Start Up: a Wi-Fi worm, Twitter flaps, Samsung’s struggle, North Korea v tech, open Flash?, and more

California’s smog may be getting a $3bn cleanup, via subsidies for electric vehicles. Photo by Metro Transportation Library on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. See? Friday already with no extra effort. I’m @charlesarthur on Twitter. Observations and links welcome.

Broadpwn: remotely compromising Android and iOS via a bug in Broadcom’s Wi-Fi chipsets • Exodus Intelligence

Nitay Artenstein:


As modern operating systems become hardened, attackers are hard at work looking for new, powerful and inventive attack vectors. However, remote exploits are not a simple matter. Local attacks benefit from an extensive interaction with the targeted platform using interfaces such as syscalls or JavaScript, which allows the attacker to make assumptions about the target’s address space and memory state. Remote attackers, on the other hand, have a much more limited interaction with the target. In order for a remote attack to be successful, the bug on which it is based needs to allow the attacker to make as few assumptions as possible about the target’s state.

This research is an attempt to demonstrate what such an attack, and such a bug, will look like.
Broadpwn is a fully remote attack against Broadcom’s BCM43xx family of WiFi chipsets, which allows for code execution on the main application processor in both Android and iOS. It is based on an unusually powerful 0-day that allowed us to leverage it into a reliable, fully remote exploit.


This is the attack for which Apple provided a security update last week, I believe. (Android update status: unknown.) It’s potentially devastating: a Wi-Fi worm which only requires you to associate with the attacking Wi-Fi network.
link to this extract

It looks like the state of California is bailing out Tesla • Business Insider

Wolf Richter:


The California state Assembly passed a $3bn subsidy program for electric vehicles, dwarfing the existing program. The bill is now in the state Senate. If passed, it will head to Governor Jerry Brown, who has not yet indicated if he’d sign what is ostensibly an effort to put EV sales into high gear, but below the surface appears to be a Tesla bailout.

Tesla will soon hit the limit of the federal tax rebates, which are good for the first 200,000 EVs sold in the US per manufacturer beginning in December 2009 (IRS explanation). In the second quarter after the manufacturer hits the limit, the subsidy gets cut in half, from $7,500 to $3,750; two quarters later, it gets cut to $1,875. Two quarters later, it goes to zero.

Given Tesla’s ambitious US sales forecast for its Model 3, it will hit the 200,000 vehicle limit in 2018, after which the phase-out begins. A year later, the subsidies are gone. Losing a $7,500 subsidy on a $35,000 car is a huge deal. No other EV manufacturer is anywhere near their 200,000 limit. Their customers are going to benefit from the subsidy; Tesla buyers won’t.

This could crush Tesla sales.


You can argue it both ways – it’s a bailout, but it’s also making California’s air less polluted by proxy. So taxpayers are paying, in a roundabout way, for cleaner air. If they buy an electric car, they get a refund – and more – on that taxation. Subsidies are odd things.
link to this extract

Twitter fails to grow its audience, again • Bloomberg

Sarah Frier:


Twitter Inc. failed to attract more monthly users in the second quarter, spooking investors looking for evidence that the company is on a sustainable long-term growth path. The shares tumbled the most in nine months, even as quarterly revenue topped analysts’ projections.

A long-term turnaround depends on Twitter expanding its audience. That number stands at 328 million monthly active users — the same as in the prior quarter, the San Francisco-based company said in a statement Thursday. Revenue fell 4.7% and the company’s net loss also widened, affected by a $55m writedown of the value of its investment in SoundCloud, the German music streaming service.

Twitter is still working to prove that it can build a sustainable, growing business…

…“It’s a niche platform,’’ said Brian Wieser, an analyst at Pivotal Research. “It always was and always will be.’’


Takeover target in a few years’ time? Or will it just be left to stumble on, not quite burning enough cash to flame out?
link to this extract

Sense of crisis felt at Samsung Electronics despite Its best-ever performances • BusinessKorea

Michael Henh:


Samsung Electronics announced on July 27 that the company chalked up operating profit of 14.1trn won (US$12.6bn) in the second quarter of this year. The figure was the highest among non-financial companies in the world. However, the absence of vice chairman Lee Jae-yong who is the highest decision maker at Samsung casts a dark shadow on Samsung. Large-scale investment plans have virtually vanished at Samsung.

“A large investment in the semiconductor industry a few years ago made Samsung what the company is today. Now is the time to prepare for the future, but now Samsung’s business activities are virtually put on hold,” said a senior Samsung Electronics official.

The disappearance of Samsung’s large-scale M&A announcements is also largely due to the absence of its owner. Samsung shelled out 9trn won (US$8.1bn) last year to acquire Harman, a global electronic auto parts company, and secured competitiveness by acquiring 10 small and large companies over the past five years. However, Samsung Electronics’s investment has not been made since the vice chairman Lee’s arrest. Current investments were like the implementation of agendas that were planned in the past.


Surprising, but the article makes a good case that Samsung Electronics is not progressing – even if it is profiting.
link to this extract

Opinion: why North Korea should worry the tech world • PC Magazine

Tim Bajarin:


Some years back, on a trip to Asia, which included a stop in South Korea, I asked a top tech official what concerns him the most. He said the collapse of North Korea and the fact that millions of North Koreans would rush over the border and paralyze South Korea’s region and economy. As a result, I have been watching North Korea’s efforts to advance its nuclear program, and what I fear is more than just saber-rattling.

In April, President Trump spoke with Chinese President Xi Jinping and reportedly told him that if China doesn’t help solve the North Korean problem, the US will address the issue on its own. Now, I don’t profess in the slightest to know what it means to “go it alone,” but as Secretary of State Rex Tillerson has said, “all options are on the table” when it comes to dealing with North Korea.

Given the fact that our current administration is unpredictable and has little experience in dealing with a crisis like the one we have in North Korea, anything is possible, including some type of strike to try and take out its nuclear sites…

…A good friend of mine, who travels to this area of the world 10 to 12 times a year and really understands the political side of these countries, says that the only way to normalize North Korea, which may sound counterintuitive, is to help it find a way to feel more secure. North Korea will focus on prosperity and abandon its nuclear ambitions only when it feels safe and a part of the northeast Asian economy. More sanctions or military action will not end well. This is a wise observation, and I would hope that our current administration has someone inside that understands this option.


This point about making North Korea feel safe, rather than threatened, is counterintuitive; but it makes perfect sense.
link to this extract

Adobe Flash fans want a chance to fix its one million bugs under an open source license • Gizmodo

Tom McKay:


While Adobe is finally mercy killing Flash, its multimedia software that helped power countless web applications like games and videos faced but widespread criticism for its rapid decline in usefulness and growing number of security vulnerabilities, some fans want to keep it alive as an open-source project for the future.

A petition circulated by web developer Juha Lindstedt is asking Adobe not to pull the software off the market entirely, but instead release it as an open-source project which could fix its many problems. Over 900 people have already starred it on Github.

“Flash is an important piece of Internet history and killing Flash Player means future generations can’t access the past,” Linstedt wrote. “Games, experiments and websites would be forgotten.”

“Open sourcing Flash would be a good solution to keep Flash projects alive safely for archive reasons,” Lindstedt added. “Don’t know how, but that’s the beauty of open source: You never know what will come up after you go open source!”


This would be an excellent move. It is an important part of web history.
link to this extract

Apple Glasses Are Inevitable • Above Avalon

Neil Cybart:


Augmented reality glasses check off all of the boxes for a product in Apple’s wheelhouse and are deserving of a rare green light to market. 

• Hardware and software integration. There is room for Apple to create value by controlling both the hardware and software comprising AR glasses. The sum will be greater than its parts.
• Wearables manufacturing. Apple is learning quite a bit about manufacturing techniques and materials from Apple Watch and AirPods. These lessons can be transferred over to glasses, an item that will need to include a plethora of technology yet remain light.
• AR technology. Apple’s big bet on AR will represent the catalyst for turning glasses and sunglasses into something more. An engaged base of iOS developers experimenting with ARKit will give Apple Glasses a hospitable app environment.
• Personal technology evolution. AR glasses represent the evolution of Apple’s decades-long quest to make technology more personal – allowing people to get more out of technology without having it take over their lives.
• Fashion and luxury themes. Apple Watch has taught Apple much about how to get people to wear personal technology.
• Health/Medical. The ability to improve one’s vision fits within Apple’s expanding interest in health and medical.
• Retail demoes. Nearly 500 Apple Retail stores offer prime demo areas for customers to try on various glasses. 


I bet that a demo area for augmented reality glasses in an Apple Store would be crowded the whole day long. Glasses plus AirPods plus, perhaps, Watch.
link to this extract

Apple patent reveals the exciting possibility of augmented reality smartglasses • Patently Apple

Jack Purcher:


Apple acquired Metaio the creator of ‘Thermal Touch’ and a new Augmented Reality Interface for Wearables and beyond back in 2015. Their technology is thought to be behind Apple’s push into augmented reality and ARKit. This year a Metaio patent application surfaced under Apple for moving furniture in augmented reality. Apple was also granted a patent for indoor navigation that covered new capabilities for a future iDevice camera allowing it to recognize building names or paintings and then adding AR identifying markers on the user’s iDevice photos.

Today another original Metaio patent application under Apple has surfaced relating augmented reality. More specifically it covers a method for representing points of interest in a view of a real environment on a screen of an iPhone with interaction functionality. The buzz is that the patent covers AR smartglasses as noted in our cover graphic, something that Apple has been adding to a series of new and updated trademarks of late


Augmented reality glasses from Apple seem like an inevitability, as Cybart says above.
link to this extract

YouTube’s head of music confirms YouTube Red and Google Play Music will merge • The Verge

Micah Singleton:


YouTube’s head of music confirmed that the company is planning on merging its Google Play Music service with YouTube Red to create a new streaming offering. During a panel session for the New Music Seminar conference in New York, Lyor Cohen stated that the company needed to merge the two services to help educate consumers and bring in new subscribers.

“The important thing is combining YouTube Red and Google Play Music, and having one offering,” Cohen said when asked about why YouTube Red isn’t more popular with music users. He didn’t address whether or not the two apps would merge — but it seems very unlikely.

Right now, YouTube’s music ecosystem is unnecessarily complicated. There’s YouTube Red, which removes ads from videos and lets you save them offline, while also giving you access to Google Play Music for free. Then there’s YouTube Music, which anyone can use, but it gets better if you’re signed up for YouTube Red. And YouTube TV is also a thing — an entirely separate thing — but it’s not available everywhere yet.

The merger has been rumored within the industry for months, and recently picked up steam after Google combined the teams working on the two streaming services earlier this year.


“Help educate consumers and bring in new subscribers” implies that people don’t know about these subscription services and that they need them. Badly?
link to this extract

Opinion: I’m not happy about the lack of a headphone jack on the Pixel 2, but I’ll gladly live with it • 9to5 Google

Ben Schoon:


I fully understand where people are coming from with the loss of a headphone jack. It’s an important part of a mobile device as it’s probably the most common way to output audio on the planet. People rely on it daily in their cars, with their earbuds, and in plenty of other situations. Losing it is not fun, and I can see how it could be a deal-breaker.

That said, I’m honestly fine with it going away at this point. A year ago, I wouldn’t have said the same thing. Why? At that point, alternate methods of audio output weren’t as commonplace, or cheap. A pair of Bluetooth earbuds were pretty expensive, and USB-C audio output was still a mess.

Now, however, we’ve reached the point where those aren’t issues. Just the other day I saw a pair of Bluetooth headphones in a retail shop for just $10 (and I regret not picking them up to see if they were any good). That, and a quick look at Amazon, shows that the costs of audio in a post-headphone jack world are decreasing.


Not surprising that the justifications would start rolling in – if you’re writing for a site reliant on people who like Google, you’re not likely to diss it – but I particularly enjoyed him saying later in the piece that the Pixel 2 lacking a headphone jack would drive other OEMs to follow suit.

The Pixel 2 is going to sell a few million, based on past experience. I don’t think its influence will be that big. And other Android OEMs have already ditched the jack for some models – notably Motorola at the lower end.
link to this extract

Errata, corrigenda and ai no corrida: re last week’s commentary about Spotify v Netflix: I suggested that Netflix’s advantage is that it can upsell people on 4K video. Lots of you responded that its real advantage is that it creates its own content – which means that it reaps all the profit, whereas Spotify has to keep paying labels and musicians.

The logical conclusion: Spotify should start its own record label.

Start Up: towards better passwords, Pixel sans jack?, TomTom’s wearable trouble, Ive’s round work at Apple, and more

Google is phasing out Instant Search suggestions. Photo by FindYourSearch on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Passwords Evolved: Authentication Guidance for the Modern Era • Troy Hunt

Hunt takes a long look at the whole password topic; this is one about blocking previously breached passwords:


Getting back to the whole credential stuffing thing for a moment, once passwords are disclosed they must be considered “burned”, that is they should never be used again. Ever. Once they’re out there in the wild, an untold number of other parties now have those credentials which therefore significantly heightens the risk anyone uses them now faces. Imagine having access to a billion email address and password pairs taken from actual data breaches as I highlighted in the credential stuffing post:

NIST talks about the problem as follows:


When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised. For example, the list MAY include, but is not limited to: Passwords obtained from previous breach corpuses.


In layman’s terms, this means that when someone registers or changes their password, you should be checking to ensure it’s not a password that’s previously appeared in a data breach. It doesn’t matter that it may not have been the user who is presently registering that used the password in the breach, the mere fact that it has now been leaked publicly increases the chances of it being used in an attack. They also mention that the password shouldn’t be a dictionary word or a “context-specific word”; when I wrote about CloudPets leaving their database publicly exposed, I pointed out how even bcrypt hashes were easily crackable by using a small password dictionary including words such as “cloudpets”. Don’t let people use a password which is the name of the service they’re signing up to because they will!


If you consider that pretty much every password has been used and breached for six or seven characters, it shows the problem’s breadth.
link to this extract

Google has dropped Google Instant Search • Search Engine Land


After launching Google Instant — Google’s method of showing search results as you type them — several years ago, Google has removed the feature from search effective today.

Google Instant launched in 2010 under the leadership of Marissa Mayer. Mayer called this change a “fundamental shift in search” and the news was covered across all major media when it launched.

Now with the changes in how searchers use mobile — and over 50% of all Google searches being on mobile — Google decided to do away with this feature. A Google spokesperson told Search Engine Land:


We launched Google Instant back in 2010 with the goal to provide users with the information they need as quickly as possible, even as they typed their searches on desktop devices. Since then, many more of our searches happen on mobile, with very different input and interaction and screen constraints. With this in mind, we have decided to remove Google Instant, so we can focus on ways to make Search even faster and more fluid on all devices.



Alternative explanation: Google Instant got the company into huge amounts of boiling-hot water because the suggestions from the autocomplete were so horrendously biased that it sought a fix – and there is no fix except to remove it.
link to this extract

TomTom could be stepping back from wearable tech and action cams • Wareable

Hugh Langley:


TomTom is reassessing its place in the sports wearables market, following disappointing sales. Wareable has also learned that a handful of key executives have left the company, and that the company shelved plans for a Bandit 2 action camera.

TomTom’s Q2 earnings revealed a 20% year-on-year decline in consumer revenue, with TomTom quoting a poor performance in its Sports segment. “The wearables market has fallen short of expectations,” said TomTom CEO Harold Goddijn in an investors call, “and because of this and because we want to focus on Automotive, Licensing and Telematics businesses, we are reviewing strategic options for our Sports business.”

Needless to say that doesn’t sound good, and Goddijn did not rule out possibly closing the Sports segments. “We need to look at it,” he said. “We can’t carry on as we are going at the moment.”


Langley found that a ton of execs in that space have left the company. We look forward to Fitbit’s results in the next few days. Contenders in the wearable market are dropping like flies.
link to this extract

Points to keep in mind when reading any upcoming story about Elon Musk • West Coast Stat Views



This is a good time to reiterate a few basic points to keep in mind when covering Elon Musk:

1.    Other than the ability to make a large sum of money through some good investments, Elon Musk has demonstrated exceptional talent in three (and only three) areas: raising capital for enterprises; creating effective, fast-moving, true-believer corporate cultures; generating hype.

2.    Though SpaceX appears to be doing all right, Musk does not overall have a good track record running profitable businesses. Furthermore, his companies (and this will come as a big slap in the face of conventional wisdom) have never been associated with big radical technological advances. SpaceX is doing impressive work, but it is fundamentally conventional impressive work. Before the company was founded, had you spoken with people in the aerospace community and asked them “what is closest to being Mars ready, who has it, and who are the top people in the field?”, the answers would have been the type of engine SpaceX currently uses, TRW (which sued SpaceX for stealing their intellectual property), and the chief rocket scientist SpaceX lured away from TRW. By the same token, Tesla is pretty much doing what all of the other major players in the auto industry are doing in terms of technology.

3.    From the beginning, Musk has always had a tendency to exaggerate and overpromise. Smart, skeptical journalist like Michael Hiltzik and the reporters at the Gawker remnants have taken any claim from Elon Musk with a grain or two (or 20) of salt.

4. That said, in recent years things have gotten much, much worse. Musk has gone from overselling feasible technology and possibly viable business plans to pitching proposals that are incredibly unlikely then supporting them with absurdly unrealistic estimates and sometimes mere handwaving.


I haven’t paid Musk much attention, to be honest. I’m not sure point 2 has much weight: building successful businesses isn’t about radical technological advances; often, those two are opposed, because RTAs are costly and pay off slowly. (Mark has other points to make too, though.)
link to this extract

Trump, Scott Walker to reveal Foxconn factory plans in Wisconsin • CNBC

Justin Solomon and Anita Balakrishnan:


Apple-supplier Foxconn will announce a plant in Wisconsin on Wednesday evening, accompanied by President Donald Trumpand Wisconsin Gov. Scott Walker, a source with knowledge of the announcement told CNBC.

U.S. House Speaker Paul Ryan, R-Wis., will also be present at the announcement in Washington, a source said. No exact location for the plant has been chosen — but the area of southeast Wisconsin between Milwaukee and Chicago is under consideration, according to a source.

A source said that seven states were considered for the expansion, but Wisconsin appears to be a preliminary winner, and Ohio is a contender. About 10,000 jobs could be created.

The Wall Street Journal reported that Foxconn may be eyeing a new U.S. plant for display panels.

Foxconn is also known as Hon Hai Precision, a longtime supplier to Apple and other electronics companies that has come under scrutiny in the past over labor practices in China. It is unclear if Apple is involved in Wednesday’s announcement.


link to this extract

How Jony Ive masterminded Apple’s new headquarters • WSJ

Christina Passariello:


In the early days of planning, Ive and [Steve] Jobs shared “drawings, books, and created expressions of feelings,” says [Jobs’s widow Lauren] Powell Jobs, who often witnessed the longtime partners collaborating. Some principles were a given, such as the belief that natural light and fresh air make workers happier and more productive. The prototyping prerequisite made for a logical match with Foster + Partners, which also practices modeling and prototyping. Norman Foster visited Ive in his top-secret design studio during one of their early meetings. It emerged that the two design gurus have other interests in common, including a love of the work of English painter Bridget Riley, whose graphic black-and-white art plays tricks on the mind.

From the beginning, Ive had an “absolute obsession with the idea that it was built like a product, not like a piece of architecture,” says industrial designer Marc Newson, one of Ive’s oldest friends, who has contributed to Apple designs in recent years.

Ive takes a subtly British dig at other tech campuses sprouting across Silicon Valley. “A lot of the buildings that are being built at the moment are products of software-only cultures,” says Ive. “Because we understand making, we’ll build [a prototype] and try it and use it, and see what works and what doesn’t.” Facebook commissioned Frank Gehry to make its headquarters, with unfinished plywood walls and cables and cords that dangle from the ceiling. Bjarke Ingels’s and Thomas Heatherwick’s plan for Google’s new campus calls for a giant metal roof canopy.

Ive was used to taking on projects in new domains—such as music players and smartphones—so designing a campus didn’t feel like a leap. In fact, Ive thinks the line separating product design from architecture shouldn’t be so rigid. Architecture is “a sort of product design; you can talk about it in terms of scale and function and materials, material types,” he says. “I think the delineation is a much, much softer set of boundaries that mark our expertise.”

…The desire for light and air, crossed with the need for enough density to house 12,000 employees, gave shape to Apple Park’s main building. Ive, tracing an infinity sign in the air, says they considered complex forms, including a trilobal design, a sort of giant fidget spinner. Ultimately they decided that only a ring shape could give the feeling of being close to the elements.


link to this extract

Decoding the Enigma with Recurrent Neural Networks • Github

Sam Greydanus:


Now we’re ready for something a lot more complex: the Nazi Enigma. Its innards consisted of three rotating alphabet wheels, several switchboards, and ten cables. All told, the machine had 150,738,274,900,000 possible configurations!

How the Enigma works. Note that the three wheels can rotate as the decoding process unfolds

Background. Breaking the Enigma was an incredible feat – it even inspired the 2014 film The Imitation Game starring Benedict Cumberbatch as Alan Turing. Turing was one of the most important figures in the project. He also introduced the notion of Turing-completeness. In an ironic twist, we’ll be using a Turing-complete algorithm (the LSTM) to decode the Enigma.

We’ll train the model on only one permutation of switchboards, cables, and wheels. The keyword, then, is three letters which tell the model the initial positions of the wheels.

Basic training objective where “EKW” is the keyword. The keyword defines the initial positions of the three alphabet wheels

Making it happen. I synthesized training data on-the-fly using the crypto-enigma Python API and checked my work on a web-based Enigma emulator. I used each training example only once to avoid the possibility of overfitting.

The model needed to be very large to capture all the Enigma’s transformations. I had success with a single-celled LSTM model with 3000 hidden units. Training involved about a million steps of batched gradient descent: after a few days on a k40 GPU, I was getting 96-97% accuracy!


Greydanus has done a lot of interesting stuff in this space. He’s an undergraduate physics student at Dartmouth College in the US. His next project: trying to get RNNs to decode RSA-encoded text.
link to this extract

Biased AI is a threat to civil liberties. The ACLU has a plan to fix it • FastCo Design

Diana Budds:


The ACLU is primarily concerned with three areas where AI is at work: criminal justice; equity as it relates to fair housing, fair lending, and fair credit; and surveillance. The partnership is nascent, so the organization is still formulating exactly how it will address these themes. For starters, it will launch a fellowship related to AI and form working groups around these areas. It will also host workshops to help determine its position on these issues–like, for instance, how to frame questions that arise as municipalities begin to adopt AI and how to support civil liberties advocates as they look to the ACLU for guidance on how technology should be restricted, deployed, or designed.

Goodman points out that as AI matures and becomes more affordable, more organizations and jurisdictions are incorporating it into their practices, opening up the floodgates for more bias to enter society. “We’re at the [AI] adoption moment,” she says. “In some ways we’re at the beginning of the new era where the rules of the road are being established with respect to how AI is involved with government.”


Particularly worrying are the uses of AI in policing, sentencing, financing and lending. All are likely to increase any biases if they use the existing systems – which, in general, are biased against minorities.
link to this extract

Google Pixel 2 ditching 3.5 mm headphone jack, if these CAD renders are accurate • AndroidAuthority

“Team AA”:


The devices in the renders clearly adhere to Google’s design language, featuring that unmistakable two-piece back plate, and circular rear fingerprint scanner. They don’t differ too much from last year’s iterations in terms of appearance, though there are some new additions, namely, front-firing stereo speakers and an all-new camera.

It had been speculated that the new Pixel phones, or at least the larger XL variant, would come with dual cameras. This doesn’t seem to be the case, and instead, it looks like they will feature a large, single lens. This should provide for some exceptional photo quality, if its anything like the original Pixel’s camera, but some might be disappointed to see that it protrudes slightly from the handset’s body.

Now, here’s the real interesting part. Remember how Google took a jab at Apple’s removal of the 3.5 mm headphone jack last year in its Pixel commercial? Well, it appears that the search giant has ditched the 3.5 mm standard this year and went with just a single USB Type-C port. We hope that this means the new Pixel duo will be IP68-certified, because, otherwise, a lot of fans will probably be outraged.


If – and it’s always a big if with “renders” – this is the case, how are people going to use their corded headphones? Will there be a USB-C-to-3.5mm adapter in the box? But if there is, does that save on the expense of the 3.5mm socket? Apple has the advantage that (1) it has a line of Bluetooth headphones – more than one if you include Beats (2) its margins mean it could afford to include a Lightning-to-3.5mm adapter with every iPhone 7. That’s not the same for Google, even on the Pixel, because its volumes are so small in comparison.

Possibly Google has decided that the Pixel is used far more in modern cars (have Bluetooth) and at home (with Bluetooth speakers) and that if you use corded headphones it’s time to move on. If, of course, “the renders” are correct.
link to this extract

Creating the honest man • Süddeutsche Zeitung

Kai Strittmatter:


China’s future is already being rehearsed here. Rongcheng is one of three dozen pilot projects in China. In this town, they are creating the honest man. “People first need to gain an understanding of what we’re doing here,” Director Huang Chunhui says in Rongcheng. The Office of Honesty goes by another name these days, he explains, because “as we went along, we noticed that the name was somehow too vague”. So Huang now heads the “Office of Creditworthiness”. They are working on fine-tuning the system. Director Huang draws an egg on a piece of paper, cutting off the top and bottom of the egg with a stroke of his pen. “This is society,” he says. “At the top, you’ve got model citizens. And at the bottom, you’ll find the people that we need to educate.”

Then he explains the system. Each company and person in China is to take part in it. Everyone will be continuously assessed at all times and accorded a rating. In Rongcheng, each participant starts with 1000 points, and then their score either improves or worsens. You can be a triple-A citizen (“Role model of Honesty”, with more than 1050 points), or a double-A (“Outstanding Honesty”). But if you’ve messed up often enough, you can drop down to a C, with fewer than 849 points (“Warning Level”), or even a D (“Dishonest”) with 599 points or less. In the latter case, your name is added to a black list, the general public is informed, and you become an “object of significant surveillance”. This is how the Rongcheng municipality’s handbook “Administrative Measures for the Trustworthiness of Natural Persons” describes it.

“Mr. Director,  what type are you then?” “Hmm”, he answers. “The last time I checked, I think I was triple-A.” He rummages through his wallet and pulls out a plastic card. “Here is the ID for our public bicycle rental system. As a triple-A citizen, I don’t have to pay a deposit and can ride a bicycle for an hour and a half free of charge.” One of his employees rushes to his side and cites the system’s founding document from 2014: ““Allow the trustworthy to roam everywhere under heaven while making it hard for the discredited to take a single step”. The director nods.


Yes, it is like the Black Mirror “Nosedive” episode – except that that didn’t include government oversight, which is implied here. (Via Nick Carr, whose analysis is also worth reading.)
link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up: Google’s growth struggle, ding dong Flash!, linkrot measured, FFVII unfinished, and more

Google is getting into nuclear fusion. Photo by carrierdetect on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 14 links for you. Save some for lunch. I’m @charlesarthur on Twitter. Observations and links welcome.

Alphabet Q2 earnings: stock slides • Business Insider

Steve Kovach:


Alphabet’s overall revenue topped expectations thanks in part to growth in the “other revenues,” the division of Google which includes segments like the hardware and cloud businesses.  Other revenues were $3.09bn in Q2, up from $2.17bn in the year-ago quarter.

Porat cited strength in Google’s cloud business, as well as sales of its new Home smart speaker and wifi products.

But revenue growth in Google’s core online search advertising business decelerated during the quarter, as the company pays larger amounts of money to partners that deliver traffic to Google’s search engine, including Apple’s iPhone. 

Net revenue for Google’s ad business, which excludes the fees paid to partners, was up 16% during the second quarter, a slowdown from the roughly 20% net revenue growth that Google logged in the year ago period. 

Macquarie analyst Schachter pointed to the Q2 net revenue as a “meaningful deceleration.” It’s not the end of the world, Schachter said, but it illustrates the changes to Google’s business model as more and more of its search traffic now comes from mobile devices like iPhones that require Google to share some of the revenue.


“Traffic acquisition costs” are starting to rise, which isn’t good for profitability. YouTube seems like the saviour as the rest of the ad business peaks. Meanwhile, there’s still the worry about further fines from the EU.
link to this extract

Why Google Fiber failed to disrupt the ISPs • The Ringer

Victor Luckerson:


On Tuesday, Greg McCray stepped down as CEO of the company’s ISP business (now formally housed under Access, a subsidiary of Google parent company Alphabet). His departure comes just nine months after Craig Barratt left the same role. Meanwhile, the Access division has faced staffing cuts, and aggressive plans to expand to more cities are on hold indefinitely. Google Fiber began as an experiment, then briefly seemed poised to grow into a legitimate contender against the ISP incumbents. But today it serves as proof that providing high-speed wired internet is a losing proposition, even for one of the world’s wealthiest companies…

…Fiber always had a too-good-to-be-true allure that fascinated journalists, excited local communities, and annoyed competitors (“We’ll be watching your next move from our rear view mirror,” AT&T said in a surprisingly salty blog post last summer).


I think it’s that “too good to be true” element which drew so much attention. But the business just didn’t make sense.
link to this extract

Google enters race for nuclear fusion technology • The Guardian

Damian Carrington:


Google and a leading nuclear fusion company have developed a new computer algorithm which has significantly speeded up experiments on plasmas, the ultra-hot balls of gas at the heart of the energy technology.

Tri Alpha Energy, which is backed by Microsoft co-founder Paul Allen, has raised over $500m (£383m) in investment. It has worked with Google Research to create what they call the Optometrist algorithm. This enables high-powered computation to be combined with human judgement to find new and better solutions to complex problems.

Nuclear fusion, in which atoms are combined at extreme temperatures to release huge amounts of energy, is exceptionally complex. The physics of nuclear fusion involves non-linear phenomena, where small changes can produce large outcomes, making the engineering needed to suspend the plasma very challenging.

“The whole thing is beyond what we know how to do even with Google-scale computer resources,” said Ted Baltz, at the Google Accelerated Science Team. So the scientists combined computer learning approaches with human input by presenting researchers with choices. The researchers choose the option they instinctively feel is more promising, akin to choosing the clearer text during an eye test.


Never going to be against investment in fusion. Bring it on.
link to this extract

Adobe will kill Flash web browser technology in 2020 • CNET

Stephen Shankland:


The Flash Player has been there for you all along, inside your browser, making it possible for you to play online games, stream radio station music and watch YouTube videos. But after a two-decade run, Adobe is killing it off.

Countless nails have been hammered in Flash’s coffin in recent years, most notably by Apple’s Steve Jobs and also by Adobe itself. Now, though, there’s a date for the funeral: Dec. 31, 2020.

Flash has been a website workhorse — online gaming site Kongregate has more than 100,000 Flash games — but don’t fret over the demise of the pioneering software. It’s more appropriate to rejoice, since the software today is a security risk and major source of browser crashes.

“I am glad Adobe is ending Flash’s life. It has honestly made the web a worse place for more than a decade,” said Creative Strategies analyst Ben Bajarin.

Indeed, Adobe’s move is momentous enough that the biggest names in web tech – Apple, Google, Facebook, Mozilla and Microsoft – coordinated announcements to tell us what’s going on and to reassure us all that it’s going to be fine.


Of the many Flash obituaries, Shankland’s is the most comprehensive both about future and history.
link to this extract

Despite Charlie Gard’s tragic story, we must respect the process of our courts • The Guardian

Ian Kennedy:


Around 20 years ago, I was just about to leave for the airport in Auckland when I got a call from some lawyers. It was 7am. Would I meet them urgently in half an hour to advise on a case? I said of course, provided I could catch my plane.

A boy had suffered a catastrophic injury while being operated on: his neck had been broken. Though alert and talkative, he was paralysed. His parents had told his doctors that they wanted care to be withdrawn (he was on a ventilator) so that he could die peacefully. He wasn’t terminally ill, but they thought it best given what the future would hold.

There was no precedent in New Zealand. My advice was that the parents’ views were not the last word; the lawyers should go to court, ensure that the child was separately represented by a lawyer, and that the only question for the court was what was in the child’s best interests. The advice was followed. The child was made a ward of court, was cared for and lived on.

I’m sure that those who have involved themselves in the case of Charlie Gard would applaud what happened in Auckland. But if they do, they would also have to acknowledge a number of things that have been part of our approach to the care of children since the 19th century.


The Charlie Gard case has seen some of the worst reporting in ages, because it mixes three things: a complex disease that few understand; an infant unable to represent themselves in any way; a “miracle cure” being held out as a hope. (In reality, the “cure” hadn’t even been tested on mice, let alone humans, and the doctor involved made no effort to acquaint himself with the detail despite invitations from Gt Ormond St since January.)

This piece makes terrific points – the overarching one being that children are not property and parents do not have rights over them; they have duties towards them.
link to this extract

Modelling information persistence on the web • ResearchGate

Daniel Gomes and Mario Silva, in 2006:


Models of web data persistency are essential tools for the design of efficient information extraction systems that repeatedly collect and process the data. This study models the persistence of web data through the measurement of URL and content persistence across several snapshots of a national community web, collected for 3 years. We found that the lifetimes of URLs and contents are modelled by logarithmic functions.


If like me you were interested by the piece about how milliondollarhomepage is seeing linkrot, you might find this old piece entertaining. Still needs a modern update.
link to this extract

LG Display to take on Samsung as it lifts OLED investment • Reuters

Joyce Lee:


LG Display Co Ltd outlined plans to invest $13.5bn to boost output of organic light-emitting diode (OLED) screens over the next three years, aiming to cement its lead in big panels for TVs and make inroads against rival Samsung in smartphone displays.

The investment plans, roughly 25% more than its usual capital spending on an annual basis, also signal that the South Korean firm is shifting its focus to OLED from liquid crystal displays (LCDs) as demand for thinner and more flexible panels surge, analysts said.

LG Display is the world’s No. 1 LCD maker for televisions and also manufactures nearly all large OLED screens for televisions globally. But it has barely a foothold in the market for OLED smartphone screens where rival Samsung Display, a unit of Samsung Electronics, has a more than 90 % share…

…Its planned 15 trillion won investment over three years implies an average of 5 trillion won in capital spending per year, above its usual 4 trillion won, but analysts said it will probably not be enough.

“For small and mid-sized OLED, it is expected to receive additional investment from somewhere else, perhaps Apple,” said Lee Min-hee, analyst at Heungkuk Securities.


LG clearly wants that OLED money; and that’s clearly what our smartphones and TVs are going to use in the near future.
link to this extract

The truth about Trump and deregulation • Bloomberg

Cass Sunstein:


whatever the White House says, there’s a big difference between eliminating potential ideas for the future and actually removing regulations from the books.

To appreciate the difference, consider another development last week that received hardly any attention. Trump’s Environmental Protection Agency proposed to leave an important Obama administration air pollution regulation entirely untouched.

In 2010, the EPA finalized a rule designed to reduce health risks from nitrogen oxides. 1 Scientific evidence showed that people with asthma, children and older adults face significant risks from exposure to levels of nitrogen oxides that exceeded the 2010 standard. In view of that, and the legal issues that would be triggered by an effort to reverse the Obama-era rule, it was a lot easier for Trump’s EPA to stick with it than to try to loosen it.

There’s a broader lesson here. Whenever agencies want to cut regulations, they have to go through the same time-consuming processes that govern the issuance of regulations in the first place.

Under the Administrative Procedure Act, agencies must begin with a formal proposal to eliminate the rule. The proposal has to offer a new analysis of the law and the evidence. That takes a while to produce — often two months and possibly much longer.

After the proposal comes out, the Administrative Procedure Act requires a period for public comment. Under existing executive orders, that period will usually last for at least two months. If the issues are complicated, the public is going to demand and probably get more time — potentially as much as six months.

After the comments come in, some of the hardest work begins.


“Getting rid of regulations” is easy to say, much harder to justify and do.
link to this extract

One man’s two-year quest not to finish Final Fantasy VII | The New Yorker

Simon Parkin:


In 2012, David Curry, a thirty-four-year-old cashier from Southern California, came across a post on an online forum by someone who went by the handle Dick Tree. It contained a herculean proposal: Tree planned to play the 1997 video game Final Fantasy VII for as many hours as it took to raise the characters to their maximum potential, without ever leaving the opening scene, which unfolds in a nuclear reactor. Final Fantasy VII is a role-playing game, a form popularized in the nineteen-seventies by Dungeons & Dragons, in which players’ feats—beasts felled, maidens wooed—are quantified with “experience points.” Accrue enough of these points, and your character ascends a level, at which point it confronts stronger opponents worth more points. Curry estimated that, even playing for a few hours every day, Tree’s attempt to raise a character to Level 99 by fighting only the game’s weakest enemies would take more than a year to complete.

Nevertheless, Tree attracted a following of forum users, including Curry, who cheered the project on and watched it unfold in sporadic posts. Over time, Curry told me recently, Tree’s updates became more infrequent. After two years, Tree stopped altogether. “I got fed up with Dick Tree,” he said. “So I declared that I would do it myself.”


Wonderful (long) piece.
link to this extract

Only 26% of internet users in Morocco own a PC/laptop • Global Web Index


Today we begin a short series of charts examining digital consumers within four countries that have been added to our Core research program – Ghana, Kenya, Morocco and Nigeria. We begin by delving into one of the most striking differences in device usage between these markets and the global picture – the minor role played by PCs and laptops.


You might say “not surprising”, but it’s useful to keep in mind – especially when you look at the smartphone penetration.
link to this extract

The government should fight ‘corporate villainy’ in tech, Senator Cory Booker says • Recode

Eric Johnson:


“We’ve got to start having a conversation in this country: How are we going to measure the success of the tech sector?” [Democratic senator] Booker asked. “Is it by its ability to create a small handful of billionaires, or the ability for us to create pro-democracy forces — empowering individuals, improving quality of life, improving financial security, expanding opportunity — the kind of things we want largely for democracy?”

Booker compared the size and power of Silicon Valley to Wall Street and indicated that he’d like to see America being more aggressive, like the E.U., which levied a $2.7 billion fine levied on Google last month.

“We have regulatory agencies that just aren’t doing their jobs,” Booker said. “You see this with big banks. The entire crisis we just came through, what’s amazing to me is we haven’t learned the lessons and we’re not protecting the consumer.”

“So should the U.S. government take a look at Google?” Romm asked.

“I think the U.S. government absolutely should take a look at Google,” Booker said.

“On grounds for an antitrust case?”

“I think the U.S. government should be far more active in antitrust actions because when they have taken actions, it’s often created collateral benefits to society.


link to this extract

The actual truth behind the guy who got stuck in an ATM • Cracked

Robert Evans:


This makes it sound as if a clumsy, oafish ATM repairman bumbled into a little room behind the ATM and closed the door behind himself without thinking, stammering, “Oh shit!” between ponderous mouthfuls of of hoagie.

The reality was less hilarious. James was working on an ATM at a bank that was still under construction. The door didn’t lock behind him; it got jammed up with debris. “It was actually stuck on some of the metal and some of the screws.”

The true story makes James sound less like Mr. Magoo and, well, substantially more hardcore. “I tried everything else. I tried setting off alarms and whatnot. At the end I was just thinking I had to get out of there soon. So I’m yelling at people, ‘Hey, I’m in there, can you get me out,’ and they all would leave. That happened four or five times.”

See, this was a drive-up ATM, and the sounds of people’s engines would drown out James’ frantic shouting. He’d left his phone charging in his car, so he couldn’t call for help. He quickly realized that his only method of communicating with the outside world was the ATM’s receipt slot.

“As they’re making transactions, I’m seeing the receipts come out. And I just felt to myself, I gotta find some paper, make a note. Normally I don’t have a pen on me. I did have my knife, I figured if I just cut myself, I could write like that.” But before he had to resort to writing in his own blood like Sideshow Bob, James found a dried-out sharpie on the ground. He sucked on the end to wet the ink and wrote out his now-infamous note:

The first people he slid a note to assumed this was a prank: “I guess they giggled and took off on me. I guess they thought it was a joke.”


link to this extract

Windows 10 is making too many PCs obsolete • Computerworld

Steven J. Vaughan-Nichols:


Microsoft released its latest Windows 10 update earlier this year. The name, Creators Update, makes it sound bigger than it is; it’s really a minor step forward. But about 10 million Windows 10 customers have to face up to an unpleasant surprise: Their machines can’t update to Creators Update.

That’s how many poor sad sacks bought a Windows 8.x laptop in 2013 or 2014 with an Intel Clover Trail processor. Any of them who have tried to update their PC with the March 2017 Creators Update, version 1703, had no success and were presented with this message: “Windows 10 is no longer supported on this PC.” Boy, that must have been fun!

Not the end of the road for your three-year-old machine, though. I mean, you could always keep running the last version of Windows 10 on your PC. It wasn’t as if you went directly to a permanent blue screen of death. And anyway, Microsoft eventually backed off some, announcing that, while you can’t update those machines, you can still get security patches.

Now, that’s one giant corporation with a big heart.


This is a weird story – on a par with “Apple’s new software will make your old phone obsolete”. Every update is going to leave some machines behind. If the security updates are there, what’s the worry?

link to this extract

Roomba vacuum maker iRobot could sell spatial mapping data to smart home companies • VentureBeat | AI | by Reuters

Jan Wolfe:


So-called simultaneous localization and mapping (SLAM) technology right now enables Roomba, and other higher-end Robovacs made by Dyson and other rivals, to do things like stop vacuuming, head back to its dock to recharge and then return to the same spot to finish the job.

Guy Hoffman, a robotics professor at Cornell University, said detailed spatial mapping technology would be a “major breakthrough” for the smart home.

Right now, smart home devices operate “like a tourist in New York who never leaves the subway,” said Hoffman. “There is some information about the city, but the tourist is missing a lot of context for what’s happening outside of the stations.”

With regularly updated maps, Hoffman said, sound systems could match home acoustics, air conditioners could schedule airflow by room and smart lighting could adjust according to the position of windows and time of day.

Companies like Amazon, Google and Apple could also use the data to recommend home goods for customers to buy, said Hoffman.

One potential downside is that selling data about users’ homes raises clear privacy issues, said Ben Rose, an analyst who covers iRobot for Battle Road Research. Customers could find it “sort of a scary thing,” he said.

Angle said iRobot would not sell data without its customers’ permission, but he expressed confidence most would give their consent in order to access the smart home functions.


The water in the pot of privacy gets just a notch warmer.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up: Rock on Siri, save Snopes!, drone registration, the fake ad crackdown, bendy tablets!, and more

A third of the milliondollarhomepage’s links are dead, after 12 years. How much longer for the rest? Photo by Fabs:) on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. That’s the way the cookie grumbles. I’m @charlesarthur on Twitter. Observations and links welcome.

A million squandered: the “Million Dollar Homepage” as a decaying digital artifact • Library Innovation Lab

John Bowers:


Internet links are not always permanent. As pages are deleted or renamed, backends are restructured, and domain namespaces change hands, previously reachable content and resources can be replaced by 404 pages. This “link rot” is the target of the Library Innovation Lab’s project, which allows individuals and institutions to create archived snapshots of webpages hosted at a trustable, static URLs.

Over the decade or so since the Million Dollar Homepage sold its last pixel, link rot has ravaged the site’s embedded links. Of the 2,816 links that embedded on the page (accounting for a total of 999,400 pixels), 547 are entirely unreachable at this time. A further 489 redirect to a different domain or to a domain resale portal, leaving 1,780 reachable links. Most of the domains to which these links correspond are for sale or devoid of content.


Diamonds are forever. The rest can forget it. An interesting graph would be how rapidly those links have decayed over time: you could figure out a half-life for any link, and hence how long Alex Tew (who came up with the idea) is going to have to keep the page going.
link to this extract

New Apple ad does some voice-first education with The Rock and Siri • TechCrunch

Matthew Panzarino:


How do you teach people to use an interface that’s invisible? That’s been the marketing communications problem for Apple since the day Siri became the first big mass-market voice assistant.

They’ve taken stab after stab at it. The splash page that offers Siri suggestions if you activate it and don’t say anything. TV spots; tool tips; App Store promotions and interviews you may or may not have read about how much work they’re putting into Siri. They’re all an attempt to get you beyond the basic timer and weather queries.

And, more recently, they’re an effort to acclimate iPhone users to the idea that Siri represents all of the various applications of Apple’s AI and ML work — beyond the vocal personality most people have come to associate with Siri.

The penetration of Siri as “that thing you ask things on your phone” is incredibly broad but very shallow. And true, consistent, daily utility is how you get people hooked on a platform.

Put plainly: Apple needs to teach people how capable Siri is of helping them on a daily basis.

This time around, it has enlisted Dwayne Johnson, AKA The Rock, our current action movie king and future president.


Ah, you laugh at that final phrase, but 20 years from now… anyway, here’s the ad.
link to this extract

Fundraiser by David Mikkelson : Help save! • GoFundMe

», which began as a small one-person effort in 1994 and has since become one of the Internet’s oldest and most popular fact-checking sites, is in danger of closing its doors. So, for the first time in our history, we are turning to you, our readership, for help.

Since our inception, we have always been a self-sustaining site that provides a free service to the online world: we’ve had no sponsors, no outside investors or funding, and no source of revenue other than that provided by online advertising. Unfortunately, we have been cut off from our historic source of advertising income.

We had previously contracted with an outside vendor to provide certain services for That contractual relationship ended earlier this year, but the vendor will not acknowledge the change in contractual status and continues to essentially hold the web site hostage.


Scary (and strange. Here’s what the dispute is about.). Make a donation. Not hard, and helps spread factual accuracy.
link to this extract

Drones must be registered, and owners have to pass safety test • Ars Technica UK

Sebastian Anthony:


Drone owners must register their drones and take a safety test, under new rules announced by the UK government.

The mandatory registration and competency test applies to any drone larger than 250 grams, which includes all but the smallest of “toy” drones and super-light racing drones. For example, the DJI Spark that we recently reviewed weighs 300g.

As with most new government rules, there are very few details of how or when these rules will actually be implemented. Registration at least should be fairly easy: “Users may be able to register online or through apps, under plans being explored by the government.”

The government has outlined what it hopes to achieve with the competency testing—”to prove that [drone owners] understand UK safety, security and privacy regulations”—but no word of how the test will be distributed or invigilated. I can’t imagine it’ll involve a sit-down exam; it feels more like a multiple-choice test that could be done through a website or app.

The government also wants to expand the use of geofencing, where drones sold in the UK are pre-programmed with the GPS coordinates of sensitive locations: airports, prisons, football stadia, governmental buildings, etc. If a drone hits one of these areas, it simply refuses to go any further. If you’re already inside a geofenced area, the drone might refuse to take off in the first place.


Not surprised by this: there will be wannabe terrorists who will have noted how Isis used drones in Iraq and Syria as flying, targeted bombs. And there are also idiots who just use them too close to places where they create danger.
link to this extract

If you track it, the results will come • The Ascent on Medium

Adam Kruger:


A few months ago, I realized that I wasn’t satisfied with where I was in life and wanted to do something about it. The only problem was that the gap between where I was and where I wanted to be seemed daunting. That’s why I decided to start taking small steps towards big change in my life*. On March 11, 2017, I began making at least one change in my life each day.

*Note: if you improve yourself by 1% every day for an entire year, you will grow by 38x (1.01³⁶⁵=37.8)

Here’s what the journey has looked like so far:
• 11-Mar-17: Starting taking cold showers (for the last 60 seconds)
• 12-Mar-17: Set goal of learning one new song per week on the guitar
• 13-Mar-17: Started listening to Audiobooks at 3–4x the speed
• 14-Mar-17: Started keeping my shoes organized
• 15-Mar-17: Decided to learn to juggle, practicing a few min daily
• 16-Mar-17: Began reading 3 book summaries (~10 min each) daily
• 17-Mar-17: Limit eating out to bare minimum, learn new recipe weekly
• 18-Mar-17: Limit alcohol to a bare minimum
• 19-Mar-17: No more snoozing alarm clocks, no more than 7 hrs sleep/night
• 20-Mar-17: Build tracker for bills as a reminder
• 21-Mar-17: Limit TV usage to 2 hours per day…


And hilariously on it goes, with the 24 July entry reading “Start using a workout journal at the gym to better track/evaluate progress”. You weren’t doing that already? But I love the idea that someone thinks that having a cold shower (for 60 seconds a day) will end up making them 38 times “better”. Better than what?
link to this extract

Google finding bogus ads on programmatic exchanges • Business Insider

Mike Shields:


The digital-advertising industry is looking to stamp out bogus ad inventory, like websites that claim to be premium brands but are actually sites the average person hardly ever visits.

Google, with help from some media giants, is taking the lead. The company is pushing an industry initiative called ads.txt that’s aimed at wiping out fraud that’s dubbed ‘spoofing’ by the industry. Spoofing encompasses the variety of ways ad buyers can be tricked into paying for space they’re not getting. For example, spoofers can buy cheap ad space, from a low-quality site, on an exchange and then falsely list it as space on a premium site — like, say,— at a higher price. The ad in question will never run on, though.

It’s all enabled by the prevalence of programmatic ads, which are placed by algorithms and purchased on exchanges, rather than through direct negotiation with a publisher.

Yet spoofing is even starting to affect publishers that don’t even sell ads via programmatic channels. Several publishers say they’ve been hearing from ad buyers that their ads are for sale on various ad exchanges, even though these companies didn’t work with any ad exchanges to sell advertising.


Much more detail in the piece. This might begin to root out the problem – which is widespread.
link to this extract

Next leap for robots: picking out and boxing your online order • WSJ

Brian Baskin:


Picking is the biggest labor cost in most e-commerce distribution centers, and among the least automated. Swapping in robots could cut the labor cost of fulfilling online orders by a fifth, said Marc Wulfraat, president of consulting firm MWPVL International Inc.

“When you’re talking about hundreds of millions of units, those numbers can be very significant,” he said. “It’s going to be a significant edge for whoever gets there first.”

Until recently, robots had to be trained to identify and grab each item, which is impractical in a distribution center that might stock an ever-changing array of millions of products.

Automation companies such as Kuka AG, Dematic Corp. and Honeywell International Inc. unit Intelligrated, as well as startups like RightHand Robotics Inc. and IAM Robotics LLC are working on automating picking.

In RightHand Robotics’ Somerville, Mass., test facility, mechanical arms hunt around the clock through bins containing packages of baby wipes, jars of peanut butter and other products. Each attempt—successful or not—feeds into a database. The bigger that data set, the faster and more reliably the machines can pick, said Yaro Tenzer, the startup’s co-founder.

Hudson’s Bay is testing RightHand’s robots in a distribution center in Scarborough, Ontario.

“This thing could run 24 hours a day,” said Erik Caldwell, the retailer’s senior vice president of supply chain and digital operations, at a conference in May. “They don’t get sick; they don’t smoke.”


I’m puzzled. Don’t such objects have barcodes? Can’t robots read barcodes? Aren’t many objects packed inside boxes? (OK, not condiments, etc.) This is a problem which was being worked on back in the early days of machine vision, 50 years ago.
link to this extract

Domestic brands captured 87% of the Chinese smartphone market in Q2 2017 • Counterpoint Research


Research Director, Neil Shah noted, “We are nearing the time where the days of easy growth are over for Huawei, OPPO, vivo and Xiaomi in China. The competitive landscape is converging as all the top four Chinese brands have reached a steady and dominant position in a very slow growing market. The race for the top two spots is always up for grabs as one misstep can push a brand easily two spots behind.

“The comeback of Xiaomi from the declining spiral has made the market further competitive and almost a zero-sum game. The dip in performance by either of brand could affect their global performance. As a result, we believe heavily China-dependent brands such as OPPPO, vivo and Xiaomi will be aggressive in expanding their reach beyond China during the second half of this year. India, South Asia and Africa will be the key focus geographies to drive additional scale and market share to make up any dip in domestic market.”


China is about 30% of the global smartphone market; GfK, another research company, reckons that 110m handsets were sold there in the second quarter.

Apple (8.2%) and Samsung (3%) are the only two non-Chinese brands with any substantial presence. Quite which non-Chinese brands get the other 1.8% of sales is left to the reader to puzzle over.

The convergence of growth rates though suggests that things could quickly consolidate around Huawei, Oppo and vivo. Xiaomi could go up or down.
link to this extract

Hands-on video shows Lenovo Folio bendable tablet working fully • Pocket-lint

Rik Henderson:


Chinese manufacturer Lenovo has been working on several tech concepts that will reimagine current gadgets. It recently revealed a bendable laptop during an event in New York that can be rolled to transport. And it has discussed bendy tablet formats in the past.

Now it has shown one of the latter and, instead of folding in on itself as you’d expect, the Lenovo Folio concept device folds over with the screen on the outside.

A video of the concept was posted online by Mobile China, on Chinese video site Youku. It shows someone going hands-on with the working prototype, which does indeed fold in the middle to give two separate screens – one either side of the bent device.

The prospective uses of such a device are yet to be fully explored, although we can see in the video that, as well as provide screens for user and separate viewer, it can also bend back into a larger tablet form and continue to be used in that more standard way.


The initial temptation is to say “the uses are the same as a tablet”, but one can see the potential to have something phone-sized in your pocket which you can then open out and use as a full(er)-sized tablet. Could be big. Could vanish.
link to this extract

I trained an A.I. to generate British placenames • Medium

Dan Hon:



• Find a list of British placenames. Here’s one you can download as a CSV. You just need the names, so strip out all the other columns. To save some time, you can use the one I prepared earlier.
• Pick a multi-layer recurrent neural network to use. The first time I did this, Karpathy’s char-rnn was all the rage, this time I used jcjohnson’s torch-rnn.
• If you’re using a Mac, don’t bother trying to get OpenCL GPU support working. I wasted 3 hours. Just use crisbal’s CPU-based docker image. (If you know what you’re doing, then you’re already comfortable doing this all on AWS or you’ve got an nVidia GPU).
• Follow jcjohnson’s instructions in the readme (pre-process your data, etc.)
• Go and have a cup of tea while you train your model.
• “Mess around” with the temperature when you sample based on your model.
• Take a look at some of my favourite neural network generated British placenames (and if you’d like more, here’s 50,000 characters worth).


Generates: Stoke Carrston, Elfordbion, Hevermilley, Ell, Elle’s Chorels, Eller’s Green, Heaton on Westom, Hadford Hill…

One feels this could be useful for authors or filmmakers.
link to this extract

If GoDaddy can turn the corner on sexism, who can’t? • The New York Times

Charles Duhigg with a fascinating tale of how a company that used to run really sexist ads changed its culture:


Some of the problems applicants and workers faced were subtle. For years, for instance, GoDaddy’s job descriptions were needlessly aggressive, saying the company was looking for “rock stars,” “code ninjas,” engineers who could “knock it out of the park” or “wrestle problems to the ground.”

Moreover, when GoDaddy’s human resource department began reviewing how the company analyzed leadership capacities, it found that women systematically scored lower because they were more likely to emphasize past team accomplishments and use sentences like “we exceeded our goals.” Men, in contrast, were more likely to use the word “I” and stress individual performance.

“There’s a lot of little things people don’t usually notice,” said Katee Van Horn, GoDaddy’s vice president for engagement and inclusion. “But they add up. They reinforce these biases you might not even realize you have.”

GoDaddy began focusing on countering these biases, assessing the company’s hiring, employee evaluations and promotions. In particular, executives scrutinized employee reviews, which evaluated workers using questions similar to those found at many companies: Does this person reply to emails promptly? Have they sought leadership roles? Have they shown initiative?

“We realized a lot of those are invitations for subjectivity,” said Ms. Van Horn.

GoDaddy’s data indicated that women tended to systematically be scored lower than men on communication, in part because they were more likely to be a family’s primary parent, and so were more likely to be off email in the early evening during homework and bedtime hours.

“And the more important question isn’t whether someone responds to email right away,” said Ms. Van Horn. “It’s what they say, whether their responses have impact. We shouldn’t be judging people based on how fast they communicate. We should be looking at whether they achieved the goals set for them.


As much as anything, the ads turned off the people they needed to target – small business owners, who are often women.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up: Clifford Stoll got it right, swiping in iOS 11, ARKit!, Microsoft v Fancy Bear, and more

Does this look like a promising avenue for a hack to you? Photo by haleyhughes on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Augment that if you dare. I’m @charlesarthur on Twitter. Observations and links welcome.

A smart fish tank left a casino vulnerable to hackers • CNN

Selena Larson:


Hackers attempted to steal data from a North American casino through a fish tank connected to the internet, according to a report from security firm Darktrace.

Despite extra security precautions set up on the fish tank, hackers still managed to compromise the tank to send data to a device in Finland before the threat was discovered and stopped.
“Someone used the fish tank to get into the network, and once they were in the fish tank, they scanned and found other vulnerabilities and moved laterally to other places in the network,” Justin Fier, director for cyber intelligence and analysis at Darktrace, explained to CNN Tech.

As internet-connected gadgets and appliances become more common, there are more ways for bad guys to gain access to networks and take advantage of insecure devices. The fish tank, for instance, was connected to the internet to automatically feed the fish and keep their environment comfortable — but it became a weak link in a the casino’s security.

The unnamed casino’s rogue fish tank is one of nine unusual threats that Darktrace identified on corporate networks published in a report Thursday.


link to this extract

IoT thermostat bug allows hackers to turn up the heat • Newsky Security blog

Ankit Anubhav:


With the ever-increasing impact of smart and connected devices in our daily lives, Cybersecurity has a variety of security challenges to deal with. The field of traditional computer security deals with a myriad of issues like data theft or sabotage. However, when it comes to IoT security, the consequences of a successful attack can be even more diverse. In this post, we discuss an IoT Smart Thermostat bug and how a hacker leveraged it to raise the control temperature by 12C (~22F) degrees.


Turns out to be pretty straightforward. Shodan, the search engine that lets you search for IoT systems, is something of a hazard in that respect. The bug has been patched, but it won’t be the last.
link to this extract

In 1995, this astronomer predicted the Internet’s greatest failure • Medium

Rob Howard:


The problem for the people who chose to troll [Silicon Snake Oil author Clifford] Stoll, however, is that a lot of his predictions and criticisms of the web were spot on. Read this quote from 1995, and tell me it couldn’t be written (and praised) today:

“Your word gets out, leapfrogging editors and publishers. Every voice can be heard cheaply and instantly. The result? Every voice is heard. The cacophony more closely resembles citizens band radio, complete with handles, harassment, and anonymous threats. When most everyone shouts, few listen.”

This was written in reference to Usenet, an early Internet message board, but could apply to Twitter, Reddit, and countless other social platforms today without changing a single character. A few months ago, Ev Williams, the founder of Medium and co-founder of Twitter, said almost the exact same thing:

“I thought once everybody could speak freely and exchange information and ideas, the world is automatically going to be a better place. I was wrong about that.”

In the same article, Williams told The New York Times: “The Internet is broken.” If only someone had seen this coming.

As a scientist, Stoll had been using forms of the Internet since its inception in the ’70s. He wasn’t off-base in calling it a “wasteland of unfiltered data.” He was 20 years ahead of his time.


I interviewed Stoll at the time of Silicon Snake Oil; there wasn’t any agreement on whether the internet was a good or bad thing. For most people it was barely a “thing” at all.
link to this extract

iOS 11: An alternative to swiping notifications, and why Apple changed this behavior • Finer Things in Tech

David Chartier on a UI change in iOS 11 which at first seems peculiar:


In iOS 11’s Notification Center, Apple removed the ability to swipe left on a notification in order to reveal buttons for Clear and View. I found an alternative. I think I know why Apple changed this behavior, and I like it better now.

The solution: 3D Touch or tap-and-hold.

Previously, swiping left on a notification felt slightly problematic. It was sometimes easy to swipe too far or not far enough, resulting in unintended behavior.

In iOS 11, you can either 3D Touch a notification or, for those on devices without 3D Touch, including iPads, tap-and-hold. This has two advantages.

First, the notification is now displayed with all available functionality. Instead of having to choose whether to clear or interact with the notification (say, to reply to a message or mark a task complete), you now get to see the notification’s full content, all available actions, and a convenient and easy to tap (X) in the upper right of the notification box.


I think the second advantage is easier navigation. Now, a swipe left anywhere in Notification Center results in launching the Camera app. A swipe right anywhere takes you to the Today widget page. From my testing, it seems impossible now to accidentally swipe a notification when you wanted the camera, and vice versa.


This makes sense. What you don’t want in an interface is ambiguity, or being able to do two different things through the same action: it confuses people.
link to this extract

ARKit Furniture dropping app; ARKit direction demo • Made With ARKit


ARKit Furniture dropping app, by Asher Vo.

But you might find the Starbucks one more interesting – if you assume this is how it would look through glasses. Don’t want to be walking along with this on your phone, ideally.


link to this extract

Putin’s hackers now under attack—from Microsoft • Daily Beast

Kevin Poulsen:


Last year attorneys for the software maker quietly sued the hacker group known as Fancy Bear in a federal court outside Washington DC, accusing it of computer intrusion, cybersquatting, and infringing on Microsoft’s trademarks.  The action, though, is not about dragging the hackers into court. The lawsuit is a tool for Microsoft to target what it calls “the most vulnerable point” in Fancy Bear’s espionage operations: the command-and-control servers the hackers use to covertly direct malware on victim computers.  These servers can be thought of as the spymasters in Russia’s cyber espionage, waiting patiently for contact from their malware agents in the field, then issuing encrypted instructions and accepting stolen documents.

Since August, Microsoft has used the lawsuit to wrest control of 70 different command-and-control points from Fancy Bear. The company’s approach is indirect, but effective. Rather than getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been taking over the Internet domain names that route to them. These are addresses like “livemicrosoft[.]net” or “rsshotmail[.]com” that Fancy Bear registers under aliases for about $10 each.  Once under Microsoft’s control, the domains get redirected from Russia’s servers to the company’s, cutting off the hackers from their victims, and giving Microsoft a omniscient view of that servers’ network of automated spies.

“In other words,” Microsoft outside counsel Sten Jenson explained in a court filing last year,  “any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server.”


link to this extract

Should you force quit your iOS apps? Let’s look at the data • BirchTree

Matt Birchler decided that this needs some SCIENCE:


I first closed all apps on my iPhone 7 Plus to get a good base line. I then launched 50 apps and closed them as soon as they finished opening. These apps ranged from Facebook to Twitter to Google Photos to Snapchat and many more. It was a wide range of apps, and I tried to get a good spread of apps most people would use. I waited 2 minutes for all apps to finish any last second background functions, and then started recording CPU usage in Instruments on my Mac. I recorded for 15 minutes.

Next, I closed all apps from the multitasking screen. I then turned off the screen and waited 2 more minutes for any “straggling” tasks to complete. I then started recording the phone’s CPU usage again with Instruments for Mac. The test ran for 15 minutes and I saved all the data to a CSV.

I used Instruments’ Activity Monitor and CPU Activity Log tools for these specific tests.

I ran this test 2 more times to confirm these results were not anomalies. Subsequent testing resulted in nearly identical results…

…there is little difference in the CPU usage between either test. Each test had a few spikes in usage over the test, each about 10 minutes apart.

The test with all apps closed had both the biggest spike in CPU usage, hitting 68% CPU for a few seconds. It also had the highest continuous minute of usage from the 13:57-14:57 time codes, 42%.

Average CPU usage over the 15 minute spans was:

• All apps closed: 7.321%
• Zero apps closed: 7.929%


Turns out Wi-fi uses 3x more CPU than all 50 apps. Want to save battery life? Turn that off when you don’t need it.
link to this extract

Fitbit hit with lawsuit over haptic feedback patents • ReadWrite

David Curry:


Fitbit has been hit with a lawsuit from Immersion, a developer of haptic feedback technology, claiming that the Alta HR and Charge 2 maker has infringed on its patents.

Immersion asks for Fitbit to cease manufacturing of all infringing devices, which, we suspect, includes all fitness trackers currently on the market. Fitbit makes use of haptic feedback for notifications, breathing exercises, and touch control, found on all trackers.

“We are disappointed that Fitbit rejected our numerous attempts to negotiate a reasonable license for Fitbit’s products, but it is imperative that we protect our intellectual property both within the U.S. and through the distribution chain in China,” said Immersion CEO, Victor Viegas.

It should be noted it is not the first time Immersion has taken a large tech company to court over haptic feedback technology. In 2016, it took Apple to court over its 3D Touch technology; some media outlets have labelled Immersion a patent troll.


Yet more problems for Fitbit.
link to this extract

Burglary, robbery, kidnapping and a shoot-out over… a domain name?! • The Register

Kieren McCarthy:


A home break-in that resulted in two men being shot – one of whom was later charged with burglary, robbery and kidnapping – was the result of a domain name dispute, cops have said.

Sherman Hopkins, 43, broke into a house in Cedar Rapids, Iowa, America, last month armed with a gun, it is alleged. Rather than making off with some jewelry or a flatscreen TV, however, it is claimed Hopkins confronted the owner – 26-year-old Ethan Deyo – and, at gunpoint, attempted to get him to transfer a domain name to an unnamed third party.

“Hopkins forced Deyo to log on to his computer and tried to coerce Deyo to transfer a domain name,” a criminal complaint filed this week by the Linn County Attorney’s Office states, although it fails to say what the domain name was.

We called the police department and asked. They wouldn’t tell us the name but noted it was “valuable.” “We will release the name of the domain after our investigation is complete,” a police spokesman told The Register.

Right now, the cops are looking into the details of the third person that Deyo was asked to transfer the name to and whether that person “had an influence” on Hopkins’ alleged behavior.


“Had an influence” 👀
link to this extract

Vinod Khosla: Venture capital has less sexual harassment than other industries • Recode

Theodore Schleifer:


To hear Vinod Khosla tell it, sexual harassment isn’t quite as common in venture capital as you might think.

As a spate of allegations rock the business, Khosla said he was “a little surprised” by the revelations, but is still arguing that venture capital is relatively a safer space for women than other fields are today.

“I did not know that there was any discrimination,” Khosla said, adding that it was “rarer than in most other businesses.”

“I’ve never done a statistical survey,” Khosla admitted to an audience at a trade event in Palo Alto Thursday evening. But he said he is quizzing women about their experiences and it was nevertheless his “impression” that the problem was not quite as prevalent as a percentage as it is in other industries, such as autos or finance.

Harassment allegations have already ejected two prominent venture capitalists from rival firms in recent weeks, and firms today describe an industry on edge and waiting for more shoes to drop.


I’m betting that Khosla’s wrong.
link to this extract

People who tried to take panorama shots and ended up opening the gates of hell • Sad And Useless

We’ll try just one. There are many.

link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up: Citymapper’s (K)Night Rider, Twitter’s abuse numbers, dark web goes darker, and more

Why is it Netflix makes money, while Spotify loses it, when they’re growing at the same rate? Photo by Javier Dominguez Ferrero on Flickr

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

CM2- Night Rider, our first ££ commercial bus route • Citymapper

Citymapper is starting a night bus, after analysing peoples’ travel needs and where they go. It’s all mod cons; looks very swish. And for the international readers:


Note to Silicon Valley: it’s a social hyper-local multi-passenger pooled vehicle
Our geo-matching technology routes the multi-seated vehicles to specially calculated lat long locations, which optimise the boarding of multiple homosapiens with varied demographics, while minimising waiting times, leading to efficient overall ETAs.

Note to rest of the world: it’s a bus
A proper bus, since this is a busy route. We will use bus stops just like any other bus. We will operate hop on hop off just like any other bus. The buses will be green though of course.


But all of it is worth a read. Going from a free app to a paid-for bus is a neat idea.
link to this extract

Twitter touts progress combating abuse, but repeat victims remain frustrated • Buzzfeed

Charlie Warzel:


It’s been just over seven months since Twitter pledged to move faster to combat the systemic abuse problem that has plagued it for a decade, and the company claims to have made dramatic improvements in that time.

In a Thursday blog post by Ed Ho, Twitter’s general manager of the consumer product and engineering groups, the company said that users are “experiencing significantly less abuse on Twitter today than they were six months ago.” The company also touted, for the first time, statistics about its progress on combating abuse. According to Ho, Twitter is “taking action on 10x the number of abusive accounts every day compared to the same time last year” and has limited account functionality and suspended “thousands more abusive accounts each day” compared to the same time last year.

Twitter claims this uptick in account suspensions and limitations is changing the behavior of its most contentious users. According to Ho, 65% of limited accounts are only suspended once for rules violations; after Twitter limits or suspends accounts for a brief time (and explains why), these users “generate 25% fewer abuse reports.”

Lastly, the company said that it has seen evidence that its biggest anti-abuse feature — customized muting and algorithmic filtering tools — is “having a positive impact.” According to Ho, “blocks after @mentions from people you don’t follow are down 40%.”


Also not having an amazingly divisive election going on helps.
link to this extract

Fitbit chief confident new smartwatch will deliver • FT

Tim Bradshaw:


Fitbit’s forthcoming smartwatch will feature more precise GPS tracking, a music player and new biometric sensors, according to chief executive James Park, who insisted that the product remained “on track” despite reports of delays.

Over the longer term, the device could pave the way for new medical applications that would require regulatory approval, Mr Park told the Financial Times, as the company looked to make its wearable technology a “must-have” for consumers by becoming more integrated into the healthcare system.

“The product is on track to meet our expectations and the expectations that we’ve set for investors,” Mr Park said. “It’s going to be, in my opinion, our best product yet.”

The long-awaited smartwatch, which analysts expect to go on sale this year, is a make-or-break product for Fitbit as it faces a resurgent Apple Watch and lower-cost competition from China.


link to this extract

Intel eliminates wearables division • CNBC

Christina Farr:


Intel has axed the division that worked on health wearables, including fitness trackers, according to a person familiar with the matter.

The company has been slowly de-emphasizing its own line of wearables for the past several years, and has not mentioned wearables on its earnings calls since 2014.

In November, TechCrunch reported that the company was planning to take a step back from the business after its acquisition of the Basis fitness watch didn’t pan out as expected. Intel denied at the time that it was stepping back.

But a source told CNBC that the chip maker in fact let go about 80% of the Basis group in November. Many of the people were given the opportunity to relocate to other parts of the business.

About two weeks ago, Intel completely eliminated the group, this person said. The company’s New Technologies Group, which looks at cutting-edge business areas, is now focusing on augmented reality, another source told CNBC.


Anyone get the impression wearables are harder than they look?
link to this extract

Here’s Spotify’s biggest problem – in a Netflix-shaped nutshell – Music Business Worldwide

Tim Ingham:


Netflix’s average monthly subscriber spend has been calculated by taking the firm’s total subs revenue at the end of Q4 of each year, then dividing it by the firm’s total paying subscriber count in the same period – and then splitting by three to give a mean monthly average. Spotify’s has been worked out slightly differently: dividing its total annual subscription revenue with its subscriber base at the end of December in each case.

On Spotify’s side, this gives us an inevitably low-end approximation of Average Revenue Per Subscriber (ARPS), but it’s still within the realms of accuracy.

So, science done… back to ‘Netflix up, Spotify down’. Here’s the line graph that gave us our headline above. Just look at the difference between 2012 and 2016.

Interestingly, in 2016, Netflix raised its prices – moving up its standard HD subscription charge in the US from $9-a-month to $10-a-month. Alongside this move, the company brought in an SD subscription tier at $8-a-month, while also launching an ultra-HD tier at $12-a-month. These new prices, and the opportunity to upsell customers to an ultra-HD/4K package, explains the near-dollar rise in ARPS in the chart above. (In Q4 2016, Netflix’s streaming operation generated $2.35bn, up 41% YoY.) Recent reports suggest more Netflix price hikes could be on the way later this year.

Remember: Netflix and Spotify are now growing at almost exactly the same rate of 10m net subscriber additions every six months. But only one of these companies is pushing the average spend of these new customers further and further down.

Guess what? It’s the one that’s losing money.


Netflix’s advantage is in the points at the end: it can upsell customers to higher-quality video. Nobody cares about higher-quality sound. (Except you, fine, but it’s only you.) Spotify has tiered pricing for desktop-only and mobile, but beyond that it’s stuffed. Netflix has many more ways to make money, and so profit, from the same piece of content.
link to this extract

National Audit Office confirms that police, banks, Home Office pass the buck on fraud • Light Blue Touchpaper

Ross Anderson on the NAO’s report which points out that online fraud is a big problem:


I’m afraid that the NAO’s recommendations are less impressive. Let me give an example. The main online fraud bothering Cambridge University relates to bogus accommodation; about fifty times a year, a new employee or research student turns up to find that the apartment they rented doesn’t exist. This is an organised scam, run by crooks in Germany, that affects students elsewhere in the UK (mostly in London) and is netting £5-10m a year. The cybercrime guy in the Cambridgeshire Constabulary can’t do anything about this as only the National Crime Agency in London is allowed to talk to the German police; but he can’t talk to the NCA directly. He has to go through the Regional Organised Crime Unit in Bedford, who don’t care. The NCA would rather do sexier stuff; they seem to have planned to take over the Serious Fraud Office, as that was in the Conservative manifesto for this year’s election.

Every time we look at why some scam persists, it’s down to the institutional economics – to the way that government and the police forces have arranged their targets, their responsibilities and their reporting lines so as to make problems into somebody else’s problems. The same applies in the private sector; if you complain about fraud on your bank account the bank may simply reply that as their systems are secure, it’s your fault. If they record it at all, it may be as a fraud you attempted to commit against them. And it’s remarkable how high a proportion of people prosecuted under the Computer Misuse Act appear to have annoyed authority, for example by hacking police websites. Why do we civilians not get protected with this level of enthusiasm?


link to this extract

Facebook exec Campbell Brown: we are launching a news subscription product • TheStreet

Leon Lazaroff:


A week after publishers asked Congress for an anti-trust exemption to negotiate collectively with large platforms, specifically Facebook and Alphabet’s Google (GOOGL) , Brown, the head of the company’s news partnerships, said Facebook will launch a subscription-based news product with initial tests beginning in October.

The feature appears to be built on top of Facebook’s Instant Articles, which aggregates stories from hundreds of publishers based on a reader’s interests and preferences. In addition to steering readers to a publisher’s home page to consider taking out a digital subscription, Facebook plans to erect a paywall which would require readers to become subscribers of the platform after they’d accessed 10 articles, Brown said.

“One of the things we heard in our initial meetings from many newspapers and digital publishers is that ‘we want a subscription product — we want to be able to see a paywall in Facebook,'” Brown said at the Digital Publishing Innovation Summit, an industry conference, in New York City on July 18. “And that is something we’re doing now. We are launching a subscription product.”

The paywall idea is based on premium and metered plans and has been in the works for a while, Brown said.


This will work fine as long as nobody can access free content elsewhere on Facebook. That will happen, right?
link to this extract

US, Europol, and Netherlands announce shutdowns of two massive dark web markets • Motherboard

Joseph Cox:


Robert Patterson, deputy administrator of the Drug Enforcement Administration, also confirmed that Alexandre Cazes—who was arrested in Thailand July 5 and was found dead while jailed there—was the suspected administrator of AlphaBay.

The Dutch police force Politie led the investigation into Hansa, and gained control of the market after the arrest of two staff members in Germany.

“The fall of Hansa Market is the culmination of an infiltration operation, the Dutch police in June had management control of the marketplace,” a Google translation of the Politie press release reads. It adds that the authorities intercepted tens of thousands of unencrypted messages, which allowed investigators to identify delivery addresses. “Some 10,000 foreign addresses of buyers [of] Hansa Market are transferred to Europol,” the release reads.

In an ironic twist, when AlphaBay closed, many users migrated to Hansa, which was already under the control of the authorities.

AlphaBay launched in December 2014, around a year after law enforcement seized the original Silk Road marketplace. After the administrators of Evolution, another marketplace, seemingly disappeared with millions of dollars worth of their users’ bitcoins, AlphaBay quickly became the dominant dark web trading site. Nicolas Christin, a researcher from Carnegie Mellon University who has followed the dark web marketplaces closely, told Motherboard in an email on Thursday he estimated the AlphaBay was generating revenue of between $600,000 and $800,000 a day in 2017.


Closing down one site and catching all the people migrating to the next – where they would give their real(ish) details to receive goods – is good coordination. To the question “why not just track where stuff is going, since you can see the address, and arrest people individually?” the answer is probably (1) don’t want to be dealing illegal stuff (2) very labour-intensive to do that, and you’d have to give evidence in court of how you know to arrest someone. No word from the government(s) on how they infiltrated the sites; probably through zero-day exploits.

There’s also an FBI press release which mentions DRUGS, so there you go.
link to this extract

I’m a scientist. I’m blowing the whistle on the Trump administration. • The Washington Post

Joel Clement was director of the Office of Policy Analysis at the US Interior Department for seven years – and then was moved abruptly to an unrelated job “in the accounting office that collects royalty checks from fossil fuel companies”:


On Wednesday, I filed two forms — a complaint and a disclosure of information — with the U.S. Office of Special Counsel. I filed the disclosure because eliminating my role coordinating federal engagement and leaving my former position empty exacerbate the already significant threat to the health and the safety of certain Alaska Native communities. I filed the complaint because the Trump administration clearly retaliated against me for raising awareness of this danger. Our country values the safety of our citizens, and federal employees who disclose threats to health and safety are protected from reprisal by the Whistleblower Protection Act and Whistleblower Protection Enhancement Act.

Removing a civil servant from his area of expertise and putting him in a job where he’s not needed and his experience is not relevant is a colossal waste of taxpayer dollars. Much more distressing, though, is what this charade means for American livelihoods. The Alaska Native villages of Kivalina, Shishmaref and Shaktoolik are perilously close to melting into the Arctic Ocean. In a region that is warming twice as fast as the rest of the planet, the land upon which citizens’ homes and schools stand is newly vulnerable to storms, floods and waves. As permafrost melts and protective sea ice recedes, these Alaska Native villages are one superstorm from being washed away, displacing hundreds of Americans and potentially costing lives. The members of these communities could soon become refugees in their own country.


Trump got 51.3% of votes cast in Alaska in November 2016, slightly increasing the margin from 2012.
link to this extract

Public service announcement: you should not force quit apps on iOS • Daring Fireball

John Gruber:


The single biggest misconception about iOS is that it’s good digital hygiene to force quit apps that you aren’t using. The idea is that apps in the background are locking up unnecessary RAM and consuming unnecessary CPU cycles, thus hurting performance and wasting battery life.

That’s not how iOS works. The iOS system is designed so that none of the above justifications for force quitting are true. Apps in the background are effectively “frozen”, severely limiting what they can do in the background and freeing up the RAM they were using. iOS is really, really good at this. It is so good at this that unfreezing a frozen app takes up way less CPU (and energy) than relaunching an app that had been force quit. Not only does force quitting your apps not help, it actually hurts. Your battery life will be worse and it will take much longer to switch apps if you force quit apps in the background.

Here’s a short and sweet answer from Craig Federighi, in response to an email from a customer asking if he force quits apps and whether doing so preserves battery life: “No and no.”


I think that of all the misconceptions around iOS (well, computing misconceptions; there are plenty of business ones which need not detain us for now), this is the most pervasive, most persistent, and most rooted in behaviour learnt from past computing paradigms. Of course on your PC you free up more memory and so give programs more room to breathe by force-quitting unused apps. Obviously.

This is a remarkable aspect of iOS: it is essentially a mainframe OS (BSD Unix) which has been tweaked to do this. (Android, as Gruber notes, hasn’t been tweaked in this way, which is why iOS runs rings around it on a “multiple loop app test”.)
link to this extract

‘Samsung not enthusiastic about AI speaker’ • Korean Investor

Shin Ji-hye:


Samsung Electronics may not launch an artificial intelligence speaker anytime soon due to marketable issues, said a source familiar with the matter. 

There has been growing speculation over whether Samsung will soon roll out an AI speaker, following reports of its development of one powered by voice assistant Bixby. The project codenamed Vega has reportedly progressed for more than a year.

“Samsung currently does not view Al speakers as marketable, as the global market is already dominated by unbeatable Amazon and the Korean market is too small to make profits,” an anonymous source told The Korea Herald.

The global AI speaker market is currently dominated by Amazon Echo, which has a more than 70% share. There is also the emerging player Google Home. The Korean market is dominated by SK Telecom’s NUGU with around 100,000 units of sales.

“More importantly, Samsung cannot afford to focus on the uncertain market, as most of its AI specialists – whose number is much less than that of the US tech giants – are currently going all out to develop the Bixby version in English,” the source said. 


That’s gone from “floated as an idea” to “shot down” in about a week. A new record?
link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up: Amazon’s music challenge, spotting photo fakes, Apple patents Siri dock, and more

Mozilla wants to create an open-source speech recognition database. But why, exactly? Photo by royalconstatinesociety on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Peu de trop. I’m @charlesarthur on Twitter. Observations and links welcome.

Ethereum co-founder says crypto coin market is a timebomb • Bloomberg

Camila Russo:


Initial coin offerings, a means of crowdfunding for blockchain-technology companies, have caught so much attention that even the co-founder of the ethereum network, where many of these digital coins are built, says it’s time for things to cool down in a big way.

“People say ICOs are great for ethereum because, look at the price, but it’s a ticking time-bomb,” Charles Hoskinson, who helped develop ethereum, said in an interview. “There’s an over-tokenization of things as companies are issuing tokens when the same tasks can be achieved with existing blockchains. People are blinded by fast and easy money.”

Firms have raised $1.3 billion this year in digital coin sales, surpassing venture capital funding of blockchain companies and up more than six-fold from the total raised last year, according to Autonomous Research. Ether, the digital currency linked to the ethereum blockchain, surged from around $8 after its ICO at the start of the year to just under $400 last month. It’s since dropped by about 50 percent.

Hoskinson, who runs technology research firm IOHK, is part of a growing chorus of blockchain watchers voicing concern about the rapid surge in cryptocurrency prices and digital coin crowdsales that have collected millions of dollars in minutes. Regulation is the biggest risk to the sector, as it’s likely that the U.S. Securities and Exchange Commission, which has remained on the sidelines, will step in to say that digital coins are securities, he said.


link to this extract

Can you tell whether this photo has been manipulated? • Science | AAAS

Giorgia Guglielmi:


If you were fooled by the recent photo of Donald Trump and Vladimir Putin having an intense discussion at the G20 summit, don’t feel bad. In a recent study people were only able to spot faked images 60% of the time. And almost half of the time they were not able to tell where an image had been altered, researchers report today in Cognitive Research: Principles and Implications.

To conduct the research, scientists sourced 10 photos from Google and altered six of them with image editing software. Then they asked more than 700 volunteers whether the images had been manipulated. Here’s one: 

Is this photo manipulated? (If you go to the article, you can click on it to find out.)

In a second experiment, the scientists developed an online test to judge people’s ability to locate manipulations. They asked participants to tell where an image had been manipulated, regardless of whether people said the image had been altered in the first place.


I’d say 60% is quite high for spotting fakes – usually these things are off and around the internet before anyone has queried them. (I’m terrible at spotting them.) The paper, linked, is educational.
link to this extract

Ransomware attack puts KQED in low-tech mode • San Francisco Chronicle

Marissa Lang:


The journalists at San Francisco’s public TV and radio station, KQED, have been stuck in a time warp.

All Internet-connected devices, tools and machinery have been cut off in an attempt to isolate and contain a ransomware attack that infected the station’s computers June 15. More than a month later, many remain offline.

Though the stations’ broadcasts have been largely uninterrupted — minus a half-day loss of the online stream on the first day of the attack — KQED journalists said every day has brought new challenges and revealed the immeasurable ways the station, like many businesses today, has become dependent on Internet-connected devices.

“It’s like we’ve been bombed back to 20 years ago, technology-wise,” said Queena Kim, a senior editor at KQED. “You rely on technology for so many things, so when it doesn’t work, everything takes three to five times longer just to do the same job.”


Notable that the only computer being used in the story is a Mac. Externalities of Windows are multifarious.
link to this extract

Apple granted patent on smart dock with Siri and wireless charging • The Verge

Chaim Gartenberg:


Apple was granted a new patent this week, one that’s particularly interesting given Apple’s upcoming HomePod and rumors of a wirelessly charging iPhone 8: an iPhone dock that could have Siri and a wireless charger built in.

The patent, officially for a “Smart dock for activating a voice recognition mode of a portable electronic device,” is pretty broad. It covers a dock that could recognize that an iPhone had been placed into it and activate a microphone that could listen for voice commands to allow users to control a phone from across a room. In other words, it’s a Siri dock. The patent also covers multiple ways of charging said iPhone, including wireless charging, and describes docks that range just simple connectors with a microphone and speaker to full-fledged miniature computers with buttons and displays.

Now, before I go off into rampant speculation, it’s worth remembering that this is a patent, not an actual product announcement. But the interesting part is how this could tie in to Apple’s HomePod strategy.


So it’s the Apple iPod Hi-Fi living again?
link to this extract

Mozilla is crowdsourcing a massive speech-recognition system • Fast Company

Sean Captain:


From Amazon’s Alexa to Apple’s Siri, speech recognition and response are becoming mainstays of how we interact with computers, apps, and internet services. But the technology is owned by giant corporations. Now the Mozilla Foundation, maker of the free Firefox browser, is recruiting volunteers to train an open-source speech recognition system.

Project Common Voice recruits web surfers to spend a couple minutes reading sentences aloud and/or listening to other people’s recordings to check their accuracy. It’s a very minimal contribution for volunteers: Just read three sentences to help the system understand what everyday speech sounds like. No need to go to a soundproof room or get a high-quality microphone. “We want the audio quality to reflect the audio quality a speech-to-text engine will see in the wild,” reads the projects FAQ. “This teaches the speech-to-text engine to handle various situations—background talking, car noise, fan noise—without errors.

Mozilla is out to collect at least 10,000 hours to train a database that anyone can use for free.


Not quite sure who benefits from this. An open-source speech recognition system is only going to be as good as its training data – and it needs millions of peoples’ voices.
link to this extract

Amazon is now the 3rd biggest music subscription service • Music Industry Blog

Mark Mulligan:


At MIDiA we have long argued that Amazon is the dark horse of streaming music. That horse is not looking so dark anymore. We’ve been tracking weekly usage of streaming music apps on a quarterly basis since 2016 and we’ve seen Amazon growing strongly quarter upon quarter. To the extent that Amazon Music is now the 2nd most widely used streaming music app, 2nd only to Spotify which benefits from a large installed base of free users to boost its numbers. So, in terms of pure subscription services, Amazon has the largest installed base of weekly active users.

But it’s not just in terms of active users that Amazon is making such headway. It is racking up subscribers too. Based on conversations with rights holders and other industry executives we can confirm that Amazon is now the 3rd largest subscription service. Amazon has around 16 million music subscribers (ie users of Amazon Prime Music and also Amazon Music Unlimited subscribers). This puts it significantly ahead of 4th and 5th placed players QQ Music and Deezer and gives it a global market share of 12%.


Makes sense, if you assume people are playing music via their Echo device. And so of course all the use is concentrated in the Prime markets – US, UK, Germany, Japan – where it has 40m potential users.

Mulligan estimates there are 13m Echos in use. All of which could be good for Apple’s plan to get people to play music through a home smart speaker. Though it’s 13m behind. (There are about 125m households in the US, 27.1m in the UK, 37.5m in Germany, 49m in Japan. So a fair bit of room to expand into for everyone.)
link to this extract

Google to launch automated feed based on users’ interests • FT

Richard Waters:


Google took a step closer to competing with Facebook’s core news feed service on Wednesday as it announced a new automated “feed” of its own to deepen its connection with users on mobile devices.

Unlike the mobile feeds of services such Facebook and Twitter, however, Google’s version will be based entirely on what the company knows about its users’ interests rather than their social connections, drawing on the personalised data and technology platform already built to support its core search engine.

The Google feed will initially be available only on the company’s main mobile search app, though it will eventually also appear in browsers and on the page, said Ben Gomes, the company’s vice-president of engineering.

The prospect of preloading information on to the normally pristine search page echoes a shortlived attempt more than a decade ago to turn it into a home for personalised information.

The feed is designed to contain news and information tied to users’ interests, based on things they have searched for before. It will also draw on other things Google knows about its users, for instance serving up a range of information in anticipation of an upcoming trip.


The “shortlived attempt” would be iGoogle, launched in May 2005 and killed in November 2013 “because the company believed the need for it had eroded over time”. Nope.
link to this extract

Google Glass 2.0 is a startling second act • WIRED

Steven Levy:


The difference between the original Glass and the Enterprise edition could be summarized neatly by two images. The first is the iconic photo of Brin alongside designer Diane von Furstenberg at a fashion show, both wearing the tell-tale wraparound headband with display stub. The second image is what I saw at the factory where Erickson works, just above the Iowa state line and 90 miles from Sioux Falls, South Dakota. Workers at each station on the tractor assembly line—sporting eyewear that doesn’t look much different from the safety frames required by OSHA—begin their tasks by saying, “OK, Glass, Proceed.” When they go home, they leave their glasses behind.

These Jackson, Minnesota, workers may be onto something. A recent Forrester Research report predicts that by 2025, nearly 14.4 million US workers will wear smart glasses. It wasn’t referring to fashion runways. It turns out that with Glass, Google originally developed something with promising technology—and in its first effort at presenting it, failed to understand who could use it best and what it should be doing. Now the company has found a focus. Factories and warehouses will be Glass’s path to redemption.


It’s been selling by the hundred, apparently. A niche; even if that Forrester report pans out, don’t expect that Google will have the market all to itself. Though I’ve always said that Google Glass’s best chance was in the business, not consumer, market.
link to this extract

How I discovered the first big mobile privacy scandal • Motherboard

Alasdair Allan:


But as Pete [Warden] put it at the time, “The main reason we went public with this was exactly because it already seemed to be an open secret among people who make their living doing forensic phone analysis, but not among the general public.”

Apple’s immediate response to the story was also perhaps somewhat disingenuous. “The iPhone is not logging your location,” it said. “Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested.” This ignored that fact that if the phone is storing a list of access points and cell towers around your location then the center of those separate points will be a good approximation of your location. After all, that was the whole point of storing them in the first place. Contrary to Apple’s claims in its initial response, the phones continued to store location data even when location services were disabled…

…By 2013, Apple was still collecting location data. But this time they were exposing it in the user interface and allowing users to manage it. These days, locationgate wouldn’t even be a story.

Since then, people have become a lot more comfortable with the idea of sharing location data, while at the same time becoming a lot more nuanced about how that data is shared. Recent privacy scandals, such as when Uber updated its app asking users to share their location all the time, even when the app wasn’t running—is illustrative. People are OK with their phone tracking their location, but want control over how it’s shared.


I had the “newspaper” exclusive on this: Alasdair and Pete had an O’Reilly blogpost, and I had a Guardian article, and they went live at the same time. It was a huge, huge story at the time.
link to this extract

Bixby feels more like a return of the old Samsung than a path to the future – The Verge

Dan Seifert:


then there’s Bixby Voice, which is the heart of the Bixby experience. Samsung touts Bixby Voice as a way to interact with your phone more than a virtual assistant, but in reality, the line between the two is far blurrier than the company describes. You can ask Bixby Voice for weather information, facts, upcoming appointments, and so on. You know, all of the stuff that you can also ask the Google Assistant to do.

Bixby’s big difference, as Samsung would like you to believe, is that you can also ask Bixby to open apps and perform actions on your device. You can ask Bixby to open the settings app and turn up your screen’s brightness, or ask it to send the picture you’re looking at in the gallery app to your significant other through a text message. Ideally, it will do these things automatically, without requiring you to manually switch apps or type in a contact’s info.

But in practice, using Bixby Voice to do things on your phone is not any faster or easier than just tapping the touchscreen the old-fashioned way. It takes so long for Bixby Voice to launch (whether I press and hold the Bixby button to activate listening mode or use the “Hi Bixby” wake command) and hear what I’m saying that I could have performed the task three times by the time it has processed what I said and performed my action.

Further, there are many times when I ask Bixby to do something and it either doesn’t understand me or just doesn’t do what I expect it to. Just this morning I asked Bixby to “take a screenshot and share it to Twitter.” It got the screenshot part right, but then it attempted to share the image in a private DM conversation instead of a public tweet. I had to start the process all over again in order to do what I could have done manually the first time.

Basically, after weeks of using Bixby Voice, I still can’t trust that it will do what I want it to. That means that I won’t use it and will continue to use my phone the same way I always have. Trust will be even more important when Samsung brings Bixby to other appliances.


And he doesn’t have any in it. This is years late.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up: improving the Echo, block that form!, a week in (then out) of Soundcloud, Google blocks untrusted apps, and more

The UK government wants people to log onto porn with credit cards. Experts aren’t impressed. Photo by Sean MacEntee on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. How about that? I’m @charlesarthur on Twitter. Observations and links welcome.

Porn ID checks set to start in April 2018 – BBC News

Leo Kelion on the UK government’s proposals:


two experts who advised the government on its plans have expressed reservations about both how quickly the scheme is being rolled out and its wider implications.

“It seems to me to be a very premature date,” commented Dr Victoria Nash, lead author of a report commissioned in the run-up to the law being drafted. “The idea you can get a regulatory body up and running in that timeframe seems extraordinary to me. And while I don’t have a problem with asking these companies to act responsibly, I don’t see it as a solution to stopping minors seeing pornography.”

This, she explained, was because the act does not tackle the fact that services including Twitter and Tumblr contain hardcore pornography but will not be required to introduce age-checks. Nor, she added, would teens be prevented from sharing copied photos and clips among themselves.
“It may make it harder for children to stumble across pornography, especially in the younger age range, but it will do nothing to stop determined teenagers,” Dr Nash concluded.

One cyber-security expert on the same advisory panel was more critical. “The timeline is unrealistic – but beyond that, this is one of the worst proposals I have seen on digital strategy,” said Dr Joss Wright from the Oxford Internet Institute. “There are hundreds of thousands of websites where this material can be accessed and you are not going to catch all of those. There’s privacy issues – you’re requiring people to effectively announce the fact they are looking at this material to the credit card authorities.

“And there’s serious security issues from requiring people to enter their credit card details into untrusted sites.”


Credit card details and porn sites can lead to terrible results. Operation Ore was over 10 years ago. Its effects will linger.
link to this extract

Autonomous driving, parking and planning • DIGITS to DOLLARS

Jonathan Greenberg:


Beijing, like many rapidly growing cities, now has some formidable traffic problems. (We budgeted two hours between every meeting and found this left very little cushion for on-time arrivals.) But there is another problem with all those cars – where to put them. In recent years, we have watched with mounting horror the difficulties of parking in Beijing. We visited a shopping district in an office park far from the center of the city, and at lunch time cars were double and triple parked the length of the entire street.

If you scan the Internet you can find a whole literature about the amount of space given over to parking. Multi-car garages in the US can occupy a third of the house’s square footage. Add up the amount of land set aside for parking lots and curb parking, and then the necessary buffers, it is a staggering amount of space. In the US our cities are now planned for parking (except in San Francisco which has adopted a deliberate plan to reduce the amount of parking, which is a whole other topic). If cars were autonomous, we could radically reshape the way we build cities. We could make cities denser without making them feel more crowed. Walking around a suburb could become realistic. If we want to get fully Utopian, we could imagine the health benefits from this alone. A more quantitative approach would be to calculate the real estate savings alone from halving parking, an amount that is probably measured in hundreds of billions of dollars.

We readily admit that this is a bit of fantastical, but it is not wholly unrealistic.


link to this extract

Placeholders in form fields are harmful • Nielsen-Norman Group


Placeholder text within a form field makes it difficult for people to remember what information belongs in a field, and to check for and fix errors. It also poses additional burdens for users with visual and cognitive impairments…

Some forms replace field labels with in-field placeholder text to reduce clutter on the page, or to shorten the length of the form. While this approach is based on good intentions, our research shows that it has many negative consequences.

Worst: In this example, placeholder text is used instead of a label.

Below are 7 main reasons why placeholders should not be used as replacements for field labels.


They’re all good ones. You’ll recognise them when you see them.
link to this extract

Playing for third place • ZGP

Don Marti:


When we make decisions about how much user surveillance we’re going to allow on a platform, we’re making a political decision.

Anyway. “News Outlets to Seek Bargaining Rights Against Google and Facebook.”

The standings so far.

1) Shitlords and fraud hackers

2) Adtech and social media bros


News sites want to go to Congress, to get permission to play for third place in their own business? You want permission to bring fewer resources and less experience to a surveillance marketing game that the Internet companies are already losing?

We know the qualities of a medium that you win by being creepier, and we know the qualities of a medium that you can win with reputation and creativity. Why waste time and money asking Congress for the opportunity to lose, when you could change the game instead?

Maybe achieving balance in political views depends on achieving balance in business model. Instead of buying in to the surveillance marketing model 100%, and handing an advantage to one side, maybe news sites should help users control what data they share in order to balance competing political interests.


Brutal, but true.
link to this extract

My week at SoundCloud • Hacker Noon

Matthew Liam Healy started work in Berlin on the Monday:


Outside of the on-boarding, I was getting to know my team. Every single one of them was as friendly and helpful as you could possibly hope for. After three days with them I was already convinced this could be amongst the best teams I’ve ever worked on.

My formal induction into the team consisted of a few hours pair programming each day, and it was in the middle of one of these pairing sessions, on Thursday, that we got an email from Alexander Ljung, SoundCloud’s CEO. There would be a company “all hands” meeting at 4pm.
There had been a lot of jokes in my first week about potential acquisitions. Everyone’s heard the Spotify rumour, the Google rumour, and, more recently, the Deezer rumour. I also heard jokes about Disney, about IBM, and about Apple. So when the meeting was called, we all assumed we knew what was going on. SoundCloud was being acquired.

I had actually been through an acquisition before, when an agency I had just started working for was bought by its biggest client. It had gone pretty well for me then, and I was excited to see what might happen now.

So we made a few jokes, and kept on coding. I did a few TDD loops in an attempt to tackle a crash bug that had just been found in an alpha release. Basically things continued as normal until the meeting.

The minute Alex said the business was pivoting to focus more on creators, I knew I was gone. I was hired to the iOS Listening team, to work on features for listeners. Plus, German law concerning layoffs has something of a last-in-first-0ut flavour to it. He said those affected would receive meeting invites, and then not two minutes later the meeting invite popped up on my Apple Watch.

I love my Watch, but it’s not a great way to find out you’re losing your job.


Very strange how it was hiring even as it was about to chop a ton of jobs. Or was it trying to get a lot of people on board ahead of an expected acquisition so it could seem to be cutting effectively to its prospective acquirers?
link to this extract

BP looks to big data to help weather weak oil price • FT

Andrew Ward:


BP is aiming to raise its data storage capacity from about 1 petabyte — equivalent to 20m four-drawer filing cabinets filled with documents — to 6PB by 2020 as the group integrates machine learning and artificial intelligence into its operations.

More than 99% of oil and gas wells operated by BP around the world are equipped with sensors that produce a constant flood of real-time data on production performance as well as the condition of infrastructure, Mr Hashmi said. This information is fed into a cloud-based storage system which allows BP engineers anywhere in the world to access the information…

…Reliability of BP’s exploration and production facilities — measuring factors such as time lost to production stoppages — has increased from 88% in 2012 to 95% last year and Mr Hashmi said technology was the main reason. This had contributed to $7bn of annual cost savings by BP since 2014.

Among the innovations has been a “digital twin” system that allows BP engineers to test maintenance procedures and other critical engineering work using virtual reality before carrying out the work on real facilities.

In June, BP invested $20m in a Californian start-up called Beyond Limits, which is aiming to commercialise artificial intelligence technology developed for deep space missions by Nasa. Mr Hashmi said machine learning would allow BP to use accumulated data from drilling operations to improve speed and success rates in future wells.


“Digital twins” is an interesting twist. Basically scenario planning, but getting better and better.
link to this extract

G Suite Developers Blog: New security protections to reduce risk from unverified apps


We’re constantly working to secure our users and their data. Earlier this year, we detailed some of our latest anti-phishing tools and rolled-out developer-focused updates to our app publishing processes, risk assessment systems, and user-facing consent pages. Most recently, we introduced OAuth apps whitelisting in G Suite to enable admins to choose exactly which third-party apps can access user data.

Over the past few months, we’ve required that some new web applications go through a verification process prior to launch based upon a dynamic risk assessment.

Today, we’re expanding upon that foundation, and introducing additional protections: bolder warnings to inform users about newly created web apps and Apps Scripts that are pending verification.


This is in response to the Google Docs worm back in March, which was actually phishing for your email and password by being an application called “Google Docs”.

Google’s going to have a big “unverified app” screen, as above. Stable door and horses, in some instances.
link to this extract

Amazon’s next Echo will be more like Apple’s HomePod • Engadget

Devindra Hardawar:


The new Echo will be both shorter and slimmer than the original, almost as if it were three or four Echo Dots stacked on top of each other, our source claims. Amazon is also softening its design with rounded edges and a cloth-like covering, rather than the current Echo’s plastic shell and flat ends. And yes, it should sound better, too. The company is packing in several tweeters this time around, instead of just relying on one large tweeter and a woofer (for low end). The HomePod, in comparison, features seven tweeters, which is big reason why it sounded better than the Sonos Play:3 and the Echo in our brief demo.

Amazon is also improving the new Echo’s microphone technology, though it’s unclear how it’s doing so. The current model features an array of seven far-field mics, while the HomePod has six and Google Home has two. Amazon might be able to make improvements to the software and acoustic modeling — that’s how Google’s speaker manages to pick up your commands with far fewer mics. But given that Amazon helped to pioneer the use of far-field microphones in a home speaker, I wouldn’t be surprised if it managed to cram in some new hardware innovations.


Notable how the Echo, which is in millions of homes (Neil Cybart estimates it could have sold as many as 10m in 2016, and heading for 15m this year), is being compared to the HomePod, which isn’t even on sale yet. Brand power?
link to this extract

What If Big Oil’s bet on gas is wrong? • Bloomberg

Jack Farchy and Kelly Gilblom:


“Wind and solar are just getting too cheap, too fast” for gas to play a transitional role [between a majority of oil/coal power generation and a majority of renewable power generation], said Seb Henbest, lead author of the BNEF report.

The consultant estimates that onshore wind and solar power are already competitive with coal and gas in Germany, and that within five years they will be cheaper to build than new coal and gas plants in China, the U.S. and India. By the late 2020s, it will start to even be cheaper to build new onshore wind and solar power than run existing coal and gas plants.

The trends that are undercutting optimism about the global gas outlook are already playing out in Europe. Natural gas demand remains well below a 2010 peak, as greater energy efficiency, rapid adoption of renewables and resilient coal consumption cut into its market share.

The IEA does not see European gas demand returning to its 2010 high. In its base case scenario, European gas demand would be at the same level in 2040 as in 2020.

Still, most forecasts anticipate strong growth globally for natural gas demand for two decades or more. In the U.S., plentiful cheap supplies thanks to the shale boom helped gas displace coal as the primary fuel for power generation for the first time last year.


That graph tells the whole story, really. Renewables are racing ahead. This has significant implications for lots of things – particularly economies such as Russia, and the Middle East. You think we’ve seen political uncertainty? What happens when demand for oil and gas isn’t big enough to sustain those economies?
link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up: did UAE hack Qatar?, Pakistan’s font trouble, HTC sorry over ads, visualise Brexit!, and more

But what do all the logos mean? Don’t worry, there’s an app for that. Really. Photo by Stewf on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

(Hello, yes, this is the post you were warned might not happen, but it has happened, so there you go.)

A selection of 11 links for you. Ain’t that something? I’m @charlesarthur on Twitter. Observations and links welcome.

UAE orchestrated hacking of Qatari government sites, sparking regional upheaval, according to U.S. intelligence officials • The Washington Post

Karen DeYoung and Ellen Nakashima:


The United Arab Emirates orchestrated the hacking of Qatari government news and social media sites in order to post incendiary false quotes attributed to Qatar’s emir, Sheikh Tamim Bin Hamad al-Thani, in late May that sparked the ongoing upheaval between Qatar and its neighbors, according to U.S. intelligence officials.

Officials became aware last week that newly analyzed information gathered by US intelligence agencies confirmed that on May 23, senior members of the UAE government discussed the plan and its implementation. The officials said it remains unclear whether the UAE carried out the hacks itself or contracted to have them done. The false reports said that the emir, among other things, had called Iran an “Islamic power” and praised Hamas.

The hacks and posting took place on May 24, shortly after President Trump completed a lengthy counterterrorism meeting with Persian Gulf leaders in neighboring Saudi Arabia and declared them unified.

Citing the emir’s reported comments, the Saudis, the UAE, Bahrain and Egypt immediately banned all Qatari media. They then broke relations with Qatar and declared a trade and diplomatic boycott,


Way back when, we linked here to an early report noting that those at the sheik’s talk didn’t hear him say the things reported on the website.

The timing makes sense; the “US intelligence agencies” monitoring sounds like the NSA doing its job. So did Trump know this was going to happen? If not, he ought to have done, and should have been told by the NSA subsequently, surely.
link to this extract

A solar eclipse could wipe out 9,000 megawatts of power supplies • Bloomberg

Naureen Malik:


This rare event, during which the moon will completely obscure the sun, will cast a shadow along a 70-mile-wide (113-kilometer) corridor stretching from Oregon to South Carolina on Aug. 21. Based on a Bloomberg calculation of grid forecasts, more than 9,000 megawatts of solar power may go down. That’s the equivalent of about nine nuclear reactors.

A map of the United States showing the path of totality for the August 21, 2017 total solar eclipse.Source: NASA Scientific Visualization Studio

The impact is a testament to the ninefold increase in solar installed in the U.S. since 2012 and highlights the risks associated with relying on an intermittent resource such as the sun for power. The onslaught of wind and solar resources is already regularly contributing to wild swings in power supplies across grids, sending wholesale electricity prices below zero on some days.

On Thursday, PJM Interconnection LLC, operator of the nation’s largest power grid covering parts of the eastern U.S., estimated the eclipse could take out as much as 2,500 megawatts of solar generation on its system from about 1:30 p.m. to 3:40 p.m. North Carolina and New Jersey may bear the brunt because so many panels are installed in those states. PJM said rooftop solar panels will account for 80% of the anticipated outages.


I’ve heard that the earth completely obscures the sun for many hours a day, too, yet power supplies have generally managed to cope. This is a great attempt to connect the solar eclipse with solar power. It’s also desperate.
link to this extract

Laundry Day – Care Symbol Reader on the App Store

Jan Plesek:


This app will help you with your laundry. You can scan your laundry tags and app will tell you how to wash your clothes. It works like magic, but no, it is a technology!


I love the idea of this app. Because some of those things really are so incomprehensible.
link to this extract

Will the death of US retail be the next Big Short? • FT

Robin Wigglesworth has a long read on this:


Private equity firms and hedge funds that specialise in corporate upheaval — so-called distressed debt investors that snap up struggling companies, taking them over in a restructuring and hopefully engineering a recovery — are largely shunning traditional retail, wary of the immense challenges, according to restructuring advisers.

Victor Khosla, founder and senior managing partner of Strategic Value Partners, a $6bn distressed debt hedge fund, says the list of troubled retailers his firm now monitors is “extraordinarily long”, but he is staying well away.

“Trying to figure out the bottom is hard. We have spent a lot of energy understanding these businesses, and have concluded that the vast majority of them are uninvestable,” he says. “Many of these were great businesses at some point in time, but the internet and changing consumer habits have destroyed them.”

Some retail chief executives who have managed to build relatively successful digital operations complain that their share prices are too low and are unfairly punished for the broader industry malaise. That may be, but “I remember hearing homebuilders say the same in 2006”, one hedge fund manager recalls, pointing out that even for traditional retailers the shift will be painful, given that people tend to make less impulsive purchases on the internet.

“A lot of incidental consumption doesn’t happen online. Most people don’t wander the digital aisles,” he says. A dollar spent in a shop in practice only translates to 80-90 cents online, even though costs are lower. Data released on Friday showed that core retail sales in June fell for a second month running for the first time since early 2015.


It’s a terrific piece. You’ve heard about the impending death of US retail; this puts in the essential numbers. It might not be the next big short, but it’s a short, as one hedge fund manager puts it.
link to this extract

Remembering Liu Xiaobo: analyzing censorship of the death of Liu Xiaobo on WeChat and Weibo • The Citizen Lab

Masashi Crete-Nishihata, Jeffrey Knockel, Blake Miller, Jason Q. Ng, Lotus Ruan, Lokman Tsui, and Ruohan Xiong:


The scope of censorship of keywords and images on WeChat related to Liu Xiaobo expanded greatly after his death. Our analysis of WeChat keyword-based censorship shows that after his death messages containing his name in English and in both simplified and traditional Chinese are blocked. His death is also the first time we see image filtering in one-to-one chat, in addition to image filtering in group chats and WeChat moments.

Sina Weibo maintains a ban on searches for Liu Xiaobo’s name in English and Chinese (both simplified and traditional). However, since his passing, his given name (Xiaobo) alone is enough to trigger censorship, showing increased censorship on the platform and a recognition that his passing is a particularly sensitive event.

Based on an initial analysis of Weibo’s suggested search keywords, we surmise that there continues to be genuine user interest in producing and finding Liu-related content using alternative keywords.


link to this extract

HTC deals with backlash over pop-up ads on keyboard • BBC News


Phone-maker HTC says it will fix an “error” that let advertisements pop up on the keyboard on some of its phones.

Many users expressed anger online that ad banners had started appearing above the touchscreen keyboard while they were typing.

HTC’s latest smartphones are sold with a third-party keyboard called TouchPal pre-installed as the default. The free version of TouchPal does usually show ads, but HTC said it was unintended on its devices.

HTC phones run the Android operating system, which lets people download and install a variety of third-party keyboards so that they can customise their typing experience.

Android comes with a default touchscreen keyboard built-in, but many companies including Google and BlackBerry design their own.

Other phone makers, including HTC, pre-install a third party keyboard such as Swiftkey or TouchPal. Criticising the software, TouchPal user Selina wrote: “It used to be good but recently ads keep popping up when I’m in the middle of something and it’s really inconvenient and annoying.”

Others were less kind. “I am done with your junk app forever,” said Ramtin. “The way you show your junk ads whenever I want to write something is the most stupid and annoying way of advertising ever. You don’t care about anything other than money.”


The followup to yesterday’s link. “Control your core technologies” demonstrates that keyboards are actually a core technology.
link to this extract

Where are industry eyes on Brexit? • Visual.ONS


As Brexit negotiations progress, the staff and leaders of British industry will be keeping a keen eye on developments.

The EU is the UK’s biggest single trading partner: it accounted for 48% of goods exports from the UK and 39% of services exports in 2016.

And some industries will have a particular focus on negotiations – given the value of their exports to the EU – such as British carmakers and finance companies.

The EU also helps fund scientific research and development. Its regulations govern areas like British agriculture and there are more than two million EU nationals working in the UK, their employers ranging from hotels and restaurants to public services.

While the outcomes of Brexit – whether positive, neutral or negative for different businesses – will not be known for some time, analysis from the ONS shows where various industries are concentrated.

This gives a clearer insight into parts of the country that may have a particular interest in the Brexit debate, because they are home to a concentration of industry or industries which have most at stake when the terms surrounding access to the single market, the free movement of labour, levels of funding and existing EU regulations are discussed.


Useful visualisation – which might have been more useful pre-vote.
link to this extract

Content isn’t king • Benedict Evans

On how we now have multi-sided markets where “exclusives” don’t really work any more:


You pay an average of $700 or so every two years (i.e. $30/month) and Apple gives you a phone. Buy an Android instead and you lose access to the (hypothetical) great Apple television service. This is why people argue that Apple should buy Netflix. From a pure M&A perspective, buying Netflix and immediately limiting its business to Apple devices would halve its value – why buy a business and fire half the customers? Buying it without such a restriction would have no strategic value – Apple would just be buying marketing and revenue. But as Amazon has shown, you don’t have to buy Netflix – they’re not the only people who can buy and commission great TV shows. 

A question here, though, is how well a TV service, perhaps with a stand-alone monthly subscription, as for Apple Music, maps to an 18-30 month handset replacement cycle. Suppose Apple created the next huge hit show next spring and made it exclusive to its devices: very well, but how many smartphone users will be making an upgrade decision in the middle of watching the show, and how many will be deciding between an iPhone and Android 3 or 7 or 10 or 11 months later? How much does the archive matter? 

Perhaps a deeper question, setting aside the purely strategic calculations, is that Apple has always preferred a very asset-light approach to things that are outside its core skills. It didn’t create a record label, or an MVNO, and it didn’t create a credit card for Apple Pay – it works with partners on the existing rails as much as possible (even the upcoming Apple Pay P2P service uses a partner bank). So, Apple has hired some star producers and will presumably be commissioning some shows, with what counts as play money when you have a few hundred billion of cash. But I’m not sure Apple would want to take on what it would mean to have a complete bouquet of hundreds of its own shows. That would be a different company. 

If and when Apple does go back to southern California, meanwhile, it does so with nothing like the kind of negotiating power that it had in iPod days – Amazon and Netflix (if not also Google and Facebook) have seen to that. But that doesn’t mean that content companies have much more power either.


link to this extract

SEC files insider trading charges against research scientist aiming to avoid SEC detection •


The Securities and Exchange Commission today announced insider trading charges against a research scientist who allegedly searched the internet for “how sec detect unusual trade” before making a trade that the agency flagged as suspicious through data analysis.

The SEC’s complaint alleges that Fei Yan loaded up on stocks and options in advance of two corporate acquisitions late last year based on confidential information obtained from his wife, an associate at a law firm that worked on the deals. 

According to the SEC’s complaint, Yan made approximately $120,000 in illicit profits by selling his holdings in Mattress Firm Holding Corp. and Stillwater Mining Company following public announcements that they would be acquired by other companies.

Yan allegedly attempted to conceal his illegal activity by placing the illicit trades in a brokerage account bearing the name of his mother, who lives in China.  Among the internet searches he conducted was “insider trading in an international account.” 


Also known as “how to use Google to incriminate yourself”. Though the “Mattress Firm Holding Corp” hardly sounds like the greatest business in the world.
link to this extract

‘Fontgate’: Microsoft, Wikipedia and the scandal threatening the Pakistani PM • The Guardian

Sune Engel Rasmussen and Pádraig Collins:


The daughter of Pakistan’s prime minister has become subject of ridicule in her home country after forensic experts cast doubts on documents central to her defence against corruption allegations.

Mariam Nawaz Sharif is under supreme court investigation after the 2016 Panama Papers leak tied her to a purchase of high-end London property acquired through offshore companies in the British Virgin Islands.

The unlikely source of this latest controversy, in a scandal that has gripped Pakistan for more than a year, is a font designed by Microsoft.

Documents claiming that Mariam Nawaz Sharif was only a trustee of the companies that bought the London flats, are dated February 2006, and appear to be typed in Microsoft Calibri.

But the font was only made commercially available in 2007, leading to suspicions that the documents are forged.

Social media users have derided Sharif for this apparent misstep, coining the hashtag #fontgate.

According to Wikipedia, the online encyclopaedia, the Calibri font was developed in 2004 but only reached the general public on 30 January 2007 with the launch of Microsoft Vista and Microsoft Office 2007.

The Wikipedia Calibri page usually receives about 500 visits per day. On July 11 and 12 combined, it received about 150,000.

After users seemingly tried to change the article’s content to say the font was available from 2004, Wikipedia suspended editing on its Calibri page “until July 18 2017, or until editing disputes have been resolved”.


Many thanks to Joel, a reader of The Overspill who originally passed on a link about this to me last Wednesday. I passed it on to the Guardian on the same day; this piece appeared last Thursday (but in my remiss way I only just came round to it). I’d like to think Joel’s input has had some influence on world affairs by bringing this to wide attention.

And the best headline: “Calibri row could mean Pakistan is sans Sharif.”
link to this extract

How I lost my 25-year battle against corporate claptrap • Financial Times

Lucy Kellaway:


The first example I can find comes from 1994 when I wrote an article mocking ugly business jargon, arguing that language had got so stupid that the pendulum must soon swing back and plain talking about business would shortly reassert itself. The words I objected to back then? Global, downsize, marketplace and worst of all, the mathematically nonsensical “110% committed”.

What an innocent age that was.

Fast forward to July 2017, and an entrepreneur sits down to write a blog post about his company. “We are focused 1,000,000% on positive, move forward, actionable efforts to help facilitate change.” When someone sent me this bilge last week, I read it and shrugged.

Over the past two decades, two things have happened. Business bullshit has got a million% more bullshitty, and I’ve stopped predicting a correction in the marketplace. I’m 110% sure there won’t be one.

Not only has production risen in aggregate, the worst individual offenders have gone on surpassing themselves, oblivious to my attempts to shame them into stopping.

Howard Schultz is a champion in the bullshit space. The Starbucks executive chairman has provided me with more material for columns than any other executive alive or dead. Yet he is still at it, and still out-doing himself. Earlier this year, he announced that the new Starbucks Roasteries were “delivering an immersive, ultra-premium, coffee-forward experience”.

In this ultra-premium, jargon-forward twaddle, the only acceptable word is “an”. Mr Schultz has brewed up a blend of old and new jargon, the fashionable and the workaday, adding a special topping of his own. “Delivering” and “experience” are grim but not new. “Ultra-premium” is needless word inflation. “Immersive” is fashionable, though ill-advised if you are talking about scalding liquids. The innovation is “coffee-forward”. Sounds fantastic, but what is it?


link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up: iPhone bug bounties, peak oil fades, HTC’s keyboard ads, DJI’s hacking war, and more

“Cracking end-to-end encryption” might actually be as simple as doing this. (Ignore the date.) Photo by Johan Larsson on Flickr.

Posting note: for personal reasons, it’s possible that the next Overspill posting will be delayed by a day or so. (I can’t presently predict if it will or wont.) If it is, you won’t get tomorrow’s update. (And it won’t be on the website.) If it isn’t, you’ll.. get a post as normal. I realise this is indistinguishable from incompetence. Apologies in advance.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 12 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

New law would force Facebook and Google to give police access to encrypted messages • The Guardian


Under the law, internet companies would have the same obligations as telephone companies to help law enforcement agencies. Police would need warrants to access the communications. [Australian Prime Minister Malcolm] Turnbull said the legislation was necessary to keep pace with advances in technology that could facilitate crime.

“We need to ensure that the internet is not used as a dark place for bad people to hide their criminal activities from the law,” he said.

Asked by reporters how legislation would prevent users simply moving to encryption software not controlled by tech companies, Turnbull said Australian law overrode the laws of mathematics.

“The laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only laws that applies in Australia is the law of Australia.”

Turnbull denied the government’s plans involved the use of a “back door” into programs to allow access to encrypted messages on platforms such as WhatsApp and Telegram.

“A back door is typically a flaw in a software program that perhaps the developer of the software program is not aware of, and that somebody who knows about it can exploit,” Turnbull said. “If there are flaws in software programs, obviously, that’s why you get updates on your phone and your computer all the time. So we’re not talking about that. We’re talking about lawful access.”

Pressed on whether the government’s plans meant it would ask companies such as Facebook and Apple to keep a copy of encryption keys used by customers, Turnbull said:

“I’m not a cryptographer, but what we are seeking to do is to secure their assistance. They have to face up to their responsibility. They can’t just wash their hands of it and say it’s got nothing to do with them.”

The attorney general, George Brandis, said the legislation would “impose an obligation upon device manufacturers and service providers to provide appropriate assistance to intelligence and law enforcement on a warranted basis”. It could be used to tackle terrorism, or serious organised crime such as paedophile networks.


This isn’t totally absurd. The clue is in Turnbull’s quote about “updates on your phone” and Brandis’s “obligation.. to provide appropriate assistance”. What’s likely to happen is that targeted individuals will receive SIM updates which let the authorities spy on them. Simple as that. If you read the above (and the story) in that light, it becomes feasible – sensible, even. If you think they want to have access to everyone’s encrypted messages all the time, you’re overthinking it. However, that might mean having a supply of the following…
link to this extract

iPhone bugs are too valuable to report to Apple • Motherboard

Lorenzo Franceschi-Bicchierai:


Last year, Apple pushed back against the FBI for months as it resisted an order to help the feds break into the iPhone of the San Bernardino shooter, who killed 14 people and injured 22 in December of 2015. The FBI eventually got into the phone, but not with Apple’s help. Instead, the FBI paid for a costly exploit found by unknown, independent researchers. As The New York Times argued at the time, perhaps one reason hackers had exploits to sell to the FBI was that they had little incentive to report them to Apple instead.

Though the announcement of the program was public, nearly everything else about it has been rolled out with Apple’s typical secrecy. For now, the program is invite-only.

The researchers who received an invite to join have had a chance to earn rewards ranging from $25,000 to $200,000 for bugs in iOS and MacOS, according to Krstic’s talk.

That might sound like a lot of money. But one of the reasons why the researchers we talked to aren’t itching to report bugs is that Apple’s rewards aren’t as high as they could or maybe should be. In the private, gray market, where companies such as Zerodium buy exploits from researchers and sell them to their customers, a method comprised of multiple bugs that can jailbreak the iPhone is valued at $1.5m. Another firm, Exodus Intelligence, offers up to $500,000 for similar iOS exploits. These companies claim to sell only to corporations to help them protect their networks, or to law enforcement and intelligence agencies to help them hack into high-value targets…

…”Apple has to compete with the true value for the bugs they want to buy,” Dan Guido, the CEO of the cybersecurity research firm Trail Of Bits, told me. “They’re trying to buy game-over stuff at $200,000, but it’s just worth more than that.”

In other words, the economics of the bug bounty are just not worth the trouble.


Clever story. But what’s the solution for Apple? Let hackers name their price? Outbid whatever the market is offering? (The latter could vary hugely.) Easy to identify the problem, but not the solution.
link to this extract

iOS 11 will expand your iPhone’s NFC capabilities beyond Apple Pay in several ways • Mac Rumors

Joe Rossignol:


Apple at WWDC 2017 last month introduced Core NFC, a new iOS 11 framework that enables apps to detect Near Field Communication tags.

Similar to Apple Pay, iPhone users are prompted with a “Ready to Scan” dialog box. After holding the iPhone near an item with an NFC tag, a checkmark displays on screen if a product is detected. An app with Core NFC could then provide users with information about that product contained within the tag.

A customer shopping at a grocery store could hold an iPhone near a box of crackers, for example, and receive detailed information about their nutritional values, price history, recipe ideas, and so forth. Or, at a museum, a visitor could hold an iPhone near an exhibit to receive detailed information about it.

Core NFC will expand the iPhone’s NFC chip capabilities beyond simply Apple Pay in several other ways.

Cybersecurity company WISeKey, for example, today announced that its CapSeal smart tag will now support iPhone thanks to Core NFC. CapSeal smart tags are primarily used for authentication, tracking, and anti-counterfeiting on products like wine bottles. Many other companies offer similar solutions.


iPhone 7 upwards only at present.
link to this extract

Remember Peak Oil? Demand may top out before supply does • Bloomberg

Javier Blas:


When Bob Dudley, chief executive officer of British oil giant BP Plc, was asked at a recent conference when oil demand will peak, he had a precise answer: June 2, 2042.

The audience at the annual St. Petersburg International Economic Forum burst into laughter, knowing it’s impossible to predict such an event down to the day. But the American executive wasn’t speaking entirely in jest: The most recent edition of BP’s widely scrutinized Energy Outlook has global demand for crude maxing out in 2½ decades, give or take a year. That projection casts a shadow over one of the world’s largest industries, which until recently was far more concerned with boosting supply. The advent of electric cars, the fight against climate change, and slowing economic growth in China is dampening the world’s once boundless appetite for crude. Carmaker Volvo AB announced on July 5 that it will manufacture only electric or hybrid models from 2019 onward. Three days later, France said it would ban sales of cars with diesel and gasoline engines starting in 2040.


As a date for “Peak Oil Demand”, 2040 seems reasonable. And it’s not that far away.
link to this extract

Scholars cry foul at their inclusion on list of academics paid by Google • The Chronicle of Higher Education

Chris Quintana:


Last week an advocacy group published what it called a list of scholars who have received money from Google and who have written papers that supported its interests, sometimes without disclosing that apparent conflict of interest. Sarah T. Roberts said she doesn’t understand why she was on the list.

Sure, she told The Chronicle, she was a Google fellow in 2009, but that meant a $7,000 award to cover her expenses during a 10-week stint working in Washington, D.C., for the American Library Association.

Why that 2009 fellowship would be relevant to a 2015 paper on information privacy — in which Ms. Roberts, an assistant professor of information studies at the University of California at Los Angeles, was listed as the fourth author — is not clear to her. More important, she said, she didn’t receive any money from the technology giant in connection to that paper. And if the advocacy group’s concern was that she had benefited from Google in the past, that information is on her curriculum vitae.

“What else would they like me to do?” she asked. “I think it’s pretty irresponsible.”

Ms. Roberts is one of a handful of scholars who told The Chronicle on Wednesday that they felt the Campaign for Accountability, the group that issued the report, had included them unfairly in its list of academics who had received money from Google in connection to research that could be used to defend the company’s business practices.


Seems like the Campaign for Accountability needs to get in touch with the Campaign for Context. This story is unravelling rather quickly.
link to this extract

Facebook will start showing ads inside Marketplace, its Craigslist-style section for browsing used goods • Recode

Kurt Wagner:


Facebook has found another place to show advertisements to its users.

The company announced on Friday that it will start running ads inside Marketplace, its Craigslist-style hub where users can buy and sell used goods.

The ads are just a test for now, which means only a small percentage of US Facebook users will see them. Facebook is not even selling ads specifically for Marketplace just yet — instead, it will take existing News Feed ads and put them inside the Marketplace tab free of charge to advertisers, as a way to experiment.


I can’t imagine anything that.. makes more sense. People look for stuff and you show them ads about stuff? Worked out OK for Google.
link to this extract

Implementing Webmentions • All In The Head

Drew McLellan:


In a world before social media, a lot of online communities existed around blog comments. The particular community I was part of – web standards – was all built up around the personal websites of those involved.

As social media sites gained traction, those communities moved away from blog commenting systems. Instead of reacting to a post underneath the post, most people will now react with a URL someplace else. That might be a tweet, a Reddit post, a Facebook emission, basically anywhere that combines an audience with the ability to comment on a URL.

Whether you think that’s a good thing or not isn’t really worth debating – it’s just the way it is now, things change, no big deal. However, something valuable that has been lost is the ability to see others’ reactions when viewing a post. Comments from others can add so much to a post, and that overview is lost when the comments exist elsewhere.

Webmention is a W3C Recommendation that solves a big part of this. It describes a system for one site to notify another when it links to it. It’s similar in concept to Pingback for those who remember that, just with all the lessons learned from Pingback informing the design.


I remember how pingback got turned into a spam problem so bad that most people – and stop me if this bit sounds familiar in this whole debate – turned it off. Yup, any system that scales and allows anyone to contribute will have a spam problem. It will also, now, have a “mad troll” problem, if one thinks the two are different.

The problem with comments is not in systems for allowing comments. It’s in what people want to put into their comments: most has zero value, even to the commenter.
link to this extract

The standard keyboard on the HTC 10 has begun showing ads : mildlyinfuriating • Reddit


User WagnerianDoorbell: “Ads are probably based off all the words you’ve entered with that keyboard.

“From an advertiser’s perspective, having access to the full log of everything entered on a system’s keyboard is like the holy grail of profiling data.”


Utterly dismaying. Though given how poorly HTC is doing, it might think this is a good idea. In reality, you’d expect if word gets out sufficiently then it will hasten its end.
link to this extract

DJI is locking down its drones against a growing army of DIY hackers • Motherboard

Ben Sullivan:


On YouTube, Facebook, drone forums, and Slack groups around the internet, hackers have published instructions for altering the firmware on DJI’s drones, leading to a rising number of drone pilots who have circumvented flight restrictions imposed by DJI on its products. In recent days the company has updated its software to render these hacks moot, and has started removing vulnerable versions of its firmware from its servers in an attempt to regain control of its drones.

DJI told me on Friday it will continue to investigate cases of unauthorized modification and that it will “issue software updates to address them without further announcement.”

“Unauthorized modification of a DJI drone is not recommended, as it can cause unstable flight behavior that could make operating the drone unsafe,” Victor Wang, DJI’s technology security director, told me in a statement. “DJI is not responsible for the performance of a modified drone and we strongly condemn any user who attempts to modify their drone for illegal or unsafe use.”

“This is the beginning of the fight for DJI to retain control of these aircraft,” consumer drone expert Kevin Finisterre, who this week developed and released his own DJI exploit, told me in an email. “End users are more invigorated than ever with the desire to emancipate their drone.”


A very strange arms race. But given the fact that they’ve been used by ISIS in battle, this is one of those fights that DJI looks likely to lose.
link to this extract

Essential marketing vice president leaves after seven months • Business Insider

Steve Kovach:


Brian Wallace, Essential’s VP of marketing, has left the company, he confirmed to Business Insider on Friday.Wallace is now CMO at, a “connected lifestyle” company founded by musician 

Wallace’s move is the latest sign of turmoil at Essential. Wallace joined Essential in December after running marketing for the augmented reality startup Magic Leap. Before that, he worked at Samsung and helped put together the iconic “Next Big Thing” campaign that propelled Samsung’s mobile business in the US.

Wallace isn’t the only major departure at Essential. Andy Fouché, who is listed as the company’s head of communications on its website, left recently as well, he told Business Insider in an email last month. However, Fouché also described himself as an advisor to the company. He also worked with Wallace as the head of communications at Magic Leap. Kenzo Hing, Essential’s head of product marketing, will be running communications in the meantime.

Hing did not respond to multiple requests for comment.

The departures are not a good look for Essential.


I can believe that a startup might have quite a bit of churn as you discover whether people are really right for this stuff, but losing your marketing bod to That’s really got to burn.
link to this extract

It took nine years, but Bitly turned short web links into a real company • Recode


Peter Kafka: here’s a story that won’t get much attention: A modest success for a company that once had much grander aspirations.

That would be Bitly, a company that lets marketers and other businesses keep tabs on customers as they move around the web by generating short, trackable URL links.

Spectrum Equity just bought a majority stake in the nine-year-old company for $63m. A press release doesn’t spell out the specifics but I’m told Spectrum now owns a significant majority of Bitly, and that the new deal values the company below the $100m valuation of its last raise, back in 2012.

In other words, maybe the investors who put a reported $29m into Bitly prior to the Spectrum deal got their money back. But they certainly didn’t make much on this.


Amazing that a company which does web shortening can be valued at all, but perhaps there’s some value in aggregating links. But $63m worth?
link to this extract

Trump’s MAGAnomics is here. And his team repeated Obamanomics’ big mistake • The Washington Post

Heather Long:


the architects of MAGAnomics are making the same error that the masterminds of Obamanomics made: They’re promising far more than they are likely to deliver. Even worse, they are putting a very concrete target out there: 3% GDP growth or bust.

Trump’s already off track. Growth this year is shaping up to be the same — or even worse — than under Obama. Expectations for the coming years are not much better.

On the same day Mulvaney published his MAGAnomics commentary, the Wall Street Journal ran a story with the headline “Forecasters lower economic outlook amid congressional gridlock.” Economists surveyed by the Journal predict 2.4% growth in 2018 and just 1.9% in 2019.

Of course, this is not the first time the Trump team has vowed “huge” and “spectacular” economic growth. Trump himself has said he can achieve 5% growth (annual growth has not exceeded 5% since 1984). The White House website promises 4% a year expansion and 25 million new jobs, the most of any U.S. president.

Trump’s team should have learned from Obama: Be careful with concrete economic promises.

Obama spent a lot of his early days in the White House in 2009 trying to generate support for a big stimulus proposal by promising it would create millions of jobs. His team told the nation that unemployment was unlikely to go above 8% if the stimulus passed, part of detailed projections of the results they expected their plan to deliver. In reality, unemployment hit 10% a few months later.


link to this extract

Errata, corrigenda and ai no corrida: none notified