Tag Archives: flash

Start up: the stuck smart home, McAfee’s hack trick, ICO probes Deepmind deal, Flash the zombie, and more

Posted on by
Reply


Yes, Runkeeper tracks your runs. But Norway’s consumer council thinks it tracks more than that. Photo by Gordon on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Ain’t that something? I’m charlesarthur on Twitter. Observations and links welcome.

The smart home is stuck • Tech.pinions

Jan Dawson:

»The challenge, then, is the addressable market for most smart home technology is pretty small, composed of innovators and early adopters in the classic technology diffusion curve. As a result, many products are attempting to squeeze every opportunity out of these small markets until they’re maxed out. Nest has been criticized for not innovating more around its original product but I suspect this is the result of a deliberate strategy to saturate many individual product markets rather than focus on ongoing significant improvements in a single market. This helps to explain Nest’s acquisition of Dropcam, its smoke and carbon monoxide detector, and the other products it’s been rumored to be working on. There’s more mileage in opening up new markets than there is in squeezing incremental value out of existing markets already nearing saturation.

I see some people referring to Amazon’s Alexa as a more mainstream smart home or home automation product, and I think that’s actually a red herring. Yes, it can be used to control smart home devices but I suspect (a) only a subset of Alexa devices are used for this purpose and (b) such a focus would limit its appeal to a niche within that smart home early adopter category. I think Alexa’s potential is much broader than that and it’s precisely because it isn’t just a smart home controller. Alexa isn’t extending the smart home market – it’s more mainstream precisely because it’s not limited to that small and limited opportunity.

«

link to this extract

Mobile traffic dominates among the web’s most popular sites • The Atlantic

Adriene Lafrance:

»More than half of Facebook’s roughly 1.7 billion monthly users visit the site exclusively from their smartphones—that’s 894 million mobile-only users each month, up from 581 million such users last year and 341 million mobile-only users in 2014, according to the company’s latest earnings report.

Google confirmed last year that more searches come from mobile devices than computers in 10 countries, including the United States. Over the holiday season, Amazon said more than 60% of shoppers used mobile. And Wikipedia, which recently revamped the way it tracks site traffic, says it’s getting more mobile than desktop visits to its English language site.

In April, Wikipedia had about 361 million unique visits from smartphones and tablets compared with some 229 million from desktops—meaning roughly 61% of traffic to the English-language version of Wikipedia came from mobile devices, according to data provided by a spokeswoman.

«

Didn’t know the Wikipedia stat, but that’s really persuasive.
link to this extract

John McAfee apparently tried to trick reporters into thinking he hacked WhatsApp • Gizmodo

William Turton:

»McAfee has a history of being shifty with the press about his alleged cybersecurity exploits. In March, for instance, during a media tour that included appearances on CNN and RT, McAfee claimed he would be able to hack into the phone of San Bernadino terrorist Syed Farook. McAfee never proved his claims, and later admitted that he was lying in order to garner a “shitload of public attention.” And earlier this year, McAfee hedged on his terrorism-prevention ideals for America during an interview with CNN about his Libertarian candidacy for president, saying that his strategy for preventing homegrown terrorism was “difficult to explain.”

Now, it seems McAfee has tried to trick reporters again, by sending them phones pre-cooked with malware containing a keylogger, and convincing them he somehow cracked the encryption on WhatsApp. According to cybersecurity expert Dan Guido, who was contacted by a reporter trying to verify McAfee’s claims, McAfee planned to send this reporter two Samsung phones in sealed boxes. Then, experts working for McAfee would take the phones out of the boxes in front of the reporters and McAfee would read the messages being sent on WhatsApp over a Skype call.

«

Pointless.
link to this extract

ICO probes Google DeepMind patient data-sharing deal with NHS Hospital Trust • Computer Weekly

Caroline Donnelly:

»The Information Commissioner’s Office, the data protection watchdog, confirmed an investigation into the arrangement is underway, on the back of at least one complaint from the general public.

The deal gives DeepMind access to the healthcare records of 1.6 million patients that pass through three hospitals in North London, which fall under the care of the Royal Free Hospital Trust.

The complaint, seen by Computer Weekly, questions whether DeepMind will be expected to encrypt the patient data it receives when at rest.

“Whilst the information-sharing agreement insists that personally identifiable information – such as name, address, post code, NHS number, date of birth, telephone number, and email addresses, etc – must be encrypted whilst in transit to Google, it does not explicitly prohibit that data being unencrypted at the non-NHS location,” the complaint read.

«

First there’s a deal; then it turns out it’s not directly approved. The complaint is essentially that individuals at Google/Deepmind might access personal data. This is the essential battleground of the coming years: how compatible is tight data regulation with data mining?
link to this extract

Let’s talk about Amazon reviews: how we spot the fakes • The Wirecutter

Lauren Dragan:

»Amazon has a history of trying hard to deal with offenders and shut them down. In fact, in April, Amazon sued another round of companies that are accused of selling fraudulent reviews. But by the time those companies are caught, their clients have already made a bunch of sales, and the fraudulent reviewers will likely pop up again under new names to repeat the process.

(Want to know more? Wirecutter headphones editor Lauren Dragan talks to Marketplace Tech about compensated Amazon reviews and how to tell real crowdsourced opinions from astroturfing.)

You have a few ways to suss out what may be a fake review. The easiest way is to use Fakespot. This site allows you to paste the link to any Amazon product and receive a score regarding the likelihood of fake reviews.

For example, we ran an analysis on some headphones we found during a recent research sweep for our guide about cheap in-ear headphones. You can see from the results below that the headphones’ reviews didn’t score so well.

«

Hadn’t come across Fakespot before; it seems pretty useful.

link to this extract

The real cost of big tech’s accounting games • FT.com

Jonathan Ford:

»How much did LinkedIn make over the past three years? Sounds a simple enough question doesn’t it? But it is also one that is capable of being answered in multiple and very diverse ways.

First, let’s look at the figure the US online networking site wants you to focus on. That’s a mouthful called adjusted earnings before interest, tax, depreciation and amortisation (ebitda), and the total there between 2013 and 2015 came in at a positive $1.7bn.

Sounds pretty hunky dory? Well, now check out the operating profit line for the business — the one calculated according to the generally accepted accounting principles (GAAP) that companies must present but often don’t emphasise. Over the same period, LinkedIn racked up a $67m loss.

What explains the yawning $1.8bn difference between those two figures? It isn’t simply the depreciation and amortisation charges the company took against the value of its assets. Those, while pretty hefty, came to just $791m. No, the biggest single reason for the negative swing was the $1bn cost of the stock LinkedIn stuffed into its employees’ pay packets over those three years.

«

Why does it matter if the company gives stock to employees? As Ford explains, it’s because by doing that

»the firm denies itself the chance to sell those shares or options for value in the market. Failing to recognise that forgone cash effectively understates the cost the company has incurred in employing those individuals.

«

So stock grants are a cost. So they come off the bottom (operating) line. I’m constantly surprised by how many companies’ non-GAAP results are reported as if they were the ones to compare.
link to this extract

Google faces record-breaking fine for web search monopoly abuse • Sunday Telegraph

Christopher Williams:

»Google faces a record-breaking fine for monopoly abuse within weeks, as officials in Brussels put the finishing touches to a seven-year investigation of company’s dominant search engine.

It is understood that the European Commission is aiming to hit Google with a fine in the region of €3bn, a figure that would easily surpass its toughest anti-trust punishment to date, a €1.1bn fine levied on the microchip giant Intel.

Sources close to the situation said officials aimed to make an announcement before the summer break and could make their move as early as next month, although cautioned that Google’s bill for crushing competition online had not been finalised.

The maximum possible is around €6.6bn, or a tenth of Google’s total annual sales.

It will mark a watershed moment in Silicon Valley’s competition battle with Brussels. Google has already been formally charged with unlawfully promoting its own price comparison service in general search results while simultaneously relegating those of smaller rivals, denying them traffic.

«

I’m hearing the same about the timing and intention from my sources; the fine, meanwhile, is indeterminate.
link to this extract

This fitness app tracks you too much, consumer advocates claim • Fortune

David Meyer:

»According to the Norwegian Consumer Council, which has lodged a complaint with the country’s data protection authority, Runkeeper transmits data about its users all the time, not just when the app is in use.

The Norwegian data protection commissioner, Bjørn Erik Thon, confirmed to Fortune that his office has received the complaint and will now look into it.

“Everyone understands that Runkeeper tracks users while they exercise, but to continue to do so after the training session has ended is not okay,” said Finn Myrstad, the consumer council’s technical director.

The data in question includes timestamped location information, as well as Google advertising IDs that can be used to identify the individual.

“Our users’ privacy is of the utmost importance to us, and we take our obligation to comply with data protection laws very seriously,” Runkeeper CEO Jason Jacobs told Fortune. “We are in the process of reviewing the issues raised in the complaint, and we will cooperate with the Norwegian [data protection authority] if it has any questions arising out of the complaint.”

According to the council, Runkeeper’s terms and conditions do not explain how regularly data is transmitted, and users do not give consent to being monitored in this way. The council claims this breaches Norwegian and EU data protection laws.

«

Here’s Runkeeper’s privacy policy. It’s astonishingly vague (though in that respect, probably not so different from other privacy policies). What intrigues me is why the Runkeeper CEO didn’t just say “nah, we don’t collect data after your run.”
link to this extract

Five things you can get in India with a missed call • WSJ

Shefali Anand:

»Want to transfer funds from your account? Give your bank a missed call. Want to hear Bollywood music? Dial a number and hang up.

Making a missed call by calling a number and letting it ring is a popular way of communicating in India because the caller doesn’t have to spend money. Marketing companies, politicians, banks and others now use this practice to reach millions who have cellphones but limited means.

«

Brilliant. Recalls how, in the days when long-distance calls were expensive, kids on their travels would call the operator and ask to set up a reverse-charge call to their parents. Parent’s phone rings: “Alley Okey is calling from Wichita, Kansas. Will you accept the charge?” Parent: “No.” Conversation ends, with parent knowing that the kid is OK and presently in Wichita.
link to this extract

Chinese smartphone market has slowed, but Huawei, Oppo & Vivo have not • Counterpoint Technology

»According to the latest research from Counterpoint’s Market Monitor service, the demand for smartphones in China softened during Q1 2016 (Jan-Mar) as the smartphone shipments were down 2% annually and 13% sequentially.

Commenting on the results, Research Director, Neil Shah, said: “In spite of the Chinese holiday season quarter, the Chinese smartphone market demand reached a standstill. This has led to intense competition between the players as they struggle to take share away from each other. In a market with hundred of brands, growth is now limited to a handful of players with the greatest marketing budgets and headturning designs, and available at competitive price points.

“Only five brands registered healthy growth during the quarter. Oppo, Huawei and Vivo drove the majority of the volume, capturing a combined 40% of the total Chinese smartphone market. Demand for rest of the brands declined, especially Apple after the strong demand for iPhone 6 & 6 Plus in the quarter a year ago, and lacklustre performance from Lenovo, ZTE and Coolpad.”

The Chinese smartphone market saw a lull in the first two months of 2016, however sales for smartphones started to pick up in March, with the largest sales contribution from Huawei, Oppo and Vivo, the new leaders in Chinese domestic market.

«

Other notable points: 98% of phones sold were smartphones (hence Microsoft’s 90% year-on-year drop); the “premium” segment of RMB3000+ ($450+) makes up a fifth of the market, with Apple, Samsung and Vivo dominating.
link to this extract

HTML5 by default: Google’s plan to make Chrome’s Flash click-to-play • Ars Technica UK

Peter Bright:

»In a plan outlined last week, Flash will be disabled by default [in Google Chrome] in the fourth quarter of this year. Embedded Flash content will not run, and JavaScript attempts to detect the plugin will not find it. Whenever Chrome detects that a site is trying to use the plugin, it will ask the user if they want to enable it or not. It will also trap attempts to redirect users to Adobe’s Flash download page and similarly offer to enable the plugin.

«

Great!

»

There will be a few exceptions to this policy, with Google planning to leave Flash enabled by default on the top 10 domains that depend on the plugin. This list includes YouTube, Facebook, Twitch, and Amazon.

«

Crap.

»

Even this reprieve is temporary. The plan is to remove sites from the list whenever possible—Twitch, for example, is switching to HTML5 streaming, so should start to phase out its use of Flash—and after one year the whitelist will be removed entirely. This means that after the fourth quarter 2017, Flash will need to be explicitly enabled on every site that tries to use it.

«

“After the fourth quarter of 2017”, aka 2018. Flash, the desktop web’s malware zombie. (Notice that all those sites somehow muddle through on mobile, which is far bigger, without Flash.)
link to this extract

Errata, corrigenda and ai no corrida: none notified.

Start up: Chrome v Flash (and Google v iOS 9), HTC delays Vive, streaming’s true problem, and more

Posted on by
Reply


Suggested caption: “I wish I’d never mentioned the bloody sealion”. Can a computer do better? Picture from MCAD Library on Flickr.

A selection of 9 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Google makes it official: Chrome will freeze Flash ads on sight from Sept 1 » The Register

Shaun Nichols:

Back in June, Google warned that, in cooperation with Adobe, it would change the way Flash material is shown on websites.

Basically, “essential” Flash content (such as embedded video players) are allowed to automatically run, while non-essential Flash content, much of that being advertisements, will be automatically paused.

As we explained a couple of months ago, it’s effectively taking Chrome’s “Detect and run important plugin content” feature, and making it the default: only the “main plugin content on websites” will be run automatically. That should put a stop to irritating ads around the sides of pages.

Google’s reasoning for the move is largely performance-based, apparently. The Chocolate Factory worries that with too many pieces of Flash content running at once, Chrome’s performance is hamstrung, and, more critically, battery life is drained in notebooks and tablets running the Flash plugin.

A performance and battery hit? From Flash? I’m shocked, shocked to hear of such a thing.
link to this extract

Handling App Transport Security in iOS 9 » Hacker News discussion

Remember the Google Ads blogpost from last week explaining how developers could enable non-HTTPS ads to show on iOS 9, which enforces (almost) HTTPS? The discussion on Hacker News include some who’ve been in the trenches:

At my last job, we did something similar to what iOS 9 is now doing, where we migrated a survey engine to serve all forms over https. There was high fiving and champagne all around the engineers desks, while media was freaking out that their impressions took the sharpest reverse-hockey-stick in the world. Ad networks are seriously the worst when it comes to https traffic. Given the dozens of redirects and pixel injections and iframes slapped into a media page, it’s nearly impossible to serve secure traffic since it only takes one network to downgrade the https request to http and then the page is “broken”.

Other comments provide useful insight too.
link to this extract

The wait for HTC’s Vive VR headset just got longer » ReadWrite

Adriana Lee:

Other projects and software features are likely in the works [from Oculus Rift] as well. (We may know more at the Oculus Connect 2 developer conference in Los Angeles next month.) 

There’s also increasing competition from VR hardware startups and other (bigger) competitors eyeing virtual and augmented reality—including Sony, Google, Samsung and Microsoft. Apple may also be pursuing virtual and augmented reality behind closed doors.

All of which makes HTC’s decision to delay the Vive’s consumer release rather risky—especially if the company is relying on this initiative to make up for its flagging smartphone business. For end users and developers, however, the scenario points to something else: Next year is going to be absolutely huge for all realities virtual. 

Can HTC hang on long enough to ride that wave? Testers say it’s terrific quality. Most valuable asset?
link to this extract

Chromebooks gaining on iPads in school sector » The New York Times

Natasha Singer:

In terms of the sheer numbers of devices sold, however, Microsoft remained in the lead. In 2014, about 4.9m Windows devices, including notebooks and desktops, shipped to schools, giving Microsoft a roughly 38% market share in unit sales, IDC said.

Apple, meanwhile, shipped about 4.2m devices for schools, including desktops, notebook computers and tablets, accounting for about 32% of the education market, according to the report.

But the Chromebook category is fast gaining traction in the United States.

Last year, about 3.9m Chromebooks were shipped in the education sector, an increase in unit sales of more than 310% compared with the previous year, IDC said. By contrast, iPad unit sales for education fell last year to 2.7m devices, compared to 2.9m in 2013, according to IDC data.

“Even if Microsoft is No. 1 in volume and Apple is No. 1 in revenue, from the growth perspective, nobody can beat Chromebook,” said Rajani Singh, a senior research analyst at IDC who tracks the personal computer market and is the author of the report.

In the first half of this year, she said, roughly 2.4m Chromebooks shipped to schools compared with about 2.2m Windows-based desktops and notebook computers.

Maybe this is where Chromebooks begin to eat away at Windows. They certainly should be a lot easier to secure and manage.
link to this extract

We built a robot to help you win The New Yorker’s cartoon caption contest » The Verge

Michael Zelenko and Frank Bi:

Each week The New Yorker runs a cartoon contest on its back page, where the publication invites readers to submit captions to cartoons drawn by the magazine’s illustrators. Winning the contest is notoriously difficult — writers have to generate a quip that’s funny, but also perfectly mimics the magazine’s sensibilities. A deep knowledge of The New Yorker is a prerequisite. Or is it?

We’ve collected all the first, second, and third place winning entries going back to when the magazine introduced the competition in 2005 — all 1,425 of them. Then, we ran them through a Markov text generator program that analyzes the winning captions and generates new, randomized entries that echo the original set.

Observation: using this won’t even get you to the last three in the caption contest. Maybe when the robots have taken all the other jobs, “comedian” will still remain for humans.
link to this extract

The real problem with streaming » Music Industry Blog

Mark Mulligan:

Even without considering the entirely intentional complexity of details such as minimas, floors and ceilings, the underlying principle is simple: a record label secures a fixed level of revenue regardless, while a music service assumes a fixed level of cost regardless.

Labels call this covering their risk and argue that it ensures that the services that get licensed are committed to being a success. Which is a sound and reasonable position in principle, except that in practice it often results in the exact opposite by transferring all of the risk to the music service. Saddling the service with so much up front debt increases the chance it will fail by ensuring large portions (sometimes the majority) of available working capital is spent on rights, not on building great product or marketing to consumers.

None of this matters too much if you are a successful service or a big tech company (both of which have lots of working capital). Both Google and Apple are rumoured to have paid advances in the region of $1 billion. While the payments are much smaller for most music services, Apple, with its $183bn in revenues and $194bn in cash reserves can afford $1bn a lot more easily than a pre-revenue start up with $1m in investment can afford $250,000.  Similarly a pre-revenue, pre-product start up is more likely to launch late and miss its targets but will still be on the hook for the minimum revenue guarantees (MRG).

It is abundantly clear that this model skews the market towards big players and to tech companies that simply want to use music as a tool for helping sell their core products. 

 
link to this extract

Heads-up, Google: fighting the EU is useless » Bloomberg View

Leonid Bershidsky:

Microsoft can tell Google exactly what happens next; indeed, Google’s lawyers realize there will be other antitrust investigations. One, concerning the Android operating system and its links to Google services, is already in the works, although no official charges have been brought. Another may soon hit Google where it really hurts, challenging its dominance in online advertising. Google will fight and probably lose, because Europe doesn’t like big U.S. companies to dominate its markets. 

Lobbying and complying with whatever demands still can’t be avoided is a less painful path. Microsoft spent 4.5 million euros last year, a million more than Google, on efforts to get EU officials to see its points on issues such as data protection and cloud computing. Among other things, the European Parliament is now considering a Microsoft proposal that would cap fines for Internet privacy violations at 2m euros a case, instead of 2% of a company’s international turnover.

It’s admirable that Google now wants to fight for its principles and against the dilution of its superior offering. It makes me cringe, however, to think of the time and money that will be burned in this hopeless battle.

link to this extract

The fembots of Ashley Madison » Gizmodo

Annalee Newitz:

In the data dump of Ashley Madison’s internal emails, I found ample evidence that the company was actively paying people to create fake profiles. Sometimes they outsourced to companies who build fake profiles, like the ones Caitlin Dewey wrote about this week in the Washington Post. But many appear to have been generated by people working for Ashley Madison. The company even had a shorthand for these fake profiles—“angels.” Perhaps this is a tip of the hat to Victoria’s Secret models, also known as angels.

Ashley Madison created their angels all over the world, and the dump contains dozens of emails where Avid Life Media management arranged to generate more. Here you can see a July 4, 2013 email from Avid Life Media’s director of internal operations, Nora Abtan, to CEO Noel Biderman and other managers, with the subject “summary angels status”…

…An email chain between Sandra Simpson and an employee named Eduardo Borges, dated July 30, 2012, suggests that quality control on the angel profiles was actually pretty rigorous. Borges asks whether it’s OK to reuse photos if they are in different states, and Simpson says no—she notes that many members travel and they might spot the duplicates.

Such great journalism; such a scammy business. The question becomes, did the company take this direction from the start, or was it forced towards fakery by circumstance?
link to this extract

Apple is about to lay down its TV cards » TechCrunch

Matthew Panzarino:

It stands to reason that Apple will be able to push the A8 much, much further than it ever has before given that the Apple TV is plugged into the wall, and not dependent on battery.

This will enable developers of games and other resource-intensive applications to produce higher quality and more demanding apps. Among the demos I’d expect to see on stage next month are content apps, games, and broadcast companies. These apps fit the venue (fixed, but large and participatory) and purpose of your television — and the apps that people will build for the Apple TV would do well to take those factors into account as well.

A native SDK that takes advantage of the hardware fully will, for the first time ever, turn the Apple TV into a platform, a self-sustaining life form that Apple likely hopes will dominate competitors who have done only slightly better about adding third-party support.

To control the new Apple TV? A new remote. One major feature of which was pretty much nailed by Brian Chen in an article earlier this year. It’s slightly bigger and thicker, with physical buttons on the bottom half, a Touchpad area at the top and a Siri microphone.

I thought the Apple TV would get its own SDK
back in 2012. Totally wrong; it just wasn’t ready.
link to this extract

Start up: the people who buy flops, remotely hacking Jeeps, sharing Google’s salaries, and more

Posted on by
Reply


Inside the Greenwich foot tunnel: great for (walking) London cyclists. Photo by nick.garrod on Flickr.

A selection of 9 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Harbingers of failure » Penn State University

Eric Anderson, Song Lin, Duncan Simester and Catherine Tucker:

We show that some customers, whom we call ‘Harbingers’ of failure, systematically purchase new products that flop. Their early adoption of a new product is a strong signal that a product will fail – the more they buy, the less likely the product will succeed. Firms can identify these customers either through past purchases of new products that failed, or through past purchases of existing products that few other customers purchase. We discuss how these insights can be readily incorporated into the new product development process. Our findings challenge the conventional wisdom that positive customer feedback is always a signal of future success.

The authors aren’t specific, but might another word for such people be “Kickstarter participants”?
link to this extract

You disabled Flash in your browsers, but is that enough? » Fortinet Blog

Bing Liu:

Flash files can not only be embeded in a web page but also in various document formats such as Microsoft Office documents and PDF files. Even if you have disabled Flash in your browsers, Flash exploits can still leverage Flash player vulnerabilities through software like Microsoft Office and Adobe Reader. Let’s do some tests. I will use the PoC of CVE-2015-5122 from the Hacking Team in my test. It will pop up the caculator program when loaded in browsers and other applications that have a vulnerable Flash plugin enabled.

Oh god, please can Flash DIAF?
link to this extract

iPhone, iPad study shows trade stats dramatically overstate the value of US imports from China » American Enterprise Institute

Mark Perry:

This study [from 2011] also confirms our earlier finding that trade statistics can mislead as much as inform. Earlier we found that for every $299 iPod sold in the U.S., the U.S. trade deficit with China increased by about $150. For the iPhone and the iPad, the increase is about $229 and $275 respectively. Yet the value captured from these products through assembly in China is around $10. Statistical agencies are developing tools to gain a more accurate breakdown of the origins of traded goods by value added, which will be attributed based on the location of processing, not on the location of ownership. This will eventually provide a clearer picture of who our trading partners really are, but, while this lengthy process unfolds, countries will still be arguing based on misleading data.

Makes sense: the assembly in China doesn’t really create significant value. Moving those jobs back to the US (which is impossible: the infrastructure isn’t there) wouldn’t make a lot of difference either. (Via Eugene Wei.)
link to this extract

Nanotec Systems NESPA #1 » 6moons audio reviews

The procedure is simple. Place a CD or DVD inside the black box, secure the disc with the magnetic puck and rock the switch. The disc will start spinning and the light will flash 120 times in a 2-minute period. After that, the disc will stop spinning and voila, the disc is finalized.

The flash applied is rated at 1000mW/sec, has a temperature of 5500K and light intensity of one million Lux. So in fact the disc is exposed to sunlight without destroying it.

So marvellous. (Via Peter Bright.)
link to this extract

Apple iPhone 6, the bestselling smartphone for 10 months straight » Counterpoint Technology Market Research

Every year we’ve seen the pattern of the iPhone topping the list in the fourth and first quarter of the year, while the Galaxy S tops the second and third quarter. This pattern now seems to have been broken as the iPhone 6 continues to top the list since September 2014.

The highly anticipated Galaxy S6 Edge was plagued with supply issues in the first month and now suffers from its high price tag – quickly losing its flare as a consequence. We see its sales figures declining since its launch in April. This is a heavy blow to Samsung as it has no other new model launched in 2015 in the top 10 best sellers list.

The list goes: iPhone 6, iPhone 6 Plus, Samsung GS6, Samsung GS6 Edge, iPhone 5S, Xiaomi Mi Note, Samsung Galaxy S5, Samsung Galaxy Note 4, Xiaomi Redmi 2, LG G4. (Relative sizes not given.) This is the first time LG has been in there this year; Xiaomi’s presence is a clear and present danger to Samsung.

Note that the data is for sales to users, not shipments to carriers.
link to this extract

Downward trend: Korean smartphone makers struggle in Latin American market » BusinessKorea

Cho Jin-young:

Korean smartphone makers are expected to face a crisis after showing good performance in Latin America. Samsung Electronics accounted for 29.5% of the smartphone market in Latin America during Q1 2015, down 10% or more compared to the same period last year, according to Hong Kong-based market research firm Counterpoint Research. LG Electronics, which was the second-most-popular smartphone vendor in the region, also experienced a decline in market share within a year, from 14% to 10.9%. The combined share of the two Korean companies amounted to 52.4% in Q1 2014, but the figure for Q1 2015 was 40.4%. Therefore, it is urgent for two Android phone makers to come up with measures to address the problem.

In contrast, a shift in the center of gravity for the global smartphone market is predicted to become a golden opportunity for Chinese firms that mainly produce entry-level and mid-range smartphones. Xiaomi recently entered the Brazilian mobile phone market by showcasing the Redmi2, a mid-range model, in line with the current market environment. The Chinese company decided to produce Android phones in Brazil for local consumption by asking Foxconn to assemble their products in the country.

More concerning for them is that sales of smartphones in Latin America are slowing down – so that’s a falling share in a falling or static market.
link to this extract

Hackers remotely kill a Jeep on the highway—with me in it » WIRED

Andy Greenberg:

The attack tools [Charlie] Miller and [Chris] Valasek developed can remotely trigger more than the dashboard and transmission tricks they used against me on the highway. They demonstrated as much on the same day as my traumatic experience on I-40; After narrowly averting death by semi-trailer, I managed to roll the lame Jeep down an exit ramp, re-engaged the transmission by turning the ignition off and on, and found an empty lot where I could safely continue the experiment.

Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch. The researchers say they’re working on perfecting their steering control – for now they can only hijack the wheel when the Jeep is in reverse.

All this is remote and wireless – they aren’t directly plugged in to the car: the car’s phone connection makes it vulnerable if you know its IP address. Let’s just hope these cars aren’t running Flash.
link to this extract

@EricaJoy’s salary transparency experiment at Google (with tweets) » Storify

Joy started a spreadsheet inside Google on which she shared her salary and details about bonuses (she wasn’t receiving any). The sheet went viral inside the organisation. Some choice extracts:

“I was invited to talk to my manager on Mon or Tues. Higher up people weren’t happy. She wasn’t happy. “Why did I do it? Don’t you know what could happen?”

“Nothing. It’s illegal to retaliate against employees for sharing salaries.”

“Wellll….

And another observation of Joy’s:

“Fighting for justice & fairness INSIDE Google doesn’t go over well. Salary sharing is only 1 example. Blogger porn. Real names. Many others.”

One can see how any company would be uncomfortable at having employees all virally sharing details of their remuneration. The irony of Google, which so insists that All Must Be Known And None Shall Be Hidden, getting a taste of it, is quite a thing to behold. (Joy left Google and is now at Slack.)
link to this extract

CityCyclist 1.0 » scraplab

Tom Taylor:

For a few months, in slivers of spare time, I’ve been working on a little app for city bike navigation, called CityCyclist.

I’ve tried to build something clean and accessible, that gets a good bike route on the screen as quickly as possible. That’s glanceable while on a bike, and more useful when off.

Key innovations: there’s a little scrubber on the elevation profile at the bottom to fly quickly along a route without zooming and panning around. My hypothesis was that might make it easier to consign a route to memory. I suspect that’s not true, but I still like it.

The search results use a combination of Foursquare and Apple’s address geocoder, and seem fairly good.

The routing is powered by CycleStreets (backed by OpenStreetMap) with a selection of three options: fast, balanced, quiet. (UK only for now.)

The height detail is really nifty. And yes, cyclists have very different routing needs from drivers or walkers.
link to this extract

Start up: Windows 10’s puzzle, Adobe’s coming obituary, our digital romances, and more

Posted on by
Reply


A better sound to be found inside? Photo by pumpkinmook on Flickr.

A selection of 8 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Windows 10 signifies Microsoft’s shift in strategy » The New York Times

Nick Wingfield:

in recent years, Windows has become an afterthought for many software developers, who have turned to the huge and engaged audience on smartphones. That shift has left Microsoft in a precarious position with consumers in recent years.

To generate more interest from developers, Microsoft has designed Windows 10 to run on PCs, smartphones and other devices, which is meant to make it easier for developers to write apps that run across all of them. And the company has sworn there will be one billion devices running the software in the next two to three years, giving developers a huge potential market to reach with their creations.

“I think we will see really huge adoption” of Windows 10, said Kevin Sather, director of product marketing for systems at Razer, a maker of high-end gaming computers and other devices.

The benefits of fast and free adoption of Windows 10 could well outweigh the revenue Microsoft is giving up. The company does not disclose how much upgrade revenue it normally makes from a new operating system, but analysts estimate that it is small compared with the other ways the company makes money from the operating system.

What this doesn’t explain is why Windows 10, even free, should suddenly make consumers devote any more time to their PCs, or buy Windows tablets any more than they do. Obviously Microsoft is a business-oriented company. So will this actually make any difference at all to the general direction of travel, away from the desktop to mobile? I just don’t see it.
link to this extract

Free sound improving techniques » PWB Electronics

Try the freezing experiment using a CD first – they are usually the easiest object to hand. If you have two identical CDs all the better as you can keep one CD as the control (no treatment) and put the other CD through the freezing/slow defrost process.

Place one CD in a plain plastic bag and place this bag in the domestic deep freezer overnight. When you remove the CD from the freezer, allow it to return to room temperature very, very slowly. You can achieve a slow defrost quite easily by wrapping it in a towel or blanket. Listen to the CD which has been through the freezing process first and then see if you can listen to the other (unfrozen) CD with the same pleasure !! Putting the previously frozen CD through the freezing/slow defrost process a second time gives you a further improvement in the sound.

Impossible to distinguish from satire. Or reality.
link to this extract

Only around 15% of WP 8.1 users to upgrade to Windows 10 Mobile? » All About Windows Phone

Steve Litchfield:

There’s something of a blanket assumption that everyone currently using Windows Phone 8.1 will upgrade to Windows 10 Mobile – after all, Microsoft has been promising that ‘majority’ of users will join the Window 10 ecosystem. But, after a few recent experiences of mine with budget devices, I thought it worth sounding a note of caution and reality – I’d put money on the actual conversion numbers to Windows 10 Mobile being significantly less than 50% and maybe as low as 15%.

He tested trying to update to Windows 10 Mobile on wiped-clean Lumias. It wasn’t great. Why? Storage: some of those low-end phones just won’t have the spare space – especially for those with any apps installed.
link to this extract

Tech world prepares obituary for Adobe Flash » WSJ

Robert McMillan:

in 2007, along came the iPhone. Adobe engineers embraced it immediately. “Everyone who was in the organization was carrying an iPhone,” said Carlos Icaza, an Adobe senior engineer at the time.

But Apple’s smartphone also troubled Mr. Icaza, who was in charge of Flash development on mobile phones. Flash had become bloated over the years and required lots of computing power to run. That wasn’t a big deal on PCs, but on mobile phones, with their limited battery life, it was a major problem, and Apple had opted not to support the technology.

Flash needed a major rewrite to work on the iPhone, but Mr. Icaza couldn’t get his superiors to allocate the necessary resources.

“For me, it was, ‘What the hell is going on? We have this amazing device that is going to change the world and everybody knows it,’” he said in an interview. “Nobody at the organization was trying to make Flash work on this device.”…

…Adobe itself now considers Flash to be immaterial to its business, meaning that it accounts for less than 5% of company revenue, but it is still widely used on websites built for browsers. The software runs on under 6% of the Internet’s home pages and its use is declining, according to BuiltWith Pty Ltd, which tracks Internet technology.

You don’t hear that 6% stat thrown around much, do you?
link to this extract

I tried all the apps that are supposed to mend a broken heart » Fusion

Kristen Brown:

A few months into the relationship I’d asked Siri to remember which of the many Johns* [*his name wasn’t John] in my contacts was the one I was dating. At the time, divulging this information to Siri seemed like a big step — at long last, we were “Siri Official!” Now, though, we were Siri-Separated. Having to break the news to my iPhone—my non-human, but still intimate companion—surprisingly stung.

Siri wasn’t the only screen-based trial of my break-up. Our relationships now exist across networked webs of digital connections, webs that we build up each time we begin a new romance and then must painfully break down when one ends. When I flicked open my laptop at work, the bottom-right corner was empty where a Google chat had previously sat waiting for me. Notifications of unread Snapchat messages used to lead to goofy photos of John, but now they’re just, disappointingly, announcements from Team Snapchat. Every time I send a note to a particular group of friends, Google’s algorithm suggests I add John to the e-mail thread.

Our relationship was the digital equivalent of moving in together, and now painful memories of him were scattered all over my online home. Technology was making my heartache worse, but that’s not how these things are supposed to work: Technology is supposed make our lives easier, so I sought out tech fixes for a broken heart.

link to this extract

Online cheating site AshleyMadison hacked » Krebs on Security

Brian Krebs:

In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee.

According to the hackers, although the “full delete” feature that Ashley Madison advertises promises “removal of site usage history and personally identifiable information from the site,” users’ purchase details — including real name and address — aren’t actually scrubbed.

“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the hacking group wrote. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”

Their demands continue: “Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.”

link to this extract

The Apple Watch review » Anandtech

Joshua Ho and Brandon Chester:

Although this is a review of the Apple Watch, the Apple Watch will ultimately be quickly forgotten with the launch of future iterations of the Apple Watch. After all, Apple is not trying to sell the world on the idea of a smarter watch, but the idea of a watch altogether.

For those still deciding on whether the first Apple Watch makes sense, I have no reservations in saying that it’s the best wearable I’ve ever used. However, at the same time I find it hard to recommend this first-generation Apple Watch. It’s clear that there are far too many obvious areas to improve upon, areas where Moore’s law will help to dramatically improve the experience. In the case of smartphones, Moore’s law made it possible to deliver true all-day battery life and fluid app performance. After spending a few months with the Apple Watch, all I can see is a need for more compute and battery life, like what happened with smartphones.

Finally, we get back to the question of whether Apple will be sell people on the concept of a watch. In the months since I first used the watch I’ve ended up wearing it every day. I distinctly noticed its absence when I forgot the charger on a trip. I don’t know if Apple will succeed in convincing others of the utility of a watch, but they’ve definitely convinced me.

To the despair of graph-lovers everywhere, the authors declare that they can’t figure out a standard method for testing battery life, because you can configure the Apple Watch and Android Wear to behave so differently on notifications. But I agree with their conclusion – what you begin to notice, increasingly, over time is the utility.
link to this extract

Dropdowns should be the UI of last resort » LukeW

Luke Wroblewski:

No one likes filling in forms. And the longer or more complicated a form seems, the less likely we are to jump in and start filling in the blanks -especially on small screens with imprecise inputs (like our fingers).

dropdowns v tabs

While there’s two extra fields in the “painful” version above, the primary difference between these two flight booking forms is how they ask questions. One makes use of dropdown menus for nearly every question asked, the other uses the most appropriate input control for each question.

Dropdowns really are a pain, but it takes this post to point out quite why. There’s a longer writeup with links to video clips too.
link to this extract

Start up: life as an “Invisible”, why use adblocking?, how Spotify’s eating your drive, and more

Posted on by
Reply


BlackBerry has been a loser as smartphones have taken off in Africa. Photo by shizhao on Flickr.

A selection of 9 links for you. Surprise your friend by tweeting an inline link. Follow The Overspill on Twitter to get updates on what’s posted here. I’m charlesarthur on Twitter. Observations and links welcome.

I was an Invisible Girlfriend for a month » Fusion

Kashmir Hill tried being one of the workers who texts (but never, never sexts) with people who want not-really-just-virtual-but-real boyfriends or girlfriends:

Over all, the number of users who seemed to really want companionship outnumbered the skeptics. The founders say one user told them she was going through chemotherapy and that her real-life boyfriend had dumped her. So her invisible boyfriend had become a serious emotional support while she fought cancer.

I didn’t encounter anyone like that. Instead, I met a guy in his late 20s who wanted to have an extended conversation with his “lovingly nerdy, best-friend-turned-girlfriend” about taxidermy. He said that if he were a taxidermist, he would sew a cat to a dog. I texted, “Would you put a cat head on a dog body or a dog head on a cat body?” But I didn’t get to see his response, nor find out if the conversation was about to go to a darker place that might warrant alerting authorities.

It’s hard to put a price on love. But Crowdsource did. It’s worth a whopping five cents. That’s how much I got paid to write each of these texts.

If I spent an hour answering texts, and took the full five minutes to write each one, I’d be making 60 cents an hour, far below the minimum wage. This is legal because all the workers on the platform are classified as independent contractors rather than employees.

But of course. She’d get $5 for answering 100 texts; the service charged $15-$25 for the same.

Also, this is frighteningly reminiscent of Her, whose central character’s job is writing cards for people too busy to write cards.
link to this

Why I’ve started using an adblocker » Three Dot Lounge

Chuq von Rospach:

The problem for me is not actually the ads. I understand sites need to pay the bills and that advertising is how many sites do that. But so many of the ads today have gotten so aggressive about hiding content from me or blaring unrelated crap into my eyes or in my ears that I have finally had it.

Beyond that, an even bigger problem for me is that more and more networks are using these advertising inclusions to install trackers and beacons to watch me as I wander around the net, and these trackers and beacons are in almost all cases things I have no way to opt out of, have never agreed to use and cannot see what’s being collected and sold about me along the way.

That is why I have finally installed an ad blocker. The ads are in many cases intrusive and annoying, but the growing trend of tracking without my permission and without any way to opt out of the tracking is abusive of me, my privacy and my online experience. And because of that, I’m now blocking the trackers and beacons that do this, and as a side effect the ads have gone away as well. This may hurt the sites that depends on the advertising, and I’m sort of sorry for that — but they are also the sites that have allowed these networks to install these tracker systems onto them, and so they are indirectly complicit in that way.

I don’t see this ending well for small or medium sites reliant on ads; the word about adblocking is going to spread relentlessly, and if it makes sites more pleasant to read then it’s going to snowball. Large sites may be able to shrug off the lure of the crud ads. Smaller ones won’t; you’re already seeing (elsewhere) the effects of the race to the bottom.
link to this

Spotify’s swallowing your disk space – and you can’t stop it » Expert Reviews

Barry Collins:

The streaming service stores a local cache of music on users’ PCs, normally containing their most recently played tracks or music they’ve requested to be stored offline (a feature only available to Premium subscribers).

An update to Spotify earlier this year removed the option to determine where this cache was stored and to limit its size, leaving users who run the software on laptops or tablets with limited capacity SSDs fuming. “I’ve unsubbed yesterday because of this,” wrote one user on the Spotify forums. “I can’t believe how incompetent your software engineers or whoever thought of this idea to take away KEY functionaliites like cache variability and installation paths.”

“Like everyone, I have an SSD as my primary drive and [it] has a very limited space in it,” writes another customer. “With all my music save [sic] offline, Spotify is eating up almost 30% of my SSD space without my knowledge!”

An update to Spotify last week returned the feature that allowed people to select an external drive as the location for the cache. But the option to limit the size of the cache remains missing in action.

Slightly wonkish, but one to properly annoy the wonks.
link to this

Artist arrested on suspicion of ‘abstracting electricity’ to charge iPhone on London Overground train » London Evening Standard

Tom Marshall and Laura Proto:

An artist has criticised transport police after he was arrested for using a plug on a London Overground train to charge his iPhone.

Robin Lee was handcuffed and put into a police van after using the power socket on a train from Hackney Wick to Camden Road on Friday, July 10.

The 45-year-old, who lives in Islington, said the whole episode was “ridiculous” and was first confronted on the train by a police community support officer who said he was taking the electricity illegally.

He was arrested on the platform after getting off at Camden Road. “She said I’m abstracting electricity,” he said. “She kept saying it’s a crime. We were just coming into the station, and there happened to be about four police officers on the platform. She called to them and said ‘This guy’s been abstracting electricity, he needs to be arrested’.”

The plugs say “Cleaners’ use only”. Maybe he should have said he was a cleaner. (He was arrested, and then “de-arrested”.)
link to this

Middle East and Africa smartphone market to top 155m units in 2015 as sub-$200 segment surges » IDC

Featurephone sales fell 20%, smartphone sales grew 66% to hit 36m, or 63% of total regional phone shipments in Q1, driven by cheap Android phones:

almost half of all the smartphones shipped across Africa (45.1%) in Q1 2015 were priced below $100, while almost 75% fall under $200. Low-priced smartphones are also having a considerable impact in the Middle East, with the $100–200 price band accounting for the market’s biggest share. 

“This price bracket seems to be the sweet point for most vendors launching in the region, as well as for established vendors looking to increase their shares by targeting the lower end of the market,” says Nabila Popal, research manager for IDC’s Mobile Phone Tracker in the Middle East, Africa, and Turkey. “This has resulted in phones priced under $200 accounting for about 36% of the Middle East smartphone market, while at the other end of the spectrum the $450+ price band has seen its share fall from 25% in Africa and 48% in the Middle East a year ago, to 14% and 34% today.”

Nigeria and South Africa contributed significantly to the overall growth seen in Africa, with the countries experiencing year-on-year growth of 135% and 56%, respectively. Nigeria accounted for 14% of all smartphone shipments across the continent during Q1 2015, while South Africa was responsible for 12%.  Samsung, Tecno, and Apple were the leading smartphone vendors in Africa during the quarter, with Huawei being ousted from the top three. The three leading vendors accounted for a combined 55% share of Africa’s smartphone shipments in Q1 2015.

Losers in this: BlackBerry (hit by BYOD) and Microsoft (both the Nokia and Lumia models).
link to this

Nintendo president Satoru Iwata dies of cancer » FT.com

Leo Lewis makes an important point:

however dismally its successor has fared, the original Wii console, released in 2006 as the defining management feat of Mr Iwata, was revolutionary.

Even as Nintendo’s celebrated games designer, Shigeru Miyamoto, was receiving the plaudits for the Wii’s groundbreaking controllers and gameplay, the management hand of Mr Iwata was evident.

Three titles of which Mr Iwata was executive producer — Wii Sports, Wii Fit and Wii Play — were games that sold more than 130m units between them and changed not only the physical way that games were played, but the demographic universe of gaming.

In the global list of best selling video games, Nintendo reigns supreme. Of the top 40 games that have sold or been downloaded more than 15m times, 12 were released under the presidency of Mr Iwata.

One has to hope Nintendo had a really solid succession plan in place.
link to this

Satoru Iwata was Nintendo » The Verge

Sam Byford on Nintendo’s chief executive, a skilled programmer who has died of cancer at 55:

everything Iwata did was driven by an unshakeable belief in what Nintendo is and what it stands for. Nintendo is sometimes late to certain parties, but when it does do things that people have long clamored for, like mobile games or an online service, it does so on its own terms. Iwata passionately stood against the devaluation of games, for example, which is why you won’t see ports of existing Nintendo titles on phones. And his forward-thinking perspective extended to how he ran the company on an operational level. “If we reduce the number of employees for better short-term financial results, employee morale will decrease,” he told an investor who was calling for heads to roll in 2013. “I sincerely doubt employees who fear that they may be laid off will be able to develop software titles that could impress people around the world.” The exchange sums up Iwata’s leadership — empathetic on a human level, yet grounded in a firm perspective that it was the right thing to do for business…

…”Trust your passion, believe in your dream,” Iwata said in an inspiring speech at the 2011 Game Developers Conference. “For 25 years, game developers have made the impossible possible. So I ask you, why would we stop now?”

link to this

Facebook’s security chief calls for Adobe Flash to be killed off » HOTforSecurity

Graham Cluley:

Amongst those who would be happy to see the back of Adobe Flash is Alex Stamos, Facebook’s newly-appointed security chief.

In a tweet this weekend, Stamos – who is a respected member of the security community who is credited for improving the security stance of Yahoo at his previous job – said that it was time for Adobe to announce when Flash would be killed off, and for browsers to assist by dropping support at the same time.

“It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.”

In a followup tweet, Stamos said that Adobe’s death date didn’t have to be today or tomorrow – but a date had to be set in stone for systems to be made more secure:

“Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once.”

Yup. Stake through the heart. Only way.
link to this

Apple’s share of smartphone industry’s profits soars to 92% » WSJ

Shira Ovide and Daisuke Wakabayashi, quoting a Canaccord Genuity report:

One key to Apple’s profit dominance: higher prices. Apple’s iPhone last year sold for a global average of $624, compared with $185 for smartphones running Android, according to Strategy Analytics. In its fiscal quarter ended March 28, Apple sold 43% more iPhones than a year earlier, at a higher price. The average iPhone price in the quarter rose by more than $60 to $659, on the strength of the larger-screen iPhone 6 and 6 Plus models.

As the smartphone market matures and growth slows, it is starting to resemble the personal-computer business in some ways. Average PC prices have plunged, and most manufacturers struggle to eke out profits. But Apple captured more than half of industry profits last year, even though its Mac line accounted for only about six of every 100 computers sold, according to Bernstein Research.

Despite the changing leader boards of the past decade, some industry veterans say Apple’s profit crown looks more secure.

“The dominance of Apple is something that is very hard to overcome,” said Denny Strigl, former chief operating officer of Verizon Communications Inc. “Apple has to stumble somehow or another, and I don’t think that’s going to happen.”

That’s pretty much how I showed it in my latest examination of the PC industry. However, that “92%” figure is misleading; the negative amounts by Microsoft, BlackBerry and others shouldn’t really be included. Otherwise, with Microsoft’s giant $7bn+ writedown on Nokia negating all Samsung’s profit and a chunk of Apple’s, you’ll have a situation in Q2 where Apple makes 150% of industry profits. Clearly not realistic.
link to this

Start up: Windows Phone hits the buffers, more Flash woes, do Google ads discriminate?, and more

Posted on by
Reply


If there’s a stream and nobody listens… hang on. Photo by jjjj56cp on Flickr.

A selection of 9 links for you. They flip, they bend, they twirl away. I’m charlesarthur on Twitter. Observations and links welcome.

Zero-day Flash player exploit disclosed in ‘Hacking Team’ data dump » The Hacker News

Swati Khandelwal:

While analyzing the leaked data dump, researchers discovered at least three software exploits – two for Adobe Flash Player and one for Microsoft’s Windows kernel.
Out of two, one of the Flash Player vulnerabilities, known as Use-after-free vulnerability with CVE-2015-0349, has already been patched.

However, the Hacking Team described the other Flash Player exploit, which is a zero-day exploit with no CVE number yet, as “the most beautiful Flash bug for the last four years.”
Symantec has also confirmed the existence of the zero-day flaw in Adobe Flash that could allow hackers to remotely execute code on a targeted computer, actually allowing them to take full control of it.

Researchers found a Flash zero-day proof-of-concept (POC) exploit code that, after testing, successfully worked on the most latest, fully patched version of Adobe Flash (version 18.0.0.194) with Internet Explorer.

Successful exploitation of the zero-day Flash vulnerability could cause a system crash, potentially allowing a hacker to take complete control of the affected computer.

Flash depresses me. I removed it from my machine some time ago; it’s basically a malware vector whose functions can almost always be replaced with HTML5 by normal users. See below.

How to enable click-to-play plugins in every web browser » Hot-To Geek

Chris Hoffman:

Most web browsers load Flash and other plug-in content as soon as you open a web page. Enable “click-to-play” plug-ins and your browser will load a placeholder image instead — click it to actually download and view the content.

Click-to-play allows you to conserve download bandwidth, improve page load times, reduce CPU usage, and extend laptop battery life. This feature gained popularity with Flashblock for Firefox and is now built into modern browsers.

Do this, for the safety of your system.

Satya Nadella email to employees on sharpening business focus » Microsoft News Center

Phones. Today, we announced a fundamental restructuring of our phone business. As a result, the company will take an impairment charge of approximately $7.6bn related to assets associated with the acquisition of the Nokia Devices and Services business in addition to a restructuring charge of approximately $750m to $850m.

This isn’t actual lost money, but lost value of the business – a “goodwill” writedown. The phones aren’t any more or less profitable as a result.

I am committed to our first-party devices including phones. However, we need to focus our phone efforts in the near term while driving reinvention. We are moving from a strategy to grow a standalone phone business to a strategy to grow and create a vibrant Windows ecosystem that includes our first-party device family.

Translation: phones that don’t run Windows are not needed. Say goodbye to those Nokia featurephones (24.7m in Q1, likely fewer in Q2, probably zero by Q4).

In the near term, we will run a more effective phone portfolio, with better products and speed to market given the recently formed Windows and Devices Group. We plan to narrow our focus to three customer segments where we can make unique contributions and where we can differentiate through the combination of our hardware and software. We’ll bring business customers the best management, security and productivity experiences they need; value phone buyers the communications services they want; and Windows fans the flagship devices they’ll love.

Translation: cheap Lumias continue; will do a flagship. Business customers will get support on whichever platform.

In the longer term, Microsoft devices will spark innovation, create new categories and generate opportunity for the Windows ecosystem more broadly. Our reinvention will be centered on creating mobility of experiences across the entire device family including phones.

Translation: phones aren’t so important, are they?

September 2013: The deal that makes no sense » Stratechery

Ben Thompson, back in September 2013:

Early this morning Microsoft acquired Nokia for €3.79 billion (plus €1.65 billion for patents). It is a deal that makes no sense.

While industry observers love to pontificate about mergers and acquisitions, the reality is that most ideas are value-destroying. It is far better to form an alliance or partnership; most of the benefits, none of the costs.

A partnership similar, in fact, to the one formed just two years ago between Microsoft and Nokia.

From Microsoft’s perspective, that was a brilliant deal; Matt Drance characterized it as “Microsoft Buys Nokia for $0B,” and he wasn’t far off. The premier pre-iPhone phone maker, with what was even then one of the best supply chains, distribution networks, and brands in the world would be exclusively devoted to Windows Phone.

There is nothing further to be gained by an acquisition.

Actually, turned out to have negative value, financially speaking. (The whole post is very well worth re-reading in hindsight.)

Two-Factor authentication » Apple Developer

Is going to be built in to iOS 9 and OSX 10.11 (aka “El Capitan”):

Whenever you sign in with your Apple ID on a new device or browser, you will verify your identity by entering your password plus a six-digit verification code. The verification code will be displayed automatically on any Apple devices you are already signed in to that are running iOS 9 or OS X El Capitan. Just enter the code to complete sign in. If you don’t have an Apple device handy, you can receive the code on your phone via a text message or phone call instead.

Once signed in, you won’t be prompted for a verification code again on that device unless you erase your device, remove it from your device list, or need to change your password for security reasons. When signing in on the web, you can choose to trust your browser so you won’t be prompted for a verification code the next time you sign in from that computer.

The problem with 2FA is always “what if I lose my phone?” Google gets around this by letting you have printed codes that act as verification numbers; it’s a good idea that Apple might do well to take up.

But this looks a lot better than the version used at present in iCloud.

Study suggests Google’s ad-targeting system may discriminate » MIT Technology Review

Tom Simonite:

Researchers from Carnegie Mellon University and the International Computer Science Institute built a tool called AdFisher to probe the targeting of ads served up by Google on third-party websites. They found that fake Web users believed by Google to be male job seekers were much more likely than equivalent female job seekers to be shown a pair of ads for high-paying executive jobs when they later visited a news website.

AdFisher also showed that a Google transparency tool called “ads settings,” which lets you view and edit the “interests” the company has inferred for you, does not always reflect potentially sensitive information being used to target you. Browsing sites aimed at people with substance abuse problems, for example, triggered a rash of ads for rehab programs, but there was no change to Google’s transparency page.

What exactly caused those specific patterns is unclear, because Google’s ad-serving system is very complex. Google uses its data to target ads, but ad buyers can make some decisions about demographics of interest and can also use their own data sources on people’s online activity to do additional targeting for certain kinds of ads. Nor do the examples breach any specific privacy rules—although Google policy forbids targeting on the basis of “health conditions.” Still, says Anupam Datta, an associate professor at Carnegie Mellon University who helped develop AdFisher, they show the need for tools that uncover how online ad companies differentiate between people.

Google didn’t respond to the researchers’ requests. But, oddly, it changed the language on that transparency page. This is the AdFisher study

Apple Music and the listener-to-buyer ratio » Music Industry Blog

Mark Mulligan on the maths of streaming v buying:

What quickly becomes apparent is that the most viable route to ensuring Apple Music streaming revenue offsets the impact of lost iTunes sales revenue is as big an installed base of streaming users as possible. The more Apple Music users there are, the more likely more of them will find and listen to your music. This is why the scale argument so is so important for streaming and also why small labels feel the effect less quickly. If you have a vast catalogue you don’t need to worry too much about the listener-to-buyer ratio because you have so many tracks that you are a much bigger target to hit. The laws of probability mean that most users are going to listen to some of your catalogue.

Let’s say you are a big major with 1 million tracks out of the 5 million tracks that get played to any meaningful degree in streaming services. That gives you a 20% market share. But if you are an independent with 50,000 tracks that gives you 1%, 20 times less than the major. Which means that you are 20 times less likely to have your music listened to. And that is without even considering the biases that work in favour of the majors such as dominating charts and playlists, and other key discovery points.

YouTube gaming star PewDiePie ‘earned $7m in 2014’ » BBC News

YouTube continues to be a profitable enterprise for its top tier stars, who earn money from advertisements placed around their videos.

The site’s terms and conditions forbid creators from disclosing how much they earn, but on Monday gamer Olajide Olatunji, known as KSI, told the newspaper Metro he had earned enough money to buy his parents a house.

Although some stars supplement their income with product placement deals, [Felix] Kjellberg [aka PewdiePie] says he does not do very many.

“I make more than I need from YouTube,” he wrote on Reddit. “With that freedom, but also to respect my fans for making that possible, I don’t end up doing many endorsements.”

[Ian] Maude [of Enders Analysis] has a word of caution for anybody eyeing up YouTube with dreams of becoming a millionaire.

“As with many things, a few people at the top do exceptionally well but there’s a long tail of people who don’t make any money at all,” he said.

Why can’t they disclose how much they earn?

Apple Watch sales plunge 90% » MarketWatch

Brett Arends:

two-thirds of the watches sold so far have been the lower-profit “Sport” version, whose price starts at $349, according to Slice, rather than the costlier and more advanced models that start at $549.

In an ambitious bid for the luxury market, Apple also unveiled a gold “Edition” model priced at $10,000 or more. So far, fewer than 2,000 of them have been sold in the U.S., Slice contends.

Slice bases its research on electronic receipts sent to millions of email addresses following purchases. The company conducts market research on behalf of consumer-goods companies, among others, many of them in the Fortune 500.

Wall Street has been desperately trying to work out how well the new watch has been selling, but Apple has been refusing to say. The company, which in the past has updated Wall Street on the sales of new products soon after the launch, has yet to release any numbers about the watch.

Those Edition watches will have made a ton of profit. But apparently the fall in sales is “ominous”. Seems like about 3m sold in the US in the quarter. That’s about four times the number of Android Wear devices sold in seven months or so from multiple manufacturers at lower prices worldwide last year. Ominous.

Start up: Apple’s hacker flaw, Downing St’s FOI oddity, machines that parse art, and more

Posted on by
Reply


“You mean all we need to do to defeat him is adopt HTML5? Why didn’t you say?” Photo by Tom Simpson on Flickr.

A selection of 8 links for you. Uninflammable. I’m charlesarthur on Twitter. Observations and links welcome.

Encryption “would not have helped” at OPM, says DHS official » Ars Technica

Sean Gallagher:

pressed on why systems had not been protected with encryption prior to the recent discovery of an intrusion that gave attackers access to sensitive data on millions of government employees and government contractors, [US Office of Personnel Management Katherine Archuleta] said, “It is not feasible to implement on networks that are too old.” She added that the agency is now working to encrypt data within its networks.

But even if the systems had been encrypted, it likely wouldn’t have mattered. Department of Homeland Security Assistant Secretary for Cybersecurity Dr. Andy Ozment testified that encryption would “not have helped in this case” because the attackers had gained valid user credentials to the systems that they attacked—likely through social engineering. And because of the lack of multifactor authentication on these systems, the attackers would have been able to use those credentials at will to access systems from within and potentially even from outside the network…

…nearly every question of substance about the breach—which systems were affected, how many individuals’ data was exposed, what type of data was accessed, and the potential security implications of that data—was deferred by Archuleta on the grounds that the information was classified. What wasn’t classified was OPM’s horrible track record on security, which dates back at least to the George W. Bush administration—if not further.

Serious OS X and iOS flaws let hackers steal keychain, 1Password contents » Ars Technica

Dan Goodin:

The malicious proof-of-concept apps were approved by the Apple Store, which requires all qualifying submissions to treat every other app as untrusted. Despite the supposed vetting by Apple engineers, the researchers’ apps were able to bypass sandboxing protections that are supposed to prevent one app from accessing the credentials, contacts, and other resources belonging to another app. Like Linux, Android, Windows, and most other mainstream OSes, OS X and iOS strictly limit app access for the purpose of protecting them against malware. The success of the researchers’ cross-app resource access—or XARA—attacks, raises troubling doubts about those assurances on the widely used Apple platforms.

“The consequences are dire,” they wrote in a research paper titled Unauthorized Cross-App Resource Access on MAC OS X and iOS. “For example, on the latest Mac OS X 10.10.3, our sandboxed app successfully retrieved from the system’s keychain the passwords and secret tokens of iCloud, email and all kinds of social networks stored there by the system app Internet Accounts, and bank and Gmail passwords from Google Chrome.”…

…It’s not the first time researchers have found flaws in application sandboxes. The attack exploiting WebSocket weaknesses, for instance, can also succeed in Windows under certain conditions, the researchers said. Interestingly, they said application sandboxing in Google’s Android OS was much better at withstanding XARA threats.

For the time being, the researchers told Ars, there isn’t much end users can do except wait for Apple to fix the vulnerabilities.

Bad (though not deluge-of-malware bad; instead it’s sneaky-Trojan bad). Apple was told about this in October 2014. The best hope is that this is fixed in OS X 10.11 and iOS 9, but there’s no clear indication of how hard it is to fix.

Freedom of information turns into Mission Impossible for Downing St emails » FT.com

Jim Pickard and Kiran Stacey:

Emails sent from computers in Downing Street are automatically deleted within three months under a system that makes it harder for the public to obtain answers to “freedom of information” requests, former staff have disclosed.

The system, instigated a decade ago but not widely known about, means that messages are only held beyond that period if an individual saves them. It is widely blamed by government advisers for what one former employee called a sometimes “dysfunctional” operation at the heart of Whitehall.

The email system was introduced under the Labour government in late 2004, just weeks before January 2005 when the Freedom of Information Act belatedly came into force.

“The timing of this very strongly indicates that it was not a coincidence,” said Maurice Frankel, director of the UK Campaign for Freedom of Information.

Gee, ya think?

China and Russia almost definitely have the Snowden docs » WIRED

Bruce Schneier (who is a veritable security expert; if he says it, it’s true):

The vulnerability is not Snowden; it’s everyone who has access to the files.

First, the journalists working with the documents. I’ve handled some of the Snowden documents myself, and even though I’m a paranoid cryptographer, I know how difficult it is to maintain perfect security. It’s been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it’s almost certainly not enough to keep out the world’s intelligence services…

…In general, it’s far easier to attack a network than it is to defend the same network. This isn’t a statement about willpower or budget; it’s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game.

Even airgapped, never-connected computers can be attacked (don’t ask me how). The Guardian took extraordinary pains with its London copy: two people needed to enter passwords, at least two people needed to be present when documents were read, the computers used had never been online and had no connection.

But a simpler thought is this: if Snowden was one of 10,000 or so NSA staff with access to that data (and more in the UK), what are the chances that absolutely none of those has somehow been coerced or willingly turned over data to foreign powers? Pretty much zero.

Flash will soon be obsolete: it’s time for agencies to adapt » Advertising Age

David Evans on the fact that major browsers on desktop are hurrying to dump Flash:

If this sounds like a big problem to you, you’re absolutely right. If the major browsers were to disable Flash immediately, we could be looking at a scenario where roughly 84% of banners across the internet would not be viewable on desktop browsers. Rather than clicking on a visually dynamic, animated ad created to capture attention with movement and video, users would instead see a static banner in place of the intended ad, and most advertising creatives don’t pay much attention to the creation of static backups.

For advertisers, this could mean shelling out first-class money for economy-class impressions.
Though it might be painful to admit for an industry that has relied on Flash for over a decade, the right choice is to start creating desktop ads in the HTML5 language used to create ads for mobile.

This is a bit obvious to anyone who’s been paying attention for the past three years (minimum), but perhaps advertising has been looking somewhere else.

Market Monitor Q1 2015: LATAM smartphones grow 25% annually » Counterpoint Technology

Tina Lu:

LATAM is third, behind North America and Europe in the global ranking of smartphone shipment penetration.

• Except for Peru, majority of the key LATAM markets are seeing a significantly higher smartphone demand, with shipment penetration of total handsets between 77% and 99%.

• Overall feature phone demand has been declining, and so has been the overall scale and profitability of manufacturing and selling them. As a result, in countries like Argentina, due to government protectionist measures and import restrictions, vendors are manufacturing and selling only the more profitable smartphones. This has led to smartphone shipment penetration of sales to reach 99%; the highest in the region.

Here’s the shipment figure: Latam smartphone shipments Q1 2015

If you do the maths, on a 25% yoy growth both Samsung’s and LG’s shipments actually fell; Apple’s more than doubled. Alcatel and “Others” both grew faster than the market.

Apple’s Siri, Spotlight extend Google-like search inside iOS 9 apps, without tracking users » Apple Insider

Daniel Eran Dilger:

Because Apple is indexing in-app content for its search results, it can more easily suppress “Search Engine Optimization” malicious content or link spamming, as relevancy is tied to user engagement. If few users find a search result worthwhile, it can fade from relevance.

Many of the new search-related features Apple debuted for iOS 9 and OS X El Capitan bear a strong resemblance to some of predictive search features first introduced by Google starting back in 2012 as part of Android 4.1, branded as “Google Now.”

Since then, Google has introduced “app indexing,” a related feature designed to make the company’s web-style search more relevant to mobile users by delivering results that can open within local apps. For example, a recipe might open within a cookbook app, rather than just presenting the same information on a web page or dumping users into the app to find the recipe on their own.

The most profound difference between the two companies’ approach to in-app search is that Apple does not monetize its search with ads, and therefore has no need to capture and store users’ data and behaviors for future profiling, tied to a persistent user and device identifier that individuals can’t easily remove.

Apple is perhaps two years behind Google on this – but most people are using a version of Android that is at least two years old (87% are using 4.4, KitKat, from November 2013, or earlier). Which means that by November or so, Apple will roughly have parity on this feature.

Machine vision algorithm chooses the most creative paintings in history » MIT Technology Review

The job of distinguishing the most creative from the others falls to art historians. And it is no easy task. It requires, at the very least, an encyclopedic knowledge of the history of art. The historian must then spot novel features and be able to recognize similar features in future paintings to determine their influence.

Those are tricky tasks for a human and until recently, it would have been unimaginable that a computer could take them on. But today that changes thanks to the work of Ahmed Elgammal and Babak Saleh at Rutgers University in New Jersey, who say they have a machine that can do just this.

machine vision view of art

They’ve put it to work on a database of some 62,000 pictures of fine art paintings to determine those that are the most creative in history. The results provide a new way to explore the history of art and the role that creativity has played in it.

Can’t be long before someone puts a human art historian up against the machine to see who spots the fake. (By the way, there was no byline I could find on the story. Maybe a robot wrote it.)