Carol singers? It’s 2019 – now you can have a line from every carol, done by computer. Don’t expect to like it though. CC-licensed photo by byronv2 on Flickr.
Thank you for reading The Overspill during 2019!
We went from issue 980 to 1,214, which comes out to 235 posts.
It will be back in 2020 with issue 1,215.
If you need to fill the time while it’s not arriving in your inbox, you could make a charitable donation to the Internet Archive or Wikipedia; or to your local homeless charity. They’ll all appreciate it.
Though they won’t arrive until next year, you can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 10 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.
Twelve million phones, one dataset, zero privacy • The New York Times
Stuart Thompson and Charlie Warzel:
»
Every minute of every day, everywhere on the planet, dozens of companies — largely unregulated, little scrutinized — are logging the movements of tens of millions of people with mobile phones and storing the information in gigantic data files. The Times Privacy Project obtained one such file, by far the largest and most sensitive ever to be reviewed by journalists. It holds more than 50 billion location pings from the phones of more than 12 million Americans as they moved through several major cities, including Washington, New York, San Francisco and Los Angeles.
Each piece of information in this file represents the precise location of a single smartphone over a period of several months in 2016 and 2017. The data was provided to Times Opinion by sources who asked to remain anonymous because they were not authorized to share it and could face severe penalties for doing so. The sources of the information said they had grown alarmed about how it might be abused and urgently wanted to inform the public and lawmakers.
After spending months sifting through the data, tracking the movements of people across the country and speaking with dozens of data companies, technologists, lawyers and academics who study this field, we feel the same sense of alarm. In the cities that the data file covers, it tracks people from nearly every neighborhood and block, whether they live in mobile homes in Alexandria, Va., or luxury towers in Manhattan.
…or giant tech company, nor did it come from a governmental surveillance operation. It originated from a location data company, one of dozens quietly collecting precise movements using software slipped onto mobile phone apps. You’ve probably never heard of most of the companies — and yet to anyone who has access to this data, your life is an open book.
… Our privacy is only as secure as the least secure app on our device.
«
Which isn’t very. Is America ever going to discover privacy?
unique link to this extract
Endless Jingling • Josh Millard
»
Endless Jingling was written and recorded by Josh Millard. It selects a handful of Christmas songs at random from a collection of three dozen recordings, then jumps around randomly between them forever and ever and ever or until you reload for a new combination of songs.
«
They’re all tuned to the key of C, so no fretting about the key changes. Put it on in the background at your Christmas party and see how long it takes before someone kills you. No, you’re welcome.
unique link to this extract
To control its destiny, Facebook bets big on hardware • The Information
Alex Heath:
»
Earlier this year, it held talks to acquire Cirrus Logic, a semiconductor company founded in 1981 that supplies chips to Apple and others, according to a person with knowledge of the discussions (no deal transpired). Facebook even has a team building its own operating system from scratch, led by a former star Microsoft engineer, which could help it wean its products off Android, the free operating system its rival Google makes. Large portions of Facebook’s hardware group will begin to move into the new campus when it opens late next year.
The person overseeing the company’s far-ranging hardware efforts is Andrew Bosworth, a Facebook veteran who met the company’s CEO Mark Zuckerberg in 2004 at Harvard University, when Bosworth was a teaching assistant in an AI class Zuckerberg was taking.
The Information recently spoke to Bosworth at Facebook’s Menlo Park, California, headquarters, as part of a series of interviews with key hardware leaders at the company. Bosworth—known as “Boz” to people who work with him—said the company is building so many of the underlying technologies for its future hardware products because it doesn’t want to rely on outsiders.
«
The prospect of Facebook doing all this stuff is quite concerning, really. Though there’s no hope of it succeeding with an OS: the ecosystem won’t be there.
unique link to this extract
Hundreds of ‘pink slime’ local news outlets are distributing algorithmic stories and conservative talking points • Columbia Journalism Review
Priyanjana Bengani:
»
An increasingly popular tactic challenges conventional wisdom on the spread of electoral disinformation: the creation of partisan outlets masquerading as local news organizations. An investigation by the Tow Center for Digital Journalism at Columbia Journalism School has discovered at least 450 websites in a network of local and business news organizations, each distributing thousands of algorithmically generated articles and a smaller number of reported stories. Of the 450 sites we discovered, at least 189 were set up as local news networks across ten states within the last twelve months by an organization called Metric Media.
Titles like the East Michigan News, Hickory Sun, and Grand Canyon Times have appeared on the web ahead of the 2020 election. These networks of sites can be used in a variety of ways: as ‘stage setting’ for events, focusing attention on issues such as voter fraud and energy pricing, providing the appearance of neutrality for partisan issues, or to gather data from users that can then be used for political targeting.
On October 20, the Lansing State Journal first broke the story of the network’s existence. About three dozen local news sites, owned by Metric Media, had appeared in Michigan. Further reporting by the Michigan Daily, the Guardian and the New York Times identified yet more sites. Ultimately, previous reporting has identified around 200 of these sites. Our analysis suggests that there are at least twice that number of publications across a number of related networks, of which Metric Media is just one component.
«
“Pink slime” is quite the phrase for this stuff.
unique link to this extract
Sale of second-hand e-books infringes copyright, rules CJEU • World IP Review
Rory O’Neill:
»
When a book is sold in physical form, the copyright for the work is said to have been ‘exhausted’, in other words, the purchaser is free to sell it on without violating the author or publisher’s IP.
Tom Kabinet argued that the exact same principle should hold for digital copies.
The CJEU, following the AG’s opinion, ruled that rights exhaustion in the case of e-books would damage rights owners much more than in the case of physical copies.
This is because e-books do not deteriorate with use and are therefore a perfect substitute for new physical copies of the work.
The Dutch copyright groups argued that Tom Kabinet’s resale of the e-books constituted an unauthorised “communication to the public” of the copyright-protected material under Directive 2001/29/EC (commonly known as the InfoSoc Directive).
Under EU law, exhaustion of copyright only applies to the right of distribution. In today’s judgment, the CJEU found that downloading an e-book is not covered by the right of distribution, but rather the right of communication to the public, which cannot be exhausted.
The court referred to the World Intellectual Property Organisation (WIPO) Copyright Treaty, which underpins the InfoSoc Directive. According to the court, that treaty holds that rights exhaustion should be “reserved for the distribution of tangible objects,” such as physical books.
«
Prime power: how Amazon squeezes the businesses behind its store • The New York Times
Karen Weise:
»
Amazon has pushed to keep prices low since the day it opened. That has become trickier as more sales came from outside sellers. According to antitrust law, each seller of goods should determine what to charge on its own. To avoid problems, an in-house lawyer is typically present when internal Amazon teams discuss pricing, according to two former employees.
In 2017, Amazon began reducing prices to match competitors; if the new price was lower than the one requested by the sellers, Amazon paid the difference. The company also alerted companies if their products were cheaper elsewhere.
Still concerned about news reports that prices on Amazon weren’t always the lowest, the company tried another approach, the one that hit VitaCup: removing the Buy Now and Add to Cart buttons when its software detected lower prices. When those buttons disappear, sales tumble as much as 75 percent, sellers say.
Executives at Amazon intended this as a tool to lower prices. The company has told Congress that the buttons amount to an endorsement, saying it only displays them on “offers that it is confident will present a great experience for its customers.”But many brands raise their prices elsewhere to avoid losing the buttons. Or they decide to list their product only on Amazon. That is what happened to a health care supply company that worked with Jason Boyce, who advises online sellers.
“My client cut off Walmart — Walmart! — because it was hurting their Amazon business,” Mr. Boyce said. “If that’s not monopoly power, I don’t know what is.”
«
A long read, but worth it – though as with many of these portmanteau pieces, you’re left reeling at the many ways in which Amazon’s power is imposed.
unique link to this extract
A data leak exposed the personal information of over 3,000 Ring users • Buzzfeed News
Caroline Haskins:
»
The log-in credentials for 3,672 Ring camera owners were compromised this week, exposing log-in emails, passwords, time zones, and the names people give to specific Ring cameras, which are often the same as camera locations, such as “bedroom” or “front door.”
Using the log-in email and password, an intruder could access a Ring customer’s home address, telephone number, and payment information, including the kind of card they have, and its last four digits and security code. An intruder could also access live camera footage from all active Ring cameras associated with an account, as well as a 30- to 60-day video history, depending on the user’s cloud storage plan.
We don’t know how this tranche of customer information was leaked. Ring denies any claims that the data was compromised as a part of a breach of Ring’s systems. A Ring spokesperson declined to tell BuzzFeed News when it became aware of the leak or whether it affected a third party that Ring uses to provide its services.
“Ring has not had a data breach. Our security team has investigated these incidents and we have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network,” the spokesperson said. “It is not uncommon for bad actors to harvest data from other companies’ data breaches and create lists like this so that other bad actors can attempt to gain access to other services.”
It is not clear what “other companies’ data breaches” the spokesperson was referring to.
«
Come on, there are tons of them – and if you use the same password as on Ring (lots of people do; password overload is everywhere) then you’re vulnerable. Side note: Wirecutter, which recommends stuff, has suspended its recommendation of Ring.
unique link to this extract
Can the internet survive climate change? • The New Republic
Kevin Lozano:
»
How the internet adapts to the pressures of the climate crisis will change daily life as we know it, from high-speed trading to shit-posting, from email to aircraft control. It’s an open question whether the internet of the future will be as reliable as it is today. In fact, it’s likely that internet access will be among the many scarce resources that future generations will fight over, and that this unequal distribution could create two different internets: one for the poor and another for the rich.
Everything is going to change, and quickly. Sites like Low-Tech offer one possible future, but generally speaking, the internet is likely to face changes to its basic infrastructure that will be both sweeping and hard to predict. In the last few months, I’ve talked to dozens of people—web designers and futurists, computer scientists and activists—who are all increasingly concerned about the internet’s own climate impact and its operational vulnerability in a fast-warming planet. What follows, pieced together from their observations, is a provisional picture of the internet’s future in the age of global warming.
The internet is inextricably tied to the coming horrors of the climate crisis. It is both a major force behind that crisis and one of its likely casualties.
It is the largest coal-fired machine on the entire planet, accounting for 10% of global electricity demand. And the internet’s climate impact is only going to get worse: Around half of the world has yet to log on—a presently disconnected population of more than three billion people eager to begin streaming videos and updating Facebook accounts. The internet’s cut of the world’s electricity demand will likely rise to 20% or more by 2030, at which point it will produce more carbon than any country except China, India, and the United States.
«
Giant solar park in the desert jump starts Egypt’s renewables push • Reuters
Aidan Lewis:
»
Near the southern Egyptian city of Aswan, a swathe of photovoltaic solar panels spreads over an area of desert so large it is clearly visible from space.
They are part of the Benban plant, one of the world’s largest solar parks following completion last month of a second phase of the estimated $2.1bn project.
Designed to anchor a renewable energy sector by attracting foreign and domestic private-sector developers and financial backers, the plant now provides nearly 1.5GW to Egypt’s national grid and has brought down the price of solar energy at a time when the government is phasing out electricity subsidies.
In 2013, Egypt was suffering rolling blackouts due to power shortages at aging power stations. Three gigantic gas-powered stations with a capacity of 14.4GW procured from Siemens in 2015 turned the deficit into a surplus.
National installed electricity capacity is now around 50GW and Egypt aims to increase the share of electricity provided by renewables from a fraction currently to 20% by 2022 and 42% by 2035.
…Last year a report from the International Renewable Energy Agency (IRENA) suggested Egypt could be more ambitious in its green energy goals and aim to supply 53% of its electricity from renewables by 2030.
«
So: good, but could be better.
unique link to this extract
India’s internet curbs are part of growing global trend • The Guardian
Michael Safi:
»
On Thursday, internet shutdowns came to the capital city of the world’s largest democracy.
The suspension of data services, phone calls and texting to curb protests in parts of Delhi was an inauspicious milestone for a tactic that is becoming an increasingly common tool for authoritarian governments – but practised most often by India.
As internet penetration has surged this past decade, especially in the developing world, so have attempts to switch off the flow of information. The internet-freedom group Access Now recorded 75 internet outages around the world in 2016; the figure more than doubled to 196 last year.
With protest movements convulsing dozens of countries this year, the figure is likely to be “much, much higher”, said Berhan Taye, a senior policy analyst at Access Now.
Iraq has periodically curbed the internet as violent protests have spread throughout the country. In Ethiopia, enforced outages have become so frequent that they are damaging the economy, costing an estimated US$4.5m a day, according to figures from a digital rights group. Reports of outages from Venezuela are so frequent that they can barely be counted, Taye said. “It’s like a child is at the switch, turning it on and off whenever they fear something is happening,” she said.
«
We saw it at the beginning of the decade – it was a common tactic during the Arab Spring – and now it has come back into vogue.
unique link to this extract
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 
Hey, Apple finally realized they were wrong in how they were handling bug & security researchers: https://www.engadget.com/2019/12/20/apple-expanded-bug-bounty-program-live/
We could have told them a few years ago. Actually, some of us did. Anyhow, all’s well that ends well, they apparently fixed it.
Now to fix their designs, prices, censorship, and repair policies. Some progress here too: their laptop keyboard is on the way to no longer being insanely deficient, their tower PC is now mostly OK, some shops might get access to parts/tools/schematics, the cheap iPad is OK value… On current trends, I’ll be buying Apple gear… in 5-10 years 🙂
I just had the awesomest exchange with ex-i-Bro. He works in Mobile dev for a large Canadian company, they just launched a voice assistant feature on Alexa and Google. Everything works flawlessly of course in the (Alexa-based) ad.
– Idiot me “have you tried the ad scenario IRL ?”
– him “hold on, I’ll run it right now”
– …
– …
– …
– him “well, I can’t seem to find how to launch the skill w/ Google”.
(end scene)
I can’t even …
I’ve been spending the day digesting and setting up my brand new Raspberry Pi 4. I kind of understand the guy who was whining about getting switched to Windows… and I do think venturing into Linux is worse, even though doing it on a raspi is easier than on any other platform (pretty uniform OS, pretty uniform HW). What makes things difficult is that
1- the software is not self-configuring. Want to remote into your Pi ? You’ve got to sudo nano /etc/rc.local and about a dozen other things (spaces and capitals count , too ^^)
2- the official docs are rather non-existent or assume expert level
3- you’re left having to rely on tutorials, which are usually well-written (got a few typos in code though) but not maintained, so dead-ends abound and one should really double-check how old the info is.
4- there are several tutorials for most stuff. Which works best or at all is up in the air (the ones on the official forums are typically not the best)
5- and you’d better keep a log on what you’re using and doing, in case it needs undoing or tweaking. That one cost me a few hours.
In the end I’m mostly happy.
– setting up the basic OS was a no-brainer (grab ISO, burn ISO to SD, switch on)
– setting up basic autorun remoting was OK (chose one of several solutions at random, worked after 2-3 corrections); going back to change desktop/window size was a lot more work than it should be, mostly hunting down which tutorial I used to find out where on the disk the config was ^^
– setting up PiHole was OK, easier than remoting.
– getting an external exfat USB drive to first mount then automount was unduly hard. For some reason exfat support isn’t built-in; then all the tutorials about automounting were wrong, I got it to work after venturing into uncharted territory (the prescribed automount via UUID never worked, had to use PARTUUID which isn’t mentioned anywhere but was used elsewhere in the config file). That’s unacceptable.
I still have to finish setting up Deluge (torrents), a VPN to let my phone tunnel back home and use PiHole, and maybe cryptDNS but that one didn’t work after 2 hours and FUBARed all the rest. Also apparently there’s a way to force the whole network to use PiHole at a stroke instead of reconfiguring each device. Must look into that.
I wanted to look into the Pi as a client, but I’m getting cold feet about messing up the server after so much work. Guess I’ll buy another one. Once things work they seem solid.
After a few days with PiHole, with my normal activity on my main PC still with its usual anti-ad & anti-tracking stuff (uBlock Origin and Privacy Badger in my Firefox Browser, custom but lenient hosts.txt Windows-wide):
0- The whole thing has been excellent, I haven’t had to touch it after the initial setup (which did take a few hours and requires some IT skill or at least patience and nerve). PiHole is rock solid and I’ve had just 1 site to whitelist by hand.
1- PiHole still blocks 50% of the requests that survive the browser plug-ins + hosts.txt
2- About none of those blocked requests are Web stuff, so the addons seem to be doing their job. That’s reassuring, esp. since I’m running the same on my Androids.
3- the overwhelming majority of the requests blocked by PiHole are from (quasi-)system tools: lots of Microsoft, bit of DropBox, bit of nVidia… Those tools still work fine, so I’m guessing those companies are being a bit greedy about the activity reports they siphon off my PC.
4- Google is absent from the blocked stuff but quite present in the authorized traffic. Not sure how much bundling together of unblockable+technically required stuff and abusive tracking is going on, but that’s suspect.
Next: activate PiHole LAN-wide not just for my main PC, then add a PiHoled VPN to tunnel into from my phone when I’m away.
Too bad this is a bit too DIY and a potential headache for me to foist it on everyone around me. We need ISPs to build that into their boxes and manage it, but who’d want to piss off Google, FB, MS and everyone else ?