter; here unrolled into one page by @threadreaderapp) which left me thinking that his experience in small non-profits where he was the only person doing a ton of work really did not prepare him for being a small cog in a vast machine, where some of the other cogs are interested in seeing you leave.

Also worth noting: his comment on how the gigantic bonuses offered all over the company to shoehorn Google+ into products meant “No one really liked this [addition of G+]. People drank the kool-aid though, but mostly because it was green and made of paper”.
link to this extract


Crypto markets roiled as traders question Tether’s dollar peg • Bloomberg

Andrea Tan, Eric Lam and Benjamin Robertson:

»

The company that issues Tether has yet to provide conclusive evidence of its dollar holdings, even though it has repeatedly said that all Tethers are redeemable at $1. That claim helped make Tether the world’s second-most actively traded cryptocurrency: It was used in more than 20% of transactions tracked by CoinMarketCap.com over the past 24 hours.

Tether’s latest dip follows renewed speculation over the financial health and banking relationships of Bitfinex, a crypto exchange that shares a chief executive officer with Tether’s issuer. In a Medium post on Oct. 8, Bitfinex dismissed allegations that it was insolvent and said that withdrawals were functioning as normal. At the same time, it said that “complications continue to exist for us in the domain of fiat transactions.”

Many crypto-related firms have struggled to retain banking relationships as regulators in the US and elsewhere scrutinize the industry’s exposure to risks including money laundering, market manipulation and security breaches. The US Commodity Futures Trading Commission sent subpoenas to Bitfinex and Tether at the end of last year, a person familiar with the matter told Bloomberg in January.

Bitfinex couldn’t immediately be reached through an external spokeswoman.

“If traders start to flee Tether, it’s a potentially precarious situation, since it accounts for 20% of total volumes globally,” said Vijay Ayyar, head of business development at Luno, a cryptocurrency exchange. “It basically implies a lot of volatility ahead.”

«

Something is brewing at Bitfinex, and it doesn’t look good. Trading premiums at the exchange (ie what you need to pay to make a transaction) shot up on Monday morning; there’s a growing belief that it doesn’t have the assets. Basically, we’re seeing a run on the bank of Tether, and this isn’t going to be a version of It’s A Wonderful Life where James Stewart saves the day. People are going to lose money.
link to this extract


‘I fundamentally believe that my time at reddit made the world a worse place’ • NY Mag

Noah Kulwin speaks to former Reddit product manager Dan McComas:

»

(McComas:) I think, ultimately, the problem that Reddit has is the same as Twitter and Discord. By focusing on growth and growth only and ignoring the problems, they amassed a large set of cultural norms on their platforms. Their cultural norms are different for every community, but they tend to stem from harassment or abuse or bad behavior, and they have worked themselves into a position where they’re completely defensive and they can just never catch up on the problem. I really don’t believe it’s possible for either of them to catch up on the problem. I think the best that they can do is figure out how to hide this behavior from an average user. I don’t see any way that it’s going to improve. I have no hope for either of those platforms.

Q: Why?
McComas: I just think that the problems are too ingrained, in not only the site and the site’s communities and users but in the general understanding and expectations of the public. I think that if you ask pretty much anybody about Reddit, they’re either not going to know what Reddit is, which is the large majority of people, or they’re going to be like, “Oh, it’s that place where there’s jailbait or something like that.” I don’t think that they’re going to be able to turn these things around.

Q: Were there moments in which Reddit chose to double down on something and made it that much harder to work toward a solution?
McComas: I don’t know. I’m trying to think about your question. The typical pattern that we always went through was, there would be a bunch of bad behavior on the site, and the community team would have to deal with it and would be really annoyed. Sometimes they would take the free-speech side and decide that we don’t want to make a call on this. Other times they would say, “Hey, we need to take care of this,” and somebody above them would raise either the free-speech side or the “I don’t want to deal with this because it would cause too many problems on the site” side. That was more often the response.

«

McComas has thought a lot about this, and describes a systemic problem that runs through everything, from management to funding.
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up No.930: Saudi Arabia under investigation, Facebook says 14 million hacked, Watch faces for all, the rise of real citizen journalism, and more


Plenty of TV and films, but what is needed to get games on there? Photo by tua ulamac on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 13 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Facebook says fewer users impacted by recent cyberattack than first thought • WSJ

Kirsten Grind:

»

In a blog post Friday, Facebook said 30 million users had their access tokens stolen, as opposed to the original estimate of 50 million. The tokens are digital keys that keep people logged into social-media site.

The company said hackers “exploited a vulnerability” in its computer code between July 2017 and September 2018. Facebook discovered the attack Sept. 25 and stopped it two days later.

“We now know that fewer people were impacted than we originally thought,” Guy Rosen, vice president of product management, said in the blog post.

Of the 30 million involved, Facebook said 14 million were the most affected. They had their names and contact details—including phone numbers and email addresses—accessed, along with such data as their gender and relationship status, as well as the last 10 places they checked into and 15 most recent searches. Fifteen million others had their names and contacts accessed. The attackers didn’t get any information from the million remaining users who were vulnerable in the security breach.

«

Fourteen. Million.
link to this extract


Silicon Valley’s Saudi Arabia problem • The New York Times

Anand Giridharadas:

»

Long before the dissident Saudi journalist Jamal Khashoggi vanished, the kingdom has sought influence in the West — perhaps intended, in part, to make us forget what it is. A medieval theocracy that still beheads by sword, doubling as a modern nation with malls (including a planned mall offering indoor skiing), Saudi Arabia has been called “an ISIS that made it.” Remarkably, the country has avoided pariah status in the United States thanks to our thirst for oil, Riyadh’s carefully cultivated ties with Washington, its big arms purchases, and the two countries’ shared interest in counterterrorism. But lately the Saudis have been growing their circle of American enablers, pouring billions into Silicon Valley technology companies.

While an earlier generation of Saudi leaders, like Prince Alwaleed bin Talal, invested billions of dollars in blue-chip companies in the United States, the kingdom’s new crown prince, Mohammed bin Salman, has shifted Saudi Arabia’s investment attention from Wall Street to Silicon Valley. Saudi Arabia’s Public Investment Fund has become one of Silicon Valley’s biggest swinging checkbooks, working mostly through a $100 billion fund raised by SoftBank (a Japanese company), which has swashbuckled its way through the technology industry, often taking multibillion-dollar stakes in promising companies. The Public Investment Fund put $45 billion into SoftBank’s first Vision Fund, and Bloomberg recently reported that the Saudi fund would invest another $45 billion into SoftBank’s second Vision Fund.

SoftBank, with the help of that Saudi money, is now said to be the largest shareholder in Uber. It has also put significant money into a long list of start-ups that includes Wag, DoorDash, WeWork, Plenty, Cruise, Katerra, Nvidia and Slack.

«

NYT note: Mr. Giridharadas is the author of “Winners Take All: The Elite Charade of Changing the World.”

“An ISIS that made it” is pretty brutal. And yet..
link to this extract


Jamal Khashoggi, his Apple Watch, government headfakes and.. climate change • Medium

I wrote about this case, and the speculation that Khashoggi himself recorded his murder:

»

OK, now we need him to have begun pressing Record on his Watch, to have had a Watch that was either connected to the Wi-Fi or had a cell connection. He had intentionally left his phone outside, with his fiancee (standard practice in consulates: in general you’re not allowed to take phones inside, and he might also have been being cautious, not wanting the Saudis to get any chance of accessing his contacts).

Another alternative some might offer: he had the Walkie-Talkie function on, and was doing this with his fiancée. (It would have to go to her phone.)

Though I’d love to be wrong, I don’t think this scenario pans out. As much as anything, it requires his Watch’s cell connection to be dramatically good inside a building, which tends not to be the case for any phone. The Wi-Fi scenario doesn’t work unless he’d previously joined the Wi-Fi there, and I don’t think they would offer that.

Most of all, though, this scenario — him recording his killing on his Apple Watch — doesn’t ring true for me because it would mean his fiancee would have been able to access it. If she were the one who had these recordings, don’t you think she’d be raising absolute hell?

«

Saudi Arabia’s behaviour here is reprehensible. The good news? There’s something concrete that you, individually, can do to affect it.
link to this extract


Exploring custom watchOS Watch faces • David Smith

»

I’ve given a lot of thought to custom watch faces for watchOS over the years but always ultimately just moved on because I believed that Apple will never allow for them. The usual reasons I’ve heard given are:

• Apple likes to control the aesthetics of the device,
• there’d be too much copyright/copycat issues,
• they require too low level connection to the system to be performant,
• and they aren’t necessary.

Whether or not any of these are good, valid, or beneficial reasons honestly doesn’t interest me too much now. Because I spent the better part of this week making my own watch faces, and it was glorious! This is the most fun I’ve had in development in a long time.

There is something delightful about solving a problem that is superficially so simple and constrained. The constraint leads to lots of opportunities for creative thinking. Ultimately you just need to communicate the time but how you do that can take countless different forms. It reminds me of the various ‘UI Playgrounds’ that have existed in app design. For a while it was twitter clients, then podcast players and weather apps.

Here are a few of the designs I’ve come up with this week..

«

He and Steven Troughton-Smith have been blasting through for the past few days; Stroughton-Smith has a git repo which lets you install your own Watch faces (if you have an Apple Developer account). It’s impressive stuff. A selection below, which other developers are expanding on. (See Troughton-Smith’s feed on Twitter for more.)

It’s really persuasive: yes, Apple ought to open this up.
link to this extract


Bitcoin must die • Slugger O’Toole

Andrew Gallagher:

»

In many pre-industrial societies cowry shells were used as currency. This had the unfortunate side effect that you could literally fish money out of the sea. In more advanced shell currencies, the shells had to be laboriously worked in order to make them valuable. This stabilised the currency, but only by pegging it directly to the value of the hours spent grinding down shells by hand, time that could have been more productively used elsewhere.

And this is why Bitcoin, and all other proof-of-work schemes, must die. It is the computational equivalent of shell currency, the only difference being that the value is dependent on electricity consumed rather than hours worked. Shell currencies, like rhino horns and tiger bones, are objectively worthless and irrational demand for them is an immoral waste of resources, both human and environmental.

Hashcash puzzles are objectively worthless, but irrational demand for them is incinerating the earth…

…If Bitcoin were to cease trading tomorrow, 0.5% of the world’s electricity demand would simply disappear. This is roughly equivalent to the output of ten coal-fired power plants, emitting 50 million tonnes of CO2 per year – which would cover one year’s worth of the carbon emission cuts required to limit temperature rises this century to 2C. It is not a solution by itself, but it would be a good year’s work.

Bitcoin is made from ashes, and if ashes were legal tender, humanity would burn everything in sight and call it progress.

«

Making bitcoin illegal on climate grounds would be quite something to see.
link to this extract


Theranos criminal case is broader than publicly disclosed, prosecutors say • Bloomberg

Joel Rosenblatt:

»

The government’s criminal fraud case against former Theranos chief executive officer Elizabeth Holmes and former president Ramesh “Sunny” Balwani runs deeper than what’s been publicly disclosed, prosecutors said.

After a hearing Friday in San Jose, California, Holmes and Balwani lost a bid to block the Justice Department from combing through more than 200,000 company documents. The judge also ordered lawyers for both sides to work out a procedure by which protected and confidential documents are shielded from prosecutors.

U.S. Magistrate Judge Susan van Keulen rejected Holmes’s and Balwani’s request after the hearing. In her order, she also referenced undisclosed “charges and activities” in the government’s broad, ongoing investigation that may extend beyond the former Theranos executives.

The ruling could give prosecutors additional leverage at trial or in any plea deal, including any potential agreement by one defendant of the former couple to aid the prosecution of the other.

«

If you read John Carreyrou’s ‘Bad Blood’, his book about Theranos, Balwani comes across as one of the most unpleasant yet also incompetent people you’d ever hope not to meet. If you haven’t read it, put it on your Christmas list.
link to this extract


Citizen journalists – the fighters on the frontline against Russia’s attacks • The Guardian

Carole Cadwalldr:

»

what has become plain is that the British government shows no sign of even acknowledging the scale or complexity of the national security threat we face, let alone how to deal with it, as Hillary Clinton – the target of the GRU’s operation – appeared to acknowledge when she spoke in Oxford last week.

She described how the foundation of western liberal democracy is under assault and made pointed remarks at both the nature of Russia’s attacks on Britain and Britain’s failure to investigate, name-checking both Damian Collins, head of the select committee for the Department of Culture, Media and Sport, for warning of “a crisis in British democracy” and Tom Watson, the deputy Labour leader, who have both called for a public inquiry with “Mueller-style” powers.

What Bellingcat exposes is how citizen investigations are not only surpassing traditional mainstream organisations, they also seem streets ahead of government agencies. Investigators who use publicly available sources have been quietly joining a citizen’s battle against this flood not just of disinformation, but of corporate secrets, dark money thinktanks, networks of political influence, Trump-Russia collusion, overspending in the referendum, up to and including mass murder.

This month, BBC Africa Eye published a stunning investigation using techniques Bellingcat has developed, identifying the location and identity of men who’d killed two women and two young children through forensic analysis of online sources.

And, less hi-tech but also hugely valuable, the entire Cambridge Analytica investigation owes a huge debt to open source investigators. After Harry Davies published his first article in the Guardian about the firm in 2015, it was Paul-Olivier Dehaye, a professor of maths in Geneva, who was profoundly troubled by the way personal data was being abused, who took it upon himself to produce an open-source document that he made freely available to journalists.

«

I think that government sources are as good as ever at identifying who’s behind stuff – bear in mind that it was the UK police who released the photos of the Salisbury suspects, and I bet that MI5/6 knew it would trigger a citizen investigation. What’s changed is, as Cadwalldr says, our ability to identify people, things and places and make that public.
link to this extract


What developers say Apple needs to do to make the Apple TV a gaming console • Ars Technica

Samuel Axon:

»

[Strange Flavour CEO Aaron] Fothergill told Ars something similar. He called the Apple TV “easy to write for.” When asked about the success of his company’s Apple TV titles, he said, “We didn’t make millions or even hundreds of thousands, but it covered the cost of the extra work to tweak them for Apple TV, and for a two-man team, it’s useful.”

He indicated that creating universal apps that work across iOS and the Apple TV is easy, and he talked up the box’s power as a “mini console.” Fothergill said he was able to use Xbox 360 assets in his Apple TV games “as-is” and run the games at 60fps.

But when asked what Apple needs to do to improve things, Fothergill had some thoughts. He said Apple should do a better job of supporting Game Center across platforms, and he added, “I also like the idea of game controllers (ideally Apple ones) being bundled with the Apple TV as an actual Apple option. So there’s an Apple TV being sold specifically for games.”

Developer Patrick Hogan told Ars that he believes Apple needs to do three things:

• Include an Apple-branded, full-featured controller with every Apple TV.
• Market the Apple TV as a gaming platform.
• “Spend a lot of money on funding platform exclusives, ports, and presence at every major gaming expo and conference to break the chicken-egg problem of getting customers to make it viable to devs.”

Other developers Ars spoke with also made these same recommendations with varying emphasis—for example, some didn’t believe that a controller has to be included with every Apple TV and that simply offering optional gaming bundles of the device would be effective with the right marketing message behind them.

«

So basically to make it a gaming console, it needs to include a gaming controller. Who’d have thought?
link to this extract


Crafty kids are finding ingenious ways to thwart Apple’s ‘Screen Time’ feature • The Next Web

Bryan Clark:

»

A Reddit thread with nearly 9,000 upvotes features a number of crafty kids who’ve bypassed the digital nanny features. One father revealed one of the hacks.

His son, a seven-year-old, deletes the games he’s been locked out of and then re-downloads it from the App Store. With iCloud, he doesn’t miss a beat, as all of his games are stored on a server waiting for him to resume play. Apple, unfortunately, overlooked this clever hack entirely. Once the game is re-downloaded, it starts the clock over again for the day.

This could, however, be thwarted by setting Install Apps to Not Allowed within Screen Time’s settings.

Another child uses the YouTube iMessage App to send himself videos. While YouTube is blocked, he’s free to view the videos within Apple‘s own messaging app. Maybe it’s time to block iMessage?

One parent, on Apple’s support forum, asked how to outsmart a child who was resetting his phone‘s time and date to trick the device into thinking it was a new day. There doesn’t seem to be a fix for this one, at least based on the responses in the forum post.

«

Still, at least this shows what happens when you give someone an incentive to find a workaround. These kids are going to make terrific project managers.
link to this extract


Exclusive: iPad Pro Face ID details, 4K HDR video over USB-C, AirPod-like Apple Pencil 2 pairing, more [Update: A12X processor] • 9to5Mac

Guilherme Rambo:

»

Unlike the iPhone, however, the [new] iPad Pro will not have a notch.

Even though the new 2018 iPad Pro models will sport thinner bezels, those bezels will still be wide enough to accommodate the TrueDepth camera system necessary for Face ID.

The 2018 iPad Pro will include Face ID with the same image signal processor as the iPhone XS, iPhone XS Max and iPhone XR. Further, we can confirm that Face ID on the new iPad Pro will work in both portrait and landscape orientations, though it won’t work upside down.

The Face ID setup process on the new iPad Pros will be very similar to the process introduced with the iPhone X. Notably, despite post-setup support for landscape Face ID, the setup process must be completed in portrait orientation.

It’s not clear if the new landscape support requires a special hardware feature, or if it can be made available to iPhones with a simple software update.

With its USB-C port, the 2018 iPad Pro will be able to output 4K HDR video to external displays. To accommodate this feature, there will be a new panel in the settings app where users will be able to control resolution, HDR, brightness and other settings for connected external displays…

…The new iPad Pro will have a brand new connector for accessories. The Magnetic Connector will be at the back of the iPad and will allow for the connection of different accessories, such as a new version of the Smart Keyboard and other third-party accessories.

«

Also will have an A12X processor, like the A12 in latest iPhones. Some confirmation of the fact of the devices from Asian certification:

»

The new model numbers that we have spotted on MIIT are A1876, A1980, and A1993. These three model numbers have certification date of September 29, 2018, which makes them quite new in comparison to the previous leaks that carried model numbers from last year. As we mentioned in the beginning, we have also spotted a new Bluetooth Device with model number A2051 in the listing and as of now we are not able to decode what it is exactly.

«

Bluetooth device could be new AirPods, could be the new Pencil. Now we just need Apple to actually get on and launch them.
link to this extract


Estimating project costs? If statements should cost $10,000 each • Dave Rupert

Dave Rupert:

»

“Whoa, whoa, whoa, that would never work” I hear you say. But there’s never been an easier way to convey the scope and cost of a project than if-statement based billing. What is an if-statement? An if-statement is the most essential unit of business logic. A small piece of logic that will linger in your codebase for the life of the entire project. Larger software applications have more business logic, thus are more expensive. We can use if-statements as a proxy for complexity and bill accordingly. At the end of the day developers can count up the number of if-statements and invoice the corresponding cost centers.

What about small projects, you say? Well, the beauty of this is something simple like a blog is actually free! Free website? Yes, please.

But let’s say your app has a logged-in or logged-out state, well, that’s at least 2 if-statements. Starting price: $20,000. Never before has it been this easy to price and scope out complex stateful apps!

Do you build Component Systems? Simple static components are free. But most components increase their cost due to the The Nine States of Design. Each component likely has a mix of “none”, “one”, “some”, “too many”, “error”, and “done” states. That’s a lot of logic and use cases packed into a little module, so it’s gonna cost ya. But you’ll rest assured that you’ve covered all your bases as well as billed appropriately.

Need an if-statement with 2 conditionals? Look, I’m not a scam artist so I’ll give you the second conditional at half-price. But if it gets any more complex than that and we have to build a big juicy Karnaugh Map, that gets into bitwise operators (which are generally a terrible idea in JavaScript) and will double the cost per switch case.

«

This is both hilarious and yet also true.
link to this extract


Instagram ads are awful • Tumblr

James Whatley has a collection:

»

Instagram ads are awful.

With additional contributions from Kevin Systrom.

«

Consists of ads ripped from Instagram, along with uplifting words from Systrom, Instagram’s (of course now departed) co-founder.

Yup, they’re awful.
link to this extract


Thoughts on Google’s Call Screening feature • Excursions

Amit Gawande has an objection:

»

I don’t understand Google’s “Call Screening” feature. How does it solve the spam calls problem? Don’t I have to be equally attentive when the call arrives? I don’t think the problem is I have to receive the call, problem is I get the call in the first place.

Rather I am more distracted, reading transcripts and making decisions. It looks to be targeted at the automated machine-driven calls. Human spammers/scammers will still have to be handled.

In most cases, the spam calls I get start with a person, a human, asking if it indeed is me. Then goes on to specify the call is about some information related to my account or a service I am using. And then comes the “offer for you” part. I tend to disconnect right at first step when someone wants to know if me is indeed me.

What’s to say the call screening will transcribe something like “This is xyz from abc bank and this is a service information call”?

Anyway, no doubt Google has a great technology at its hands and the showcase via this use case sounds a lot coherent than the general duplex demo we saw during I/O. I am just perplexed how everyone seems to be already sold that this solves the problem which it isn’t even targeting.

«

Just to reiterate, Call Screening is something you have to activate when a call comes in; it tells the caller it’s an automated service:

»

“The person you’re calling is using a screening service and will get a copy of this conversation. Go ahead and say your name and why you’re calling,” the Google bot will say. As the caller responds, the digital assistant will transcribe the caller’s message for you.”

«

As Gawande says, this means you still have to pay attention – you’re just not having to talk directly to a human. Really clever – but not a solution, sadly. This turns my thinking on Call Screening around 180 degrees.

link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up No.929: Facebook purges liars, Google ponders curation, PC market stays flat, Minecraft exits Apple TV, and more


Good news! Windows 10’s update won’t do this now. Photo by Delete on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 12 links for you. Friday, it is. I’m @charlesarthur on Twitter. Observations and links welcome.

Facebook purged over 800 accounts and pages pushing political messages for profit • The Washington Post

Elizabeth Dwoskin and Tony Romm:

»

Facebook said on Thursday that it has purged more than 800 U.S. publishers and accounts for flooding users with politically oriented content that violated the company’s spam policies, a move that could reignite accusations of political censorship.

The accounts and pages, with names such as Reasonable People Unite and Reverb Press, were probably domestic actors using clickbait headlines and other spammy tactics to drive users to websites where they could target them with ads, the company said. Some had hundreds of thousands of followers and expressed a range of political viewpoints, including a page that billed itself as “the first publication to endorse President Donald J. Trump.” They did not appear to have ties to Russia, company officials said.

Facebook said it was not removing the publishers and accounts because of the type of content they posted but because of the behaviors they engaged in, including spamming Facebook groups with identical pieces of content, unauthorized coordination and using fake profiles.

“Today, we’re removing 559 Pages and 251 accounts that have consistently broken our rules against spam and coordinated inauthentic behavior,” the company said in a blog post. “People will only share on Facebook if they feel safe and trust the connections they make here.”

But the move to target U.S. politically oriented sites, just weeks before the congressional midterms, is sure to be a flash point for political groups and their allies, who are already accusing the tech giant of political bias and arbitrary censorship of political content.

«

The content is pretty shocking, though. It’s the absolute definition of “fake news”: utterly untrue crap intend to create outrage, derision and mistrust. How might that show itself in society, do you think?
link to this extract


I was reported to police as an agitated black male — for simply walking to work • Medium

Reginald Andrade:

»

on September 14, campus police were waiting for me when I arrived at the reception desk at Whitmore. I had no idea why but I knew it couldn’t be good. My heart started pounding.

Two university detectives sat me down me in an office and closed the door. Bewildered, I asked what was happening. They refused to answer, as they peppered me with questions.
“What time did you wake up?” “What were you doing at the campus recreation center?” “Did you come into the building agitated?” I felt confused, powerless, and scared, but made sure to maintain my composure. I remembered that even unarmed Black people disproportionately get killed during police encounters, and it was incumbent on me as an innocent Black man to show that I wasn’t a threat. It wasn’t until the end of their interrogation that they revealed why I was being questioned.

Someone had called the university’s anonymous tip line, reporting that they had seen an “agitated Black male” who was carrying a “a heavy backpack that is almost hitting the ground” as he approached the Whitmore Administration Building. I — the “agitated Black male” — apparently posed such a threat that police put the entire building on lockdown for half an hour.

I have no idea how the caller come to the conclusion that I was “agitated,” considering they hadn’t interacted with me. I do know that Black people are often stereotyped as angry, armed, or dangerous.

I’ve had to answer to the police before for being a Black man at UMass Amherst.

«

Sometimes America’s problems feel intractable. Another story going around on Thursday: “Georgia woman calls police on black man babysitting white kids: Corey Lewis, who runs a youth mentoring program, was followed by a white woman from a Walmart to his mother’s home.”
link to this extract


Leaked Google research shows company grappling with censorship and free speech • The Verge

Nick Statt:

»

Google’s presentation acknowledges that “censorship can give governments — and companies — the tools to limit the freedom of individuals.” But it also lays out all the reason why tech platforms like Google search and YouTube are responsible for policing what happens on their apps and websites. The slides give a history of how parts of the internet have become dominated by bad actors, and how both tech companies and governments have failed to address the issues. With regard to censorship, Google notes in the slides how government takedown requests have tripled in the last two years, and how YouTube is now the target of a majority of these requests, with Google Search behind it.

The presentation concludes that tech companies “are performing a balancing act between two incompatible positions,” and that’s the reason why censorship is on the rise as companies like Google, Facebook, and Twitter take more heavy-handed approaches to moderation in response to heightened criticism. The slides conclude that transparency, consistency, and responsiveness are paramount in addressing this ongoing imbalance, and that there is not a “right amount of censorship” that will please everyone and solve these issues.

«

The presentation (linked above) is very finely balanced; it recognises many of the problems that have emerged. Definitely worth reading.

However a couple of points it doesn’t consider: 1) that it’s the concentration (Facebook, Google-YouTube, Twitter) that causes the problem; if all the discussion were happening on a gazillion sites, as happened before 2004, it would be less of an issue; 2) that their algorithms aren’t beautiful indifferent beasts which connect people with precisely the information they want, but instead are actively part of the problem, particularly in the case of YouTube’s recommendation algorithm.
link to this extract


Windows 10 October 2018 Update no longer deletes your data • Ars Technica

Peter Bright:

»

Microsoft has figured out why the Windows 10 October 2018 Update deleted data from some systems and produced a fixed version. The severity of the bug caused the company to cease distribution of the update last week; the fixed version is now being distributed to Windows Insiders for testing, ahead of a resumption of the wider rollout…

…The software giant claims that only a small number of users were affected and lost data and has published an explanation of the problem.

The storage location of the Known Folders can be changed, a capability called Known Folder Redirection (KFR). This is useful to, for example, move a large Documents folder onto a different disk. Software asking for the Documents Known Folder location will be given the redirected location so it’ll seamlessly pick up the redirection and use the correct place. This is why programs shouldn’t just hardcode the path; it allows this kind of redirection to work.

Redirecting one or more Known Folders does not, however, remove the original folder. Moreover, if there are still files in the original folder, redirecting doesn’t move those files to the new location. Using KFR can thus result in your files being split between two locations; the original folder, and the new redirected folder.

The October 2018 Update tried to tidy up this situation. When KFR is being used, the October 2018 Update will delete the original, default Known Folder locations. Microsoft imagined that this would simply remove some empty, redundant directories from your user profile. No need to have a Documents directory in your profile if you’re using a redirected location, after all. The problem is, it neither checked to see if those directories were empty first, nor copied any files to the new redirected location. It just wiped out the old directory, along with anything stored within it. Hence the data loss.

«

“No longer deletes your data” – looks like the marketing department has found its new tagline.
link to this extract


Outline: secure access to the open web • Google Open Source Blog

Vinicius Fortuna on Google’s Jigsaw project, which aims to protect high-profile targets from surveillance:

»

Censorship and surveillance are challenges that many journalists around the world face on a daily basis. Some of them use a virtual private network (VPN) to provide safer access to the open internet, but not all VPNs are equally reliable and trustworthy, and even fewer are open source.

That’s why Jigsaw created Outline, a new open source, independently audited platform that lets any organization easily create and operate their own VPN.

Outline’s most striking feature is arguably how easy it is to use. An organization starts by downloading the Outline Manager app, which lets them sign in to DigitalOcean, where they can host their own VPN, and set it up with just a few clicks. They can also easily use other cloud providers, provided they have shell access to run the installation script. Once an Outline server is set up, the server administrator can create access credentials and share with their network of contacts, who can then use the Outline clients to connect to it.

«

Very smart, letting them create their own VPN.
link to this extract


Chrome OS grows from underdog to attack dog • ZDNet

Ross Rubin:

»

…at a time when only a handful of major companies (Samsung and Huawei) continue to pursue larger Android tablets. Google has apparently decided to step in with a version of its “desktop” OS. This buys Google a few advantages. First, when its circular-buttoned keyboard is attached, the Pixel Slate can switch from more of a tablet mode to a desktop mode. This is similar to what Surface can do, except Google can rely on a huge library of tablet-friendly (if often not optimized) Android apps.

Second, either mode can take advantage of the full desktop version of Chrome, an advantage over iOS (and Android). And third, Chrome OS’ extensive history with mouse and keyboard make it a good match for a desktop mode when connected to an external monitor. There have been questions around the breadth of this need at least since Microsoft launched Continuum for Windows Phones, but it should provide a more familiar experience than, say, Samsung’s DeX.

On the other hand, the Pixel Slate faces many obstacles. Among these are general continued softness in the general tablet market, Google’s limited retail footprint and enterprise channels, and little awareness or momentum of Chrome OS beyond education, much less acceptance of it as a tablet operating system. A larger tablet, the Pixel Slate with its keyboard cover will cost about $800 with a Celeron, about the same price as the smaller 10.5-inch iPad Pro with an Apple keyboard cover (and $150 less than a keyboard-equipped 12.9-inch model).

It’s less than a similarly sized Surface Pro 6 with Keyboard Cover ($1,060) although that device’s minimum configuration includes a Core i5 processor and more RAM offset by Windows’ larger footprint. So, all in all, the Pixel Slate is competitively priced, although not dramatically cheaper versus the main keyboard-equipped tablets from its main ecosystem rivals.

«

Rather depends on its ability to persuade people that they want the minimalism of ChromeOS compared to the variety of iOS apps (includes Microsoft Office) or, well, full Windows. Works for schools, of course.
link to this extract


Hackers are using stolen Apple IDs to swipe cash in China • Bloomberg

»

Alipay, whose parent also operates the world’s largest money market fund, said on its Weibo blog that it contacted Apple and is working to get to the bottom of the breach. It warned users that’ve linked their Apple identities to any payment services, including Tencent’s WePay, to lower transaction limits to prevent further losses. Tencent said in a separate statement it too had noticed the cyber-heist and reached out to the iPhone maker.

China’s two largest companies both recommended that users of their digital wallets take steps to safeguard their Apple accounts, including by changing passwords. It’s unclear how the attackers may have gotten their hands on the Apple IDs, which are required for iPhone users that buy content such as music from iTunes or the app store. Apple representatives haven’t responded to requests and phone calls seeking comment.

“Since Apple hasn’t resolved this issue, users who’ve linked their Apple ID to any payments method, including Alipay, WePay or credit cards, may be vulnerable to theft,” Alipay said in its blogpost.

Digital payments services have become a tempting target for cyber-thieves as their popularity surges around the world. Ant Financial, which is controlled by billionaire Alibaba co-founder Jack Ma, is estimated to handle more than half of China’s $17 trillion in annual online payments. Formally known as Zhejiang Ant Small & Micro Financial Services Group, it leveraged Alipay’s popularity to expand into everything from asset management to insurance, credit scoring and lending. It serves more than 800 million customers. Tencent’s rival payments offering is a key component of the social media service WeChat, which has a billion-plus users.

«

Wonder how many of the hacked accounts used two-factor authentication? By the way, do you use it on (check) Facebook, Twitter, Dropbox, Gmail/Hotmail/Yahoo Mail, Amazon?
link to this extract


Microsoft pulls ‘Minecraft’ for Apple TV due to low demand • Yahoo News

Jon Fingas:

»

You probably didn’t have a hankering to build Minecraft worlds on your Apple TV, and Microsoft has quietly acknowledged that reality. The company recently started notifying players that it had stopped updating and supporting the Apple TV version of the game on September 24th in order to “reallocate resources to the platforms that our players use the most.” To phrase it differently, there weren’t enough people playing to justify the investment. The game will continue to work, including Marketplace purchases, but you won’t see new features. It’s not available in the App Store, either.

If you made any Minecraft purchases for Apple TV within 90 days of the original announcement, you can ask for refunds.

It’s somewhat telling that people didn’t even draw attention to Minecraft’s fate on Apple TV until well after the 24th – you’d have heard about it right away on most other platforms. You can likely attribute it to a combination of the device’s limitations with Microsoft’s priorities. Minecraft effectively required a Bluetooth gamepad, severely restricting the audience – were you going to spend that extra money just so that you could construct towers and fend off Creepers? The Apple TV version was also late to key features like the Realms multiplayer system, making it the last place you’d want to go if you insisted on playing the hottest new content.

«

Apple’s strategy around Apple TV and games is terrifically unobvious. Its idea two years ago that “TV is about apps” seems to have gone nowhere. Its TV content strategy hasn’t quite happened. TV is difficult in the US because of content costs, but Netflix does OK on £10 or so per month.
link to this extract


Lenovo reclaims the #1 spot in PC rankings in Q3 2018 • IDC

»

Preliminary results for the third quarter of 2018 (3Q18) show that shipments of traditional PCs (desktop, notebook, and workstation) totaled nearly 67.4m units, marking a decline of 0.9% in year-on-year terms, according to the International Data Corporation (IDC) Worldwide Quarterly Personal Computing Device Tracker. Unlike 2Q18, which grew, the 3Q18 results nonetheless outperformed the forecast which called for a decline of 3.0% due to several factors…

…”Q3 came in better than expected,” said Jay Chou, research manager with IDC’s P ersona l C omputing Device Tracker. “But the outlook remains uncertain as we head into the holiday season, when volume will be boosted by many consumer-oriented promotions in entry-level SKUs. AMD supply could help with processor demand somewhat, but it will also take time for OEMs to spec in more models.”

“Despite looming concerns around CPU shortages, the PC market in the U.S. turned in a good quarter backed by strong results in the notebook segment,” said Neha Mahajan, senior research analyst, US Devices & Displays. “Healthy business PC volume, steady Chromebook shipments to U.S. K-12, and a growing gaming consumer base have been the key reasons for the optimism around the U.S. PC markets.”

«

Hooray! Only down a bit rather than a lot! Notable: Apple sales quite a long way down (11%), though this is an estimate. Equally, IDC’s estimates tend to be higher than Apple’s actual figures.

Gartner, meanwhile, puts the market at “flat growth” (huh?) with 0.1% growth, to 67.2m units. So that’s some agreement.
link to this extract


Discord is a safe space for white supremacists • Slate

April Glaser:

»

White-supremacist groups aren’t turning up publicly, in force, like they did in Charlottesville last year, but they’re still out there. And Discord in particular remains a very popular destination for communities of neo-Nazis and white supremacists to socialize, share hateful memes, boost the ideas that undergird their movements, inculcate strangers, and plan activities that take place elsewhere online. In the course of an afternoon, I found and joined more than 20 communities on the platform that were either directly about Nazism or white supremacy or reveled in sharing anti-Semitic and racist memes and imagery. “Discord is always on and always present among these groups on the far-right,” says Joan Donovan, the lead researcher on media manipulation at the Data & Society Research Institute. “It’s the place where they do most of the organizing of doxing and harassment campaigns.”

One reason that this might be worrying is that Discord is a far more important internet platform—especially for people who want to be part of hateful online communities—than its frequency in the headlines would suggest. Discord’s user base of more than 150 million may mostly consist of gamers chatting about gaming, but in certain corners of the platform, swastikas are exchanged like high-fives. The groups have names like “Nazism ’n’ Chill,” “Reich Lords,” “Rotten Reich,” “KKK of America,” “Oven Baked Jews,” and “Whitetopia.” They appear to have thousands of participants who trade memes and jokes, share links, condemn “social justice warriors,” and transmit the revisionist histories that bolster their rationalizations of Nazism and white supremacy. I found these communities mostly through Discord search sites (like Discordservers.com, Discord.me, and Disboard.org) as well as through invites posted in some of the Discord groups.

«

It’s meant to be for gamers. However…
link to this extract


App Store generated 93% more revenue than Google Play in Q3 • TechCrunch

Sarah Perez:

»

Based on Sensor Tower’s chart of top-grossing apps across both stores, subscriptions are continuing to aid in this revenue growth. Netflix remained the top-grossing non-game app for the third quarter in a row, bringing in an estimated $243.7m across both platforms. Tinder and Tencent Video remained in the second and third spots, respectively.

Mobile game spending also helped fuel the revenue growth, with spending up 14.9% year-over-year during the quarter to reach $13.8bn. In fact, it accounted for 76% of all app revenue across both platforms in the quarter, with $8.5bn coming from the App Store and $5.3bn from Google Play.

In terms of app downloads, however, Google Play still has the edge thanks to rapid adoption of lower-cost Android devices in emerging markets, the report said. App installs grew 10.9% across both stores, reaching 27.1 billion, up 24.4% from Q3 2017.

«

I recall, some years ago when I used to write this story every quarter, people – well, commenters – assuring me that it wouldn’t be long before revenues from Google Play would overhaul those in the App Store. (Here’s a classic example, right from the very first comment.) And yet six years on, hasn’t happened.

Probably the key point is that Sensor Tower (and others) can’t see the revenues that developers and Google get from in-app advertising. However, that’s very much the smallest part – maybe 12%? – of the three monetisation strategies (paid-for, in-app, advertising), according to this report which covers 2011-2017. Any more recent data welcome.
link to this extract


Hardware Unboxed analyzes Intel’s commissioned core i9-9900k benchmarks • HardOCP

:

»

Hardware Unboxed did a short analysis of a few of the benchmarks as their team felt that the i7-8700K benchmarks and the AMD Ryzen 2700X numbers were incorrect. They found that Principled Technologies had allegedly gimped the AMD CPUs by using different coolers, incorrect ram timings, and possibly even disabled some of the cores on the AMD Ryzen 2700X. To put this into perspective, on the Ashes of the Singularity benchmark that Hardware Unboxed ran, the AMD Ryzen 2700X was 18% faster and the i7-8700K was 4% slower, than the commissioned testing that Intel has published. They even showed how over a suite of games that the i7-8700K was only 9% faster than the AMD Ryzen 2700X in previous pure gaming benchmarks conducted by Hardware Unboxed. Yet in Intel’s commissioned benchmark results, the AMD Ryzen 2700X was far, far, behind the Intel i7-8700K in performance metrics. This is why we never trust a manufacturer’s benchmarks. Always wait for the review before buying hardware.

«

So Intel is “choosing” who benchmarks its processors for broader publication so that they will come out ahead of AMD. It feels weird to be living in a time when Intel cares again about AMD being competitive.

That said, unless you’re building a PC from scratch, you don’t have much choice about your processor, do you? (Thanks Stormyparis for the link.)
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up No.928: Apple’s TV content plans, the Apple Watch clue to a Saudi dissident, crypto on the ebb tide, Google PIxel 3 hands-on, and more


Meet the New Yorker’s newest fact-checker. (No, it’s not Alex Hern.) Photo by Gage Skidmore on Flickr.

A selection of 13 links for you. Lucky for some. I’m @charlesarthur on Twitter. Observations and links welcome.

Apple plans to give away original content for free to device owners • CNBC

Alex Sherman:

»

Apple is preparing a new digital video service that will marry original content and subscription services from legacy media companies, according to people familiar with the matter. Owners of Apple devices, such as the iPhone, iPad and Apple TV will find the still-in-the-works service in the pre-installed “TV” application, said the people, who asked not to be named because the details of the project are private.

The product will include Apple-owned content, which will be free to Apple device owners, and subscription “channels,” which will allow customers to sign up for online-only services, such as those from HBO and Starz.

Apple plans to debut the revamped app early next year, the people said. An Apple spokesman declined to comment.

As Bloomberg reported in May, the subscription channels will essentially copy Amazon’s Prime Video Channel Subscriptions. Customers will be able to access all of their content from within the TV app so they won’t need to download individual apps from multiple media providers.

«

Sensible enough. It’s tempting to feel this is late to the game – Netflix, Amazon, YouTube. But then again, one thought that about Spotify; Apple Music is going OK. Having that installed base is a huge weapon.
link to this extract


Over nine million cameras and DVRs open to APTs, botnet herders, and voyeurs • ZDNet

»

Millions of security cameras, DVRs, and NVRs contain vulnerabilities that can allow a remote attacker to take over devices with little effort, security researchers have revealed today.

All vulnerable devices have been manufactured by Hangzhou Xiongmai Technology Co., Ltd. (Xiongmai hereinafter), a Chinese company based in the city of Hangzhou.

But end users won’t be able to tell that they’re using a hackable device because the company doesn’t sell any products with its name on them, but ships all equipment as white label products on which other companies put their logo on top.

Security researchers from EU-based SEC Consult say they’ve identified over 100 companies that buy and re-brand Xiongmai devices as their own.

All of these devices are vulnerable to easy hacks, researchers say. The source of all vulnerabilities is a feature found in all devices named the “XMEye P2P Cloud.”

The XMEye P2P Cloud works by creating a tunnel between a customer’s device and an XMEye cloud account. Device owners can access this account via their browser or via a mobile app to view device video feeds in real time.

«

When I was writing Cyber Wars, Xiongmai cropped up as a company which had been criticised for the (lack of) security in devices it built. I tried getting in touch. Nothing.
link to this extract


Amazon scraps secret AI recruiting tool that showed bias against women • Reuters

Jeffrey Dastin:

»

The team had been building computer programs since 2014 to review job applicants’ resumes with the aim of mechanizing the search for top talent, five people familiar with the effort told Reuters.

Automation has been key to Amazon’s e-commerce dominance, be it inside warehouses or driving pricing decisions. The company’s experimental hiring tool used artificial intelligence to give job candidates scores ranging from one to five stars – much like shoppers rate products on Amazon, some of the people said.

“Everyone wanted this holy grail,” one of the people said. “They literally wanted it to be an engine where I’m going to give you 100 resumes, it will spit out the top five, and we’ll hire those.”

But by 2015, the company realized its new system was not rating candidates for software developer jobs and other technical posts in a gender-neutral way.

That is because Amazon’s computer models were trained to vet applicants by observing patterns in resumes submitted to the company over a 10-year period. Most came from men, a reflection of male dominance across the tech industry.

«

So more accurate to say that the AI tool revealed bias against women. But then kept on doing the same: it would penalise those CVs which included “women’s”. Eventually they realised they couldn’t get it right.
link to this extract


Daniel Radcliffe and the art of the fact-check • The New Yorker

Michael Schulman on the Harry Potter actor doing a quick stint to get into character for a play about a fact-checker he’s appearing in:

»

The writer (herself a former checker) had noted the restaurant’s “Venice Beach aesthetic”: fact or opinion? Canby designated it a “workable possible impression,” but worth checking. Radcliffe had an eleven-o’clock phone call scheduled with the chef, Justin Bazdarich, and Canby gave him something akin to an acting lesson: “You have to project confidence, so the person doesn’t start quarrelling with everything that you ask.”

“I’m more nervous about this than I am about going onstage tonight,” Radcliffe said.

Canby had to go; he deputized a checker named Parker Henry to supervise Radcliffe. On her computer, they checked a few easy facts from the restaurant’s Web site, which indicated that, yes, the brunch menu includes a “bowls” section. Then they ducked into a windowless fact-checking library and dialled Bazdarich.

“Hi, Justin. I’m Dan, at The New Yorker,” Radcliffe began, twiddling a red pencil. “Some of these questions are going to feel very boring and prosaic to you,” he warned. “So bear with me. First off, your surname: is that spelled B-A-Z-D-A-R-I-C-H?” (It is.) “Does the restaurant serve guacamole?” (Yes.) “In the dip itself, would it be right to say there are chilies in adobo and cilantro?” (No adobo, but yes to the cilantro.) “Is there a drink you serve there, a Paloma?” (Yes.) “And that’s pale, pink, and frothy, I believe?” (Correct.) “Is brunch at your place—which, by the way, sounds fantastic—served seven days a week?” (Yes.) “That’s great news,” Radcliffe said, “for the accuracy of this, and for me.”

«

link to this extract


Google will soon give you greater control of your call logs and SMS data • Android Police

C Scott Brown:

»

what if an app wants to do things related to making phone calls and sending text messages? Should that app have the ability to access your potentially sensitive call logs and SMS data simply through a normal permissions request notification?

Google thinks that is too open-ended, which is why it is specifying a new policy which will prevent applications from even asking for access to your call logs and/or SMS data unless you choose to make that app the default service for making phone calls or sending texts.

This will hopefully prevent apps you’ve downloaded but don’t use often from continuing to monitor your call logs and SMS data after you’ve installed them and given them permission to do so.

Granted, there are still ways rogue developers could abuse this policy, but it will at least make things a little more difficult…

…right now a developer could create an app which uses SMS in some way but doesn’t need to be set as the default service. The app can ask for access to SMS data, the user can agree, and even though the user may never use that app again, it will continuously have access to their data.

In other words, this new policy isn’t 100% secure, but it’s certainly better than the current policy. And, either way, it’s the user’s responsibility to only grant permissions to trustworthy apps.

«

Typically terrible writeup. “Hopefully”? And no, it’s Google’s responsibility to write an OS which treats call and SMS data as something that shouldn’t be accessible to other apps. Android is ten years old now. This shouldn’t be something it’s just discovering.
link to this extract


Research: cryptocurrency is dying • The Next Web

»

According to a new report from technology research group, Juniper Research, the cryptocurrency “industry is on the brink of an implosion.”

The research highlights some key market metrics, all of which display cryptocurrencies as being on a downward spiral.

“During Q1 2018, cryptocurrency transactions totaled just over $1.4trn, compared with less than $1.7trn for 2017 as a whole,” the report notes. “However, by Q2 2018, transaction values had plummeted by 75%, to under $355bn.”

Juniper is expecting a further 47% drop in transaction values for Q3 2018 compared to the previous quarter.

The researchers claim economic uncertainty typically encourages growth, yet even “strained China-US trade relations and Brexit-related troubles” failed to rouse any interest in the cryptocurrency industry…

…Daily Bitcoin transaction volumes have fallen from nearly 360,000 per day in late 2017 to around 230,000 in September 2018.

«

That many? Still?
link to this extract


SEC tightens the noose on ICO-funded startups • Yahoo Finance

Daniel Roberts:

»

During the past few months, the Securities and Exchange Commission has significantly widened its crackdown on certain initial coin offerings, putting hundreds of cryptocurrency startups at risk.

The SEC sent out a slew of initial information-seeking subpoenas at the start of 2018. Now the agency has returned to many of those companies, and subpoenaed many more—focusing on those that failed to properly ensure they sold their token exclusively to accredited investors.

The agency is exerting pressure on many of those companies to settle their cases. In response, dozens of companies have quietly agreed to refund investor money and pay a fine. But many startups that have been subpoenaed say they are left in the dark struggling to satisfy the SEC’s demands, and are uncertain of how others are handling it, according to conversations with more than 15 industry sources as part of a joint investigation by Yahoo Finance and Decrypt.

The sources, many of whom are employees of companies that were subpoenaed by the SEC or are attorneys for those companies, requested anonymity, because the SEC restricts them from discussing the matter.

«

So the chickens are coming home to roost, except they have big teeth and can lock you in jail.
link to this extract


What’s in a number: how love for expensive cars and number plates revealed the second Skripal suspect’s indentity • Conflict Intelligence Team

Ruslan Leviev:

»

A few days ago we published a photo of a driver’s license beloning to Anatoliy Vladimirovich Chepiga (the Skripal poisioning suspect under alias of “Ruslan Boshirov”), which an anonymous source sent to us via email. Using the full driver’s license data, we verified that it was, in fact, valid…

Our readers used an online OSAGO vehicle insurance database and the driver’s license data to find out that the driver’s license [ was really registered to Anatoliy Vladimirovich Chepiga…

The same database revealed that during 2016-2017 Chepiga had an OSAGO insurance policy for a vehicle with state registration number Т 705 ТТ 99 and VIN code X4XKS494000H01806.

A Yandex search quickly yielded a publicly available photograph of a BMW X5 with this number plate…

There is a variety of online services that allow to use partial information on a vehicle to find out its more or less full history. Among them are Avtokod, Avtoteka, Telegram bot AvinfoBot and others. We used all those services to find information on X4XKS494000H01806 VIN-code of Chepiga’s car which was already known from OSAGO database. It turned out that from June 2017, a BMW X5 with this VIN code belonged to Darya Torbenko (Emelyanova). The car’s ex-owner Chepiga kept the T 705 TT 99 number, while Torbenko received a new number — К 912 ХР 777. The sale and purchase deal was concluded in June 2017. In October, Torbenko changed her last name…

Knowing that Chepiga kept the Т 705 ТТ 99 number, we used the same services to check if he had bought a new car. Searching the car’s registration number at Avtoteka, we found out that currently this number belongs to a 2017 Mercedes GL-Klasse, VIN code WDC1668241A988448:

Using the vehicle’s VIN code for the Avtokod website search, we found more information on the car, in particular a list of traffic violation fines with fine ruling numbers

What does a fine ruling number give us? We can search those numbers in a fine check service at Avtokod.mos.ru to see photographs of the traffic violation and, crucially, the first name and patronymic of the violating driver…

Well, this is weird. We know that the number Т 705 ТТ 99 belongs to Anatoliy Vladimirovich Chepiga. However, the violating driver for both is a certain Aleksandr Evgenyevich [Александр Евгеньевич], which is, incidentally, the same name and patronymic as given in the fake passport of Chepiga’s presumed colleague «Aleksandr Evgenyevich Petrov». How do we find information on this Aleksandr Evgenyevich? Last year, Russian media reported on a massive insurance company data leak. Reportedly, among the leaked info was not only text data, but document photos as well.

«

This is amazing, open-sourced investigation made possible by access to data. You want to bring criminals to justice? Use the government’s own surveillance of citizens against it. The original post has lots of photos to back up the data here.
link to this extract


Google devices like Pixel are a hobby and likely to stay that way • Bloomberg

Shira Ovide:

»

In 2017 and the first half of this year, Google shipped about 5 million Pixel smartphones worldwide, according to the research firm IDC. Apple sells as many iPhones in about eight days as Google did in 18 months — and even Apple has a relatively small minority market share in smartphones. 

Small numbers aren’t confined to Google, either. Journalists like me can’t stop talking about the “runaway success” of the Echo devices, Amazon.com Inc.’s rapidly expanding lineup of voice-activated home doodads. Amazon sold about 3.6m of the two most popular Echo models from April to June, Strategy Analytics estimated. Fitbit, a company that journalists like me stopped talking about long ago, sold 2.7m motion-tracking gadgets in the same period. 

Yes, Amazon’s hardware sales are growing and Fitbit numbers are shrinking, but you get the point. For most software or internet tech empires, hardware is a niche hobby, and it will remain so for the foreseeable future. 

That leaves the question of why tech companies that built fortunes on areas other than computing hardware are bothering at all. I wasn’t sure about Microsoft’s Surface line for a long time, but I have been convinced that the company successfully spurred new ideas in what a computer could and should be, even as Microsoft sells relatively few personal computers on its own. I’m not completely sold on the strategic merits of Amazon’s Echo gadgets, but it’s clear that the company wants a pole position if computers controlled by voice become the prevalent form of human interaction with machines. 

As for Google, I was unsure of the merits of the company jumping into hardware with both feet when the Alphabet unit unveiled its first self-branded smartphone two years ago, and I’m still not sure what the company is doing.

«

Indeed, if Google doesn’t spread the Pixel computational love to the rest of the Android OEMs, what is the point? Experimentation?
link to this extract


Google Pixel 3 hands-on—Not the best first impression • Ars Technica

Ron Amadeo:

»

This year the back is all glass, but the two-tone look remains thanks to two different treatments to the glass. The top is bare, shiny glass and a fingerprint magnet, while the rest of the phone has a soft-touch, satin-like matte coating.

The coating feels great, but it doesn’t seem very durable. There were already visible scratches on both of the demo units I photographed, which you can see, and it’s easy to damage the back with something as mundane as a USB-C cable. Both of the demo phones I photographed at the show already had several scratches on them. Harsh camera lighting is pretty much the worst-case scenario for finding scratches, but I’ve never seen demo units this beat up before at a launch. I was disappointed by the change from metal to glass, but this is a double whammy: all the fragility of glass with none of the scratch-resistant hardness…

…I’m sad to say the front design is just as disappointing in real life as it is in pictures. Google has turned in two phones that just aren’t up to the 2018 competition. The Pixel 3 XL follows the notch display trend, but Google has the biggest notch in the industry. The cutout extends so far into the display that it doesn’t fit inside a normal Android status bar, so the bar is twice as tall as normal, which looks ridiculous. The width of the notch means you only get to see three notification icons on the screen before you run out of space. Combined with the 3 XL’s sizable bottom bezel, I don’t think there’s a single 2018 phone in the Pixel 3’s price range you can point to and call a worse design. Google is pretty much at the back of the pack here.

«

He likes the displays, though. (Phew.) Thinks they switched to Samsung, away from LG for the Pixel 2, which had terrible screen issues.

Also, there’s no 3.5mm headphone jack – it’s USB-C headphones for you, or Bluetooth ones. I seem to remember Google making a big play of keeping the jack a couple of years ago. What changed, exactly?
link to this extract


Sonos now lets you update devices automatically • Android Police

Rita El Khoury:

»

Our connected life is certainly getting more complex with time. With the convenience of smart/Wi-Fi enabled devices comes the trouble of keeping everything up-to-date. Some companies choose to stick with manual updates, forcing you to manually approve every minor version change. Others opt for automatic updates, removing the guesswork and friction out of the process. Sonos used to be part of the first category, but now the company has added an option for seamless updates.

In the latest Sonos app update to v9.2 (APK Mirror), there’s a new Automatic Updates toggle under System Updates. Flip it on and you can set your Sonos updates to happen overnight to avoid disrupting your listening during the day.

«

Same on iOS. Thank the flipping stars for that. I love Sonos’s stuff, but the nagging about updates and the impossibility of just letting it get on and do it has been a pain for ages.
link to this extract


Apple Watch, hired jet, mystery vehicle figure in search for missing Saudi dissident • Reuters

Orhan Coskun, Sarah Dadouch, Stephen Kalin:

»

[Jamal] Khashoggi flew back to Istanbul from London on Monday evening, Oct 1. The following morning, he spoke again with consul worker Sultan, who told him to collect the document at 1 p.m the same day.

Outside the consulate, a low rise building at the edge of one of Istanbul’s business districts, Khashoggi handed Cengiz his two mobile phones, the fiancee told Reuters. He left instructions that she should call Aktay, the Erdogan aide, if he didn’t reappear. Khashoggi was wearing his black Apple Watch, connected to one of the phones, when he entered the building.

A senior Turkish government official and a senior security official said the two inter-connected devices are at the heart of the investigation into Khashoggi’s disappearance.

“We have determined that it was on him when he walked into the consulate,” the security official said. Investigators are trying to determine what information the watch transmitted. “Intelligence services, the prosecutor’s office and a technology team are working on this. Turkey does not have the watch so we are trying to do it through connected devices,” he said.

Tech experts say an Apple Watch can provide data such as location and heart rate. But what investigators can find out depends on the model of watch, whether it was connected to the internet, and whether it is near enough an iPhone to synchronize.

«

The Saudi regime has denied up and down that it knows where Khashoggi is – or was. Non-Saudi CCTV at front and back shows him going in, but not out; the Saudi consulate says “oh wow, our internal CCTV wasn’t working that day.”

But open source data (such as flight trackers available to everyone, showing two private flights arriving and departing Turkey and Riyadh that day) – and his Apple Watch – could be enough to demonstrate what increasingly is feared: a despotic regime killed a vociferous opponent. If the Apple Watch’s signal died inside the consulate, or went somewhere else, it tells you all you need to know.
link to this extract


The extremely mad professors • The Outline

Christian McCrea:

»

Pluckrose, Lindsay, and Boghossian [who perpetrated the “Sokhal Squared” effort to get hoax papers published in social science journals] will tell you that the crisis in the humanities they’ve ginned up is very current and real, but things get real curious when you scratch the surface. Jason Wilson’s piece in the Guardian from March outlines how the right-wing outrage machine draws in media hucksters and funds right-wing campus activists alike. In that piece, Boghossian is quoted as saying that the target of his hoaxes is “all disciplines infected by postmodernism, and women’s studies and gender studies in particular.” That’s right — hoaxes, plural. Last year, Boghossian and Lindsay employed the same tactic with a fake paper that argued the penis is less of a physical organ than it is something “a social construct isomorphic to performative toxic masculinity.”

Sensing a theme yet? Their long-running, multi-year media circus, based upon a deeply-held well… grievance, resonates with the broadly-held suspicions that some of the stuff that happens on campus is a bit crap — and anything remotely feminist comes first. Because looking around at the world in late 2018, gender doesn’t seem to be any kind of problem for anybody.

But — and I say this confidently — nobody in the humanities actually reads journals the way they do in science. You search journal databases by keywords. You read one paper from a new journal issue. You use what works. You skip over the paper that’s obviously rushed. You know that, in many areas, much more effort goes into book chapters. You know that some journals barely peer-review at all. This includes science journals, where hoaxes have also been perpetrated.

The hoaxers know all of this very well; they’re anything but stupid. The goal is plainly obvious: They don’t want these fields to exist.

«

link to this extract


You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Errata, corrigenda and ai no corrida: none notified

Start Up No.927: doubts over Bloomberg, Google call screening, iPad Pros with Face ID?, the ongoing piracy problem, and more


Apple’s retail store in Shenzhen: site of a sizable triad-driven fraud in the years up to 2013. Photo by Chris on Flickr.

A selection of 10 links for you. Since you’re here. I’m @charlesarthur on Twitter. Observations and links welcome.

The cybersecurity world is debating WTF is going on with Bloomberg’s Chinese microchip stories • Motherboard

Jason Koebler, Joseph Cox, and Lorenzo Franceschi-Bicchierai:

»

On Tuesday, Bloomberg doubled down on its bombshell report from last week, which alleged China had surreptitiously implanted tiny chips into the motherboards of servers to spy on US companies such as Apple and Amazon. If true, this would be one of the worst hacks in history.

In its new story, Bloomberg reports that a US telecom discovered and removed “manipulated hardware” in its servers. The article does not name the telecom and the key claims are all attributed to one source, Yossi Appleboum, co-CEO of security consultant Sepio Systems. Bloomberg reports Appleboum provided “documents, analysis, and other evidence,” but does not publish those or provide more information about what types of documents or evidence it has.

It is not clear in the article that Bloomberg knows which telecom is apparently affected; it notes that Appleboum is covered by an non-disclosure agreement. Motherboard has reached out to 10 major US telecom providers, and the four biggest telecoms in the US have denied to Motherboard that they were attacked: In an email, T-Mobile denied being the one mentioned in the Bloomberg story. Sprint said in an email that the company does not use SuperMicro equipment, and an AT&T spokesperson said in an email that “these devices are not a part of our network, and we are not affected.” A Verizon spokesperson said: “Verizon’s network is not affected.” A CenturyLink spokesperson also denied that the company is the subject of Bloomberg’s new story.

«

The trio who wrote this are Motherboard’s security writers – and they’re probably three of the top five in the business.

Also telling: a Twitter thread by ex-NSA staffer Robert Lee, who says (inter alia) that the writers of the Bloomberg seem keen, and honest, but also attracted to conspiracy theories from anonymous sources.

As time goes by, the Bloomberg China microchip story is looking flakier.
link to this extract


Exclusive: iPad Pro Face ID details, 4K HDR video over USB-C, AirPods-like Apple Pencil 2 pairing, more • 9to5Mac

Guilherme Rambo:

»

Apple is widely expected to hold an event this month to introduce new 2018 iPad Pro models, new Macs, and more. Much of this has been confirmed by evidence within the iOS 12.1 beta, which includes references to an iPad2018Fall device.

Today, sources familiar with the development of the new 2018 iPad Pro have offered additional details about the device, its features, and more.

The model codes for the Wi-Fi models of the 2018 iPad Pro will be iPad8,1, iPad8,2, iPad8,5 and iPad8,6. Meanwhile, the cellular-capable models will be iPad8,3, iPad8,4 and iPad8,7 and iPad8,8.

This means there will be two Wi-Fi models in both size options, and two LTE models in both size options.

The new iPad Pros will have an edge-to-edge display and will not feature a Home button, much like the iPhone. Unlike the iPhone, however, the iPad Pro will not have a notch.

Even though the new 2018 iPad Pro models will sport thinner bezels, those bezels will still be wide enough to accommodate the TrueDepth camera system necessary for Face ID.

The 2018 iPad Pro will include Face ID with the same image signal processor as the iPhone XS, iPhone XS Max and iPhone XR. Further, we can confirm that Face ID on the new iPad Pro will work in both portrait and landscape orientations, though it won’t work upside down.

The Face ID setup process on the new iPad Pros will be very similar to the process introduced with the iPhone X. Notably, despite post-setup support for landscape Face ID, the setup process must be completed in portrait orientation.

It’s not clear if the new landscape support requires a special hardware feature, or if it can be made available to iPhones with a simple software update.

«

Including a thing called “iPad2018Fall” in your widely available beta is certainly a clever way to keep folk salivating. It does seem obvious that you’d be able to do FaceID in landscape: it’s just software correction.
link to this extract


Leaked transcript of private meeting contradicts Google’s official story on China • The Intercept

Ryan Gallagher:

»

[Ben] Gomes, [Google’s search engine chief] who joined Google in 1999 and is one of the key engineers behind the company’s search engine, said he hoped the censored Chinese version of the platform could be launched within six and nine months, but it could be sooner. “This is a world none of us have ever lived in before,” he said. “So I feel like we shouldn’t put too much definite into the timeline.”

It has been two months since The Intercept first revealed details about the censored search engine, code-named Dragonfly. Since then, the project has faced a wave of criticism from human rights groups, Google employees, U.S. senators, and even Vice President Mike Pence, who on Thursday last week called on Google to “immediately end development of the Dragonfly app that will strengthen the Communist Party’s censorship and compromise the privacy of Chinese customers.”

Google has refused to answer questions or concerns about Dragonfly. Earlier this month, a Google executive faced public questions on the censorship plan for the first time. Keith Enright told the Senate Commerce, Science and Transportation Committee that there “is a Project Dragonfly,” but said “we are not close to launching a product in China.” When pressed to give specific details, Enright refused, saying that he was “not clear on the contours of what is in scope or out of scope for that project.”

«

link to this extract


Google Call Screening: a personal robot that talks to, hangs up on spam calls • Ars Technica

Sam Machkovech:

»

Google Call Screening, which will debut on the new Pixel 3 and Pixel 3 XL phones in the US, has been announced as an “on-device” feature (as opposed to something driven by Duplex) that phone users can turn on when a phone call arrives from an unrecognized number. This will pick up the call and have a Google Assistant voice speak a prompt:

“Hi, the person you’re calling is using a screening service from Google, and will get a copy of this conversation. Go ahead and say your name, and why you are calling.”
Whatever the caller says in response will appear as a voice-to-text translation on the phone screen. At that point, Pixel phone users can elect to pick up the call, offer a robo-spoken response like “who is this?” or “I’ll call you back,” or mark the caller’s number as spam. In the demo’s case, the caller describes a contest for an “all-expenses paid trip to Hawaii.” The demo didn’t appear to offer any context-sensitive responses to the spam in question.

Google’s demo also didn’t include any out-loud sample of how calls between your phone’s Google Assistant voice and a robo-caller’s automated voice might sound. For now, the service doesn’t appear to offer the option to listen to the robot-on-robot action in question—in case, for example, you wanted to turn on a muted speakerphone while Google Call Screening did its thing. (We may want to hear the “conversation” in question, just to make sure Google’s promise of giving users a copy doesn’t quite turn out and that this isn’t a ploy to have spam-bots and Goog-bots join forces in a robo-revolution behind our backs.)

«

People I know in the US are being slowly driven mad by robocalls, especially to their mobiles. This is a super-smart move.

The rest of the Google Pixel 3 phone launch is pretty well covered in The Guardian.
link to this extract


More than one third of music consumers still pirate music • The Guardian

Laura Snapes and Ben Beaumont-Thomas:

»

More than one-third of global music listeners are still pirating music, according to a new report by the International Federation of the Phonographic Industry (IFPI). While the massive rise in legal streaming platforms such as Spotify, Apple Music and Tidal was thought to have stemmed illegal consumption, 38% of listeners continue to acquire music through illegal means.

The most popular form of copyright infringement is stream-ripping (32%): using easily available software to record the audio from sites like YouTube at a low-quality bit rate. Downloads through “cyberlocker” file hosting services or P2P software like BitTorrent came second (23%), with acquisition via search engines in third place (17%).

“Music piracy has disappeared from the media in the past few years but it certainly hasn’t gone away,” David Price, director of insight and analysis at IFPI, told the Guardian. “People still like free stuff, so it doesn’t surprise us that there are a lot of people engaged in this. And it’s relatively easy to pirate music, which is a difficult thing for us to say.”

«

I’m surprised by the size of this figure. The other day I was wondering whether anyone has had their internet access cut off under the UK’s Digital Economy Act, introduced in a rush in 2010, which has a “three strikes” rule. Maybe that’s worth looking into.

It’s mostly about “stream ripping” (to be able to listen to music offline, taken from a free streaming service), and search engines are still a culprit.

Also includes some interesting stuff about smart speaker listening.
link to this extract


Google Pixel Slate officially announced: here’s what you need to know • Android Authority

Andrew Grush:

»

It’s no secret the tablet market isn’t what it used to be. It’s hard to get excited about a tablet in 2018, but Google hopes to change that with its newly announced Google Pixel Slate.

The Google Pixel Slate is a Chrome OS-powered tablet that is also capable of transforming into a laptop using a keyboard dock. Essentially this is Google’s take on the Microsoft Surface.

There’s really only so many ways to design a tablet, and so there’s nothing particularly innovative to be seen here in terms of design. On the front sits a 12.3inch QHD LCD display with a 3:2 aspect ratio. You also get front-firing stereo speakers.

The Pixel Slate sports two 8 MP cameras, one above the display and the other in the top right corner of the tablet’s back. Using a tablet as a camera isn’t the most practical experience, though it’s certainly possible. Of course, the main purpose for the camera setup will be video calling.

At the top of the left edge, you will find a volume rocker, with a single USB-C port located near the bottom of the tablet. On the right edge of the Google Pixel Slate you’ll find a fingerprint scanner embedded into the power button. This is a first for Chrome OS devices.

«

Google makes a tablet. That’s brave. The thinking is more that it’s a ChromeOS thing, isn’t it.
link to this extract


Strategy Analytics: Mobile Advertising Spend Growth to Slow to 12% CAGR • Strategy Analytics Online Newsroom

»

After growing over 6-fold between 2013 and 2018, growth in mobile advertising revenue will fall to a 12% CAGR [compound annual growth rate] and the market value will reach $222bn in 2023. The mobile share of digital advertising will grow rapidly in less developed advertising markets but in advanced markets the share over mobile is reaching a plateau. Strategy Analytics expects mobile advertising to continue to suffer from headwinds including increased cautiousness following Facebook’s Cambridge Analytica scandal and the implementation of GDPR in 2018.

Mobile advertising will rise to 67% in 2023. In markets where multi-device use is high, like the U.S., mobile advertising will account for just 58% of all digital in 2023, while in mobile-centric markets like India it will reach 71%.

Asia-Pacific is leading the mobile transition, representing around 44% of global mobile ad spend across the period. At a country-level and in terms of absolute ad spend, the U.S., and mobile-first markets China and Japan will remain leaders although their positions will erode.

Search will remain the dominant mobile advertising format with 47% of ad spend across the period while mobile video ad spend will be the fastest growing (+16.5% CAGR over 2018-2023) driven by the adoption of 6-second mid-rolls, and vertical ad formats by industry leaders Snapchat, Facebook and more recently YouTube.

«

So it’s a sort of good-news-bad-news for Facebook (and properties) and Google (and properties).
link to this extract


Inside Apple’s war on iPhone fraud in China • The Information

Wayne Ma:

»

Five years ago, Apple was forced to temporarily close what was then its only retail store in Shenzhen, China, after it was besieged by lines of hundreds of customers waiting to swap broken iPhones for new devices, according to two former Apple employees who were briefed about the matter. In May 2013, the Shenzhen store logged more than 2,000 warranty claims a week, more than any other Apple retail store in the world, one of those people said.

After some investigation, Apple discovered the skyrocketing requests for replacements was due to a highly sophisticated fraud scheme run by organized teams. Rings of thieves were buying or stealing iPhones and removing valuable components like CPUs, screens and logic boards, replacing them with fake components or even chewing gum wrappers, more than a half-dozen former employees familiar with the fraud said. The thieves would then return the iPhones, claiming they were broken, and receive replacements they could then resell, according to three of those people. The stolen components, meanwhile, were used in refurbished iPhones sold in smaller cities across China, two of the people said…

…A turning point came in 2013, when an Apple data scientist discovered a way to measure the fraud by counting the number of iPhones that switched to new Apple IDs after the devices were replaced under warranty, the person said. Typically, a legitimate customer who gets a replacement logs into the new phone with their original Apple ID, which should match the broken iPhone that they returned to Apple, the person said.

But in fraud cases, replacement phones were usually registered with different Apple IDs because the devices immediately changed hands, the person said. The data scientist discovered more than 60% of replaced iPhones in China were getting new IDs, the person said.

Apple adopted the fraud methodology, known internally as Mismatch, and eventually had as many as 300 employees tackling the problem, which soon became material to the company, the person said.

«

This cost Apple billions. That’s quite some fraud ring there.
link to this extract


Google search losing some advertising business to Amazon, agencies say • CNBC

Michelle Castillo:

»

Amazon’s ad business is booming. Some advertisers are moving more than half of the budget they normally spend with Google search to Amazon ads instead, amounting to hundreds of millions of dollars, according to execs at multiple media agencies. Some of these execs requested anonymity as they are not authorized to discuss their clients’ expenditures in public.

Amazon’s growing success could pose a rare threat to Google parent company Alphabet, which generated $95.4bn in ad revenues last year, 86% of its total revenue. Google is the dominant digital advertising platform in the U.S., and will take in an estimated 37% of digital ad budgets in 2018. Although Alphabet does not disclose the breakdown of its ad revenue, most estimates believe the vast majority comes from search ads — approximately 83% in the year to date, according to research from eMarketer.

Alphabet has remained somewhat insulated from the threat so far, and its overall ad revenue growth actually accelerated in the first half of 2018 compared with last year. Not all categories of brands are shifting money to Amazon — most of the movement is coming in consumer packaged goods, while huge and lucrative advertising categories such as automotive and travel are not yet moving to Amazon. Also, while Google search may be flattening, advertisers are moving parts of their ad spend from other media to different Google properties, particularly YouTube.

«

The more things change, the more they stay the same.
link to this extract


The anatomy of a click: what happens to your data online • Huffington Post

James Ball:

»

You might have followed a link from social media, email, a search engine, or even just typed in a web address, but now you’ve arrived at a site your computer or phone has sent a message to its server asking it to deliver you the content you’ve asked for.

For any site showing programmatic adverts – including this one – this sets off a lengthy chain reaction. The first thing the site does is the obvious one that’s visible to us: it starts sending you the editorial (non-advertising) content that you’ve asked for. So far so good.

What it also does is then send a message saying – more or less – “give me some adverts please!” to a Supply Side Platform, a company specialised in doing the mirror of what the demand ones do: get as much info as it can to go into the matchmaking lottery and get the best price possible.

That Supply Side Platform then sends – via the website you visited – a request for your computer to send it as much information as it’s willing to: it will send details of your browser and its ID, your IP address (which gives your rough location), and as much information from cookies as it can, which can include details of your browsing history and much else.

Once it’s received whatever information your computer was willing to hand over – the more the better, as it lets advertisers target better – it bundles it up, and it’s ready for the main event: the auction for your attention.

«

Useful guide to what happens far, far faster than humans can imagine. One to refer to for the future.
link to this extract


You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Errata, corrigenda and ai no corrida: none notified

Start Up No.926: the climate change deadline, Facebook gets visual, the GRU’s hasty fumbling, archiving the internet, and more


Google is about to be minus Google Plus. Photo by dolphinsdock on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

We have 12 years to limit climate change catastrophe, warns UN • The Guardian

Jonathan Watts:

»

The authors of the landmark report by the UN Intergovernmental Panel on Climate Change (IPCC) released on Monday say urgent and unprecedented changes are needed to reach the target, which they say is affordable and feasible although it lies at the most ambitious end of the Paris agreement pledge to keep temperatures between 1.5C and 2C.

The half-degree difference could also prevent corals from being completely eradicated and ease pressure on the Arctic, according to the 1.5C study, which was launched after approval at a final plenary of all 195 countries in Incheon in South Korea that saw delegates hugging one another, with some in tears.

“It’s a line in the sand and what it says to our species is that this is the moment and we must act now,” said Debra Roberts, a co-chair of the working group on impacts. “This is the largest clarion bell from the science community and I hope it mobilises people and dents the mood of complacency.”

Policymakers commissioned the report at the Paris climate talks in 2016, but since then the gap between science and politics has widened. Donald Trump has promised to withdraw the US – the world’s biggest source of historical emissions – from the accord. The first round of Brazil’s presidential election on Sunday put Jair Bolsonaro into a strong position to carry out his threat to do the same and also open the Amazon rainforest to agribusiness.

The world is currently 1C warmer than preindustrial levels. Following devastating hurricanes in the US, record droughts in Cape Town and forest fires in the Arctic, the IPCC makes clear that climate change is already happening, upgraded its risk warning from previous reports, and warned that every fraction of additional warming would worsen the impact.

«

Two things you can do immediately: stop eating meat (means less methane, and less deforestation, and less intensive land use); change to a green energy supplier. Also, insulate your home.
link to this extract


Is Putin’s power wavering? What the GRU spy story says • Medium

Rudolf Van Der Berg:

»

hacking the OPCW was strategically completely unimportant to Russia. Yes, the Skripal poisoning and the Chemical Warfare in Syria cases were investigated, but all the fingers had already pointed to Russia. Russia knew it had done both things. All they would figure out is that the OPCW is competent at its job and found traces of Russia’s wrong doing. Of course spies want to know everything, for example the (confidential) sources of data. However why this warranted an attack on such short notice, with such great risk is unclear. When you already know the answer to the question of the researchers and the timing of publication is quite clear, why send four guys with haste and diplomatic passports? It is so undiplomatic. To me it shows the clique around Putin is extremely unsure about themselves and their position. They need to know ahead what the outcome of the OPCW research is, otherwise they fear for their position.

The WADA/IOC hacking shows some spy tradecraft and to some extent it is understable, that Russia wants to know which delegates compromised themselves while online at these events. It may help Russia’s case (and it appears it did, as Russia can play again) However, you also have to wonder why this is a case for high ranking hackers from the most serious Russian intelligence agency. I mean, stealing the plans of a new USA missile seems a far better use of military intelligence. Really this is what you spent your time on? Why? It shows the insecurities of Russian leaders.

«

The comical nature of the GRU’s attempts to hack the OPCW, and the public shaming meted out by the Dutch and British intelligence services, must have hurt. But this is payback for years of interference abroad.
link to this extract


Google exposed user data, feared repercussions of disclosing to public • WSJ

Douglas MacMillan and Robert McMillan:

»

Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage, according to people briefed on the incident and documents reviewed by The Wall Street Journal.

As part of its response to the incident, the Alphabet unit plans to announce a sweeping set of data privacy measures that include permanently shutting down all consumer functionality of Google+, the people said. The move effectively puts the final nail in the coffin of a product that was launched in 2011 to challenge Facebook and is widely seen as one of Google’s biggest failures.

A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue, according to the documents and people briefed on the incident…

…In weighing whether to disclose the incident, the company considered “whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response,” [a Google spokesman] said. “None of these thresholds were met here.”

…The profile data that was exposed included full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status; it didn’t include phone numbers, email messages, timeline posts, direct messages or any other type of communication data, one of the people said.

«

That is a long time for “potential access”, which was via more than 130 APIs – masquerade as a developer and you’re in. The further one reads into this story the more astonishing it is.

Google subsequently published a blog post about how it’s closing down “consumer Google+” because, apparently, “there are significant challenges in creating and maintaining a successful Google+ product that meets consumers’ expectations.”

And for those of us who said Google+ was a flop, here’s what Google says today: “The consumer version of Google+ currently has low usage and engagement: 90% of Google+ user sessions are less than five seconds.” How many of those from people hitting the wrong button in GMail, I wonder?

But Google is still under a 20-year privacy oversight from the FTC, signed in 2011 after its disastrous Google Buzz experiment. The FTC must surely follow this up.
link to this extract


Google Pixel Slate: rumoured specs, features, leaks, price, release date • CNET

Justin Jaffe:

»

With one day to go until Google’s launch event scheduled for Oct. 9, we’ve heard just about every last detail about the company’s forthcoming Pixel and Pixel XL phones. And the rumors about a new convertible tablet also continue to pile up. 

The rumored Google Pixel Slate is said to include a front-facing and rear-facing camera with advanced camera technology, a fingerprint scanner and a new keyboard cover with a magnetic clasp and kickstand — similar to Microsoft’s Surface Pro, which was itself recently refreshed. 

The reports about the Chrome tablets have been preceded by an abundance of extensive, detailed information about Google’s rumored Pixel 3 and Pixel 3 XL — including photos and videos published by Russian bloggers and more photos and information gleaned from a Pixel 3 XL that was apparently left in the backseat of a Lyft. Google hasn’t confirmed anything about any of these reports about the phones or tablet.

But the company has invited media to an event in New York City on Oct. 9. In addition to introducing new tablets, new phones and perhaps other devices, Google is expected show off a new wireless charging stand and the latest version of its Android operating system, known as Android Pie, which features new AR capabilities and upgrades to its voice assistant. 

«

Well, zero days to go until the event. I’m also fairly confident Apple will release invitations to its October event for whatever, just to annoy Google a little. Unless it wants Google to stew in the Google+ fiasco just a little longer.

Nice timing on that one, Google, by the way.
link to this extract


High Court blocks Google iPhone privacy lawsuit • Computer Weekly

Lis Evenstad:

»

The lawsuit accused Google of unlawfully collecting personal information for profiling purposes for advertising by bypassing the default privacy settings that block user tracking on the iPhone’s Safari browser between August 2011 and February 2012, which contravenes data protection laws by taking personal information without consent, and sought compensation for up to £3.2bn.  

During the court hearing in May, lawyers for Google You Owe Us told the court that information collected by Google included race, physical and mental health, political leanings, sexuality, social class, financial, shopping habits, and location data

However, Justice Warby, who presided over the case, said today (8 October) in the judgment document, that he would not let the claim proceed because Lloyd, who led the claim, could not prove that himself “or any of those whom he represents have suffered “damage” within the meaning of the Data Protection Act”.

However, he added in a press summary that there was “no dispute that it is arguable that Google’s alleged role in the collection, collation and use of data obtained via the Safari Workaround was wrongful, and a breach of duty”.

«

This doesn’t quite make sense. In a previous incarnation of this case, about exactly the same infringement, we got this:

»

One of the issues was whether the breach of confidence and misuse of private information claims were “torts”. Tugendhat J said this of the approach: “Judges commonly adopt one or both of two approaches to resolving issues as to the meaning of a legal term, in this case the word “tort”. One approach is to look back to the history or evolution of the disputed term. The other is to look forward to the legislative purpose of the rule in which the disputed word appears”. Having looked to the history, he observed that “history does not determine identity. The fact that dogs evolved from wolves does not mean that dogs are wolves”.

The outcome (paragraphs 68-71): misuse of private information is a tort (and the oft-cited proposition that “the tort of invasion of privacy is unknown in English law” needs revisiting) but breach of confidence is not (given Kitetechnology BV v Unicor GmbH Plastmaschinen [1995] FSR 765).

«

The difference seems to be that the earlier case (which was resolved out of court before it went to the Supreme Court; plaintiffs prevailed in the High Court) wasn’t under the DPA. This one is.
link to this extract


Facebook launches Portal auto-zooming video chat screens for $199/$349 • Techcrunch

Josh Constine:

»

Today Facebook launches pre-sales of the $199 10in screen Portal, and $349 15.6in swiveling screen with hi-fi audio Portal , minus $100 if you buy any two. They’ve got “Hey Portal” voice navigation, Facebook Messenger for video calls with family, Spotify and Pandora for Bluetooth and voice-activated music, Facebook Watch and soon more video content providers, augmented reality Story Time for kids, a third-party app platform, and it becomes a smart photo/video frame when idle.

Knowing buyers might be creeped out, Facebook’s VP of Portal Rafa Camargo tells me “We had to build all the stacks — hardware, software, and AI from scratch — and it allowed us to build privacy into each one of these layers”. There’s no facial recognition and instead just a technology called 2D pose that runs locally on the device to track your position so the camera can follow you if you move around. A separate chip for local detection only activates Portal when it hears its wake word, it doesn’t save recordings, and the data connection is encrypted. And with a tap you can electronically disable the camera and mic, or slide the plastic privacy shield over the lens to blind it while keeping voice controls active.

«

“Knowing people might be creeped out” they built it for privacy. But then they connected it to Facebook. 🤔

Also: those are big screens (or the bigger one is). Clearly aimed at the kitchen.

My instinct: not going to be a hit.
link to this extract


The internet’s keepers? “some call us hoarders—I like to say we’re archivists” • Ars Technica

Nathan Mattise:

»

the Internet Archive offers much more than text these days. Its broadcast-news collection covers more than 1.6 million news programs with tools such as the ability to search for words in chyrons and access to recent news (broadcasts are embargoed for 24 hours and then delivered to visitors in searchable two-minute chunks). The growing audio and music portion of the Internet Archive covers radio news, podcasting, and physical media (like a collection of 200,000 78s recently donated by the Boston Library). And as Ars has written about, the organization boasts an extensive classic video game collection that anyone can boot up in a browser-based emulator for research or leisure. Officially, that section involves 300,000-plus overall software titles, “so you can actually play Oregon Trail on an old Apple C computer through a browser right now—no advertising, no tracking users,” [Wayback Machine director for the Internet Archive, Mark] Graham says.

“Some might call us hoarders,” he says. “I like to say we’re archivists.”

In total, Graham says the Internet Archive adds four petabytes of information per year (that’s four million gigabytes, for context). The organization’s current data totals 22 petabytes—but the Internet Archive actually holds on to 44 petabytes worth. “Because we’re paranoid,” Graham says. “Machines can go down, and we have a reputation.” That NASA-ish ethos helped the non-profit once survive nearly $600,000 worth of fire damage—all without any archived data loss.

«

Search words in chyrons (the text that flows along the bottom of screens). Now there’s a thing. What if we just tried to tell the story of the world in chyrons? How would a day look?
link to this extract


Physics holds the key to performing the flipping water bottle trick • Ars Technica

Jennifer Ouellette:

»

Think of how ice skaters extend their arms and legs to slow down rotation coming out of jumps or spins. It’s the same principle: conservation of angular momentum. Once the bottle is set in motion, its angular momentum remains constant. But shifting how the mass inside (the water) is distributed increases the bottle’s rotational inertia (how much force is required to start or keep it moving). This slows down the bottle’s rotational speed.

Physicists from the University of Twente in the Netherlands decided to analyze the underlying physics [of flipping a half-full bottle of water so it lands upright] more thoroughly in a series of rigorous experiments and develop a theoretical model. For the first version of the experiment, they used a partially filled water bottle. For the second version, they reduced the variables from the large number of water molecules in the bottle to just two tennis balls in a cylindrical container.


Video stills showing the motion of two tennis balls in a can being flipped.
P.J. Dekker et al.

In both cases, their measurements clearly showed the dramatic decrease of the container’s rotational speed, resulting in a nearly vertical descent, so the bottle landed neatly and upright. Tracking the sloshing of the liquid and the changing positions of the tennis balls demonstrated the redistribution of mass, shifting the moment of inertia.

«

link to this extract


Viral “manspreading” video is staged Kremlin propaganda • EU vs Disinfo

»

The St. Petersburg-based online magazine Bumaga found and interviewed one of the men appearing in the recording, who said that he was paid for acting as a victim.

So, if the video is fiction, and if In The Now even openly states this – what is then the purpose of promoting the story to international audiences? What is in it for a Russian state media outlet?

The key to a possible answer is found in the reactions the video has been able to spur.

In the comments section on Facebook, users express outrage against the alleged feminist activist, often in strongly misogynic language, with this comment as the most popular, gathering by now more than 14,000 likes: “Robin Stedman: This is not a protest, it’s assault. Maybe someone should pour bleach water on her for sticking her breasts out. Same thing.”

In other words, the video stages extreme feminist activism and manages to provoke extreme anti-feminist reactions.

A central element in the modus operandi of the famous “troll factory” in St. Petersburg has been to promote not just one, but different and opposing extreme views.

During the American Presidential election campaign in 2016, the goal of the operation was to sow discord in the political system, and address divisive issues via groups and pages falsely claiming to represent US activists. Messaging was e.g. not only pro-Trump, but also protesting against Trump, all to drive in wedges.

An investigation from 2017 by the independent Russian news outlet RBC found that “Russian trolls posing as Americans made payments to genuine activists in the US to help fund protest movements on socially divisive issues”.

«

Russia is so much better at information warfare than the west, principally because the west (particularly in the US) makes a habit of standing around looking for fights to pick. Men v women? Democrats v Republicans? Star Wars done by George Lucas v Star Wars done post-George Lucas? All hills worth dying on, apparently.
link to this extract


Falsehoods programmers believe about time and time zones • Creative Deletion

:

»

• Every day has 24 hours
Counterexample: Because of daylight saving time (DST) some days could have 23 hours and some could have 25 hours. Or some other amount of hours – whole or not.

• OK, but every day without DST changes is 86400 (60 * 60 * 24) seconds long
Sometimes the UTC offset for a time zone is changed.

• … at least in UTC
Leap seconds cause some days to have an extra second. And theoretically there could be negative leap seconds. Although negative leap seconds have not happened yet because the rotation of the earth so far has been slower than UTC, as it were, and not faster.

• Week one of a year starts in January every year
January 1st is not always a Monday so some days of an ISO week will be in different years. Example: 2014 December 28th belongs to week 1 of 2015.

• If I know what time zone someone is in and they just tell me the date and local time, I can always use software to find out what time that is in UTC
If they are in the middle of changing from summertime to wintertime, the clock will be set back one hour. This means that an hour exists twice, so to speak. If the clock is set back to 2:00 and someone tells you that the local time was 2:17 for instance, you do not know if he is talking about 2:17 before the clocks were set back or 2:17 after the clocks were set back.

«

And many more. (Thanks @stormyparis for the link.)
link to this extract


Geospatial Commission earmarks first investments • UK Authority

»

The Geospatial Commission has announced its first investments with plans to pump £5m into unlocking data held by the British Geological Survey, Coal Authority, HM Land Registry, Ordnance Survey, UK Hydrographic Office and the Valuation Office Agency.

The recently created organisation indicated it will provide £80m over the next two years to support the development of new products that can propel “British companies onto a global market”. 

The six to receive the first round of investments are the partner bodies of the commission, set up by the chancellor a year ago to exploit location information, or geospatial data.

Using this publicly held data more productively could be worth up to £11bn to the economy every year, the Government believes.

The data has been produced from delivering public services and enforcing laws – such as navigating public transport or tracking supply chains – but will now be analysed by private firms for new services.

David Lidington, the Cabinet Office minister, said: “This Government is committed to providing more opportunities for tech businesses – including small firms – to thrive, as well as access public procurement opportunities.”

«

That’s good – considering it took four years of lobbying, starting back in 2006, to get the government even to countenance making OS and UKHO data open, this is a continuation down a long road.
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up No.925: more on SuperMicro, Windows rollout halted, Apple’s non-killing kill switch, Wikipedia bans Breitbart, and more

Monster’s founder and CEO in happier times – 11 years ago. Now things are much worse. Photo by giiks on Flickr.

»You can sign up to receive each day’s Start Up post by email (arriving at about 0700GMT each weekday). You’ll need to click a confirmation link, so no spam.«

A selection of 11 links for you. 3G and two bars will do. I’m @charlesarthur on Twitter. Observations and links welcome.

How Russian spies infiltrated hotel Wi-Fi to hack victims up close • Wired

Andy Greenberg:

»

some of the most surprising elements of those intrusion operations are the ones that got the Russian hackers caught red-handed: Parking vehicles outside of target buildings, and infiltrating Wi-Fi networks to hack victims.

“When the conspirators’ remote hacking efforts failed to capture log-in credentials, or if those accounts that were successfully compromised did not have the necessary access privileges for the sought-after information, teams of GRU intelligence officers traveled to locations around the world where targets were physically located,” the Justice Department’s indictment reads. “Using specialized equipment, and with the remote support of conspirators in Russia, these on-site teams hacked into Wi-Fi networks used by victim organizations or their personnel, including hotel Wi-Fi networks.”

The new details on those in-person hacking operations illustrate just how brash the GRU’s hackers have become, says John Hultquist, the director of research at security intelligence firm FireEye, who has closely tracked GRU operations for years. “If they’re willing to play like this, they are extremely aggressive,” Hultquist says. “It’s risky and brazen that they’re doing this physically. Obviously your chance of getting caught and exposed in person are higher, but it gives them a whole new avenue to get into networks that might have otherwise been a challenge.”

«

“Honey? Should I join this network called DEFINITELY NOT STEAL UR DATA? It doesn’t need a password.”
link to this extract


The untold story of Stripe, the secretive $20bn startup driving Apple, Amazon and Facebook • Wired

Stephen Armstrong:

»

Over the past year, 65% of UK internet users and 80% of US users have bought something from a Stripe-powered business, although very few of them knew they were using it. Where PayPal injects itself into the checkout process, Stripe operates like a white-label merchant account, processing payments, checking for fraud and taking a small percentage: 1.4% plus 20 pence for European cards and 2.9% plus 20 pence for all others. The buyer sees the seller’s name on their credit card statement and, unless the merchant specifically chooses to deploy the Stripe logo, that’s all they’ll ever see.

“It’s not the cheapest provider but it does remove all other intermediaries so it’s the only fee you’ll pay,” Hodges explains. “And if that’s all they did, they’d be interesting. It’s what they did next that’s revolutionary.”

“For many years Stripe had been trying to work out how to deal with what seemed like an obvious opportunity,” explains Billy Alvarado, Stripe’s chief business officer. Alvarado grew up in Honduras, where, in 1998, Hurricane Mitch took out all three bridges in the capital city. “Suddenly you had men, women and children, literally in rubber boots with these pads on their shoulders selling piggy backs across the river to men in suits and women in work clothes,” he recalls. “If you go to any country, you see entrepreneurship everywhere. A lot of these entrepreneurs would love to launch a global internet business. They find it difficult to trade on the world market – but these are literally millions of nascent businesses. We were just trying to work out how we can help them do that simply.”

On February 24, 2016 the company launched the Stripe Atlas platform, designed to help entrepreneurs start a business from absolutely anywhere on the planet. The invitation-only platform allows companies from the Gaza Strip to Berwick-upon-Tweed to incorporate as a US company in Delaware – a state with such business-friendly courts, tax system, laws and policies that 60% of Fortune 500 companies including the Bank of America, Google and Coca-Cola are incorporated there for just $500.

«

Would be great if Delaware would also reform itself so that you could trace ownership of businesses registered there, and bring dirty money to account. Hardly Stripe’s fault it would use it, though.
link to this extract


Some Apple Watch Series 4 models repeatedly crashing and rebooting due to daylight saving time bug • 9to5Mac

Benjamin Mayo:

»

A bug with the complications on the new Infograph faces in Apple Watch Series 4 is causing some very unhappy Watch owners today. Users in Australia have just experienced the daylight saving time change and are finding their Watches are now stuck in reboot loops.

Specifically, it seems the large Activity complication on the Infograph Modular face is not handling the loss of an hour elegantly, and instead causing the entire device to crash and reboot …

The Activity complication on the Infograph Modular face draws a timeline graph of the current day, showing hour-by-hour data for Move calories, Exercise minutes, and Stand Hours that make up the Activity rings.

In a typical day, there are obviously 24 hours. Although the exact problem has not yet been diagnosed, it appears that the large Activity complication simply cannot handle drawing its graph with one of those twenty four hour missing.

«

It would be hard to think of something guaranteed to throw off computers than daylight saving time.
link to this extract


Apple insiders say nobody internally knows what’s going on with Bloomberg’s China hack story • Buzzfeed News

John Paczkowski:

»

Reached by BuzzFeed News, multiple Apple sources — three of them very senior executives who work on the security and legal teams — said that they are at a loss as to how to explain the allegations. These people described a massive, granular, and siloed investigation into not just the claims made in the story, but into unrelated incidents that might have inspired them.

“We tried to figure out if there was anything, anything, that transpired that’s even remotely close to this,” a senior Apple security executive told BuzzFeed News. “We found nothing.”

A senior security engineer directly involved in Apple’s internal investigation described it as “endoscopic,” noting they had never seen a chip like the one described in the story, let alone found one. “I don’t know if something like this even exists,” this person said, noting that Apple was not provided with a malicious chip or motherboard to examine. “We were given nothing. No hardware. No chips. No emails.”

Equally puzzling to Apple execs is the assertion that it was party to an FBI investigation — Bloomberg wrote that Apple “reported the incident to the FBI.” A senior Apple legal official told BuzzFeed News the company had not contacted the FBI, nor had it been contacted by the FBI, the CIA, the NSA, or any government agency in regards to the incidents described in the Bloomberg report. This person’s purview and responsibilities are of such a high level that it’s unlikely they would not have been aware of government outreach.

«

Apple has been very firm in denying all this, as has Amazon. Quite where this goes next – lawsuits? – is unclear.
link to this extract


Apple’s secret repair kill switch hasn’t been activated—yet • iFixit

Adam O’Camb:

»

Apple’s [Mac repair] bulletin states that repairs to a laptop’s display assembly, logic board, upper case, and Touch ID board will require Apple’s secret software toolkit. In case you weren’t counting, that’s pretty much everything but the battery. On desktops, the logic board and flash storage are affected. But how?

Here’s how Apple describes the new process: After replacing a part, a technician must run the configuration suite, which connects to Apple’s Global Service Exchange (GSX) server to perform performance and compatibility checks for the new parts. Without this software, an internet connection, and approval from Apple’s servers, the repair is considered incomplete and the computer is rendered inoperative.

AST 2 is only provided to Apple stores and a very few select ‘Authorized Apple Service Providers’ (AASPs) that are under strict confidentiality and business contracts mandating what parts they can use and what they charge. This shift will leave third-party repair shops out to dry, not to mention the rest of us that are accustomed to fixing our own hardware. It is unclear whether this software is available to certified self-servicing accounts—if not, schools and businesses are out of luck too.

This service document certainly paints a grim picture, but ever the optimists, we headed down to our friendly local Apple Store and bought a brand new 2018 13” MacBook Pro Touch Bar unit. Then we disassembled it and traded displays with our teardown unit from this summer. To our surprise, the displays and MacBooks functioned normally in every combination we tried. We also updated to Mojave and swapped logic boards with the same results.

That’s a promising sign, and it means the sky isn’t quite falling—yet. But as we’ve learned, nothing is certain.

«

There’s a lot of noise about supply chain infiltration recently. I wonder if anyone at iFixit has considered that this might be Apple looking to offer customers protection against (1) counterfeit items (2) surveillance items and (3) people trying to hook covertly into the Secure Enclave? That was what Error 53 was about too. Apple is nothing if not consistent.
link to this extract


Microsoft pulls Windows 10 October 2018 update after reports of documents being deleted • The Verge

Tom Warren:

»

Microsoft is now recommending that affected users contact the company directly, and if you’ve manually downloaded the October update then “please don’t install it and wait until new media is available.” Other Windows 10 users have been complaining that the Microsoft Edge browser and other store apps have been unable to connect to the internet after the October 2018 Update, and the update was even blocked on certain PCs due to Intel driver incompatibilities.

It’s not clear how many Windows 10 users are affected by the problem, but even if it’s a small percentage it’s still surprising this issue was never picked up during Microsoft’s vast testing of the October update. Millions of people help Microsoft test Windows 10, but the company has struggled with the quality of Windows updates recently. Microsoft delayed its Windows 10 April 2018 Update earlier this year over Blue Screen of Death issues, but those problems were picked up before the update reached regular consumers and businesses.

Microsoft was planning to push the latest October update out to all Windows 10 users next Tuesday, but that’s now likely to be put on hold while investigations continue into this major deletion problem.

«

Warren pointed out on Twitter that Microsoft had been warned about this via the Windows Insider program, yet seems to have thought it fixed.
link to this extract


Making sense of the SuperMicro motherboard attack • Light Blue Touchpaper

Theo Markettos, who is on the security team at Cambridge University’s Computer Lab, considers whether what’s described in the attack is feasible:

»

there’s another trick a bad BMC can do — it can simply read and write main memory once the machine is booted. The BMC is well-placed to do this, sitting on the PCI Express interconnect since it implements a basic graphics card. This means it potentially has access to large parts of system memory, and so all the data that might be stored on the server. Since the BMC also has access to the network, it’s feasible to exfiltrate that data over the Internet.

So this raises a critical question: how well is the BMC firmware defended? The BMC firmware download contains raw ARM code, and is exactly 32MiB in size. 32MiB is a common size of an SPI flash chip, and suggests this firmware image is written directly to the SPI flash at manufacture without further processing. Additionally, there’s the OpenBMC open source project which supports the AST2400. From what I can find, installing OpenBMC on the AST2400 does not require any code signing or validation process, and so modifying the firmware (for good or ill) looks quite feasible.

Where does this leave us? There are few facts, and much supposition. However, the following scenario does seem to make sense. Let’s assume an implant was added to the motherboard at manufacture time. This needed modification of both the board design, and the robotic component installation process. It intercepts the SPI lines between the flash and the BMC controller. Unless the implant was designed with a very high technology, it may be enough to simply divert the boot process to fetch firmware over the network (either the Internet or a compromised server in the organisation), and all the complex attacks build from there — possibly using PCI Express and/or the BMC for exfiltration.

If the implant is less sophisticated than others have assumed, it may be feasible to block it by firewalling traffic from the BMC — but I can’t see many current owners of such a board wanting to take that risk.

So, finally, what do we learn? In essence, this story seems to pass the sniff test.

«

A change in the code (even later reversed) would show up in the repository, surely? Notable, though, that technical people think this attack entirely feasible.
link to this extract


Supply chain security is the whole enchilada, but who’s willing to pay for it? • Krebs On Security

Brian Krebs:

»

Most of what I have to share here is based on conversations with some clueful people over the years who would probably find themselves confined to a tiny, windowless room for an extended period if their names or quotes ever showed up in a story like this, so I will tread carefully around this subject.

The U.S. Government isn’t eager to admit it, but there has long been an unofficial inventory of tech components and vendors that are forbidden to buy from if you’re in charge of procuring products or services on behalf of the U.S. Government. Call it the “brown list, “black list,” “entity list” or what have you, but it’s basically an indelible index of companies that are on the permanent Shit List of Uncle Sam for having been caught pulling some kind of supply chain shenanigans.

More than a decade ago when I was a reporter with The Washington Post, I heard from an extremely well-placed source that one Chinese tech company had made it onto Uncle Sam’s entity list because they sold a custom hardware component for many Internet-enabled printers that secretly made a copy of every document or image sent to the printer and forwarded that to a server allegedly controlled by hackers aligned with the Chinese government.

That example gives a whole new meaning to the term “supply chain,” doesn’t it? If Bloomberg’s reporting is accurate, that’s more or less what we’re dealing with here in Supermicro as well.

But here’s the thing: Even if you identify which technology vendors are guilty of supply-chain hacks, it can be difficult to enforce their banishment from the procurement chain. One reason is that it is often tough to tell from the brand name of a given gizmo who actually makes all the multifarious components that go into any one electronic device sold today.

«

link to this extract


Wikipedia bans right wing site Breitbart as a source for facts • Motherboard

Samantha Cole:

»

Wikipedia editors voted to ban Breitbart as a source of fact in it articles. The consensus, reached late last month, agreed that the outlet “should not be used, ever, as a reference for facts, due to its unreliability.” Wikipedia editors also decided that InfoWars is a “conspiracy theorist and fake news website,” and that the “use of InfoWars as a reference should be generally prohibited.

Breitbart, a far-right conservative media website, has come under scrutiny—such as when it vehemently supported Alabama politician and alleged pedophile Roy Moore, when it shilled for scam cryptocurrencies through its newsletter, or when it fueled racist narratives about black NFL players. Wikipedians decided that because fact checkers have found much of Breitbart’s coverage to be “misleading, false or both,” they won’t abide it as a source of fact anymore.

“We have something over 2,500 links to Breitbart, many of them as sources in articles,” the editor who nominated the rule wrote in the vote. “I think that Breitbart is not a reliable source […] It’s my view that we should not source anything to Breitbart other than strictly factual and uncontroversial facts about Breitbart on the articles related to Breitbart and its people.”

The ensuing discussion about whether Breitbart should be considered a factual source went on for dozens of comments, many of them impassioned. But, overwhelmingly, editors believed it should be banned except when used as a source to attribute opinions or relevant commentary. It has been “deprecated” for English articles, and will no longer be used as a reliable source for facts on the English version of the online encyclopedia.

«

Wikipedia: still better at this sort of thing than most of the internet (and many bits of media), and still largely immune from cat-and-laser pointer attempts to distract it.
link to this extract


The iPhone XS & XS Max review: unveiling the silicon secrets • Anandtech

Andrei Frumusanu:

»

Apple promised a significant performance improvement in iOS12, thanks to the way their new scheduler is accounting for the loads from individual tasks. The operating system’s kernel scheduler tracks execution time of threads, and aggregates this into an utilisation metric which is then used by for example the DVFS mechanism. The algorithm which decides on how this load is accounted over time is generally simple a software decision – and it can be tweaked and engineered to whatever a vendor sees fit.

Because iOS’s kernel is closed source, we’re can’t really see what the changes are, however we can measure their effects. A relatively simple way to do this is to track frequency over time in a workload from idle, to full performance. I did this on a set of iPhones ranging from the 6 to the X (and XS), before and after the iOS12 system update.

Starting off with the iPhone 6 with the A8 chipset, I had some odd results on iOS11 as the scaling behaviour from idle to full performance was quite unusual. I repeated this a few times yet it still came up with the same results. The A8’s CPU’s idled at 400MHz, and remained here for 110ms until it jumped to 600MHz and then again 10ms later went on to the full 1400MHz of the cores.

iOS12 showcased a more step-wise behaviour, scaling up earlier and also reaching full performance after 90ms.

The iPhone 6S had a significantly different scaling behaviour on iOS11, and the A9 chip’s DVFS was insanely slow. Here it took a total of 435ms for the CPU to reach its maximum frequency. With the iOS12 update, this time has been massively slashed down to 80ms, giving a great boost to performance in shorter interactive workloads.

«

Most of this multi-page review is just benchmark gobbledygook to me, but this page and those graphics really stand out because it shows iOS 12 getting performance improvements of as much as 50% on old hardware, through tweaks to the core OS.
link to this extract


A Monster fall: how the company behind Beats lost its way • SF Chronicle

Melia Russell:

»

There was a time, not long ago, when Monster was on everyone’s ears. From 2009 to 2012, its sales of headphones, audio equipment and cables grew tenfold. That year, the company sold a billion dollars of gear, including the hit Beats brand. CEO Noel Lee hung out with music royalty like Lady Gaga and Mary J. Blige.

Now Monster is ailing, as is Lee, amid a fight with a former executive. Its sales have plummeted nearly 95% in five years. Retail stores such as Circuit City and RadioShack that once sold its wares have gone belly-up. Its partnership with Beats dissolved before the headphone maker saw a $3.2bn payday in its sale to Apple. A February Super Bowl ad, the company’s first ever, was a dud, with Marketing Week rating it a “loser.” And new ventures into online gambling and cryptocurrency have gone nowhere.

A company that once hung its name on San Francisco’s Candlestick Park is fighting for its life. While Lee proclaims that the company he founded four decades ago will see another 40 years, the company started laying people off in September.

Its South San Francisco headquarters now occupy just part of one floor of an office building. It shut a distribution center in Las Vegas late last year. In May, it reported having 139 employees, down from 800 a decade ago; the company won’t say how many remain.

«

Amazing; it relied on retail outlets for its products (which always promised far more than they could offer). That 95% fall in sales, though? They should be paired with HTC – which was also involved in Beats’s early years.
link to this extract


Errata, corrigenda and ai no corrida: none notified.

Start Up No.924: Google secures protesters, Microsoft ❤️ Android, Russia’s long troll game, Fitbit solves murder?, and more


“OK, get searching.” A Supermicro server, opened up. Photo by Patrick Finnegan on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Today’s forecast: cyber on a number of fronts. I’m @charlesarthur on Twitter. Observations and links welcome.

The big hack: how China used a tiny chip to infiltrate US companies • Bloomberg

Jordan Robertson and Michael Riley:

»

To help with due diligence, AWS, which was overseeing the prospective acquisition, hired a third-party company to scrutinize Elemental’s security, according to one person familiar with the process. The first pass uncovered troubling issues, prompting AWS to take a closer look at Elemental’s main product: the expensive servers that customers installed in their networks to handle the video compression. These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) that’s also one of the world’s biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small. In late spring of 2015, Elemental’s staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to US authorities, sending a shudder through the intelligence community.

«

(The chips, they say, were put there by agents of the Chinese Peoples’ Liberation Army to spy on Amazon, Apple and others.)

This story has of course been cannoning around the internet, eliciting various gasps of amazement. Amazon and Apple have vehemently denied pretty much every element of the story, but the US government has been silent.

A few possibilities. 1) Apple and Amazon aren’t allowed to acknowledge it; it’s super-high security.
2) didn’t happen; it’s a ploy by US security to get manufacture brought back to the US because they’re worried about security of Chinese manufacture. (It’s not just a Trump-era ploy, because the reporters have been talking to their sources for years.)
3) everyone’s getting overheated – the chips weren’t what they’re being made out to be, which means it’s a version of No.2. Read the denials, though. Wow. Apple put out an even more aggressive denial, saying it’s not under any confidentiality demands.

One notable opinion is that this torpedoes China’s ambitions to supply chips: that nobody will trust them. I’d agree.
link to this extract


Google tested this security app with activists in Venezuela. Now you can use it too • CNET

Alfred Ng:

»

When connections aren’t secure, attackers can intercept DNS traffic, directing people to pages infected with malware instead, or completely block out online resources. Venezuela’s government has been known block access to social media applications and news websites through DNS manipulation, according to a study from the Open Observatory of Network Interference.

The practice is widespread, as researchers have found governments in more than 60 countries, including Iran, China and Turkey, using DNS manipulation to censor parts of the internet.

Intra was released on the Play Store on Wednesday morning for free, and Jigsaw had been testing its security features among a small group of activists in Venezuela since the beginning of the summer, Henck said.

They wanted to keep its public beta limited, but the app spread through word of mouth in Venezuela, to the point where activists from around the world started using it.

“People found it useful as a tool they could use to get the access that they needed,” Henck said.

Intra automatically points your device to Google’s public DNS server, but you’re able to point it to change it to other servers like Cloudflare’s 1.1.1.1 through the settings. There’s not much you need to do with it for your encrypted connection — the app really has only one button that you tap to turn on.

This encrypted connection to DNS servers comes by default on the upcoming version of Android Pie, but Jigsaw’s developers realized that millions of people that don’t have the latest updates wouldn’t have that same protection. It’s important to consider when about 80% of Android’s users aren’t on the latest version of the mobile operating system.

«

As long as you’re confident the Google Play link is safe.. But this is definitely a good thing.
link to this extract


Microsoft is embracing Android as the mobile version of Windows • The Verge

Tom Warren:

»

Android app mirroring will be part of Microsoft’s new Your Phone app for Windows 10. This app debuts this week as part of the Windows 10 October 2018 Update, but the app mirroring part won’t likely appear until next year. Microsoft briefly demonstrated how it will work, though; You’ll be able to simply mirror your phone screen straight onto Windows 10 through the Your Phone app, which will have a list of your Android apps. You can tap to access them and have them appear in the remote session of your phone.

We’ve seen a variety of ways of bringing Android apps to Windows in recent years, including Bluestacks and even Dell’s Mobile Connect software. This app mirroring is certainly easier to do with Android, as it’s less restricted than iOS. Still, Microsoft’s welcoming embrace of Android in Windows 10 with this app mirroring is just the latest in a number of steps the company has taken recently to really help align Android as the mobile equivalent of Windows.

Microsoft Launcher is designed to replace the default Google experience on Android phones, and bring Microsoft’s own services and Office connectivity to the home screen. It’s a popular launcher that Microsoft keeps updating, and it’s even getting support for the Windows 10 Timeline feature that lets you resume apps and sites across devices.

All of this just reminds me of Windows Phone.

«

Yeah, Tom, let it go now. But Microsoft trying to ju-jitsu Android by getting Windows connectivity? Seems smart.
link to this extract


Oppo, Vivo and Xiaomi top customer satisfaction in India • Strategy Analytics

»

Based on analysis of more than 20,000 consumer ratings and reviews of 11 high, mid and low-tier smartphones in the Indian market, Strategy Analytics’ new Consumer Ratings Index Report, India Smartphones: August 2018, has identified that Oppo’s Realme 1 led consumer satisfaction in India from June to August 2018.

• Based on consumer satisfaction, the top three smartphones in India from June to August 2018 were from Chinese brands: Oppo Realme 1, Vivo V9 and Xiaomi Redmi 5. Samsung’s Galaxy J8 was rated fourth.
• Consumer reviews in India mentioned the camera most. In fact, the Samsung Galaxy J8 and Vivo V9 were rated highest for camera satisfaction among those reviews analyzed.
• The Indian brand Karbonn was rated least favorably by Indian consumers, between June and August 2018.

Adam Thorwart, Lead Analyst and report author commented, “Despite Samsung not finishing atop the consumer sentiment chart, consumers of other brands are still mentioning it most. In fact, it nearly triples Oppo which is the second most mentioned brand. This indicates that Samsung is still very popular across India.”

«

Chinese brands are six of the top 11 top-selling brands. It’s a conquest.
link to this extract


Reckless campaign of cyber attacks by Russian military intelligence service exposed • UK National Cyber Security Centre

»

Today, the UK and its allies can expose a campaign by the GRU, the Russian military intelligence service, of indiscriminate and reckless cyber attacks targeting political institutions, businesses, media and sport.

The National Cyber Security Centre (NCSC) has identified that a number of cyber actors widely known to have been conducting cyber attacks around the world are, in fact, the GRU.  These attacks have been conducted in flagrant violation of international law, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds.

Cyber attacks orchestrated by the GRU have attempted to undermine international sporting institution WADA, disrupt transport systems in Ukraine, destabilise democracies and target businesses.

This campaign by the GRU shows that it is working in secret to undermine international law and international institutions.

«

It then lists 10 attacks which it attributes to the GRU – “high confidence the GRU was almost certainly responsible”. Maybe just do a confidence score out of 10?
link to this extract


Russian trolls tweeted disinformation long before US election • WSJ

Rob Barry:

»

Alice Norton posted an emergency message on a cooking-website forum on Thanksgiving 2015: Her entire family had severe food poisoning after buying a turkey from Walmart.

“My son Robert got in the hospital and he’s still there,” wrote Ms. Norton, who had described herself as a 31-year-old New York City mother of two. “I don’t know what to do!”

Within hours, Twitter users repeated the claim thousands of times, and a news story was published saying 200 people were in critical condition after eating tainted turkey.

The catch? No outbreak of food poisoning matching this description occurred, according to New York City health officials. A Walmart Inc. spokesman said the company had spotted the posts but determined they were a hoax and didn’t investigate their origin further.

In fact, many of the claims came from accounts linked to a pro-Kremlin propaganda agency charged by Special Counsel Robert Mueller’s office last week for meddling in U.S. politics. Security experts now believe the early posts, and others like them, may have been practice for a bigger target: the 2016 U.S. election.

While it is impossible to be sure what was in the minds of Russians tweeting false stories in 2014 and 2015—which also included tales of contaminated water, terrorist attacks and a chemical-plant explosion—these experts say it is as if the Russians were testing to see how much they could get Americans to believe.

«

Turns out that the latter is “really quite a lot”. America’s a big country, and a lot can happen. And a lie can get halfway around the world before the truth has got its boots on, as people say.
link to this extract


Smaller outlets reduce, scrap Facebook promotion over new ad rules • Columbia Journalism Review

Mathew Ingram:

»

To promote political news stories, Facebook requires that publishers apply and be authorized as a political advertiser—presumably to prove that they aren’t a front for a Russian or Iranian troll factory. The process requires the uploading of official ID, such as a driver’s license, a passport, or the last four digits of a Social Security Number, along with receipt of a registered letter at an approved US address.

For larger media outlets, these requirements might be complicated and annoying. For smaller publishers, Facebook’s new rules can be so unwieldy and demanding—and the definition of what constitutes a “political news story” so capricious—that small newsrooms in four states told CJR they are either scaling back their Facebook usage or, in some cases, have given up on promoting their content there at all.

Nick Kratsas, the digital operations director for southwestern Pennsylvania’s Observer-Reporter, went through Facebook’s approval process in order to promote his site’s political stories; he says his company gets a significant amount of traffic and engagement from the social network. About 55% of its monthly visits are due to Facebook links. (Like many other publishers, the paper has seen a drop after the latest algorithm changes, a decline that Kratsas recently estimated at about 8 percent.)

Kratsas says the platform’s tendency to flag any news story that mentions a politician or political topic has become so irritating that he wonders whether it is really worth the time that his company spends on it. The rest of the Observer-Reporter team hasn’t gone through Facebook’s authorization process, says Kratsas, and they are still finding their stories denied for allegedly political topics.

«

Unintended consequences: local news gets stuffed.
link to this extract


Police use Fitbit data to charge 90-year-old man in stepdaughter’s killing • The New York Times

Christine Hauser:

»

On Sept. 13, a co-worker of Ms. Navarra’s went to the house to check on her because she had not showed up for her job at a pharmacy, the report said. The front door was unlocked, and she discovered Ms. Navarra dead, slouched in a chair at her dining room table.

She had lacerations on her head and neck, and a large kitchen knife was in her right hand, the report said. Blood was spattered and uneaten pizza was strewn in the kitchen. The coroner ruled the death a homicide.

Detectives then questioned Ms. Navarra’s only known next-of-kin, her 92-year-old mother, Adele Aiello, and [stepfather] Mr. Aiello. Mr. Aiello told the authorities he had dropped off the food for his stepdaughter and left her house within 15 minutes, but he said he saw Ms. Navarra drive by his home with a passenger in the car later that afternoon.

Investigators obtained a search warrant and retrieved the Fitbit data [from Ms Navarra’s AltaHR worn on her wrist, which measured her heartbeat] with the help of the company’s director of brand protection, Jeff Bonham, the police report said…

When Ms. Navarra’s Fitbit data was compared with video surveillance from her home, the police report said, the police discovered that the car Mr. Aiello had driven was still there when her heart rate stopped being recorded by her Fitbit.

Bloodstained clothes were later found in Mr. Aiello’s home, the document said. He was arrested on Sept. 25.

«

When I was younger, some sci-fi stories had the idea of monitors which rich people wore to monitor their heartbeat, so that if they were killed, the killer wouldn’t get away. Turns out they’re available in your local store.
link to this extract


Artificial sweeteners are toxic to digestive gut bacteria: study • CNBC

Alexa Lardieri:

»

According to a study published in the journal Molecules, researchers found that six common artificial sweeteners approved by the Food and Drug Administration and 10 sport supplements that contained them were found to be toxic to the digestive gut microbes of mice.

Researchers from Ben-Gurion University of the Negev in Israel and Nanyang Technological University in Singapore tested the toxicity of aspartame, sucralose, saccharine, neotame, advantame, and acesulfame potassium-k. They observed that when exposed to only 1 milligram per milliliter of the artificial sweeteners, the bacteria found in the digestive system became toxic…

…According to the study, the gut microbial system “plays a key role in human metabolism,” and artificial sweeteners can “affect host health, such as inducing glucose intolerance.” Additionally, some of the effects of the new FDA-approved sweeteners, such as neotame, are still unknown.

«

Glucose intolerance.. which could be a step towards diabetes.
link to this extract


BlackBerry races ahead of security curve with quantum-resistant solution • TechCrunch

Ron Miller:

»

Today, BlackBerry announced a new quantum-resistant code signing service to help battle that possibility.

The service is meant to anticipate a problem that doesn’t exist yet. Perhaps that’s why BlackBerry hedged its bets in the announcement saying, “The new solution will allow software to be digitally signed using a scheme that will be hard to break with a quantum computer.” Until we have fully functioning quantum computers capable of breaking current encryption, we probably won’t know for sure if this works.

But give BlackBerry credit for getting ahead of the curve and trying to solve a problem that has concerned technologists as quantum computers begin to evolve…

…”If your product, whether it’s a car or critical piece of infrastructure, needs to be functional 10-15 years from now, you need to be concerned about quantum computing attacks,” Charles Eagan, BlackBerry’s chief technology officer, said in a statement.

«

I would like to announce that I have got software which will be hard to break by nine-legged aliens intent on dominating our planet. I thought it was important to get ahead of the curve and try to solve a problem that has concerned me since, well, yesterday.
link to this extract


The interesting ideas in Datasette • Simon Willison

The aforesaid Willison, who has built a database tool called Datasette which uses SQLite databases (caution: can only store up to 140TB – yes, terabytes). This will interest you if you’re into data tools; Willison built the tools that the Guardian used to analyse MPs’ expenses:

»

Since the data in a Datasette instance never changes, why not cache calls to it forever?

Datasette sends a far future HTTP cache expiry header with every API response. This means that browsers will only ever fetch data the first time a specific URL is accessed, and if you host Datasette behind a CDN such as Fastly or Cloudflare each unique API call will hit Datasette just once and then be cached essentially forever by the CDN.

This means it’s safe to deploy a JavaScript app using an inexpensively hosted Datasette-backed API to the front page of even a high traffic site—the CDN will easily take the load.

Zeit added Cloudflare to every deployment (even their free tier) back in July, so if you are hosted there you get this CDN benefit for free.

What if you re-publish an updated copy of your data? Datasette has that covered too. You may have noticed that every Datasette database gets a hashed suffix automatically when it is deployed:

https://fivethirtyeight.datasettes.com/fivethirtyeight-c9e67c4

This suffix is based on the SHA256 hash of the entire database file contents—so any change to the data will result in new URLs. If you query a previous suffix Datasette will notice and redirect you to the new one.

If you know you’ll be changing your data, you can build your application against the non-suffixed URL. This will not be cached and will always 302 redirect to the correct version (and these redirects are extremely fast).

https://fivethirtyeight.datasettes.com/fivethirtyeight/alcohol-consumption%2Fdrinks.json

The redirect sends an HTTP/2 push header such that if you are running behind a CDN that understands push (such as Cloudflare) your browser won’t have to make two requests to follow the redirect.

«

link to this extract


Errata, corrigenda and ai no corrida: none notified