Start Up No.1552: beating Russian malware cheaply, Google I/O roundup, Apple’s M2 lineup takes shape, text scams’ scale, and more

Popular belief says that the second-cheapest wine in a restaurant is the worst value. Turns out that’s wrong. CC-licensed photo by Wendy House on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. No corkage. I’m @charlesarthur on Twitter. Observations and links welcome.

Try this one weird trick Russian hackers hate • Krebs on Security

Brian Krebs:


In Russia, for example, authorities there generally will not initiate a cybercrime investigation against one of their own unless a company or individual within the country’s borders files an official complaint as a victim. Ensuring that no affiliates can produce victims in their own countries is the easiest way for these criminals to stay off the radar of domestic law enforcement agencies.

…DarkSide, like a great many other malware strains, has a hard-coded do-not-install list of countries which are the principal members of the Commonwealth of Independent States (CIS) — former Soviet satellites that mostly have favorable relations with the Kremlin. [A full list of CIS countries is included in the article.]

Simply put, countless malware strains will check for the presence of one of these languages on the system, and if they’re detected the malware will exit and fail to install.

(Side note. Many security experts have pointed to connections between the DarkSide and REvil (a.k.a. “Sodinokibi”) ransomware groups. REvil was previously known as GandCrab, and one of the many things GandCrab had in common with REvil was that both programs barred affiliates from infecting victims in Syria. As we can see from the chart above, Syria is also exempted from infections by DarkSide ransomware. And DarkSide itself proved their connection to REvil this past week when it announced it was closing up shop after its servers and bitcoin funds were seized.)

Will installing one of these languages keep your Windows computer safe from all malware? Absolutely not. There is plenty of malware that doesn’t care where in the world you are. And there is no substitute for adopting a defense-in-depth posture, and avoiding risky behaviors online.

But is there really a downside to taking this simple, free, prophylactic approach? None that I can see, other than perhaps a sinking feeling of capitulation. The worst that could happen is that you accidentally toggle the language settings and all your menu options are in Russian.


Hoping that this will get an empirical test by some security companies, because it would be even cheaper than backups. No doubt the next step will be that add-on Russian language packs sold in English will have a trojan in them, which installs ransomware.
unique link to this extract

Google I/O 2021: the biggest announcements • The Verge

Jay Peters:


Google just finished its live Google I/O 2021 keynote, where the company unveiled a huge number of announcements, including a new look coming to Android, a bunch of features coming to its Google Workspace productivity suite, and even a new AI that talked as if it were Pluto.

Nilay Patel and Dieter Bohn followed the whole thing in real time right here on our live blog. But if you just want to get caught up on the biggest news from the show, read on for our recap.


Plenty of bits and bobs (some quite a way off). Notable things: Android 12 will let you prevent individual apps having access to the mic and camera; Wear OS has (as predicted) pulled in Samsung, which is giving up on Tizen, and there will be a Fitbit smartwatch running Wear OS.
unique link to this extract

This is why hardly anyone buys Google’s Pixel phones • WIRED UK

Adam Speight:


If you don’t recall seeing a Pixel advert on TV, or think it’s a rarity, the breakdown of Google’s ad spend explains this. Google spent just £14m on TV ad spend in the [UK since 2016] while Apple spent £75m and Samsung shelled out a whopping £124m. Samsung is spending more than three times as much on just its TV campaigns than Google’s entire Pixel ad spend in the UK.

Google isn’t short on resource, so this begs the question, why isn’t it spending more to get the Pixel out there? This question was being posed way back in 2016, with Wharton University publishing an article titled “Why Google’s Pixel is more about strategy than smartphones.” Professor of management David Hsu stated: “The main business of Google is enabling their advertising revenue model. Hardware is always going to pale in comparison.”

Also, in 2016, both Hsu and assistant professor of business economics and public policy Michael Sinkinson suggested the Pixel range should’ve been priced more aggressively. Since then, the “a” series of Pixels and Pixel 5 have done just that, yet not much else has changed. In the same article, Gerald Faulhauber, professor emeritus of business economics and public policy, argued Pixel would likely be around for “a couple of years and go away”. You’d forgive Faulhauber for thinking this, given Google’s track record, but the company is sticking at it.

Google’s Pixel marketing plan has demonstrated there’s plenty of room for it to invest more. But Counterpoint Research’s Neil Shah thinks Google may be stuck between a rock and a hard place. “Google is in a Catch-22 situation with its hardware strategy. Google’s DNA is cloud, software and AI – it’s not hardware. Also, building your own hardware and competing with your partners, especially Samsung or Chinese vendors, is not healthy in long run.” This argument was made before the launch of the Pixel though, whether vendors would be happy about the company behind Android making its own phone, but Google pushed on.


Even if the next Pixel is based on Google’s own chips, that’s not what matters: it takes huge investment not just in advertising, but also in getting carriers to adopt them and push them to customers. Samsung and Apple have done huge amounts of work on that. Google, rather less.
unique link to this extract

All fossil fuel exploration needs to end this year, IEA says • Ars Technica

Tim de Chant:


To limit global warming to 1.5˚C by the end of the century, the world has to deploy clean technologies en masse while slashing investment in new oil, gas, and coal supplies, according to a new report by the International Energy Agency.

Getting to net-zero carbon emissions by 2050 will require a historic deployment of widespread renewable power, electric vehicles, and new technologies, many of which are only now in the prototype stage. To get a jump-start, we’ll need to double our investments in clean technologies to $4 trillion by the end of the decade.

“The pathway to net zero by 2050 is narrow but still achievable if governments act now,” IEA Executive Director Fatih Birol said in a tweet. Most of the reductions in CO2 emissions through 2030 will come from technologies already on the market. But in 2050, almost half will come from technologies that are still in development.

“Big leaps in innovation are needed by 2030 to get these technologies ready in time,” Birol added.

The report comes as we’re unlikely to hit net zero by 2050.


“Unlikely” is putting it mildly. Without some amazing technology that pulls carbon (dioxide) out of the atmosphere, there’s no way of hitting that target or of limiting temperatures.
unique link to this extract

Clubhouse Users in America • Edison Research


According to a new study from Edison Research entitled “Clubhouse Users in America,” 15% of social media users 18+ say they have ever used Clubhouse, the invitation-only audio-based social networking platform that debuted last year. Data for this first look at Clubhouse users is from Edison Research’s weekly social media tracking service, The Social Habit, which provides ongoing behavior and usage data for all major social media platforms.

Although Clubhouse has a relatively small number of users compared to other social media networking services, it has garnered significant attention due to its premise of shared audio spaces and the exclusive nature of its invitation-only membership. Clubhouse Users in America found that the percentage of social media users who use Clubhouse remained relatively flat over the survey period (Feb 2021 – Apr 2021) and that time spent using the service declined in April. However, those that do use the service use it often, with 44% of Clubhouse users saying they use the service at least once per day, and 28% saying they use it at least once per week.


Two-thirds male, 59% are white, 56% aged 18-34. That might sound promising, but it’s down there with Gab and Parler in the “have you ever used” category. If the Android version doesn’t kickstart things then it’s going to slide out of view. The iPhone user base seems played out, if usage declined in April.
unique link to this extract

Delivery text scams: the nasty new fraud wave sweeping the UK • The Guardian

Hilary Osborne:


Scams making use of delivery firms’ names are not new, but the online shopping boom – and confusion over new fees that have come in since the Brexit transition period ended on 31 December – have given fraudsters a bigger pool of potential victims to phish in. Previous incarnations – which have involved cards put through letterboxes asking recipients to phone premium-rate numbers, as well as texts – tended to happen around Christmas, when people expected parcels from friends and, in more recent years, online deliveries.

With lockdown, we have all become mail-order shoppers, meaning more chance of a spam text landing with someone who is expecting a parcel. Action Fraud, the UK’s national reporting centre for these types of crimes, wasn’t able to give figures across the delivery industry, but says that between June 2020 and January 2021 it received 2,867 crime reports mentioning DPD, and that victims reported losing £3.4m over the same period. In December, the equivalent of 533 fake DPD emails a day were sent on to the suspicious email reporting service, which was launched last year.

When the Guardian asked readers if they had fallen victim to the scam, it received more than 120 responses in five days. Some were from people who had been taken in by the text and the website, and put in their details before smelling a rat. Others had got as far as pressing enter before they realised something was amiss. Others had been caught out completely.


This is the consequence of the requirement that the UK government can tap phones. I wonder when that fact will start to seep into the public consciousness.
unique link to this extract

Apple may build 40-core ARM-based Mac Pro, plans 10-core MacBook Pro • ExtremeTech

Joel Hruska:


Bloomberg reports that Apple is prepping multiple new M-class variants for different markets. We don’t know how Apple is branding the CPUs, but we’ve heard “M2” floated recently. Supposedly, we’ll see a new round of MacBook Pro systems, “followed by a revamped MacBook Air, a new low-end MacBook Pro, and an all-new Mac Pro workstation.” There are also reports of a revamped Mac mini and a larger iMac system, both with a CPU intended to greatly outperform the current M1.

…The MacBook Pro is said to be getting a new eight-core CPU with six high-performance CPU cores and just two high-efficiency cores. That’s an interesting switch, given that the high-efficiency cores on the M1 are partly responsible for why the system reportedly feels so responsive. Many background workloads are handled by the low-power IceStorm cores, freeing the FireStorm cores to immediately update the GUI or respond to user input. An improved neural engine, up to 64GB of onboard RAM, and additional Thunderbolt ports are all promised for the new hardware.

It’s the new Mac Pro, however, that really sounds like a game-changer. This system may not appear until next year, but it’s said to be based on the Jade 2C-Die and Jade 4C-Die, with either 20 or 40 CPU cores.


The new MacBook Pros do sound like fun. Honestly all I’m waiting for is the bigger screen – the 16in. If there were an M1 portable with that screen size, I think I’d be happy.

The timing of Bloomberg’s story suggests that these could be announced at WWDC. That would be good. (I didn’t use Bloomberg’s story, but instead a writeup of it, is because I can’t bear the tortured language Mark Gurman is obliged to use – “expected to debut as soon as early this summer, said the people, who requested anonymity to discuss an internal matter”. Just call them “sources” and have done with it.)
unique link to this extract

Chia coin spurs HDD shortage: prices up, high capacities sell out • Tom’s Hardware

Anton Shilov:


The number of hard drives sold each year has declined recently due to the migration of consumer PCs to SSDs, and also demand for higher-capacity HDDs by exascale datacenters. As a result, HDD makers no longer produce as many drives as they used to six or seven years ago (they have even adjusted production capacities to cut costs). Also, wholesalers and retailers no longer carry as many HDDs in reserve. Consequently, when demand for HDDs spikes, retailers sell out quickly, and prices increase as dealers come into play.

This is apparently what happened to the prices of HDDs in recent weeks as many popular models got $100, $200, or even $300 more expensive than they were just a few days ago. There are various reasons why the demand for hard drives is increasing. Still, considering how fast space allocated to the Chia network is growing (from 1 exabyte to 6 exabytes in about two weeks), we have every reason to believe that Chia cryptocurrency farming is a major factor that affects HDD availability and pricing in the channel and retail. Chia ‘farmers’ use all types of drives (mostly high-capacity models, though), so it is getting increasingly hard to buy a high-capacity HDD.


Good grief, it’s like mad obsessions taking over everything. The final stage will surely be a cryptocurrency based on paperclips.
unique link to this extract

Deepfake dubs could help translate film and TV without losing an actor’s original performance • The Verge

James Vincent:


We often think of deepfakes as manipulating the entire image of a person or scene, but Flawless’ technology focuses on just a single element: the mouth. Customers feed the company’s software with video from a film or TV show along with dubbed dialogue recorded by humans. Flawless’ machine learning models then create new lip movements that match the translated speech and paste them automatically onto the actor’s head.

“When someone’s watching this dubbed footage, they’re not jolted out of the performance by a jarring word or a mistimed mouth movement,” Flawless’ co-founder Nick Lynes tells The Verge. “It’s all about retaining the performance and retaining the original style.”

Flawless Demo – from Flawless on Vimeo.

The results — despite the company’s name — aren’t 100% flawless, but they are pretty good. You can see and hear how they look in the demo reel above, which features a French dub of the classic 1992 legal drama A Few Good Men, starring Jack Nicholson and Tom Cruise. We asked a native French speaker what they made of the footage, and they said it was off in a few places but still a lot smoother than traditional dubbing.


At last, a positive use for deepfakes.
unique link to this extract

Is the second-cheapest wine a ripoff? Economics v psychology in product-line pricing • Wine Economics

David de Meza and Vikram Pathania:


Restaurateurs are believed to overprice the second-cheapest wine to exploit naïve diners embarrassed to choose the cheapest option. This paper investigates which view is correct.

We find that the mark-up on the second cheapest wine is significantly below that on the four next more expensive wines. It is an urban myth that the second-cheapest wine is an especially bad buy. Percentage mark-ups are highest on mid-range wines.

This is consistent with the profit-maximising pricing of a vertically differentiated product line with no behavioral elements, although other factors may contribute to the price pattern.


Someone I knew who ran a restaurant in London’s Battersea told me years ago that the cost of the first glass of wine of a bottle covered its cost to him. Everything after that was profit. (Which doesn’t disprove this research at all, of course. It’s just something to be aware of, I guess.)
unique link to this extract

Errata, corrigenda and ai no corrida: none notified

Preorder Social Warming, my forthcoming book.

1 thought on “Start Up No.1552: beating Russian malware cheaply, Google I/O roundup, Apple’s M2 lineup takes shape, text scams’ scale, and more

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.