Start Up No.1,156: Simjacker debunked, Medium’s content problem, Mozilla and DoH, WeWork still in trouble, and more

Asimov’s Three Laws were great for stories about robots; less so for real life robots. CC-licensed photo by Simon Liu on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

The Three Laws of Robotics have failed the robots • Mind Matters



Chris Stokes, a philosopher at Wuhan University in China, says, “Many computer engineers use the three laws as a tool for how they think about programming.” But the trouble is, they don’t work.
He explains in an open-access paper:


The First Law fails because of ambiguity in language, and because of complicated ethical problems that are too complex to have a simple yes or no answer.

The Second Law fails because of the unethical nature of having a law that requires sentient beings to remain as slaves.

The Third Law fails because it results in a permanent social stratification, with the vast amount of potential exploitation built into this system of laws.

The ‘Zeroth’ Law, like the first, fails because of ambiguous ideology. All of the Laws also fail because of how easy it is to circumvent the spirit of the law but still remaining bound by the letter of the law.


Maybe we’d better hope it never gets tested in real life? At any rate, here at Mind Matters News, it’s Sci-Fi Saturday so we asked some of our contributors for reactions to the laws and to Stokes’s doubts about them.


Odd how we keep trying to wrestle ideas for films, TV and books into things to live by. (Other examples: Star Trek.)
unique link to this extract

New SIM attacks demystified, protection tools now available • Security Research Labs


We wanted to understand the extent to which users need to worry about Simjacker and create ways to know whether your SIM is vulnerable or even under attack.

Key research findings

• Around 6% of 800 tested SIM cards in recent years were vulnerable to Simjacker
• A second, previously unreported, vulnerability affects an additional 3.5% of SIM cards
• The tool SIMtester provides a simple way to check any SIM card for both vulnerabilities (and for a range of other issues reported in 2013)
• The SnoopSnitch Android app warns users about binary SMS attacks including Simjacker since 2014. (Attack alerting requires a rooted Android phone with Qualcomm chipset.)
• A few Simjacker attacks have been reported since 2016 by the thousands of SnoopSnitch users that actively contribute data (Thank you!)


OK, so it sounds like the concerns were overblown.
unique link to this extract

With Facebook’s coming News Tab, only some will get paid • WSJ

Lukas I. Alpert and Sahil Patel:


Facebook is planning to pay only a minority of publishers whose headlines will be featured in its coming news section, according to people familiar with the matter.

The specialized news section—which will appear on the toolbar at the bottom of Facebook’s mobile app—is set to launch as early as the end of October and will include links to stories from about 200 publications, the people said.

A person familiar with the matter said Facebook had never planned to pay all the news outlets whose content it would link to in its news section. The plan is similar to what Facebook has done with its Watch section, which includes videos not paid for by Facebook, the person said. Taking into account companies that own multiple publications, Facebook will pay fees to about one-quarter of the organizations that will be involved at launch, the person said.

Facebook is still negotiating with several big publishers, and in most cases talks have centered around how much of their reporting publishers would allow to be posted on the Facebook tab, the people familiar with the matter said. Facebook wants news organizations to allow access to all their stories for possible inclusion in the news tab, but some outlets have pushed for only allowing limited access.


Well of course it wasn’t looking to pay everyone. It just let them think that.
unique link to this extract

Will 10 million people pay for personal essays? • Simon Owens Substack

Simon Owens (who has Tech and Media Newsletter – doesn’t everyone?):


Last week I posted a tweet thread that you should check out. It starts with a screen capture of a headline for an article that appeared behind Medium’s paywall. This article fits into a content category that I’ve noticed is proliferating on Medium. It’s what I call “shitty personal advice column.”

In fact, anytime I see someone bragging about how much money they’re making through Medium’s partnership program – which allows users to place their content behind its paywall and get paid for the amount of engagement it generates – I then click on their user profile to see what kind of articles this person is regularly producing, and it almost always falls under this category. Often, the person is publishing upward of two or three articles a day, with each headline over-promising and under-delivering on its premise. 

And this makes sense. If you’re going to make real money on a platform that’s doling it out based on the amount of engagement it receives, you’ll need to produce a high volume of low calorie articles that require very little original research and contain clickable headlines. And with engagement being one of the required metrics, you’d want to stick to inspirational content, with the kind of shareable aphorisms that can be found in most career advice columns.

Which is all fine and good, but here’s the thing: Medium CEO Ev Williams has stated his goal is to reach 10 million paying subscribers. No text-based platform has attracted that many digital subscribers. The New York Times only has about 3 million. So can you get 10 million people to pay up to $5 a month so they can be flooded with a high volume of dashed-off columns that were written and published in the span of a few hours? 


Sounds like the long-lost Demand Media, killed by Google changing its algorithm. Wonder if the same fate lies ahead for those essays.

unique link to this extract

Mozilla won’t turn on DoH as default in the UK like it’s planning to do in the US • Gizmodo UK

Shabana Arif:


DoH [DNS over HTTPS, ie encrypted domain lookup queries] has been fairly controversial, with the Internet Services Providers Association (ISPAUK) nominating Mozilla for an ‘Internet Villain’ over the whole thing, saying it will “bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK.”

In his letter to Morgan, Mozilla vice president of global policy, trust and security, Alan Davidson, stressed that the company “has no plans to turn on our DoH feature by default in the United Kingdom and will not do so without further engagement with public and private stakeholders”.

He did add that Mozilla does “strongly believe that DoH would offer real security benefits to UK citizens. The DNS is one of the oldest parts of the internet’s architecture, and remains largely untouched by efforts to make the web more secure.

“Because current DNS requests are unencrypted, the road that connects your citizens to their online destination is still open and used by bad actors looking to violate user privacy, attack communications, and spy on browsing activity. People’s most personal information, such as their health-related data, can be tracked, collected, leaked and used against people’s best interest. Your citizens deserve to be protected from that threat.”

Whilst safety is an issue, it has to be balanced with privacy, and walking the line between freedom and forms of censorship is never easy. The sexual abuse and exploitation of children is often cited in this debate, with a government spokesperson stating that it’s “an abhorrent crime that this Government is committed to tackling,” and one of the measures is blocking certain websites that DoH would allow users to circumvent.


The difference in dialogue between the US and UK over DoH is notable: preventing malware and chid abuse imagery is a much bigger talking point in the UK. In the US it doesn’t seem to enter the discussion.
unique link to this extract

Apple denied tariff relief on Mac Pro parts after staying in Texas • Bloomberg

Mark Gurman and Mark Niquette:


Apple Inc. won’t be exempted from tariffs on five Chinese-made components for the upcoming Mac Pro computer, even after the company announced it was keeping some assembly operations in the US.

The US Trade Representative’s office denied Apple’s request for relief from 25% tariffs on the much-discussed optional wheels for Apple’s Mac Pro, a circuit board for managing input and output ports, power adapter, charging cable and a cooling system for the computer’s processor.

The decisions, posted Monday, come about a week after Apple announced it would make new Mac Pro computers at a plant in Austin, Texas – which it’s operated since 2013 – after originally considering shifting production to China like its other products. The move followed an announcement this month that the US trade office had agreed to Apple’s request for tariff waivers on 10 of 15 Chinese parts.


There are tariffs on the wheels. Wheels. How do wheels attract tariffs? It’s weird.
unique link to this extract

WeWork still needs cash after pulling IPO • WSJ

Eliot Brown:


To cut costs, the company’s new co-CEOs, Sebastian Gunningham and Artie Minson, are planning thousands of job cuts, putting extraneous businesses up for sale and purging some luxuries from the previous CEO, such as a G650ER jet purchased for more than $60m last year, people familiar with the matter have said.

New York-based We had $2.5bn in cash as of June 30. At the current rate of cash burn—about $700m a quarter—it would run out of money some time after the first quarter of 2020, according to Chris Lane, an analyst at Sanford C. Bernstein & Co. Mr. Lane and his colleagues projected in a recent note to clients that We would burn through nearly $10bn in cash between 2019 and 2022, assuming it keeps growing.

Messrs. Gunningham and Minson said in a joint email to We staff last week that they “anticipate difficult decisions ahead.”

“As we look toward a future IPO, we will closely review all aspects of our company with the intention of strengthening our core business and improving our management and operations,” the co-CEOs wrote.

Further adding pressure are agreements We made in a bond offering last year for which it must keep at least $500m of cash, according to S&P Global Ratings, which downgraded We’s bonds last week.


Wow, they’re down to their last executive jet. Times are tough. Set an alarm for February, when things are going to be getting frantic there.
unique link to this extract

October 2015: WeWork used these documents to convince investors it’s worth billions • Buzzfeed

Nitasha Tiku in October 2015:


Neumann likes to present WeWork as a star of the sharing economy, a technology platform that connects consumers to office space, just like Uber and Airbnb connect them to cars and homes, respectively.

But how can an infrastructure-dependent real estate venture scale like a low-overhead software startup? How can a company that signs 15-year leases — but sells monthly memberships — expect to survive a downturn? How can an entity that doesn’t own its own real estate be “worth” more than three times as much as the New York Yankees? Why does WeWork’s future look so bright when it sits smack in the middle of two bubbling markets (that is, tech and commercial real estate)? Why would a business model that drove one high-profile dot-com darling [Regus] promising “the office of the future” into bankruptcy succeed this time around?

October 2014 fundraising documents obtained by BuzzFeed News reveal how Neumann answers those questions behind closed doors. The material was shared with BuzzFeed by someone familiar with the company, on the condition of anonymity, and independently verified. WeWork would only comment on a couple of aspects of its fundraising pitch. It includes a five-year financial forecast and a slide presentation (also known as a pitch deck), both embedded below, as well as a company overview.


In 2014 its forecast for 2018 was $2.86bn in revenues; in fact it managed $1.8bn. Not bad, but still a substantial miss.
unique link to this extract

Looking back at the Snowden revelations • A Few Thoughts on Cryptographic Engineering

Matthew Green (who is a highly respected cryptographer:


Have things improved?

This is the $250 million question.

Some of the top-level indicators are surprisingly healthy. HTTPS adoption has taken off like a rocket, driven in part by Google’s willingness to use it as a signal for search rankings — and the rise of free Certificate Authorities like LetsEncrypt. It’s possible that these things would have happened eventually without Snowden, but it’s less likely.

End-to-end encrypted messaging has also taken off, largely due to adoption by WhatsApp and a host of relatively new apps. It’s reached the point where law enforcement agencies have begun to freak out, as the slide below illustrates.

Slightly dated numbers, source: CSIS (or this article)

Does Snowden deserve credit for this? Maybe not directly, but it’s almost certain that concerns over the surveillance he revealed did play a role. (It’s worth noting that this adoption is not evenly distributed across the globe.)

It’s also worth pointing out that at least in the open source community the quality of our encryption software has improved enormously, largely due to the fact that major companies made well-funded efforts to harden their systems, in part as a result of serious flaws like Heartbleed — and in part as a response to the company’s own concerns about surveillance.

It might very well be that the NSA has lost a significant portion of its capability since Snowden.

The future isn’t American.

I’ve said this before, as have many others: even if you support the NSA’s mission, and believe that the U.S. is doing everything right, it doesn’t matter. Unfortunately, the future of surveillance has very little to do with what happens in Ft. Meade, Maryland. In fact, the world that Snowden brought to our attention isn’t necessarily a world that Americans have much say in.


unique link to this extract

iOS 13.1.1 and iOS 13.1.2: Apple takes an aggressive update cadence to clean up iOS 13 • Ars Technica

Samuel Axon:


Just this past Friday, Apple released iOS and iPadOS 13.1.1, a small bug-fix update that repaired a security problem for third-party keyboard applications whereby those apps could get permissions before users had given them; an issue that precluded iPhones from restoring from backups in some cases; and an issue affecting battery life. The update also included minor bug fixes for Apple’s own apps like Safari and Reminders.

Apple doesn’t usually release so many updates in rapid succession. iOS 13 only launched 11 days ago, and it has already received three updates. As we noted in our review of iOS 13, it’s a major and ambitious update compared to last year’s iOS 12, but iOS 13 had a relatively rocky beta period, and a number of kinks still need to be ironed out even after today’s update.


This is very unusual to have so many updates without a calamitous mistake (eg knocking out cellular connectivity) or giant security hole.
unique link to this extract

Errata, corrigenda and ai no corrida: in last week’s article about offshore wind v nuclear, I suggested that wind farms’ rating could be comparable with nuclear power stations. They’re not though; they’re typically rated as capable of generating an average of half their maximum power. That changes the maths somewhat compared to nuclear, which can maintain a much higher output consistently.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.