Start Up No.1978: car theft by data injection, hacker market shut down, Equity acts on AI, will China ban rare earth exports?, and more

An amateur mathematician has made a breakthrough in the geometry of non-repeating tiling. On your bathroom wall soon? CC-licensed photo by Julian Burgess on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

On Friday, there’s another post due at the Social Warming Substack at about 0845 UK time.

A selection of 9 links for you. You missed a bit. I’m @charlesarthur on Twitter. On Mastodon: Observations and links welcome.

CAN Injection: keyless car theft • Canis Automotive Labs

Ken Tindell:


This is a detective story about how a car was stolen – and how it uncovered an epidemic of high-tech car theft. It begins with a tweet. In April 2022, my friend Ian Tabor tweeted that vandals had been at his car, pulling apart the headlight and unplugging the cables.

It seemed like pointless vandalism, the kind of thing that makes it impossible to have nice things. Then three months later it happened again.

This time the bumper was pulled away and the headlight unplugged. But it turned out neither incident was vandalism, because a couple of days later:

The car was gone. And it looks like the headlight was how it was stolen. Ian is a cybersecurity researcher in the automotive space and has previously been awarded bug bounties for finding vehicle vulnerabilities, and I initially thought from reading his tweet that this might be a trophy hack. But it turns out not: Ian’s neighbour had their Toyota Land Cruiser stolen shortly after. For Ian this is personal and he wanted to know just how they stole the car. After all, it’s got sophisticated car security systems, including an engine immobilizer. How did they drive these cars away?


This is a fascinating detective story about weaknesses in your car’s system, if your car is a Jeep, Maserati, Honda, Renault, Jaguar, Fiat, Peugeot, Nissan, Ford, BMW, Volkswagen, Chrysler, Cadillac, GMC – or Toyota. It’s not a “relay attack”, where the criminals ping the key inside the house, which pings back an unlock code that they capture. It’s much smarter than that.

Which raises the question: how many people are there who would have the knowledge necessary to figure out and instigate these hacks?
unique link to this extract

Genesis Market, one of world’s largest platforms for cyber fraud, seized by police • The Record

Alexander Martin:


Genesis Market was seized on Tuesday in an FBI-led operation involving more than a dozen international partners, scuttling one of the most significant online criminal platforms.

Genesis — which functioned as a one-stop-shop for criminals, selling both stolen credentials and the tools to weaponize that data — has been linked to millions of financially motivated cyber incidents globally, from fraud through to ransomware attacks.

A splash page revealing the takedown, titled Operation Cookie Monster, has now replaced the login pages on Genesis Market’s websites. The organization maintained sites on the dark web and regular web.

The Record understands that a large number of arrests are being carried out globally.

Genesis Market was unique among credential marketplaces such as Russian Market or 2easy Shop, according to Alexander Leslie, an analyst at Recorded Future, the parent company of The Record.

Unlike its competitors, Genesis Market provided criminals access to “bots” or “browser fingerprints” that allowed them to impersonate victims’ web browsers — including IP addresses, session cookies, operating system information, and plugins.

These fingerprints meant the criminals could access subscription platforms such as Netflix and Amazon — as well as online banking services — without triggering security warnings: “What’s Joe doing logging in from India?” as Leslie said. Users could even bypass multi-factor authentication.

“What makes the fingerprints on Genesis Store different is that they’re emulating the victim’s browser session — bypassing these ‘flags’ by appearing, to the victim, to be indistinguishable from the actual user,” Leslie said.


May have affected as many as 50 million people – possibly more. There’s some suggestion that they arrested some of the people involved early on and got them to flip, and got access to the database of criminal users: about 59,000 of them.
unique link to this extract

‘The miracle that disrupts order’: mathematicians invent new ‘einstein’ shape • The Guardian

Matthew Cantor:


In nature and on our bathroom walls, we typically see tile patterns that repeat in “a very predictable, regular way”, says Dr Craig Kaplan, an associate professor of computer science at the University of Waterloo in Ontario. What mathematicians were interested in were shapes that “guaranteed non-periodicity” – in other words, there was no way to tile them so that the overall pattern created a repeating grid.

Such a shape would be known as an aperiodic monotile, or “einstein” shape, meaning, in roughly translated German, “one shape” (and conveniently echoing the name of a certain theoretical physicist).

“There’s been a thread of beautiful mathematics over the last 60 years or so searching for ever smaller sets of shapes that do this,” Kaplan says. “The first example of an aperiodic set of shapes had over 20,000 shapes in it. And of course, mathematicians worked to get that number down over time. And the furthest we got was in the 1970s,” when the Nobel-prize winning physicist Roger Penrose found pairs of shapes that fit the bill.

Now, mathematicians appear to have found what they were looking for: a 13-sided shape they call “the hat”. The discovery was largely the work of David Smith of the East Riding of Yorkshire, who had a longstanding interest in the question and investigated the problem using an online geometry platform. Once he’d found an intriguing shape, he told the New York Times, he would cut it out of cardstock and see how he could fit the first 32 pieces together.

“I am quite persistent but I suppose I did have a bit of luck,” Smith told the Guardian in an email.


This is a quite fabulous piece of mathematics (here’s the draft paper) which I don’t pretend to understand. How fabulous that it should be written about by someone called Cantor.
unique link to this extract

Stop AI stealing the show • Equity

Equity is the trade union for performers and creative practitioners:


The use of Artificial Intelligence (AI) has grown rapidly across the audio and entertainment industry in recent years, from automated audiobooks and voice assistants to deep fake videos and text to speech tools.

But UK Intellectual Property law has failed to keep pace. And this is leading to performers being exploited.

We know that:
• Performers are having their image, voice or likeness reproduced by others, using AI technology, without their consent
• Because of loopholes in the law, performers are not being fairly paid for the reproduction of their work. And sometimes not paid at all

Performers are kept in the dark about their rights and contracts:
• 79% of performers who have undertaken AI work felt they did not have a full understanding of their performers’ rights (as set out in the Copyright, Designs and Patents Act 1988) before signing the contract
• Performers are being asked to sign Non-Disclosure Agreements without any knowledge of what the job entails
• 65% of performers think the development of AI technology poses a threat to employment opportunities in the performing arts sector. This figure rose to 93% for audio artists
• 93% of Equity members think the Government should introduce new legal protections for performers, so that a performance cannot be reproduced by AI technology without their consent.

The government is also planning to introduce a new data mining exemption, which could have catastrophic implications for UK based performers and their professional work if implemented.


Wise of Equity to move early on this: its members are probably the most likely to lose out first if they don’t get these sorts of protections.
unique link to this extract

The “e-bikes are cheating” myth busted: studies disprove the claim • Cycling Electric

Mark Sutton:


A piece of research collaborated upon by numerous European Universities produced one of the most comprehensive bodies of electric bike user data so far, pulling on insight from 10,000 riders.

Pushing out a broad survey that measured weekly activity the researchers were over time able to prove that electric bike users were actually surpassing pedal cycle users in the amount of saddle time registered. The riders were taking longer trips and more often replacing car trips by generally reaching for the pedal-assisted bikes for journeys of a distance that would generally be faster on two wheels versus fighting traffic.

The data concluded that e-bike riders were registering significantly longer journeys at 9.4km, compared to 4.8km for cyclists, as well as higher daily averages at 8km and 5.3km, respectively.

In exercise terms that translated favourably, though pedal cyclists edged it in BMI readings, but only marginally. Cyclists were averaging a 23.8 BMI, while e-bike riders had an average of 24.8. Both of these put riders in the very typically normal range, showing that the exercise was helpful on both counts.

As the researchers put it “Physical activity levels, measured in Metabolic Equivalent Task minutes per week (MET min/wk), were similar among e-bikers and cyclists (4463 vs. 4085).”

One point worth consideration on this note is that e-bikes tend to greater attract those less physically ready for exercise, versus a pedal cycle, so the margin of closeness may be distorted somewhat. In fact, the study did note that e-bike riders did tend to be a bit older at an average of 48.1 years versus 41.4 years for the pedal cyclist.


Perhaps the latter point for two reasons: they’re feeling the struggle of an unaided bicycle more, and they’re a bit more affluent.
unique link to this extract

China plans to ban exports of rare earth magnet tech • The Japan News

Seima Oki:


China is considering banning the export of technologies used to produce high-performance rare earth magnets deployed in electric vehicles, wind turbine motors and other products, citing “national security” as a reason, it has been learned.

With the global trend toward decarbonization driving a shift toward the use of electric motors, China is believed to be seeking to seize control of the magnet supply chain and establish dominance in the burgeoning environment sector.

Beijing is currently in the process of revising its Catalogue of Technologies Prohibited and Restricted from Export — a list of manufacturing and other industrial technologies subject to export controls — and released a draft of the revised catalog for public comment in December. In the draft, manufacturing technologies for high-performance magnets using such rare earth elements as neodymium and samarium cobalt were added to the export ban. The solicitation of comments ceased late January and the revisions are expected to be adopted as early as this year.

Rare earth magnets are key components in motors that use electricity and magnetic force to generate rotation. In addition to EVs, they are widely used in aircraft—including military planes—and industrial items including robots, mobile phones and air conditioners. Use of such magnets is expected to increase along with semiconductors and storage cells. The Japanese government is reportedly concerned about the potentially massive impact a magnet supply disruption could have on various public and economic activities.

China is estimated to hold an about 84% share of the global market in neodymium magnets and an over 90% interest in samarium cobalt magnets. Japan, meanwhile, has about 15% of the neodymium magnet market and a less-than-10% share of that for samarium cobalt.


The Second Cold War enters a new phase.
unique link to this extract

Meta to debut ad-creating generative AI this year, CTO says • Nikkei Asia

Kazuyuki Okudaira:


Facebook owner Meta intends to commercialize its proprietary generative artificial intelligence by December, joining Google in finding practical applications for the tech.

The company, which began full-scale AI research in 2013, stands out along with Google in the number of studies published.

“We’ve been investing in artificial intelligence for over a decade, and have one of the leading research institutes in the world,” Andrew Bosworth, Meta’s chief technology officer, told Nikkei in an exclusive interview on Wednesday in Tokyo. “We certainly have a large research organization, hundreds of people.”

Meta announced in February that it would establish a new organization to develop generative AI, but this is the first time it has indicated a timeline for commercialization.

The technology, which can instantly create sentences and graphics, has already been commercialized by ChatGPT creator OpenAI of the US. But Bosworth insists Meta remains on the technology’s cutting edge.

“We feel very confident that … we are at the very forefront,” he said. “Quite a few of the techniques that are in large language model development were pioneered [by] our teams.

“[I] expect we’ll start seeing some of them [commercialization of the tech] this year. We just created a new team, the generative AI team, a couple of months ago; they are very busy. It’s probably the area that I’m spending the most time [in], as well as Mark Zuckerberg and [Chief Product Officer] Chris Cox.”


I wonder where it’ll be used? To make the metaverse more welcoming? It’s not as if Facebook is big on either selling services or selling hardware.
unique link to this extract

Why journalists can’t quit Twitter • Platformer

Casey Newton:


In December, I predicted that 2023 would be the year that the media would begin its divorce from Twitter. “Elon Musk’s continued promotion of right-wing causes and personalities will push away more and more high-profile users, who find themselves increasingly put off by his shock-jock antics and whim-based approach to content moderation,” I wrote. “Alternative platforms like Mastodon, while smaller and less intuitive to use, offer a safe haven to more and more people — particularly journalists — looking for off-ramps. By the end of 2023, Twitter no longer sets the daily news agenda by default for the entire US press.”

Almost four months later, this prediction looks more and more wobbly. The first part has more or less come true: journalists are put off by Musk’s antics, and dunk on him daily. But those same journalists — along with a bunch of people Musk arbitrarily suspended, fired, or laid off — continue to tweet just the same, propping up the service with their quips and sports tweets and food photos just as they always have. And while some of the company’s competitors show intermittent signs on life, none has taken on the feeling of a daily must-visit in the way Twitter did and still does.


Willie Sutton didn’t actually say he robbed banks “because that’s where the money is”; it was because “I was more alive when I was inside a bank, robbing it, than at any other time in my life”. For journalists, that’s a lot of what Twitter gives them: validation, visibility with colleagues, and, used well, an endless source of stories. So I think Newton misses the point here.

Journalists will stop coming to Twitter when other journalists stop going there, and when there aren’t any people using it. And I don’t see either happening. Even in the days when the Fail Whale was a regular occurrence, and there were fewer people sharing less, it was a must-use. Since then, it’s become more reliable and more popular.
unique link to this extract

Twitter adds ‘state-affiliated media’ label to NPR account putting it on par with Russia Today • Forbes

Matt Novak:


Twitter added a warning to NPR’s Twitter account on Tuesday, declaring it as “state-affiliated media,” a label that’s typically been reserved for foreign media outlets that represent the official views of the government, like Russia’s RT and China’s Xinhua.

In fact, several people on Twitter pointed out that the social media company specifically said that news outlets like NPR are not state-affiliated media because they have editorial independence, despite getting some funds from the government.

“State-affiliated media is defined as outlets where the state exercises control over editorial content through financial resources, direct or indirect political pressures, and/or control over production and distribution,” Twitter’s Help Center reads.

The explanation on Twitter’s website went on to call out NPR as an outlet that didn’t deserve the state-affiliated label. At least until recently.

“Accounts belonging to state-affiliated media entities, their editors-in-chief, and/or their prominent staff may be labeled. State-financed media organizations with editorial independence, like the BBC in the UK or NPR in the US for example, are not defined as state-affiliated media for the purposes of this policy,” the Help Center continued.

That’s what it used to say as of Tuesday morning, according to the Internet Archive’s Wayback Machine. The website still mentions the BBC but the reference to NPR was deleted sometime Tuesday.


At a guess, this is more of Musk’s capricious, snide behaviour. The antipathy may become mutual: there are probably some outlets which would love to dub him “failed billionaire” or “former billionaire”. I also suspect he’s being egged on in this by some of his coterie of venture capitalists.
unique link to this extract

• Why do social networks drive us a little mad?
• Why does angry content seem to dominate what we see?
• How much of a role do algorithms play in affecting what we see and do online?
• What can we do about it?
• Did Facebook have any inkling of what was coming in Myanmar in 2016?

Read Social Warming, my latest book, and find answers – and more.

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.