Hello and welcome! Which hacking group would you like your data to go to? CC-licensed photo by Mike Mozart on Flickr.
Charity time: It’s December. Ahead of Christmas, I’m encouraging readers to make a donation to charity; different ones as the month progresses .
Today’s is:
Shelter, the UK charity for the homeless. It’s a difficult time to be homeless.
(If you’re not in the UK, and want to donate to a charity nearer home, please search on “homeless charity [your country]”.)
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 13 links for you. There you go! I’m @charlesarthur on Twitter. Observations and links welcome.
A blueprint for content governance and enforcement • Facebook
»
One of the biggest issues social networks face is that, when left unchecked, people will engage disproportionately with more sensationalist and provocative content. This is not a new phenomenon. It is widespread on cable news today and has been a staple of tabloids for more than a century. At scale it can undermine the quality of public discourse and lead to polarization. In our case, it can also degrade the quality of our services.
Our research suggests that no matter where we draw the lines for what is allowed, as a piece of content gets close to that line, people will engage with it more on average — even when they tell us afterwards they don’t like the content.
This is a basic incentive problem that we can address by penalizing borderline content so it gets less distribution and engagement. By making the distribution curve look like the graph below where distribution declines as content gets more sensational, people are disincentivized from creating provocative content that is as close to the line as possible.
This process for adjusting this curve is similar to what I described above for proactively identifying harmful content, but is now focused on identifying borderline content instead. We train AI systems to detect borderline content so we can distribute that content less.
The category we’re most focused on is click-bait and misinformation. People consistently tell us these types of content make our services worse — even though they engage with them. As I mentioned above, the most effective way to stop the spread of misinformation is to remove the fake accounts that generate it. The next most effective strategy is reducing its distribution and virality.
«
This is a fascinating post, worth reading at length – while also thinking “ah yeah but you missed that problem the first time round, didn’t you?” every often. But the confirmation that outrage is what lends virality is useful.
link to this extract
Does Google harm local search rivals, EU antitrust regulators ask • Reuters
»
The European Commission, which took the world’s most popular internet search engine to task for these two anti-competitive practices, is wrapping up a third case which involves Google’s AdSense advertising service.
The EU competition authority’s interest in local search services followed a complaint by U.S. search and advertising company Yelp and rivals in the travel, restaurant and accommodation industries.
It sent questionnaires to Google rivals last month, asking for details of the company’s practices and the impact on competing services between January 2012 to December 2017.
Regulators also wanted to know if rivals experienced an impact in the operation of their local services as a result of major search algorithm changes by Google, including the introduction of its Panda 4.0 algorithm.
Introduced in 2014, this algorithm determines what appears in Google search results.
Companies were also asked if Google’s introduction of the Local Universal or One Box had a substantial impact on their local search services.
«
Be pretty incredible if local search wasn’t affected by Google. The better question is: how quickly will the EU act, and will it actually be effective?
link to this extract
GAN Paint • IBM
»
#GANPaint draws with object-level control using a deep network. Each brush activates a set of neurons in a GAN that has learned to draw scenes. More information at gandissect.csail.mit.edu.
«
This is good fun if you need a distraction today. Or another day.
link to this extract
Ethical questions over Number 10’s social media push for Brexit deal • The Conversation
Toby James found a tweet from No.10 pushing Theresa May’s deal in his Twitter timeline, clearly as a promoted tweet – and so clearly paid for:
»
Political advertising on social media is a difficult area to regulate in the UK. Laws on political advertising at election time doesn’t cover social media campaigning. The government might use advertising in other areas to promote the effectiveness of public policies – such as to encourage us to smoke less. However, in this case the intended message is to convince the public that the draft Withdrawal Agreement is a good idea – a message predominantly political in nature at the most politically sensitive of times.
The money spent on this advert in my feed is public money: our money. Government revenue, of course, largely comes from taxpayer income. On this basis, Number 10 seems to be investing in political campaigning from the public purse in an effort to ensure the prime minister’s survival.
There are usually strict, legally binding, spending limits set on how much each campaign can spend at an election or referendum, and campaigns are legally required to disclose sources of their funding. After the 2016 EU referendum, the Leave campaign was fined for overspending, and there are still police investigations in progress to discover the source of that revenue.
Read more: Arron Banks criminal investigation: could evidence against him make Brexit void?
The reason why this matters is that there should not be unfair advantages in important electoral contests such as referendums. The result should be influenced by the people’s preferences, rather than the side which has the most money. Spending limits – and regulations governing political advertising on television – are a way of limiting this influence.
«
No doubt about it, No.10 is playing some dirty hockey here.
link to this extract
Despite CRISPR baby controversy, Harvard University will begin gene-editing sperm • MIT Technology Review
»
At [Harvard University’s] Stem Cell Institute, IVF doctor and scientist Werner Neuhausser says he plans to begin using CRISPR, the gene-editing tool, to change the DNA code inside sperm cells. The objective: to show whether it is possible to create IVF babies with a greatly reduced risk of Alzheimer’s disease later in life.
To be clear, there are no embryos involved—no attempt to make a baby. Not yet. Instead, the researchers are practicing how to change the DNA in sperm collected from Boston IVF, a large national fertility-clinic network. This is still very basic, and unpublished, research.
Yet in its purpose the project is similar to the work undertaken in China and raises the same fundamental question: does society want children with genes tailored to prevent disease?
Since Sunday, when the CRISPR babies claims was made public, medical bodies and experts have ferociously condemned He Jiankui, the Chinese scientist responsible. There is evidence his experiments—now halted—were carried forward in an unethical, deceptive manner that may have endangered the children he created. China’s vice minister of science and technology, Xu Nanping, said the effort “crossed the line of morality and ethics and was shocking and unacceptable.”
Amid the condemnation, though, it was easy to lose track of what the key experts were saying. Technology to alter heredity is for real. It is improving very quickly, it has features that will make it safe, and much wider exploratory use to create children could be justified soon.
«
Ambitious.
link to this extract
Fun with charts: The iPad bests the MacBook • Six Colors
Jason Snell takes a look at what the benchmarks say about the latest iPads v the latest MacBook (Pro or plain):
»
You might say it’s not fair to compare these devices because the iPad Pro is a computer but not a PC. But even if you don’t buy the fact that the iPad Pro is perhaps the best value in terms of processor performance in Apple’s mobile product lineup today, you’ve got to admire the power of that eight-core A12X Bionic processor. The only MacBooks that can beat it right now in overall score are the two fastest 15-inch MacBook Pro models.
(For those who are concerned that only measuring multi-processor scores is unfair because so many software tasks aren’t multithreaded and have to push a single processor core to the limit—don’t sweat it. The iPad Pro still comes out on top in all the single-core versions of these measurements.)
«
This is pretty dramatic: in price/performance terms, the iPads are miles ahead. That probably applies for non-Apple PCs too. Though as Snell says, there are other criteria too.
link to this extract
On Switching from an iPad Pro and a Macbook to a Pixelbook • Fraser Speirs
Fraser (who I’ve known for years) drove the first “all iPad” school in Scotland – perhaps the world – but on becoming head teacher, found his iPad Pro wasn’t up to the job:
»
mainly what happened [is] my work took me outside that boundary of complexity and duration that the iPad can support.
At the same time, Chromebooks have been on the rise. They are killing Apple in US K-12 education but it’s still not clear exactly what impact they are having on the wider market if any. It does seem obvious to me, though, that Google knows exactly where their strength lies and it actually has very little to do with ChromeOS itself.
My school runs on GSuite but we usually access it through iPads. What I have found, though, is that the GSuite iOS apps are not very good. They lack important (and sometimes basic) functionality found in the web version of GSuite and they take a long time to adopt iOS platform features.
The point, though, is that GSuite is so powerful and so much at the heart of everything I do at school that if you asked me to decide between giving up GSuite and giving up iPad, I’m afraid iPad has to go. It is for this reason that I have been vocally advocating that Apple make iOS Safari as close to a “desktop class” browser as it can be. I don’t know the technical reasons why GSuite can’t be accessed in Safari on iOS. I don’t know if the browser has limitations that mean the apps genuinely can’t run in it, or whether they could but Google just chooses not to allow it.
I’m entirely willing to believe that this isn’t Apple’s fault. That doesn’t mean it’s not their problem. Lack of feature-complete access to GSuite is, I believe, as serious a risk to Apple in K-12 as the potential lack of Photoshop and Office on Mac OS X was to its role in business back in the early 2000s.
None of this is to say that iPad and iOS has suddenly become a bad platform. It has not – although I could make a strong case that every change made to multitasking in iOS 11 worsened the experience in every way. iPad is still a good platform for the things it was good at back in 2015/16 when I was using it full time. What has really changed more than anything are my own personal computing needs and the strength of the competition.
«
If I try to access docs.google.com on the iPad, Google flat-out refuses and insists I use the Google Docs app. Personally, I don’t like that.
link to this extract
Covering a White House where news is always just a tap away • The New York Times
Katie Rogers, who covers the White House for the NYT, interviews herself:
»
How have you seen White House tech evolve under President Trump?
I think moment-to-moment digital coverage of every single thing the president does is new with this White House. President Barack Obama had people tracking his movements through Twitter and beyond, but with this administration, journalists live-tweet, photograph and send video from pool sprays (brief Oval Office events) and Marine One departures, in addition to news conferences.
If I’m on the road, it’s easy for me to tune into a pool spray or speech through someone else’s Periscope live-streaming account, for instance. And when the president is at one of his properties, including the Trump Hotel or Mar-a-Lago, I often lurk on Instagram to see who is hanging out with him.
The Trump White House also had journalists switch over to an in-house Wi-Fi network, which made some reporters understandably uncomfortable for security reasons. The West Wing has also made more use out of devices that scan for gadgets including phones — I can understand why Signal is so popular. I think the anxiety over surveillance is perhaps more heightened than it was under the Obama administration, which, by the way, did its part to pave the way for these types of procedures.
What are your most important tech tools for keeping up with breaking news from the White House and talking to your sources?
I’ve been on this beat since January. I thought I was pretty much tethered to the news before, but this job requires you to imbibe a daily tidal wave of news. So that’s fun.
A lot of my monitoring is Twitter-based, so I use tools I’ve relied on for years. I use Nuzzel, a social news app that lets me know what the people I follow on social media are sharing, which is helpful for identifying the stories getting traction. And I use Twitter’s list function to sort all of the noise into manageable buckets: I have lists of White House reporters, politicians, White House aides and Washington chatterboxes.
«
And of course Signal for keeping in touch secretly with contacts. What she has to say about the Trumps’ use of technology might surprise you.
link to this extract
Elton John is not the man they think he is at home • Vulture.com
Bill Wyman with a biographical piece on Reg Dwight, as seen in TV ads and on a farewell tour:
»
In “Blues for Baby and Me,” John begs his (female) lover to come with him and head West on a bus. This matters, right? Hard to imagine John himself would ever want to induce a woman onto a bus in the first place, much less head West on it. And then, even as John collected Rolls-Royces and embarked on a jet-setting lifestyle that would span nearly five decades, again and again he delivered Taupin’s laments of the country boy scalded by the hot flame of the city (“Mona Lisas and Mad Hatters,” “Honky Cat,” “Goodbye Yellow Brick Road,” and on and on). And yet he sang the songs, convincingly, and we accordingly projected onto him the romantic schema of Taupin’s conception. Insular, shy Reg found that this suited him just fine; his great talent was to adopt the persona and rise up and make those flights of fancy real for his listeners. This is an old pop model — the rock one of authenticity calls for the singer to write his or her own songs, right? John upended that and used Taupin’s fanciful concoctions to maintain an image of harmlessness.
«
It’s a thorough, fascinating piece. I just kept thinking – it’s not that Bill Wyman, is it?
link to this extract
How many times has your personal information been exposed to hackers? • The New York Times
K.K. Rebecca Lai, Nicole Perlroth, Tiffany Hsu and Josh Keller:
»
There’s been another mega-breach. Marriott said Friday that information for as many as 500 million of its customers may have been stolen. Answer the questions below to learn which parts of your identity may have been stolen in the last five years. Not all attacks are included here, and many attacks go undetected, so think of your results as a minimum level of exposure.
«
Excellent graphic; you don’t even have to have gone to the US to have had a ton of your data exposed.
link to this extract
iPhone ‘Heart Rate’ app on App Store attempts to scam customers out of $90 using Touch ID [since removed] • 9to5Mac
»
Despite Apple’s strict review process for software distributed through the App Store, it’s still possible for malicious actors to take advantage of loop holes in the system to scam customers.
The latest example is a rather sophisticated and devious trick used by an app that claims to read your heart rate through your fingertip using Touch ID. In reality, the app (which is currently on the App Store) uses your fingerprint to authorize a transaction for $89.99 while dramatically dimming the screen to fool you.
The con is less effective on iPhones and iPads with Face ID (iPhone X and later and iPad Pro 2018), but iOS devices with Touch ID are still likely the majority of devices in use today.
Using a third-party app from the App Store to read your heart rate from the iPhone or iPad isn’t uncommon either. Apps like Instant Heart Rate: HR Monitor have long used the camera and flash to attempt to take heart rate measurements through the finger.
In the case of the ‘Heart Rate Measurement’ app currently on the App Store, the scam relies on a user not reading the dialog box that appears when a heart rate reading is attempted. The screen brightness drops to its lowest point and the black and white in-app purchase user interface is almost illegible compared to the bright red fingerprint icon that appears on-screen with Touch ID devices.
While the app clearly violates App Store policy for misleading customers with ridiculous in-app purchases unrelated to the app’s function, it’s possible that the trick used by the app was added after Apple’s app review process.
«
Now removed. But that’s super-sneaky.
link to this extract
Google Pixel Slate review: slapdash software ruins good hardware • The Verge
»
When you have a keyboard attached, the Pixel Slate works like any other Chromebook. There’s a mouse and resizable windows. You can open up Chrome tabs, web apps, and Android apps, and move them around. It’s all really familiar if you’ve used a modern Chromebook — down to Android apps working but feeling like an invasive species.
Here’s where we get into those tiny indignities I mentioned earlier. We’re a year and a half into the experiment of letting Google Play Store Android apps run on Chrome OS, and that experiment is not going well.
Progress in getting Android apps to work better on big screens has been painfully slow. Spotify only recently began allowing the ability to resize its app window, but it’s still just a silly blown-up phone app. The same goes with Google’s own apps. YouTube Music is a mess on this size screen. And you as a user have to make decisions about which version of apps like YouTube Music to use in the first place: the web app or the Android app?
I can accept some of these foibles because I have managed to only use Android apps in a few places where I really need them. And, honestly, they are sometimes more useful than web apps. What I have a harder time accepting is that there are just too many bugs. My first review unit spiraled into a bootloop that Google could not diagnose and had to replace. The second has been more stable, except that sometimes Bluetooth disconnects or even straight up refuses to turn on until after a reboot.
Here, I’ll remind you that Google excised the headphone jack from this device so you’ll be dependent on Bluetooth a lot more. I have contacted Google about the Bluetooth bug (among other things), and here’s its statement: “We’ve received reports about intermittent Bluetooth issues and are working on a fix as soon as possible.”
Other bugs are just sort of infuriating.
«
The advantage that this does have over the iPad is that the software is on a six-week update cycle. That’s about eight per year. Question is, can Google get the focus to make it work? Mashable has a similarly discouraging review which concludes “Just get a Surface Pro”.
link to this extract
2019 is your last year to use Google Hangouts if you haven’t moved on already • 9to5 Google
»
According to source familiar with the product’s internal roadmap, Google Hangouts for consumers will be shutting down sometime in 2020. That’s not surprising at all since Google essentially ceased development on the app more than a year ago. But just know, going into 2019, this is indeed your last year to keep using the beloved (?) legacy chat app.
Last spring, Google announced its pivot for the Hangouts brand to enterprise use cases with Hangouts Chat and Hangouts meet, so the writing has been on the wall for quite some time regarding the Hangouts consumer app’s demise. Meanwhile, Google has transitioned its consumer-facing messaging efforts to RCS ‘Chat’ and Android Messages following Allo’s misadventures.
Given the Google’s abandonment of the app in terms of development and its presumed eventual death, many have already transitioned away from using it. But Hangouts is still the prominent chat option in Gmail on the web and the app remains on the Google Play Store to this day. Many recent reviews say that the app is showing signs of age, noting bugs and performance issues.
«
However Google’s Hangouts chief Scott Johnston rebutted parts of the claim; Hangouts “classic” will close but “the migration to Chat and Meet will ensure the messaging platform lives on, and that support continues.”
Choices when using Google messaging programs: (1) use the oldest, as it’ll have the most users and be most feature-complete. Risk: gets shut down
(2) use the newest, as it’ll have the whizziest features. Risk: buggy and nobody else uses it.
link to this extract
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 
re. gDocs apps on iPad. I think a couple of things are going on:
– Safari is a semi-weird browser. It lacks supports for some modern Web features and de-facto standards, and has the usual idiosyncrasies. https://developer.telerik.com/featured/safari-is-not-the-new-ie-but/ ; https://medium.com/@sarahelson81/top-safari-browser-compatibility-issues-in-2018-fcfe354b445e
– Google is unmotivated to be gracious and do the work required to support Safari, since Apple is banning Chrome from iOS and forcing iOS-Chrome to be just a reskin of iOS’s WebView.
I think this “Safari only !” issue is much broader and meaningful than Google’s “well, use our app then” response.
The “Safari-only” policy is easy to understand in the context of Apple wanting to ensure the security of its platform. If it opens up to alternative browsers from Google, then it has to do for all – or else come up with a testing regime that can specify what it is looking for in security terms.
Simpler just to have your own browser on the platform; then you know that other browsers aren’t creating the opportunity for exploits. (You can criticise Safari’s security vis-a-vis Chrome, but that misses the point. Apple knows what Safari’s weaknesses are, and can mitigate against them. It doesn’t know what they are for other browsers.)
Google being “unmotivated” to be gracious implies it’s not interested in being an effective services company – that it puts narrow interests of forcing people onto its platform ahead of giving people a good experience on its products on any platform.
The core issue is that iOS is the only ecosystem to ban 3rd-party browsers, not that Google won’t port gDocs to Mobile Safari.
I’m unclear how a browser is a more risky app than any other app. Chrome would run within iOS’ usual sandbox, same as the current solution for third-party browsers (Apple’s WebView) does. If iOS is safe for all apps and for Apple’s WebView, isn’t it safe for Chrome too ?
Reciprocally, looking at Android vulnerabilities, I couldn’t find browser-based ones that rely on Chrome or Firefox (or Opera or Brave or Edge or…). Vulns always use the OEM’s browser because it is somewhat outside of the sandbox.
My best guess is that this is *not* a security move, but a power play by Apple to ensure web sites get a specific Safari-targeted version, which diverts resources from other versions, prevents from using cutting-edge features, and ensures iOS has a tailored experience. Apple is learning and applying lessons from MS’ IE Titanic, but that’s user-adverse, not progress. Google isn’t having a bit of fun reminding users that Mobile Safari is inferior and they don’t have a choice ;-p
Also, Google isn’t abandoning the whole iOS platform, it’s just addressing it with native apps and not a webapp. That is in most cases a superior proposition, the main (only ?) drawback is when you want to open several instances of the same app, but that’s an iOS limitation, not Google’s. Or when you need a feature that’s in the webapp but not in the app (not sure what – macros ?).
re. Pixel Slate reviews. I think the angle of the reviews is a bit skewed. Reviewers are journalists who use a set of tools and apps, and they’re trying to replicate that on ChromeOS. 2 issues with that:
1- that’s a very specific angle. Most people will be well served by the apps available in ChromeOS or websites or the Android subsystem. I got a dual-boot Windows+Android tablet, and spend 99.99% of my time on it in Android.
2- specific ChromeOS advantages are entirely overlooked: Android games (they’re entirely missing on Windows), Linux subsystem (a boon to sysdmins, devs, hackers), wide range of prices (a boon to families: dads can get a nice device and kids a cheap device)
ChromeOS is far from perfect, both in its feature set and in the execution/details. But it’s probably Good Enough ™ for a majority of users. And has distinct if specific advantages over both iOS and Windows/Metro.
re. Hangouts: I’m wondering how long this gHelp article has been up: https://support.google.com/a/answer/7651799?hl=en It is very clear.
I’m not sure people still using Hangouts will be much affected by the change from Hangouts to Hangouts chat, it seems to be the same product with a different name. I’d compare it to Skype’s platform swap a few months ago: couple of months of growing pains, then back to business as usual.
People love to whale on Google and messaging though ‘with some reason), so this non-issue has generated a nice if gratuitous storm in its teacup.
re. Mobile performance: How much does this matter ?
– On the PC side, the overwhelming majority of buyers don’t get anywhere near a top-speed processor, I’m not even sure most users graduate to the Core line from Athlon/Celeron/Pentium. Even for high-end uses such as gaming and rendering, the money is much better spent on GPUs.
– Many specific scenarios for which a lot of CPU are ill-suited to iOS devices: dev work you cant’ do on an iOS device anyway and it requires lots of I/O and storage too, number-crunching requires a lot of screen real-estate and probably a mouse, etc…
– On the Mobile side, people have stopped asking me about performance a few years back, I’d say since Project Butter. As long as the UI doesn’t stutter, people don’t complain about CPU performance. I’ve personally stopped caring too, anything with a core A7x is fine, I just got a Xiaomi Mi Max 3 which is an oversize Redmi Note 5. Its Snapdragon 636 is plenty good enough.
So, superlative performance elicits the same reaction as Intel’s Core i9 performance charts: Nice talking point, but so what ? Talk about overserving ! I’m sure there are a few niches that’ll use that oomph, probably audio and video processing – and that’s not even what GeekBench tests – but it’s wasted on most users. I hope Apple will eventually put it to use in ARM-based laptops and desktops though, hopefully running iOS not MacOS !