A URL shortener would be easier to write, but might it be hacked? Photo by MrZebra on Flickr.
You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 10 links for you. Eerie, isn’t it? I’m charlesarthur on Twitter. Observations and links welcome.
When a nation is hacked: Understanding the ginormous Philippines data breach » Troy Hunt
Hunt delves into the hacking of 55 million Filipino voters’ details on a government system. The government insisted that no sensitive data was disclosed. Hunt checked with people who were on the released data via his Have I Been Pwned service:
»Yesterday I emailed a number of HIBP [Have I Been Pwned] subscribers and got back some pretty quick responses with everyone willing to assist. I found them spread out across two tables in the data breach, the first being a table called “irdoctable2014” which has the following fields:
# FORM_ID, APP_TYPE, REGISTRATION, LASTNAME, FIRSTNAME, MATERNALNAME, SEX, CIVILSTATUS, SPOUSENAME, RESSTREET, RESPRECINCT, RESPRECINCTCODE, RESREGION, RESBARANGAY, RESCITY, RESPROVINCE, MAILSTREET, MAILEMBASSY, MAILCOUNTRY, REGCOUNTRY, REGEMBASSY, REPSTREET, REPBARANGAY, REPCITY, REPPROVINCE, EMAIL, ABROADSTATUS, ABROADSTATUSSPECIF, FLASTNAME, FFIRSTNAME, FMATERNALNAME, MLASTNAME, MFIRSTNAME, MMATERNALNAME, REPLASTNAME, REPFIRSTNAME, REPMATERNALNAME, DOBYEAR, DOBMONTH, DOBDAY, BIRTHCITY, BIRTHPROVINCE, CITIZENSHIP, NATURALIZATIONDATE, CERTIFICATENB, COUNTRYRES, CITYRESYEAR, CITYRESMONTH, PROFESSION, SECTOR, HEIGHT, WEIGHT, MARKS, DISABLED, ASSISTEDBY, TIN, PASSPORTLOST, PASSPORTNB, PASSPORTPLACE, PASSYEAR, PASSMONTH, PASSDAY, REGBARANGAY, REGREGION, REGCITY, REGPROVINCE, REG_DATE, STATIONID, LOCAL_ID, CREATE_TIME, UPDATE_TIME, IS_EXTRACTED, IS_EXPIRED, IS_CANCELLED, CONTACTNUMBER, EXPIRATION_DATE, APPOINTMENT_DATE, APPOINTMENT_TIME, SCHED_TIME, COUNTER_CHANGES, REFERENCENUMBER, ERBDATE, USER_ID, EMAIL_ID, EXTRACTED_DATETIME, IS_DELETE, UPDATED_DATETIME, IS_FRONTPAGE, IS_REPRINT, IS_OV, IS_COUNTED
This is a very large amount of data and reading through those column names, clearly many of them would be considered sensitive personally identifiable data. However, some of the data is encrypted, namely the person’s name and their data of birth. Part of the irony here though is that the email addresses appear in the clear and often contains both the first and last name anyway! Not all the fields are populated but plenty of them are and they contain very personal info.
«
That’s not the worst of it, though. In some cases fingerprint scans were also leaked. And as Hunt says, “you don’t get to reset that stuff once it’s been released into the wild”. Trend Micro has more analysis of the dataset.
link to this extract
What is the Apple Watch good for? » Martiancraft
Richard Turton evaluates what does work and what doesn’t:
»Third-party watch apps all suffer from slow loading and slow or unreliable communication with the phone. Many of these limitations are inherent in the current generation of hardware and software. But, rather than wave our hands and say that third-party apps might suck now, but it’s all Apple’s fault and it’ll be great on Watch 2, it’s worth taking a look at what our watch apps should be doing and what we, as app creators, should be thinking about.
The watch is not just a small-screened iPhone, in the same way that an iPhone is not just a small-screened Mac. The usage patterns, interactions and user intentions are completely different. No matter how great the watch hardware becomes, users are never going to want to interact with it for more than a few seconds.
«
Don’t forget that eight years ago people were struggling with the concept of how to pack desktop apps into 3.5in screens. (Some still are.) The difference is that the Watch screen won’t get bigger. But as Turton says, you have to embrace what it does well, and avoid what it doesn’t.
link to this extract
Researchers crack Microsoft and Google’s Shortened URLs to spy on people » WIRED
»For anyone with minimalist tastes or an inability to use copy-paste keyboard shortcuts, URL shorteners may seem like a perfectly helpful convenience. Unfortunately, the same tools that turn long web addresses into a few characters also offer the same conveniences to hackers—including any of them motivated enough to try millions of shortened URLs until they hit on the one you thought was private.
That’s the lesson for companies including Google, Microsoft, and Bit.ly in a paper published today by researchers at Cornell Tech. The researchers’ work demonstrates the unexpected privacy-invasive potential of “brute-forcing” shortened URLs: By guessing at shortened URLs until they found working ones, the researchers say that they could have pulled off tricks ranging from spreading malware on unwitting victims’ computers via Microsoft’s cloud storage service to finding out who requested Google Maps directions to abortion providers or drug addiction treatment facilities.
«
This always seemed a possibility if you slogged through enough shortened URLs; eventually you’ll hit on something interesting. (A few years ago I tried it in a limited way; all one tended to find were scam links set up by, well, scammers doing it on an industrial scale.) Stories like this, though, once you read further, always have a slight letdown: the risk was in the past, because responsible disclosure means they’ve told the companies, who (reluctantly in Microsoft’s case) have changed their practices.
link to this extract
HubSpot is good people » Medium
Todd Garland was at Hubspot early on:
»As you’d expect, meetings were painfully long, and the tiny conference rooms built for eight started to get more crowded with every hire. There was a reason that happened. We were determined to treat our initial customers like family. Heck, a few may have even been family. We knew that if we could solve their pain points, there would eventually be hundreds, if not thousands, of companies lining up to work with us. We imagined it. How couldn’t we? It felt good. It felt like we were on the cusp of trapping lightning in a bottle.
HubSpot, since the very beginning, has been committed to helping small and medium sized businesses grow. It’s all that we cared about back then. I’ve tried to take that same customer commitment with me to BuySellAds. I would be lying if I said that I didn’t draw inspiration from both Brian and Dharmesh. Their passion for helping small and medium sized business was inspiring.
«
This little extract doesn’t quite capture the oleaginous, hagiographic quality of the whole piece, but then it’s the cumulative effect that leads one to the feeling summed up by Private Eye by the phrase “pass the sick bag, Alice.” Hubspot, of course, is the company so beautifully skewered by Dan Lyons in his latest book; this piece reads like something from a cult member, and makes me want to read Lyons’s book all the more.
link to this extract
How the desktop computer will rise again » CNN.com
»Poor internet connectivity, uncertain power supply and a simple lack of money have meant that billions have been locked out of the knowledge economy.
Matt Dalio, CEO of Endless Computers, wants to change all of that with the first simplified, robust and affordable desktop aimed at emerging market consumers.
Dalio told CNN he got the idea to create a $169 computer while he was traveling and noticed that, while most homes did not have a desktop computer, they often had an HD screen.
“It was one of those micro-epiphanies,” he said. “I was in India and I looked over at a television and then I looked at my hand and there was a phone in it and I thought why not connect the two?”
«
Tell us how this computer fits in your pocket, Mr Dalio, and what it’s like with phone calls, WhatsApp.. oh, also, we have some news for you just coming up.
link to this extract
Has desktop internet use peaked? » WSJ
»The amount of time people spend accessing the Internet from desktop devices is showing signs of decline, according to online measurement specialist comScore.
Data from the research company indicate overall time spent online in the U.S. from desktop devices—which include laptop computers—has fallen for the past four months, on a year-over-year basis. It dipped 9.3% in December 2015, 7.6% in January, 2% in February and 6% in March.
«
“Great story, Jack! What’s the data look like?”
“Um… here you go. I’ve done it as a graph.”
“Hmm – should we mention the four-month dip in 2014? No, probably better if we don’t. Just leave that out of the story.”
(I suspect desktop use is probably falling, but this isn’t quite proof yet.)
link to this extract
Japan quakes disrupt Sony production of image sensors used in Apple iPhones » Reuters
Makiko Yamazaki and Shinichi Saoshiro:
»Electronics giant Sony Corp said a factory producing image sensors for smartphone makers will remain closed while it assesses the damage from two deadly earthquakes which hit southern Japan. One of its major customers is Apple, which uses the sensors in its iPhones.
Sony said it will extend the closure of its image sensor plant in Kumamoto, which is in the southern island of Kyushu, after major tremblors on Thursday and Saturday rocked the key manufacturing region.
The PlayStation maker said operations at its image sensor plant in Nagasaki, also in Kyushu, will be partially suspended and it does not yet have a timeline for full resumption of operations.
Sony controls about 40 percent of the market for complementary metal-oxide semiconductor (CMOS) image sensors, a type of integrated circuit that converts light into electrical signals. In smartphones they are used to convert images into digital data.
«
Not just iPhones; I think other smartphone companies use them too.
link to this extract
The future: a cat litter box and DRM » Medium
»I took the SmartCartridge and realized I could just open it up, and fill it myself. Great, I’ll order new ones and get it by Tuesday and I’ll just fill this one up with water for now. So I filled it up with water, and put it into the machine….
It didn’t stop beeping, it knew this wasn’t it’s SaniSolution. Somehow it knew. I wasn’t able to even force it to run without the solution. I did some Googling, and I found that the “Smart” in SmartCartridge is that it has an RFID chip inside of it to keep track of how much solution it has, and once it runs out, well, you can’t refill it. I honestly did not believe this and tore one of the cartridges apart, and there it was, looking back at me, a tiny chip holding up it’s little metal finger.
Seriously CatGenie, you added fairly sophisticated DRM to a litter box? I’m a tad hurt you spent my money on building in a restriction instead of figuring out how to avoid constantly cooking poop.
This made me realize that I don’t actually own a CatGenie, I’m renting it.
«
Could get rid of the cat?
link to this extract
EA lets slip lifetime Xbox One and PS4 consoles sales » Ars Technica
»Lifetime Xbox One sales have reached 19m units—at least if EA’s CFO is to believed. During a financial call last night, Blake Jorgensen said the combined install base of the Xbox One and PlayStation 4 had hit an estimated 55m units, a mere two years into the life of the current generation.
While Microsoft has long stopped reporting on the absolute number of Xboxes sold, Sony continues to push out its own figures. Most recently, Sony revealed it has sold an impressive 35.9m PS4s, which—when deducted from EA’s 55m figure — leaves around 19m units for the Xbox One.
“I think our business seems to be operating pretty consistent as it has been over the last couple of years,” said Jorgensen. “The console purchases are up through the end of calendar year ’15. Our estimate is 55 million units out there which has exceeded virtually everyone’s forecast for the year and now almost 50% higher than previous console cycle so, all of that is very, very positive.”
While Sony has a significant lead in terms of units sold, as Jorgensen pointed out, both consoles are doing better than their predecessors did at the same point in their lifecycle.
«
This is from January, but the figures won’t have shifted very much. So that’s two-thirds of the business gone to Sony. Note also that these aren’t big numbers in the context of sales of smartphones, or even PCs: both consoles have now been on sale for two and a half years, or 30 months. That’s an average of less than two million consoles sold per month.
Sony has shipped (and likely sold) more smartphones than PS4s in the same period. It’s made a big loss on the smartphones. Yet the consoles are also meant to be sold at a loss. The difference? The consoles create an ecosystem for Sony. The smartphones don’t. (Since you ask, Microsoft sold more smartphones than it did consoles, and at a loss too.)
link to this extract
Google’s skunkworks loses its leader to Facebook — and has yet to produce any hits » MIT Technology Review
»Facebook just made a high-profile hire from rival Google, luring away Regina Dugan, head of a research team tasked with inventing groundbreaking new hardware known as Advanced Technology and Projects, or ATAP. She will start a similar lab at Facebook. It’s unclear what will happen to the team she’s leaving behind, which has produced many striking demos but no hits.
Dugan previously led the Pentagon research agency DARPA and was hired to set up ATAP by Motorola in 2012, after the mobile phone company was acquired by Google for $12.5 billion. When Google sold off the company to Lenovo for almost $10 billion less in 2014, ATAP stayed behind. It was supposed to inhabit a middle ground between Google’s product development teams and the horizon-scanning “moon shot” laboratory, Google X.
Dugan established the group with a ground rule that projects should produce a marketable product within two years or be abandoned.
«
I guess she didn’t produce a marketable product within two years, so…? Two ways to look at this: ATAP is so young that it’s expecting a lot to think it would come out with a product in less than four years. Or: this looks like another example of an Alphabet division which simply isn’t making stuff happen. Contrast the breathless article in The Verge from May 2015:
»Dugan describes everything ATAP does as “badass and beautiful,” and after watching [360-degree live-action monster movie] Help!, I’m inclined to agree.
«
I’m inclined to think some people can’t tell the difference between a demo and a business. (ATAP is also behind the much-promised oft-delayed Project Ara modular smartphone idea.)
link to this extract
Errata, corrigenda and ai no corrida: none notified.
The Overspill: when there's more that I want to say 