Start Up No.1509: Apple warns Chinese app makers, Johnson the clown king, Facebook’s AR plans, AZ vaccine can’t beat SA variant, and more

Magnus Carlsen is taking chess to strange new places. CC-licensed photo by Andrew Gustar on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Pre-orders! They’re good for books. You can preorder my forthcoming book (due 24 June) Social Warming: the dangerous and polarising effects of social media. (If you do that on then Amazon eventually donates some money to a charity you choose.)

A selection of 11 links for you. Here we are again. I’m @charlesarthur on Twitter. Observations and links welcome.

Apple warns Chinese apps not to dodge its new privacy rules • Financial Times

Yuan Yang and Patrick McGee:


A cat-and-mouse game has begun between Apple and Chinese tech companies, as the iPhone maker tries to enforce its new privacy policies in China.

Apple is expected to roll out changes to iPhones in the Spring that will give users more privacy from mobile advertising, a market that hit $240bn last year, according to App Annie.

The changes will force apps to ask for permission before collecting tracking data on users, a move that has been bitterly fought by Facebook, since most users are expected to say no.

But even before introducing the changes, Apple is facing problems in China, where tech companies are testing ways to beat the system and continue tracking users without prompting for their consent. Apple previously said it would reject from its App Store any apps that “are found to disregard the user’s choice”.

On Thursday, Apple fired pre-emptive warnings to at least two Chinese apps, telling them to cease and desist after naming a dozen parameters such as “setDeviceName” that could be used “to create a unique identifier for the user’s device”.

“We found that your app collects user and device information to create a unique identifier for the user’s device,” reads a screenshot of a warning to one developer who was using a new way of identifying users called CAID, which was developed by the state-backed China Advertising Association.

Its guidelines suggest an update must be “compliant with the App Store Review Guidelines within 14 days” or “your app will be removed from sale”.


Is Apple really going to zap all the Chinese apps in the App Store? This could be quite the test of nerve.
unique link to this extract

The clown king: how Boris Johnson made it by playing the fool • The Guardian

Edward Docx:


Would-be biographers of Johnson might do worse than to read Paul Bouissac, the leading scholar on the semiotics of clowning. Clowns are “transgressors”, he writes, cultural subversives who enact rituals and dramatic tableaux that “ignore the tacit rules of social games to indulge in symbolic actions that … toy with these norms as if they were arbitrary, dispensable convention.” Clowns “undermine the ground upon which our language and our society rest by revealing their fragility”. They “foreground the tension” between “instinct” and “constraint”. Bouissac could be writing directly of Johnson when he adds: “Their performing identities transcend the rules of propriety.” They are, he says, “improper by essence”.

Observe classic Johnson closely as he arrives at an event. See how his entire being and bearing is bent towards satire, subversion, mockery. The hair is his clown’s disguise. Just as the makeup and the red nose bestow upon the circus clown a form of anonymity and thus freedom to overturn conventions, so Johnson’s candy-floss mop announces his licence. His clothes are often baggy – ill-fitting; a reminder of the clothes of the clown. He walks towards us quizzically, as if to mock the affected “power walking” of other leaders. Absurdity seems to be wrestling with solemnity in every expression and limb. Notice how he sometimes feigns to lose his way as if to suggest the ridiculousness of the event, the ridiculousness of his presence there, the ridiculousness of any human being going in any direction at all.

His weight, meanwhile, invites us to consider that the trouble with the world (if only we’d admit it) is that it’s really all about appetite and greed. (His convoluted affairs and uncountable children whisper the same about sex.) Before he says a word, he has transmitted his core message – that the human conventions of styling hair, fitting clothes and curbing desires are all … ludicrous. And we are encouraged – laughingly – to agree.


Marina Hyde says this is one of the best things she’s read on Johnson. No higher commendation.
unique link to this extract

Wrist-based interaction for the next computing platform • Inside Facebook Reality Labs


Last week, we kicked off a three-part series on the future of human-computer interaction (HCI). In the first post, we shared our 10-year vision of a contextually-aware, AI-powered interface for augmented reality (AR) glasses that can use the information you choose to share, to infer what you want to do, when you want to do it.

Today, we’re sharing some nearer-term research: wrist-based input combined with usable but limited contextualized AI, which dynamically adapts to you and your environment. Later this year, we’ll address some groundbreaking work in soft robotics to build comfortable, all-day wearable devices and give an update on our haptic glove research.


So… sort of helps if you have a smartwatch platform to begin with?
unique link to this extract

Tesla on Autopilot crashes into Michigan police car; NHTSA launches probe • Automotive News

Michael Martinez:


A Tesla on “Autopilot” crashed into a stationary police car on a Michigan freeway early Wednesday, authorities said.

No one was injured in the crash, which happened on Interstate 96 near Lansing while a Michigan State Police trooper was investigating an earlier accident involving a deer.

The Tesla’s Autopilot driver-assist system was engaged when it struck the police car, a blue Dodge Charger with its emergency lights activated, police officials tweeted. The driver of the Tesla, identified as a 22-year-old man from Lansing, was ticketed for failing to move over and driving with a suspended license.

…NHTSA has previously launched at least 14 special crash-investigation teams after Tesla crashes that were suspected of being tied to its Autopilot driver-assistance system but has taken no action against the automaker as a result of those probes, according to Reuters.


Not using the new beta “Full Self Driving” software, but the more standard “Autopilot”.
unique link to this extract

AstraZeneca vaccine doesn’t prevent B1351 COVID in early trial • CIDRAP

Mary Van Beusekom:


Two doses of the AstraZeneca-Oxford University COVID-19 vaccine were ineffective against mild-to-moderate infections with the B1351 variant first identified in South Africa, according to a phase 1b-2 clinical trial published on Wednesday in the New England Journal of Medicine.

The double-blind multicenter study, led by scientists at the South African Medical Research Council Vaccines and Infectious Diseases Analytics Research Unit, studied the safety and the efficacy of the AstraZeneca ChAdOx1 nCoV-19 vaccine in HIV-negative adults aged 18 to 64 who received either two standard doses of the vaccine or a placebo in a 1:1 ratio 21 to 35 days apart from Jun 24 to Nov 9, 2020. Median follow-up after the second dose was 121 days.

Of the 750 participants vaccine recipients, 19 (2.5%) developed mild to moderate COVID-19 more than 14 days after the second dose, compared with 23 of 717 placebo recipients (3.2%).  The incidence of COVID-19 among the vaccine group was 731 per 1,000 person-years, compared with 93.6 per 1,000 person-years among the placebo group, for an efficacy of 21.9% (95% confidence interval [CI], -49.9 to 59.8).

Of the 42 total cases of COVID-19, 39 (92.9%) were caused by B1351, for a vaccine effectiveness against this variant of 10.4% (95% CI, -76.8 to 54.8). All 42 cases were mild to moderate, and no patients were hospitalized.


This is measured as just over 10% effective. South Africa is using the Johnson & Johnson vaccine instead.
unique link to this extract

iOS developer who drew attention to App Store scams is now suing Apple • The Verge

Nick Statt:


Mobile app developer Kosta Eleftheriou, who publicly called out Apple earlier this year for negligence with regard to policing iOS scams and copycat apps on the App Store, has filed a lawsuit against the iPhone maker in California. He’s accusing the company of exploiting its monopoly power over iOS apps “to make billions of dollars in profits at the expense of small application developers and consumers.”

Eleftheriou’s company KPAW LLC, which he co-owns with his partner Ashley Eleftheriou, filed its complaint in Santa Clara County on Wednesday. It details the development and release timeline of Eleftheriou’s Apple Watch keyboard app FlickType.

At the time he began accusing Apple of abetting App Store scams early last month, Eleftheriou revealed that his FlickType app had been targeted by competing software he says either didn’t work well or didn’t work at all, and yet nonetheless chipped away at this sales and App Store rankings through false advertising and the purchase of fake reviews. After he complained, he said Apple did not do enough to combat the scams, though Apple did later remove some of the apps he called attention to.


Wouldn’t “negligence” work better? But I guess Apple has that covered – that it runs the App Store to the best of its abilities but makes no promises about infallibility.
unique link to this extract

Double bongcloud: why grandmasters are playing the worst move in chess • The Guardian

Bryan Armen Graham:


An otherwise meaningless game during Monday’s preliminary stage of the $200,000 Magnus Carlsen Invitational left a pair of grandmasters in stitches while thrusting one of chess’s most bizarre and least effective openings into the mainstream.

Norway’s Magnus Carlsen and Hikaru Nakamura of the United States had already qualified for the knockout stage of the competition with one game left to play between them. Carlsen, the world’s top-ranked player and reigning world champion, started the dead rubber typically enough by moving his king’s pawn with the common 1 e4. Nakamura, the five-time US champion and current world No 18, mirrored it with 1 … e5. And then all hell broke loose.

Carlsen inched his king one space forward to the space where his pawn had started. The self-destructive opening (2 Ke2) is known as the bongcloud for a simple reason: you’d have to be stoned to the gills to think it was a good idea.

The wink-wink move immediately sent Nakamura, who’s been a visible champion of the bongcloud in recent years, into an uncontrollable fit of laughter. Naturally, the American played along with 2 … Ke7, which marked the first double bongcloud ever played in a major tournament and its official entry to chess theory (namely, the Bongcloud Counter-Gambit: Hotbox Variation).

“Don’t do this!” cried the Hungarian grandmaster Peter Leko from the commentary booth, looking on in disbelief as the friendly rivals quickly settled for a draw by repetition after six moves.


Grandmaster chess really has moved on a long way since Spassky and Fischer, hasn’t it.
unique link to this extract

Visa to hike interchange fees for UK customers in post-Brexit move • Sky News

Mark Kleinman:


The payments giant Visa is to hike fees for purchases made by UK-based customers from most of Europe – stoking fears of higher prices and fuelling the argument that Brexit is adding to the cost of trading with the EU.

Sky News has learnt that Visa plans to inform its roughly 4000 clients later this week that so-called interchange fees will increase to 1.5% for online credit card payments – a fivefold increase.

For debit card transactions, the rate will go up from 0.2% to 1.15%.

The move will particularly affect online transactions with EU-based companies in sectors such as online retail, hospitality and travel.

…The two companies are able to raise the levy they charge because of Britain’s exit from the EU, which regulates the fees within the trading bloc.

In 2019, the European Commission accepted commitments from Visa and MasterCard for a standardised fee structure for international consumer transactions at merchants within the European Economic Area.

Both Visa and MasterCard have faced a deluge of litigation in recent years over the charges they impose, with retailers and consumers pursuing billions of pounds in legal claims.

People close to the situation said that Visa Europe was likely to give its clients, which include many of Britain’s biggest banks, six months to implement the higher fees.


Honestly, is there no beginning to the benefits of Brexit.
unique link to this extract

Attackers are trying awfully hard to backdoor iOS developers’ Macs • Ars Technica

Dan Goodin:


Researchers said they’ve found a trojanized code library in the wild that attempts to install advanced surveillance malware on the Macs of iOS software developers.

It came in the form of a malicious project the attacker wrote for Xcode, a developer tool that Apple makes freely available to developers writing apps for iOS or another Apple OS. The project was a copy of TabBarInteraction, a legitimate open source project that makes it easier for developers to animate iOS tab bars based on user interaction. An Xcode project is a repository for all the files, resources, and information needed to build an app.

Alongside the legitimate code was an obfuscated script, known as a “Run Script.” The script, which got executed whenever the developer build was launched, contacted an attacker-controlled server to download and install a custom version of EggShell, an open source back door that spies on users through their mic, camera and keyboard.

Researchers with SentinelOne, the security firm that discovered the trojanized project, have named it XcodeSpy. They say they’ve uncovered two variants of the customized EggShell dropped by the malicious project. Both were uploaded to VirusTotal using the Web interface from Japan, the first one last August 5, and the second one on the following October 13.

“The later sample was also found in the wild in late 2020 on a victim’s Mac in the United States,” SentinelOne researcher Phil Stokes wrote in a blog post Thursday. “For reasons of confidentiality, we are unable to provide further details about the ITW [in the wild] incident. However, the victim reported that they are repeatedly targeted by North Korean APT actors and the infection came to light as part of their regular threat hunting activities.”


Both Microsoft and Google are seeing similar things, also from North Korea. (Thanks G for the link.)
unique link to this extract

How to make streaming royalties fair(er) • Cuepoint

Sharky Laguana:


Streaming services, most notably Spotify (by far the largest) use what could be called a parimutuel royalty system: all the money collected goes into a big pool, Spotify takes their 30% off the top, and whatever is left is distributed to artists based on their share of overall plays. Spotify explains how it all works right here. It sounds perfectly fair and reasonable: if an artist wants to make more money all they need to do is get more plays. But there’s a major disconnect in this economic model that has not been discussed widely: Spotify doesn’t make money from plays. They make money from subscriptions.

So how is that a disconnect? Let’s say I am a huge fan of death metal. And nothing pumps me up more than listening to my favorite death metal band Butchers Of The Final Frontier. So I sign up for Spotify in order to listen to their track “Mung Party.” I listen to the track once, and then I decide Spotify isn’t for me. OK, So who got the benefit of the $10 I paid in subscription fees?

$3 goes to Spotify. Sure, that seems fair enough. Roughly $0.007 will go to Butchers Of The Final Frontier. Hrmm, if only I had played the track one more time Butchers would have earned a penny.

But… hey, wait a second… I paid $10. Where’d that other $7 go?
Spotify: “What $7?”
That other $7. Where’d it go?
Spotify: “We paid it out in royalties. For plays. Your boys got paid for their plays”
Don’t be cute with me. Who got the $7?
Spotify: “Look! A puppy!”

Since Spotify is so reticient on this topic, allow me to explain what will happen to 99.9% of the payable royalties generated by Butchers Of The Final Frontier: that money will largely wind up in the pockets of major pop artists like Calvin Harris, Meghan Trainor, Maroon 5 and Avicii.


The alternative is that you dole it out according to what individuals listen to. Would that be fairer? It might just be. Equally, as the FT pointed out a couple of weeks ago, that there are simply more artists chasing roughly the same amount of money.

unique link to this extract

The Government’s Covid-testing policy for schools seems strange, but rests on good science • Conservative Home

Anthony Browne is a Conservative MP on the Treasury Select Committee and former CEO of the British Bankers Association:


The source of all the anguish is the Government policy that if a child tests positive for Covid on the less-accurate lateral flow device (LFD) test at school, but subsequently tests negative by the more accurate laboratory PCR test, then the more accurate second test does NOT over-ride the less accurate first one: the child and their close contacts at school still need to self-isolate for ten days.

It happened at a school I know this week, where 18 A-Level students missed their mocks because one student tested positive on the LFD test on Monday despite subsequently being cleared by the PCR test on Tuesday.

I was bombarded by apoplectic parents, and went into battle. Dredging up my maths degree, I created an algorithm for the problem and last night locked horns with the Department of Health mathematicians, plugging in all the real world data.

The headline is that with the virus at its current prevalence (0.5% of people have it nationwide) then the proportion of people who test positive on the first LFD test and subsequently test negative on the PCR test but are actually infected is astonishingly high: 30%. In other words, nearly one third of pupils with a negative result from the second PCR test after a positive LFD test are actually infected – and that is a big enough risk to justify them being required to isolate.

However, as the prevalence of the virus falls, then that risk goes down rapidly as well. When the prevalence of the virus is down to 0.1% (i.e. one in a thousand people have it), then the proportion who get a positive LFD result then a negative PCR result who are actually infected will be 8% – i.e. more than 90% won’t be. So as the virus becomes rarer, we can rely more on the PCR result, and the Government policy will change.


As he points out, “common sense” doesn’t work here. The maths is straightforward, yet catches people out regularly.
unique link to this extract

Errata, corrigenda and ai no corrida: re the new “radar-equipped” Google Nest, drew asks: “Are we absolutely, iFixit-teardown sure the new Nest doesn’t have a camera? Remember, the original Nest had a secret microphone.”

To which the answer has to be: let’s wait for iFixit.

1 thought on “Start Up No.1509: Apple warns Chinese app makers, Johnson the clown king, Facebook’s AR plans, AZ vaccine can’t beat SA variant, and more

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.