Start up: VR porn!, privacy and the FBI, Baidu’s data grab, why Trump?, and more

A Nissan Leaf charging. But you’d know that if you were to plug its VIN into a public API. Photo by Janitors on Flickr.

Don’t be late! Sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs » Troy Hunt

Someone in one of Hunt’s classes discovered how to find out the battery status of Nissan’s popular electric car – and also turn its air conditioning on or off. For any LEAF. Without authorisation. Via API. From anywhere. And Nissan didn’t listen, and four different groups have discovered it independently:

»Nissan need to fix this. It’s a different class of vulnerability to the Charlie Miller and Chris Valasek Jeep hacking shenanigans of last year, but in both good and bad ways. Good in that it doesn’t impact the driving controls of the vehicle, yet bad in that the ease of gaining access to vehicle controls in this fashion doesn’t get much easier – it’s profoundly trivial. As car manufacturers rush towards joining in on the “internet of things” craze, security cannot be an afterthought nor something we’re told they take seriously after realising that they didn’t take it seriously enough in the first place. Imagine getting it as wrong as Nissan has for something like Volvo’s “digital key” initiative where you unlock your car with your phone.

By pure coincidence, this week Nissan unveiled a revised LEAF at the GSMA Mobile World Congress. Clearly, like many car makers, their future involves a strong push for greater connectivity in their vehicles:

»

In a fully connected, fully mobile world, in-vehicle connectivity is an absolute must for today’s drivers.

«

«

Perhaps not an “absolute must”, actually.
link to this extract

 


I got hacked mid-air while writing an Apple-FBI story » USAToday

Steven Petrow works for USA Today, and was writing and sending emails via Gogo Wi-Fi on a flight to Raleigh, Virginia. On touchdown, the guy in the seat behind him explained that he had hacked him, and “most people on the flight”:

»“That’s how I know you’re interested in the Apple story,” he continued. “Imagine if you had been doing a financial transaction. What if you were making a date to see a whore?” My mind raced: What about my health records? My legal documents? My Facebook messages?

And then the kicker:

“That’s why this story is so important to everyone,” he told me. “It’s about everyone’s privacy.”

Then he headed down the escalator and I headed out the front door. I may have been wearing my jacket, but I felt as exposed as if I’d been stark naked…

…[He then called Alex Abdo, a civil rights lawyer]: who is in actual danger here? The answer, apparently, is pretty much all of us. “Anyone who relies on the security of their devices,” Abdo told me.

It should be up to each of us to decide what to make public, and what to keep private, he continued. For me, I felt as though the stranger on the plane had robbed me of my privacy — as was explicitly his intent. He took the decision of what to share out of my hands. He went in through the back door of the GoGo connection.

«

link to this extract

 


Microsoft has acquired Xamarin » Petri

Brad Sams:

»Xamarin is one of the leading platforms for mobile app development and provides a robust platform that helps developers build mobile apps using C# and deliver fully native mobile app experiences to all major devices, including iOS, Android, and Windows. Seeing as Microsoft is a productivity focused company whose Visual Studio product is used by millions around the globe, this acquisition will fit nicely into their portfolio of products.

With more than 15,000 customers in 120 countries, of which 100 are Fortune 500 firms, Xamarin has become a leader in this space. Companies like Alaska Airlines, Coca-Cola Bottling, Thermo Fisher, Honeywell and JetBlue all use the software to develop their apps.

«

Apparently MSDN devs want to know if they’ll get it for free.
link to this extract

 


Solid support for Apple in iPhone encryption fight: poll » Reuters

Jim Finkle:

»Nearly half of Americans support Apple Inc’s (AAPL.O) decision to oppose a federal court order demanding that it unlock a smartphone used by San Bernardino shooter Rizwan Farook, according to a national online Reuters/Ipsos poll.

Forty-six percent of respondents said they agreed with Apple’s position, 35 percent said they disagreed and 20 percent said they did not know, according to poll results released on Wednesday.

Other questions in the poll showed that a majority of Americans do not want the government to have access to their phone and Internet communications, even if it is done in the name of stopping terror attacks.

«

Wait, I thought half supported the FBI? Oh god I’m so confused. As are the people being asked subtly different questions about the same topic.
link to this extract

 


Apple-FBI fight asks: is code protected as free speech? » Bloomberg Business

Adam Satriano:

»There’s some precedent for arguing that code is protected legal speech. In the 1990s, a graduate student at the University of California at Berkeley wrote an encryption program for his own research that he wanted to make public. Under federal regulations, a coder must get a license to publish cryptography tools, and the government denied the student’s license. In 1999, the U.S. Court of Appeals in San Francisco ruled for the first time that source code was protected as speech, and the student, Dan Bernstein, who is now an instructor at the University of Illinois at Chicago, was allowed to share the code freely.

The case, Bernstein v. U.S. Department of Justice, has been highlighted by those who favor less regulation of the Internet. But judges have also ruled that free speech protections don’t apply to code. Courts have been especially skeptical in cases involving piracy of music and movies.
The law “is murky in this area,” said Michael Froomkin, a law professor at the University of Miami — and that’s why Apple’s case could break new ground.

«

link to this extract

 


I tried VR porn, and I liked it » Ars Technica UK

Sebastian Anthony:

»You will probably be unsurprised to hear that VR porn is awesome. It’s like porn, but better. The porn I was sampling—made by Naughty America—was essentially a standard first-person-perspective film, but with the ability to look around. Unlike some VR experiences that are just two-dimensional 360-degree panoramas, Naughty America’s porn is stereoscopic; stuff actually sticks out, or comes flying at you. You really do want to reach out and touch things.

I watched three different scenes as I sat there in the cafe. In all three of them, “I” (a male actor) was reclining on some kind of sofa, looking down at my muscular physique and giant appendage. In some scenes, other people did things to me—in other scenes, I was much more proactive.

To be honest, it was a bit weird, looking down and seeing someone else’s body. But, after a few minutes of watching, I began to feel a sense of agency; I began to feel that yes, those rippling muscles were mine; I began to feel that it was me being tended to by two other beautiful people.

And of course, just as I was starting to get into it, the demo ended and I found myself back in the real world, being grinned at by a couple of guys from Naughty America. “Pretty cool, eh?”

All I can do is nod. Why did the demo have to end so soon?

Right now Naughty America’s films only allow have a 180-degree field of view, primarily because a standard porn scene doesn’t require anything greater, but also because it’s technologically quite challenging as well. Different varieties of porn—orgies and the like—would require a 360-degree field of view, but it doesn’t seem that Naughty America is working on that just yet.

When I asked Ian Paul, the company’s CIO, about how they actually film the VR scenes, he refused to tell me anything. “I can’t give away anything right now.” Basically, according to Paul, it’s quite hard to shoot a 3D VR film from an actor’s perspective, and lots of porn studios are currently trying to find the optimal setup.

«

You think kids playing video games is a problem now? Wait until this stuff becomes easily available.
link to this extract

 


Trump shatters the Republican Party » Politico

Shane Goldmacher:

»While Cruz has tried to tap into frustrated voters via ideology, Rubio has been far more reticent to amplify the angriest voices, saying repeatedly, “It is not enough to simply nominate someone who is angry.”

In South Carolina last week, when a voter shouted out that Hillary Clinton was a “traitor,” Rubio interjected gently, “I wouldn’t go that far, sir.” And last month, in Iowa, when another voter worried about Islamic sharia law coming to America, Rubio rebutted, “Guys, that’s not going to happen.”

While Rubio dances around the electorate’s resentments, Trump revels in them. On primary night in South Carolina, he tapped into their nationalism as he whacked at Mexico and China. “They’ve taken out jobs, they’ve taken our money, they’ve taken our everything,” he declared.

The crowd cheered wildly. “I showed anger and the people of our country are very angry!” Trump later tweeted about his South Carolina victory.

Perkins, the evangelical leader, described the Trump phenomenon’s lack of ideology this way: “You can’t be fearful and thoughtful at the same time.”

«

I remain fascinated by Trump’s rise (from the relatively safe distance of a few thousand miles of ocean). What I don’t know, and nobody seems to be saying much, is: how does Trump play with the broader electorate? If it’s Trump v Clinton (as seems likely), how does that play out?
link to this extract

 


Huawei Watch: Android Wear burn-in prevention 4K lapse [N5X] » YouTube

»

Quick 4K time lapse of Android Wear burn in prevention on the Huawei Watch. Captured with Framelapse Pro using a Nexus 5X.

«

That moves around quite a bit. Which prompts the thought – how long will always-on screens survive before they’re burnt out? Something to consider with wearables.
link to this extract

 


Announcing Spotify Infrastructure’s Googley future » News

Nicholas Harteau:

»in a business growing quickly in users, markets and features, keeping pace with scaling demands requires ever increasing amounts of focus and effort. Like good, lazy engineers, we occasionally asked ourselves: do we really need to do all this stuff?

For a long time the answer was “yes.” Operating our own data-centers may be a pain, but the core cloud services were not at a level of quality, performance and cost that would make cloud a significantly better option for Spotify in the long run. As they say: better the devil you know…

Recently that balance has shifted. The storage, compute and network services available from cloud providers are as high quality, high performance and low cost as what the traditional approach provides. This makes the move to the cloud a no-brainer for us. Google, in our experience, has an edge here, but it’s a competitive space and we expect the big players to be battling it out for the foreseeable future.

«

Lots of people are interpreting this as the first step to Spotify’s entirely Googley (ie Google-owned) future, and it’s hard not to see this that way.
link to this extract

 


Thousands of apps running Baidu code collect, leak personal data: research » Reuters

Jeremy Wagstaff and Paul Carsten:

»Thousands of apps running code built by Chinese Internet giant Baidu have collected and transmitted users’ personal information to the company, much of it easily intercepted, researchers say.

The apps have been downloaded hundreds of millions of times.

The researchers at Canada-based Citizen Lab said they found the problems in an Android software development kit developed by Baidu. These affected Baidu’s mobile browser and apps developed by Baidu and other firms using the same kit. Baidu’s Windows browser was also affected, they said.

The same researchers last year highlighted similar problems with unsecured personal data in Alibaba’s UC Browser, another mobile browser widely used in the world’s biggest Internet market.

Alibaba fixed those vulnerabilities, and Baidu told Reuters it would be fixing the encryption holes in its kits, but would still collect data for commercial use, some of which it said it shares with third parties. Baidu said it “only provides what data is lawfully requested by duly constituted law enforcement agencies.”…

…”It’s either shoddy design or it’s surveillance by design,” said Citizen Lab director Ron Deibert.

«

Tricky choice.
link to this extract

 


Errata, corrigenda and ai no corrida: yesterday’s web page headline briefly said that it was Acer’s routers, not Asus’s, which had been found to be full of holes by the FTC. This was wrong.

Start up: drone questions, Baidu barred in AI comp, why Apple shunned HERE, and more


This is what it looks like when you’re upset, Google. Photo by donnierayjones on Flickr.

A selection of 7 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

The UX of Commercial Drones » UX Magazine

Dan Saffer:

Let’s examine the customer experience as demonstrated by Amazon: The drone flies in and lands on the back patio. The customer leaves the house. The drone releases the package and flies away. The customer grabs the package and heads back inside. This is all well and good, but a lot of important detail still needs to be addressed. For starters, how does the customer know when the drone is arriving? People aren’t going to want their packages sitting outside unattended, especially in inclement weather (assuming drones will even be able to fly when it’s raining or snowing). And people won’t want to sit around looking out their window for half an hour. But what might work is something like what the car service Uber does: showing you via an app where your drone is and how long until it arrives, as well as alerting you via SMS when it does arrive. This would provide a level of assurance, especially at the onset when the idea of a drone carrying an emergency last-minute birthday gift will seem the height of novelty. When the drone does appear, it’s going to be really tempting to race out and grab the package, especially for kids—and perhaps for dogs and excitable adults as well. One problem: between the person and the package are several spinning, knife-like blades that form the rotors of the drone. Being accidentally hit in the face by one would be a great way to lose an eye or obtain a nasty cut.

“We included plasters in case you get hurt!”


Computer scientists are astir after Baidu team is barred from AI competition » NYTimes.com

John Markoff:

The competition, which is known as the “Large Scale Visual Recognition Challenge,” is organized annually by computer scientists at Stanford University, the University of North Carolina at Chapel Hill and the University of Michigan. It requires that computer systems created by the teams classify the objects in a set of digital images into 1,000 different categories. The rules of the contest permit each team to run test versions of their programs twice weekly ahead of a final submission as they train their programs to “learn” what they are seeing. However, on Tuesday, the contest organizers posted a public statement noting that between November and May 30, different accounts had been used by the Baidu team to submit more than 200 times to the contest server, “far exceeding the specified limit of two submissions per week.”

Previously reported here, before the multiple entries were spotted. Baidu’s team calls their multiple entries “a mistake”.


The new Google Photos app is disturbingly good at data-mining your photos » Fusion

Daniela Hernandez:

What’s particularly incredible is the facial recognition. The app sees individuals in photos even if they are barely in the picture, far in the background, or featured in a photo within a photo. When I did a search for my adult sister’s face, it recognized her in a photo I took of a 20-year-old elementary school picture of her. When I searched for my father’s face, it included a photo I took of a decorative tile-wall in Mexico. I thought it had messed up, because I didn’t see any people in the photo, but when I looked closely, there was a tiny version of my dad at the bottom. Facial recognition has gotten very powerful. Google also seems to know how to flatter its users. When I typed in “skinny,” the search unearthed pictures of me, friends, my sister and my mother, as if it was trying to compliment us. But when I searched for other adjectives, particularly negative ones — fat, sad, upset, angry — Google Photos came up empty. (Some of my colleagues got similar results.) The technology to help computers decipher emotions is out there already, so there’s no technical reason why Google isn’t turning up results for those searches. It gave us results for “love,” but not for “hate.” Whether it’s that we don’t take photos of ugly things, or that Google is shielding us, is something we’d really like to ask the search giant.

You could pick up the phone and ask them…


Eric Schmidt on why Google won’t fail » Business Insider

Jillian D’Onfro:

Shareholders understand Google’s search and ad business, [Schmidt said at the AGM], but they don’t necessarily understand the other projects that the company invests in, like self-driving cars or smart contact lenses. On past earnings calls, analysts and investors have sounded impatient when questioning how those businesses are going to ultimately pay off. But Schmidt assured shareholders Wednesday that ambitious goals like cutting down on car crashes or measuring a diabetic’s blood sugar through their tears are the kinds of things that will ultimately make Google a long-lasting, successful company. “Most companies ultimately fail because they do one thing very well but they don’t think of the next thing, they don’t broaden their mission, they don’t challenge themselves, they don’t continually build on that platform in one way or another,” he says. “They become incrementalists. And Google is very committed to not doing that. We understand the technological change is essentially revolutionary, not evolutionary.”

Are there any lessons from technology companies that have lasted more than a century, such as Nintendo, IBM and Nokia?


Here’s why Apple didn’t want to buy Nokia’s mapping unit HERE » Forbes

Parmy Olson:

Apple appears intent on fixing the problems that cropped up from relying on third-party map providers. One of the reasons Apple Maps was so buggy from when it was launched in June 2012 is the fact that its data percolated in from multiple sources like TomTom, Acxiom, Waze and Yelp By building its own geography dataset, Apple can pare down its reliance on sources like TomTom’s TeleAtlas. Apple’s likely vision is that years from now, we’ll have forgotten about how bad Apple Maps was, because Apple will have taken complete control of its mapping infrastructure and made it watertight.


There’s still plenty of money in dumb phones » Quartz

Leo Mirani:

there’s little doubt that dumb phones and feature phones are a shrinking market. Between the first quarter of 2013 and the first quarter of 2014, the market for non-smartphones shrunk by a 14%, according to CCS Insight (pdf), a research firm. This year, some 590 million non-smartphones will be sold. By 2019, that number will shrink to 350m. But 350m phones in one calendar year is still a lot of phones. And it is, as Microsoft’s Pekka Haverinen of Microsoft’s feature phone division tells Quartz, a predictable market with high volumes and a high market share for Microsoft. It’s not just device-makers who stand to profit from cheap, basic phones. Ericsson reckons (pdf) that by 2020, there will 9.2bn mobile subscriptions, of which 1.4bn will be non-3G subscriptions. This huge market is hungry for services.

Well, sorta. Microsoft’s featurephone segment is shrinking really rapidly; this is a market which is being eaten up by cheap Chinese players for whom, as they say, “your [profit] margin is my opportunity”.


Twitter just killed Politwoops » Gawker

JK Trotter:

A Twitter spokesperson just provided the following statement to Gawker regarding the apparent suspension of Politwoops’ access to Twitter’s developer API, which enabled the Sunlight Foundation-funded site to track tweets deleted by hundreds of politicians. Summarized: Politwoops is no more.

Earlier today we spoke to the Sunlight Foundation, to tell them we will not restore Twitter API access for their Politwoops site. We strongly support Sunlight’s mission of increasing transparency in politics and using civic tech and open data to hold government accountable to constituents, but preserving deleted Tweets violates our developer agreement. Honoring the expectation of user privacy for all accounts is a priority for us, whether the user is anonymous or a member of Congress.

The post also says that Twitter was considering a “quiet reversal” but found itself snookered on the question of “why them and not others”. But if someone tweets something publicly, haven’t they yielded their expectation of “privacy”? In the print days, the UK Ministry of Defence could demand back documents about cruise missile sitings from The Guardian on the basis of copyright. That seems to be what Twitter is imposing here.