Looks like an ordinary USB-to-Lightning cable, but a hacker has made one with a built in Wi-Fi hotspot and keylogging software. CC-licensed photo by Richard Unten on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 9 links for you. Nope, not prime. I’m @charlesarthur on Twitter. Observations and links welcome.
Apple concedes to let apps like Netflix, Spotify, and Kindle link to the web to sign up • The Verge
Sean Hollister and Sam Byford:
»
Currently, the Netflix and Spotify apps on iOS are useless if you don’t already have a subscription: both of them only offer a sign-in page, with no link out to their website, and a cheeky apology. “You can’t sign up for Netflix in the app. We know it’s a hassle,” reads the Netflix app’s splash page. The Amazon Kindle app, by contrast, offers a basic “Create a new Amazon account” page inside the app itself, but doesn’t let you buy books there, or even in the standard Amazon app. You have to go to a mobile browser to purchase.
The rule change has an extremely limited scope, as Apple claims it only agreed to let developers of so-called reader apps to “share a single link to their website to help users set up and manage their account.” Apple also says it will “help developers of reader apps protect users when they link them to an external website to make purchases,” which suggests it will have specific guidelines for how these links appear. It’s not clear whether developers will be able to mention pricing at all.
It’s also worth noting that when Apple rejected the Hey email app, and even after it later modified that controversial decision, the company was very clear that email apps do not count as “reader” apps, even if you similarly subscribe outside of the app and the only thing you can do without an account is sign in. Apple is the one that decides which apps qualify as reader apps to begin with.
It also seems like Apple may be slightly redefining what a “reader” app means: While the company’s App Review Guidelines suggest that a reader app “may” allow users to access previously purchased content (presumably alongside in-app purchases, like Netflix offered for years), Apple’s new press release specifies that “developers of reader apps do not offer in-app digital goods and services for purchase” (bolding ours).
That would mean that Apple’s only offering this exception to companies that aren’t contributing any in-app purchase commissions to Apple anyways. Which, admittedly, include some of Apple’s sternest critics like Spotify.
However, Spotify isn’t impressed: CEO Daniel Ek tweeted on Thursday that Apple’s move is merely “a step in the right direction,” and signaled that the company will keep pushing for new laws like the Open App Markets Act…
«
Tim Sweeney of Epic isn’t pleased either, but he rarely is. Apple is very gradually opening the floodgates, trying to appear to concede the 30% while hanging on to it as long as it can (particularly in games). Ironically, the person overseeing this is Phil Schiller, who was one of those who originally called inside Apple for it not to hang on to the 30% cut once revenue (or maybe profit) passed a billion dollars.
unique link to this extract
The red warning light on Richard Branson’s Virgin Galactic space flight • The New Yorker
Nicholas Schmidle:
»
On July 11th, nearly a minute into the rocket trip carrying Richard Branson, the British billionaire, to space, a yellow caution light appeared on the ship’s console. The craft was about twenty miles in the air above the White Sands Missile Range, in New Mexico, and climbing, travelling more than twice the speed of sound. But it was veering off course, and the light was a warning to the pilots that their flight path was too shallow and the nose of the ship was insufficiently vertical. If they didn’t fix it, they risked a perilous emergency landing in the desert on their descent.
Riding rockets is dangerous stuff. Around 1.4% of Russian, Soviet, and American crewed spaceflight missions have resulted in fatalities. The foremost commercial space companies—Branson’s Virgin Galactic, Elon Musk’s SpaceX, and Jeff Bezos’s Blue Origin—must, over the coming years, bring that number down. Their profits depend on making frequent and safe human spaceflight a reality. “A private program can’t afford to lose anybody,” Branson has said.
…The rocket motor on Virgin Galactic’s ship is programmed to burn for a minute. On July 11th, it had a few more seconds to go when a red light also appeared on the console: an entry glide-cone warning. This was a big deal.
…I once sat in on a meeting, in 2015, during which the pilots on the July 11th mission—Dave Mackay, a former Virgin Atlantic pilot and veteran of the U.K.’s Royal Air Force, and Mike Masucci, a retired Air Force pilot—and others discussed procedures for responding to an entry glide-cone warning. C. J. Sturckow, a former marine and nasa astronaut, said that a yellow light should “scare the shit out of you,” because “when it turns red it’s gonna be too late”; Masucci was less concerned about the yellow light but said, “Red should scare the crap out of you.” Based on pilot procedures, Mackay and Masucci had basically two options: implement immediate corrective action, or abort the rocket motor. According to multiple sources in the company, the safest way to respond to the warning would have been to abort. (A Virgin Galactic spokesperson disputed this contention.)
Aborting at that moment, however, would have dashed Branson’s hopes of beating his rival Bezos, whose flight was scheduled for later in the month, into space. Mackay and Masucci did not abort. Whether or not their decision was motivated by programmatic pressures and the hopes of their billionaire bankroller sitting in the back remains unclear.
«
Roughly 18 hours after this article appeared, the US FAA grounded Virgin Galactic “until further notice”. (Near-)space travel: much harder than it looks.
unique link to this extract
Twitter plans new privacy tools to get more people tweeting • Bloomberg (via Yahoo)
Kurt Wagner:
»
Twitter is planning to test new privacy-related features aimed at giving users greater control over their follower lists and who can see their posts and likes, an effort to make people more comfortable interacting and sharing on the social network.
The tools are related to what Twitter executives call “social privacy,” or how users manage their reputations and identities on the service. This includes information like a person’s list of followers, the tweets they like, and whether their accounts are public or private.
Among features being considered is the ability to edit follower lists, and a tool to archive old tweets so that they’re no longer visible to others after a specific amount of time designated by the user. Hiding past tweets could be a popular feature with people who don’t want their posts to exist online forever, offering an easier solution than manually deleting posts or combing through years-old messages to find those you wish you hadn’t sent.
Internal research found that many of Twitter’s users don’t understand the privacy basics, like whether their account is publicly visible, said Svetlana Pimkina, a staff researcher at the San Francisco-based company. Those users engage less on Twitter because they don’t know what other people will be able to see about them.
«
All good ideas (if a little tedious: are you really going to plough through your old tweets to hide them, or your follower list to eject them – and what point to the latter?). But the idea that people don’t understand their tweets are public really is a surprise.
unique link to this extract
The rollable OLED revolution is here • LG Display Newsroom
»
the 65-inch Rollable OLED has been gathering glittering reviews wherever it goes. Having won numerous “best” awards from a range of publications at CES 2018, it then continued to win accolades at the same Las Vegas tech show in 2019 and 2020. More recently at SID’s Display Week this past May, it received the highest honor of Display of the Year.
So, how does it work? You have a base that acts as both a sound system and houses the rollable display, which unfurls with the option of multiple aspect ratios at the touch of a button “like a window shade,” according to CNET, which added back in 2018 that “you have to see it in action to believe it.” Well, if that is the case, then you can enjoy this impressive scene featuring a whole row of Rollable OLEDs – and then take a deeper dive here.
OLED enables a rollable TV to exist because its self-emissive nature requires no backlight unit and therefore the screen can be extremely thin and flexible – the OLED R’s screen is just 3mm deep. The brilliance of the innovation behind the display is that it can be rolled up and down repeatedly without breaking or losing the crisp sharpness and vivid colors of any other OLED TV. Apparently the OLED R’s good for 100,000 unfurls, which would allow it to be rolled up and down 20 times a day for 20 years.
And apart from the benefit of owning an example of awesome technology, consumers who are able to choose this very high-end TV also have the aesthetic and practical advantage of losing space constraints by making their screen disappear at will.
«
Well, “disappear at will” into a honking enormous base. It’s a nice idea in some ways, but really you’d want it to vanish into the ceiling. At the price this must go for (none is given; hence if you’ve got to ask you can’t afford), buyers can probably afford that.
unique link to this extract
Last chance this week to click this link to order
Social Warming, my latest book about how social networks incite tribalism and fake outrage. And what is a scissor statement?
timefind: Search a website’s history • GitHub
Cykelero:
»
timefind lets you find the exact moment that something was added to a website.
It quickly flips through Web Archive snapshots using binary search, pinpointing the date of the modification.
For example, you can search for the first mention of the iPhone on Apple’s homepage:
$ timefind apple.com iphone
«
Requires Node.js, but then seems quite a simple interface. Give it a little while and I’d imagine there’ll be a GUI.
unique link to this extract
This seemingly normal Lightning cable will leak everything you type • Vice
Joseph Cox:
»
This is the new version of a series of penetration testing tools made by the security researcher known as MG. MG previously demoed an earlier version of the cables for Motherboard at the DEF CON hacking conference in 2019. Shortly after that, MG said he had successfully moved the cables into mass production, and cybersecurity vendor Hak5 started selling the cables.
But the more recent cables come in new physical variations, including Lightning to USB-C, and include more capabilities for hackers to play with.
“There were people who said that Type C cables were safe from this type of implant because there isn’t enough space. So, clearly, I had to prove that wrong. :),” MG told Motherboard in an online chat.
The OMG Cables, as they’re called, work by creating a Wi-Fi hotspot itself that a hacker can connect to from their own device. From here, an interface in an ordinary web browser lets the hacker start recording keystrokes. The malicious implant itself takes up around half the length of the plastic shell, MG said.
MG said that the new cables now have geofencing features, where a user can trigger or block the device’s payloads based on the physical location of the cable.
“It pairs well with the self-destruct feature if an OMG Cable leaves the scope of your engagement and you do not want your payloads leaking or being accidentally run against random computers,” he said.
Motherboard only tested the cables in relatively close proximity, but MG said they’ve improved the range of the cables. “We tested this out in downtown Oakland and were able to trigger payloads at over one mile,” he added.
«
I don’t honestly believe the “one mile” claim, and Cox is a bit vague about how proximate “relatively close” is. Same building? Same desk? (Apple keyboards have Lightning connectors to charge.)
unique link to this extract
Why William Gibson is a literary genius • The Walrus
Jason Guriel:
»
FOR ALL ITS obsession with the future, science fiction ages quickly. Still, some of the prognostications of “Johnny Mnemonic” have held up. “We’re an information economy,” narrates Johnny at one point:
»
They teach you that in school. What they don’t tell you is that it’s impossible to move, to live, to operate at any level without leaving traces, bits, seemingly meaningless fragments of personal information. Fragments that can be retrieved, amplified.
«
Gibson didn’t quite predict cookies and social media, but “Johnny Mnemonic” nails our hermit-proofed paradigm. Even the story’s premise—that the most precious commodity is data—rhymes neatly with twenty-first-century anxieties about privacy and cryptocurrency.
And yet, the most radical thing about Gibson’s story is its realism. At the very beginning, Johnny delivers some tough-guy talk:
»
I put the shotgun in an Adidas bag and padded it out with four pairs of tennis socks, not my style at all, but that was what I was aiming for: If they think you’re crude, go technical; if they think you’re technical, go crude.
«
That Adidas bag was as stunning, in its day, as a phaser; sci-fi rarely deigned to mention such base details as brands. A year after the publication of “Johnny Mnemonic,” the movie Blade Runner posited a similarly radical (and radically banal) point in one of its most iconic scenes: the hover cars of the far-flung future, when they finally get aloft, will fling themselves past sky-high ads for Coca-Cola.
“Johnny Mnemonic” also reflects Gibson’s fascination with the cadged-together, a fixation, really, that runs through his work—from the artistic AI that remixes rubbish into dioramas in Count Zero to the squatter-occupied bridge in Virtual Light: a “patchwork carnival of scavenged surfaces.”
…When I tweeted once about the debris that fills his fiction, Gibson responded: “The mostly American sf I started with as a reader seldom got it that futures are built of pasts.”
«
FTC bans SpyFone and its CEO from continuing to sell stalkerware • Malwarebytes Labs
David Ruiz:
»
Nearly two years after the US Federal Trade Commission first took aim against mobile apps that can non-consensually track people’s locations and pry into their emails, photos, and videos, the government agency placed restrictions Wednesday on the developers of SpyFone—which the FTC called a “stalkerware app company”—preventing the company and its CEO Scott Zuckerman from ever again “offering, promoting, selling, or advertising any surveillance app, service, or business.”
Wednesday’s enforcement action represents a much firmer stance from the FTC compared to the settlement it reached in 2019, when the government agency refrained from even using the term “stalkerware” and it focused more on lacking cybersecurity protections within the apps it investigated, not on the privacy invasions that were allowed.
FTC Commissioner Rohit Chopra, who made a separate statement on Wednesday, said much of the same.
“This is a significant change from the agency’s past approach,” Chopra said. “For example, in a 2019 stalkerware settlement, the Commission allowed the violators to continue developing and marketing monitoring products.”
That settlement prevented the company Retina-X Studios LLC and its owner, James N. Johns Jr., from selling their three Android apps unless significant security rehauls were made. At the time, critics of the settlement argued that the FTC was not preventing Retina-X from selling stalkerware-type apps, but that the FTC was preventing Retina-X from selling insecure stalkerware-type apps.
«
Spyfone also has to tell everyone whose devices were surveilled using it. That’s going to open them up to lawsuits, of course.
unique link to this extract
Texas’s social media law and abortion law mean must keep up AND take down info on abortion • Techdirt
Mike Masnick:
»
[The Texas “abortion” law] is bizarre on multiple levels. First, it’s allowing anyone to sue anyone else, claiming that they “aided and abetted” an illegal abortion if they merely “induced” someone to get an abortion.
So… let’s say that someone posted to a Facebook group, telling people how to get an abortion. Under Texas’s social media law – remember “each person in this state has a fundamental interest in the free exchange of ideas and information” – Facebook is expected to keep that information up. However, under Texas’ anti-choice law (remember, anyone can sue anyone for “inducing” an abortion) Facebook theoretically faces liability for leaving that information up.
So who wins out? Well, it should be that both bills are found to be unconstitutional, so it doesn’t matter. But we’ll see whether or not the courts recognize that. Section 230 should also protect Facebook here, since it pre-empts any state law that tries to make the company liable for user posts, which in theory the abortion law does. The 1st Amendment should also backstop both of these, noting that (1) Texas’ social media law clearly violates Facebook’s 1st Amendment rights, and (2) the broad language saying anyone can file civil suit against anyone for somehow convincing someone to get an abortion also pretty clearly violates the 1st Amendment.
But, until the courts actually rule on this, we don’t just have a mess, we have a contradictory mess thanks to a Texas legislature (and governor) that is so focused on waging a pointless culture war against “the libs” that they don’t even realize how their own bills conflict with one another.
«
I say to anyone who’ll listen (and some who don’t) that America is utterly broken, and I no longer expect anything good to come from its politicians.
unique link to this extract
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 
I think the Verge article on Apple overstates what has happened. Apple have played this so it looks like they have conceded changes but it is unclear that that they have changed anything. What they have done for (formally) print media is to trade a lower transaction fee in return for the company embracing Apple News. I think we’ll see more of this horse trading.