Start up: the $200k iPhone hack, sleep robot axed, the criminal who wrote Truecrypt, If This Then No, and more

Dropcam’s founder gives you fresh insight into what happened at Nest. It’s not pretty. Photo by Ravi Shah on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 13 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

The Dropcam Team » Medium

Former Dropcam CEO Greg Duffy proves that revenge is a dish that you can savour at any temperature, as he hits back as Tony Fadell’s claims that the Dropcam team (acquired by Google, folded into Nest) “weren’t up to much”:

»I can’t publish Dropcam’s revenue, but if you knew what percentage of all of Alphabet’s “other bets” revenue was brought in by the relatively tiny 100-person Dropcam team that Fadell derides, Nest itself would not look good in comparison. So, if Fadell wants to stick by his statement, I challenge him to release full financials (easy prediction: he won’t).

The ~50 Dropcam employees who resigned did so because they felt their ability to build great products being totally crushed. All of us have worked at big companies before, where it is harder to move fast. But this is something different, as evidenced by the continued lack of output from the currently 1200-person team and its virtually unlimited budget. According to LinkedIn, total attrition to date at Nest amounts to nearly 500 people, which suggests that we were not alone in our frustrations.


On Medium, this is covered in highlights by people who went “ooh! This bit! Ooh! This bit too!” It’s an amazing takedown of Fadell.
link to this extract


Google is completely redesigning AdWords: Offers first peek » Search Engine Land

Ginny Marvin:

»“The reason we’re rebuilding AdWords is because the world has changed so much in the past two years. AdWords is now over 15 years old and launched when Google was just figuring out what search advertising was. We rebuilt it several years ago for a desktop world — smartphones were only [a] year old. Now we are in probably the biggest shift since AdWords was introduced (and I’d argue perhaps ever) with mobile,” said [AdWords product management director Paul] Feng, “And there is now increased demand on marketers and on AdWords as a platform — advertisers are running ads in search, display, shopping, mobile, video. Ultimately, that’s why we’re re-imagining AdWords.”

Feng said the redesign has been informed largely by talking to advertisers across the spectrum. Three common themes emerged. First, advertisers said it felt like AdWords has been built around products and features, rather than marketers’ needs and objectives. “How the navigation is laid out can be un-intuitive and comes with a high learning curve,” said Feng.  Second, the platform has grown complex, with hundreds of features launching every year that stack up on each other. And third, the basic design looks and feels kind of dated. “The goal is to create a flexible platform for the future,” added Feng.


Amazing that it was last redesigned in 2008, which is basically pre-mobile. Quite a challenge to get that legacy code to look and work right.
link to this extract


Top talent leaves Google startup Verily under divisive CEO » STAT

Charles Piller:

»Google’s brash attempt to revolutionize medicine as it did the Internet is facing turbulence, and many leaders who launched its life sciences startup have quit, STAT has found.

Former employees pointed to one overriding reason for the exodus from Verily Life Sciences: the challenge of working with CEO Andrew Conrad.

Verily, one of Google’s “moonshots,” pursues ambitious, even radical, ideas that could take years to pay off. The emerging Silicon Valley juggernaut has attracted elite scientists, engineers, and data crunchers, and inspired buzz about its futuristic projects — as well as envy among competitors nervously eyeing this upstart with a seemingly unlimited bankroll.

The three-year-old venture has operated largely out of public view and carefully manages its image; employees said talking to a reporter without permission is a firing offense.

But people who know Conrad or have worked with him said in interviews that Google has entrusted its life sciences initiative to a divisive and impulsive leader whose practices are driving off top talent and leaving openings for competitors. They said many employees in key jobs were dispirited, and described a lack of focus and clear priorities that is unusual even in the chaotic culture of startups.


Trying to sell Boston Dynamics, got a fire in Nest, and now this. Alphabet is finding that being the second GE requires a second Jack Welch. Great reporting by Piller.
link to this extract


It’s game over for the robot intended to replace anesthesiologists » The Washington Post

Todd Frankel:

»the Sedasys machine was being used in just four hospitals, including the one we visited in Toledo. We watched as the Sedasys device provided basic anesthesiology services to a series of patients undergoing routine endoscopies and colonoscopies.

No longer did you need a trained anesthesiologist. And sedation with the Sedasys machine cost $150 to $200 for each procedure, compared to $2,000 for an anesthesiologist, one of healthcare’s best-paid specialties.  The machine was seen as the leading lip of an automation wave transforming hospitals.

But Johnson & Johnson recently announced it was pulling the plug on Sedasys because of poor sales.


Why? Humans campaigned against it.
link to this extract


He always had a dark side » The Atavist

Evan Ratcliff:

»Before encryption was a mainstream idea, before Apple defied a U.S. government request to provide a method to unlock our phones, this Le Roux had written the underlying code of a program that, a decade and a half later, the National Security Agency still could not break.

The question was: Could the Le Roux who politely answered jargon-laden posts about encryption software be the same one who ordered the murder of a real estate agent over a bad deal on a beach house? At first I thought I would never know. The former Paul Le Roux seemed to have disappeared from the Internet in 2004. Encryption experts I contacted had no idea what had become of that Le Roux, and there was no evidence linking him to the man known for drugs and gun running.

One night in October, I had been at the computer for hours when I finally found the missing link. It was a website once registered to the encryption Le Roux, in the early 2000s, and later transferred to a Philippine company controlled by the crime-boss Le Roux. My immediate reaction upon discovering this connection was a sudden and irrational fear…


You can already see why. Le Roux seems to have written TrueCrypt, which has near-mythic status in encryption circles.
link to this extract


Met police chief blaming the victims » Light Blue Touchpaper

Ross Anderson, professor of security engineering at the University of Cambridge, wrote a letter to The Times:

»[Met Police commissioner] Sir Bernard Hogan-Howe argues that banks should not refund online fraud victims as this would make people careless with their passwords and anti-virus software (p1, March 24, and letters Mar 25 & 26). This is called secondary victimisation. Thirty years ago, a chief constable might have said that rape victims had themselves to blame for wearing nice clothes; if he were to say that nowadays, he’d be sacked. Hogan-Howe’s view of bank fraud is just as uninformed, and just as offensive to victims.

About 5 percent of computers running Windows are infected with malware, and common bank fraud malware such as Zeus lets the fraudster redirect transactions. You think you’re paying £150 to your electricity bill, while the malware is actually sending £9000 to Russia. The average person is helpless against this; everything seems normal, and antivirus products usually only detect it afterwards.

Much of the blame lies with the banks, who let the users of potentially infected computers make large payments instantly, rather than after a day or two, as used to be the case. They take this risk because regulators let them dump much of the cost of the resulting fraud on customers.


Hogan-Howell really put his foot in it, but it’s the inertia that he represents – and the attempt to shift the blame – which is the most insidious.
link to this extract


Who unlocked the San Bernardino iPhone? » Perizie Informatiche Forensi

Paolo Dal Checco:

»Yesterday, Monday, March 28th, FBI purchased from Cellebrite $218.000 of “INFORMATION TECHNOLOGY SUPPLIES”  [WBM].

It might be a simple coincidence, but if we issue the query  «CONTRACTING_AGENCY_NAME:”FEDERAL BUREAU OF INVESTIGATION” VENDOR_FULL_NAME:”CELLEBRITE USA CORP“» on the FPDS search engine, in the EZ Search section, we can see and download the full history of purchase orders issued by “FEDERAL BUREAU OF INVESTIGATION” to “CELLEBRITE USA CORP”. We can observe that since September 2009 Cellebrite was given 187 purchase orders, but the purchase order issued yesterday, with ID “DJF161200G0004569”, is rather unique in that:

• it’s the only one with an action obligation of more than $ 200.000 issued with “CELLEBRITE USA CORP” (the average for purchase orders is about  $11.000);
•it’s the only one with the “INFORMATION TECHNOLOGY SUPPLIES” description and PSC type “7045”;
• it was issued yesterday, when the US Government published a note informing that the San Bernardino iPhone was successfully unlocked and data was successfully accessed, presumably by an “outside party” as they said in the previous note.

In conclusion, we don’t know if Cellebrite was involved in San Bernardino iPhone PIN unlocking, we know that Cellebrite is able to unlock iPhons up to iOS 7 and iOS8 with 32bit processors and on iPhone 4s/5/5c, iPad 2/3/4, iPad Mini 1 and… the coincidence of yesterday’s purchase order is rather weird.


So that’s wrapped up: Cellebrite is licensing the unlock technique to the FBI. (Jonathan Zdziarski reckons the $200,000 price is too low to be a complete sale, but high enough to suggest it works against lots of models.)
link to this extract


Apple acknowledges iOS 9 crashing bugs when tapping links, fix coming ‘soon’ with a software update » 9to5Mac

Benjamin Mayo:

»Since posting our original story, we have heard from a lot of readers that are affected by iOS 9 crashes or app hangs when tapping links, spanning multiple iOS versions (not just 9.3) and devices. In a statement, Apple has now confirmed that they are working on a fix for the problem, coming in a software update (presumably iOS 9.3.1).


“We are aware of this issue, and we will release a fix in a software update soon.”


A temporary workaround is still unknown, although community investigations have revealed why the bug has arisen. It is based on what apps the user has installed and how those apps handle universal links.

Previously, we pinpointed as a cause of the bug, although noting it affects other apps as well. On Twitter, it was found that their website association file, used by the system for the universal links feature introduced with iOS 9, was many megabytes, grossly oversized. This would essentially overload the daemon that had to parse these files, causing the crashing.


Linked yesterday. There is a workaround, involving toggling Airplane mode, deleting the offending app, restarting and so on. Not much fun.
link to this extract


David Cameron drops bombshell privatisation announcement then catches a plane to Lanzarote » The Canary

Kerry-Anne Mendoza:

»The government is selling off the Land Registry to private, profit making interests.

The government has also ordered local authorities to transfer up to 90% of brown field sites (previously developed sites that have become vacant, contaminated but could be reused) into the hands of the Homes and Communities Agency (the latest quango) where Eric Pickles (and his successors) and just two inspectors will control the planning decisions.

The Infrastructure Bill contains a clause which will allow ALL public land to be privatised. There’s no need to reference the Forestry Act 1967, the Countryside Rights of Way Act or any other protective law, because Schedule 3 of the Bill states that “the property, rights and liabilities that may be transferred by a scheme include… property, rights and liabilities that would not otherwise be capable of being transferred or assigned.”

In plain English, this means all preceding regulations, legislation and other protections for this site are null and void – fill your boots.


First the Land Registry, now this. It would be great if there were an effective political opposition in the UK.
link to this extract


Presentation: Mobile ate the world » Benedict Evans

»Updated for spring 2016, this is a snapshot of why mobile matters, where it is and where it’s going. I’ve written quite a lot of blog posts discussing these issues, which I collated in this [other] post.


76-slide presentation, with lots of subtle points in it to absorb; I think that AI will play a more important role than is immediately obvious, because it can be subsumed into the device. That, though, isn’t what the platform opportunity is about.
link to this extract


My heroic and lazy stand against IFTTT » Pinboard Blog

Maciej Ceglowski:

»A service like IFTTT [If This Then That] writes “shim code” that makes it possible to connect online services together like Lego. Everything slots into everything else. This is thankless, detailed work (like developing TurboTax or Dropbox) that when done right, creates a lot of value.

IFTTT has already written all this shim code. They did it when they were small and had no money, so it’s difficult to believe they have to throw it away now that they have lots of staff and $30m.

Instead, sites that want to work with IFTTT will have to implement a private API that can change without warning.

This is a perfectly reasonable business decision. It is always smart to make other people do all the work.

However, cutting out sites that you have supported for years because they refuse to work for free is not very friendly to your oldest and most loyal users. And claiming that it’s the other party’s fault that you’re discontinuing service is a bit of a dick move.

I am all for glue services, big and small. But it’s better for the web that they connect to stable, documented, public APIs, rather than custom private ones.

And if you do want me to write a custom API for you, pay me lots of money.


Ceglowski’s laconic humour is also razor-sharp; his tweets (on @pinboard) are worth a read, such as one from August 2014 after IFTTT got some venture funding: “Right now the IFTTT business model is to charge one user $30M, rather than lots of users $2. The challenge will be with recurring payments.” Ceglowski yesterday quoted his own tweet, and added “That man was a prophet.” (I use Pinboard to generate Start Up.)
link to this extract


The new iPhone may have a China problem » CNBC

Eunice Yoon:

»Apple’s new iPhone SE launches on Thursday and preliminary numbers at Chinese retailers suggest decent demand — but the black market tells a more mixed story.

The US tech giant started taking pre-orders for the smartphone on March 24 and has not released official figures. However, as of Monday in Beijing, total pre-orders on three retailing sites exceeded 3.4 million.

Despite the brisk pre-orders, though, Chinese vendors and scalpers are uncertain if the iPhone SE will be a sure bet like previous models.

“The new iPhone SE has no revolutionary update,” one distributor in Henan Province told CNBC. “I don’t think the demand will be as strong as the iPhone 6 and 6S.” He is offering the iPhone SE at a $20 discount to the official price in China.

In the past, scalpers have been able to charge a premium of roughly $300 over the official price for a newly released iPhone, but one Hong Kong smuggler who refused to be named said he expected to charge just $30 above the listed price for the iPhone SE.


First time I’ve heard 3.4m pre-orders described as a problem. (Any Android OEM’s CEO would gnaw off her/his arm to get that many pre-orders for a 4in phone.) And the black market angle has become less and less relevant in China over time, now that all the main networks and lots of retailers, sell iPhones.
link to this extract


The Next 40 » Asymco

Apple has hit 40 years old; Horace Dediu reflects on what successful (as in, long-lived) companies are, or do:

»we must search for other names to call a company that delivers an enabler that may lead to progress. Crude categorization like the reporting of finances leads to self-deception and a loss of opportunity to understand. Firms are often victims of this self-deception because they start believing that customers buy the things they sell. They start to believe that what is on their financial reports is a reflection of the value they create. It’s a simple mistake to make, but a mistake which leads to catastrophe. If its data is mis-categorized, by chasing numbers the company runs away from opportunity, leaving it to competitors otherwise unencumbered with knowledge of numbers.

Assuming Apple avoids mis-categorizing what it does, will it be a “solutions” or “services” or “brand” company? Is it, as I used to say, a “blockbuster manufacturing line”?

Yes, and still that’s not all it could be. Nor is it enough to understand what will come.

My simple proposal is to think of Apple (and actually any company) as a customer creator. It creates and maintains customers. The more it creates, the more it prospers. The more customers it preserves the more it’s likely to persevere. This measure of performance for a company is not easy to obtain. It’s not a line item in any financial report.


The point that companies believe customers buy the things they sell is a mistake you see again and again.
link to this extract


Errata, corrigenda and ai no corrida:

How big (and bad) adblocking could get – and why news sites should sell adblockers

Diffusion of innovations: segmentation

Stages of adoption of innovations. Source: Wikipedia

“I’ve got something to show you,” I told Horace Dediu as we chatted the other day. “I think it’s a logistic curve.”

Dediu’s face lit up. He of course is the one who has predicted smartphone adoption in the US with remarkable accuracy by using the straightforward maths of the “diffusion curve”, or “logistic curve” as it’s also known. That’s one up there at the top in yellow.

The logistic curve can be used to model all sorts of things: disease, populations, growth. It’s the integral of the bell curve (in blue at the top), and so it’s about “normal” populations.

Dediu has built a terrific series of presentations around data he has collated about the adoption of various technologies – refrigerators, cars, PCs, tablets, microwave ovens, smartphones. Pretty much all of them follow a logistic curve. There’s a slow uptake at first as only those in the know find out. Then there’s a sudden takeoff, and a rush that then leads rapidly upwards, until you come to the laggards who are the last to hear, or the least willing to adopt. (Don’t hassle me with your science oven.)

The graphic I wanted to show him? Adoption of adblocking. The picture below, taken from the Wall Street Journal’s writeup of the Pagefair report, shows the classic inflexion point of adoption: the rapid upward sweep that keeps building.

The growth of adblocking to 200m

Pagefair data suggests there were about 200m people blocking ads by mid-2015. Graphic: Wall Street Journal

Question is, how big is it going to get? You can fit the diffusion curve to this data in lots of ways.

The optimistic view takes the sheer number, and gives it a straight-ahead fit.

Adblocking: the optimistic forecast

On this measure, we’re about halfway through the diffusion of this technology.

This looks quite encouraging for those worried about the adpocalypse. The current number of adblock users is 200m, and it looks to be about halfway up the curve, so that’s 400m total once it saturates. OK, not great, but tolerable.

Dediu himself wrote a commentary this week, wondering about what has taken adblocking so long to take off:

What we never know is how quickly diffusion happens. I’ve observed “no-brainer” technologies or ideas lie unadopted for decades, languishing in perpetual indifference and suddenly, with no apparent cause, flip into ubiquity and inevitability at a vicious rate of adoption.

He argues that for takeoff, you need both a “push” and a “pull”. The push has now happened with the availability of adblockers easily installed via the App Store; now he wonders how fast the “pull” from users will be.

(I think, actually, that the key push happened before that, in mid-2013: that’s where that Pagefair curve suddenly moves upward. What happened in mid-2013? The Snowden revelations about tracking by governments. I don’t think the rise of adblocking after that point is a coincidence.)

That graph above might say “well, quite soon we’ll be done, and it’s not going to be that bad.” Ah, but we’re not done. When I showed the WSJ graphic to Dediu, he said “OK, but you have to adjust for internet population.”

While the number of adblocker users has been growing, so has the total internet population. Adblocking as a percentage of total users hasn’t grown quite so fast. Arguably, people in countries such as China and India who are on mobile more than PC have a greater incentive to adblock than people on unmetered desktop systems.

Here’s how that growth chart looks like when you present it as a percentage of the internet population (data sourced from

Adblocking as a percentage of intenet users

Data from Pagefair shows adblocking as a minority sport – so far

And now with the diffusion curve roughly fitted to it:

Adblocking: the less rosy view

If you compare adblocking penetration to the internet population, it looks like it’s got a lot of potential to grow

On this graph, 200m users adblocking is perhaps 10% of those who will eventually use it. So yes, we’re saying that 2bn people could be adblocking eventually. Which would leave us wondering, as Dediu puts it, “how quickly will ads disappear from the internet?” (The current internet population is about 3bn users.)

Put it another way:
the data suggests there are going to be between 400m and 2bn adblocking users within a few years.

OK. How much is that going to lose? Or put it another way, using data we can adduce: how much are visitors to ad-funded websites worth at present?

The value of a reader

Below, I’m going to use data from The Guardian, because it’s easily available (not because I’m a contributing writer). I’d welcome figures from another other news site such as the New York Times or Washington Post.

In March 2014, the Guardian hit 100m browsers for the month. In July 2014 it managed 137m. (“Browsers” aren’t the same as “views”, nor the same as “users”. A single browser could do multiple page views; a single user might use multiple browsers, such as a mobile one and a desktop one at different times of the day. If you’re feeling wonkish, the Audit Bureau of Circulation has more data at appendix 2.1 of its measurement requirements: “This metric measures each browser on a given device; it does not measure a person.”)

There’s a spreadsheet with the past year’s figures for browsers for the main UK national papers.

According to that spreadsheet of ABC-audited browser figures, in the ten months from June 2014 to March 2015, the Guardian’s average monthly browser figure was 111m.

So how does that compare to its digital revenues (which are broken out separately from print)? I’ve chosen the Guardian because its browser stats are available, and there isn’t any confusion caused by a paywall. But there are a couple of confounding elements:
• its “membership” scheme. I’m assuming there’s no significant income from that compared to the number of visitors. This is a gloss; the income from “membership events” is definitely non-zero.
• there’s a Guardian app for iOS and Android, which offers in-app purchases (IAPs) ranging from £3.99 to £11.99, including six- and 12-month subscriptions (£3.99 and £4.99 respectively). We don’t know how many of those have been downloaded, nor what the average payment is. Obviously it’s non-zero, and might materially affect our assumptions.
• the Guardian has “sponsored content”, which again is definitely non-zero in revenue terms – it has signed at least one deal worth a million pounds. This will reduce the contribution from plain advertising.

From the Guardian’s statement for the year to the end of March 2015:

GNM [Guardian News and Media, the publishing arm] total revenue grew by 2.6% to £214,600,000 (2014: £209,000,000) with increases in digital and new product revenue more than offsetting declines in print revenue. GNM divisional digital revenue for the year increased by 20.1% to £82,100,000 (2014: £68,300,000).

If you assume every month was equal, that’s £6.84m per month in digital revenue. If you assume 111m browsers per month on average, that’s 6.16p for each “browser” visit (which isn’t, remind yourself, necessarily a user or page view; a browser might be part of a user, and might do multiple page views. So if you view it on your desktop, and then on your mobile, that’s two “browsers”; the Guardian gets 12.32p from you).

My impression, not knowing much about monetisation, is that the Guardian is monetising its visitors pretty well. Others who know the ad business better can update me.

Spread across a year, that’s 73.95p per browser. In other words, £0.74, or $1.14 per browser per year.

Note that there’s going to be gigantic variation in the actual value to the Guardian of those “browsers”. If it’s the same 111m browsers visiting each month then that might be as few as 55 million people (“few”, huh) around the world, or even fewer if they’re showing up as more than two browsers – perhaps they view the site from a work PC, then their mobile on the train, and then their tablet and their home PC at the end of the day.

Or it might be 111m different browsers, each run by a different person, each month – so 1.330 billion people. As that latter figure is pretty much half the internet population, we can say with certainty it’s not true.

Given that £0.74 per year average figure, it’s pretty clear that anyone who subscribes to the Guardian app is way more valuable than the average. Anyone who accesses by more than one method (mobile plus desktop) is more valuable than the average.

But the average is really pretty low in sheer monetary terms, and that’s with the best that the advertising business has to throw at people – and that’s before we subtract the income from the app, the membership scheme, and the sponsored content, which probably come to a few millions.

All in all, you’d have to say that the per-browser value of you, as an individual who doesn’t have the app, isn’t a member and isn’t reading sponsored content (actually you don’t care about the latter – the Guardian gets paid for it anyhow), is probably pretty low; maybe in the 5p per browser range, or 60p per year.

Take that spread

Spread that figure across the 400m people in our optimistic take on adblocking, and you have £240m taken out of the online advertising business. That’s doesn’t sound very much – except each of those people is abstracting their per-site payment at every site. So you have to multiply that impact across every site that those 400m people go to. How many ad-supported sites is that? Well, 400m is about 12.5% of the internet population. Basically, slice 12.5% off the ad income. For some, that might make the difference between positive and negative.

It’s trickier if you take the pessimistic outlook and assume 2bn people take up adblocking, because that’s two-thirds of the current internet population. It would have become such a mainstream pursuit that the online ad business would have been destroyed.

For a news site getting 60p per year on average from users, but seeing that inevitably being eroded by adblocking, the obvious path is – since you can’t beat ’em – to join them from the front by making an adblocker and selling it. Disrupt yourself before others do. A one-off price of £1.29, say, would yield 90p after Apple’s 30% cut; that’s 18 months of your “lost” ad-supplied visitor paid for. (Yeah, yeah, you have to support the app too. Perhaps IAPs? Easily switchable settings to allow the ads on your site? Ways for people to vote on ads they do and don’t like which gets fed back to you, the publisher, rather than invisibly back to the ad networks which will ignore it?)

In that 18 months, you might be able to figure out a better business model, because there’s no reason this should get smaller. iOS is a key platform, and adblocking apps are already taking the food out of news sites’ mouths – to the tune of probably a million pounds in less than a week.

Again, that might not sound like much; but every single time those users visit those sites in future, they’ll not be making themselves available for monetisation. An adblocker is a one-off purchase, but its effects are repetitive.

Who’s to blame? Make no mistake: using an adblocker is a natural reaction to the intrusive, annoying, and even dangerous ad-tech industry. Concerns about tracking have amplified it, and created a perfect storm. It’s the ad industry’s own fault.

Sure, you can argue that people shouldn’t use adblockers on your site if they love you. But lots of people might love your site, but consider the ads an unacceptable intrusion, because you didn’t choose them. They just got inserted, often by a real-time bidding process choosing from inventory matched against the tracking profile of you (which could have your age, gender and interests completely wrong).

So the diffusion has begun. Quite where it ends, we don’t know. I do know though that I’m very much looking forward to Pagefair’s next report on the size of the adblocking market.

Start up: the Foodpanda takeaway scam, watch iOS 9 grow!, 2 billion lines of Google, and more

“Hi! You look like you want an (artificially) intelligent conversation!” Photo by RomitaGirl67 on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. May cause. I’m charlesarthur on Twitter. Observations and links welcome.

Mixpanel Trends » Mixpanel Mobile Analytics

The link is to the iOS 9 adoption curve from Mixpanel; it’s live, so when you click through it’ll be the latest figures. At the time of writing, three hours after iOS 9 went live, its adoption was at 3.2%, against 7.2% for “older than iOS 8” and 89.6% for iOS 8. (Apple’s own stats on September 14 were 87% iOS 8, 11% iOS 7, 2% earlier.)
link to this extract

The trouble with Foodpanda » Livemint

Ashish Mishra with a terrific tale of a much-funded startup which didn’t quite figure out that not everyone is honest:

Let’s say you are a restaurant. Now, place 10 orders using 10 names or even the same name, each for Rs.300. Every order is a takeaway. Pay online using the BOGO voucher, a campaign (Buy One Get One) run by Foodpanda. So for Rs.300, get Rs.300 free. So for a Rs.600 order, you paid only Rs.300. How much does Foodpanda have to return to you, the restaurant? Rs.600. After deducting 12% as its cut, Rs.528. How much did you make in the process? Rs.228 . Did you have to deliver that order? Nope. So, a straight profit of Rs.228.

Now, let’s say you processed 100 such orders a day. For a month. Total investment: Rs.9 lakh. Reimbursed by Foodpanda: Rs.15.84 lakh. Your total gain, by just processing fake orders: Rs.6.84 lakh.

Now imagine you are not the only restaurant on the platform doing this.

link to this extract

Issue 178139 – android – Android full lockscreen bypass – 5.1.1 PoC » Android Open Source Project

John Gordon at the University of Texas at Austin:

Android 5.1.1 Lockscreen Bypass
Summary: Unlock a locked device to access the homescreen, run arbitrary applications, and enable full adb access to the device. This includes access to encrypted user data on encrypted devices.
Prerequisites: Must have a password lockscreen enabled. (PIN / swipe untested)
Hardware: Nexus 4
Software: Google factory image – occam 5.1.1 (LMY47V)

Attack details:
Pasting a sufficiently large string into an input field will cause portions of the lockscreen to become unresponsive and allow the user to terminate those processes. An attacker can construct a large string by typing characters into the Emergency Dialer, then select all + copy + paste repeatedly to increase the string size exponentially. Once the string has been pasted, either into the Emergency Dialer or the lockscreen password prompt, attempting to type more characters or performing other intaractions quickly and repeatedly causes the process to become overloaded and crash, or produce a dialog allowing the user to kill the process. If done in a password prompt in the foreground of the camera application, this crash results in the homescreen or Settings applcation being exposed.

PIN/swipe is untested, rather than safe (as far as we can see). This seems to be pretty hard to do – the video is 18 minutes long, involving lots of copy/pasting. It’s not really a giant flaw like Stagefright; and Apple has had some egregious lockscreen bypasses in the past. (Though none in iOS 8 that I’ve seen.) The problem though is that this doesn’t help Android’s reputation among businesses considering whether to buy it. It’s not the exploit; it’s the suggestion of vulnerability.
link to this extract

Popping the publishing bubble » Stratechery

Ben Thompson, in his weekly “free to view” article, says that iOS 9’s adblockers are just going to finish what was already happening:

It is easy to feel sorry for publishers: before the Internet most were swimming in money, and for the first few years online it looked like online publications with lower costs of production would be profitable as well. The problem, though, was the assumption that advertising money would always be there, resulting in a “build it and they will come” mentality that focused almost exclusively on content product and far too little on sustainable business models.

In fact, publishers going forward need to have the exact opposite attitude of publishers in the past: instead of focusing on journalism and getting the business model for free, publishers need to start with a sustainable business model and focus on journalism that works hand-in-hand with the business model they have chosen. First and foremost that means publishers need to answer the most fundamental question required of any enterprise: are they a niche or scale business?

• Niche businesses make money by maximizing revenue per user on a (relatively) small user base
• Scale businesses make money by maximizing the number of users they reach
The truth is most publications are trying to do a little bit of everything: gain more revenue per user here, reach more users over there.

Worth it for the illustrations. You should subscribe so he can afford an iPad Pro and a stylus.
link to this extract

Google is 2 billion lines of code — and it’s all in one place » WIRED

Cade Metz:

Google has built its own “version control system” for juggling all this code. The system is called Piper, and it runs across the vast online infrastructure Google has built to run all its online services. According to [Google’s head of… big stuff? Rachel] Potvin, the system spans 10 different Google data centers.

It’s not just that all 2 billion lines of code sit inside a single system available to just about every engineer inside the company. It’s that this system gives Google engineers an unusual freedom to use and combine code from across myriad projects. “When you start a new project,” Potvin tells WIRED, “you have a wealth of libraries already available to you. Almost everything has already been done.” What’s more, engineers can make a single code change and instantly deploy it across all Google services. In updating one thing, they can update everything.

There are limitations this system. Potvin says certain highly sensitive code—stuff akin to the Google’s PageRank search algorithm—resides in separate repositories only available to specific employees. And because they don’t run on the ‘net and are very different things, Google stores code for its two device operating systems — Android and Chrome — on separate version control systems. But for the most part, Google code is a monolith that allows for the free flow of software building blocks, ideas, and solutions.

The point about Android and Chrome being on separate version control systems is one to note. Can’t merge the code until those two come together.
link to this extract

IPv6 will get a big boost from iOS 9, Facebook says » Computerworld

Stephen Lawson:

Even when all the pieces are in place for IPv6, iOS 8 makes an IPv6 connection only about half the time or less because of the way it treats the new protocol. With iOS 9, and IPv6 connection will happen 99% of the time, Saab predicts. 

IPv4 is running out of unused Internet addresses, while IPv6 is expected to have more than enough for all uses long into the future. Adoption has been slow since its completion in 1998 but is starting to accelerate. The release of iOS 9 may give a big boost to that trend. 

“Immediately, starting on the 16th, I’m expecting to see a lot more v6 traffic show up,” said Samir Vaidya, director of device technology at Verizon Wireless. About 50% of Verizon Wireless traffic uses IPv6, and Vaidya thinks it may be 70% by this time next year as subscribers flock to the iPhone 6s. 

Apple’s change should help drive more IPv6 use on Comcast’s network, too. About 25% of its traffic uses the new protocol now, and that figure could rise above 50% by early next year, said John Brzozowski, Comcast Cable’s chief IPv6 architect. 

This is the point, again and again. Android has the installed base; but iOS adoption is so rapid that it can drive change almost immediately.
link to this extract

Barbie wants to get to know your child » The New York Times

James Vlahos:

Hello Barbie is by far the most advanced to date in a new generation of A.I. toys whose makers share the aspiration of Geppetto: to persuade children that their toys are alive — or, at any rate, are something more than inanimate. At Ariana’s product-testing session, which took place in May at Mattel’s Imagination Center in El Segundo, Calif., near Los Angeles, Barbie asked her whether she would like to do randomly selected jobs, like being a scuba instructor or a hot-air-balloon pilot. Then they played a goofy chef game, in which Ariana told a mixed-up Barbie which ingredients went with which recipes — pepperoni with the pizza, marshmallows with the s’mores. ‘‘It’s really fun to cook with you,’’ Ariana said.

At one point, Barbie’s voice got serious. ‘‘I was wondering if I could get your advice on something,’’ Barbie asked. The doll explained that she and her friend Teresa had argued and weren’t speaking. ‘‘I really miss her, but I don’t know what to say to her now,’’ Barbie said. ‘‘What should I do?’’

‘‘Say ‘I’m sorry,’ ’’ Ariana replied.

‘‘You’re right. I should apologize,’’ Barbie said. ‘‘I’m not mad anymore. I just want to be friends again.’’

We now return you to our regular scheduled programming of “Philip K Dick short stories brought to life.” Take your pick: War Game, Second Variety or The Days of Perky Pat?
link to this extract

One great reason to update to iOS 9 – a nasty silent AirDrop attack is in town » Forbes

Australian researcher Mark Dowd, who heads up Azimuth Security, told FORBES ahead of Apple’s iOS 9 release on Wednesday that the flaw allowed anyone within range of an AirDrop user to install malware on a target device and tweak iOS settings so the exploit would still work if the victim rejected an incoming AirDrop file, as seen in the video below.

Users should update to iOS 9 and Mac OS X El Capitan, version 10.11, as soon as possible to avoid losing control of their phones and PCs to malware. Any iOS versions that support AirDrop, from iOS 7 onwards, are affected, as are Mac OS X versions from Yosemite onwards. There are few protections outside of upgrading, other than turning AirDrop off altogether. The service is off by default, though it’s possible to start it running from the lockscreen.

By carrying out what’s known as a “directory traversal attack”, where a hacker enters sections of the operating system they should not be able to access, Dowd found it was possible to exploit AirDrop and then alter configuration files to ensure iOS would accept any software signed with an Apple enterprise certificate. Those certificates are typically used by businesses to install software not hosted in the App Store and are supposed to guarantee trust in the provenance of the application. But, as FORBES found in a recent investigation into the Chinese iPhone jailbreaking industry, they’re often used to bypass Apple security protections.

I dunno, getting AirDrop to work is usually the biggest challenge I face. (The mitigation is pretty easy on any version – turn off Wi-Fi or Bluetooth, or turn Airdrop to accept files from Contacts Only or off; this leaves Wi-Fi and Bluetooth untouched.)
link to this extract

Google taken to court to uncloak ebook pirates » TorrentFreak

Early June, GAU [the Dutch trade organisation representing dozens of book publishers in the Netherlands] reported that Google appeared to be taking steps to prevent rogue sellers from offering illegal content via its Play store. The group also noted that BREIN was attempting to obtain the personal details of the ‘pirate’ seller from Google.

Unsurprisingly that wasn’t a straightforward exercise, with Google refusing to hand over the personal details of its user on a voluntary basis. If BREIN really wanted the seller’s identity it would have to obtain it via a court order. Yesterday the anti-piracy group began the process to do just that.

Appearing before the Court of The Hague, BREIN presented its case, arguing that the rogue seller was not merely a user of Google, but actually a commercial partner of Google Play, a partnership that earned revenue for both parties.

“The case is clear,” BREIN said in a statement.

“There was infringement carried out by an anonymous seller that was actually a commercial ‘partner’ of Google via Google Play. This is how Google refers to sellers in its own terms of use.”

BREIN says that ultimately Google is responsible for the unauthorized distribution and sales carried out via its service.

“There is no right to anonymously sell illegal stuff, not even on Google Play while Google earns money,” the anti-piracy group concludes.

In the UK I think this would be a fairly straightforward “Norwich Pharmacal” case. Wonder if Holland has anything comparable.
link to this extract

iOS 9 review: longer battery life, more storage, and adblocking. What more could an iOS – or Android user – want?

Apple called this year’s WWDC “the epicentre of change”. So what did its iOS update bring? Photo by karmadude on Flickr.

iOS 9! It comes down the intertubes today! I’ve been testing iOS 9 on an iPhone 5C (equivalent to an iPhone 5) since the first beta, using a Three PAYG SIM so that it would have to connect to the mobile network (to test such things), and an iPad Air 2, and also an iPad 2.

My takeaways: Apple’s given you more battery life and more storage for free. Plus some other nice things. Definitely worth any hassle in upgrading.

More phone storage, for free

iOS 9 is reputed to require less storage than iOS 8 – a feat that I think may be done by removing some unneeded resources from the packages, so that you only get what you need. Ars Technica’s review suggests that the savings once installed are minimal – a few hundred megabytes – in a comprehensive testg. (Joanna Stern at the WSJ says it needs less free space to install too – 1.3GB v 4.58GB for iOS 8.)

“App thinning” (officially it’s “App Slicing”, apparently) means that apps only download the resources that they need for the device you’re using. Put like that, it’s amazing that they didn’t to begin with, isn’t it? Still, given the proliferation of screen sizes, this should avoid games in particular from bloating up and taking over your preeeecious storage. (There’s also a method called “On Demand Resources” where games in particular can download just stuff needed for a particular level, which can then be deleted when it’s not needed. Apple’s taking the same approach with its Apple TV tvOS.) This means that you want developers to update their apps, so they take advantage of this: your phone should actually get emptier. Apart from those photos you take.

And also, for its next trick, iOS 9 updates will be able to work in chunks – so that you won’t need a colossal amount of storage free to do the incremental updates. (The iOS 8 ➡️ 9 update, less clear.)

A battery upgrade, for free

Android has had a “low power” mode since forever, but it isn’t on by default; you have to hunt it out and turn it on.

Low Power mode on iOS 9

The battery icon goes yellow but the phone goes on and on. Found through the new “Battery” mode in Settings.

iOS 9’s Low Power mode (found in a new Settings er, setting called “Battery”) isn’t on by default either, but when you hit 20% and 10% battery and the “20% battery” dialog comes up, you’ll get an option to activate it. And of course you can turn it on any time you like. When you recharge, it automatically turns off at 70% of charge. (Note: it’s only available on iPhones – not iPads.)

I’ve run my test phone on Low Power from 100% and got huge lifespans – around two and a half days, which included a fair bit of use. This is a big improvement. Note though that it will seriously slow down a lot of apps, and kills background refresh. But if you’re not using the phone for anything for a while, it’s great for extending the life. You’ll know it’s on: the battery icon turns an anaemic yellow. The screen brightness goes down, but I didn’t notice this particularly.

There’s also another battery-saving feature: if the phone is face-down (on a table, say), notifications don’t light the screen. Subtle, but worthwhile.

Even without using Low Power, I was getting good lifespans from both the iPhone 5C and iPad Air 2 I tested iOS 9 on: pretty much always better than iOS 8. This is unusual in a beta.

A poke in the eye for battery/storage upgrades

Low Power and the storage saving together represent something clever: Apple saying that battery life on its own and storage on its own aren’t enough to merit a device upgrade. After last week’s iPhone/iPad event, there was no shortage of people moaning that they’d rather have a thicker phone with a longer battery life, or more storage for the base model.

Actually: that wouldn’t drive new device sales, which is what Apple wants. A slightly thicker device wouldn’t suddenly last two days – you’d have to roughly double the thickness to get that. Furthermore, people would say “I’ll buy a battery add-on thanks – it’s cheaper.” This would Not Be Good for iPhone sales.

And storage: well, of course Apple upsells you from the low-end phone to the mid-range one. If you’re surprised by this… would it shock you to know that companies actually try to make profit? I find the argument about storage slightly tired; there’s more cloud storage available through Dropbox et al (though – shocker! – they will charge you too). But taking out unnecessary content from apps and the OS is a great way to reclaim some of that phone storage.

Parsimony in the cloud

Certainly, it’s annoying as hell that Apple only offers 5GB of iCloud storage – an amount that hasn’t changed since its introduction in 2011, although the prices for the larger storage amounts has fallen. 5GB isn’t enough for most people, but they equally can’t be bothered to update their storage, and certainly not pay for it.

Since 2011, the cost of storage has gone through two Moore’s Law cycles (halving in cost), so on that basis Apple ought to be offering 20GB for free. Then again, Dropbox only offers 2GB for free to begin with; it’s pretty easy though to upgrade that to 10GB through a few encouraging tweets, or used to be – I’m somehow at 10GB without paying anything.

iCloud backups don’t have to include your photos – iCloud Photo Library is a great way to get your photos into the cloud and out of the “iCloud backup” space. You can also get Dropbox to suck them up, or Livedrive, or of course Google Photos. iCloud backups remain terrific, though, and better than Android’s current offerings, because they back up all the app data, as well as most settings (excepting some mail and other important passwords). Some more would be nice, though.

Settings are now searchable

iOS 9: Settings are searchable

The Settings app is so giant that it needs its own search bar, and has done for a while. Go straight to Mobile Data, for example. At last.

Oh God I’ve been asking for this since forev… well, for a few years (iOS 6?) because Settings have become gigantic. Where does the passcode live? App Store restrictions? And so on. Now you just search (pull down in the main part of the Settings menu).

Keyboard: now in lower case

iOS 9 keyboard shows upper/lower case dynamically

iOS 9’s keyboard shows upper/lower case: end a sentence and it offers capitals. Don’t like it? You can turn it off.

Everyone else seems to be delighted that the keyboard now has upper/lower case – so that when you type, the keys Go Up And Down With Capitals. Personally, I find it distracting, even though I understand that for a lot of people this eases a frustration they’ve felt for ages. (Android users of course have had this since forever). If like me you don’t like it you can turn it off in Settings ➡️ Accessibility ➡️ Keyboard ➡️ “Show Lowercase Keys”.

A Back button? Sort of

Again, Android has had a “Back” button since forever. But it has UI/UX gotchas: if you pressed it, where would it take you? If you had jumped from one app into another (say from an email into the browser), would the Back button take you to the canonical place in the browser app – say, the last thing you had been looking at in the browser before that – or back to the email app? Usually it would be the email app, of course, but this wasn’t explicit.

The thing about the Back button is that it can be a user puzzle, but for a power user it’s great; if you’re the sort of person who keeps a mental stack of what you’ve been doing on the way through the phone, the ability to go back and back in time appeals. Windows Phone has had the same feature from its inception, so there’s clearly a perceived need.

iOS 9 gets its own "back" button system

Which app did you come from? Want to get back there? Here you go – as long as you don’t lock the screen.

Apple has bowed to the (perhaps) inevitable, but done it in its own way. The “Back” instruction isn’t a button; instead it’s a tab at the top left of the screen telling you how to get back, and which app it’ll take you back to.

It’s generated when you follow a notification that pops into the top of the screen (and haven’t we all prodded one of those by accident?), or when you follow a link such as “Show in Calendar” from apps such as Mail or Messages.

I see this as having a dual purpose. First is a user frustration/behaviour thing. Watch people using an iPhone, and you’ll often see them follow a link from an app to another app, where they do something; then to return to the previous app, they press the Home button and then launch the previous app. That’s evidently wasteful, and though you can say “people should use the app switcher” (double-tap on the Home button) it’s clear that they don’t.

Second, implementing the “Back tab” helps with what I see as Apple’s intention to get rid of the Home button.

The Back tab is some distance from perfect. It obscures network settings such as mobile signal strength or Wi-Fi connectivity, and knowing about those is often more important to me than figuring out which app to go back to. It doesn’t persist across screen on/off (so if your screen locks and you unlock it, the signpost back is gone). It’s also in the most inaccessible part of the screen if you usually hold your phone in your right hand.

San where?

iOS 9 uses a new font – San Francisco. I’ll be honest: I never noticed. I’m not generally a font person, unless you try to replace a serif face with a sans-serif one, in which case I’ll punch you. It’s the same as that on the Watch, which in my experience is more legible than that on iOS 8. But I’ll leave the dissection of the curve on the “6” and the length of the descender on the “p” to others.


Proactive aims to fulfil search before you search

Maybe these are the apps you’re looking for? How about some news? Location-aware apps also come into play when you’re out and about.

Swipe left or downwards from the main screen, and you’ll get the phone-wide search that was there in iOS 7 and taken out (eyeroll) in iOS 8. But you also get “suggestions” – apps you might like, or if you’re out and about, things you might be looking for (food and petrol often came up). Proactive is hard to evaluate until you’re using something as your main phone for quite some time; I was using iOS 9 on a secondary phone. Like Siri, this may be one of those things that improves quite substantially once more people are using it.

The “Proactive” pane also now contains your recent contacts, with fast access to phone/messaging. Discussion is below in the “odds and sods” section.

Hey, Siri, how did you get better?

There’s no mystery in why Siri is better now than it used to be; more people are using it. Apple artificially restricted it to the 4S upwards on its introduction in 2011 (it had worked fine as a third-party app on lots of earlier phones, because it’s a network-connected service; Apple wanted to make it a reason to upgrade). Since then, hundreds of millions of people have been using it and processors have got faster, so there’s a huge corpus of data to work with. It’s great on the Watch; it’s getting used a lot now.

In iOS 8, a charging phone would respond to “Hey Siri” plus your query (eg “what’s this song” – always nice). In iOS 9, it’s available when not charging too. This could be problematic (news reports about Syria are often a cause), but there is training to your voice. We’ll see how this goes. And yes, Motorola did have this a couple of years ago. Apple, though, has been cautious about the potential battery hit. Plus, of course, it’s a temptation to upgrade.

Content blocking, and Safari everywhere

Content blocking in iOS 9

You enable content blockers in Safari’s settings. Some – such as 1Blocker, on the right, offer a lot of tweaking

Unmentioned in the WWDC keynote, but a “wow!” moment for those who twigged it, is the ability to block content – including websites and scripts – from Safari in iOS 9. On its own, that wouldn’t be so dramatic, but iOS 9 also lets any app that shows a web view, such as when you click a web link in a tweet (which usually brings up a proto-web browser inside the app) use Safari to do it, still inside the app.

This has a couple of benefits: if you’re viewing a page that needs a username/password (say, a subscription paper such as the FT or WSJ or Economist) then Safari’s iCloud Keychain can fill it in for you automatically; second, the aforesaid content blocks come into play.

And wow indeed – content blocking, aka adblocking, makes a big difference. Pages are cleaner, less annoying, load tons faster. There are going to be lots of people making good money from adblockers in the App Store very soon. Installation is straightforward: you download the “app”, and then in Settings ➡️ Safari ➡️ Content Blockers, and it will appear there as an option. As it says, none can send any information back about what they’ve seen or blocked. You can also configure particular things about the blocking within the apps themselves.

I tried three – Crystal, 1Blocker and Blockr. Crystal is simplest; Blockr the next; and 1Blocker has a huge list of options, making it super-tweaky configurable. Crystal and Blockr have already been approved for sale through the App Store.

Noticeable among 1Blocker’s blocking groups is “adult sites” – which suggests another use for content blockers inside enterprises, where IT departments, not to mention management, don’t want staff viewing Teh Pr0n on company phones. Locking them down and installing a content blocker is going to be popular, I think.

Note though that Content Blocking doesn’t work inside apps that use their own layouts – so Facebook is protected from this incursion. And as we’ll see, Apple’s own ad-served app is safe too.

Content Blocking will only work on 64-bit devices, which means the 5S upwards. This is due to compiler limitations (according to an Apple staffer.) This is frustrating, since they worked fine on my 32-bit 5C. Even so, I think Content Blocking is going to have a huge impact.

Public transport directions

Public transport in iOS 9 is back.. sort of

It’s fine if you want to go from Brighton to London to Edinburgh – just don’t try going any further.

Apple made much of how iOS 9 has public transport directions – something that had been missing ever since the ejection of Google as the mapping default in iOS 6 which left a huge gap for Google Maps and Citymapper and various others to work back in to. (Citymapper seems to get the usability vote.)

While it seems to be great if you live in China (300 cities!) or the US, it’s not that stunning in the UK. Major cities are covered (London, obviously) and major train routes (London to Brighton, for example, and Birmingham) but it’s far from comprehensive: no public transport data for Edinburgh or Glasgow, for instance.

Apple is updating these all the time, though, so this may be more of a stealth improvement, rather as has happened with Maps – which are unrecognisably better than when they launched in 2012.

Multi-window multitasking

On the iPad Air 2, and any other device with a large-enough screen and 2GB of RAM (the iPad mini 4, iPad Pro.. and 6S Plus? Not sure about the latter) you can bring in other apps by sliding in from the side (charming, you can hear Microsoft saying), and then scroll them simultaneously, and resize them – to half-and-half, or 3:2. No other sizing is allowed.

iOS 9 multitasking: browse in one, pick another app..

With one app running, pull in from the right and then swipe down for available apps..

Choose an app, and both run at once

By default, the second app runs in a window two-fifths of the screen. But you can resize it..

iOS 9 multiwindow resized

Two apps side by side on an iPad! Lap it up, folks.

Multitasking is one of those things where you need a specific use case; watching a video while you read something, perhaps, or (the one I found) copying data from a web page into a spreadsheet. Clearly it’s Apple chasing after business users who will have more uses like that than the average person sitting at home drifting through Facebook.

All the news that’s fit to.. something

Apple News: broad

Rather like Apple Music, there’s “For You”, and then “Favourites”, “Explore” and Search. (I hadn’t saved anything).

Remember all the excitement over the new top-level domains, things like “.amazon” and “.balloons” and “.weboughtthisforbraggingrights”? Well, someone bought “.news” and now Apple (which didn’t buy it) is making use of it.

The Apple News app has a ton of sources, though in the beta I could only get access by changing my region to the US; once it’s live, it should be available in the US, UK and Australia.

I had mixed results; News only appeared in beta 3. I chose to get news about technology, science and business; I was nonplussed then to get CNN stories about celebrities. But more recently it has improved somewhat. I think that pressing the “Love” button at the bottom of a (read) story will improve the results you get.

You can share stories you read on Twitter or Facebook, and this is where the “” bit comes in – links you share begin “”. This presumably means Apple can see what stories are getting the most traction and have been read.

For those who like a good conspiracy, note that Apple is offering its own publishing service into Apple News, and that this will be monetised via its iAd service (ie advertisers buy space on iAd, rather than just showing the publisher’s ads).

And guess what? Content blocking (aka adblocking) doesn’t work in Apple News. So if you follow a link to a story inside News, you see ads; if you open the same story in Safari when you have adblocking running, you don’t see ads. I predict this will have some publishers furious. I don’t see Apple retreating from having content blocking enablers on Safari, though. Get some popcorn.

Odds and sods

The app switcher (double click on the home button) is changed: rather than a side-by-side set of frames of the apps, it’s now an overlapping fan of the apps, which you pull to the right. Same method to kill apps (swipe them upwards).

The app switcher change also means that the “recent contacts” and “favourite contacts” that used to appear above the app switcher in iOS 8 are now in the Proactive search screen. Clearly, too few people used the app switcher, and too few used those contacts via the app switcher, for them to merit that space. (I can’t recall a time that I contacted someone via that above-the-app-switcher method.)

Notes have been updated so that they can do to-do lists, and alaso take your crude finger drawings, and you can stuff things into them from Safari via the share sheet. I didn’t test this, as if you update the format it’s not back-compatible with iOS 8 or earlier. (You get a suitably big warning.)

More camera folders. Selfies and screenshots get their own default folders, along with (deep breath) Favourites, Panoramas, Videos, Slo-mo, Bursts, and Recently Deleted.

Quick replies in all apps, not just Messages. When Notifications come down from the top of the screen, you could respond quickly in messages; now you can do it for all apps where replies are possible.

Folders can now contain other folders. So if you want to hide those Apple apps you can’t (yet) delete really thoroughly, here’s how.


Health app: now with menstruation

All these are focussed on women. Good.

Look! It now recognises that some humans menstruate and ovulate. Amazing, sure. This was well overdue; it should have been in last year’s release, and would it have killed Apple to include it in a point release some time in the past 12 months?

There must be a load of other things that I’ve overlooked. Let me know what they are in the comments.


iOS 7 and iOS 8 adoption after release

Apple’s data shows rapid takeup of iOS 8 and 9; other sources such as Mixpanel and Fiksu confirm it

All these things – the longer battery life, the extra storage, the public transport directions, the content blockers (particularly those) – are going to be available from about 1700 GMT, if Apple’s servers can bear the crush. (There’s also a 9.1 beta available if you want to live in the future.) iOS 9 will run on every phone since the iPhone 4S, and iPads since the iPad 2. If you’re running iOS 8 on any of those, it should be an improvement in speed, battery life and storage.

We can predict that within a month or so, iOS 9 will have at least 50% adoption, based on previous experience: in the past two releases, it has hit 50% or more after five weeks.

That’s about 200 million or more iPhones, iPads and iPod Touches running it. All the changes in this – especially those four picked out above – are going to get a lot of discussion. Apple has been very canny. iOS 9 takes some ideas from Android – upper/lower keyboard, back button, low power – and made them slightly more usable. But then it’s gone to places that Android hasn’t, and made them a reason to stick with iOS. Content blocking in particular is tricky on Android – you have to download a specific browser and make it your default, or sideload an app; neither is a big pursuit. With mobile viewing so big, it might be a cold Christmas for some publishers. (Read my views on adblocking, if you haven’t already.)

Android fans will mutter about the things Apple has finally caught up with. But that misses the point. Apple is playing its own game: and this one is about keeping its existing iOS users loyal, and tempting non-users aboard with things that are both familiar and unavailable.

Should you upgrade? Yes. Back up first to iCloud (if you can – dammit) or iTunes. And then enjoy it.

Other stuff you might also like to read here:
Review: this is the worst Apple Watch ever. (Think about it.)
Analysis: Q2 2015: Premium Android hits the wall
Analysis: the adblocking revolution is months away in iOS 9 – with trouble for publishers, advertisers and Google

Start up: iOS 9 and the BBC, AdBlock v Chrome/YouTube, Imogen Heap’s blockchain, and more

And we just happen by great good fortune to know a good source of women who aren’t wives too. Photo by James Maskell on Flickr.

A selection of 8 links for you. Tested on humans for irritancy. I’m charlesarthur on Twitter. Observations and links welcome.

Ashley Madison’s parent company secretly operated an escort website » Daily Dot

Dell Cameron:

After the details of roughly 33 million Ashley Madison accounts were posted online, the hackers responsible, known as Impact Team, leaked more than 197,000 private emails from the inbox of Noel Biderman, the former CEO of Avid Life Media (ALM), a Toronto, Canada–based company that operates the Ashley Madison site. Documents and emails contained in the trove and reviewed by the Daily Dot detail the company’s escort-related businesses. was leased in 2013 through a shell company called Pernimus Limited, which is listed among ALM’s “legal entities” on an internal company memo. According to a leaked contract, ALM leased the escort-service property from an Ontario-based company called Steeltown Marketing Inc., on Feb. 20, 2013.

The website was still active until roughly 6pm ET on Tuesday, when it was abruptly suspended. A version of the site from Aug. 1, 2015, can still be viewed, however, via the Wayback Machine.

Innocent explanation: ALM was into teh sexy bsns, so having an escort company as well as a “YOLO BE UNFAITHFUL” site was just consistent corporate thinking.

Malevolent explanation: 1) have a site encouraging guys to be unfaithful; 2) funnel them towards escorts 3) Profit!

Hang on, further down:

The document shows that ALM’s intention for the site, which did not charge users to browse its pages, was to funnel traffic to Ashley Madison and other ALM properties.

Having some trouble making the innocent explanation work here.

link to this extract

Apple’s iOS 9: Tweaks not revolution for video, photos and audio » BBC Blogs: College of Journalism

Marc Settle, who specialises in smartphone reporting for the BBC Academy:

Doesn’t time fly. It’s already a year since my now-traditional blog post examining what’s in the latest version of iOS, the operating system on iPhones and iPads. It’s also therefore a year since the equally traditional complaint of ‘preferential treatment’ to Apple over Android, the operating system that runs on around 80% of smartphones globally.

However, it remains the case that iPhones are the device of choice for many leading news organisations around the world – not just the BBC – for their employees to gather and send broadcast-quality footage at a far lower cost than traditional methods.

It’s also the case that this review of iOS 9 will be far more relevant, far more quickly, to iPhone owners if the pattern of previous releases is repeated. iOS 8 came out on 17 September 2014; a week later it was running on more than a third of compatible devices (as shown on the graph above).

In stark contrast, the latest version of Android, called Lollipop, was released in November 2014 but nine months later it’s still barely on 20% of devices.

Seems iOS 9 doesn’t add much, apart from some little tweaks in video editing. It has been noticeable in the latest reports on the refugee crisis that some of the BBC reporters are doing the reports with iPhones; one did a whole report using the front-facing camera and flash so that he could show the extent of the problem.
link to this extract

YouTube ads aren’t being blocked in Chrome / Recently Reported / Knowledge Base » AdBlock Support

And lo, there was great consternation that YouTube might have found a way to make people view ads. But it turned out not to be:

Some users have been able to confirm, that removing YouTube app from Chrome (by navigating to chrome://apps on Chrome) fixes YouTube ads, which are not blocked.

According to the EasyList forum post on this topic (you can read the original Google Code issue if you’d like to know the gory details) it’s caused by a recent Chrome security update, not the ad blockers or YouTube finding a way around the current filters.

At this point, we’re waiting for news about another update to Chrome which will fix this. In the meantime, we recommend switching to Firefox or Safari, which continue to block ads in YouTube videos just fine

In the Chromium discussion, a Chromium developer says “It was a security fix tracked in bug 510802 which we can’t make public yet, but it has the details.” (I can’t find a way to view bug 510802, so maybe it’s a doozy.)

link to this extract

Michael Dell sees consolidation among PC makers in next few years » Reuters

The top three global PC makers would be able to raise market share in the next few years through consolidation amid shrinking sales of personal computers, Dell Inc chief executive Michael Dell said on Monday.

Lenovo Group Ltd tops global PC shipment ranking with a 20.3% market share, followed by Hewlett-Packard Co at 18.5% and Dell at 14.5%, according to research firm International Data Corp.

The top three companies could corner about 80% of the market in the next five to seven years, Dell said at a roundtable conference with journalists in Bengaluru, India.

“In the first half of this year, we outgrew the two in notebooks and we have grown now 10 quarters in a row,” Dell said.

IDC last month forecast PC shipments to fall 8.7% this year, steeper than its earlier estimate of a 6.2% decline, and said they are expected to return to growth in 2017.

Presently those top three have 53%; it would take quite a consolidation (such as the collapse/withdrawal of a player like Acer with 6.5% share and a smaller one like Toshiba with maybe 3% share) to reach that. But the ongoing consolidation is steady.

Read it too for Dell’s comment on smartphones.
link to this extract

Imogen Heap: saviour of the music industry? » The Guardian

Jamie Bartlett on how one British artist aims to use blockchain technology to create an accountable system for buying and listening to and crediting music:

Because [Imogen] Heap now produces her own music independently she’s not contracted to release her song via the usual route. Instead, she will be placing the studio-recorded song, video, live performance and all Tiny Human-related data as files on her website, open to those developing new tech for the blockchain. All the taggable associated data that could interest fans or potential clients (film and TV, brands, other artists), such as the lyrics, photographs, the instruments she used, the musicians who played, etc (“I think I’ll add this article too,” she told me) will prove inspirational, she hopes.

Crucially, she’ll also include simple contracts, revealing under what terms the music would (ideally, as this is an experiment) be downloaded or used by third parties, such as advertisers, and how any money earned will be divided up among the creatives involved. All payment received – using crypto-currencies – will be routed to the recipients, as set out in the contract, within seconds. (It typically takes between weeks and months for royalty payments to work their way through the chain at the moment.)

It’s a long but worthwhile article. There’s a fair amount of handwaving around how it will work, though I suspect that’s just as much because really getting into the details of how the blockchain system would work might frighten the horses (as in, regular non-techie readers) too much.

And remember, MP3 started as a way to compress background music and sounds for video games.
link to this extract

Premium Android hits the wall: discussion » Hacker News

Among the discussion of my post elsewhere on this blog is this anecdote:

My wife went into the EE shop (UK mobile company) recently to see what was on the market as her old Galaxy S2 was dying.

She came out with a list of six Samsung phones alone and a couple of Sonys. Is a Galaxy Alpha better than an S6? What’s a Galaxy Mini? So bewildered by the permutations that she just threw away the list and bought a second-hand Galaxy S4 on eBay. Potential sale for Samsung lost.

Android vendors might think they’re satisfying all possible market requirements but actually they’re confusing potential customers. As you say, probably easier just to go to the Apple store and choose between two.

I know anecdotes aren’t data, but I think the contrast between a plethora of choices and a couple makes a difference. Note too how few features Apple adds at each release. (Read the full discussion too.)
link to this extract

Negative feedback: attack on a YouTube channel » Dell SecureWorks Security and Compliance Blog

Joe Stewart of CTU Research on how an “attack” (lots of dislikes) against a YouTube channel might have been organised via hijacked routers in Vietnam:

All it takes to bounce traffic through a vulnerable broadband modem is to know the standard administrative username/password pair used by the ISP, something trivially obtained by analysis of the device’s firmware image or even by brute force scanners. Once you can configure the modem, you can set up port forwarding and relay traffic inbound to a specific TCP port to an outside site (i.e. YouTube). This isn’t a proxy in the conventional sense, where one can arbitrarily tunnel all HTTP traffic through another IP, but it can work in essentially the same way for a single destination site.

Vietnam is certainly not the only country with this problem. A rush to create broadband infrastructure in some countries where ISP choices are limited has led to a dangerous monoculture of vulnerable router deployments. As consumer operating systems are increasingly becoming more secure against exploitation that would cause them to become part of the botnet ecosystem, we are increasingly seeing broadband routers being abused for these purposes instead.

It used to be that shonky Windows installations in developing countries were the main problem for such attacks; now it’s broadband routers in developing countries too. (Via Stefan Pause.)
link to this extract

Why you hate Google’s new logo » The New Yorker

Sarah Larson:

Now Google is so smart and powerful, across so many platforms—Androids, a translation service, Chrome, Maps, Earth, self-driving cars, our collective brain—that our trust, our connection to that first thrilling moment, that gratitude and excitement, should be essential to maintain. You’d think the company would get that, and that rebranding, generally, feels suspicious. When I see that shifty new rainbow-colored “G” bookmarked on my toolbar, I recoil with mild distrust, thinking of when Philip Morris became Altria — No cigarettes here, see? Just rainbows! — or when British Petroleum suggested we think of it as Beyond Petroleum, or when the Bush Administration would name something Freedom.

Zingg! (Personally, though, I don’t like the new logo. I prefer the old one.)
link to this extract

The adblocking revolution is months away (with iOS 9) – with trouble for advertisers, publishers and Google

The thing about print adverts was that they stayed where they were. Photo by Bethan on Flickr.

TL:DR: when Apple’s iOS 9 comes out in September, there’s going to be a dramatic uptake of ad blockers on iOS – and it’s going to have far-reaching effects not just on websites and advertisers, but potentially also on the balance in mobile platforms and even on Google’s revenues.

Now, the longer version.

Remember newspapers?

In the old days, adverts appeared in print, on the radio and on the TV. Most ad-supported news organisations that have shifted to the internet began in print.

Ads in print were straightforward. Advertisers bought space, and editors could turn them down, or sometimes decide not to run them if a story broke that would bring about an awkward juxtaposition of, say, the advert for a shoe store on page 3 and the big breaking story now being placed on page 3 about people having feet crushed by a runaway steamroller. (The ad would get moved to another page.) Print ads were hard for advertisers to track, though they could use codes and so on that would clue them in to where someone had seen one if they responded directly.

Then came the internet, and the promise of measuring which adverts people had seen, and which they had clicked, followed swiftly by the realisation that you’d be able to follow what adverts people had seen between different sites by use of tracking cookies and scripts.

Now we have the situation where news websites are plentiful (some just rewriting, sometimes by machine, sometimes not) and adverts even more so: the attempt by The Verge’s Nilay Patel to pin the blame on mobile browsers’ lack of capability has been effectively shot down by Les Orchard, who pointed out the colossal amount of data that a simple page requires.

That’s where we’re at: websites are getting overloaded with ads, beacons, trackers and scripts that are all scrambling over each other in their attempt to squeeze the last bit of information about us from every page.

But nobody asked us, the readers, along the way whether that was OK. And now, people are deciding that it’s not OK.

Block that ad!

The uptake of AdBlock and its commercial sibling Adblock Plus has been gradual, but has now reached more than 150m users, and it’s accelerating. People are getting pissed off with the huge data loads pages impose without their consent, and the idea that they’re being tracked without their consent. In this post-Snowden age, the latter particularly bugs people. Fine, I came to your site; record the fact. But you’re watching me wherever I go online? That’s not acceptable.

People are also pissed off about what can happen when they view an advert online. In all the years I’ve viewed print adverts, I’ve never had one that:
• filled the page I was trying to read and insisted I either wait or click on a particular point on the page to read the article I came for;
• moved up from off the page to insert itself in front of the article I was reading and ask me to sign up for a mailing list;
• started automatically playing a video advert while I was reading some text;
• infected my computer with malware inserted in the ad;
• ran a Javascript script that pretended I need to pay a ransom, or otherwise blocked any interaction unless I pressed a button saying “OK”;
• turned me away from the page I was reading to a completely different one demanding I download an unrelated app.

You may well have other examples. (I’ve not had the malware/Javascript experience online, but other people certainly have.)

Apple: bite me

Into this comes Apple, which guards the user experience on the iOS platform, its biggest moneymaker, very jealously. Apple’s executives and staff aren’t blind to the things that are going on; they use their phones, and they get the same experiences. User experience is what Apple puts above pretty much everything else, and they’ve decided that they don’t like the experience available through the ad-supported web, and so they’re going to do something about it. Hence content blockers for Safari (and all web views) on iOS 9, which wasn’t announced onstage at WWDC but was one of those “Whoa!” moments on browsing through the Settings in the first iOS 9 beta. (Do read the link in the previous sentence, which explains what iOS 9 content blockers are, and are not.) Hence also Apple News, which is basically “all those sites but with the crap taken out”.

The ad intrusion situation on mobile is arguably worse than on desktop, since people are more sensitive about the amount of data they download on mobile, and their phones are less powerful so that complex layouts take longer.

You can get some adblockers for Android (though reviews for the main one are mixed), though you can’t get AdBlock Plus. You can get Ghostery (which shows you what you’re being tracked by) for Android. But there’s nothing like either presently for iOS.

That’s going to change, and I think the advent of iOS 9 and content blocking extensions will touch off a firestorm.

Update: just to clarify: content blocking extensions aren’t built in to iOS 9; only the capability to use them. But people are already working on them. You’ll have to download them and install them, rather like third-party keyboards.

Here’s a video of one presently being developed by Chris Aljoidi:


These blocking extensions will be paid for (at least initially), but the effect of people tweeting and updating Facebook about how much they enjoy the ad-free web will be hard to ignore. As Carl Howe observes, “Like it or not, once Apple supports ad-blocking in its browsers, it will become the default for people who don’t want tracking.” That also plays into Apple’s other general message, about how it doesn’t track what you do when you’re using its products.

Once this begins happening on mobile, it’s going to sweep back on to the desktop. “How do I do this on my PC?” will become quite a common question. People will load up with adblockers. That’s when websites will begin to face a real problem.

The moral conundrum

Of course, at this point we should step back and ask “why were the adverts there in the first place?” Oh yes, because they help pay for the content. In some – well, many, almost all – cases, they pay for all of the content. As Rene Ritchie of iMore explains, these days sites have to rely on getting ad inventory from all over to fill space; multiple networks vie to fill the space with the most apposite ad for the lowest price (to the advertiser) that the publisher will accept.

It’s worth considering what Ritchie wrote at length:

While we sell premium ads directly to advertisers, that only fills a small subset of the required “inventory” to support the network. Some 85% of ads we served last month were “programmatic”—provided by ad exchanges like Google Adx and Appnexus. Those exchanges are pretty much black boxes. We get a tag, we insert it, and ads appear.

Each ad gets its own iframe, so load is asynchronous and, if one fails, it doesn’t kill the entire site. Unfortunately, that also means each one fires its own trackers, even if those trackers are identical across ads. It’s terribly inefficient.

We’ve tried to find or figure out a way to streamline them, but haven’t been able to. They’re built into the foundations of all the major networks, ad and social, ostensibly to provide more “relevant” content.

When we do get good ads, as soon as they finish their allotted impressions, they go away, and the ad spot gets back-filled with “remnants” which get progressively worse and worse the more we refresh the site.

We also have no ability to screen ad exchange ads ahead of time; we get what they give us. We can and have set policies, for example, to disallow autoplay video or audio ads. But we get them anyway, even from Google. Whether advertisers make mistakes or try to sneak around the restrictions and don’t get caught, we can’t tell. It happens, though, all the time.

So ads are out of control even for sites. That’s so removed from the world of print, where an editor could veto or move an ad, that it’s boggling.

It’s this lack of control – the mad desire and demand by advertisers to get everything, indifferent to the effect of the user experience on the reader – that is driving people to adblockers. It’s a variant of the tragedy of the commons.

People don’t like it; here’s what a recent survey for Reuters shows. (What it doesn’t show is how many of those who don’t block ads know of the capability for doing it.)

Attitudes to advertising and use of adblocking

Not very legible; adblocking is the lower bars. People aren’t happy.

But wait, what about the moral dimension? The fact that if you block the ads, the sites lose their income?

I’ve previously written that the two sides on this are far apart; that adblocking is the new speeding: those who do it can justify why to themselves, while those who think it’s wrong are stern in their disapproval.

Entertainingly, when I noted on Twitter how many trackers I’d blocked using Ghostery (as part of an experiment using Ghostery, AdBlock, Javascript Blocker and uBlock to see how it changed my browsing experience), I was at once the object of finger-wagging and the accusation of the destruction of journalism:

Have I any responsibility to them? Well, not really. Certainly as a standard reader, here’s what happened: I accepted an invitation to read an article, but I don’t think that we quite got things straight at the top of the page over the extent to which I’d be tracked, and how multiple ad networks would profile me, and suck up my data allowance, and interfere with the reading experience. Don’t I get any say in the last two, at least?

Hence my response:

(You can view the entire conversation if you’re logged in to Twitter.)

Print evolved. Now it’s the web advertisers’ turn

This is the part of the debate that so interests (and, frankly, entertains) me. Print-based organisations were told they needed to evolve, and stop being such dinosaurs, because the web was where it was at: advertising was moving, and if they didn’t move too, they’d just die.

Now we’re all online, but somehow we’re meant to accept that web advertising is how it is, and never question or deviate from it? Nuh-uh. Why should web advertisers be immune from evolutionary or revolutionary change in user habits? What’s sauce for the print goose is sauce for the online gander. I don’t recall the people who scolded me for using tracking detectors previously saying that everyone had to stick with print adverts because they made more money (which those ads still do).

Furthermore, any argument that tries to put a moral dam in front of a technological river is doomed. Napster; Bittorrent; now adblocking.

Which quickly leads to…

If any significant number of users shift to using adblockers, web advertisers are going to have to move quickly to deal with that new reality. Web publishers too.

(Though I have to say I have very little sympathy for a lot of web “publishers”. Back in the early days of the web, the Guardian ran a brilliant ad which asked “Ever wondered how every day there’s just enough news to fit in the newspaper?” It was advertising the Guardian website, and the fact there was more there than you’d find in the paper.

Now? There are a gazillion websites – but tons of them are simple copies, monetised by adverts from Google or whoever, which leach from the originating sites by copying their content. We’ve now established the limits of how much news is generated each day: it’s more than fits in newspapers, but less than fits on all the websites currently dedicated to “news”. If adblocking puts some of the copiers on the skids, I won’t weep. That’s not journalism; it’s a sort of horrible stenography, even worse than some of the stenography that does pass for journalism at some bigger sites. Good journalism, and worthwhile sites, will survive. Or good journalists will.)

What form will the evolution take? Well, look at sites like Buzzfeed, and their use of native content. If the site generates the ad, it’s suddenly a lot harder to block. We’re back, in a way, in the land of print, where the printing of the editorial and the ads happened in the same place.

Ecosystem fights

Beyond all this, there’s a longer-term potential effect. I don’t think Apple was gleefully thinking of ways to nobble Google when it decided to introduce content blocking, but this could have quite an effect.

Consider: iOS 9 arrives, and lots of happy iOS users say how delighted they are to be blocking those annoying ads. (Don’t underestimate how quickly iOS 9 will be taken up: it’s going to be available for devices going back to the iPhone 4S and iPad 2 and will use less storage than iOS 8. Even iOS 8 was on half of iOS devices within two months of release.) Meanwhile Android users won’t be able to follow suit (to anything like the same extent). At least one of two things will happen:
• some Android users begin considering switching to iPhones
• Google comes under pressure to allow adblockers on the Play Store to prevent Android switching.

Neither of these is good for Google. The loss of Android users is probably more tolerable in the short term. Adblocking could pose an existential risk to Google (which is why it pays Adblock Plus’s makers to not block Google ads).

It’s unlikely that adblocking could ever reach a pitch where it really offers a grave threat to Google. But as more and more people from developing countries come online, paying for every kilobyte of data, they might want adblocking too. India in particular is a generally tech-savvy country where data prices are high; and it has embraced Android enthusiastically. Consider for a moment how that could play out.

Relevantly, Global Web Index has a survey of adblocking use which found that 27% of users aged 16-64 globally in its 33-country survey had used an adblocker, and 15% had blocked tracking.

Adblocking by region

Adblocking by region. Source: GlobalWebIndex.

Statista also had detail about European use:

Adblocking by country in the EU

Adblocking has relatively low use – but what happens when it arrives on mobile?

Consider: hardly any of that is mobile yet. Mobile is the biggest platform. Adblocking is coming to a key mobile platform in September.

Things could get ugly quite suddenly.

Update: there’s a discussion of this post on Hacker News. You don’t need root to read it.

Like this? Other analysis I’ve done you might like:
How Gresham’s Law explains why sites are turning off comments
The death of “Others”: how the PC market’s implosion is squeezing smaller players
Android (and Apple, and BlackBerry, and Microsoft Mobile) handset profitability – the Q1 scorecard (updated)
BlackBerry might have no BB7 users left by February 2016 – and that’s a big, bad problem


Start up: Kickstarter disappointment, the Apple leaks source?, Google is listening, and more

Wikipedia: missing pieces on mobile. Photo by @bastique on Flickr.

A selection of 8 links for you. They join things together. I’m charlesarthur on Twitter. Observations and links welcome.

After raising $1 million, the super-thin CST-01 watch won’t make it to Kickstarter backers » The Verge

Jacob Kastrenakes:

The project has run into quite a few issues, but the broadest one is that the watches just aren’t easy to make. Little more than half of them are fully working after assembly, according to the two engineers behind CST-01, which means that the costs to make them are effectively doubled unless they can resolve the underlying issues. At this point, they can’t. As they explained in an earlier update, their project is basically out of money. One of their engineers supposedly went as far as sleeping in a van outside of the production factory so that he didn’t have to pay for a hotel.

Hardware is difficult.

Thoughts on Mark Gurman’s 9to5Mac article about Apple Watch rumors » Mobile Forward

Hristo Daniel Ushev, who worked at Motorola for eight years, on Gurman’s likely source, who he reckons is probably not an Apple employee:

It’s probably someone helping Apple with consumer research. I’m saying that because the leaked information concerns:

• “Considerations” (as far from a shipping product as a PowerPoint slide)
• Visible features, but no granular attributes (spec-level knowledge or software features)
• Price point variants
• Granular information from consumer research

Let’s combine these: a likely-external person, discussing feature “considerations”, without spec or software detail, about price point variants, and quoting granular information from consumer research. Based on that, I think it’s probably a low level employee (or attention-seeker) from a research firm that Apple trusted. The “considerations” may be features that appeared in a research aid.

Rings true. Takes nothing away from Gurman’s work in developing sources, of course.

Can Wikipedia survive? » The New York Times

Andrew Lih:

One of the biggest threats it faces is the rise of smartphones as the dominant personal computing device. A recent Pew Research Center report found that 39 of the top 50 news sites received more traffic from mobile devices than from desktop and laptop computers, sales of which have declined for years.

This is a challenge for Wikipedia, which has always depended on contributors hunched over keyboards searching references, discussing changes and writing articles using a special markup code. Even before smartphones were widespread, studies consistently showed that these are daunting tasks for newcomers. “Not even our youngest and most computer-savvy participants accomplished these tasks with ease,” a 2009 user test concluded. The difficulty of bringing on new volunteers has resulted in seven straight years of declining editor participation.

In 2005, during Wikipedia’s peak years, there were months when more than 60 editors were made administrator — a position with special privileges in editing the English-language edition. For the past year, it has sometimes struggled to promote even one per month.

Google Chrome listening in to your room shows the importance of privacy defence in depth » Privacy Online News

Pirate Party chief Rick Falkvinge:

it should be noted that this was Chromium, the open-source version of Chrome. If somebody downloads the Google product Google Chrome, as in the prepackaged binary, you don’t even get a theoretical choice. You’re already downloading a black box from a vendor. In Google Chrome, this is all included from the start.

This episode highlights the need for hard, not soft, switches to all devices – webcams, microphones – that can be used for surveillance. A software on/off switch for a webcam is no longer enough, a hard shield in front of the lens is required. A software on/off switch for a microphone is no longer enough, a physical switch that breaks its electrical connection is required. That’s how you defend against this in depth.

Of course, people were quick to downplay the alarm. “It only listens when you say ‘Ok, Google’.” (Ok, so how does it know to start listening just before I’m about to say ‘Ok, Google?’) “It’s no big deal.” (A company stealth installs an audio listener that listens to every room in the world it can, and transmits audio data to the mothership when it encounters an unknown, possibly individually tailored, list of keywords – and it’s no big deal!?) “You can opt out. It’s in the Terms of Service.” (No. Just no. This is not something that is the slightest amount of permissible just because it’s hidden in legalese.) “It’s opt-in. It won’t really listen unless you check that box.” (Perhaps. We don’t know, Google just downloaded a black box onto my computer. And it may not be the same black box as was downloaded onto yours. )

Early last decade, privacy activists practically yelled and screamed that the NSA’s taps of various points of the Internet and telecom networks had the technical potential for enormous abuse against privacy. Everybody else dismissed those points as basically tinfoilhattery – until the Snowden files came out, and it was revealed that precisely everybody involved had abused their technical capability for invasion of privacy as far as was possible.

When Google is making Falkvinge look reasonable, it’s made a bad mistake.

April 2010: Nokia exec: phones to make system cameras obsolete » Reuters

Tarmo Virki:

(From April 2010:) Fast developing cameraphone technology will shortly make SLR system cameras and even professional cameras obsolete, the sales chief of the world’s top cellphone maker Nokia said on Tuesday. “They will in the very near future revolutionise the market for system cameras,” Anssi Vanjoki said in a speech in Helsinki.

“There will be no need to carry around those heavy lenses,” Vanjoki said, pointing to a professional photographer taking pictures of him.

The proliferation of smartphones with picture quality comparable to most pocket cameras has boosted photography around the world, but they have so far not challenged real system cameras due to phones’ smaller size and weaker technology.

Vanjoki said high-definition (HD) quality video recording was also coming to cellphones within the next 12 months.

Wasn’t wrong. Yet the other elements of the smartphone business were more important.

The Asia report: leading the shift from… » Flurry Insights Blog

Flurry’s Chris Klotzbach:

Although we continue to see growth and user engagement in traditional app categories like Messaging & Social and Gaming, users in Asia demonstrated that in 2015, they are utilizing their smartphones and apps for more functional and practical purposes. This is indicated in the growth in the Shopping & Lifestyle and Utilities & Productivity app categories. Asia is the home of the phablet, and we see users have embraced this form factor- not only in terms of installed base but actual app usage. Just as the rest of the world is beginning to catch on to the phablet, only time will tell if we’ll catch up to Asia’s propensity to be productive and shop!

Impact of iOS 9’s space requirement » David Smith

Smith is an iOS developer:

using the dataset I have from my Audiobooks app I took at look at how many of my customers have enough space for the upgrade.

The result was pretty promising.

66% of my customers on eligible devices have at least 1.3GB of free space. This compares to just 37% of users who would have immediately had sufficient space at the old iOS 8 requirement.

The distribution of eligible devices breaks out roughly as you’d expect for the various capacities Apple sells:

Apple iphone upgrade potential

The rate for the 16GB devices (54%) is higher than I would have initially feared. The 16GB capacity accounts for 58% of devices, so it is vitally important that its users have the ability to upgrade.

This reduction in the space requirement (and other things Apple is doing on this front) make me think iOS 9 adoption to be even faster than iOS 8’s.

Google launches free streaming service ahead of Apple Music debut » Reuters

Yasmeen Abutaleb:

Google Inc launched a free version of its music streaming service on Tuesday, as it sought to upstage the debut of Apple Inc’s rival service next week.

Google Play Music has offered a $9.99 per month subscription service for two years but Tuesday’s launch is the first free version of the streaming service. It is available online and will be available on Android and iOS by the end of the week, Elias Roman, Google product manager, said.

Apple said earlier this month it would launch a music streaming service on June 30 for $9.99 per month along with a $14.99 per month family plan, with a free three-month trial.

As with other streaming services, such as Spotify and Rhapsody, Google Play Music curates playlists. Users can tailor playlists based on genre, artist or even activity, such as hosting a pool party or “having fun at work.”

“We believe this is a play that will expose a lot of people to the service,” Roman said in an interview.

Unlike Google’s subscription music service, the free service will carry ads, be unavailable offline and exclude certain songs.

Here’s the official announcement. What I find really weird is that Google, the high priests of “let machines do it”, is highlighting the human-curated nature of these playlists.

Start up: Apple’s hacker flaw, Downing St’s FOI oddity, machines that parse art, and more

“You mean all we need to do to defeat him is adopt HTML5? Why didn’t you say?” Photo by Tom Simpson on Flickr.

A selection of 8 links for you. Uninflammable. I’m charlesarthur on Twitter. Observations and links welcome.

Encryption “would not have helped” at OPM, says DHS official » Ars Technica

Sean Gallagher:

pressed on why systems had not been protected with encryption prior to the recent discovery of an intrusion that gave attackers access to sensitive data on millions of government employees and government contractors, [US Office of Personnel Management Katherine Archuleta] said, “It is not feasible to implement on networks that are too old.” She added that the agency is now working to encrypt data within its networks.

But even if the systems had been encrypted, it likely wouldn’t have mattered. Department of Homeland Security Assistant Secretary for Cybersecurity Dr. Andy Ozment testified that encryption would “not have helped in this case” because the attackers had gained valid user credentials to the systems that they attacked—likely through social engineering. And because of the lack of multifactor authentication on these systems, the attackers would have been able to use those credentials at will to access systems from within and potentially even from outside the network…

…nearly every question of substance about the breach—which systems were affected, how many individuals’ data was exposed, what type of data was accessed, and the potential security implications of that data—was deferred by Archuleta on the grounds that the information was classified. What wasn’t classified was OPM’s horrible track record on security, which dates back at least to the George W. Bush administration—if not further.

Serious OS X and iOS flaws let hackers steal keychain, 1Password contents » Ars Technica

Dan Goodin:

The malicious proof-of-concept apps were approved by the Apple Store, which requires all qualifying submissions to treat every other app as untrusted. Despite the supposed vetting by Apple engineers, the researchers’ apps were able to bypass sandboxing protections that are supposed to prevent one app from accessing the credentials, contacts, and other resources belonging to another app. Like Linux, Android, Windows, and most other mainstream OSes, OS X and iOS strictly limit app access for the purpose of protecting them against malware. The success of the researchers’ cross-app resource access—or XARA—attacks, raises troubling doubts about those assurances on the widely used Apple platforms.

“The consequences are dire,” they wrote in a research paper titled Unauthorized Cross-App Resource Access on MAC OS X and iOS. “For example, on the latest Mac OS X 10.10.3, our sandboxed app successfully retrieved from the system’s keychain the passwords and secret tokens of iCloud, email and all kinds of social networks stored there by the system app Internet Accounts, and bank and Gmail passwords from Google Chrome.”…

…It’s not the first time researchers have found flaws in application sandboxes. The attack exploiting WebSocket weaknesses, for instance, can also succeed in Windows under certain conditions, the researchers said. Interestingly, they said application sandboxing in Google’s Android OS was much better at withstanding XARA threats.

For the time being, the researchers told Ars, there isn’t much end users can do except wait for Apple to fix the vulnerabilities.

Bad (though not deluge-of-malware bad; instead it’s sneaky-Trojan bad). Apple was told about this in October 2014. The best hope is that this is fixed in OS X 10.11 and iOS 9, but there’s no clear indication of how hard it is to fix.

Freedom of information turns into Mission Impossible for Downing St emails »

Jim Pickard and Kiran Stacey:

Emails sent from computers in Downing Street are automatically deleted within three months under a system that makes it harder for the public to obtain answers to “freedom of information” requests, former staff have disclosed.

The system, instigated a decade ago but not widely known about, means that messages are only held beyond that period if an individual saves them. It is widely blamed by government advisers for what one former employee called a sometimes “dysfunctional” operation at the heart of Whitehall.

The email system was introduced under the Labour government in late 2004, just weeks before January 2005 when the Freedom of Information Act belatedly came into force.

“The timing of this very strongly indicates that it was not a coincidence,” said Maurice Frankel, director of the UK Campaign for Freedom of Information.

Gee, ya think?

China and Russia almost definitely have the Snowden docs » WIRED

Bruce Schneier (who is a veritable security expert; if he says it, it’s true):

The vulnerability is not Snowden; it’s everyone who has access to the files.

First, the journalists working with the documents. I’ve handled some of the Snowden documents myself, and even though I’m a paranoid cryptographer, I know how difficult it is to maintain perfect security. It’s been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it’s almost certainly not enough to keep out the world’s intelligence services…

…In general, it’s far easier to attack a network than it is to defend the same network. This isn’t a statement about willpower or budget; it’s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game.

Even airgapped, never-connected computers can be attacked (don’t ask me how). The Guardian took extraordinary pains with its London copy: two people needed to enter passwords, at least two people needed to be present when documents were read, the computers used had never been online and had no connection.

But a simpler thought is this: if Snowden was one of 10,000 or so NSA staff with access to that data (and more in the UK), what are the chances that absolutely none of those has somehow been coerced or willingly turned over data to foreign powers? Pretty much zero.

Flash will soon be obsolete: it’s time for agencies to adapt » Advertising Age

David Evans on the fact that major browsers on desktop are hurrying to dump Flash:

If this sounds like a big problem to you, you’re absolutely right. If the major browsers were to disable Flash immediately, we could be looking at a scenario where roughly 84% of banners across the internet would not be viewable on desktop browsers. Rather than clicking on a visually dynamic, animated ad created to capture attention with movement and video, users would instead see a static banner in place of the intended ad, and most advertising creatives don’t pay much attention to the creation of static backups.

For advertisers, this could mean shelling out first-class money for economy-class impressions.
Though it might be painful to admit for an industry that has relied on Flash for over a decade, the right choice is to start creating desktop ads in the HTML5 language used to create ads for mobile.

This is a bit obvious to anyone who’s been paying attention for the past three years (minimum), but perhaps advertising has been looking somewhere else.

Market Monitor Q1 2015: LATAM smartphones grow 25% annually » Counterpoint Technology

Tina Lu:

LATAM is third, behind North America and Europe in the global ranking of smartphone shipment penetration.

• Except for Peru, majority of the key LATAM markets are seeing a significantly higher smartphone demand, with shipment penetration of total handsets between 77% and 99%.

• Overall feature phone demand has been declining, and so has been the overall scale and profitability of manufacturing and selling them. As a result, in countries like Argentina, due to government protectionist measures and import restrictions, vendors are manufacturing and selling only the more profitable smartphones. This has led to smartphone shipment penetration of sales to reach 99%; the highest in the region.

Here’s the shipment figure: Latam smartphone shipments Q1 2015

If you do the maths, on a 25% yoy growth both Samsung’s and LG’s shipments actually fell; Apple’s more than doubled. Alcatel and “Others” both grew faster than the market.

Apple’s Siri, Spotlight extend Google-like search inside iOS 9 apps, without tracking users » Apple Insider

Daniel Eran Dilger:

Because Apple is indexing in-app content for its search results, it can more easily suppress “Search Engine Optimization” malicious content or link spamming, as relevancy is tied to user engagement. If few users find a search result worthwhile, it can fade from relevance.

Many of the new search-related features Apple debuted for iOS 9 and OS X El Capitan bear a strong resemblance to some of predictive search features first introduced by Google starting back in 2012 as part of Android 4.1, branded as “Google Now.”

Since then, Google has introduced “app indexing,” a related feature designed to make the company’s web-style search more relevant to mobile users by delivering results that can open within local apps. For example, a recipe might open within a cookbook app, rather than just presenting the same information on a web page or dumping users into the app to find the recipe on their own.

The most profound difference between the two companies’ approach to in-app search is that Apple does not monetize its search with ads, and therefore has no need to capture and store users’ data and behaviors for future profiling, tied to a persistent user and device identifier that individuals can’t easily remove.

Apple is perhaps two years behind Google on this – but most people are using a version of Android that is at least two years old (87% are using 4.4, KitKat, from November 2013, or earlier). Which means that by November or so, Apple will roughly have parity on this feature.

Machine vision algorithm chooses the most creative paintings in history » MIT Technology Review

The job of distinguishing the most creative from the others falls to art historians. And it is no easy task. It requires, at the very least, an encyclopedic knowledge of the history of art. The historian must then spot novel features and be able to recognize similar features in future paintings to determine their influence.

Those are tricky tasks for a human and until recently, it would have been unimaginable that a computer could take them on. But today that changes thanks to the work of Ahmed Elgammal and Babak Saleh at Rutgers University in New Jersey, who say they have a machine that can do just this.

machine vision view of art

They’ve put it to work on a database of some 62,000 pictures of fine art paintings to determine those that are the most creative in history. The results provide a new way to explore the history of art and the role that creativity has played in it.

Can’t be long before someone puts a human art historian up against the machine to see who spots the fake. (By the way, there was no byline I could find on the story. Maybe a robot wrote it.)