Start up: the Gawker-Thiel fiasco in detail, Three to try adblock, how Genius screwed security, and more

Hello! Your internet thermostat is happy to control your home temperature. Photo by claireonline on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 12 links for you. Aren’t they pretty? I’m charlesarthur on Twitter. Observations and links welcome.

Market watchers pessimistic about 2-in-1 market • Digitimes

Aaron Lee and Steve Shen:

»To maintain the sales momentum of the Surface Book, Microsoft plans to launch upgraded models of its Surface Pro family products with improved CPU performance in the third quarter of 2016, indicated the sources.

Asustek also plans to launch a Surface Book-like model soon to cash in on the prevailing trend for 2-in-1 products, revealed the sources, adding that Asustek will roll out the new model at a rate of 40,000 units a month.

However, since the 2-in-1 models mostly come with a display in 12- to 13-inch size, demand for such models are likely to be limited, and therefore the proliferation of new models is likely to bring a price war in the segment in the second half, commented the sources.

«

Could be crowded; the 2-in-1 market is definitely limited, but a price war will hurt them.
link to this extract

 


Google wins Java copyright case against Oracle • WSJ

Jack Nicas:

»A federal jury here ruled that Google’s use of Oracle Corp.’s Java software didn’t violate copyright law, the latest twist in a six-year legal battle between the two Silicon Valley titans.

Oracle sued Google, a unit of Alphabet Inc., in 2010 for using parts of Java without permission in its Android smartphone software. A federal appeals court ruled in 2014 that Oracle could copyright the Java parts, but Google argued in a new trial this month that its use of Java was limited and covered by rules permitting “fair use” of copyright material.

A 10-person jury on Thursday agreed.

Google acknowledged using 11,000 lines of Java software code. But it said that amounted to less than 0.1% of the 15 million lines of code in its Android mobile-operating system, which runs most of the world’s smartphones.

«

Good. Let that be the end of it, please God. (But no, Oracle says it will appeal.)
link to this extract

 


Apple’s secret AI technology: meet VocalIQ, the self-learning technology that is a part of Siri2 • Medium

Brian Roemmele:

»If Apple utilizes just a small subset of the technology developed by VocalIQ [a Cambridge UK startup it bought at the end of 2015], we will see a far more advanced Siri. However I am quite certain the amazing work of Tom Gruber [who worked on the original Siri; no relation to John Gruber] will also be utilized.

Additionally the amazing technology from Emollient, Perception and a number of unannounced and future Apple acquistions will also become a big part of Apple’s AI future. I wrote about how the Voice First, Voice Commerce and Voice Payments world will play out here. As I have asserted in my 1989 Voice Manifesto, there will not be advertising in Voice First devices, there will be Voice Commerce and Voice Payments. The push mechanisms of advertising give way to Intelligent Agents pulling ontologies.

Apple has entered into a new era. Steve Jobs saw this in the twlight of his life and made sure the company had a firm foothold into the future. This future will be lead by Viv, Alexa, Google Home, Facebook M and 100s of companies that no one has yet heard of toiling in garages around the world quite like Apple did in 1975.

«

link to this extract

 


Peter Thiel’s dangerous campaign against Gawker • Fusion

Felix Salmon:

»[Peter Thiel] Thiel end up bankrolling the hugely expensive Hulk Hogan case against Gawker, along with an unknown number of others. And thus did the Hogan case become an attempt to bring a media organization to its knees, more than it was an attempt to deliver justice for Hulk Hogan himself.

Hogan could have accepted a substantial financial settlement; he could also have made it much more likely that he would get paid, by suing in such a manner as to make Gawker’s insurance company liable for any verdict. Instead, he refused all settlements, and withdrew the insurable complaints, to ensure that the company itself would incur as much damage as possible.

The next step, after the Hogan verdict, was for Thiel to go public. After the enormous damages were announced and the long appeals process creaked into action, it started to become obvious that Gawker would need to raise more capital in order to continue to be able to fight the case. (In the worst case scenario, it would need to put up a $50 million bond.) Gawker had already sold some new stock in January; there was talk of doing the same thing again. With cash, Gawker could fight the Hogan verdict, get it reduced or even thrown out entirely, and carry on as a going concern.

But then the Thiel bombshell dropped. The Hogan case, it turned out, wasn’t a war in which Gawker could emerge victorious; instead, it was merely a battle in a much larger fight against an opponent with effectively unlimited resources.

«

Rich rightwingers outspokenly or through subterfuge funding attacks against publications isn’t new; Robert Maxwell (as greedy a capitalist as ever there was) and Jimmy Goldsmith come immediately to mind. Clearly it’s the expectation that because someone is a tech-head they will be progressive that is the wrong one.

Salmon, by the way, thinks that Thiel outed himself to Forbes as the source of funding for Hogan.
link to this extract

 


Conservative Facebook investor Peter Thiel funded anti-ACORN videographer • Village Voice

Steven Thrasher:

»[James] O’Keefe is now well known as the young man who dressed up as a pimp with a colleague, Townhall.com blogger Hannah Giles, who was dressed like a prostitute. The pair traveled around the country, seeking advice from ACORN [Association of Community Organisations for Reform Now] workers about how to hide prostitution money for tax purposes. At five of the offices they visited, ACORN workers gave such advice while O’Keefe’s hidden camera was rolling. The videos have cost ACORN the support of Congress, the U.S. Census and the White House, and the organization stands to lose tens of millions of dollars in government grants.

O’Keefe, meanwhile, has repeatedly claimed to be financially independent. In an interview with the New York Post shortly after the ACORN videos hit the Internet, O’Keefe claimed to be “absolutely independent.” Giles said she had “drained my entire savings” to spend the summer making the undercover videos. O’Keefe estimated his budget at $1,300, and said that Giles had paid for her own plane ticket to California. The couple said they lived off of Power Bars and Subway sandwiches for two months.

But O’Keefe turns out to have a substantial history of being funded by conservative figures.

«

Thiel kicked in with funding of somewhere between $10,000 and $30,000, which isn’t a lot on its own, but sure helps. ACORN is defunct as of November 2010, but used to “advocate for low- and moderate-income families by working on neighbourhood safety, voter registration, health care, affordable housing, and other social issues”.
link to this extract

 


Gawker founder looking to sell after losing Hogan judgment • New York Post

Claire Atkinson:

»Gawker Media founder Nick Denton has begun quietly soliciting bids for the sale of his company, The Post has learned.

Denton hired Houlihan Lokey media banker Mark Patricof to advise him on the valuation of the cash-hungry company in the event that he needs to sell it to pay damages to Hulk Hogan, who was awarded $140m by a Florida jury after Gawker posted a sex video of the wrestling legend, sources said.

At least one unnamed party has already expressed interest with a deal valued at between $50m and $70m, sources said.

Denton owns a 68% stake in Gawker after bringing in his first outside investor earlier this year. He sold a minority stake for $100m to technology firm Columbus Nova Technology Partners, injecting some much-needed cash as the company fought the Hogan suit.

The value of the business was pegged at $250m around the time of that deal, but that number has since sunk, sources said.

«

link to this extract

 


Mt. Gox creditors seek trillions where there are only millions • The New York Times

Nathaniel Popper:

»$2,411,412,137,427.

That figure — $2.4 trillion for those with an untrained eye for very large numbers — is in the same ballpark as the annual economic output of France.

It is also exactly the amount that people around the world claim they lost when Mt. Gox, the Tokyo-based virtual currency exchange, collapsed into bankruptcy in 2014, after huge, unexplained losses of the volatile digital currency Bitcoin.

As with most of the people who lost money with Bernard L. Madoff, the investment manager who was convicted of running a Ponzi scheme, most of those who put their Bitcoin in Mt. Gox will be disappointed: The Japanese trustee overseeing the case said on Wednesday that only $91 million in assets has been tracked down to distribute to claimants — a small portion of the more than $500 million in assets that Mt. Gox claimed it had in the weeks before it went bankrupt in February 2014, and a tiny portion of the amount that claimants have requested.

«

Though as the story notes, the value of BTC currently extant is about $7bn, or 0.3% of $2.4trn. BTC hasn’t fallen that far. So there are lots of fake claims.
link to this extract

 


My internet-connected home gadget hell • NY Mag

The wonderful “Internet of shit” account holder on her/his experience:

»At first, I found myself obsessing over the app and my newfound insights into the home. I would check the temperature multiple times a day, as if I needed to know how warm it was inside. As with all home gadgets, my interest eventually waned as it did its job. Eventually, I forgot about the thermostat — until its “smart” features started failing gradually. One time I arrived home to a bitterly cold house, about 10°C (50°F), wondering what had gone wrong — it turned out the internet had gone down while I was away, so the thermostat hadn’t bothered to do anything.

This would eventually become a recurring theme with my thermostat. In the middle of winter it began disconnecting, frequently overnight — even when there was a solid internet connection — and didn’t have a backup mode. I’d wake up seeing my own breath, then spend hours rebooting the thermostat, boiler, and router to get it working again. The only way to control the gadget is via the app, so when it breaks you’re really screwed.

«

I have a Hive (controls heating and hot water via an app or web, remotely or there). The hot water stopped working. Must be a problem with the Hive, right? Spent ages on the phone with British Gas rebooting, checking connections, all that stuff.

Outcome: it was a problem with a valve in the hot water system. Nothing to do with Hive. It had simply added an extra layer of debugging to the system. (Via Charles Knight.)
link to this extract

 


Can BuzzFeed News survive the shift to video? • CNN

Dylan Byers:

»BuzzFeed is increasingly staking its future on video, where entertainment is top priority. At the beginning of 2015, video accounted for 15% of the company’s revenues. Today, it’s approaching 50%, according to a company spokesperson. Peretti even moved to Los Angeles last year — for personal reasons, he said, but also because BuzzFeed’s L.A.-based video division was the “fastest growing team” at the company.

Taken together, the reduced revenue projections and the shift to video signal a shift in the balance of power that favors entertainment over journalism. Many industry observers and some staff believe that BuzzFeed will eventually curtail or even jettison its news division in order to focus on more profitable revenue streams.

“The halo that BuzzFeed got from ‘News’, they don’t need it any more,” said one media executive who is familiar with BuzzFeed’s plans. “Entertainment, video, production — that’s where the money is, that’s where they can get growth.”

BuzzFeed News is in “retrenchment,” one senior member of the BuzzFeed editorial staff said. “The growth mode has stopped.”

«

So Buzzfeed can survive the shift fine – it’s whether, or to what extent, the news side can that’s in question. (Related: CNN has autoplay video. Beware.)
link to this extract

 


Three network to run 24-hour adblocking trial • The Guardian

Jasper Jackson:

»Mobile provider Three is to run a 24-hour adblocking trial in the UK in the first step towards removing ads for all its customers.

The company is planning to contact customers and ask them to sign up for the trial, which will take place in mid June.

Three claims it wants to introduce adblocking to improve customer privacy, reduce data costs and provide a better experience accessing the web on phones. The company said advertisers should pay for the data costs associated with ads, but that it isn’t trying to get ads removed completely.

Three UK chief marketing officer Tom Malleschitz said: “This is the next step in our journey to make mobile ads better for our customers. The current ad model is broken. It frustrates customers, eats up their data allowance and can jeopardise their privacy. Something needs to change.”

“We can only achieve change by working with all stakeholders in the advertising industry – customers, advertising networks and publishers – to create a new form of advertising that is better for all parties.”

Despite Three’s insistence it wants to work with the companies that are showing its customers ads, many publishers will view the move as an all-out attack on their businesses.

«

This could get ugly.
link to this extract

 


Could there be a fifth fundamental force of nature? • Popular Science

Ryan Mandelbaum:

»The Hungarian group found their new force while looking for a “dark photon,” light that only impacts dark matter. They hit a strip of lithium with protons, the lithium sucked up the protons to become an unstable version of beryllium, which threw up pairs of electrons and positrons, the electron’s antiparticle partner. When the protons hit the lithium at a certain angle, 140 degrees, out came way more electrons and positrons than the Hungarians were expecting. They think all that excess stuff could be from a new particle 34 times heavier than the electron, and a hint that maybe there’s a new force lurking somewhere.

Nature reports that other physicists seem skeptical, but are excited about the new force. Still, researchers at the Thomas Jefferson National Accelerator Facility in Newport News, Virginia, CERN, and other labs are trying to see if they can recreate the Hungarian team’s results in their own experiments.

«

Just noting this in case posterity finds a use for it.
link to this extract

 


How Genius annotations undermined web security • The Verge

Vining Assar:

»The primary way Genius annotations are accessed on the web is by adding “genius.it” in front of any URL as a prefix. The genius.it server reads the original content behind the scenes, adds the annotations, and delivers the hybrid content. The Genius version of the page includes a few extra scripts and highlighted passages, but until recently it also eliminated the original page’s Content Security Policy. The Content Security Policy is an optional set of instructions encoded in the header of the HTTP connection which tells browsers exactly which sites and servers should be considered safe — any code which isn’t from one of those sites can then be ignored.

Content Security Policies were first introduced in 2012 and are not yet in widespread use, since they can interfere with scripts used for advertising and social-network functionality, and thus tend to be implemented only by sites with high security standards. Still, the sites that do supply Content Security Policies include PayPal, BuzzFeed, Facebook, Twitter, Airbnb, Pinterest, CNN, and IMDb, among others. Since the web-annotator product is designed to work as a substitute for any webpage on the internet, Genius presented a substantial new attack surface, theoretically usable by any malicious hacker who could lure their victims into clicking on a Genius redirect…

…I began to realize that the entire service is built on top of a unique approach to overriding the standard security practices of the web.

«

“Let’s annotate the web!” has been the war cry of various people down the years (including, briefly, Microsoft). It never turns out to be a good idea.
link to this extract

 


Errata, corrigenda and ai no corrida: none notified.

Start up: AI for your app, quantum computing works?, Yahoo’s future, Watch watch, and more


Firefox OS: heading rapidly for the exit. Photo by Wojciech Szczęsny on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

How predictive APIs simplify machine learning » ProgrammableWeb

Louis Dorard:

App developers are always looking for ways to make the lives of their users easier and for ways to introduce innovative features that help users save time. For this reason, Machine Learning (ML) has been increasingly popular in app development. Classical examples include spam filtering, priority filtering, smart tagging, and product recommendations. Some people estimate that Machine Learning is now being used in more than half of a typical smartphone’s apps. Because of the new functionality gained by these apps, we can talk of “predictive apps,” a term coined by Forrester Research which refers to “apps that provide the right functionality and content at the right time, for the right person, by continuously learning about them and predicting what they’ll need.” 

If you’re writing an app that would fit that description, this is a great primer.
link to this extract


Mozilla will stop developing and selling Firefox OS smartphones » TechCrunch

Ingrid Lunden:

Firefox OS was first unveiled in 2013, with the aim of targeting the developing world and late adopters with low-cost handsets.

To differentiate from Android and iOS, Mozilla and its carrier partners focused on a web-first platform, with no native and only web apps. Sales, however, were always poor and the devices themselves failed to ignite a lot of consumer interest, and a number of OEMs cornered the market with a flood of cheap handsets. In a business that depends on economies of scale, it was a failure.

Mozilla has been on a streamlining track lately. Last week it announced that it would be looking for alternative homes for its Thunderbird email and chat client. The aim is for the company to focus more on its strongest and core products and reputation.

Came really late to the game, and never made table stakes – an app ecosystem – because it didn’t think that that table was right. Apps trump the mobile web.
link to this extract


Drones save over two hundred people in Chennai floods » DRONELIFE

A senior officer of the Chennai police said that the force has deployed drones in several of the most unreachable neighborhoods, and have been able to locate as many as 200 people, rescuing all of them.  The search and rescue operation sends drones up from a control vehicle.  The aerial images obtained are then sent to a control room, where staff reviews footage and pinpoints affected homes and people.  When a rescue site is identified, the control room communicates with teams of volunteers nearest to the location through wireless walkie-talkie, sending rescue workers to retrieve victims stranded in their homes.

link to this extract


Controversial quantum machine bought by NASA and Google shows promise » MIT Technology Review

Tom Simonite:

Hartmut Neven, leader of Google’s Quantum AI Lab in Los Angeles, said today that his researchers have delivered some firm proof of that. They set up a series of races between the D-Wave computer installed at NASA against a conventional computer with a single processor. “For a specific, carefully crafted proof-of-concept problem we achieve a 100-million-fold speed-up,” said Neven.

Google posted a research paper describing its results online last night, but it has not been formally peer-reviewed. Neven said that journal publications would be forthcoming.

Google’s results are striking—but even if verified, they would only represent partial vindication for D-Wave. The computer that lost in the contest with the quantum machine was running code that had it solve the problem at hand using an algorithm similar to the one baked into the D-Wave chip. An alternative algorithm is known that could have let the conventional computer be more competitive, or even win, by exploiting what Neven called a “bug” in D-Wave’s design. Neven said the test his group staged is still important because that shortcut won’t be available to regular computers when they compete with future quantum annealers capable of working on larger amounts of data.

Been a long time coming, but this is just starting to look promising. Hell, even if it’s off by a few orders of magnitude, it’s amazing.
link to this extract


What’s going on at Yahoo? Here are seven things worth knowing » BuzzFeed News

Mathew Zeitlin draws up the list, in which No.1 and No.5 are the important ones:

Here’s the deal. Yahoo’s current market value is about $32.9bn.

This is much less than the value of the things it owns. Yahoo’s stake in Alibaba is worth about $32.4bn, and its stake in Yahoo Japan is worth about $8.7bn. It also has $1.3bn in cash and about $5.5bn in other securities, and $1.2bn in debt. All that adds up to around $46bn.

So if the market values Yahoo at $33 billion, does that imply the actual Yahoo business — the websites, the apps, the digital advertising tech — is worth less than zero?

Not quite — and here is where those tax issues come into play. Yahoo’s investments in Japan and China have all gained value massively over the years, and all that is subject to taxes if it’s sold. Hedge fund Starboard Value estimates the tax bill on Alibaba shares put their true value to shareholders at around $19.6bn; the Yahoo Japan stake would be worth around $5.3bn.

Once you take those taxes into account, it looks more like Yahoo investors are valuing its actual business at a little over $2bn. That’s a figure that has been promoted by activist investor Starboard Value, as well as analysts at Nomura and Pivotal Research.

And now No.5:

There may be cooler kids on the block these days, but Yahoo still has a massive presence on the web.

According to ComScore, Yahoo has a global audience of 618 million — the fourth largest of any company, behind only Google, Microsoft, and Facebook. In the U.S., Yahoo’s 211 million desktop and mobile unique visitors make it the third biggest destination, behind Google and Facebook.

“Our overall network including Tumblr continued to serve a global user base of more than 1 billion monthly active users,” Yahoo CEO Marissa Mayer said in a recent earnings call. Facebook, in comparison, has over 1 billion daily active users. In terms of headcount the two are comparable: Yahoo has 10,700 full-time employees, while Facebook has about 12,000.

link to this extract


Android returns to growth in Europe’s big five Markets » Kantar Worldpanel

Carolina Milanesi:

“As the holiday season approaches, it appears smartphone upgrades are on Santa’s list, with 14% of EU5 smartphone owners planning to replace their current device with a new one in the next three months,” Milanesi said. “Among those consumers, 25% said they prefer Apple, while 38% said they prefer Samsung. Among Apple owners in the EU5 planning to upgrade over the next three months, 79% said they prefer Apple, while 62% of Samsung owners planning to upgrade say they prefer Samsung.”

High retention rate for Apple; less so for Samsung. But Samsung has more users overall, because it sells more phones. (Leaky buckets.)

What’s not visible is the general trend; iPhone sales, on this data, are trending faintly upwards in the mature markets such as the EU5 and US and China.
link to this extract


Time ticks on chances of the Apple Watch catching on » FT.com

Tim Bradshaw:

The pollsters quizzed 1,017 Britons over the age of 15. They found 66% were aware of smartwatches. Awareness was down to 60% among respondents aged 35 and older, and to 57% among the lowest three social and economic groups.

Only 2% said they owned a smartwatch, down to 1% among those over 35. The poll showed 43% believed people did not need a smartwatch; but that doesn’t mean 57% of people believe you do need one.

Similarly, 24% saw a smartwatch as a gimmick, but that’s not an indication that 76 per cent regard it as a life necessity.

Possibly the glummest news for enthusiasts was that only 6% of the smartwatch-aware were likely to buy one in the next year.

So, unless I’m reading the figures wrongly, enthusiasm for this kind of wearable technology is several degrees below lukewarm.

Wearable technology, in general, hasn’t proven its worth to the general population. Then again, smartphones didn’t prove their worth to the general population for quite some time either – about three years from the launch of the iPhone. I’d love to see a comparative study from that time. (Links welcome.)
link to this extract


Apple’s secrets about the iPhone were revealed during Samsung lawsuit » BGR

Yoni Heisler looks back to what came out in the 2012 trial during the discovery phase, particularly in the documents revealed to either side. How about the kickstand idea for the original iPad?

Yeah, perhaps you can guess how long Steve Jobs would let that one live.
link to this extract


June 2015: Which phone has the best battery life? 5 top smartphones tested and compared » Trusted Reviews

Andrew Williams, in June 2015:

For every phone we review, we perform battery tests. There are benchmarks, and just using the phone to see how long it really lasts in daily use. This combo gives you a good idea of how long any phone will stay awake between charges.

But it’s fallible.

All sorts of things can affect battery life, especially when you’re out and about using the thing. So we decided to get all the big phones of 2015 together and give them a thorough going-over with some real-life-related tests to see which phone really is the longest-lasting.

Which phones? We’ll be checking out the iPhone 6, iPhone 6 Plus, Samsung Galaxy S6, LG G4 and HTC One M9. After all, they’re the most desirable phones of the year.

Remarkable results (on video loops, web browsing, film over Wi-Fi, music in the background). Enjoyable comments too saying “but the battery is reporting it wrong!” Which might, actually, be correct. But probably isn’t. (Via Ian Betteridge.)
link to this extract


Errata, corrigenda and ai no corrida:

Start up: Wi-Fi Sense explained, another giant Android vulnerability, the US’s sleepiest cities, and more


What happens when you create a way for any programmer to analyse peoples’ DNA? (Hint: not good things.) Photo by micahb37 on Flickr.

A selection of 11 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Wi-Fi Sense in Windows 10: Yes, it shares your passkeys; no, you shouldn’t be scared » Ars Technica

Sebastian Anthony:

For a start, when a Wi-Fi passkey is shared with your PC via Wi-Fi Sense, you never actually see the password: it comes down from a Microsoft server in encrypted form, and is decrypted behind the scenes. There might be a way to see the decrypted passkeys if you go hunting through the registry, or something along those lines, but it’s certainly not something that most people are likely to do.

Perhaps more importantly, though, just how sacred is your Wi-Fi password anyway? Corporate networks notwithstanding (and you shouldn’t share those networks with Wi-Fi Sense anyway), most people give out their Wi-Fi keys freely. You could even argue that Wi-Fi Sense is more secure: if I ask Adam for his Wi-Fi password, I am free to give it away to anyone. If I receive the password via Wi-Fi Sense, I can still connect to Adam’s network, but I can’t tell anyone else the password.

And it only goes to immediate-circle friends, not friends of friends of.. So probably not such a big thing to worry about.
link to this extract


Why Grooveshark failed » The Verge

Stephen Witt:

The Grooveshark streaming application launched in April of 2008 — several months ahead of Spotify. The service proved explosively popular from the outset. Users, especially younger users, loved on-demand music delivery, and Greenberg left school to focus on Grooveshark full time. But there was a problem: Grooveshark still relied on peer-to-peer infrastructure similar to Napster, Kazaa, and bitTorrent. In other words, although it functioned as a streaming service, it still sourced the music from its users’ file libraries. And to the record companies, that looked like copyright infringement.

Without approval from the labels, Grooveshark struggled to attract venture capital. In its first five years of existence, the company raised just under a million dollars. In the same time, Spotify, with equity buy-in from the music majors, raised a hundred times as much.

It didn’t “look like” copyright infringement; it clearly was infringement, in just the same way that the original Napster was. That’s why it was sued into the ground. Grooveshark never played by the rules (artists demanded their music be removed; Grooveshark staff re-uploaded it, or ignored new uploads). They failed because they could never stay inside the rules.
link to this extract


Drones and spyware: the bizarre tale of a brutal kidnapping » WIRED

Kevin Poulsen with a wonderful tale of how truth is stranger than fiction:

efforts to trace the new emails were in vain. The author boasted that he was using Tor as well as other anonymizing precautions that would withstand even an “Egotistical Giraffe exploit,” a reference to an NSA de-anonymizing technique that surfaced in the Edward Snowden leaks. He sent the messages through the Singapore-based anonymous remailer anonymousemail.com, and shared the photos—stripped of metadata—through the anonymous image sharing site Anony.ws.

Evidently unconvinced, the Vallejo police still insisted the crime was a put-on, but the FBI was also on the case. And, it turned out, despite his sophistication, the kidnapper had left a digital trail.

The kidnapper had slipped by using a disposable Tracfone to call Quinn after the abduction. The FBI reached out to Tracfone, which was able to tell the agents that the phone was purchased from a Target store in Pleasant Hill on March 2 at 5:39 pm. Target provided the bureau with a surveillance-cam photo of the buyer: a white male with dark hair and medium build. AT&T turned over records showing the phone had been used within 650 feet of a cell site in South Lake Tahoe.

But the real break in the case came when the kidnapper evidently struck again.

link to this extract


Trend Micro discovers vulnerability that renders Android devices silent » Trend Micro

Wish Wu (Mobile Threat Response Engineer):

We have discovered a vulnerability in Android that can render a phone apparently dead – silent, unable to make calls, with a lifeless screen. This vulnerability is present from Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop). Combined, these versions account for more than half of Android devices in use today. No patch has been issued in the Android Open Source Project (AOSP) code by the Android Engineering Team to fix this vulnerability since we reported it in late May.

This vulnerability can be exploited in two ways: either via a malicious app installed on the device, or through a specially-crafted web site. The first technique can cause long-term effects to the device: an app with an embedded MKV file that registers itself to auto-start whenever the device boots would case the OS to crash every time it is turned on.

In some ways, this vulnerability is similar to the recently discovered Stagefright vulnerability. Both vulnerabilities are triggered when Android handles media files, although the way these files reach the user differs.

Seems like the media file handling is where everyone is focussing for Android weaknesses just now.
link to this extract


September 2014: iPhone 6 and Android value » Benedict Evans

From September 2014:

with the iPhone 6 and iOS8, Apple has done its best to close off all the reasons to buy high-end Android beyond simple personal preference. You can get a bigger screen, you can change the keyboard, you can put widgets on the notification panel (if you insist) and so on. Pretty much all the external reasons to choose Android are addressed – what remains is personal taste.

Amongst other things, this is a major cull of Steve Jobs’ sacred cows – lots of these are decisions he was deeply involved in. No-one was quicker than Steve Jobs himself to change his mind, but it’s refreshing to see so many outdated assumptions being thrown out. 

Meanwhile, with the iPhone 6 Plus (a very Microsofty name, it must be said) Apple is also tackling the phablet market head on. The available data suggests this is mostly important in East Asia but not actually dominant even there – perhaps 10-20% of units except in South Korea, where it is much larger.  Samsung has tried hard to make the pen (or rather stylus) a key selling point for these devices, but without widespread developer support (there is nothing as magical as Paper for the Note) it is not clear that these devices have actually sold on anything beyond screen size and inverse price sensitivity (that is, people buy it because it’s the ‘best’ and most expensive one). That in turn means the 6 Plus could be a straight substitute. 

Now we have Samsung’s results (out by the time you read this) and LG’s results, where the latter specifically says that sales were lower in South Korea than expected. Evans seems to have been borne out: the only differentiator between premium Android and iPhones was screen size.
link to this extract


Busy-ness data on Google search results » Google

Do you ever find yourself trying to avoid long lines or wondering when is the best time to go grocery shopping, pick up coffee or hit the gym (hint: avoid Monday after work)? You’re in luck!

Now, you can avoid the wait and see the busiest times of the week at millions of places and businesses around the world directly from Google Search. For example, just search for “Blue Bottle Williamsburg”, tap on the title and see how busy it gets throughout the day. Enjoy your extra time!

busy-ness data from Google

That’s very clever. (Location data from Android phones, one guesses.)
link to this extract


Android security, bugs and exploits » Google+

Adrian Ludwig is head of security for Android:

There’s common, mistaken assumption that any software bug can be turned into a security exploit.  In fact, most bugs aren’t exploitable and there are many things Android has done to improve those odds. We’ve spent the last 4 years investing heavily in technologies focused on one type of bug – memory corruption bugs – and trying to make those bugs more difficult to exploit. 

A list of some of those technologies that have been introduced since since Ice Cream Sandwich (Android 4.0) are listed here. The most well known of these is called Address Space Layout Randomization (‘ASLR’), which was fully completed in Android 4.1 with support for PIE (Position Independent Executables) and is now on over 85% of Android devices. This technology makes it more difficult for an attacker to guess the location of code, which is required for them to build a successful exploit.

What Ludwig doesn’t mention: the Stagefright bug. Is it right to say it could be used to take over a phone via MMS? Or would ASLR defeat that? You’d hope the head of security for Android would tackle this in a public blogpost talking about security. But he doesn’t. Which tends to make one think the worst.
link to this extract


Which cities get the most sleep? » The Jawbone Blog

Tyler Nolan:

One of the major findings in our study of city sleep was that people living in cities just don’t get enough. No major city in the United States averages above the NIH-recommended seven hours of sleep per night. But it’s only part of the picture. The vast majority of the suburban and rural counties have much healthier sleep numbers.

Geography has a profound effect on the routines we follow and the habits we form. Our sleep cycles adapt to the pace and lifestyle of the world we live in and the world by which we are surrounded. We look forward to further investigating the effects of geography and how it influences UP wearers in all parts of the world.

Technical Notes: This study was based on over one million UP wearers who track their sleep using UP by Jawbone. Less populous counties were blended with neighboring counties to generate significant results. This technique revealed patterns at finer granularity than the state level, such as time zone boundaries. All data is anonymized and presented in aggregate.

One still gets that little tingle of concern that your sleep data could be tracked directly back to you by someone malicious or stalker-y at Jawbone. (The visualisations are lovely, though.)
link to this extract


Brinks’ super-secure smart safes: not so secure » WIRED

Kim Zetter:

Vulnerabilities found in CompuSafe Galileo safes, smart safes made by the ever-reliable Brinks company that are used by retailers, restaurants, and convenience stores, would allow a rogue employee or anyone else with physical access to them to command their doors to open and relinquish their cash, according to Daniel Petro and Oscar Salazar, researchers with the security firm Bishop Fox, who plan to demonstrate their findings next week at the Def Con hacker conference in Las Vegas.

The hack has the makings of the perfect crime, because a thief could also erase any evidence that the theft occurred simply by altering data in a back-end database where the smartsafe logs how much money is inside and who accessed it. If done well, the only telltale sign of an attack would be left on security cameras—if anyone bothered to look.

They’re “smart” because they can tally how much money is put into them. Dumb because they run Windows XP Embedded. And there’s an external USB port for “troubleshooting”.
link to this extract


Retailer Acceptance » Contactless Life

Duncan Stevenson has compiled a gigantic table of which companies accept contactless and Apple Pay payments (and to what amount).

In theory Apple Pay should be accepted at all retailers that accept contactless, and this seems to be the case for Mastercard and Visa cards, however American Express cards are currently experiencing issues with Apple Pay in certain retailers (hence the existence of the “Amex Apple Pay” column).  I have a blog post coming soon covering the issues with American Express Apple Pay in the UK.

(It’s a real HTML table too.)
link to this extract


Your 23andMe DNA can be used in racist, discriminatory ways » BuzzFeed News

This week, an anonymous programmer posted on GitHub an early-stage program called Genetic Access Control. It basically worked as a log-in mechanism. The third-party program was designed to hook up to the company’s API and mine the 23andMe accounts of users who agreed to share their information, as they would agree to let apps connect to their Facebook or Twitter profiles. Websites using Genetic Access Control could scan that data for information about “sex, ancestry, disease susceptibility, and arbitrary characteristics” — and then restrict users’ access to the site based on this information.

For example, people with only the “right” amount of European ancestry would be allowed to access a website that used Genetic Access Control:

Ways to use 23andMe API

But 23andMe shut down the developer’s access to its API on Wednesday, two days after the code was published. 23andMe spokesperson Catherine Afarian told BuzzFeed News the program violated a policy that forbids use of the API for, among other things, “hate materials or materials urging acts of terrorism or violence.”

I think a programmer who actually wanted to cause trouble (as opposed to one, as here, just showing 23andMe how blithely trusting it is) could reasonably point out that they’re not creating hate materials or anything to do with terrorism or violence.

And – whoever they were – succeeded with a beautiful example of why you don’t really want to have open public access to a DNA database. As well as why 23andMe are twits for ever having thought so.
link to this extract