A single typo – a missing ampersand – meant that Chromebook users who updated recently were locked out of their machines. But don’t worry, a fix is rolling out. CC-licensed photo by Martin Bekkelund on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 11 links for you. The idea of letting things rip is ridiculous and we condemn anyone who suggested it. I’m @charlesarthur on Twitter. Observations and links welcome.
Intel CEO says chip shortage could stretch into 2023 • WSJ
Asa Fitch:
»
Intel Corp chief executive Pat Gelsinger sees the global semiconductor shortage potentially stretching into 2023, adding a leading industry voice to the growing view that the chip-supply disruptions hitting companies and consumers won’t wane soon.
The worldwide shortage has fueled rising prices for some consumer gadgets. Meanwhile, the auto industry has been particularly hard-hit as the lack of a key component causes production delays. German car maker Volkswagen AG this month warned the global shortage could worsen over the next six months. Others have said they were bracing for problems through next year.
It could take one or two years to get back to a reasonable supply-and-demand balance in the semiconductor industry, Mr. Gelsinger said in an interview after the company posted second-quarter earnings on Thursday. “We have a long way to go yet,” he said. “It just takes a long time to build [manufacturing] capacity.”
Supply shortages should start showing signs of easing later this year, Mr. Gelsinger said, echoing comments from Taiwan Semiconductor Manufacturing Co., the world’s largest contract chip maker. TSMC last week said the chip shortage that has hampered car makers could start to ease in the next few months after it ramped up its production of auto chips.
TSMC and Intel are adding new chip-production plants, though some of that capacity won’t be ready for about two more years.
«
Anti-vaccine groups changing into ‘dance parties’ on Facebook to avoid detection • NBC News
Ben Collins and Brandy Zadrozny:
»
Some anti-vaccination groups on Facebook are changing their names to euphemisms like “Dance Party” or “Dinner Party,” and using code words to fit those themes in order to skirt bans from Facebook, as the company attempts to crack down on misinformation about Covid-19 vaccines.
The groups, which are largely private and unsearchable but retain large user bases accrued during the years Facebook permitted anti-vaccination content, also swap out language to fit the new themes and provide code legends, according to screenshots provided to NBC News by multiple members of the groups.
One major “dance party” group has more than 40,000 followers and has stopped allowing new users amid public scrutiny. The backup group for “Dance Party,” known as “Dinner Party” and created by the same moderators, has more than 20,000 followers.
Other anti-vaccine influencers on Instagram use similar language swaps, such as referring to vaccinated people as “swimmers” and the act of vaccination as joining a “swim club.”
A Facebook spokesperson declined to comment but pointed NBC News to the company’s efforts to drive users to authoritative sources on Covid-19 vaccines.
«
Even more proof that Facebook doesn’t have any idea of the scale of misinformation on the platform. It could legitimately think these really were swimming and “dance” groups.
unique link to this extract
Senators target Section 230 to fight COVID-19 vaccine misinformation • The Verge
Makena Kelly:
»
As coronavirus cases rise in unvaccinated populations, Democratic senators are introducing a new bill Thursday that would strip away Facebook and other social media platforms’ Section 230 liability shield if they amplify harmful public health misinformation.
The Health Misinformation Act, introduced by Sens. Amy Klobuchar (D-MN) and Ben Ray Luján (D-NM) Thursday, would create a carveout in Section 230 of the Communications Decency Act opening social media platforms like Facebook up to lawsuits for hosting some dangerous health misinformation. The bill directs the Health and Human Services secretary to issue guidelines on what should be classified as “health misinformation.”
The carveout would only apply in situations where online misinformation is related to an existing public health emergency like the ongoing coronavirus pandemic, as declared by the HHS secretary. It would only open a platform up to liability if the content is being algorithmically amplified, not through “a neutral mechanism, such as through the use of chronological functionality.”
“For far too long, online platforms have not done enough to protect the health of Americans. These are some of the biggest, richest companies in the world and they must do more to prevent the spread of deadly vaccine misinformation,” Klobuchar said in a statement Thursday. “The coronavirus pandemic has shown us how lethal misinformation can be and it is our responsibility to take action.”
It’s not clear that removing Section 230 protections would have the effect lawmakers intend. Section 230 protects platforms from liability for illegal content hosted on their platforms — but misinformation is not illegal in itself.
«
The idea that S 230 shouldn’t apply to information that has been algorithmically amplified has been bouncing around for a while. But this is not a great idea – as Mike Masnick of Techdirt pointed out on Twitter, what happens when you get a Republican president who decides on a completely different definition of “health misinformation”? It’s not even as if Facebook can recognise it.
unique link to this extract
Everyone cites that ‘bugs are 100x more expensive to fix in production’ research, but the study might not even exist • The Register
Tim Anderson:
»
“Software research is a train wreck,” says Hillel Wayne, a Chicago-based software consultant who specialises in formal methods, instancing the received wisdom that bugs are way more expensive to fix once software is deployed.
Wayne did some research, noting that “if you Google ‘cost of a software bug’ you will get tons of articles that say ‘bugs found in requirements are 100x cheaper than bugs found in implementations.’ They all use this chart from the ‘IBM Systems Sciences Institute’… There’s one tiny problem with the IBM Systems Sciences Institute study: it doesn’t exist.”
Laurent Bossavit, an Agile methodology expert and technical advisor at software consultancy CodeWorks in Paris, has dedicated some time to this matter, and has a post on GitHub called “Degrees of intellectual dishonesty”. Bossavit referenced a successful 1987 book by Roger S Pressman called Software Engineering: a Practitioner’s Approach, which states: “To illustrate the cost impact of early error detection, we consider a series of relative costs that are based on actual cost data collected for large software projects [IBM81].”
The reference to [IBM81] notes that the information comes from “course notes” at the IBM Systems Sciences Institute. Bossavit discovered, though, that many other publications have referenced Pressman’s book as the authoritative source for this research, disguising its tentative nature.
«
Terence Eden (occasionally linked here) had a similar problem with the phrase “Big Data is a dataset too big to fit in an Excel spreadsheet”.
unique link to this extract
The truth behind the Amazon mystery seeds from China • The Atlantic
Chris Heath circles back (as we say) to that mystery of the packets of seeds from China that arrived unexpectedly last year:
»
Culley ordered those seeds herself, Amazon told me. I took this with a grain of salt. Culley had mentioned that she had bought seeds much earlier in the year, and this matched a pattern I’d observed—that many people who received mystery seeds had previously made genuine seed orders. Maybe, I speculated, the brushers thought it made sense to send something that the recipients were used to receiving.
I assumed that Amazon was speciously linking these different events. I asked Culley to go into her order history and pull out her invoices, so we could show that the seeds she knew she had ordered had been delivered long before the mystery seeds arrived.
What she found was not what she—or I—expected.
On April 25, Culley had ordered three packets of seeds from three different sellers: 100 clematis-flower seeds from C-Pioneer for $1.99, 100 clematis-vine seeds from zhang-yubryy for $1.53, and 25 wisteria seeds from DIANHzu1 for $1.99. Unbeknownst to Culley, these sellers were all Chinese, based in Hong Kong, Shenzhen, and Changsha, respectively. Each seller had more negative reviews than positive ones, many complaining about seeds that were delayed, or hadn’t arrived, or had arrived identified as jewelry. And crucially, Culley’s three April orders, the records showed, had not been shipped until between June 15, 2020, and July 7, 2020.
Further corroboration came when I sent this new information to Terry Freeman, the manager of the seed lab at the Utah Department of Agriculture and Food. She had tentatively identified Culley’s seeds as amaranth and pongam tree. But now, knowing what Culley had ordered, she agreed that the larger seeds—the ones Culley had tried to germinate on her windowsill—were probably wisteria. At least one packet seemed to be exactly what Culley had paid for.
This sent me into something of a tailspin. Initially, I had dismissed Amazon’s explanation, and I had cherry-picked Culley’s experience to prove the company wrong. That had backfired. But surely what Amazon was saying couldn’t be generally true?
«
(Thanks G for the link.)
unique link to this extract
Clubhouse is the big stinker that nobody wants to talk about • Ed Zitron’s Where’s Your Ed At
Ed Zitron:
»
Clubhouse is the elephant in the room in venture, and I believe there is a conscious attempt to not discuss it for fear that it proves that the entire conversation around it was hot air. When everyone desperately rushed to say that it was the next big thing, I asked repeatedly what exactly about it was going to be big, or change things. The answer mostly came down to the idea that we don’t know what the future looks like, and that people were on the waitlist – which is no longer an excuse.
Nick Bilton at Vanity Fair was a rare case of dissent, making a clear warning that this was very much a pandemic app and nothing more – but many people in venture and tech do not seem to want to discuss it as anything other than “a big social network.” The Information questioned whether Clubhouse was the next Foursquare – a promising company with tons of press that ultimately didn’t reach the giddy heights it was “meant to” – but for the most part, people have remained either indifferent or positive about it.
The fact this isn’t regularly discussed is both a bad sign for the app and also a sign, in my opinion, of an industry-wide embarrassment. So many people rushed to join Clubhouse, or discuss what’s big on Clubhouse, or how Clubhouse was the beginning of a “social audio revolution” because they were afraid they’d miss out on the next TikTok, and I’d argue that the press did a woeful job at actually questioning the format.
«
The press – the tech press – tends to be staffed by enthusiasts, because you need to be enthusiastic to keep piling through the relentless onslaught of New Things That Are Soon Gone. Enthusiasts aren’t good at questioning stuff, but then again is that their job? The masses will work out if they can use the New Things. For Clubhouse, unless it gets a massive uplift in India, I think the answer’s no.
unique link to this extract
Google pushed a one-character typo to production, bricking Chrome OS devices • Ars Technica
Ron Amadeo:
»
Google says it has fixed a major Chrome OS bug that locked users out of their devices. Google’s bulletin says that Chrome OS version 91.0.4472.165, which was briefly available this week, renders users unable to log in to their devices, essentially bricking them.
Chrome OS automatically downloads updates and switches to the new version after a reboot, so users who reboot their devices are suddenly locked out them. The go-to advice while this broken update is out there is to not reboot.
The bulletin says that a new build, version 91.0.4472.167, is rolling out now to fix the issue, but it could take a “few days” to hit everyone. Users affected by the bad update can either wait for the device to update again or “powerwash” their device—meaning wipe all the local data—to get logged in. Chrome OS is primarily cloud-based, so if you’re not doing something advanced like running Linux apps, this solution presents less of an inconvenience than it would on other operating systems. Still, some users are complaining about lost data.
ChromeOS is open source, so we can get a bit more detail about the fix thanks to Android Police hunting down a Reddit comment from user elitist_ferret. The problem apparently boils down to a single-character typo. Google flubbed a conditional statement in Chrome OS’s Cryptohome VaultKeyset, the part of the OS that holds user encryption keys. The line should read “if (key_data_.has_value() && !key_data_->label().empty()) {” but instead of “&&”—the C++ version of the “AND” operator—the bad update used a single ampersand, breaking the second half of the conditional statement.
«
So it’s not just Apple that can screw up on passwords through bad checking. Microsoft’s got some current problems, but nothing quite as egregious.
unique link to this extract
Kaseya obtains universal decryptor for REvil ransomware victims • Bleeping Computer
Lawrence Abrams:
»
Kaseya received a universal decryptor that allows victims of the July 2nd REvil ransomware attack to recover their files for free.
On July 2nd, the REvil ransomware operation launched a massive attack by exploiting a zero-day vulnerability in the Kaseya VSA remote management application to encrypt approximately sixty managed service providers and an estimated 1,500 businesses.
After the attack, the threat actors demanded $70 million for a universal decryptor, $5 million for MSPs, and $40,000 for each extension encrypted on a victim’s network.
Soon after, the REvil ransomware gang mysteriously disappeared, and the threat actors shut down their payment sites and infrastructure.
While most victims were not paying, the gang’s disappearance prevented companies who may have needed to purchase a decryptor unable to do so.
Today, Kaseya has stated that they received a universal decryptor for the ransomware attack from a “trusted third party” and are now distributing it to affected customers.
“We can confirm we obtained a decryptor from a trusted third party but can’t share anymore about the source,” Kaseya’s SVP Corporate Marketing Dana Liedholm told BleepingComputer.
“We had the tool validated by an additional third party and have begun releasing it to our customers affected.”
«
740 ransomware victims named on data leak sites in Q2 2021: report • ZDNet
Jonathan Greig:
»
More than 700 organizations were attacked with ransomware and had their data posted to data leak sites in Q2 of 2021, according to a new research report from cybersecurity firm Digital Shadows.
Out of the almost 2,600 victims listed on ransomware data leak sites, 740 of them were named in Q2 2021, representing a 47% increase compared to Q1.
The report chronicles the quarter’s major events, which included the DarkSide attack on Colonial Pipeline, the attack on global meat processor JBS, and increased law enforcement action from US and European agencies.
But Digital Shadows’ Photon Research Team found that under the surface, other ransomware trends were emerging. Since the Maze ransomware group helped popularize the data leak site concept, double extortion tactics have become en vogue among groups looking to inflict maximum damage after attacks.
Digital Shadows tracks the information posted to 31 Dark Web leak sites, giving them access to just how many groups are now stealing data during ransomware attacks and posting it online.
«
Ransomware has zoomed up the charts, and is now the biggest and most expensive problem that most companies and organisations face. Even when decryption keys drop out of the sky (or off the back of a truck).
unique link to this extract
Startup claims breakthrough in long-duration batteries • WSJ
Russell Gold:
»
A four-year-old startup says it has built an inexpensive battery that can discharge power for days using one of the most common elements on Earth: iron.
Form Energy Inc.’s batteries are far too heavy for electric cars. But it says they will be capable of solving one of the most elusive problems facing renewable energy: cheaply storing large amounts of electricity to power grids when the sun isn’t shining and wind isn’t blowing.
The work of the Somerville, Mass., company has long been shrouded in secrecy and nondisclosure agreements. It recently shared its progress with The Wall Street Journal, saying it wants to make regulators and utilities aware that if all continues to go according to plan, its iron-air batteries will be capable of affordable, long-duration power storage by 2025.
Its backers include Breakthrough Energy Ventures, a climate investment fund whose investors include Microsoft Corp. co-founder Bill Gates and Amazon.com Inc. founder Jeff Bezos. Form recently initiated a $200 million funding round, led by a strategic investment from steelmaking giant ArcelorMittal SA, MT 1.00% one of the world’s leading iron-ore producers.
Form is preparing to soon be in production of the “kind of battery you need to fully retire thermal assets like coal and natural gas” power plants, said the company’s chief executive, Mateo Jaramillo, who developed Tesla Inc.’s Powerwall battery and worked on some of its earliest automotive powertrains.
«
The chemistry is made to sound simple, but surely won’t be. Fingers crossed this works: it’s very needed.
unique link to this extract
How Dominic Cummings always makes things worse • New Statesman
David Gauke was the justice minister under Theresa May:
»
Cummings clearly sees himself as a strategic thinker who has devoted his career to trying to shake up a political and administrative system he considers to be inadequate. He has had extraordinary tactical successes, but these successes have always been essentially destructive; he has never succeeded in replacing what he has destroyed with something better.
His record is of creating problems faster than he has solved them. After all, what is the result of his supposed ceaseless quest to deliver a system of government that is competent and rigorous and serves the public? Boris Johnson as Prime Minister.
«
Gauke cuts right to the heart of it. The more Cummings tweets and writes in his post-Johnson existence, the clearer this giant character flaw becomes. Even on Brexit, his most singular achievement, he says nobody can tell yet whether it’s a success. (Many empty supermarket shelves in Northern Ireland suggest not.)
unique link to this extract
| • Why do social networks drive us a little mad? • Why does angry content seem to dominate what we see? • How much of a role do algorithms play in affecting what we see and do online? • What can we do about it? • Did Facebook have any inkling of what was coming in Myanmar in 2016? Order Social Warming, my new book, and find answers – and more. |
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 