Start up: FBI v Apple redux, Google’s Cloud Vision, fixing #error53, Iraq’s lost iridium, and more

You can always sign up to receive each day’s Start Up post by email. Try it. Unless you’re reading the email.

A selection of 12 links for you. Remember, Friday is for life, not just for Christmas. I’m charlesarthur on Twitter. Observations and links welcome.

Statement on FBI-Apple court order » Congressman Ted Lieu

This might not be what you expect:

»Congressman Ted Lieu (D-Los Angeles County) issued the following statement regarding the APPLE court order. Congressman Lieu is one of only four computer science majors in Congress.  Congressman Lieu is also the author of the ENCRYPT ACT of 2016.

“The terrorist attack in San Bernardino was horrific and the tragic loss of innocent lives demands a strong response.  I have several deep concerns, however, about the unprecedented court order that forces Apple to create software it does not have in order to provide a “back door” way to weaken its smartphone encryption system.

This FBI court order, by compelling a private sector company to write new software, is essentially making that company an arm of law-enforcement.   Private sector companies are not—and should not be—an arm of government or law enforcement.

This court order also begs the question: Where does this kind of coercion stop?  Can the government force Facebook to create software that provides analytic data on who is likely to be a criminal?  Can the government force Google to provide the names of all people who searched for the term ISIL?  Can the government force Amazon to write software that identifies who might be suspicious based on the books they ordered?”


link to this extract


A Linux-powered microwave oven []

Neil Brown:

»Adding a smartphone-like touchscreen and a network connection and encouraging a community to build innovative apps such as recipe sharing are fairly obvious ideas once you think to put “Linux” and “microwave oven” together, but Tulloh’s vision and prototype lead well beyond there. Two novel features that have been fitted are a thermal camera and a scale for measuring weight.

The thermal camera provides an eight-by-eight-pixel image of the contents of the oven with a precision of about two degrees. This is enough to detect if a glass of milk is about to boil over, or if the steak being thawed is in danger of getting cooked. In either case, the power can be reduced or removed. If appropriate, an alert can be sounded. This would not be the first microwave to be temperature sensitive — GE sold microwave ovens with temperature probes decades ago — but an always-present sensor is much more useful than a manually inserted probe, especially when there is an accessible API behind it.«

Just wait until you get onto the bit about making sure the door is shut (which is what stops you blasting the room with microwaves that would cook you).
link to this extract


Learning the Alphabet » The Verge

Ben Popper:

»For the most part, [Flint, Michigan schools technology director Dan] Davenport’s repository consisted of eight- to 10-year-old Dell desktops and laptops he had robbed of RAM and other components to help speed up or repair machines used by teachers. “We are left with these mismatched parts.” And yet, when he set the machines up to run Neverware’s Cloud Ready version of Chromium, they outperformed newer Windows machines the school was using. “If you are comparing what we used to run, Chrome and Neverware is a better experience for the end user.”

Davenport estimates that to get a new machine and the proper license, it would cost around $400 for each new Windows computer and $200 for each new Chromebook. “With Neverware it’s costing me 50 bucks.” The school is now adapting several computer labs to run Neverware chromebooks. “Hey, that’s an interesting model,” says Davenport with a chuckle. “Run on your oldest junk for next to no money.” The transformation at Ovid-Elsie is striking, but far from unique. It’s just one example of a much larger trend toward cloud computing, a paradigm shift that has radically reshaped the technological landscape at schools across the United States.


Popper says – in the first comment on the article – “I’ve been writing about Neverware since 2009. Pretty crazy how much things have changed since then.”

But the general point about Neverware, which tried to get Dell and HP interested but found none for lengthening PC life cycles, and cloud computing in schools, is well made. Certainly a threat to Microsoft in schools.
link to this extract


Google Cloud Vision API enters Beta, open to all to try! » Google Cloud Platform Blog

Ram Ramanathan, product manager:

»Today, we’re announcing the beta release of Google Cloud Vision API. Now anyone can submit their images to the Cloud Vision API to understand the contents of those images — from detecting everyday objects (for example, “sports car,” “sushi,” or “eagle”) to reading text within the image or identifying product logos.

With the beta release of Cloud Vision API, you can access the API with location of images stored in Google Cloud Storage, along with existing support of embedding an image as part of the API request. We’re also announcing pricing for Cloud Vision API and added additional capabilities to identify the dominant color of an image. For example, you can now apply Label Detection on an image for as little as $2 per 1,000 images or Optical Character Recognition (OCR) for $0.60 for 1,000 images. Pricing will be effective, starting March 1st.


I feel like this is partly the work of Pete Warden – it looks so like his work at Jetpac.
link to this extract


Apple fixes iPhones disabled by Error 53 caused by unofficial repairs » Techcrunch

Matthew Panzarino:

»Today, Apple is issuing an updated version of iOS 9.2.1 for users that update their iPhones via iTunes only. This update will restore phones ‘bricked’ or disabled by Error 53 and will prevent future iPhones that have had their home button (or the cable) replaced by third-party repair centers from being disabled. Note that this is a patched version of iOS 9.2.1, previously issued, not a brand-new version of iOS.

A new support document on Apple’s site has been issued that details the causes and repair methods for Error 53.

The update is not for users who update their iPhones over the air (OTA) via iCloud. If you update your phone that way, you should never have encountered Error 53 in the first place. If, however, you update via iTunes or your phone is bricked, you should be able to plug it into iTunes to get the update today, restoring your phone’s functionality.


That was quick. And it disables TouchID, or leaves it disabled – which is the course of action you’d hope for. (Thanks Jonathan Davey for the link.)
link to this extract


Data broker defendants settle FTC charges they sold sensitive personal information to scammers » Federal Trade Commission

»“LeapLab purchased sensitive information, including Social Security and bank account numbers, from pay-day-loan websites, and then sold that information to entities it knew had no legitimate need for it,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection.  “That allowed scammers to steal millions of dollars from people’s accounts.”

In its complaint, the FTC alleged that the defendants collected hundreds of thousands of loan applications submitted by financially strapped consumers to payday loan sites. Each application contained the consumer’s name, address, phone number, employer, Social Security number, and bank account number, including the bank routing number.

The defendants sold 95 percent of these sensitive applications for approximately $0.50 each to non-lenders that did not use the information to assist consumers in obtaining a payday loan or other extension of credit and had no legitimate need for this financial information. In fact, at least one of those marketers, Ideal Financial Solutions – a defendant in another FTC case  – used the information to withdraw millions of dollars from consumers’ accounts without their authorization.


Classy. It’s a $5.7m judgment, but suspended.
link to this extract


The hidden homescreen » Medium

Matt Hartman:

»The move to chat-based interfaces is mainly developer driven: relative to a native iOS or Android app, development of a chat-based app is faster and marketing is less crowded (for now). It is also partly consumer driven in that it is a painful for consumers to have to switch in and out of different apps — or even to have to download an app at all. However the developer pain point is more significant at present.

For app developers, marketing is often hard. #Homescreen data shows that apps on users’ homescreens are pretty calcified. In January 2016 over 50,000 apps were submitted to the app store. However, most smartphone users download zero apps per month.


We’re probably going to see more chat interfaces, as Hartman points out (look at Quartz’s new news app), but as he also points out, lots of them will struggle to gather enough context to be useful compared to the interfaces we already have.
link to this extract


Exclusive: Radioactive material stolen in Iraq raises security fears » Reuters

Ahmed Rasheed, Aref Mohammed and Stephen Kalin:

»Iraq is searching for “highly dangerous” radioactive material stolen last year, according to an environment ministry document and seven security, environmental and provincial officials who fear it could be used as a weapon if acquired by Islamic State.

The material, stored in a protective case the size of a laptop computer, went missing in November from a storage facility near the southern city of Basra belonging to U.S. oilfield services company Weatherford WFT.N, the document seen by Reuters showed and officials confirmed.

A spokesman for Iraq’s environment ministry said he could not discuss the issue, citing national security concerns…

…A U.S. official said separately that Iraq had reported a missing specialized camera containing highly radioactive Iridium-192 to the International Atomic Energy Agency (IAEA), the Vienna-based U.N. nuclear watchdog, in November.

“They’ve been looking for it ever since. Whether it was just misplaced, or actually stolen, isn’t clear,” said the official, who requested anonymity because of the sensitivity of the matter.

The environment ministry document, dated Nov. 30 and addressed to the ministry’s Centre for Prevention of Radiation, describes “the theft of a highly dangerous radioactive source of Ir-192 with highly radioactive activity belonging to SGS from a depot belonging to Weatherford in the Rafidhia area of Basra province”.


More about Ir-192: “has accounted for the majority of cases tracked by the U.S. Nuclear Regulatory Commission in which radioactive materials have gone missing in quantities large enough to make a dirty bomb.” More reading from 2007 from the New Yorker.
link to this extract


The most important Apple executive you’ve never heard of » Bloomberg Businessweek

Brad Stone, Adam Satariano, and Gwen Ackerman:

»A little over a year ago, Apple had a problem: The iPad Pro was behind schedule. Elements of the hardware, software, and accompanying stylus weren’t going to be ready for a release in the spring. Chief Executive Officer Tim Cook and his top lieutenants had to delay the unveiling until the fall. That gave most of Apple’s engineers more time. It gave a little-known executive named Johny Srouji much less.

Srouji is the senior vice president for hardware technologies at Apple. He runs the division that makes processor chips, the silicon brains inside the iPhone, iPad, Apple Watch, and Apple TV. The original plan was to introduce the iPad Pro with Apple’s tablet chip, the A8X, the same processor that powered the iPad Air 2, introduced in 2014. But delaying until fall meant that the Pro would make its debut alongside the iPhone 6s, which was going to use a newer, faster phone chip called the A9.

This is the stuff that keeps technology executives up at night. The iPad Pro was important: It was Apple’s attempt to sell tablets to business customers. And it would look feeble next to the iPhone 6s. So Srouji put his engineers on a crash program to move up the rollout of a new tablet processor, the A9X, by half a year. The engineers finished in time, and the Pro hit the market with the faster chip and a 12.9in display packed with 5.6 million pixels.


Useful profile (and a little scoop-ette in the intro), though of course Apple – and Srouji – won’t indicate what direction the chip design there is going. There’s also the question of quite what delta it gives it over those using chips from TSMC et al; aside from the reference to the 64-bit shift, that isn’t addressed clearly.
link to this extract


Apple, the FBI, and the San Bernadino iPhone

Dan Wallach:

»Q What’s so bad about Apple doing what the FBI wants?

A Apple’s concern is the precedent set by the FBI’s demand and the judge’s order. If the FBI can compel Apple to create a backdoor like this, then so can anybody else. You’ve now opened the floodgates to every small-town police chief, never mind discovery orders in civil lawsuits. How is Apple supposed to validate and prioritize these requests? What happens when they come from foreign governments? If China demands a custom software build to attack a U.S. resident, how is Apple supposed to judge whether that user and their phone happen to be under the jurisdiction of Chinese law? What if the U.S. then passes a law prohibiting Apple from honoring Chinese requests like this? That way lies madness, and that’s where we’re going.

Even if we could somehow make this work, purely as an engineering matter, it’s not feasible to imagine a backdoor mechanism that will support the full gamut of seemingly legal requests to exercise it.


link to this extract


If you want life insurance, think twice before getting a genetic test » Fast Company

Christina Farr:

»Jennifer Marie* should be an ideal candidate for life insurance: She’s 36, gainfully employed, and has no current medical issues.

But on September 15 last year, Jennifer Marie’s application for life insurance was denied.

“Unfortunately after carefully reviewing your application, we regret that we are unable to provide you with coverage because of your positive BRCA 1 gene,” the letter reads. In the U.S., about one in 400 women have a BRCA 1 or 2 gene, which is associated with increased risk of breast and ovarian cancer.

Jennifer Marie provided a copy of the document to Fast Company on the condition that she and her insurance company remain anonymous, as she is still hoping to appeal the rejection.


You’re thinking “surely that’s illegal!” It would be for health insurance, under a 2008 law in the US – but that doesn’t apply to life insurance, long-term care or disability insurance.
link to this extract


Unlock your Windows 10 phone remotely » Windows Help

»Try unlocking your Windows 10 phone remotely if you get this message: “This device has been locked for security reasons. Connect your device to a power source for at least two hours and then try again.” The key is to reset your PIN through

Go to

Sign in with the same Microsoft account you use on the phone.

Click the Find my phone link.

Press Lock.

Enter a new PIN. Now you’ll be able to unlock your phone with your new PIN.


You can’t do this with an iPhone – you need to enter the existing PIN first. Clearly, the answer is for the FBI to issue would-be terrorists with Windows Phones running Windows Mobile 10 (it doesn’t work on 8) to simplify subsequent investigations. (Thanks Tero Alhonen for the link.)
link to this extract


Errata, corrigenda and ai no corrida: none noted.

Start up: Samsung’s adblocker’s back, cement – solved!, #error53 redux, the Useless Hackathon, and more

Your plumber remembers one version of a call from Yelp, but the recordings show another. Who’s right? Photo by eldeeem on Flickr.

Oh, go on- sign up to receive each day’s Start Up post by email. Who knows, it might make your inbox happy.

A selection of 9 links for you. Smoosh them into mush. I’m charlesarthur on Twitter. Observations and links welcome.

Pirate group suspends new cracks to measure impact on sales » TorrentFreak


One of the hottest topics in the game piracy scene in late 2015 surrounded the Avalanche Studios/Square Enix title Just Cause 3.

Released on December 1, 2015, pirates were eager to get their hands on the game for free. However, JC3 is protected by the latest iteration of Denuvo, an anti-tamper technology developed by Denuvo Software Solutions GmbH. Denuvo is not DRM per se, but acts as a secondary encryption system protecting underlying DRM products.

All eyes had been on notorious Chinese game cracking group/forum 3DM to come up with the goods but last month the group delivered a killer blow to its fans.

According to the leader of the group, the very public ‘Bird Sister’ (also known as Phoenix), the game was proving extremely difficult to crack. In fact, Bird Sister said that current anti-piracy technology is becoming so good that in two years there might not be pirated games anymore.

And now the group isn’t going to crack any single-player games. Won’t stop all the other cracking groups, of course.
link to this extract


Sky Q now available in the UK » Ars Technica UK

Sebastian Anthony:

Sky Q, the next iteration of Sky’s subscription TV service, is now available to buy in the UK. Prices start at £42 per month, climbing to £88.50 per month, and there’s a £250 setup fee that you have to swallow as well.

The headline feature of Sky Q is that you’re able to record three shows simultaneously while watching a fourth channel. If you stump up £54 per month for the upgraded Sky Q Silver box, you can record four channels and watch a fifth. Of course, whether there are actually five channels worth watching is a slightly more complicated question.

Other interesting features include a new touchpad-equipped remote control, downloading content for offline viewing, watching Sky TV on a tablet, and the possibility of streaming Sky TV to other rooms in the house via Sky Q Mini boxes.

Sky Q is a really smart response by Sky to the incursion of the web into TV; it folds it in (at a price). I’ve seen a demo, and it really is very slick, and the integration into tablet apps is terrific. Plus because it uses the satellite signal it’s fast – a big advantage in rural areas where broadband is slow.

(Here’s a piece I wrote on Sky Q before its details were fully known.)
link to this extract


Google restores ad blocker for Samsung browser to the Play Store » The Verge

Dan Seifert:

Following a little bit of drama last week, Google has restored an ad blocking plugin for Samsung’s Android browser to the Play Store today, according to a blog post from the developer of the app. The plugin, Adblock Fast, was removed from the Play Store last Tuesday after only being available for a day, with Google citing that the plugin violated a section of the Store’s developer agreements. The specific rule that was violated relates to plugins modifying other third-party applications, which is prohibited by Google.

Now things start to get interesting.
link to this extract


How WIRED is going to handle adblocking » WIRED

“Wired Staff”:

So, in the coming weeks, we will restrict access to articles on if you are using an ad blocker. There will be two easy options to access that content.

You can simply add to your ad blocker’s whitelist, so you view ads. When you do, we will keep the ads as “polite” as we can, and you will only see standard display advertising.
You can subscribe to a brand-new Ad-Free version of For $1 a week, you will get complete access to our content, with no display advertising or ad tracking.

This presumes that adblocking readers will accept that they are worth $1/week to Wired, and that Wired is worth the same amount to adblocking readers. Is that proven? Given how small the amounts earned from ads per person are, this seems to be herding people who don’t know their true value towards a funnel. Premium ad display costs $10 per CPM – that is, per thousand showings. That’s 1c per premium ad you view. Multiply by the number of ads on a page – perhaps 10, for 10c? So if adblocking readers pay up but view fewer than 10 articles per week, Wired is making a solid profit from them, minus credit card costs.

Discussion on Hacker News suggests that people would rather go for a “bid to show me ads” model – which, to be fair, is how Google Contribute works. If you set your per-page view at, say, $0.35, then you’ll only see ads where an advertiser has bidded more. But of course that means you get all the tracking malarkey that goes with it (and of course if you truly don’t like tracking, why are you using Google?)

And as is also pointed out, you can subscribe to the physical magazine for a lot less than the $50 per year this implies – in fact you can get it for about a tenth of that.

Another point, finally – the page is 3.3MB, of which only half is content. The rest is ads. Still sure you want them?
link to this extract


Exclusive: Top cybercrime ring disrupted as authorities raid Moscow offices – sources » Reuters

Joseph Menn:

Russian authorities in November raided offices associated with a Moscow film distribution and production company as part of a crackdown on one of the world’s most notorious financial hacking operations, according to three sources with knowledge of the matter.

Cybersecurity experts said a password-stealing software program known as Dyre — believed to be responsible for at least tens of millions of dollars in losses at financial institutions including Bank of America Corp and JPMorgan Chase & Co — has not been deployed since the time of the raid. Experts familiar with the situation said the case represents Russia’s biggest effort to date to crack down on cyber-crime.

A spokesman for the Russian Interior Ministry’s cybercrime unit said his department was not involved in the case. The FSB, Russia’s main intelligence service, said it had no immediate comment.

Menn is a terrific journalist on this topic. I highly recommend his book Fatal System Error. (He’s written others too.)(Thanks Richard Burte for the pointer.)
link to this extract


Inside the Stupid Shit No One Needs & Terrible Ideas Hackathon » Motherboard

Cecilia D’Anastasio:

Featuring hacks like 3Cheese Printer, a 3D printer using Cheez-Whiz as ink, and NonAd Block, a Chrome extension that blocks all non-ad content, the New York-based Stupid Hackathon is disrupting hackathon culture. While other hackathons churn out useless projects in earnest, the Stupid Hackathon strips pretension away from tech developers’ money-backed scramble to satisfy every human need. Satirizing the hackathon community’s naive goals for techno-utopianism, co-organizers Sam Lavigne and Amelia Winger-Bearskin solicit projects that use tech to critique tech culture.

“Is a need being filled or is the need manufactured and then constantly reinforced?” Lavigne asked. “The Stupid Hackathon is the perfect framework for satirizing the whole tech community.”

Three Stupid Hackathon teams set out to create wearables that detect boners. Categories for hacks included “edible electronics,” “commodities to end climate change” and “Ayn Rand.” Participants, in general, ignored them.

Lavigne and Winger-Bearskin, who met at the Interactive Telecommunications Program (ITP) at NYU, became disenchanted with hackathons when they noticed that many aimed to “hack” world hunger or income inequality in one weekend. As a student at ITP, Winger-Bearskin, now director of the DBRS Innovation Lab, applied to participate in a hackathon on the theme of love hosted at ITP but was rejected.

“I couldn’t even eat the food that was on the table next to me,” she said, referring to the free food often provided for hackathon participants. “And I couldn’t hack about love!” Lavigne has never attended another hackathon.

There used to be an Apple Mac hacking contest – called MacHack – in the 1990s where hacks that could actually be thought helpful were derided as “useful!”. Seems the idea is back, in a bigger way.
link to this extract


Riddle of cement’s structure is finally solved » MIT News

Concrete forms through the solidification of a mixture of water, gravel, sand, and cement powder. Is the resulting glue material (known as cement hydrate, CSH) a continuous solid, like metal or stone, or is it an aggregate of small particles?

As basic as that question is, it had never been definitively answered. In a paper published this week in the Proceedings of the National Academy of Sciences, a team of researchers at MIT, Georgetown University, and France’s CNRS (together with other universities in the U.S., France, and U.K.) say they have solved that riddle and identified key factors in the structure of CSH that could help researchers work out better formulations for producing more durable concrete.

What a time to be alive, eh? That solid/particle question had been bugging me for ages. Seriously, though, it’s an important topic: this stuff is everywhere.
link to this extract


Apple are right and wrong » Consult Hyperion

Dave Birch:

Bricking people’s phones when they detect an “incorrect” touch ID device in the phone is the wrong response though. All Apple has done is make people like me wonder if they should really stick with Apple for their next phone because I do not want to run the risk of my phone being rendered useless because I drop it when I’m on holiday need to get it fixed right away by someone who is not some sort of official repairer.

What Apple should have done is to flag the problem to the parties who are relying on the risk analysis (including themselves). These are the people who need to know if there is a potential change in the vulnerability model. So, for example, it would seem to me to be entirely reasonable in the circumstances to flag the Simple app and tell it that the integrity of the touch ID system can no longer be guaranteed and then let the Simple app make its own choice as to whether to continue using touch ID (which I find very convenient) or make me type in my PIN, or use some other kind of strong authentication, instead. Apple’s own software could also pick up the flag and stop using touch ID. After all… so what?

Touch ID, remember, isn’t a security technology. It’s a convenience technology. If Apple software decides that it won’t use Touch ID because it may have been compromised, that’s fine. I can live with entering my PIN instead of using my thumbprint. The same is true for all other applications. I don’t see why apps can’t make their own decision.

Birch’s point that this could put people off buying Apple phones is surely one that has already occurred to its management, and will be – like the prospect of being shot in the morning – concentrating their minds.
link to this extract


Reviews Rashomon: plumber remembers Yelp threat that never actually occurred » Screenwerk

Greg Sterling:

I had a plumber replace my kitchen faucet. As I do with all service professionals I engaged him in discussion about how he marketed himself and where his leads were coming from. Yelp was one of the primary sources.

He then told me that he had been solicited to advertise on the site and that he declined but was told by the telephone sales rep that his reviews could potentially be affected if he didn’t. This was the first time I’d directly heard this from a business owner.

In my mind this was the first real “evidence” that some sort of sales manipulation might be going on. I informed Yelp of my exchange with the plumber and it was immediately disputed: “That didn’t happen,” I was told.

To make a longer story short, Yelp invited me in to listen to the sales calls with this plumber, whom I identified to the company. Yelp records its end of sales calls but not the business owner’s conversation.

I sat in Yelps offices and listened to what must have been 25 – 30 calls to this plumber. Most of them were trying to set up appointments to discuss Yelp advertising. And there were at least two Yelp sales reps who were trying to close the account; a second one took over after the first one was unsuccessful.

There was nothing that sounded like a threat or any suggestion that reviews would be removed or otherwise altered by Yelp if the guy didn’t advertise. There wasn’t anything that could be construed as even implying that.

Sterling concludes that this is a “Rashomon” – a scene where every recounting differs subtly. One possibility: the calls with the threats actually come from scammers. Or plumbers just misinterpret what they hear.
link to this extract


Errata, corrigenda and ai no corrida: Yesterday’s link to VTech’s horrendous security came via Chris Ratcliff. Thanks, Chris.

Explaining the iPhone’s #error53, and why it puts Apple between conspiracy and rock-hard security (updated)

The TouchID system on the iPhone 6 is difficult to fix because it’s linked to Apple Pay. Photo by Janitors on Flickr.

There’s been a huge amount of coverage on the topic of “error 53”, which is a message thrown up by iTunes when it detects a particular fault on newer iPhones. But of course the rewriting hasn’t actually tried to add any value or understanding, for the most part. (Oh, internet journalism, if you only knew how crap you are.)

Techmeme coverage of "error 53"

Techmeme coverage of “error 53”: did any of it add any detail?


So here’s my attempt to explain it, starting from what we know, and what we can find out, and what we can deduce. On with the show!

What is #error53?

It’s the error shown in iTunes for an iPhone 6, 6 Plus, 6S or 6S Plus after an operating software upgrade (eg upgrading from iOS 8.1 to iOS 8.2, or 8.1 to 9.0, or 9.2 to 9.2.1) if the phone has had its TouchID sensor replaced or its cable interfered with since the last software upgrade.

Error 53 (almost) bricks the device: it tells you to plug it in to iTunes and recover it, but in the instance above it won’t work. There is a way to bring the phone back to life if you’ve had Error 53, which we’ll come to presently.

Update: Apple has now (February 18, ten days later) released an iOS update for those using 9.2.1 and updating via iTunes which fixes this. Read the support document.

This is just Apple trying to stop third-party repairs, isn’t it?

That’s the conspiracy version of the explanation, but it isn’t self-consistent. Third-party repairers say they can still replace batteries, screens, and various other bits. What they’ve learnt though is that doing anything with TouchID on the iPhone 6/etc can kill the phone. So they avoid doing those repairs, and tell people to take affected phones to Apple repair shops.

Note that third-party repair shops have known about the home button problem for a long time. However, it’s only just come to media attention.

Why doesn’t it happen to the iPhone 5S?

The fact that this only began happening with the iPhone 6/Plus sharpened the conspiracy that this is Apple trying to shut down third-party repairs. (But it also weakens the conspiracy theory, because wouldn’t Apple seek to block it on all devices?) The reason is down to the key difference between the 5S and the 6/Plus: the 5S doesn’t have NFC, and so can’t do Apple Pay.

Why does Apple Pay matter in this?

Apple Pay means the phone contains Secure Elements, which are cryptographic stores with credit card and payment data – including (I surmise) how to turn a credit card number into an NFC payment mechanism, which is not the sort of information that banks want to be leaked everywhere.

Why does it only happen after an OS upgrade, rather than right after a replacement?

To understand this, we have to go to Apple’s security documents about iOS 9, and how security works with TouchID (the fingerprint reader), the Secure Enclave (which stores a hashed version of your fingerprint) and the Secure Elements, which store key financial data in an encrypted form.

Here’s a diagram from Apple’s security document, showing the direction of trust as the device boots up: it travels from the bottom to the top. We’re only interested in the stuff at the bottom of this stack at present (from “Apple root certificate” upward to the top of the “hardware/firmware” part).

iPhone security system begins with the hardware

Apple’s explanation of how the security system works in the iPhone: booting starts from the bottom and progresses upwards.

On bootup, the system goes through various hardware checks to ensure that everything is tickety-boo, cryptographically speaking. If it finds something wrong, then it gives you the “Connect to iTunes” screen, and if you’re lucky, throws up an error message. Note that if something is wrong at this bootup stage, you don’t reach the higher level of the file system and OS partition; you’re stuck at the hardware/firmware level.

If you replace the TouchID system on a device, the system doesn’t throw an error at this point. Why not? I’m not completely sure, but I think that the TouchID subsystem doesn’t have an entry in the device’s own hardware/firmware listing, so the device can’t tell whether the TouchID system that’s installed is the same one it originally had at manufacture.

Update: on thinking some more about it, I think this is why. The security model is one which doesn’t trust values that are stored on-device but not burnt into hardware. So any value in a firmware register could have been changed. Now, if the TouchID serial were stored on hardware, it could be checked on boot to see if it’s trusted – but you’d never be able to replace the TouchID sensor, because the old serial is burnt into the chip. A firmware value on startup can’t be trusted because it might have been changed.

Therefore the device doesn’t brick when it’s first turned on after repair. It has to rely on something external which has stored the TouchID serial – that is, Apple’s installation authorisation server./Update

What happens on a software upgrade is subtly different from simply booting. From Apple’s document, on p6:

During an iOS upgrade, iTunes (or the device itself, in the case of OTA [over-the-air] software updates) connects to the Apple installation authorization server and sends it a list of cryptographic measurements for each part of the installation bundle to be installed [emphasis added] (for example, LLB, iBoot, the kernel, and OS image), a random anti-replay value (nonce), and the device’s unique ID (ECID).

The authorization server checks the presented list of measurements against versions for which installation is permitted and, if it finds a match, adds the ECID to the measurement and signs the result. The server passes a complete set of signed data to the device as part of the upgrade process.

Adding the ECID “personalizes” the authorization for the requesting device. By authorizing and signing only for known measurements, the server ensures that the update takes place exactly as provided by Apple. The boot-time chain-of-trust evaluation verifies that the signature comes from Apple and that the measurement of the item loaded from disk, combined with the device’s ECID, matches what was covered by the signature.

These steps ensure that the authorization is for a specific device and that an old iOS version from one device can’t be copied to another. The nonce prevents an attacker from saving the server’s response and using it to tamper with a device or otherwise alter the system software.

What I think is happening is that the new TouchID system’s serial number is in included in the cryptographic data sent to the authorisation server, and when that is compared against what it should be for the given ECID, the numbers don’t match.

At that point, the authorisation server decides that Something Bad is going on, and blocks the update. The device now fails the low-level boot – it can’t get past the kernel level to the OS boot – and so the device is bricked.

And that is why it bricks on a software update.

Why doesn’t it check with the authorisation server after the repair?

The phone doesn’t have any way of “knowing” whether it’s restarting after a repair, or after it ran out of battery, or you just turned it off for the night. If every phone were to check in with the authorisation server on being powered on, three things would happen: (1) the authorisation server would die (2) people would be furious because their phone wouldn’t boot because it would need connectivity to check the details for its ECID, and you don’t always have connectivity when you turn your phone on (3) Apple would get majorly dinged for “snooping on when people turn their phone on.”

That doesn’t explain why it doesn’t happen on the 5S, though.

Damn right. At which point we have to consider that the “cryptographic measurements” sent back for an iPhone 6/etc differ from those of an iPhone 5S, specifically because of the Apple Pay-related Secure Elements.

Why does the device still work after the third-party replacement?

Let’s qualify this: it does work, but TouchID (and so Apple Pay and others) don’t work after a third-party fix that affects TouchID. The pairing there between the Secure Element/Secure Enclave/TouchID, which was set up when the device was manufactured, is lost. It carries on not working; then at some point, you get a software upgrade notification. And then – disaster.

Considering this, I think what is stored for communication with the server is the TouchID pairing status. If it’s unpaired, the update can’t go ahead.

Update: the fix issued by Apple must tell it to go ahead if the TouchID pairing status is changed, but leaving TouchID disabled.

What if you’ve never set up Apple Pay?

Doesn’t matter. The issue is not the data you’ve stored in the device, but the data that’s built into the device – cryptographic keys used for creating payment authorisation for credit cards. Those are in the Secure Elements.

What are the Secure Elements, and what do they contain?

Here’s a definition:

An SE is a tamper resistant hardware platform, capable of securely hosting applications and storing confidential and cryptographic data. For example, in the finance industry SEs are used to host personalized card applications and cryptographic keys required to perform financial (EMV) transactions at a point-of-sale terminal. SEs used in the identity market may hold biometric data or certificates which can be used for signing documents. Whichever purpose, the secure environment provided by the SE protects the user’s credentials ensuring the safety of the user’s data.

The reason why Error 53 happens when you change or interfere with the TouchID sensor on a more-recent-than-5S phone is that the system detects – during the software upgrade – that something has changed, and that the embedded trust system has been broken. And so the device doesn’t get authorisation to update.

Why does the Secure Elements stuff matter, though?

The banks/financial institutions specify that the operating system must not be able to directly access the data in the “trusted zone” (the Secure Elements).

How can you recover from Error 53?

Quite simple: replace the new TouchID processor with the old one. (People say they have successfully done this.) However, saying it is a lot easier than doing it. Some people don’t have the old one. Or the old one might just be broken.

How does Apple replace TouchID systems?

We don’t know, but we know it can, because it does. There must be a method for updating the cryptographic measurement list held by the authorisation server for a particular ECID. I’d imagine that involves logging into a server, entering an ECID (or connecting the phone) and letting the two talk to each other.

Note that when you have your screen repaired by Apple, it will tell you to disable TouchID first. And afterwards, you’ll have to recalibrate it. So there might be something there.

Why can’t Apple do that to devices which have failed on Error 53?

We don’t know. (Possibly it can.)

Could Apple change things so that in future it just disables TouchID and software updates still work?

Perhaps. I suspect it would need some sort of adjustment to what gets sent to the authorisation server, or what the server considers OK to approve. But if Apple is tied here by what the financial institutions demand around the Secure Elements, it might not have the choice.

Why hasn’t Apple explained that this is a risk of third-party replacement?

Ah, now we come to the challenge of Being Apple. Its mystique (for that’s what a lot of it is) lies in saying very little about how it does things, and asking people to take this stuff on trust, or for granted.

Thus when it comes to repairs, Apple’s implied assumption is that everyone will bring their device to an Authorised Apple Dealer, or Apple, to get it fixed. This ignores the fact that it now sells phones in countries where you’d have to travel for hours and hours to reach either of those – if you were lucky.

Naturally, people go to third-party repair shops to get these things done. And then problems start, because you’re talking about a pocket supercomputer with embedded cryptographic systems that are sensitive to being fiddled with.

But Apple has done a bad job here in communicating the risks of getting anything around the TouchID system replaced. It really needed to get the message out there.

Why didn’t Apple get the message out there?

Probably it’s been difficult to separate the signal from the noise on this. If someone comes in to an Apple Store with an Error 53 phone, it’s hard to know at first why it has done it. The device gets replaced, and the old one sent back to Apple, but that’s barely half of the feedback loop: it has to reach Apple, someone has to figure out why it doesn’t work, and then inform stores, and also inform the marketing people that this can be a problem which needs to be communicated.

Very likely there are people in Apple Engineering, Apple Retail and Apple Marketing who are right now looking at an email trail and smacking their foreheads as they realise what the problem they missed was. Those phones sent back from the stores marked as “will not boot”… ohhh.

That’s the problem with big organisations, though: that sort of feedback loop is really, really hard to organise well. Alternatively, perhaps it has been noticed, but it hasn’t affected a large number of people, and so isn’t as high a priority as.. something else. (We don’t know what.) Of course, to the affected people, it’s a bloody high priority.

Shouldn’t Apple allow third-party TouchID repairs, though? After all, the phone is your property.

The “property” argument isn’t a great one, to be honest. Apple sells you a device, but it doesn’t give you untrammelled rights to it; you aren’t legally allowed to (try to) decompile the software, or the firmware, or to dig into things like the Secure Elements. You don’t own the entire thing.

That’s how things are these days; the open-software absolutists run into a problem with mobile phones, because even if you can download and compile the operating system (a la Andy Rubin) you won’t be able to do that on the baseband software which actually provides the mobile functions. So it’s never completely “your” phone. That’s the case with PCs too these days – there’s stuff on the motherboard you don’t get to mess with.

None of this proves it isn’t Apple just shutting out third-party repairs, though.

Ah, proof. It’s so hard to prove the imaginary, or to refute it. However the scenario where some Apple executives gather round a table and say “You know what? We’re losing valuable revenues and profits from people using third-party repairs! We need to brick those phones!” fails both Occam’s Razor and Hanlon’s Razor, the two logical tests that help you filter through a lot of modern crap.

Occam’s, you’ll recall, is “don’t let entities multiply unnecessarily – aka “the simplest explanation is probably the right one.” Hanlon’s, meanwhile, is “never ascribe to conspiracy what can more easily be ascribed to cockup.”

Why does “shutting out third party repairs” fail Occam’s? Because it requires a lot of people putting in varying amounts of effort to make it happen.

For the malicious version: Apple has to have decided (1) it doesn’t like third-party repairs; (2) it wants people to have a bad experience when they try to upgrade their software (is it certain people will connect the third-party repair with the bricking, given that the events might be weeks or months apart? They might even have had an Apple fix of some sort in the meantime) (3) to set in motion an internal program whereby third-party replacements using correctly-sourced parts will fail, but its own repairs using the same parts won’t (quite risky) (4) to keep all this secret while also instructing its repair shops how to do this.

For the accidental explanation: the new TouchID system on the iPhone 6/etc now pairs with the Secure Elements and its cryptographic signature is sent to the update server on device activation. If the signature doesn’t match on subsequent update requests, the device isn’t authorised.

See how much simpler the latter one is? It doesn’t require any executives, or nefarious planning; just some work by the engineers updating the TouchID/Secure Elements systems. That satisfies Occam.

But equally, the second also satisfies Hanlon’s Razor. Nobody has been malicious; if anything, they’ve been trying to safeguard customers by making sure that sensitive (to financial groups) information can’t get hacked off your phone. However, in doing that, they’ve created a situation where customers get a bad experience and Apple gets bad publicity over something it would have hoped would give it kudos.

The shibboleth

In all the coverage of this topic, it is quite amazing how ready people are to assume the worst. Apple is uniquely capable of polarising people, who find it exceptionally hard to be indifferent about what it does. Either it’s a sort of wellspring of ideas and direction in all sorts of markets, from PCs to mobile phones to smart watches; or it’s a malicious money-grabbing marketing machine seeking ever more ways to rip people and governments off, while foisting commodity products on people at sky-high prices.

For instance, where do you think Cory Doctorow stands on it?

Punish. There’s a verb.

Or Dan Gillmor?

(Both links in those tweets are to the same Guardian article that kicked this all off on Saturday.)

Yet if you look on Hacker News, you’ll find the tenor of the discussion is much more like “oh, that makes sense from a security point of view”. And security experts on Twitter such as Steve Bellovin and Matthew Green could discuss the matter without invoking conspiracy theories.

I find it odd that people who write publicly for money seem more willing to go for the conspiracy theory than those who don’t. Doesn’t exposure to enough organisations teach you that the bigger they get, the more easily screwups happen, and the less communication there is between their many arms?

And Apple really is big these days, stretching across an incredibly broad area of the computing market – from Macs to mobile phones to tablets to smart watches to iPods, from desktop operating systems to mobile operating systems (tweaked differently for the tablet and the phone), to smartwatch and TV set-top box operating systems, to desktop and mobile applications, to cross-platform music programs (iTunes is on Mac OSX and Windows; Apple Music is on iOS, Windows, Mac OSX and Android), to web services (CloudKit) and even chip design.

I’m pretty confident in saying that no other company is doing as many things across as many hardware and software platforms. Google is huge, but doesn’t make hardware in anything like that volume; Microsoft is huge too, but doesn’t make hardware in any appreciable volume. Apple does the whole thing, including chip design. The combination of hardware and software challenge in adding just one new feature to any individual device line is mind-boggling, because you have to consider how it’s going to affect everything else.

In that context, an engineering team working away on an improved TouchID system which authenticates against tampering probably thought they were doing just the right thing. Instead, they were throwing their retail and PR people into a media storm. The size of the teacup is yet to be determined.

Quite how Apple is going to get its explanation across will be educative to watch. (I haven’t spoken to Apple in writing this.) The more interesting question though is: what will happen once lots of Android devices start using Android Pay (which has pretty much the same trust requirements) and those start breaking? Will third-party repairers be able to fix them, or will they have to be sent back to the manufacturer? And if it’s the latter (or if people try the former) how much hell is there going to be to pay?

Though you suspect you know the answer already. It won’t arise, because not that many OEMs will implement Android Pay, and the people who get inconvenienced won’t make as much noise about it. Who cares if someone with an HTC phone has to swap it and loses their data? You’d struggle to get most newsdesks to know what an HTC phone was. Say “iPhone”, though…

Start up: hedge funds like AI, Facebook’s close separation, what if Twitter died?, BlackBerry cuts, and more

A break like this, affecting the home button, is probably going to lead in time to an #error53 fault if you don’t get it repaired by Apple. But what causes it, exactly? Photo by wZa HK on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 12 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Will AI-powered hedge funds outsmart the market? » MIT Tech Review

Will Knight:

Anthony Ledford, chief scientist of MAN AHL, explains that the company is exploring whether techniques like deep learning might lend themselves to finance. “It’s at an early stage,” Ledford says. “We have set aside a pot of money for test trading. With deep learning, if all goes well, it will go into test trading, as other machine-learning approaches have.”

Trading might seem like an obvious place to apply deep learning, but actually it isn’t clear how comparable the challenge of finding subtle patterns in real-time trading data is to, say, spotting faces in digital photographs. “It’s a very different problem,” Ledford admits.

Academic experts also sound a note of caution. Stephen Roberts, a professor of machine learning at Oxford University, says deep learning could be good “for extracting hidden trends, information, and relationships,” but adds that it “is still too brittle with regard to handling of high uncertainty and noise, which are prevalent in finance.”

You just know that this isn’t really going to work, but also that it’s going to be used by a ton of funds to try to get ahead of the market – a market composed of other funds also trying to use the same processes.
link to this extract


iOS security – iOS 9 or later » Apple

Let’s try to get on top of this #error53 stuff:

During an iOS upgrade, iTunes (or the device itself, in the case of OTA software updates) connects to the Apple installation authorization server and sends it a list of cryptographic measurements for each part of the installation bundle to be installed (for example, LLB, iBoot, the kernel, and OS image), a random anti-replay value (nonce), and the device’s unique ID (ECID).

The authorization server checks the presented list of measurements against versions for which installation is permitted and, if it finds a match, adds the ECID to the measurement and signs the result. The server passes a complete set of signed data to the device as part of the upgrade process. Adding the ECID “personalizes” the authorization for the requesting device. By authorizing and signing only for known measurements, the server ensures that the update takes place exactly as provided by Apple.

The boot-time chain-of-trust evaluation verifies that the signature comes from Apple and that the measurement of the item loaded from disk, combined with the device’s ECID, matches what was covered by the signature.

These steps ensure that the authorization is for a specific device and that an old iOS version from one device can’t be copied to another. The nonce prevents an attacker from saving the server’s response and using it to tamper with a device or otherwise alter the system software.

To recap, with #error53, people who have had third-party replacements of screens and/or home buttons on the iPhone 6/Plus and 6S/Plus (but not the 5S) find that it works fine – though they can’t use TouchID (it’s greyed out as an option). But when they do an OS update, the phone bricks: can’t get data, can’t restore.

So my understanding of this is: the reason why devices which have had third-party replacement parts only brick after an OS update, yet work fine before it, is this: on trying to install the update they connect to the auth server. The server decides that the cryptographic measurements no longer match what it has on record. So it decides the chain of trust is broken, and effectively shuts down the device.

But it’s poor decision-making by Apple, and equally poor communication. Why doesn’t it happen on the 5S? Update: because the 5S doesn’t have NFC for Apple Pay. (Thanks, Andy.) What’s the process that Apple uses when it does the repair to revalidate the TouchID system (which fails even with valid parts)? Why can’t the system tell that it’s just TouchID that’s affected? The safety process has overshot its requirements. Every part of what happens makes sense from a security perspective  – but not if considering that many people will get third-party repairs.
link to this extract


Three and a half degrees of separation » Research at Facebook

How connected is the world? Playwrights, poets, and scientists have proposed that everyone on the planet is connected to everyone else by six other people. In honor of Friends Day, we’ve crunched the Facebook friend graph and determined that the number is 3.57. Each person in the world (at least among the 1.59 billion people active on Facebook) is connected to every other person by an average of three and a half other people. The average distance we observe is 4.57, corresponding to 3.57 intermediaries or “degrees of separation.” Within the US, people are connected to each other by an average of 3.46 degrees.

Our collective “degrees of separation” have shrunk over the past five years. In 2011, researchers at Cornell, the Università degli Studi di Milano, and Facebook computed the average across the 721 million people using the site then, and found that it was 3.74 [4,5]. Now, with twice as many people using the site, we’ve grown more interconnected, thus shortening the distance between any two people in the world.

Apparently my average is 3.26 so ya boo. Zuckerberg is 3.17. Sheryl Sandberg is 2.92 – blimey.
link to this extract


On your cute release notes » The Brooks Review

Ben Brooks:

We’ve all seen them. Notes about a fictional engineer who was hired and then fired. A cute story about something completely irrelevant to the matter at hand. Recipe for ‘squash bug soup’ or something along those lines.

With disturbingly increasing frequency, companies are deciding to let their marketing departments handle their release notes instead of the engineering team or product manager.

And we are all worse off for it.

As a user I mostly look at release notes to find out about one (or more) of three things:

• Have you added something new to the app which will make it better for me? That is: what are the new features, what do those features do, and perhaps how do I get to them.
• Have you fixed that bug which was making the app hard for me to use, perhaps even impossible for me to use? Aka: What bugs did you fix?
• How active is development on this app? Before I invest or move to most apps I look at recent release notes to get a sense of whether they are in maintenance mode (just major bug fixes), or under some kind of active development (minor bug fixes and feature releases, optimized for current version of iOS, etc).

link to this extract


BlackBerry cuts 200 jobs in Ontario and Florida to trim costs » Reuters

Alastair Sharp:

The layoffs will affect 75 manufacturing jobs in Sunrise, Florida, a state government website showed.

The company also confirmed that Gary Klassen is one of the people who has departed in the latest round of cuts. Klassen was one of its longest-tenured employees and the inventor of its BBM messaging service.

One source familiar with the matter, who declined to be identified due to the sensitivity of the issue, said many of the Canadian cuts were people working on its BB10 handset software at its Waterloo, Ontario, headquarters.

A spokeswoman for BlackBerry declined to comment on which divisions will be affected by the cuts, but said the company stood by its commitment to release further updates on its BB10 software.

BB10 is so, so dead.
link to this extract


“Dangerous ramifications” » Medium

Rohin Dharmakumar, with some examples of things that didn’t happen:

In January 2015, users of Microsoft’s Office in India were suddenly greeted with a pop-up asking them to “Support Microsoft Office”. The Indian government under PM Narendra Modi was said to be formulating an “Open Source Policy” under which all government offices were to either mandate or prefer open-source software for official work.

Clicking the “Support Office” button caused Microsoft to send the PMO and the Ministry of IT a letter from the user’s name with a pre-determined format. It said the user’s loved Microsoft’s products and wanted their government interactions to be based on the same. “I urge you not to ban Microsoft Office,” it ended.

The same message popped up on users of various Microsoft products in India – Windows, XBox, Windows Phone, Skype etc.

Within a few weeks, over 7 million emails had been sent in support to Microsoft.

“Support Monsanto”

In January 2014, farmers in the southern Indian state of Karnataka were surprised to see a notice attached to every bag of seed they bought from Mahyco, the market leader.

“Tell the Karnataka Govt. not to ban MMB”, said the notice. MMB was Monsanto-Mahyco Biotech, the joint-venture that licensed Monsanto’s crop technologies in India.

He has some more examples of things that didn’t happen – and then one which did.
link to this extract


Why most A/B tests give you bullshit results » Mixpanel

We’ve all seen the articles. Company X increases conversions 38% with this simple trick. Hell, I’ve written some of them.

But those success stories have hidden the grey underbelly of testing and experimentation.

AppSumo revealed that only 1 out of 8 tests produce results. Kaiser Fung estimates that 80 to 90 percent of the A/B tests he’s run yield statistically insignificant results.

Yet many new testers walk into A/B testing thinking it’ll be quick and easy to get results. After running a handful of simple tests, they think they’ll find the right color for this button or the right tweak to that subject line, and conversions will, poof, increase by 38% like magic.

Then they start running tests on their apps or sites, and reality suddenly sets in. Tests are inconclusive. They yield “statistically insignificant” results and no valuable insights about the product or users. What’s happening? Where’s that 38% bump and subsequent pat on the back?

Don’t get frustrated. If you’re going to be running A/B tests, you’re going to have some tests that fail to produce meaningful results you can learn from. But if you run good tests, you’ll have fewer failures and more successes.

link to this extract


Advice for companies with less than one year of runway » The Macro

Dalton Caldwell:

Let’s imagine that you are the founder of a company that has successfully raised an angel or institutional round and are currently in a situation where you have 12 months or less of runway.

The hardest part of dealing with a low runway situation is managing your own psychology. You have to simultaneously manage your own anxiety to not be overly negative about your prospects, but also not be irrationally positive. It’s a delicate balance.

Watch companies do the various things in this post over the next year or so.
link to this extract


Technology: the rift with reality »

Tim Bradshaw:

With so many [virtual reality] headsets hitting the market this year, the challenge may be figuring out what people will do with them. Video games are seen as the first popular application, and some are experimenting with VR versions of films including The Martian. Futuresource Consulting believes the VR content market could be worth $8.3bn within four years.

Beyond entertainment, advocates say these headsets could transform education, travel, real estate and architecture, not to mention videoconferencing and social networking. Some inside Uber are worried that Oculus could one day prove disruptive to their business by removing the need for people to travel. Why hail a taxi when you can teleport?

“Whenever a market is this early, you have to have strong convictions loosely held,” says Nabeel Hyatt, a venture partner at Spark Capital, which also backed Oculus. “We don’t know what’s going to happen.”
That uncertainty provides fertile ground for entrepreneurs. “There will be billion-dollar companies started by college students because someone gave them a Rift as a present and they solved a very specific problem,” says Anjney Midha, a partner at KPCB Edge.

However, as any sci-fi reader knows, new technologies have inherent risks, too. The futures depicted in Ready Player One and Snow Crash are dystopian and chaotic.

In December, academics led by Christian Sandor of the Nara Institute, Japan, wrote that “true augmented reality”, where the digital is indistinguishable from the physical, “will be the most powerful medium that humanity ever had at its disposal”.

link to this extract


What if Twitter Died? » Tech.pinions

Bob O’Donnell:

this seems to be one of the fundamental problems of Twitter. It’s appealing to Hollywood, TV, music and sports celebrities as a means to interact more intimately with their fans and share the kinds of details they’d never provide to traditional celebrity media. It’s appealing to the tech industry as a mouthpiece for those who want to determine the course of what is or isn’t important. The digital taste-setters, so to speak.

But for mainstream business and consumer users? Not so much. Arguably, this is the biggest problem with Twitter—it can’t seem to stretch beyond its celebrity, celebrity follower, and tech roots. If you aren’t into celebrities or the tech industry, Twitter just isn’t that appealing, especially given all the other options for online social interactions.

Despite these points, I think the navel gazing value of Twitter to the tech industry is so high, I seriously doubt they’ll let Twitter actually die. Someone with enough money and enough self-interest will likely make sure that, no matter what, Twitter will continue in some shape or form. Eventually, it’s value may start to fade, as some have already started to argue, but at least the Twittersphere will have a few years to adapt and find new alternatives.

The fundamental challenge is a publishing service that’s essentially based on self-promotion, self-aggrandizement, and self-importance at some point is going to run into the wall of indifference. Not everyone cares to read about what the self-elected are all doing all the time.

link to this extract


Yahoo loses mobile entrepreneur Arjun Sethi to venture firm » WSJ

Douglas MacMillan:

Mr. Sethi helped lead Yahoo’s effort to compete with Facebook Inc.FB -2.29% and Snapchat Inc. in the emerging area of mobile chat apps. Last July, his team released Livetext, a mobile app that lets users send live video and text without any sound.

Livetext failed to take off with users. In its first month, the program dropped out of the ranking of the 1,000 most popular apps in Apple Inc.’s app store and never returned, according to data from App Annie.

Yahoo’s struggles to produce a hit mobile app has hurt Ms. Mayer’s chances at turning around the 20-year-old Internet icon. This week, Yahoo said its board is weighing “strategic alternatives” to the turnaround which likely include a sale of its core Web business…

…Mr. Sethi is one of dozens of startup founders Ms. Mayer brought into Yahoo through a series of small acquisitions. In her three-and-a-half years as CEO, Yahoo has spent more than $2.3bn on at least 53 acquisitions, largely for small mobile-software developers whose apps were shuttered and whose founders were enticed to work on new projects at the company. At least 26, or over one-third, of the more than 70 startup founders and CEOs who joined Yahoo through an acquisition during Ms. Mayer’s tenure have left the company, according to their profiles on LinkedIn Corp.

As has also been pointed out, Yahoo last week wrote down the value of those acquisitions by $1.2bn. The idea of a video app without sound appears dumb, but then again lots are like that; but Instagram, Facebook and Vine were all there ages earlier. Yahoo’s problem is that it’s late and has no traction in mobile, not that the ideas are of themselves bad.
link to this extract


Sacked in Dublin by a boss in… London » Private Eye

Private Eye is always anonymous:

Google’s claim that all its real business is handled through its European HQ in Dublin while its multiple UK offices exist merely to count the paperclips, organise staff leaving collections and do the morning coffee run is further undermined by evidence it gave to an employment appeals tribunal in the Irish capital in 2013.
Rachel Berthold had been sacked in May 2011 from a position as a “level six” manager, which the tribunal heard put her in the top 7% of employees in Google’s Dublin office.

Anne-Catrin Sallaba, her former boss as Google Europe’s Head of Publisher Services, gave evidence to the tribunal that Berthold had failed to meet performance targets – but Sallaba had to cross the Irish sea to do so, given that as Berthold’s line manager she was employed in, er, London.

Berthold was eventually awarded €100,000 for unfair dismissal. Sallaba has in the meantime been promoted twice, and now rejoices in the job title “Senior People Development Manager, Head of Global Onboarding” – still in London!

As it happens, Matt Brittin of Google UK will be testifying before the UK Parliament this week.
link to this extract


Errata, corrigenda and ai no corrida: