Start Up No.1680: FBI site used for email spoofing, find that dog 2021-style, Ukraine goes crypto, newsletter overload, and more

A close examination of James Bond’s travel behaviour suggests he’s really not careful enough about hygiene. That could be life-shortening. CC-licensed photo by Mike Mozart on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Not being phased down. I’m @charlesarthur on Twitter. Observations and links welcome.

Hoax email blast abused poor coding in FBI website • Krebs on Security

Brian Krebs:


The Federal Bureau of Investigation (FBI) confirmed today that its domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.

Late in the evening on Nov. 12 ET, tens of thousands of emails began flooding out from the FBI address, warning about fake cyberattacks. Around that time, KrebsOnSecurity received a message from the same email address.

“Hi its pompompurin,” read the missive. “Check headers of this email it’s actually coming from FBI server. I am contacting you today because we located a botnet being hosted on your forehead, please take immediate action thanks.”

A review of the email’s message headers indicated it had indeed been sent by the FBI, and from the agency’s own Internet address. The domain in the “from:” portion of the email I received — — corresponds to the FBI’s Criminal Justice Information Services division (CJIS).

…In response to a request for comment, the FBI confirmed the unauthorized messages, but declined to offer further information.

…“I could’ve 1000% used this to send more legit looking emails, trick companies into handing over data etc.,” Pompompurin said. “And this would’ve never been found by anyone who would responsibly disclose, due to the notice the feds have on their website.”

Pompompurin says the illicit access to the FBI’s email system began with an exploration of its Law Enforcement Enterprise Portal (LEEP), which the bureau describes as “a gateway providing law enforcement agencies, intelligence groups, and criminal justice entities access to beneficial resources.”


Question now is whether the FBI will go after him for demonstrating that the site was terribly flawed, with a one-time password provided in the HTML of the page and a form you could edit – an utterly amateurish error.
unique link to this extract

Cabbage, lost and found • Rory’s Always On Newsletter

Rory Cellan-Jones got a message on Friday that Cabbage, his family’s beloved (and ageing, like us all) rescue collie had gone missing with five other dogs when the dogwalker’s van they were in was stolen:


By now it was late afternoon and my wife Diane and I were feeling pretty gloomy, desperately worried about what was happening to Cabbage in the hands of malevolent strangers. If they were dog thieves rather than just opportunists grabbing a relatively modern van they would quickly realise that a 15 year old crossbreed was worth nothing to them – and what would they do then?

Then there was at last something which seemed to offer hope. The press office at Ford UK called me to explain that they needed to be put in touch with Brett. They explained that his Transit Van, like all. recent Fords, had a feature which allowed owners to track their vehicles via a smartphone app.

It turned out that Brett had once had this app but had forgotten his password. But he got a new one and quickly found that he was being given a location for the van – or at least where it had been at 1020 in the morning.

It was in Park Royal, one of London’s few industrial areas and pretty close to where the van had been stolen. Just as I was about to talk to Radio 4’s PM and then go on the ITV London regional news programme I got a text from India telling me they were heading to the place pinpointed by the app and were just ten minutes away.

“Be careful”, I texted back. I realised I could be on air just as they found the dogs – or came face to face with whoever had stolen the van.


Together with his tweets and the use of the app, this was a Very Modern Dog Recovery. (I suspect Cabbage just found the day perplexing: not a proper walk, but among dog friends, but not in quite the usual place. It’s the humans who had an absolutely appalling time.)
unique link to this extract

Ukraine wants to be the crypto capital of the world • The New York Times

David Segal and Ivan Nechepurenko:


A buccaneering 37-year-old educated in a British private school, Michael Chobanian is fluent both in English and the folkways of Ukraine, which he regards as a largely lawless frontier and which he likes to traverse in his black Ferrari 612. He is the founder of Kuna, one of Eastern Europe’s first cryptocurrency exchanges. To him, his native country is a terrific place to run a business, as long as you have the nerve to navigate a system rife with corruption.

Chief among the upsides, he explains in his office overlooking the Dnieper River, is the sort of freedom not seen in developed nations for hundreds of years.

Like, you can get away with murder.

“In this country, you can kill a person and you will not go to jail, if you have enough money and you’re connected,” he said, sipping tea on a plush leather sofa. “If you are not connected, it will cost you more.”

The anything-goes ethos has dogged Ukraine for years, and now the government is hoping to bury it, with an assist from cryptocurrency. In early September, the Parliament here passed a law legalizing and regulating Bitcoin, step one in an ambitious campaign to both mainstream the nation’s thriving trade in crypto and to rebrand the entire country.


How will legalising crypto bury its reputation for anything-goes? In passing: Ukraine is described in the article as the second-poorest nation in Europe. World Atlas puts it at the lowest in 2019. So does World Population Review using 2020 figures.
unique link to this extract

The US is making its biggest investment in broadband internet ever • Popular Science

Shira Feder:


The government has allocated $42.4bn towards a Broadband Equity Access and Deployment Program, which is just what it sounds like, says [director of infrastrcture policy at the Center for American Progress, Kevin] DeGood. In areas without internet service, or with spotty, intermittent service, there will be an auction in which private companies can bid on how much money they would need in order to build out real broadband internet access. 

The Pew Research Center consistently finds that affordability is a huge barrier to broadband adoption in the United States. A program called the Affordable Connectivity Fund seeks to address this, allocating $14.2bn to provide a $30 monthly subsidy to bring down the cost of monthly internet access charges for households that are at or below 200% of the federal poverty line. [That is, households whose income is less than double the poverty line level.] This program is a continuation of the $3.2bn Emergency Broadband Benefit Program, or EBBP, started during the pandemic to help low-income Americans get online.

Two billion dollars will go towards making sure indigenous communities have access to the internet, and $2.75 billion will go towards “digital equity plans,” like computer labs for your local library.

…One of the provisions in the bill is to give the government more authority to demand better data from these private network providers. Unlike road maps, where experts can look at a map and see where there is or isn’t a road, with the internet, experts can examine a map and see that fiber optic cable has been laid down, but not know who is accessing that cable.

Our estimate is “based on guesses as to whether or not people are being served based on fiber maps and other wireline technology,” says DeGood. Just because a line might pass by someone’s property doesn’t mean they automatically have internet access.


One thing I bet it isn’t going to fix is the monopolistic practices that leave no effective rivalry for services in any given location.
unique link to this extract

China CPI and PPI: the world’s second largest economy has a big inflation problem • CNN

Laura He:


Last week, China’s Ministry of Commerce issued a notice directing local governments to encourage families to stock up on food and other daily essentials as bad weather, energy shortages and Covid-19 restrictions threatened to disrupt supplies. The sudden warning sparked panic buying among the public and frenzied online speculation.

Authorities attributed the rise in consumer inflation to surging costs for vegetables and gas.

Vegetable prices jumped 16% in October, mainly due to heavy rainfall and rising transportation costs, according to a statement from Dong Lijuan, a senior statistician for the NBS. Extreme weather has hurt crops, and authorities have acknowledged that the cost of transiting across regions could rise because of strict measures intended to contain outbreaks of Covid-19.

Gasoline and diesel prices rose more than 30%, Dong said. An ongoing energy crunch was also the major contributor to the rise in producer price inflation, as the cost of coal mining and processing has risen.

The world’s second largest economy is already growing at the slowest pace in a year as the energy woes, shipping disruptions and a deepening property crisis take their toll.

Rising inflation in the country is also triggering global concerns. The soaring producer inflation is “fueling upward pressure on global inflation,” considering China’s role as the world’s factory and its importance to the global supply chain, according to Ken Cheung, chief Asian foreign exchange strategist for Mizuho Bank.


Wonder if rising energy prices favours renewables, which have essentially no ongoing costs apart from maintenance – there’s no fuel required for solar panels or wind turbines or wave systems. But the delay from demand to installation is inevitably long (though it’s a lot quicker to install a solar farm or a wind turbine – now up to 15MW for a single tower! – than a CCGT plant.)
unique link to this extract

International travel has reopened: here’s why you shouldn’t go right now • Frequent Business Traveler

Jonathan Spira:


The reopening of international borders has given rise to family reunions and the activation of long-dormant travel plans to Europe but such trips come with a fairly large caveat: “Avoid travel” recommendations from Austria to the former Yugoslavia are now in place.

“Because of the current situation,” the CDC writes on its travel-advisory website, “even fully vaccinated travelers may be at risk for getting and spreading Covid-19 variants.”

The situation that the Centers for Disease Control and Prevention is referring to is both dire and real: Europe is in the early stages of another major surge.

This raises the question as to whether the situation is as bad as the numbers from the World Health Organization suggest or is the CDC being a bit alarmist.

As outlined below, the numbers show that the  situation is, in fact “dire,” as noted by Landeshauptmann Thomas Stelzer of Oberösterreich, or Upper Austria.

Unlike the surge in March, when vaccination programs were still getting underway in some countries, there is no singular explanation this time around.  Countries in Central and Eastern Europe, many which were behind the Iron Curtain, a low vaccination rate is the likely cause.  Indeed, Bulgaria, Russia, and Slovenia have some of the lowest vaccination rates in the developed world.


It’s coming to something when Frequent Business Travel(l)er is telling you not to travel.
unique link to this extract

No time to die: an in-depth analysis of James Bond’s exposure to infectious agents • ScienceDirect

Graumans, Stone and Bousema (in the Netherlands and UK):


Global travelers, whether tourists or secret agents, are exposed to a smörgåsbord of infectious agents. We hypothesized that agents pre-occupied with espionage and counterterrorism may, at their peril, fail to correctly prioritize travel medicine. To examine our hypothesis, we examined adherence to international travel advice during the 86 international journeys that James Bond was observed to undertake in feature films spanning 1962–2021.

Scrutinizing these missions involved ∼3113 min of evening hours per author that could easily have been spent on more pressing societal issues. We uncovered above-average sexual activity, often without sufficient time for an exchange of sexual history, with a remarkably high mortality among Bond’s sexual partners (27.1; 95% confidence interval 16.4–40.3). Given how inopportune a bout of diarrhea would be in the midst of world-saving action, it is striking that Bond is seen washing his hands on only two occasions, despite numerous exposures to foodborne pathogens. We hypothesize that his foolhardy courage, sometimes purposefully eliciting life-threatening situations, might even be a consequence of Toxoplasmosis.


“Do you expect me to talk?”

“No, Mr Bond, I expect you to wash your hands!”

Also worth pointing out that he’s exposed to lots of other pathogens (well, poisons) via enemies, including digitalis in Casino Royale and something undisclosed in You Only Live Twice (which kills his bedmate instead). And surely it would be Blofeld who’d be at risk of toxoplasmosis? (Thanks G for the link.)
unique link to this extract

A good newsletter exit strategy is hard to find • Vanity Fair

Delia Cai:


or anyone looking to get out of the game without an Atlantic–sized landing pad—or who hasn’t quite budgeted for the possibility of issuing subscription refunds—the cost of quitting might well be prohibitive. Casey Lewis, who writes the youth culture newsletter “After School,” told me she once looked into putting her paid newsletter on hold during a bout of freelance busyness and calculated the potential amount she’d refund. “You’re talking about $5,000 to $7,000, and you’re talking about writers who are living paycheck to paycheck,” she told me. “I ended up talking myself off that cliff.”

…In my view—both meta and biased as it will be for a former Substack poster child who never actually dabbled in matters of paid subscription herself—the cleanest newsletter exit by far is the one executed by Nick Quah, who sold his podcast trade newsletter “Hot Pod” to The Verge this summer and joined the Vox Mediaverse himself as Vulture’s podcast critic. (Disclosure: Warzel, Quah, and I were part of the Sidechannel newsletter Discord together.) Quah got the best of both worlds: the big full-time media job and the ability to see his newsletter brand live on—without any of the messy business of having to issue prorated refunds, as Warzel did, because The Verge simply took the “Hot Pod” subscription over (they did not have an existing paid product to merge it with).

When I called Quah up to ask how, exactly, he figured out how to get off the newsletter ride, Quah laughed and told me, “it’s harder to stay on.” Early this year, he’d been writing “Hot Pod” for almost seven years and felt incredibly burned out.


Speaking as a journalist who was each day having to write rather more than just a daily newsletter (The Overspill’s Start Up predecessor Boot Up, at The Guardian, was one of just multiple things I was writing each day), I do understand how one can get burnt out by the relentless demand for moarcontentcontentcontent. There’s an inevitable cyclicality to this: people move away from “jobs” to be independent, then move back. It helps having an organisation behind you – as Charlie Warzel’s move away from the New York Times to Substack and now on board The Atlantic, mentioned in this piece, shows.
unique link to this extract

Fifty per cent of Facebook Messenger’s total voice traffic comes from Cambodia. Here’s why • Rest of World

Vittoria Elliott and Bopha Phorn:


In 2018, the team at Facebook had a puzzle on their hands. Cambodian users accounted for nearly 50% of all global traffic for Messenger’s voice function, but no one at the company knew why, according to documents released by whistleblower Frances Haugen.

One employee suggested running a survey, according to internal documents viewed by Rest of World. Did it have to do with low literacy levels? they wondered. In 2020, a Facebook study attempted to ask users in countries with high audio use, but was only able to find a single Cambodian respondent, the same documents showed. The mystery, it seemed, stayed unsolved.

The answer, surprisingly, has less to do with Facebook, and more to do with the complexity of the Khmer language, and the way users adapt for a technology that was never designed with them in mind.

In Cambodia, everyone from tuk-tuk drivers to Prime Minister Hun Sen prefers to send voice notes instead of messages. Facebook’s study revealed that it wasn’t just Cambodians who favor voice messages — though nowhere else was it more popular. In the study, which included 30 users from the Dominican Republic, Senegal, Benin, Ivory Coast, and that single Cambodian, 87% of respondents said that they used voice tools to send notes in a different language from the one set on their apps. This was true on WhatsApp — the most popular platform among the survey respondents — along with Messenger and Telegram. 

One of the most common reasons? Typing was just too hard.

In Cambodia’s case, there has never been an easy way to type in Khmer. While Khmer Unicode was standardized fairly early, between 2006 and 2008, the keyboard itself lagged behind. The developers of the first Khmer computer keyboard had to accommodate the language’s 74 characters, the most of any script in the world.


This is also common in India, where illiteracy rates have long meant that people used Google (and YouTube) voice search rather than typing. It’s an idea that frequently astonishes people in San Francisco.
unique link to this extract

Want to understand more about Facebook (and other social networks’) role in developing countries? Read Social Warming, my latest book, and find answers – and more.

Apple silicon roadmap reveals plans for Mac Pro, MacBook Air • Ars Technica

Samuel Axon:


Apple has already finalised the second generation of Mac processors, and the third generation is expected to be made with a new 3-nanometer process, according to a report in The Information citing people with direct knowledge of the plans.

The report says that the second-generation chips will use an “upgraded version” of the 5-nanometer process used for the M1, M1 Pro, and M1 Max found in recent Apple Silicon Macs. But unlike those first-generation chips, some of the second-generation chips will have two dies instead of one, allowing for more processor cores.

A second-generation chip with just one die will be included in the long-rumored, redesigned MacBook Air as well as in iPads. That chip is code-named Staten. On the other hand, the MacBook Pro will feature more powerful second-generation chips code-named Rhodes. The second-generation chips have already been finalized and are ready to enter trial production, according to The Information’s sources.

But the sources also say we haven’t seen the end of the first generation. The next Mac Pro’s processor would be part of the generation that began with the M1. Code-named Jade, it will be based on the high-end MacBook Pro’s M1 Max, but it will have two dies instead of one.


It’s hardly unexpected that Apple has finalised the design; the surprise would be if it hadn’t.

The revised Mac Pro will be a beast, though it’s still an open question whether it will allow external GPUs.

Separately, we used to await updates to Macs based on Intel’s, and before that IBM/PowerPC’s (quite public) chip cycles. For the first time in more than 30 years we have zero visibility, apart from these reports, about where we are in Apple’s chip update cycle.
unique link to this extract

Apple’s new Digital Legacy feature lets you choose who gets your iCloud data • The Verge

Jennifer Pattison Tuohy:


Apple is solving a complicated problem with its latest iOS update: right of survivorship. Until now, when a loved one or family member dies, there was no easy way to access their iCloud account and absolutely no way of unlocking their phone without knowing their passcode. According to the iCloud terms of service, the deceased person’s data goes with them even with a death certificate.

With the new Digital Legacy program, first announced at WWDC earlier this year and arriving in iOS 15.2, you can designate up to five people as Legacy Contacts. These individuals can then access your data and personal information stored in iCloud when you die, such as photos, documents, and even purchases.

To activate Digital Legacy, Apple still requires proof of death and an access key. Still, it’s a much more simplified process than before, which could require a court order confirming a right to inheritance, and even then, there was no guarantee you would get access to the data.

This has been a complicated situation for Apple, which has long touted its core principles of protecting users’ privacy. Grieving parents and spouses railing against the company for not giving them access to their spouses’ photos isn’t a good look. But neither is doling out people’s data willy-nilly.

Both Google and Facebook have systems in place for designating account access to other people, and it’s good to see Apple catching up here.


The next problem they’ll have to grapple with (right?) is what happens if the person who died was the administrator of the Family account which gave everyone their Apple Music, Apple TV+, shared iCloud storage, etc? Can that be transferred?
unique link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.