Author Archives: charlesarthur

Unknown's avatar

About charlesarthur

Freelance journalist - technology, science, and so on. Author of "Digital Wars: Apple, Google, Microsoft and the battle for the internet".

Start up: who backs the FBI?, Google gets RCS, LG goes modular, Linux Mint backdoored, and more

Posted on by
3

Does the American public back Apple or the FBI in the fight over encryption? Photo by IceNineJon on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

After Jibe Mobile buy, Google to provide carriers with Android RCS client » TechCrunch

Natasha Lomas is very unimpressed by Google’s announcement with carriers at MWC:

»at the time of the acquisition of [RCS app maker] Jibe [in September 2015], telecoms analyst Dean Bubley suggested Mountain View’s move was actually aimed at building its own Android-to-Android iMessage competitor — a theory he’s still not ruling out, so perhaps Google still has some hopes on that front.

Albeit, Bubley couches Google’s latest RCS pronouncement as “very lukewarm”, noting it has not specified the client will be on all Android devices, for example, even if what is clearly carrier-written PR talks about reaching “all Android devices” — which would encompasses an awful lot of hardware these days, from phones to smart TVs, to smartwatches and more. (We’ve asked Google for some clarity here and will update this post with any response).

A Google spokeswoman said: “Once deployed, the Universal RCS Client will come standard for all Android devices globally, providing a more consistent experience with more advanced features.”  To be clear, that’s ‘standard’ in the sense of OEMs and carriers being able to choose to install it — so not universal, not mandated by Google and thus most certainly fragmented. (Also on fragmentation the spokeswoman confirmed that currently the client only works on phones and tablets, so not all Android devices by any means.)

There’s also no clear timeframe on when Google will be delivering the RCS client. (The spokeswoman had no concrete commitments to impart here, saying only that Google is “planning to launch later this year”.) And, as noted above, without ubiquity it’s going to mean fragmentation keeps RCS-powered messaging apps from building the sought for mass messaging momentum via the platform.

«

Expectations that Google would introduce a sort of iMessage-like app across all Android devices via Google Play seem overblown. It’s also not very private.
link to this extract

 

October 2015: Android 6.0 re-implements mandatory storage encryption for new devices » Ars Technica

Andrew Cunningham in October 2015:

»Shortly after the announcement of iOS 8 in 2014, Google made headlines by saying that it would make full-device encryption mandatory for new Android devices running version 5.0. It then made more headlines several months later when we discovered that the company backed down, “strongly recommending” that Android device makers enable encryption but stopping short of actually requiring it.

Now Google has published an updated version of the Android Compatibility Definition Document (PDF) for Android 6.0, and it looks like mandatory encryption is back with a couple of exceptions. New devices that come with Marshmallow and have AES crypto performance above 50MiB-per-second need to support encryption of the private user data partition (/data) and the public data partition (/sdcard).

«

Still unclear which devices actually implement this. Is there a table or list anywhere?
link to this extract

 

More support for Justice Department than for Apple in dispute over unlocking iPhone » Pew Research Center

»As the standoff between the Department of Justice and Apple Inc. continues over an iPhone used by one of the suspects in the San Bernardino terrorist attacks, 51% say Apple should unlock the iPhone to assist the ongoing FBI investigation. Fewer Americans (38%) say Apple should not unlock the phone to ensure the security of its other users’ information; 11% do not offer an opinion on the question.

News about a federal court ordering Apple to unlock the suspect’s iPhone has registered widely with the public: 75% say they have heard either a lot (39%) or a little (36%) about the situation.

«

Survey of 1,002 adults, so statistically valid (as you’d expect from Pew). The FBI, as we knew, has chosen its fight carefully.
link to this extract

 

Hacker explains how he put “backdoor” in hundreds of Linux Mint downloads » ZDNet

Zack Whittaker:

»The surprise announcement of the hack was made Saturday by project leader Clement Lefebvre, who confirmed the news.

Lefebvre said in a blog post that only downloads from Saturday were compromised, and subsequently pulled the site offline to prevent further downloads.

The hacker responsible, who goes by the name “Peace,” told me in an encrypted chat on Sunday that a “few hundred” Linux Mint installs were under their control [for a botnet] – a significant portion of the thousand-plus downloads during the day.

But that’s only half of the story.

Peace also claimed to have stolen an entire copy of the site’s forum twice — one from January 28, and most recently February 18, two days before the hack was confirmed.

The hacker shared a portion of the forum dump, which we verified contains some personally identifiable information, such as email addresses, birthdates, profile pictures, as well as scrambled passwords.

Those passwords might not stay that way for much longer. The hacker said that some passwords have already been cracked, with more on the way. (It’s understood that the site used PHPass to hash the passwords, which can be cracked.)

«

These days I operate on the default assumption that any site into which I put personal information will get hacked eventually. On that basis I’m parsimonious with such information.

Backdoors in Linux, though – not good. (Mint is reckoned to be the third most popular distro.)
link to this extract

 

LG’s G5 is a radical reinvention of the flagship Android smartphone » The Verge

Vlad Savov on the “Friends” additions for the LG G5:

»A small key on the side of the phone pops open its lower section, which can be pulled out along with the battery, then the battery is fitted into the next module and that straps back into the phone. The whole process sounds finicky, but there’s nothing flimsy about the way LG has constructed either the phone, its battery, or the extras, so everything can be done quickly and forcefully. And yes, it really does feel like loading a fresh clip into your gun.

The first plug-in module is the LG Cam Plus, which offers an enlarged camera grip for single-handed photography and also contains extra battery power. This Friend is decorated with a physical shutter button, a dedicated video recording key, an LED indicator, and a very satisfying jog dial to control zoom on the G5. You’re still using the two cameras built into the phone itself, but this extra part essentially reshapes the device and gives it extra juice to keep going for 6 to 8 hours longer, expanding the battery from 2,800mAh to 4,000mAh.

The LG Hi-Fi Plus is an external 32-bit DAC and amplifier combo unit, tuned in collaboration with Bang & Olufsen. It supports native DSD playback and will come with a pair of H3 B&O Play earphones. Unlike the Cam Plus, this module doesn’t really affect the shape or ergonomics of the G5. It just makes it a little longer and breaks up its color synchronicity (the Hi-Fi Plus is a matte black, whereas the phones vary between silver, gold, pink, and a graphite shade that LG calls “titan”). Importantly, the Hi-Fi Plus will process and upsample content from any app producing sound on the phone, including YouTube clips.

Also making their debut today are the LG 360 Cam and LG 360 VR headset. The camera is a dual-sensor spherical camera that captures either 16-megapixel stills or up to 2K video and will have immediate support from YouTube 360 and Google Street View.

«

And there’s even a VR headset. Price? “Reasonable,” according to LG, not giving a price. I’m unsure that “Friends” will get enough traction unless they’re available on all LG’s smartphones – but in that case, why would you buy the G5? Modularity in the handset kills premium pricing even faster than OS modularity.
link to this extract

 

Smartphone ownership and internet usage continues to climb in emerging economies » Pew Research Center

»For smartphone ownership, the digital divide between less advanced economies and developed economies is 31 points in 2015. But smartphone ownership rates in emerging and developing nations are rising at an extraordinary rate, climbing from a median of 21% in 2013 to 37% in 2015. And overwhelming majorities in almost every nation surveyed report owning some form of mobile device, even if they are not considered “smartphones.”

«

link to this extract

 

Telegraph suspends comment on relaunched online content » The Guardian

Mark Sweney:

»The Telegraph has suspended online comment on stories and features “until further notice” as part of a review of the way the newspaper engages with its audience.

As part of the relaunch of Telegraph.co.uk, the company is also researching whether to reinstate the facility. The print edition of the newspaper has recently been given a new look.

The roll-out of the new-look site is being done in stages with travel, TV, lifestyle and technology sections already live, but with comments turned off. The parts of the site that have not yet been included in the redesign still allow comments.

A spokesman for the Telegraph said: “In the process of migrating its site to a new online platform, the Telegraph has suspended the comment function in some areas under transition until further notice.

“It’s also undertaking research to understand the best way to support reader engagement, but in the meantime they can continue to comment on and share articles through Telegraph Facebook pages, or via Twitter, in the usual way.”

«

“In the usual way”? Anyway; another one onto the list. I should be totting these up.
link to this extract

 

In search of a business model: the future of journalism in an age of social media and dramatic declines in print revenue » Shorenstein Center

»Nicco Mele [former deputy publisher of the Los Angeles Times] described a deepening crisis in the newspaper industry: although some outlets are seeing the largest online audiences they have ever had, revenue is still shrinking. On a local level, preprint advertising (e.g. coupons) has seen a steep decline as retailers like Wal-Mart and Best Buy face challenges of their own. Paradoxically, print advertising still generates the vast majority of newspaper revenue – an undesirable situation, given the cost of printing.

“If the next three years look like the last three years, I think we’re going to look at the 50 largest metropolitan papers in the country and expect somewhere between a third to a half of them to go out of business,” said Mele.

Mele noted that newer entrants such as Buzzfeed, Vox and Vice rely in large part on venture capital. “None of them are yet true public companies with a clear sense of what their revenue equation looks like,” he said.

And although philanthropic and government funding could be options, Mele stressed the importance of news outlets remaining economically independent from large institutions to better fulfill their duty of holding power accountable.

What is clear is that diversity in revenue streams will be an essential part of the future, said Mele, and part of the mix could include two effective but “underappreciated” options: subscription revenue and native content.

«

The point about Buzzfeed, Vice and Vox is pretty keen: they’re still amped up on the sugar of VC money.
link to this extract

 

A skeleton key of unknown strength » Dan Kaminsky’s Blog

Kaminsky is a security researcher of some renown; here is his take on the bug in glibc, a very widely used C library:

»Patch this bug.  You’ll have to reboot your servers.  It will be somewhat disruptive.  Patch this bug now, before the cache traversing attacks are discovered, because even the on-path attacks are concerning enough.  Patch.  And if patching is not a thing you know how to do, automatic patching needs to be something you demand from the infrastructure you deploy on your network.  If it might not be safe in six months, why are you paying for it today?

It’s important to realize that while this bug was just discovered, it’s not actually new.  CVE-2015-7547 has been around for eight years.  Literally, six weeks before I unveiled my own grand fix to DNS (July 2008), this catastrophic code was committed.

Nobody noticed.

The timing is a bit troublesome, but let’s be realistic:  there’s only so many months to go around.  The real issue is it took almost a decade to fix this new issue, right after it took a decade to fix my old one (DJB didn’t quite identify the bug, but he absolutely called the fix).  The Internet is not less important to global commerce than it was in 2008. Hacker latency continues to be a real problem.

What maybe has changed over the years is the strangely increasing amount of talk about how the Internet is perhaps too secure.  I don’t believe that, and I don’t believe anyone in business (or even with a credit card) does either.

«

Wonder whose commit it was.
link to this extract

 

Customer Letter – FAQ » Apple

Apple has added on some answers to its “Customer Letter” from last week:

»Q: The government says your objection appears to be based on concern for your business model and marketing strategy. Is that true?

A: Absolutely not. Nothing could be further from the truth. This is and always has been about our customers. We feel strongly that if we were to do what the government has asked of us — to create a backdoor to our products — not only is it unlawful, but it puts the vast majority of good and law abiding citizens, who rely on iPhone to protect their most personal and important data, at risk.

Q: Is there any other way you can help the FBI?
A: We have done everything that’s both within our power and within the law to help in this case. As we’ve said, we have no sympathy for terrorists.

We provided all the information about the phone that we possessed. We also proactively offered advice on obtaining additional information. Even since the government’s order was issued, we are providing further suggestions after learning new information from the Justice Department’s filings.

One of the strongest suggestions we offered was that they pair the phone to a previously joined network, which would allow them to back up the phone and get the data they are now asking for. Unfortunately, we learned that while the attacker’s iPhone was in FBI custody the Apple ID password associated with the phone was changed. Changing this password meant the phone could no longer access iCloud services.

«

“It’s not our fault they acted like bozos.”
link to this extract

 

Can the government compel Apple to speak? » Lawfare

Andrew Keane Woods (assistant professor of law at the University of Kentucky College of Law, formerly at Stanford as a cybersecurity fellow) on the 1st Amendment implications of the Apple/FBI case:

»code can be a form of speech. The lock-swapping mechanism required in this case would require Apple’s engineers to sit down at a computer and start writing.  And that action, as courts recognized long ago, is speech. In Bernstein v. Department of Justice, the Electronic Frontier Foundation successfully argued that Daniel J. Bernstein, then a graduate student at Berkeley, had a constitutionally protected right to publish his source code, despite the government’s efforts to block it. (Fittingly enough, the code was for encryption software, which the government tried to suppress on the theory that encryption software is a munition subject to export controls.)

If code is speech, and the government is compelling Apple to code, then it looks an awful lot like the government is compelling speech. That does not resolve the issue, of course, but it opens up a new field for debate – one that has not receive enough attention. The government will respond to this claim by noting that Apple’s code is a far cry from the pledge of allegiance, and therefore does not raise the Establishment Clause concerns that applied in [the case of] Barnette [where schoolchildren were being required, against the constitution, to recite the Pledge of Allegiance]. Maybe. Apple will reply that their word is their most important asset, and that the federal government is compelling them to say something they do not believe.

«

This point hasn’t been much mentioned, but is sure to be brought up. The ramifications of this case really are fascinating.
link to this extract

 

Errata, corrigenda and ai no corrida:

Start up: Google adds ads, HTC nears Vive, Watch wrinkles and worries, FBI v Apple redux, and more

Posted on by
Reply

It’s the Samsung Galaxy S7! Looks completely unlike previous ones, right? Photo by Janitors on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 13 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Four ads on top: the wait is over » Moz

Peter Meyers:

»For the past couple of months, Google has been testing SERPs with 4 ads at the top of the page (previously, the top ad block had 1-3 ads), leading to a ton of speculation in the PPC community. Across the MozCast data set, 4 ads accounted for only about 1% of SERPs with top ads (which matches testing protocol, historically). Then, as of yesterday, this happened:

Over the past 2 weeks, we’ve seen a gradual increase, but on the morning of February 18, the percentage of top ads blocks displaying 4 ads jumped to 18.9% (it’s 19.3% as of this morning). Of the 5,986 page-1 SERPs in our tracking data that displayed top ads this morning, here’s how the ad count currently breaks down:

As you can see, 4-ad blocks have overtaken 2-ad blocks and now account for almost one-fifth of all top ad blocks. Keep in mind that this situation is highly dynamic and will continue to change over time. At the 19% level, though, it’s unlikely that this is still in testing.

«

Google came up in a time when search engine results pages (SERPs) were stuffed with paid-for ads. Google’s clean results page was different. Now the other search engines have gone away. And SERPs are becoming stuffed with ads again.
link to this extract

 

Phone makers look to add-on gizmos to revitalize market » Reuters

Meanwhile, there’s that event called Mobile World Congress going on in Barcelona this week. Paul Sandle notes the pressures on “traditional” handset makers:

»while the competition [among handset makers] intensifies true innovation has not, with the Barcelona show expected to feature instead other products that connect to phones, like all-round cameras capable of producing immersive views, new wearable devices and electronic gadgets for the home or workplace that use smartphones as a processing hub.

As usual Apple will be absent, preferring to run its own events for new product launches.

“We will see a lot of stuff around 360-degree cameras and virtual reality headsets with a smartphone,” said Francisco Jeronimo, an analyst with research firm IDC. “Commodities rather than innovation”, said Forester analyst Thomas Huston.

“I don’t expect true innovation, it’s going to be more about the specifications, the better processing power, the battery life,” he said.

“What’s the benefit for consumers? I think it will be very limited.”

«

link to this extract

 

Samsung Galaxy S7 and S7 Edge: curvier, faster, micro SD expansion — available March 11 » Ars Technica UK

Mark Walton:

»In a surprise move, those that pre-order in the UK and US will receive a free Galaxy Gear VR headset to go along with their shiny new phone.

At first glance—besides their larger screen sizes—both phones look largely identical to their predecessors, the S7 sporting a flat glass front, and the S7 Edge sporting a curved display that gently folds in at the edges to the meet the aluminium body. Both phones will be available in Black Onyx and Gold Platinum, with the S7 Edge also available in Silver Titanium. Unfortunately for fans of 4K, both the S7 and S7 Edge are rocking 2560×1440 pixel displays. The most noticeable design change comes to the rear of the phone, where the dreaded camera bump has been removed to to make the camera module flush with the body. Surprisingly, this hasn’t affected the thickness of the phones, which remain fairly svelte at 7.9mm for the S7 and 7.7mm for the S7 Edge. The regular S7 also gains a curved back like the Galaxy Note 5.

Perhaps more exciting is that the S7 and S7 Edge both feature a microSD card slot, a much requested feature that was removed from the S6. Both phones will ship with Android 6.0 Marshmallow, which allows users to merge the SD card with the internal flash memory to create one large seamless pool of storage, making the SD card slot a welcome addition. Also back is water and dust resistance, which was previously found in the Galaxy S5 but was skipped over for the S6. The Galaxy S7 and S7 Edge are both rated IP68, which equates to “totally dust tight” and prolonged submersion in water (the S5 was IP67, which is only “temporary immersion”).

There’s nothing too surprising happening on the inside, aside from the bump up to 4GB of RAM.

«

Don’t think this will make the slightest difference to the general arc of smartphone sales. I doubt these will sell better than either the S5 or S6 or S6 Edge. Water/dust resistance didn’t help the S5; and the Edge feature didn’t change anything much in sales terms.
link to this extract

 

The consumer version of HTC’s Vive VR headset will arrive in April for $799 with two free games » Android Police

Michael Crider:

»The headset is nearing completion, and the company has announced that the final consumer model will ship in early April for the disappointing price of $799. For that price you get two motion-sensing controllers, two room scale sensors, and VR games Job Simulator: The 2050 Archives and Fantastic Contraption. Pre-orders begin next week on February 29th.

Unlike Google Cardboard, Samsung’s Gear VR, and other systems that rely on a smartphone as a slide-in display, the Vive is a fully contained unit with screens, optical lenses, sensors, a camera and microphone, and other electronics built into the device itself. Like the Oculus, it needs a standard PC (and a quite powerful one) to send video and process images for gaming and other applications. Early reports of the Vive have praised it as an impressive experience, particularly with games that have been developed specifically for the platform. However, the Vive will also be able to connect to at least some smartphones via Bluetooth for answering phone calls and viewing notifications, perhaps allowing HTC some synergy with its phone lines.

«

“The headset is nearing completion”? I’m hoping that’s just a loose version of “it’s nearly public”. If it isn’t complete yet, they’ve got some problems. (As for “synergy” – dream on.)
link to this extract

 

Watch apps worth making » David Smith

Smith has shipped 11 Watch apps over the past year:

»There seem to be only three kinds of apps that make sense given the current hardware and software on the Apple Watch.

1: Notifications — Not really an “app” in the traditional sense but getting real-time alerts of things that are important to me is great. Any iOS app that sends notifications should do the basic work to make sure they look and perform well on the Apple Watch.

2: Complications — Showing timely information at the raise of the wrist. These are probably the most practically useful apps on my watch. I typically have my watch show me the current temperature, my current step count, and battery percent. All of which present me with timely information that is useful to know now.

3: Sensors — The last kind of app that has actually stuck for me on the Apple Watch are apps that make use of the sensors on the watch. These apps are essentially impossible to re-create on an iPhone. The Apple Watch includes a heart rate monitor, accelerometer and microphone. I don’t think the range and variety of uses for these has been fully explored yet. Having these sensors persistently attached to your body is very different than any use you might come up with on an iPhone.

«

Completely agree. More sensors would be really useful (even sensors relaying stuff from the phone, as the weather is).

link to this extract

 

Exclusive: common mobile software could have opened San Bernardino shooter’s iPhone » Reuters

Jim Finkle:

»The legal showdown over U.S. demands that Apple Inc AAPL.O unlock an iPhone used by San Bernardino shooter Rizwan Farook might have been avoided if his employer, which owns the device, had equipped it with special mobile phone software it issues to many workers.

San Bernardino County, which employed Farook as an environmental health inspector, requires some, but not all, of its workers to install mobile-device management software made by Silicon Valley-based MobileIron Inc MOBL.O on government-issued phones, according to county spokesman David Wert.

That software is designed to secure corporate data. It also allows information technology departments to remotely unlock phones, even without assistance of the phone’s users or access to the password needed to open the phone and unscramble the data.

“If that particular iPhone was using MobileIron, the county’s IT department could unlock it,” MobileIron Vice President Ojas Rege told Reuters.

«

So there was huge confusion around this phone. Understandable: there’s a mass shooting, the fugitives escape surveillance, a phone is found. Perhaps it is bagged as evidence and its battery runs down, which means it can’t be forced to make an iCloud backup even on trusted Wi-Fi, and that you can’t ask Siri for details about phone calls. Then they reset the password (at the FBI’s request), which made things even worse.

A mess from start to finish – but given that Farook destroyed two other phones, how likely is it that this phone was used to communicate with anyone relevant? Answer: it’s extremely unlikely.
link to this extract

 

Reconciling perspectives: new report reframes encryption debate » Berkman Center

»The Berklett Cybersecurity Project of the Berkman Center for Internet & Society at Harvard University is pleased to announce the publication of a new report entitled “Don’t Panic: Making Progress on the ‘Going Dark’ Debate.” The report examines the high-profile debate around government access to encryption, and offers a new perspective gleaned from the discussion, debate, and analyses of an exceptional and diverse group of security and policy experts from academia, civil society, and the U.S. intelligence community.

“Many conversations on sensitive subjects of technology and security are productive because they’re among people who already agree,” said Prof. Jonathan Zittrain, faculty chair of the Berkman Center. “The aim of this project is to bring together people who come from very different starting points and roles, and who very rarely have a chance to speak frankly with one another. We want to come away with some common insights that could help push the discussion into some new territory.”

The report takes issue with the usual framing of the encryption debate and offers context and insights that widen the scope of the conversation to more accurately reflect the surveillance landscape both now and in the future.

«

Thanks Seth Finkelstein for the link.
link to this extract

 

Apple is selling you a phone, not civil liberties » Lawfare

Susan Hennessey and Benjamin Wittes:

»First, the Going Dark skeptics [who say that it’s OK for phones to be encrypted beyond the capability of companies or law enforcement to decrypt them] demand, show us the cases in which the absence of extraordinary law enforcement access to encrypted data is actually posing a problem. And this demand seemed quite reasonable, in our view. If the FBI wants to take the position that it has a problem, it has to do more than cry wolf. Show us the wolf.

And in the last couple of weeks, the bureau has shown some serious wolf. Consider this excerpt from Director James Comey’s testimony before Congress last week: “A woman was murdered in Louisiana last summer, eight months pregnant, killed, no clue as to who did it, except her phone is there when she’s found killed. They couldn’t open it, still can’t open it. So the case remains unsolved.” (The discussion is available here starting at 31:00.)

Then came the filing in the San Bernardino case this week. Note that this is a case that has a potentially serious ISIS link. The FBI has been sitting on one of the shooter’s phones for more than two months, unable to open it. It wants Apple’s help to determine “who [the shooters] may have communicated with to plan and carry out the IRC shootings, where Farook and Malik may have traveled to and from before and after the incident, and other pertinent information that would provide more information about their and others’ involvement in the deadline shooting.”

This is, in other words, a law enforcement and intelligence interest of the highest order…

«

That Comey testimony, in this extract, is pretty thin gruel; her phone contains the whole answer to the crime? No clues in any physical evidence at all? No clues from her telephone records (which are available from the mobile carrier)? Nothing in her personal computer, assuming she has one? Nothing on any social media profiles, perhaps linked to Tinder? That’s a pretty remarkable murder, and the implication that all the necessary clues are locked inside her phone feels even more remarkable.

But it’s important to read viewpoints like this to realise what the other side of the argument is, and how it carries the same steamroller-style momentum that you might think the privacy/security one does.
link to this extract

 

No, Apple has not unlocked 70 iPhones for law enforcement » TechCrunch

Matthew Panzarino:

»I keep seeing reports that Apple has unlocked “70 iPhones” for the government. And those reports argue that Apple is now refusing to do for the FBI what it has done many times before. This meme is completely inaccurate at best, and dangerous at worst.

There are two cases involving data requests by the government which are happening at the moment. There is a case in New York — in which Apple is trying really hard not to hand over customer information even though it has the tools to do so — and there is the case in California, where it is fighting an order from the FBI to intentionally weaken the security of a device to allow its passcode to be cracked by brute force. These are separate cases with separate things at stake.

The New York case involves an iPhone running iOS 7. On devices running iOS 7 and previous, Apple actually has the capability to extract data, including (at various stages in its encryption march) contacts, photos, calls and iMessages without unlocking the phones. That last bit is key, because in the previous cases where Apple has complied with legitimate government requests for information, this is the method it has used.

It has not unlocked these iPhones — it has extracted data that was accessible while they were still locked. The process for doing this is laid out in its white paper for law enforcement…

It’s worth noting that the government has some tools to unlock phones without Apple’s help, but those are hit and miss, and have nothing to do with Apple. It’s worth noting that in its statements to the court in the New York case, the government never says Apple unlocks devices, but rather that it bypasses the lock to extract the information.

«

Just to clear that up.
link to this extract

 

The colour of surveillance » Slate

Alvaro Bedoya:

»The FBI has a lead. A prominent religious leader and community advocate is in contact with a suspected sleeper agent of foreign radicals. The attorney general is briefed and personally approves wiretaps of his home and offices. The man was born in the United States, the son of a popular cleric. Even though he’s an American citizen, he’s placed on a watchlist to be summarily detained in the event of a national emergency. Of all similar suspects, the head of FBI domestic intelligence thinks he’s “the most dangerous,” at least “from the standpoint of … national security.”

Is this a lone wolf in league with foreign sponsors of terrorism? No: This was the life of Martin Luther King Jr. That FBI assessment was dated Aug. 30, 1963—two days after King told our country that he had a dream…

…Across our history and to this day, people of color have been the disproportionate victims of unjust surveillance; Hoover was no aberration. And while racism has played its ugly part, the justification for this monitoring was the same we hear today: national security.

The FBI’s violations against King were undeniably tinged by what historian David Garrow has called “an organizational culture of like-minded white men.” But as Garrow and others have shown, the FBI’s initial wiretap requests—and then–Attorney General Robert Kennedy’s approval of them—were driven by a suspected tie between King and the Communist Party. It wasn’t just King; Cesar Chavez, the labor and civil rights leader, was tracked for years as a result of vague, confidential tips about “a communist background,” as were many others.

«

link to this extract

 

October 2010: What’s really wrong with BlackBerry (and what to do about it) » Mobile Opportunity

Michael Mace, on an old post which happens to hold some useful insights that are worth remembering:

»When I worked at Apple, I spent a lot of time studying failed computer platforms. I thought that if we understood the failures, we might be able to prevent the same thing from happening to us.

I looked at everything from videogame companies to the early PC pioneers (companies like Commodore and Atari), and I found an interesting pattern in their financial results. The early symptoms of decline in a computing platform were very subtle, and easy for a business executive to rationalize away. By the time the symptoms became obvious, it was usually too late to do anything about them.

The symptoms to watch closely are small declines in two metrics: the rate of growth of sales, and gross profit per unit sold (gross margins). Here’s why:

Every computing platform has a natural pool of customers. Some people need or want the platform, and some people don’t. Your product spreads through its pool of customers via the traditional “diffusion” process — early enthusiasts first, late adopters at the end.

It’s relatively easy to get good revenue from the early adopters. They seek out innovations like yours, and are willing to pay top dollar for it. As the market for a computer system matures, the early adopters get used up, and the company starts selling to middle adopters who are more price-sensitive. In response to this, the company cuts prices, which results in a big jump in sales. Total revenue goes up, and usually overall profits as well. Everybody in the company feels good…

«

But trouble lies ahead.
link to this extract

 

Global smartwatch shipments overtake Swiss watch shipments in Q4 2015 » Strategy Analytics

»According to the latest research from Strategy Analytics, global smartwatch shipments reached 8.1m units in Q4 2015, compared with 7.9m Swiss Watch shipments. It is the first time ever that smartwatches have outshipped Swiss watches on a global basis.

Cliff Raskind, director at Strategy Analytics, said, “We estimate global smartwatch shipments reached 8.1m units in Q4 2015, rising a healthy 316% from 1.9m in Q4 2014. Smartwatches are growing rapidly in North America, Western Europe and Asia. Apple Watch captured an impressive 63% share of the global smartwatch market in Q4 2015, followed by Samsung with 16%. Apple and Samsung together account for a commanding 8 in 10 of all smartwatches shipped worldwide.”

Steven Waltzer, Analyst at Strategy Analytics, added, “We estimate global Swiss watch shipments reached 7.9m units in Q4 2015, falling 5% from 8.3m in Q4 2014. Global demand for Swiss watches is slowing down, and major players like Swatch are struggling to find growth.”

«

The lost 0.4m units doesn’t seem like a big problem at first. But then, nothing bad seems like a big problem at first – as above.
link to this extract

 

Peeling paint, website bugs: Ringing Bell’s ₹251 phone in a storm of controversies day after launch » Huffington Post

Ivan Mehta:

»It started on an off note after Manohar Parrikar, India’s defence minister, did not show up at the event hosted to launch the phone. The details given out about the phone’s specs were nothing if not vague. A Hindustan Times report suggested that when asked the policy behind the pricing of the phone, Ashok Chadha, an official from the company, said the real cost of the device was ₹2500, which will be recovered through a raft of measures like economies of scale, innovative marketing, reduction in duties and creating an e-commerce marketplace.

Pranav Dixit, Tech editor for the Hindustan Times also said in a Reddit AMA that he has received a letter from the Indian Cellular Association (ICA), written to telecom minister Ravi Shankar Prasad, that estimates that the phone should cost at least USD 60 (Approx. ₹4100).

The phones handed over to the press all have an Adcom logo hidden behind a coat of white paint that easily peeled off. A report from Gadgets 360 suggested that phones handed out as review units were not the final products which will be shipped. That raises the question that who is building the final product? The report also says that Ringing Bells has not been registered at BIS, making their devices unsafe to use.

«

Gets worse. So, $4? Probably more like $40 in reality.
link to this extract

 

Errata, corrigenda and ai no corrida:

Start up: FBI v Apple redux, Google’s Cloud Vision, fixing #error53, Iraq’s lost iridium, and more

Posted on by
4

You can always sign up to receive each day’s Start Up post by email. Try it. Unless you’re reading the email.

A selection of 12 links for you. Remember, Friday is for life, not just for Christmas. I’m charlesarthur on Twitter. Observations and links welcome.

Statement on FBI-Apple court order » Congressman Ted Lieu

This might not be what you expect:

»Congressman Ted Lieu (D-Los Angeles County) issued the following statement regarding the APPLE court order. Congressman Lieu is one of only four computer science majors in Congress.  Congressman Lieu is also the author of the ENCRYPT ACT of 2016.

“The terrorist attack in San Bernardino was horrific and the tragic loss of innocent lives demands a strong response.  I have several deep concerns, however, about the unprecedented court order that forces Apple to create software it does not have in order to provide a “back door” way to weaken its smartphone encryption system.

This FBI court order, by compelling a private sector company to write new software, is essentially making that company an arm of law-enforcement.   Private sector companies are not—and should not be—an arm of government or law enforcement.

This court order also begs the question: Where does this kind of coercion stop?  Can the government force Facebook to create software that provides analytic data on who is likely to be a criminal?  Can the government force Google to provide the names of all people who searched for the term ISIL?  Can the government force Amazon to write software that identifies who might be suspicious based on the books they ordered?”

«

link to this extract

 

A Linux-powered microwave oven [LWN.net]

Neil Brown:

»Adding a smartphone-like touchscreen and a network connection and encouraging a community to build innovative apps such as recipe sharing are fairly obvious ideas once you think to put “Linux” and “microwave oven” together, but Tulloh’s vision and prototype lead well beyond there. Two novel features that have been fitted are a thermal camera and a scale for measuring weight.

The thermal camera provides an eight-by-eight-pixel image of the contents of the oven with a precision of about two degrees. This is enough to detect if a glass of milk is about to boil over, or if the steak being thawed is in danger of getting cooked. In either case, the power can be reduced or removed. If appropriate, an alert can be sounded. This would not be the first microwave to be temperature sensitive — GE sold microwave ovens with temperature probes decades ago — but an always-present sensor is much more useful than a manually inserted probe, especially when there is an accessible API behind it.«

Just wait until you get onto the bit about making sure the door is shut (which is what stops you blasting the room with microwaves that would cook you).
link to this extract

 

Learning the Alphabet » The Verge

Ben Popper:

»For the most part, [Flint, Michigan schools technology director Dan] Davenport’s repository consisted of eight- to 10-year-old Dell desktops and laptops he had robbed of RAM and other components to help speed up or repair machines used by teachers. “We are left with these mismatched parts.” And yet, when he set the machines up to run Neverware’s Cloud Ready version of Chromium, they outperformed newer Windows machines the school was using. “If you are comparing what we used to run, Chrome and Neverware is a better experience for the end user.”

Davenport estimates that to get a new machine and the proper license, it would cost around $400 for each new Windows computer and $200 for each new Chromebook. “With Neverware it’s costing me 50 bucks.” The school is now adapting several computer labs to run Neverware chromebooks. “Hey, that’s an interesting model,” says Davenport with a chuckle. “Run on your oldest junk for next to no money.” The transformation at Ovid-Elsie is striking, but far from unique. It’s just one example of a much larger trend toward cloud computing, a paradigm shift that has radically reshaped the technological landscape at schools across the United States.

«

Popper says – in the first comment on the article – “I’ve been writing about Neverware since 2009. Pretty crazy how much things have changed since then.”

But the general point about Neverware, which tried to get Dell and HP interested but found none for lengthening PC life cycles, and cloud computing in schools, is well made. Certainly a threat to Microsoft in schools.
link to this extract

 

Google Cloud Vision API enters Beta, open to all to try! » Google Cloud Platform Blog

Ram Ramanathan, product manager:

»Today, we’re announcing the beta release of Google Cloud Vision API. Now anyone can submit their images to the Cloud Vision API to understand the contents of those images — from detecting everyday objects (for example, “sports car,” “sushi,” or “eagle”) to reading text within the image or identifying product logos.

With the beta release of Cloud Vision API, you can access the API with location of images stored in Google Cloud Storage, along with existing support of embedding an image as part of the API request. We’re also announcing pricing for Cloud Vision API and added additional capabilities to identify the dominant color of an image. For example, you can now apply Label Detection on an image for as little as $2 per 1,000 images or Optical Character Recognition (OCR) for $0.60 for 1,000 images. Pricing will be effective, starting March 1st.

«

I feel like this is partly the work of Pete Warden – it looks so like his work at Jetpac.
link to this extract

 

Apple fixes iPhones disabled by Error 53 caused by unofficial repairs » Techcrunch

Matthew Panzarino:

»Today, Apple is issuing an updated version of iOS 9.2.1 for users that update their iPhones via iTunes only. This update will restore phones ‘bricked’ or disabled by Error 53 and will prevent future iPhones that have had their home button (or the cable) replaced by third-party repair centers from being disabled. Note that this is a patched version of iOS 9.2.1, previously issued, not a brand-new version of iOS.

A new support document on Apple’s site has been issued that details the causes and repair methods for Error 53.

The update is not for users who update their iPhones over the air (OTA) via iCloud. If you update your phone that way, you should never have encountered Error 53 in the first place. If, however, you update via iTunes or your phone is bricked, you should be able to plug it into iTunes to get the update today, restoring your phone’s functionality.

«

That was quick. And it disables TouchID, or leaves it disabled – which is the course of action you’d hope for. (Thanks Jonathan Davey for the link.)
link to this extract

 

Data broker defendants settle FTC charges they sold sensitive personal information to scammers » Federal Trade Commission

»“LeapLab purchased sensitive information, including Social Security and bank account numbers, from pay-day-loan websites, and then sold that information to entities it knew had no legitimate need for it,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection.  “That allowed scammers to steal millions of dollars from people’s accounts.”

In its complaint, the FTC alleged that the defendants collected hundreds of thousands of loan applications submitted by financially strapped consumers to payday loan sites. Each application contained the consumer’s name, address, phone number, employer, Social Security number, and bank account number, including the bank routing number.

The defendants sold 95 percent of these sensitive applications for approximately $0.50 each to non-lenders that did not use the information to assist consumers in obtaining a payday loan or other extension of credit and had no legitimate need for this financial information. In fact, at least one of those marketers, Ideal Financial Solutions – a defendant in another FTC case  – used the information to withdraw millions of dollars from consumers’ accounts without their authorization.

«

Classy. It’s a $5.7m judgment, but suspended.
link to this extract

 

The hidden homescreen » Medium

Matt Hartman:

»The move to chat-based interfaces is mainly developer driven: relative to a native iOS or Android app, development of a chat-based app is faster and marketing is less crowded (for now). It is also partly consumer driven in that it is a painful for consumers to have to switch in and out of different apps — or even to have to download an app at all. However the developer pain point is more significant at present.

For app developers, marketing is often hard. #Homescreen data shows that apps on users’ homescreens are pretty calcified. In January 2016 over 50,000 apps were submitted to the app store. However, most smartphone users download zero apps per month.

«

We’re probably going to see more chat interfaces, as Hartman points out (look at Quartz’s new news app), but as he also points out, lots of them will struggle to gather enough context to be useful compared to the interfaces we already have.
link to this extract

 

Exclusive: Radioactive material stolen in Iraq raises security fears » Reuters

Ahmed Rasheed, Aref Mohammed and Stephen Kalin:

»Iraq is searching for “highly dangerous” radioactive material stolen last year, according to an environment ministry document and seven security, environmental and provincial officials who fear it could be used as a weapon if acquired by Islamic State.

The material, stored in a protective case the size of a laptop computer, went missing in November from a storage facility near the southern city of Basra belonging to U.S. oilfield services company Weatherford WFT.N, the document seen by Reuters showed and officials confirmed.

A spokesman for Iraq’s environment ministry said he could not discuss the issue, citing national security concerns…

…A U.S. official said separately that Iraq had reported a missing specialized camera containing highly radioactive Iridium-192 to the International Atomic Energy Agency (IAEA), the Vienna-based U.N. nuclear watchdog, in November.

“They’ve been looking for it ever since. Whether it was just misplaced, or actually stolen, isn’t clear,” said the official, who requested anonymity because of the sensitivity of the matter.

The environment ministry document, dated Nov. 30 and addressed to the ministry’s Centre for Prevention of Radiation, describes “the theft of a highly dangerous radioactive source of Ir-192 with highly radioactive activity belonging to SGS from a depot belonging to Weatherford in the Rafidhia area of Basra province”.

«

More about Ir-192: “has accounted for the majority of cases tracked by the U.S. Nuclear Regulatory Commission in which radioactive materials have gone missing in quantities large enough to make a dirty bomb.” More reading from 2007 from the New Yorker.
link to this extract

 

The most important Apple executive you’ve never heard of » Bloomberg Businessweek

Brad Stone, Adam Satariano, and Gwen Ackerman:

»A little over a year ago, Apple had a problem: The iPad Pro was behind schedule. Elements of the hardware, software, and accompanying stylus weren’t going to be ready for a release in the spring. Chief Executive Officer Tim Cook and his top lieutenants had to delay the unveiling until the fall. That gave most of Apple’s engineers more time. It gave a little-known executive named Johny Srouji much less.

Srouji is the senior vice president for hardware technologies at Apple. He runs the division that makes processor chips, the silicon brains inside the iPhone, iPad, Apple Watch, and Apple TV. The original plan was to introduce the iPad Pro with Apple’s tablet chip, the A8X, the same processor that powered the iPad Air 2, introduced in 2014. But delaying until fall meant that the Pro would make its debut alongside the iPhone 6s, which was going to use a newer, faster phone chip called the A9.

This is the stuff that keeps technology executives up at night. The iPad Pro was important: It was Apple’s attempt to sell tablets to business customers. And it would look feeble next to the iPhone 6s. So Srouji put his engineers on a crash program to move up the rollout of a new tablet processor, the A9X, by half a year. The engineers finished in time, and the Pro hit the market with the faster chip and a 12.9in display packed with 5.6 million pixels.

«

Useful profile (and a little scoop-ette in the intro), though of course Apple – and Srouji – won’t indicate what direction the chip design there is going. There’s also the question of quite what delta it gives it over those using chips from TSMC et al; aside from the reference to the 64-bit shift, that isn’t addressed clearly.
link to this extract

 

Apple, the FBI, and the San Bernadino iPhone

Dan Wallach:

»Q What’s so bad about Apple doing what the FBI wants?

A Apple’s concern is the precedent set by the FBI’s demand and the judge’s order. If the FBI can compel Apple to create a backdoor like this, then so can anybody else. You’ve now opened the floodgates to every small-town police chief, never mind discovery orders in civil lawsuits. How is Apple supposed to validate and prioritize these requests? What happens when they come from foreign governments? If China demands a custom software build to attack a U.S. resident, how is Apple supposed to judge whether that user and their phone happen to be under the jurisdiction of Chinese law? What if the U.S. then passes a law prohibiting Apple from honoring Chinese requests like this? That way lies madness, and that’s where we’re going.

Even if we could somehow make this work, purely as an engineering matter, it’s not feasible to imagine a backdoor mechanism that will support the full gamut of seemingly legal requests to exercise it.

«

link to this extract

 

If you want life insurance, think twice before getting a genetic test » Fast Company

Christina Farr:

»Jennifer Marie* should be an ideal candidate for life insurance: She’s 36, gainfully employed, and has no current medical issues.

But on September 15 last year, Jennifer Marie’s application for life insurance was denied.

“Unfortunately after carefully reviewing your application, we regret that we are unable to provide you with coverage because of your positive BRCA 1 gene,” the letter reads. In the U.S., about one in 400 women have a BRCA 1 or 2 gene, which is associated with increased risk of breast and ovarian cancer.

Jennifer Marie provided a copy of the document to Fast Company on the condition that she and her insurance company remain anonymous, as she is still hoping to appeal the rejection.

«

You’re thinking “surely that’s illegal!” It would be for health insurance, under a 2008 law in the US – but that doesn’t apply to life insurance, long-term care or disability insurance.
link to this extract

 

Unlock your Windows 10 phone remotely » Windows Help

»Try unlocking your Windows 10 phone remotely if you get this message: “This device has been locked for security reasons. Connect your device to a power source for at least two hours and then try again.” The key is to reset your PIN through account.microsoft.com.

Go to account.microsoft.com/devices

Sign in with the same Microsoft account you use on the phone.

Click the Find my phone link.

Press Lock.

Enter a new PIN. Now you’ll be able to unlock your phone with your new PIN.

«

You can’t do this with an iPhone – you need to enter the existing PIN first. Clearly, the answer is for the FBI to issue would-be terrorists with Windows Phones running Windows Mobile 10 (it doesn’t work on 8) to simplify subsequent investigations. (Thanks Tero Alhonen for the link.)
link to this extract

 

Errata, corrigenda and ai no corrida: none noted.

Start up: careful with that axe, Marissa!, PC consolidation, ultra-cheap Android, and more

Posted on by
Reply

Yes, we need to discuss this. Photo by Janitors on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Ringing Bells Freedom 251: cheapest Android smartphone for just Rs 251 ($3.65) » TechPP

Raju PP:

• 4-inch qHD screen with IPS
• 1.3 GHz quad-core processor
• 1GB RAM
• 8GB internal storage
• microSD slot for up to 32GB of external storage
• 3.2MP rear camera with auto focus
• 0.3MP (VGA) front camera
• 3G support
• 1450 mAh battery
• Android 5.1 Lollipop

The above hardware specifications look like an entry level smartphone from 2014 with no major compromises. Going by the published images, it doesn’t look bad either, at least not an eyesore that one would expect for a phone costing less than what you’d pay for a coffee at Starbucks.

Looks OK (they have actual photos). A bit like something from a cornflakes packet, but at that price it’s proof of how Android is revolutionising communication, and the world.

Only question now is whether the company can survive and make enough.
link to this extract

 

Samsung fails to secure thousands of SmartThings homes from thieves » Forbes

Thomas Fox-Brewster:

Critically, anyone relying on SmartThings devices for home security is vulnerable. In an environment where the SmartThings hub is connected to the firm’s own motion sensors, which act like traditional security alarms but provide alerts to people’s phones when activity is detected, they allow a hacker to enter a home undetected. Even worse, when connected to a connected smart lock, Cognosec researcher Tobias Zillner says a robber can get break into a home without using any brute force whatsoever.

“At the moment I am able to hack the system … and open the door lock as well as to jam the motion sensor without any trace left back in the system,” he told Forbes.

Come on, you knew the Internet of Things was going to lead to this.
link to this extract

 

Priorities in a time of plenty » Asymco

Horace Dediu:

The mass phenomenon of measuring the wrong thing because it’s the easiest to measure is called “financialization”. Financialization is the process by which finance and finances (rather than creation) determine company, individual and society’s priorities. It comes about from an abundance of data that leads to fixation on what is observable to the detriment of awareness of hazards or obstacles or alternatives. This phenomenon is more likely when the speed of change increases and decision cycles shorten.

Financialization is creeping into all aspects of society and the extent to which it infects companies is the extent to which they suffer from early mortality.

So is Apple avoiding financialization? How can anyone avoid the tyranny of mis-optimization?

Dediu’s writing is lyrical, despite the topic; the way that he seems to grope towards the conclusion (but actually knows where he’s going) is great to watch.
link to this extract

 

The ax falls at Yahoo » POLITICO

Peter Sterne:

“On our recent earnings call, Yahoo outlined out a plan to simplify our business and focus our effort on our four most successful content areas  – News, Sports, Finance and Lifestyle. To that end, today we will begin phasing out the following Digital Magazines:  Yahoo Food, Yahoo Health, Yahoo Parenting, Yahoo Makers, Yahoo Travel, Yahoo Autos and Yahoo Real Estate,” [Yahoo global editor in chief Martha] Nelson wrote in a Tumblr post.

In addition, a source familiar with the matter said that Yahoo was ending its tech vertical and moving some of its staff — including former New York Times columnist David Pogue — to Yahoo’s news vertical. Eater first reported that the food vertical was being shut down and Skift first reported that the travel vertical was being shut down.

As part of the changes, the editors of all of the eliminated verticals are being laid off. Dan Tynan, who joined Yahoo Tech as a columnist in December 2013 and became editor in chief of the vertical in July 2015, announced his departure in a farewell memo to staff.

“Well, that was not entirely unexpected. Eight Hundred and Four days after taking the purple, my career as a Yahoo is over,” he wrote.

Doubt the chopping is over yet. Tynan wrote in his memo that he worked with “the best (and smallest) staff of any tech publication on the internet”. You can argue about the quality, but smallest? Lots of news orgs would disagree.
link to this extract

 

Vaio near deal with Toshiba, Fujitsu to form Japan PC giant » Bloomberg Business

Pavel Alpeyev and Takashi Amano:

Vaio Corp., the personal computer maker spun off from Sony Corp. in 2014, is closing in on a three-way merger with rivals to create a producer that can dominate Japan and weather a shrinking global PC market.

Vaio expects to strike an agreement to combine with Toshiba Corp.’s and Fujitsu Ltd.’s PC divisions by the end of March, said Hidemi Moue, chief executive officer of Japan Industrial Partners Inc., the buyout fund that now controls the former arm of Sony. Vaio expects to own the biggest stake in the merged company, which can help the trio save on research and development and scale production, he said…

…The tie-up “makes sense if you want to build a niche consumer base in Japan,” said Damian Thong, an analyst at Macquarie Group Ltd. in Tokyo. “This approach of merging three Japanese PC makers will probably have little chance of success outside of the country”…

…“In the PC business, all options are on the table for restructuring and partnerships, but nothing has been decided at this moment,” Toshiba’s spokesman Hirokazu Tsukimoto said. A spokeswoman at Fujitsu declined to comment.

In contrast to the gloom, Vaio is set to report its first monthly profit in March and Moue expects the company to be profitable in the year ending May 2017. Japan Industrial Partners has slashed the workforce to 240 from about 1,000, slimmed its product line-up and focused on premium business users, he said.

Consolidation was inevitable.
link to this extract

 

In the matter of the search of an Apple iPhone seized during the execution of a search warrant » DocumentCloud

This is a scan of the order compelling Apple to help the FBI break into an iPhone 5C used by one of the San Bernadino killers (more details on this below, or in the docket). Note that it says that Apple must “[provide] the FBI with a signed iPhone software file, recovery bundle or other Software Image File that can be loaded onto the Subject Device… The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the Subject Device.”

Apple has five days to appeal. Below is its response.
link to this extract

 

Customer Letter » Apple

Tim Cook (and perhaps a few others at Apple) on why they’re refusing to create a version of iOS to be installed on an iPhone 5C seized from one of the killers in the terrorist attack at San Bernadino that would let the US government brute-force its password/code:

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.

Apple has framed this well: that it’s about security (not privacy). You’ll recall that last week the FBI’s director declared that investigators couldn’t unlock the phone.

The American Civil Liberties Union and Electronic Frontier Foundation and WhatsApp have all backed Apple’s stance; the ACLU says “code is speech, and this would be forced speech, which is against the First Amendment, and perhaps the Fourth and Fifth too”.
link to this extract

 

Apple versus the FBI, understanding iPhone encryption, the risks for Apple and encryption » Stratechery

Ben Thompson dug into the detail of the encryption that the 5C held by the FBI does and doesn’t have; if it had been a 5S, he explains, things would have been different:

thanks the secure enclave an iPhone 5S or later, running iOS 8 or later, is basically impossible to break into, for Apple or anyone else. The only possible solution from the government’s perspective comes back to the more narrow definition of “backdoor” that I articulated above: a unique key baked into the disk encryption algorithm itself.

This solution is, frankly, unacceptable, and it’s not simply an issue of privacy: it’s one of security. A master key, contrary to conventional wisdom, is not guessable, but it can be stolen; worse, if it is stolen, no one would ever know. It would be a silent failure allowing whoever captured it to break into any device secured by the algorithm in question without those relying on it knowing anything was amiss. I can’t stress enough what a problem this is: World War II, especially in the Pacific, turned on this sort of silent cryptographic failure. And, given the sheer number of law enforcement officials that would want their hands on this key, it landing in the wrong hands would be a matter of when, not if.

This is why I’m just a tiny bit worried about Tim Cook drawing such a stark line in the sand with this case: the PR optics could not possibly be worse for Apple. It’s a case of domestic terrorism with a clear cut bad guy and a warrant that no one could object to, and Apple is capable of fulfilling the request. Would it perhaps be better to cooperate in this case secure in the knowledge that the loophole the FBI is exploiting (the software-based security measures) has already been closed, and then save the rhetorical gun powder for the inevitable request to insert the sort of narrow backdoor into the disk encryption itself I just described?

Then again, I can see the other side: a backdoor is a backdoor, and it is absolutely the case that the FBI is demanding Apple deliberately weaken security.

A couple of other points: the phone actually belongs to the California government; it was issued to a person who turned out to be a killer in the San Bernadino incident. That means it’s probably the government which implemented the Mobile Device Management (MDM) which wipes the phone after 10 failed passcode attempts. But they also can’t get into it. Also of note: the docket mentions that the killer destroyed two other phones ahead of the incident – they seem to have been “burner” phones, intended to destruction. So it’s likely that there’s nothing of interest at all on *this* phone.

The FBI has the iCloud backups up to October 19 (see p17 of the scan, above); the killings were on December 4.
link to this extract

 

Why the FBI’s request to Apple will affect civil rights for a generation » Macworld

Rich Mogull (a security expert):

Apple has a long history of complying with court orders and assisting law enforcement. Previous to iOS 8, they could extract data off devices. Even today, data in most of their online services (iCloud, excluding iMessage and FaceTime) can be provided upon legal request.

This case is different for multiple reasons:

• Apple is being asked to specifically create new software to circumvent their security controls. They aren’t being asked to use existing capabilities, since those no longer work. The FBI wants a new version of the operating system designed to allow the FBI to brute force attack the phone.

• The FBI is using a highly emotional, nationally infamous terrorism case as justification for the request.

• The request refers to the All Writs Act, which is itself under scrutiny in a case in New York involving Apple. Federal Magistrate Judge James Orenstein of the Eastern District of New York is currently evaluating if the Act applies in these cases.

That’s why this is about far more than a single phone. Apple does not have the existing capability to assist the FBI. The FBI engineered a case where the perpetrators are already dead, but emotions are charged. And the law cited is under active legal debate within the federal courts.

link to this extract

 

CRN Exclusive: Google terminating Play For Education in a small-scale retreat from Android’s educational market » CRN

Google is retreating from a small segment of its booming education business by ending the life of a product that was developed to encourage adoption of Android tablets in schools, Google partners told CRN on Friday.

Google Play for Education, an extension of the Play software distribution platform, was rolled out around two years ago with the intent of putting more tablets into the hands of students. The app store, curated in close collaboration with educators, enabled solution providers to manage both devices and their specialized content…

…One [reseller] executive who asked not to be named told CRN he learned of the product’s termination after attempting to procure tablets for a customer.

“We noticed something funny a couple weeks ago” when a client requested a quote for a number of Play for Work tablets, the Google partner told CRN. “Basically all manufacturers told us all those devices were end-of-lifed.”

Asus, then Samsung, said they didn’t have replacement devices that were Play-integrated, the reseller said. They told him to look at Chromebook laptops as an alternative.

Google later informed the partner that Play for Education was on its way out, and the company should focus on its Chromebooks practice for serving the educational market.

That partner exec said he believes some capability issues, like a limited number of student profiles that could be loaded onto a single device, coupled with competition from Apple’s iPads, kept the Android tablets from deeply penetrating the education market, and convinced Google to step back from the program.

Google made a big marketing push last year for the educational tablets, the partner exec said, but “I’m not sure it ever clicked.”

This makes it seem as though both Play For Education *and* Play For Work are dead, if those devices were EOL’d. Tablets and Android have never been a good fit.
link to this extract

 

News discovery » Sqoop

It’s a new Seattle-based startup, which mines US SEC documents and others for current information:

Sqoop saves you time and makes sure you don’t miss the story by giving you one place to search for company information, rather than spending hours each week conducting the same repetitive searches across a variety of public data sites. You can set alerts so that when new documents are filed, we’ll alert you how and when you want.

One to kick the tyres on. (I previously used SECAlerts.com but found it impossible to change settings.) Thanks to David Senior for the pointer.
link to this extract

 

Errata, corrigenda and ai no corrida:

Start up: sexism in funding, Powa struggles, China’s smartphone rat race, Apple software, and more

Posted on by
Reply

Good password on paper

A bit dated? Doesn’t matter, password crackers are after you. Photo by Simon Lieschke on Flickr.

It’s a secret, but you can sign up to receive each day’s Start Up post by email. Tell no one.

A selection of 9 links for you. Plaited in plaid. I’m charlesarthur on Twitter. Observations and links welcome.

VCs- don’t compare me to your wife, just don’t » Medium

Sarah Nadav:

Investors, you should know that the only thing that I have in common with your wife is a vagina. You need to know that because the women who are sitting in front of you to pitch are Entrepreneurs – and we are a totally different breed of human being than just about anyone else.

Your wife may or may not be an entrepreneur. But the extent to which she is founding a company is the extent to which I have something in common with her.

When you ask me about having it all, or how am I going to manage my kids, I seriously think that you are insane. Because in my head, I can’t imagine a scenario where you trust someone with millions of dollars to run a business but think that they don’t know how to deal with childcare.

Oh, but you have to read the message exchange with one venture capitalist about A Woman’s Place. According to him it definitely isn’t in the boardroom.
link to this extract

 

China smartphone market sees its highest shipment ever of 117.3m in 2015Q4 » IDC

Shipments grew 8% year-on-year in the quarter:

“Xiaomi, Huawei and Apple are the top smartphone players in 2015. This is a stark contrast to the top players in 2013, which was Samsung, Lenovo and Coolpad – with Samsung clearly dominating other players. With operators reducing smartphone subsidy and given the volatility of consumers’ brand preference in the market, the smartphone scene has changed significantly since then,” says Tay Xiaohan, Senior Market Analyst with IDC Asia/Pacific’s Client Devices team.

“Xiaomi entered the market at a time when the China smartphone market was still growing, and was able to capture a significant market share with its disruptive sales model. Huawei, with its investments in R&D, strong products, branding and channel connections, saw it having significant growth in 2015. Apple, on the other hand, continues to be a strong and desirable brand in the eyes of the Chinese consumers. With the Chinese market now slowing down, it is unlikely that we will see any new players making a big impact on the smartphone market compared to the way Xiaomi did in the previous years,” adds Ms. Tay.

So the door is shut to new entrants. Remember that scene in Skyfall where Javier Bardem is describing rat removal to James Bond? (Here’s the link if you’d forgotten.) The smartphone business in China now turns into that scenario.
link to this extract

 

The superhero of artificial intelligence: can this genius keep it in check? » The Guardian

Clemency Burton-Hill on DeepMind’s Demis Hassabis. The interview with him is OK – though mostly dead-bat responses from him – but I thought this was more indicative of the challenge, and potential for the company:

Upstairs, wrapping the original building, is a modern open-plan structure featuring a deck with undeniably magnificent views of London’s rooftops.

It’s up here, on Friday nights, that the DeepMinders gather for drinks. One employee describes the ritual to me enthusiastically as a way “to end the week on a high”. Socialising is an intrinsic way of life: I’m told of the DeepMind running club, football team, board games club. (“That one gets pretty competitive.”) A wall chart with moveable photographs indicates where everyone is hot-desking on any given day. It’s aggressively open-plan. The engineers – mostly male – that I pass in the corridors shatter the stereotype of people working in the nerdier corners of human endeavour: these guys look fit, happy, cool. A certain air of intellectual glamour, it has to be said, vibrates in the atmosphere. And no wonder. The smartest people on the planet are queuing up to work here, and the retention rate is, so far, a remarkable 100%, despite the accelerating focus on AI among many of Google’s biggest competitors, not to mention leading universities all over the globe.

“We’re really lucky,” says Hassabis, who compares his company to the Apollo programme and Manhattan Project for both the breathtaking scale of its ambition and the quality of the minds he is assembling at an ever increasing rate. “We are able to literally get the best scientists from each country each year. So we’ll have, say, the person that won the Physics Olympiad in Poland, the person who got the top maths PhD of the year in France. We’ve got more ideas than we’ve got researchers, but at the same time, there are more great people coming to our door than we can take on. So we’re in a very fortunate position. The only limitation is how many people we can absorb without damaging the culture.”

link to this extract

 

Powa Technologies missed staff and contractor payments » FT.com

Kadhim Shubber and Murad Ahmed:

Powa has raised about $175m, mainly from Boston-based investment fund Wellington Management, which the company says values it at $2.7bn.

Its headquarters are spread over two floors in what Mr Wagner called in one of the videos “the opulent surroundings” of Heron Tower, a skyscraper in the heart of City of London. A person with knowledge of the matter said that Powa could be paying as much as £2.5m a year.

When Powa was founded in 2007, it planned to develop a mobile payments system. More recently it has focused on its PowaTag product, a mobile platform that allows people to buy and order a product by photographing an image of it with their mobile phones.

Mr Wagner has predicted that the business will be bigger than Google or Alibaba, the Chinese ecommerce group. “What we’re building here is the biggest tech company in living memory,” he told the Financial Times in April last year.

But in the video to staff, Mr Wagner said that the company was “basically pre-revenue”, a term that refers to a lack of sales. “As we go forward from here that revenue will start to flow in meaningful ways but right now it isn’t,” he said.

link to this extract

 

Dan Lyons’ HubSpot book ‘Disrupted’: a few predictions » BostInno

Kyle Alspach on the forthcoming book from “Fake Steve Jobs”, aka Lyons, who worked for a while at Hubspot:

• The book is going to accuse HubSpot’s management of being hypocritical—touting how the company is making a positive difference in the world when in reality, according to Lyons at least, they’re not much better than spammers. We already knew this from the shorter description that was posted previously, but the superlatives from other authors suggest just how central the theme will be to the book:

– “Dan Lyons goes deep inside a company that uses terms like ‘world class marketing thought leaders’ to show us how ridiculous, wasteful, and infantile tech start-ups like this can be.”―Nick Bilton (author of “Hatching Twitter”)

– Disrupted “just might tell us something important about the hypocrisy and cult-like fervor inside today’s technology giants.”―Brad Stone (author of “The Everything Store”)

– “Disrupted explores the ways in which many technology companies have come to fool the public and themselves.”—Ashlee Vance (author of “Elon Musk”)

• Some HubSpot executives will definitely be singled out. Such as: “Dan’s absentee boss sent cryptic emails about employees who had ‘graduated’ (read: been fired).”

Waiter! Popcorn!
link to this extract

 

Password cracking attacks on Bitcoin wallets net $103,000 » Ars Technica

Dan Goodin:

Hackers have siphoned about $103,000 out of Bitcoin accounts that were protected with an alternative security measure, according to research that tracked six years’ worth of transactions. Account-holders used easy-to-remember passwords to protect their accounts instead of the long cryptographic keys normally required.

The heists were carried out against almost 900 accounts where the owners used passwords to generate the private encryption keys required to withdraw funds. In many cases, the vulnerable accounts were drained within minutes or seconds of going live. The electronic wallets were popularly known as “brain wallets” because, the thinking went, Bitcoin funds were stored in users’ minds through memorization of a password rather than a 64-character private key that had to be written on paper or stored digitally. For years, brain wallets were promoted as a safer and more user-friendly way to secure Bitcoins and other digital currencies, although Gregory Maxwell, Gavin Andresen, and many other Bitcoin experts had long warned that they were a bad idea.

Here’s a paper about what happened; to crack the wallets, tables with as many as billions of potential passwords may have been deployed against them. Yes, billions.
link to this extract

 

New finding may explain heat loss in fusion reactors » MIT News

The expectation by physicists for more than a decade had been that turbulence associated with ions (atoms with an electric charge) was so much larger than turbulence caused by electrons — nearly two orders of magnitude smaller — that the latter would be completely smeared out by the much larger eddies. And even if the smaller eddies survived the larger-scale disruptions, the conventional thinking went, these electron-scale whirls would be so much smaller that their effects would be negligible.

The new findings show that this conventional wisdom was wrong on both counts. The two scales of turbulence do indeed coexist, the researchers found, and they interact with each other so strongly that it’s impossible to understand their effects without including both kinds in any simulations.

However, it requires prodigious amounts of computer time to run simulations that encompass such widely disparate scales, explains Howard, who is the lead author on the paper detailing these simulations.

Accomplishing each simulation required 15 million hours of computation, carried out by 17,000 processors over a period of 37 days at the National Energy Research Scientific Computing Center — making this team the biggest user of that facility for the year. Using an ordinary MacBook Pro to run the full set of six simulations that the team carried out, Howard estimates, would have taken 3,000 years.

link to this extract

 

Apple’s elephant in the room » Medium

Alexandra Mintsopoulos on the meme about Apple’s “declining” software quality:

If the biggest example that can be pointed to is iTunes or its back-end (which seem to generate the most criticism) then there isn’t any validity to the idea that Apple’s software quality is declining. iTunes has been the target of complaints for as long as anyone can remember and it seems clear that it will be reworked much like Photos, iWork, or Final Cut have been (and likely receive the same backlash for missing functionality). The reason it hasn’t been done sooner is obvious: it has hundreds of millions of users and transacts billions of dollars in sales, revamping it from the ground up is akin to fixing an airplane while it’s in flight and won’t be done lightly.

There is a massive disconnect between enthusiasts and Apple’s broader customer base on the perception of Apple’s software quality. That is a PR problem for Apple to solve, not a software one.

I thought it was pretty clear in Eddy Cue’s appearance on John Gruber’s podcast (linked here yesterday) that Cue said iTunes is being redesigned, but you don’t do that sort of thing in an afternoon. The vast majority of iTunes-on-desktop users are not using Apple Music. The problem that then needs to be solved is to what extent iTunes could, or should, be broken into multiple apps.
link to this extract

 

My Telltale heart: From Monkey Island to the Walking Dead – games matter » The Malcontent

Mic Wright, arguing (on yesterday’s point) that yes, video games are a cultural product:

Most of the brain trust from LucasArts ended up in a berth at TellTale games, where the rabbit and pooch P.I team of Sam & Max and Guybrush Threepwood, the protagonist of the Monkey Island games, also ended up.

Preempting a question I have just imagined Charles – who commissioned my first ever piece for The Guardian – asking, Telltale/LucasArts has also delivered more serious and dramatic gaming experiences. The Game of Thrones and Walking Dead games developed by the studio drop the player into storylines where moral and tactical decisions are at the heart of the gameplay.

In the branching narratives, you’re forced to decide which friends or allies to sacrifice among other pretty gut-wrenching choices. Both sets of titles fundamentally dive into the nature of what it is to be a human in society and, through your choices, end up making you think about your real life character and behaviour.

Of course lots of games are just games, but then what does the average Adam Sandler movie or Dan Brown novel tell us about the human experience?

Touché on that last one. I remain sceptical; I’m not saying that video games cannot be cultural, emotional experiences. However, I don’t think they’ve generally achieved that yet. The question is whether they will continue to remain at the Sandler/Brown end of the spectrum, where I think they are.

After all, very few “games” (chess, squash, football) achieve “cultural event” status. The only ones I can think off immediately are the 1972 Fischer-Spassky chess match (west v east, a cold war fought with chess pieces) and 1997’s chess match of Kasparov v Deep Blue (humans v machines – disappointing outcome). Wimbledon finals, World Cup finals, some Olympic events do manage a “where were you when..?” status, but that’s not quite the same as having cultural impact – i.e. showing us something about where we really are. Any other suggestions?
link to this extract

 

Errata, corrigenda and ai no corrida: none notified.

Start up: Android root attacks, Silicon Valley doesn’t click ads, Wikimedia tries search, videogames v culture, and more

Posted on by
4

Is Twitter a polluted pool? Stephen Fry thinks so. Photo by Dee West on Flickr.

»You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.«

A selection of 8 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Android malware spread via porn websites to generate fake ad revenue » Grahamcluley.com

David Bisson:

»Researchers have spotted a new type of mobile malware that roots Android devices with the purpose of generating fraudulent ad revenue for its operator.

Earlier this month, Andrey Polkovnichenko and Oren Koriat, two members of the Check Point Research Team, wrote in a blog post about how they detected the malware, which they have named “HummingBad,” as part of a drive-by download attack served by porn websites against two customers’ Android devices.

Curious, they decided to dig into the malware and figure out what makes it tick.

As it turns out, HummingBad is a complex rootkit whose components are encrypted, in an attempt to avoid being flagged by security solutions as malicious.«

link to this extract

 

Knowledge Engine: Wikimedia Foundation takes aim at Google with $3.5m search project » ABC News

»Online encyclopedia Wikipedia is preparing to tackle Google’s dominance of internet search with the launch of a $3.5 million program to build a “Search Engine by Wikipedia”.

Wikipedia’s parent organisation, the Wikimedia Foundation, had in September been awarded a $US250,000 ($A350,000) grant from the John S. and James L. Knight Foundation, but only publicised the grant in the past week.

The grant is to be used “To advance new models for finding information by supporting stage one development of the Knowledge Engine by Wikipedia,” the Knight Foundation’s grant letter to the Wikimedia Foundation read.«

Table stakes for a search engine back in 2003 were $100m (that’s what Microsoft put into it), though maybe they’ve come down a little since then.

Come back in a year or two and see the wreckage.
link to this extract

 

Too many people have peed in the pool » Stephen Fry

Fry made a sarcastic quip at the Baftas about someone (who turned out to be a friend of his); he then got hell on Twitter; he then deleted his account:

»let us grieve at what twitter has become. A stalking ground for the sanctimoniously self-righteous who love to second-guess, to leap to conclusions and be offended – worse, to be offended on behalf of others they do not even know. It’s as nasty and unwholesome a characteristic as can be imagined. It doesn’t matter whether they think they’re defending women, men, transgender people, Muslims, humanists … the ghastliness is absolutely the same. It makes sensible people want to take an absolutely opposite point of view. I’ve heard people shriek their secularism in such a way as to make me want instantly to become an evangelical Christian.

But Stephen, these foul people are a minority! Indeed they are. But I would contend that just one turd in a reservoir is enough to persuade one not to drink from it. 99.9% of the water may be excrement free, but that doesn’t help. With Twitter, for me at least, the tipping point has been reached and the pollution of the service is now just too much.

But you’ve let the trolls and nasties win! If everyone did what you did, Stephen, the slab-faced dictators of tone and humour would have the place to themselves. Well, yes and they’re welcome to it. Perhaps then they’ll have nothing to smell but their own smell.«

link to this extract

 

People in Silicon Valley don’t click on ads » Medium

Rob Leathern:

»Using Facebook’s Audience Insights tool (free to anyone who buys Facebook ads), I compared people from San Francisco and Palo Alto/Mountain View to those in New York City, Boulder/Denver and the nation as a whole.
In short, San Francisco / Silicon Valley people don’t click on ads…

San Francisco, California Activity Profile (Source: Facebook)

The average user in the United States has a value of 12 for “Ads Clicked” whereas a San Francisco user has only clicked 1 ad. Similarly, they appear not to be commenting or liking posts as frequently as the median national user. The story is very similar for the Mountain View / Palo Alto audience.«

This is like those people who work at junk food companies who would never eat their own output – they know what goes into it. (Leathern is working on a new approach to web advertising at optimal.com.)
link to this extract

 

Take video games seriously! Yes, they’re fun, but they matter culturally too » The Guardian

Naomi Alderman:

»Why do video games receive so little coverage in mainstream cultural media? It’s a question that’s troubled me for years – I even made a programme about it for Radio 4. Games are the largest entertainment medium in the world. And yet newspaper culture pages tend not to cover them (pace Observer Tech Monthly). Cultural programmes on TV and radio do a fun segment about games once a quarter at best while reserving discussion and analysis for interpretive dance or experimental opera.

It’s very weird for me: my novels, which sell tens of thousands of copies, are shortlisted for prizes that appear on the news. My games, which have sold millions of copies, don’t make the news. Film and TV Baftas are a news story. Games Baftas are an industry event.

I think this is a shame. It affects the way people think about the medium.«

OK, I’ll bite: a reason games aren’t treated as mattering culturally is because they have very little to tell us about our culture. Take a film like The Big Short or The Revenant or The Martian (the latter perhaps closest, in plot, to a video game).

Besides the mechanics of plot, each takes us into another person’s, or other peoples’, experiences: Steve Carrell’s character in Big Short is consumed by loathing of the vile business, yet unable to withstand the desire to profit from the dumb money. Leonardo Di Caprio’s holds onto life to avenge a death; Matt Damon’s goes through the emotions of loss, resignation, elation, and near-resignation. And like life, each film surprises us but tells us about the human experience.

And where’s the game that could evoke the same emotional reaction as ET – made in 1982 (that’s 34 years ago)?

Just because games sell in large numbers and generate lots of money doesn’t mean they have equivalent status as cultural artefacts as films. Fishing is the most popular (as in “has the most participants”) sport in the UK. Yet you don’t see it reported in newspapers (Fishing Times apart), whereas tennis is.
link to this extract

 

Why Xiaomi, Lenovo, and Huawei can’t compete with Apple » Tech in Asia

Charlie Custer:

»Chinese handset makers did quite well in 2015. But can they climb that cliff? Could they actually beat out Apple?

No. At least not in the sense of eating into Apple’s specific chunk of the market.

Why? For one, they don’t share a clear target market with Apple. Say what you will about Apple – and I’ve said some bad things in the very recent past – but it knows its market. And so do you, probably. Quick, picture an iPhone user. You’re probably picturing somebody young-ish, urban. Somebody who likes a simple user experience that doesn’t change much from model to model. Somebody who admires good industrial design, and who has the money to fit a $600-$800 phone into their budget.

Now, picture a Huawei user. It’s much harder because they’re all over the place. The prices range quite a bit, and the company offers dozens of different handset models. Lenovo is pretty similar. Even once-simple Xiaomi now offers three different major product lines with a confusing assortment of models in each line (do I want the Mi 4 or the Mi 4i or the Mi 4c?).

That’s not to say that none of these devices have clear target markets, of course, but none of them really overlap with the iPhone market. All three companies offer lower-priced devices, and because of their split focus they really can’t hope to compete with Apple’s single-minded focus when it comes to the iPhone market. They may be able to boost their numbers by picking up more users in developing regions, but none of the three is likely poaching any of Apple’s market anytime soon.

Plus, they’re not competing in the same ecosystem. Technologically speaking, there’s nothing on the iPhone that you can’t get on a dozen Android handsets except for one thing: iOS. And while I’ve argued that a lot of the native iOS apps are getting worse, there’s still no doubt that once a user buys into an ecosystem, it’s difficult to get them out of it.«

link to this extract

 

2017 to be the year of dual-lens cameras, says Sony » Android Authority

John Dye, noting that Sony has started a separate platform to support dual-lens cameras on phones:

»This seems to line up with some recent rumors trickling through the grapevine that the iPhone 7 Plus will be using a dual-lens camera module. However, Sony was quick to point out that they don’t believe this new form of camera will be anything close to mainstream for at least a year. The high-end smartphone market is slowing down globally. As a result, the demand for smartphone components is slackening, so Sony is banking on this new technology getting a start a little later than we may prefer. Chief financial officer Kenichiro Yoshida put it this way:

»Well, for next year, our so-called dual lens – dual camera platform will be launched by, we believe, from major smartphone players. However, as I said previously, recently, our smartphone market is growing and particularly, our high-end smartphone market is now slowing down. So, that may impact the demand or production schedule of dual camera smartphones by the major smartphone manufacturers. So, we believe the real start, the takeoff of smartphone with dual lens camera will be in the year of 2017.«

«

I read that “takeoff” as meaning “phones that aren’t iPhones”. Fingerprint sensors weren’t mainstream in 2013, but the iPhone 5S had one. And so on. (Though ZTE has a dual-lens camera on its top-end Axon phone, released last year.)
link to this extract

 

Verizon will now let users kill previously indestructible tracking code » ProPublica

Julia Angwin:

»Verizon says it will soon offer customers a way to opt out from having their smartphone and tablet browsing tracked via a hidden un-killable tracking identifier.

The decision came after a ProPublica article revealed that an online advertiser, Turn, was exploiting the Verizon identifier to respawn tracking cookies that users had deleted.

Two days after the article appeared, Turn said it would suspend the practice of creating so-called “zombie cookies” that couldn’t be deleted. But Verizon couldn’t assure users that other companies might not also exploit the number – which was transmitted automatically to any website or app a user visited from a Verizon-enabled device – to build dossiers about people’s behavior on their mobile devices.

Verizon subsequently updated its website to note Turn’s decision and declared that it would “work with other partners to ensure that their use of [the undeletable tracking number] is consistent with the purposes we intended.” Previously, its website had stated: “It is unlikely that sites and ad entities will attempt to build customer profiles.”«

Not quite a commitment not to track the hell out of you, though.
link to this extract

 

Errata, corrigenda and ai no corrida: none supplied.

Start up: Apple on software, 1970 reporting, Microsoft leaves ICOMP?, cycling’s new doping scandal, and more

Posted on by
1

Voters at the Iowa caucus were profiled and tracked via their phones – perhaps without knowing. Photo by ellenmac11 on Flickr.

»You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.«

A selection of 13 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

(To help formatting on the email, I’ve added » and « on the blockquotes to make it clearer what is quoted, and what is my commentary.)

The Talk Show ✪: Ep. 146, with very special guests Eddy Cue and Craig Federighi » Daring Fireball

John Gruber:

»
Very special guests Eddy Cue and Craig Federighi join the show. Topics include: the new features in Apple’s upcoming OS releases (iOS 9.3 and tvOS 9.2); why Apple is expanding its public beta program for OS releases; iTunes’s monolithic design; how personally involved Eddy and Craig are in using, testing, and installing beta software; the sad decline of Duke’s men’s basketball team; and more.
«

This is, what, the second or third time I’ve recommended a podcast? This is an hour, and fascinating (with data points: iMessage peaked at 200,000 per second, there are 782m iCloud users – v 1bn devices in use, so do the maths – and 11m Apple Music subscribers, up from 10m in December).

Federighi’s point about how they tracked Bluetooth keyboard use for the Apple TV, and which calendar week it dwindled to zero, made me laugh aloud.

You can consider *why* Apple made Cue and Federighi available to Gruber, and it’s pretty obvious: they’re aiming to get their message out about Apple’s software and services quality, after all sorts of criticism lately. And that performance turns out to be pretty impressive – hundreds of millions of users who turn them on straight away that it goes live, such as iOS 9.0, iCloud Drive, and so on. Are they perfect? No. But they iterate to improvement pretty fast, given their scale.
link to this extract

 

Cycling’s mechanical-doping scandal » Business Insider

Daniel McMahon:

»
In the days that followed, the UCI said it had tested more than a hundred bikes at the world championships — and that it would be testing a lot more going forward:

»
The Union Cycliste Internationale (UCI) has taken the issue of technological fraud extremely seriously for many years. It has been clear for some time that the equipment exists to enable people determined to cheat to do so by installing devices hidden in bikes. That is why we’ve invested considerable time and financial resources in organising unannounced tests at races and have recently been trialing new methods of detection. We’ve also been using intelligence gathered from the industry and other information given to us. We tested over 100 bikes at the 2016 UCI Cyclo-cross World Championships in Heusden-Zolder and will continue to test large numbers of bikes at races throughout the season.
«

And sure enough, on Friday, February 12, the UCI announced it had tested another 90 bikes for motors, but this time at a road race in France.
«

This is weird. Motors in bicycles is A Thing. A Doping Thing.
link to this extract

 

64-bit iPhones and iPads get stuck in a loop when set to January 1, 1970 » Ars Technica

Peter Bright:

»
Take a 64-bit iOS device—iPhone 5S or newer, iPad Air or newer, iPad Mini 2 or newer, sixth generation iPod touch or newer—laboriously set its date to January 1, 1970, and reboot. Congratulations: you now have a shiny piece of high-tech hardware that’s stuck at the boot screen, showing nothing more than the Apple logo… forever.
«

From the highest-rated comment on the comments below the story:

»
It appears to solve itself when the internal clock is allowed to advance normally to a point when «current time» minus time zone is greater than zero.

(This may be why people are seeing a battery drain fix it or see it fixed when inserting a SIM card that supports carrier time information)
«

Versions of Bright’s story, all written from the same YouTube video, are all over the web. More informed (and stupider) comments can be found beneath them (where they allow comments). The more informed ones point out the errors.

It’s quite the problem for journalists: news editors clamour for the story now, but it’s hard to check all the details, and especially the causes. This isn’t a “forever” bug. But you need to get the story written. That lack of time to research and check erodes trust in outlets which have been quick to follow a YouTube video. It’s not “permanent”, it’s not “bricked”, it’s not “forever”.

Though they then get a second bite of the cherry with “how to fix” articles. (Answer: let the battery run down.)
link to this extract

 

This company tracked Iowa caucusgoers through their phones » Fusion

Kashmir Hill:

»
What really happened is that Dstillery gets information from people’s phones via ad networks. When you open an app or look at a browser page, there’s a very fast auction that happens where different advertisers bid to get to show you an ad. Their bid is based on how valuable they think you are, and to decide that, your phone sends them information about you, including, in many cases, an identifying code (that they’ve built a profile around) and your location information, down to your latitude and longitude.

Yes, for the vast majority of people, ad networks are doing far more information collection about them than the NSA–but they don’t explicitly link it to their names.

So on the night of the Iowa caucus, Dstillery flagged all the auctions that took place on phones in latitudes and longitudes near caucus locations. It wound up spotting 16,000 devices on caucus night, as those people had granted location privileges to the apps or devices that served them ads. It captured those mobile ID’s and then looked up the characteristics associated with those IDs in order to make observations about the kind of people that went to Republican caucus locations (young parents) versus Democrat caucus locations. It drilled down farther (e.g., ‘people who like NASCAR voted for Trump and Clinton’) by looking at which candidate won at a particular caucus location.
«

Deeply disturbing. You can bet that tons of those people had no idea that they were being profiled, or that their data was even being shared in that way.
link to this extract

 

Douglas Rushkoff: ‘I’m thinking it may be good to be off social media altogether’ » The Guardian

»
Ian Tucker: What do you find most objectionable about the kind of economy that technology appears to create?

Douglas Rushkoff: What’s most pernicious about it is that we are developing companies that are designed to do little more than take money out of the system – they are all extractive. There’s this universal assumption that we have to turn working currency into share price.
«

link to this extract

 

Microsoft looks to be retreating from EU antitrust fight against Google » Ars Technica

Quite a scoop from Kelly Fiveash:

»
Ars has learned that members including UK-based price comparison site Foundem—the original complainant in the antitrust case against Google—resigned from ICOMP after Microsoft backed away from what had been a dogged campaign against its search rival in Europe. ICOMP was founded in 2008 to fight for an “online competitive marketplace.”

One source told us that Microsoft had agreed to prop up ICOMP’s food, travel, and accommodation expenses without having any active involvement in the group.

In a letter from Foundem to ICOMP—seen by Ars—the company said: “In our view, an ICOMP that is prohibited from commenting on Google’s immensely damaging business practices is an ICOMP working against, rather than for, the interests of a fair, competitive online marketplace.”

Foundem added in its December 2 missive: “As a leading complainant in the European Commission’s ongoing competition investigation into Google’s search manipulation practices, Foundem cannot be a member of an organisation that has turned its back on such an important issue.”

Ars asked Microsoft to comment on this issue to confirm claims that its fight against Google on search in the EU was effectively over. It did not respond directly to that question, however. Instead we were told that Microsoft’s complaint against Google in the European Commission had not been withdrawn.
«

Fiveash has been covering the Google/Microsoft proxy battle for years since she was at The Register. But it sounds as though Satya Nadella, having gotten rid of the vicious ex-political lobbyist Mark Penn, is dialing down the quiet lobbying.
link to this extract

 

How to gain unauthorized fingerprint access to an LG V10 » AndroidAuthority

John Dye:

»
If this person isn’t running Nova Launcher, the game’s up here. This vulnerability is only known to work on this particular launcher so far, so if your quarry is operating Google Now then they are safe from your malicious intent. However, if they are running Nova Launcher, you can tap the Home button while on the main home screen, then tap the Widgets option. Add a Nova Action widget to the home screen, and then choose the activity “com.lge.fingerprintsettings.”

Pause here for a second, because this is where the vulnerability exists. Through the normal Settings menu, it’s impossible to access this particular activity before going through a security checkpoint and confirming either a fingerprint or PIN. However, since Nova is able to ignore the normal menu flow that leads to this screen, it creates a situation where a user can add their own fingerprint to the list of allowed fingerprints without ever proving that they have authorized access to the device.

The widget on the homescreen will now lead directly to fingerprint settings, and you can add your own fingerprint before deleting the widget, leaving little trace of your actions.
«

Nova Launcher presently has more than 10m downloads, so it’s possible you’d find it on a high-end phone. Commenters suggest it can be done on a Samsung Galaxy S5 and S6 too.

Sure that this will be all over news sites in a day or so of course with hundreds of comments. No?
link to this extract

 

Researcher illegally shares millions of science papers free online to spread knowledge » ScienceAlert

»
A researcher in Russia has made more than 48 million journal articles – almost every single peer-reviewed paper every published – freely available online. And she’s now refusing to shut the site down, despite a court injunction and a lawsuit from Elsevier, one of the world’s biggest publishers.

For those of you who aren’t already using it, the site in question is Sci-Hub, and it’s sort of like a Pirate Bay of the science world. It was established in 2011 by neuroscientist Alexandra Elbakyan, who was frustrated that she couldn’t afford to access the articles needed for her research, and it’s since gone viral, with hundreds of thousands of papers being downloaded daily. But at the end of last year, the site was ordered to be taken down by a New York district court – a ruling that Elbakyan has decided to fight, triggering a debate over who really owns science.

“Payment of $32 is just insane when you need to skim or read tens or hundreds of these papers to do research. I obtained these papers by pirating them,” Elbakyan told Torrent Freak last year. “Everyone should have access to knowledge regardless of their income or affiliation. And that’s absolutely legal.”…

… She also explains that the academic publishing situation is different to the music or film industry, where pirating is ripping off creators. “All papers on their website are written by researchers, and researchers do not receive money from what Elsevier collects. That is very different from the music or movie industry, where creators receive money from each copy sold,” she said.
«

The journals’ argument is that they add value by getting papers peer-reviewed, and edited, and choosing the important ones to publish. The existence of free unpeered sites such as Arxiv hasn’t noticeably dented their business.

But it always feels wrong when publicly funded research in particular ends up behind giant paywalls. If the public pays for the research, the public should be able to see its fruits.
link to this extract

 

Evidence suggests the Sony hackers are alive and well and still hacking » WIRED

Kim Zetter:

»
According to new data released this week by Juan Andrés Guerrero-Saade, senior security researcher with Kaspersky Lab’s Global Research and Analysis Team, and Jaime Blasco who heads the Lab Intelligence and Research team at AlienVault Labs, the hackers behind the Sony breach are alive and well…and still hacking. Or at least evidence uncovered from hacks of various entities after the Sony breach, including South Korea’s nuclear power plant operator, suggests this later activity has ties to the Sony case.

“[T]hey didn’t disappear…not at all,” Guerrero-Saade said during a presentation with Blasco this week at the Kaspersky Security Analyst Summit in Spain.

If true, it would mean the hackers who demonstrated an “extremely high” level of sophistication in the Sony attack have been dropping digital breadcrumbs for at least the last year, crumbs that researchers can now use to map their activity and see where they’ve been. The clues include—to name a few—re-used code, passwords, and obfuscation methods, as well as a hardcoded user agent list that showed up repeatedly in attacks, always with Mozilla consistently misspelled as “Mozillar.”
«

link to this extract

 

So who’s going to buy Pandora? » Music Business Worldwide

Tim Ingham:

»
the US public company has reportedly begun talking to Morgan Stanley about finding a potential buyer.

As we stand, Pandora, for all its historical global licensing issues and growing annual net losses, looks a little like a bargain.

The company has lost $7bn in market cap valuation over the past two years. It’s currently sitting at $1.9bn – less than a quarter of Spotify’s latest private valuation.

However, there are other reasons why possible acquirers may cool their jets on Pandora – not least the fact that its active listener base is dropping, down year-on-year in Q4 2015 to 81.1m.

In addition, the firm’s acquisition of Rdio’s assets means an entry into the hugely competitive space of interactive music streaming is an inevitability, while it paid a scary $450m to buy Ticketfly last year – a sister operation that contributed just $10m to the bottom line in Q4.

So who might cough up and buy Pandora if (and it’s a big if) its shareholders agree to push for a sale?
«

Suggestions: Google, Apple, IHeartMedia, Samsung. Can’t honestly see any of them wanting it, rather than just waiting for it to vanish.
link to this extract

 

Why mobile is different » The Economist

Anonymous, as ever with The Economist:

»
the combination of personalisation, location and a willingness to pay makes all kinds of new business models possible. Tomi Ahonen, head of 3G Business Consulting at Nokia, gives the example of someone waiting at a bus stop who pulls out his Internet-capable phone to find out when the next bus will arrive. The information sent to the phone can be personalised, reflecting the fact that the user’s location is known, and perhaps his home address too; so bus routes that run from one to the other can appear at the top of the list, saving the user from having to scroll and click through lots of pages and menus. A very similar service, which allows users to find out when the next bus is due by sending a text message from a bus stop, is already available in Italy.

Would-be providers of mobile Internet services cannot simply set up their servers and wait for the money to roll in, however, because the network operators—who know who and where the users are, and control the billing system—hold all the cards. This has changed the balance of power between users, network operators and content providers. On the fixed Internet, the network access provider acts as a “dumb pipe” between the user’s PC and, say, an online bookstore or travel agent. The access provider will not know how the connection has been used, and there is no question of claiming a commission. Mobile network operators, on the other hand, are in a far more powerful position. “Wireless is a smarter pipe,” says Chris Matthiasson of BT Cellnet. This means that operators are much less likely to be disintermediated.
«

The sharp-eyed will have started in the second sentence; others, in the second paragraph. That’s because this piece is from October 2001. It took a while, but the operators are pretty thoroughly disintermediated now.
link to this extract

 

TfL social media: adapting to Twitter’s changes » TfL Digital blog

Steven Gutierrez of Transport for London, which runs London’s buses and underground services:

»
in the last few years, Twitter has introduced various changes to the way it serves content to its users, and these have impacted upon our ability to reliably deliver these real-time status updates to our followers.

Now selected content on Twitter is shown out of sequence, we will reduce the amount of minor alerts and focus on providing up-to-the-minute alerts for major issues, as well as a renewed focus on customer service across our various accounts.

Our teams will continue to work day and night to support customers including First Contact who take care of the Tube line Twitter feeds as well as CentreComm and LSTCC who have access to everything from iBus (our system for tracking London Buses) to police helicopters monitoring London from above.
«

Wow: you think Twitter is a static thing, but these changes really do affect what happens. The point about image search shows it’s not trivial either.
link to this extract

 

Artificial intelligence offers a better way to diagnose malaria » Technology Review

Anna Nowogrodzki:

»
For all our efforts to control malaria, diagnosing it in many parts of the world still requires counting malaria parasites under the microscope on a glass slide smeared with blood. Now an artificial intelligence program can do it more reliably than most humans.

That AI comes inside an automated microscope called the Autoscope, which is 90 percent accurate and specific at detecting malaria parasites. Charles Delahunt and colleagues at Intellectual Ventures Laboratory—the research arm of Nathan Myhrvold’s patent licensing company Intellectual Ventures in Seattle—built the system with support from Bill and Melinda Gates through the Global Good Fund. The Autoscope was tested in the field at the Shoklo Malaria Research Unit on the Thailand-Myanmar border during malaria season in December 2014 and January 2015. The results were published in December.
«

If I’m reading the results correctly, it got about 95% accuracy. (Correct me if I’m wrong.)

My own forecast is that “an [AI] algorithm for..” will be the “listen to this!” phrase of 2016, and utterly commonplace in 2017.
link to this extract

 

Errata, corrigenda and ai no corrida: None noted.

Start up: Twitter’s falling tweet count, Google forgets more, cops v iPhone, how gravity waved, and more

Posted on by
Reply

The new essential tool for Indian farmers. Photo by Desiree Catani on Flickr.

It’s Friday! Save yourself a click on Monday – sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

(Someone told me the other day that they’d been reading the site for weeks and hadn’t noticed the signup in the above paragraph. Web design, eh?)

A selection of 8 links for you. Friday! I’m charlesarthur on Twitter. Observations and links welcome.

Twitter API data show the number of tweets is in serious decline » Business Insider

Jim Edwards:

The number of tweets per day created by Twitter’s users has fallen by more than half since a peak in August 2014, according to a sampling of data from Twitter’s API. (An API — application programming interface — is the portal through which other apps access Twitter so their software can function together.) The data was given to Business Insider by an app developer who has tracked Twitter users since 2013.

Tweets per day reached a peak in August 2014 of 661m, our source says. That 30-day sampling period included the World Cup final. In January 2016, there were only 303m tweets per day, on average, during the 30-day period.

This story came out before Twitter’s results, which showed the number of users was flat at best. Twitter responded at the time that “This data is not correct”; but it begins to feel correct. My only suspicion though is that Twitter now doesn’t use sequential tweet IDs, so the sampling method might be sensitive to that. More detail on how the sampling is done would be useful.
link to this extract

 

WhatsApp is changing the way people in India grow and buy food » TakePart

Sarah McColl:

Farmers Santhosh Kittur and Abhijit Kamath wanted to grow pesticide-free vegetables between the rows of banana plots each separately owned. Their shared interest in old-fashioned agricultural practices brought them together to grow bitter gourd, cucumbers, beans, cabbage, tomatoes, green chiles, red peppers, onions, and garlic—staples of the Indian customers and kitchens they planned to serve. But their modern approach to marketing has put them in direct contact with customers in a high-tech manner.

Across India, WhatsApp groups are not only connecting farmers to their customers in the virtual market—they’re creating a network of resources and support for the country’s farmers who need it most.

In Kittur and Kamath’s WhatsApp group, created last August, the two farmers post updates from their farms, including photographs, as well as what produce is available to the group’s 80 members. Vegetables are sold on Thursdays and Sundays. Members can place dibs on the quantity of specific vegetables they want and can pick up their order or have it delivered.

There’s a famous piece of research by Upsalla University from 2006 about how mobile phones benefited Tanzanian fishermen. It would be good to see a comparable piece of research around smartphone apps in emerging economies.

(And it’s always amusing to hear Americans’ amazement that people use Whatsapp. Like SMS in the early part of this century, it’s huge outside the US, small inside it.)
link to this extract

 

Apple entrusts TSMC with all application processor orders for iPhone 7 » ETNews Korea

Han Juyeop:

Taiwan’s TSMC has won a battle against Samsung Electronics and is going to produce 10-nano application processors (AP) that will be installed in Apple’s upcoming iPhone7. Samsung Electronics has entered a state of emergency system to prevent declination of rate of operation of factories.

Samsung Electronics is aiming for an all-out-war in 14-nano foundry business by going after middle-rank chip businesses in China and Taiwan instead and it is also going to focus its capabilities on maintaining supplies of Qualcomm’s 10-nano. It is also important for Samsung Electronics to plan out high-intensity innovations so that it can take back Apple’s supplies in 7-nano.

According to semiconductor IP and EDA industries on the 10th, Apple has entrusted TSMC with all production of next 10-nano AP called ‘A10’. A10 is so called a brain of iPhone7, which is expected to be released in this fall. TSMC is planning to enter a state of mass-production system of 10-nano chips starting from June.

Recall that Apple dual-sourced from both TSMC and Samsung for the iPhone 6S/Plus, though the TSMC ones seemed to do slightly worse on battery than the Samsung ones.

If true, this is going to hurt Samsung: Apple is a big customer, and the semiconductor division is now the most profitable one, well ahead of smartphones.
link to this extract

 

Gravitational waves exist: the inside story of how scientists finally found them » The New Yorker

Nicola Twilley:

It took years to make the most sensitive instrument in history insensitive to everything that is not a gravitational wave. Emptying the tubes of air demanded forty days of pumping. The result was one of the purest vacuums ever created on Earth, a trillionth as dense as the atmosphere at sea level. Still, the sources of interference were almost beyond reckoning—the motion of the wind in Hanford, or of the ocean in Livingston; imperfections in the laser light as a result of fluctuations in the power grid; the jittering of individual atoms within the mirrors; distant lightning storms. All can obscure or be mistaken for a gravitational wave, and each source had to be eliminated or controlled for. One of LIGO’s systems responds to minuscule seismic tremors by activating a damping system that pushes on the mirrors with exactly the right counterforce to keep them steady; another monitors for disruptive sounds from passing cars, airplanes, or wolves.

“There are ten thousand other tiny things, and I really mean ten thousand,” Weiss said. “And every single one needs to be working correctly so that nothing interferes with the signal.” When his colleagues make adjustments to the observatory’s interior components, they must set up a portable clean room, sterilize their tools, and don what they call bunny suits—full-body protective gear—lest a skin cell or a particle of dust accidentally settle on the sparkling optical hardware.

This is the one story to read today about this amazing finding. Detail and insight.
link to this extract

 

Nextbit’s cloud-savvy Robin phone is set to fly. Good luck catching one – CNET

Roger Cheng:

Chief Design Officer Scott Croyle warns that the early supply will be limited.

“There will be maybe 3,000 to 6,000 phones available,” he said in an interview Wednesday. In comparison, Apple sold 13m iPhone 6S and iPhone 6S Pluses in their first three days.

The launch of the online store and the Robin marks the culmination of an unorthodox journey for a phone maker. Rather than go through a carrier, which is how most people shop for handsets, or even set up an online store, Nextbit tested the waters by asking for commitments through Kickstarter and nearly tripled its goal of raising $500,000.

Nextbit isn’t the typical unknown startup. Co-founders Tom Moss and Mike Chan were part of Google’s original Android team. Croyle was behind the critically acclaimed HTC One phone.

But this is part of the future for smartphones – niche players offering a quirk (in this case, tons of cloud storage) which don’t need huge capitalisation because they sell online with low inventory.
link to this extract

 

What Everyone’s Got Wrong About Twitter (Including Twitter) » Re/code

Ian Schafer is founder and chairman of Deep Focus:

Twitter is a platform unlike any other, in that it has enough real-time data and intelligence that can be mapped against over 300 million active users. These users are more likely to be more influential and use other media concurrently (especially TV).

Therefore, a compelling argument can be made that, if used properly, Twitter’s real-time user behavior and media-consumption data can be among the most valuable consumer data. In most cases, advertisers will be willing to pay a premium for that. But because so many scrutinize Twitter’s ad experience, doubts abound.

There’s a lot of talk from people who want Twitter to open up its APIs again. I think they’re half-right.

If Twitter wants to realize its full potential, it will make its data completely portable for advertisers, becoming the primary source for real-time business and consumer intelligence. It will use its (and its users’) media savviness to feed a global dataset that ad exchanges, app developers, advertisers and corporations will pay increasingly large amounts of money to access, making it a media-led data company. It has already displayed success in this area; the Twitter Audience Platform and MoPub have gained traction, and with Facebook’s Parse shutting down, Twitter’s Fabric toolkit should gain traction with third-party app developers, as well.

Can you guess that Deep Focus is an ad agency?
link to this extract

 

Google to scrub web search results more widely to soothe EU objections » Reuters

Julia Fioretti:

The French data protection authority in September threatened to fine Google if it did not scrub search results globally across all versions of its website, such as Google.com.

But the company has stuck to its position that it should clean up search results only on European domains such as Google.fr or Google.de because to do otherwise would have a chilling effect on the free flow of information.

To address the concerns of European authorities, the Internet giant will soon start polishing search results across all its websites when someone conducts a search from the country where the removal request originated, a person close to the company said.

That means that if a German resident asks Google to de-list a link popping up under searches for his or her name, the link will not be visible on any version of Google’s website, including Google.com, when the search engine is accessed from Germany.

The company will filter search results according to a user’s IP address, meaning people accessing Google from outside Europe will not be affected, the person added.

Since the ruling in 2014, Google has received 386,038 requests for removal, according to its transparency website. It has accepted about 42% of them.

The lesson one tends to draw from this is “the threat of a fine makes Google act”.
link to this extract

 

Police destroy evidence with 10 failed passcode attempts on iPhone » Naked Security

Lisa Vaas:

In January 2014, a Massachusetts cop was swearing into his mobile phone while working a traffic detail at a construction site.

The F bombs appeared to upset an elderly lady walking by, so a man on a nearby front porch asked the officer, Thomas Barboza, to stop swearing.

The cop’s response: “Shut the f–k up and mind your own business.”

George Thompson’s response: he started recording Barboza on his iPhone.

According to court documents, Barboza shoved 53-year-old Thompson to the ground, arrested him, handcuffed him, and put him in jail for a night.

Police in the city of Fall River also tried to get into Thompson’s iPhone, where the footage of Barboza was stored.

But all the police managed to do was to destroy the evidence, wiping the phone clean after entering the wrong password 10 times.

Really clear that the cops wanted to get into the phone to wipe the evidence. (They accused Thompson of wiping it remotely; a forensics report showed that was a lie.) Yet another instance where security of the phones is potentially a good thing for the citizenry.
link to this extract

 

Errata, corrigenda and ai no corrida:

Start up: Watson seeks a use, what not to do with Android, TalkTalk insider on (in)security, and more

Posted on by
1

Moore’s Law is about to break completely. What then? Photo by sirexkat on Flickr.

If you’re reading this on email, there’s no need sign up to receive each day’s Start Up post by email. The rest of you…

A selection of 8 links for you. Ah-hah! I’m charlesarthur on Twitter. Observations and links welcome.

Artificial intelligence: can Watson save IBM? » FT.com

Richard Waters:

IBM’s initial plan was to apply Watson to extremely hard problems, announcing in early press releases “moonshot” projects to “end cancer” and accelerate the development of Africa. Some of the promises evaporated almost as soon as the ink on the press releases had dried. For instance, a far-reaching partnership with Citibank to explore using Watson across a wide range of the bank’s activities, quickly came to nothing.

Since adapting in 2014, IBM now sells some services under the Watson brand. Available through APIs, or programming “hooks” that make them available as individual computing components, they include sentiment analysis — trawling information like a collection of tweets to assess mood — and personality tracking, which measures a person’s online output using 52 different characteristics to come up with a verdict.

At the back of their minds, most customers still have some ambitious “moonshot” project they hope that the full power of Watson will one day be able to solve, says Mr Kelly; but they are motivated in the short term by making improvements to their business, which he says can still be significant.

This more pragmatic formula, which puts off solving the really big problems to another day, is starting to pay dividends for IBM. Companies like Australian energy group Woodside are using Watson’s language capabilities as a form of advanced search engine to trawl their internal “knowledge bases”. After feeding more than 20,000 documents from 30 years of projects into the system, the company’s engineers can now use it to draw on past expertise, like calculating the maximum pressure that can be used in a particular pipeline.

link to this extract

 

Opera gets $1.2bn buyout offer from mix of Chinese firms, board recommends deal » ZDNet

Jake Smith:

The $1.2bn offer is a 53% premium on Opera’s close as of February 4 on the Oslo stock exchange. Trading of the company has been suspended for two days following buyout rumors.

“There is strong strategic and industrial logic to the acquisition of Opera by the Consortium,” Opera CEO Lars Boilesen said on Wednesday. “The Consortium’s ownership will strengthen Opera’s position to serve our users and partners with even greater innovation, and to accelerate our plans of expansion and growth.”

Opera began looking for a buyer in August 2015, following slumping earnings after a steady loss of browser marketshare and slowing advertising sales.

Missed the “fat lady sings” headline.
link to this extract

 

FBI director says investigators unable to unlock San Bernardino shooter’s phone content » Reuters

Dustin Volz and Mark Hosenball:

FBI Director James Comey said on Tuesday that federal investigators have still been unable to access the contents of a cellphone belonging to one of the killers in the Dec. 2 shootings in San Bernardino, California, due to encryption technology.

Comey told the Senate Intelligence Committee that the phenomenon of communications “going dark” due to more sophisticated technology and wider use of encryption is “overwhelmingly affecting” law enforcement operations, including investigations into murder, car accidents, drug trafficking and the proliferation of child pornography.

“We still have one of those killer’s phones that we have not been able to open,” Comey said in reference to the San Bernardino attack.

Syed Rizwan Farook, 28, launched the Islamic State-inspired attack with his wife, Tashfeen Malik, 29, at a social services agency in the California city, leaving 14 dead.

So they’re not actually trying to figure out who the culprits are. So, crypto works?
link to this extract

 

What NOT to do with your Android device » AndroidAuthority

John Dye:

About a month ago now, Reddit user 19683dw pointed out the fact that there aren’t really many guides out there that attempt to tackle this issue. He and fellow redditors put together a great list of points, and it inspired us to run with his idea and dig a bit deeper. Not every point made in the Reddit thread is mentioned here, and we also added several different points of our own, but we do recommend checking out the original post and wanted to give a big thanks to 19683dw for putting this idea on our radar.

Among them: “don’t install the official Facebook app” (rapidly becoming this year’s meme on both iOS and Android); “don’t expect an Apple-like experience”; and “don’t install apps with unnecessary permissions”.
link to this extract

 

When the US Air Force discovered the flaw of averages » Toronto Star

Todd Rose:

In the late 1940s, the United States air force had a serious problem: its pilots could not keep control of their planes. Although this was the dawn of jet-powered aviation and the planes were faster and more complicated to fly, the problems were so frequent and involved so many different aircraft that the air force had an alarming, life-or-death mystery on its hands. “It was a difficult time to be flying,” one retired airman told me. “You never knew if you were going to end up in the dirt.” At its worst point, 17 pilots crashed in a single day.

The two government designations for these noncombat mishaps were incidents and accidents, and they ranged from unintended dives and bungled landings to aircraft-obliterating fatalities. At first, the military brass pinned the blame on the men in the cockpits, citing “pilot error” as the most common reason in crash reports. This judgment certainly seemed reasonable, since the planes themselves seldom malfunctioned. Engineers confirmed this time and again, testing the mechanics and electronics of the planes and finding no defects. Pilots, too, were baffled. The only thing they knew for sure was that their piloting skills were not the cause of the problem. If it wasn’t human or mechanical error, what was it?

A very subtle story, well told. Applicable to lots of things today too.
link to this extract

 

Apple demands widow get court order to access dead husband’s password » CBC News

Rosa Marchitelli:

[Donna] Bush [aged 72] lost her husband David to lung cancer in August. The couple owned an iPad and an Apple computer. Bush knew the iPad’s log-in code, but didn’t know the Apple ID password.

“I just had the iPad. I didn’t touch his computer, it was too confusing to me … I didn’t realize he had a specific password I should have known about … it just never crossed my mind,” Bush said. So when her card game app stopped working, the family tried to reload it and realized it couldn’t be done without the password.

That’s when her daughter, Donna Bush, called Apple to ask if it could help retrieve the password or reset the account. The Bushes could get a new Apple ID account and start from scratch, but that would mean repurchasing everything they had already paid for.

“I just called Apple thinking it would be a fairly simple thing to take care of, and the person on the phone said, ‘Sure, no problem. We just need the will and the death certificate and to talk to Mom.'”

But when Donna called back along with her mother and the requested information, she said, customer service had never heard of her.

After many phone calls and two months of what she describes as the “runaround,” Donna provided Apple with the serial numbers for the items, her father’s will that left everything to his wife, Peggy, and a notarized death certificate — but was told it wasn’t enough.

“I finally got someone who said, ‘You need a court order,'” she said.

Clearly Apple needs to figure out if a death certificate is enough, or not. A lot of these stories – about all sorts of companies – boil down to “but we called customer service again and got a different story..” The procedures are there, but not applied.
link to this extract

 

The chips are down for Moore’s law » Nature News & Comment

M. Mitchell Wardrop:

The industry road map released next month will for the first time lay out a research and development plan that is not centred on Moore’s law. Instead, it will follow what might be called the More than Moore strategy: rather than making the chips better and letting the applications follow, it will start with applications — from smartphones and supercomputers to data centres in the cloud — and work downwards to see what chips are needed to support them. Among those chips will be new generations of sensors, power-management circuits and other silicon devices required by a world in which computing is increasingly mobile.

The changing landscape, in turn, could splinter the industry’s long tradition of unity in pursuit of Moore’s law. “Everybody is struggling with what the road map actually means,” says Daniel Reed, a computer scientist and vice-president for research at the University of Iowa in Iowa City. The Semiconductor Industry Association (SIA) in Washington DC, which represents all the major US firms, has already said that it will cease its participation in the road-mapping effort once the report is out, and will instead pursue its own research and development agenda.

Everyone agrees that the twilight of Moore’s law will not mean the end of progress. “Think about what happened to airplanes,” says Reed. “A Boeing 787 doesn’t go any faster than a 707 did in the 1950s — but they are very different airplanes”, with innovations ranging from fully electronic controls to a carbon-fibre fuselage. That’s what will happen with computers, he says: “Innovation will absolutely continue — but it will be more nuanced and complicated.”

For more context, note that Intel is going to do three, rather than two, generations of 14-nanometre chips before going for 10nm.

This is an inflexion point whose importance we might only realise some years from now.
link to this extract

 

Ex-TalkTalker TalkTalks: records portal had shared password; it was 4 years old » The Register

Neat exclusive by Kat Hall:

Fraudsters who attempted to scam TalkTalk customers by using records of their maintenance engineer visits are thought to have bought that info from current or former staff.

According to one ex-TalkTalk employee, who asked not to be named, the company uses a third-party system called Qube Portal to book visits and record information. The platform is also used by EE and BT for booking third-party engineer appointments. Our source speculated that criminals may have gained access to TalkTalk information via the portal.

The system is thought to log the customer’s name, account number, landline number, mobile contact number given, address, and date of birth.

Our insider said: “Some of these reports can be somewhat humorous. For example: ‘Customer answered door wearing an adult nappy*’.”

Approximately 1,000 agents based in India, where TalkTalk’s technical support team operates, have access to that information. Our source said only about 100 agents in the UK are familiar with the system.

The source also claimed that the system was accessed by a shared login and password that hadn’t changed for the last four years.

He said: “My educated guess is that the details were leaked by offshore Indian agents.”

The latter not a surprise, but the details of the poor security are eye-opening. It’s increasingly evident that large organisations can’t do effective security. Not even the NSA, of course.
link to this extract

 

Errata, corrigenda and ai no corrida:

Start up: Samsung’s adblocker’s back, cement – solved!, #error53 redux, the Useless Hackathon, and more

Posted on by
1

Your plumber remembers one version of a call from Yelp, but the recordings show another. Who’s right? Photo by eldeeem on Flickr.

Oh, go on- sign up to receive each day’s Start Up post by email. Who knows, it might make your inbox happy.

A selection of 9 links for you. Smoosh them into mush. I’m charlesarthur on Twitter. Observations and links welcome.

Pirate group suspends new cracks to measure impact on sales » TorrentFreak

“Andy”:

One of the hottest topics in the game piracy scene in late 2015 surrounded the Avalanche Studios/Square Enix title Just Cause 3.

Released on December 1, 2015, pirates were eager to get their hands on the game for free. However, JC3 is protected by the latest iteration of Denuvo, an anti-tamper technology developed by Denuvo Software Solutions GmbH. Denuvo is not DRM per se, but acts as a secondary encryption system protecting underlying DRM products.

All eyes had been on notorious Chinese game cracking group/forum 3DM to come up with the goods but last month the group delivered a killer blow to its fans.

According to the leader of the group, the very public ‘Bird Sister’ (also known as Phoenix), the game was proving extremely difficult to crack. In fact, Bird Sister said that current anti-piracy technology is becoming so good that in two years there might not be pirated games anymore.

And now the group isn’t going to crack any single-player games. Won’t stop all the other cracking groups, of course.
link to this extract

 

Sky Q now available in the UK » Ars Technica UK

Sebastian Anthony:

Sky Q, the next iteration of Sky’s subscription TV service, is now available to buy in the UK. Prices start at £42 per month, climbing to £88.50 per month, and there’s a £250 setup fee that you have to swallow as well.

The headline feature of Sky Q is that you’re able to record three shows simultaneously while watching a fourth channel. If you stump up £54 per month for the upgraded Sky Q Silver box, you can record four channels and watch a fifth. Of course, whether there are actually five channels worth watching is a slightly more complicated question.

Other interesting features include a new touchpad-equipped remote control, downloading content for offline viewing, watching Sky TV on a tablet, and the possibility of streaming Sky TV to other rooms in the house via Sky Q Mini boxes.

Sky Q is a really smart response by Sky to the incursion of the web into TV; it folds it in (at a price). I’ve seen a demo, and it really is very slick, and the integration into tablet apps is terrific. Plus because it uses the satellite signal it’s fast – a big advantage in rural areas where broadband is slow.

(Here’s a piece I wrote on Sky Q before its details were fully known.)
link to this extract

 

Google restores ad blocker for Samsung browser to the Play Store » The Verge

Dan Seifert:

Following a little bit of drama last week, Google has restored an ad blocking plugin for Samsung’s Android browser to the Play Store today, according to a blog post from the developer of the app. The plugin, Adblock Fast, was removed from the Play Store last Tuesday after only being available for a day, with Google citing that the plugin violated a section of the Store’s developer agreements. The specific rule that was violated relates to plugins modifying other third-party applications, which is prohibited by Google.

Now things start to get interesting.
link to this extract

 

How WIRED is going to handle adblocking » WIRED

“Wired Staff”:

So, in the coming weeks, we will restrict access to articles on WIRED.com if you are using an ad blocker. There will be two easy options to access that content.

You can simply add WIRED.com to your ad blocker’s whitelist, so you view ads. When you do, we will keep the ads as “polite” as we can, and you will only see standard display advertising.
You can subscribe to a brand-new Ad-Free version of WIRED.com. For $1 a week, you will get complete access to our content, with no display advertising or ad tracking.

This presumes that adblocking readers will accept that they are worth $1/week to Wired, and that Wired is worth the same amount to adblocking readers. Is that proven? Given how small the amounts earned from ads per person are, this seems to be herding people who don’t know their true value towards a funnel. Premium ad display costs $10 per CPM – that is, per thousand showings. That’s 1c per premium ad you view. Multiply by the number of ads on a page – perhaps 10, for 10c? So if adblocking readers pay up but view fewer than 10 articles per week, Wired is making a solid profit from them, minus credit card costs.

Discussion on Hacker News suggests that people would rather go for a “bid to show me ads” model – which, to be fair, is how Google Contribute works. If you set your per-page view at, say, $0.35, then you’ll only see ads where an advertiser has bidded more. But of course that means you get all the tracking malarkey that goes with it (and of course if you truly don’t like tracking, why are you using Google?)

And as is also pointed out, you can subscribe to the physical magazine for a lot less than the $50 per year this implies – in fact you can get it for about a tenth of that.

Another point, finally – the page is 3.3MB, of which only half is content. The rest is ads. Still sure you want them?
link to this extract

 

Exclusive: Top cybercrime ring disrupted as authorities raid Moscow offices – sources » Reuters

Joseph Menn:

Russian authorities in November raided offices associated with a Moscow film distribution and production company as part of a crackdown on one of the world’s most notorious financial hacking operations, according to three sources with knowledge of the matter.

Cybersecurity experts said a password-stealing software program known as Dyre — believed to be responsible for at least tens of millions of dollars in losses at financial institutions including Bank of America Corp and JPMorgan Chase & Co — has not been deployed since the time of the raid. Experts familiar with the situation said the case represents Russia’s biggest effort to date to crack down on cyber-crime.

A spokesman for the Russian Interior Ministry’s cybercrime unit said his department was not involved in the case. The FSB, Russia’s main intelligence service, said it had no immediate comment.

Menn is a terrific journalist on this topic. I highly recommend his book Fatal System Error. (He’s written others too.)(Thanks Richard Burte for the pointer.)
link to this extract

 

Inside the Stupid Shit No One Needs & Terrible Ideas Hackathon » Motherboard

Cecilia D’Anastasio:

Featuring hacks like 3Cheese Printer, a 3D printer using Cheez-Whiz as ink, and NonAd Block, a Chrome extension that blocks all non-ad content, the New York-based Stupid Hackathon is disrupting hackathon culture. While other hackathons churn out useless projects in earnest, the Stupid Hackathon strips pretension away from tech developers’ money-backed scramble to satisfy every human need. Satirizing the hackathon community’s naive goals for techno-utopianism, co-organizers Sam Lavigne and Amelia Winger-Bearskin solicit projects that use tech to critique tech culture.

“Is a need being filled or is the need manufactured and then constantly reinforced?” Lavigne asked. “The Stupid Hackathon is the perfect framework for satirizing the whole tech community.”

Three Stupid Hackathon teams set out to create wearables that detect boners. Categories for hacks included “edible electronics,” “commodities to end climate change” and “Ayn Rand.” Participants, in general, ignored them.

Lavigne and Winger-Bearskin, who met at the Interactive Telecommunications Program (ITP) at NYU, became disenchanted with hackathons when they noticed that many aimed to “hack” world hunger or income inequality in one weekend. As a student at ITP, Winger-Bearskin, now director of the DBRS Innovation Lab, applied to participate in a hackathon on the theme of love hosted at ITP but was rejected.

“I couldn’t even eat the food that was on the table next to me,” she said, referring to the free food often provided for hackathon participants. “And I couldn’t hack about love!” Lavigne has never attended another hackathon.

There used to be an Apple Mac hacking contest – called MacHack – in the 1990s where hacks that could actually be thought helpful were derided as “useful!”. Seems the idea is back, in a bigger way.
link to this extract

 

Riddle of cement’s structure is finally solved » MIT News

Concrete forms through the solidification of a mixture of water, gravel, sand, and cement powder. Is the resulting glue material (known as cement hydrate, CSH) a continuous solid, like metal or stone, or is it an aggregate of small particles?

As basic as that question is, it had never been definitively answered. In a paper published this week in the Proceedings of the National Academy of Sciences, a team of researchers at MIT, Georgetown University, and France’s CNRS (together with other universities in the U.S., France, and U.K.) say they have solved that riddle and identified key factors in the structure of CSH that could help researchers work out better formulations for producing more durable concrete.

What a time to be alive, eh? That solid/particle question had been bugging me for ages. Seriously, though, it’s an important topic: this stuff is everywhere.
link to this extract

 

Apple are right and wrong » Consult Hyperion

Dave Birch:

Bricking people’s phones when they detect an “incorrect” touch ID device in the phone is the wrong response though. All Apple has done is make people like me wonder if they should really stick with Apple for their next phone because I do not want to run the risk of my phone being rendered useless because I drop it when I’m on holiday need to get it fixed right away by someone who is not some sort of official repairer.

What Apple should have done is to flag the problem to the parties who are relying on the risk analysis (including themselves). These are the people who need to know if there is a potential change in the vulnerability model. So, for example, it would seem to me to be entirely reasonable in the circumstances to flag the Simple app and tell it that the integrity of the touch ID system can no longer be guaranteed and then let the Simple app make its own choice as to whether to continue using touch ID (which I find very convenient) or make me type in my PIN, or use some other kind of strong authentication, instead. Apple’s own software could also pick up the flag and stop using touch ID. After all… so what?

Touch ID, remember, isn’t a security technology. It’s a convenience technology. If Apple software decides that it won’t use Touch ID because it may have been compromised, that’s fine. I can live with entering my PIN instead of using my thumbprint. The same is true for all other applications. I don’t see why apps can’t make their own decision.

Birch’s point that this could put people off buying Apple phones is surely one that has already occurred to its management, and will be – like the prospect of being shot in the morning – concentrating their minds.
link to this extract

 

Reviews Rashomon: plumber remembers Yelp threat that never actually occurred » Screenwerk

Greg Sterling:

I had a plumber replace my kitchen faucet. As I do with all service professionals I engaged him in discussion about how he marketed himself and where his leads were coming from. Yelp was one of the primary sources.

He then told me that he had been solicited to advertise on the site and that he declined but was told by the telephone sales rep that his reviews could potentially be affected if he didn’t. This was the first time I’d directly heard this from a business owner.

In my mind this was the first real “evidence” that some sort of sales manipulation might be going on. I informed Yelp of my exchange with the plumber and it was immediately disputed: “That didn’t happen,” I was told.

To make a longer story short, Yelp invited me in to listen to the sales calls with this plumber, whom I identified to the company. Yelp records its end of sales calls but not the business owner’s conversation.

I sat in Yelps offices and listened to what must have been 25 – 30 calls to this plumber. Most of them were trying to set up appointments to discuss Yelp advertising. And there were at least two Yelp sales reps who were trying to close the account; a second one took over after the first one was unsuccessful.

There was nothing that sounded like a threat or any suggestion that reviews would be removed or otherwise altered by Yelp if the guy didn’t advertise. There wasn’t anything that could be construed as even implying that.

Sterling concludes that this is a “Rashomon” – a scene where every recounting differs subtly. One possibility: the calls with the threats actually come from scammers. Or plumbers just misinterpret what they hear.
link to this extract

 

Errata, corrigenda and ai no corrida: Yesterday’s link to VTech’s horrendous security came via Chris Ratcliff. Thanks, Chris.