Start Up No.995: putting malware into DNA, Google’s marks go down, Buzzfeed’s unpaid quiz queen, the Quadriga mystery, and more

SimCity: based on ideas about city development that didn’t include humans. CC-licensed photo by leomarasciulo on Flickr.

We’re nearly at 1,000 – just a week to go. Want to contribute, specifically? Suggest the three links that you’ve found most interesting since you began reading. Email or Twitter.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 14 links for you. Go on, go on. I’m @charlesarthur on Twitter. Observations and links welcome.

Model metropolism • Logic Mag


In a paper serialized in two early issues of Reason, the libertarian magazine founded in 1968, [Jay] Forrester [author of the book whose equations were used as the basis for SimCity] argued that for most of human history, people have only needed to understand basic cause-and-effect relationships, but that our social systems are governed by complex processes that unfold over long periods of time. He claimed that our “mental models,” the cognitive maps we have of the world, are ill-suited to help us navigate the web of  interrelationships that make up the structure of our society.

For him, this complexity meant that policy interventions could, and usually would, have very different social effects than those imagined by policymakers. This led him to make the stark assertion that “the intuitive solutions to the problems of complex social systems” are “wrong most of the time.” In essence, anything we do to try to improve society will backfire and make things even worse.

In this respect, Forrester’s approach to the problems of American cities mirrored the “benign neglect” outlook of influential Nixon adviser Daniel Patrick Moynihan and the rest of the administration. Indeed, Moynihan was an enthusiastic proponent of Forrester’s work and recommended Urban Dynamics to his fellow White House officials. Forrester’s arguments enabled the Nixon Administration to claim that its plans to slash programs created to help the urban poor and people of color would actually, counterintuitively, help these people.


SimCity came out in 1989. Still influencing how people think about cities.
link to this extract

Biohackers encoded malware in a strand of DNA • WIRED

Andy Greenberg:


In new research they plan to present at the USENIX Security conference on Thursday, a group of researchers from the University of Washington has shown for the first time that it’s possible to encode malicious software into physical strands of DNA, so that when a gene sequencer analyzes it the resulting data becomes a program that corrupts gene-sequencing software and takes control of the underlying computer. While that attack is far from practical for any real spy or criminal, it’s one the researchers argue could become more likely over time, as DNA sequencing becomes more commonplace, powerful, and performed by third-party services on sensitive computer systems. And, perhaps more to the point for the cybersecurity community, it also represents an impressive, sci-fi feat of sheer hacker ingenuity.

“We know that if an adversary has control over the data a computer is processing, it can potentially take over that computer,” says Tadayoshi Kohno, the University of Washington computer science professor who led the project, comparing the technique to traditional hacker attacks that package malicious code in web pages or an email attachment. “That means when you’re looking at the security of computational biology systems, you’re not only thinking about the network connectivity and the USB drive and the user at the keyboard but also the information stored in the DNA they’re sequencing. It’s about considering a different class of threat.”


That is fabulously clever. (Thanks to the many people who sent this; Paul Guinnessy was first, I believe.) It’s obvious when you think about it: a Turing machine reading an instruction set.
link to this extract

One of the biggest at-home DNA testing companies is working with the FBI • Buzzfeed News

Salvador Hernandez:


Family Tree DNA, one of the largest private genetic testing companies whose home-testing kits enable people to trace their ancestry and locate relatives, is working with the FBI and allowing agents to search its vast genealogy database in an effort to solve violent crime cases, BuzzFeed News has learned.

Federal and local law enforcement have used public genealogy databases for more than two years to solve cold cases, including the landmark capture of the suspected Golden State Killer, but the cooperation with Family Tree DNA and the FBI marks the first time a private firm has agreed to voluntarily allow law enforcement access to its database.

While the FBI does not have the ability to freely browse genetic profiles in the library, the move is sure to raise privacy concerns about law enforcement gaining the ability to look for DNA matches, or more likely, relatives linked by uploaded user data.

For law enforcement officials, the access could be the key to unlocking murders and rapes that have gone cold for years, opening up what many argue is the greatest investigative tactic since the advent of DNA identification. For privacy advocates, the FBI’s new ability to match the genetic profiles from a private company could set a dangerous precedent in a world where DNA test kits have become as common as a Christmas stocking stuffer…

…In December 2018, the company changed its terms of service to allow law enforcement to use the database to identify suspects of “a violent crime,” such as homicide or sexual assault, and to identify the remains of a victim.


Ah, good old TOS. And yet: the FBI doesn’t hold this; it gets to access it just like a normal user, and to get more has to provide a court order or search warrant. This isn’t actually the gigantic intrusion it might look like.

link to this extract

How machine learning could keep dangerous DNA out of terrorists’ hands • Nature

Sara Reardon:


Biologists the world over routinely pay companies to synthesize snippets of DNA for use in the laboratory or clinic. But intelligence experts and scientists alike have worried for years that bioterrorists could hijack such services to build dangerous viruses and toxins — perhaps by making small changes in a genetic sequence to evade security screening without changing the DNA’s function.

Now, the US government is backing efforts that use machine learning to detect whether a DNA sequence encodes part of a dangerous pathogen. Researchers are beginning to make progress towards designing artificial-intelligence-based screening tools, and several groups are presenting early results at the American Society for Microbiology (ASM) Biothreats meeting in Arlington, Virginia, on 31 January. Their findings could lead to a better understanding of how pathogens harm the body, as well as new ways for scientists to link DNA sequences to specific biological functions.


At LAST someone has put together terrorism, DNA and machine learning.
link to this extract

Google talent advantage erodes as more workers doubt CEO vision • Bloomberg

Ellen Huet and Mark Bergen:


Alphabet Inc.’s Google became the most-profitable internet company by recruiting talented technologists and inspiring them enough to keep them around. That advantage may be slipping as some workers increasingly doubt the leadership and vision of Chief Executive Officer Sundar Pichai, according to recent results from an employee survey.

The annual internal poll, known as Googlegeist, asked workers whether Pichai’s vision of what the company can achieve inspires them. In response, 78% indicated yes, down 10 percentage points from the previous year.

Another question asked if employees have confidence in Pichai and his management team to effectively lead Google in the future. Positive responses represented 74% of the total, an 18 point decline from a year earlier.

There were similar declines for questions about Pichai’s decisions and strategies, his commitment to diversity and inclusion, and the compensation the company pays, according the results, which were viewed by Bloomberg News. Google shares the results with all employees to make sure concerns are heard. This time, 89% of workers took the survey.


It would be close to a miracle if a company expanded as fast as Google is doing and its employees were as happy as at the start when everyone had a concise shared vision. But those are big drops: clearly the rows over sexual harassment and payoffs, the proposal to do censored search in China, and whether to do work with the military have all hurt morale.
link to this extract

The layoffs at BuzzFeed and the case of the teenaged quizmaker • The New Yorker

Charles Bethea:


the company laid off some two hundred members of its staff, including its director of quizzes, Matthew Perpetua, who shared the news in a blog post, on Monday, titled “How Laid Off Are You?” Perpetua came to BuzzFeed in 2012, after he was laid off by Rolling Stone; he became the company’s first quiz master editor three years later. During his tenure, a quiz that asked “What state should you live in?” was viewed fifty million times.

Perpetua’s blog post noted that “a LOT” of BuzzFeed’s traffic came from quizzes, and that “a VERY large portion of that traffic comes from a constant flow of amateur quizzes made by community users.” He went on, “In the recent past the second highest traffic driver worldwide has been a community user in Michigan who is a teenager in college who, for some reason, makes dozens of quizzes every week.” A reporter at the Los Angeles Times tweeted a screenshot of that passage, and the tweet went semi-viral. Eventually, the Michigan teenager, whom Perpetua had not named, chimed in. “Okay… so I kinda feel horrible,” she tweeted. “If my hobby is partial cause for these layoffs, especially with those in the ‘quiz section’, I never intended to do so. I make the quizzes for fun, I didn’t know it would turn bad.”

The teenager in question, Rachel McMahon, is a sophomore at Grand Valley State University, outside of Grand Rapids. Her quizzes drew a hundred and thirty million views in 2018, making her, according to BuzzFeed, the fifth-highest traffic driver worldwide last year. (She did climb as high as No. 2 in some months.)


And she didn’t get paid – apart from a few items of schwag. But Perpetua’s blogpost, and the subsequent blizzard of interviews, has had a good effect: she might now get a job straight out of college. Or earlier. What’s the betting that it’s never as visible as the things she did while in college?
link to this extract

QuadrigaCX chain analysis report (pt. 1): bitcoin wallets • Medium


Brief Summary of Findings
Below are the findings made by the author of this report:

1: It appears that there are no identifiable cold wallet reserves for QuadrigaCX.
2: It appears that QuadrigaCX was using deposits from their customers to pay other customers once they requested their withdrawal.
3: It does not appear that QuadrigaCX has lost access to their Bitcoin holdings.
4: It appears the number of bitcoins in QuadrigaCX’s possession are substantially less than what was reported in Jennifer Robertson’s (wife of allegedly deceased CEO and Owner Gerry Cotten) affidavit, submitted to the Canadian courts on January 31st, 2019.
5: At least some of the delays in delivering crypto withdrawals to customers were due to the fact that QuadrigaCX simply did not have the funds on hand at the time. In some cases, QuadrigaCX was forced to wait for enough customer deposits to be made on the exchange before processing crypto withdrawal requests by their customers.
6: After completing the analysis, it is the author’s opinion that QuadrigaCX has not been truthful with regards to their inability to access the funds needed to honor customer withdrawal requests. In fact, it is almost impossible to believe that this is the case in lieu of the empirical evidence provided by the blockchain.


Just in case you hadn’t heard: the CEO of Quadriga, a cryptocurrency exchange, is claimed to have died – of Crohn’s Disease – while in India, according to a notarised bit of paper presented in a Canadian court. (Yes, that’s two 🤔 right away: Crohn’s Disease by itself isn’t fatal.) The exchange allegedly had its $190m of crypto held in “cold” (offline) wallets for which only the CEO knew the passphrase.

If any of those claims above is correct, Cotten is going to find out what a crowdsourced manhunt looks like, and it’ll make the John Darwin case look like a bit of a laugh. (Then again, Darwin only collected £25,000. Lightweight.)
link to this extract

Google Play apps with more than 4.3 million downloads stole pics and pushed porn ads • Ars Technica

Dan Goodin:


A blog post published by security firm Trend Micro listed 29 camera- or photo-related apps, with the top 11 of them fetching 100,000 to 1 million downloads each. One crop of apps caused browsers to display full-screen ads when users unlocked their devices. Clicking the pop-up ads in some cases caused a paid online pornography player to be downloaded, although it was incapable of playing content. The apps were carefully designed to conceal their malicious capabilities.

“None of these apps give any indication that they are the ones behind the ads, thus users might find it difficult to determine where they’re coming from,” Trend Micro Mobile Threats Analyst Lorin Wu wrote. “Some of these apps redirect to phishing websites that ask the user for personal information, such as addresses and phone numbers.”

The apps also hid their icons from the Android app list. That made it hard for users to uninstall the apps, since there was no icon to drag and delete. The apps also used compression archives known as packers to make it harder for researchers—or presumably, tools Google might use to weed out malicious apps—from analyzing the wares.


link to this extract

Adblocking in the UK 2018 • eMarketer Trends, Forecasts & Statistics


How many people in the UK are using ad blockers?

Rates of ad blocking in the UK remain relatively low compared with other Western countries tracked by eMarketer. We estimate that 12.2 million people in the UK will use an ad blocker at least monthly in 2018, representing 22.0% of internet users, compared with 28.7% in France, 32.0% in Germany and 25.2% in the US. Growth in user numbers will slow to single digits for the first time.

How prevalent is ad blocking among 18- to 24-year-olds in the UK?

As is so often the case when it comes to digital trends, behaviors are more pronounced among certain younger age groups. In the millennial cohort, for example, ad blocking user rates are much higher than in other age brackets. We expect 43.0% of UK internet users ages 18 to 24 will use an ad blocker this year.


Since you’re wondering, 38% of them are doing that on smartphones – up from 16.3% in 2014.
link to this extract

Donald Trump rejects intelligence briefing facts • Time

John Walcott:


the disconnect between Trump and his intelligence briefers is no joke, the officials say. Several pointed to concerns regarding Trump’s assessment of the threat posed by North Korea’s nuclear capabilities. After Trump’s summit with North Korean leader Kim Jong-Un last summer, the North claimed to have destroyed its major underground nuclear testing facility at Punggye-ri, and Trump has gone out of his way to credit the claim.

The National Geospatial-Intelligence Agency (NGIA), which oversees the spy satellites that map and photograph key areas, had tried to impress upon Trump the size and complexity of the North Korean site. In preparing one briefing for the President on the issue early in his administration, the NGIA built a model of the facility with a removable roof, according to two officials. To help Trump grasp the size of the facility, the NGIA briefers built a miniature version New York’s Statue of Liberty to scale and put it inside the model.

Intelligence officials from multiple agencies later warned Trump that entrances at the facility that had been closed after the summit could still be reopened. But the president has ignored the agencies’ warnings and has exaggerated the steps North Korea has taken to shutter the facility, those officials and two others say. That is a particular concern now, ahead of a possible second summit with the Kim Jong-Un later this month.


The headline didn’t need “intelligence briefing”, but the detail about building a model – and still not being listened to – is quite something. You’d begin asking yourself: what the hell do we have to do?
link to this extract

The problem with throwing away a smart device • Hackster Blog

Alasdair Allan:


Last week a teardown of the LiFX Mini white was published on the Limited Results site, and it shows that this smart lightbulb is anything but smart.

In a very short space of time the teardown established that if you’ve connected the bulb to your Wi-Fi network then your network password will be stored in plain text on the bulb, and can be easily recovered just by downloading the firmware and inspecting it using a hex editor.
In other words, throwing this lightbulb in the trash is effectively the same as taping a note to your front door with your wireless SSID and password written on it. This probably isn’t something you should be comfortable doing.

Worse yet both the root certificate and RSA private key for the bulb are also present in the firmware in plain text, and the devices is completely open—no secure boot, no flash encryption, and with the debug interface fully enabled.

It turns out that this particular LiFX bulb is built around an Espressif ESP32 which, as we know, has a sprawling and fairly mature open source ecosystem. But that also means that the security implemented by LiFX for the bulb was inexplicably poor. Because while the recovery of the password and keys was aided by the mature state of the development environment, the ESP32 also supports both secure boot and flash encryption, and the later would have provided “at-rest” data encryption, and stopped the this sort of attack dead in its tracks.


link to this extract

Lowe’s is killing off and bricking its Iris smart home products at the end of March • TechCrunch

Greg Kumparak:


If you’ve got any gear from Lowe’s Iris line of smart home products, it’s time to start looking for alternatives.

Lowe’s has announced that the line is toast, with plans to flip the switch on “the platform and related services” at the end of March. In other words: much of this once smart connected gear is about to get bricked.

On the upside, Lowe’s is committing to refund customers for “eligible, connected Iris devices” — with the caveat that you’ve got to go through its redemption portal. “PLEASE DO NOT BRING YOUR CONNECTED IRIS DEVICES BACK TO A LOWE’S STORE,” they note repeatedly. They don’t want it either.

Refunds will be issued in the form of a prepaid Visa card. They also note that some — but definitely not all — Iris-compatible devices work with alternatives like Samsung’s SmartThings platform.


So anyway, don’t throw them away.
link to this extract

Foxconn again shifts Wisconsin plan after Trump intervenes • Washington Post

Scott Bauer:


on Friday, in yet another twist, Foxconn said after discussions with the White House and a personal conversation between Trump and Foxconn chairman Terry Gou, it plans to proceed with the smaller manufacturing facility.

“Great news on Foxconn in Wisconsin after my conversation with Terry Gou!” Trump tweeted.

The Foxconn statement did not say whether the commitment to this size factory would affect the type of workers who would be employed in Wisconsin. Foxconn executive Louis Woo told Reuters earlier this week that about three-quarters of workers in Wisconsin would be in research and development-type jobs, not manufacturing. Woo said the Wisconsin project would be more of a research hub, rather than having a manufacturing focus.

A Foxconn spokeswoman had no immediate comment about what its plans to build the “Gen 6” factory would mean for the makeup of the workforce. The difference between a “Gen 10” and “Gen 6” plant rests with the size of the original glass used to make the screens. The larger plant, which had been part of Foxconn’s initial plans, would have used glass more than three-times as large as what the smaller facility will use. The “Gen 6” plant can make screens ranging in size from a smart phone to a 75in television, while the larger plant would have allowed for devices as large as 9½ft by 11ft.

Foxconn, the world’s largest electronics company, said Friday the campus will house both an advanced manufacturing facility and a center of “technology innovation for the region.”


Can they treat whiplash? (It won’t matter; Trump will be gone by the time the plant goes live.) Also: are TVs and smartphones the only place where imperial measures still rule?
link to this extract

Smartphone woes continue with worldwide shipments down 4.9% in Q4 2018 • IDC


smartphone vendors shipped a total of 375.4m units during the fourth quarter of 2018 (4Q18), down 4.9% year over year and the fifth consecutive quarter of decline. The challenging holiday quarter closes out the worst year ever for smartphone shipments with global smartphone volumes declining 4.1% in 2018 with a total of 1.4bn units shipped for the full year. With challenging market conditions continuing into the first quarter of 2019, the likelihood of a declining market this year becomes more of a reality.

“Globally the smartphone market is a mess right now,” said Ryan Reith, program vice president with IDC’s Worldwide Mobile Device Trackers. “Outside of a handful of high-growth markets like India, Indonesia, Korea, and Vietnam, we did not see a lot of positive activity in 2018. We believe several factors are at play here, including lengthening replacement cycles, increasing penetration levels in many large markets, political and economic uncertainty, and growing consumer frustration around continuously rising price points.”

…China, which accounts for roughly 30% of the world’s smartphone consumption, had an even worse 2018 than the previous year with volumes down just over 10%. High inventory continues to be a challenge across the market as is consumer spending on devices, which has been down overall. At the same time the top 4 brands, all of which are Chinese – Huawei, OPPO, vivo, and Xiaomi – grew their share of the China market to roughly 78%, up from 66% in 2017.

On a worldwide basis, the top 5 smartphone companies continue to get stronger and now account for 69% of smartphone volume, up from 63% a year ago. If vivo is included, which is currently number six and has been in and out of the top 5 in recent quarters, the share of the top companies is 75% and growing.


OK, but I’m not sure you can call a year that saw the second-highest number of shipments recorded the “worst ever”. Counterpoint Research puts the total shipped at 1.498bn, and says the market was down 4% on 2017. Lenovo looks to be in real trouble, down 23% year-on-year.
link to this extract

Errata, corrigenda and ai no corrida: none notified

1 thought on “Start Up No.995: putting malware into DNA, Google’s marks go down, Buzzfeed’s unpaid quiz queen, the Quadriga mystery, and more

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.