Tag Archives: hacking

Start up: the Foodpanda takeaway scam, watch iOS 9 grow!, 2 billion lines of Google, and more

Posted on by
Reply


“Hi! You look like you want an (artificially) intelligent conversation!” Photo by RomitaGirl67 on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. May cause. I’m charlesarthur on Twitter. Observations and links welcome.

Mixpanel Trends » Mixpanel Mobile Analytics

The link is to the iOS 9 adoption curve from Mixpanel; it’s live, so when you click through it’ll be the latest figures. At the time of writing, three hours after iOS 9 went live, its adoption was at 3.2%, against 7.2% for “older than iOS 8” and 89.6% for iOS 8. (Apple’s own stats on September 14 were 87% iOS 8, 11% iOS 7, 2% earlier.)
link to this extract

The trouble with Foodpanda » Livemint

Ashish Mishra with a terrific tale of a much-funded startup which didn’t quite figure out that not everyone is honest:

Let’s say you are a restaurant. Now, place 10 orders using 10 names or even the same name, each for Rs.300. Every order is a takeaway. Pay online using the BOGO voucher, a campaign (Buy One Get One) run by Foodpanda. So for Rs.300, get Rs.300 free. So for a Rs.600 order, you paid only Rs.300. How much does Foodpanda have to return to you, the restaurant? Rs.600. After deducting 12% as its cut, Rs.528. How much did you make in the process? Rs.228 . Did you have to deliver that order? Nope. So, a straight profit of Rs.228.

Now, let’s say you processed 100 such orders a day. For a month. Total investment: Rs.9 lakh. Reimbursed by Foodpanda: Rs.15.84 lakh. Your total gain, by just processing fake orders: Rs.6.84 lakh.

Now imagine you are not the only restaurant on the platform doing this.

link to this extract

Issue 178139 – android – Android full lockscreen bypass – 5.1.1 PoC » Android Open Source Project

John Gordon at the University of Texas at Austin:

Android 5.1.1 Lockscreen Bypass
—–
Summary: Unlock a locked device to access the homescreen, run arbitrary applications, and enable full adb access to the device. This includes access to encrypted user data on encrypted devices.
Prerequisites: Must have a password lockscreen enabled. (PIN / swipe untested)
Hardware: Nexus 4
Software: Google factory image – occam 5.1.1 (LMY47V)

Attack details:
Pasting a sufficiently large string into an input field will cause portions of the lockscreen to become unresponsive and allow the user to terminate those processes. An attacker can construct a large string by typing characters into the Emergency Dialer, then select all + copy + paste repeatedly to increase the string size exponentially. Once the string has been pasted, either into the Emergency Dialer or the lockscreen password prompt, attempting to type more characters or performing other intaractions quickly and repeatedly causes the process to become overloaded and crash, or produce a dialog allowing the user to kill the process. If done in a password prompt in the foreground of the camera application, this crash results in the homescreen or Settings applcation being exposed.

PIN/swipe is untested, rather than safe (as far as we can see). This seems to be pretty hard to do – the video is 18 minutes long, involving lots of copy/pasting. It’s not really a giant flaw like Stagefright; and Apple has had some egregious lockscreen bypasses in the past. (Though none in iOS 8 that I’ve seen.) The problem though is that this doesn’t help Android’s reputation among businesses considering whether to buy it. It’s not the exploit; it’s the suggestion of vulnerability.
link to this extract

Popping the publishing bubble » Stratechery

Ben Thompson, in his weekly “free to view” article, says that iOS 9’s adblockers are just going to finish what was already happening:

It is easy to feel sorry for publishers: before the Internet most were swimming in money, and for the first few years online it looked like online publications with lower costs of production would be profitable as well. The problem, though, was the assumption that advertising money would always be there, resulting in a “build it and they will come” mentality that focused almost exclusively on content product and far too little on sustainable business models.

In fact, publishers going forward need to have the exact opposite attitude of publishers in the past: instead of focusing on journalism and getting the business model for free, publishers need to start with a sustainable business model and focus on journalism that works hand-in-hand with the business model they have chosen. First and foremost that means publishers need to answer the most fundamental question required of any enterprise: are they a niche or scale business?

• Niche businesses make money by maximizing revenue per user on a (relatively) small user base
• Scale businesses make money by maximizing the number of users they reach
The truth is most publications are trying to do a little bit of everything: gain more revenue per user here, reach more users over there.

Worth it for the illustrations. You should subscribe so he can afford an iPad Pro and a stylus.
link to this extract

Google is 2 billion lines of code — and it’s all in one place » WIRED

Cade Metz:

Google has built its own “version control system” for juggling all this code. The system is called Piper, and it runs across the vast online infrastructure Google has built to run all its online services. According to [Google’s head of… big stuff? Rachel] Potvin, the system spans 10 different Google data centers.

It’s not just that all 2 billion lines of code sit inside a single system available to just about every engineer inside the company. It’s that this system gives Google engineers an unusual freedom to use and combine code from across myriad projects. “When you start a new project,” Potvin tells WIRED, “you have a wealth of libraries already available to you. Almost everything has already been done.” What’s more, engineers can make a single code change and instantly deploy it across all Google services. In updating one thing, they can update everything.

There are limitations this system. Potvin says certain highly sensitive code—stuff akin to the Google’s PageRank search algorithm—resides in separate repositories only available to specific employees. And because they don’t run on the ‘net and are very different things, Google stores code for its two device operating systems — Android and Chrome — on separate version control systems. But for the most part, Google code is a monolith that allows for the free flow of software building blocks, ideas, and solutions.

The point about Android and Chrome being on separate version control systems is one to note. Can’t merge the code until those two come together.
link to this extract

IPv6 will get a big boost from iOS 9, Facebook says » Computerworld

Stephen Lawson:

Even when all the pieces are in place for IPv6, iOS 8 makes an IPv6 connection only about half the time or less because of the way it treats the new protocol. With iOS 9, and IPv6 connection will happen 99% of the time, Saab predicts. 

IPv4 is running out of unused Internet addresses, while IPv6 is expected to have more than enough for all uses long into the future. Adoption has been slow since its completion in 1998 but is starting to accelerate. The release of iOS 9 may give a big boost to that trend. 

“Immediately, starting on the 16th, I’m expecting to see a lot more v6 traffic show up,” said Samir Vaidya, director of device technology at Verizon Wireless. About 50% of Verizon Wireless traffic uses IPv6, and Vaidya thinks it may be 70% by this time next year as subscribers flock to the iPhone 6s. 

Apple’s change should help drive more IPv6 use on Comcast’s network, too. About 25% of its traffic uses the new protocol now, and that figure could rise above 50% by early next year, said John Brzozowski, Comcast Cable’s chief IPv6 architect. 

This is the point, again and again. Android has the installed base; but iOS adoption is so rapid that it can drive change almost immediately.
link to this extract

Barbie wants to get to know your child » The New York Times

James Vlahos:

Hello Barbie is by far the most advanced to date in a new generation of A.I. toys whose makers share the aspiration of Geppetto: to persuade children that their toys are alive — or, at any rate, are something more than inanimate. At Ariana’s product-testing session, which took place in May at Mattel’s Imagination Center in El Segundo, Calif., near Los Angeles, Barbie asked her whether she would like to do randomly selected jobs, like being a scuba instructor or a hot-air-balloon pilot. Then they played a goofy chef game, in which Ariana told a mixed-up Barbie which ingredients went with which recipes — pepperoni with the pizza, marshmallows with the s’mores. ‘‘It’s really fun to cook with you,’’ Ariana said.

At one point, Barbie’s voice got serious. ‘‘I was wondering if I could get your advice on something,’’ Barbie asked. The doll explained that she and her friend Teresa had argued and weren’t speaking. ‘‘I really miss her, but I don’t know what to say to her now,’’ Barbie said. ‘‘What should I do?’’

‘‘Say ‘I’m sorry,’ ’’ Ariana replied.

‘‘You’re right. I should apologize,’’ Barbie said. ‘‘I’m not mad anymore. I just want to be friends again.’’

We now return you to our regular scheduled programming of “Philip K Dick short stories brought to life.” Take your pick: War Game, Second Variety or The Days of Perky Pat?
link to this extract

One great reason to update to iOS 9 – a nasty silent AirDrop attack is in town » Forbes

Australian researcher Mark Dowd, who heads up Azimuth Security, told FORBES ahead of Apple’s iOS 9 release on Wednesday that the flaw allowed anyone within range of an AirDrop user to install malware on a target device and tweak iOS settings so the exploit would still work if the victim rejected an incoming AirDrop file, as seen in the video below.

Users should update to iOS 9 and Mac OS X El Capitan, version 10.11, as soon as possible to avoid losing control of their phones and PCs to malware. Any iOS versions that support AirDrop, from iOS 7 onwards, are affected, as are Mac OS X versions from Yosemite onwards. There are few protections outside of upgrading, other than turning AirDrop off altogether. The service is off by default, though it’s possible to start it running from the lockscreen.

By carrying out what’s known as a “directory traversal attack”, where a hacker enters sections of the operating system they should not be able to access, Dowd found it was possible to exploit AirDrop and then alter configuration files to ensure iOS would accept any software signed with an Apple enterprise certificate. Those certificates are typically used by businesses to install software not hosted in the App Store and are supposed to guarantee trust in the provenance of the application. But, as FORBES found in a recent investigation into the Chinese iPhone jailbreaking industry, they’re often used to bypass Apple security protections.

I dunno, getting AirDrop to work is usually the biggest challenge I face. (The mitigation is pretty easy on any version – turn off Wi-Fi or Bluetooth, or turn Airdrop to accept files from Contacts Only or off; this leaves Wi-Fi and Bluetooth untouched.)
link to this extract

Google taken to court to uncloak ebook pirates » TorrentFreak

Early June, GAU [the Dutch trade organisation representing dozens of book publishers in the Netherlands] reported that Google appeared to be taking steps to prevent rogue sellers from offering illegal content via its Play store. The group also noted that BREIN was attempting to obtain the personal details of the ‘pirate’ seller from Google.

Unsurprisingly that wasn’t a straightforward exercise, with Google refusing to hand over the personal details of its user on a voluntary basis. If BREIN really wanted the seller’s identity it would have to obtain it via a court order. Yesterday the anti-piracy group began the process to do just that.

Appearing before the Court of The Hague, BREIN presented its case, arguing that the rogue seller was not merely a user of Google, but actually a commercial partner of Google Play, a partnership that earned revenue for both parties.

“The case is clear,” BREIN said in a statement.

“There was infringement carried out by an anonymous seller that was actually a commercial ‘partner’ of Google via Google Play. This is how Google refers to sellers in its own terms of use.”

BREIN says that ultimately Google is responsible for the unauthorized distribution and sales carried out via its service.

“There is no right to anonymously sell illegal stuff, not even on Google Play while Google earns money,” the anti-piracy group concludes.

In the UK I think this would be a fairly straightforward “Norwich Pharmacal” case. Wonder if Holland has anything comparable.
link to this extract

Start up: hacked ATMs in Mexico, Cyanogen + Cortana, iPhone forecasts, Apple TV v consoles, and more

Posted on by
1


Content blockers are days away from going live with iOS 9. Photo by Dave Lanovaz on Flickr.

A selection of 10 links for you. Wash at 40 degrees. I’m charlesarthur on Twitter. Observations and links welcome.

Should police have the right to take control of self-driving cars? » Techdirt

Karl Bode:

Just how much power should law enforcement have over your self-driving vehicle? Should law enforcement be able to stop a self-driving vehicle if you refuse to? That was a question buried recently in https://assets.documentcloud.org/documents/2388355/rand-rr928.pdf (pdf) which posits a number of theoretical situations in which law enforcement might find the need for some kind of automobile kill switch:

“The police officer directing traffic in the intersection could see the car barreling toward him and the occupant looking down at his smartphone. Officer Rodriguez gestured for the car to stop, and the self-driving vehicle rolled to a halt behind the crosswalk.

Commissioned by the National Institute of Justice, the RAND report is filled with benign theoreticals like this, and while it briefly discusses some of the obvious problems created by giving law enforcement (and by proxy intelligence agencies) this type of power over vehicle systems and data, it doesn’t offer many solutions.

That’s quite a question. Then again, would you try to make a getaway in an SDC?
link to this extract

Intelligent machines: Making AI work in the real world » BBC News

Eric Schmidt – you know, the Google guy – wrote a piece for the BBC’s machine learning week. Most of it is blah. Then there’s this bit:

In the next generation of software, machine learning won’t just be an add-on that improves performance a few percentage points; it will really replace traditional approaches.

To give just one example: a decade ago, to launch a digital music service, you probably would have enlisted a handful of elite tastemakers to pick the hottest new music.

Today, you’re much better off building a smart system that can learn from the real world – what actual listeners are most likely to like next – and help you predict who and where the next Adele might be.

As a bonus, it’s a much less elitist taste-making process – much more democratic – allowing everyone to discover the next big star through our own collective tastes and not through the individual preferences of a select few.

This is being taken as a dig at Apple Music with its human-curated lists. Well, sure, but the “radio” function in Apple Music isn’t human-curated. And music choice “democratic”? Isn’t that how it already works?
link to this extract

iOS dev: why Apple TV is game over for Xbox One and PS4 » Forbes

Dave Thier:

It’s hard to imagine an immediate threat to Microsoft MSFT -0.93% Xbox One and Sony PS4 running games like Halo and Uncharted. But I talked to Jeff Smith, CEO of the popular Karaoke app Smule , and a developer who’s been with the iOS platform since the beginning. He says that Xbox One and PS4 fans shouldn’t be too quick to dismiss the Apple TV as a serious gaming contender. The key, he says, is that Apple is a developer-friendly platform, and that means more content, and, as iOS has shown, more quality content as well.

“We think it’s significant if you consider the console market today: it’s been a market where there have been high barriers of entry to get into that market,” Smith says. “You have to get Sony and Microsoft or Nintendo to get you on to the platform, you have to have a custom deal, and they’re all proprietary platforms. With Apple bringing tvOS, which is a subset of iOS, onto a console-like platform, we think it lowers the barrier of entry. And I think you’ll see a lot more developers on the console market than ever before.”

Suitably overdone headline, but it’s certainly a mistake to dismiss the Apple TV out of hand. It has an install base of 25m, which isn’t much (the PS3 and Xbox 360 are at about 70m, the PS4 and Xbox One rather less so far), but the next version will attract a lot more people. And you don’t need to pay to put a game on iOS.
link to this extract

Tracking a Bluetooth skimmer gang in Mexico » Krebs on Security

Brian Krebs:

“–Sept. 9, 12:30 p.m. CT, Yucatan Peninsula, Mexico: Halfway down the southbound four-lane highway from Cancun to the ancient ruins in Tulum, traffic inexplicably slowed to a halt. There was some sort of checkpoint ahead by the Mexican Federal Police. I began to wonder whether it was a good idea to have brought along the ATM skimmer instead of leaving it in the hotel safe. If the cops searched my stuff, how could I explain having ultra-sophisticated Bluetooth ATM skimmer components in my backpack?”

The above paragraph is an excerpt that I pulled from the body of Part II in this series of articles and video essays stemming from a recent four-day trip to Mexico. During that trip, I found at least 19 different ATMs that all apparently had been hacked from the inside and retrofitted with tiny, sophisticated devices that store and transmit stolen card data and PINs wirelessly.

In June 2015, I heard from a source at an ATM firm who wanted advice and help in reaching out to the right people about what he described as an ongoing ATM fraud campaign of unprecedented sophistication, organization and breadth. Given my focus on ATM skimming technology and innovations, I was immediately interested.

Krebs gets up to some amazing jaunts.
link to this extract

Google found guilty of ‘abusing dominant market position’ in Russia » WSJ

Olga Razumovskaya and Alistair Barr:

Google has been found guilty in a rapid Russian antitrust probe, a spokesperson for the country’s antitrust regulator told The Wall Street Journal.

In February, Russia’s Federal Antimonopoly Service opened a probe into Google for alleged anticompetitive practices related to how the company bundles apps with its Android mobile operating system.

The company was found guilty of “abusing its dominant market position,” but not of “unfair competition practices,” the regulator told The Wall Street Journal.

The Russian agency will have 10 business days to issue its ruling on the case in full. “We haven’t yet received the ruling,“ Google’s Russia spokeswoman said. “When we do, we will study it and determine our next steps.”

Form an orderly queue behind the EC, Canada and the rest, please, Russia. Also, how do you have dominance abuse but not unfair competition?
link to this extract

Cortana on Cyanogen: CEO Kirt McMaster on building the next great smartphone OS » IB Times

David Gilbert:

Cyanogen has not announced any partnerships with hardware manufacturers beyond what is already on the market, but to really reach the masses, it will have to partner with a well-known name – and for companies like Sony, HTC and LG, all struggling to make Android work, Cyanogen could be an enticing option.

Of course, with Microsoft’s Lumia range failing to capture any significant market share since the company bought Nokia’s mobile phone division, it, too, could be on the lookout for something new.

While McMaster tells it like it is about Microsoft’s smartphone woes, he says Microsoft is still a great company and builds great services, one of which is going to be key in building the next version of Cyanogen – and that is Cortana.

Microsoft’s digital personal assistant has grown significantly since it began life on the company’s smartphones and this summer had its biggest update to date when it was deeply integrated into Windows 10 and Microsoft’s Edge browser.

McMaster revealed that Cyanogen is working with Microsoft to deeply integrate Cortana into the next version of Cyanogen OS. This is key to catapulting Cyanogen into the mass market, he asserts: Cortana is currently available as an app on Android, but in order for it to make a real difference, it needs to be able to be integrated at the OS level so that its full potential can be leveraged.

So how would that work in a phone running Google services? Wouldn’t Cortana and ‘OK Google’ fight like cats in a sack?
link to this extract

Next up: iPhone preorder sales data » BTIG Research

Walter Piecyk:

The focus of investors is squarely on the number of phones that can be sold over the next three and a half months. Our estimate is that it can sell 80 million units in the December quarter versus a consensus view that expects little to no growth this year. We believe 3D touch is a much bigger deal that many think and wrote about that and our hands-on experience with all of Apple’s new products. (Link). Of course the bigger issue is that 70% of existing iPhone users are carrying 5s or older models, of which the 6 and 6S models are big upgrades. As we have discussed in the past, the lower hurdles to upgrade those phones in the United States could be a key driver of sales.

Last year at this time Apple shipped 74.5m phones; only Samsung has previously shipped 80m or more smartphones in a quarter (which it’s done four times).

link to this extract

Hands on with three iOS 9 content blockers: 1Blocker, Blockr and Crystal » TechCrunch

Sarah Perez:

ahead of iOS 9’s release, a number of companies and indie developers have been building content blockers of their own and testing them out with iOS 9’s sizable group of beta testers.

While many consumers will likely gravitate toward AdBlock Plus because of their familiarity with the brand’s name and reputation, there will be a good handful of new apps on the horizon as well, which are also worth a look.

As she says, you can choose from super-twiddly, a bit twiddly, and simple. I’d bet that simple will actually be the one people pick.

Meanwhile…
link to this extract

Advertisers complain about format & approval obstacles with iOS 9’s News app » Apple Insider

Roger Fingas:

Although publishers like CNN, Time, and Vox are making most of their content available in the app, some are said to be planning to offer a few dozen stories a day at most. Standouts in that sense include companies that depend on paid subscription models, such as the New York Times and Wall Street Journal.

Some ad executives have complained that common tools like real-time placement bidding aren’t in place for the News launch, and that Apple is requiring 48 hours notice before approving a campaign. The company is also allegedly demanding that pre-roll ads before video segments get their own approval.

Apple is moreover refusing to support Google’s DoubleClick ad platform. Edward Kim, a member of the online marketing company SimpleReach, argued to the Post that Apple is attempting to use News to build up iAd. That platform has struggled to gain ground in a market dominated by Google — whereas Google ads can reach virtually any device, iAd is unusable in some key spaces, like Android.

“Real-time placement bidding” is what quickly leads to malware and “bounce you out to App Store install” ads.
link to this extract

Google reveals plans to increase production of self-driving cars » The Guardian

Mark Harris (who has done so much great original reporting on this topic):

[Sarah] Hunter [head of Google X] also shared new details about how the existing driverless prototypes work. “All [the car] has is a ‘go’ button, a ‘please slow down and stop’ button and a ‘stop pretty quickly’ button,” she said. “The intention is that the passenger gets in the vehicle, says into microphone, take me to Safeway, and the car does the entire journey.”

Advertisement

Google’s self-driving cars currently require highly detailed maps of the areas they’re operating in, with centimetre accuracy of road features like lanes, roundabouts and traffic lights. They are also limited to 25mph so that Google could get them on to public roads without expensive and time-consuming crash tests. Even more importantly, they need safety drivers able to take control back in an instant if the system malfunctions. California is slowly working on regulations that will pave the way for the operation of completely driverless vehicles by the public.

All of this means that Google is unlikely to move its self-driving technology into full production any time soon. “We haven’t decided yet how we’re going to bring this to market,” admitted Hunter. “Right now, our engineers are trying to figure out … how to make a car genuinely drive itself. Once we figure that out, we’ll figure out how to bring it to market and in which way. Is it something that we manufacture at scale for sale to individuals? Or is it something that we own and operate as a service?”

Is it a taxi, a bus or an owned device? Seems trivial; actually gets to the heart of what a “car” is.
link to this extract

Start up: Samsung Pay to win?, Apple on Siri/Photos privacy, mystery ministry mujahadeen hack, and more

Posted on by
Reply


Scanning the content is only half the battle. Photo by JonathanCohen on Flickr.

A selection of 12 links for you. Not valid in Montana. I’m charlesarthur on Twitter. Observations and links welcome.

Lockpickers 3D print TSA master luggage keys from leaked photos » WIRED

Andy Greenberg:

If you have sensitive keys—say, a set of master keys that can open locks you’ve asked millions of Americans to use—don’t post pictures of them on the Internet.

A group of lock-picking and security enthusiasts drove that lesson home Wednesday by publishing a set of CAD files to Github that anyone can use to 3-D print a precisely measured set of the TSA’s master keys for its “approved” locks—the ones the agency can open with its own keys during airport inspections. Within hours, at least one 3-D printer owner had already downloaded the files, printed one of the master keys, and published a video proving that it opened his TSA-approved luggage lock.

Those photos first began making the rounds online last month, after the Washington Post unwittingly published (and then quickly deleted) a photo of the master keys in an article about the “secret life” of baggage in the hands of the TSA. It was too late.

link to this extract

Samsung Pay: the mobile wallet winner? » Mobile Payments Today

Will Hernandez:

During a panel discussion about the current state of ATMs, bitcoin, and mobile wallets, ATM Industry Association CEO Mike Lee unapologetically threw his support behind Samsung Pay as the mobile wallet that will “win.”

Lee’s Samsung Pay endorsement can be boiled down to a single feature that is supposed to separate it from other mobile wallet providers: magnetic secure transmission technology support on the device itself. 

Samsung acquired the rights to the technology when it bought LoopPay earlier this year, and has since embedded it into Galaxy S6 and Galaxy S6 Edge smartphones. The devices still rely on NFC chips to enable users to conduct tap-and-pay transactions at contactless-enabled point-of-sale terminals. Should contactless be unavailable, MST can “communicate” with the magnetic stripe reader currently present on all terminals in the United States. Samsung Pay will sense which option is available and transact accordingly.

But whether MST is really that true game changer in the industry remains to be seen.

link to this extract

Apple addresses privacy questions about ‘Hey Siri’ and Live Photo features » TechCrunch

Matt Panzarino:

With ‘Hey Siri’, “In no case is the device recording what the user says or sending that information to Apple before the feature is triggered,” says Apple.

Instead, audio from the microphone is continuously compared against the model, or pattern, of your personal way of saying ‘Hey Siri’ that you recorded during setup of the feature. Hey Siri requires a match to both the ‘general’ Hey Siri model (how your iPhone thinks the words sound) and the ‘personalized’ model of how you say it. This is to prevent other people’s voices from triggering your phone’s Hey Siri feature by accident.

Until that match happens, no audio is ever sent off of your iPhone. All of that listening and processing happens locally.

Live Photos:

Because Live Photos record motion before your still image, they are continuously buffered beginning the moment you open your camera app and see the Live icon (orange circle) at the top of your screen. Apple says that this 1.5 second recording only happens when the camera is on, and this information is not permanently saved until you take a picture, period.

“Although the camera is “recording” while you’re in Live Photo mode, the device will not save the 1.5 seconds before until you press the camera button,” says Apple. “The pre-captured images are not saved to the user’s device nor are they sent off the device.”

The 1.5 seconds after the still capture are also recorded because you’ve tapped the camera button in live mode.

From what we’ve gleaned, Live Photos are a single 12-megapixel image and a paired motion format file, likely a .mov. They are presented together by iOS but are actually separate entities tied to one another.

link to this extract

With iOS 9, ‘Hey Siri’ gains a new setup process tailored to your voice » Apple Insider

“Appleinsider Staff”:

Setting up “Hey Siri” is a simple, five-step process where users must speak a number of commands. If the iPhone or iPad does not properly hear the user, they are instructed to speak again.

Users say the words “Hey Siri” three times, then “Hey Siri, how’s the weather today?” followed by “Hey Siri, it’s me.” Once this is completed, iOS 9 informs the user that “Hey Siri” is ready to use.

Previously, in iOS 8, “Hey Siri” was enabled without a setup process. On occasion, the voice-initiated function would not work properly and took multiple tries. Presumably Apple’s new setup process will address some of those issues from iOS 8.

Smart to personalise it, if that is what this is. I’ve had Siri go off while plugged in and the radio’s on: stories about Syria tend to be the cause. Not sure this will help any iPhone-owning newsreaders, though.
link to this extract

App Programming Guide for tvOS: On-Demand Resources » Apple Developer Documents

On-demand resources are app contents that are hosted on the App Store and are separate from the related app bundle that you download. They enable smaller app bundles, faster downloads, and richer app content. The app requests sets of on-demand resources, and the operating system manages downloading and storage. The app uses the resources, and then releases the request. After downloading, the resources may stay on the device through multiple launch cycles, making access even faster.

Each app stored on Apple TV is limited to a maximum of 200MB. In order to create an app greater than this amount, you must break up your app into downloadable bundles. In Xcode, create tags and attach them to the required resources. When your app requests the resources associated with a tag, the operating system downloads only the required assets. You must wait until the assets are downloaded before you can use them in your app.

So many people saw the headline that each app is limited to 200MB and thought that that is the upper limit for everything related to an app on AppleTV. As this clearly says, it isn’t – and note also that point about “After downloading, the resources may stay on the device through multiple launch cycles, making access even faster.”

But reading dev documents takes effort. Tweeting “200MB OMG” is much simpler.
link to this extract

Whatever happened to Google Books? » The New Yorker

Tim Wu on the project that has been stalled since 2011:

There are plenty of ways to attribute blame in this situation. If Google was, in truth, motivated by the highest ideals of service to the public, then it should have declared the project a non-profit from the beginning, thereby extinguishing any fears that the company wanted to somehow make a profit from other people’s work. Unfortunately, Google made the mistake it often makes, which is to assume that people will trust it just because it’s Google. For their part, authors and publishers, even if they did eventually settle, were difficult and conspiracy-minded, particularly when it came to weighing abstract and mainly worthless rights against the public’s interest in gaining access to obscure works. Finally, the outside critics and the courts were entirely too sanguine about killing, as opposed to improving, a settlement that took so many years to put together, effectively setting the project back a decade if not longer.

link to this extract

Who controls the off switch? » Light Blue Touchpaper

Ross Anderson (who leads some of the UK’s best academic security researchers:

We have a new paper on the strategic vulnerability created by the plan to replace Britain’s 47 million meters with smart meters that can be turned off remotely. The energy companies are demanding this facility so that customers who don’t pay their bills can be switched to prepayment tariffs without the hassle of getting court orders against them. If the Government buys this argument – and I’m not convinced it should – then the off switch had better be closely guarded. You don’t want the nation’s enemies to be able to turn off the lights remotely, and eliminating that risk could just conceivably be a little bit more complicated than you might at first think. (This paper follows on from our earlier paper On the security economics of electricity metering at WEIS 2010.)

Anderson doesn’t need to scare people for money. But what he points to is often worrisome.
link to this extract

Cabinet ministers’ email hacked by Isil spies » Telegraph

So this is how modern media – well, I use the word “modern” in its loosest sense – works. Writing this story took four journalists, so please stand up, Claire Newell, Edward Malnick, Lyndsey Telford and Luke Heighton, for this 22-paragraph story which begins:

Jihadists in Syria have hacked into ministerial email accounts in a sophisticated espionage operation uncovered by GCHQ, the Telegraph can disclose.

I know! Blimey, you think. Hacked in to their accounts? They must have found a ton of stuff there, right?

You then plough on through tons of paragraphs about drone strikes and various bits of handwaving, but no detail. You carry on, and eventually – in the 13th paragraph – there’s this:

The recent cyber threat first emerged in a warning to Whitehall security officials in May and it is understood that the plans to attack Britain were exposed by the GCHQ investigation.

It is unclear what information the extremists were able to access, but it is understood that no security breaches occurred. However, officials were told to tighten security procedures, including changing passwords.

And that’s it. No more detail. So what do we think actually happened? Based on this very thin gruel, my guess is that the ministerial email had two-factor authentication, and someone got phished, and it set all sorts of alarm off in Cheltenham (where GCHQ is). No breach, but someone had been very stupid.

And of course “hacked” in the headline is overplayed. “Targeted” might work. Classic Sunday journalism: no paper will be able to follow this up for a Monday story, because there aren’t any facts to it. The story falls apart in your hands.
link to this extract

Ten years later, this is how Techmeme has avoided clickbait, autoplay ads, and more » LinkedIn

Gabe Rivera, the site’s chief executive and frequent editor:

In 2015, supporting an online news operation with advertising when your page view and unique visitor numbers aren’t massive is always an uphill battle. Media sites in this predicament are often tempted to run ads units that pay more but repel and infuriate readers.

Fortunately what Techmeme does have is the attention of the people who lead the tech industry. (Ask your CEO “where do you get your tech news?”) When a news destination is a hub for industry decision-makers, companies will want to reach its readers, making it possible to sell the far more welcome form of “ads” that Techmeme does include. These include posts from sponsors’ blogs, catchy taglines from companies that want you to check out their job openings, and events that companies want you to consider attending. While not all companies are used to making these sorts of marketing buys, many are learning how, and Techmeme is here to serve them.

link to this extract

FBI says ‘Australian IS jihadist’ is actually a Jewish American troll named Joshua Ryne Goldberg » Brisbane Times

Elise Potaka and Luke McMahon:

The Australi Witness persona fooled members of the international intelligence community as well as journalists, with well-known analyst Rita Katz of SITE Intelligence Group saying the “IS supporter” held a “prestige” position in online jihadi circles and was “part of the hard core of a group of individuals who constantly look for targets for other people to attack”.

Ms Katz has previously acted as a consultant for US and foreign governments and testified before Congress on online terrorist activities.

The Australian Federal Police were unaware of Australi Witness’s real identity as Goldberg until contacted by journalists working on behalf of Fairfax Media.

On the internet, nobody knows you’re a troll.
link to this extract

Why Xbox Kinect didn’t take off » Business Insider

Matt Weinberger:

The Kinect also introduced voice commands and a gesture interface to the Xbox 360 itself. You could pause a movie with your voice, or log in to your account on the console by standing in front of the camera.

But as cool as that all sounded, the Kinect was still a new technology, and there were some glitches with those cool new interface tricks.

“It does do magic, but only 85% correctly. When you encounter the 15%, it’s frustrating,” the former Xbox insider said.

Serious gamers care about precise movements, like landing a perfect Super Combo in “Street Fighter IV” or nailing a headshot in “Call of Duty.” Similarly, if you have voice controls for a movie, it had better work the first time, or else you’re just shouting “pause” at your TV over and over.

In both cases, it wasn’t quite the totally accurate experience that people wanted.

“It’s essentially a less precise replacement for a lot of things which, once the novelty wears off, is not valued by the market. So it’s real value is for new experiences impossible before without it. There isn’t enough interest or investment in those,” the ex-insider says.

Worse, the longer people used Kinect, the more they found places and situations where it just fell short and didn’t work as well as it should have.

In my apartment, playing a Kinect game requires moving furniture around to give the sensor the field of view that it needs to work well. It’s a big problem for lots of gamers, since you need 6 to 10 feet between you and the sensor.

Try playing that in a dorm room or small apartment.

Yes, precisely.
link to this extract

iPad Pro won’t replace the PC any time soon » Teschspective

Tony Bradley:

Perhaps the biggest change that has occurred over the past few years that makes the iPad Pro viable as a potential PC replacement is Microsoft. The shift in strategy by Microsoft to embrace the cross-platform ecosystem and make Microsoft Office and other key Microsoft products available across rival devices removes one of the biggest obstacles for the iPad as a laptop replacement. Microsoft was at the Apple event this week and stood on stage to reveal that it has improved apps developed specifically for iOS 9 and the iPad Pro that will make Microsoft Office arguably better on the iPad Pro than it is on a standard Windows PC or even on the Surface Pro 3 itself.

The flip side of that, though, is that the iPad Pro still runs iOS. It is still primarily a mobile device trying to be a PC—whereas the Surface Pro tablet is a PC trying to be a mobile device. Not much has changed since my experience using the iPad as a laptop replacement for 30 days. It is still a suitable device for a limited range of tasks and applications. It still won’t work as well as a traditional PC for a number of specific functions.

More importantly—at least as it relates to the ability of the iPad Pro to compete with Windows PCs in a business environment—it can’t run the software that organizations have already invested in and rely on to get things done.

Thus you have the bear (pessimist) case on the iPad Pro. But it’s that last sentence which betrays the flaw in the argument. Lots of organisations can’t get the new things done they want to on older systems. An iPad begins as a mobile device; the Surface yearns to be a laptop (just look at its screen ratio).
link to this extract

Start up: Uber’s China fight, Stagefright goes public, women and Apple, Wileyfox reviewed, and more

Posted on by
2


Feast your eyes: you’ll never see its like again. (Hopefully.) Photo by MarkGregory007 on Flickr.

A selection of 10 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Inside Uber’s fight with its Chinese nemesis, Didi Kuaidi » WSJ

Fabulous in-depth piece by Eva Dou and Rick Carew:

Both companies have sought to woo drivers with bonuses to those who rack up rides. Uber has offered larger bonuses in an effort to catch up in scale, earlier this year giving as much as 7,000 yuan weekly to Beijing drivers who completed a high number of rides—quadruple a traditional taxi driver’s wages, according to drivers. Both companies have bonuses for individual rides during peak times and smaller bonuses for individual achievements, such as referring friends or getting high ratings.

Now the challenge for both is keeping drivers and riders while weaning them off bonuses and coupons.

Yang Yang, a 33-year-old Uber driver in Beijing, says bonuses are increasingly difficult to get. He stays on the road 12 to 14 hours a day to qualify for the weekly bonus, using minty salves to stay awake.

The lure of bonuses has led drivers to game the system. Uber and Didi Kuaidi battle drivers who book fake rides—known as “brushing” in China. In brushing, the scammer will typically pose as both driver and rider, essentially paying himself multiple times to build up enough fake business to win a bonus.

Rings of scammers use specialized software bought online to rack up fake rides while they sit at home, drivers interviewed say. They say they get calls and texts from people offering to help them scam Uber for a fee. Didi Kuaidi is suffering less from the problem, according to drivers, as its lower driver bonuses are less of a draw.

I love how people find ways to game systems like this; it’s the thing that definitely keeps us a step ahead of the damn robots.
link to this extract

The Washington Post has begun blocking the ad blockers » BuzzFeed News

Matthew Zeitlin:

“Many people already receive our journalism for free online, with digital advertising paying only a portion of the cost,” a Washington Post spokesperson told BuzzFeed News.

“Without income via subscriptions or advertising, we are unable to deliver the journalism that people coming to our site expect from us. We are currently running a test using a few different approaches to see what moves these readers to either enable ads on The Washington Post, or subscribe.”

There’s a kind of Cold War brewing between publishers who say that ad blocking software cuts off the lifeblood of free media online, and readers who complain about pages crammed with garish ads and intrusive trackers, which make many sites bloated and slow to load.

Not sure it’s a cold war. It’s about to get a lot more heated: iOS 9 comes out next week, and the content blocking apps will all be lining up for it.
link to this extract

Android Stagefright exploit code released to public » Threatpost

Michael Mimoso:

[Joshua] Drake, vice president of platform research and exploitation at Zimperium zLabs, said in July the bug could affect more than 950m Android devices. He chose not to publish exploit code at the time, giving Google time to push patches to the Android Open Source Project and subsequently to handset manufacturers and carriers. He originally planned to release exploit code on Aug. 24.

Google, meanwhile, wasted no time in changing the way it releases security updates for Android, announcing at Black Hat that it would send monthly over-the-air updates its Nexus phones. The move was mirrored by others, including Samsung and LG, and the first Nexus updates included patches for Stagefright. Silent Circle also patched its Blackphone and Mozilla patched Firefox, which uses Stagefright code in the browser.

Stagefright is the name of the media playback engine native to Android, and the vulnerabilities Drake discovered date back to version 2.2; devices older than Jelly Bean (4.2) are especially at risk since they lack exploit mitigations such as Address Space Layout Randomization (ASLR) that are present in newer versions of Android.

The problem is that Stagefright is an over-privileged application with system access on some devices, which enables privileges similar to apps with root access.

When the tide goes out, you discover who’s been swimming naked, or hasn’t put on their security trousers.
link to this extract

Focusing on the full picture with data » FlowingData

Nathan Yau:

I don’t know the full context of this discussion, but in the interview below, Hans Rosling talks to media person Adam Holm about why we shouldn’t use the media to form our opinions about the world. Media person disputes. Rosling puts foot on table and says Holm is wrong.

This is terrific. Enjoy.

Rosling also gave a TED talk in 2014: “How not to be ignorant about the world“.
link to this extract

Wileyfox Swift: Brit startup budget ‘droid is the mutt’s nuts » The Register

Alun Taylor:

If someone asked me what my ideal smartphone would be I’d say one that costs no more than £120, has 16GB of storage, at least 2GB of RAM, a 5-inch IPS screen, a removable battery, two SIM slots, space for a microSD card, the best iteration of Android available (that’s the Cyanogen OS Android fork, in my opinion) and is waterproof.

There’s nothing revolutionary about the Swift’s design, it’s just smart and well made
Wileyfox’s new Swift actually fails to meet two of those criteria – the cost is £130, and there’s no waterproofing. But as we’ll see, considering the rest of the package, it’s very easy to forgive those two failings.

In an increasingly competitive market the Swift is up against the likes of the Motorola Moto G and Sony Xperia M4 Aqua, both of which we have reviewed recently. And both of which are rather more expensive at £189 (for the 2GB RAM version) and £199 respectively.

Along with price deflation, Android is splitting into niches, as well as software specialisation – such as the use of Cyanogen here. This is great value; it’s not going to sell in huge volumes (simply because of supply chain constraints) but it’s where the Android market is going.
link to this extract

Bullshit, selfies and Photoshopped smiles: Apple’s iPhone 6S announcement was a joke » Gadgette

Holly Brockwell is pissed off and she isn’t going to take it any more:

It’s no secret that I’m far from Apple’s biggest fan. In fact, despite what Reddit seems to think, I’m firmly Team Android. But that doesn’t mean I don’t give Apple credit where it’s due – it’s just that it seems to be due less and less these days. Last night’s announcement was their worst yet.

Her principal complaint seems to be “these things have all been done before!” along with “there was a Photoshop demo using a woman’s face!”. The “where were the women?” thing seemed to become a mini-meme on Twitter. Perhaps I was missing the bit where Jen Folse came out and demoed Apple TV entirely on her own. Or where a female doctor showed off the iPad Pro, again, entirely on her own. Or a female entrepreneur from Gilt showed what she could do on Apple TV. Sure, there were more men. But that’s true in pretty much any tech event.

My wife constantly quotes a friend says you can divide the world into drains and radiators – some suck you dry, some warm you up. I prefer radiators. Which is why I love this tweet from Lia Napolitano, who used to work on the Apple TV team, praising Folse, who still does.

link to this extract

Production of new 21-inch iMac begins, say Taiwan makers » Digitimes

Aaron Lee and Joseph Tsai:

Production of a new 21-inch iMac featuring a 4096 by 2304 screen kicked off in early September and will be launched in the fourth quarter, with shipments in the quarter estimated at 1.4m-1.5m units, according to Taiwan-based supply chain makers.

With shipments from existing iMac products, Apple’s overall all-in-one PC shipments could surpass those of Lenovo in the second half.

The sources pointed out that the new 21-inch iMac only has a limited change in industrial design, but is upgraded with better hardware specifications, especially the Ultra HD display.

This will probably be no more than a press release from Apple. The current 21in iMac is 1920 by 1080 pixels – so this is going to be an amazing screen.
link to this extract

Amazon finally stops selling the Fire Phone, as company adjusts its hardware strategy » GeekWire

Tricia Duryee:

It’s taken more than a year, but Amazon has finally exhausted its supply of Fire Phones.

At least that appears to be the case based on the phone’s product page, which now lists the device as “currently unavailable,” with an additional note in the buy box, stating: “We don’t know when or if this item will be back in stock.”

That’s true for both the 32GB and 64GB models.

A year ago I calculated that no more than 35,000 had been sold. I wonder what the final number was.
link to this extract

Electronic noise is drowning out the Internet of Things » IEEE Spectrum

Mark McHenry, Dennis Roberson and Robert Matheson:

it is expensive to trace RF [radio frequency] pollution to a source and, when you do, it is often challenging to get offenders to stop offending.

The coming Internet of Things is going to make things worse. Much worse. It will do so by adding complex RF-control chips to countless common devices, like door locks, light switches, appliances of every type, our cars, and maybe even our bodies, which will enable them to connect to the Internet. Each of these chips is a potential source of noise. Plenty of technological fixes are available, of course, but the huge number of chips means that manufacturers will be more reluctant to add costly shielding and other noise-muffling features to their products. Silence is golden: It costs money to get it.

link to this extract

Apple promo video confirms the 6s has a smaller battery » TechCrunch

Fitz Teppper:

a 3D Touch promotional video released by the company seems to confirm that the 6s will indeed have a smaller battery than the iPhone 6. Specifically, GSMArena discovered that the video shows a shot of the battery marked “1715 mAh”, which is less than the iPhone 6’s 1810 mAh battery.

The extra space gained from reducing the device’s battery is most likely being used to fit new, larger components like the Taptic Engine and Force Touch-enabled display.

It’s important to note that this doesn’t mean the device will provide fewer hours of usage. In fact, Apple’s specs on the 6s show that the device will have the exact same talk, Internet browsing, and video playback time as its predecessor. This is most likely due to increased power efficiency in the new phone.

In my (beta) experience, iOS 9 has better battery life than iOS 8. Have to see how the rest of it plays out. Safe bet though that “smaller battery!” will be found in the comments sections of many blogs in the days – months even – to come.
link to this extract

Start up: iOS 9 and the BBC, AdBlock v Chrome/YouTube, Imogen Heap’s blockchain, and more

Posted on by
Reply


And we just happen by great good fortune to know a good source of women who aren’t wives too. Photo by James Maskell on Flickr.

A selection of 8 links for you. Tested on humans for irritancy. I’m charlesarthur on Twitter. Observations and links welcome.

Ashley Madison’s parent company secretly operated an escort website » Daily Dot

Dell Cameron:

After the details of roughly 33 million Ashley Madison accounts were posted online, the hackers responsible, known as Impact Team, leaked more than 197,000 private emails from the inbox of Noel Biderman, the former CEO of Avid Life Media (ALM), a Toronto, Canada–based company that operates the Ashley Madison site. Documents and emails contained in the trove and reviewed by the Daily Dot detail the company’s escort-related businesses.

Escorts.ca was leased in 2013 through a shell company called Pernimus Limited, which is listed among ALM’s “legal entities” on an internal company memo. According to a leaked contract, ALM leased the escort-service property from an Ontario-based company called Steeltown Marketing Inc., on Feb. 20, 2013.

The escorts.ca website was still active until roughly 6pm ET on Tuesday, when it was abruptly suspended. A version of the site from Aug. 1, 2015, can still be viewed, however, via the Wayback Machine.

Innocent explanation: ALM was into teh sexy bsns, so having an escort company as well as a “YOLO BE UNFAITHFUL” site was just consistent corporate thinking.

Malevolent explanation: 1) have a site encouraging guys to be unfaithful; 2) funnel them towards escorts 3) Profit!

Hang on, further down:

The document shows that ALM’s intention for the site, which did not charge users to browse its pages, was to funnel traffic to Ashley Madison and other ALM properties.

Having some trouble making the innocent explanation work here.

link to this extract

Apple’s iOS 9: Tweaks not revolution for video, photos and audio » BBC Blogs: College of Journalism

Marc Settle, who specialises in smartphone reporting for the BBC Academy:

Doesn’t time fly. It’s already a year since my now-traditional blog post examining what’s in the latest version of iOS, the operating system on iPhones and iPads. It’s also therefore a year since the equally traditional complaint of ‘preferential treatment’ to Apple over Android, the operating system that runs on around 80% of smartphones globally.

However, it remains the case that iPhones are the device of choice for many leading news organisations around the world – not just the BBC – for their employees to gather and send broadcast-quality footage at a far lower cost than traditional methods.

It’s also the case that this review of iOS 9 will be far more relevant, far more quickly, to iPhone owners if the pattern of previous releases is repeated. iOS 8 came out on 17 September 2014; a week later it was running on more than a third of compatible devices (as shown on the graph above).

In stark contrast, the latest version of Android, called Lollipop, was released in November 2014 but nine months later it’s still barely on 20% of devices.

Seems iOS 9 doesn’t add much, apart from some little tweaks in video editing. It has been noticeable in the latest reports on the refugee crisis that some of the BBC reporters are doing the reports with iPhones; one did a whole report using the front-facing camera and flash so that he could show the extent of the problem.
link to this extract

YouTube ads aren’t being blocked in Chrome / Recently Reported / Knowledge Base » AdBlock Support

And lo, there was great consternation that YouTube might have found a way to make people view ads. But it turned out not to be:

Some users have been able to confirm, that removing YouTube app from Chrome (by navigating to chrome://apps on Chrome) fixes YouTube ads, which are not blocked.

According to the EasyList forum post on this topic (you can read the original Google Code issue if you’d like to know the gory details) it’s caused by a recent Chrome security update, not the ad blockers or YouTube finding a way around the current filters.

At this point, we’re waiting for news about another update to Chrome which will fix this. In the meantime, we recommend switching to Firefox or Safari, which continue to block ads in YouTube videos just fine

In the Chromium discussion, a Chromium developer says “It was a security fix tracked in bug 510802 which we can’t make public yet, but it has the details.” (I can’t find a way to view bug 510802, so maybe it’s a doozy.)

link to this extract

Michael Dell sees consolidation among PC makers in next few years » Reuters

The top three global PC makers would be able to raise market share in the next few years through consolidation amid shrinking sales of personal computers, Dell Inc chief executive Michael Dell said on Monday.

Lenovo Group Ltd tops global PC shipment ranking with a 20.3% market share, followed by Hewlett-Packard Co at 18.5% and Dell at 14.5%, according to research firm International Data Corp.

The top three companies could corner about 80% of the market in the next five to seven years, Dell said at a roundtable conference with journalists in Bengaluru, India.

“In the first half of this year, we outgrew the two in notebooks and we have grown now 10 quarters in a row,” Dell said.

IDC last month forecast PC shipments to fall 8.7% this year, steeper than its earlier estimate of a 6.2% decline, and said they are expected to return to growth in 2017.

Presently those top three have 53%; it would take quite a consolidation (such as the collapse/withdrawal of a player like Acer with 6.5% share and a smaller one like Toshiba with maybe 3% share) to reach that. But the ongoing consolidation is steady.

Read it too for Dell’s comment on smartphones.
link to this extract

Imogen Heap: saviour of the music industry? » The Guardian

Jamie Bartlett on how one British artist aims to use blockchain technology to create an accountable system for buying and listening to and crediting music:

Because [Imogen] Heap now produces her own music independently she’s not contracted to release her song via the usual route. Instead, she will be placing the studio-recorded song, video, live performance and all Tiny Human-related data as files on her website, open to those developing new tech for the blockchain. All the taggable associated data that could interest fans or potential clients (film and TV, brands, other artists), such as the lyrics, photographs, the instruments she used, the musicians who played, etc (“I think I’ll add this article too,” she told me) will prove inspirational, she hopes.

Crucially, she’ll also include simple contracts, revealing under what terms the music would (ideally, as this is an experiment) be downloaded or used by third parties, such as advertisers, and how any money earned will be divided up among the creatives involved. All payment received – using crypto-currencies – will be routed to the recipients, as set out in the contract, within seconds. (It typically takes between weeks and months for royalty payments to work their way through the chain at the moment.)

It’s a long but worthwhile article. There’s a fair amount of handwaving around how it will work, though I suspect that’s just as much because really getting into the details of how the blockchain system would work might frighten the horses (as in, regular non-techie readers) too much.

And remember, MP3 started as a way to compress background music and sounds for video games.
link to this extract

Premium Android hits the wall: discussion » Hacker News

Among the discussion of my post elsewhere on this blog is this anecdote:

My wife went into the EE shop (UK mobile company) recently to see what was on the market as her old Galaxy S2 was dying.

She came out with a list of six Samsung phones alone and a couple of Sonys. Is a Galaxy Alpha better than an S6? What’s a Galaxy Mini? So bewildered by the permutations that she just threw away the list and bought a second-hand Galaxy S4 on eBay. Potential sale for Samsung lost.

Android vendors might think they’re satisfying all possible market requirements but actually they’re confusing potential customers. As you say, probably easier just to go to the Apple store and choose between two.

I know anecdotes aren’t data, but I think the contrast between a plethora of choices and a couple makes a difference. Note too how few features Apple adds at each release. (Read the full discussion too.)
link to this extract

Negative feedback: attack on a YouTube channel » Dell SecureWorks Security and Compliance Blog

Joe Stewart of CTU Research on how an “attack” (lots of dislikes) against a YouTube channel might have been organised via hijacked routers in Vietnam:

All it takes to bounce traffic through a vulnerable broadband modem is to know the standard administrative username/password pair used by the ISP, something trivially obtained by analysis of the device’s firmware image or even by brute force scanners. Once you can configure the modem, you can set up port forwarding and relay traffic inbound to a specific TCP port to an outside site (i.e. YouTube). This isn’t a proxy in the conventional sense, where one can arbitrarily tunnel all HTTP traffic through another IP, but it can work in essentially the same way for a single destination site.

Vietnam is certainly not the only country with this problem. A rush to create broadband infrastructure in some countries where ISP choices are limited has led to a dangerous monoculture of vulnerable router deployments. As consumer operating systems are increasingly becoming more secure against exploitation that would cause them to become part of the botnet ecosystem, we are increasingly seeing broadband routers being abused for these purposes instead.

It used to be that shonky Windows installations in developing countries were the main problem for such attacks; now it’s broadband routers in developing countries too. (Via Stefan Pause.)
link to this extract

Why you hate Google’s new logo » The New Yorker

Sarah Larson:

Now Google is so smart and powerful, across so many platforms—Androids, a translation service, Chrome, Maps, Earth, self-driving cars, our collective brain—that our trust, our connection to that first thrilling moment, that gratitude and excitement, should be essential to maintain. You’d think the company would get that, and that rebranding, generally, feels suspicious. When I see that shifty new rainbow-colored “G” bookmarked on my toolbar, I recoil with mild distrust, thinking of when Philip Morris became Altria — No cigarettes here, see? Just rainbows! — or when British Petroleum suggested we think of it as Beyond Petroleum, or when the Bush Administration would name something Freedom.

Zingg! (Personally, though, I don’t like the new logo. I prefer the old one.)
link to this extract

Start up: Firefox attacked, iPhone’s “3D Touch Display”?, ad folks fret on blockers, Note 5/Edge+ reviewed, and more

Posted on by
Reply


A drinks machine in the Soviet arcade museum. OK, back to work! Photo (and many more) by jasoneppink on Flickr.

A selection of 9 links for you. Do not feed. I’m charlesarthur on Twitter. Observations and links welcome.

Mozilla: data stolen from hacked bug database was used to attack Firefox » Ars Technica

Megan Geuss:

An attacker stole security-sensitive vulnerability information from the Mozilla’s Bugzilla bug tracking system and probably used it to attack Firefox users, the maker of the open-source Firefox browser warned Friday.

In an FAQ published (PDF) alongside Mozilla’s blog post about the attack, the company added that the loss of information appeared to stem from a privileged user’s compromised account. The user appeared to have re-used their Bugzilla account password on another website, which suffered a data breach. The attacker then allegedly gained access to the sensitive Bugzilla account and was able to “download security-sensitive information about flaws in Firefox and other Mozilla products.”

Mozilla added that the attacker accessed 185 non-public Firefox bugs, of which 53 involved “severe vulnerabilities.” Ten of the vulnerabilities were unpatched at the time, while the remainder had been fixed in the most recent version of Firefox at the time.

Publishing the FAQ as a PDF is a bit crummy – makes it harder to process. Reuse of passwords is a big problem but you wouldn’t expect someone with high-level access to Bugzilla to do it.
link to this extract

iPhone 6s to have ‘3D Touch’ three-level, next-gen Force Touch interface » 9to5Mac

Mark Gurman, so we should trust it, right?

One of the cornerstone features of the iPhone 6s and iPhone 6s Plus, to be announced next Wednesday, is a screen based on the Force Touch technology from the latest MacBook trackpads and the Apple Watch. However, as we noted in previous articles such as our event expectations roundup from yesterday, the Force Touch feature in the new iPhones will actually be a next-generation version of the technology. According to sources familiar with the new iPhones, the new pressure-sensitive screen will likely be called the “3D Touch Display”…

Sounds like a bit of a clunky name?
link to this extract

The alternate universe of Soviet arcade games » Atlas Obscura

Kristin Winet:

When you walk into the Museum of Soviet Arcade Games in St. Petersburg, the first thing you’ll see is a series of gray, hard-edged soda machines from the early 1980s. If you choose the one in the middle, it will dispense a tarragon-flavored and slightly fermented soda whose recipe relies on a syrup that has not been mass produced since the fall of the Soviet Union. It tastes not unlike a mix of molasses and breath mints.

All around us are beeps, pings, and shot blasts coming from rickety old machines that seem like they’ve time-traveled from the golden era of American arcade games. And yet, everything’s in Russian, we’re using kopecks as currency, and there is no Donkey Kong here.

This is not your typical museum. For one thing, everything is not only touchable, but playable. Designed to look like a 1980s USSR video game arcade, the museum is filled with restored games carefully modeled after those in Japan and the West and manufactured to the approval of the Cold War-era Soviet leader, Nikita Khrushchev…

…“The fact that some of these products are in danger of disappearing is why they are beloved,” says Dr. Steven Norris, a Professor of History at Miami University in Ohio who specializes in Russian and post-Soviet studies. “Nostalgia for the video games of the 1970s and 1980s is part of a larger nostalgia for Soviet consumer products of late socialism.”

Fabulous journalism bringing us a view of the world we’d not otherwise get. And of course in Soviet Russia, arcade games play you.
link to this extract

DirectLinks » Canisbos

This [Safari] extension circumvents certain techniques used by Google and Facebook to track link clicks.

When you click a link in Google search results, Google uses JavaScript to replace the actual link with an indirect one, which they use for click tracking. Google then redirects the browser to the actual destination after logging the click. DirectLinks disables the JavaScript that replaces real links with indirect ones, so that when you click a search result link, Safari goes straight to the destination.

The extension does something similar for links in Facebook posts: it removes JavaScript that Facebook uses to track clicks on these links.

Probably won’t be long before this is incorporated into content blockers for iOS 9. It’s super-annoying to try to copy a link off Google and get a bunch of obfuscated Javascript.
link to this extract

IAB surveys options to fight ad blockers, including lawsuits » Advertising Age

Tim Peterson:

To catch up with the growing issue, the IAB [Interactive Advertising Bureau] hosted a member leadership summit on July 9 at the IAB Ad Lab in New York City that convened the IAB and IAB Tech Lab boards as well as a number of sales and technology executives to discuss ad blocking. “It was more of an educational [meeting] to get the options on the table,” [Scott] Cunningham [senior VP at IAB and general manager of its Technology Lab] said.

Some of the options put on the table were a lot stronger than some of the more Pollyanna-ish calls for better ads or publisher appeals asking people to turn off their ad blockers as ways to fight ad blockers.

“I advocated for the top 100 websites to, beginning on the same day, not let anybody with ad blockers turned on [to view their content],” said Mr. Moore. He said that the other IAB members in attendance considered it “a good idea but the possibility of pulling it off slim.”

That might not even be the most drastic option the IAB and its members are considering. The possibility of suing the ad-blocking companies is being explored.

The ad blockers “are interfering with websites’ ability to display all the pixels that are part of that website, arguably there’s some sort of law that prohibits that,” Mr. Moore said. “I’m not by any means a lawyer, but there is work being done to explore whether in fact that may be the case.”

“interfering with websites’ ability to display all the pixels that are part of that website”. I’m not going to laug…HAHAHAHAHA.

Denial, anger, bargaining, depression, acceptance. I think we’re on No.2. Progress still to be made.

Still, there is good news: the IAB officially adopted HTML5 as the new standard for display ads, replacing Flash.
link to this extract

How to write a great error message » Medium

Thomas Fuchs:

Imagine being in an office. In your cubicle. You’ve worked long hours this week for an upcoming product introduction. You’re tired and cranky, and you just want the weekend to finally arrive.

But first you have to try if the homepage for the new product works fine on Windows 10. No problem, you think, your trusty Mac laptop has software installed that allows you to run Windows.

You fire up the software, and when Windows politely asks you to update with several intrusive notifications, you say, sure, go ahead.

And then you see this.

That would be almost amusing, if it wasn’t for the deadline for the product.

Terrific article. (Via Dave Verwer’s iOS Dev Weekly. You should try it.)
link to this extract

Samsung Galaxy Note 5 and S6 edge+ review: pretty much exactly what you’d expect » Android Police

David Ruddock, who has been doing some terrific work at Android Police, has a great review with this conclusion:

So, should you buy these phones? I mean, that really comes down to the criteria they don’t meet for you, not what they do. Because these devices really are the technical pinnacle of the smartphones currently out there, a given person’s lack of interest in them is going to almost certainly come down to price, philosophy, or a particular missing feature or other perceived weakness (such as the absent microSD slot or a lack of stock Android). Make no mistake: these are excellent phones. But is excellence worth this much money, especially when the pitfalls (subpar battery life, slow updates, and performance hiccups) mirror or sometimes even exceed those of devices costing potentially much less? That’s for you, the consumer, to decide. If you’re asking me, the flash isn’t worth the cash – Samsung’s premium phones today are much more about brand image and fashion than they are user empowerment or choice.

The comments also show that Samsung users are… animated about the absence of SD cards/removable batteries, battery life, price, the “why upgrade?” question and app performance.
link to this extract

HTC: from riches to rags » Counterpoint Technology Market Research

Neil Shah analyses HTC’s position, where its August revenues were the lowest for 10 years – and there’s no sign of improvement:

Being a pure hardware only vendor won’t take HTC far enough. HTC should learn from another Taiwanese company Asus how it is making a comeback and scaling up with cutting edge specs at highly affordable price-points.

Similarly, Motorola as well following Xiaomi’s footsteps selling online in many markets its highly attractive offering in form of Moto X/G/E at affordable price-points and charting phenomenal comeback.

If this doesn’t work, a potential merger or getting acquired is the only way the company can return value to its shareholders and think about growing with other company.

However, for that HTC at least for short- to mid-term will need to raise its game, make itself attractive to others.

HTC should focus on building an IP portfolio over the next couple of years and eventually maximize its valuation. Merging with other Taiwanese companies such as Acer or Asus to justify scale could also be a possible strategy.

HTC’s Cher Wang seems unwilling to countenance a takeover, but she might have to consider it seriously pretty soon.
link to this extract

BlackBerry to acquire Good Technology: executive point of view » Inside BlackBerry

BlackBerry is spending $425m of its not-growing cash pile to buy Good, which has been a bitter rival for more than a decade. Inside BlackBerry lobbed some soft questions at BlackBerry COO Marty Beard and Good CEO Christy Wyatt, but not all the answers were quite that gentle:

IBB: Speaking of customers, how does this impact each of your existing customers and what new areas will come of it?

MB: Our acquisition of Good will mean the end of compromise for customers. We will be able to provide even stronger cross-platform capabilities – ensuring customers won’t have to make any sacrifices in operating systems, deployment models, or any level of privacy and security in their mobile environments. I truly believe that combined, BlackBerry and Good will raise the bar in the enterprise mobility market, enabling our customers to be more productive and protecting their sensitive data across all of their mobile end points.

CW: Historically, when a customer chooses their enterprise mobility platform, they have been asked to make tough choices: do they want deep management, deep security, a great user experience or enterprise scalability? The truth is that customers should not have to choose. They will need different tools to solve different mobility challenges. With this combination, customers can have the best in security, management, ecosystem and experiences all on a common platform.

I love how they’re both needling about each others’ products, but now saying that ach, it’s all good. This is a smart acquisition by BlackBerry; now it needs to make it work.
link to this extract

Start up: design for cars and Xbox 360s, the rural broadband row, is Huawei Samsung v2?, hacking OSX, and more

Posted on by
2


A magnetic wormhole! Really exists! Looks nothing like this! Photo by w4nd3rl0st on Flickr.

A selection of 9 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Google self-driving cars don’t need windshield wipers » Mashable

Chris Perkins:

When asked if the car had windshield wipers, a Google employee replied, “Yes, but not on the windshield. They’re on our sensors—our car’s ‘eyes.'” Essentially, the Google car doesn’t have windshield wipers because it doesn’t need them.

Let that sink in for a second.

The ultimate goal of an autonomous car is to be, well, fully autonomous. A self-driving car wouldn’t require any human input other than specifying a destination. A self-driving car wouldn’t require any human input other than specifying a destination. To that end, Google’s self-driving prototype doesn’t have windshield wipers because humans aren’t required to see out of it.

This brave new world of “cars” truly aren’t cars as we understand them. Yes, they have four wheels and take people from point A to point B, but the similarities end there. If humans don’t need to drive these cars, a very different approach to design is allowed.

Listened to John Gruber and Ben Thompson on the Talk Show earlier. Electric cars, one pointed out, are effectively computers on wheels; you no longer need expertise in pistons and cylinder heads to make a car. That changes the landscape.
link to this extract

How the Red Ring of Death problem happened » Business Insider

Robbie Bach, formerly of Microsoft, has written a book about his time there. Ben Gilbert picks up what happened that led to a billion-dollar cost:

With the Xbox 360, Microsoft took a design-first approach. Here’s how Bach describes it:

We started with design at the front of the process, and we said, ‘This has to be designed with a designer’s sensibility.’ So the enclosure work we did was done relatively early. Not locked in stone, but we have a shell under which we want to fit. So then the engineering team goes and puts things in the shell.

More clearly: Microsoft designed the look of the Xbox 360 and then figured out how to fit the console’s guts inside, which can be risky. Though game consoles are designed to be pretty enough for a living room home theater, their design is also based on heat management. These things are basically computers. If you pack a computer in a tight box, it will eventually overheat.

Worse, it might loosen parts of the system’s internals or cause other havoc. 

Microsoft had run the console through various tests, from heat to longevity to cold to movement, and plenty of others, and the Red Ring of Death problem was apparently something they didn’t come across. It was only when consoles started coming in as returns that Microsoft began to see the scope of the issue.

“Design is how it works, not how it looks”, allegedly. Though Apple has had problems with iBooks in the past, where heat-related issues led to some failures. But not a billion dollars worth.
link to this extract

June 2015: MPs set up rural broadband all-party Parliamentary group to tackle BT » ISPreview UK

Mark Jackson:

A group of MPs, primarily from Devon and Somerset in England’s South West, have established a new All-Party Parliamentary Group that will investigate the roll-out of superfast broadband (24Mbps+) services. The group also intends to “put pressure” on BT to stop the operators alleged “delaying antics” and be more transparent with their coverage plans.

It’s understood that the group’s formation was sparked last week after 50 MPs from the South West gathered to moan about progress in the Government’s Broadband Delivery UK programme, which aims to make fixed line superfast broadband services available to 95% of the UK by 2017/18.

The new group will be chaired by Ian Liddell-Grainger MP and has support from Rebecca Pow MP and Neil Parish MP among others. Unfortunately the Government’s register of APPG’s hasn’t been updated since March 2015 (here) and as such the details are still a bit thin on the ground.

Might there be some progress now MPs are about to come back into session?
link to this extract

Why the smartwatch hype machine is running five years fast » Bloomberg Business

Amy Thomson:

Here’s why you probably want a smartwatch: You can use it to do cool stuff like open doors, pay for coffee, and start cars. Here’s why you probably won’t buy one for another five years or so: There still aren’t many doors, stores, or cars that your smartwatch will work with.

At the IFA electronics show in Berlin this week, Samsung Electronics, Lenovo Group and Huawei unveiled updated watches with upgraded features like tap-to-pay and the ability to interact with other devices ranging from your cell phone to your thermostat to your minivan.  

The stumbling block is that it will take several years before there are enough sensors in homes, businesses and vehicles to make it worth the trouble to strap on a smartwatch.

“For watches to become more popular and more mainstream, they have to deliver a number of capabilities to be relevant,” said Andy Griffiths, head of Samsung’s UK and Ireland division. “Our expected timeline is out to 2020.”

link to this extract

Magnetic wormhole created for first time » UAB Barcelona

The researchers used metamaterials and metasurfaces to build the tunnel experimentally, so that the magnetic field from a source, such as a magnet or a an electromagnet, appears at the other end of the wormhole as an isolated magnetic monopole. This result is strange enough in itself, as magnetic monopoles – magnets with only one pole, whether north or south – do not exist in nature. The overall effect is that of a magnetic field that appears to travel from one point to another through a dimension that lies outside the conventional three dimensions.

The wormhole in this experiment is a sphere made of different layers: an external layer with a ferromagnetic surface, a second inner layer, made of superconducting material, and a ferromagnetic sheet rolled into a cylinder that crosses the sphere from one end to the other. The sphere is made in such a way as to be magnetically undetectable – invisible, in magnetic field terms – from the exterior.

The magnetic wormhole is an analogy of gravitational ones, as it “changes the topology of space, as if the inner region has been magnetically erased from space”, explains Àlvar Sánchez, the lead researcher.

That last sentence has a new use of the word “explains”. Potential applications already exist for MRIs etc.
link to this extract

HTML5 deck of cards » Github

That’s it, really. Code available on Github. Neat.
link to this extract

Huawei is the new Samsung » The Verge

As in it’s a “fast follower” (read: mimic), argues Vlad Savov. But he notes that it does it more subtly than Samsung did:

When Huawei takes risks on rumored new features, as it is doing with Force Touch, it does so in a limited manner. The Force Touch version of the Mate S will only be available in certain markets — mainly the ones where you can say “Force Touch” without being immediately slapped down by Apple’s lawyers — so whatever extra cost there is to adding it in can be borne even if it doesn’t stimulate any extra sales. But then, the Mate S has already stirred up hype and discussion by following Apple’s lead so closely and obviously. Even if you never buy a Force Touch Mate S, you’re now better aware of it because of that Apple analogy.

Samsung knew this better than anyone else: biting the heels of the top dog is a great way to get noticed. And if you happen to have a well-priced, technically appealing product, you can convert that hype into sales. Huawei has been chasing the hype with unquenchable thirst, and by grabbing all the best ideas it sees in the market, it’s been delivering those technically proficient devices to make it prosperous. It’s no accident that Huawei is the third-biggest smartphone vendor in the world. The Chinese company combines the best of what’s available and sells it at a lower price — which it can afford to do because it only needs to spend on engineering. The innovative ideas are already out there waiting to be plucked. It might not be fair, but it sure is effective.

link to this extract

Researchers discover new keychain vulnerability in OSX » CSO Online

Steve Ragan:

The command creates a situation where, instead of asking for a user’s Keychain password, Keychain will prompt them to click an allow button instead. The two researchers then took their theory further and developed a proof-of-concept exploit that triggers the command and simulates a user mouse click in the exact location where the allow button would appear.

This process happens in milliseconds (less than 200ms to be exact), right in front of the user, who wouldn’t notice a thing.

“The ‘allow’ button appears 10% to the right of the centre of the screen and 7% below it,” Jebara said in an email.

“We noticed that the only issue that could affect the location of this ‘allow’ button is the size of the dock, so we also issue a command that hides the dock for 500ms in order for us to successfully press the ‘allow’ button.”

After the allow button is pressed, the password is intercepted and sent via SMS to the attacker’s phone. However, SMS could be replaced by any delivery system, including exfiltration to a C&C server, or it could be stored locally for later retrieval.

This seems to use the Accessibility API – but I didn’t think that was automatically enabled on OSX. A subtle and dangerous flaw.
link to this extract

Sony – Plethora of pixels » Radio Free Mobile

Richard Windsor on Sony’s 806 pixels-per-inch Xperia Z5 Premium:

the 4K is screen is, in my opinion, fairly useless for a number of reasons.
• First. In order to see the difference between this screen and a 1080p device the user will have to hold the device between 5-8 inches from his eyes. The viewing distance of most smartphones is around 9-12 inches meaning that in most use cases, users will not be able to tell the difference.
• Second. There is no content available for it meaning that everything has to be up-scaled by a graphics processor to display correctly on the screen. Historically, the Japanese companies have been by far the best at upscaling technologies, but there is still a significant risk that most content and apps will not display optimally.
• Third. Even compressed using VP9 or H.265, 4K video takes up far more space than 1080p and requires up to 4x the bandwidth to be transmitted.

Consequently, users will be able to store less content on their devices and incur up to 4x the cost and 4x the wait to view content that in most cases will look no better than 1080p.
However, despite the practical limitations of a 4K smartphone, it is well known that pointless gimmicks sell phones.

Not so sure about that last point. This is a classic spec-war move; Sony is constrained in what it can do with software, so it has a meaningless spec. (And there’s no suggestion so far of using it in VR, unlike the Note 4, though Sony does have a VR project called Morpheus.)
link to this extract

Start up: Chrome v Flash (and Google v iOS 9), HTC delays Vive, streaming’s true problem, and more

Posted on by
Reply


Suggested caption: “I wish I’d never mentioned the bloody sealion”. Can a computer do better? Picture from MCAD Library on Flickr.

A selection of 9 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Google makes it official: Chrome will freeze Flash ads on sight from Sept 1 » The Register

Shaun Nichols:

Back in June, Google warned that, in cooperation with Adobe, it would change the way Flash material is shown on websites.

Basically, “essential” Flash content (such as embedded video players) are allowed to automatically run, while non-essential Flash content, much of that being advertisements, will be automatically paused.

As we explained a couple of months ago, it’s effectively taking Chrome’s “Detect and run important plugin content” feature, and making it the default: only the “main plugin content on websites” will be run automatically. That should put a stop to irritating ads around the sides of pages.

Google’s reasoning for the move is largely performance-based, apparently. The Chocolate Factory worries that with too many pieces of Flash content running at once, Chrome’s performance is hamstrung, and, more critically, battery life is drained in notebooks and tablets running the Flash plugin.

A performance and battery hit? From Flash? I’m shocked, shocked to hear of such a thing.
link to this extract

Handling App Transport Security in iOS 9 » Hacker News discussion

Remember the Google Ads blogpost from last week explaining how developers could enable non-HTTPS ads to show on iOS 9, which enforces (almost) HTTPS? The discussion on Hacker News include some who’ve been in the trenches:

At my last job, we did something similar to what iOS 9 is now doing, where we migrated a survey engine to serve all forms over https. There was high fiving and champagne all around the engineers desks, while media was freaking out that their impressions took the sharpest reverse-hockey-stick in the world. Ad networks are seriously the worst when it comes to https traffic. Given the dozens of redirects and pixel injections and iframes slapped into a media page, it’s nearly impossible to serve secure traffic since it only takes one network to downgrade the https request to http and then the page is “broken”.

Other comments provide useful insight too.
link to this extract

The wait for HTC’s Vive VR headset just got longer » ReadWrite

Adriana Lee:

Other projects and software features are likely in the works [from Oculus Rift] as well. (We may know more at the Oculus Connect 2 developer conference in Los Angeles next month.) 

There’s also increasing competition from VR hardware startups and other (bigger) competitors eyeing virtual and augmented reality—including Sony, Google, Samsung and Microsoft. Apple may also be pursuing virtual and augmented reality behind closed doors.

All of which makes HTC’s decision to delay the Vive’s consumer release rather risky—especially if the company is relying on this initiative to make up for its flagging smartphone business. For end users and developers, however, the scenario points to something else: Next year is going to be absolutely huge for all realities virtual. 

Can HTC hang on long enough to ride that wave? Testers say it’s terrific quality. Most valuable asset?
link to this extract

Chromebooks gaining on iPads in school sector » The New York Times

Natasha Singer:

In terms of the sheer numbers of devices sold, however, Microsoft remained in the lead. In 2014, about 4.9m Windows devices, including notebooks and desktops, shipped to schools, giving Microsoft a roughly 38% market share in unit sales, IDC said.

Apple, meanwhile, shipped about 4.2m devices for schools, including desktops, notebook computers and tablets, accounting for about 32% of the education market, according to the report.

But the Chromebook category is fast gaining traction in the United States.

Last year, about 3.9m Chromebooks were shipped in the education sector, an increase in unit sales of more than 310% compared with the previous year, IDC said. By contrast, iPad unit sales for education fell last year to 2.7m devices, compared to 2.9m in 2013, according to IDC data.

“Even if Microsoft is No. 1 in volume and Apple is No. 1 in revenue, from the growth perspective, nobody can beat Chromebook,” said Rajani Singh, a senior research analyst at IDC who tracks the personal computer market and is the author of the report.

In the first half of this year, she said, roughly 2.4m Chromebooks shipped to schools compared with about 2.2m Windows-based desktops and notebook computers.

Maybe this is where Chromebooks begin to eat away at Windows. They certainly should be a lot easier to secure and manage.
link to this extract

We built a robot to help you win The New Yorker’s cartoon caption contest » The Verge

Michael Zelenko and Frank Bi:

Each week The New Yorker runs a cartoon contest on its back page, where the publication invites readers to submit captions to cartoons drawn by the magazine’s illustrators. Winning the contest is notoriously difficult — writers have to generate a quip that’s funny, but also perfectly mimics the magazine’s sensibilities. A deep knowledge of The New Yorker is a prerequisite. Or is it?

We’ve collected all the first, second, and third place winning entries going back to when the magazine introduced the competition in 2005 — all 1,425 of them. Then, we ran them through a Markov text generator program that analyzes the winning captions and generates new, randomized entries that echo the original set.

Observation: using this won’t even get you to the last three in the caption contest. Maybe when the robots have taken all the other jobs, “comedian” will still remain for humans.
link to this extract

The real problem with streaming » Music Industry Blog

Mark Mulligan:

Even without considering the entirely intentional complexity of details such as minimas, floors and ceilings, the underlying principle is simple: a record label secures a fixed level of revenue regardless, while a music service assumes a fixed level of cost regardless.

Labels call this covering their risk and argue that it ensures that the services that get licensed are committed to being a success. Which is a sound and reasonable position in principle, except that in practice it often results in the exact opposite by transferring all of the risk to the music service. Saddling the service with so much up front debt increases the chance it will fail by ensuring large portions (sometimes the majority) of available working capital is spent on rights, not on building great product or marketing to consumers.

None of this matters too much if you are a successful service or a big tech company (both of which have lots of working capital). Both Google and Apple are rumoured to have paid advances in the region of $1 billion. While the payments are much smaller for most music services, Apple, with its $183bn in revenues and $194bn in cash reserves can afford $1bn a lot more easily than a pre-revenue start up with $1m in investment can afford $250,000.  Similarly a pre-revenue, pre-product start up is more likely to launch late and miss its targets but will still be on the hook for the minimum revenue guarantees (MRG).

It is abundantly clear that this model skews the market towards big players and to tech companies that simply want to use music as a tool for helping sell their core products. 

 
link to this extract

Heads-up, Google: fighting the EU is useless » Bloomberg View

Leonid Bershidsky:

Microsoft can tell Google exactly what happens next; indeed, Google’s lawyers realize there will be other antitrust investigations. One, concerning the Android operating system and its links to Google services, is already in the works, although no official charges have been brought. Another may soon hit Google where it really hurts, challenging its dominance in online advertising. Google will fight and probably lose, because Europe doesn’t like big U.S. companies to dominate its markets. 

Lobbying and complying with whatever demands still can’t be avoided is a less painful path. Microsoft spent 4.5 million euros last year, a million more than Google, on efforts to get EU officials to see its points on issues such as data protection and cloud computing. Among other things, the European Parliament is now considering a Microsoft proposal that would cap fines for Internet privacy violations at 2m euros a case, instead of 2% of a company’s international turnover.

It’s admirable that Google now wants to fight for its principles and against the dilution of its superior offering. It makes me cringe, however, to think of the time and money that will be burned in this hopeless battle.

link to this extract

The fembots of Ashley Madison » Gizmodo

Annalee Newitz:

In the data dump of Ashley Madison’s internal emails, I found ample evidence that the company was actively paying people to create fake profiles. Sometimes they outsourced to companies who build fake profiles, like the ones Caitlin Dewey wrote about this week in the Washington Post. But many appear to have been generated by people working for Ashley Madison. The company even had a shorthand for these fake profiles—“angels.” Perhaps this is a tip of the hat to Victoria’s Secret models, also known as angels.

Ashley Madison created their angels all over the world, and the dump contains dozens of emails where Avid Life Media management arranged to generate more. Here you can see a July 4, 2013 email from Avid Life Media’s director of internal operations, Nora Abtan, to CEO Noel Biderman and other managers, with the subject “summary angels status”…

…An email chain between Sandra Simpson and an employee named Eduardo Borges, dated July 30, 2012, suggests that quality control on the angel profiles was actually pretty rigorous. Borges asks whether it’s OK to reuse photos if they are in different states, and Simpson says no—she notes that many members travel and they might spot the duplicates.

Such great journalism; such a scammy business. The question becomes, did the company take this direction from the start, or was it forced towards fakery by circumstance?
link to this extract

Apple is about to lay down its TV cards » TechCrunch

Matthew Panzarino:

It stands to reason that Apple will be able to push the A8 much, much further than it ever has before given that the Apple TV is plugged into the wall, and not dependent on battery.

This will enable developers of games and other resource-intensive applications to produce higher quality and more demanding apps. Among the demos I’d expect to see on stage next month are content apps, games, and broadcast companies. These apps fit the venue (fixed, but large and participatory) and purpose of your television — and the apps that people will build for the Apple TV would do well to take those factors into account as well.

A native SDK that takes advantage of the hardware fully will, for the first time ever, turn the Apple TV into a platform, a self-sustaining life form that Apple likely hopes will dominate competitors who have done only slightly better about adding third-party support.

To control the new Apple TV? A new remote. One major feature of which was pretty much nailed by Brian Chen in an article earlier this year. It’s slightly bigger and thicker, with physical buttons on the bottom half, a Touchpad area at the top and a Siri microphone.

I thought the Apple TV would get its own SDK
back in 2012. Totally wrong; it just wasn’t ready.
link to this extract

Start up: Second Life higher ed, killing more comments, Spotify’s hari-kiri, and more

Posted on by
4


BT could have had fibre everywhere already – if not for Maggie. Photo by Craig A Rodway.

Welcome back! It’s been three weeks, you’ve been wonderfully patient, news-y things have come and gone (AGoogleZ, Galaxy Note 5) and we’re probably a couple of weeks away from new iPhones, new iOS software and a new Apple TV. So here’s a big Monday morning chunk o’fun for you.

A selection of 14 links for you. Don’t overdose. I’m charlesarthur on Twitter. Observations and links welcome.

Second Life college campuses: A tour of abandoned worlds » Fusion

Patrick Hogan:

Colleges were among those that bought the hype of the Linden Lab-developed virtual world. Many universities set up their own private islands to engage students; some even held classes within Second Life.

Most of these virtual universities are gone –– it costs almost $300 per month to host your own island –– but it turns out a handful remain as ghost towns. I decided to travel through several of the campuses, to see what’s happening in Second Life college-world in 2015

First, I didn’t see a a single other user during my tour. They are all truly abandoned.

Second, the college islands are bizarre. They mostly are laid out in a way to evoke stereotypes of how college campuses should look, but mixed in is a streak of absurd choices, like classrooms in tree houses and pirate ships. These decisions might have seemed whimsical at the time, but with the dated graphics, they just look weird.

And weird is the overall theme of this trip, which begins in Arkansas.

So, so weird. And such a great idea to investigate.
link to this extract

Why we’re killing our comments section » Daily Dot

Austin Powell and Nicholas White:

In the wake of Gamergate, Celebgate, and the Reddit Meltdown of 2015, both publishers and social networks are grappling with the same fundamental issue: how to foster engagement and dialogue without inadvertently feeding the trolls in the process. The general consensus is that we need to detoxify the Web—to make it a cleaner, nicer, safer, and more inclusive place to live and work. Of course, at the Daily Dot, we would like to see a more civil, compassionate Web, but we want to be careful that in the name of fostering civility, we do not inadvertently kill all dissention. It is the cacophony of the Web—the voices from every point in the spectrum that give it its vibrancy—that make it the community we love. No one has quite figured out how to thread that needle yet, even those who have invested significantly in their own internal systems.

Yeah, it’s because the people who have worthwhile comments get drowned out by the idiots who don’t, who have a lot more time to spare. As I previously explained. The number of sites that have turned off comments (to a greater or lesser extent) is only growing.
link to this extract

Some thoughts on the Project Ara delay » PHONEBLOKS.COM

Dave Hakkens:

When I shared Phonebloks it was just an idea, something I thought would make sense to reduce e-waste. It was a future vision, something that would hopefully be made in 5-10 years.

Some companies are trying to make a modular phone. Of all those companies Google is taking the biggest leap. They have an insane amount of resources/smart guys and set a 2 year timeframe for themselves to get it done. Seemed unrealistic and turns out it is. They are delayed for over a year!

However this is not bad. Sure the sooner it would be in our hands the better since we could save e-waste.

There will never be a useful phone using phonebloks. The premise might work for some lab/testing/environmental equipment, but the price and size will make it pointless when you can get a pocket supercomputer with phone functions for $50.

link to this extract

Is this really the beginning of the end for web ads? – The Guardian » Android & iPhones Information

I got a ping back to my blog because this piece has (somewhere) a link to my piece about adblocking. Read for a while and see if anything strikes you:

Mail Online is among the world’s many popular news websites and it’s free: no paywall. Yet my browser has actually a plug-in routine called Ghostery, which will certainly scan any sort of web page you visit and tell you exactly how several “third-celebration trackers” it has actually located on it. These are small pieces of code that advertisers and ad-brokers put on pages or in cookies in order to monitor just what you’re executing on the web and where you’ve been prior to hitting the most up to date page.

“Third-celebration trackers”? Oh, third-party trackers. It’s the Guardian’s article (from Sunday) but with a thesaurus applied. What’s puzzling about the page is that there are no ads – so I don’t see how it’s monetising. It’s crap, through and through, and it would be great to wipe this sort of third-pa.. third-celebration crap off the web. Not sure how you’d do it, though.
link to this extract

How Thatcher killed the UK’s superfast broadband before it even existed » TechRadar

Jay McGregor, who was told by BT’s former R+D chief Peter Cochrane:

“In 1986, I managed to get fibre to the home cheaper than copper and we started a programme where we built factories for manufacturing the system. By 1990, we had two factories, one in Ipswich and one in Birmingham, where were manufacturing components for systems to roll out to the local loop”.

At that time, the UK, Japan and the United States were leading the way in fibre optic technology and roll-out. Indeed, the first wide area fibre optic network was set up in Hastings, UK. But, in 1990, then Prime Minister, Margaret Thatcher, decided that BT’s rapid and extensive rollout of fibre optic broadband was anti-competitive and held a monopoly on a technology and service that no other telecom company could do.

“Unfortunately, the Thatcher government decided that it wanted the American cable companies providing the same service to increase competition. So the decision was made to close down the local loop roll out and in 1991 that roll out was stopped. The two factories that BT had built to build fibre related components were sold to Fujitsu and HP, the assets were stripped and the expertise was shipped out to South East Asia.

“Our colleagues in Korea and Japan, who were working with quite closely at the time, stood back and looked at what happened to us in amazement. What was pivotal was that they carried on with their respective fibre rollouts. And, well, the rest is history as they say.

I’d have to say that Thatcher’s instinct made sense, given the way BT was privatised: it could have demanded monopoly rents on the infrastructure. However, if BT Openreach (as is now) had been spun off and ISPs then competed, you’d have a working model.
link to this extract

San Antonio city employee with email address linked to Ashley Madison committed suicide » San Antonio Current

Albert Salazar:

Reports surfaced yesterday of three City of San Antonio employee email accounts that were exposed in this week’s Ashley Madison account leak. One of those email accounts belongs to an employee who committed suicide on Thursday. 

It’s unclear at this time if the Ashley Madison hack had anything to do with the employee’s death, the San Antonio Express-News reports.

Two @sanantonio.gov accounts exposed this week belonged to a detective and captain with the San Antonio Police Department. The third belonged to a former city employee. None have been publicly identified, and the City did not confirm whether the employees were informed that their email addresses were leaked in the hack.

(I linked to this report because it’s more clearly written.) There were 99,170 accounts located to San Antonio, which has a population of about 1.4m. Perhaps there are lots of unhappy marriages there; and perhaps unhappy people. The link between the hack and the death isn’t definite. But both the hacker(s) and Ashley Madison might be wondering who’s liable if there is a link.
link to this extract

Spotify’s chief executive apologises after user backlash over new privacy policy » The Guardian

Alex Hern and Jennifer Rankin:

The chief executive of music service Spotify has apologised to users after anger over sweeping changes to its privacy policy that give the company much greater access to personal data on users’ phones.

As well as collecting personal information, such as email addresses and birthdays, Spotify will be able to sift though users’ contacts, collect their photos and in some cases, even check their location and determine how quickly they are moving. Depending on the device being used, Spotify said it may be able to collect sensor data, such as “data about the speed of your movements, such as whether you are running, walking, or in transit”.

Some information would also be shared with advertisers, although Spotify did not spell out exactly what data it would pass on.

“Hey, Apple has a big rival service coming out which might challenge us. They’re really hot on privacy. How can we really screw this up?” In addition, the exchange between Daniel Ek of Spotify and Markus Persson (ex-Minecraft) is epic in its directness.

Short version: Spotify completely screwed up its messaging and is likely to pay a price.
link to this extract

Google Groups and the Right to be forgotten | Removing Usenet search results » Agent Privateur

An anonymous European:

European citizens, have, since May 2014, had “the right to be forgotten.” This means that they can request that Google remove search results from searches for their name or a name by which they are known, if the results are “inadequate, irrelevant, or no longer relevant for the purposes for which they were processed.” In this blog post, I will explain why Google is handling the delinking requests they receive in an irresponsible manner, arguably leading to censorship of pages that shouldn’t be removed as well as a lack of proper treatment and rights for those who do have a valid claim…

The postings Google agreed to delink contain controversial, personally revealing and embarrassing things I posted in the mid-90s in Usenet newsgroups. I was still formally a child at the time. And I had no idea that it would be shoved in everyone’s face everywhere 20 years later. People hardly knew what a search engine would be capable of in the future. I had been to an Internet Trade Fair in California around that time, and was introduced by Altavista to a new concept: a “web spider” that could crawl the web and index information. The idea was, in fact, new to most of the people at that trade fair. Yes, really, it was.

Now read on (though the next case isn’t, as far as I know, the same.)
link to this extract

Google ordered to remove links to stories about Google removing links to stories » Ars Technica UK

Glyn Moody:

The UK’s Information Commissioner’s Office (ICO) has ordered Google to remove links from its search results that point to news stories reporting on earlier removals of links from its search results. The nine further results that must be removed point to Web pages with details about the links relating to a criminal offence that were removed by Google following a request from the individual concerned. The Web pages involved in the latest ICO order repeated details of the original criminal offence, which were then included in the results displayed when searching for the complainant’s name on Google.

Understandably, Google is not very happy about this escalation of the EU’s so-called “right to be forgotten”—strictly speaking, a right to have certain kinds of information removed from search engine results. According to the ICO press release on the new order, Google has refused to remove the later links from its search results: “It argued these links were to articles that concerned one of its decisions to delist a search result and that the articles were an essential part of a recent news story relating to a matter of significant public importance.”

People are throwing around the words “censorship” about this, happily ignoring the fact that the information is still there on the web – and also that 95% of people who ask for information to be delinked are just trying to protect personal information, as above.
link to this extract

iSight camera replacement program for iPhone 6 Plus » Apple Support

Apple has determined that, in a small percentage of iPhone 6 Plus devices, the iSight camera has a component that may fail causing your photos to look blurry. The affected units fall into a limited serial number range and were sold primarily between September 2014 and January 2015.

If your iPhone 6 Plus is producing blurry photos and falls into the eligible serial number range, Apple will replace your device’s iSight camera, free of charge.

The iSight camera is located on the back of your iPhone 6 Plus.

Odd, since the iSight cameras used to be the ones that looked at you, not away from you. The page has a serial number checker.

Given the date range, that would be about, what, many millions of potentially affected lenses? So why has it taken so long to surface? Perhaps it really is a small percentage. Note how Apple hasn’t given any of the serial ranges, which it has for other product problems.
link to this extract

All-in-one PC demand from China Internet cafes rising » Digitimes

Monica Chen and Joseph Tsai:

Despite the PC market’s weak performance, all-in-one (AIO) PCs have become popular in China’s Internet cafe market after the China government relaxed the restrictions on Internet cafes.

Now regular cafes, restaurants and karaoke houses are all eligible to apply for Internet cafe permits, and orders have started to surge for all-in-one PCs that are thin and light in form factors.

China’s all-in-one PC market is able to achieve shipments of about 13-14 million a year with Lenovo, Apple and Hewlett-Packard (HP) together contributing 70% of the volume, while Dell, Acer, Micro-Star International (MSI), Asustek Computer and others have also been aggressively trying to expand their presence in the market.

In the past, China’s Internet cafes used to procure their PCs via PC DIY channels, but they have now turned to all-in-one PCs that take up less space.

Bad for motherboard makers, good for PC makers.
link to this extract

Botched Google Stagefright fix won’t be resolved until September » The Register

John Leyden:

Google released a six-pack update to resolve the Stagefright vulnerability last week, but it quickly emerged that one of the components was incomplete, so that even patched devices were still at risk.

These shortcomings have put back the whole security remediation process by weeks.

Tod Beardsley, security engineering manager at Rapid7 – the firm behind the Metasploit pen-testing tool – commented: “The problem Google is facing is not so much shipping security vulnerabilities in popular software products: everyone ships bugs, it happens. The real problem we’re seeing today is a breakdown in the Android patch pipeline.”

There was a patch pipeline?
link to this extract

SSL malvertising campaign continues » Malwarebytes Unpacked

Jerome Segura:

The actors behind the recent Yahoo! malvertising attack are still very much active and able to infect people who browse popular websites.

We have been tracking this campaign and noticed that is has recently moved to a new ad network used by many top publishers.

drudgereport.com 61.8M visits per month
wunderground.com 49.9M visits per month
findagrave.com 6M visits per month
webmaila.juno.com 3.6M visits per month
my.netzero.net 3.2M visits per month
sltrib.com 1.8M visits per month

OK, so this really is a reason to use an adblocker: this stuff is nasty, and hitting millions of people. This isn’t like a rogue app on an app store; it’s as if a basic app on a phone were rogue.

I’m presently testing Crystal, a content blocker for Safari on iOS by Dean Murphy. Some sites really look a lot different. (Via IvanIvanovich.)
link to this extract

Japan’s Sharp to exit Americas TV market after deep first quarter loss » Reuters

The company, which sought a bank-led bailout in May, said it would sell its TV manufacturing plant in Mexico and license its Aquos brand in the Americas to China’s Hisense, effectively withdrawing from the region’s TV market.

“Sharp has not been able to fully adapt to the intensifying market competition, which led to significantly lower profits compared to the initial projections for the previous fiscal year, and has been suffering from poor earnings performance,” Sharp said in a statement explaining the TV deal.

Osaka-based Sharp, which gains much of its revenue from liquid crystal displays and TV sets, has focused on high-end screens to protect profit margins and avoid directly competing with cheaper Chinese and South Korean rivals.

But it has struggled to innovate sufficiently to keep commanding significant premiums. In addition to Chinese competitors, it has also faced strong competition from Japan Display Inc in smartphone screens.

Second-quarter operating loss of 28.8bn ($233m), yet thinks it’s going to generate 80bn yen ($644m) of operating profit for the year. Not so sure about that.
link to this extract

Start up: Wi-Fi Sense explained, another giant Android vulnerability, the US’s sleepiest cities, and more

Posted on by
Reply


What happens when you create a way for any programmer to analyse peoples’ DNA? (Hint: not good things.) Photo by micahb37 on Flickr.

A selection of 11 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Wi-Fi Sense in Windows 10: Yes, it shares your passkeys; no, you shouldn’t be scared » Ars Technica

Sebastian Anthony:

For a start, when a Wi-Fi passkey is shared with your PC via Wi-Fi Sense, you never actually see the password: it comes down from a Microsoft server in encrypted form, and is decrypted behind the scenes. There might be a way to see the decrypted passkeys if you go hunting through the registry, or something along those lines, but it’s certainly not something that most people are likely to do.

Perhaps more importantly, though, just how sacred is your Wi-Fi password anyway? Corporate networks notwithstanding (and you shouldn’t share those networks with Wi-Fi Sense anyway), most people give out their Wi-Fi keys freely. You could even argue that Wi-Fi Sense is more secure: if I ask Adam for his Wi-Fi password, I am free to give it away to anyone. If I receive the password via Wi-Fi Sense, I can still connect to Adam’s network, but I can’t tell anyone else the password.

And it only goes to immediate-circle friends, not friends of friends of.. So probably not such a big thing to worry about.
link to this extract

Why Grooveshark failed » The Verge

Stephen Witt:

The Grooveshark streaming application launched in April of 2008 — several months ahead of Spotify. The service proved explosively popular from the outset. Users, especially younger users, loved on-demand music delivery, and Greenberg left school to focus on Grooveshark full time. But there was a problem: Grooveshark still relied on peer-to-peer infrastructure similar to Napster, Kazaa, and bitTorrent. In other words, although it functioned as a streaming service, it still sourced the music from its users’ file libraries. And to the record companies, that looked like copyright infringement.

Without approval from the labels, Grooveshark struggled to attract venture capital. In its first five years of existence, the company raised just under a million dollars. In the same time, Spotify, with equity buy-in from the music majors, raised a hundred times as much.

It didn’t “look like” copyright infringement; it clearly was infringement, in just the same way that the original Napster was. That’s why it was sued into the ground. Grooveshark never played by the rules (artists demanded their music be removed; Grooveshark staff re-uploaded it, or ignored new uploads). They failed because they could never stay inside the rules.
link to this extract

Drones and spyware: the bizarre tale of a brutal kidnapping » WIRED

Kevin Poulsen with a wonderful tale of how truth is stranger than fiction:

efforts to trace the new emails were in vain. The author boasted that he was using Tor as well as other anonymizing precautions that would withstand even an “Egotistical Giraffe exploit,” a reference to an NSA de-anonymizing technique that surfaced in the Edward Snowden leaks. He sent the messages through the Singapore-based anonymous remailer anonymousemail.com, and shared the photos—stripped of metadata—through the anonymous image sharing site Anony.ws.

Evidently unconvinced, the Vallejo police still insisted the crime was a put-on, but the FBI was also on the case. And, it turned out, despite his sophistication, the kidnapper had left a digital trail.

The kidnapper had slipped by using a disposable Tracfone to call Quinn after the abduction. The FBI reached out to Tracfone, which was able to tell the agents that the phone was purchased from a Target store in Pleasant Hill on March 2 at 5:39 pm. Target provided the bureau with a surveillance-cam photo of the buyer: a white male with dark hair and medium build. AT&T turned over records showing the phone had been used within 650 feet of a cell site in South Lake Tahoe.

But the real break in the case came when the kidnapper evidently struck again.

link to this extract

Trend Micro discovers vulnerability that renders Android devices silent » Trend Micro

Wish Wu (Mobile Threat Response Engineer):

We have discovered a vulnerability in Android that can render a phone apparently dead – silent, unable to make calls, with a lifeless screen. This vulnerability is present from Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop). Combined, these versions account for more than half of Android devices in use today. No patch has been issued in the Android Open Source Project (AOSP) code by the Android Engineering Team to fix this vulnerability since we reported it in late May.

This vulnerability can be exploited in two ways: either via a malicious app installed on the device, or through a specially-crafted web site. The first technique can cause long-term effects to the device: an app with an embedded MKV file that registers itself to auto-start whenever the device boots would case the OS to crash every time it is turned on.

In some ways, this vulnerability is similar to the recently discovered Stagefright vulnerability. Both vulnerabilities are triggered when Android handles media files, although the way these files reach the user differs.

Seems like the media file handling is where everyone is focussing for Android weaknesses just now.
link to this extract

September 2014: iPhone 6 and Android value » Benedict Evans

From September 2014:

with the iPhone 6 and iOS8, Apple has done its best to close off all the reasons to buy high-end Android beyond simple personal preference. You can get a bigger screen, you can change the keyboard, you can put widgets on the notification panel (if you insist) and so on. Pretty much all the external reasons to choose Android are addressed – what remains is personal taste.

Amongst other things, this is a major cull of Steve Jobs’ sacred cows – lots of these are decisions he was deeply involved in. No-one was quicker than Steve Jobs himself to change his mind, but it’s refreshing to see so many outdated assumptions being thrown out. 

Meanwhile, with the iPhone 6 Plus (a very Microsofty name, it must be said) Apple is also tackling the phablet market head on. The available data suggests this is mostly important in East Asia but not actually dominant even there – perhaps 10-20% of units except in South Korea, where it is much larger.  Samsung has tried hard to make the pen (or rather stylus) a key selling point for these devices, but without widespread developer support (there is nothing as magical as Paper for the Note) it is not clear that these devices have actually sold on anything beyond screen size and inverse price sensitivity (that is, people buy it because it’s the ‘best’ and most expensive one). That in turn means the 6 Plus could be a straight substitute. 

Now we have Samsung’s results (out by the time you read this) and LG’s results, where the latter specifically says that sales were lower in South Korea than expected. Evans seems to have been borne out: the only differentiator between premium Android and iPhones was screen size.
link to this extract

Busy-ness data on Google search results » Google

Do you ever find yourself trying to avoid long lines or wondering when is the best time to go grocery shopping, pick up coffee or hit the gym (hint: avoid Monday after work)? You’re in luck!

Now, you can avoid the wait and see the busiest times of the week at millions of places and businesses around the world directly from Google Search. For example, just search for “Blue Bottle Williamsburg”, tap on the title and see how busy it gets throughout the day. Enjoy your extra time!

busy-ness data from Google

That’s very clever. (Location data from Android phones, one guesses.)
link to this extract

Android security, bugs and exploits » Google+

Adrian Ludwig is head of security for Android:

There’s common, mistaken assumption that any software bug can be turned into a security exploit.  In fact, most bugs aren’t exploitable and there are many things Android has done to improve those odds. We’ve spent the last 4 years investing heavily in technologies focused on one type of bug – memory corruption bugs – and trying to make those bugs more difficult to exploit. 

A list of some of those technologies that have been introduced since since Ice Cream Sandwich (Android 4.0) are listed here. The most well known of these is called Address Space Layout Randomization (‘ASLR’), which was fully completed in Android 4.1 with support for PIE (Position Independent Executables) and is now on over 85% of Android devices. This technology makes it more difficult for an attacker to guess the location of code, which is required for them to build a successful exploit.

What Ludwig doesn’t mention: the Stagefright bug. Is it right to say it could be used to take over a phone via MMS? Or would ASLR defeat that? You’d hope the head of security for Android would tackle this in a public blogpost talking about security. But he doesn’t. Which tends to make one think the worst.
link to this extract

Which cities get the most sleep? » The Jawbone Blog

Tyler Nolan:

One of the major findings in our study of city sleep was that people living in cities just don’t get enough. No major city in the United States averages above the NIH-recommended seven hours of sleep per night. But it’s only part of the picture. The vast majority of the suburban and rural counties have much healthier sleep numbers.

Geography has a profound effect on the routines we follow and the habits we form. Our sleep cycles adapt to the pace and lifestyle of the world we live in and the world by which we are surrounded. We look forward to further investigating the effects of geography and how it influences UP wearers in all parts of the world.

Technical Notes: This study was based on over one million UP wearers who track their sleep using UP by Jawbone. Less populous counties were blended with neighboring counties to generate significant results. This technique revealed patterns at finer granularity than the state level, such as time zone boundaries. All data is anonymized and presented in aggregate.

One still gets that little tingle of concern that your sleep data could be tracked directly back to you by someone malicious or stalker-y at Jawbone. (The visualisations are lovely, though.)
link to this extract

Brinks’ super-secure smart safes: not so secure » WIRED

Kim Zetter:

Vulnerabilities found in CompuSafe Galileo safes, smart safes made by the ever-reliable Brinks company that are used by retailers, restaurants, and convenience stores, would allow a rogue employee or anyone else with physical access to them to command their doors to open and relinquish their cash, according to Daniel Petro and Oscar Salazar, researchers with the security firm Bishop Fox, who plan to demonstrate their findings next week at the Def Con hacker conference in Las Vegas.

The hack has the makings of the perfect crime, because a thief could also erase any evidence that the theft occurred simply by altering data in a back-end database where the smartsafe logs how much money is inside and who accessed it. If done well, the only telltale sign of an attack would be left on security cameras—if anyone bothered to look.

They’re “smart” because they can tally how much money is put into them. Dumb because they run Windows XP Embedded. And there’s an external USB port for “troubleshooting”.
link to this extract

Retailer Acceptance » Contactless Life

Duncan Stevenson has compiled a gigantic table of which companies accept contactless and Apple Pay payments (and to what amount).

In theory Apple Pay should be accepted at all retailers that accept contactless, and this seems to be the case for Mastercard and Visa cards, however American Express cards are currently experiencing issues with Apple Pay in certain retailers (hence the existence of the “Amex Apple Pay” column).  I have a blog post coming soon covering the issues with American Express Apple Pay in the UK.

(It’s a real HTML table too.)
link to this extract

Your 23andMe DNA can be used in racist, discriminatory ways » BuzzFeed News

This week, an anonymous programmer posted on GitHub an early-stage program called Genetic Access Control. It basically worked as a log-in mechanism. The third-party program was designed to hook up to the company’s API and mine the 23andMe accounts of users who agreed to share their information, as they would agree to let apps connect to their Facebook or Twitter profiles. Websites using Genetic Access Control could scan that data for information about “sex, ancestry, disease susceptibility, and arbitrary characteristics” — and then restrict users’ access to the site based on this information.

For example, people with only the “right” amount of European ancestry would be allowed to access a website that used Genetic Access Control:

Ways to use 23andMe API

But 23andMe shut down the developer’s access to its API on Wednesday, two days after the code was published. 23andMe spokesperson Catherine Afarian told BuzzFeed News the program violated a policy that forbids use of the API for, among other things, “hate materials or materials urging acts of terrorism or violence.”

I think a programmer who actually wanted to cause trouble (as opposed to one, as here, just showing 23andMe how blithely trusting it is) could reasonably point out that they’re not creating hate materials or anything to do with terrorism or violence.

And – whoever they were – succeeded with a beautiful example of why you don’t really want to have open public access to a DNA database. As well as why 23andMe are twits for ever having thought so.
link to this extract