The ice cream machines used at McDonalds, made by Taylor, have frustrated franchisees for years – but now hackers are helping them out. CC-licensed photo by King County%2C WA on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. I am curious – yellow? I’m @charlesarthur on Twitter. Observations and links welcome.

---

• Why do social networks drive us a little mad? • Why does angry content seem to dominate what we see? • How much of a role do algorithms play in affecting what we see and do online? • What can we do about it? • Did Facebook have any inkling of what was coming in Myanmar in 2016? Preorder Social Warming, my forthcoming book, and find answers – and more.

---

Bank of England to consider digital money plan • BBC News

»

The Bank of England and the Treasury have announced they are setting up a taskforce to explore the possibility of a central bank digital currency.

The aim is to look at the risks and opportunities involved in creating a new kind of digital money. Issued by the Bank for use by households and businesses, it would exist alongside cash and bank deposits, rather than replacing them. No decision has been taken on whether to have such a currency in the UK.

However, the government and the Bank want to “engage widely with stakeholders” on the benefits and practicalities of doing so. The taskforce will be jointly led by the Bank’s deputy governor for financial stability, Sir Jon Cunliffe, and the Treasury’s director general of financial services, Katharine Braddick.

The Bank has previously said it is interested in a central bank digital currency (CBDC) because “this is a period of significant change in money and payments”. The use of cash in financial transactions has been steadily declining in recent years, while debit card payments have been on the rise. Use of credit cards and direct debits have also been increasing.

The Bank also sees having its own digital currency as a way of “avoiding the risks of new forms of private money creation”, including crypto-currencies such as Bitcoin.

“If a CBDC were to be introduced, it would be denominated in pounds sterling, just like banknotes, so £10 of CBDC would always be worth the same as a £10 note,” the Bank said. “CBDC is sometimes thought of as equivalent to a digital banknote, although in some respects it may have as much in common with a bank deposit. Any CBDC would be introduced alongside – rather than replacing – cash and bank deposits.”

«

In an accompanying commentary, economics editor Faisal Islam calls it “Britcoin” (groan). Except it’s really not like bitcoin – it wouldn’t be a speculative asset, it would be a digital currency. But in that case, how do you prevent double-spending and other digital currency challenges without the world-burning approach of bitcoin and the other cryptos? Personally I’m starting to see NFTs and Ethereum and the rest as a sort of parallel currency – not attached to anything of value in the real world, but entertaining to those who like them.

Which would be fine if they weren’t consuming colossal amounts of energy. It’s as if we had to build power stations so children could play with Lego.
unique link to this extract

---

Apple announces thinner iMac with M1 chip and bright colors • The Verge

Jacob Kastrenakes:

»

The new iMac has a 24in, 4.5K display with narrower borders around the top and sides. It still has a large chin on the bottom, but the rear of the display is now flat instead of curved. Apple says the volume has been reduced by over 50%. The screen also has Apple’s True Tone tech for automatically adjusting the color temperature.

Apple is also promising a much-needed update to the iMac’s camera and mics so you’ll look better on video calls. It now has a 1080p resolution and a larger sensor.

The new iMac is 11.5mm thin thick [edited; I hate the affectation of using Apple’s marketing word – CA], but Apple says it should stay quieter and cooler than the previous model, thanks to the M1 chip. The new model has “two small fans” replacing the “bulky thermal system” of the previous-generation iMac, the company says.

There’s also a new magnetic power cable — it sounds a lot like the old MagSafe cable — that attaches to the back. Ethernet can be connected to the power brick and delivered through the same cable. The entry-level model will come with two USB-C / Thunderbolt ports on the back, and a higher-end model will add an additional two USB-C ports (without Thunderbolt support). Incredibly, there is still a headphone jack.

Alongside the new iMac, Apple is also introducing a keyboard, mouse, and trackpad in colors to match. The keyboard has a Touch ID button for logging in.

«

Going to be fun watching which colours are most popular – which the user sees at the bottom, in the (still very large) chin.

The most notable innovation is Touch ID on a Bluetooth keyboard. Lots of questions: is the secure enclave in the keyboard? If not, how is the communication kept secure for the fingerprint authentication? This is the first time that Touch ID hasn’t been built into the receiving device.

(Apple also announced AirTags. If you can think of a use for these, beyond baby buggies in buggy parks and perhaps bicycles, please let me know.)
unique link to this extract

---

Apple announces new Apple TV 4K • The Verge

Dan Seifert:

»

The old Apple TV 4K, which has been Apple’s flagship set-top box for four years, supports 4K streaming as well as HDR, including Dolby Vision. It also supports Dolby Atmos sound codecs. But it doesn’t support 120Hz refresh rates, which might be important should you ever want to play serious games on an Apple TV. It also has the most notoriously bad remote control.

Fortunately, Apple has completely redesigned the remote for the new Apple TV 4K with an improved, more ergonomic design and more capabilities. The new remote is thicker than the prior model, has a new five-way touch controller in place of the maligned swipe pad of the original, and a proper power button to turn off your TV. The Siri search button has been moved to the side of the remote, under your right thumb.

Apple did not redesign the Apple TV box itself; it remains a squircle-shaped puck that you have to put on a shelf or entertainment center, unlike the dongle designs that many of Apple’s competitors use now. A new feature allows the Apple TV to optimize the colors of your TV screen using the light sensor on an iPhone. Apple says it is working with a number of content providers to produce high frame rate HDR content for the new Apple TV, including Fox Sports, NBCUniversal, Paramount Plus, Red Bull TV, and Canal Plus.

«

Redesigned remote. Finally. I wonder how many people will feel like splashing out $59 (£55 in the UK!) so they have a remote that doesn’t drive them mad.
unique link to this extract

---

WordPress may automatically disable Google FLoC on websites • Bleeping Computer

Lawrence Abrams:

»

WordPress has announced that it is treating Google’s new FLoC tracking technology as a security concern and may block it by default on WordPress sites.

For some time, browsers have begun to increasingly block third-party browser cookies used by advertisers for interest-based advertising.

In response, Google introduced a new ad tracking technology called Federated Learning of Cohorts, or FLoC, that uses a web browser to anonymously place users into interest or behavioral buckets based on how they browse the web.

After Google began testing FLoC this month in Google Chrome, there has been a consensus among privacy advocates that Google’s FLoC implementation just replaces one privacy risk with another one.

“FLoC is meant to be a new way to make your browser do the profiling that third-party trackers used to do themselves: in this case, boiling down your recent browsing activity into a behavioral label, and then sharing it with websites and advertisers,” the EFF said in a recent blogpost. “The technology will avoid the privacy risks of third-party cookies, but it will create new ones in the process. It may also exacerbate many of the worst non-privacy problems with behavioral ads, including discrimination and predatory targeting.”

Since then, other privacy browser and search engine developers, such as Brave Browser, DuckDuckGo, and Vivaldi, have all removed FLoC from their software or created tools to block it.

In a new announcement, WordPress states that it considers Google’s FLoC technology a security concern and proposes blocking the technology in future versions of the blogging software.

“WordPress powers approximately 41% of the web – and this community can help combat racism, sexism, anti-LGBTQ+ discrimination and discrimination against those with mental illness with four lines of code,” says WordPress.

«

The four lines shown on the page would be pretty easy to add to your own WordPress install, if you’re running one (and want to).
unique link to this extract

---

Everyone on Facebook’s Oversight Board should resign • WIRED

Jessica J. González and Carmen Scurato:

»

The Facebook Oversight Board is on the cusp of deciding whether Donald Trump should be allowed to return to a platform he used to incite racist violence.

While the board ostensibly has the authority to make this decision, Facebook itself will make the final call. From the board’s inception in 2018, we’ve noted that its power is illusory. It provides cover for Facebook, a veneer of accountability, even as the company enables and promotes hate and disinformation.

The board is dysfunctional by design, which is why it did nothing over the past year even as Facebook amplified Trump’s lies about the Covid-19 pandemic. The board’s toothlessness became even more apparent as Facebook allowed Trump to repeat claims of election fraud, which set the stage for the deadly white-supremacist insurrection at the US Capitol on January 6. It was only after the world witnessed Trump’s incitement of this violent raid that the platform giant suspended his Facebook and Instagram accounts.

Facebook’s business model has benefited from the promotion of hate and lies far beyond those spread by Trump. No board decision will change that. If board members truly want to have an impact, they must all resign.

…Facebook has claimed that the board’s decisions will be binding, but its actions don’t instill a great deal of confidence. It narrowed the initial scope of the board’s review to content removals, and only recently expanded it to content that has been left up (and only Facebook can ask the board to review other issues). In all instances, Facebook controls the entire content-review and appeals process, and a user must exhaust all their options through Facebook before appealing to the board. And the company is very opaque about how it determines what content can or cannot be appealed.

«

The board is, very evidently, a very expensive (viewed from outside Facebook; cheap, inside it) figleaf. I suspect if anyone does resign, there will be a certain dambreaking effect. But it also means giving up a fat paycheque for doing very occasionally what content moderators do, for far less money, all day long.
unique link to this extract

---

Remote code execution vulnerabilities in Cosori smart air fryer • Cisco Talos Intelligence Group

Dave McDaniel and Jon Munshaw:

»

The Cosori Smart Air Fryer is a WiFi-enabled kitchen appliance that cooks food with a variety of methods and settings. Users can also use the device’s Wi-Fi features to start and stop cooking, look up recipe guides and monitor cooking status.

TALOS-2020-1216 (CVE-2020-28592) and TALOS-2020-1217 (CVE-2020-28593) are remote code execution vulnerabilities that could allow an attacker to remotely inject code into the device. This could hypothetically allow an adversary to change temperatures, cooking times and settings on the air fryer, or start it without the user’s knowledge. The adversary must have physical access to the air fryer for some of these vulnerabilities to work.

An attacker could exploit these vulnerabilities by sending a specially crafted packet to the device that contains a unique JSON object, which would allow them to execute arbitrary code.

Cisco Talos is disclosing these vulnerabilities despite no official fix available from Cosori, in adherence to Cisco’s vulnerability disclosure policy. Corosi did not respond appropriately during the 90-day period as outlined in the policy. 

Talos tested and confirmed that the Cosori Smart 5.8-Quart Air Fryer CS158-AF, version 1.1.0 could be exploited by these vulnerabilities

«

Hard to know what the real-life application of this would be, but I’m sure it’ll pop up in a screenplay soon enough.
unique link to this extract

---

They hacked McDonald’s ice cream machines—and started a cold war • WIRED

Andy Greenberg:

»

this menu isn’t documented in any owner’s manual for the Taylor digital ice cream machines that are standard equipment in more than 13,000 McDonald’s restaurants across the US and tens of thousands more worldwide. And this opaque user-unfriendliness is far from the only problem with the machines, which have gained a reputation for being absurdly fickle and fragile. Thanks to a multitude of questionable engineering decisions, they’re so often out of order in McDonald’s restaurants around the world that they’ve become a full-blown social media meme. (Take a moment now to search Twitter for “broken McDonald’s ice cream machine” and witness thousands of voices crying out in despair.)

But after years of studying this complex machine and its many ways of failing, [Jeremy] O’Sullivan remains most outraged at this notion: That the food-equipment giant Taylor sells the McFlurry-squirting devices to McDonald’s restaurant owners for about $18,000 each, and yet it keeps the machines’ inner workings secret from them. What’s more, Taylor maintains a network of approved distributors that charge franchisees thousands of dollars a year for pricey maintenance contracts, with technicians on call to come and tap that secret passcode into the devices sitting on their counters.

The secret menu reveals a business model that goes beyond a right-to-repair issue, O’Sullivan argues. It represents, as he describes it, nothing short of a milkshake shakedown: sell franchisees a complicated and fragile machine. Prevent them from figuring out why it constantly breaks. Take a cut of the distributors’ profit from the repairs. “It’s a huge money maker to have a customer that’s purposefully, intentionally blind and unable to make very fundamental changes to their own equipment,” O’Sullivan says. And McDonald’s presides over all of it, he says, insisting on loyalty to its longtime supplier.

«

So O’Sullivan and his partner Melissa Nelson began selling something that would let franchisees take control of the machines.
unique link to this extract

---

Dr. Ronald Ilg of Spokane charged with insane dark web kidnapping plot • Daily Beast

Tracy Connor:

»

recently filed a lawsuit claiming he was wrongly forced out of his medical practice over harassment claims by a former employee. He was also embroiled in a divorce and custody battle.

In February, Ilg allegedly used the moniker Scar215 on the dark web to try to hire someone to attack the former employee, putting almost $2,000 into an escrow account. “The target should be given a significant beating that is obvious. It should injure both hands significantly or break the hands,” the message read.

It’s unclear from the court documents if Ilg found someone to take his offer, but it’s well known that many murder-for-hire schemes on the dark web are scams. Regardless, the feds say, Ilg again returned to it to deal with a new target: his soon-to-be ex-wife.

She later told the FBI that she married Ilg in 2016 and had a baby less than two years later. The doctor then met a woman on the internet and “invited her into the relationship.” The wife “increasingly became uncomfortable with the relationship” and moved to end the marriage, the complaint says.

In March and April of this year, the complaint alleges, Ilg placed bitcoin in escrow and tried to hire someone to carry out a completely insane plan to make his wife drop her divorce plans and return home.

“I need a rush job for next week. I need the target kidnapped for five to seven days. While being held she is given at least daily doses of heroin. She is also strongly persuaded to do a few things within two weeks,” he allegedly wrote, using the moniker Scar215.

“1, stop ALL Court proceedings, 2, return to your husband and the chaos you created, 3. Tell absolutely no one about this. Also, the team should plant heroin and used needles with her DNA inside. After about seven days she is returned to her home,” the message continued.

«

Perhaps you thought that Fargo – which opened with the title “This is a true story”, and involved a guy hiring hitmen to kill his wife – was too ridiculous to be true. It wasn’t true, but life is sure good at catching up with art.
unique link to this extract

---

Overwhelming support for legal recreational or medical marijuana in US • Pew Research Center

Ted van Green:

»

As more states, including Virginia and New York, continue to legalize marijuana, an overwhelming share of U.S. adults (91%) say either that marijuana should be legal for medical and recreational use (60%) or that it should be legal for medical use only (31%). Fewer than one-in-ten (8%) say marijuana should not be legal for use by adults.

The new survey, conducted by Pew Research Center from April 5-11, 2021, comes as congressional Democrats consider legislation that would decriminalize marijuana nationally. Views of marijuana legalization have changed very little since 2019.

A separate question that asks whether the use of marijuana should be made legal – without specifying for recreational or medical uses – has shown a steep, long-term rise in support for legalization. From 2000 to 2019, the share of Americans saying marijuana should be legal more than doubled.

There have long been age and partisan differences in views about marijuana, and that remains the case today. Very few adults of any age are completely opposed to the legalization of marijuana. However, older adults are far less likely than young people to favour marijuana legalization for recreational use.

«

The only age group where there isn’t majority backing for legalisation is those over 65. Even among those voting Republican, it’s only 53-47 against.

As with same-sex marriage, this is just a matter of time, and the demonisation of weed from the past few decades is going to look bizarre – the stuff of newsreels.
unique link to this extract

---

Clubhouse’s (and audio’s) Feature Not A Product problem (and how it might possibly be Meerkat 2) • Ed Z’s Substack

Ed Zitron is very down on Clubhouse compared to, say, Twitch (which offers something people like – watching other people play video games), and notes:

»

There’s also the Feature Not A Product problem. Twitter Spaces and whatever Facebook builds are basically the same thing as Clubhouse, without the need to create an entire new app and do an entirely new thing. The ease in which Twitter has created an almost identical product on top of a social network people actually have a reason to use suggests that Clubhouse has a real problem – and the fact that they have to keep raising such insane amounts of money at huge valuations suggests they are spending it somewhere while making exactly zero dollars. The ability to do live audio streaming is something that has a use case, but as a company with a built-in social network I fail to see where it’s going to go.

Live entertainment needs to be really good to attract an audience long-term. Live video is interesting because there are lots of ways to keep people engaged. Podcasts have succeeded because, yes, it is interesting to hear people talk about stuff you’re interested in, but it’s much harder to make the case for people having to carve time out of their day to hear that – the content just needs to be so good, so reliably that it retains an audience that tells people that they must also carve out the time.

There’s also the medium. Livestreaming video off of your phone really lacked mainstream popularity because it was an awkward format, and I feel like live audio has the same issue – it’s not something that people will consume all day, and it’s not something that’s easy to produce en masse. It also is a challenge to get a userbase that will want to do it all the time in the same way that it’s exhausting to stream games, but it’s also more fun streaming games because, well, you’re streaming games.

The media’s excitement over Clubhouse I think is a function of how much pressure A16Z has put on their celebrity and startup founder personalities to get involved, and a situation where people are mixing up popularity with success.

«

The arguments against Clubhouse keep piling up, and the Casey Newton tweet in this article – saying installs fell by 64% in a single month from March to April – points to something serious.
unique link to this extract

---

Errata, corrigenda and ai no corrida: none notified