Start Up No.1,135: new details on Apple’s Tile, China’s iPhone attack also hit Android and Windows, the human-driven robots, and more


Guess which is the latest app to be used for hate speech inciting violence. CC-licensed photo by Christoph Scholz on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Back for Labo(u)r Day: read at your leis(u)re. I’m @charlesarthur on Twitter. Observations and links welcome.

Exclusive: Apple’s Tile competitor will include ‘Items’ tab in iOS 13’s Find My App and much more • MacRumors

Joe Rossignol and Steve Moser:

»

Apple is developing a Tile-like accessory that will help users keep track of their personal belongings, such as their keys, wallets, and backpacks, according to an internal build of iOS 13 seen by MacRumors.

The internal build contains an image of the accessory that suggests it will be a small, circular tag with an Apple logo in the center, similar to many other Bluetooth trackers. The image could be a mockup or placeholder, however, so the final design of the tag may vary at least slightly.

This image looks similar to one shared by 9to5Mac’s Guilherme Rambo, who was first to reveal Apple’s plans for this product in April.

MacRumors can confirm the tags are codenamed “B389” within Apple, and there are many strings that are a dead giveaway as to what this product’s purpose will be, such as “tag your everyday items with B389 and never lose them again.”

The tags will be closely integrated with the new Find My app in iOS 13, which merged Apple’s previous Find My iPhone and Find My Friends apps into one.

«

I’ve had a couple of Tile-style things, and I’ve never been able to choose a thing I wanted to tag. Suitcase? It’s on a plane, or it’s coming. Bicycle? Maybe. (Would you put it under the saddle to stop it being spotted?) Really can’t think of other things to tag. Any suggestions?
unique link to this extract


Kiwibots win fans at UC Berkeley as they deliver fast food at slow speeds • SFChronicle.com

Carloyn Said:

»

Version 1 was a small shopping basket perched on a remote-control car with training wheels; the “face” was simply printed on a sticker. A low-slung pizza delivery bot didn’t make the cut — the current Kiwibot can handle only personal-size pizzas but the next version will accommodate bigger pies. A hulking trash can-size model designed to enter restaurants to pick up food also didn’t work out.

Kiwi strives to make the robots endearing, like little R2-D2s.

“The concept is ‘kawaii,’” a Japanese word for cute, said CEO Felipe Chavez, citing examples like Pokémon’s Pikachu character. “You create an authentic connection when people feel characters are very cute.”

No matter how adorable, a robot that hogs the sidewalk won’t win fans. “The sidewalks are sacred; we need to make sure the robot will interact in the easiest way with citizens,” Chavez said.

The Kiwibots do not figure out their own routes. Instead, people in Colombia, the home country of Chavez and his two co-founders, plot “waypoints” for the bots to follow, sending them instructions every five to 10 seconds on where to go.

As with other offshoring arrangements, the labor savings are huge. The Colombia workers, who can each handle up to three robots, make less than $2 an hour, which is above the local minimum wage.

Another cost saving is that human assistance means the robots don’t need pricey equipment such as lidar sensors to “see” around them. Manufactured in China and assembled in the U.S., Kiwibots cost only about $2,500 each, Iatsenia said.

«

A real Wizard of Oz moment.
unique link to this extract


Talk to Transformer • OpenAI code

Adam King:

»

See how a modern neural network completes your text. Type a custom snippet or try one of the examples. Built by Adam King (@AdamDanielKing) as an easier way to play with OpenAI’s new machine learning model. In February, OpenAI unveiled a language model called GPT-2 that generates coherent paragraphs of text one word at a time.

For now OpenAI has decided only to release three smaller versions of it which aren’t as coherent but still produce interesting results. This site runs the largest released model, 774M, which is half the size of the full model.

«

I tried “It was a dark and stormy night.” and got back a Hemingway-esque murder mystery. Trying the first two lines of Jabberwocky – “Twas brilling, and the slithey toves/ Did gyre and gimbal in the wabe” produced what looked like Olde English. Have fun!
unique link to this extract


The truth about faster internet: it’s not worth it • WSJ

Shalini Ramachandran,Thomas Gryta,Kara Dapena,Patrick Thomas:

»

Americans are spending ever more for blazing internet speeds, on the promise that faster is better. Is that really the case?

For most people, the answer is no.

The Wall Street Journal studied the internet use of 53 of our journalists across the country, over a period of months, in coordination with researchers at Princeton University and the University of Chicago.

Our panelists used only a fraction of their available bandwidth to watch streaming services including Netflix, Amazon Prime Video and YouTube, even simultaneously. Quality didn’t improve much with higher speeds. Picture clarity was about the same. Videos didn’t launch quicker.

Broadband providers such as Comcast Corp., Charter Communications Inc. and AT&T Inc. are marketing speeds in the range of 250, 500 or even 1,000 megabits a second, often promising that streaming-video bingers will benefit. “Fast speeds for all of your shows,” declares one online ad from Comcast.

But for a typical household, the benefits of paying for more than 100 megabits a second are marginal at best, according to the researchers. That means many households are paying a premium for services they don’t need.

«

Terrific investigation. Of course, 100Mbps – which is what you need – is only feasible with fibre; and that also enables symmetric connectivity (upload and download speeds equal). Another WSJ investigation, about the same time, found that ISPs were providing “free” upgrades – say, from 75Mbps to 150Mbps – and then charging people more after the “free promotional period” expired. So evil.
unique link to this extract


Deconstructing Google’s excuses on tracking protection • Freedom To Tinker

Jonathan Mayer and Arvind Narayanan:

»

Blocking cookies is bad for privacy. That’s the new disingenuous argument from Google, trying to justify why Chrome is so far behind Safari and Firefox in offering privacy protections. As researchers who have spent over a decade studying web tracking and online advertising, we want to set the record straight.
Our high-level points are:

1) Cookie blocking does not undermine web privacy. Google’s claim to the contrary is privacy gaslighting.

2) There is little trustworthy evidence on the comparative value of tracking-based advertising.

3) Google has not devised an innovative way to balance privacy and advertising; it is latching onto prior approaches that it previously disclaimed as impractical.

4) Google is attempting a punt to the web standardization process, which will at best result in years of delay.

What follows is a reproduction of excerpts from yesterday’s announcement, annotated with our comments.

«

This is quite a takedown of Google’s claims that it would really love to do what Safari and Firefox are doing in terms of cooking blocking, but, uh, it’s complicated.
unique link to this extract


iPhone hackers caught by Google also targeted Android and Microsoft Windows, say sources • Forbes

Thomas Brewster:

»

The unprecedented attack on Apple iPhones revealed by Google this week was broader than first thought. Multiple sources with knowledge of the situation said that Google’s own Android operating system and Microsoft Windows PCs were also targeted in a campaign that sought to infect the computers and smartphones of the Uighur ethnic group in China. That community has long been targeted by the Chinese government, in particular in the Xinjiang region, where surveillance is pervasive.

Google’s and Microsoft’s operating systems were targeted via the same websites that launched the iPhone hacks, according to the sources, who spoke on the condition of anonymity.

That Android and Windows were targeted is a sign that the hacks were part of a broad, two-year effort that went beyond Apple phones and infected many more than first suspected. One source suggested that the attacks were updated over time for different operating systems as the tech usage of the Uighur community changed. Android and Windows are still the most widely used operating systems in the world. They both remain hugely attractive targets for hackers, be they government-sponsored or criminal.

«

This puts something of a different cast onto the Google Project Zero blogpost, which gives the strong impression that only iOS was targeted. If Google knew about attacks on Android and Windows, why didn’t it blog those? If it didn’t, how did it miss them, since they must have been on the same sites, at the same time?
unique link to this extract


TikTok is fuelling India’s deadly hate speech epidemic • WIRED UK

Nilesh Christopher:

»

Vijay’s death went largely unnoticed. It took place in a remote part of India that most of the country’s 1.3 billion people wouldn’t be aware of. However, it demonstrates the rising tide of hate speech filled videos circulating on TikTok and the massive problems the company faces in the country.

During June and July, WIRED identified more than 500 examples of caste-based hate, threats, violence and ridicule attacking different communities within the Tamil language on TikiTok. Users extol the virtues of specific castes and verbally attack local caste-leaders, which can trigger hate crimes.

India’s caste structure is a feudal system of social division stratifying people into hierarchical groups based on their background and work. These include: priests, warriors, farmers/traders, labourers and outcasts. Dalits, formerly the ‘untouchables,’ fall outside the system and are widely persecuted.

Videos found on TikTok include casteist-hate speech posted by users identifying themselves from high castes while celebrating and singing the praises of their communities. These quickly spill into threats of physical violence with members of some communities claiming dominance over other castes.

“We must sever, not the fingers, but the heads of those who dare to lay their hands on us (our community),” one user says in a video, identifying himself as part of the Nadar community.

«

Unmediated uploading allows people who really pose a risk to the public to, well, pose a threat. What’s the solution? Yesterday it was WhatsApp, today it’s TikTok.
unique link to this extract


A walk in Hong Kong • Idle Words

Maciej Cieglowski went to the Hong Kong protesters as an observer, having come to the US as a child from communist-era Poland:

»

coming in to the Hong Kong protests from a less developed country like the United States is disorienting. If you have never visited one of the Zeroth World cities of Asia, like Taipei or Singapore, it can be hard to convey their mix of high density, mazelike design, utterly reliable public services, and high social cohesion, any more than it was possible for me or my parents to imagine a real American city, no matter how many movies we saw. And then to have to write about protests on top of it!

It’s hard to write articulately about the Five Demands when one keeps getting brought up short by basic things, like the existence of clean public bathrooms.

The time and location of protests are set via social media alchemy; once you get notified about one, you descend through a spotless mall onto a bright and clean train platform, get whisked away by a train that arrives almost immediately, step out into another mall, then finally walk outside into overwhelming heat and a gathering group of demonstrators.

When it’s over, whether the demonstrators have dispersed of their own will, or are running from rubber bullets and tear gas, you duck into another mall, and another train, and within minutes are back in a land of infinite hypercommerce, tiny alleys and posh hotels with their lobby on the 40th floor of a skyscraper.

Not everyone lives in a luxury hotel, man! I get it. But my eyes are like saucers. I ask forgiveness of Hong Kongers if at times I am still that six year old kid, dazzled by what to you is ordinary. You live in a kind of city we Americans can only aspire to, and it’s no wonder you love your home so much you will take any risk to save it.

«

And then there’s the protests, which Zeynep Tufekci also attended. (Also: which is the most advanced American city? I’ve been to a few, but none has struck me as ahead of any major one in Europe.)
unique link to this extract


[Cryptography] Bitcoin Royale: peer-to-peer no-theft electronic gold • Cryptography mailing list

Philip Hallam-Baker, commenting on a new “no this time it’s safe” cryptocurrency:

»

I have been tracing crypto-currency payment schemes since I wrote the survey paper while I was at MIT 24 years ago and the field hasn’t moved since. Proof of work is an application of the peppercoin scheme Adi Shamir developed with Ron Rivest. Blockchain is the Haber-Stornetta hash chain notary.

The only thing that has changed in all that time is that we have moved fromthe store of value moving from the promise that someone has chunks of gold in escrow to the promise that if we all clap our hands and say we believe in tinkerbell, we all become rich.

Ten years on, BitCoin still defends itself from all criticism with the bald statement that it is early days and nobody can know how the system will adapt to meet the challenges. That is total hogwash. We know how the system will adapt because we have been watching for ten years – it won’t adapt at all.

Ten years after the financial crash, BitCoiners still splutter about the corruption of the global financial system while the BitCoin float is stolen over and over again. Fraud accounts for much less than 1% of actual value transfers in real world payment systems. Actual value transfers account for much less than 1% of the fraud in the BitCoin system.

Ten years ago, the largest online retailer of note to accept BitCoin for payments was Overstock.com. Ten years later the largest online retailer of note that accepts BitCoin for payments is Overstock.com. And they will be dropping BitCoin in the coming months as the CEO has had to resign after having an affair with a woman now in jail for being a Russian spy and then posting bizarre rants about the deep state.

«

unique link to this extract


The 2018 MacBook Pro keyboard drives me crazy • Ryan Bigg

Over to you, Ryan:

»

Apple is all about the thinness of their laptops. I do not particularly care about the thinness of this device. For the most part, it sits on one of two desks that I use or it sits on my lap on the train. Maybe I use it on the couch from time-to-time. I do not care about the thinness of this device while I am using it. I only care about it when I store it away, in my backpack.

This keyboard has a key travel distance that, I am sure, is measured in microns or perhaps nanometers. It feels like I am typing on a concrete slab. Key presses inexplicably duplicate. Or don’t register at all. All for thinness.

This keyboard is a catastrophic engineering failure, designed by a company that should know better. A company with more money in the bank than several countries combined. This keyboard would be, by far, the part of the MacBook Pro that is used the most by everybody who owns one, and it is so poorly engineered for the pursuit of thinness.

Apple must fix this problem in their upcoming MacBook Pro releases. I want a fat MacBook pro keyboard, one that has a travel distance of the older wireless keyboards and doesn’t have that “concrete slab” feel.

«

As I said: if design isn’t how it looks but how it works, this is poor design.
unique link to this extract


Errata, corrigenda and ai no corrida: none notified

10 thoughts on “Start Up No.1,135: new details on Apple’s Tile, China’s iPhone attack also hit Android and Windows, the human-driven robots, and more

  1. Things my mother needs to tag:
    – glasses – but this requires an invisible tag that can locate itself indoors and make non-shrill (old ears) noise
    – car keys and IDs

    So… right now tags are, to me, not ready for prime time. Maybe Apple’s ?

  2. Re: keyboards. I can’t help but think Apple was trying to move to a Lenovo-esque flat glass panel keyboard, because that makes things a lot more good-looking, cheaper, versatile (the whole keyboard is a touch bar !) and reliable (not sure if that’s a plus or minus, Apple is making a killing on repairs). I don’t think I’d ever tolerate let alone like such a keyboard, but with the new generation typing on phones, maybe they would. Should we try a phone-shaped PC keyboard for the youngins ? I’m sure Android has apps that turn a phone into a PC keyboard… Here you go, it’s called Blek: https://play.google.com/store/apps/details?id=io.appground.blek&hl=en . There’s more where that came from: https://www.howtogeek.com/240794/how-to-use-your-smartphone-as-a-mouse-keyboard-and-remote-control-for-your-pc/

    I wonder if the focus on mechanical keyboards is justified by objective reasons, or if it’s a branding/fashion thing. I was delighted to get a non-clicky PC keyboard when those appeared, and haven’t looked back. On the other hand, I was mightily envious of a mate’s Oric Atmos to my ZX Spectrum back in the day, there was a joy and pride to typing on the Oric that wasn’t there for the Spectrum. and the ZX-81 Keyboard was just sad.

  3. re. Chinese State hack. It’d be nice to know the exact list of hacks that were deployed, and how well they worked against updated and non-updated devices.
    But let’s not make the issue about Google’s reporting of it. I think the main point is iOS was vulnerable to hacks for 2 years. Android and Windows users aren’t sold the utter security that Apple PR’s so much about.
    Also, no hacks from ChromeOS and MacOS. We know MacOS can be hacked, we don’t know if ChromeOS can (someone did it in 2014, I haven’t heard anything else since ?)

    • “the main point is iOS was vulnerable to hacks for 2 years. Android and Windows users aren’t sold the utter security that Apple PR’s so much about.”

      That’s remarkably disingenuous of you. Nobody has ever pretended iOS can’t be hacked; the question is how difficult it is to do it, and how quickly the holes are closed, and how well known the vulnerabilities are. The PZ blogpost seems to suggest that it’s very difficult to do, and the vulnerabilities weren’t well known. They were closed quickly once Google alerted Apple about them.

      Why didn’t PZ note that Android and Windows were targeted too? It boggles the mind to think that they only visited the sites using iPhones. To say, as you do, “Android and Windows users aren’t sold the utter security that Apple PR’s so much about” is just nonsense. Please show us a statement from Apple’s press office saying that iOS offers “utter security”. Yes, Apple has made points about comparative security of iOS v Android. But we can’t evaluate that from this PZ post because either through oversight or failure or, possibly, very clever evasion by the Chinese hackers, they didn’t tell us about how Android devices were exploited, and how easy or hard that was in comparison to the iOS exploits.

      • Yep. Because nobody is forever repeating “Android is unsafe, iOS is safe” on a loop, so the big news isn’t that iOS was hacked for 2 years, but that Android too.

        Again, the issue here is a two-year ongoing iOS hack, not Google not reporting that Android and Windows too. I know you were away when the issue popped up and the PR is now focusing on “but not just iOS !”, but the big news is “iOS got hacked”, not “Google gleefully and partisanly reported on it”.

        Agreed, security is a process not a state. And non-updated Android has no process at all. But iOS buyers have an expectation of safety, non-Pixel Android buyers don’t. I’m not sure if Pixels are safer than iPhones. Chromebooks are safer than Windows PCs and Macs for sure.

      • You haven’t provided a link to support your claim that Apple’s PR offers “utter security”, so I’ll take it you’re letting that one go. If you can find reputable people saying “iOS is safe” in an absolute sense, rather than “iOS is safer” – a relative, not an absolute claim – then your complaint is worth listening to. Until then, it isn’t.
        Yes, there was a two-year ongoing hack, by Chinese state authorities. I know that, and I assumed that readers had noticed that, and I linked to the PZ blogpost about the iOS hacks. But in the manner of news, we now focus on all the new elements of this, and the one I find truly astonishing is what PZ did not find out. It’s the dog that didn’t bark in the night, and just as Sherlock Holmes found it to be the most telling part of the case he was solving, it now looks like the most salient of this one.

        State-sponsored hacks, particularly by China against what it perceives as dissidents, are part of the fabric of life now. But the self-appointed vigilante style of Project Zero, which has done a lot of good, starts to look less shiny when it omits a huge hinterland of – presumably – exactly similar ongoing hacks which went on for the same length of time. Or perhaps longer: Android seems to have many more exploitable flaws, and one would expect that it would be targeted first because more people in China use AOSP.

        Saying “oh, nobody expects Android to be secure” is the flimsiest possible excuse. Why didn’t PZ spot this? If there’s a blogpost upcoming later this week because they spotted it a week later, that might almost excuse them – but it’s still a bad look, especially now the story has grown so far, to not stand up and say “there’s more, and we want to tell you about it.”

        The point about Chromebooks is misdirection. It’s not relevant to this discussion, so it would be great if you wouldn’t raise it, rather than looking like someone partaking in whataboutism.

      • Non-IT specialists, ie regular people, ie most of the buyers, translate Apple’s carefully crafted PR to “iOS is safe”, as intended. And you know that as well as I do but pretend not to.

        Also, you’re making up that PZ didn’t spot the Android and Windows hacks, unless you have info nobody else has. They didn’t PR on it, because they’re Google and their PR is as biased as anybody else’s, but we can’t assume they didn’t spot it, nor that they didn’t discreetly report it to Google-sec and MS as they’ve been doing consistently for years. PZ has strict disclosure rules, they are anything but a “vigilante” (seriously ?) group, they give 3 months to fix vulns before making public unless exploits are live, which is standard industry practice.

        And I’m not saying “nobody expects Android to be secure”, but “nobody expects un-updated Android…”. I expect reasonably recent Android to be safe enough for regular users (not targeted, no sideload, no rooting); and only the updatiest Android to be maybe good enough for targeted individuals. I’m still unsure which is best for targeted people, probably not to much “best” as “least worst”, if simply having whatsapp opens you up to hacking.

        Again, you whataboutism is my context. You make a news about iOS being hacked into a news about Google not PR-ing about Android and Widnows being hacked too, if we’re talking about all OSes, I’m talking about all OSes. MacOS and ChromeOS are in the same space as Windows.

      • “Non-IT specialists, ie regular people, ie most of the buyers, translate Apple’s carefully crafted PR to “iOS is safe”, as intended”

        You’re putting words into the mouth of absolutely everyone here. Your bias is to believe that, but then you spread it to the rest of the world. I’m not going to engage with it, other than to say it’s a logical fallacy, and eminently unprovable.
        Re “you’re making up that PZ didn’t spot the Android and Windows hacks” – as I keep saying, did they see it and choose not to report it, or miss it? Both look pretty bad for a project that is ostensibly about holding everyone, including Google itself, to account. The idea that they’d spot honeypot sites and that those sites were *only* serving up iOS exploits, not the Windows and Android ones too – and yet other (or is it the same PZ?) security researchers, once quizzed by a couple of reporters, are able to point to Windows and Android exploits from the same sites, is pretty hard to believe.

        You’re really working on the finessing of which Android should be expected to be “secure”. And again assuming that you have a godlike view of what everyone thinks. It’s a bad mental habit that you should get out of.

        “Your whataboutism is my context”. Except your context is irrelevant. The honeypot sites were serving up exploits targeting iOS, Android and Windows. Nobody mentioned macOS; nobody mentioned ChromeOS. Nor did they mention BB10, Windows Phone, Sailfish, RTOS, or any of a dozen other operating systems in use. That’s why we don’t bring them up in a discussion of what was being targeted: because they’re not relevant, and to drag them in is the very purest whataboutism. Again, it’s a bad mental habit, and you should resolve to break it.

      • As you can probably guess, I’m known for pushing Andorid on everyone willing or not. The most-frequent dismissal is: But iOS is safe, Android is not. Not from people who’ve deeply thought about it, but from people fishing for justification for buying overpriced stuff. Privacy and Safety are Apple’s main PR points now that they’ve lost the “easy+sexy” edge. I’ve heard those words out of most everyone with an ounce of iAdvocacy in them.

        Amusingly, apparently prices for iPhone exploit chains are now cheaper than for Android: https://www.vice.com/en_us/article/7x584y/exploit-sellers-say-there-are-more-iphone-hacks-on-the-market-than-theyve-ever-seen . That’s worth its own separate news item.

        You’re still mixing up technical work and PR. The blog post was PR, you can’t expect any kind of ethics from that. Or, you shouldn’t (and you should try that attitude on Apple, too). And you shouldn’t assume that stuff that’s not PRed about isn’t real, known….

        As for context, what isn’t there is often as interesting as what is there. I find it interesting that top-quality honeypot sites didn’t include MacOS nor ChromeOS hacks. Probably because the targets aren’t using those, and the cost would be too high. It’s worth noticing anyway: if hacking was trivial, it would have been thrown in, if only because if I were a Chinese dissident (or just citizen), I’d now be using one of those two OSes. Indeed, using an orphaned OS wight be a good idea too, if we didn’t need apps.

  4. Also, while you were away, 2 nice things about Apple fixing their previously-bad ways:

    1- repairs, they’re letting independent shops buy parts and tools and diags after they certify a tech.
    2- Security, Apple will be supplying unlocked iPhones to security researchers.

    2 very basic things that everyone else has always done right, but it’s nice to see Apple catching on and catching up. What’s a bit sickening about this is that the iBubble utterly failed to report on these 2 issues that are now validated. What use are journalists/bloggers if they wait until issues are fixed to amplify the resulting PR, instead of critically assessing things beforehand ? Aren’t they doing that out of incompetence, laziness, or fear of retaliation ? Marco Arment answered that one ^^

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.