Start Up No.1489: Facebook v Australia pt 2, Facebook’s ad lies, FBI charges North Korean hackers, Citibank’s $500m UI failure, and more

If electric cars simply replace internal combustion ones, that won’t fix traffic jams. But they need fixing. CC-licensed photo by sese_87 on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Another one done. I’m @charlesarthur on Twitter. Observations and links welcome.

Paying for news • Benedict Evans

the Australian proposal, for example, very clearly covers raw links themselves. (I encourage anyone with an opinion on this to read the government’s explanation of the proposed law.) Under this law, whenever anyone posts any link to a newspaper site on Facebook, Facebook would have to pay – even, perhaps, if the newspaper has posted the link itself. This is not about ‘using content’ or ‘profiting from journalism’. It’s about links. In Facebook’s case, these are also links it has no control over.

A lawyer would point out that the great advantage of this model is that it doesn’t look like a tax and a subsidy (and the EU, for example, has rather serious rules against state support). It looks like a competition case. The argument goes that even though Google and FB get little to no direct economic value from news, they get indirect value from being comprehensive, and so they ‘would’ pay to link to news of their own accord it it were not for their market dominance, and so this is a competition law problem.

There is a wilful blindness to this logic. No-one has ever paid to link, regardless of their market power. No-one has ever asked me to pay to link to them, and if asked I would refuse, and I have no market power at all. You don’t have to ask the hypothetical “what would happen if Google and Facebook had less market power- would they pay for links?” You can just look at, well, every other site on the internet.

But if you do accept the novel theory that links being free for 25 years is a market failure, there’s a further breach of basic logic: if all links have value, why should only newspapers be paid? If all links were paid, then newspapers’ share would be a pittance. But “newspapers are worth more to society! They deserve it!” Well, perhaps they do – but ‘we like them more’ is not a competition law argument. It’s an argument for a subsidy from public funds. There are perfectly coherent arguments to be made for such a subsidy, but I’d suggest that if you do want a subsidy, you should be honest and debate it on that basis, instead of basing it on entirely imaginary, Alice-in-Wonderland theories of internet economics.

Of course, a law can be passed and enforced, and the money spent (whether on journalism or on dividends), even if its economic and intellectual basis is incoherent. I would suggest that this makes it brittle – if it’s based on unreason and dishonesty, it’s more likely to be discarded sooner rather than later.


This is going to blow up even more over the weekend. Facebook removed too much content on Thursday, and had to replace it hastily. The NYT article on it is pretty good, especially the headline: “Facebook’s New Look in Australia: News and Hospitals Out, Aliens Still In”.
unique link to this extract

Facebook knew for years ad reach estimates were based on ‘wrong data’ but blocked fixes over revenue impact, court filing shows • TechCrunch

Natasha Lomas:


Some more internal emails Facebook really doesn’t want you to see: turns out in 2017 chief operating officer Sheryl Sandberg had already known for years there were problems with a free ad planning tool the company offers to marketeers to display estimates of how many people campaigns running on its platform may reach, per newly unsealed court documents.

…In early 2018 Facebook estimated that removing duplicate accounts would cause a 10% drop in potential reach, per the unsealed filing. While Facebook management rejected an employee’s suggestion to change the language the tool showed to advertisers, declining to swap out the words “people” and “reach” for the (more accurate) term “accounts” — on the grounds that “people-based marketing was core to Facebook’s value proposition”.

The filing also reveals that a product manager for “potential reach”, Yaron Fidler, proposed a fix for the tool that would have decreased its numbers. His proposal was rejected by Facebook’s metrics leadership on the grounds that it would have a “significant” impact on the company’s revenue — to which Fidler responded: “It’s revenue we should have never made given the fact it’s based on wrong data.”


Monopoly power: when you lie to the people who pay you, but they have no choice except to keep on paying you.
unique link to this extract

US charges three North Korean hackers over $1.3bn cryptocurrency heist • Hacker News

Ravie Lakshmanan:


The US Department of Justice (DoJ) on Wednesday indicted three suspected North Korean hackers for allegedly conspiring to steal and extort over $1.3bn in cash and cryptocurrencies from financial institutions and businesses.

The three defendants — Jon Chang Hyok, 31; Kim Il, 27; and Park Jin Hyok, 36 — are said to be members of the Reconnaissance General Bureau, a military intelligence division of North Korea, also known as the Lazarus group, Hidden Cobra, or Advanced Persistent Threat 38 (APT 38).

Accusing them of creating and deploying multiple malicious cryptocurrency applications, developing and fraudulently marketing a blockchain platform, the indictment expands on the 2018 charges brought against Park, one of the alleged nation-state hackers previously charged in connection with the 2014 cyberattack on Sony Pictures Entertainment.


Takes a looooong time, but eventually you can pin down who’s behind these attacks. Though it was clearly North Korea back in 2014 with Sony, despite the obfuscation (as I wrote in Cyber Wars). Most of the money – more than $1bn – was to come from a hack of the SWIFT banking network (but they screwed it up); only about $100m from crypto hacks. But for North Korea, every little helps.
unique link to this extract

There’s one big problem with electric cars: they’re still cars • The New York Times

Farhad Manjoo:


while we go about the project of building electric cars into tomorrow’s infrastructure — Biden has pledged to create a network of 500,000 charging stations around the country and replace the roughly 650,000 cars in the federal government’s fleet with E.V.s — let’s not overlook a more immediate menace on the roads today. I refer to the millions of big, inefficient trucks and S.U.V.s that are America’s favorite cars, each poisoning our atmosphere for years beyond any transition to E.V.s.

The promise of electric cars grants us a little leeway to party on in the gas-guzzling present — E.V.s offer a politically simple, one-stop expiation for our unsustainable ways, so long as we all ignore the Escalade in the room.

Fixing the problems caused by cars with new and improved cars and expensive new infrastructure just for cars illustrates why we’re in this mess in the first place — an entrenched culture of careless car dependency. Liberation from car culture requires a more fundamental reimagining of how we get around, with investments in walkable and bike-able roadways, smarter zoning that lets people live closer to where they work, a much greater emphasis on public transportation and above all a recognition that urban space should belong to people, not vehicles. Policy changes that reduce the amount Americans drive could lead to far greater efficiency gains than we’d get just from switching from gas to batteries.


unique link to this extract

Share of US workers holding multiple jobs is rising, new Census report shows • Reuters

Jonnelle Marte and Lucia Mutikani:


The share of Americans working more than one job to make ends meet has been growing over the past two decades, and the pay from second jobs make up a substantial share of workers’ earnings, according to a paper published by the US Commerce Department on Wednesday.

An estimated 7.8% of US workers had more than one job as of the first quarter of 2018, up from 6.8% in 1996, according to new data unveiled by the Census bureau, which provides a more detailed analysis of multiple job holders than was previously available. The findings were based on data from 18 states.

The earnings from the workers’ second jobs make up an average 28% of their total earnings, showing that workers are likely relying on that pay, researchers said.

In general, women were more likely to have multiple jobs than men, with 9.1% of women holding multiple jobs as of 2018, compared with 6.6% of men.

They also noted that multiple-job holding occurred at all levels of income, but was more common for low-wage workers. Those juggling more than one occupation earned less, on average, than people who had only one job.


“Work expands to fill the time available” – never more true than in the age of the internet. Though now it’s more like labour expanding to fill the time available.
unique link to this extract

Texas second-in-command sticks up for wind, solar: energy update • Bloomberg via MSN

Joe Carroll, Sergio Chapa, Josh Saul and Mark Chediak:


Power plants forced to shut because of the cold are gradually coming back online, but about 40 gigawatts of generation capacity remains idled – enough to power 8 million homes, the grid operator said.

The economic fallout from the crisis is broad and potentially lasting. US oil production has plunged by a record 40%, while fracking in the Permian shale plays has gone dark. Several companies in the oil industry have claimed force majeure, a warning to customers that they won’t be able to meet deliveries under contract. Repercussions are being felt in the global crude market. Top US liquefied natural gas exporter Cheniere Energy said it’s temporarily cutting gas and electricity consumption.

“None of the massive infrastructure was designed to handle freezing conditions,” Paul Sankey, an oil analyst at Sankey Research, wrote in a note. “This is an energy crisis that very few in the market, certainly outside Texas and Oklahoma, realize.”

…Texas’s grid operator credited solar power with the fast restoration of power that began Wednesday afternoon.

“We had quite a bit of solar generation online,” Dan Woodfin, director of system operations at the Electric Reliability Council of Texas, told reporters Thursday. “When the solar generation was online, we started trying to bring back a lot of the load.”


unique link to this extract

Texas was minutes away from months-long power outages, officials say • The Texas Tribune

Erin Douglas:


The quick decision that grid operators made in the early hours of Monday morning to begin what was intended to be rolling blackouts — but lasted days for millions of Texans — occurred because operators were seeing warning signs that massive amounts of energy supply was dropping off the grid.

As natural gas fired plants, utility scale wind power and coal plants tripped offline due to the extreme cold brought by the winter storm, the amount of power supplied to the grid to be distributed across the state fell rapidly. At the same time, demand was increasing as consumers and businesses turned up the heat and stayed inside to avoid the weather.

“It needed to be addressed immediately,” said Bill Magness, president of ERCOT. “It was seconds and minutes [from possible failure] given the amount of generation that was coming off the system.”

Grid operators had to act quickly to cut the amount of power distributed, Magness said, because if they had waited, “then what happens in that next minute might be that three more [power generation] units come offline, and then you’re sunk.”

Magness said on Wednesday that if operators had not acted in that moment, the state could have suffered blackouts that “could have occurred for months,” and left Texas in an “indeterminately long” crisis.

The worst case scenario: Demand for power overwhelms the supply of power generation available on the grid, causing equipment to catch fire, substations to blow and power lines to go down.


unique link to this extract

Citibank just got a $500m lesson in the importance of UI design • Ars Technica

Timothy Lee:


A federal judge has ruled that Citibank isn’t entitled to the return of $500 million it sent to various creditors last August. Kludgey software and a poorly designed user interface contributed to the massive screwup.

Citibank was acting as an agent for Revlon, which owed hundreds of millions of dollars to various creditors. On August 11, Citibank was supposed to send out interest payments totaling $7.8 million to these creditors.

However, Revlon was in the process of refinancing its debt—paying off a few creditors while rolling the rest of its debt into a new loan. And this, combined with the confusing interface of financial software called Flexcube, led the bank to accidentally pay back the principal on the entire loan—most of which wasn’t due until 2023.

Here’s how Judge Jesse Furman describes the situation:


On Flexcube, the easiest (or perhaps only) way to execute the transaction—to pay the Angelo Gordon Lenders their share of the principal and interim interest owed as of August 11, 2020, and then to reconstitute the 2016 Term Loan with the remaining Lenders—was to enter it in the system as if paying off the loan in its entirety, thereby triggering accrued interest payments to all Lenders, but to direct the principal portion of the payment to a “wash account”—”an internal Citibank account… to help ensure that money does not leave the bank.”


The actual work of entering this transaction into Flexcube fell to a subcontractor in India named Arokia Raj. He was presented with a Flexcube screen that looked like this:

(Via Judge Jesse Furman)

Raj thought that checking the “principal” checkbox and entering the number of a Citibank wash account would ensure that the principal payment would stay at Citibank. He was wrong. To prevent payment of the principal, Raj actually needed to set the “front” and “fund” fields to the wash account as well as “principal.” Raj didn’t do that.


As sort of follow-on to yesterday’s 6cm-high man. Such classic enterprise software design: no interest at all in the user. But Raj wasn’t the only one to make this mistake: three people had to review the transaction. They all thought the same as him.
unique link to this extract

Nvidia’s RTX 3060 will be less attractive to cryptocurrency miners • Polygon

Samit Sarkar:


Supply issues for both Nvidia’s and AMD’s consumer-oriented graphics cards date back at least as far as 2017. People mining for cryptocurrency such as Ethereum had realized that the chips in many high-end GPUs are well-suited to the task because of the processors’ capability to perform complex math. These folks often seek to build “mining rigs” containing multiple graphics cards working together to increase efficiency, and they have caused demand for GPUs to skyrocket over the past few years, making it harder for people who want to buy graphics cards for, y’know, playing video games to get their hands on them. Throughout much of 2017 and 2018, this drove the market prices for GPUs well above their suggested retail prices.

This tends to affect the lower end of the market more severely, since it costs less to buy GPUs in bulk when the cards themselves are cheaper. On Feb. 25, Nvidia is launching the GeForce RTX 3060 — the lowest-priced GPU in its latest line of graphics cards — and the company also announced Thursday a move intended to make the card less attractive to miners. Software drivers for the RTX 3060, said Nvidia, will be able to “detect specific attributes of the Ethereum cryptocurrency mining algorithm.” If mining operations are detected, the RTX 3060 will automatically cut their efficiency in half.

Nvidia’s message to miners is clear: leave the GPUs to gamers.


I would expect the next step is the aforementioned miners trying to hack the drivers in order to work around that. It’s hardly unknown, and everyone loves a challenge.
unique link to this extract

Microsoft says SolarWinds hackers downloaded some Azure, Exchange, and Intune source code • ZDNet

Catalin Cimpanu:


In a blog post published on December 31, Microsoft said it discovered that hackers used the access they gained through the SolarWinds Orion app to pivot to Microsoft’s internal network, where they accessed the source code of several internal projects.

“Our analysis shows the first viewing of a file in a source repository was in late November and ended when we secured the affected accounts,” the company said on Thursday, in its final report into the SolarWinds-related breach.

Microsoft said that after cutting off the intruder’s access, the hackers continued to try to access Microsoft accounts throughout December and even up until early January 2021, weeks after the SolarWinds breach was disclosed, and even after Microsoft made it clear they were investigating the incident.

“There was no case where all repositories related to any single product or service was accessed,” the company’s security team said today. “There was no access to the vast majority of source code.”

Instead, the OS maker said intruders viewed “only a few individual files […] as a result of a repository search.”

Microsoft said that based on the search queries attacker performed inside their code repositories, the intruders appeared to have been focused on locating secrets (aka access token) that they could be used to expand their access to other Microsoft systems.

The Redmond company said these searches failed because of internal coding practices that prohibited developers from storing secrets inside source code.


I’d be suspicious that they were also looking for vulnerabilities in the code to exploit.
unique link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.