Start up: Samsung’s adblocker’s back, cement – solved!, #error53 redux, the Useless Hackathon, and more

Your plumber remembers one version of a call from Yelp, but the recordings show another. Who’s right? Photo by eldeeem on Flickr.

Oh, go on- sign up to receive each day’s Start Up post by email. Who knows, it might make your inbox happy.

A selection of 9 links for you. Smoosh them into mush. I’m charlesarthur on Twitter. Observations and links welcome.

Pirate group suspends new cracks to measure impact on sales » TorrentFreak


One of the hottest topics in the game piracy scene in late 2015 surrounded the Avalanche Studios/Square Enix title Just Cause 3.

Released on December 1, 2015, pirates were eager to get their hands on the game for free. However, JC3 is protected by the latest iteration of Denuvo, an anti-tamper technology developed by Denuvo Software Solutions GmbH. Denuvo is not DRM per se, but acts as a secondary encryption system protecting underlying DRM products.

All eyes had been on notorious Chinese game cracking group/forum 3DM to come up with the goods but last month the group delivered a killer blow to its fans.

According to the leader of the group, the very public ‘Bird Sister’ (also known as Phoenix), the game was proving extremely difficult to crack. In fact, Bird Sister said that current anti-piracy technology is becoming so good that in two years there might not be pirated games anymore.

And now the group isn’t going to crack any single-player games. Won’t stop all the other cracking groups, of course.
link to this extract


Sky Q now available in the UK » Ars Technica UK

Sebastian Anthony:

Sky Q, the next iteration of Sky’s subscription TV service, is now available to buy in the UK. Prices start at £42 per month, climbing to £88.50 per month, and there’s a £250 setup fee that you have to swallow as well.

The headline feature of Sky Q is that you’re able to record three shows simultaneously while watching a fourth channel. If you stump up £54 per month for the upgraded Sky Q Silver box, you can record four channels and watch a fifth. Of course, whether there are actually five channels worth watching is a slightly more complicated question.

Other interesting features include a new touchpad-equipped remote control, downloading content for offline viewing, watching Sky TV on a tablet, and the possibility of streaming Sky TV to other rooms in the house via Sky Q Mini boxes.

Sky Q is a really smart response by Sky to the incursion of the web into TV; it folds it in (at a price). I’ve seen a demo, and it really is very slick, and the integration into tablet apps is terrific. Plus because it uses the satellite signal it’s fast – a big advantage in rural areas where broadband is slow.

(Here’s a piece I wrote on Sky Q before its details were fully known.)
link to this extract


Google restores ad blocker for Samsung browser to the Play Store » The Verge

Dan Seifert:

Following a little bit of drama last week, Google has restored an ad blocking plugin for Samsung’s Android browser to the Play Store today, according to a blog post from the developer of the app. The plugin, Adblock Fast, was removed from the Play Store last Tuesday after only being available for a day, with Google citing that the plugin violated a section of the Store’s developer agreements. The specific rule that was violated relates to plugins modifying other third-party applications, which is prohibited by Google.

Now things start to get interesting.
link to this extract


How WIRED is going to handle adblocking » WIRED

“Wired Staff”:

So, in the coming weeks, we will restrict access to articles on if you are using an ad blocker. There will be two easy options to access that content.

You can simply add to your ad blocker’s whitelist, so you view ads. When you do, we will keep the ads as “polite” as we can, and you will only see standard display advertising.
You can subscribe to a brand-new Ad-Free version of For $1 a week, you will get complete access to our content, with no display advertising or ad tracking.

This presumes that adblocking readers will accept that they are worth $1/week to Wired, and that Wired is worth the same amount to adblocking readers. Is that proven? Given how small the amounts earned from ads per person are, this seems to be herding people who don’t know their true value towards a funnel. Premium ad display costs $10 per CPM – that is, per thousand showings. That’s 1c per premium ad you view. Multiply by the number of ads on a page – perhaps 10, for 10c? So if adblocking readers pay up but view fewer than 10 articles per week, Wired is making a solid profit from them, minus credit card costs.

Discussion on Hacker News suggests that people would rather go for a “bid to show me ads” model – which, to be fair, is how Google Contribute works. If you set your per-page view at, say, $0.35, then you’ll only see ads where an advertiser has bidded more. But of course that means you get all the tracking malarkey that goes with it (and of course if you truly don’t like tracking, why are you using Google?)

And as is also pointed out, you can subscribe to the physical magazine for a lot less than the $50 per year this implies – in fact you can get it for about a tenth of that.

Another point, finally – the page is 3.3MB, of which only half is content. The rest is ads. Still sure you want them?
link to this extract


Exclusive: Top cybercrime ring disrupted as authorities raid Moscow offices – sources » Reuters

Joseph Menn:

Russian authorities in November raided offices associated with a Moscow film distribution and production company as part of a crackdown on one of the world’s most notorious financial hacking operations, according to three sources with knowledge of the matter.

Cybersecurity experts said a password-stealing software program known as Dyre — believed to be responsible for at least tens of millions of dollars in losses at financial institutions including Bank of America Corp and JPMorgan Chase & Co — has not been deployed since the time of the raid. Experts familiar with the situation said the case represents Russia’s biggest effort to date to crack down on cyber-crime.

A spokesman for the Russian Interior Ministry’s cybercrime unit said his department was not involved in the case. The FSB, Russia’s main intelligence service, said it had no immediate comment.

Menn is a terrific journalist on this topic. I highly recommend his book Fatal System Error. (He’s written others too.)(Thanks Richard Burte for the pointer.)
link to this extract


Inside the Stupid Shit No One Needs & Terrible Ideas Hackathon » Motherboard

Cecilia D’Anastasio:

Featuring hacks like 3Cheese Printer, a 3D printer using Cheez-Whiz as ink, and NonAd Block, a Chrome extension that blocks all non-ad content, the New York-based Stupid Hackathon is disrupting hackathon culture. While other hackathons churn out useless projects in earnest, the Stupid Hackathon strips pretension away from tech developers’ money-backed scramble to satisfy every human need. Satirizing the hackathon community’s naive goals for techno-utopianism, co-organizers Sam Lavigne and Amelia Winger-Bearskin solicit projects that use tech to critique tech culture.

“Is a need being filled or is the need manufactured and then constantly reinforced?” Lavigne asked. “The Stupid Hackathon is the perfect framework for satirizing the whole tech community.”

Three Stupid Hackathon teams set out to create wearables that detect boners. Categories for hacks included “edible electronics,” “commodities to end climate change” and “Ayn Rand.” Participants, in general, ignored them.

Lavigne and Winger-Bearskin, who met at the Interactive Telecommunications Program (ITP) at NYU, became disenchanted with hackathons when they noticed that many aimed to “hack” world hunger or income inequality in one weekend. As a student at ITP, Winger-Bearskin, now director of the DBRS Innovation Lab, applied to participate in a hackathon on the theme of love hosted at ITP but was rejected.

“I couldn’t even eat the food that was on the table next to me,” she said, referring to the free food often provided for hackathon participants. “And I couldn’t hack about love!” Lavigne has never attended another hackathon.

There used to be an Apple Mac hacking contest – called MacHack – in the 1990s where hacks that could actually be thought helpful were derided as “useful!”. Seems the idea is back, in a bigger way.
link to this extract


Riddle of cement’s structure is finally solved » MIT News

Concrete forms through the solidification of a mixture of water, gravel, sand, and cement powder. Is the resulting glue material (known as cement hydrate, CSH) a continuous solid, like metal or stone, or is it an aggregate of small particles?

As basic as that question is, it had never been definitively answered. In a paper published this week in the Proceedings of the National Academy of Sciences, a team of researchers at MIT, Georgetown University, and France’s CNRS (together with other universities in the U.S., France, and U.K.) say they have solved that riddle and identified key factors in the structure of CSH that could help researchers work out better formulations for producing more durable concrete.

What a time to be alive, eh? That solid/particle question had been bugging me for ages. Seriously, though, it’s an important topic: this stuff is everywhere.
link to this extract


Apple are right and wrong » Consult Hyperion

Dave Birch:

Bricking people’s phones when they detect an “incorrect” touch ID device in the phone is the wrong response though. All Apple has done is make people like me wonder if they should really stick with Apple for their next phone because I do not want to run the risk of my phone being rendered useless because I drop it when I’m on holiday need to get it fixed right away by someone who is not some sort of official repairer.

What Apple should have done is to flag the problem to the parties who are relying on the risk analysis (including themselves). These are the people who need to know if there is a potential change in the vulnerability model. So, for example, it would seem to me to be entirely reasonable in the circumstances to flag the Simple app and tell it that the integrity of the touch ID system can no longer be guaranteed and then let the Simple app make its own choice as to whether to continue using touch ID (which I find very convenient) or make me type in my PIN, or use some other kind of strong authentication, instead. Apple’s own software could also pick up the flag and stop using touch ID. After all… so what?

Touch ID, remember, isn’t a security technology. It’s a convenience technology. If Apple software decides that it won’t use Touch ID because it may have been compromised, that’s fine. I can live with entering my PIN instead of using my thumbprint. The same is true for all other applications. I don’t see why apps can’t make their own decision.

Birch’s point that this could put people off buying Apple phones is surely one that has already occurred to its management, and will be – like the prospect of being shot in the morning – concentrating their minds.
link to this extract


Reviews Rashomon: plumber remembers Yelp threat that never actually occurred » Screenwerk

Greg Sterling:

I had a plumber replace my kitchen faucet. As I do with all service professionals I engaged him in discussion about how he marketed himself and where his leads were coming from. Yelp was one of the primary sources.

He then told me that he had been solicited to advertise on the site and that he declined but was told by the telephone sales rep that his reviews could potentially be affected if he didn’t. This was the first time I’d directly heard this from a business owner.

In my mind this was the first real “evidence” that some sort of sales manipulation might be going on. I informed Yelp of my exchange with the plumber and it was immediately disputed: “That didn’t happen,” I was told.

To make a longer story short, Yelp invited me in to listen to the sales calls with this plumber, whom I identified to the company. Yelp records its end of sales calls but not the business owner’s conversation.

I sat in Yelps offices and listened to what must have been 25 – 30 calls to this plumber. Most of them were trying to set up appointments to discuss Yelp advertising. And there were at least two Yelp sales reps who were trying to close the account; a second one took over after the first one was unsuccessful.

There was nothing that sounded like a threat or any suggestion that reviews would be removed or otherwise altered by Yelp if the guy didn’t advertise. There wasn’t anything that could be construed as even implying that.

Sterling concludes that this is a “Rashomon” – a scene where every recounting differs subtly. One possibility: the calls with the threats actually come from scammers. Or plumbers just misinterpret what they hear.
link to this extract


Errata, corrigenda and ai no corrida: Yesterday’s link to VTech’s horrendous security came via Chris Ratcliff. Thanks, Chris.