Start up: the Foodpanda takeaway scam, watch iOS 9 grow!, 2 billion lines of Google, and more

Posted on September 17, 2015 by charlesarthur

“Hi! You look like you want an (artificially) intelligent conversation!” Photo by RomitaGirl67 on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. May cause. I’m charlesarthur on Twitter. Observations and links welcome.

Mixpanel Trends » Mixpanel Mobile Analytics

The link is to the iOS 9 adoption curve from Mixpanel; it’s live, so when you click through it’ll be the latest figures. At the time of writing, three hours after iOS 9 went live, its adoption was at 3.2%, against 7.2% for “older than iOS 8” and 89.6% for iOS 8. (Apple’s own stats on September 14 were 87% iOS 8, 11% iOS 7, 2% earlier.)
link to this extract

The trouble with Foodpanda » Livemint

Ashish Mishra with a terrific tale of a much-funded startup which didn’t quite figure out that not everyone is honest:

Let’s say you are a restaurant. Now, place 10 orders using 10 names or even the same name, each for Rs.300. Every order is a takeaway. Pay online using the BOGO voucher, a campaign (Buy One Get One) run by Foodpanda. So for Rs.300, get Rs.300 free. So for a Rs.600 order, you paid only Rs.300. How much does Foodpanda have to return to you, the restaurant? Rs.600. After deducting 12% as its cut, Rs.528. How much did you make in the process? Rs.228 . Did you have to deliver that order? Nope. So, a straight profit of Rs.228.

Now, let’s say you processed 100 such orders a day. For a month. Total investment: Rs.9 lakh. Reimbursed by Foodpanda: Rs.15.84 lakh. Your total gain, by just processing fake orders: Rs.6.84 lakh.

Now imagine you are not the only restaurant on the platform doing this.

link to this extract

Issue 178139 – android – Android full lockscreen bypass – 5.1.1 PoC » Android Open Source Project

John Gordon at the University of Texas at Austin:

Android 5.1.1 Lockscreen Bypass
—–
Summary: Unlock a locked device to access the homescreen, run arbitrary applications, and enable full adb access to the device. This includes access to encrypted user data on encrypted devices.
Prerequisites: Must have a password lockscreen enabled. (PIN / swipe untested)
Hardware: Nexus 4
Software: Google factory image – occam 5.1.1 (LMY47V)

Attack details:
Pasting a sufficiently large string into an input field will cause portions of the lockscreen to become unresponsive and allow the user to terminate those processes. An attacker can construct a large string by typing characters into the Emergency Dialer, then select all + copy + paste repeatedly to increase the string size exponentially. Once the string has been pasted, either into the Emergency Dialer or the lockscreen password prompt, attempting to type more characters or performing other intaractions quickly and repeatedly causes the process to become overloaded and crash, or produce a dialog allowing the user to kill the process. If done in a password prompt in the foreground of the camera application, this crash results in the homescreen or Settings applcation being exposed.

PIN/swipe is untested, rather than safe (as far as we can see). This seems to be pretty hard to do – the video is 18 minutes long, involving lots of copy/pasting. It’s not really a giant flaw like Stagefright; and Apple has had some egregious lockscreen bypasses in the past. (Though none in iOS 8 that I’ve seen.) The problem though is that this doesn’t help Android’s reputation among businesses considering whether to buy it. It’s not the exploit; it’s the suggestion of vulnerability.
link to this extract

Popping the publishing bubble » Stratechery

Ben Thompson, in his weekly “free to view” article, says that iOS 9’s adblockers are just going to finish what was already happening:

It is easy to feel sorry for publishers: before the Internet most were swimming in money, and for the first few years online it looked like online publications with lower costs of production would be profitable as well. The problem, though, was the assumption that advertising money would always be there, resulting in a “build it and they will come” mentality that focused almost exclusively on content product and far too little on sustainable business models.

In fact, publishers going forward need to have the exact opposite attitude of publishers in the past: instead of focusing on journalism and getting the business model for free, publishers need to start with a sustainable business model and focus on journalism that works hand-in-hand with the business model they have chosen. First and foremost that means publishers need to answer the most fundamental question required of any enterprise: are they a niche or scale business?

• Niche businesses make money by maximizing revenue per user on a (relatively) small user base
• Scale businesses make money by maximizing the number of users they reach
The truth is most publications are trying to do a little bit of everything: gain more revenue per user here, reach more users over there.

Worth it for the illustrations. You should subscribe so he can afford an iPad Pro and a stylus.
link to this extract

Google is 2 billion lines of code — and it’s all in one place » WIRED

Cade Metz:

Google has built its own “version control system” for juggling all this code. The system is called Piper, and it runs across the vast online infrastructure Google has built to run all its online services. According to [Google’s head of… big stuff? Rachel] Potvin, the system spans 10 different Google data centers.

It’s not just that all 2 billion lines of code sit inside a single system available to just about every engineer inside the company. It’s that this system gives Google engineers an unusual freedom to use and combine code from across myriad projects. “When you start a new project,” Potvin tells WIRED, “you have a wealth of libraries already available to you. Almost everything has already been done.” What’s more, engineers can make a single code change and instantly deploy it across all Google services. In updating one thing, they can update everything.

There are limitations this system. Potvin says certain highly sensitive code—stuff akin to the Google’s PageRank search algorithm—resides in separate repositories only available to specific employees. And because they don’t run on the ‘net and are very different things, Google stores code for its two device operating systems — Android and Chrome — on separate version control systems. But for the most part, Google code is a monolith that allows for the free flow of software building blocks, ideas, and solutions.

The point about Android and Chrome being on separate version control systems is one to note. Can’t merge the code until those two come together.
link to this extract

IPv6 will get a big boost from iOS 9, Facebook says » Computerworld

Stephen Lawson:

Even when all the pieces are in place for IPv6, iOS 8 makes an IPv6 connection only about half the time or less because of the way it treats the new protocol. With iOS 9, and IPv6 connection will happen 99% of the time, Saab predicts.

IPv4 is running out of unused Internet addresses, while IPv6 is expected to have more than enough for all uses long into the future. Adoption has been slow since its completion in 1998 but is starting to accelerate. The release of iOS 9 may give a big boost to that trend.

“Immediately, starting on the 16th, I’m expecting to see a lot more v6 traffic show up,” said Samir Vaidya, director of device technology at Verizon Wireless. About 50% of Verizon Wireless traffic uses IPv6, and Vaidya thinks it may be 70% by this time next year as subscribers flock to the iPhone 6s.

Apple’s change should help drive more IPv6 use on Comcast’s network, too. About 25% of its traffic uses the new protocol now, and that figure could rise above 50% by early next year, said John Brzozowski, Comcast Cable’s chief IPv6 architect.

This is the point, again and again. Android has the installed base; but iOS adoption is so rapid that it can drive change almost immediately.
link to this extract

Barbie wants to get to know your child » The New York Times

James Vlahos:

Hello Barbie is by far the most advanced to date in a new generation of A.I. toys whose makers share the aspiration of Geppetto: to persuade children that their toys are alive — or, at any rate, are something more than inanimate. At Ariana’s product-testing session, which took place in May at Mattel’s Imagination Center in El Segundo, Calif., near Los Angeles, Barbie asked her whether she would like to do randomly selected jobs, like being a scuba instructor or a hot-air-balloon pilot. Then they played a goofy chef game, in which Ariana told a mixed-up Barbie which ingredients went with which recipes — pepperoni with the pizza, marshmallows with the s’mores. ‘‘It’s really fun to cook with you,’’ Ariana said.

At one point, Barbie’s voice got serious. ‘‘I was wondering if I could get your advice on something,’’ Barbie asked. The doll explained that she and her friend Teresa had argued and weren’t speaking. ‘‘I really miss her, but I don’t know what to say to her now,’’ Barbie said. ‘‘What should I do?’’

‘‘Say ‘I’m sorry,’ ’’ Ariana replied.

‘‘You’re right. I should apologize,’’ Barbie said. ‘‘I’m not mad anymore. I just want to be friends again.’’

We now return you to our regular scheduled programming of “Philip K Dick short stories brought to life.” Take your pick: War Game, Second Variety or The Days of Perky Pat?
link to this extract

One great reason to update to iOS 9 – a nasty silent AirDrop attack is in town » Forbes

Australian researcher Mark Dowd, who heads up Azimuth Security, told FORBES ahead of Apple’s iOS 9 release on Wednesday that the flaw allowed anyone within range of an AirDrop user to install malware on a target device and tweak iOS settings so the exploit would still work if the victim rejected an incoming AirDrop file, as seen in the video below.

Users should update to iOS 9 and Mac OS X El Capitan, version 10.11, as soon as possible to avoid losing control of their phones and PCs to malware. Any iOS versions that support AirDrop, from iOS 7 onwards, are affected, as are Mac OS X versions from Yosemite onwards. There are few protections outside of upgrading, other than turning AirDrop off altogether. The service is off by default, though it’s possible to start it running from the lockscreen.

By carrying out what’s known as a “directory traversal attack”, where a hacker enters sections of the operating system they should not be able to access, Dowd found it was possible to exploit AirDrop and then alter configuration files to ensure iOS would accept any software signed with an Apple enterprise certificate. Those certificates are typically used by businesses to install software not hosted in the App Store and are supposed to guarantee trust in the provenance of the application. But, as FORBES found in a recent investigation into the Chinese iPhone jailbreaking industry, they’re often used to bypass Apple security protections.

I dunno, getting AirDrop to work is usually the biggest challenge I face. (The mitigation is pretty easy on any version – turn off Wi-Fi or Bluetooth, or turn Airdrop to accept files from Contacts Only or off; this leaves Wi-Fi and Bluetooth untouched.)
link to this extract

Google taken to court to uncloak ebook pirates » TorrentFreak

Early June, GAU [the Dutch trade organisation representing dozens of book publishers in the Netherlands] reported that Google appeared to be taking steps to prevent rogue sellers from offering illegal content via its Play store. The group also noted that BREIN was attempting to obtain the personal details of the ‘pirate’ seller from Google.

Unsurprisingly that wasn’t a straightforward exercise, with Google refusing to hand over the personal details of its user on a voluntary basis. If BREIN really wanted the seller’s identity it would have to obtain it via a court order. Yesterday the anti-piracy group began the process to do just that.

Appearing before the Court of The Hague, BREIN presented its case, arguing that the rogue seller was not merely a user of Google, but actually a commercial partner of Google Play, a partnership that earned revenue for both parties.

“The case is clear,” BREIN said in a statement.

“There was infringement carried out by an anonymous seller that was actually a commercial ‘partner’ of Google via Google Play. This is how Google refers to sellers in its own terms of use.”

BREIN says that ultimately Google is responsible for the unauthorized distribution and sales carried out via its service.

“There is no right to anonymously sell illegal stuff, not even on Google Play while Google earns money,” the anti-piracy group concludes.

In the UK I think this would be a fairly straightforward “Norwich Pharmacal” case. Wonder if Holland has anything comparable.
link to this extract

Start up: Uber’s China fight, Stagefright goes public, women and Apple, Wileyfox reviewed, and more

Posted on September 11, 2015 by charlesarthur

Feast your eyes: you’ll never see its like again. (Hopefully.) Photo by MarkGregory007 on Flickr.

A selection of 10 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Inside Uber’s fight with its Chinese nemesis, Didi Kuaidi » WSJ

Fabulous in-depth piece by Eva Dou and Rick Carew:

Both companies have sought to woo drivers with bonuses to those who rack up rides. Uber has offered larger bonuses in an effort to catch up in scale, earlier this year giving as much as 7,000 yuan weekly to Beijing drivers who completed a high number of rides—quadruple a traditional taxi driver’s wages, according to drivers. Both companies have bonuses for individual rides during peak times and smaller bonuses for individual achievements, such as referring friends or getting high ratings.

Now the challenge for both is keeping drivers and riders while weaning them off bonuses and coupons.

Yang Yang, a 33-year-old Uber driver in Beijing, says bonuses are increasingly difficult to get. He stays on the road 12 to 14 hours a day to qualify for the weekly bonus, using minty salves to stay awake.

The lure of bonuses has led drivers to game the system. Uber and Didi Kuaidi battle drivers who book fake rides—known as “brushing” in China. In brushing, the scammer will typically pose as both driver and rider, essentially paying himself multiple times to build up enough fake business to win a bonus.

Rings of scammers use specialized software bought online to rack up fake rides while they sit at home, drivers interviewed say. They say they get calls and texts from people offering to help them scam Uber for a fee. Didi Kuaidi is suffering less from the problem, according to drivers, as its lower driver bonuses are less of a draw.

I love how people find ways to game systems like this; it’s the thing that definitely keeps us a step ahead of the damn robots.
link to this extract

The Washington Post has begun blocking the ad blockers » BuzzFeed News

Matthew Zeitlin:

“Many people already receive our journalism for free online, with digital advertising paying only a portion of the cost,” a Washington Post spokesperson told BuzzFeed News.

“Without income via subscriptions or advertising, we are unable to deliver the journalism that people coming to our site expect from us. We are currently running a test using a few different approaches to see what moves these readers to either enable ads on The Washington Post, or subscribe.”

There’s a kind of Cold War brewing between publishers who say that ad blocking software cuts off the lifeblood of free media online, and readers who complain about pages crammed with garish ads and intrusive trackers, which make many sites bloated and slow to load.

Not sure it’s a cold war. It’s about to get a lot more heated: iOS 9 comes out next week, and the content blocking apps will all be lining up for it.
link to this extract

Android Stagefright exploit code released to public » Threatpost

Michael Mimoso:

[Joshua] Drake, vice president of platform research and exploitation at Zimperium zLabs, said in July the bug could affect more than 950m Android devices. He chose not to publish exploit code at the time, giving Google time to push patches to the Android Open Source Project and subsequently to handset manufacturers and carriers. He originally planned to release exploit code on Aug. 24.

Google, meanwhile, wasted no time in changing the way it releases security updates for Android, announcing at Black Hat that it would send monthly over-the-air updates its Nexus phones. The move was mirrored by others, including Samsung and LG, and the first Nexus updates included patches for Stagefright. Silent Circle also patched its Blackphone and Mozilla patched Firefox, which uses Stagefright code in the browser.

Stagefright is the name of the media playback engine native to Android, and the vulnerabilities Drake discovered date back to version 2.2; devices older than Jelly Bean (4.2) are especially at risk since they lack exploit mitigations such as Address Space Layout Randomization (ASLR) that are present in newer versions of Android.

The problem is that Stagefright is an over-privileged application with system access on some devices, which enables privileges similar to apps with root access.

When the tide goes out, you discover who’s been swimming naked, or hasn’t put on their security trousers.
link to this extract

Focusing on the full picture with data » FlowingData

Nathan Yau:

I don’t know the full context of this discussion, but in the interview below, Hans Rosling talks to media person Adam Holm about why we shouldn’t use the media to form our opinions about the world. Media person disputes. Rosling puts foot on table and says Holm is wrong.

This is terrific. Enjoy.

Rosling also gave a TED talk in 2014: “How not to be ignorant about the world“.
link to this extract

Wileyfox Swift: Brit startup budget ‘droid is the mutt’s nuts » The Register

Alun Taylor:

If someone asked me what my ideal smartphone would be I’d say one that costs no more than £120, has 16GB of storage, at least 2GB of RAM, a 5-inch IPS screen, a removable battery, two SIM slots, space for a microSD card, the best iteration of Android available (that’s the Cyanogen OS Android fork, in my opinion) and is waterproof.

There’s nothing revolutionary about the Swift’s design, it’s just smart and well made
Wileyfox’s new Swift actually fails to meet two of those criteria – the cost is £130, and there’s no waterproofing. But as we’ll see, considering the rest of the package, it’s very easy to forgive those two failings.

In an increasingly competitive market the Swift is up against the likes of the Motorola Moto G and Sony Xperia M4 Aqua, both of which we have reviewed recently. And both of which are rather more expensive at £189 (for the 2GB RAM version) and £199 respectively.

Along with price deflation, Android is splitting into niches, as well as software specialisation – such as the use of Cyanogen here. This is great value; it’s not going to sell in huge volumes (simply because of supply chain constraints) but it’s where the Android market is going.
link to this extract

Bullshit, selfies and Photoshopped smiles: Apple’s iPhone 6S announcement was a joke » Gadgette

Holly Brockwell is pissed off and she isn’t going to take it any more:

It’s no secret that I’m far from Apple’s biggest fan. In fact, despite what Reddit seems to think, I’m firmly Team Android. But that doesn’t mean I don’t give Apple credit where it’s due – it’s just that it seems to be due less and less these days. Last night’s announcement was their worst yet.

Her principal complaint seems to be “these things have all been done before!” along with “there was a Photoshop demo using a woman’s face!”. The “where were the women?” thing seemed to become a mini-meme on Twitter. Perhaps I was missing the bit where Jen Folse came out and demoed Apple TV entirely on her own. Or where a female doctor showed off the iPad Pro, again, entirely on her own. Or a female entrepreneur from Gilt showed what she could do on Apple TV. Sure, there were more men. But that’s true in pretty much any tech event.

My wife constantly quotes a friend says you can divide the world into drains and radiators – some suck you dry, some warm you up. I prefer radiators. Which is why I love this tweet from Lia Napolitano, who used to work on the Apple TV team, praising Folse, who still does.

You guys. Check out Jen Folse's Siri nail art. #womeninpower #womenindesign pic.twitter.com/EldZkI0yuG

— Lia Napolitano (@napolisaurusrex) September 10, 2015

link to this extract

Production of new 21-inch iMac begins, say Taiwan makers » Digitimes

Aaron Lee and Joseph Tsai:

Production of a new 21-inch iMac featuring a 4096 by 2304 screen kicked off in early September and will be launched in the fourth quarter, with shipments in the quarter estimated at 1.4m-1.5m units, according to Taiwan-based supply chain makers.

With shipments from existing iMac products, Apple’s overall all-in-one PC shipments could surpass those of Lenovo in the second half.

The sources pointed out that the new 21-inch iMac only has a limited change in industrial design, but is upgraded with better hardware specifications, especially the Ultra HD display.

This will probably be no more than a press release from Apple. The current 21in iMac is 1920 by 1080 pixels – so this is going to be an amazing screen.
link to this extract

Amazon finally stops selling the Fire Phone, as company adjusts its hardware strategy » GeekWire

Tricia Duryee:

It’s taken more than a year, but Amazon has finally exhausted its supply of Fire Phones.

At least that appears to be the case based on the phone’s product page, which now lists the device as “currently unavailable,” with an additional note in the buy box, stating: “We don’t know when or if this item will be back in stock.”

That’s true for both the 32GB and 64GB models.

A year ago I calculated that no more than 35,000 had been sold. I wonder what the final number was.
link to this extract

Electronic noise is drowning out the Internet of Things » IEEE Spectrum

Mark McHenry, Dennis Roberson and Robert Matheson:

it is expensive to trace RF [radio frequency] pollution to a source and, when you do, it is often challenging to get offenders to stop offending.

The coming Internet of Things is going to make things worse. Much worse. It will do so by adding complex RF-control chips to countless common devices, like door locks, light switches, appliances of every type, our cars, and maybe even our bodies, which will enable them to connect to the Internet. Each of these chips is a potential source of noise. Plenty of technological fixes are available, of course, but the huge number of chips means that manufacturers will be more reluctant to add costly shielding and other noise-muffling features to their products. Silence is golden: It costs money to get it.

link to this extract

Apple promo video confirms the 6s has a smaller battery » TechCrunch

Fitz Teppper:

a 3D Touch promotional video released by the company seems to confirm that the 6s will indeed have a smaller battery than the iPhone 6. Specifically, GSMArena discovered that the video shows a shot of the battery marked “1715 mAh”, which is less than the iPhone 6’s 1810 mAh battery.

The extra space gained from reducing the device’s battery is most likely being used to fit new, larger components like the Taptic Engine and Force Touch-enabled display.

It’s important to note that this doesn’t mean the device will provide fewer hours of usage. In fact, Apple’s specs on the 6s show that the device will have the exact same talk, Internet browsing, and video playback time as its predecessor. This is most likely due to increased power efficiency in the new phone.

In my (beta) experience, iOS 9 has better battery life than iOS 8. Have to see how the rest of it plays out. Safe bet though that “smaller battery!” will be found in the comments sections of many blogs in the days – months even – to come.
link to this extract

Start up: Apple’s AI hires, Spotify’s smart music, why refugees have smartphones, and more

Posted on September 9, 2015 by charlesarthur

What’s the motive for downloading the top 40 every week from a torrent site? Completism? Photo by DigitalTribes on Flickr.

A selection of 8 links for you. Handle with care. I’m charlesarthur on Twitter. Observations and links welcome.

Exclusive: Apple ups hiring, but faces obstacles to making phones smarter » Reuters

Apple has ramped up its hiring of artificial intelligence experts, recruiting from PhD programs, posting dozens of job listings and greatly increasing the size of its AI staff, a review of hiring sites suggests and numerous sources confirm.

The goal is to challenge Google in an area the Internet search giant has long dominated: smartphone features that give users what they want before they ask.

As part of its push, the company is currently trying to hire at least 86 more employees with expertise in the branch of artificial intelligence known as machine learning, according to a recent analysis of Apple job postings. The company has also stepped up its courtship of machine-learning PhDs, joining Google, Amazon, Facebook and others in a fierce contest, leading academics say.

But some experts say the iPhone maker’s strict stance on privacy is likely to undermine its ability to compete in the rapidly progressing field.

It’s certainly the case that Apple’s privacy stance is, as Sameer Singh says, its “strategy tax” (a strategy tax is an approach to a business area that prevents you exploiting it to the maximum: “Windows everywhere” was Microsoft’s strategy tax that prevented it doing mobile really well, Google’s is the need to collect data). The question is how much you do need that pooled personal information (as opposed to anonymous information) to do this well.
link to this extract

Field Notice: FN – 63697 – Protective Boot on Certain Network Cables Might Push the Mode Button and Cause an Unexpected Reset on the 48-Port Models of Cisco Catalyst 3650 and 3850 Series Switches » Cisco

“Certain” network cables being “pretty much every Ethernet cable you buy”. Like this:

Design screwups like this deserve their own Tumblr. Of note: the Cisco 3650 was released on October 10 2013; this note is dated October 30 2013. Of course it wasn’t caught in testing, but one suspects that customers discovered this pretty much on day one.
link to this extract

Inside Spotify and the future of music » Tech Insider

Alex Heath:

Spotify’s progress in sorting its library of 35 million songs can be traced back to The Echo Nest, a music intelligence company that was created within the MIT Media Lab a decade ago. Spotify bought The Echo Nest last March in what was reported to be a $100m deal.

Jim Lucchese, CEO of The Echo Nest, tells Tech Insider that his team of about 70 people are focused on delivering “the right listening experience at the right time” within Spotify.

They do this by analyzing the makeup of every song, how people are talking about music online, and how people are listening to it. While the company continues to work with clients like Rdio, Microsoft, Sirius, and Vevo, as it did before it was sold, its most cutting-edge work is developed and honed for Spotify.

One of The Echo Nest’s first projects for Spotify, reported last September on FiveThirtyEight, was developing dossiers of every user’s listening habits, which are now called “taste profiles.”

Ajay Kalia, who oversees the project, tells us they realized early on that there’s an important distinction between the music you listen to and music you actually like.

For example, just because I play a lot of instrumental, ambient music while I’m at work doesn’t mean that I have a particular affinity for those kinds of artists. And just because your significant other plays a lot of country music while you’re both in the car doesn’t mean you want a bunch of country playlists shoved at you.

This “listen to but not like” has often been the problem about music. This makes it sound as though Echo Nest is human-curated, which it really isn’t.
link to this extract

Google nears re-entry to mainland China » The Information

Amir Efrati:

As part of its broader China push, Google is expected to offer new incentives to phone makers to upgrade Android phones to the latest versions of the operating system, says one person briefed on its plans. The company wants more phones to run the advanced version of Android so that the software platform and experience can be more consistent for app developers and consumers.

As more Chinese app developers look to extend their apps beyond China’s borders and more non-Chinese app makers try to tap the Chinese market, Google wants to ensure all the apps work well across Android devices globally. Thus, hardware partners that will distribute Android Wear or Google Play in China will need to adhere to certain global compatibility standards, says the person familiar with the plan.

For its app store, Google has promised authorities that it will follow local laws and block apps that the government deems objectionable, say the people familiar with Google’s plans. In some parts of the world and among Internet policy wonks, this move will be viewed as a back-tracking from Google’s posture following its departure from China in 2010. At that time Google ended its engineering operations in China and moved its Chinese-language Web-search engine to a Hong Kong-based Web domain, out of reach of mainland China officials, after being breached from a cyber attack that it linked to the Chinese government.

Authorities denied involvement in the attack, which successfully breached many American companies and is known as Operation Aurora. At the time, though, Google co-founder Sergey Brin publicly compared China to the totalitarian Soviet Union in which he grew up. (Mr. Brin is now part of Alphabet, Google’s soon-to-be parent company, and isn’t involved in Google’s day-to-day affairs.)

Some forces within Google always believed that the company’s and Mr. Brin’s response was rash. It should have viewed the China-based hacking, which occurred in late 2009, as a natural consequence of being a major tech company in an age of increasing cyber attacks by all governments.

A long extract (but it’s a long article). That last paragraph is telling; Eric Schmidt was the pro-China voice, Brin the no-to-China voice, and Larry Page effectively had the casting vote back in 2010. Sundar Pichai clearly leans towards Eric Schmidt’s stance: better to deal than to stand on principle.
link to this extract

Police raid fails to dent UK Top 40 music piracy » TorrentFreak

Police arrested a Liverpudlian who was a determined uploader of the top 40 releases to torrent sites:

Yet again it appears that the arrest last week was a case of rightsholders and police targeting low-hanging fruit. Using widely available research tools we were able to quickly uncover important names plus associated addresses, both email and physical. It seems likely that he made close to no effort to conceal his identity.

Due to being in the police spotlight it will come as little surprise that there was no weekly upload of the UK’s Top 40 most-popular tracks from OldSkoolScouse last Friday, something which probably disappointed the releaser’s fans. However, any upset would have been very temporary indeed.

As shown below, at least four other releases of exactly the same content were widely available on public torrent sites within hours of the UK chart results being announced last Friday, meaning the impact on availability was almost non-existent.

But who, seriously, actually wants to listen to all the top 40 tracks week after week? It would be pretty numbing even if you worked in the business. I bet this guy barely listened to the music. He, and the downloaders who waited avidly for the songs, strike me as more like stamp collectors: uninterested in what is conveyed, obsessed with completing sets.
link to this extract

iPhone supply chain makers set to see strong sales in September, say sources » Digitimes

Monica Chen and Steve Shen:

Incoming parts and components orders for the new iPhones are even stronger than orders for the iPhone 6 devices in the corresponding period of a year earlier, indicated the sources, adding that shipments of updated iPhones will once again squeeze sales of other vendors including Samsung Electronics, Sony Mobile Communications and LG Electronics, commented the sources.

Thus, sales of the new iPhones are expected to dominate smartphone sales globally in the fourth quarter of 2015 as current sales of LG Electronics’ G4, HTC’s One M9/M9+ series products and Sony Mobile’s Xperia Z3+ have been lower than expected, indicated the sources.

To lessen the impact of the release of the new iPhones, Samsung has been implementing a “Ultimate Test Drive” program that encourages current iPhone users to pay US$1 to test its Galaxy Note 5 or Galaxy S6 Edge+ for one month.

Good luck with that, Samsung.
link to this extract

Academic study reveals urban and rural broadband speed gaps » ISPreview UK

Mark Jackson:

The study (‘Two-Speed Britain: Rural Internet Use‘) claims that more than 1 million people in Britain are “excluded or face challenges in engaging in normal online activities because they live in remote rural areas“, where slow or non-existent Internet connectivity is still a serious problem.

The report separated areas into several groups and examined each separately: Deep Rural (remote), Shallow Rural (less remote) and Urban internet users. It reveals that just 5% of those in Urban areas had an average broadband speed below 6.3Mbps, but in Deep Rural areas only 53% could achieve this “modest speed“.

Furthermore the gap is unsurprisingly found to be most pronounced in upland areas of Scotland, Wales and England, but also in many areas in lowland rural Britain. It affects 1.3 million people in deep rural Britain, and 9.2 million people in less remote areas with poor internet connection (or ‘shallow’ rural areas).

The report itself isn’t available for download (yet?) because neither Oxford University nor dot.rural has actually put a usable link up.
link to this extract

Surprised that Syrian refugees have smartphones? Sorry to break this to you, but you’re an idiot » The Independent

James O’Malley, in somewhat straightforward mood:

So we know that Syria isn’t dirt poor and we know that there’s a lot of mobile phones: but why smartphones? Well, why not? In the West many people own desktop computers, laptops and tablets as well as smartphones. But if you had to give up many of your possessions and live on $1850/year, after clothes and food, what would you buy next? It is hard to think of a more useful thing to own than a smartphone, especially if you’re fleeing your home.

Even when utility isn’t considered, the reason Syrians are using smartphones and not old Nokia 3210s is the same reason that benefits claimants have (gasp!) “flatscreen” TVs… have you tried buying any other kind lately? Budget Android smartphones can be picked up for well under £100, and come with cameras, large screens and everything you would expect from a modern phone. As we’re now in the habit of replacing our phones with a new model every year or two the price of slightly older phones also drops significantly.

The headline certainly falls into the “no mimsy hedging here” bucket.
link to this extract

Start up: iOS 9 and the BBC, AdBlock v Chrome/YouTube, Imogen Heap’s blockchain, and more

Posted on September 8, 2015 by charlesarthur

And we just happen by great good fortune to know a good source of women who aren’t wives too. Photo by James Maskell on Flickr.

A selection of 8 links for you. Tested on humans for irritancy. I’m charlesarthur on Twitter. Observations and links welcome.

Ashley Madison’s parent company secretly operated an escort website » Daily Dot

Dell Cameron:

After the details of roughly 33 million Ashley Madison accounts were posted online, the hackers responsible, known as Impact Team, leaked more than 197,000 private emails from the inbox of Noel Biderman, the former CEO of Avid Life Media (ALM), a Toronto, Canada–based company that operates the Ashley Madison site. Documents and emails contained in the trove and reviewed by the Daily Dot detail the company’s escort-related businesses.

Escorts.ca was leased in 2013 through a shell company called Pernimus Limited, which is listed among ALM’s “legal entities” on an internal company memo. According to a leaked contract, ALM leased the escort-service property from an Ontario-based company called Steeltown Marketing Inc., on Feb. 20, 2013.

The escorts.ca website was still active until roughly 6pm ET on Tuesday, when it was abruptly suspended. A version of the site from Aug. 1, 2015, can still be viewed, however, via the Wayback Machine.

Innocent explanation: ALM was into teh sexy bsns, so having an escort company as well as a “YOLO BE UNFAITHFUL” site was just consistent corporate thinking.

Malevolent explanation: 1) have a site encouraging guys to be unfaithful; 2) funnel them towards escorts 3) Profit!

Hang on, further down:

The document shows that ALM’s intention for the site, which did not charge users to browse its pages, was to funnel traffic to Ashley Madison and other ALM properties.

Having some trouble making the innocent explanation work here.

link to this extract

Apple’s iOS 9: Tweaks not revolution for video, photos and audio » BBC Blogs: College of Journalism

Marc Settle, who specialises in smartphone reporting for the BBC Academy:

Doesn’t time fly. It’s already a year since my now-traditional blog post examining what’s in the latest version of iOS, the operating system on iPhones and iPads. It’s also therefore a year since the equally traditional complaint of ‘preferential treatment’ to Apple over Android, the operating system that runs on around 80% of smartphones globally.

However, it remains the case that iPhones are the device of choice for many leading news organisations around the world – not just the BBC – for their employees to gather and send broadcast-quality footage at a far lower cost than traditional methods.

It’s also the case that this review of iOS 9 will be far more relevant, far more quickly, to iPhone owners if the pattern of previous releases is repeated. iOS 8 came out on 17 September 2014; a week later it was running on more than a third of compatible devices (as shown on the graph above).

In stark contrast, the latest version of Android, called Lollipop, was released in November 2014 but nine months later it’s still barely on 20% of devices.

Seems iOS 9 doesn’t add much, apart from some little tweaks in video editing. It has been noticeable in the latest reports on the refugee crisis that some of the BBC reporters are doing the reports with iPhones; one did a whole report using the front-facing camera and flash so that he could show the extent of the problem.
link to this extract

YouTube ads aren’t being blocked in Chrome / Recently Reported / Knowledge Base » AdBlock Support

And lo, there was great consternation that YouTube might have found a way to make people view ads. But it turned out not to be:

Some users have been able to confirm, that removing YouTube app from Chrome (by navigating to chrome://apps on Chrome) fixes YouTube ads, which are not blocked.

According to the EasyList forum post on this topic (you can read the original Google Code issue if you’d like to know the gory details) it’s caused by a recent Chrome security update, not the ad blockers or YouTube finding a way around the current filters.

At this point, we’re waiting for news about another update to Chrome which will fix this. In the meantime, we recommend switching to Firefox or Safari, which continue to block ads in YouTube videos just fine

In the Chromium discussion, a Chromium developer says “It was a security fix tracked in bug 510802 which we can’t make public yet, but it has the details.” (I can’t find a way to view bug 510802, so maybe it’s a doozy.)

link to this extract

Michael Dell sees consolidation among PC makers in next few years » Reuters

The top three global PC makers would be able to raise market share in the next few years through consolidation amid shrinking sales of personal computers, Dell Inc chief executive Michael Dell said on Monday.

Lenovo Group Ltd tops global PC shipment ranking with a 20.3% market share, followed by Hewlett-Packard Co at 18.5% and Dell at 14.5%, according to research firm International Data Corp.

The top three companies could corner about 80% of the market in the next five to seven years, Dell said at a roundtable conference with journalists in Bengaluru, India.

“In the first half of this year, we outgrew the two in notebooks and we have grown now 10 quarters in a row,” Dell said.

IDC last month forecast PC shipments to fall 8.7% this year, steeper than its earlier estimate of a 6.2% decline, and said they are expected to return to growth in 2017.

Presently those top three have 53%; it would take quite a consolidation (such as the collapse/withdrawal of a player like Acer with 6.5% share and a smaller one like Toshiba with maybe 3% share) to reach that. But the ongoing consolidation is steady.

Read it too for Dell’s comment on smartphones.
link to this extract

Imogen Heap: saviour of the music industry? » The Guardian

Jamie Bartlett on how one British artist aims to use blockchain technology to create an accountable system for buying and listening to and crediting music:

Because [Imogen] Heap now produces her own music independently she’s not contracted to release her song via the usual route. Instead, she will be placing the studio-recorded song, video, live performance and all Tiny Human-related data as files on her website, open to those developing new tech for the blockchain. All the taggable associated data that could interest fans or potential clients (film and TV, brands, other artists), such as the lyrics, photographs, the instruments she used, the musicians who played, etc (“I think I’ll add this article too,” she told me) will prove inspirational, she hopes.

Crucially, she’ll also include simple contracts, revealing under what terms the music would (ideally, as this is an experiment) be downloaded or used by third parties, such as advertisers, and how any money earned will be divided up among the creatives involved. All payment received – using crypto-currencies – will be routed to the recipients, as set out in the contract, within seconds. (It typically takes between weeks and months for royalty payments to work their way through the chain at the moment.)

It’s a long but worthwhile article. There’s a fair amount of handwaving around how it will work, though I suspect that’s just as much because really getting into the details of how the blockchain system would work might frighten the horses (as in, regular non-techie readers) too much.

And remember, MP3 started as a way to compress background music and sounds for video games.
link to this extract

Premium Android hits the wall: discussion » Hacker News

Among the discussion of my post elsewhere on this blog is this anecdote:

My wife went into the EE shop (UK mobile company) recently to see what was on the market as her old Galaxy S2 was dying.

She came out with a list of six Samsung phones alone and a couple of Sonys. Is a Galaxy Alpha better than an S6? What’s a Galaxy Mini? So bewildered by the permutations that she just threw away the list and bought a second-hand Galaxy S4 on eBay. Potential sale for Samsung lost.

Android vendors might think they’re satisfying all possible market requirements but actually they’re confusing potential customers. As you say, probably easier just to go to the Apple store and choose between two.

I know anecdotes aren’t data, but I think the contrast between a plethora of choices and a couple makes a difference. Note too how few features Apple adds at each release. (Read the full discussion too.)
link to this extract

Negative feedback: attack on a YouTube channel » Dell SecureWorks Security and Compliance Blog

Joe Stewart of CTU Research on how an “attack” (lots of dislikes) against a YouTube channel might have been organised via hijacked routers in Vietnam:

All it takes to bounce traffic through a vulnerable broadband modem is to know the standard administrative username/password pair used by the ISP, something trivially obtained by analysis of the device’s firmware image or even by brute force scanners. Once you can configure the modem, you can set up port forwarding and relay traffic inbound to a specific TCP port to an outside site (i.e. YouTube). This isn’t a proxy in the conventional sense, where one can arbitrarily tunnel all HTTP traffic through another IP, but it can work in essentially the same way for a single destination site.

Vietnam is certainly not the only country with this problem. A rush to create broadband infrastructure in some countries where ISP choices are limited has led to a dangerous monoculture of vulnerable router deployments. As consumer operating systems are increasingly becoming more secure against exploitation that would cause them to become part of the botnet ecosystem, we are increasingly seeing broadband routers being abused for these purposes instead.

It used to be that shonky Windows installations in developing countries were the main problem for such attacks; now it’s broadband routers in developing countries too. (Via Stefan Pause.)
link to this extract

Why you hate Google’s new logo » The New Yorker

Sarah Larson:

Now Google is so smart and powerful, across so many platforms—Androids, a translation service, Chrome, Maps, Earth, self-driving cars, our collective brain—that our trust, our connection to that first thrilling moment, that gratitude and excitement, should be essential to maintain. You’d think the company would get that, and that rebranding, generally, feels suspicious. When I see that shifty new rainbow-colored “G” bookmarked on my toolbar, I recoil with mild distrust, thinking of when Philip Morris became Altria — No cigarettes here, see? Just rainbows! — or when British Petroleum suggested we think of it as Beyond Petroleum, or when the Bush Administration would name something Freedom.

Zingg! (Personally, though, I don’t like the new logo. I prefer the old one.)
link to this extract

Start up: smartphone jobs bloodbath, Apple v watch sales, Android’s messy sharing, and more

Posted on August 25, 2015 by charlesarthur

Content blockers for iOS are having their first tests: how do they do? Photo by WSDOT on Flikr.

A selection of 10 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

JFK displays actual wait times using sensors that monitor mobile phones » Blip Systems : Blip Systems

Passengers moving through JFK Airport’s Terminal 4 are now presented with estimated processing times on 13 new screens. The large and prominent screens are placed at TSA Security and Customs and Border Protection checkpoints, as well as the indoor taxi queue.

“It continuously updates,” says Daryl Jameson, vice president at the company JFKIAT, which runs Terminal 4. People like to know how long they are going to wait in queues. Nobody likes to wait in lines and signage helps to manage expectations.”

The wait times are driven by sensors that monitor passenger’s mobile devices as they move through the airport. The BlipTrack solution, invented by Denmark-based BLIP Systems, and installed by Lockheed Martin, detects Wi-Fi or Bluetooth devices in “discoverable” mode, found in mobile phones and tablets. When a device passes the sensors, its non-personal unique ID—called a MAC address—is recorded, encrypted and time-stamped. By re-identifying the device from multiple sensors, the travel times, dwell times and movement patterns become available.

Neat idea, though when you’re waiting in an inescapable queue, you don’t actually want to know your wait time; you want a distraction. This is why lift designers put mirrors and TVs showing news in lobbies where people wait for lifts: so you can do something else while you wait. Doesn’t speed up the lift; does reduce the subjective queuing time.
link to this extract

Ashley Madison search sites like Trustify are harvesting email addresses and spamming searched victims » Troy Hunt

I had this forwarded to me earlier today and frankly, I couldn’t believe it. I mean I knew Trustify were making email addresses publicly searchable and somehow not falling foul of DMCA takedowns whilst others doing the same thing were (possibly because Trustify has more lawyers than employees), but I had no idea they’d actually harvest addresses and then send unsolicited emails, so I Googled a bit and found a very unsympathetic Reddit thread on it. There’s a series of responses from thejournalizer (reportedly the content marketing director at Trustify) which provide such enlightening insights as:

The email OP received was actually established to help you and warn you that someone is seeking out details about you.

Ah, it’s there to help you! So after you search on the site and it says “You’ve been compromised” and provides a handy form to sign up to their commercial services, an email is also sent to you because, well, it might not be you.

Isn’t capitalism great, especially where data breaches are concerned.
link to this extract

Smartphone giants have lost 15,000 jobs to cheap Android phones this year » Quartz

Josh Horwitz:

The world’s smartphone manufacturing giants are losing their luster, leading to a steady stream of job cuts inside previously prestigious mobile units.

The most recent high-profile cuts occurred last week, when HTC and Lenovo each reported less than stellar earnings reports. HTC, after reporting a loss that exceeded analyst estimates five-fold (and caused its market valuation to fall below its cash assets), told investors it would cut fifteen percent of its workforce, amounting to over 2,000 jobs.

Lenovo, meanwhile, announced that it would reduce its workforce by 3,200 people, and cut its non-manufacturing headcount by 10%. The company didn’t specify which specific jobs were at risk, but it pointed to flagging global PC sales, along with the need to streamline its mobile phone unit, as its key goals for the coming year. The company’s net profits were down 51% year-on-year, and its Motorola handset division saw shipments plummet 31% to 5.9 million units.

You can argue about whether Microsoft, the source of half those 15,000 job losses, counts as a “smartphone giant” – shifted more units than Motorola, Sony or HTC – but when Lenovo (now owning Motorola) is cutting, that’s something.
link to this extract

Apple helps push US watch sales to biggest drop in seven years » Bloomberg Business

Thomas Mulier:

US watch sales fell the most in seven years in June, one of the first signs Apple’s watch is eroding demand for traditional timepieces.

Retailers sold $375m of watches during the month, 11 percent less than in June 2014, according to data from NPD Group. The 14% decline in unit sales was the largest since 2008, according to Fred Levin, head of the market researcher’s luxury division.

“The Apple Watch is going to gain a significant amount of penetration,” he said Thursday in a phone interview. “The first couple of years will be difficult for watches in fashion categories.”
The market for watches that cost less than $1,000 is most at risk, as consumers in that price range have indicated they’re the most likely to buy an Apple Watch, Levin said.

Well, it’s a data point.
link to this extract

Crystal benchmarks » Murphy Apps

Dean Murphy is developing a Safari content blocker called Crystal for iOS 9:

For this experiment, I have picked 10 pages from different news websites – Some I use regularly, some I don’t. The metrics I’m monitoring is page size (in MB) and load time (in Seconds). 10 pages is far from a good sample size for the web, I know, but the web is a big place, and my time to benchmark is limited.

Websites tested: New York Times, Business Insider, Macworld, Wired, The Verge, PC Gamer, iMore, Kotaku, Huffington Post, Vice.

Method: All sites tested on an iPhone 6+, connected to wifi (154Mb Fiber). All metrics are taken from Safari Web Inspector after doing an Ignored Cache Reload (CMD+Shift+R).

Results

On average, pages loaded 74% faster with Crystal and used 53% less bandwidth. Just by having Crystal installed, I saved a total of 70 seconds and 35MB of data on these 10 pages.

These are dramatic differences. (Click through for the graphs.) I’m beta testing Crystal myself; it makes the mobile web very attractive, all of a sudden. Though perhaps sites don’t feel the same way.
link to this extract

Staff exodus plus pressure from Microsoft and Apple hits Google Now » Re/code

Mark Bergen:

[Sundar] Pichai [who now heads Google] is known as an executive who seeks consensus rather than conflict. A former Googler who worked on Now recalled Pichai’s response to their protests [when Google Now was shifted from the Android division to the search division – seen as the “boring” area, and not the right fit for a mobile OS framework]: “‘Look, I’ve got a lot on my plate. Chrome and Android are my top priorities. Google Now is not on that. I can’t fight that battle for you.’”

Now has its own battles in store. It has a solid user base, more than a hundred million monthly ones, according to multiple sources. (Google declined to comment on these numbers.) Yet it’s unclear how active those users are, and only a slim slice of them are on the iOS app.

Apple, for its part, looks prepared to launch a competitor to Now on Tap. With its proactive assistant and spotlight search, the Apple entry could elbow Google out. Several people said it was unusual for Google to pre-announce a feature like Now on Tap before it is ready. That hurriedness may have been to pre-empt Apple’s announcement the following month.

And now Bing, which powers search on Apple devices, has its own Now on Tap foil.

iOS 9, with Proactive, will make Google Now largely pointless for the vast majority of iOS users; Google Now will be fine for Android users. Microsoft might pick up a few diehards, but it’s hard to see it really making an impact.

Google, meanwhile, is discovering internal politics in a big way. And that’s before Alphabet.
link to this extract

Sharing on Android is Broken » Terence Eden’s Blog

I’ve been using Android – Google’s mobile OS – it since before it was launched. I now love and loathe it in equal measure.

Consider the simple act of sharing a piece of content. A fairly common activity which the OS should be able to handle in a standard manner. Yet Google’s own apps each have a radically different way of completing this basic task.

Let’s take a look at the latest versions of Play, Maps, YouTube, Chrome, Google+, and Docs – all running on Lollipop.

• Google Play, has the normal Share Icon.
• Google Maps hides the option in a menu.
• YouTube has two share buttons, neither of which look like the one in Play.
• Chrome hides the option in a dropdown (weird how it floats over the menu button, unlike Maps).
• Google+ takes us back to the regular share icon (with no text label).
• Google Docs uses a floating bottom menu (what?!) with a yet another icon and a “Send file” text label.

Things get even worse once you open the Share menu, though. Eden makes a good point: there’s clearly no single person in charge of this UX element for Android, even for Google’s own apps, despite the fact that they’re on every single Android phone sold outside China.
link to this extract

Samsung smart fridge leaves Gmail logins open to attack » The Register

John Leyden:

Pen Test Partners discovered the MiTM (man-in-the-middle) vulnerability that facilitated the exploit during an IoT hacking challenge run by Samsung at the recent DEF CON hacking conference.

The hack was pulled off against the RF28HMELBSR smart fridge, part of Samsung’s line-up of Smart Home appliances which can be controlled via their Smart Home app. While the fridge implements SSL, it fails to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections.

The internet-connected device is designed to download Gmail Calendar information to an on-screen display. Security shortcomings mean that hackers who manage to jump on to the same network can potentially steal Google login credentials from their neighbours.

Yeah, it’s that “jump on the same network” thing which is the sticking point. I’d wager that most home networks are secured nowadays.
link to this extract

EU deepens antitrust investigation into Google’s practices » WSJ

Natalia Drozdiak:

In one of the questionnaires [sent out to website operators] inquiring about “exclusivity obligations”—whether Google prevents or obstructs website operators from placing ads on their websites that compete with Google’s advertising business—the commission asks companies to update responses they made about the issue in 2010 and to provide a copy of all their advertising agreements with Google over the last four years.

A separate questionnaire, investigating the allegations that Google copies or “scrapes” content from rival sites, asks companies to provide more information about whether Google takes content, such as images, from the companies and uses it in its own online services.

The images question – raised by Getty – is about Google Images effectively bypassing visits to sites, and making copies of images. The latter is potentially a bigger problem than most other topics; “fair dealing” (the UK version of the US’s “fair use”) is hard to argue when you’re copying and storing entire image libraries.
link to this extract

BT may have to hive off Openreach to improve the UK’s broadband services » Telegraph

Labour MP Chris Bryant, who lives in a rural constituency:

The government’s roll-out of broadband has been far too slow.

The Government has cannibalised the BBC licence fee to fund otherwise not commercially viable superfast connections to the tune of more than £1bn. Yet they have already missed their initial deadline of May 2015 and shifted it back by two and a half years to December 2017.

Even the 2017 deadline is only a hope, as senior BT executives and almost half of councils have warned it could end up being 2018 before the roll-out to 95% of the country is finished. But there is also another problem. The Government designed the tender process for the superfast roll-out in such a way that it was virtually impossible for anyone other than BT to win. The end result was that BT Openreach won 44 out of 44 contracts and its monopoly was reinforced.

Although BT Openreach, which owns the existing copper network and delivers the rollout, is nominally at arm’s length from BT, it is right that Ofcom is now considering whether this provides an unfair advantage to BT and whether it should be split off in the interests of transparency and fair competition.

No question; it should. BT Openreach had an operating profit margin of around 50% in the most recent quarter – while the rest of BT languished. BT OR is being milked, and we’re the cows.
link to this extract

Start up: the Samsung conflict, Google Analytics v Edge, Windows 95 v 10, Android woes and more

Posted on July 31, 2015 by charlesarthur

A smart cap could tell you if your milk had gone off – so much more accurate than someone’s nose. Photo by alisdair on Flickr.

A selection of 11 links for you. Because you can take it. (You’d better, I’m taking a three-week holiday break.) I’m charlesarthur on Twitter. Observations and links welcome.

Samsung’s profit center » Asymco

Horace Dediu:

Phone operating margins [at Samsung] peaked in Q1 2014 at 20% but are half that level today. These margins have dropped to levels Samsung had in 2009, before the Galaxy launched and before they had any substantial revenues from smartphones.

In contrast, the semiconductor group is growing both revenues and margins. Margins and operating profits are both 50% higher than those of devices.

We also know that Apple is Samsung Semiconductor’s single biggest customer. We can’t be sure how much of the total revenue/profit comes from Apple but if the pattern continues then Apple could be the greatest contributor to Samsung’s profitability in the near future.

How could this be? Wasn’t Samsung supposed to “disrupt” Apple?

The reality is that Samsung’s own smartphones are being disrupted by good-enough Android devices, typically made by Chinese brands. This low-end disruption is also affecting LG, another phone maker and Apple supplier.

Unlike Samsung and LG, Apple is less susceptible to low-end disruption. What Apple offers is a brand promise, an ecosystem, associated products and services and what amounts to a new market. It’s this parallel value network that competes with Android/Google, rather than with Samsung.

I’ll add another data point: the “phone operating margins” actually cover the IM [IT & Mobile] division, which includes PCs and (I believe) cameras. In the latest quarter, the non-phone revenue in the IM division was below US$500m, for the first time in at least four years. That suggests we’re very close to seeing the true profit margin of Samsung’s phone business, as the non-phone business probably doesn’t perturb the very much larger (US$22bn, ie over 44x larger) phone business.

And read Dediu’s post for the killer payoff line.
link to this extract

Google loses bid to overturn low-cost patent licenses to Microsoft » Reuters

Andrew Chung:

In a setback for Google, a U.S. appeals court ruled on Thursday that the low licensing rate Microsoft pays to use some of Google’s Motorola Mobility patents had been properly set.

The 9th U.S. Circuit Court of Appeals in San Francisco said a lower court judge properly determined the patents’ value even though the royalty rate was only a fraction of what Motorola had asked for. Google sold the Motorola handset business to Lenovo last year but kept its patents.

The court also upheld $14.5m awarded to Microsoft for Motorola’s breach of contract to license its patents fairly.

Patents at issue being standards-essential; Motorola kicked it off demanding $4bn per year. Judge James Robart put the royalty rate at $1.8m per year.
link to this extract

BT hands £129m back to UK.gov after beating rural broadband targets » The Register

Simon Rockman:

Both BT and the Ministry of Fun – or the Department of Culture, Media and Sport, if you prefer – have spun BT’s toeing-the-line-of-a-contractual-obligation as unbridled generosity towards taxpayers.

A statement from the Minister of Fun, John Whittingdale, said:

It’s fantastic to see that the rollout of superfast broadband is delivering for customers and for the taxpayer. The Government was clear from the start that as levels of people taking up superfast broadband went beyond our expectations in areas where we invested public money, BT would reimburse the taxpayer for reinvesting into further coverage across the UK. This now means that BT will be providing up to £129m cashback for some of the most hard to reach areas.
The funding was part of a Broadband Delivery UK (BDUK) project which has the aims of:

• provide superfast broadband coverage to 90 per cent of the UK by 2016
• provide basic broadband (2Mbps) for all by 2016
• provide superfast broadband to 95 per cent of the UK by 2017
• explore options to get near universal superfast broadband coverage across the UK by 2018
• create 22 “SuperConnected Cities” across the UK by 2015
• improve mobile coverage in remote areas by 2016

Speaking as someone who keeps finding themselves somehow forever in that “it’s coming in a couple of years, honest” part of the country (which seems to be a lot larger than 5%), I’d prefer Whittingdale to be lighting a fire under BT, and for Ofcom to demand that BT Openreach (which does the infrastructure) be split from the rest of BT.

After all, power generators don’t own the power lines, rail operators don’t own the track; why does BT own the phone lines?
link to this extract

Enterprises retake lead in tech adoption » Deloitte CIO – WSJ

Apparently a sort of chief information officer-focussed niche of the WSJ, this has the entertaining premise that:

many believe this trend of consumer-originated innovations entering the workplace, dubbed the consumerization of IT, will become the dominant model going forward. But there is strong evidence that the pendulum is swinging back to enterprise-first adoption, with organizations likely to capture more near-term value than consumers in the following four technology areas:

Which areas? Let’s see: wearables; 3D printers; drones; Internet of Things. Not a chance on wearables – enterprise adoption and value will lag far behind consumers (already does). On 3D printing, businesses are already ahead through prototyping, so no contest. On drones, again, armies got there first, so not really at issue. And IoT? It’s such a pain at present for most people that again, it’s left to businesses which have the time and patience to deploy. But I’d bet once IoT stuff becomes prevalent enough, it will be widely used by the ordinary folk.
link to this extract

The challenge of tracking Microsoft’s new Edge browser in Google Analytics » GeekWire

Even though Edge is now in the wild, tracking usage and adoption of the browser is going to be problematic for many web developers and site owners because tracking for Edge is not yet supported in Google Analytics.

Web developers and designers frequently consult Google Analytics to answer important browser usage questions for their website. Answers to questions like “Do we need to still support IE8?” or “Are there enough users affected by this particular Chrome bug to implement a hack to fix it?” are usually answered by running a browser usage report in Google Analytics. Google Analytics provides an easy way to break down a website’s readers by their OS, browser and browser version, except in the case of Edge.

Taking a look at Google Analytics reports for Operating System Version in Windows, you’ll notice that there is no version 10 listed.

WTH, Google? (Via Richard Burte.)
link to this extract

UC Berkeley engineers devise 3D-printed ‘Smart Cap’ to check safety of milk, juice » Food Safety News

The “smart cap” has an embedded inductor-capacitor tank as the wireless passive sensor and can monitor the quality of milk and juice wirelessly, the article stated.

“A quick flip of the carton allowed a bit of milk to get trapped in the cap’s capacitor gap, and the entire carton was then left unopened at room temperature (about 71.6 degrees F) for 36 hours,” according to a university news report.

The result shows a 4.3% resonance frequency shift from milk stored in the room temperature environment for that period. This work establishes an innovative approach to construct arbitrary 3D systems with embedded electrical structures as integrated circuitry for various applications, including the demonstrated passive wireless sensors, the article explained.

The Berkeley folk are saying “hey, people will print them out at home!” while everyone else is saying “this would be so useful in mass-produced containers”.

So here’s a picture of the 3D printer that the UC Berkeley people think you’ll want to print out milk carton tops with.
UC Berkely 3D printer
Yeah, I’ll have two – you never know when you might need a spare.
link to this extract

The fastest-growing mobile phone markets barely use apps » Quartz

Africa and Asia, the two fastest growing mobile markets, aren’t very big on apps.

The overwhelming majority of mobile internet activity in the regions is spent on web pages, according to a report released on 28 July by Opera Mediaworks. In Asia and Africa, websites made up 90% and 96% of mobile impressions, respectively, in the second quarter.

Their habits are a sharp contrast to the US, where apps accounted for 91% of impressions. Globally, there’s a more even distribution, with apps making up 56% of mobile impressions and websites comprising the remainder…

…“A big portion of the mobile audience in mobile-first regions like Africa and [Asia-Pacific] are still using low-end feature phones because of the cost factor,” a spokesman tells Quartz. “This therefore compels them to use the mobile web more than apps, which are usually dominant on smartphones.”

Today’s challenger for the “well duh” prize.
link to this extract

Windows 10 launched so quietly you may have missed it » The Guardian

Some two-bit hack blathering about a new version of Windows:

Windows 10’s biggest new feature? It’s free if you download it within the next year, and will install on machines running Windows 7 or Windows 8. Its second biggest feature? It isn’t Windows 8, which was released in 2012 and created widespread puzzlement by submerging the traditional desktop interface beneath big, bright “tiles” and getting rid of the familiar, popular Start menu.

That puzzlement soon turned to anger, forcing the ejection of the man who had led Windows 8’s development, Steve Sinofsky, and the introduction of Windows 8.1, which, while it didn’t bring the Start menu, did at least let you start off in desktop mode.

Now, Microsoft breezily says, “the familiar Start menu is back”, as though it had been on holiday rather than unceremoniously dumped.

On reflection, the biggest feature of Windows 10 is that it isn’t Windows 8. Being free is its second-biggest.
link to this extract

August 1995: A window we will all want to open » The Independent

Some two-bit hack blathering about a new version of Windows:

Microsoft’s computer program lines up with a number of other classic products: the Biro, aerosols, the Sony Walkman, the Boeing 747 jumbo jet, the Mini and the compact disc. It is a piece of technology which has arrived at just the right time to satisfy people’s wants.

Like those other classic products, Windows 95 enhances our personal independence and autonomy, and makes our lives more convenient. It draws everyone deeper into the existence of the “me” generation. Thus, aerosols let you manage your hair, your hygiene, your cleaning as you choose: convenience in a can. A Biro can write for far longer than a fountain pen, and when it’s finished you simply throw it away. The Mini, costing £400 in its first incarnation, made car ownership possible for the young and relatively poor, not just the comfortably well-off. The Walkman provided everyone with their own personal environment: the music (or noise) that you want at the volume you choose.

But like those earlier products, Windows 95 also exemplifies a wider economic and cultural trend. Just as globalisation gives corporations multinational reach, their products link physically and culturally diverse peoples, homogenising aspects of our lifestyles and, literally, connecting us up. Software can be “shipped” over a telephone line across borders; Windows 95 will be the same in Australia or the Arctic.

link to this extract

CNET’s early coverage of Windows 95, back in 1995 » YouTube

CNET’s first impression of Windows 95 was that it would create a huge impact, what with the long file names, taskbar and a recycle bin for unwanted files. Check out this vintage review along with Microsoft’s own promotional video that went with the launch.

Here’s the video:

(The presenter is Richard Hart.)

How far we’ve come. No, don’t disagree. Look at that video of the Fonz.
link to this extract

The security flaw Google built into Android » MIT Technology Review

Tom Simonite:

Google can’t push you an update for Android. It hands out the operating system to device manufacturers for free. They get to tinker with it to add features or apps of their own and are the only ones—along with cellular carriers in some cases —that can push updates to the devices they sell. Google does bind companies that use Android with some restrictions (for example to do with using its app store) but doesn’t require them to push out security updates quickly.

That leaves users of Android devices unable to avail themselves of what security experts say is the most important strategy for staying safe, at least according to researchers at none other than Google itself. They reported last week on a survey that asked computer security pros how they stay safe. Applying security updates emerged as the experts’ number one priority.

Google has lately come up with workarounds for Android’s flawed security model. It has shunted many key functions into apps that it can push updates to via its app store. But that doesn’t cover all of Android, and the app store doesn’t have a way to signal to you whether an app wants to update for security reasons or just to add new features.

The text message vulnerability revealed today can’t be fully fixed by upgrading apps. And it’s not unlikely that most vulnerable phones will never get the security patches for Android that Google has developed and will offer up to manufacturers and cellular operators.

Android has done spectacularly well, but one feels that it’s overdue its Blaster moment.
link to this extract

Start up: Wi-Fi Sense explained, another giant Android vulnerability, the US’s sleepiest cities, and more

Posted on July 30, 2015 by charlesarthur

What happens when you create a way for any programmer to analyse peoples’ DNA? (Hint: not good things.) Photo by micahb37 on Flickr.

A selection of 11 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Wi-Fi Sense in Windows 10: Yes, it shares your passkeys; no, you shouldn’t be scared » Ars Technica

Sebastian Anthony:

For a start, when a Wi-Fi passkey is shared with your PC via Wi-Fi Sense, you never actually see the password: it comes down from a Microsoft server in encrypted form, and is decrypted behind the scenes. There might be a way to see the decrypted passkeys if you go hunting through the registry, or something along those lines, but it’s certainly not something that most people are likely to do.

Perhaps more importantly, though, just how sacred is your Wi-Fi password anyway? Corporate networks notwithstanding (and you shouldn’t share those networks with Wi-Fi Sense anyway), most people give out their Wi-Fi keys freely. You could even argue that Wi-Fi Sense is more secure: if I ask Adam for his Wi-Fi password, I am free to give it away to anyone. If I receive the password via Wi-Fi Sense, I can still connect to Adam’s network, but I can’t tell anyone else the password.

And it only goes to immediate-circle friends, not friends of friends of.. So probably not such a big thing to worry about.
link to this extract

Why Grooveshark failed » The Verge

Stephen Witt:

The Grooveshark streaming application launched in April of 2008 — several months ahead of Spotify. The service proved explosively popular from the outset. Users, especially younger users, loved on-demand music delivery, and Greenberg left school to focus on Grooveshark full time. But there was a problem: Grooveshark still relied on peer-to-peer infrastructure similar to Napster, Kazaa, and bitTorrent. In other words, although it functioned as a streaming service, it still sourced the music from its users’ file libraries. And to the record companies, that looked like copyright infringement.

Without approval from the labels, Grooveshark struggled to attract venture capital. In its first five years of existence, the company raised just under a million dollars. In the same time, Spotify, with equity buy-in from the music majors, raised a hundred times as much.

It didn’t “look like” copyright infringement; it clearly was infringement, in just the same way that the original Napster was. That’s why it was sued into the ground. Grooveshark never played by the rules (artists demanded their music be removed; Grooveshark staff re-uploaded it, or ignored new uploads). They failed because they could never stay inside the rules.
link to this extract

Drones and spyware: the bizarre tale of a brutal kidnapping » WIRED

Kevin Poulsen with a wonderful tale of how truth is stranger than fiction:

efforts to trace the new emails were in vain. The author boasted that he was using Tor as well as other anonymizing precautions that would withstand even an “Egotistical Giraffe exploit,” a reference to an NSA de-anonymizing technique that surfaced in the Edward Snowden leaks. He sent the messages through the Singapore-based anonymous remailer anonymousemail.com, and shared the photos—stripped of metadata—through the anonymous image sharing site Anony.ws.

Evidently unconvinced, the Vallejo police still insisted the crime was a put-on, but the FBI was also on the case. And, it turned out, despite his sophistication, the kidnapper had left a digital trail.

The kidnapper had slipped by using a disposable Tracfone to call Quinn after the abduction. The FBI reached out to Tracfone, which was able to tell the agents that the phone was purchased from a Target store in Pleasant Hill on March 2 at 5:39 pm. Target provided the bureau with a surveillance-cam photo of the buyer: a white male with dark hair and medium build. AT&T turned over records showing the phone had been used within 650 feet of a cell site in South Lake Tahoe.

But the real break in the case came when the kidnapper evidently struck again.

link to this extract

Trend Micro discovers vulnerability that renders Android devices silent » Trend Micro

Wish Wu (Mobile Threat Response Engineer):

We have discovered a vulnerability in Android that can render a phone apparently dead – silent, unable to make calls, with a lifeless screen. This vulnerability is present from Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop). Combined, these versions account for more than half of Android devices in use today. No patch has been issued in the Android Open Source Project (AOSP) code by the Android Engineering Team to fix this vulnerability since we reported it in late May.

This vulnerability can be exploited in two ways: either via a malicious app installed on the device, or through a specially-crafted web site. The first technique can cause long-term effects to the device: an app with an embedded MKV file that registers itself to auto-start whenever the device boots would case the OS to crash every time it is turned on.

In some ways, this vulnerability is similar to the recently discovered Stagefright vulnerability. Both vulnerabilities are triggered when Android handles media files, although the way these files reach the user differs.

Seems like the media file handling is where everyone is focussing for Android weaknesses just now.
link to this extract

September 2014: iPhone 6 and Android value » Benedict Evans

From September 2014:

with the iPhone 6 and iOS8, Apple has done its best to close off all the reasons to buy high-end Android beyond simple personal preference. You can get a bigger screen, you can change the keyboard, you can put widgets on the notification panel (if you insist) and so on. Pretty much all the external reasons to choose Android are addressed – what remains is personal taste.

Amongst other things, this is a major cull of Steve Jobs’ sacred cows – lots of these are decisions he was deeply involved in. No-one was quicker than Steve Jobs himself to change his mind, but it’s refreshing to see so many outdated assumptions being thrown out.

Meanwhile, with the iPhone 6 Plus (a very Microsofty name, it must be said) Apple is also tackling the phablet market head on. The available data suggests this is mostly important in East Asia but not actually dominant even there – perhaps 10-20% of units except in South Korea, where it is much larger. Samsung has tried hard to make the pen (or rather stylus) a key selling point for these devices, but without widespread developer support (there is nothing as magical as Paper for the Note) it is not clear that these devices have actually sold on anything beyond screen size and inverse price sensitivity (that is, people buy it because it’s the ‘best’ and most expensive one). That in turn means the 6 Plus could be a straight substitute.

Now we have Samsung’s results (out by the time you read this) and LG’s results, where the latter specifically says that sales were lower in South Korea than expected. Evans seems to have been borne out: the only differentiator between premium Android and iPhones was screen size.
link to this extract

Busy-ness data on Google search results » Google

Do you ever find yourself trying to avoid long lines or wondering when is the best time to go grocery shopping, pick up coffee or hit the gym (hint: avoid Monday after work)? You’re in luck!

Now, you can avoid the wait and see the busiest times of the week at millions of places and businesses around the world directly from Google Search. For example, just search for “Blue Bottle Williamsburg”, tap on the title and see how busy it gets throughout the day. Enjoy your extra time!

That’s very clever. (Location data from Android phones, one guesses.)
link to this extract

Android security, bugs and exploits » Google+

Adrian Ludwig is head of security for Android:

There’s common, mistaken assumption that any software bug can be turned into a security exploit. In fact, most bugs aren’t exploitable and there are many things Android has done to improve those odds. We’ve spent the last 4 years investing heavily in technologies focused on one type of bug – memory corruption bugs – and trying to make those bugs more difficult to exploit.

A list of some of those technologies that have been introduced since since Ice Cream Sandwich (Android 4.0) are listed here. The most well known of these is called Address Space Layout Randomization (‘ASLR’), which was fully completed in Android 4.1 with support for PIE (Position Independent Executables) and is now on over 85% of Android devices. This technology makes it more difficult for an attacker to guess the location of code, which is required for them to build a successful exploit.

What Ludwig doesn’t mention: the Stagefright bug. Is it right to say it could be used to take over a phone via MMS? Or would ASLR defeat that? You’d hope the head of security for Android would tackle this in a public blogpost talking about security. But he doesn’t. Which tends to make one think the worst.
link to this extract

Which cities get the most sleep? » The Jawbone Blog

Tyler Nolan:

One of the major findings in our study of city sleep was that people living in cities just don’t get enough. No major city in the United States averages above the NIH-recommended seven hours of sleep per night. But it’s only part of the picture. The vast majority of the suburban and rural counties have much healthier sleep numbers.

Geography has a profound effect on the routines we follow and the habits we form. Our sleep cycles adapt to the pace and lifestyle of the world we live in and the world by which we are surrounded. We look forward to further investigating the effects of geography and how it influences UP wearers in all parts of the world.

Technical Notes: This study was based on over one million UP wearers who track their sleep using UP by Jawbone. Less populous counties were blended with neighboring counties to generate significant results. This technique revealed patterns at finer granularity than the state level, such as time zone boundaries. All data is anonymized and presented in aggregate.

One still gets that little tingle of concern that your sleep data could be tracked directly back to you by someone malicious or stalker-y at Jawbone. (The visualisations are lovely, though.)
link to this extract

Brinks’ super-secure smart safes: not so secure » WIRED

Kim Zetter:

Vulnerabilities found in CompuSafe Galileo safes, smart safes made by the ever-reliable Brinks company that are used by retailers, restaurants, and convenience stores, would allow a rogue employee or anyone else with physical access to them to command their doors to open and relinquish their cash, according to Daniel Petro and Oscar Salazar, researchers with the security firm Bishop Fox, who plan to demonstrate their findings next week at the Def Con hacker conference in Las Vegas.

The hack has the makings of the perfect crime, because a thief could also erase any evidence that the theft occurred simply by altering data in a back-end database where the smartsafe logs how much money is inside and who accessed it. If done well, the only telltale sign of an attack would be left on security cameras—if anyone bothered to look.

They’re “smart” because they can tally how much money is put into them. Dumb because they run Windows XP Embedded. And there’s an external USB port for “troubleshooting”.
link to this extract

Retailer Acceptance » Contactless Life

Duncan Stevenson has compiled a gigantic table of which companies accept contactless and Apple Pay payments (and to what amount).

In theory Apple Pay should be accepted at all retailers that accept contactless, and this seems to be the case for Mastercard and Visa cards, however American Express cards are currently experiencing issues with Apple Pay in certain retailers (hence the existence of the “Amex Apple Pay” column). I have a blog post coming soon covering the issues with American Express Apple Pay in the UK.

(It’s a real HTML table too.)
link to this extract

Your 23andMe DNA can be used in racist, discriminatory ways » BuzzFeed News

This week, an anonymous programmer posted on GitHub an early-stage program called Genetic Access Control. It basically worked as a log-in mechanism. The third-party program was designed to hook up to the company’s API and mine the 23andMe accounts of users who agreed to share their information, as they would agree to let apps connect to their Facebook or Twitter profiles. Websites using Genetic Access Control could scan that data for information about “sex, ancestry, disease susceptibility, and arbitrary characteristics” — and then restrict users’ access to the site based on this information.

For example, people with only the “right” amount of European ancestry would be allowed to access a website that used Genetic Access Control:

But 23andMe shut down the developer’s access to its API on Wednesday, two days after the code was published. 23andMe spokesperson Catherine Afarian told BuzzFeed News the program violated a policy that forbids use of the API for, among other things, “hate materials or materials urging acts of terrorism or violence.”

I think a programmer who actually wanted to cause trouble (as opposed to one, as here, just showing 23andMe how blithely trusting it is) could reasonably point out that they’re not creating hate materials or anything to do with terrorism or violence.

And – whoever they were – succeeded with a beautiful example of why you don’t really want to have open public access to a DNA database. As well as why 23andMe are twits for ever having thought so.
link to this extract

Start up: a huge new Android security risk, Google+ downgraded, iTunes’s giant mess, and more

Posted on July 28, 2015 by charlesarthur

It was 20 years ago (roughly) that a Rolling Stones song launched Windows 95. Photo by michfiel on Flickr.

A selection of 9 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Making free work (hint: cannibalize radio, not sales) » Music Industry Blog

Mark Mulligan:

Neither Spotify or Deezer is in the business of free music, they are in the business of subscriptions and simply use free as a marketing tool. So they have no reason to cling doggedly to free users that show no sign of converting. Instead after a sufficient period of free music has been offered users should be pushed to subscriptions or onto a radio tier (see figure). There is no business benefit to the streaming services nor rights holders to have perpetual on demand free users.

The assumption that free music is some sort of internet right is symptomatic of the internet’s growing pains. In terms of market development we’re probably at the adolescence stage of the internet, the stage at which carefree childhood starts to be replaced by responsibility and consequences. We’re seeing this happen right across the internet economy, from privacy, data, free speech, jurisdiction etc. Because music has been free online for so long consumers have learned to accept it as fact. That assumption will not be changed any time soon, and try to force the issue too quickly and illegal services will prosper.

Of course YouTube is, and always has been the elephant in the room, buoyed by the schizophrenic attitude of record labels who simultaneously question its impact on the market while continuing to use it as their number 1 digital promotional channel. While the tide may finally be beginning to turn, don’t expect YouTube to go anywhere any time soon. But should the screws tighten do expect YouTube to stop playing ball.

Apple Music, of course, chucks you out after your three-month trial unless you subscribe. Let’s see how it does for conversion.
link to this extract

Continuum on Windows 10 » Blogging Windows

Windows 10 adjusts your experience for your activity, device and display, so you can do your thing in any mode anytime you want. Onscreen features, like menus and taskbars, adapt for easy navigation. Apps are built to scale smoothly from screen to screen so they look good from the smallest app window up to the largest 8k displays*.

That’s gr– hey, what’s the asterisk?

“*App experiences may vary.”

Oh. (Via Wes Miller.)
link to this extract

Start Me Up (again) » GartenBlog

Windows 10 will arrive, without fanfare, on computers tomorrow (July 29th). In August 1995, Windows 95 was launched with the Rolling Stones’ “Start Me Up” as its theme song. Michael Gartenberg recounts Microsoft’s Brad Stone talking about the negotiations with the band:

For a good month we continued negotiations mostly on the phone. I had only so much I would and could pay and that made things easier on our end. The fact that we had to fish or cut bait to get our TV ads done in time for the August 24th launch served as a forcing function and eventually we agreed to terms. They rushed WK the “Start Me Up” recording as we were already working on the ad. The next day I got a frantic call from WK saying that the Stones had sent a later live version of “Start Me Up” that wouldn’t work. I called up Cohl and told him that I had to have the original version or there was no deal. Eventually they agreed. I found out later that the reason they gave us the live version was that it was recorded after Bill Wyman had left the band. Giving us the original meant that Wyman got his allocation of the deal which of course meant that giving us the original version of “Start Me Up” meant that Jagger, Richards and the rest of the band got less.

I also found out later that Jagger and Richards did not always see eye to eye on the deal. As Brad indicated, Jagger was less inclined to commercialize their music in this way. I was told he was especially ready to just forget the deal when we made it clear we needed the original version but that he did not want to piss off Richards over it because Richards wanted or needed the money.

One British paper (not me) suggested Microsoft paid $14m. “We paid a fraction of this”, Stone writes.
link to this extract

Dmail makes your Gmail messages self-destruct » TechCrunch

Sarah Perez:

The product works by way of a Google Chrome web browser extension, which only you, as the email sender, have to install.

Once loaded, you’ll have a new option within the Gmail “compose” interface that allows you to turn the Dmail service off and on using a toggle switch. When on, you can specify ahead of sending an email if you want the email destroyed in an hour, a day, a week, or “never.” Even if you choose the “never” option, you can later go into your sent message and click a “Revoke Email” button to remove access to that email from all recipients.

What’s clever about Dmail is that, unlike some other secure messaging products, recipients don’t have to use the service themselves in order for it to work. If they don’t have the extension installed, they’ll instead receive an email that states: “This secure message was sent using Dmail. To view this message, simply click the button below.”

Clicking the included “View Message” button will then redirect them to a web view where they can read your email.

More accurate headline: Dmail makes your Gmail messages into shareable web pages whose access you control. These attempts to reinvent email are doomed to failure.
link to this extract

Canon cuts outlook as weak camera sales hit second-quarter profit » Reuters

Ritsuko Ando:

Japan’s Canon Inc cut its earnings outlook for the full year and reported a 16% fall in quarterly profit as consumers, increasingly in the habit of taking photos with their smartphones, bought fewer compact digital cameras.

The world’s largest camera maker said on Monday its second-quarter net profit fell to 68bn yen ($552m) compared with 81bn yen a year earlier. Analysts on average expected 65bn yen, according to Thomson Reuters data.

The firm said it now expects full-year profit of 245bn yen rather than the 255bn it forecast three months ago.

Wait and see what they forecast in another quarter. This is a trend that will only continue.
link to this extract

The hidden opportunity of corporate smartphones » Tech.pinions

Bob O’Donnell:

Many of the IT professionals who are making or strongly influencing these purchases also have a soft spot for Windows and this preference clearly shows up in survey results. Though it’s well known the percentage of consumers actively using Windows Phones is small, what isn’t well known is a surprisingly large percentage of companies (over 40% in several different surveys) have employees who use devices running Microsoft’s mobile OS. In fact, in a TECHnalysis Research survey of US healthcare companies, 17% of work smartphones in their organizations were running Windows Phone. This goes a long way towards explaining Microsoft’s recent comments about focusing their future smartphone development towards enterprise as a key target. They actually have a solid opportunity there.

Goes to show how little influence IT professionals have in the new mobile world order, if you ask me. A reminder: about 80m Windows Phones are being used worldwide; in the US it’s in the low single-digit millions. That might be a gigantic corporate usage. Or it might be a small corporate usage and a small corporate usage.
link to this extract

Major flaw in Android phones would let hackers in with just a text » All Tech Considered : NPR

Aarti Shamani:

In this attack, the target would not need to goof up — open an attachment or download a file that’s corrupt. The malicious code would take over instantly, the moment you receive a text message.

“This happens even before the sound that you’ve received a message has even occurred,” says Joshua Drake, security researcher with Zimperium and co-author of Android Hacker’s Handbook. “That’s what makes it so dangerous. [It] could be absolutely silent. You may not even see anything.”

Here’s how the attack would work: The bad guy creates a short video, hides the malware inside it and texts it to your number. As soon as it’s received by the phone, Drake says, “it does its initial processing, which triggers the vulnerability.”

The messaging app Hangouts instantly processes videos, to keep them ready in the phone’s gallery. That way the user doesn’t have to waste time looking. But, Drake says, this setup invites the malware right in.

If you’re using the phone’s default messaging app, he explains, it’s “a tiny bit less dangerous.” You would have to view the text message before it processes the attachment. But, to be clear, “it does not require in either case for the targeted user to have to play back the media at all,” Drake says.

Gives attackers system privileges. Proportion of Android devices vulnerable: 95%. Google has pushed out an update to hardware makers. But have the hardware makers pushed the update out? Google reckons that if 50% of devices get it, that will be good.

The big risk is that someone will create a Blaster-style worm that attacks a phone and then accesses its phone book to send malicious MMSs to the numbers in the phone book.
link to this extract

Don’t order the fish » Marco.org

Marco Arment:

With the introduction of Apple Music, Apple confusingly introduced a confusing service backed by the iTunes Store that’s confusingly integrated into iTunes and the iOS Music app (don’t even get me started on that) and partially, maybe, mostly replaces the also very confusing and historically unreliable iTunes Match.

So iTunes is a toxic hellstew of technical cruft and a toxic hellstew of UI design, in the middle of a transition between two partly redundant cloud services, both of which are confusing and vague to most people about which songs of theirs are in the cloud, which are safe to delete, and which ones they actually have.

iTunes has Microsoft’s problem: supporting a gigantic range of legacy hardware in the form of millions of iPods and iPhones.
link to this extract

Everything in its right place » Official Google Blog

Bradley Horowitz, VP of “Streams, Photos and Sharing”:

People have told us that accessing all of their Google stuff with one account makes life a whole lot easier. But we’ve also heard that it doesn’t make sense for your Google+ profile to be your identity in all the other Google products you use.

So in the coming months, a Google Account will be all you’ll need to share content, communicate with contacts, create a YouTube channel and more, all across Google. YouTube will be one of the first products to make this change, and you can learn more on their blog. As always, your underlying Google Account won’t be searchable or followable, unlike public Google+ profiles. And for people who already created Google+ profiles but don’t plan to use Google+ itself, we’ll offer better options for managing and removing those public profiles.

You’ll see these changes roll out in stages over several months. While they won’t happen overnight, they’re right for Google’s users—both the people who are on Google+ every single day, and the people who aren’t.

On that YouTube blogpost:

The comments you make on YouTube will now appear only on YouTube, not also on Google+. And vice-versa. This starts rolling out today.

Google+ is no longer obligatory. Slightly too soon to call it dead. But it will never grow big. And we’ll never hear those faintly bogus stats about “user sharing” or inflated claims of users.
link to this extract

Start up: Apple’s Sonos rival?, Nokia’s smartwatch, three-ton Twitter, Netscape in the NHS, and more

Posted on June 15, 2015 by charlesarthur

Sunday Times sourcing? Photo by DrJohn2005 on Flickr

A selection of 8 links for you. Why not? I’m charlesarthur on Twitter. Observations and links welcome.

Apple Music’s missing link: how Beats Electronics fumbled its Sonos killer (EXCLUSIVE) » Variety

Janko Roettgers:

Beats was looking to build a premium product that would mimic and compete with wireless speakers produced by Sonos. Like Sonos, Beats wanted to give consumers the option to place speakers in multiple rooms of their house, and then have them all play the same music synchronously. And like Sonos, Beats was looking to introduce a bigger, more powerful speaker for the living room first, and then follow up with a smaller, more affordable product for the kitchen and bedroom.

However, Beats wasn’t just looking to copy Sonos. The company was also working on combining Bluetooth with Wifi and NFC to allow for seamless handovers, effectively making it possible to launch music playback as soon as you’d enter the room, said a source familiar with technical details of the project. And thanks to its premium brand, Beats wasn’t looking to undercut Sonos — quite the contrary: Word has it the company was looking to sell its bigger Wifi speaker for as much as $750.

1) wouldn’t have been a Sonos killer
2) this is utterly random, but my next-door neighbour works in the (legal) pharma industry, and four months ago told me the story of going to a party in San Diego where “people from Apple” were talking about exactly this device. So I’m inclined to believe it, weirdly. Also, my neighbour’s reaction: “I said, so you’ve reinvented the boombox?” Probably why it was canned.

Apple’s WWDC keynote: issues with structure, approach, direction » Mobile Forward

Hristo Daniel Ushev on the messy Apple WWDC keynote:

Ultimately, the issues above are symptoms of weak (or hand-cuffed) direction. Not just in the form of what to do (e.g., don’t have Eddy Cue focus on the app) but also in terms of what not to do – i.e., editing. Editing in this context: shortening the list of presenters, directing them to use fewer slides (at one point, they flashed by like pages in a flip book), and saying no to distracting uses of humor and movement. When viewed through this lens, I think this keynote lacked a director. Or at least one that could effectively influence the senior executives and the choices they made. (Believe me, I’m not saying any of this is easy.)

Will all this impact the products’ success? Not directly. Indirectly, however, key influencers of consumers (developers, fans, and journalists) may get a fuzzier picture of Apple’s intent or advantage.

The music segment was terrible. The rest, fine.

Sunday Times Snowden story is journalism at its worst » The Intercept

Glenn Greenwald on the Sunday Times’s story – its front-page lead (aka “splash”) claiming that UK intelligence agencies “had to move” agents and that Russia and China “had cracked” the files (here’s text of the print version; try reading it first):

how could these hidden British officials possibly know that China and Russia learned things from the Snowden files as opposed to all the other hacking and spying those countries do? Moreover, as pointed out last night by my colleague Ryan Gallagher – who has worked for well over a year with the full Snowden archive – “I’ve reviewed the Snowden documents and I’ve never seen anything in there naming active MI6 agents.” He also said: “I’ve seen nothing in the region of 1m documents in the Snowden archive, so I don’t know where that number has come from.”

Greenwald is furious, and rightly so. The Sunday Times story is clearly hung on a single quote from a UK intelligence agency source, but one which doesn’t support the story’s claims. The Snowden archive is vast, but putting a number on it is surprisingly difficult, because it has interrelated files – there’s an almost wiki-like quality to some parts.

Given that the UK (and US) intelligence agencies don’t claim to know what’s in the Snowden files, they can’t know what the Russians or Chinese know from it – if for the sake of credulity we believe that the Russians and Chinese have cracked the encryption, which I seriously doubt.

When I used to work Sunday shifts as a news reporter at The Independent, I often had to “follow up” stories that appeared in the Sunday Times. The problem was, as soon as you began trying to establish the facts they claimed, the stories fell apart – the claims didn’t match reality. This is another example, although that hasn’t stopped the BBC repeating it (though an analysis by Gordon Corera in the middle of this straight-up followup rather backs away from the Sunday Times claims).

Microsoft Moonraker was Nokia’s smartwatch before it was killed » The Verge

Tom Warren:

Nokia’s Moonraker smartwatch never made it to market primarily because Microsoft was anticipating its wearable Band. While the Moonraker had a number of sensors to allow you to lift your arm to read texts or drop it to turn off the display, Microsoft opted for the Band as it had more functionality. Nokia took the familiar “Metro” interface from Windows Phone and paired it with simple email, phone, and messaging apps on its smartwatch. There was even a camera remote feature to take pictures on a smartphone from the watch. Facebook and MixRadio integration was also built-in, alongside customizable watch faces and different colored straps.

It’s unlikely that the “Moonraker” will ever make it to the market, but given time Microsoft may want to bring some of the more fashion-related aspects of it over to the Band in the future. Microsoft is now working on the second generation of its Band. While the software platform on the upcoming Microsoft Band 2 will remain largely the same, the look and feel of the device will improve. Microsoft is expected to launch its next-generation Band later this year after Windows 10 is available broadly.

The UI looks unfinished in the photos. And would it have worked only with Windows Phone? If so, it was dead already.

The Twitter of the three-ton nail » Medium

Zeynep Tufekci on Twitter’s “metric-driven” approach to please Wall Street:

if you set up an absurd game, as Wall Street often does, ruled by the incentives of those who set the rules (their quarterly bonus calculations depend on chasing growth for the sake of growth), people will, naturally, game the system and produce the results you want, just as absurdly.

At the moment, sadly, Wall Street is not solely a representative of market dynamics, but also a collective madness imposed upon us by the distorted over-accumulation of capital in the hands of too-few people. This “elite failure” has repercussions beyond my beloved platform: from global warming to revving up global growth (you can’t grow demand if people don’t make money) but in a sustainable manner (because the annual bonus is not the right time-frame). We are paying the price for having surrendered our economy to a game that is not about some independent logic of the market, but the absurdity of accumulating more zeroes in a bank account (which you cannot spend in any reasonable lifetime).

If you’re not following @zeynep, you should. She’s so incisive.

Misunderstood or inappropriate mobile benchmarks are hurting the industry and consumers » Forbes

Patrick Moorhead:

Because of the creation, use and promotion of these inaccurate, misunderstood, and/or gameable benchmarks, we are seeing smartphone manufacturers and SoC vendors dedicating time and engineering resources to ensuring that their performance in these benchmarks is up to expectations. After all, if so many people are using or mischaracterizing AnTuTu and Geekbench, it lends them credibility even when it shouldn’t.

Or vendors are adding features that make the misrepresentative benchmarks look better, like by adding more CPU cores beyond what any piece of software can use to improve the experience outside of battery life.

Additionally, because so many reputable tech blogs don’t run ANY benchmarks at all, they are essentially giving the ones that do more credibility when they show AnTuTu and other benchmarks.

I trust Anandtech (as does Moorhead), but most other benchmarks strike me as crap because they tell you nothing about experience. Google’s Project Butter (smoother scrolling) and Project Volta (longer battery life) and focus, in Android M, on standby life tells us that benchmarks tell you barely anything about real-life use.

Exclusive: BlackBerry may put Android system on new device: sources » Reuters

Euan Rocha:

BlackBerry is considering equipping an upcoming smartphone with Google’s Android software for the first time, an acknowledgement that its revamped line of devices has failed to win mass appeal, according to four sources familiar with the matter.

The move would be an about-face for the Waterloo, Ontario-based company, which had shunned Android in a bet that its BlackBerry 10 line of phones would be able to claw back market share lost to Apple’s iPhone and a slew of devices powered by Android.

The sources, who asked not to be named as they have not been authorized to discuss the matter publicly, said the move to use Android is part of BlackBerry’s strategy to pivot to focus on software and device management. BlackBerry, which once dominated smartphone sales, now has a market share of less than 1%.

Rocha is based in Toronto. I’d trust his sources. Can’t see why BlackBerry thinks this is a good idea though. It’s losing money on handsets; this would be a way to get commoditised out of the solar system, and lose its faithful buyers too.

NHS browser statistics » LinkedIn

Mark Reynolds:

Have you wondered what technology the NHS uses? We gather anonymous statistics on those using NHSmail and so have a good picture of technology across healthcare in England and Scotland.

88% of users access the service via Windows, with 8% on Macs and 3% on Linux. Amazingly we have a user browsing NHSmail using their Wii, which suggests dedication to the cause or spoofing the browser data. 65% of users are on Windows 7, followed by XP (20%) and Vista (3%). Windows 8 usage is too low to register.

Microsoft Internet Explorer dominates browser statistics at 73%, followed by Chrome (13%), Safari (7%), Mozilla (5%) and Firefox (2%). 0.9% of traffic comes from Netscape! Internet Explorer 7 and 8 account for 61% of the traffic, with IE 11 too low to register.

Two things: Netscape > Windows 8. Also: XP > Vista + Windows 8. That’s inertia.

Worth comparing with data.gov.uk stats for web browsing.

HTC’s prospects begin to look like a death spiral

Posted on June 9, 2015 by charlesarthur

HTC’s stock has plummeted in the past few days after a profit warning.

On Friday, HTC released a gold edition of its flagship M9 smartphone. Oh, hubris: the timing couldn’t have been worse. Not only did it emerge that the product promo photos had been taken with an iPhone, but within hours the company also issued a formal warning that its financial performance in the current quarter (running from April to June) would be substantially worse than it had expected. Revenues in May were terrible – down by 48% from the year before, which itself had been nothing to sing about.

Now it says that Q2 revenues won’t be the forecast TW$46-51bn (about $1.7bn), but more like TW$33-36bn (about $1.1bn) and that rather than a small profit it will make a net loss – between TW$9.70 and $9.94 per share, which is about TW$8.2bn (US$250m).

HTC has been skating along on operating margins of less than 1% for the past three quarters; cumulative net profits for that period is TW$1.47bn, or US$47m (yes, forty-seven million).

This latest news though feels like a headlong plunge into the abyss.

The forecast suggests that HTC’s June revenues will be as low as they’ve ever been since 2009 – perhaps worse.

Forecast for June is as low as 2009 – before the Android explosion.

The stock market certainly seems to think so, marking HTC’s shares down 9% for two successive days – the maximum drop allowed before “circuit-breakers” come in.

Caught in the value trap

HTC’s story is a cautionary tale about life in the value trap – when you don’t make the core software, and so have to rely on hardware differentiation and software add-ons. It has reduced the PC business to one where the five biggest Windows PC OEMs have 60% of the market, and pretty much all the profits; it’s doing much the same to the Android smartphone market, except the profits there are accruing to just one company (Samsung).

HTC’s problem is that its hardware advantage ran into the sand once Samsung really got serious about dominating the smartphone space, and now – rather like Samsung – it’s being eaten from below by Chinese rivals that do the job just as well, and at the high end is being outcompeted by LG (which has upped its game enormously in the past two years) and to a lesser extent by Sony (which offers features such as waterproofing and SD cards). Let’s also not mention those terrible adverts with the no-doubt-expensive Robert Downey Jr.

In its profit warning, HTC said:

“The change for revenue outlook is due to slower demand for high-end Android devices, and weaker than forecast sales in China, while gross margin is revised primarily on product mix change and lowered scale. At the same time, increased competition has raised operating costs for product promotion; HTC is enacting measures to further improve operating efficiency.”

In brief: the M9 (this year’s flagship) isn’t selling; Chinese buyers are buying other phones (or fewer phones altogether); it’s harder to get noticed with so many rivals; HTC’s going to cut some jobs and spending in an attempt to save itself.

HTC has been a sub-scale player for some time now – remember the calamitous delay to the HTC One in March 2013? – and to some extent the only interesting question is whether any of its attempts to escape the downward spiral can succeed. On the plus side, it’s well-capitalised, so it’s unlikely to abruptly go bust. Its key problem is how quickly it can ramp up other businesses such as its Vive VR headset and Re camera, and how much revenue they’ll generate, while it tries to rely on making smartphones that too few people want to buy.

Losing traction

You can actually trace the point where the wheels came off by looking at HTC’s accounts, and specifically the inventory levels. “Inventory” is a mixture of goods waiting to be made into handsets in factories, work-in-progress, and finished devices.

Now compare HTC’s revenues with its inventory level. You can see that it remains largely under control through to the end of 2012 – although it’s beginning to rise as the iPhone 5 and Galaxy S3 began pushing it out of the market, meaning it was harder to sell handsets. (The lines are on slightly different scales: by the end of 2012, inventory was about 40% of revenue.)

Revenues kept ahead of inventories, at least to the end of 2012…

But in 2013, it hit that problem sourcing camera sensors for the HTC One M8 (the original – thanks Matjaz Ropret). And it shows up in inventory: all those goods sitting in factories and warehouses waiting to be shipped. Inventory spiked to 89% of revenue for the quarter. Revenues have tracked down, and inventories have stayed relatively high (above 35% of revenue, and sometimes 76%) ever since. High inventories are bad because they’re goods that you’ve paid for, but can’t sell; they’re a drag on business, and what’s worse is that as they age they drop in value. Tim Cook described inventory as “like milk – it goes off after a few days”. (Apple’s inventory is consistently below five days of hardware sales.) HTC had 45 days’ worth of inventory at the end of Q1; watch out for the figure at the end of June, because it will tell us how the M9 has sold to carriers, if not end users.

Suddenly at the end of 2012, things go out of control…

Basically, the inventory story breaks into two parts – green marks the OK stage, and red the point where it’s gone bad:

The red period, from the end of 2012 on, shows inventories growing way above associated revenues

(This, by the way, is why it matters to look at company accounts. You can find stories if you read them closely enough. That’s where I found BlackBerry’s PlayBooks piling up in 2011.)

The company’s caught in a bind. It doesn’t make enough profit to invest in really top-level R+D that might let it break through into new spaces. Here’s its R+D spending by quarter, in US dollars:

With spending at about $100m per quarter, HTC can’t break out of its position as a mid-tier smartphone maker.

It’s pretty hard to spot where it is spending money on the HTC Re camera, or the HTC Vive VR headset. The latter seems like a smart move (whereas the camera is a complete commodity product whose minimal margins will get eaten by rivals, just like in the phone market). HTC’s in there comparatively early, and has a deal with Valve. I wouldn’t rely on that being the saviour of the business, though.

In search of a USP

So how does HTC get out of this? A better way to ask the question is: what’s HTC’s unique selling point (USP)? What does it bring to the smartphone and device party that nobody else does? Apple has its brand and vertical integration; Samsung has scale and vertical integration (it makes the chips and displays for its own phones); LG has vertical integration; Sony has its brand and terrific photo sensors, though I don’t think that’s necessarily sufficient for the survival of its smartphone business, it is at least a USP.

HTC doesn’t have a geographical advantage (it’s not in China, it’s in Taiwan); it doesn’t have a vertical integration advantage. It isn’t developing the software, though its Sense overlay for Android is nice. There’s no point making Windows Phone handsets, because they don’t sell except at the low end, and there’s no profit there.

Contrast BlackBerry and HTC: both are now pulling in roughly the same revenue per quarter (sub-$2bn). BlackBerry sells far fewer handsets than HTC – only 1.6m in the December-February quarter, and by my estimates perhaps 1.3m in the March-May period, while HTC shipped around 5m handsets in Q1.

BlackBerry’s advantage, though, is that it has a cushion of customers, particularly in enterprise, who are willing to pay subscription fees. If handsets were all BlackBerry had, it would have gone bust long ago.

HTC doesn’t have that cushion. So what does the future look like? At one time in 2012/3, Amazon was interested in buying it – but Cher Wang, its chair (and now CEO, having pushed Peter Chou over to the “future products” side) turned Jeff Bezos down. That looks like a bad decision. Short of a miracle, it doesn’t look like anything’s going to pull HTC out of the mire.