Start Up: how Hey Siri works, SolarCity boondoggle?, Puerto Rico’s bust grid, and more


Until yesterday, AlphaGo was the best known Go player on the planet. No longer. Photo by kenming_wang on Flickr.

A selection of 11 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Hey Siri: an on-device DNN-powered voice trigger for Apple’s personal assistant • Apple

“Siri Team”:

»

The “Hey Siri” feature allows users to invoke Siri hands-free. A very small speech recognizer runs all the time and listens for just those two words. When it detects “Hey Siri”, the rest of Siri parses the following speech as a command or query. The “Hey Siri” detector uses a Deep Neural Network (DNN) to convert the acoustic pattern of your voice at each instant into a probability distribution over speech sounds. It then uses a temporal integration process to compute a confidence score that the phrase you uttered was “Hey Siri”. If the score is high enough, Siri wakes up. This article takes a look at the underlying technology. It is aimed primarily at readers who know something of machine learning but less about speech recognition.

«

Some interesting detail here about battery use, especially on the Watch. Something of a contrast with Google’s offering today. Different challenges: one about rulespace, one about power constraint.
link to this extract


SolarCity: Tesla’s solar boondoggle • Fool.com

Travis Hoium:

»

Tesla’s $2.6bn acquisition of SolarCity was supposed to create a vertically integrated clean energy company. But since the buyout Tesla has been shutting down SolarCity’s operations around the country. This month, Tesla will lay off about 200 workers in a Roseville, California operations center that was once a hub for SolarCity. This is on top of thousands of layoffs over the past year. 

Elon Musk has argued that the best solar strategy is to sell solar in stores, getting EV buyers to pick up a solar system along the way. But Tesla has barely rolled out solar sales in-store across the country and it’s not clear the new retail strategy will result in anywhere near the sales SolarCity made on its own. 

The main thing SolarCity had going for it was a massive sales and installation organization. A vast majority of employees worked in these roles and they’re the ones responsible for growing the company into a nationwide organization. 

If Tesla’s vision was to move solar sales from the SolarCity sales staff to its own stores then why buy SolarCity at all? And if you’re selling solar systems in a store, why buy a company with thousands of its own installers? Why not use a contracted installer like Home Depot or Lowe’s does to install the kitchen counters they sell in-store? 

«

Solar isn’t a self-fit. It’s too complex. In a way, it’s the modern form of the alumin(i)um sidings business captured in the film Tin Men. Except it really does help.
link to this extract


Why Puerto Rico’s electric grid stood no chance against Maria • FiveThirtyEight

Maggie Koerth-Baker:

»

Being an island has also, historically, limited the types of energy resources Puerto Rico could use and raised their cost. The island’s electricity is almost entirely generated by burning fossil fuels, mostly oil — and all of that fuel has to be imported. When the cost of oil goes up, so do electric bills. Even if you burn natural gas — which is a cheaper energy source than coal or oil — that still costs more when you have to haul it across an ocean. Until 2012, the Autoridad de Energía Eléctrica didn’t have facilities that could burn natural gas, anyway.

All of this helps to explain why Puerto Rico’s grid was in such bad shape before Maria hit — and why it will take so long to rebuild. The AEE has long been under political pressure to not raise prices, said José Román Morales, interim president of the Puerto Rico Energy Commission, a government body formed in 2014 as a regulator for the AEE and private electric generation companies. That made sense in some ways: Electricity is crucial, and Puerto Ricans, in general, don’t have a lot of spare cash — the median income is just $19,350, and more than 40% of the population lives below the poverty line.

But those pressures, combined with the realities of running an electric grid on an island, created problems. The AEE didn’t raise its base rate — the part of the electric bill that’s meant to cover basic operating costs and maintenance — between 1989 and January 2017. But the price consumers actually pay — the total bill — still went up over that time period because of rising fuel prices. Puerto Ricans became trapped in a feedback loop where the AEE had less and less money to keep the grid working well, but consumers had more and more reason (from their perspective) to demand that the agency not raise rates.

«

And it got worse. Another problem: solar fields and wind turbines don’t fare well in hurricanes. (Would some sort of tidal barrier work better?)
link to this extract


AlphaGo Zero: learning from scratch • DeepMind

Demis Hassabis and David Silver:

»

The paper introduces AlphaGo Zero, the latest evolution of AlphaGo, the first computer program to defeat a world champion at the ancient Chinese game of Go. Zero is even more powerful and is arguably the strongest Go player in history.

Previous versions of AlphaGo initially trained on thousands of human amateur and professional games to learn how to play Go. AlphaGo Zero skips this step and learns to play simply by playing games against itself, starting from completely random play. In doing so, it quickly surpassed human level of play and defeated the previously published champion-defeating version of AlphaGo by 100 games to 0.

It is able to do this by using a novel form of reinforcement learning, in which AlphaGo Zero becomes its own teacher. The system starts off with a neural network that knows nothing about the game of Go. It then plays games against itself, by combining this neural network with a powerful search algorithm. As it plays, the neural network is tuned and updated to predict moves, as well as the eventual winner of the games.

This updated neural network is then recombined with the search algorithm to create a new, stronger version of AlphaGo Zero, and the process begins again. In each iteration, the performance of the system improves by a small amount, and the quality of the self-play games increases, leading to more and more accurate neural networks and ever stronger versions of AlphaGo Zero.

«

This is mindblowing. OK, a limited rulespace – Go has fewer than most serious games – but utterly incredible to create the best Go player ever.

Though I was watching The Incredibles on Wednesday, where Mr Incredible is used to train better and better Omnidroids until it can kill him. It always feels like a subtle warning.
link to this extract


Crafty app developers are ripping off big-name brands • The Economist

»

Some apps fill a gap in the market. Selfridges, a chain of British fashion stores, for instance, has a legitimate app for Apple devices but not for Android ones. RadioShack, an American electronics retailer that filed for bankruptcy in February 2015, has a website but not an official app. Three imitation apps have by now sprouted under the shop’s name.

Other developers simply copy an existing app and hope users will fail to notice. The Economist found that half of the 50 top-selling apps in Google Play had fakes. These included ones with tweaked names (“MyGoogleTranslate” rather than “Google Translate”) and a bogus Netflix app that uses a weird Halloween-themed font for the logo. Google says it is reviewing these apps and will take action where necessary.

Fake apps are often stuffed with malicious code. Academics from a research group, SerVal, at the University of Luxembourg, estimate that around a fifth of all Android app-based malware is hidden in fake apps. The malware facilitates various money-making schemes. The most egregious are designed to steal the passwords that unlock users’ bank accounts. But it is more common for scams to profit from ordinary advertising, particularly on Android devices, says Eliran Sapir of Apptopia, a tech firm. Adverts in the smartphone’s web browser get quietly replaced by similar ones chosen by the fake-app developer.

«

link to this extract


Ad industry insiders profited from an ad fraud scheme that researchers say stole millions • Buzzfeed

Craig Silverman:

»

Some of the world’s biggest brands were ripped off by a digital fraud scheme that used a network of websites connected to US advertising industry insiders to steal what experts say could be millions of dollars, a BuzzFeed News investigation has found.

Approximately 40 websites used special code that triggered an avalanche of fraudulent views of video ads from companies such as P&G, Unilever, Hershey’s, Johnson & Johnson, Ford, and MGM, according to data gathered by ad fraud investigation firm Social Puncher in collaboration with BuzzFeed News. Over 100 brands saw their ads fraudulently displayed on the sites, and roughly 50 brands appeared multiple times.

Documents obtained by BuzzFeed News reveal that the CEO of an ad platform and digital marketing agency is an owner of 12 websites that earned revenue from the fraudulent views, and his company provided the ad platform used by sites in the scheme. Another key player is a former employee of a large ad network who runs a group of eight sites that were part of the fraud, and who consults for a company with another eight sites in it. That company is owned by a model and online entrepreneur who played Bob Saget’s girlfriend on the HBO show Entourage. A final site researchers identified in the scheme is owned by the cofounder of one of the 20 largest ad networks in the United States.

«

I keep thinking that (a) this is the tip of the iceberg (b) this time it will lead the online ad industry to clean up its act. The second one never happens. But the iceberg seems bigger and bigger.
link to this extract


Watchdog slams HMRC, Amazon over ‘dismal’ response to UK biz hurt by online VAT fraud • The Register

Kat Hall:

»

HMRC, Amazon and eBay have not done enough to crack down on overseas sellers evading VAT in the UK, a “dismal” failure that has hit British businesses hard, the House of Commons’ Public Accounts Committee said today.

The select committee’s report, Tackling online VAT fraud and error, warned that online sellers who do not charge VAT when using online marketplaces are undercutting prices offered by UK businesses by up to 20%, “forcing many to lay off staff or even go out of business”.

HMRC estimates that UK taxpayers lost up to £1.5bn in 2015-16 from online VAT fraud. But the committee said the taxman’s estimate of the full impact of fraud is “out of date and flawed”.

Meg Hillier MP, chair of the PAC, said the response of HMRC and the marketplaces where fraudsters operate “has been dismal.”

…All online marketplaces should force non-EU traders selling goods to customers in the UK to display a valid VAT number. ”In the absence of a legal requirement to do so we would expect online marketplaces to implement this measure voluntarily,” it said.

As The Register has previously reported, goods sold via online marketplaces are in many cases held in warehouse “fulfilment centres” physically based in the UK. However, HMRC does not know how many fulfilment houses there are in the UK, estimating the number to be somewhere between 500 and 3,000.

«

Not a trivial amount in these days of austerity.
link to this extract


Google serves fake news ads in an unlikely place: fact-checking sites • The New York Times

Daisuke Wakabayashi and Linda Qiu:

»

The fake news ads all worked the same way: They would display headlines at the top of the fact-checking sites that, once clicked, took readers to sites that mimicked the logos and page designs of legitimate publications. The fake stories began with headlines and large photos of the celebrities in question, but after a few sentences, they transitioned into an ad for an anti-aging skin cream.

The fake publishers used Google’s AdWords system to place the advertisements on websites that fit their broad parameters, though it’s unclear if they specifically targeted the fact-checking sites. But that Google’s systems were able to place fake news ads on websites dedicated to truth-squadding reflects how the internet search giant continues to be used to spread misinformation. The issue has been in the spotlight for many internet companies, with Facebook, Twitter and Google all under scrutiny for how their automated ad systems may have been harnessed by Russians to spread divisive, false and inflammatory messages.

The Snopes and PolitiFact ads show how broad the problem of online misinformation can be, said David Letzler, research scientist at Impact Radius, a digital marketing intelligence firm. “Even websites whose mission is to promote accountability can inadvertently wind up getting used by snake oil salesmen,” he said.

«

link to this extract


Facebook and Google helped anti-refugee campaign in swing states • Bloomberg

Benjamin Elgin and Vernon Silver:

»

In the final weeks of the 2016 election campaign, voters in swing states including Nevada and North Carolina saw ads appear in their Facebook feeds and on Google websites touting a pair of controversial faux-tourism videos, showing France and Germany overrun by Sharia law. French schoolchildren were being trained to fight for the caliphate, jihadi fighters were celebrated at the Arc de Triomphe, and the “Mona Lisa” was covered in a burka.

“Under Sharia law, you can enjoy everything the Islamic State of France has to offer, as long as you follow the rules,” intoned the narrator of one ad.

Unlike Russian efforts to secretly influence the 2016 election via social media, this American-led campaign was aided by direct collaboration with employees of Facebook and Google. They helped target the ads to more efficiently reach the intended audiences, according to internal reports from the ad agency that ran the campaign, as well as five people involved with the efforts.

«

Completely legal. Except the content isn’t true. But it’s all money. Who’s going to complain about that?

Every day brings more data about how Trump’s narrow electoral college victory – a smattering of votes in a few states – was enabled by the narrow targeting of untruths. It’s a victory built on the abuse of the new technology. I imagine the same was said about the first TV political ads; except everyone could see those. With these ads, we don’t know who sees them.
link to this extract


Google Pixel 2 XL review: A conflicted second coming • Pocket-lint

Chris Hall on the LG-made larger Google phone with its strangely tuned p-OLED display:

»

all eyes will be drawn to the colour balance on that display. Daily use feels lacklustre: the app icons just don’t look like the right tone and showing the phone to people they immediately assume you’re on battery saving mode or night light, when you’re not. That’s not an experience you get when watching movies where things are much better, although that’s an experience you’ll have to hunt for.

The result is that the Pixel 2 XL feels like a device that hasn’t quite delivered. It’s a twist in design that’s not as effective as others, the screen doesn’t look great and a camera that, although clever, only really keeps pace with others on the market. For an Android fan that’s likely to be a disappointment: the Pixel 2 XL was supposed to be the device to fend off the iPhone X. As it is, it doesn’t feel like it’s a strong enough rival.

That makes it hard to highly recommend the Pixel 2 XL, not at its £799 asking price.

«

link to this extract


The war to sell you a mattress is an internet nightmare • Fast Company

David Zax:

»

“Casper Sues Sleepopolis with Federal Lawsuit,” read the headline on the page I opened. The post was written by a guy named Derek Hales, the site’s proprietor. Derek’s photo showed a pale, skinny twentysomething with freckles and short red hair. I clicked around on his site. Derek Hales evidently took mattress reviewing seriously, rating the firmness of mattresses on a scale from one to 10, cutting them open to measure the exact thickness of the foam.

I returned to the page outlining the lawsuit.

“From the very first day Sleepopolis launched I knew I wanted to build something different,” wrote Derek. “Reviews rooted in honesty, transparency, integrity, and clarity, without the marketing speak or fluff. Guided by these principles I feel like Sleepopolis readers have the right to know that Casper Sleep has filed a federal lawsuit in New York, suing both Sleepopolis and me, personally.”

So it was true. I scratched my head. Casper was on its way to becoming a $750m company. It was the hottest of the bed-in-a-box disruptors, with investments from celebrities like Ashton Kutcher and Nas. And it was picking on some skinny blogger from Arizona?

«

This is your compulsory long read for today. Read it, and consider how many other sites might have been subverted in just the same way as happens in this story.

It’s also a terrific piece of journalism.
link to this extract


Errata, corrigenda and ai no corrida: email subscribers won’t have received Tuesday’s edition due to WordPress’s interface. (OK, I missed a tick off a box.) It’s here, if you missed it.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Start Up: WPA2 v paywalls, how Russia rocket the US, Apple’s Safari ad squeeze, and more


From oil discovery to this guy (and a lawsuit): Auto-Tune had quite the genesis. Photo by Joe Shlabotnik on Flickr

A selection of 11 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

The flawed system behind the Krack Wi-Fi meltdown • WIRED

Lily Hay Newman:

»

“If there is one thing to learn from this, it’s that standards can’t be closed off from security researchers,” says Robert Graham, an analyst for the cybersecurity firm Erratasec. “The bug here is actually pretty easy to prevent, and pretty obvious. It’s the fact that security researchers couldn’t get their hands on the standards that meant that it was able to hide.”

The WPA2 protocol was developed by the Wi-Fi Alliance and the Institute of Electrical and Electronics Engineers (IEEE), which acts as a standards body for numerous technical industries, including wireless security. But unlike, say, Transport Layer Security, the popular cryptographic protocol used in web encryption, WPA2 doesn’t make its specifications widely available. IEEE wireless security standards carry a retail cost of hundreds of dollars to access, and costs to review multiple interoperable standards can quickly add up to thousands of dollars.

«

I’ve got an inkling what happened here. The proposal for WEP was widely available before being chosen as a standard, and it was demonstrated to be utterly flawed before becoming a standard. (Buy my book next year!)

I wonder if the IEEE was so embarrassed by that episode that it decided to erect paywalls around standards so that they wouldn’t be so open to examination by any random person who might be able to critique them – or, equally, to prevent a hacker discovering a zero-day and never disclosing it.
link to this extract


The mathematical genius of Auto-Tune • Priceonomics

Zachary Crockett on the inventor of this much-used product, who first retired – after making his fortune in oil discovery – in 1989:

»

Others who’d made an attempt at creating software had used a technique called feature extraction, where they’d identify a few key “variables” in the sound waves, then correlate them with the pitch. But this method was overly-simplistic, and didn’t consider the finer minutia of the human voice. For instance, it didn’t recognize dipthongs (when the human voice transitions from one vowel to another in a continuous glide), and, as a result, created false artifacts in the sound.

Hildebrand had a different idea. 

As an oil engineer, when dealing with massive datasets, he’d employed autocorrelation (an attribute of signal processing) to examine not just key variables, but all of the data, to get much more reliable estimates. He realized that it could also be applied to music:

“When you’re processing pitch, you add wave cycles to go sharp, and subtract them when you go flat. With autocorrelation, you have a clearly identifiable event that tells you what the period of repetition for repeated peak values is. It’s never fooled by the changing waveform. It’s very elegant.”

While elegant, Hildebrand’s solution required an incredibly complex, almost savant application of signal processing and statistics. When we asked him to provide a simple explanation of what happens, computationally, when a voice signal enters his software, he opened his desk and pulled out thick stacks of folders, each stuffed with hundreds of pages of mathematical equations.

“In my mind it’s not very complex,” he says, sheepishly, “but I haven’t yet found anyone I can explain it to who understands it. I usually just say, ‘It’s magic.’”

«

A great long read.
link to this extract


Apple Watch vs. Android Wear: why most all smartwatches suck for small wrists • iMore

Serenity Caldwell:

»

If wearable technology is the next big thing for our tech-connected society, why is Apple the only company paying attention to the smaller-wristed set? Lady or dude, there are quite a few people on this earth whose arms don’t resemble the trunk of a Sequoia tree — many of whom would be excited to use a smartwatch.

And for that reason, I love that Apple supports multiple sizes for the Apple Watch. Smartwatches are one of the more personal technology purchases available out there today, and the company is committed to making them accessible to people young, old, large, or small. Engineering LTE inside a 38mm Series 3 was no small feat; Apple could have limited it to the 42mm set, but it chose to attack the problem and make it accessible to all.

I can’t say the same for the rest of the smartwatch market. I’ve been looking avidly across the Android Wear (and Android Wear-adjacent, like Fitbit) lines since 2015 for alternative smartwatch options, but have struck out every time.

It’s not that I dislike my Apple Watch — it’d probably be my favorite smartwatch even if I were limited to a 42mm size. But I want to like Android Wear. Competition is good, and Android Wear does some smart things with notifications that I’d love to see over on the Apple side. Its hardware (mostly) isn’t terribly-designed, either: On the contrary, for those with applicably-sized wrists, the watches look quite natural.

«

The Android OEMs don’t have the incentive – they aren’t selling about an order of magnitude fewer than Apple – and (Huawei possibly excepted; Samsung doesn’t use Android Wear) they don’t have the technological capability.

Apart from that, nothing’s stopping them.
link to this extract


Russian journalists publish massive investigation into St. Petersburg troll factory’s U.S. operations • Meduza

“Meduza”

»

The Internet Research Agency, Russia’s infamous “troll farm,” reportedly devoted up to a third of its entire staff to meddling in U.S. politics during the 2016 presidential election. At the peak of the campaign, as many as 90 people were working for the IRA’s U.S. desk, sources told RBC, revealing that the entire agency employs upwards of 250 people. Salaries for staff working in the U.S. department apparently range from 80,000 to 120,000 rubles ($1,400 to $2,100) per month.

The head of the IRA’s U.S. desk is apparently a man originally from Azerbaijan named Dzheikhun Aslanov (though he denies any involvement with the troll factory).

In August and September this year, Facebook, Instagram, and Twitter suspended 118 communities and accounts run by the St. Petersburg “troll factory,” disabling a network capable of reaching 6 million subscribers. In 2016, at the height of the U.S. presidential campaign, this network reportedly produced content that reached 30 million people each week.

A source also told RBC that the Internet Research Agency spent almost $80,000 over two years, hiring roughly 100 local American activists to stage about 40 rallies in different cities across the United States. The activists were hired over the Internet, communicating in English, without their knowledge that they were accepting money or organizing support from a Russian organization. According to RBC, internal records from the IRA verify its role in these activities.

The main activity in the troll factory’s U.S. desk was to incite racial animosity (playing both sides of the issue), and promoting the secession of Texas, objections to illegal immigration, and gun rights.

«

link to this extract


An ex St. Petersburg ‘troll’ speaks out: Russian independent TV network interviews former troll at the Internet Research Agency • Meduza

“Meduza”:

»

According to “Max”, the IRA’s [Russia’s Internet Research Agency] “foreign desk” had open orders to “influence opinions” and change the direction of online discussions. He says this department within the agency considered itself above the “Russian desk,” which he claims is generally “bots and trolls.” The foreign desk was supposedly more sophisticated. “It’s not just writing ‘Obama is a monkey’ and ‘Putin is great.’ They’ll even fine you for that kind of [primitive] stuff,” Max told Dozhd. People in his department, he says, were even trained and educated to know the nuances of American social polemics on tax issues, LGBT rights, the gun debate, and more.

Max says that IRA staff were tasked with monitoring tens of thousands of comments on major U.S. media outlets, in order to grasp the general trends of American Internet users. Once employees got a sense of what Americans naturally discussed in comment forums and on social media, their job was to incite them further and try to “rock the boat.”

According to Max, the Internet Research Agency’s foreign desk was prohibited from promoting anything about Russia or Putin. One thing the staff learned quickly was that Americans don’t normally talk about Russia: “They don’t really care about it,” Max told Dozhd. “Our goal wasn’t to turn the Americans toward Russia,” he claims. “Our task was to set Americans against their own government: to provoke unrest and discontent, and to lower Obama’s support ratings.”

«

link to this extract


Publishers are already feeling pain from Apple’s move against ad tracking • Digiday

Ross Benes:

»

Programmatic publishers’ ad rates have taken a hit since Apple updated its Safari browser last month to prevent third parties from tracking users for more than 24 hours after a user visited a website. Although Apple’s move hurts publishers reliant on third-party data that advertisers depend on to target niche audiences at scale, publishers that sell their inventory directly say they aren’t affected by the Safari update.

“It has already had an impact on our revenue, and that will only be compounded as adoption [of Safari’s update] increases,” said Paul Bannister, co-founder of CafeMedia, which sells more than half of its impressions programmatically. “It’s hard to quantify what it will end up as since it’s so early still and lots of other variables are at play, but it’s a [measurable] impact.”

Because users didn’t update their operating systems all at once and Apple released the update near the end of a quarter, when ad rates tend to be higher, gauging the impact of Safari’s tracking change isn’t as simple as comparing monthly CPMs. Apple did not reply to an interview request for this story.

Bannister said CPMs on Safari are about 10% lower than what he’d expect them to be heading into the fourth quarter. CafeMedia gets about a third of its mobile traffic from Safari, which is in line with industry averages, according to NetMarketShare.

Since Apple’s Safari update, Ranker saw the gap between its yields on iOS and Android (which doesn’t use the Safari browser) increase by 8% in favor of Android, said Ranker CEO Clark Benson, who estimated that Apple’s move could potentially lead to a 1% to 2% drop in overall ad revenue.

«

I’m standing at the production line for the world’s tiniest violins, where output has been increased substantially.
link to this extract


Exclusive: Microsoft responded quietly after detecting secret database hack in 2013 • Reuters

Jospeh Menn:

»

Microsoft’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago, according to five former employees, in only the second known breach of such a corporate database.

The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it to Reuters in separate interviews. Microsoft declined to discuss the incident.

The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system. Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins.

The Microsoft flaws were fixed likely within months of the hack, according to the former employees. Yet speaking out for the first time, these former employees as well as US officials informed of the breach by Reuters said it alarmed them because the hackers could have used the data at the time to mount attacks elsewhere, spreading their reach into government and corporate networks.

“Bad guys with inside access to that information would literally have a ‘skeleton key’ for hundreds of millions of computers around the world,” said Eric Rosenbach, who was US deputy assistant secretary of defense for cyber at the time.

«

Smart move by the hackers.
link to this extract


Toshiba smacks down down ‘ransomware killed flash factory’ report • The Register

Simon Sharwood:

»

Taiwan’s Digitimes, which often finds news from deep in the supply chain, on Monday reported that Toshiba halted production for three to six weeks while it sorted out a ransomware mess. Doing so, the report suggested, saw production of 100,000 wafers deferred.

The outlet pondered that the supposed shutdown may be helping contribute to ongoing high memory prices.

Analyst firm DRAMeXchange, which specialises in solid-state memory, reached in to the supply chain and found no evidence of missing shipments. The firm’s senior research manager Alan Chen said “there is no module supplier suspending quotes or shipments after knowing this information.”

Chen didn’t rule out a disruption of some sort, saying “This incident is expected to be resolved immediately with Toshiba quickly ramping up production to lower or fully compensate for the wafer deficit.”

But Toshiba did smack it down: the company’s media relations team told The Register “There is no such a fact that Toshiba Memory’s Yokkaichi Operation is suspending its production line as reported in DigiTimes.”

«

Hasn’t quite denied the ransomware report, though. Only that it hasn’t suspended production. People scoff at Digitimes, but it’s well-sourced within the supply chain.
link to this extract


The new MacBook keyboard is ruining my life • The Outline

Casey Johnston:

»

My [MacBook Pro] was getting its third diagnostic test in 45 minutes. The problem was not that its logic board was failing, that its battery was dying, or that its camera didn’t respond. There were no mysteriously faulty innerworkings. It was the spacebar. It was broken. And not even physically broken — it still moved and acted normally. But every time I pressed it once, it spaced twice.

“Maybe it’s a piece of dust,” the Genius had offered. The previous times I’d been to the Apple Store for the same computer with the same problem — a misbehaving keyboard — Geniuses had said to me these exact same nonchalant words, and I had been stunned into silence, the first time because it seemed so improbable to blame such a core problem on such a small thing, and the second time because I couldn’t believe the first time I was hearing this line that it was not a fluke. But this time, the third time, I was ready. “Hold on,” I said. “If a single piece of dust lays the whole computer out, don’t you think that’s kind of a problem?”

In every other computer I’ve owned before I bought the latest MacBook Pro last fall, fixing this would have begun by removing the key and peering around in its well to see if it was simply dirty. Not this keyboard. In fact, all of Apple’s keyboards are now composed of a single, irreparable piece of technology. There is no fixing it; there is only replacing half the computer.

«

This seems to be a problem. Rather as with USB-C, Apple jumped in, but the water hasn’t been lovely.
link to this extract


A startup funded by iPod creator Tony Fadell is suing Andy Rubin’s new company over smartphone trade secrets • Reuters

Stephen Nellis:

»

Keyssa has been working since 2009 on a chip for mobile phones to transfer large amounts of data without using wires or Wi-Fi connections. In August, Keyssa said it was partnering with Samsung, Foxconn parent Hon Hai Precision Industry and others to make its technology a standard feature on mobile phones.

In September, the Essential Phone was released. One of the first devices on the market to feature a wireless connector, the phone uses it to communicate with a camera accessory the company released at the same time.

Keyssa alleged in its lawsuit that Essential engaged in technology and design discussions with Keyssa for 10 months but ultimately ended the relationship. In November 2016, Essential said it would use a competing chip from SiBEAM, a division of Lattice Semiconductor, the lawsuit alleges.

Keyssa alleged that despite Essential’s use of a different chip, the final Essential Phone design incorporates many of the techniques developed by Keyssa to make wireless connectors function well in a phone, from antenna designs to methods for testing phones on the manufacturing line.

«

Headline from CNBC, but story from Reuters. Essential is really getting hit by trucks.
link to this extract


Apple explored buying a medical-clinic startup as part of a bigger push into health care • CNBC

Christina Farr:

»

The discussions have been happening inside Apple’s health team for more than a year, one of the people said. It is not yet clear whether Apple would build out its own network of primary care clinics, in a similar manner to its highly successful retail stores, or simply partner with existing players.

It’s also possible Apple will just decide not to make this move.

Some experts see a move into primary care as a way to build out its retail footprint. Apple’s worldwide network of more than 300 stores has been one of its most important sales channels.

Canaan’s Nina Kjellson, a prominent health tech investor who has no knowledge of Apple’s plans, believes the move is plausible. “It would help build credibility with Apple Watch and other health apps,” she explained.

“Apple has cracked a nut in terms of consumer delight, and in the health care setting a non-trivial proportion of satisfaction comes from the quality of interaction in the waiting room and physical space,” she continued.

«

It seems a bit excessive to buy that sort of chain, though maybe they would be good for selling the Watch. Also perhaps if there were apps much more tightly tailored for health and more particularly medical needs.
link to this extract


Errata, corrigenda and ai no corrida: none notified

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Start Up: Wi-Fi and public key hacks explained, North Korea’s real power, iPhone X ships, and more


Yes, it’s green-on-black typing. You know what that means? Hacking. Photo by Christiaan Colen on Flickr.

A selection of 13 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Apple says ‘KRACK’ Wi-Fi vulnerabilities are already patched in iOS, macOS, watchOS, and tvOS betas • Mac Rumors

Juli Clover:

»

Apple has already patched serious vulnerabilities in the WPA2 Wi-Fi standard that protects many modern Wi-Fi networks, the company told iMore’s Rene Ritchie this morning.

The exploits have been addressed in the iOS, tvOS, watchOS, and macOS betas that are currently available to developers and will be rolling out to consumers soon.

Disclosed just this morning by researcher Mathy Vanhoef, the WPA2 vulnerabilities affect millions of routers, smartphones, PCs, and other devices, including Apple’s Macs, iPhones, and iPads.

Using a key reinstallation attack, or “KRACK,” attackers can exploit weaknesses in the WPA2 protocol to decrypt network traffic to sniff out credit card numbers, usernames, passwords, photos, and other sensitive information. With certain network configurations, attackers can also inject data into the network, remotely installing malware and other malicious software.

«

Slightly pushing it with the use of “already” there, given that this has been disclosed for months for vendors to get on top of it. But perhaps they couldn’t fix it in time for 11.0.
link to this extract


41% of Android phones are vulnerable to ‘devastating’ Wi-Fi attack • The Verge

Tom Warren:

»

Android 6.0 and above contains a vulnerability that researchers claim “makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices.” 41% of Android devices are vulnerable to an “exceptionally devastating” variant of the Wi-Fi attack that involves manipulating traffic. Attackers might be able to inject ransomware or malware into websites thanks to the attack, and Android devices will require security patches to protect against this. Google says the company is “aware of the issue, and we will be patching any affected devices in the coming weeks.”

Although most devices appear to be vulnerable to attacks reading Wi-Fi traffic, the exploit doesn’t target access points. The attack exploits vulnerabilities in the 4-way handshake of the WPA2 protocol, a security handshake that ensures client and access points have the same password when joining a Wi-Fi network.

As this is a client-based attack, expect to see a number of patches for devices in the coming weeks. Researchers sent out notifications to specific vendors in July, and a broad notification was distributed in late August. Security researchers note that it’s not worth changing your Wi-Fi password as this won’t help prevent attacks, but that it’s worth updating router firmware and all client devices to the latest security fixes.

«

link to this extract


Wi-Fi (WPA2 security) is broken – here’s the companies that have already fixed it • Charged

Owen Williams:

»

The implications of this new attack are pretty scary sounding, and the news is still developing but a few things are fairly clear:

• Almost every mobile/desktop device on the planet is affected and needs patching
• Your router will need a software update at some point
• Nobody will know how to update their router, or how to check if it’s patched

If you’re affected (and you almost certainly are) it’s important to check if your devices can be patched immediately. Not just your router, but whatever you’re using to get online too. 

To be clear, however, the most important fix to apply is the one for your phones, laptops and other devices. The data transmitted by these devices could now be exposed. 

«

There are quite a few sites which are keeping rolling lists of who has and hasn’t offered an update. The risk, of course, is to people who are using old devices which will never get an update. There’s also some risk to products – hello Internet of Things! – which can’t or won’t be updated.

The crack is nothing like as bad as that affecting WEP (which was flawed even before it was released; it could be cracked by anyone within an hour). But it is significant.

link to this extract


Malta car bomb kills Panama Papers journalist • The Guardian

Juliette Garside:

»

The journalist who led the Panama Papers investigation into corruption in Malta was killed on Monday in a car bomb near her home.

Daphne Caruana Galizia died on Monday afternoon when her car, a Peugeot 108, was destroyed by a powerful explosive device which blew the car into several pieces and threw the debris into a nearby field.

A blogger whose posts often attracted more readers than the combined circulation of the country’s newspapers, Caruana Galizia was recently described by the Politico website as a “one-woman WikiLeaks”. Her blogs were a thorn in the side of both the establishment and underworld figures that hold sway in Europe’s smallest member state.

Her most recent revelations pointed the finger at Malta’s prime minister, Joseph Muscat, and two of his closest aides, connecting offshore companies linked to the three men with the sale of Maltese passports and payments from the government of Azerbaijan.

No group or individual has come forward to claim responsibility for the attack…

…In a statement, Muscat condemned the “barbaric attack”, saying he had asked police to reach out to other countries’ security services for help identifying the perpetrators.

“Everyone knows Ms Caruana Galizia was a harsh critic of mine,” Muscat at a hastily convened press conference, “both politically and personally, but nobody can justify this barbaric act in any way”.

«

link to this extract


The world once laughed at North Korean cyberpower. No more • The New York Times

David Sanger, David Kirkpatrick and Nicole Perlroth:

»

just as Western analysts once scoffed at the potential of the North’s nuclear program, so did experts dismiss its cyberpotential — only to now acknowledge that hacking is an almost perfect weapon for a Pyongyang that is isolated and has little to lose.

The country’s primitive infrastructure is far less vulnerable to cyberretaliation, and North Korean hackers operate outside the country, anyway. Sanctions offer no useful response, since a raft of sanctions are already imposed. And Mr. Kim’s advisers are betting that no one will respond to a cyberattack with a military attack, for fear of a catastrophic escalation between North and South Korea.

“Cyber is a tailor-made instrument of power for them,” said Chris Inglis, a former deputy director of the National Security Agency, who now teaches about security at the United States Naval Academy. “There’s a low cost of entry, it’s largely asymmetrical, there’s some degree of anonymity and stealth in its use. It can hold large swaths of nation state infrastructure and private-sector infrastructure at risk. It’s a source of income.”

Mr. Inglis, speaking at the Cambridge Cyber Summit this month, added: “You could argue that they have one of the most successful cyberprograms on the planet, not because it’s technically sophisticated, but because it has achieved all of their aims at very low cost.”

It is hardly a one-way conflict: By some measures the United States and North Korea have been engaged in an active cyberconflict for years.

«

I’m writing a book about hacking (to be published next year); one of the chapters is about the Sony Pictures hack in late 2014, which was by North Korea. At the time, lots of people dismissed the idea. But they overlooked Kim Jong-un’s understanding when he took over that cyberwarfare has gigantic returns – and huge deniability. It’s almost the opposite of nuclear weapons.
link to this extract


Dead-end UX: the big problem that Facebook, Twitter, and others need to solve • Co.Design

»

I think I broke my Facebook.

That might sound like something your Luddite aunt would say, but I’m being serious. It started about two years ago, when, in a fit of annoyance at all the baby pictures flooding my news feed, I systematically unfollowed every single person and organization in my network except the actual news outlets. That promptly turned my sprawling social network of friends, frenemies, and strangers into a mere news reader plugged into just a half-dozen publications. Problem solved! No more updates about people’s lives.

Two years later, this seems like a grave mistake. I find myself curious about what people are doing. I’m falling behind in real-life conversations about what’s happening with friends. Put another way, it’s literally impossible for me to use Facebook for its original purpose. There’s a follow-on effect that I didn’t realize either: If you unfollow people on Facebook, you drop out of their Facebook feed as well. So now, whenever I have something I really want to share–a new job, or the final draft of the book I’ve been writing for years–I’m met with crickets. I’m stranded on the digital equivalent of a deserted island.

There’s no obvious way to get off this island. I could manually re-follow everyone I unfollowed. But even if I do that, I have no idea if Facebook automatically makes them follow me. For all intents and purposes, my Facebook is ruined. And I suspect that over time, you’re ruining yours without even realizing it.

«

And in time, you’ll find yourself stuck in a form of this situation – he calls it dead-end UX – which makes it no fun to use that network. And then you’ll abandon it. But he has a great idea for fixing it.
link to this extract


Foxconn begins shipping iPhone X, says report • Digitimes

Steve Shen:

»

Foxconn Electronics (Hon Hai) has started shipping iPhone X devices, with the first batch of 46,500 units already being shipped out from Zhengzhou and Shanghai to the Netherlands and United Arab Emirates (UAE), respectively, according to a China-based Xinhuanet.com report.

Apple said previously that it will begin to take pre-sale orders for iPhone X on October 27 and start delivering the devices on November 3.

However, the first-batch shipments of the iPhone X units were much lower than the previous iPhone models, which apparently will make the iPhone X one of the most difficult-to-find smartphone these days, according to a Chinese-language Commercial Times report.

Although Foxconn has ramped up its output of iPhone X to 400,000 units a week recently from the previous 100,000 units, the increased production still cannot meet market demand, said the report, citing data from Rosenblatt.

«

Those are really tiny numbers compared to the demand that’s sure to be out there.
link to this extract


‘Worse than KRACK’ — Google and Microsoft hit by massive five-year-old encryption hole • Forbes

Thomas Fox-Brewster:

»

to former NSA staffer and chief of cybersecurity company RenditionSec, Jake Williams, the ROCA issue is more severe than KRACK. The latter was only executable within Wi-Fi range, while it’s uncertain as to whether patches will be rolled out widely for ROCA, given it’s a more esoteric issue, he added. The vulnerability has also been present in affected devices since at least 2012.

Williams theorized two attacks over ROCA. First, by abusing code signing certificates, used to validate software is coming from a legitimate, trusted source. “Given a code signing certificate’s public key (which an organization has to publish), an attacker could derive the private key allowing them to sign software impersonating the victim,” Williams said. Given the kinds of attacks that have recently relied on fake software updates (remember the NotPetya ransomware and the CCleaner infection), this could be a serious threat.

An attacker could also potentially fool a Trusted Platform Module (TPM) — a specialized chip on a computer or smartphone that stores RSA encryption keys – to run malicious, untrusted code, Williams added. “The TPM is used to ensure the code used to boot the kernel is valid. Bypassing a TPM could allow the attacker to perform an inception style attack where they virtualize the host operating system. There are dozens of other variations of attacks, but these Infineon chips are huge in hardware security modules (HSMs) and TPMs,” he warned.

«

This is the article to read if you want to understand this (very serious) pitch.
link to this extract


Latest Adobe Flash vulnerability allowed hackers to plant malware • Engadget

Mallory Locklear:

»

Kaspersky Labs reports that a new Adobe Flash vulnerability was exploited by a group called BlackOasis, which used it to plant malware on computers across a number of countries. Kaspersky says the group appears to be interested in Middle Eastern politics, United Nations officials, opposition activists and journalists, and BlackOasis victims have so far been located in Russia, Iraq, Afghanistan, Nigeria, Libya, Jordan, Tunisia, Saudi Arabia, Iran, the Netherlands, Bahrain, United Kingdom and Angola.

The attack took place on October 10th and the malware planted by BlackOasis is a commercial product called FinSpy or FinFisher, typically sold to governments and law enforcement agencies. Kaspersky notified Adobe of the vulnerability and it has since released a Flash Player security update for Windows, Macintosh, Linux and Chrome OS. Kaspersky said that it believes BlackOasis, which it has been tracking since last year, was behind a similar exploit in September.

«

There is no longer any rational reason to keep using Flash. Honestly, there isn’t. It’s a mess of vulnerabilities.
link to this extract


US buyers favor iPhone 7 over 8: research • Reuters

Supantha Mukherjee and Tanya Agrawal:

»

“Many respondents indicated that a meaningful portion of customers are buying iPhone 7 in lieu of the new iPhone 8, given the lack of significant enhancements in the new phone,” KeyBanc analyst John Vinh wrote in a client note.

Vinh also said feedback from stores indicated that customers were waiting to purchase the iPhone X or to compare the iPhone X with other models before buying the iPhone 8.

Apple last month introduced the iPhone 8 and iPhone 8 Plus, which resemble the iPhone 7 but have a glass back for wireless charging. While iPhone 8 starts from $699 in the United States, iPhone 7 is retailing from $549 after a price cut.

The iPhone X, a glass and stainless steel device with an edge-to-edge display, will start shipping from Nov. 3. The 10th-anniversary iPhone is priced from $999 – Apple’s most expensive mobile till date.

One investor in Apple’s shares played down any concern around a dip in sales of the iPhone 7 or 8, given the much-anticipated debut of iPhone X.

“Worrying about any small down-tick in margins from the sale of the iPhone 7 or 8 is a wrong-headed way to look at it as iPhone X is really the flagship device where we’re going to see a strong upgrade cycle,” said Jason Ware, chief investment officer of Albion Financial Group.

«

link to this extract


The scale of tech winners • Benedict Evans

On the fact that the big tech companies nowadays are a lot bigger than the past ones (specifically, Microsoft + Intel):

»

Scale means these companies can do a lot more. They can make smart speakers and watches and VR and glasses, they can commission their own microchips, and they can think about upending the $1.2tr car industry. They can pay more than many established players for content – in the past, tech companies always talked about buying premium TV shows but didn’t actually have the cash, but now it’s part of the marketing budget. Some of these things are a lot cheaper to do than in the past (smart speakers, for example, are just commodity smartphone components), but not all of them are, and the ability to do so many large experimental projects, as side-projects, without betting the company, is a consequence of this scale, and headcount.

On the other hand, that the market is big enough for four tech giants, not just one (Wintel) partnership, means we have four companies aggressively competing and cooperating with each other, and driving each other on, and each trying somehow to commoditise the others’ businesses. None of them quite pose a threat to the others’ core – Apple won’t do better search than Google and Amazon won’t do better operating systems than Apple. But the adjacencies and the new endpoints that they create do overlap, even if these companies get to them from different directions, and as consumers we all benefit. If I want a smart speaker, I can choose from two with huge, credible platforms behind them today, and probably four in six months, each making them for different reasons with different philosophies. No-one applied that kind of pressure to Microsoft.

How do the mice do when there are four elephants fighting it out? As we saw with first GoPro and now perhaps Sonos, if you’re riding the smartphone supply chain cornucopia but can’t construct a story further up the stack, around cloud, software, ecosystem or network effects, you’re just another commodity widget maker. And the aggressive competition in advertising products from Google, Facebook and now to some extent Amazon has taken a lot of the oxygen away from anyone else.

«

link to this extract


While Apple is taking away buttons, we found a way to add one • Astro HQ

Savannah Reising on the company’s search for a new UI element for its iPad app:

»

We set out to find an alternative to the Astropad ring. The obvious first option was to make a new gesture, but we realized pretty quickly that there was limited room for this. Every edge of the iPad is already occupied with an existing gesture: swipe up for your dock, left to search, and down for notifications. We really needed something novel to work with.

Our Astro HQ cofounder Giovanni Donelli said that the idea to turn the camera into a button came like lightning, “I had been staring at a white bezel iPad for so long, and I kept wishing there was another home button we could use. My eyes kept falling on the camera, and I really wanted to touch it!” Giovanni built an initial prototype of the Camera Button within an hour.

Turning the camera into a reliably functioning button didn’t come without challenges. In total, we spent four months of continuous engineering efforts to get past these hurdles…

«

Once you see it, it’s completely obvious – like all the great ideas. Though this does remind me of the Camera+ hack, which years ago found a way to make the camera fire by pressing the volume button. Apple then blocked it. Then, uh, stole it: you can now take pictures on iPhones by pressing the volume button. Not sure if Astro is going to go through the same. Hope not.
link to this extract


My Oculus Rift has migrated from my desk, to my closet, to storage • Forbes

Paul Tassi:

»

A few years ago, my wife convinced me that we had to buy a $400 juicer. It’ll make us healthier, the juice will taste great, and it’ll be fun to use, she said. I eventually agreed, and we made some carrot juice and orange juice that did taste pretty good. But after dumping eight pounds of pulp into the trash, we put it in a box and never used it again. Now, every time she wants to buy X or Y questionable, expensive thing, my go-to snarky reply is “remember the juicer?”

Unfortunately, now I have my own juicer.

It’s called the Oculus Rift.

«

This story surely repeated many times around the world.
link to this extract


Errata, corrigenda and ai no corrida: Sophie Warnes’s newsletter is called Fair Warning, not Fiar Warning. You should still sign up, however it’s spelled.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Start Up: Google + Facebook + Twitter v chaos, US phone tracking, get sorted!, and more


USB-C from USB-A: where did it all go wrong? Photo by sniggie on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Google, Facebook, and Twitter need a new approach to tackling chaos • WIRED

Karen Wickre:

»

As the October 1 massacre in Las Vegas unfolded, Google displayed “news” results from rumor mills like 4Chan, and Facebook promulgated rumors and conspiracy theories, sullying the service on which, according to Pew Research, 45% of American adults get their news. Meanwhile, the rapid-fire nature of Twitter led users to pass along false information about missing people in the aftermath.
All of these cases signify the central place a number of digital services have staked out in our lives. We trust our devices: We trust them to surface the correct sources in our information feeds, we trust them to deliver our news, and we trust them to surface the opinions of our friends. So the biggest and most influential platforms falling prey to manipulations upsets that trust—and the order of things.

It’s hard to square the global power, reach, and ubiquity of these massive platforms with their youth: Google just turned 19. Facebook is 13. Twitter is 11 and a half. (None, in other words, out of their teens!) Until recently, widespread digital malfeasance was relatively rare on these young platforms. But in a world that increasingly seems dystopian, we now expect security breaches, hacks, purposeful fakery— all of it more or less constantly across the online services and tools we use. Whether the aim is financial, political, or even just hacking for hacking’s sake, the fact that so many of us live and work online means we are, collectively, an attractive and very large target.

«

link to this extract


Fixing Twitter: why Twitter is broken and why reputation systems can help (part 1 of 2) • Chuq Von Rospach

von Rospach has handled lots of communities – first at Apple, then at Palm:

»

Ultimately the problem at Twitter is a policy problem and a community management problem, which is why it’s been of interest to me. The first challenge of community management is that it doesn’t scale well. A community manager can handle a small group — depending on the population into a few tens of thousands — successfully, but as the group continues to grow the ability to cover it well and consistently becomes a challenge.

Now, grow that problem from tens of thousands to tens or hundreds of millions. You literally couldn’t hire enough talent to cover a community that size the way you would a smaller one. Youtube has 300 hours of video uploaded to it per minute. Stop and imagine the scale of a group charged to review and approve that content.

So you can’t hire your way out of the problem. You need technology. Technology pushes us in the other direction, though, where companies become overly reliant on algorithms to solve the problem. A good example of this kind of thinking is the most recent complaint about Facebook where it was found people could target ads to groups like “Jew Hater”. Facebook’s answer to this? More human oversight. Where did this problem come from? Building a system that assumed that the technology would prevent problems. Which it did: only it can only solve problems the humans know to program it for, and this wasn’t one of them.

So the answer to solving these problems is to use technology to amplify and leverage a human component.

My tool of choice? A reputation system driven by a Machine Learning setup…

…A quick digression on this challenge: back when I was working as Community Manager at Palm, I went to a meeting with a product manager to talk about proposed pages to the App Store. Her proposal was to add buttons for people to report apps that were abusive or contained inappropriate materials. Her plan was if we got those reports, those apps would be pulled from the store for evaluation.

My first question to her was “How do you think this will work when developers start flagging their competitors to get them pulled from the store?” And her response was simply “They’d do that?”

That was, I think, the moment I realized I needed to leave Palm. And here’s an important hint for success: don’t let people who aren’t community users and managers design your communities. Bad things will happen.

«

Read the second part too.
link to this extract


Qualcomm seeks China iPhone ban, expanding Apple legal fight • Bloomberg

Ian King:

»

Qualcomm’s suits are based on three non-standard essential patents, it said. They cover power management and a touch-screen technology called Force Touch that Apple uses in current iPhones, Qualcomm said. The inventions “are a few examples of the many Qualcomm technologies that Apple uses to improve its devices and increase its profits,” Trimble said.

Apple said the claim has no merit. “In our many years of ongoing negotiations with Qualcomm, these patents have never been discussed,” said Apple spokesman Josh Rosenstock. “Like their other courtroom maneuvers, we believe this latest legal effort will fail.”

Qualcomm made the filings at the Beijing court on Sept. 29. The court has not yet made them public.

“This is another step to get Apple back to the negotiating table,” said Mike Walkley, an analyst at Canaccord Genuity Inc. “It shows how far apart they are.”

There’s little or no precedent for a Chinese court taking such action at the request of a U.S. company, he said. Chinese regulators would also be concerned that a halt of iPhone production would cause layoffs at Apple’s suppliers such as Hon Hai Precision Industry Co., which are major employers.

«

Not quite sure how Qualcomm can claim that Force Touch touches (aha) its patents – if that were the case wouldn’t more non-Apple phones use it? And it seems like an odd time to notice this, two years after it was introduced. But everyone reckons that if Apple loses this case, it’ll settle at once.
link to this extract


Want to see something crazy? Open this link on your phone with WiFi turned off • Medium

Philip Neustrom:

»

Want to see something crazy? Open this link on your phone with WiFi turned off:
https://bit.ly/crazymobiledemo

Click “Begin,” enter the ZIP code and then click “See Underlying Data.”

What you should see is your home address, phone number, cell phone contract details, and — depending on what kind of cell phone towers you’re currently connected to — a latitude and longitude describing the current location of your cell phone…

…In 2003, news came to light that AT&T was providing the DEA and other law enforcement agencies with no-court-warrant-required access to real time cell phone metadata. This was a pretty big deal at the time.

But what these services show us is even more alarming: US telcos appear to be selling direct, non-anonymized, real-time access to consumer telephone data to third party services — not just federal law enforcement officials — who are then selling access to that data.

Given the trivial “consent” step required by these services and unlikely audit controls, it appears that these services could be used to track or de-anonymize nearly anyone with a cell phone in the United States with potentially no oversight.

«

I haven’t confirmed that this works (because I’m not in the US). But others are very worried by it.
link to this extract


After second bungle, IRS suspends Equifax’s “taxpayer identity” contract • Ars Technica UK

David Kravets:

»

Last week we brought news that the Internal Revenue Service awarded a $7.2m contract to Equifax to allow Equifax to “verify taxpayer identity.” The contract was awarded days after Equifax announced it had exposed the personal data, including Social Security numbers, of about 145 million people.

The tax-collecting agency is now temporarily suspending the contract because of another Equifax snafu. The Equifax site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which, when clicked, infected visitors’ computers with adware that was detected by just three of 65 antivirus providers. The development means that at least for now, taxpayers cannot open new Secure Access accounts with the IRS. Secure Access allows taxpayers to retrieve various online tax records and provides other “tax account tools” to those who have signed up.

An “alert” on the IRS website says the Secure Access service “is unavailable for new users at this time.” The alert notes that taxpayers who already have an account can “continue the login process.”

The message ends by saying “We apologize for any inconvenience.”

«

Equifax might begin to suffer death by a thousand cuts if stuff like this continues. At the very least, it’s a toxic brand right now for consumers.
link to this extract


The impossible dream of USB-C • Marco.org

Marco Arment:

»

I love the idea of USB-C: one port and one cable that can replace all other ports and cables. It sounds so simple, straightforward, and unified.

In practice, it’s not even close.

USB-C normally transfers data by the USB protocol, but it also supports Thunderbolt… sometimes. The 12-inch MacBook has a USB-C port, but it doesn’t support Thunderbolt at all. All other modern MacBook models support Thunderbolt over their USB-C ports… but if you have a 13-inch model, and it has a Touch Bar, then the right-side ports don’t have full Thunderbolt bandwidth.

If you bought a USB-C cable, it might support Thunderbolt, or it might not. There’s no way to tell by looking at it. There’s usually no way to tell whether a given USB-C device requires Thunderbolt, either — you just need to plug it in and see if it works.

«

And he hasn’t even got onto power charging yet. USB-C is a hot mess, and quite how it got into this hot mess is surely an object lesson in how not to design “standards”.
link to this extract


Sorting visualizations album • Imgur

The fabulously named Fishy McFishFace provides visual illustrations of a number of the different sorting algorithms in broad use in computing:

»

First up: Bubble Sort
Generally one of the very first algorithms learned when you’re introduced to this stuff in programming classes. Bubble sort finds the largest value in a set and “bubbles” it to the top. For this visualization, that’s the far right side. Everything further along the line than that value gets shifted down one spot, and then the algorithm goes back to the start and finds the next largest value to put at the end of what’s left. You can see the unsorted portion slowly being shifted down to the left, one iteration at a time, while the completely sorted portion grows from the right.

«

also includes Cocktail Sort, Radix Sort, Quick Sort, Insertion Sort and many more. (Via Sophie Warne’s Fiar Warning newsletter. The visuals for each one are amazing; one starts guessing which is the fastest. You should sign up.)
link to this extract


A new iPhone X feature was just discovered and it’s sheer brilliance • BGR

Zach Epstein:

»

Apple really had to get creative to manage an iPhone X design that is almost all screen. In fact, a number of the company’s solutions to various design problems are strokes of brilliance. The perfect example is the way Apple manage to eliminate the bottom bezel that’s present on every other smartphone on the market. This bezel exists because there’s a display controller component at the bottom of every screen, and displays won’t function without them.

So how did Apple do it? Check out this image:

Apple used flexible display panels in the iPhone X so that it could fold the bottom of the screen underneath itself. This way, the display controller is actually positioned behind the screen itself, rather than behind a bottom bezel.

«

It’s very clever. All the talk about “flexible displays”, and Apple actually gets on and uses it. (Samsung hasn’t got rid of the bottom bezel, despite inventing this technology.)

The BGR story also discovers something it claims was “just uncovered” by Phone Arena – that notifications on the iPhone X lockscreen are only shown in full to the person whose face unlocks the screen. It’s neat, true, but it was being demonstrated when the phones were unveiled.
link to this extract


Following heavy criticism, OnePlus makes changes to its data collection policy • AndroidAuthority

Brian Reigh:

»

the company’s co-founder has taken to the official OnePlus forum to address some of the concerns. Specifically, Carl Pei says that there will be some much-needed changes in how the company collects user data in the future:

»

By the end of October, all OnePlus phones running OxygenOS will have a prompt in the setup wizard that asks users if they want to join our user experience program. The setup wizard will clearly indicate that the program collects usage analytics. In addition, we will include a terms of service agreement that further explains our analytics collection. We would also like to share we will no longer be collecting telephone numbers, MAC Addresses and WiFi information.

«

Pei emphasizes again that for existing users, usage analytics collection can be turned off by going into Settings – Advanced – Join user experience program. For new users, you will have the option to disable it during the initial setup.

Not to condone the company’s unauthorized collection of personal data, but information like reboot and charging timestamps could be useful for “after-sales support” indeed. However, I can’t help but conclude that the collection of phone numbers, MAC addresses, and Wi-Fi information was, plainly put, gross misconduct on the company’s part. And Pei’s simply stating that the company would stop collecting the said data from now on doesn’t absolve him from his duty owed to consumers to explain why it was necessary in the first place.

«

Reigh has said it all. Just stop collecting this data now.
link to this extract


Google is permanently removing Home Mini’s top touch functionality due to always-recording bug • 9to5Google

Justin Duino:

»

On October 10, Google confirmed that one of the Home Mini’s features — the ability to trigger Assistant by tapping on the top of the speaker — was defective on a select number of units. As the bug was causing the smart speaker to essentially listen and record its surroundings 24/7, Google quickly pushed out an update to disable this feature.

Google has now reached out to let us know that it has permanently removed the Assistant-specific touch functionality and will not bring it back…

»

We take user privacy and product quality concerns very seriously. Although we only received a few reports of this issue, we want people to have complete peace of mind while using Google Home Mini.

We have made the decision to permanently remove all top touch functionality on the Google Home Mini. As before, the best way to control and activate Google Home Mini is through voice, by saying “Ok Google” or “Hey Google,” which is already how most people engage with our Google Home products. You can still adjust the volume by using the touch control on the side of the device.

«

«

This stemmed from the experience of Artem Russakovskii of Android Police, as noted here last week. Google should probably be glad he discovered it: imagine the outcry if it had gone into full production with this happening.
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up: Equifax screwed again, Magic Leap wants $1bn, costing US carbon, and more


What’s happened to the mainframe programmers of the past? Photo by John Sloan on Flickr

Web readers! For next week, you can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Unharassed. I’m @charlesarthur on Twitter. Observations and links welcome.

Equifax website borked again, this time to redirect to fake Flash update • Ars Technica

Dan Goodin:

»

In May credit reporting service Equifax’s website was breached by attackers who eventually made off with Social Security numbers, names, and a dizzying amount of other details for some 145.5 million US consumers. For several hours on Wednesday, and again early Thursday morning, the site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors’ computers with adware that was detected by only three of 65 antivirus providers.

Randy Abrams, an independent security analyst by day, happened to visit the site Wednesday evening to check what he said was false information he had just found on his credit report. Eventually, his browser opened up a page on the domain hxxp//:centerbluray.info that looked like this:

He was understandably incredulous. The site that previously gave up personal data for virtually every US person with a credit history was once again under the influence of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo. Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he’d see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once.

«

The reason why people are prepared to believe they need a Flash update is that since 2010 the number of “critical” flaws has been over 50 annually – implying an update once a week on average. In 2015 the number of “critical” (not just trivial) flaws hit 294 – that’s roughly one update every working day.

So nobody is going to be surprised by a page that tells them to update Flash Player – except if they don’t have Flash Player installed. Which is the correct approach.

As for Equifax getting its site hacked – perhaps that shouldn’t be installed either.
link to this extract


Startup Magic Leap seeks $1bn funding, working on debut product • Reuters

Heather Somerville:

»

The new financing round comes as Magic Leap readies a long-awaited debut product, a headset that shows images overlaid against the real world, known as augmented reality. The company has been working on prototypes for years but has not yet had a product for consumers to buy. Despite this, it has raised $1.4bn from investors such as venture capital firm Andreessen Horowitz and e-commerce company Alibaba, giving it a valuation last year of $4.5bn.

Magic Leap has come under scrutiny for misleading investors with dazzling demonstrations of technology that will not actually be in the final product, and releasing marketing videos that purported to be Magic Leap technology but were actually created by special effects companies, according to a report in December by news site The Information.

While the company has been working in secret for years, releasing little information about its launch date, competitors such as Facebook Inc’s Oculus have gained ground.

«

Flipping biscuits. Even more money? If they don’t come up with a product some time soon they’re going to need the most astounding pivot in the history of the wheel.
link to this extract


The EPA owes us a reason for killing clean power plan • Bloomberg

Cass Sunstein:

»

When a company emits a ton of carbon dioxide, what damage has it caused, exactly? The answer is called the “social cost of carbon,” which may be the most important number that you’ve never heard of.

If the number is large, regulation of greenhouse gas emissions will be amply justified. If it is small, not so much. In proposing to scrap the Obama administration’s Clean Power Plan, the Environmental Protection Agency recently announced that the social cost of carbon is close to zero. Well, a bit higher than that, but not a lot.

More remarkably still, the EPA offered hardly any reasons for its decision. As Ring Lardner once put it: “Shut up, he explained.”…

…In 2010, the group [convened in part by Sunstein to price that social cost] produced a central value of $21 for the social cost of carbon. By 2016, new research resulted in an update, yielding a figure of $36.

For policy, that number matters, because it can play a big role in deciding on whether to go forward with numerous regulations — and in producing the chosen level of stringency. The group’s estimate was also upheld in court.

But science and economics continue to evolve. A more recent estimate, by Yale economist William Nordhaus (often mentioned as a candidate for the Nobel Prize), finds that the $36 figure is just a bit too high; he favors $31. Other experts think that $36 is far too low, with estimates ranging to $200 or higher.

The EPA’s figure under President Donald Trump? Maybe $1. Maybe as high as $6.

How did it get there? The EPA knew enough not to deny that climate change is occurring. The major driver behind its low number was its decision to consider only damage to the US – and to ignore damage to people in every other nation on the face of the planet.

«

“America First. Screw everyone else.”
link to this extract


The giant Piccadilly billboard is going to track cars to target ads • WIRED UK

Matthew Reynolds:

»

Cameras concealed within the screen will track the make, model and colour of passing cars to deliver more targeted adverts. Brands can even pre-program triggers so that specific adverts are played when a certain model of car passes the screen, according to Landsec, the company the owns the screens.

The giant screen replaces six separate screens that previously wrapped around the buildings at Piccadilly Circus, each one dedicated to a different brand. “This screen can be electronically carved up as opposed to having individual screens,” says Landsec portfolio director Vasiliki Arvaniti.

This also means that the entire screen can be taken up by a single advert – something that had been tried on earlier versions of the display, but didn’t really work with six screens of different sizes, made by different manufacturers…

…Landsec won’t say when exactly it’s planning on switching on the screen for the first time as it doesn’t want to cause overcrowding in the West End. When the screen does finally flicker into life, however, it’ll also provide free public Wi-Fi to people in the area.

That giveaway isn’t entirely altruistic, however. The big screen advertisers will be also sponsor the Wi-Fi landing page, so getting away from those adverts just got a little bit trickier.

«

No such thing as a free lunch, or free Wi-Fi.
link to this extract


Rejecting Sonos’ private data slurp basically bricks bloke’s boombox • The Register

Thomas Claburn:

»

Sonos’ policy change, outlined by chief legal officer Craig Shelburne, allows the gizmo manufacturer to slurp personal information about each owner, such as email addresses and locations, and system telemetry – collectively referred to as functional data – in order to implement third-party services, specifically voice control through Amazon’s Alexa software, and for its own internal use.

“If you choose not to provide the functional data, you won’t be able to receive software updates,” a Sonos spokesperson explained at the time. “It’s not like if you don’t accept it, we’d be shutting down your device or intentionally bricking it.”

A handful of customers, however, have managed to brick their Sonos speakers by refusing to accept the data harvesting terms accompanying version 7.4+ of the firmware and then subsequently updating their Sonos mobile app to a version out of sync with their legacy firmware.

In an email to The Register, a reader by the name of Dave wrote: “You should know that in the latest update it is now impossible to use the player without updating, effectively bricking my three devices. Numerous attempts to contact Sonos have met with silence on the issue, and the phone number in the app for support is no longer valid.”

The Register prodded a Sonos spokesperson, who reiterated that Sonos is not bricking the devices of privacy policy refuseniks.

However, the spinner acknowledged that a few people who have updated their apps, manually or through automatic updates, have ended up with software on their handsets that isn’t compatible with their firmware – which did not update because they would not accept the privacy policy change.

«

Easy to get this wrong. Also problematic.
link to this extract


Isis is facing near total defeat in Iraq and Syria – but it has been beaten and come back before • The Independent

Patrick Cockburn:

»

Isis is suffering heavy defeats but it would be premature to believe that it is totally out of business. Its commanders will have foreseen that, however hard they fought, they would lose Mosul and Raqqa in the end. To fight on they have prepared bunkers, weapons caches and food stocks in the deserts and semi-deserts between Iraq and Syria where they can hope to ride out the storm and perhaps make a comeback in a few years’ time. Isis succeeded in doing this before, after being defeated by the US and anti-Isis Sunni Arabs in 2006-08 but returning stronger than ever after 2011 when the political situation in the region favoured it once again.

This might happen a second time as the unwieldy combination of different states and movements, which includes everybody from the US and Iran to the Syrian army, Hezbollah in Lebanon and the Iraqi Shia paramilitaries, begins to fall apart. Nevertheless a rebirth of Isis looks unlikely because its explosion onto the world stage over the last three years so shocked international and regional powers that they will be wary of allowing Isis to recreate itself.

Isis does still have strengths: the latest recording of its leader Abu Bakr al-Baghdadi indicates that he is still alive and, so long as this is true, it will be difficult to declare his Caliphate quite dead.

«

link to this extract


Retiring mainframe programmers: should I care? • InfoQ

Don Denoncourt:

»

Shouldn’t those old mainframe applications just be rewritten? It ain’t that easy. Yeah, I know, you’ve heard about rewrites for years. But the reason why most of those Visual Basic, dBase III, and PHP apps (that’s right, I’m saying they weren’t mainframe apps) were rewritten every 5 years is because they weren’t written that well to begin with. Meanwhile, the mainframe apps have been running well for decades. The Return On Investment (ROI) for rewrites of mainframe applications just hasn’t been there. Case in point: In the mid ‘80s I wrote a traffic system for Hanover Brands Inc. that is still in use today.

But then there’s this retiring and expiring thing. Why not just bite the bullet and do the rewrite?

Rewrites are never easy and, for huge applications, they are often failures. Just a few weeks ago, I did a rewrite of a little, itty, bitty, PHP application to Ruby and Rails. Now, I’m pretty good with Ruby and OK with PHP but, even though it was just over a thousand lines, I still missed stuff. Mainframe Cobol and RPG applications are a wee bit more complex. It is common for an RPG program to be ten, and Cobol to be twenty, thousand lines long.

Multiply that by hundreds and hundreds of programs and you have an application that has a mega-million lines. Worse that that, many of those programs were written before modular programming techniques became available.

Typically, all variables in one of these behemoths are global. I remember, dozen years or so ago, I had a jest-quest in articles and seminars of a Diogenes-like search for a local variable in mainframe code. Diogenes never found an honest man and I had problems finding local variables in circa-70s code.

«

link to this extract


How Israel caught Russian hackers scouring the world for US secrets • The New York Times

Nicole Perlroth and Scott Shane:

»

Kaspersky’s researchers noted that [Israeli] attackers had managed to burrow deep into the company’s computers and evade detection for months. Investigators later discovered that the Israeli hackers had implanted multiple back doors into Kaspersky’s systems, employing sophisticated tools to steal passwords, take screenshots, and vacuum up emails and documents.

In its June 2015 report, Kaspersky noted that its attackers seemed primarily interested in the company’s work on nation-state attacks, particularly Kaspersky’s work on the “Equation Group” — its private industry term for the N.S.A. — and the “Regin” campaign, another industry term for a hacking unit inside the United Kingdom’s intelligence agency, the Government Communications Headquarters, or GCHQ.

Israeli intelligence officers informed the N.S.A. that in the course of their Kaspersky hack, they uncovered evidence that Russian government hackers were using Kaspersky’s access to aggressively scan for American government classified programs, and pulling any findings back to Russian intelligence systems. They provided their N.S.A. counterparts with solid evidence of the Kremlin campaign in the form of screenshots and other documentation, according to the people briefed on the events.

«

Israel worked with the US on Stuxnet; it would make sense that it would tell the US what it found.
link to this extract


The confrontation that fueled the fallout between Kaspersky and the U.S. government • Cyberscoop

Patrick Howell O’Neill:

»

In the first half of 2015, Kaspersky was making aggressive sales pitches to numerous U.S. intelligence and law enforcement agencies, including the FBI and NSA, multiple U.S. officials told CyberScoop. The sales pitch caught officials’ attention inside the FBI’s Counterterrorism Division when Kaspersky representatives boasted they could leverage their product in order to facilitate the capture of targets tied to terrorism in the Middle East. While some were intrigued by the offer, other more technical members of the intelligence community took the pitch to mean that Kaspersky’s anti-virus software could effectively be used as a spying tool, according to current U.S. intelligence officials who received briefings on the matter.

The flirtation between the FBI and Kaspersky went far enough that the bureau began looking closely at the company and interviewing employees in what’s been described by a U.S. intelligence official as “due diligence” after Counterterrorism Division officials viewed Kaspersky’s offerings with interest.

The examination of Kaspersky was immediately noticed in Moscow. In the middle of July 2015, a group of CIA officials were called into a Moscow meeting with officials from the FSB, the successor to the KGB. The message, delivered as a diplomatic démarche, was clear: Do not interfere with Kaspersky.

The démarche is not public and has not been previously reported on. A démarche typically comes from a foreign ministry and is addressed to another country’s diplomats in an effort to send a message and often to lodge a protest. Officials told CyberScoop that the 2015 document was worded as an objection to what the Russians deemed malicious interference against the Moscow company.

«

The whole Kaspersky incident is deeply puzzling.
link to this extract


Facebook and Twitter could face ‘online abuse levy’ – BBC News

Jane Wakefield:

»

Facebook and Twitter could be asked to pay for action against the “undeniable suffering” social media can cause, the culture secretary has said.

Cyber-bullying, trolling, abuse and under-age access to porn will be targeted in plans drawn up by Karen Bradley to make the online world safer. Ms Bradley wants social media groups to sign up to a voluntary code of practice and help fund campaigns against abuse. She also wants social media platforms to reveal the scale of online hate.

Almost a fifth of 12 to 15-year-olds have seen something they found worrying or nasty, and almost half of adults have seen something that has upset or offended them, on social media – according to the government.

Despite promising to introduce new laws regulating the internet in the Conservative Party’s manifesto, Ms Bradley told the BBC that legislating would take “far too long”. She said that the plan was for a “collaborative approach” with internet groups, adding that she sees a “willingness from them”.
She added: “Many of them say: ‘When we founded these businesses we were in our 20s, we didn’t have children… now we’re older and we have teenagers ourselves we want to solve this”.

«

What fresh nonsense is this? What sort of government thinks something is so important that it isn’t going to legislate it because that’s too slow? It’s like the negation of what government is for.

“Voluntary” codes are the classic “observe in letter but not spirit” thing. And on American companies? It’s a PR front which will change little.
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up: phone and home surveillance, stop iCloud phishing, 2014’s lost Lumia, PCs slump, and more


What if your phone is spying on you? Or a home device? Or you’re being phished? Or a government is after your data? Photo by ShellyS on Flickr.

A selection of 10 links for you. Word of the day: surveillance. I’m @charlesarthur on Twitter. Observations and links welcome.

OnePlus OxygenOS built-in analytics • Chris Moore

Moore was doing a holiday hack project, and happened to leave his OnePlus2 phone’s internet traffic going through an analyser, which showed some heading for open.oneplus.net:

»

OK, so it looks like they’re collecting timestamped (the ts field is the event time in milliseconds since unix epoch, which we’ll be seeing more of) metrics on certain events, some of which I understand – from a development point of view, wanting to know about abnormal reboots seems legitimate – but the screen on/off and unlock activities feel excessive. At least these are anonymised, right? Well, not really – taking a closer look at the ID field, it seems familiar; this is my phone’s serial number. This I’m less enthusiastic about, as this can be used by OnePlus to tie these events back to me personally (but only because I bought the handset directly from them, I suppose).

I leave the traffic proxied for some time, to see what other information is collected, and boy am I in for a shock…
[picture shows the data flow…]

Amongst other things, this time we have the phone’s IMEI(s), phone numbers, MAC addresses, mobile network(s) names and IMSI prefixes, as well as my wireless network ESSID and BSSID and, of course, the phone’s serial number. Wow, that’s quite a bit of information about my device, even more of which can be tied directly back to me by OnePlus and other entities.

It gets worse.
[picture shows more data slows]

Those are timestamp ranges (again, unix epoch in milliseconds) of the when I opened and closed applications on my phone. From this data we can see that on Tuesday, 10th Jan 2017, I had Slack open between 20:25:40 UTC and 20:25:52 UTC, and the Microsoft Outlook app open between 21:38:41 UTC and 21:38:53 UTC, to take just two examples, again stamped with my phone’s serial number.

It gets even worse.

«

Basically, surveilling you; you have to remove the OnePlus Device Manager app, which isn’t trivial.

Next question: how many other Android smartphones do this on the quiet? If OnePlus does, presumably other Oppo and vivo phones do too. And those sites will be targets for hackers.
link to this extract


Equifax says 15.2 million UK records exposed in cyber breach • Reuters

John McCrank:

»

Credit reporting agency Equifax Inc said on Tuesday that 15.2 million client records in Britain were compromised in the massive cyber attack it disclosed last month, including sensitive information affecting nearly 700,000 consumers.

The US-based company said 14.5 million of the records breached, which dated from 2011 to 2016, did not contain information that put British consumers at risk.

Overall, around 145.5 million people, mostly in the United States, had their information compromised, including Social Security numbers, birth dates and addresses.

«

Marvellous. Expect phishing attacks based around this soon too.
link to this extract


Google is nerfing all Home Minis because mine spied on everything I said 24/7 [Update] • Android Police

Artem Russakovskii:

»

Without fail, every time a new listening device comes to market, some tinfoil hat-wearer points out how perfect they would be as modern-day Trojan horses for any of the three-letter acronym organizations – NSA, CIA, FBI – you name it. Manufacturers, on their part, assure us their devices are perfectly safe and only listen when prompted. We brush the concerns off and move on with our lives, but not before granting our smart pineapples (did you know “pineapple” is the codename for Google Home?) access to the smart rice maker, smart vacuum, and smart toothbrush.

I didn’t give too much thought to these privacy concerns because they all sounded theoretical and unlikely. My four Google Homes and three Echos sat quietly on their respective desks and counters, and only turned on when one of three things happened:

• I called out a hotword (Alexa for Echos and Hey or OK Google for Homes).
• A video I was watching or podcast I was listening to did this (I’m looking at you, Marques!)
• They heard a noise or word that they thought sounded like a hotword but in reality was not. This happened once or twice every few days.

That is until last week, when a 4th case came along – 24/7 recording, transmission to Google’s servers, and storing on them of pretty much everything going on around my Home Mini, which I had just received at the Made by Google October 4th launch event.

«

The Home Mini was recording everything, and storing it on Google’s servers. Google says it was a hardware flaw on the batches given out at the “Made by Google” events introducing this. Russakovskii estimates that’s at least 4,000 of them. It has disabled the long-press functionality as a result.
link to this extract


Deputy attorney general Rosenstein’s “responsible encryption” demand is bad and he should feel bad • Electronic Frontier Foundation

Kurt Opsahl takes Rod Rosenstein’s recent speech, which introduced the idea of “responsible encryption”, to task:

»

For a long time, people have had communications that were not constantly available for later government access. For example, when pay phones were ubiquitous, criminals used them anonymously, without a recording of every call. Yet, crime solving did not stop. In any case, law enforcement has been entirely unable to provide solid examples of encryption foiling even a handful of actual criminal prosecutions.

Finally, in his conclusion, Rosenstein misstates the law and misunderstands the Constitution.

»

Allow me to conclude with this thought: There is no constitutional right to sell warrant-proof encryption. If our society chooses to let businesses sell technologies that shield evidence even from court orders, it should be a fully-informed decision.

«

This is simply incorrect. Code is speech, and courts have recognized a Constitutional right to distribute encryption code. As the Ninth Circuit Court of Appeals noted:

»

The availability and use of secure encryption may … reclaim some portion of the privacy we have lost. Gov’t efforts to control encryption thus may well implicate not only the First Amendment rights … but also the constitutional rights of each of us as potential recipients of encryption’s bounty.

«

Here, Rosenstein focuses on a “right to sell,” so perhaps the DOJ means to distinguish “selling” under the commercial speech doctrine, and argue that First Amendment protections are therefore lower. That would be quite a stretch, as commercial speech is generally understood as speech proposing a commercial transaction. Newspapers, for example, do not face weaker First Amendment protections simply because they sell their newspapers.

«

If you’re wondering why Rosenstein’s name seems familiar, he’s the one who wrote the memo post-justifying Trump’s decision to fire James Comey as head of the FBI. Misstating the law and misunderstanding the US constitution seems like par for the course for someone who did that.
link to this extract


iOS Privacy: steal.password – Easily get the user’s Apple ID password, just by asking • Felix Krause

»

How can you protect yourself

• Hit the home button, and see if the app quits:
-If it closes the app, and with it the dialog, then this was a phishing attack
-If the dialog and the app are still visible, then it’s a system dialog. The reason for that is that the system dialogs run on a different process, and not as part of any iOS app.
• Don’t enter your credentials into a popup, instead, dismiss it, and open the Settings app manually. This is the same concept, like you should never click on links on emails, but instead open the website manually
• If you hit the Cancel button on a dialog, the app still gets access to the content of the password field. Even after entering the first characters, the app probably already has your password.

Initially I thought faking those alerts requires the app developer to know your email. Turns out some of those auth popups don’t include the email address, making it even easier for phishing apps to ask for the password.

Proposal

Modern web browsers already do an excellent job protecting users from phishing attacks. Phishing within mobile apps is a rather new concept, and therefore still pretty unexplored.

• When asking for the Apple ID from the user, instead of asking for the password directly, ask them to open the settings app
• Fix the root of the problem, users shouldn’t constantly be asked for their credentials. It doesn’t affect all users, but I myself had this issue for many months, until it randomly disappeared.
• Dialogs from apps could contain the app icon on the top right of the dialog, to indicate an app is asking you, and not the system. This approach is used by push notifications; also, this way, an app can’t just send push notifications as the iTunes app.

«

This is still bad, and Apple’s security people should have stamped it out ages ago. I suspect they couldn’t and so their pivot has been to try to persuade people to enable two-factor authentication on accounts.

But as Krause points out, even if you’ve got 2FA, that won’t protect any accounts where you’ve used the same username/password combination.
link to this extract


AirPods can activate Google Assistant on your Android device with this app • Android Police

Corbin Davenport:

»

The app is called ‘AirpodsForGA,’ and it allows you to trigger Google Assistant by double-tapping on either AirPod. That’s the same shortcut used to activate Siri when paired with an iPhone. It’s worth noting that you could already use the ‘OK Google’ hotword to open Google Now/Assistant on AirPods (at least according to this review), but this is obviously quicker. Due to limitations with Android’s media button events, this app doesn’t always work when the phone is unlocked, but it should work fine when locked.

I’m unable to test the app myself, since I don’t own a pair of AirPods, but there’s four Play Store reviews saying it works great.

«

Complaints (in the comments) are that it goes to full volume when Google Assistant talks in your ear. But that might be a one-off. (The rest of the comments are pretty predictable. The smartphone wars are still being fought, like Japanese soldiers in the jungle, in the comments sections of fan sites.)
link to this extract


Traditional PC market further stabilizes as top companies consolidate share • IDC

»

Worldwide shipments of traditional PCs (desktop, notebook, workstation) totaled 67.2m units in the third quarter of 2017 (3Q17), which translates into a slight year-over-year decline of 0.5%, according to the International Data Corporation (IDC) Worldwide Quarterly Personal Computing Device Tracker. The results were better than projections of a 1.4% decline, and further demonstrate the trend of market stabilization in recent quarters. Improvement in emerging markets as well as back-to-school promotions helped boost results.

The component shortages of recent quarters have continued to improve and did not factor as a significant hindrance to production volumes. Nonetheless, higher component prices and inventory in some markets meant limited shipments and validated IDC assumptions about a muted third quarter. Not surprisingly, competitive pressures further cemented the dominance of the top five PC companies, which accounted for nearly 75% of the total traditional PC market…

…”The U.S. traditional PC market exhibited lower overall growth, contracting 3.4% in 3Q17,” said Neha Mahajan, senior. research analyst, Devices & Displays. “Despite the overall contraction, Chromebooks remain a source of optimism as the category gains momentum in sectors outside education, especially in retail and financial services.”

«

Gartner says the decline was worse – it puts the decline at 3.6% – but has almost exactly the same shipment figure for the quarter, at 67.0m. Gartner doesn’t include Chromebooks in its figures, so it’s a little hard to see the source of IDC’s enthusiasm; IDC doesn’t show Acer (which ships a lot of Chromebooks) as outselling Apple.

Also of note: Gartner says Lenovo’s PC shipments have declined year-on-year in eight of the past 10 quarters. IDDC puts HP ahead of Lenovo all of this year.

Even so, this looks like the market bottoming out. Though it always then finds a new bottom.
link to this extract


White-box tablet players turn to new markets for survival • Digitimes

Sammi Huang and Joseph Tsai:

»

With first-tier tablet brand vendors’ product ASP dropping, rising competition from large-size smartphones and prices for key components – including panels and memory – hiking, white-box tablet players are struggling.

Some white-box players have already turned to new market segments such as those for smart speakers, smartphones, car-use electronics, wearables, gaming and education applications.

Digitimes Research’s figures show that Apple, Samsung Electronics and Amazon will be the top-3 tablet vendors worldwide in 2017, while China-based Huawei will be number four, surpassing Lenovo.

«

Lenovo really is struggling to make things happen. PCs, smartphones, tablets – nothing is quite energising.
link to this extract


TCL sells shares of handset business unit to strategic partners • Digitimes

Jean Chu and Steve Shen:

»

China-based TCL Group has disclosed that it has transferred up to 49% of its holdings in TCL Communication Technology Holdings to three strategic partners for HK$490 million (US$62.79m).

TCL will sell an 18% stake of its handset business unit to Unisplendour Technology Venture Capital, an investment arm of Tsinghua Unigroup, for HK$180m.

Meanwhile, TCL will also release an 18% and 13% stake of TCL Communication Technology to Oriente Grande Investment Fund and Vivid Victory Developments for HK$180m and HK$130m, respectively, according to the announcement.

Oriente Grande Investment Fund is the holding company of China-based handset ODM Wingtech Group.

TCL Communication Technology posted revenues of CNY6.87 billion (US$1.043bn) in the first half of 2017, decreasing 26.1% from a year earlier. Net losses for the January-June period totaled CNY852 million (US$130m).

«

This is tucked away, but it’s significant. TCL has been pushing a lot of phones in China and the rest of Asia; it has been among the world’s top 10 in volume. What this makes clear is that it’s been making a loss on that. So now it’s found some people to pump some money in.

The hope on the part of both is that this cash infusion will push it over the line into profitability. The concern should be that profitless commoditisation is going to continue at the low end of the market, where TCL is currently stuck with scores of other OEMs. A consolidation might not be far off.
link to this extract


A look at Microsoft’s unreleased ‘all screen’ Lumia Windows phone • Windows Central

Zac Bowden on a phone that would have been unusual in 2014:

»

The standout feature of this device is easily its design. Featuring an almost “all-screen” front, this Lumia is a stunner. It’s a super clean, minimalist and futuristic design that definitely doesn’t belong on a sub-$200 Windows phone in 2014. Holding this device feels like you’re holding nothing but a screen, and that’s what makes this Lumia different from all the rest.

Of course, when I say “all screen,” I’m being a little overzealous. It’s almost all screen, except for the bottom bezel, which is pretty large. This phone has a big “chin,” which is a pretty standout defect in this phone’s design. Even with the chin, it would’ve been considered “all screen” in 2014.

There’s a reason for the larger-than-usual bottom bezel, however: it’s where the front-facing camera sits. Yes, this phone has a front-facing camera on the bottom bezel. There’s no room for it at the top, and pretty much every phone these days comes with a front camera of some sort.

«

What might have been is always fascinating. The front camera problem is perhaps what caused Microsoft to kill this. That, and the reality that it would have lost a ton of money.
link to this extract


Errata, corrigenda and ai no corrida: none notified

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Start Up: Shazam for art, why the iPhone X notch?, Google’s TAC tax, the plastic-chewers, and more


Not hacker central, but passport control in North Korea. Its hackers are busy elsewhere. Photo by (stephan) on Flickr.

A selection of 11 links for you. Effervescence! I’m @charlesarthur on Twitter. Observations and links welcome.

Allies’ wartime operational plan presumably stolen by N.K. hackers last year: lawmaker • Yonhap News

»

North Korean hackers are believed to have stolen a large amount of classified military documents, including the latest South Korea-U.S. wartime operational plan, last year, a ruling party lawmaker said Tuesday.

Citing information from unnamed defense officials, Democratic Party Rep. Lee Cheol-hee said that the hackers broke into the Defense Integrated Data Center in September last year to steal the secret files, such as Operational Plans 5015 and 3100.

OPLAN 5015 is the latest Seoul-Washington scheme to handle an all-out war with Pyongyang, which reportedly contains detailed procedures to “decapitate” the North Korean leadership. OPLAN 3100 is Seoul’s plan to respond to the North’s localized provocations.

Lee said that 235 gigabytes of military documents were taken with the content of nearly 80% of them yet to be identified. Also among them were contingency plans for the South’s special forces, reports to allies’ top commanders, and information on key military facilities and power plants, he added.

“The Ministry of National Defense has yet to find out about the content of 182 gigabytes of the total (stolen) data,” the lawmaker said in a statement.

«

North Korea’s hacking capabilities have been underestimated since 2011 – when Kim Jong-un, its youngest leader ever, who was tutored in the west, took over. Those facts aren’t coincidence.
link to this extract


New app Smartify hailed as “Shazam for the art world” • Dezeen

Gunseli Yalcinkaya:

»

An app has launched that allows users to instantly identify artworks and access information about them, by simply scanning them with a smartphone.

Smartify launched at the Royal Academy of Arts in London last week. It has been described by its creators as “a Shazam for the art world”, because – like the app that can identify any music track – it can reveal the title and artist of thousands of artworks.

It does so by cross-referencing them with a vast database that the company is constantly updating.

Smartify is already in use in over 30 of the world’s major galleries and museums, including the National Gallery in London, the Rijksmuseum in Amsterdam, The Met in New York and LACMA in Los Angeles.

The company refuses to reveal exactly how it works, but said that it creates “visual fingerprints” to differentiate between each artwork.

«

I was present at the very first live test of Shazam (in a pub in Dean Street in 2003 or so); I didn’t think it could work because it would need constant updates from the record companies. What I missed was that the record companies would want people to know what they were hearing, and so helped to update Shazam’s database.

Not so sure that the same applies for art. But I’ve been wrong before…
link to this extract


The iPhone X’s notch already works • BGR

Chris Smith:

»

the side effect of Apple’s decision to introduce both an all-screen iPhone design and the Face ID functionality this year is the ugly “notch.” There’s no way to defend it, especially when it comes to the iPhone X’s user interface.

But the phone’s notch has a second, possibly unintended purpose that is becoming more evident as we approach the iPhone X’s November 3rd release date.

The notch gives the iPhone X a unique design that will be easily recognized by anyone. Rather than being an all-screen device that has only generic features, the iPhone X has the camera sensor at the top that breaks the display line at the top of the phone.

iPhone fans can easily tell when someone is using an iPhone X. So can iPhone haters. A glance at the notch is enough to confirm the phone is indeed Apple’s best iPhone to date. And it’s even easier to spot the iPhone X in the wild right now.

«

Yes. Exactly this. Apple is a company which not only wants you to enjoy using your device; it wants other people to know you’re using it too. Why else the bright white of EarPods, and then AirPods? Why else the huge fights with Samsung over the “design patent” of the iPhone, and particularly the roundness of the corners? If there was one thing that infuriated Apple executives in the past decade, it was Samsung’s blatant copying of the appearance of the iPhone 3GS.

The notch is a subtle nudge to anyone not using the phone that this one is different. Smith has put his finger on it; people like Marco Arment and John Gruber who find the notch unconscionable are missing the point. Design is how it works: the notch works to tell people that this is the iPhone X.

If you don’t believe me, watch out for how many phones next year try to “extend” their screen above the front-facing camera, which is of course centred, because why not? Oh, you say it looks like the iPhone X?
link to this extract


iPhone: designed for misuse? • ROUGH TYPE

Nick Carr on Jony Ive’s comment that “constant use” of one’s phone might constitute “misuse”:

»

Maybe I’m the cynic, but it’s hard not to conclude, from everything we know about the iPhone and its development and refinement, that it has in fact been consciously and meticulously designed to encourage people to use it as much as possible. Here, for example, is how Apple is promoting the new iPhone X at its web store:

If Apple’s “vision” has always been to create a phone “so immersive the device itself disappears into the experience,” it’s hard for me to credit Ive’s suggestion that people are misusing it by immersing themselves in it. If “constant use” is a misuse of the iPhone, then the device has been designed for misuse. And the future we’re supposed to welcome will be one in which the smartphone becomes all the more encompassing, the line between gadget and experience all the more blurred.

If Ive is sincere in his belief that people should be more disciplined in their use of smartphones — and I believe he is — I’m sure he’ll be able to find elegant ways to use design features to deter constant use.

«

I guess you could always limit its battery life 🤔
link to this extract


Google’s $19bn black box is worrying investors • Bloomberg

Shira Ovide on Google’s TAC – traffic acquisition costs:

»

These Google traffic fees are the result of contractual arrangements parent company Alphabet Inc. makes to ensure its dominance. The company pays Apple to make Google the built-in option for web searches on Apple’s Safari browsers for Mac computers, iPhones and other places. Google also pays companies that make Android smartphones and the phone companies that sell those phones to make sure its search box is front and center and to ensure its apps such as YouTube and Chrome are included in smartphones.

In the last year, Google has paid these partners $7.2bn, more than three times the comparable cost in 2012. Details of these financial arrangements are secret, but analysts think that the biggest culprit in the recent cost uptick is a revised agreement Google struck with Apple a couple of years ago. Analysts think this contract costs Google $3bn to $4bn a year, or perhaps much more.

Lately some Google watchers have said investors shouldn’t panic about the traffic fees. Baird recently estimated the growth rate of traffic acquisition costs is likely to ease off this year or in early 2018, in part because Google is past the worst of the cost increases from its revised Apple contract. 

But there’s another wild card that may push those costs up. European antitrust authorities are investigating whether Google’s arrangements with Android phone manufacturers and phone companies constitute an abuse of the company’s power. Companies enter these arrangements with Google voluntarily. But if manufacturers want to include some popular Google apps such as the Google Play app store, they are often required to take other Google apps, too, and set Google search as the default option.

«

Notice two things this implies. First, that Apple gets half of the smartphone TAC, even though it has about a quarter of the installed base, and Android the remainder. Second, that Google’s TAC will rise if the EC forces Google to let Android OEMs install whatever they want and Google finds itself competing to have its app store and search prominently placed. The latter will hit its bottom line – possibly quite hard.
link to this extract


Nokia plans to cut up to 310 jobs, halt VR camera development • Reuters

Jussi Rosendahl:

»

Nokia plans to reduce up to 310 jobs from its Nokia Technologies unit and halt development of its virtual reality camera “OZO” and hardware, the Finnish company said on Tuesday.

The unit has about 1,090 employees and the potential cuts are expected to affect staff in Finland, the United States and Britain. Nokia employed about 102,000 employees as of end-June.

The unit will continue to focus on digital health and patent and brand licensing business, Nokia said.

“The slower-than-expected development of the VR market means that Nokia Technologies plans to reduce investments and focus more on technology licensing opportunities,” it said in a statement.

«

In other news, IDC says the company sold a grand total of 1.5m Nokia-branded phones in the first half of 2017. Its new focus: “digital health” following its acquisition of Withings. Wish them luck.
link to this extract


Who gets held accountable when a facial recognition algorithm fails? And how? • Medium

Ellen Broad:

»

The Georgetown Law Center for Privacy and Technology in the US has estimated that half of all US adults — 112 million people — are already enrolled in unregulated facial recognition networks.
So maybe it’s too late to stop facial recognition happening. Let’s talk about how desperately facial recognition is in need of regulation instead.

We know facial recognition technology is capable of bias and error.

In the US, studies have shown that facial recognition algorithms are consistently less accurate identifying African American faces. Joy Buolamwini, an MIT Media Lab researcher, has talked eloquently about the challenges she faced getting a robot she trained using widely available facial recognition software to recognise her face. She’s black. Stories about facial recognition technology mistakenly identifying Asian faces as people blinking, tagging black people as primates and failing to register black faces in frame at all have gone viral.

There are a few reasons for these kinds of errors. Datasets used to train facial recognition algorithms might not have enough diverse faces within them. People designing the systems might inadvertently incorporate their own bias. Default camera settings don’t properly expose dark skin.

When we talk about using Australian driver’s licence photos to build a national facial recognition database, this potential for error matters.

«

The future is tumbling towards us like the rock chasing Indiana Jones in Raiders of the Lost Ark.
link to this extract


Regulate Facebook like AIM • Motherboard

Louise Matsakis:

»

The FCC imposed the restrictions on AOL [forcing it to be interoperable with other instant messaging systems] because the merger with Time Warner created the largest biggest media business in the country. Government regulators feared that the behemoth would become a powerful monopoly, particularly when it came to instant messaging. At the time, AOL had over 140 million customers—or 90% of the market— using AIM as well as its other chat service, ICQ, combined.

The FCC’s decision to force AOL to remain open provides a blueprint for how the government could similarly regulate today’s gigantic internet platforms, like Facebook.

Stoller said you can look at Facebook—with its over 2 billion monthly users—as having egregious control over our relationships on the internet, or what he calls the “social grid.” If Facebook were forced to make room for other services on its platform in the same way AOL made room for other chat apps, new services could emerge.

“Facebook has to allow people to access their relationships however they want through other businesses or tools that are not controlled by Facebook,” Stoller said. “Having them control and mediate the structure of those relationships—that’s not right.”

Of course, people can opt out of Facebook and choose to use other, smaller social networks. But those businesses are essentially unable to thrive because of the hold Facebook has on how we communicate online.

«

This is a good idea – though as Ben Thompson points out in his subscriber newsletter at Stratechery, the FCC ruling in fact said AIM had to be open if it added *new* features; it didn’t have to open up its existing features. What prevented AIM being dominant was the shift away from PCs, and the addition of new services which did things it couldn’t.
link to this extract


37,000 Chrome users downloaded a fake Adblock Plus extension • Engadget

»

If you use Adblock Plus with Chrome and downloaded the extension pretty recently, you may want to check what you’ve installed. Apparently, a fake Adblock Plus extension made it through Google’s verification process and lived in the official Chrome Web Store alongside the real one. Google has taken down the phony listing after SwiftOnSecurity tweeted about it and put the company on blast, but by then, it has already been up long enough to fool 37,000 people. That’s a drop in the bucket for a service that has 10 million users, but it sounds like trouble for those who were unlucky enough to download it.

SwiftOnSecurity says the fake extension was created by a “fraudulent developer who clones popular name and spams keywords.” Indeed, it’s pretty hard to tell that it’s fake, since its developer’s name is “Adblock Plus,” and it has a considerable number of reviews.

«

link to this extract


Plastic-eating caterpillars could save the planet • The Economist

»

Past attempts to use living organisms to get rid of plastics have not gone well. Even the most promising species, a bacterium called Nocardia asteroides, takes more than six months to obliterate a film of plastic a mere half millimetre thick. Judging by the job they had done on her bag, Dr Bertocchini suspected wax-moth caterpillars would perform much better than that.
To test this idea, she teamed up with Paolo Bombelli and Christopher Howe, two biochemists at Cambridge University. Dr Bombelli and Dr Howe pointed out that, like beeswax, many plastics are held together by methylene bridges (structures that consist of one carbon and two hydrogen atoms, with the carbon also linked to two other atoms). Few organisms have enzymes that can break such bridges, which is why these plastics are not normally biodegradable. The team suspected wax moths had cracked the problem.

One of the most persistent constituents of rubbish dumps is polyethylene, which is composed entirely of methylene bridges linked to one another. So it was on polyethylene that the trio concentrated. When they put wax-moth caterpillars onto the sort of film it had taken Nocardia asteroides half a year to deal with, they found that holes appeared in it within 40 minutes.

«

Of course, this could also go horribly wrong, and we’d find ourselves trying to breed something to kill the caterpillars, and then something to kill that, and so on.
link to this extract


Apple strikes deal with Spielberg’s Amblin for ‘Amazing Stories’ reboot • WSJ

Joe Flint and Tripp Mickle:

»

The tech giant has struck a deal with Mr. Spielberg’s Amblin Television and Comcast Corp.’s NBCUniversal television production unit to make new episodes of “Amazing Stories,” a science fiction and horror anthology series that ran on NBC in the 1980s, according to people familiar with the matter.

The agreement between Apple, Amblin and NBCUniversal calls for 10 episodes of “Amazing Stories.” Mr. Spielberg will likely be an executive producer for new the version of the show, which he created, the people said.

The budget for “Amazing Stories” will be more than $5 million an episode, according to an executive involved in the project.

“Amazing Stories” is the first show to be greenlit by Apple since it poached Sony Corp.’s top Hollywood television executives Zack Van Amburg and Jamie Erlicht in June to help spearhead the tech company’s push into original programming.

Apple gave the duo, who helped produce “Breaking Bad,” a budget of roughly $1bn to develop original programming over the next year. They have also been tasked with building out a video strategy that is expected to include a streaming service that rivals Netflix Inc., Amazon.com Inc. and others.

«

A billion dollars to develop original programming? Apple TV, the hardware, might seem like “a hobby” to some, but Apple is beginning to look serious about spending on TV content. However, TV series are notoriously hit-and-miss (hence the many pilots that appear on US TV every year, and the few that survive to be commissioned). That explains the taste for a “reboot” – hey, these people liked it when they were kids!
link to this extract


Errata, corrigenda and ai no corrida: none notified

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Start Up: smartphone profits, Google finds Russians!, polarise and conquer, and more


Yes, but why is the film called Blade Runner? Photo by kaytaria on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 13 links for you. Yes, includes that Blade Runner link. I’m @charlesarthur on Twitter. Observations and links welcome.

Google uncovers Russian-bought ads on YouTube, Gmail and other platforms • The Washington Post

Elizabeth Dwoskin, Adam Entous and Craig Timberg:

»

Google for the first time has uncovered evidence that Russian operatives exploited the company’s platforms in an attempt to interfere in the 2016 election, according to people familiar with the company’s investigation.

The Silicon Valley giant has found that tens of thousands of dollars were spent on ads by Russian agents who aimed to spread disinformation across Google’s many products, which include YouTube, as well as advertising associated with Google search, Gmail, and the company’s DoubleClick ad network, the people said, speaking on condition of anonymity to discuss matters that have not been made public. Google runs the world’s largest online advertising business, and YouTube is the world’s largest online video site.

The discovery by Google is also significant because the ads do not appear to be from the same Kremlin-affiliated troll farm that bought ads on Facebook — a sign that the Russian effort to spread disinformation online may be a much broader problem than Silicon Valley companies have unearthed so far.

«

Still plenty more to come on this.

link to this extract


Windows 10 Mobile gets its final death sentence • CNET

»

Corporate vice president of Windows 10 and head of Microsoft’s “PC-Tablet-Phone” division, Joe Belfiore, said on Twitter Sunday that Microsoft will continue to support Windows 10 Mobile with bug fixes and security updates, but new features and hardware are no longer front and centre.

Microsoft is no upstart in the mobile space. It produced versions of its software for mobile devices for more than 20 years – starting with Windows CE for personal digital assistants in 1996, and later with Windows Mobile in 2000…

While Belfiore said Microsoft has tried “very hard” to provide incentives for app developers to get apps onto Windows Mobile, the “volume of users is too low for most companies to invest” in the ecosystem.

«

Belfiore tweeted from an Android phone. That says it all: it’s dead. Seven years and a few billion dollars down the pan, and what is there to show from it? Nada. No solid assets you could point to at all.
link to this extract


Apple still offers an iTunes version with App Store, ringtones and other features removed in ‘focused’ iTunes 12.7 • 9to5Mac

Benjamin Mayo:

»

For people mourning the loss of a desktop iTunes client to store their app library or check the best-selling app charts, there is some hope. It has been noticed on Reddit that Apple offers a special version of iTunes, iTunes 12.6.3, which retains the features that were abruptly removed in iTunes 12.7.

Apple positions this build as necessary for some businesses performing internal app deployments but it is available to download by anyone.

This version of iTunes is available for PC and Mac, and is specially configured by Apple to be installed even if you have already upgraded to iTunes 12.7 (despite the lower version number).

You may still have to rebuild your library manually but it offers a path for people who were disappointed to see features like Ringtones, and Apps removed from the desktop client.

«

As Nati Shochat quipped, it’s for all the users who complain that iTunes is bloatware, and then wail when the feature they liked is gone.
link to this extract


Polarize and conquer • The New York Times

Javier Corrales is a professor of political science at Amherst College, and has a view on why Trump continues to attack people on Twitter:

»

The main objective of hating is to incense your critics so that they hate you back even more. Insults tend to provoke more extreme postures. A result is that Mr. Trump successfully transforms the targets of his hate, and those who come to their defense, into an even more extreme image of what the president’s base already despises.

The use of hatred as a provocation tactic may not be that common among American presidents, but it is common elsewhere. Marxist presidents are especially famous for it. When they embrace class warfare, Marxist presidents are in essence adopting a policy of hate toward one sector of society, the private sector. If the private sector responds by fighting back, Marxist presidents win politically because they can now offer proof of what they have been arguing all along, that capitalists are mean.

Populist presidents also frequently employ hate as a political tactic. For populists, the target is always an authority figure. It doesn’t need to be a capitalist. It can be any elite: senior politicians, respected journalists, renowned professors, members of the clergy, policy gurus, celebrities, professional athletes and — why not? — mayors from small islands.

Some of the world’s most famous populists in the last decade have been masters at this game of hate. Recep Tayyip Erdogan in Turkey, Viktor Orban in Hungary and Hugo Chávez in Venezuela use or used hatred as a way to polarize and thus survive in office.

«

link to this extract


80% of global handset profits comes from premium segment • Counterpoint Research

»

• Apple dominated the global profit share, holding 65% of the pie with just 9% of the total handset shipments during Q2 2017.

• Samsung has regained profitability and reputation over the past few quarters, after the Note 7 debacle with the help of its new Galaxy S8 series flagship. The Galaxy S8 and S8 Plus are gaining attention amongst users with their Infinity display, beautiful design and virtual assistant Bixby. However, the major shift in sales towards mid-tier models has caused Samsung’s profits to decline almost 30% YoY

• The profit of Huawei, OPPO & vivo combined crossed a billion-dollar mark growing a healthy 43% YoY during the quarter. The Chinese brands are growing fast when compared to industry leaders due to their high-quality offerings at competitive prices with attractive designs and innovative features. Aggressive marketing campaigns and strong promotions have helped them further.

«

“Premium” is those with a wholesale price over US$400. Those numbers leave just 2.5% of profit for all the other gazillions of handset makers outside the top five. (And Oppo and vivo are owned by the same company.)
link to this extract


Apple’s iPhone SE has the reached the same, exalted evolutionary pinnacle as the cockroach • Quartz

Michael Coren:

»

My plan wasn’t to buy an SE. Apple was releasing the iPhone 7, its latest and greatest device. I entered Apple’s Union Square store willing to splash out on a $600 purchase. The store’s two-story glass and steel wall was open to a crisp San Francisco spring day. The sales person walked me through each new model. A pressure-sensitive screen instantly pulled up shortcut menus. A faster A10 chip cut out annoying time lags. The expansive size made watching videos comfortable.

As I put each device down, I realized none did their job better than the iPhone in my pocket. They did more, yes, but not necessarily better. I’m not sure it’s so different with the iPhone X. Its 5.8″ Super Retina HD display is already beyond the ability of the human eye to differentiate between my SE’s 4” retina screen. A bigger screen? I want to deter casual phone usage (“All screen activities are linked to less happiness, and all non-screen activities are linked to more happiness,” reports The Atlantic). Doubling memory? I’ve got the cloud and WiFi. Wireless charging? Great, once chargers are ubiquitous. I may use face recognition one day, and Apple’s new water-resistant models are tempting, but I’m fine leaving my phone behind where it might get wet, or limiting the surveillance potential of my devices.

«

It’s true: the SE is a sort of perfection. The iPhone 5 – which is its ultimate forebear – was a lovely piece of design; it sat in the hand like the hand was made for it.
link to this extract


The research is clear: gun control saves lives • Vox

German Lopez disagrees – using facts! – with that article by Leah Libresco about how gun control isn’t the answer (linked yesterday):

»

The original article at FiveThirtyEight, which Libresco again pointed me to in an email for her main source of data, cites a couple of real studies, but it only cherry-picked the more negative findings in the field. (Even then, one study cited found that Australia’s 1996 gun control law and buyback program was followed by a faster drop in gun deaths than would otherwise be expected; it’s just unclear whether the policy was the main cause.)

The rest of the article makes no attempt to raise any other actual empirical research, only citing a few statistics about the demographics of gun deaths.

That’s unfortunate, because there actually is a rich and growing body of evidence on guns. It’s not perfect by any means — this is a tough issue to study, for reasons I’ll get into below. But it’s fairly persuasive.

In fact, it’s so persuasive that it changed my mind. I was once skeptical of gun control; I doubted it would have any major impact on gun deaths (similar to the views I took on drugs). Then I looked at the actual empirical research and studies. My conclusion: Gun control likely saves lives, even if it won’t and can’t prevent all gun deaths.

«

A confounding effect – which I think few of these studies grapple with, or slide past – is that gun ownership isn’t evenly spread. Some people own a lot (as in, scores) of guns; other people own one, or none. This skews the apparently ownership rate up.

One point that does emerge clearly: fewer guns, fewer gun suicides – and fewer suicides. Guns are like cigarettes, only much faster-acting. (Thanks @papanic for the link.)

link to this extract


Study: seaweed in cow feed reduces methane emissions almost entirely • Food Tank

»

A recent study by researchers at James Cook University in Queensland, Australia, has found a certain type of Australian red algae can significantly inhibit methane emissions from cows. Led by Professor of Aquaculture Rocky De Nys, researchers found an addition of less than 2% dried seaweed to a cow’s diet can reduce methane emissions by 99%. The study was conducted in collaboration with the Commonwealth Scientific and Industrial Research Organization (CSIRO), an Australian federal research agency.

Methane is about 25-times more potent than carbon dioxide in a 100-year time span, and a single cow releases between 70 and 120 kilograms of methane per year. Burps from cows account for 26% of the United States’ total methane emissions, and the US is only the world’s fourth-largest producer of cattle, behind China, Brazil, and India. There are currently approximately 1.3 to 1.5 billion cows roaming the planet.

«

Rediscovering something that the ancient Greeks knew; but this would be remarkable if correct and widely applied. Tackling greenhouse gases can be done in all sorts of ways. This is a neat one.
link to this extract


Mattel thinks again about AI babysitter • BBC News

Dave Lee:

»

At the CES technology show in January, Mattel billed its device – Aristotle – as a major leap in parenting technology.

“Aristotle is designed with a specific purpose and mission: to aid parents and use the most advanced AI-driven technology to make it easier for them to protect, develop, and nurture the most important asset in their home – their children,” the company said.

The device combined home assistant technology and a small camera that worked as a visual baby monitor. Among its features, Aristotle would automatically “reorder or look for deals and coupons on baby consumables, formula and other baby products when it detects you are likely running low on the specific item”.

In July, Mattel replaced its chief technology officer with Sven Gerjets, who is understood to have reviewed Aristotle and decided against releasing it. The company said it had decided not to sell Aristotle “as part of an ongoing effort to deliver the best possible connected product experience to the consumer”.

Mattel had been under pressure to pull the product. The US-based Campaign for a Commercial-Free Childhood said: “Aristotle isn’t a nanny, it’s an intruder. Children’s bedrooms should be free of corporate snooping.”

«

link to this extract


Why is ‘Blade Runner’ the title of ‘Blade Runner’? • Vulture

Abraham Riesman:

»

Before he was even done with medical school, Alan Nourse [who was born in 1928] was publishing sci-fi on the side: first came short pieces in anthology magazines like Astounding Science Fiction and Galaxy Science Fiction, then he started publishing novels with titles like Trouble on Titan (1954), Rocket to Limbo (1957), and Scavengers in Space (1959). In 1963, he retired from medicine to focus on his writing, but wrote about learning the healing arts in a 1965 nonfiction book called Intern, published under the intimidating pseudonym “Dr. X.” Sci-fi author-editor Robert Silverberg, who knew Nourse, tells me the latter book “brought him much repute and fortune,” but in general, he just “wrote a lot of very good science fiction that no one seemed to notice.”

That changed on October 28, 1974. Sort of. On that day, publishing house David McKay released a Nourse novel that combined the author’s two areas of expertise into a single magnum opus: The Bladerunner. It follows the adventures of a young man known as Billy Gimp and his partner in crime, Doc, as they navigate a health-care dystopia. It’s the near future, and eugenics has become a guiding American philosophy. Universal health care has been enacted, but in order to cull the herd of the weak, the “Health Control laws” — enforced by the office of a draconian “Secretary of Health Control” — dictate that anyone who wants medical care must undergo sterilization first. As a result, a system of black-market health care has emerged in which suppliers obtain medical equipment, doctors use it to illegally heal those who don’t want to be sterilized, and there are people who covertly transport the equipment to the doctors. Since that equipment often includes scalpels and other instruments of incision, the transporters are known as “bladerunners.” Et voilà, the origin of a term that went on to change sci-fi.

«

That’s not the end of how it got to the film title, though. There’s a whole jawdropping middle to come. Sterling work by Riesman tracking this down.
link to this extract


How smartphones hijack our minds • WSJ

Nick Carr:

»

In an April article in the Journal of the Association for Consumer Research, Dr. Ward and his colleagues wrote that the “integration of smartphones into daily life” appears to cause a “brain drain” that can diminish such vital mental skills as “learning, logical reasoning, abstract thought, problem solving, and creativity.” Smartphones have become so entangled with our existence that, even when we’re not peering or pawing at them, they tug at our attention, diverting precious cognitive resources. Just suppressing the desire to check our phone, which we do routinely and subconsciously throughout the day, can debilitate our thinking. The fact that most of us now habitually keep our phones “nearby and in sight,” the researchers noted, only magnifies the mental toll.

Dr. Ward’s findings are consistent with other recently published research. In a similar but smaller 2014 study (involving 47 subjects) in the journal Social Psychology, psychologists at the University of Southern Maine found that people who had their phones in view, albeit turned off, during two demanding tests of attention and cognition made significantly more errors than did a control group whose phones remained out of sight. (The two groups performed about the same on a set of easier tests.)

In another study, published in Applied Cognitive Psychology in April, researchers examined how smartphones affected learning in a lecture class with 160 students at the University of Arkansas at Monticello. They found that students who didn’t bring their phones to the classroom scored a full letter-grade higher on a test of the material presented than those who brought their phones. It didn’t matter whether the students who had their phones used them or not: All of them scored equally poorly. A study of 91 secondary schools in the U.K., published last year in the journal Labour Economics, found that when schools ban smartphones, students’ examination scores go up substantially, with the weakest students benefiting the most.

«

Carr is author of The Shallows, a book investigating the way that reliance on autopilots and other systems can dull cognitive skills we’d otherwise keep sharp. This article seems pertinent after yesterday’s on the internet engineers who worry about smartphones’ effect on the world.
link to this extract


How to organize iPhone apps in iOS11 • CNBC

Todd Haselton:

»

You can do this by holding your finger on an application icon for just a few seconds. It’ll start jiggling and you’ll see an X pop up when it’s ready to be moved. Don’t let go, this is key. We’re going to group a bunch of apps together.

Now, while still holding one finger on that first app, tap all the other apps you want to group with it. They’ll all start to gather under the first app you selected. Note the small number that appears which shows how many apps you’ve selected.

Move them where you’d like to place them.

Move the apps anywhere you like, such as into a folder. This simple grouping of applications allows you to take all of your health apps, for example, and quickly toss them into a folder. Previously, you’d need to select each app one by one.

«

This is useful. And hidden.
link to this extract


How to use App Pairing on the Samsung Galaxy Note 8 • AndroidAuthority

Edgar Cervantes:

»

Split Screen View is one of the most helpful features found on the Samsung Galaxy Note 8, but we are not here to talk about this specific function. At least not directly. Instead we will show you a good way to take advantage of Split Screen View.

Don’t want to fumble around apps every time you need to multi-task? It can be a hassle having to manually select which applications to use… every single time. You likely have favorite app combinations anyways, so Samsung has come up with App Pairing.

What is this App Pairing we speak of? The concept is simple, but once you get used to it you wonder why it wasn’t there all along. Simply put, App Pairing makes it easy to pre-select a couple apps to quickly launch in Split Screen View. A shortcut will be created, making it a breeze to access the app duo.

«

Neat idea; one can see how you might have various apps that you always want to use together (Twitter and a browser? WhatsApp and, um, YouTube?).
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up: fears of a smartphone nation, AI phooey, Tillerson on the edge, Puerto Rico redux, and more


“Alexa, why aren’t people watching our TV programmes?” Photo by duncan on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. (Tomorrow, another Blade Runner link, so consider yourself warned.). I’m @charlesarthur on Twitter. Observations and links welcome.

‘Our minds can be hijacked’: the tech insiders who fear a smartphone dystopia • The Guardian

Paul Lewis went to the Habit Summit:

»

[Nir Eyal] was defensive of the techniques he teaches, and dismissive of those who compare tech addiction to drugs. “We’re not freebasing Facebook and injecting Instagram here,” he said. He flashed up a slide of a shelf filled with sugary baked goods. “Just as we shouldn’t blame the baker for making such delicious treats, we can’t blame tech makers for making their products so good we want to use them,” he said. “Of course that’s what tech companies will do. And frankly: do we want it any other way?”

Without irony, Eyal finished his talk with some personal tips for resisting the lure of technology. He told his audience he uses a Chrome extension, called DF YouTube, “which scrubs out a lot of those external triggers” he writes about in his book, and recommended an app called Pocket Points that “rewards you for staying off your phone when you need to focus”.

Finally, Eyal confided the lengths he goes to protect his own family. He has installed in his house an outlet timer connected to a router that cuts off access to the internet at a set time every day. “The idea is to remember that we are not powerless,” he said. “We are in control.”

But are we? If the people who built these technologies are taking such radical steps to wean themselves free, can the rest of us reasonably be expected to exercise our free will?

Not according to Tristan Harris, a 33-year-old former Google employee turned vocal critic of the tech industry. “All of us are jacked into this system,” he says. “All of our minds can be hijacked. Our choices are not as free as we think they are.”

«

It’s an amazing piece. You recall how people like Jobs wouldn’t let their kids use devices for more than a few hours. Here are people like Loren Brichter (who invented the “pull to refresh” UI) regretting that they’re created something like the one-armed bandit of the smartphone.
link to this extract


The seven deadly sins of AI predictions • MIT Technology Review

Rodney Brooks is a former director of the Computer Science and AI lab at MIT:

»

I recently saw a story in MarketWatch that said robots will take half of today’s jobs in 10 to 20 years. It even had a graphic to prove the numbers.

The claims are ludicrous. (I try to maintain professional language, but sometimes …) For instance, the story appears to say that we will go from one million grounds and maintenance workers in the U.S. to only 50,000 in 10 to 20 years, because robots will take over those jobs. How many robots are currently operational in those jobs? Zero. How many realistic demonstrations have there been of robots working in this arena? Zero. Similar stories apply to all the other categories where it is suggested that we will see the end of more than 90% of jobs that currently require physical presence at some particular site.

Mistaken predictions lead to fears of things that are not going to happen, whether it’s the wide-scale destruction of jobs, the Singularity, or the advent of AI that has values different from ours and might try to destroy us. We need to push back on these mistakes. But why are people making them? I see seven common reasons.

«

The question is whether it’s a good idea to bet against this sort of change as he is doing, or whether betting on it is riskier.
link to this extract


Rex Tillerson at the breaking point • The New Yorker

Fabulously detailed, and balanced, profile of the capabilities and challenges of the US’s replacement for John Kerry (and, before him, Hillary Clinton) by Dexter Filkins:

»

Part of the problem is that Tillerson has not entirely given up the perspective of an imperial C.E.O. He rarely meets with legislators, and has sometimes been high-handed with fellow Cabinet members. “It is a fundamentally counterproductive form of hubris,” the official told me. “People who should be easy allies for him, he’s kneecapping them.”

His most crucial relationship, with the President, may be broken beyond repair. In recent weeks, the Washington chatter has intensified about how long Tillerson will remain in the job. Rumors have surfaced about possible replacements, including Mike Pompeo, the C.I.A. director. “Think about it,” one of the aides I spoke to told me. “Tillerson was contemplating his retirement from Exxon, after which he could do whatever he wanted—travel the world, sit on corporate boards. Now he’s got to feel like he’s covered in shit. I can’t imagine this is what he expected.” Another official told me that Tillerson’s sole reason for staying was loyalty to his country: “The only people left around the President are generals and Boy Scouts. They’re doing it out of a sense of duty.”

The essential task of diplomacy remains the same today as it was in Dean Acheson’s time: to make a world out of chaos. The difference, for Tillerson, is that the chaos comes not just from abroad but also from inside the White House. In the popular mythology, the generals and the Eagle Scouts—Tillerson, Mattis, Kelly, and H. R. McMaster, the national-security adviser—can protect the country from Trump’s most impulsive behaviors. But the opposite has proved true: Trump has forced them all to adopt positions that seem at odds with their principles and intentions.

«

Tillerson – in case you’d forgotten – is the former CEO of Exxon, one of the world’s biggest companies; he recently called Trump a “fucking moron” in a Pentagon meeting. I found myself quite sympathetic to his challenges.
link to this extract


I used to think gun control was the answer. My research told me otherwise • The Washington Post

Leah Libresco:

»

the next-largest set of gun deaths — 1 in 5 — were young men aged 15 to 34, killed in homicides. These men were most likely to die at the hands of other young men, often related to gang loyalties or other street violence. And the last notable group of similar deaths was the 1,700 women murdered per year, usually as the result of domestic violence. Far more people were killed in these ways than in mass-shooting incidents, but few of the popularly floated policies were tailored to serve them.

By the time we published our project, I didn’t believe in many of the interventions I’d heard politicians tout. I was still anti-gun, at least from the point of view of most gun owners, and I don’t want a gun in my home, as I think the risk outweighs the benefits. But I can’t endorse policies whose only selling point is that gun owners hate them. Policies that often seem as if they were drafted by people who have encountered guns only as a figure in a briefing book or an image on the news.

Instead, I found the most hope in more narrowly tailored interventions. Potential suicide victims, women menaced by their abusive partners and kids swept up in street vendettas are all in danger from guns, but they each require different protections.

«

There’s such lack of nuance in the gun debate; insights like this show how complex it is.
link to this extract


Google gets green light to provide cell service in Puerto Rico using balloons • TheHill

Julia Manchester:

»

The parent company of Google received the green light on Friday to provide emergency cellular service to hurricane-ravaged Puerto Rico using balloons.

The Federal Communications Commission (FCC) announced it had granted Alphabet Inc. permission to use solar power balloons to bring cellular service to the island, which has been left largely without power since Hurricane Maria hit last month.

“FCC issues experimental license to Google to provide emergency cellular service in Puerto Rico through Project Loon balloons,” Matthew Berry, chief of staff to FCC Chairman Ajit Pai, wrote on Twitter. 

Pai said on Friday he was launching a Hurricane Recovery Task Force focused on providing aid to Puerto Rico and the U.S. Virgin Islands.

«

I’ve mostly been very sceptical about Google’s Loon project, but this seems like the perfect – and timely – application. A hell of a lot easier than a rapid rebuild of a shattered infrastructure; I wonder how long this service will remain in place. It might be needed for months or even years. Of course, smartphone service isn’t much use without electricity…
link to this extract


Puerto Rico has a once in a lifetime opportunity to rethink how it gets electricity • Earther

Brian Kahn:

»

Forty-seven% of Puerto Rico’s power needs were met by burning oil last year, a ridiculously high percentage for a very expensive method of electricity generation. For the U.S. as a whole, petroleum accounted for just 0.3% of all electricity generated in 2016. The majority of the rest of Puerto Rico’s energy came courtesy of coal and natural gas, with renewables accounting for just 2% of electricity generation.

Yet as recently as 2012, Puerto Rico’s use of oil accounted for 60% of all electricity generation. All the years of paying for expensive imported oil precipitated the shift to include other generating sources, but the switch came too late. Paying for oil drained [the island’s electrical utility] PREPA’s coffers [it filed for bankruptcy in July] and caused deferred maintenance for years.

“In that time of extreme petroleum prices, the utility was borrowing money and buying oil in order to keep those plants operating,” Luis Martinez, an attorney at Natural Resources Defense Council and former special aide to the president of Puerto Rico’s Environmental Quality Board, told Earther. “That precipitated the bankruptcy that followed. It was in pretty poor shape before the storm. Once the storm got there, it finished the job.”

«

link to this extract


Where Amazon is failing to dominate: Hollywood • WSJ

Ben Fritz and Joe Flint:

»

When it started producing original video in a bid to attract and retain subscribers for its Prime service four years ago, Amazon boasted it wouldn’t follow typical Hollywood practices such as relying on executives’ creative instincts and would base programming decisions on data. But staffers say it has largely abandoned that approach.

“We were supposed to bring the best practices of one of the most successful companies in America to Hollywood,” said an Amazon Studios executive. “Instead, we’re getting chewed up.”

Despite annual spending of about $4.5 billion to produce or acquire programming, Amazon Studios has had no hits on the scale of HBO’s “Game of Thrones” or Netflix’s “Stranger Things,” said people at the company.

Even its most acclaimed shows draw relatively small audiences. Fewer than one million people have watched recent seasons of “Transparent,” which won Emmys in 2015 and 2016, said an Amazon Studios employee.

Mr. Price recently admitted at a meeting with agents he had done too much “programming to Silver Lake,” a hipster neighborhood in Los Angeles, said a person present.

Producers who have made shows for Amazon describe a chaotic environment.

“I’m a huge fan of the company overall, but their entertainment division is a bit of a gong show,” said David E. Kelley, creator of “Goliath” and hit shows including “Big Little Lies,” “The Practice” and “Ally McBeal.” “They are in way over their heads.”

«

Personally I watched one episode of The Man In The High Castle and gave up. I’d read the book just before but it didn’t work for me.
link to this extract


Renewable energy comes at you fast • Bloomberg Gadfly

Liam Denning:

»

Rising costs are an obvious impediment to any industrial project, while falling costs provide an obvious edge. But don’t overlook the importance of time.On Wednesday, the International Energy Agency released its latest outlook for renewable energy and made this observation:

»

We see renewables growing by about 1,000 gigawatts by 2022, which equals about half of the current global capacity in coal power, which took 80 years to build.

«

Let’s adjust those numbers for utilization and say, very roughly, that coal plants produce at just 60% of their capacity and renewable sources at just 30%. Even then, we are talking about renewable energy with the equivalent of a quarter of the effective capacity of the world’s coal power, which took eight decades to build, switching on within half a decade.

Regular readers (indulge me) will know that I tend to harp on about the importance of marginal change in energy trends. This time is no different.

«

link to this extract


Apple and Qualcomm’s billion-dollar war over an $18 part • Bloomberg

Max Chafkin and Ian King:

»

“Here it is,” Apple’s Sewell says, sliding a fingernail-size square covered with electrodes across a conference room table: a Qualcomm modem. “That thing sells for about $18.”

He means the chip itself, before any royalties. Qualcomm’s business model, which is either ingenious or diabolical depending on whom you talk to, is to allow any chip company to use its technology royalty-free. Phone manufacturers can choose to buy chips from Qualcomm or one of the other five companies that make modems using Qualcomm’s technology. Either way, they still have to pay Qualcomm its 5% [of the phone’s retail price].

Because Qualcomm spends more on R&D than any of its peers, its modems are the most advanced. For years, Apple considered Qualcomm’s to be the only modems good enough for the iPhone. That, Sewell says, is why Apple put up with Qualcomm’s licensing scheme for years. If Apple refused to pay the royalty, Qualcomm could cut off its modem supply, forcing Apple to rely on inferior chips. That calculation changed in 2015, when Apple began working with Intel Corp. to develop a modem that was used in some versions of the iPhone 7. “What prompted us to bring the case now as opposed to five years ago is simple,” Sewell says. “It’s the availability of a second source.”

Around the same time, Apple began demanding more drastic concessions from Qualcomm.

«

The idea that what you pay for a patent – which is some fractional part of the phone’s function – depends on its final price seems bizarre. I thought Microsoft had won that case over Motorola years ago.

(Terrific “animoji” illustration at the top of the article.)
link to this extract


Stephen Paddock and the world of video poker • The New Yorker

Charles Bethea on the swirling speculation that the Las Vegas killer had a gambling problem, given that he seems to have been an obsessive player of video poker (which pays out $99.17 for every $100 put in):

»

Dominic Biondi, a part-time English-department lecturer at U.N.L.V. who also makes a living as a professional poker player, has a different view of video poker and those who play it. “There are people who claim you can beat video poker,” Biondi told me today, “but I’m skeptical. It’s a slot-machine game with a set percentage of payback. If all this guy did was play video poker, he was not a ‘poker player.’ He’s just gambling.” He went on, “There’s a small chance that Paddock played the percentages very well and eked out a small edge, but it’s very doubtful. That takes a lot of skill and time, and only playing one particular kind of video-poker machine. To make money playing video poker, it takes a lot of luck.” He added, “The fact that this guy was a video-poker player just makes me shrug. He was not a real poker player.”

Curtis, meanwhile, is critical of what he calls “very square,” gambling-related conjecture from the media about Paddock’s motives for the mass shooting at the music festival. Many observers have floated the theory that he had incurred gambling debts that he couldn’t pay off. On Wednesday, Yahoo reported that “Paddock’s finances have become a significant focal point” in the authorities’ search for a motive. According to Yahoo, more than two hundred “casino or wire transactions by Paddock . . . were flagged for review by FinCEN, the U.S. government’s Financial Crimes Enforcement Network, which collects data to identify potential money laundering or covert terrorism financing.” Casinos are required by the federal government to follow a variety of regulations intended to prevent money laundering.

«

I can believe that playing endless games of video poker would do something bad to your brain, though. Just imagine what it would be like to play for a day; then to come back; then to come back and back and back.
link to this extract


Is it true that iPhones get slower over time? • Futuremark Consulting

»

Last week, a story went viral that claimed Apple was intentionally slowing down older iPhones to push people to buy its latest models.

The claim was based on data which shows Google searches for “iPhone slow” spiking dramatically with the release of each new model.

And while plenty of reputable sites debunked the logic of that claim, no one looked at actual performance data to tell the true story.

Fortunately, we have plenty of real-world data we can use. Since 2016, we have collected more than a hundred thousand benchmark results for seven different iPhone models across three different versions of iOS.

These benchmark results provide a unique insight into the everyday performance of each iPhone model over time. And, as you’ll see, there are no signs of a conspiracy.

«

So, no. Though people have complained about battery life on iOS 11.0. I’d suggest restarting, and perhaps waiting to 11.1.
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up: Continuum discontinued, Taboola abused, the fake Facebookers, and more


Zune v iPod: one survived, one failed. What’s the lesson to be drawn? Photo by Jim Thompson on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 12 links for you. Where the streets have no name but have got a single letter and four-digit number. I’m @charlesarthur on Twitter. Observations and links welcome.

HP Inc exec: Yes, we’ll put a bullet in the X3 device • The Register

Paul Kunert:

»

The three-in-one PC debuted in February 2016, built around Microsoft’s Continuum. El Reg’s lab vultures tested the kit and were impressed but found constraints caused by the Continuum operating system.

Despite an obvious mobile-shaped hole in a leaked Windows roadmap, HP Inc insisted in August that it was committed to Continuum and so was Microsoft. Until now, that is.

Nick Lazaridis, EMEA boss at HP Inc, told The Register at the Canalys Channels Forum in Venice that Microsoft had confirmed there will be no further development work on the mobile OS.

“Microsoft, as all companies do, decided on a change in strategy and so they are less focused on what they thought they would be focused on today,” he said.

“Given that, we also had decided that without Microsoft’s drive and support there it doesn’t make sense. If the software, if the operating system ecosystem isn’t there then we are not an operating system company.”

«

Of course, HP used to have so many operating systems it was hard to choose between them; webOS was only the most recent.
link to this extract


Orthogonal pivots • Asymco

Horace Dediu:

»

This [closure of Microsoft’s Groove music service by the end of the year] brings to an end a long story of Microsoft in the music distribution business. It started nearly 15 years ago with technologies in Windows that allowed for purchase and playback of various media formats. Microsoft sought to enable a large number of music retailers to market music through its formats and DRM and transaction clearing.

Services such as AOL MusicNow, Yahoo! Music Unlimited, Spiralfrog, MTV URGE, MSN Music, Musicmatch Jukebox, Wal-Mart Music Downloads, Ruckus, PassAlong, Rhapsody, iMesh and BearShare and dozens of hardware players licensed Windows formats. Almost all of these services have shut down and the devices disappeared.

The next stage was to offer an integrated experience through the Microsoft Zune player and Zune Marketplace music service. This too failed and was replaced by the Xbox Music brand in 2012. On July 6, 2015, Microsoft announced the re-branding of Xbox Music as Groove to tie in with the release of Windows 10.

There was a time when Microsoft was thought of as the certain winner in media distribution. Inserting media into the Windows hegemony was classic “control point” strategy: owning the access points was a sure way to collect a tax on what transacted through the network.

Instead we are facing a market where media is consumed through new access points: phones, tablets and TV boxes. Netflix, Spotify, Roku, Google, Amazon and Apple are all offering distribution and some are investing in original programming.

«

Why? Because – as I found when I wrote “Digital Wars” – the modular approach to music players (someone makes the music player, someone else makes the DRM-enforcing software, someone else again offers the DRM-encoded music) produces an awful customer experience. If a problem arises, you’re never quite sure whose fault it is, and nor are any of those in the chain; they all hand it off to someone else.

The iPod and the iTunes Music Store came straight through the middle of all that confusion:

»

the long arc of history shows how hard it is to succeed in vertical integration after you build on horizontal foundations. Generations of managers graduated from the modular school of thought, specializing rather than generalizing. Now they are facing an integrated experiential world where progress depends on wrapping the mind around very broad systems problems.

Entire industries are facing this orthogonal pivot: media, computing and transportation come to mind. Huge blind spots exist as we see only what we’ve been trained to see.

«

link to this extract


Tech support scammers abuse native ad and content provider Taboola to serve malvertising (updated) • Malwarebytes Labs

Jerome Segura:

»

A large number of publishers – big and small – are monetizing their sites by selling space for companies that provide so-called native advertising, cited as more effective and engaging than traditional banner ads.

Indeed, on a news or entertainment site, users are more inclined to click on links and articles thinking that they are one and the same, not realizing that those are actually ‘sponsored’ and tied to various third-party providers.

Rogue advertisers have realized this unique opportunity to redirect genuine traffic towards their own infrastructure where they can subject their audience to whatever content they wish.

Case in point, we caught this malvertising incident on MSN.com, the Microsoft web portal that attracts millions of unique visitors. While clicking on a story promoted by Taboola – a leading global discovery platform which Microsoft signed a deal within 2016 – we were redirected to a tech support scam page. The warning claims that our computer has crashed and that we must call a number for immediate assistance.

The fraudulent page cannot be closed normally because it uses code that repeats the warning indefinitely. Unfortunately, this is enough to scare many folks and trick them into calling what they think is Microsoft support. Instead, they will be dealing with fake technicians whose goal is to extort hundreds of dollars from them.

«

People think they’re clicking through to a story; instead they hit this crap.
link to this extract


The Pixel market share chart Google probably won’t be showing at its event today • Recode

Dan Frommer and Rani Molla:

»

Google insists it has ambitious plans to create “compelling hardware products” and recently announced it would be hiring about 2,000 engineers from Taiwanese phone maker HTC to help achieve them. You can imagine future Pixels and other projects as part of that partnership (today’s is reportedly a partnership with LG).

What’s less clear is whether Google has any significant changes in store to how the Pixel is marketed and sold. Because while its first version was critically acclaimed for both its hardware and software, it has not made much of a dent in the U.S. smartphone market after launching last October.

An average 0.7% of U.S. smartphone subscribers used the Pixel in the three month period ending in August, according to data from measurement company comScore. For context: Apple’s iPhone is used by 45.5% of subscribers, and Samsung phones — the dominant company using Google Android to power its devices — represents 29.5% of U.S. subscriber share. More broadly, 53% of U.S. smartphone subscribers use Android phones.

«

ComScore stopped giving out detailed data when the smartphone installed base seemed to have levelled off at about 200m total in use. So 0.7% would translate to 1.4m phones in use. (Versus about 91m iPhones and 59m Samsung phones.) There are twice as many Blackberry and Windows Phone devices combined in use than Pixel phones.

So it really is going to be quite the question on how big a commitment it has made to the manufacturing side. Great products are only the beginning of the road.

link to this extract


News Feed FYI: New Test to Provide Context About Articles • Facebook Newsroom

»

Today we are starting a new test to give people additional context on the articles they see in News Feed. This new feature is designed to provide people some of the tools they need to make an informed decision about which stories to read, share, and trust. It reflects feedback from our community, including many publishers who collaborated on its development as part of our work through the Facebook Journalism Project.

For links to articles shared in News Feed, we are testing a button that people can tap to easily access additional information without needing to go elsewhere. The additional contextual information is pulled from across Facebook and other sources, such as information from the publisher’s Wikipedia entry, a button to follow their Page, trending articles or related articles about the topic, and information about how the article is being shared by people on Facebook. In some cases, if that information is unavailable, we will let people know, which can also be helpful context.

«

Key phrase there: “without needing to go elsewhere.” Facebook never wants you to leave. It truly is Hotel California, and makes itself more like that every day.
link to this extract


Removed Facebook Pages: engagement metrics and posts – dataset by d1gi • data.world

Jonathan Albright:

»

The data presented here is a catalog of the non-promoted organic reach of the posts on each of the alleged foreign influence ops pages, showing the “total shared to” and sum of interactions (FB “reactions” + “likes” + shares, and comments) for each of the individual posts. Data was obtained directly from Crowdtangle, a Facebook-owned social analytics service.

Along with the complete text archive for each of posts, this data sheds light on the larger potential impact of the use of Facebook’s platform beyond of a single advertising buy. Specifically, the work presented here suggests that there was a much more subtle, if not outright subversive campaign on these five closed pages to:

a) Siphon Facebook users’ data related to their personal views and moral standings about sensitive topics by observing their responses to suggestive statements followed by discussion questions and conversation prompts;
b) Use faux-support, trust-building, and actor deception to test users’ attitudes, core values, religious beliefs, and push the boundaries of social norms (e.g., racism justification through immigration); and
c) Encourage users’ to be tracked through emotional sharing vectors – “likes,” “reactions,” and url shares – to monitor issue “wedges,” further segment audiences, and to identify “hot-button” issues and keywords around current events.

«

In one case, one of the pages went overnight from 0 followers to between 70,000 and 200,000 followers. Either purchased, or bots. That’s a determined campaign.

And notice this is non-promoted posts – so this isn’t to do with the $100,000 in ads which targeted marginal states. (Albright is research director at the Tow Center for Digital Journalism at Columbia University.)
link to this extract


Russian hackers stole NSA data on US cyber defense • WSJ

Gordon Lubold and Shane Harris:

»

Hackers working for the Russian government stole details of how the US penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter.

The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

The theft, which hasn’t been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the US.

The incident occurred in 2015 but wasn’t discovered until spring of last year, said the people familiar with the matter.

The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S., these people said.

«

Aha. So this is why the US government has tacitly – well, perhaps not so tacitly – declared cyberwar on Kaspersky: they think it is feeding stuff back to the Kremlin. Kaspersky denies it.

And well done NSA on tightening up those safeguards against data exfiltration after Snowden in 2013 👌
link to this extract


Google admits citing 4chan to spread fake Vegas shooter news • Ars Technica

Sam Machkovech:

»

Google News took the unusual step of confirming its use of the imageboard site 4chan as a news source on Monday. The admission followed Google News’ propagation of an incorrect name as a potential shooter in the tragic Las Vegas shooting on Sunday night.

A reporter from tech-news site The Outline posted the full text of an e-mail he received from an unnamed Google representative. Reporter William Turton said that he had not discussed any “attribution terms” before receiving Google’s e-mail, which confirmed that the Google News service was bombed into automatically reposting a false shooter’s name.

The incorrect shooter’s name, which Ars Technica will not repost to reduce any further robo-aggregated hits, began appearing on 4chan’s “pol” board, which is infamous for pushing intentionally inflammatory content. The name appeared on the board when its members began looking through people connected to names that had been mentioned by Las Vegas investigators. One of those people—a sibling of a person of interest who was later cleared by Vegas police of wrongdoing—had social-media attachments to left-leaning subjects such as MoveOn.org and MSNBC’s The Rachel Maddow Show. Both 4chan and right-wing misinformation sites like Gateway Pundit began spreading the false name as a suspect while calling the person a “far-left loon.” (GP’s article has since been removed, but a Google Cache of it still exists.)

Google News’ statement claims that these false reports landed on the service’s “Top Stories” feed due to a burst of activity for a name that had never received many search attempts. “When the fresh 4chan story broke, it triggered Top Stories, which unfortunately led to this inaccurate result,” the statement reads.

«

Twitter, Facebook and Google sort of got on top (mostly) of standard spam. Now they need to consider how to get on top of information spam.
link to this extract


Wayback Machine Playback… now with timestamps! • Internet Archive Blogs

Mark Graham:

»

The Wayback Machine has an exciting new feature: it can list the dates and times, the Timestamps, of all page elements compared to the date and time of the base URL of a page.  This means that users can see, for instance, that an image displayed on a page was captured X days before the URL of the page or Y hours after it.  Timestamps are available via the “About this capture” link on the right side of the Wayback Toolbar.  Here is an example:

The Timestamps list includes the URLs and date and time difference compared to the current page for the following page elements: images, scripts, CSS and frames. Elements are presented in a descending order. If you put your cursor over a list element on the page, it will be highlighted and if you click on it you will be shown a playback of just that element.

«

It’s easy to underestimate how valuable the Internet Archive is. If you’re doing any sort of serious research about events from the recent past – say up to 10 years ago online – it’s essential. Linkrot is real, but the Archive is the perfect preserver.
link to this extract


If macOS High Sierra shows your password instead of the password hint for an encrypted APFS volume • Apple Support

»

Your password might be displayed instead of your password hint if you used the Add APFS Volume command in Disk Utility to create an encrypted APFS volume, and you supplied a password hint.
 
Changing the password on an affected volume clears the hint but doesn’t affect the underlying encryption keys that protect the data. 

Apple recommends that you take these steps to guard the security of your data. Encrypted APFS volumes that you created using any other method are not affected.

«

This is quite a bug to have slipped through the QA process.
link to this extract


Iraq claims victory in Hawija, ISIS’s last urban stronghold • The New York Times

David Zucchino and Rod Nordland:

»

Morale among militants in the Hawija area appears to be deteriorating rapidly. At least 600 men identified by Kurdish forces as Islamic State fighters have surrendered to the Kurds in Dibis, in Kirkuk Province. An additional 400 to 500 are being interrogated on suspicion of being militants. Together, they represent a substantial portion of the estimated 2,000 to 3,000 Islamic State fighters who were in the Hawija area before Iraq began military operations there on Sept. 21.

As in other battles over the past three years, Iraqi forces have been supported in Hawija by American military advisers, forward air controllers, special operations troops, airstrikes and artillery.

Col. Ryan Dillon, the spokesman for the United States-led coalition in Baghdad, said Thursday that the United States had conducted 16 airstrikes in the past week in support of the Hawija operation. The speed of what seems to have been a two-week Iraqi military sweep through Hawija suggests that the militants are no longer able to sustain effective military operations for long periods.

The battle to drive them from Mosul, Iraq’s second-largest city, lasted nine months before it was liberated in July. But the next city to fall from the Islamic State, Tal Afar in late August, took only 11 days. [Operations against Hawija began on September 21; that’s 14 days ago.]

«

A brief spasm – three years – approaches its end.
link to this extract


Bids in 300MW Saudi solar tender breach two cents • PV Tech

»

Saudi Arabia’s 300MW solar tender has seen opening bids go lower than two US cents [per kWh], setting the tone for a new global solar power tariff record if awarded.

Abu Dhabi Future Energy Company (Masdar) bid for 300MW capacity at SAR0.0669736/kWh (US$1.786 cents).

During a webinar showing the bid opening ceremony, Saudi Arabia’s new Renewable Energy Project Development Office (REPDO) revealed the eight companies that had made it through to this stage, having had 27 companies shortlisted originally in April.

REPDO then announced that these bids will be evaluated for compliance with the requirements of the RfP and a final shortlist of bidders will be announced on 28 November. The project will be awarded to the winning consortium on 27 January 2018, backed by a 25-year power purchase agreement (PPA). The financial closing date will be 28 February 2018 and the commissioning date is expected during 2019.

«

This is a very low LCOE [levelised cost of energy]. Solar already comes pretty low on this cost. It’s getting cheaper.
link to this extract


Errata, corrigenda and ai no corrida: none notified