Start up: the iCloud celeb hack, a Chinese ransom?, the real terrorist phone, Trump as Berlusconi, and more

Posted on March 17, 2016 by charlesarthur

“Hey, Miss Lawrence! My name’s iCloud! What’s your password?” Photo by YourWay Magazine on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 12 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

The disturbingly simple way dozens of celebrities had their nude photos stolen » Fusion

Kashmir Hill:

»According to court documents, Collins gained access to the intimate images of nude celebrities via a disturbingly simple technique: phishing.

Though many people assumed that the hacker took advantage of an iCloud vulnerability to brute-force his way into the celebrities’ accounts, the government makes no mention of that. Instead, it says that Collins hacked over 100 people by sending emails that looked like they came from Apple and Google, such as “e-mail.protection318@icloud.com,” “noreply_helpdesk0118@outlook.com,” and “secure.helpdesk0019@gmail.com.” According to the government, Collins asked for his victims’ iCloud or Gmail usernames and passwords and “because of the victims’ belief that the email had come from their [Internet Service Providers], numerous victims responded by giving [them].”

Celebrities really need better computer security advisers. If a dedicated enough attacker comes at you, it’s hard to avoid being compromised, but it helps immensely to turn on two-factor authentication for your online accounts. That way a person needs not just your password but a code sent to your phone to get into your account.

Once Collins had their credentials, says the government, he went through their email accounts looking for nude photos and videos. The government says that Collins got into approximately 50 iCloud accounts and 72 Gmail accounts this way, most of them belonging to celebrities. He “accessed full Apple iCloud backups belonging to numerous victims, including at least 18 celebrities” and “used a software program to download those full Apple iCloud backups.”

Ironically, that program was likely one that’s used by law enforcement to get evidence from phones.

«

The idea that someone had used a cutting-edge brute-force attack to break into the passwords always seemed like vapour trails to me. Social engineering is the Occam’s Razor explanation (and also the Hanlon’s Razor explanation) to stuff like this.
link to this extract

Exclusive: Chinese hackers behind U.S. ransomware attacks – security firms » Reuters

Joseph Menn:

»executives of the security firms have seen a level of sophistication in at least a half dozen cases over the last three months akin to those used in state-sponsored attacks, including techniques to gain entry and move around the networks, as well as the software used to manage intrusions.

“It is obviously a group of skilled of operators that have some amount of experience conducting intrusions,” said Phil Burdette, who heads an incident response team at Dell SecureWorks.

Burdette said his team was called in on three cases in as many months where hackers spread ransomware after exploiting known vulnerabilities in application servers. From there, the hackers tricked more than 100 computers in each of the companies into installing the malicious programs.

The victims included a transportation company and a technology firm that had 30 percent of its machines captured.

Security firms Attack Research, InGuardians and G-C Partners, said they had separately investigated three other similar ransomware attacks since December.

Although they cannot be positive, the companies concluded that all were the work of a known advanced threat group from China, Attack Research Chief Executive Val Smith told Reuters.

«

link to this extract

Reformed LulzSec hacktivist joins payments firm » The Register

John Leyden:

»A payments firm has hired reformed LulzSec hactivist Mustafa Al-Bassam (formerly known as tFlow) for a new blockchain research project.

London-based payments group Secure Trading has taken on Al-Bassam to help develop a platform that applies the verification benefits of blockchain technology in order to improve the visibility and security of online payments. Codenamed “Trustery”, the project aims to create a commercial platform.

Secure Trading approached Al-Bassam, who agreed to work for the firm part time while continuing his computer science degree at King’s College London.

«

Smart move: al-Bassam is a clever guy.
link to this extract

Crypto-ransomware spreads via poisoned ads on major websites » Tripwire

Graham Cluley:

»Some of the world’s most popular news and entertainment websites have been spreading poisoned adverts to potentially hundreds of thousands of visitors, putting innocent readers at risk of having their computers hit by threats such as ransomware.

Famous sites which displayed the malicious ads and endangered visiting computers include MSN, bbc.com, the New York Times, AOL and Newsweek.

As a result, researchers at Malwarebytes say that they saw a “huge spike in malicious activity” over the weekend.

Security analysts at TrendLabs and Malwarebytes report that the attack is one of the largest ransomware campaigns seen in years, taking advantage of a recently-updated version of the notorious Angler Exploit Kit to spread malware.

Just last month the Angler Exploit Kit was found to be targeting PCs and Macs after it was updated to take advantage of a known vulnerability in Microsoft Silverlight…

…It seems glaringly apparent to me that there is so much malicious advertising on the internet that anytime you surf even legitimate sites without an ad blocker in place, you are putting your computer’s data at risk.

«

link to this extract

Why is the Nokia 105 cellphone a favourite among ISIS fighters? » NBC News

Alexander Smith:

»The must-have cellphone for ISIS fighters in Iraq doesn’t have apps or a camera, and ships for less than $30.

The small and simple Nokia model is frequently used as a trigger device to set off ISIS’ improvised explosive devices, known as IEDs, according to a Conflict Armament Research report released last month.

As part of a study looking at civilian components in ISIS bombs, CAR documented 10 of the phones captured from members of the terror group in Iraq in December 2014.

The research showed the terror group “consistently” used the Nokia 105 above all others “in the manufacture of a specific type of remote controlled IED.”

Two phones are used in the bomb-making process: one to call the other, which then sends a signal to a circuit board and sparks the explosion.

There are plenty of other cheap, durable phones with long battery life that ISIS fighters could use — and yet this particular model, also branded as the Microsoft Mobile 105 after the tech giant bought Nokia in 2014, shows up again and again.

«

I’m sure there’ll be widespread condemnation of Microsoft for aiding terrorists any moment now.
link to this extract

Why Sony will win first in VR » Jon Peddie Research

The aforenamed Mr Peddie:

»Now that Oculus has revealed its consumer version of the Rift HMD, consumers can start planning how they might engage with VR, and they have a choice—a DIY rig with a PC and Rift, or a turn-key system with Sony.

Sony’s HMD will be about 30% less expensive than the Oculus HDM. And Sony buyers probably already have a PS4, and possibly PS4 accessory controllers. Most importantly, Sony also has content.

«

So, first couple of rounds to Sony.
link to this extract

The best things in Android are free — with in-app purchases » Medium

The iA team:

»A year ago, iA Writer for Android entered the Play Store. So far, we have sold a little more than 6’000 apps. At a price of 1 to 5 Dollars, this doesn’t cover much more than one month of app development. So we decided to go free and add in app purchases later.

We are not sure why apps sell in the Apple universe but not in the Android world. It just seems to be a hard cold fact:

Worldwide App Downloads by Store vs Worldwide App Revenue by Store

Looking at the sales numbers of paid Android apps it becomes apparent that plain paid offerings just do not get traction on Android. Why? We are not sure. Here is what we have learned.

«

There’s a point in there about price elasticity which is remarkable. But also that stuff with an upfront price tag does not sell.
link to this extract

Windows 10 Store will continue to support bitcoin » Softpedia

Bogdan Popa:

»while there was a lot of speculation online regarding the removal of Bitcoin support for new deposits in the Windows Store – some people said it’s because of the limited adoption of Bitcoin – it appears that the change made to the FAQ page was just “a mistake.”

In other words, Microsoft will continue to support Bitcoin in the Windows Store, so you can keep on using the digital currency for new deposits. A statement we received from a Microsoft spokesperson a few minutes ago provides us with some details on this:

“We continue to support Bitcoin for adding money to your Microsoft Account which can be used for purchasing content in the Windows and Xbox stores. We apologize for inaccurate information that was inadvertently posted to a Microsoft site, which is currently being corrected.”

«

Would love to know what volume of transactions they see.
link to this extract

Teenager wins $250,000 in biggest drone race yet » The Verge

Rich McCormick:

»The sport has already attracted investment from the likes of NFL team owners, but it still has some way to go before it breaks into the mainstream. Particularly difficult is the question of how to actually observe the races. Drone pilots fly their racing craft in first-person, using special headsets to see as the drone sees, but for observers the footage can feel — and sound — like being strapped to the front of a particularly excitable wasp. A second camera following the action might help human brains contextualize the movements in space, but some of the nascent racing leagues set their courses inside buildings, making a chase camera’s operation difficult. Still, though, the speed of the craft and the deftness of his control make watching [15-year-old winner] Luke [Bannister]’s victory from Dubai an exhilarating — if slightly nauseating — experience.

«

Dubai, of course.
link to this extract

Music streaming has a nearly undetectable fraud problem » Quartz

Amy X Wang:

»For an in-depth look into how click fraud works, there’s Sharky Laguana’s thorough explanation here. Laguana—a music industry veteran who now owns a rental company—tells Quartz it certainly wouldn’t be hard to run the “perfect” scheme to con Spotify. First, set up a couple hundred fake artists. Next, upload some auto-generated tunes—mediocre dance music is particularly easy to “produce” online—and just make sure your bots click on an array of songs both real and fake, so no one gets suspicious. (He uses Spotify as an example because of its size, but the scheme could theoretically work for any music subscription service.)

“If it’s done properly, it’s nearly impossible to detect,” says Laguana. “There’s no way to know why somebody chose to click on something.”

«

Should we just turn off the internet?
link to this extract

Donald Trump, America’s own Silvio Berlusconi » The Intercept

Alexander Stille:

»Neither Trump nor Berlusconi has a real political program; what they are selling is themselves. Berlusconi used to say that what Italy needs is more Berlusconi. I recall a very telling moment in his first election campaign: During a TV debate, his opponent, the economist Luigi Spaventa, was pointing out the holes and inconsistencies in Berlusconi’s economic program, and Berlusconi stopped him mid-sentence and pointed to the victories of his soccer club, AC Milan: “Before trying to compete with me, try, at least, winning a couple of national championships!” The remark had the air of unassailable truth — however irrelevant it might be to Berlusconi’s fitness to govern. Similarly, when asked how he is going to get Mexico to pay for a giant wall between its country and ours, Trump simply responds, “Don’t worry, they’ll pay!”

Yet there is another element — a systemic one — that helps explain why Italy and the U.S. are the only major democracies in which a billionaire circus has raised its tent: the almost total deregulation of broadcast media.

«

The latter matters, as Stille explains. (Via @papanic.)
link to this extract

Errata, corrigenda and ai no corrida:

Start up: why Android should encrypt, Facebook v the intifada, 3D Touch v page parking, wary drones and more

Posted on November 5, 2015 by charlesarthur

“My GPS says we finished ages ago!” Photo by A Brand New Minneapolis on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. Please note: if reading the emails, you can’t link directly to the extracts. Monkeys, eh. I’m charlesarthur on Twitter. Observations and links welcome.

Is Google’s lacklustre support for encryption a human rights issue? » MIT Technology Review

Tom Simonite, reporting on a conference where American Civil Liberties Union (ACLU) principal technologist Chris Soghioan argued thus:

People using phones powered by Google’s Android software are not so well protected, said Soghioan. The company said last year that it would make Android phones encrypt all stored data by default, like Apple devices do, but reversed that decision early this year. Google said this month it will require only devices meeting certain hardware performance standards to encrypt stored data, which Soghioan thinks will exclude cheaper devices. Google’s Hangouts text and video chat service bundled with Android does not use end-to-end encryption.

Soghioan said this means that someone who uses a cheap Android device is a much easier target for law enforcement or intelligence agencies — which he argues are prone to abusing their surveillance powers. He cited the way the FBI snooped on Martin Luther King’s phone calls and said he fears that US and overseas activists of today and tomorrow will be even easier targets. “The next civil rights movement will use the technology against which surveillance works best,” he said. Protest movements don’t typically start in society’s upper socioeconomic echelons, he noted.

The difference between Apple and Google’s stances on encryption for mobile devices appears to be due to corporate rather than technical reasons, said Soghioan. “Google has by far the best security team of any company in Silicon Valley, and the security people I know at Google are embarrassed by Android,” he said. “But Apple sells luxury goods and Google gives away services for free in return for access to data.”

That point about protest movements is so important. Would you want people in a repressive regime to have phones that could or couldn’t be tapped? Now you’ve decided, we move on to the next conundrum…
link to this extract

The Facebook intifada » The New York Times

Micah Lakin Avni’s (Israeli) father was stabbed and shot by two Palestinian men in Jerusalem, who acted in the latest intifada (uprising) by Palestinians:

Watching the well-wishers congregating in the intensive care unit, however, I realized that the world leaders who were having the most impact on the situation in the Middle East right now weren’t Mr. Ban or Prime Minister Benjamin Netanyahu, but Mark Zuckerberg of Facebook, Jack Dorsey of Twitter and other young entrepreneurs who shape the social media platforms most of us use every day.

It may sound strange to talk of Twitter and Facebook as relevant players in the war against terror, but as the recent wave of violence in Israel has proved, that is increasingly the case. The young men who boarded the bus that day intent on murdering my 76-year-old father did not make their decision in a vacuum. One was a regular on Facebook, where he had already posted a “will for any martyr.” Very likely, they made use of one of the thousands of posts, manuals and instructional videos circulating in Palestinian society these last few weeks, like the image, shared by thousands on Facebook, showing an anatomical chart of the human body with advice on where to stab for maximal damage…

…Just as it is universally recognized that shouting fire in a crowded theater is dangerous and should be prohibited, so, too, must we now recognize that rampant online incitement is a danger that must be reckoned with immediately, before more innocent people end up as victims.

Before Facebook or Twitter or Google, those charts would have been available in a library, or in books on sale or smuggled in. What’s different now is the scale and speed with which information can be disseminated. It sounds trite, but what Israel and Palestine need is more speech, not less – but speech of the right kind, to negotiate their differences.
link to this extract

Google owner accuses EU of antitrust about-face » WSJ

Tom Fairless and Natalia Drozdiak:

Google owner Alphabet Inc. accused European Union regulators of making an unexplained about-face in their decision to file antitrust charges against the US search giant, and warned that there was “no basis” for imposing fines, according to a redacted copy of Google’s response seen by The Wall Street Journal.

The response, which runs to almost 130 pages and leans heavily on legal opinions and case law, suggests that Google is gearing up for a protracted legal battle against the European Commission, which has alleged the search giant skewed search results to favor its own comparison-shopping service.

“The theory on which the [EU’s] preliminary conclusions rest is so ambiguous that the Commission itself concluded three times that the concern had been resolved,” Google’s lawyers wrote in the document.

It’s certainly a good point that the EC antitrust team were ready to okay everything, and then decided not to. But the EC would say that new evidence became available (which it did) and that changed things. Less convincing on Google’s part is its quoting of a US academic who used to be in the US Department of Justice antitrust side. That’s not likely to hold any sway.
link to this extract

Why every GPS overestimates distance travelled » IEEE Spectrum

Douglas McCormick on how an Austrian team discovered subtle but persistent errors in GPS:

Not content with mere calculation, Ranacher, Reich, and their colleagues went on to test their findings experimentally. In an empty parking lot, they staked out a square course 10 m on a side, reference-marked each side at precise 1-m intervals, and set a GPS-equipped pedestrian (a volunteer, one hopes) to walk the perimeter 25 times, taking a position reading at each reference mark.

The researchers analyzed the data for segment lengths of 1 meter and 5 meters. They found that the mean GPS measurement for the 1-m reference distance was 1.02m (σ2 = 0.3) and the mean GPS measurement for the 5-m reference distance was 5.06m (σ2 = 2.0). They also ran a similar experiment with automobiles on a longer course, with similar results.

Now, that pedestrian-course error of 1.2% to 2% isn’t huge. But it is big enough that your GPS watch could tell you you’re crossing the finish line of a 42,195-metre [26-mile] marathon while the real terminus is more than 400 meters ahead.

Sooo.. how do they measure a marathon? Does someone go around with one of those wheel things? Asking for all my marathon-running friends.
link to this extract

3D Touch on iPhone 6S: embrace the Force » Nielsen-Norman Group

Raluca Budiu:

Is this a feature worth having? Yes, as an enhancement. There is a lot of potential for improving the user experience and supporting behaviors that mobile and desktop users are engaging in already. Two of them come to mind: microsessions and avoiding pogo sticking.

Microsessions are phone sessions that are 15 seconds or shorter. Recent research by Denzil Ferreira and colleagues shows that 40% of app launches are microsessions, namely short interactions in which users are able to quickly satisfy their goals. A common microsession activity is checking for updates in an app (such as Email or Facebook); the quick actions offer an opportunity for rapid access to such frequent tasks or content. Peek-and-pop views should also make many microsessions more efficient for users.

Pogo sticking refers to alternating between inspecting a collection of items (such as a list of products) and looking at each item individually (a product in the list). It is usually an inefficient behavior because it makes users jump back and forth between pages, losing not only time for loading the page but also the time needed for recovering context. Our recent research with Millennials shows that pogo sticking is so annoying that, on desktop, users have developed a special behavior called page parking to avoid it. On mobile phones, page parking is a lot more difficult.

“Page parking” is basically “open that link in another tab/window while I get on with this”. Other points: interstitials screw up the previewing experience, and so do “can we use your location?” questions.
link to this extract

Back-alley upgrades: in China, $100 can get you an 128GB iPhone boost » WSJ

Yang Jie and Josh Chin:

If you’re an Apple Inc. device user, you can also now boost your iPhone’s storage from the cramped-feeling 16GB standard to a cavernous 128GB for less than a hundred bucks.

Mobile phone repair shops in major cities like Beijing and Shanghai have sparked curiosity on sidewalks and social media by offering the service, which appears aimed at the many aspirational Chinese device users who can’t afford the roughly $200 premium attached to large-capacity iPhones.

Some are offering the service through online shops on China’s biggest e-commerce site Taobao. One such shop offers to upgrade an iPhone 6 or iPhone 6 Plus from 16GB to 128GB for 500 yuan ($79). Descriptions posted by several Taobao vendors indicate that the new storage card is hand-welded into the phone after the old card is removed. An unnamed software [program] is then used to trick the device into accepting the unapproved hardware.

Love the comment from one customer: “I’ve used it for a day. It feels so great.”
link to this extract

Huawei emerges as 2nd largest Android brand in EU’s big five » Kantar Worldpanel

“In urban China, with a market share that grew 72% over the third quarter of 2014, Huawei remained the top brand followed by Xiaomi and Apple,” Tamsin Timpson, strategic insight director at Kantar Worldpanel ComTech Asia, commented. “iOS continued to grow year over year with 56% of iPhone buyers during the quarter switching from Android and with iPhone 6 and 6Plus retaining their positions as the best selling and second best-selling smartphones.

“Next month all eyes will be on Apple’s performance in the US and China, as many observers continue to doubt the size of the remaining opportunity for Apple,” Milanesi explained. “28% of consumers in China who own smartphones plan to upgrade in the next 12 months. Among them, 79% of those who own iPhones, and 25% of those who own Android devices, say they prefer Apple.”

That “56% of iPhone buyers in China were switchers” number is remarkable – perhaps it was people waiting for the 6S/Plus. Meanwhile in the UK, Samsung and LG were the only Android makers to grow their share; the implication seems to be that people were switching to iPhones.
link to this extract

Self-flying drone dips, darts and dives through trees at 30 mph » MIT CSAIL

Adam Conner-Simons of MIT’s Computer Science and Artificial Intelligence Laboratory:

“Everyone is building drones these days, but nobody knows how to get them to stop running into things,” says CSAIL PhD student Andrew Barry, who developed the system as part of his thesis with MIT professor Russ Tedrake. “Sensors like lidar are too heavy to put on small aircraft, and creating maps of the environment in advance isn’t practical. If we want drones that can fly quickly and navigate in the real world, we need better, faster algorithms.”

Running 20 times faster than existing software, Barry’s stereo-vision algorithm allows the drone to detect objects and build a full map of its surroundings in real-time. Operating at 120 frames per second, the software – which is open-source and available online – extracts depth information at a speed of 8.3 milliseconds per frame.

The drone, which weighs just over a pound and has a 34-inch wingspan, was made from off-the-shelf components costing about $1,700, including a camera on each wing and two processors no fancier than the ones you’d find on a cellphone.

If this doesn’t lead to an amazing VR “fox and hounds” sort of game soon, someone’s missing a trick. Quad-core CPUs and stereo cameras. Expect the price to halve in a year or so.

link to this extract

Hilton obstructed investigation into Wi-Fi blocking at hotels, FCC says » Ars Technica

Jon Brodkin:

The Federal Communications Commission yesterday issued proposed fines against two companies in its latest actions against Wi-Fi blocking at hotels and convention centers.

The FCC said it proposed a $25,000 fine against Hilton Worldwide Holdings “for its apparent obstruction of an investigation into whether Hilton engaged in the blocking of consumers’ Wi-Fi devices.” The FCC also plans a $718,000 fine against M.C. Dean, a Wi-Fi access provider that is accused of “blocking consumers’ Wi-Fi connections at the Baltimore Convention Center” on dozens of occasions.

Each company has been accused of blocking personal Wi-Fi hotspots that let consumers share mobile data access with other devices such as laptops and tablets. Hilton and M.C. Dean must pay the fines within 30 days or file written statements seeking reduction or cancellation of the penalties.

The FCC last year received a complaint against a Hilton hotel in Anaheim, California that the company “blocked Wi-Fi access for visitors at the venue unless they paid a $500 fee.” More complaints against other Hilton properties followed, and in November 2014, the FCC issued Hilton a letter of inquiry seeking information about its Wi-Fi management practices at various Hilton-owned hotel chains.

Obstructing the FCC seems to be a parlour game for some companies. Remember Google and its Wi-Fi sniffing? That earned a $25,000 FCC fine for impeding investigation in 2012.
link to this extract

Errata, corrigenda and ai no corrida: gave the wrong link for the Microsoft OneDrive story in yesterday’s email – this is the right one (damn ZDNet scrolling system). And no, you won’t use up 5GB of storage with 10 Microsoft Word documents. Unless they’re very big.

Start up: Starbucks app hack, more image recognition, HomeKit on the way, drone questions and more

Posted on May 15, 2015 by charlesarthur

That’s another sort of third-party keyboard altogether. Photo by zen on Flickr.

A selection of 7 links for you. They are. I’m charlesarthur on Twitter. Observations and links welcome.

EXCLUSIVE: Hackers target Starbucks mobile users, steal from linked credit cards without knowing account number » Bob Sullivan

Sullivan broke this story:

Because Starbucks isn’t answering specific questions about the fraud, I cannot confirm precisely how it works, but I have informed speculation, based on conversations with an anonymous source who is familiar with the crime. The source said Starbucks was known to be wrestling with the problem earlier this year. Essentially, any criminal who obtains username and password credentials to Starbucks.com can drain a consumer’s stored value, and attack their linked credit card.

Hackers often manage to steal hordes of username and password combinations, the way they steal databases of credit card account numbers. Because consumers often re-use credentials, hackers take them and “brute force” thousands of potential logins at the website. Because Starbucks’ mobile payment app is so popular, any large set of stolen credentials is bound to have at least a few combinations that unlock Starbucks accounts.

Perhaps you’re wondering: what’s the use of hacking the Starbucks app? Answer, as a wilier mind than mine pointed out: you can buy Starbucks gift cards at the counter with them. Then you sell them on eBay. (Though I can’t decide if this is pretty small-time crookedness or a huge line of business. Certainly going to be inflating Starbucks’s bottom line though.)

Wolfram Language Artificial Intelligence: the Image Identification project » Stephen Wolfram Blog

“What is this a picture of?” Humans can usually answer such questions instantly, but in the past it’s always seemed out of reach for computers to do this. For nearly 40 years I’ve been sure computers would eventually get there — but I’ve wondered when.
I’ve built systems that give computers all sorts of intelligence, much of it far beyond the human level. And for a long time we’ve been integrating all that intelligence into the Wolfram Language.
Now I’m excited to be able to say that we’ve reached a milestone: there’s finally a function called ImageIdentify built into the Wolfram Language that lets you ask, “What is this a picture of?”— and get an answer.

Apple says first HomeKit smart devices coming in June » WSJ Digits blog

Daisuke Wabayashi:

“HomeKit [hardware certification] has been available for just a few months and we already have dozens of partners who have committed to bringing HomeKit accessories to market and we’re looking forward to the first ones coming next month,” said Apple spokeswoman Trudy Muller.

Apple’s statement comes on the heels of a report in Fortune that said Apple’s software platform — which will allow the company’s devices to control connected home appliances — was experiencing problems and that the introduction of the first HomeKit devices were being delayed.

For its part, Apple has never said when HomeKit-compliant devices would start hitting the market, but one developer working with Apple on the platform had told Re/code earlier this year that new products would be ready in May or June.

Interesting: Apple moved quickly to respond to this – within hours – and chose the WSJ to say it.

Dirt cheap drones: Is Europe’s largest Kickstarter in over its head? » Ars Technica UK

Cyrus Farivar:

In January 2015, the Welsh drone startup concluded its Kickstarter campaign to fund production of the Zano. It raised over £2.3m ($3.4m) in under two months, becoming the most crowdfunded European project ever. This summer, Torquing [Group, which is making the device] says it will ship drones to the more than 12,000 people who backed the project.

There’s only one problem. Despite Zano’s release date being less than two months away, no one outside Torquing has actually flown the drone. And it’s questions about the project that are truly beginning to take off.

Ars visited Torquing last month for an exclusive tour of the company’s offices. After spending a couple of hours with the Zano team, we don’t have a good sense of how well the device actually flies. Although we heard more about its touted “swarm” feature, we didn’t see the drone working in a real-world situation; we were merely able to hold a Zano and verify its existence.

Reece Crowther, the company’s head of marketing, regretfully informed us that we turned up just before a shipment of 500 last-minute prototypes arrived. Torquing, therefore, said it was unable to let us fly one. At the time, Reedman noted that only 12 Zanos existed, and we saw what appeared to be only a few of them.

I’m one of the backers. Fingers crossed. I’d expect this to be late, at best.

Sunrise launches ‘Meet’, a custom keyboard to schedule meetings » MacStories

Federico Viticci:

When I first tried Meet, Sunrise’s latest addition to their popular calendar app, I didn’t think it made much sense as a custom keyboard. Now, a few months later, Meet has become my favorite way to check on my availability from any app and create one-to-one meetings. With Meet, the Sunrise team has created one of the most innovative mobile calendar features I’ve seen in years.

Sunrise, part of Microsoft since February, rarely shied away from subverting traditional calendar features found in most clients for smartphones and tablets. As I explored last year, Sunrise’s biggest strengths lie in excellent integration with web services, prolific use of icons to quickly discern events, weather support, external calendars, and the ability to show details for event participants. At its core, Sunrise aims to reimagine the calendar by expanding it beyond a list of days and events

Super-clever. Expect more lateral thinking on keyboards as a result. Available on iOS and Android. Oh, Windows Phone? Doesn’t allow third-party keyboards.

How smartphone startup Light plans to replace high-end cameras » Re/code

Ina Fried on a company that’s not exactly making a smartphone; it’s making the camera systems to go into them:

Put more simply, Light tries to emulate digitally what a big zoom lens does through expensive glass lenses. It aggregates the data from the different cameras to create both optical zoom and high-resolution images. Light has applied for a bunch of patents to cover aspects of its approach, including creating zoom using images from the multiple fixed-focal length lenses.

As a business, Light is banking on the fact that using smartphone cameras, even a bunch of them, is a far more economical way to achieve the kind of images that in the past have required expensive glass lenses.

The technology is ready, says Grannan, who previously ran start-up Vlingo and also worked at Sprint PCS. There is of course, added cost in putting a bunch of cameras and mirrors inside a cell phone, an addition of perhaps $60 to $80 in the final cost of a phone, Light estimates.

Seems high. Creating a big lens from smaller ones is a solved software problem: it’s how the Very Large Array works, for example. Wonder if this is really a defensible USP.

Why I’m breaking up with Google Chrome » The Next Web

Owen Williams, on a topic I previously linked to:

The Verge reported that using Chrome over Safari resulted in a three and a half hour shorter battery life on the latest MacBook.

I’ve always loved Chrome’s interface, its plethora of extensions, and how it integrates with services every day, but it’s time for something new. We can do better.

The problem is that the Web is now optimized for Chrome users and that means alternatives often provide a terrible experience.

Thanks in part to the browser’s massive market share, the best developer tools and Google’s aggressive adoption of the latest Web technologies, developers have gravitated toward Chrome’s rendering engine as the only one they support.

I’ve switched to Safari (on a Mac), and found that yes, processor use plummets and battery life extends dramatically. Nor is it noticeably slower (or faster).

But the important point here is in the third paragraph of this excerpt: that lots of sites are now using Chrome-specific tweaks, which means that they don’t work as well in other browsers, at least on the desktop.

This does pose a problem if it becomes dominant in mobile: Android isn’t going away, and Chrome is increasingly the default browser on mobile too.

Start up: inside the Fire Phone debacle, a selfie stick successor, CES beats the bedroom, CNN’s last-ever video, and more

Posted on January 7, 2015 by charlesarthur

The Mayday button on the Amazon Fire Phone. Perhaps should have been used before it went on sale. Photo by TechStage on Flickr.

A selection of 8 links for you. Do not use as a flotation device. I’m charlesarthur on Twitter. Observations and links welcome.

The real story behind Jeff Bezos’s Fire Phone debacle and what it means for Amazon’s future » Fast Company

Austin Carr, in a terrific long read, explaining how the Fire Phone project began in 2010, and had Bezos as a micro-manager:

Some designers bristled at Bezos’s presence and privately questioned his taste, while others who were wowed by his wide-ranging insights loved his approach. Regardless, Bezos’s heavy hand certainly took getting used to, even for Chris Green, Lab126’s VP of industrial design. “In the beginning, Chris would take Jeff’s feedback a bit literally,” says Randall, the former Lab126 VP, “and there was many an evening spent over beers and sushi counseling him, saying, ‘Calm down, it’s going to get better.’”

Bezos drove the team hard on one particular feature: Dynamic Perspective, the 3-D effects engine that is perhaps most representative of what went wrong with the Fire Phone. Dynamic Perspective presented the team with a challenge: Create a 3-D display that requires no glasses and is visible from multiple angles. The key would be facial recognition, which would allow the phone’s cameras to track a user’s gaze and adjust the 3-D effect accordingly. After a first set of leaders assigned to the project failed to deliver, their replacements went on a hiring spree. One team even set up a room that they essentially turned into a costume store, filling it with wigs, sunglasses, fake moustaches, and earrings that they donned for the cameras in order to improve facial recognition. “I want this feature,” Bezos said, telling the team he didn’t care how long it took or how much it cost.

Turns out Bezos isn’t as good a micro-manager for building a phone as Steve Jobs. Result:

According to three sources familiar with the company’s numbers, the Fire Phone sold just tens of thousands of units in the weeks that preceded the company’s radical price cuts.

Was it perhaps somewhere around the 35,000 that I estimated in August? My range was between 26,000 and, generously, 35,000. I’d love to hear the actual figure.

The whole piece, though, gives terrific insight into how Bezos can get it wrong. He thought a single phone – one piece of hardware – could reshape Amazon’s brand, and turn it from a “get stuff cheap online” one, into a “we customers love you, take our money” brand. The two aren’t the same.

February 2014: What the world really needs: A telescopic SELFIE STICK » The Register

Simon Rockman in February 2014:

Mobile World Congress is often as interesting for the silly gadgets as it is for the mainstream announcements.

This (right) is the Selfie Stick, an extendable pole with a Bluetooth control for your phone.

The Selfie comes in two versions: a general one and one for Samsung phones where you have focus control.

Hahahahahawhatdo you mean they’re sold out everywhere?

The first wearable camera that can fly » Nixie

Wearable and flyable

The first wrist-band camera quadcopter.
Nixie flies, takes your photo, and comes back to you.

This feels like it could easily be one of those Great Ideas that is too easily bungled in the execution, but if it works well it could put selfie sticks out of business. Until selfie stick owners swat them out of the sky.

CES, the World’s Largest Trade Show, Is Too Big for Vegas » Bloomberg

The Consumer Electronics Show in Las Vegas has a problem that many events would love to have: It’s become too big. And it doesn’t want to get any bigger.

With as many as 160,000 visitors to CES—the world’s largest annual trade show—the Nevada city’s sprawling hotels are stretched to the limit. Last January’s gathering of gadget-loving geeks somehow packed in a full 10,000 more people than Las Vegas has rooms for them to sleep in.

The Consumer Electronics Association, the folks who put on the conference and expo, says CES 2015 will have the equivalent of 35 football fields, or about 2 miles of floor space, filled with phones, televisions, smartwatches, washing machines and throngs of people trying to see it all. “In order to enhance the experience for our attendees, we aim to keep attendance between 150,000 and 160,000 so that everyone can get where they need to go,” says CEA Vice President Karen Chupka.

That’s OK – they can sleep in the lines for press conferences showing off LG’s new dishwasher. Actually, the graph with the story suggests that attendees has exceeded the number of available hotel rooms since 2012. I’m pretty sure I slept there in 2012. Could it be that, shock, some people share rooms? Also, how’s AirBnB coming along there? And might some attendees, um, live in Vegas?

The weirdly-synched life of the Google Nest household » The Register

Richard Chirgwin:

At first glance it looks like the typical Utopian vision of Silicon Valley, but Vulture South took a second look and asked ourselves: “what kinds of life does Google think we live?”

The short answer: wealthy, lazy, and either lonely or in a strange 1950’s-sitcom family synchronisation. Everybody rises and sleeps at the same time, everybody leaves and arrives together, and we’re rich enough to have ‘leccy cars but too poor to charge them.

The most obvious believer in the synchronised family is appliance giant Whirlpool. Its Nest integration can “let your washer and dryer know when you’re home and they will automatically switch to quiet mode”. Unless only one occupant is recognised, that means the only time the appliances are allowed to let their hair down and party is when everyone’s away.

The August Smart Lock will tell Nest to change your thermostat settings when you arrive (warm the house up) or leave (switch off the heating) – which begs the question “what if I lock the front door while other people are still at home?” At least the Kwikset Kevo smart lock understands that more than one person might be in a household.

The Withings Sleep System: when you go to sleep it will “let your Nest Thermostat to a comfortable nighttime temperature. Wake up and it will tell Nest you’re ready to start the day.” Once again, the idea that a household might have sleep and wake times staggered by hours seems alien to the developer.

This is my general objection to “internet of things” and “homes of the future” visions: they don’t account for how we actually live. Them: Look, you’ll be able to get your coffee maker to make coffee before you get out of bed! Me: so I’ll have had to put the coffee in the night before. As I have to go downstairs to get the coffee, why not just make it fresh while I’m there?

And so on. Most IOT/HOTF concepts seem to come from 20-somethings who have no concept of running a household. Hence, I think, their limited success.

This is the video CNN will play when the world ends » Jalopnik

Michael Ballaban, who unearthed this Holy Grail-style rumoured-but-until-now-never-confirmed video, which has the notice:

“HFR till end of the world confirmed.”

Hold for release. CNN, once ever so thorough in its factchecking, knew that the last employee alive couldn’t be trusted to make a call as consequential as one from the Book of Revelation. The end of the world must be confirmed.

That leaves open a whole host of unanswered questions. If this is the last CNN employee alive, in the last CNN bureau on Earth, who do they confirm it with? What does confirmation look like? Who can be the one to make that determination, to pronounce the universe itself dead? Is it Wolf Blitzer himself, ever a fan of the Washington Wizards, and thus a man who would know death when he saw it? Would it be Rick Davis, CNN’s head of standards of practices, who has been with the company since its birth and who thus would know CNN’s journalistic practices better than anyone?

Or would it be some sort of living embodiment of CNN itself, ready to proclaim its own demise, as Judgment Day is truly the only thing able to bring about the long-anticipated death of cable news?

And who would be around to watch it?

Um.. that CNN employee? The machines grinding us into nanoparticles to feed into their hoppers? Take your pick.

Breach puts Morgan Stanley client data up for sale » NYTimes.com

Nathaniel Popper:

the bank traced the breach to a financial adviser working out of its New York offices, a 30-year-old named Galen Marsh, according to a person involved in the investigation who spoke on the condition of anonymity.

Mr. Marsh, who had been with Morgan Stanley since 2008, was quickly fired and is currently the subject of a criminal investigation by the Federal Bureau of Investigation, a person briefed on the investigation said. The Financial Industry Regulatory Authority is also examining the matter.

Morgan Stanley said on Monday that it had determined that Mr. Marsh took data on about 10% of its 3.5 million wealth management customers, including transactional information from customer statements.

The bank said that Mr. Marsh did not take any sensitive passwords or Social Security numbers, and that it had not found any evidence that the breach resulted in any losses to customers. A lawyer for Mr. Marsh, Robert C. Gottlieb, acknowledged on Monday that his client did take the information in question but said that he did not post it online, share it or try to sell it.

Afghanistan war logs: insider breach. NSA/GCHQ documents: insider breach. Morgan Stanley: insider breach. Sony Pictures..?

Hit mobile game Monument Valley and piracy: ‘Only 5%’ of Android players paid for it » VenureBeat

Jeff Grubb:

Piracy is still a big problem on Android.

Developer Ustwo had one of the break out mobile hits in 2014 with its isometric puzzler Monument Valley, but a successful game is not impervious to piracy. The studio confirmed on Twitter today that Monument Valley has had an especially tough time with “unpaid installs” on Android. The company said that 95% of the people playing the game on Google’s mobile operating system did not buy it — although, Ustwo did explain that a small number of those installs are legitimate and were not illegally downloaded. This makes a big dent in Ustwo’s earnings since Monument Valley is a premium-priced game that does not have in-app purchases like Candy Crush Saga or other lucrative mobile releases. Gaming on smart devices surpassed $21bn last year, but it potentially could have more if it weren’t for piracy.

The paid rate was much better on iOS, but it’s still alarming. Ustwo said that 40% of the people who have the game on an Apple mobile device paid for it. Again, that means the majority did not give the developer money.

Depressing numbers, for a game that costs just $4. There’s certainly piracy on iOS – but the astronomical amount on Android really isn’t good news. Does this get factored into the quotes about “revenues from app stores” we see?

There is some confusion over the iOS figure though: it’s not clear whether someone who buys on the iPhone and then downloads to their iPad counts as an “unpaid install”. We also don’t know if that’s how it works on Android – though do 95% of Android owners have multiple devices?