About charlesarthur

Freelance journalist - technology, science, and so on. Author of "Digital Wars: Apple, Google, Microsoft and the battle for the internet".

Start Up: Murdoch’s Facebook demand, the ICO hacks, who’s ot 2FA?, Google’s un-VPN, and more


CRISPR/Cas9 in neurons. Is what’s happening in China like this? Photo by the National Institutes of Health (NIH) on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 8 links for you. Tolerable. I’m @charlesarthur on Twitter. Observations and links welcome.

Rupert Murdoch: Facebook, Google should pay for trusted news • CNBC

John Shinal:

»

Rupert Murdoch said on Monday that Facebook and Google have made “scurrilous” news sources popular, and that the U.S. tech giants should pay publishers if they want “trusted” content.

“Facebook and Google have popularized scurrilous news sources through algorithms that are profitable for these platforms but inherently unreliable,” the News Corp. chairman said in a statement.

“If Facebook wants to recognize ‘trusted’ publishers then it should pay those publishers a carriage fee similar to the model adopted by cable companies,” Murdoch said.

The statement comes after Facebook said Friday it would survey its users about what news sources they trust, and tweak its ranking software to help promote more the credible ones.

In his own Facebook post last week, CEO Mark Zuckerberg said, “I’ve asked our product teams to make sure we prioritize news that is trustworthy, informative, and local. And we’re starting next week with trusted sources.”

«

He keeps trying to find ways to make this happen, and they keep failing.
link to this extract


China, unhampered by rules, races ahead in gene-editing trials • WSJ

Preetika Rana, Amy Dockser Marcus and Wenxin Fan:

»

In a hospital west of Shanghai, Wu Shixiu since March has been trying to treat cancer patients using a promising new gene-editing tool.

U.S. scientists helped devise the tool, known as Crispr-Cas9, which has captured global attention since a 2012 report said it can be used to edit DNA. Doctors haven’t been allowed to use it in human trials in America. That isn’t the case for Dr. Wu and others in China.

In a quirk of the globalized technology arena, Dr. Wu can forge ahead with the tool because he faces few regulatory hurdles to testing it on humans. His hospital’s review board took just an afternoon to sign off on his trial. He didn’t need national regulators’ approval and has few reporting requirements.

Dr. Wu’s team at Hangzhou Cancer Hospital has been drawing blood from esophageal-cancer patients, shipping it by high-speed rail to a lab that modifies disease-fighting cells using Crispr-Cas9 by deleting a gene that interferes with the immune system’s ability to fight cancer. His team then infuses the cells back into the patients, hoping the reprogrammed DNA will destroy the disease.

In contrast, what’s expected to be the first human Crispr trial outside China has yet to begin. The University of Pennsylvania has spent nearly two years addressing federal and other requirements, including numerous safety checks designed to minimize risks to patients. While Penn hasn’t received final federal clearance to proceed, “we hope to get clearance soon,” a Penn spokeswoman said…

…There is little doubt China was first out of the block testing Crispr on humans. Nine trials in China are listed in a U.S. National Library of Medicine database. The Wall Street Journal found at least two other hospital trials, including one beginning in 2015—a year earlier than previously reported. Journal reporting found at least 86 Chinese patients have had their genes edited.

The trials align with China’s industrial policy. As part of its drive to place China on the global stage in a multitude of industries, Beijing in a 2016 five-year plan highlighted gene editing. Many of the Crispr trials emerged after that call-to-arms.

«

Expected. Also: please don’t let this be the opening scene of a zombie apocalypse.
link to this extract


More than 10% of $3.7bn raised in ICOs has been stolen: Ernst & Young

Anna Irrera:

»

More than 10% of funds raised through “initial coin offerings” are lost or stolen in hacker attacks, according to new research by Ernst & Young that delves into the risks of investing in cryptocurrency projects online.

The professional services firm analyzed more than 372 ICOs, in which new digital currencies are distributed to buyers, and found that roughly $400m of the total $3.7bn funds raised to date had been stolen, according to research published on Monday.

Phishing was the most widely used hacking technique for ICOs, with hackers stealing up to $1.5m in ICO proceeds per month, according to the report.

The research also noted that the volume of ICOs has been slowing since late 2017. Less than 25% of ICOs reached their target in November, compared with 90% in June.

The study comes amid a cryptocurrency investing craze, with young companies raising hundreds of millions of dollars online to fund their projects, with often little more than a handful of employees and a business plan outlined in a so-called “white paper”.

«

Going to keep pointing this stuff out until the inevitable happens.
link to this extract


Who’s using 2FA? Sweet FA. Less than 10% of Gmail users enable two-factor authentication • The Register

Iain Thomson:

»

It has been nearly seven years since Google introduced two-factor authentication for Gmail accounts, but virtually no one is using it.

In a presentation at Usenix’s Enigma 2018 security conference in California, Google software engineer Grzegorz Milka today revealed that, right now, less than 10% of active Google accounts use two-step authentication to lock down their services. He also said only about 12% of Americans have a password manager to protect their accounts, according to a 2016 Pew study.

We polled El Reg readers on Twitter just before we published this piece, asking: “What percentage, rounded to nearest integer, of Gmail users do you think use two-factor authentication?” Out of 838 followers who responded within the hour, 82% correctly selected less than 10%. The rest picked more than 10%.

The Register asked Milka why Google didn’t just make two-factor mandatory across all accounts, and the response was telling. “The answer is usability,” he replied. “It’s about how many people would we drive out if we force them to use additional security.”

Please, if you haven’t already done so, just enable two-step authentication. This means when you or someone else tries to log into your account, they need not only your password but authorization from another device, such as your phone. So, simply stealing your password isn’t enough – they need your unlocked phone, or similar, to to get in.

«

I consider it a mark of achievement that I got all my family onto 2FA. And recall that it was the lack of 2FA on John Podesta’s personal email account which led to it being hacked to such disastrous effect.

Meanwhile inside Google…
link to this extract


BeyondCorp: how Google ditched VPNs for remote employee access • The New Stack

»

Today, none of Google’s employee-facing applications are on a virtual private network. They all have public IP addresses.

The company feels this approach, which it has dubbed BeyondCorp, is the “new cloud model,” for doing cloud security, asserted Neal Mueller, head of infrastructure product marketing at Google, who gave a presentation on this approach at the O’Reilly Security conference, held recently in New York.

This model can be fall under a number of rubrics in the security community, including “zero-trust” or “perimeter-less” security. It is the opposite of the traditional approach of security, which Mueller described as “the castle” approach, in which a strong firewall is used to set off an internal network that can only be accessed by way of a virtual private network (VPN).

The problem with the “castle” approach is that once the perimeter is breached, the entire internal network, and all the associated applications, are at risk. “Do not trust your network. It is probably already owned,” added Max Saltonstall, a Google program manager for corporate engineering, who also participated in the presentation. Phishing, man-in-the-middle, SQL Injection attacks all find fertile ground on VPNs.

Plus, a VPN was cumbersome to use, and slowed performance, especially for overseas workers. And it is no walk in the park for admins either.

«

Fascinating how Google is inverting this whole idea, and letting anyone – who is correctly authorised – access it. And it must be enormously confident to give a presentation like this (more slides in the full article) where hackers will target its systems.
link to this extract


A powered-on ‘Xbox Watch’ emerges, shows off fitness focus • Windows Central

Jez Corden:

»

Images of the so-called “Xbox Watch” have surfaced before, but this is the first time we’ve been able to see the device powered on (no chargers seem to exist for this thing.)

The pictures come via Hikari Calyx on Twitter, showing off an extremely early version of the Xbox Watch in a powered-on state. At this stage, the device only sported four apps, “Workout,” “GPS,” “Settings,” and a USB debugger for developers.

This device preceded the Microsoft Band, and might have been a response to how well Nintendo was able to position console gaming as a fitness option, back during the Wii Fit craze. We believe that the technology developed for the “Xbox Watch” eventually got rolled into the Microsoft Band, which, of course, also got cancelled.

«

Wise to cancel it. This wasn’t going to be a winner, and the writing was already on the wall of Microsoft’s mobile ecosystem.
link to this extract


Why ads keep redirecting you to scammy sites and what we’re doing about it • Vox

Winston Hearn, who – like you probably did at some point recently – found himself diverted to a scammy site when he’d clicked on what seemed like a safe page:

»

another engineer and I became curious about what exactly was happening to cause the redirect and annoy all users served the malicious ad. We dug in and were extremely surprised that the frigging thing could not be more simple. When the ad landed on the page there were about three lines of code. That code creates a link just like you click to go to any page on the web then waits seven seconds before triggering a click on the link which causes the browser to redirect you. That’s it. Why seven seconds? Most likely to avoid security tools that actively scan sites to try and detect ads like this, although that is just speculation on my part.

Let me be extremely clear: we hate these malicious ads with the fire of a thousand suns and are working actively to keep them off of our sites. We use automated services that regularly scan our sites trying to find malicious ads. We work with ad-selling partners to try to ensure the ads that are sold and served on our sites are high quality. And Vox Media’s AdOps team is constantly monitoring social media, email and Slack for reports of anything that seems questionable (not just malicious).

Despite all this, malicious ads like this pop up every few months. After this recent round, we started investigating what else we can do to prevent these ads from harming your experience on our sites. The ideal solution would be for ads to be delivered to our sites in a safe way that prevent things like this. Google allows advertisers to treat these safer options as opt-in, which means nothing currently prevents scammers from sneaking in ads that cause App Store or gift card redirects.

«

link to this extract


10 typography trends to look for in 2018 • Elegant Resources

B.J. Keeton:

»

The internet changes so quickly and so often that web designers can barely keep up. What works for clients and converts well one month might completely falter the next. So we have to keep up with trends, specifically with typography because it is so foundational to every single project we work on.

2018 is pretty exciting, honestly, because there are some trends that we’re seeing that may just shake up what we’ve taken for granted over the past few years.

Let’s take a look at what this year has in store for us!

«

Your guide to all the things you’re going to be squinting at this year saying “Why can’t it just be in clean type dammit.”
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up: the death of Civil Comments, Facebook trusts you!, Twitter’s Russian trouble, hacking the CIA, and more


It’s taken three years, but LG has finally realised what makes it lose money in smartphones. Photo by Janitors on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 13 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Saying goodbye to Civil Comments • Medium

Aja Bogdanoff:

»

Civil Comments used a clever peer-review submission process to mimic face-to-face social interactions, requiring commenters to rate the civility of three randomly-selected comments before their own was, in turn, rated by others. Commenters were willing to pitch in and do the extra work because they were motivated to get their own comments published, and so every single comment came in with human moderation data attached. The more comments submitted, the more “moderators” there were, so it scaled beautifully at times when, say, an article went viral…

…even though the product succeeded beyond our expectations, product alone does not a strong business make. As much as everyone might like to see higher-quality, less-toxic comments on their favorite news sites, the reality is that the number of sites willing and able to pay for comments software of any quality is not large, or growing. Civil the company finds itself in a catch-22: unable to land the largest enterprise customers we need to survive because we aren’t a big enough team, and unable to build a larger team because we don’t have the largest enterprise customers. I believed, really believed, that we could build a solid business by solving problems as we did; I understand now why that wasn’t the case. I’m very glad to know our friends at the Coral Project will be continuing the fight for better comments.

And so we find ourselves at the end of our run with Civil.

«

The emphasis came from all the people who’ve read the article and picked that out. It’s totally true. Comments, as a genre, are in a dire situation.
link to this extract


LG to shift strategy on money-losing smartphone • Korea Herald

Shin Ji-hye:

»

“We will unveil new smartphones when it is needed. But we will not launch it just because other rivals do,” said LG Electronics Vice Chairman Cho Sung-jin on Wednesday during a press conference at the Consumer Electronics Show in Las Vegas. He was responding to a question on when the firm would launch its new flagship smartphone LG G7.

“We plan to retain existing models longer by, for instance, unveiling more variant models of the G series or V series,” Cho said. 

As for why the strategy on smartphones will be changed, the chief said, “We found it is important to retain a good platform for a long (time) and concerns rise over the supply of lithium materials.” 

Although he did not mention the smartphone unit’s financial losses, the announcement appears to reflect the firm’s scale-down of its phone business amid slow growth in the global smartphone market in contrast to the firm’s flourishing appliances and other sectors.

LG’s mobile communications unit is estimated to report a financial loss for the 11th straight quarter in the October-December period last year. 

The mobile unit was not able to make a turnaround last year, as the bulk of its earnings came from budget phones, not flagship models although its smartphone business reduced losses by more than 40% last year compared to the previous year, reaching around 700 billion won ($650 million) in losses.

Analyst Park Won-jae of Mirae Asset Daewoo Securities predicted LG’s smartphone business would once again fail to make a turnaround this year, although it would further reduce its losses to 184.7 billion won ($170m) this year.

«

As I pointed out last week, LG loses money on the top-end “flagship”. Every year it launches one; every year its losses peak that quarter. Shifting towards the budget end is a good idea.
link to this extract


News Feed FYI: helping ensure news on Facebook is from trusted sources • Facebook Newsroom

Adam Mosseri, head of News Feed:

»

Starting next week, we will begin tests in the first area: to prioritize news from publications that the community rates as trustworthy.

How? We surveyed a diverse and representative sample of people using Facebook across the US to gauge their familiarity with, and trust in, various different sources of news. This data will help to inform ranking in News Feed.

We’ll start with the US and plan to roll this out internationally in the future.

When we rank and make improvements to News Feed, we rely on a set of core values. These values — which we’ve been using for years — guide our thinking and help us keep the central experience of News Feed intact as it evolves. One of our News Feed values is that the stories in your feed should be informative.

For informative sources, we will continue to improve on the work we first announced in August 2016, where we began asking people to rank the informativeness of updates in their feed on a scale of one to five.

We’re evaluating ways to expand this work to more areas this year.

«

Can’t see how this ends well. Everyone is biased in their own way, and the US’s level of partisanship is beyond wild. Everyone has pointed out that this idea of “trust” is bound to go wrong. The only question is how long it will take to get another course correction.

link to this extract


Update on Twitter’s review of the 2016 U.S. election • Twitter public policy blog

»

As previously announced, we identified and suspended a number of accounts that were potentially connected to a propaganda effort by a Russian government-linked organization known as the Internet Research Agency (IRA).

Consistent with our commitment to transparency, we are emailing notifications to 677,775 people in the United States who followed one of these accounts or retweeted or liked a Tweet from these accounts during the election period. Because we have already suspended these accounts, the relevant content on Twitter is no longer publicly available.

Examples of IRA Content

Most user engagement was with a very small number of IRA-associated accounts… [a number of examples are provided…]…

…As part of our ongoing review, we have identified both more IRA and automated Russia-based accounts. The results of this supplemental analysis are consistent with the results of our previous work: automated election-related content associated with Russian signals represented a very small fraction of the overall activity on Twitter in the ten-week period preceding the 2016 election.

We have identified an additional 1,062 accounts associated with the IRA. We have suspended all of these accounts for Terms of Service violations, primarily spam, and all but a few accounts, which were restored to legitimate users, remain suspended.

«

The question is not really whether these bots had an effect – they must have done – but whether it was significant. Removing the content makes that more difficult to find out and evaluate independently.
link to this extract


OnePlus hack exposed credit cards of up to 40,000 people • CNET

David Katzmaier:

»

If you bought a OnePlus phone such as the OnePlus 5T between November and January, you’d best check your credit card statement.

The phone maker on Friday confirmed in a statement that its website, oneplus.net, was hacked, potentially exposing the detailed credit card information of up to 40,000 customers. 

The company sent an email to customers saying that card numbers, expiration dates and security codes “may have been compromised.”

A malicious script on the company’s pages was inserted, harvesting the information from web browsers. The company says it has been removed, but customers who entered information into the site between mid-November 2017 and Jan. 11, 2018 could be at risk.

«

“A malicious script was inserted”? So that’s quite a hack – first into the company web server, and then capturing all those details. This needs quite a lot of explaining by OnePlus.
link to this extract


Customise My Data – public beta • ONS Digital

Andrew Dudfield:

»

Allowing you to find data more easily is the sort of fundamental statement that may just sound too generic to mean anything, but it has specific context here. We know, from looking at analytics and user research, that you are all downloading large numbers of excel files from the Office for National Statistics’s (ONS) site. In part, this seems to be because a lot of people are not quickly finding the things they want. So, part of the aim of this project is adding more contextual data to our existing web pages. This might include the dimensions used, the geographic areas covered and so on. The aim being that it becomes easier to understand what is in a dataset before downloading it. We are also working hard to improve the in site search functionality at this stage as well. More on that soon.

Allowing our users to customise data is another key aim. Here we have spent considerable amounts of our time developing a range of (hopefully) simple design patterns to offer a consistent view on our inconsistent data and allow users to take away just the information they need.

Allowing users to browse by geography continues to be a key focus and, whilst you might be able to see hints of this now, you will see an awful lot more of this as the project continues to develop.

«

Neat. (Via Sophie Warnes.)
link to this extract


Renewable power generation costs in 2017

International Renewable Energy Agency:

»

Renewable energy has emerged as an increasingly competitive way to meet new power generation needs. This comprehensive cost report from the International Renewable Energy Agency (IRENA) highlights the latest trends for each of the main renewable power technologies, based on the latest cost and auction price data from projects around the world.

Download the Executive Summary.

Broadly, the study finds:
• Renewable power generation costs continue to fall and are already very competitive to meet needs for new capacity.
• Competitive procurement – including auctions – accounts for a small fraction of global renewable energy deployment. Yet these mechanisms are very rapidly driving down costs in new markets.
• Global competition is helping to spread the best project development practices, reducing technology and project risk and making renewables more cost-competitive than ever before.
• In developed countries, solar power has become cheaper than new nuclear power.

«

Those aren’t all the bullet points. And of course the point about nuclear is that it can provide a baseline supply, which solar can’t.
link to this extract


Snap lays off two dozen employees • The Information

Tom Dotan:

»

Snap laid off around two dozen people in recent days, mostly in its content team, according to people close to the company. The staff cuts, which also affected people in several other departments, are the latest sign of how Snap is being cost-conscious amid struggles with slow user and revenue growth.

Snap’s content team, which reports to head of content Nick Bell, is consolidating its operations at the company’s Venice, Calif., headquarters. Members of the team were previously based in New York as well as Venice.

The team oversees the production of videos from media companies as well as snaps submitted by users. It has been ramping up the amount of original shows that run on Snap’s Discover section, including with a planned foray into scripted shows.

«

Getting the feeling that content, especially video, isn’t a big thing for social media companies.
link to this extract


British 15-year-old gained access to intelligence operations in Afghanistan and Iran by pretending to be head of CIA, court hears • Daily Telegraph

Hayley Dixon:

»

A 15-year-old gained access to plans for intelligence operations in Afghanistan and Iran by pretending to be the head of the CIA to gain access to his computers, a court has heard. 

From the bedroom of the Leicestershire home he shared with his mother, Kane Gamble used “social engineering” – where a person builds up a picture of information and uses it manipulate others into handing over more – to access the personal and work accounts of some of America’s most powerful spy chiefs .

The teenager persuaded call handlers at an internet giant that he was John Brennan, the then director of the CIA, to gain access to his computers and an FBI helpdesk that he was Mark Giuliano, then the agency’s Deputy Director, to re-gain access to an intelligence database.

He also targeted the US Secretary of Homeland Security and Barack Obama’s Director of National Intelligence from his semi-detached council house in Coalville. 

Gamble taunted his victims online, released personal information, bombarded them with calls and messages, downloaded pornography onto their computers and took control of their iPads and TV screens, a court heard.

Mr Justice Haddon-Cave noted: “He got these people in his control and played with them in order to make their lives difficult.

John Lloyd-Jones QC, prosecuting, said that Gamble founded Crackas With Attitude (CWA) in 2015, telling a journalist: “It all started by me getting more and more annoyed about how corrupt and cold blooded the US Government are so I decided to do something about it.”

«

Impressive. Give him a job. (Thanks multiple readers who sent this.)
link to this extract


Die With Me

»

The chat app you can only use when you have less than 5% battery.

Die together in a chatroom on your way to offline peace.

«

A clever idea: finding a niche in what seems like the utterly known territory of the smartphone. What about “The 1%” where it only works on 99%.. OK, something else? 4G connection? 3G? Edge?
link to this extract


The BitConnect Ponzi scheme has finally collapsed as exit scam becomes evident • NewsBTC

JP Buntinx:

»

Thousands of people bought into this scam and some of them may have even made money. Most users, however, probably never got their money out of this program whatsoever. That is only normal, as over 95% of all trades were conducted on the native BCC exchange. When a currency’s developers also run the main exchange, you know things are not always going to end well.

To put this into perspective, the BitConnect price has dropped by a lot. Over the past week, it went from nearly $400 all the way to $27. Such a steep decline seems to confirm the developers finally completed their grand exit scam. It is also possible they used the ‘stolen” Bitcoins to crash the current market. Whether or not that latter part is a conspiracy theory or the sheer reality, remains to be seen. It is evident the BCC exchange had access to a lot of BTC, though. Either way, it seems this Ponzi Scheme is gone for good, which can only be considered to be a good thing.

Furthermore, it seems the project’s subReddit is no longer accessible. Rather than leaving it open to the public, it is now completely private. No one who isn’t “approved” can’t access this subreddit or see what is being posted there. A very worrisome turn of events for the people still waiting to get their money out. They were warned dozens of times about this Ponzi Scheme, though. Anyone who lost money due to BitConnect only has themselves to blame. It is a harsh reality, but that’s what people get for falling for snake oil practices.

«

Thousands of people. Blaming the victim seems a little extreme here, but bitcoin (and associated) has been the venue for Ponzi schemes almost from the inception; here’s a piece I did back in 2013 about a similar scheme.
link to this extract


New botnet infects cryptocurrency mining computers, replaces wallet address • Ars Technica

Dan Goodin:

»

Satori—the malware family that wrangles routers, security cameras, and other Internet-connected devices into potent botnets—is crashing the cryptocurrency party with a new variant that surreptitiously infects computers dedicated to the mining of digital coins.

A version of Satori that appeared on January 8 exploits one or more weaknesses in the Claymore Miner, researchers from China-based Netlab 360 said in a report published Wednesday. After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. From then on, the attacker receives all coins generated, and owners are none the wiser unless they take time to manually inspect their software configuration.

Records show that the attacker-controlled wallet has already cashed out slightly more than 1 Etherium coin. The coin was valued at as much as $1,300 when the transaction was made. At the time this post was being prepared, the records also showed that the attacker had a current balance of slightly more than 1 Etherium coin and was actively mining more, with a calculation power of about 2,100 million hashes per second. That’s roughly equivalent to the output of 85 computers each running a Radeon Rx 480 graphics card or 1,135 computers running a GeForce GTX 560M…

«

Sneaky, and terrifically clever. Satori is a variant of Mirai, the IoT botnet which its author(s) open-sourced in a desperate – and unsuccessful – attempt to be able to deny their authorship.
link to this extract


The policy hack • Terence Eden

He’s at it again:

»

I’ve found a delightfully exploitable social hack which I presented at UK GovCamp.

It applies to any uncooperative bureaucracy.

Here’s how it works. You ask someone to do something and they reply with “I’m sorry sir, that’s against our policy.”

You should say “I’m sorry to hear that. Please can you send me a copy of the policy?”

Turns out, most times, there is no policy!

Shocking, I know. So much of modern life rests on the whim of whichever call-centre worker you happen to get. If they can’t be bothered to do something, they can hide behind a non-existent policy.

«

There are, as he accepts, occasional exceptions, but it’s quite a way to throw grease in the gears.
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up: after retail collapse, what?, a new iPhone killer text, the death of blogs, and more


The end of this kind of thing? The dotJS conference in 2017. Photo by dotJS conferences on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. This, too, must pass. I’m @charlesarthur on Twitter. Observations and links welcome.

TV, retail, advertising and cascading collapses • Benedict Evans

»

As ecommerce keeps growing, at some point we will start to see certain retailers disappear – it’s common to say there are strong parallels with newspapers, in that they have a fixed cost base, falling revenue, and the wrong assets & skills. When internet reading or internet buying was 5%, it felt as though it might be additive to newspapers or retails – at 10 or 20%, as it is now, it becomes an existential problem. That is, at a certain point they stop being able to cut costs at the margin and start closing stores, or radically changing format etc. So, rhetorically (or apocalyptically) speaking, when Sears and Macy’s go bust, how many malls do they take with them, and how many other retailers that might have been doing fine on their own will go or lose a lot of their footprint because of that? And, where were those retailers advertising? What was their TV budget? How much of this is self-reinforcing – the more you buy online, the more you buy online? Conversely, did Aeropostale’s customer base go online to buy all the same kinds of clothes when the stores went bust, or buy different cloths, or buy different things? That is, do email failures caused (partly) by ecommerce cause further ecommerce adoption and further failures?

…There’s a famous Jeff Bezos quote that “your margin is my opportunity” – right now Amazon is building a billion dollar ad business in its own search results, but I suspect he also looks at the $500bn that’s spent every year on advertising and the further $500bn that’s spent on marketing and sees money that should be going to lower prices and same-day or 1-hour delivery. P&G spent 11% of revenue on advertising last year and plenty more on marketing. What will that look like in 10 years, where will it be spending it and how will people be buying?

«

link to this extract


If this link is texted to you over iMessage, it’ll freeze your iPhone • Buzzfeed

Nicole Nguyen:

»

When someone texts you a link to a website through Messages in iOS, the app generates a preview of the link. Apple’s software guidelines allow developers to insert a few characters into their website’s HTML to customize the image and title of that link preview in Messages.

Instead of a few characters, Masri inputted hundreds of thousands of characters into his webpage’s metadata, much more than the iOS operating system expected, which is why, Masri suspects, the Messages app crashes. He then hosted the bug’s code on GitHub, which made it available for other people to use.

The chaiOS GitHub page has been taken down and Masri’s account was suspended. But that doesn’t mean iOS users are safe.

“My GitHub is publicly accessible, so anyone can copy [the code]. I’m pretty sure someone else has posted it, but I’m not going to rehost it,” Masri said. Github initially suspended Masri’s account, then restored it a few hours later. The chaiOS repository appeared to have been removed from Masri’s account page.

The malicious code has likely been reuploaded elsewhere, and there may be other bad links exploiting the chaiOS vulnerability circulating around. Masri said he published the bug to alert Apple: “My intention is not to do bad things. My main purpose was to reach out to Apple and say, ‘Hey, you’ve been ignoring my bug reports.’ I always report the bug before releasing something.”

«

Masri tweeted “here’s the link… do not use it for bad stuff.” Yeah, that’ll work. (I wonder if people are texting him the link.)

Apple says it’s working on a fix, probably for next week. Might be an annoying weekend for some. (But at least we have an idea of why these “crashing text” things happen.)
link to this extract


Six Chinese ships covertly aided North Korea. The US was watching • WSJ

Michael Gordon and Chun Han Wong:

»

Satellite photographs and other intelligence gathered by U.S. officials provide what they say is detailed evidence of at least six Chinese-owned or -operated cargo ships violating United Nations sanctions against North Korea.

The U.S. compiled the information from Asian waters as part of the Trump administration’s strategy to pressure North Korea into giving up its nuclear weapons and long-range missiles.

The effort identified the ships by name and tracked their movements. The ships either entered ports in North Korea and transported what U.S. officials concluded was illicit cargo to Russia and Vietnam or made ship-to-ship transfers at sea.

According to the U.S., which presented the information to a U.N. sanctions committee, the ships also made extensive maneuvers designed to disguise their violations of the U.N. sanctions. In August, the Security Council banned North Korean exports of coal, iron ore, lead and seafood, which have generated an estimated $1bn a year in hard currency for North Korea.

«

$1bn might not sound much, but it’s a significant proportion of North Korea’s GDP. Problem, though: how do you censure China effectively?
link to this extract


Silicon Valley would be wise to follow China’s lead • FT

Michael Moritz, famed Silicon Valley venture capitalist:

»

In California, the blogosphere has been full of chatter about the inequity of life. Some of this, especially for women, is true and for certain individuals their day of reckoning has been long overdue. But many of the soul-sapping discussions seem like unwarranted distractions. In recent months, there have been complaints about the political sensibilities of speakers invited to address a corporate audience; debates over the appropriate length of paternity leave or work-life balances; and grumbling about the need for a space for musical jam sessions. These seem like the concerns of a society that is becoming unhinged.

These topics are absent in China’s technology companies, where the pace of work is furious. Here, top managers show up for work at about 8am and frequently don’t leave until 10pm. Most of them will do this six days a week — and there are plenty of examples of people who do this for seven. Engineers have slightly different habits: they will appear about 10am and leave at midnight. Beyond the week-long breaks for Chinese new year and the October national holiday, most will just steal an additional handful of vacation days. Some technology companies also provide a rental subsidy to employees who choose to live close to corporate HQ.

In California, this sort of pace might be common for the first couple of years of a company, but then it will slow. In China, by contrast, it is quite usual for the management of 10 and 15-year-old companies to have working dinners followed by two or three meetings. If a Chinese company schedules tasks for the weekend, nobody complains about missing a Little League game or skipping a basketball outing with friends.

«

Damn Silicon Valley slackers. How dare they consider other things than making someone else rich? Or try to treat all people as deserving attention? Sure, China doesn’t have free elections, freedom of speech and its air and soil have colossal pollution, but they’re making other people rich!
link to this extract


EFF and Lookout uncover new malware espionage campaign infecting thousands around the world • Electronic Frontier Foundation

»

The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily through mobile devices compromised by fake secure messaging clients.

The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally. However, the fake apps also allow the attackers to take photos, retrieve location information, capture audio, and more.

The threat, called Dark Caracal by EFF and Lookout researchers, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors.

«

Fear not, though: it works through phishing links which then direct people to third-party app stores. (None hit iOS, for this reason.) Stick to the legit stuff, you’re OK.

Still amazing that people do this, ten years after mobile app stores arrived.
link to this extract


The end of the conference era • Marco.org

Marco Arment, picking up Chris Adamson’s observation that there’s a contraction in the number of iOS and related conferences:

»

It’s getting increasingly difficult for organizers to sell tickets, in part because it’s hard to get big-name speakers without the budget to pay them much (which would significantly drive up ticket costs, which exacerbates other problems), but also because conferences now have much bigger competition in connecting people to their colleagues or audiences.

There’s no single factor that has made it so difficult, but the explosion of podcasts and YouTube over the last few years must have contributed significantly. Podcasts are a vastly more time-efficient way for people to communicate ideas than writing conference talks, and people who prefer crafting their message as a produced piece or with multimedia can do the same thing (and more) on YouTube. Both are much easier and more versatile for people to consume than conference talks, and they can reach and benefit far more people.

Ten years ago, you had to go to conferences to hear most prominent people in our industry speak in their own voice, or to get more content than an occasional blog post. Today, anyone who could headline a conference probably has a podcast or YouTube channel with hours of their thoughts and ideas available to anyone, anywhere in the world, anytime, for free.

But all of that media can’t really replace the socializing, networking, and simply fun that happened as part of (or sometimes despite) the conference formula.

«

Wonder whether anyone tracks Windows and/or Android developer conferences, and how numbers of those have changed?
link to this extract


‘Time well spent’ is shaping up to be tech’s next big debate • The Verge

Casey Newton:

»

Today, one of [ex-Googler Tristan] Harris’ collaborators returned the volley. In a pair of closely argued essays on Medium, Joe Edelman — who says he coined the term “time well spent” with Harris five years ago — lays out a suggested path forward for Facebook.

”It’s possible (but very tricky) to design software so as to address the users’ sense of meaning,” Edelman wrote in the first essay. “But it requires profound changes to how software gets made! These changes make others your company has gone through (such as the adoption of machine learning, the transition from web to mobile) look easy.”

Less than a month into the new year, “time well spent” promises to become the “fake news” of 2018: a term overused into oblivion by partisans of every stripe. To Zuckerberg, “time well spent” means independent research showing that people value the time they spend on Facebook, and feel better about themselves afterward. To Harris, it represents a shift away from measuring comments and shares to emphasizing companies’ positive contributions to users’ lives. There’s overlap, but there are also some fundamental differences. In 2018, the battle will play out.

«

link to this extract


Too much music: a failed experiment in dedicated listening • NPR

James JAckson Toth, aged 39, felt he’d lost his critical faculty through having too much music to choose from, and tried an experiment for 2017: listen only to one album per week. He gave up within three days:

»

The notion that there is something to be gained by choosing this type of scarcity, by actively inviting a kind of regression, suddenly seems, to this Western mind, pretty stupid. It dawns on me that I’ve made this choice not for reasons of spiritual asceticism or worldly good, but nostalgia, the last refuge of the middle-aged sad-sack. I begin feeling like a Civil War reenactor, or the man at the Renaissance Faire who scolds you for wearing a watch; a pedant, an anachronism. The very embodiment of everything about a 40-year old that baffles a 20-year old.

Perhaps I’m being too hard on myself. When asked in a 2009 interview with the Wall Street Journal whether he thought the epic novel was still relevant to modern readers, author Cormac McCarthy surprised me by conceding the following: “The indulgent, 800-page books that were written a hundred years ago are just not going to be written anymore and people need to get used to that. If you think you’re going to write something like The Brothers Karamazov or Moby-Dick, go ahead. Nobody will read it. I don’t care how good it is, or how smart the readers are. Their intentions, their brains are different.”

He may be right. As long as we try to maintain the Sisyphean task of trying to experience everything, our brains, unable to adapt and forever lagging behind exponential technological progress, will continue to struggle. “Computing power is still doubling every 18 months,” notes cryptographer and technology writer Bruce Schneier, “while our species’ brain size has remained constant.”

«

There are lots of insightful gems in this – don’t miss the bit about your favourite 10 albums.
link to this extract


Carillion’s failure: the many questions that need answers • Forbes

Frances Coppola on the abrupt collapse of a listed company which was the largest provider of services to the UK central and local government:

»

Valuing Carillion’s assets – or even identifying them – is something of a black art. Carillion Group’s balance sheet is highly opaque. It has made extensive use of off-balance sheet “special purpose companies” (SPCs) to manage its many joint ventures and special projects. Many of these are thought to be highly indebted, but the debt does not appear on Carillion Group’s balance sheet. What does appear is a whopping intangible asset called “goodwill,” which according to the notes to the 2016 accounts is derived from the projected net cash flows of Carillion Group’s subsidiaries. At the end of 2016, this “goodwill” made up one third of Carillion Group’s total assets.

The problem is that goodwill valued on net cash flow is entirely ephemeral. If the cash flow dries up, goodwill evaporates. And that is what happened to Carillion. The June 2017 interim report shows that cash income was substantially lower than expected. This forced the company to reduce its cash flow projections and impair its goodwill asset.

But it continued to increase its borrowing. Short-term debt, in particular, rose enormously: the FT reports that by the time of its collapse, Carillion Group’s revolving credit was a whopping £790m, more than half of the total amount owed to banks.

«

“Goodwill” is a dangerous financial drug that to a large extent exists only to make balance sheets, well, balance. As it’s an intangible asset, you quickly discover that it’s not something to rely on. Just for comparison, Apple’s goodwill at November 1 2017 was $5.7bn – that’s 1.5% of its total assets; Google’s was $16.7bn, or 8.8% of its total assets.

For more reading on goodwill-to-asset ratios, this 1997 paper talks about the then companies in the US with the largest GTA ratios. Top at the time? Worldcom. It later went spectacularly bust. At a guess, it was the rise in goodwill which tipped hedge fund companies off to Carillion’s increasingly dire position.
link to this extract


The end of the Awl and the vanishing of freedom and fun from the internet • The New Yorker

Jia Tolentino used to work at The Awl, which was set up in 2009 (and where she worked, later) but which is now closing:

»

now, in 2018, the economics of online publishing are running everyone off the map. I sometimes think, with some regretful wonder and gratitude, about an Awl chat-room conversation that took place in 2013. Some annoying mini-scandal had transpired on the Internet, and everyone else who worked for the little network—they all had years of experience on me—was typing out lively scenarios of what they would do if our online infrastructure magically burned down. Sitting in my little blue house in Ann Arbor, I kept quiet for a while, and then typed something like, “Aww guys, no, the Internet is great.” I meant it, though the sentiment now feels as distant as preschool. Reading the Awl and the Hairpin, and then working with the people that ran them, had actually convinced me that the Internet was silly, fun, generative, and honest. They all knew otherwise, but they staved off the inevitable for a good long while.

«

“How did you go bankrupt?” “Two ways. Gradually, then suddenly.”
link to this extract


Please don’t kill the blogs • Seth’s Blog

Seth Godin:

»

I’m aware that you don’t charge the people who use GMail for the privilege. In fact, we’re the product, not the customer. Your goal is to keep people within the Google ecosystem and to get the writers and marketers who use email as a permission asset to instead shift to paying money (to Google) to inform and reach their audience.

So you invented the ‘promotions’ folder.

It seems like a great idea. That spam-like promo mail, all that stuff I don’t want to read now (and probably ever) will end up there. Discounts on shoes. The latest urgent note from someone I don’t even remember buying from. The last time I checked, you’ve moved more than 100,000 messages to my promotions folder. Without asking.

Alas, you’ve now become a choke point. You take the posts from this blog and dump them into my promo folder–and the promo folder of more than a hundred thousand people who never asked you to hide it.

Emails from my favorite charities end up in my promo folder. The Domino Project blog goes there as well. Emails from Medium, from courses I’ve signed up for, from services I confirmed just a day earlier. Items sent with full permission, emails that by most definitions aren’t “promotions.”

Here’s a simple way to visualize it: Imagine that your mailman takes all the magazines you subscribe to, mixes them in with the junk mail you never asked for, and dumps all of it in a second mailbox, one that you don’t see on your way into the house every day. And when you subscribe to new magazines, they instantly get mixed in as well.

It’s simple: blogs aren’t promotions. Blogs subscribed to shouldn’t be messed with. The flow of information by email is an extraordinary opportunity, and when a choke point messes with that to make a profit, things break.

The irony of having a middleman steal permission is not lost on me. That’s what you’re doing. You’re not serving your customers because you’re stealing the permission that they’ve given to providers they care about it. And when publishers switch to SMS or Facebook Messenger, that hardly helps your cause.

«

I don’t use Google’s Inbox for pretty much this reason – I have stuck with the classic old version. But I use the web interface as rarely as possible; you can get IMAP (also free!) on your computer or phone, and then you can triage as you like.

But Google doesn’t really care about blogs; if it did it wouldn’t have killed Reader.
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up: palliative AI?, beyond bitcoin, why biometrics don’t stop secret police, Amazon gets alarming, and more


It’s not a bowling ball, it’s a trackball. But you can be forgiven for the confusion. Photo by Iwan Gabovitch on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 12 links for you. . I’m @charlesarthur on Twitter. Observations and links welcome.

Trackball history: Canada’s earliest gift to computing • Tedium

Ernie Smith:

»

DATAR represented perhaps one of the most ambitious projects of the budding Canadian computer industry at the time, a sophisticated machine that allowed ships to transfer radar and sonar data with one another…

…DATAR, considering both what it was and how early it was in computer history, was a very complex piece of work, having to integrate a number of cutting-edge technologies into a single machine. According to Georgi Dalakov’s History of Computers website, the resulting prototype used 30,000 vacuum tubes, and with its drum memory system, it could store 500 objects.


An early prototype of the first trackball. Note the stripes on the ball. (via the Engineering Technology and History Wiki)

That machine included a radar screen, and that screen just happened to be controlled by a 5-pin bowling ball. Invented by Tom Cranston and Fred Longstaff and relying an air-bearings system formulated by Taylor, the system worked like this: An operator, using a terminal, would scan over an area using the trackball to target the correct area on the radar screen, and they would hit a trigger to store the information on the screen, and that information would get transferred to other ships.

«

This is an amazing read.
link to this extract


Stanford’s AI predicts death for better end-of-life care • IEEE Spectrum

Jeremy Hsu:

»

Using artificial intelligence to predict when patients may die sounds like an episode from the dystopian science fiction TV series “Black Mirror.” But Stanford University researchers see this use of AI as a benign opportunity to help prompt physicians and patients to have necessary end-of-life conversations earlier.

Many physicians often provide overly rosy estimates about when their patients will die and delay having the difficult conversations about end-of-life options. That understandable human tendency can lead to patients receiving unwanted, expensive and aggressive treatments in a hospital at their time of death instead of being allowed to die more peacefully in relative comfort. The alternative being tested by a Stanford University team would use AI to help physicians screen for newly-admitted patients who could benefit from talking about palliative care choices.

Past studies have shown that about 80% of Americans would prefer to spend their last days at home if possible. In reality, up to 60% of Americans end up dying in an acute care hospital while receiving aggressive medical treatments, according to research cited by the Stanford group’s paper “Improving Palliative Care with Deep Learning” published on the arXiv preprint server.

«

I guess it was inevitable. But the reality is that most doctors don’t want aggressive medical treatments at EOL. Ask the professionals what they want, and try offering that to patients. It doesn’t really take AI.
link to this extract


Beyond the bitcoin bubble • The New York Times

Steven B Johnson:

»

The only blockchain project that has crossed over into mainstream recognition so far is Bitcoin, which is in the middle of a speculative bubble that makes the 1990s internet I.P.O. frenzy look like a neighborhood garage sale. And herein lies the cognitive dissonance that confronts anyone trying to make sense of the blockchain: the potential power of this would-be revolution is being actively undercut by the crowd it is attracting, a veritable goon squad of charlatans, false prophets and mercenaries. Not for the first time, technologists pursuing a vision of an open and decentralized network have found themselves surrounded by a wave of opportunists looking to make an overnight fortune. The question is whether, after the bubble has burst, the very real promise of the blockchain can endure.

To some students of modern technological history, the internet’s fall from grace follows an inevitable historical script. As Tim Wu argued in his 2010 book, “The Master Switch,” all the major information technologies of the 20th century adhered to a similar developmental pattern, starting out as the playthings of hobbyists and researchers motivated by curiosity and community, and ending up in the hands of multinational corporations fixated on maximizing shareholder value. Wu calls this pattern the Cycle, and on the surface at least, the internet has followed the Cycle with convincing fidelity. The internet began as a hodgepodge of government-funded academic research projects and side-hustle hobbies. But 20 years after the web first crested into the popular imagination, it has produced in Google, Facebook and Amazon — and indirectly, Apple — what may well be the most powerful and valuable corporations in the history of capitalism.

Blockchain advocates don’t accept the inevitability of the Cycle. The roots of the internet were in fact more radically open and decentralized than previous information technologies, they argue, and had we managed to stay true to those roots, it could have remained that way. The online world would not be dominated by a handful of information-age titans; our news platforms would be less vulnerable to manipulation and fraud; identity theft would be far less common; advertising dollars would be distributed across a wider range of media properties…

…For all their brilliance, the inventors of the open protocols that shaped the internet failed to include some key elements that would later prove critical to the future of online culture. Perhaps most important, they did not create a secure open standard that established human identity on the network. Units of information could be defined — pages, links, messages — but people did not have their own protocol: no way to define and share your real name, your location, your interests or (perhaps most crucial) your relationships to other people online.

«

He calls the latter “a major oversight”, but you can’t really blame Tim Berners-Lee and the rest for not imagining everything and catering to it. Build incrementally. It’s a long read, and I don’t think I buy his argument about cryptotokens being a potential replacement for bonds.

Notable too that he overlooks the source of so much of the funding and drive for the useful stuff: GPS and the internet came from the government, Linux from a state-funded university graduate.
link to this extract


The Secret History of World War III, by J.G. Ballard • Presidential Writings

Ballard imagined an America fascinated by the medical detail of its president’s health, even while real events are happening everywhere:

»

“…here’s an update on our report of two minutes ago. Good news on the President’s CAT scan. There are no abnormal variations in the size or shape of the President’s ventricles. Light rain is forecast for the DC area tonight, and the 8th Air Cavalry have exchanged fire with Soviet border patrols north of Kabul. We’ll be back after the break with a report on the significance of that left temporal lobe spike..”

“For God’s sake, there’s no significance.” I took the remote control unit from Susan’s clenched hand and began to hunt the channels. “What about the Russian Baltic Fleet? The Kremlin is putting counter-pressure on Nato’s northern flank. The US has to respond…”

By luck, I caught a leading network newscaster concluding a bulletin. He beamed confidently at the audience, his glamorous copresenter smiling in anticipation. “As of 5:05 Eastern Standard Time we can report that Mr Reagan’s inter-cranial pressure is satisfactory. All motor and cognitive functions are normal for a man of the President’s age. Repeat, motor and cognitive functions are normal. Now, here’s a newsflash that’s just reached us. At 2:35 local time President Reagan completed a satisfactory bowel motion.” The newscaster turned to his copresenter. “Barbara, I believe you have similar good news on Nancy?”

“Thank you, Dan,” she cut in smoothly. “Yes, just one hour later, at 3:35 local time, Nancy completed her very own bowel motion, her second for the day, so it’s all happening in the First Family.” She glanced at a slip of paper pushed across her desk. “The traffic in Pennsylvania Avenue is seizing up again, while F-16s of the 6th Fleet have shot down seven MiG 29s over the Bering Strait. The President’s blood pressure is 100 over 60. The EGG records a slight left-hand tremor…”

“A tremor of the left hand…” Susan repeated, clenching her fists. “Surely that’s serious?”

«

Tell me this is fiction and I’ll say, give it 20 years or so. He’d already got the cat-and-laser-pointer nature of US TV news – and its audience.
link to this extract


Coercion – a problem larger than authentication • Medium

“The Grugq”:

»

It seems appropriate to address the flawed understanding of security threats prompted by the FaceID authentication mechanism when it was announced. Particularly frustrating was the deep confusion around how coercion works at different levels, and why the sinister threat of “authoritarian regimes” is a poor threat model to apply to authentication mechanism security. It is popular to ask “how will this technology enable abuse by authoritarian regimes,” but the people asking that question, the technologies they choose to fret about, and the fantasy logic they use constructing threat models, need the cold water of reality…

…Technology that empowers dissidents, and dissident groups, is almost always just going to be Facebook (and Twitter, and WhatsApp or whatever the dominant is messenger for their region [see: Metcalfe’s Law]). Security for dissidents comes from being in the public eye, protecting them against secret reprisals.

When the secret police move against dissident groups, the individuals are going to face coercion that is state level. They will vanish while traveling alone. They will kill themselves while in police custody “in order to embarrass the police.” They will throw themselves off tall buildings “rather than face arrest” — no autopsy possible, their bodies cremated within 24hrs as they always wanted. They will commit suicide by shooting themselves in the back of the head, twice – just to be sure. If they survive secret police reprisals long enough, they will go to jail for decades.

The usual goal for a dissident who is captured is to remain silent for 24–48hrs, long enough to enable their comrades to escape. If there is some law governing their detention it may be “endure torture for 7 days, or jail for 30 years.”

At no point in time will dissidents think “if only my mobile phone was protected by an authentication mechanism that could not be tricked by physically forcing me to cooperate against my will.” In many cases, the coercion will be like a parent telling a child to go to their room. The weaker party will simply cooperate.

«

This is why, he points out, a lot of the noise about privacy in these systems is misplaced. The only information you can’t give up is what you don’t know. And even that can be forced out of you.
link to this extract


Warning: new undetectable DNS hijacking malware targeting Apple macOS users • The Hacker News

Mohit Kumar:

»

A security researcher has revealed details of a new piece of undetectable malware targeting Apple’s Mac computers—reportedly first macOS malware of 2018.

Dubbed OSX/MaMi, an unsigned Mach-O 64-bit executable, the malware is somewhat similar to DNSChanger malware that infected millions of computers across the world in 2012.

DNSChanger malware typically changes DNS server settings on infected computers, allowing attackers to route internet traffic through malicious servers and intercept sensitive information.
First appeared on the Malwarebytes forum, a user posted a query regarding unknown malware that infected his friend’s computer that silently changed DNS settings on infected macOS to 82.163.143.135 and 82.163.142.137 addresses.

After looking at the post, ex-NSA hacker Patrick Wardle analysed the malware and found that it is indeed a ‘DNS Hijacker,’ which also invokes security tools to install a new root certificate in an attempt to intercept encrypted communications as well.

«

So check your DNS settings. (Preferences, Network, Advanced, DNS). Also not detected at that point by any of 59 popular antivirus programs.
link to this extract


Turning soybeans into diesel fuel is costing us billions • NPR

Dan Charles:

»

“This is an easy one, economically. Biodiesel is very expensive, relative to petroleum diesel,” says Scott Irwin, an economist at the University of Illinois, who follows biofuel markets closely. He calculates that the extra cost for biodiesel comes to about $1.80 per gallon right now, meaning that the biofuel law is costing Americans about $5.4bn a year.

Irwin explains that use of biodiesel is driven by three different parts of the Renewable Fuel Standard. The law includes a quota for biodiesel use, but in addition to that, biodiesel also is used in order to meet the law’s demand for “advanced biofuels.” Finally, there’s an overall quota for biofuels of all sorts, and companies are using biodiesel to meet that quota as well because they’ve run into limits on their ability to blend ethanol into gasoline.

Defenders of biodiesel insist that it’s a much cleaner fuel than regular diesel, because it doesn’t come from the ground, but from soybean plants that capture carbon dioxide from the air as they grow. In fact, by the EPA’s calculations, replacing petroleum-based fuel with biodiesel will cut greenhouse emissions at least in half.

A growing number of environmentalists, however, say that this calculation is dead wrong. They say that if more soybeans are needed to make fuel in addition to food, it inevitably means that people somewhere on Earth will have to plow up grasslands or cut down forests in order to grow that additional supply — and clearing such land releases huge amounts of carbon dioxide into the atmosphere.

«

If you add in the externalities of climate change to the cost of petroleum diesel.. does that make a difference?
link to this extract


Twitter hits back again at claims that its employees monitor direct messages • TechCrunch

Catherine Shu:

»

Twitter is pushing back against claims made by conservative activist group Project Veritas that its employees monitor private user data, including direct messages. In a statement to media outlets, it said “We do not proactively review DMs. Period. A limited number of employees have access to such information, for legitimate work purposes, and we enforce strict access protocols for those employees.”

Earlier this week, Project Veritas, which produces undercover sting operations that purportedly expose liberal biases at media companies and other organizations, posted footage that appeared to show Twitter engineers claiming that teams of employees look at users’ private data. One engineer seemed to say that Twitter can hand over President Donald Trump’s data, including deleted tweets and direct messages, to the Department of Justice.

Twitter already issued a statement after the video posted saying it “only responds to valid legal requests, and does not share any user information with law enforcement without such a request.”

The company also said the Twitter employees shown in the video “were speaking in a personal capacity and do not represent or speak for Twitter” and added that “we deplore the deceptive and underhanded tactics by which this footage was obtained and selectively edited to fit a pre-determined narrative. Twitter is committed to enforcing our rules without bias and empowering every voice on our platform, in accordance with the Twitter Rules.”

«

Project Veritas has a track record of not being great at accuracy, and of very selective editing. “Speaking in a personal capacity” is hardly a rebuttal, though.
link to this extract


Echo Spot: ‘smart clock’ launched as Amazon seeks to lock rivals out of home • The Guardian

Samuel Gibbs:

»

Amazon is launching its small clock-like Echo Spot in the UK, as it continues to cement its market dominance.

The Echo Spot is small sphere with a 2.5in circular screen, camera and clock face that’s capable of showing the time as well as other at-a-glance information, similar to the larger Echo Show that launched earlier in the year.

“The Spot is to the Show what the Dot is to the original Echo,” said Rich Suplee, head of Alexa for Amazon in Europe. “So this is a smaller, stylish and more affordable version of an Echo with a screen.”

Amazon found great success with its Echo Dot, which was a smaller, cheaper alternative to the full-size Echo speaker – effectively an Echo with a less powerful speaker.

The Echo Spot similarly has most of the features of its more expensive sibling, the £200 Echo Show, condensed into a smaller, cheaper package. The Echo Spot, however, does not share the Dot’s impulse-buy pricing of £50, instead costing £120 each or £200 for two, available for pre-order today and shipping on 24 January…

…The Echo Spot has a camera for video calling to other Echo devices or the Alexa app on smartphones, can play video, music and other smart speaker-associated features. It uses a new four-mic array to hear users, which is a condensed version of the seven or eight-mic arrays used in other Echo devices. It has a reasonable speaker built into it, but also has 3.5mm analogue audio output and Bluetooth for connecting to existing systems.

«

Clever. Getting into all the niches and nooks.
link to this extract


Bitcoin’s energy usage is huge – we can’t afford to ignore it • The Guardian

Alex Hern:

»

The more electricity you burn, and the faster your computer, the higher your chance of winning the competition. The prize? 12.5 bitcoin – still worth over $100,000 – plus all the transaction fees paid in the past 10 minutes, which according analysts’ estimates is another $2,500 or so.

This is a winner-takes-all game, where the prize is guaranteed to be paid to one, and only one, miner every 10 minutes. Burning more electricity increases your chances of winning, but correspondingly decreases everyone else’s – and so they have a motivation to burn more electricity in turn.

The economic outcome of all of this is laid bare in a Credit Suisse briefing note published on Tuesday: the network as a whole will reinvest almost all the bitcoin paid out as mining rewards back into its electricity consumption. (Credit Suisse’s ballpark figure assumes that 80% of the expenses of bitcoin miners are spent on electricity).

At current prices for electricity and bitcoin, the bank calculates a maximum profitable power draw of bitcoin at around 100TWh – two-and-a-half times higher than its current rate. Any higher and the miner will lose money.

But it gets worse. If bitcoin were to become the global currency its supporters hope it will, its price would increase. And if its price increases, so too does the amount of electricity miners can afford to burn.

Credit Suisse estimate that a bitcoin price of $50,000 – five times its level as I write – would increase the electricity consumption tenfold. And at a bitcoin price of $1.1m, it would be profitable to use almost all the electricity currently generated in the world for mining.

«

link to this extract


Lenovo to stay largest AIO PC vendor in 2018 • Digitimes

Aaron Lee and Steve Shen:

»

Lenovo is expected to remain the largest all-in-one (AIO) PC vendor worldwide in 2018 with shipments to reach 3-3.2 million units, according to sources from the upstream supply chain.

Enterprise models will replace consumer products as the driving force of Lenovo’s AIO PC sales in 2018, accounting for 60% of total shipments, while the consumer models will make up the remaining 40%, said the sources.

While the overall AIO PC market is expected to grow slowly in 2018, the gaming AIO PC segment is likely to expand at a faster pace in the year, with the market leader Micro-Star International (MSI) to continue to ramp up its market share, according to Digitimes Research. MSI saw its gaming AIO PCs grow 35.7% on year in 2017.

However, the high-end segment could be a new battlefield in the AIO PC segment as Apple has launched its iMac Pro, which is believed to directly take on Microsoft’s Surface Studio, said the sources.

«

If the iMac (inc Pro) really sells fewer than 3m units in a year out of Apple’s 19.2m (in 2017), given that the old, old, old Mac Pro sells pretty much nothing – surely? – that’s 15% desktop, 85% laptop.
link to this extract


Why smart devices will get more expensive • The Information

Aaron Tilley:

»

Qualcomm is talking with a fridge maker about adding a downward-facing camera to understand if a kid or an adult is standing in front of the appliance, according to Raj Talluri, a senior vice president at Qualcomm.

But these higher end chips and other more complex hardware could add several hundred dollars to the cost of devices. And the big question is whether consumers will want to pay extra for these more advanced features and capabilities. As it is, devices with virtual assistants have yet to prove themselves as must-have products. The vast majority of people still only use their Echo, for instance, to check the weather or to play music, according to market research firm Argus Insights. It could be hard to persuade consumers to pay even more for a function they don’t need.

“Unless it’s a piece of hardware that’s earth shattering that no one can get from anyone else, it will be hard to convince consumers to buy it,” said Rene Haas, president of the chip licensing product group at Arm. He said companies behind the virtual assistants like Google and Amazon will have to make money off services.

«

Services tend not to make that much money, unless you’re Google offering people ads to click. Hardware makes money, if you do it right. Not sure that people are really going to want cameras monitoring them by the fridge.
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up: Facebook v the fakes, bitcoin hits the bumpers (and bounces), UWP’s enterprise problem, and more


Will Apple’s next iPhone X get smaller, or packed with more stuff? Photo by William Hook on Flickr

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. That’s 30/30, never to be repeated. I’m @charlesarthur on Twitter. Observations and links welcome.

It’s the (democracy-poisoning) golden age of free speech • WIRED

The always-readable Zeynep Tufekci:

»

The most effective forms of censorship today involve meddling with trust and attention, not muzzling speech itself. As a result, they don’t look much like the old forms of censorship at all. They look like viral or coordinated harassment campaigns, which harness the dynamics of viral outrage to impose an unbearable and disproportionate cost on the act of speaking out. They look like epidemics of disinformation, meant to undercut the credibility of valid information sources. They look like bot-fueled campaigns of trolling and distraction, or piecemeal leaks of hacked materials, meant to swamp the attention of traditional media.

These tactics usually don’t break any laws or set off any First Amendment alarm bells. But they all serve the same purpose that the old forms of censorship did: They are the best available tools to stop ideas from spreading and gaining purchase. They can also make the big platforms a terrible place to interact with other people.

Even when the big platforms themselves suspend or boot someone off their networks for violating “community standards”—an act that does look to many people like old-fashioned censorship—it’s not technically an infringement on free speech, even if it is a display of immense platform power. Anyone in the world can still read what the far-right troll Tim “Baked Alaska” Gionet has to say on the internet. What Twitter has denied him, by kicking him off, is attention.

Many more of the most noble old ideas about free speech simply don’t compute in the age of social media. John Stuart Mill’s notion that a “marketplace of ideas” will elevate the truth is flatly belied by the virality of fake news.

«

link to this extract


In some countries, Facebook’s fiddling has magnified fake news • The New York Times

Sheera Frenkel, Nicholas Casey and Paul Mozur:

»

“People usually don’t share boring news with boring facts,” said Filip Struharik, the social media editor of Denník N, a Slovakian subscription news site that saw a 30% drop in Facebook engagement after the changes. Mr. Struharik, who has been cataloging the effects of Facebook Explore through a monthly tally, has noted a steady rise in engagement on sites that publish fake or sensationalist news.

A bogus news story that spread in December illustrates the problem, Mr. Struharik said. The story claimed that a Muslim man had thanked a good Samaritan for returning his lost wallet, and had warned the Samaritan of a terrorist attack that was planned at a Christmas market.

The fabricated story circulated so widely that the local police issued a statement saying it wasn’t true. But when the police went to issue the warning on Facebook, they found that the message — unlike the fake news story they meant to combat — could no longer appear on News Feed because it came from an official account.

Facebook explained its goals for the Explore program in Slovakia, Sri Lanka, Cambodia, Bolivia, Guatemala and Serbia in a blog post in October. “The goal of this test is to understand if people prefer to have separate places for personal and public content,” wrote Adam Mosseri, head of Facebook’s News Feed. “There is no current plan to roll this out beyond these test countries.”

The company did not respond to a list of questions about the Explore program, but Mr. Mosseri said in a statement on Friday that the company took its role as a “global platform for information” seriously.

“We have a responsibility to the people who read, watch and share news on Facebook, and every test is done with that responsibility in mind,” he said.

«

Every time Facebook thinks it has it, it slips away.
link to this extract


Bitcoin plunges—now down 42% from December peak • Ars Technica

Timothy Lee:

»

Bitcoin’s value plunged on Tuesday, falling to $11,300—the lowest value the virtual currency has seen in 2018. Bitcoin’s value is down more than 20% over the last 24 hours, and down 42% from December’s all-time high of around $19,500.

Bitcoin’s fall was part of a broader crypto-currency selloff. Every major cryptocurrency has suffered double-digit losses over the last 24 hours, according to CoinMarketCap. Ethereum is down 21%. Bitcoin Cash is down 25%. Litecoin is down 20%, while Dash is down 21%, and Monero is down 25%.

It’s hard to say what causes cryptocurrencies to go up or down on any given day. In recent months, Bitcoin and other cryptocurrencies have exhibited classic signs of a speculative bubble, with millions of ordinary investors flooding into the market in hopes of making an easy buck. That helped to push Bitcoin to new heights, but it also heightened the cryptocurrency’s already significant volatility.

«

It briefly dipped below $10,000, but made its way up again. Maybe stop calling it crypto-currency? Cryptocommodity? (Though how disheartening, and exhausting, to be the journalist with the task of writing “today’s fall in crypto prices.” There’s a job for AI.)
link to this extract


Omni raises funding from Ripple execs and Highland Capital • WSJ

Cat Zakrzewski:

»

The startup Omni has taken an unconventional approach to storage. Rather than holding clients’ camping gear or old strollers in traditional storage units, the company also gives customers the option to rent out their gear to other peers through the platform.

In keeping with its nontraditional business strategy, Omni raised $25m in new funding with a twist. The funding includes a Series B round of venture financing from Highland Capital Partners as well as a partnership and strategic investment made by blockchain financial startup Ripple Inc.’s executives.

Ripple said executives Chris Larsen and Stefan Thomas personally invested in Omni an undisclosed sum using the startup’s cryptocurrency XRP, and Highland Capital Partners invested in traditional dollars.

At the time of the round’s close in December, the round’s value was equivalent to more than $25m. Ripple sees the deal as a strategic investment and did not take equity in the company.

«

So basically Larsen and Thomas invested some stuff whose value is yo-yoing by huge amounts. Odd thing for Omni to agree to.
link to this extract


New cyberattack on cryptocurrency investors came from North Korea, report says • WSJ

Jonathan Cheng:

»

A new hacking offensive against cryptocurrency investors uses malware similar to that deployed in North Korea’s attack on Sony Pictures Entertainment and its WannaCry ransomware assault, cybersecurity researchers said, providing further evidence of Pyongyang’s involvement in crypto heists.

U.S. cybersecurity firm Recorded Future in a report on Tuesday identified the Lazarus group—a hacking operation with links to the North Korean regime—as behind the malware campaign, which began targeting users of a South Korean exchange in the late fall and may still be active. It isn’t known how successful the hackers were, or how much was stolen.

«

No surprise. The only people in the world who really, really want to cash out of cryptocurrency and ignore the price or “to the moon!” nonsense are the North Koreans who have mined or hacked it, because they’re so constrained for other ways to get foreign currency.
link to this extract


Microsoft and the UWP For Enterprise delusion • Dean Chalk

»

So, its 2018 and WPF/WinForms is now a legacy platform.

I don’t remember the WPF technology stack getting any significant updates over the last 12 years, so it dies pretty much how it started. Its apparent replacement is the so-called ‘Universal Windows Platform’ or UWP (previously it was ‘WinRT’ — no ‘Store’ — no ‘Metro’ no……??), however there is one huge and massive issue with UWP on the desktop, and that is it isn’t designed for the desktop.
Nonsense!, you might say — but Its true. UWP will never been an enterprise desktop software development technology stack, and I will tell you exactly why in the next paragraphs.

The ‘Mobile First’ fallacy: the enterprise doesn’t care about mobile — it really doesn’t. Sure there are a small number of enterprises that need delivery guys with handheld devices , and those devices need to have mobile software written for them, but they are in a tiny minority.

The few mobile enterprise apps currently out there are more about productivity triage — a quick glance while your getting a latte — nothing more.

Your email app on your iPhone isn’t designed for you to use 8 hours straight at your desk. The spreadsheet app on your iPad is pretty useless for a whole days work. You NEED a big screen with mouse and keyboard to do an 8 hour shift on the company’s CMS system, and no mobile-first setup is going to be even remotely productive for 99% of enterprise employees.

However, UWP is a mobile-first platform. It’s designed for small devices that are being used by people touching a screen with sausage-shaped fingers. Yes you can have the app adapt to different screen sizes but its still the same issue — powerless and simplified, with low levels of information density — if that’s all you needed, then you’re going to build a web app instead anyway.

«

link to this extract


Harvard study shows why Big Telecom is terrified of community-run broadband • Motherboard

Karl Bode:

»

A new study out of Harvard once again makes it clear why incumbent ISPs like Comcast, Verizon and AT&T are so terrified by the idea of communities building their own broadband networks.

According to the new study by the Berkman Klein Center for Internet and Society at Harvard University, community-owned broadband networks provide consumers with significantly lower rates than their private-sector counterparts.

The study examined data collected from 40 municipal broadband providers and private throughout 2015 and 2016. Pricing data was collected predominately by visiting carrier websites, where pricing is (quite intentionally) often hidden behind prequalification walls, since pricing varies dramatically based on regional competition.

In many markets, analysts couldn’t make direct comparisons with a private ISP, either because the ISP failed to meet the FCC’s 25 Mbps down, 3 Mbps up standard definition of broadband (a problem for countless telcos who refuse to upgrade aging DSL lines), or because the ISP prequalification website terms of service “deterred or prohibited” data collection.

But out of the 27 markets where they could make direct comparisons, researchers found that in 23 cases, the community-owned ISPs’ pricing was lower when the service costs and fees were averaged over four years.

«

link to this extract


Apple might have found a way to make the notch smaller on next year’s iPhones • BGR

Zach Epstein:

»

The TrueDepth Camera is what enables Face ID, an advanced facial recognition system that is far more secure than similar biometric authentication systems on rival phones. It works by using an infrared dot projector to beam 30,000 invisible dots onto the user’s face, and then a special camera reads the dots and matches the resulting data to the phone’s saved face profile.

Apple is expected to unveil three new iPhone models this September, and all three of them will reportedly feature the iPhone X’s “all-screen” design, complete with the infamous notch. According to a new report from ETNews, however, next year’s new iPhones might not be quite as notchy.

“According to industries, it is heard that Apple is planning to strengthen face sensing function starting from 2019 models,” the report reads. “That is why it is planning to increase number of parts that will be used for iPhones and is looking into combination of a face recognition module with a camera module.” It should be noted that this is a translation of a Chinese-language report.

It’s possible that Apple’s upcoming new iPhones will combine elements of the TrueDepth camera with the standard front-facing camera. Apart from allowing Apple to squeeze a more complex solution into the phone, this might also allow the company to reduce the footprint of the sensor array. In other words, next year’s new iPhones might have a smaller notch.

«

I would expect the notch to stay the same size – devs have built for it already – and Apple to squeeze more dots into its projector thing, which will take up the same space.

More interesting question: will it be the iPhone XI?
link to this extract


Google memory loss • ongoing

Tim Bray:

»

I think Google has stopped in dex ing the old er parts of the We b. I think I can prove it. Google’s com pe ti tion is do ing bet ter.

Ev i dence · This isn’t just a proof, it’s a rock-n-roll proof. Back in 2006, I pub lished a re view of Lou Reed’s Rock n Roll An i mal al bum. Back in 2008, Brent Sim mons pub lished That New Sound, about The Clash’s Lon don Calling. Here’s a chal lenge: Can you find ei ther of these with Google? Even if you read them first and can care ful ly con jure up exact-match strings, and then use the “site:” pre fix? I can’t. ¶

[Up date: Now you can, be cause this piece went a lit tle vi ral. But you sure couldn’t ear li er in the day.]

Why? · Ob vi ous ly, in dex ing the whole Web is crush ing ly ex pen sive, and get ting more so ev ery day. Things like 10+-year-old mu sic re views that are nev er up dat ed, no longer ac cept com ments, are light ly if at all linked-to out side their own site, and rarely if ev er visited… well, let’s face it, Google’s not go ing to be sell ing many ads next to search re sults that turn them up. So from a busi ness point of view, it’s hard to make a case for Google in dex ing ev ery thing, no mat ter how old and how ob scure. ¶

My pain here is pure ly per son al; I freely con fess that I’d been us ing Google’s glob al in fras truc ture as my own per son al search in dex for my own per son al pub li ca tion s. But the pain is re al; I fre quent ly mine my own his to ry to re-use, for ex am ple in con struct ing the cur rent #SongOfTheDay se ries.

«

Bing and DuckDuckGo can find it, he points out. So?

»

When I have a ques tion I want an swered, I’ll prob a bly still go to Google. When I want to find a spe cif ic Web page and I think I know some of the words it con tain s, I won’t any more, I’ll pick Bing or Duck Duck Go.

«

Bray used to work at Google.
link to this extract


CES 2018: real advances, real progress, real questions • Learning by Shipping

Steve Sinofsky (you know, the skateboarding on a Surface guy) went to Vegas:

»

I’m confident that a core problem with voice right now are expectations. There’s all sorts of real world problems from home guests to people standing outside a window yelling into your house to deal with, but one does quickly get used to walking into a room and saying “Alexa please turn the lights on” and of course if you can also get questions about the weather and so on answered along with music, this is a net add.

Where voice really disappoints is the same way that almost every new product disappoints—it doesn’t do as much as you’d like or can imagine. Tech enthusiasts have been trying to do home automation scenarios for years—the idea of “programming” your home to lock the doors, arm perimeter security, turn off inside lights (except the bedroom), turn off the TV, turn on the baby monitor and so on all to the command “bedtime”. That’s not going to happen and anyone with that design point will fail. This will fail just like that microwave button “reheat” doesn’t work or voice response systems asking you “state your problem” always take you “please hold while I connect you to an operator”.

I’m optimistic about voice for basic command and control. Beyond that we are at the very early stages with a good deal of frustration ahead…

…[re TV sets]All the major players were showing large (up to 85″) OLED screens all ultra-thin. Here’s a CES thing to notice. The fancy “not yet shipping” OLED TVs all have integrated bases upon which the 5mm screens rest. These bases are speaker bars and use some of the depth gained to enable a rear-firing subwoofer on the back of the panel. Since everyone is showing these it is likely where things are heading after 15 years of over the fireplace wall mounts and 4″ recessed wall nooks that are never the right size for the next display.

Also there were basically no curved TVs and certainly zero 3D. I was trying to think of something that came and went as fast as 3D and all I could come up with might be VR headsets.

«

Tons more great insight in his post. Set aside some time to read it.
link to this extract


Holy ****, the iPad Pro • BirchTree

Matt Birchler got a 10.5in iPad Pro:

»

There is nothing I can throw at this thing that it does not do basically instantly. I was a little apprehensive about getting an iPad with an A10X processor when my iPhone has a newer A11, but those fears are (at least for now) unfounded. The A10X is blazingly fast, and all the apps I throw at it run perfectly. Whether it’s editing a podcast in Ferite, editing RAW image files in Lightroom, or multitasking with up to 3 apps on screen at a time, the iPad Pro keeps up. As many have mentioned before, the bottleneck on the iPad Pro is software right now, not hardware.

Another part of the iPad Pro I love is the Pro Motion display. For many years, we described 60fps animations as the buttery dream all software should strive for. Now with the 2017 iPad Pros, 120fps now feels like the benchmark, and my god is it nice. I mentioned above that the iPad Pro has a one generation older system on a chip than the iPhone 8/X, but the iPad Pro often feels even faster than the iPhone because of the fluidity of the animations. Seriously, it is an absolute joy to use a computer with everything moving with this level of fluidity.

Finally, despite all it’s flaws, iOS 11 is a game changer for the iPad. The dock is a great addition, and the multitasking view is miles better than what we had last year. The split screen options are better than ever, not only because the zippy iPad Pro loads multiple apps with ease, but because you can now more easily manage your multiple apps, and you can even have a third app on screen at a time with a swipe in from the right gesture. I use this all the time and it makes me treat the iPad more like a computer built for getting things done than ever before. I’d love to see Apple continue to move the needle this year with iOS 12, but the advance we got last year is fantastic, and Apple should be credited with making the iPad leaps and bounds better than any other tablet computer.

«

He also has a post about which apps he retains a Mac for; basically, Final Cut Pro X. For me, it’s just my incompetence at rewriting Applescript in Python (using Pythonista), and/or the lack of an equivalent for the now-discontinued Viewfinder for searching Flickr.
link to this extract


Errata, corrigenda and ai no corrida: a couple of things about yesterday’s OnePlus link. First, I’m reliably informed that its revenue was “more than $1.4bn” (ie more than £1bn), not $1bn. Second, OnePlus’s ASP was somewhere between $400 and $500, according to users and analysts.

So that means it sold between 2.8m and 3.5m phones over the whole year – somewhat smaller than my 4m to 8m estimate.

Start Up: boosting bitcoin, Nintendo shuffles off VR, LG delays G7?, how to stop US gun violence, and more


One Plus says 2017 revenue passed a billion dollars. How many phones is that? Photo by Dennis Sylvester Hurd on Flickr.

A selection of 11 links for you. Not for sale in Nebraska. I’m @charlesarthur on Twitter. Observations and links welcome.

Inside Telegram’s ambitious $1.2B ICO to create the next Ethereum • TechCrunch

Jon Russell:

»

We have even more information about messaging app Telegram’s plans for cashing in on its popularity within the crypto community with the massive ICO for its proposed Telegram Open Network (TON) project (that we first reported), after obtaining the whitepaper and investor prospectuses in full.

From the documents, it is clear that Telegram isn’t content with sitting on a platform like Ethereum for its token sale and services, as most ICOs are. Instead, it wants to create a platform of its own to rival Ethereum for hosting a new wave of decentralized services and internet experiences tipped to emerge thanks to the blockchain.

Telegram’s ICO will be a record if all goes according to plan, but that’s only the start.

The company plans to raise a staggering $1.2 billion in total, starting with a $600 million pre-sale that’s strictly for traditional venture capital backers and those inside its executive’s close circles.

«

Gather round, children, and let me tell you of a man called Ponzi.
link to this extract


Researchers find that one person likely drove Bitcoin from $150 to $1,000 • TechCrunch

John Biggs:

»

Researchers Neil Gandal, JT Hamrick, Tyler Moore, and Tali Oberman have written a fascinating paper on Bitcoin price manipulation. Entitled “Price Manipulation in the Bitcoin Ecosystem” and appearing in the recent issue of the Journal of Monetary Economics the paper describes to what degree the Bitcoin ecosystem is controlled by bad actors.

To many it’s been obvious that the Bitcoin markets are, at the very least, being manipulated by one or two big players. “This paper identifies and analyzes the impact of suspicious trading activity on the Mt. Gox Bitcoin currency exchange, in which approximately 600,000 bitcoins (BTC) valued at $188 million were fraudulently acquired,” the researchers wrote. “During both periods, the USD-BTC exchange rate rose by an average of four% on days when suspicious trades took place, compared to a slight decline on days without suspicious activity. Based on rigorous analysis with extensive robustness checks, the paper demonstrates that the suspicious trading activity likely caused the unprecedented spike in the USD-BTC exchange rate in late 2013, when the rate jumped from around $150 to more than $1,000 in two months.”

The team found that many instances of price manipulation happened simply because the market was very thin for various cryptocurrencies including early Bitcoin. “Despite the huge increase in market capitalization, similar to the bitcoin market in 2013 (the period examined), markets for these other cryptocurrencies are very thin. The number of cryptocurrencies has increased from approximately 80 during the period examined to 843 today! Many of these markets are thin and subject to price manipulation.”

«

Speaking of which…
link to this extract


The anatomy of a pump and dump group • Bitfalls

“Bruno”:

»

Pump and dump (P&D) schemes are a common occurrence in the cryptocurrency world.

They most often happen in Telegram or Discord (chat programs) groups in which several thousand people buy a specific shitcoin (a crypto token without a value or future) at the same time in an attempt to artificially inflate its value. This value increase is called the pump while the selling of this now expensive token to naïve bystanders is the dump phase.

In this article, we’ll take a look at the anatomy of one such smaller P&D group…

…When the organizers buy a coin before telling everyone, that’s what’s called a pre-pump. For example, in the group we were watching for this post, the OAX coin was announced with a pump start due at 23:00. But if we look at its graph, the pre-pump is obvious:

The graph clearly shows the organizers having loaded up on the coin 20 minutes earlier. This allowed them to start dumping on their group’s members immediately on start time at 23:00. The reason they were able to move the market by themselves was because this coin had a total trading volume of 2 Eth on HitBTC, which meant even half an ether could move the needle.

«

Anyhow, to the moon, etc.
link to this extract


This AR app teaches you how to play the piano • VRScout

Steve Ip and Sydney Wuu:

»

App users slip on their AR headsets and follow the instructions displayed directly on their instrument to learn how to play the piano. A virtual band accompanies the user to teach them how to improvise within a group setting. The software also includes interactive theory lessons, live practice sessions, and animated demonstrations that allow you to explore blues, rock, jazz, and classical styles.

Music Everywhere currently operates on a bidirectional MIDI-over-Bluetooth connection utilizing a Microsoft HoloLens AR device or Windows Mixed Reality immersive headset.

It has been hinted that Music Everywhere may be headed to Mira as well, a lightweight AR headset that is powered by an iPhone. Mira retails as an iPhone accessory below $200, compared to a HoloLens that can cost upwards of $3000.

«

From the description, you think: great! But the video is so woeful. This doesn’t teach you piano; you have to be good at playing the piano already. It’s like Wii Music, which seemed like it would be great and turned out to be appalling.

And it’s barely better than perching a tablet on the music stand. AR needs more imagination.
link to this extract


Want to fix gun violence in America? Go local • The Guardian

Aliza Aufrichtig, Lois Beckett, Jan Diehm and Jamiles Lartey:

»

Half of America’s gun homicides in 2015 were clustered in just 127 cities and towns, according to a new geographic analysis by the Guardian, even though they contain less than a quarter of the nation’s population.

Even within those cities, violence is further concentrated in the tiny neighborhood areas that saw two or more gun homicide incidents in a single year.

Four and a half million Americans live in areas of these cities with the highest numbers of gun homicide, which are marked by intense poverty, low levels of education, and racial segregation. Geographically, these neighborhood areas are small: a total of about 1,200 neighborhood census tracts, which, laid side by side, would fit into an area just 42 miles wide by 42 miles long.

The problem they face is devastating. Though these neighborhood areas contain just 1.5% of the country’s population, they saw 26% of America’s total gun homicides.

Gun control advocates say it is unacceptable that Americans overall are “25 times more likely to be murdered with a gun than people in other developed countries”. People who live in these neighborhood areas face an average gun homicide rate about 400 times higher than the rate across those high-income countries.

«

Amazing piece of data journalism, digging down to the neighbourhood level: gun murder is a more common act where poverty, lack of education and racial segregation are high.
link to this extract


Suspect in deadly Kansas “swatting” hoax charged with manslaughter • Ars Technica

Timothy Lee:

»

A Los Angeles man accused of making a hoax phone call that led to the death of an innocent man in Wichita, Kansas, has been charged with involuntary manslaughter. 25-year-old Tyler Barriss was arrested in Los Angeles late last month, and authorities there extradited him to Kansas. He made his first appearance in a Kansas courtroom on Friday, court records show.

Authorities believe that Barriss made a hoax phone call that sent police to the home of an innocent man, Andrew Finch, on December 28. Finch opened the door with his hands up. But when he briefly lowered his hands toward his waistband, a police officer shot him, believing that Finch could be reaching for a gun.

The incident appears to have originated with an online feud over a $1.50 Call of Duty bet. One of the parties to that dispute reportedly approached online user SWAuTistic, who had a reputation for initiating “swatting” pranks against online gamers. SWAuTistic called the Wichita police, pretending to be a deranged man who had already shot his father and threatened to shoot other members of his family.

«

Such a waste of two lives, and enabled by a militarised police force which shoots to kill.
link to this extract


Nintendo doesn’t seem to be “looking into” VR very much anymore • Ars Technica

Kyle Orland:

»

Readers with decent memories may remember early 2016, when Nintendo President Tatsumi Kimishima said the company was looking into the virtual reality space at an investor’s briefing. Coming months before we had concrete details on the company’s upcoming Switch, the statement set off industry alarm bells about Nintendo’s potential future plans. A vague Nintendo patent for a head-mounted tablet holster that surfaced in late 2016 got the chatter going even further.

Fast forward to today, and it’s increasingly clear that Nintendo has finished “looking” and has decided VR shouldn’t be part of its plans for the time being. The latest evidence comes from a recent interview with Nintendo France General Manager Philippe Lavoué in French publication Les Numeriques. “If you look at VR headsets, I doubt they can appeal to the mainstream,” Lavoué said in a translation of that interview. “Consumers are not patient with entertainment if you’re not able to deliver an all-inclusive package.”

«

Remember when VR was the future? What a week that was.
link to this extract


LG Electronics chief orders revision of ‘G7’ smartphone from scratch: source • Korea Herald

Song Su-hyun:

»

Jo Seong-jin, vice chairman and CEO of LG Electronics, has ordered a revision of the company’s upcoming premium phone, temporarily called the “G7,” further delaying its launch to April.

According to a company official who asked for anonymity, the G7 smartphone team of the company’s mobile communications business was told to halt recent work related to development of the newest phone, and to review the new product from scratch.

“Right after the vice chairman made the announcement at the Consumer Electronics Show last week, a direct order was sent down to the working-level officials to start over,” the official told The Korea Herald.

“A new decision on a possible launch date will be released around the Lunar New Year holiday next month,” he said. The smartphone was initially expected to be unveiled at the end of February and launched in March.

«

This could actually work in its favour (though the “from scratch” line means nothing; you don’t start phones from scratch). LG loses money every time it launches a top-end phone because it pours money into marketing, which isn’t recouped through sales. Delaying the G7 by a month or a quarter could work wonders.
link to this extract


Ho, ho, ho, Xiaomi • Bloomberg Gadfly

Tim Culpan:

»

Xiaomi Corp. is set to pull in revenue of $17bn to $18bn this year, ahead of its own target, Reuters reported Friday, citing the company’s comments to bankers.That’s impressive, but believable. Xiaomi has had a great year.

Stretching the credibility scale, though, are estimates that net income could hit $1bn. They’re banker projections, Reuters notes, not necessarily Xiaomi’s. The company later confirmed to Bloomberg News that revenue topped $15bn within the first 10 months of 2017, without commenting on earnings.If those profit numbers are true, it would mean the smartphone and device maker will deliver a net income margin of as much as 5.9%. That’s astounding. An operating margin of 5.9% would be pretty incredible, but a net margin that high would have Xiaomi well ahead of almost everyone in the market – up with Samsung Electronics Co. and Huawei Technologies Co.

Suffice to say, Xiaomi is no Samsung. But bankers desperately want in on Xiaomi’s expected IPO, and talking up the company is a good way to endear themselves. Remember when that real estate agent told you your rundown two bedder was a treasure and guaranteed to fetch a good price? Yeah, it’s like that.

Reuters reports that bankers see Xiaomi’s earnings doubling to $2bn next year. To get there, Xiaomi would need to dramatically boost revenue and widen margins. That’s hard to do simultaneously, especially in a weakening devices market. But such lofty estimates are helping these bankers talk up a $100bn share sale, when just two weeks ago the chatter was around a $50bn listing.

«

Buying Xiaomi shares would be a sucker move. You can’t honestly believe that it’s going to make $100bn in its lifetime.
link to this extract


Chinese smartphone maker OnePlus breaks billion-dollar sales barrier • The Telegraph

James Titcomb:

»

Oneplus, the cult Chinese smartphone maker, has broken the billion-dollar sales barrier for the first time and made a profit, a rare feat in the ultra-competitive mobile market.

The company’s chief executive Pete Lau told The Telegraph that its revenues last year had doubled to more than $1.4bn (£1bn) and that this had come with “healthy profits”. It comes as OnePlus plans to challenge bigger players by tying up with mobile networks in the US and Europe.

The smartphone market has been flooded by competition from Chinese upstarts in recent years, making profits rare and sending established brands like HTC and Motorola into losses. While OnePlus pales to most of its rivals in size, Mr Lau said it has eked out healthy margins by focusing only on the high-end of the market. It sells most of its mobiles directly to a core of fans online, instead of through mobile networks, although it began to distribute phones through O2 in the UK in 2016.

«

Some confusion between the headline, intro and second para. I think it’s that they’ve passed a billion dollars. That’s an average of $250m per quarter; at $250 per handset that would be a million per quarter, or 4m per year. At $125 per handset, it’s 8m per year. Those seem like the likely boundaries of its sales.

So that’s the good news. Now we go to the bad news…
link to this extract


Some people have had their credit card numbers stolen after buying OnePlus phones online • BGR

Chris SMith:

»

If you purchased a OnePlus phone and paid with a credit card, you should check your account for fraudulent charges immediately. Apparently, it already happened to some OnePlus customers, who were notified about fraudulent transactions on credit cards that were used to buy OnePlus phones.

According to a poll on the company’s own forum, 69 people so far have noticed fraudulent charges after a OnePlus transaction.

OnePlus has yet to confirm a data breach that would have allowed hackers to steal user data such as credit card information. And it’s always possible that the users who were notified of fraudulent charges by their banks were hacked in some other way, and it’s all a big coincidence. But the poll, available at this link, seems to suggest there may be an issue with OnePlus, as some of the impacted customers used their cards online for little else other than to buy a OnePlus phone online…

…The company says it started investigating the issue but found no cause so far. OnePlus says that card info is “never processed or saved on our website.” Instead, the data is sent “directly to our PCI-DSS-compliant payment processing partner over an encrypted connection, and processed on their secure servers.”

«

link to this extract


Errata, corrigenda and ai no corrida: none notified

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Start Up: making China great again (by omission), Fancy Bear is back, crafting Apple’s emoji, and more


Yes, I’m afraid that machine learning has spoiled the fun of this as well. Photo by in_future on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Start the week as you mean to finish it. I’m @charlesarthur on Twitter. Observations and links welcome.

Techmate: how AI rewrote the rules of chess • Financial Times

Richard Waters:

»

Besides being pleasantly struck by the similarities he sees between AlphaZero’s game and his own, Kasparov suggests there have been some surprises from watching the software play. It’s well known, for instance, that the person who plays white, and who moves first, has an edge. But Kasparov says that AlphaZero’s victory over Stockfish has shown that the scale of that starting advantage is actually far greater than anyone had realised. It won 50% of the games when it played white, compared to only 6% when it played black. (The rest of the games were draws.)

Kasparov is cautious about predicting that AlphaZero has significant new chess lessons to teach, although he concedes it might encourage some players to try “a more dynamic game”. But if he seems only mildly interested in the quality of the chess, he is more forthright in his admiration for the technology. Kasparov has studied AI and written a book on it. AlphaZero, he says, is “the prototype of a flexible machine”, the kind that was dreamed of at the dawn of the computer age by two of the field’s visionaries, Alan Turing and Claude Shannon.

All computers before this, as he describes it, worked by brute force, using the intellectual equivalent of a steamroller to crack a nut. People don’t operate that way: “Humans are flexible because we know that sometimes we have to depart from the rules,” he says. In AlphaZero, he thinks he has seen the first computer in history to learn that very human trick…

…When transferred to the real world, however, the gulf between AI and the human brain looms large again. Chess, says [Stuart] Russell [who has been looking at AI and chess], has “known rules and short horizons”, and it is “fully observable, discrete, deterministic, static”. The real world, by contrast, “shares exactly none of these characteristics”.

«

One really good point is that Stockfish, which was defeated, was programmed by people who start from the point of valuing material: capturing is good. Being a pawn up is good. (It’s more subtle now.) But play like AlphaZero’s is more focussed on winning than material.
link to this extract


How to find Wally with a neural network • Towards Data Science

Tadej Magajna:

»

Deep learning provides yet another way to solve the Where’s Wally puzzle problem. But unlike traditional image processing computer vision methods, it works using only a handful of labelled examples that include the location of Wally in an image.

«

“What did parents do before there were neural networks?”

“They put their kids to sleep by making them play Where’s Wally. Damn computers.”
link to this extract


Making China Great Again • The New Yorker

Evan Osnos has a big analysis of how Trump’s reluctance, or inability, to engage with CHina’s growing desire to influence the world is giving Xi the long-sought chance to move into driving seat. Here he looks at how a recumbent US leaves gaps for aggressive moves in technology:

»

In Beijing, I hailed a cab and headed to the northwest corner of the city, where a Chinese company called SenseTime is working on facial recognition, a field at the intersection of science and individual rights. The company was founded in 2014 by Tang Xiao’ou, a computer scientist who trained at M.I.T. and returned to Hong Kong to teach. (For years, China’s startups lagged behind those in Silicon Valley. But there is more parity now. Of the forty-one private companies worldwide that reached “unicorn” status in 2017—meaning they had valuations of a billion dollars or more—fifteen are Chinese and seventeen are American.)

SenseTime’s offices have a sleek, industrial look. Nobody wears an identification badge, because cameras recognize employees, causing doors to open. I was met there by June Jin, the chief marketing officer, who earned an M.B.A. at the University of Chicago and worked at Microsoft, Apple, and Tesla. Jin walked me over to a display of lighthearted commercial uses of facial-recognition technology. I stepped before a machine, which resembled a slender A.T.M., that assessed my “happiness” and other attributes, guessed that I am a thirty-three-year-old male, and, based on that information, played me an advertisement for skateboarding attire. When I stepped in front of it again, it revised its calculation to forty-one years old, and played me an ad for liquor. (I was, at the time, forty.) The machines are used in restaurants to entertain waiting guests. But they contain a hidden element of artificial intelligence as well: images are collected and compared with a facial database of V.I.P. customers. “A waiter or waitress comes up and maybe we get you a seat,” Jin said. “That’s the beauty of A.I.”

Next, Jin showed me how the technology is used by police. She said, “We work very closely with the Public Security Bureau,” which applies SenseTime’s algorithms to millions of photo I.D.s. As a demonstration, using the company’s employee database, a video screen displayed a live feed of a busy intersection nearby. “In real time, it captures all the attributes of the cars and pedestrians,” she said. On an adjoining screen, a Pac-Man-like trail indicated a young man’s movements around the city, based only on his face. Jin said, “It can match a suspect with a criminal database. If the similarity level is over a certain threshold, then they can make an arrest on the spot.”

«

link to this extract


Cybersecurity firm: US Senate in Russian hackers’ crosshairs • Associated Press

Raphael Satter:

»

The same Russian government-aligned hackers who penetrated the Democratic Party have spent the past few months laying the groundwork for an espionage campaign against the U.S. Senate, a cybersecurity firm said in a report Friday.

The revelation suggests the group often nicknamed Fancy Bear, whose hacking campaign scrambled the 2016 U.S. electoral contest, is still busy trying to gather the emails of America’s political elite.

“They’re still very active — in making preparations at least — to influence public opinion again,” said Feike Hacquebord, a security researcher at Trend Micro Inc. who authoered the report. “They are looking for information they might leak later.”

The Senate Sergeant at Arms office, which is responsible for the upper house’s security, declined to comment, but Nebraska Sen. Ben Sasse said it was time for U.S. Attorney General Jeff Sessions to return to Congress to say what action had been taken to help ensure lawmakers’ digital safety.

“The Administration needs to take urgent action to ensure that our adversaries cannot undermine the framework of our political debates,” he said in a statement.

Trend Micro based its report on the discovery of a clutch of suspicious-looking websites dressed up to look like the U.S. Senate’s internal email system. The Tokyo-based firm then cross-referenced digital fingerprints associated with those sites to ones used almost exclusively by Fancy Bear, which it dubs “Pawn Storm.”

«

Blimey, they’re a busy bunch, what with hacking the IOC and all. And the same method, broadly, as used against Hillary Clinton’s team and John Podesta.
link to this extract


Army rips out Chinese-made surveillance cameras overlooking US base • WSJ

Dan Strumpf:

»

The U.S. Army said it removed surveillance cameras made by a Chinese state-backed manufacturer from a domestic military base, while a congressional committee plans to hold a hearing this month into whether small businesses face cybersecurity risks from using the equipment.

Fort Leonard Wood, an Army base in Missouri’s Ozarks, replaced five cameras on the base branded and made by Hangzhou Hikvision Digital Technology Co. , said Col. Christopher Beck, the base’s chief of staff. He said officials at the base acted after reading media reports about the company.

“We never believed [the cameras] were a security risk. They were always on a closed network,” Col. Beck said. The decision to replace the cameras was meant to “remove any negative perception” surrounding them following media reports, he added, without elaborating…

…A Defense Department spokesman said the Hikvision cameras at Fort Leonard Wood weren’t connected to the military network. He said the department is conducting a review of all network-connected cameras on the base to ensure they are “in compliance with all security updates.” The spokesman declined to comment on whether Hikvision cameras are in use at other military facilities.

«

There’s no threat but they don’t want it to look bad? That’s shonky. However plenty of these cameras are amazingly insecure; the Mirai and Reaper botnets feast on this stuff.
link to this extract


Where’s Cortana? Microsoft is playing the long game as Amazon and Google dominate CES • GeekWire

Nat Levy:

»

Lost in the shuffle of Amazon and Google’s digital assistant showdown this week at CES is another tech giant’s virtual brain: Microsoft’s Cortana.

Unlike fellow tech heavyweights Facebook and Apple, which don’t go to CES, Microsoft does have a presence here. But it is more behind the scenes than Google’s flashy booth or the array of Alexa announcements. That’s because, in Microsoft’s view, the voice assistant market is in the very early stages.

“It’s a long journey to making a real assistant that you can communicate with over a longer period of time to really be approachable and interesting and better than the alternative,” Andrew Shuman, corporate vice president of Cortana engineering, told GeekWire. “That is our journey, to make some make some great experiences that shine through, and recognize that long haul.”

«

Translation: we’re getting squashed in this contest. Consumer isn’t really where Microsoft plays, but it’s where the voice play is. (Yes yes Windows but Cortana isn’t getting traction there.)
link to this extract


The making of Apple’s emoji: how designing these tiny icons changed my life • Medium

Angela Guzman:

»

It was the summer of 2008, and I was one year away from receiving my MFA in Graphic Design from the Rhode Island School of Design (RISD). It was the same summer I landed an internship at Apple on a team I was eager to meet. The same design team responsible for the iPhone; a magical device that launched the year prior at Macworld Expo in San Francisco. One could only imagine the size of my butterflies as I flew to Cupertino and arrived at 1 Infinite Loop. To add to the uncontrollable fluttering, I had no idea what project I would be given, the size of the team, where I would sit, or if I could really bike to work (I’m terrible on bikes).

Soon after my arrival and meeting the team (oh and biking to work!) I was handed my project. I was still trying to make sense of the assignment I’d just received when someone asked if I knew what an emoji was. And well, I didn’t, and at the time, neither did the majority of the English speaking world. I answered ‘no’. This would all change, of course, as the iPhone would soon popularize them globally by offering an emoji keyboard. Moments later I learned what this Japanese word meant and that I was to draw hundreds of them. Just as I was looking down the hallway and internally processing, “This isn’t type or an exercise in layout, these are luscious illustrations,” I was assigned my mentor…

…My first emoji was the engagement ring, and I chose it because it had challenging textures like metal and a faceted gem, tricky to render for a beginner. The metal ring alone took me an entire day. Pretty soon, however, I could do two a day, then three, and so forth. Regardless of how fast I could crank one out, I constantly checked the details: the direction of the woodgrain, how freckles appeared on apples and eggplants, how leaf veins ran on a hibiscus, how leather was stitched on a football, the details were neverending. I tried really hard to capture all this in every pixel, zooming in and zooming out, because every detail mattered. And for three months I stared at hundreds of emoji on my screen.

«

Wonderful story.
link to this extract


CES was full of useless robots and machines that don’t work • Daily Beast

Taylor Lorenz:

»

Take the FoldiMate, a giant robotic machine that costs $850 that can supposedly fold your clothes. The machine, which took up more space than a washing machine, might be worth it if you could dump a huge pile of laundry inside some chamber and have your garments returned to you in neatly folded stacks. But that type of machine has yet to be built.

In order for the FoldiMate to work, you must individually button up each shirt then manually clip it onto the machine, which could be more time consuming than just folding everything yourself.

The machine can only fold certain items too. Dress pants and traditional button up shirts are fine, bulky sweatshirts, baby clothes, socks, or undergarments are off the table.

The FoldiMate fit right in with the other “smart home”-type products at CES, where the primary innovation in the past year seemed to be adding Amazon Alexa to absolutely everything.

The Haier smart mirror caught my eye as I stepped into the Central Hall of the convention center. It promised to help me dress by recommending outfits for travel, work, or a date. It could also give detailed washing instructions for different garments and track where it was sitting in my closet.

Intrigued, I asked how it would know so much about all my clothes. “Do I dump all my laundry into a big scanner?” I asked naively.

«

Read it to find out just how naive. (Very.)
link to this extract


Can’t remove the lithium battery from your smart luggage? Consider it grounded • Washington Post

Andrea Sachs:

»

On Monday, airlines including American, Alaska, Hawaiian, Delta, United and Southwest will no longer allow passengers to fly with smart bags that contain nonremovable lithium batteries. The policy change applies to checked and carry-on bags that require lithium batteries to power high-tech features such as a USB charging station and a location tracker.

“Customers who travel with a smart bag must be able to remove the battery in case the bag has to be checked at any point in the customer’s journey,” American Airlines said in a statement. “If the battery cannot be removed, the bag will not be allowed.”

The rule springs from safety concerns. Lithium metal and lithium ion/polymer batteries are susceptible to emitting smoke, catching fire and even exploding. Between March 1991 and May 2017, the Federal Aviation Administration documented 160 incidents involving lithium batteries that were being transported as cargo or baggage.

«

That’s going to put a crimp on a few of the early adopters.
link to this extract


The secret history of the Russian consulate in San Francisco • Foreign Policy

Zach Dorfman with a fascinating long read about the now-closed consulate and its former occupants:

»

Some suspected Russian intelligence officers were found engaging in weird, repetitive behaviors in gas stations in dusky, arid burgs off Interstate 5, California’s main north-south artery. In one remarkably strange case, said one former intelligence official, two suspected Russian spies were surveilled pulling into a gas station. The driver stood next to his car, not purchasing any fuel. The passenger approached a tree, circling it a few times. Then they both got back into the car and drove away. Suspected Russian intelligence operatives would perform the same strange rituals multiple times at the same gas stations.

Multiple theories about these activities emerged. One was that the Russians were trying to confuse and overwhelm their FBI surveillance teams, in order to gauge just how extensive their coverage really was — in other words, to test the capacity of their counterspies. Another theory revolved around a long-standing communications technique among Russian spies, known as “burst transmissions,” wherein intelligence operatives transmit data to one another via short-wave radio communications. But for these, said another former intelligence official, you need a line of sight, and such transmissions are only effective at relatively short distances.

Many of these behaviors, however, didn’t seem to fit a mold. For one, the FBI couldn’t establish that these suspected Russian intelligence operatives — some of whom were spotted with little devices in their hands, others without — were engaging in any communications. But according to multiple sources, one recurrent and worrying feature of these activities was that they often happened to correspond to places where underground nodes connected the country’s fiber-optic cable network.

«

And then it gets a whole lot more spooky.
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up: Roku’s ambition, Dropbox to IPO, can you hack Aadhaar?, Russia’s new Olympic sport, and more


Does the NFL really have a “moat” that keeps viewers loyal and pulls in new ones too? Photo by Keith Allison on Flickr.

A selection of 10 links for you. Isn’t that something? I’m @charlesarthur on Twitter. Observations and links welcome.

Roku transforms from tech startup to TV streaming powerhouse • Variety

Janko Roettgers:

»

Roku is also getting ready to significantly expand its hardware business. Just last week the company announced an expansion into the home audio space. For this, Roku is once again teaming up with consumer electronics brands, which will license the company’s technology to build smart sound bars and speakers with integrated voice control. Roku-powered speakers will work together throughout a consumer’s home, capable of playing the same song synchronized in every room.

Smart, internet-connected speakers are not a new idea. Forrester Research recently estimated that 15 million U.S. households already owned a smart speaker by the end of 2017, and Amazon was expected to once again sell millions of its Echo devices over the holidays. Google has aggressively been pushing its own speakers; Sonos has been transitioning to voice-controlled devices; Apple is about to unveil its HomePod. Samsung, Microsoft and others are pushing into the market as well. “There are already too many smart speakers,” says Internet of Things expert Stacey Higginbotham.

Roku is betting it will have a chance to succeed in the market by making its own products TV-centric. “We see TVs as the central part of a growing home entertainment network,” explains the company’s VP of product, Mark Ely.

Roku has been investing heavily in research and development in this new growth area, acquiring Danish multi-room audio start-up Dynastrom in November for $3.5 million, as Variety was first to report. Roku even built its own smart assistant, meant to compete head-to-head with Amazon’s Alexa, Apple’s Siri and Google’s Assistant, thanks to an emphasis on media consumption. “We are an entertainment company,” says Ely. “An assistant has to be really great at entertainment.”

«

That market share figure – from US broadband households, 1Q 2017 – is surprising: I’d have expected Google to have a much larger share.
link to this extract


Dropbox files confidentially for US IPO • Bloomberg

Alex Barinka:

»

Dropbox Inc., the file-sharing private company valued at $10 billion, has filed confidentially for a U.S. initial public offering, people familiar with the matter said.

Goldman Sachs Group Inc. and JPMorgan Chase & Co. will lead the potential listing, according to the people, who asked not to be identified because the filing wasn’t public. Dropbox is talking to other banks this month to fill additional roles on the IPO, the people said. The company is aiming to list in the first half of this year, one of the people said.

Representatives for Dropbox, Goldman Sachs and JPMorgan declined to comment.

A share sale by San Francisco-based Dropbox, one of a closely watched group of high-profile private tech companies with multibillion-dollar valuations, would follow Snap Inc.’s disappointing step into the public markets. How the stock fares post-listing will be an ongoing focus for both Wall Street and the tech community. Snap shares are down 15% from its IPO last March.

«

What do we expect from this? Higher prices, less free storage, more insistent upsells?
link to this extract


Is India’s Aadhaar system really “hack-proof”? Assessing a publicly observable security posture • Troy Hunt

»

UIDAI is the Unique IDentification Authority of India and they run the Aadhaar project. Their statement echoes comments made around this latest incident that espouse the complete security of the system: “The Aadhaar data, including biometric information, is fully safe and secure”.

Here’s the issue I (and many others) have with these statements and I want to make it crystal clear:
Security is not a boolean proposition. It’s not “secure” versus “insecure”, “safe” versus “unsafe”, rather it is a spectrum of controls that all contribute to an overall security posture. There is no “fully”, there is no “completely”; every system – every single one – has weak points and a sufficiently well-equipped and determined adversary will find them.

It’s the hubris of the UIDAI’s statements which is the most worrying and it neglects so many of the highly sophisticated precedents that have come before the current situation. Precedents like Stuxnet, created by the US and Israeli governments to damage the Iranian nuclear program by targeting air-gapped centrifuges via 4 previously unknown “zero-day” flaws. That’s almost a cliched example to pull out these days, the point is simply that where there is sufficient will and resources, any information system can be compromised.

But let’s get back to that original tweet and the question therein: “Can you prove otherwise?” I certainly wouldn’t want to be the person probing away at Aadhaar in an unauthorised fashion in order to prove otherwise (although make no mistake, many people are), but per the title of this post, there are many publicly observable things I can easily draw attention to. To be crystal clear, none of this is “hacking”, it will merely involve looking at how the system responds to legitimate requests and observing the gap between what it does at present and what it ideally should do.

«

Lengthy post. It’s not certain that Aadhaar can be hacked, but one tends to think that where there’s a will – and 1.2bn user records – there’s a way.
link to this extract


Uber’s secret tool for keeping the cops in the dark • Bloomberg

Olivia Zaleski and Eric Newcomer:

»

In May 2015 about 10 investigators for the Quebec tax authority burst into Uber Technologies Inc.’s office in Montreal. The authorities believed Uber had violated tax laws and had a warrant to collect evidence. Managers on-site knew what to do, say people with knowledge of the event.

Like managers at Uber’s hundreds of offices abroad, they’d been trained to page a number that alerted specially trained staff at company headquarters in San Francisco. When the call came in, staffers quickly remotely logged off every computer in the Montreal office, making it practically impossible for the authorities to retrieve the company records they’d obtained a warrant to collect. The investigators left without any evidence.

Most tech companies don’t expect police to regularly raid their offices, but Uber isn’t most companies.

«

The tool is called Ripley:

»

From spring 2015 until late 2016, Uber routinely used Ripley to thwart police raids in foreign countries, say three people with knowledge of the system. Allusions to its nature can be found in a smattering of court filings, but its details, scope, and origin haven’t been previously reported.

The Uber HQ team overseeing Ripley could remotely change passwords and otherwise lock up data on company-owned smartphones, laptops, and desktops as well as shut down the devices. This routine was initially called the unexpected visitor protocol.

«

In the words of Matt Stoller: “Uber often looks like a criminal conspiracy that happens to run a ride-sharing service.”
link to this extract


Beware the lessons of growing up Galapagos • Remains of the Day

Eugene Wei:

»

If I weren’t in two fantasy football leagues with friends and coworkers, I would not have watched a single game this season, and that’s a Leftovers-scale flash-forward twist for a kid who once recorded the Superbowl Shuffle to cassette tape off a local radio broadcast just to practice the lyrics.

If you disregard any historical romantic notions and examine the typical NFL football game, it is mostly dead time (if you watch a cut-down version of a game using Sunday Ticket, only about 30 minutes of a 3 to 3.5 hr game involves actual game action), with the majority of plays involving action of only incremental consequence, whose skill and strategy on display are opaque to most viewers and which are explained poorly by a bunch of middle-aged white men who know little about how to sell the romance of the game to a football neophyte. Several times each week, you might see a player hit so hard that they lie on the ground motionless, or with their hands quivering, foreshadowing a lifetime of pain, memory loss, and depression brought on by irreversible brain damage. If you tried to pitch that show concept just on its structural merits you’d be laughed out of the room in Hollywood.

Cultural products must regenerate themselves for each successive age and generation or risk becoming like opera or the symphony is today…

…I don’t trust a bunch of rich old white male owners who grew up in such favorable monopolistic conditions to both understand and adapt in time to rescue the NFL from continued decline in cultural relevance. They are like tortoises who grew up in the Galapagos Islands, shielded on all sides from predators by the ocean, who one day see the moat dry up, connecting them all of a sudden to other continents where an infinite variety of fast-moving predators dwell.

«

link to this extract


Apple’s indirect presence fades from CES • Tech.pinions

Ben Bajarin:

»

It is easy to say that because Apple was never present at CES that the show didn’t mean something to them or their ecosystem. It is easy, and correct to say that CES was not, or never was, a measure of the health of Apple’s products. It is, however, incorrect and dangerous to miss that CES had been, for some time, a barometer for the health of Apple’s ecosystem.

As I mentioned, our ability to measure any platforms ecosystem from what we observe at CES, is the main reason so many are paying attention to what is happening with Amazon’s Alexa platform. Google Assistant is certainly more present than it was last year, however, when you look at how third parties are talking about-and marketing-their support of these assistants they are putting significantly more effort into talking about Alexa than Google Assistant. Which is a telling signal. Again, to reiterate this point, third parties used to market, and spend energy talking about their integration with iOS or support of iPhone/iPad with the same rigor they are now talking about Amazon’s Alexa. This can not be ignored.

As I outlined, with the two scenarios for Amazon’s Alexa, one could take a position that this is short-lived, and the dust will settle once Apple enters the market with HomePod and you will see more partners and third parties start talking more about HomeKit than anything else. For Apple’s sake, I would love for this to happen but I don’t see it unless Apple’s makes some changes to where Siri can be integrated outside of Apple first-party hardware.

With all of that being said, I am noticing a bit more support of HomeKit this year vs. last and with Apple’s recent pivot surrounding HomeKit requirements which required a dedicated security chip from Apple that now allows that security and authentication to be done in software, I do expect even more HomeKit support next year.

«

Certainly it used to be true that you’d go to CES and it would be iPhone accessory this, iPad case that. Now apparently it’s all Alexa this, Alexa that. So he has a point. Where’s consumer electronics going now?
link to this extract


Dear Google: please stop using my advertising dollars to monetize hate speech • Quartz

John Ellis:

»

My company sponsors online hate speech, fake news and racist propaganda. It’s not that we are trying to—and given the small budget of the engineering company I run, my contribution may only amount to pennies a month. But in total, online advertising accounts for tens of billions of dollars annually, so even tiny percentages mean millions of dollars directed from the bank accounts of advertisers to the pockets of Holocaust deniers, Sandy Hook hoaxers and promoters of vile, racist content.

The reason advertisers like me inadvertently sponsor and monetize hate speech is that ad-tech companies like Google have partnerships with publishers who allow and promote this type of content. And unless advertisers proactively identify and block objectionable sites as I try to do, their ads may appear there.

(Editors Note: In the time since Quartz first reviewed this article for publication, some of the sites pictured below have stopped running advertising, but similar sites have cropped up running the same juxtapositions of hate speech and advertising delivered via Google products.)

«

Whack-a-mole on both sides.
link to this extract


Russia, banned from the Winter Olympics, apparently is hacking Olympic emails • Buzzfeed

Kevin Collier:

»

The origin of the emails is unclear. Some of the emails, which date from late 2016 to spring 2017, appear to be between IOC employees and third parties discussing the Russian doping conspiracy.

“These emails and documents point to the fact that the Europeans and the Anglo-Saxons are fighting for power and cash in the sports world,” “Fancy Bears” said in its posting, though it’s unclear how the emails are meant to support that claim. Some of the emails’ contents are encrypted and are therefore illegible.

The IOC declined to comment on the “Fancy Bears” post or to verify that the emails are authentic, telling BuzzFeed News that “we do not comment on leaked documents.” WADA has not disputed the validity of any of the hacked documents previously attributed to the organization.

One of the people whose emails appear in the leak, and who is specifically named on the “Fancy Bears” website, is Colorado lawyer Richard Young, who helped WADA draft new anti-doping rules and worked to create a so-called “independent person” report for WADA on the doping allegations.

Young told BuzzFeed News he was unaware of the “Fancy Bears” activity, but said that a September 2016 email included in the dump sounded authentic to him when read over the phone.

“It’s no great revelation that I was involved in the IP investigation. I’m named in it,” Young laughed. “I think it’s somewhere in the first five pages that my role is explained.”

The original WADA hack occurred in late summer 2016, as allegations that Russian athletes had been caught participating in a vast and elaborate blood doping conspiracy were gaining international attention.

«

They should enter the Hacking Olympics. Venue: the internet. (Though these antics only go to strengthen the idea that Fancy Bear were behind the hacks of US organisations hostile to Russia, such as the Democratic party and Hillary Clinton’s campaign manager’s personal account.)
link to this extract


UCL to investigate eugenics conference secretly held on campus • The Guardian

Kevin Rawlinson and Richard Adams:

»

University College London has launched an urgent investigation into how a senior academic was able to secretly host conferences on eugenics and intelligence with notorious speakers including white supremacists.

The London Conference on Intelligence was said to have been run secretly for at least three years by James Thompson, an honorary senior lecturer at the university, including contributions from a researcher who has previously advocated child rape.

One prominent attendee at the conference in May last year was Toby Young, the head of the government-backed New Schools Network, who ran into controversy over efforts to appoint him as a university regulator…

…Young, in a speech to a similar conference in Canada last year, described the extreme measures that Thompson employed to keep the conference a secret.

“Attendees were only told the venue at the last minute, an anonymous ante-chamber at the end of a long corridor, called ‘lecture room 22’, and asked not to share this information with anyone else.

“One of the attendees, on discovering I was a journalist, pleaded with me not to write about the fact that he was there – he didn’t want his colleagues to find out,” Young said.

“But these precautions were not unreasonable, considering the reaction that any references to between-group differences in IQ generally provoke.”

Previous attendees included Richard Lynn, whom the US-based research group Southern Poverty Law Center labelled an “unapologetic eugenicist”, and the blogger Emil Kirkegaard, who has written supportively about pedophiles being allowed to have “sex with a sleeping child”.

«

Young has written vaguely in favour of eugenics for those deemed “low IQ”. You might say – what’s the harm in a university, meant to be a temple to ideas, hosting a conference on even a controversial idea like this, when we freely talk about CRISPR potentially improving our genetic profile? The problem is that eugenics is about *removing* people from the future population; it’s totalitarian, in that sense. CRISPR is about optionally choosing improvements.

It’s a subtle but important difference. Ask the parents of a disabled child if they’d want the child never to have been born: they’ll not take that option. (Which is eugenics.) Ask them if they’d want the child to have been born without disability; they’ll probably – but not always – say yes, while recognising it’s just a wish. That Young apparently can’t recognise that difference, and finds himself with fellow travellers of questionable morals, is disturbing.
link to this extract


We found a deleted page that reveals the paparazzi roots of Kodak Coin • Ars Technica

Timothy Lee:

»

The evidence strongly suggests that Kodak Coin is the re-branding of an initial coin offering called RYDE coin that never got much attention and was apparently aborted days before Kodak Coin was announced. Until recently, the project had a page on the crowdfunding site Start Engine. The page is no longer there, but Google cached a copy of the site on January 3. [At the time, the project had attracted 10 backers who had pledged a total of $875.]

As recently as last week, RYDE coin was being pitched as a way of expanding the licensing business of its creator, paparazzi photo company WENN Media. Now the RYDE page has disappeared, and WENN Media’s parent company, WENN Digital, has partnered with Kodak to create a blockchain platform that sounds a lot like RYDE—except that there’s no mention of celebrity photographs.

We’ve asked both Kodak and WENN about the connection between RYDE coin and Kodak Coin, and we will update the story if we hear back…

…What’s WENN Digital? A spokesman told Ars that WENN Digital is a new company that has acquired UK-based WENN Media, which describes itself as a “celebrity and entertainment news agency.”

“WENN can offer you an opportunity to join our worldwide team of top paparazzi snappers,” the “About Us” section of blog.wenn.com says.

«

So basically it’s sticking the Kodak name on a paparazzi project. Also, the “Kodak Coin” won’t make money for anyone who “mines” it, as David Gerard – whose book “Attack of the 50 Foot Blockchain” is hilarious in its dissection of the fantasies and fantasists around this topic – explains. It’s a mess, but then everything Kodak has done for years is a mess.
link to this extract


Errata, corrigenda and ai no corrida: none notified

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Start Up: coding to kill, CES goes dark, Apple sells mesh Wi-Fi, Huawei chief’s rant, and more


The Great Barrier Reef is dying due to climate change. What now? Photo by FarbenfroheWunderwelt on Flickr.

A selection of 14 links for you. Buy high, sell low, unless you’re buying my cryptocoins, in which case just buy. I’m @charlesarthur on Twitter. Observations and links welcome.

This Israeli presentation on how to make drone strikes more “efficient” disturbed its audience • The Intercept

Sam Biddle:

»

The doctoral student who presented the research demonstrated how pioneering data visualization techniques could show a drone operator, using lines and arrows of varying thickness, which direction fast-moving people and vehicles were most likely to travel, for example, at an intersection or while fleeing a building. The presentation clearly angered at least some of the crowd, including the moderator, prompting hostile questions.

“The guy’s talk (and its video documentation) revealed much of what’s very wrong about UAV warfare,” said Mushon Zer-Aviv, a web designer and activist and an organizer of the conference, the data visualization confab known as ISVIS.

The incident at ISVIS underscores the extent to which drone warfare’s deeply technological basis and inhumanity has become a major part of global public debate around its use. Once viewed (and still promoted) as an efficient, safer way to target terrorists, the growing ubiquity of lethal drone strikes in global hotspots is increasingly seen as helping to create wastelands and fomenting the sort of terroristic support it’s designed to eradicate.

«

I can’t do better than Maciej Cieglowski’s comment: “This is an extreme example of a dynamic we see across the tech world: abdicating moral agency to work on cool code.”
link to this extract


Great Barrier Reef tourism operators beg for action on bleaching • Brisbane Times

Jorge Branco:

»

Dozens of Queensland small businesses, many which wouldn’t exist without the Great Barrier Reef, have issued a dire warning to Prime Minister Malcolm Turnbull.

The open letter published on Saturday comes as new research predicts bleaching as severe bleaching could become the “new normal”, recurring biyearly by the mid-2030s.

In a move contrary to recent attempts from tourism bodies to downplay the extent of the bleaching, 175 tourism operators, dive professionals and tradies labelled the mass damage a “disaster needing urgent action”.

They called on the Turnbull government to rule out any financing, investment or help with associated infrastructure for the Abbot Point coal terminal expansion and Adani’s controversial Carmichael mine, the largest in Australia.

They pointed the finger at climate change, calling for investment in renewable energy projects, particularly in regional Queensland and a band on any new coal mines.

Eye to Eye Marine Encounters director John Rumney said some businesses had been afraid to speak out, worried it could mean bad publicity. “But the long-term viability of all our businesses relies entirely on Reef staying healthy and it is in danger,” he said, in a press release issued by the Climate Media Centre.

«

In our lifetimes, the Great Barrier Reef could be dead. This is a calamity.
link to this extract


Apple now selling mesh Wi-Fi system as AirPort line remains unchanged • 9to5Mac

Zac Hall:

»

Apple has started selling a mesh Wi-Fi system from Linksys both on its website and in stores. The move is notable as Apple hasn’t updated its own Wi-Fi base station hardware since 2013 and doesn’t currently offer its own mesh Wi-Fi system.

The future of Apple’s networking hardware has long been unclear for that reason.

Bloomberg reported over a year ago that Apple disbanded its AirPort team and planned no future hardware releases. Since then we’ve seen no update to the AirPort hardware. AirPort Wi-Fi base stations are still being sold today and haven’t changed in price…

…When asked about the move to sell a third-party mesh system and the future of the AirPort line, an Apple spokesperson shared this with 9to5Mac:

People love our AirPort products and we continue to sell them. Connectivity is important in the home and we are giving customers yet another option that is well suited for larger homes.

Apple’s choice for that option is the Linksys Velop Whole Home Mesh Wi-Fi System which comes in two flavors: $350 for a 2-pack system or $500 for a 3-pack solution. The Tri-Band Wi-Fi system is rated to provide coverage for 2,000 square feet with each Node which can be configured from the Linksys iPhone and iPad app.

«

Well that’s certainly interesting. It’s not as if it was going to sell Google’s offering, of course. I don’t think eero’s has been cleared for UK or European use. Mesh seems like the future if you need something that size.
link to this extract


Major power outage hits CES, a consumer electronics show • The Verge

Dami Lee:

»

Power in the North and Central halls of the Las Vegas Convention Center, which hosts CES annually, was out for nearly two hours on Wednesday. First reports of the power outage began hitting Twitter from convention goers starting around 11:14AM PT, and was slowly restored shortly after 1:00PM PT. Security evacuated most visitors from the affected halls during that time.

The outage impacted hundreds of companies, including giants like LG, Samsung, and Sony, as well as many small startups that paid thousands of dollars to have a presence on the giant show floor. This year’s CES seems to be marked by more chaos than usual, including unprecedented rain that flooded streets and shut down Google’s giant funhouse booth for a day.

«

Maybe they could make this a regular thing there.
link to this extract


Bitcoin can drop 50% and China miners will still make money • Bloomberg

Dan Murtaugh:

»

“Bitcoin mining under the current price is likely to be profitable under any electricity price regime in China,” Lu wrote.

Cryptocurrency power use is facing more scrutiny, particularly in China, which is concerned miners are taking advantage of low electricity prices. Digital currency transactions require energy-intensive computer networks, with the industry now using as much power as 3.4 million U.S. households, according to Digiconomist Bitcoin Energy Consumption Index. China is said to be planning to limit power use by miners, which are starting to look elsewhere.

Electricity demand for bitcoin mining rose to about 20.5 terawatt-hours a year by the end of 2017, according to BNEF. That equates to more than half the 38 terawatt-hours of electricity used annually by the world’s biggest traditional miner, BHP Billiton – or a tenth of the electricity needed to power South Africa.

In China, miners used 15.4 terawatt hours, which is just a blip in the country’s massive power industry. Even though it plays host to the world’s biggest community of bitcoin miners, they only used 0.2% of the country’s annual electricity production, according to the report.

«

Dammit.
link to this extract


‘Sexy girl’ bots scam ¥1 billion from dating app users in China • That’s Beijing

Gary Bailer:

»

In possibly the oddest news story to have come out of China so far this year, police recently revealed that chat bots posing as bodacious babes have scammed dating app users out of a collective fortune.

The investigation began last August, when Guangdong police picked up on an app asking users to pay to view pornographic videos that, alas, did not exist.

From there, the investigation expanded to apps run in 13 provinces across China. As of January 8, over 600 individuals had been arrested and 21 companies shut down in cities including Beijing, Guangzhou, Shenzhen, Hangzhou, Changsha and Wuhan.

On the dating apps they formerly operated, some of the so-called single women were in fact chat bots programmed to flirt with users, especially ones that were new to the platform.

In at least one case, Sixth Tone reports, app users could exchange a few messages with a ‘sexy’ bot before being asked to upgrade to VIP status for RMB200.

«

This is the oddest story out of China so far? Then again it’s only the 10th.

Basically, though, Ashley Madison but a bit more low-rent.
link to this extract


Stellar iPhone X performance in GB, China & Japan • Kantar Worldpanel

»

In the USA, the iPhone X was outsold by the iPhone 8 and iPhone 8 Plus in the month of November but did round off the top three best-selling models for the month, easily beating the top Samsung model, the Galaxy S8, which is in sixth position.

The iPhone X was the top selling Smartphone in Japan in November, commanding an 18.2% share, closely followed by the iPhone 8 at 17.2% share. Meanwhile, in urban China, demand for the iPhone X has exceeded all expectations, as Dominic Sunnebo explains, “Apple was riding on the back of some momentum before the iPhone X release but demand for latest model in urban China has been staggering given its price point.

“Apple is now back on form – the iPhone X was the top selling model in urban China in November, with a market share of 6.0%. Unlike in Europe and the US, where the vast majority of new early iPhone X sales came from existing Apple smartphone owners, in urban China there are significant numbers of Huawei, Xiaomi and Samsung customers switching to the new iPhone models, which they deem a cut above the rest.”

«

Apple had a share of 49.4% in the UK in November. That’s astonishing.
link to this extract


Maven buys HubPages: No future for mom-and-pop publishers • ZDNet

Tom Foremski:

»

[HubPages CEO Paul] Edmondson told me that it seemed as if improving the quality of the content resulted in triggering a volatile ranking by Google rather than a positive increase. Months of hard work were not paying off.

I found the reason it wasn’t working described in a Google patent.

Google is very suspicious of anything that increases a sites search rank. It suspects some possible spammy search engine optimization tricks might be at work so it will flag the web site and cause its search rank to fluctuate wildly so as to prevent testing the possible SEO actions. Then it will schedule a manual check of the web site to see if it is legit.

This means that if you rewrite your website to improve quality — and Google wants higher quality content — you are using optimizing your site deliberately to improve your ranking. Google will flag this as suspicious behavior and will vary your page ranking on a random basis that has nothing to do with the changes you made.

You cannot win. Your business success is in the hands of another entity.

Google and Facebook today have about 85% of all mobile ad traffic and they dominate desktop ad markets – small mom and pop publishers have to combine into large enough networks to attract the media buyers.

It’s a race to the bottom – Google revenues are 15% to 18% less per click per quarter – but Google can race to the bottom and still beat Wall Street estimates. That’s not the case for smaller media companies.

The disruption in the media industry will continue in 2018. There is no stable business model and there is none in sight.

«

On the plus side, a lot of the junk sites which fed off the 2016 US election should die, if this is correct.
link to this extract


Sneaky crypto malware miners are targeting ad networks next • CoinDesk

Jonathan Keane:

»

Websites and publishers need to be prepared for cryptocurrency miners slipping into ads on their sites, according to Israeli adtech firm Spotad.

The company, which operates an AI-powered advertising platform for purchasing media space, recently discovered cryptocurrency mining activity on its network, a development the company claims is becoming part of wider trend.

Spotad’s AI system, named “Sarah,” recently identified anomalies in the code of seemingly legitimate ads for both desktop and mobile that turned out to be a miner for the cryptocurrency monero. The JavaScript-enabled ad was designed to dupe users into clicking on a pop-up that would initiate the mining process.

According to co-founder Yoav Oz, the agency responsible for the ad was unaware of the code that was embedded inside. The name of the agency or the subject of the ad has not been disclosed.

«

The irony would be if some of the fake sites that run ads were to be exploited in this way. Be really hard to know where one’s sympathies lay then.
link to this extract


Essential Phone review, four months later: The sun is setting on this experiment • Android Central

Andrew Martonik:

»

Aside from the hardware, every other aspect of my Essential Phone experience has been about frustration. Mostly, it boils down to horrendous software stability and performance. Despite dozens of updates and the anecdotes you may have seen that indicate performance issues have been “fixed,” it most certainly hasn’t. The Essential Phone is handily outperformed by a Moto G5, and that’s just unacceptable — at $699, for sure, but at $499 as well.

Four or five years ago, Android phones were slow and unstable like this. But not today.
It all starts with just general app instability. Apps crash — a lot. More than I’ve experienced on any other phone. They freeze, stutter, lock up and force close. Sometimes you tap an app to open it, and nothing happens for multiple seconds.

«

The comments are the thing here – plenty of people with the same experience. Essential’s whopping valuation suddenly looks like smoke unless it can do something amazing in the smart home space.
link to this extract


Huawei’s CEO going off-script to rage at US carriers was the best speech of CES • The Verge

Vlad Savov:

»

The Huawei boss did something unexpected at the end of his keynote, however. Framed by a simple slide reading “Something I Want to Share,” Yu proceeded to address the failure of Huawei’s carrier deal directly. Shedding the earlier hesitation in his speech, he made the point that American phone buyers can’t have the best and widest choice of device if Huawei products — those of the world’s third-biggest phone vendor — weren’t on offer. “Everybody knows that in the US market that over 90% of smartphones are sold by carrier channels,” he said. “It’s a big loss for us, and also for carriers, but the more big loss is for consumers, because consumers don’t have the best choice.”

Harkening back to the beginning of his Huawei career 25 years ago, Yu radiated a quiet anger at the mistrust his company is being subjected to. He said Huawei faced plenty of doubters in its native China too, being an almost total newcomer to consumer devices six years ago. “We win the trust of the Chinese carriers, we win the trust of the emerging markets… and also we win the trust of the global carriers, all the European and Japanese carriers,” he said. “We are serving over 70 million people worldwide. We’ve proven our quality, we’ve proven our privacy and security protection.”

I craned my neck to look at the teleprompters behind me and they were blank. Yu’s most inspired and most eloquent speech, it turned out, was being delivered without any external help.

«

Then again “best speech of CES” isn’t that high a bar.
link to this extract


News UK finds high levels of domain spoofing to the tune of $1 million a month in lost revenue • Digiday

Jessica Davies:

»

To investigate the level of domain spoofing occurring against its news brands, News UK conducted a programmatic blackout test for two hours in December. The result: 2.9 million bids per hour were made on fake inventory purporting to be News UK’s The Sun and The Times of London newspaper brands.

From the results, the publisher estimates that marketers are wasting £700,000 ($950,000) on domain-spoofed inventory per month. A total of 650,000 ad requests were made each hour, according to the publisher.

The publisher conducted the test between 3a.m. and 5 a.m. on Dec. 4, deliberately choosing a time that would be less disruptive to site visitors and wouldn’t hamper revenues or ongoing campaigns. The publisher shut down all programmatic advertising on its sites, including all supply-side platforms, its header bidding wrapper and all networks. During this time, it was impossible to buy programmatic inventory on The Sun, the Times or News UK’s fantasy football brand Dream Team. That made it easy to isolate inventory that still appeared to be offered on its sites as fraudulent.

«

That’s a lot of money which is being sent to fake sites pretending to be News UK. You can bet it’s repeated far and wide through the ad business. Third-party digital ads must, surely, surely now be reaching some kind of point where it’s not worth advertisers using them, at which point the system collapses?
link to this extract


Collision course: why this type of road junction will keep killing cyclists • Single Track World

“Bez” on a junction in the UK where the angle of road intersection is perfect to make a cyclist invisible behind the driver-side pillar as they approach it:

»

At the position shown, approximately 100m from the junction at Ipley Cross, the pillar obscures roughly 12m of Beaulieu road. That’s six bicycle lengths: enough to hide not just a cyclist but a small group of riders.

Of course, as the driver approaches that junction, that obscured section of road moves towards the junction with them. As does the cyclist.

Parekh’s car had a black box type device, which (contrary to his statements to police) recorded his approach to the junction at a steady speed of 37mph. At this speed it would have taken six seconds to cover the 100m to the collision, and the following image shows the approximate areas obscured by the Zafira’s pillar at six points in time representing each incremental second leading up to impact, with the red area showing the pillar shadow one second prior to impact.

Although the obscured section of road becomes smaller as the driver approaches, it remains large enough to completely obscure a bicycle until less than a second prior to impact: too late for either party to react.

«

There have been multiple accidents with cyclists – including deaths – at that junction. It would be good to have a way to figure out how to discover where such junctions exist.
link to this extract


I tried the first phone with an in-display fingerprint sensor • The Verge

Vlad Savov:

»

The mechanics of setting up your fingerprint on the phone and then using it to unlock the device and do things like authenticate payments are the same as with a traditional fingerprint sensor. The only difference I experienced was that the Vivo handset was slower — both to learn the contours of my fingerprint and to unlock once I put my thumb on the on-screen fingerprint prompt — but not so much as to be problematic. Basically, every other fingerprint sensor these days is ridiculously fast and accurate, so with this being newer tech, its slight lag feels more palpable.

Vivo is using a newly announced Synaptics optical sensor, which has been in development for years. It works by peering through the gaps between the pixels in an OLED display (LCDs wouldn’t work because of their need for a backlight) and scanning your uniquely patterned epidermis. This is likely the tech that Synaptics and Samsung were collaborating on for the Galaxy S8 for last year, right up until it became apparent that it wouldn’t be ready in time for the phone’s release. Things are different now, as Vivo is close to announcing this as-yet-unnamed phone properly and Synaptics is already in mass production with the so-called Clear ID sensor.

«

Won’t replace or be added to FaceID; Samsung might get it into the Galaxy Note 9. It’s a nice idea, but there are questions about the accuracy – as it’s optical, how good will the error rate (positive or negative) be?
link to this extract


Errata, corrigenda and ai no corrida: none notified

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Start Up: discovering Spectre and Meltdown, where are Wikileaks’s bitcoinillions?, self-mending screens, and more


Uber launches in Cincinnati in 2014. Think it’s profitable there? Probably not. Photo by 5chw4r7z on Flickr.

Back early, by hardly any demand at all! But that’s life.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 13 links for you. Unlucky for some I’m @charlesarthur on Twitter. Observations and links welcome.

How Meltdown and Spectre were independently discovered by four research teams at once • WIRED

Andy Greenberg:

»

The Graz team’s discovery, an attack that would come to be known as Meltdown, proved a critical crack in one of computing’s most basic safeguards. And perhaps most troubling of all, the feature they had exploited was introduced into Intel chips in the mid-1990s. The attack had somehow remained possible, without any apparent public discovery, for decades.

Yet when Intel responded to the trio’s warning—after a long week of silence—the company gave them a surprising response. Though Intel was indeed working on a fix, the Graz team wasn’t the first to tell the chip giant about the vulnerability. In fact, two other research teams had beaten them to it. Counting another, related technique that would come to be known as Spectre, Intel told the researchers they were actually the fourth to report the new class of attack, all within a period of just months.

“As far as I can tell it’s a crazy coincidence,” says Paul Kocher, a well-known security researcher and one of the two people who independently reported the distinct but related Spectre attack to chipmakers. “The two threads have no commonality,” he adds. “There’s no reason someone couldn’t have found this years ago instead of today.”

«

I’d imagine there were people in security agencies who found this a while ago, and liked it. The coincidental discovery? There are tons of people everywhere who are trying to find security glitches and hacks.
link to this extract


The Spectre of an advertising meltdown: what you need to know • Lawfare

Nicholas Weaver:

»

The information security world is focused on two new security vulnerabilities, “Spectre” and “Meltdown”, that represent vulnerabilities embedded in computer hardware. Lawfare readers should respond in two ways: keep their operating systems up to date and, critically, install an ad-blocker for your web browser. (Here are guides on how to do so in Chrome and Firefox.) In fact, a proper response to Spectre should involve ad-blocking on all government computers. Other than that, don’t worry.

Readers who just wanted to know what to do can stop reading. But for those curious about some of the technical background on these vulnerabilities and why ad-blocking is an essential security measure for a modern computer, read on.

«

link to this extract


No tracking, no revenue: Apple’s privacy feature costs ad companies millions • The Guardian

Alex Hern:

»

Advertising technology firm Criteo, one of the largest in the industry, says that the Intelligent Tracking Prevention (ITP) feature for Safari, which holds 15% of the global browser market, is likely to cut its 2018 revenue by more than a fifth compared to projections made before ITP was announced.

With annual revenue in 2016 topping $730m, the overall cost of the privacy feature on just one company is likely to be in the hundreds of millions of dollars.

Dennis Buchheim, general manager of the Interactive Advertising Bureau’s Tech Lab, said that the feature would impact the industry widely.

“We expect a range of companies are facing similar negative impacts from Apple’s Safari tracking changes. Moreover, we anticipate that Apple will retain ITP and evolve it over time as they see fit,” Buchheim told the Guardian.

“There will surely be some continued efforts to ‘outwit’ ITP, but we recommend more sustainable, responsible approaches in the short-term,” Buchheim added.

«

John Gruber called this article “pro-ad industry”. Can’t say I see that myself.
link to this extract


Uber is not price competitive with transit • Medium

Paris Marx:

»

Uber’s strategy of reporting large losses to develop a customer base is not unique; many tech companies have taken a similar path before it. The tech press has compared Uber favorably with Amazon — now the fourth largest company in the world by market cap — because the latter reported growing losses every year from 1994 to 2000, during which time investors worried it would ever turn a profit. But there’s an important detail left out of those stories: how the scale of Uber’s losses compare to Amazon’s.

In WTF? What’s the Future and Why It’s Up to Us, Tim O’Reilly writes that Amazon lost $2.9bn over its first five years before turning a profit in 2001. That may seem like a lot, until Uber’s losses are placed beside it.

In 2016 alone, Uber lost $2.8bn, almost as much as Amazon lost over five years; but the losses didn’t stop there. Over the first three quarters of the 2017 fiscal year, Uber has already lost $3.2bn, with a loss of $1.5bn in the most recent quarter. A chart of Uber’s financials shows its losses have gotten worse in each quarter of 2017, suggesting annual losses for the year will likely hit $5bn, and the company has no realistic path to profitability.

«

Well, it does have a path to profitability – raise its prices. Except that (it’s later explained)

»

“Transportation industry expert Hubert Horan has detailed how “[d]rivers, vehicles and fuel account for 85% of urban car service costs” — costs which cannot be reduced with scale”.

«

And Marx (this one) does look at the question of driverless filling the gap.
link to this extract


Where did WikiLeaks’ $25m bitcoin fortune go? • The Daily Beast

Joseph Cox:

»

Everyone from early investors to cybercriminals has benefited from the huge spike in the value of bitcoin in the past few weeks. It’s a boon for one other outfit that has likely racked up tens of millions of dollars’ worth of the cryptocurrency: WikiLeaks.

The transparency organization may be sitting on a stockpile of bitcoin valued at around $25 million, and has likely exchanged several other large cryptocurrency caches for fiat cash, according to two sources who independently analyzed WikiLeaks’ bitcoin transactions.

“Last wallet looks like his piggy bank,” John Bambenek, a security expert who has previously tracked Neo-Nazis’ use of bitcoin, told The Daily Beast, pointing to a specific bitcoin address believed to be linked to WikiLeaks.

An oft-repeated myth is that bitcoin is an anonymous currency. Although it can sometimes be harder for observers to determine which bitcoin address belongs to whom, the blockchain—the ledger listing all bitcoin transactions—is entirely public. Using this, it’s often possible to see which bitcoin wallets are associated with one another, perhaps link them to real identities, and infer what a bitcoin transaction was for…

…“Well, considering Julian [assange] is holed up in an embassy, it’s entirely possible someone else has physical possession. But would you trust that cash to someone else?” Bambenek said.

Julian Assange and the main WikiLeaks Twitter account did not respond to a request for comment.

Unsurprisingly, it appears WikiLeaks may have converted some of its bitcoin donations into much more practical fiat currency, too. Several other large chunks of bitcoin moved from the WikiLeaks donation address to BitPay, a bitcoin exchange platform, Bambenek said.“I am assuming he spent, because it went to BitPay,” Bambenek added, referring to WikiLeaks founder Assange. The second source said WikiLeaks has spent around 3,500 bitcoin since its move to the digital currency.

«

With rumours that Ecuador is looking to shift Assange out of its London embassy – and thus into the waiting arms of UK police – he might need that.
link to this extract


Google faces new discrimination charge: paying female teachers less than men • The Guardian

»

Google, which has been accused of systematically underpaying female engineers and other workers, is now facing allegations that it discriminated against women who taught employees’ children at the company’s childcare center.

A former employee, Heidi Lamar, is alleging in a complaint that female teachers were paid lower salaries than men with fewer qualifications doing the same job.

Lamar, who worked at Google for four years before quitting in 2017, alleged that the technology company employed roughly 147 women and three men as pre-school teachers, but that two of those men were granted higher starting salaries than nearly all of the women.

“I didn’t want to work for a company that I can’t trust, that makes me feel like my values of gender equality are being compromised,” Lamar, 31, told the Guardian.

«

Oh, but now read on.
link to this extract


Google memo author James Damore sues company for discrimination against white males • Buzzfeed

Ryan Mac:

»

The author of a controversial memo that sparked debates about gender and diversity at Google sued his former employer on Monday, alleging that the company discriminates against politically conservative white men.

James Damore, who was fired in August for internally circulating a manifesto that argued Google’s gender pay gap was the result of genetic differences that tend to favor men, said in a lawsuit filed in Santa Clara Superior Court that the search giant “singled out, mistreated, and systematically punished and terminated” employees who deviated from the company’s view on diversity. Damore and a second plaintiff, David Gudeman, another former Google engineer, are seeking class-action status for anyone who identifies as conservative, Caucasian, or male.

The men are being represented by Harmeet K. Dhillon, the Republican National Committee’s committeewoman for California.

“Google’s management goes to extreme — and illegal — lengths to encourage hiring managers to take protected categories such as race and/or gender into consideration as determinative hiring factors, to the detriment of Caucasian and male employees and potential employees at Google,” the suit reads.

«

Another quote from the suit: “…The presence of Caucasians and males was mocked with ‘boos’ during company- wide weekly meetings”. I bet Google wishes it had dumped Damore’s CV and never gave him an interview.
link to this extract


CoffeeMiner hijacks public Wi-Fi users’ browsing sessions to mine cryptocurrency • ZDNet

Charlie Osborne:

»

According to the developer, public Wi-Fi may also now be a source of income for hackers that successfully pull off man-in-the-middle (MiTM) attacks to launch cryptocurrency miners.

The project, released to the public for academic study, leans upon the recent discovery of a cryptocurrency miner discovered on a Starbucks Wi-Fi network.

CoffeeMiner works in a similar way. The attacking code aims to force all devices connected to a public Wi-Fi network to covertly mine cryptocurrency.

The attack works through the spoofing of Address Resolution Protocol (ARP) messages by way of the dsniff library which intercepts all traffic on the public network.

Mitmproxy is then used to inject JavaScript into pages the Wi-Fi users visit. To keep the process clean, the developer injected only one line of code which calls a cryptocurrency miner.

«

Can’t wait for the cryptocurrency madness to expire.
link to this extract


No boundaries for user identities: web trackers exploit browser login managers • Freedom To Tinker

Gunes Acar:

»

We show how third-party scripts exploit browsers’ built-in login managers (also called password managers) to retrieve and exfiltrate user identifiers without user awareness. To the best of our knowledge, our research is the first to show that login managers are being abused by third-party scripts for the purposes of web tracking.

The underlying vulnerability of login managers to credential theft has been known for years. Much of the past discussion has focused on password exfiltration by malicious scripts through cross-site scripting (XSS) attacks. Fortunately, we haven’t found password theft on the 50,000 sites that we analyzed. Instead, we found tracking scripts embedded by the first party abusing the same technique to extract emails addresses for building tracking identifiers.

The image above shows the process. First, a user fills out a login form on the page and asks the browser to save the login. The tracking script is not present on the login page [1]. Then, the user visits another page on the same website which includes the third-party tracking script. The tracking script inserts an invisible login form, which is automatically filled in by the browser’s login manager. The third-party script retrieves the user’s email address by reading the populated form and sends the email hashes to third-party servers.

«

The link above (“has been known”) is actually only one of the five offered in that phrase – OK, so I’m lazy about copying all the HTML sometimes. It’s a problem though that the most secure way to handle passwords is also so exploitable. So it’s back to remembering them all?
link to this extract


My internet mea culpa • Shift Newco

Rick Webb:

»

Being generous to the prophets [Stewart] Brand and [Kevin] Kelly et al, it’s entirely reasonable to argue that this version of a global village is not what they proposed or envisioned. Minorities are still denied equal voices on the internet — harassed off of it, or still unable to even get online. Massive amounts of data is still hidden behind firewalls or not online at all. Projects to bring more information online (such as Google Books) have foundered due to institutional obstruction or a change of priorities in those undertaking them. Governments still have secrets. Organizations such as Wikileaks that showed early promise in this regard have been re-cast as political tools through some mix of their own hubris and the adversarial efforts of the governments they seek to expose.

It’s quite easy to see the differences between the internet world we live in and the utopia we were promised. And a fair measure of that is because we didn’t actually make it to the utopia. The solution, then, the argument goes, is to keep at it. To keep taking our medicine even as the patient gets more sick, on the faith that we will one day reach that future state of total-information-freedom and equality of voices.

This isn’t an unreasonable position, but I think it would have been worth thinking about beforehand. There is a difference between Advil and chemotherapy. If you’re not dying of cancer, the benefits of something like chemotherapy are dubious. A better metaphor might be back pain. I have back pain. I could get surgery for my back pain. But the surgery is hugely debilitating, with only moderate chances of success. It is not unreasonable for me to say “nah, not worth it.”

«

I think Wikileaks on its own sums up the degradation of the dream. It began trying, and succeeding, in exposing African dictators; it has ended up helping Russian ones, and quite where it morphed from idealism to cynicism is difficult to pinpoint.
link to this extract


What happened when the infosec community outed its own sexual predators • The Verge

Sarah Jeong:

»

Since autumn, I’ve noticed SHA hashes popping up again across my social media feeds — hashes of men’s initials or sometimes full names. These strings cannot be decrypted but if you know or suspect what the solution is, you can try running the same algorithm over it and see if the hash matches. Women describe how they or a friend were harassed or assaulted, they describe in vague terms the man in question. And then they post the hash, so their friends can check to see if they’ve been attacked by the same man.

It’s a step up from the “Shitty Media Men” spreadsheet that went viral a couple of months ago, a means of sharing information that is easy enough among the women who are capable of opening a command line window and running SHA-256 on a man’s name — women who deal professionally with secrets, privacy, truth, and verification. These are women whose technical abilities, whose place in their world, have long been questioned. They have been treated like fakes and posers and interlopers and arm candy. But they are here and have always been here. And when all the bad men who “do good work” have fallen from their pedestals, those women are waiting, ready to inherit the tech industry.

«

Such a clever idea. Hide it from everyone except those who also know it, so that you can be sure that you all agree before going public. (Could such a system be used for the accused in rape trials?)
link to this extract


Phone screen, heal thyself • CCS Insigh

Shaun Collins:

»

Researchers at the University of Tokyo have discovered a new polymer that can actually heal itself, pointing the way to a future of self-healing phone screens.

There’s been ongoing efforts to improve the strength of displays on smartphones and tablets, and there’s no denying that they’ve become tougher. Nonetheless, round-the-clock smartphone use has increased the potential for drops and smashes. Screens are getting damaged all the time.

The polymer was discovered by accident by a Japanese graduate student, Yu Yanagisawa, who thought the material would become a type of glue. He found that cut edges of the polymer would stick to each other, and formed a strong sheet after being compressed by hand at 21 degrees Celsius.

The findings of a team of researchers led by Professor Takuzo Aida have been published in Science magazine. Titled Mechanically robust, readily repairable polymers via tailored noncovalent cross-linking, the research promises a hard glass-like polymer called polyether-thioureas that can heal itself with only hand pressure. This makes it different from other materials that need high heat to recover from a break.

«

CCS Insight reckons between 10% and 15% of smartphone owners crack or smash a display every year. It’s a big business.
link to this extract


What do you call a world that can’t learn from itself? • Eudaimonia

Umair Haque:

»

There is a myth of exceptionalism in America that prevents it from looking outward, and learning from the world. It is made up of littler myths about greed being good, the weak deserving nothing, society being an arena, not a lever, for the survival of the fittest  —  and America is busy recounting those myths, not learning from the world, in slightly weaker (Democrats) or stronger (Republicans) forms. Still, the myths stay the same  —  and the debate is only really about whether a lightning bolt or a thunderstorm is the just punishment from the gods for the fallen, and a palace or a kingdom is the just reward for the cunning.

Hence, I have never once sees in America a leader saying, “hey! See that British healthcare system? That German union and pension system? Why don’t we propose that? They work!!” Instead, the whole American debate is self-referential  —  pundits debating Andrew Jackson (LOL) instead of, say, what the rest of the world does today in 2017. How can a broken society grow only by looking inwards? If you are a desperate, heart-broken addict, what can you learn from yourself? Won’t you only, recounting your pain, reach for the needle quicker?

«

This is a fabulous essay. As he points out, American life expectancy is also lower than you’ll find in comparable European countries, and as he also notes:

»

The same is true for things like maternal mortality, stress, work and leisure, press freedom, quality of democracy — every single thing you can think of that impacts how well, happily, meaningfully, and sanely you live is worse in America, by a very long way.

«

But as he also points out, neither is learning the lessons of the other.
link to this extract


Errata, corrigenda and ai no corrida: none notified