Start Up No.1,052: blockchain hacks by the numbers, Fortnite’s big crunch, smart speakers ahoy!, Intuit’s free tax filing tricks, and more

The French Scrabble champion can’t speak French. Process that. CC-licensed photo by Hubert Figuière on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. But how do you prove a machine didn’t pick them? I’m @charlesarthur on Twitter. Observations and links welcome.

A ‘blockchain bandit’ is guessing private keys and scoring millions • WIRED

Andy Greenberg:


Last summer, Adrian Bednarek was mulling over ways to steal the cryptocurrency Ethereum. He’s a security consultant; at the time, he was working for a client in the theft-plagued cryptocurrency industry. Bednarek had been drawn to Ethereum, in particular, because of its notorious complexity and the potential security vulnerabilities those moving parts might create. But he started instead with the simplest of questions: What if an Ethereum owner stored their digital money with a private key—the unguessable, 78-digit string of numbers that protects the currency stashed at a certain address—that had a value of 1?

To Bednarek’s surprise, he found that dead-simple key had in fact once held currency, according to the blockchain that records all Ethereum transactions. But the cash had already been taken out of the Ethereum wallet that used it—almost certainly by a thief who had thought to guess a private key of 1 long before Bednarek had. After all, as with Bitcoin and other cryptocurrencies, if anyone knows an Ethereum private key, they can use it to derive the associated public address that the key unlocks. The private key then allows them to transfer the money at that address as though they were its rightful owner.

That initial discovery piqued Bednarek’s curiosity. So he tried a few more consecutive keys: 2, 3, 4, and then a couple dozen more, all of which had been similarly emptied. So he and his colleagues at the security consultancy Independent Security Evaluators wrote some code, fired up some cloud servers, and tried a few dozen billion more.


This is an amazing, amazing story; it’s a mixture of detective story and thriller, though the script needs work.
unique link to this extract

How Fortnite’s success led to months of intense crunch at Epic Games • Polygon

Colin Campbell:


Polygon interviewed current and former employees of Epic, including full-time staff, managers, and contractors working in development, QA, and customer service departments. They all requested that their identities be protected, for fear of retribution from Epic or other employers in the game industry. Epic requires that current and former staff sign nondisclosure agreements limiting their ability to speak about the company’s operations.

“I work an average 70 hours a week,” said one employee. “There’s probably at least 50 or even 100 other people at Epic working those hours. I know people who pull 100-hour weeks. The company gives us unlimited time off, but it’s almost impossible to take the time. If I take time off, the workload falls on other people, and no one wants to be that guy.

“The biggest problem is that we’re patching all the time. The executives are focused on keeping Fortnite popular for as long as possible, especially with all the new competition that’s coming in.”

A representative for Epic conceded that workers had endured extreme working hours. “People are working very hard on Fortnite and other Epic efforts,” said a spokesperson in an email interview. “Extreme situations such as 100-hour work weeks are incredibly rare, and in those instances, we seek to immediately remedy them to avoid recurrence.”

But meeting player demand and maintaining the game’s momentum has forced some to endure ongoing crunch.

“The executives keep reacting and changing things,” said the source. “Everything has to be done immediately. We’re not allowed to spend time on anything. If something breaks — a weapon, say — then we can’t just turn it off and fix it with the next patch. It has to be fixed immediately, and all the while, we’re still working on next week’s patch. It’s brutal.


The price of success: success, like failure, requires hard work, but the bar for what’s acceptable is higher.
unique link to this extract

Majority of US homes will have smart speaker next year • Strategy Analytics


There will be more US homes with smart speakers than without by the end of next year, according to the latest projections from Strategy Analytics. The report predicts that the 50% threshold will be reached in late 2020, and the US will be the first country in the world to reach this level of smart speaker ownership. The report predicts that by the end of 2023 eight countries will have a majority of smart-speaker owning households. The research also predicts global sales of more than 134 million smart speakers and screens in 2019, rising to 280 million by 2024.

The other countries reaching the 50% threshold in the next four years will be the UK, Ireland, Canada, South Korea, Australia, Germany and France. Widespread availability of apps and services in major languages is a key factor behind the success of smart speakers in these countries. Other markets, where less familiar languages are used, will tend to track behind the leading nations in smart speaker adoption.


That’s a lot of timers being set and music being played.
unique link to this extract

Samsung’s reputation founders on rush for lead in folding phones • Bloomberg

Sam King, Mark Gurman and Min Jeong Lee:


Initial prototypes would crack like a dried sheet of paper if folded about 10,000 times, people familiar with the matter said. Still, Samsung recognized its potential. It started to recruit mechanical engineers who could devote themselves to building a hinge the size of a finger, after the company realized the key to preventing cracks was to evenly distribute pressure. Engineers were encouraged to file as many patents as possible to prevent competition from creeping into a market that didn’t exist at the time, the people said, asking not to be identified as they aren’t authorized to speak publicly.

All seemed on track till last week, when reports of damage to review models started to surface, from a malfunctioning screen after a thin film was peeled off to a display that flickered wildly. Samsung retrieved the units but initially maintained the product would launch as planned on April 26. On Monday, executives convened at their headquarters and debated for hours before finally pulling the plug, the people said.

In initial investigations, Samsung engineers determined that removing the top layer of film — something they hadn’t anticipated users would do – damaged the product, people familiar with the matter said. Its designers had been preoccupied with perfecting the so-called crease where the device folded, they said.


John Gruber’s article about this screwup points out that someone in QC must have noticed. So did marketing override them? Or did they not notice, which would be worse?
unique link to this extract

Japan has a new emperor. Now it needs a software update • The New York Times

Ben Dooley, Makiko Inoue and Hisako Ueno on how Japan is having to get ready for May 1, when its new emperor means it’s day 1 of year 1 of the new emperor Reiwa:


The headaches have prompted a national conversation over whether it is finally time for Japan to move entirely over to the Gregorian calendar. The country uses the Gregorian calendar when dealing with other countries and to coordinate global events, such as the 2020 Olympics. Most people here have also already adopted it in their personal lives.

One lawyer, Jiro Yamane, has even sued the government over the change, arguing that forcing people to measure time by the life of the emperor violates their constitutional right to individual dignity.

“Only Japan exists in this different space and dimension of time,” said Mr. Yamane, who is scheduled to argue his case in front of a Tokyo district court at the end of May. “It’s incompatible with international society.”

“Why are the Japanese so hung up on it?” he added.

It may just be that Japan has a hard time letting go. The country still depends on fax machines. It is one of the last places in the world where Tower Records, the once iconic music store, has stayed open, still selling CDs.

The new era, to many, is symbolic of a fresh start. Government offices expect couples will rush to register their marriages on the first day of the new era.


unique link to this extract

The US measles outbreak is a reminder of the power of viral information • Financial Times

Marietje Schaake:


A tweet that has 500 likes looks more popular than a post that harvests three thumbs up. People have come to trust the wisdom of the crowd, or the top results in a search, whether on the subject of heart disease or crimes committed by immigrants. On platforms like YouTube and Google search, whether information is sent up or down the rankings is, at least in part, determined by how many people click on and share it.

Knowing whether such reactions come from real people or are auto-generated is crucial. Bots can be distinguished from people through pattern recognition: an account that sends a message exactly every 30 seconds during 72 hours is unlikely to be from a person typing and swiping.

Transparency rules should require platforms to make clear when bots are involved and the sources of advertising. Knowing who is paying to amplify and spread medical hoax messages is as important as knowing the sources of political ads. With more information, we may better understand the links between the anti-vaccination movement and politicians including Marine Le Pen in France, Beppe Grillo in Italy and Donald Trump in the US, who have all questioned the medical, as well as political, establishments.

The recent measles outbreaks remind us that our understanding of the toxic impact of algorithms on people’s actions is proven, and that ad hoc protection measures are not enough.


Schaake is an MEP – so this is the sort of thing that could become law. What if it’s law in Europe and not in the US?
unique link to this extract

Apple now prioritizing MacBook keyboard repairs with quoted next-day turnaround time • MacRumors

Joe Rossignol:


Apple’s memo, titled “How to support Mac customers with keyboard-related repairs in store,” advises Genius Bar technicians that these keyboard repairs should be “prioritized to provide next-day turnaround time”:


Most keyboard-related repairs will be required to be completed in store until further notice. Additional service parts have been shipped to stores to support the increased volume.

These repairs should be prioritized to provide next-day turnaround time. When completing the repair, have the appropriate service guide open and carefully follow all repair steps.


Apple did not provide a reason for this change, but the company is known for customer satisfaction, so it could be trying to speed up the process a bit to alleviate frustration.

The turnaround time for MacBook and MacBook Pro repairs shipped to Apple’s off-site facilities has typically ranged between three to five business days, and sometimes longer, so next-day turnaround would be much more convenient for customers if Genius Bars can actually fulfill that ambitious timeframe.


The clock must be ticking for the butterfly keyboard. There isn’t a commentator who will defend it; quite a few won’t buy a model with one. (If you want an Apple laptop with the scissor key mechanism, the low-end MacBook Air with non-retina screen is still available.) Apple executives, up to Phil Schiller and probably above, know what influencers say about it. It is costing Apple money, every day, both in the repair it has to do, and the lost sales to influencers and those who listen to them. It’s also costing in brand equity every moment it clings onto this calamitous design.

Sure, it would need a redesign of the body for every model that uses it. Guess what? Apple has resources for design. It could even just dust off the old ones – the tooling would be in place.
unique link to this extract

My search for a boyhood friend led to a dark discovery • WIRED

Douglas Preston:


One fall day [when he was eight years old], my mother gave me an empty cookie tin with a picture of a great ship plowing through waves, surrounded by gulls. Petey came over, and I said, “Let’s fill this with treasure and bury it.” We decided to leave it in the ground for 10 years and dig it up when we were 18. The year was 1964.

Petey and I spent hours debating what to put in the tin. The treasure had to be something valuable enough that our grown-up selves would be glad to have it back. We gathered our best things and laid them out on my bed for inspection. Most of them struck us as childish junk, but a few stood out as objects with adult gravitas. I chose a Morgan silver dollar, a coiled-up trilobite fossil, and my finest arrowhead—an ancient beauty flaked out of petrified wood in which you could still see the tree rings. Among Petey’s treasures were a squirrel skull, a miniature brass cannon from the USS Constitution’s gift shop, and an intricate blob of lead he had made by melting fishing sinkers on the stove and pouring the molten metal into water. It was a method of telling the future, he said. The blob predicted that his life would be one of wealth, success, and happiness.

As we looked over our carefully assembled treasures, they still didn’t seem adequate for a great journey into the future. I had an idea: Why not each write the story of our lives? Whatever else we put in the tin, we knew this would make for good reading, especially if we’d forgotten our childhoods, like most adults we knew.


Preston later returned to where he thought the capsule was buried, but couldn’t find it. Then he tried to find his friend. (This isn’t a technology story, unless using Google makes it so. In which case, fine.)
unique link to this extract

Here’s how TurboTax just tricked you into paying to file your taxes • ProPublica

Justin Elliott and Lucas Waldron:


Did you know that if you make less than $66,000 a year, you can prepare and file your taxes for free?

No? That’s no accident. Companies that make tax preparation software, like Intuit, the maker of TurboTax, would rather you didn’t know.

Intuit and other tax software companies have spent millions lobbying to make sure that the IRS doesn’t offer its own tax preparation and filing service. In exchange, the companies have entered into an agreement with the IRS to offer a “Free File” product to most Americans — but good luck finding it.

Here’s what happened when we went looking.

Our first stop was Google. We searched for “irs free file taxes.”

And we thought we found what we were looking for: Ads from TurboTax and others directing us to free products.


Of course the ads weren’t going to show where you can do it for free, but the lengths to which Intuit goes to make sure that people can’t find the really free service is astonishing. There must have been web designers who went home at the end of a day having completed the task of obfuscation. How did they feel, I wonder?
unique link to this extract

Winner of French Scrabble title does not speak French • NPR

Bill Chappell:


The Scrabble career of Nigel Richards went from great to astounding this week, after he won the French-language Scrabble World Championships. A New Zealand native, Richards has won several English-language titles; his new victory follows weeks of studying a French dictionary.

“He doesn’t speak French at all, he just learnt the words,” his friend (and former president of the New Zealand Scrabble Association) Liz Fagerlund tells the New Zealand Herald. “He won’t know what they mean, wouldn’t be able to carry out a conversation in French I wouldn’t think.”

It was only in late May that Richards began his quest to win the French world title, according to the French Scrabble Federation. That’s when he set about memorizing the French Scrabble dictionary.


What’s fascinating about this is that it’s an example of machine learning, done by a human. Scrabble ability isn’t about linguistic skill, it’s about pattern matching: seeing what letter combinations are permitted. What Richards does is essentially no different from what DeepMind’s Go program, or a self-driving car system, does. None of them speaks French, or understands Go, or understands driving. (Well, Richards might.)
unique link to this extract

The Mueller Report shows cheap automation fueled the Russia mess • Gizmodo

Brian Merchant:


According to RBC Magazine, the IRA [St Petersburg-based Internet Research Agency, a Russian disinformation outlet] employed fewer than 100 employees in the “American Department” of its so-called “troll farm.” The department’s budget for two years of operations was $2m. If your goal is to sow nationwide political discord and get that nation’s media to pay attention, that’s a lot cheaper than buying TV ads.

It also reportedly spent just $100,000 on Facebook ads, which is kind of a hilariously paltry sum if you’re hoping to swing elections, though experts regard it as likely just an experiment, a small part of the IRA’s posting regimen. And Twitter botnets are even cheaper. Dapper cyberlord Joseph Cox wrote about assembling his own Russian botnets for less than $100 in 2017, and security researchers have determined that they’ve only gotten more sophisticated since the 2016 election.

Twitter identified some 50,000 automated accounts that were affiliated with the IRA and were retweeting pro-Trump messages leading up to the election. Cox bought 1,000 accounts for $45. You don’t have to be an experienced coder to set these botnets up, either; you just need a little cash, the ability to Google ‘botnet services’ (or better yet, poke around on the dark web for them), and an openness to getting scammed here and there. It’s really easy to do.

“Overseas it’s a pretty cheap service,” Russell tells me. “They even advertise ON Twitter for it. Lots of Arabic bots I have ran into actually advertised for botting using Twitter.”


Merchant does point out that we don’t know how much influence this had. But every drop of water is part of the lake.
unique link to this extract

Errata, corrigenda and ai no corrida: none notified

1 thought on “Start Up No.1,052: blockchain hacks by the numbers, Fortnite’s big crunch, smart speakers ahoy!, Intuit’s free tax filing tricks, and more

  1. The founder of H&R Block died recently and they were talking about him on the radio this morning. Apparently his biggest stroke of luck was the IRS stopping free help and tax filing in the 60s, so its been going on a while (I wonder who was bought off to pass that bill?)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.