How do thieves break into locked gym lockers and then into security-protected phones and apps? London women want to know. CC-licensed photo by lee on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 8 links for you. Not phoney. I’m @charlesarthur on Twitter. Observations and links welcome.
I ran the worlds largest DDoS-for-Hire empire and CloudFlare helped • Rasbora
“Rasbora”:
»
As the infrastructure provider for over 20% of all www traffic traversing the internet today, CloudFlare is in a position to enforce its beliefs on a global scale. Most of the time this isn’t a problem, lots of nefarious websites try to take advantage of the services CloudFlare offers and are rightfully kicked off. The problems arise in a small category of websites that blur the line. Is it okay to revoke access to a website promoting hate speech and violence? Who interprets what qualifies as hate speech? Should a single forum post in a sea of thousands disqualify an entire website? Who makes the decision on how these criteria are defined?
CloudFlare’s answers to these questions has historically been: nothing. They have repeated again and again that because they are an internet utility they remain neutral on these topics and leave it up to the hosting providers to answer these questions. However CloudFlare is not a neutral utility, they are a publicly traded company and have shareholders to report to, can any fire department in the world say the same?
As a young cyber miscreant I operated dozens of booter (“DDoS-for-Hire”) services throughout my teenage years, and every single one of them used CloudFlare to protect my websites from rival DDoS attacks. Without CloudFlare’s “neutral” security service offerings I couldn’t have facilitated millions of DDoS attacks. It’s hard to stress just how instrumental CloudFlare is in the success of a booter services operation, booters that didn’t have protection from CloudFlare would not remain online very long.
It looks like not much has changed throughout the years. Just like I took advantage of CloudFlare’s services many years ago, the first result on google for the search term “booter” is doing the same thing today. As long as CloudFlare doesn’t intervene in the operation of these websites, they are “avoiding” an abuse of power. Isn’t that convenient?
…CloudFlare is responsible for keeping booter websites online and operating, the very same websites who’s sole purpose is to fuel CloudFlare’s very own business model, selling DDoS protection. Dear reader please take a moment to reflect upon the last sentence.
CloudFlare is a fire department that prides itself on putting out fires at any house regardless of the individual that lives there, what they forget to mention is they are actively lighting these fires and making money by putting them out!
«
Apple Watch Ultra is everything I wanted the Series 8 to be • Techradarvai msn.com
Loyd Coombes:
»
Being able to enter a low power mode in watchOS 9 is a great start, but the Apple Watch Ultra does offer a much larger battery, boosted from a meagre 18 hours to a hefty-in-comparison 36. Given that much smaller (and admittedly less powerful) fitness trackers like the Huawei Band 7 offers a two-week battery life, the Apple Watch Ultra’s 36 hours at least feels closer to catching up, and can be extended to 60 hours.
Given the significant price jump from the Series 8 to the Apple Watch Ultra, you can likely expect to keep carrying your charging puck with you for the foreseeable.
Another big new addition is a second button, the Action button that’s programmable on the Apple Watch Ultra. Does the Apple Watch Series 8 need one? Probably not, but being able to make the existing side button more useful would be a result. the Action button is also designed for athletes to use on the fly, to pause or switch between workout modes.
At present, the Apple Watch side button opens the ‘dock’ which shows recent apps, but if you’re anything like me, you have the complications you use regularly on your watch face and flick through on the screen. That negates the need for a side button unless it was user-customizable. We’d love to be able to instantly pause music with it, or open a new note, or, well, anything.
So, while the new Series 8 looks great, it’d be fair to say that the Apple Watch Ultra is poised to take the limelight for a little longer.
«
If the Ultra is big, that’s not going to be a problem for the (mostly) men who’ll want it. The inclusion of a dive computer (for calculating how quickly to go on scura dive) is quite an extra. Though all the extras look like quite an extra.
unique link to this extract
Why Britain is broken • POLITICO
James Snell is a senior adviser on Special Initiatives at the New Lines Institute:
»
the energy crisis is just part of Britain’s brokenness, which Liz Truss — the winner of the Conservative leadership contest — will face. Dysfunction, incompetence and poor planning are pervasive — from the National Health Service to restrictions on building to the country’s airports and courts.
Here, one can wait forever to see a doctor. The number of patients who have waited more than a year for treatment has grown by 13 times, according to the British Medical Association, and the consequence isn’t just prolonged suffering but untimely deaths. And a nation in poor health has a smaller and shrinking workforce, which is also present in British government statistics.
As with other basic government services, dentistry is in a state of slow collapse also, with dentists not taking on any new patients, including children.
Meanwhile, current local authorities are unable to meet the responsibilities of municipal government. According to James Kirkup, director of the Social Market Foundation think tank, over 90% of crimes aren’t being solved, and financial fraud is rampant and unstoppable. If someone drains your bank account, it’s not necessarily worth your while to call the police, he said.
The breakdown of Britain’s largest aircraft carrier, HMS Prince of Wales — which was meant to set off for a four-month tour of North America last week — seems fitting and symbolic.
Kirkup argues, “The structural shortfall in public services arises from an awkward truth of British politics: we want to pay American taxes and expect European services.” But politics is broken too, and the hard choices that need to be made simply aren’t. Politics is now less the “art of the possible,” and more an extended game of fantasy role-play for those in power — and even for those in opposition who seek to replace them.
«
Shutterstock has reverse engineered Google’s watermark-removal algorithm • The Next Web
Mix:
»
Only a week after Google released a paper detailing how its researchers built an algorithm that automatically removes watermarks from stock photos, Shutterstock has already put together an antidote.
Taking a cue from the internet giant’s tips on how to strengthen watermarks, the popular stock photo distributor managed to reverse engineer Google’s software in order to stop copyright thieves from editing out watermarks and using their images for free.
To pull this off, its engineers built a smart watermark technology that counteracts the algorithm by deliberately inserting minor inconsistencies in the watermark patterns. The solution purportedly uses machine learning to continuously confuse Google’s software.
“The challenge was protecting images without degrading the image quality,” said Shutterstock CTO Martin Brodbeck. “Changing the opacity and location of a watermark does not make it more secure, however changing the geometry does.”
The solution came not without a little help from the source itself.
“Google published a white paper [PDF] outlining a way of using computer vision technology to eradicate watermarks from stock image collections on a large-scale,” Brodbeck added. “Shutterstock was notified before the paper was published and quickly began working to address the areas highlighted.”
Thanks to this collaboration between the two companies, Shutterstock’s new technology introduced several variables to its watermarks structures to make it difficult for programs to identify recurring patterns.
«
A weird sort of arms race where one side helps you to stay up with it.
unique link to this extract
How is a thief taking thousands from London gym-goers? • BBC News
»
A serial thief is targeting London gym-goers and emptying their bank accounts, a BBC Radio 4 investigation has found.
Journalist Shari Vahl from the You and Yours programme has spoken to a number of women with near-identical experiences – all of which included the loss of many thousands of pounds. Vahl shared her findings with the Met Police, which had previously closed a number of individual investigations, to show the cases could be linked. Now the force will reopen the inquiry.
The similarities in each of the cases appear striking – female victims who have put their belongings in a locker in a popular chain of gyms, only to return and discover their phones and cards have been taken. A number of high-value purchases have been made, at the same shops. The thief also treats themselves to a fast-food meal.
One victim, Alina, had her items stolen from a Virgin gym in Finchley Road last month. The thief spent about £10,000 in Harrods, and the Covent Garden Apple store. They tried to spend another £10,000 after Alina had blocked her cards. They used her money for food and taxis and withdrew cash from ATMs and changed the access to her accounts.…Phones, of course, can be made inaccessible with the use of passwords and face or fingerprint unlocking. And bank cards can be stopped. But the thief has a method which circumnavigates those basic safety protocols.
Once they have the phone and the card, they register the card on the relevant bank’s app on their own phone or computer. Since it is the first time that card will have been used on the new device, a one-off security passcode is demanded.
That verification passcode is sent by the bank to the stolen phone. The code flashes up on the locked screen of the stolen phone, leaving the thief to tap it into their own device. Once accepted, they have control of the bank account. They can transfer money or buy goods, or change access to the account.
«
One of the women this happened to complained about her bank’s indifference on Twitter; people on Twitter insisted she must have left her phone unlocked, or used a PIN that was her birthday, or written it down (none true). In fact it’s much simpler than that. Changing the default SIM PIN (and turning the phone off when you go to one of these places!) solves a lot of these problems.
unique link to this extract
This startup is setting a DALL-E 2-like AI free, consequences be damned • TechCrunch
Kyle Wiggers earlier in August, profiling the then-little-known Stability AI, maker of Stable Diffusion:
»
Already, testers in Stability AI’s Discord server are using Stable Diffusion to generate a range of content disallowed by other image generation services, including images of the war in Ukraine, nude women, an imagined Chinese invasion of Taiwan and controversial depictions of religious figures like the Prophet Muhammad. Doubtless, some of these images are against Stability AI’s own terms, but the company is currently relying on the community to flag violations. Many bear the telltale signs of an algorithmic creation, like disproportionate limbs and an incongruous mix of art styles. But others are passable on first glance. And the tech will continue to improve, presumably.
[CEO Emad] Mostaque acknowledged that the tools could be used by bad actors to create “really nasty stuff,” and CompVis says that the public release of the benchmark Stable Diffusion model will “incorporate ethical considerations.” But Mostaque argues that — by making the tools freely available — it allows the community to develop countermeasures.
“We hope to be the catalyst to coordinate global open source AI, both independent and academic, to build vital infrastructure, models and tools to maximize our collective potential,” Mostaque said. “This is amazing technology that can transform humanity for the better and should be open infrastructure for all.”
«
All fun and games until someone sues over an eye.
unique link to this extract
What does GPT-3 “know” about me? • MIT Technology Review
Melissa Heikkilä:
»
It’s not an idle question. I’ve been paranoid about posting anything about my personal life publicly since a bruising experience about a decade ago. My images and personal information were splashed across an online forum, then dissected and ridiculed by people who didn’t like a column I’d written for a Finnish newspaper.
Up to that point, like many people, I’d carelessly littered the internet with my data: personal blog posts, embarrassing photo albums from nights out, posts about my location, relationship status, and political preferences, out in the open for anyone to see. Even now, I’m still a relatively public figure, since I’m a journalist with essentially my entire professional portfolio just one online search away.
OpenAI has provided limited access to its famous large language model, GPT-3, and Meta lets people play around with its model OPT-175B though a publicly available chatbot called BlenderBot 3.
I decided to try out both models, starting by asking GPT-3: Who is Melissa Heikkilä?
The response: “Melissa Heikkilä is a Finnish journalist and author who has written about the Finnish economy and politics.”
When I read this, I froze. Heikkilä was the 18th most common surname in my native Finland in 2022, but I’m one of the only journalists writing in English with that name. It shouldn’t surprise me that the model associated it with journalism. Large language models scrape vast amounts of data from the internet, including news articles and social media posts, and names of journalists and authors appear very often.
And yet, it was jarring to be faced with something that was actually correct. What else does it know??
«
And now read on…
unique link to this extract
How Minecraft’s NFT ban gutted a crypto empire • Rest of World
Neirin Gray Desai:
»
After interest in Axie Infinity collapsed, following a plummeting in-game economy and a $620m hack, many players moved to other play-to-earn games, including Critterz.
Critterz hoped to address one of the primary criticisms Axie Infinity faced: that players were motivated much more by profit than by a desire to play the game itself, as the game alone simply wasn’t compelling enough. “We just had an idea, what if you can make an existing game play-to-earn?” Emerson Hsieh, a co-founder of Critterz, told Rest of World. “Minecraft is an established game that we know people want to play.”
For a while, it worked. Some Critterz players told Rest of World that, at one point, they were earning more than $100 a day playing the game. At its peak, it had around 2,000 daily players, some of whom enlisted other players to help build their in-game empires for a cut of the crypto they earned. One U.S. player, who goes by “Big Chief,” described how his team, composed largely of young people in the Philippines, gathered building materials for him. He then paid professional Minecraft builders around $10,000 in crypto to turn those materials into a lavish casino.
“I have a lot of kids that play for me, and they play because they want to make extra money in a country that’s really just locking them down,” he said.
But, as with Axie Infinity, once the game became more popular, the value of its crypto token began to drop. Worth 85 cents at its peak in January, it had decreased to around 3 cents by May. But the depreciation was gradual, and many players continued playing and building.
Then, on July 20, 2022, in a post on the Minecraft website, developer Mojang Studios dropped a bombshell: Minecraft would not support integrations with NFTs.
«
At which point they were royally stuffed.
unique link to this extract
| • Why do social networks drive us a little mad? • Why does angry content seem to dominate what we see? • How much of a role do algorithms play in affecting what we see and do online? • What can we do about it? • Did Facebook have any inkling of what was coming in Myanmar in 2016? Read Social Warming, my latest book, and find answers – and more. |
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 