Start up: who backs the FBI?, Google gets RCS, LG goes modular, Linux Mint backdoored, and more

Does the American public back Apple or the FBI in the fight over encryption? Photo by IceNineJon on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

After Jibe Mobile buy, Google to provide carriers with Android RCS client » TechCrunch

Natasha Lomas is very unimpressed by Google’s announcement with carriers at MWC:

»at the time of the acquisition of [RCS app maker] Jibe [in September 2015], telecoms analyst Dean Bubley suggested Mountain View’s move was actually aimed at building its own Android-to-Android iMessage competitor — a theory he’s still not ruling out, so perhaps Google still has some hopes on that front.

Albeit, Bubley couches Google’s latest RCS pronouncement as “very lukewarm”, noting it has not specified the client will be on all Android devices, for example, even if what is clearly carrier-written PR talks about reaching “all Android devices” — which would encompasses an awful lot of hardware these days, from phones to smart TVs, to smartwatches and more. (We’ve asked Google for some clarity here and will update this post with any response).

A Google spokeswoman said: “Once deployed, the Universal RCS Client will come standard for all Android devices globally, providing a more consistent experience with more advanced features.”  To be clear, that’s ‘standard’ in the sense of OEMs and carriers being able to choose to install it — so not universal, not mandated by Google and thus most certainly fragmented. (Also on fragmentation the spokeswoman confirmed that currently the client only works on phones and tablets, so not all Android devices by any means.)

There’s also no clear timeframe on when Google will be delivering the RCS client. (The spokeswoman had no concrete commitments to impart here, saying only that Google is “planning to launch later this year”.) And, as noted above, without ubiquity it’s going to mean fragmentation keeps RCS-powered messaging apps from building the sought for mass messaging momentum via the platform.

«

Expectations that Google would introduce a sort of iMessage-like app across all Android devices via Google Play seem overblown. It’s also not very private.
link to this extract

 


October 2015: Android 6.0 re-implements mandatory storage encryption for new devices » Ars Technica

Andrew Cunningham in October 2015:

»Shortly after the announcement of iOS 8 in 2014, Google made headlines by saying that it would make full-device encryption mandatory for new Android devices running version 5.0. It then made more headlines several months later when we discovered that the company backed down, “strongly recommending” that Android device makers enable encryption but stopping short of actually requiring it.

Now Google has published an updated version of the Android Compatibility Definition Document (PDF) for Android 6.0, and it looks like mandatory encryption is back with a couple of exceptions. New devices that come with Marshmallow and have AES crypto performance above 50MiB-per-second need to support encryption of the private user data partition (/data) and the public data partition (/sdcard).

«

Still unclear which devices actually implement this. Is there a table or list anywhere?
link to this extract

 


More support for Justice Department than for Apple in dispute over unlocking iPhone » Pew Research Center

»As the standoff between the Department of Justice and Apple Inc. continues over an iPhone used by one of the suspects in the San Bernardino terrorist attacks, 51% say Apple should unlock the iPhone to assist the ongoing FBI investigation. Fewer Americans (38%) say Apple should not unlock the phone to ensure the security of its other users’ information; 11% do not offer an opinion on the question.

News about a federal court ordering Apple to unlock the suspect’s iPhone has registered widely with the public: 75% say they have heard either a lot (39%) or a little (36%) about the situation.

«

Survey of 1,002 adults, so statistically valid (as you’d expect from Pew). The FBI, as we knew, has chosen its fight carefully.
link to this extract

 


Hacker explains how he put “backdoor” in hundreds of Linux Mint downloads » ZDNet

Zack Whittaker:

»The surprise announcement of the hack was made Saturday by project leader Clement Lefebvre, who confirmed the news.

Lefebvre said in a blog post that only downloads from Saturday were compromised, and subsequently pulled the site offline to prevent further downloads.

The hacker responsible, who goes by the name “Peace,” told me in an encrypted chat on Sunday that a “few hundred” Linux Mint installs were under their control [for a botnet] – a significant portion of the thousand-plus downloads during the day.

But that’s only half of the story.

Peace also claimed to have stolen an entire copy of the site’s forum twice — one from January 28, and most recently February 18, two days before the hack was confirmed.

The hacker shared a portion of the forum dump, which we verified contains some personally identifiable information, such as email addresses, birthdates, profile pictures, as well as scrambled passwords.

Those passwords might not stay that way for much longer. The hacker said that some passwords have already been cracked, with more on the way. (It’s understood that the site used PHPass to hash the passwords, which can be cracked.)

«

These days I operate on the default assumption that any site into which I put personal information will get hacked eventually. On that basis I’m parsimonious with such information.

Backdoors in Linux, though – not good. (Mint is reckoned to be the third most popular distro.)
link to this extract

 


LG’s G5 is a radical reinvention of the flagship Android smartphone » The Verge

Vlad Savov on the “Friends” additions for the LG G5:

»A small key on the side of the phone pops open its lower section, which can be pulled out along with the battery, then the battery is fitted into the next module and that straps back into the phone. The whole process sounds finicky, but there’s nothing flimsy about the way LG has constructed either the phone, its battery, or the extras, so everything can be done quickly and forcefully. And yes, it really does feel like loading a fresh clip into your gun.

The first plug-in module is the LG Cam Plus, which offers an enlarged camera grip for single-handed photography and also contains extra battery power. This Friend is decorated with a physical shutter button, a dedicated video recording key, an LED indicator, and a very satisfying jog dial to control zoom on the G5. You’re still using the two cameras built into the phone itself, but this extra part essentially reshapes the device and gives it extra juice to keep going for 6 to 8 hours longer, expanding the battery from 2,800mAh to 4,000mAh.

The LG Hi-Fi Plus is an external 32-bit DAC and amplifier combo unit, tuned in collaboration with Bang & Olufsen. It supports native DSD playback and will come with a pair of H3 B&O Play earphones. Unlike the Cam Plus, this module doesn’t really affect the shape or ergonomics of the G5. It just makes it a little longer and breaks up its color synchronicity (the Hi-Fi Plus is a matte black, whereas the phones vary between silver, gold, pink, and a graphite shade that LG calls “titan”). Importantly, the Hi-Fi Plus will process and upsample content from any app producing sound on the phone, including YouTube clips.

Also making their debut today are the LG 360 Cam and LG 360 VR headset. The camera is a dual-sensor spherical camera that captures either 16-megapixel stills or up to 2K video and will have immediate support from YouTube 360 and Google Street View.

«

And there’s even a VR headset. Price? “Reasonable,” according to LG, not giving a price. I’m unsure that “Friends” will get enough traction unless they’re available on all LG’s smartphones – but in that case, why would you buy the G5? Modularity in the handset kills premium pricing even faster than OS modularity.
link to this extract

 


Smartphone ownership and internet usage continues to climb in emerging economies » Pew Research Center

»For smartphone ownership, the digital divide between less advanced economies and developed economies is 31 points in 2015. But smartphone ownership rates in emerging and developing nations are rising at an extraordinary rate, climbing from a median of 21% in 2013 to 37% in 2015. And overwhelming majorities in almost every nation surveyed report owning some form of mobile device, even if they are not considered “smartphones.”

«

link to this extract

 


Telegraph suspends comment on relaunched online content » The Guardian

Mark Sweney:

»The Telegraph has suspended online comment on stories and features “until further notice” as part of a review of the way the newspaper engages with its audience.

As part of the relaunch of Telegraph.co.uk, the company is also researching whether to reinstate the facility. The print edition of the newspaper has recently been given a new look.

The roll-out of the new-look site is being done in stages with travel, TV, lifestyle and technology sections already live, but with comments turned off. The parts of the site that have not yet been included in the redesign still allow comments.

A spokesman for the Telegraph said: “In the process of migrating its site to a new online platform, the Telegraph has suspended the comment function in some areas under transition until further notice.

“It’s also undertaking research to understand the best way to support reader engagement, but in the meantime they can continue to comment on and share articles through Telegraph Facebook pages, or via Twitter, in the usual way.”

«

“In the usual way”? Anyway; another one onto the list. I should be totting these up.
link to this extract

 


In search of a business model: the future of journalism in an age of social media and dramatic declines in print revenue » Shorenstein Center

»Nicco Mele [former deputy publisher of the Los Angeles Times] described a deepening crisis in the newspaper industry: although some outlets are seeing the largest online audiences they have ever had, revenue is still shrinking. On a local level, preprint advertising (e.g. coupons) has seen a steep decline as retailers like Wal-Mart and Best Buy face challenges of their own. Paradoxically, print advertising still generates the vast majority of newspaper revenue – an undesirable situation, given the cost of printing.

“If the next three years look like the last three years, I think we’re going to look at the 50 largest metropolitan papers in the country and expect somewhere between a third to a half of them to go out of business,” said Mele.

Mele noted that newer entrants such as Buzzfeed, Vox and Vice rely in large part on venture capital. “None of them are yet true public companies with a clear sense of what their revenue equation looks like,” he said.

And although philanthropic and government funding could be options, Mele stressed the importance of news outlets remaining economically independent from large institutions to better fulfill their duty of holding power accountable.

What is clear is that diversity in revenue streams will be an essential part of the future, said Mele, and part of the mix could include two effective but “underappreciated” options: subscription revenue and native content.

«

The point about Buzzfeed, Vice and Vox is pretty keen: they’re still amped up on the sugar of VC money.
link to this extract

 


A skeleton key of unknown strength » Dan Kaminsky’s Blog

Kaminsky is a security researcher of some renown; here is his take on the bug in glibc, a very widely used C library:

»Patch this bug.  You’ll have to reboot your servers.  It will be somewhat disruptive.  Patch this bug now, before the cache traversing attacks are discovered, because even the on-path attacks are concerning enough.  Patch.  And if patching is not a thing you know how to do, automatic patching needs to be something you demand from the infrastructure you deploy on your network.  If it might not be safe in six months, why are you paying for it today?

It’s important to realize that while this bug was just discovered, it’s not actually new.  CVE-2015-7547 has been around for eight years.  Literally, six weeks before I unveiled my own grand fix to DNS (July 2008), this catastrophic code was committed.

Nobody noticed.

The timing is a bit troublesome, but let’s be realistic:  there’s only so many months to go around.  The real issue is it took almost a decade to fix this new issue, right after it took a decade to fix my old one (DJB didn’t quite identify the bug, but he absolutely called the fix).  The Internet is not less important to global commerce than it was in 2008. Hacker latency continues to be a real problem.

What maybe has changed over the years is the strangely increasing amount of talk about how the Internet is perhaps too secure.  I don’t believe that, and I don’t believe anyone in business (or even with a credit card) does either.

«

Wonder whose commit it was.
link to this extract

 


Customer Letter – FAQ » Apple

Apple has added on some answers to its “Customer Letter” from last week:

»Q: The government says your objection appears to be based on concern for your business model and marketing strategy. Is that true?

A: Absolutely not. Nothing could be further from the truth. This is and always has been about our customers. We feel strongly that if we were to do what the government has asked of us — to create a backdoor to our products — not only is it unlawful, but it puts the vast majority of good and law abiding citizens, who rely on iPhone to protect their most personal and important data, at risk.

Q: Is there any other way you can help the FBI?
A: We have done everything that’s both within our power and within the law to help in this case. As we’ve said, we have no sympathy for terrorists.

We provided all the information about the phone that we possessed. We also proactively offered advice on obtaining additional information. Even since the government’s order was issued, we are providing further suggestions after learning new information from the Justice Department’s filings.

One of the strongest suggestions we offered was that they pair the phone to a previously joined network, which would allow them to back up the phone and get the data they are now asking for. Unfortunately, we learned that while the attacker’s iPhone was in FBI custody the Apple ID password associated with the phone was changed. Changing this password meant the phone could no longer access iCloud services.

«

“It’s not our fault they acted like bozos.”
link to this extract

 


Can the government compel Apple to speak? » Lawfare

Andrew Keane Woods (assistant professor of law at the University of Kentucky College of Law, formerly at Stanford as a cybersecurity fellow) on the 1st Amendment implications of the Apple/FBI case:

»code can be a form of speech. The lock-swapping mechanism required in this case would require Apple’s engineers to sit down at a computer and start writing.  And that action, as courts recognized long ago, is speech. In Bernstein v. Department of Justice, the Electronic Frontier Foundation successfully argued that Daniel J. Bernstein, then a graduate student at Berkeley, had a constitutionally protected right to publish his source code, despite the government’s efforts to block it. (Fittingly enough, the code was for encryption software, which the government tried to suppress on the theory that encryption software is a munition subject to export controls.)

If code is speech, and the government is compelling Apple to code, then it looks an awful lot like the government is compelling speech. That does not resolve the issue, of course, but it opens up a new field for debate – one that has not receive enough attention. The government will respond to this claim by noting that Apple’s code is a far cry from the pledge of allegiance, and therefore does not raise the Establishment Clause concerns that applied in [the case of] Barnette [where schoolchildren were being required, against the constitution, to recite the Pledge of Allegiance]. Maybe. Apple will reply that their word is their most important asset, and that the federal government is compelling them to say something they do not believe.

«

This point hasn’t been much mentioned, but is sure to be brought up. The ramifications of this case really are fascinating.
link to this extract

 


Errata, corrigenda and ai no corrida:

Start up: FBI v Apple redux, Google’s Cloud Vision, fixing #error53, Iraq’s lost iridium, and more

You can always sign up to receive each day’s Start Up post by email. Try it. Unless you’re reading the email.

A selection of 12 links for you. Remember, Friday is for life, not just for Christmas. I’m charlesarthur on Twitter. Observations and links welcome.

Statement on FBI-Apple court order » Congressman Ted Lieu

This might not be what you expect:

»Congressman Ted Lieu (D-Los Angeles County) issued the following statement regarding the APPLE court order. Congressman Lieu is one of only four computer science majors in Congress.  Congressman Lieu is also the author of the ENCRYPT ACT of 2016.

“The terrorist attack in San Bernardino was horrific and the tragic loss of innocent lives demands a strong response.  I have several deep concerns, however, about the unprecedented court order that forces Apple to create software it does not have in order to provide a “back door” way to weaken its smartphone encryption system.

This FBI court order, by compelling a private sector company to write new software, is essentially making that company an arm of law-enforcement.   Private sector companies are not—and should not be—an arm of government or law enforcement.

This court order also begs the question: Where does this kind of coercion stop?  Can the government force Facebook to create software that provides analytic data on who is likely to be a criminal?  Can the government force Google to provide the names of all people who searched for the term ISIL?  Can the government force Amazon to write software that identifies who might be suspicious based on the books they ordered?”

«

link to this extract

 


A Linux-powered microwave oven [LWN.net]

Neil Brown:

»Adding a smartphone-like touchscreen and a network connection and encouraging a community to build innovative apps such as recipe sharing are fairly obvious ideas once you think to put “Linux” and “microwave oven” together, but Tulloh’s vision and prototype lead well beyond there. Two novel features that have been fitted are a thermal camera and a scale for measuring weight.

The thermal camera provides an eight-by-eight-pixel image of the contents of the oven with a precision of about two degrees. This is enough to detect if a glass of milk is about to boil over, or if the steak being thawed is in danger of getting cooked. In either case, the power can be reduced or removed. If appropriate, an alert can be sounded. This would not be the first microwave to be temperature sensitive — GE sold microwave ovens with temperature probes decades ago — but an always-present sensor is much more useful than a manually inserted probe, especially when there is an accessible API behind it.«

Just wait until you get onto the bit about making sure the door is shut (which is what stops you blasting the room with microwaves that would cook you).
link to this extract

 


Learning the Alphabet » The Verge

Ben Popper:

»For the most part, [Flint, Michigan schools technology director Dan] Davenport’s repository consisted of eight- to 10-year-old Dell desktops and laptops he had robbed of RAM and other components to help speed up or repair machines used by teachers. “We are left with these mismatched parts.” And yet, when he set the machines up to run Neverware’s Cloud Ready version of Chromium, they outperformed newer Windows machines the school was using. “If you are comparing what we used to run, Chrome and Neverware is a better experience for the end user.”

Davenport estimates that to get a new machine and the proper license, it would cost around $400 for each new Windows computer and $200 for each new Chromebook. “With Neverware it’s costing me 50 bucks.” The school is now adapting several computer labs to run Neverware chromebooks. “Hey, that’s an interesting model,” says Davenport with a chuckle. “Run on your oldest junk for next to no money.” The transformation at Ovid-Elsie is striking, but far from unique. It’s just one example of a much larger trend toward cloud computing, a paradigm shift that has radically reshaped the technological landscape at schools across the United States.

«

Popper says – in the first comment on the article – “I’ve been writing about Neverware since 2009. Pretty crazy how much things have changed since then.”

But the general point about Neverware, which tried to get Dell and HP interested but found none for lengthening PC life cycles, and cloud computing in schools, is well made. Certainly a threat to Microsoft in schools.
link to this extract

 


Google Cloud Vision API enters Beta, open to all to try! » Google Cloud Platform Blog

Ram Ramanathan, product manager:

»Today, we’re announcing the beta release of Google Cloud Vision API. Now anyone can submit their images to the Cloud Vision API to understand the contents of those images — from detecting everyday objects (for example, “sports car,” “sushi,” or “eagle”) to reading text within the image or identifying product logos.

With the beta release of Cloud Vision API, you can access the API with location of images stored in Google Cloud Storage, along with existing support of embedding an image as part of the API request. We’re also announcing pricing for Cloud Vision API and added additional capabilities to identify the dominant color of an image. For example, you can now apply Label Detection on an image for as little as $2 per 1,000 images or Optical Character Recognition (OCR) for $0.60 for 1,000 images. Pricing will be effective, starting March 1st.

«

I feel like this is partly the work of Pete Warden – it looks so like his work at Jetpac.
link to this extract

 


Apple fixes iPhones disabled by Error 53 caused by unofficial repairs » Techcrunch

Matthew Panzarino:

»Today, Apple is issuing an updated version of iOS 9.2.1 for users that update their iPhones via iTunes only. This update will restore phones ‘bricked’ or disabled by Error 53 and will prevent future iPhones that have had their home button (or the cable) replaced by third-party repair centers from being disabled. Note that this is a patched version of iOS 9.2.1, previously issued, not a brand-new version of iOS.

A new support document on Apple’s site has been issued that details the causes and repair methods for Error 53.

The update is not for users who update their iPhones over the air (OTA) via iCloud. If you update your phone that way, you should never have encountered Error 53 in the first place. If, however, you update via iTunes or your phone is bricked, you should be able to plug it into iTunes to get the update today, restoring your phone’s functionality.

«

That was quick. And it disables TouchID, or leaves it disabled – which is the course of action you’d hope for. (Thanks Jonathan Davey for the link.)
link to this extract

 


Data broker defendants settle FTC charges they sold sensitive personal information to scammers » Federal Trade Commission

»“LeapLab purchased sensitive information, including Social Security and bank account numbers, from pay-day-loan websites, and then sold that information to entities it knew had no legitimate need for it,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection.  “That allowed scammers to steal millions of dollars from people’s accounts.”

In its complaint, the FTC alleged that the defendants collected hundreds of thousands of loan applications submitted by financially strapped consumers to payday loan sites. Each application contained the consumer’s name, address, phone number, employer, Social Security number, and bank account number, including the bank routing number.

The defendants sold 95 percent of these sensitive applications for approximately $0.50 each to non-lenders that did not use the information to assist consumers in obtaining a payday loan or other extension of credit and had no legitimate need for this financial information. In fact, at least one of those marketers, Ideal Financial Solutions – a defendant in another FTC case  – used the information to withdraw millions of dollars from consumers’ accounts without their authorization.

«

Classy. It’s a $5.7m judgment, but suspended.
link to this extract

 


The hidden homescreen » Medium

Matt Hartman:

»The move to chat-based interfaces is mainly developer driven: relative to a native iOS or Android app, development of a chat-based app is faster and marketing is less crowded (for now). It is also partly consumer driven in that it is a painful for consumers to have to switch in and out of different apps — or even to have to download an app at all. However the developer pain point is more significant at present.

For app developers, marketing is often hard. #Homescreen data shows that apps on users’ homescreens are pretty calcified. In January 2016 over 50,000 apps were submitted to the app store. However, most smartphone users download zero apps per month.

«

We’re probably going to see more chat interfaces, as Hartman points out (look at Quartz’s new news app), but as he also points out, lots of them will struggle to gather enough context to be useful compared to the interfaces we already have.
link to this extract

 


Exclusive: Radioactive material stolen in Iraq raises security fears » Reuters

Ahmed Rasheed, Aref Mohammed and Stephen Kalin:

»Iraq is searching for “highly dangerous” radioactive material stolen last year, according to an environment ministry document and seven security, environmental and provincial officials who fear it could be used as a weapon if acquired by Islamic State.

The material, stored in a protective case the size of a laptop computer, went missing in November from a storage facility near the southern city of Basra belonging to U.S. oilfield services company Weatherford WFT.N, the document seen by Reuters showed and officials confirmed.

A spokesman for Iraq’s environment ministry said he could not discuss the issue, citing national security concerns…

…A U.S. official said separately that Iraq had reported a missing specialized camera containing highly radioactive Iridium-192 to the International Atomic Energy Agency (IAEA), the Vienna-based U.N. nuclear watchdog, in November.

“They’ve been looking for it ever since. Whether it was just misplaced, or actually stolen, isn’t clear,” said the official, who requested anonymity because of the sensitivity of the matter.

The environment ministry document, dated Nov. 30 and addressed to the ministry’s Centre for Prevention of Radiation, describes “the theft of a highly dangerous radioactive source of Ir-192 with highly radioactive activity belonging to SGS from a depot belonging to Weatherford in the Rafidhia area of Basra province”.

«

More about Ir-192: “has accounted for the majority of cases tracked by the U.S. Nuclear Regulatory Commission in which radioactive materials have gone missing in quantities large enough to make a dirty bomb.” More reading from 2007 from the New Yorker.
link to this extract

 


The most important Apple executive you’ve never heard of » Bloomberg Businessweek

Brad Stone, Adam Satariano, and Gwen Ackerman:

»A little over a year ago, Apple had a problem: The iPad Pro was behind schedule. Elements of the hardware, software, and accompanying stylus weren’t going to be ready for a release in the spring. Chief Executive Officer Tim Cook and his top lieutenants had to delay the unveiling until the fall. That gave most of Apple’s engineers more time. It gave a little-known executive named Johny Srouji much less.

Srouji is the senior vice president for hardware technologies at Apple. He runs the division that makes processor chips, the silicon brains inside the iPhone, iPad, Apple Watch, and Apple TV. The original plan was to introduce the iPad Pro with Apple’s tablet chip, the A8X, the same processor that powered the iPad Air 2, introduced in 2014. But delaying until fall meant that the Pro would make its debut alongside the iPhone 6s, which was going to use a newer, faster phone chip called the A9.

This is the stuff that keeps technology executives up at night. The iPad Pro was important: It was Apple’s attempt to sell tablets to business customers. And it would look feeble next to the iPhone 6s. So Srouji put his engineers on a crash program to move up the rollout of a new tablet processor, the A9X, by half a year. The engineers finished in time, and the Pro hit the market with the faster chip and a 12.9in display packed with 5.6 million pixels.

«

Useful profile (and a little scoop-ette in the intro), though of course Apple – and Srouji – won’t indicate what direction the chip design there is going. There’s also the question of quite what delta it gives it over those using chips from TSMC et al; aside from the reference to the 64-bit shift, that isn’t addressed clearly.
link to this extract

 


Apple, the FBI, and the San Bernadino iPhone

Dan Wallach:

»Q What’s so bad about Apple doing what the FBI wants?

A Apple’s concern is the precedent set by the FBI’s demand and the judge’s order. If the FBI can compel Apple to create a backdoor like this, then so can anybody else. You’ve now opened the floodgates to every small-town police chief, never mind discovery orders in civil lawsuits. How is Apple supposed to validate and prioritize these requests? What happens when they come from foreign governments? If China demands a custom software build to attack a U.S. resident, how is Apple supposed to judge whether that user and their phone happen to be under the jurisdiction of Chinese law? What if the U.S. then passes a law prohibiting Apple from honoring Chinese requests like this? That way lies madness, and that’s where we’re going.

Even if we could somehow make this work, purely as an engineering matter, it’s not feasible to imagine a backdoor mechanism that will support the full gamut of seemingly legal requests to exercise it.

«

link to this extract

 


If you want life insurance, think twice before getting a genetic test » Fast Company

Christina Farr:

»Jennifer Marie* should be an ideal candidate for life insurance: She’s 36, gainfully employed, and has no current medical issues.

But on September 15 last year, Jennifer Marie’s application for life insurance was denied.

“Unfortunately after carefully reviewing your application, we regret that we are unable to provide you with coverage because of your positive BRCA 1 gene,” the letter reads. In the U.S., about one in 400 women have a BRCA 1 or 2 gene, which is associated with increased risk of breast and ovarian cancer.

Jennifer Marie provided a copy of the document to Fast Company on the condition that she and her insurance company remain anonymous, as she is still hoping to appeal the rejection.

«

You’re thinking “surely that’s illegal!” It would be for health insurance, under a 2008 law in the US – but that doesn’t apply to life insurance, long-term care or disability insurance.
link to this extract

 


Unlock your Windows 10 phone remotely » Windows Help

»Try unlocking your Windows 10 phone remotely if you get this message: “This device has been locked for security reasons. Connect your device to a power source for at least two hours and then try again.” The key is to reset your PIN through account.microsoft.com.

Go to account.microsoft.com/devices

Sign in with the same Microsoft account you use on the phone.

Click the Find my phone link.

Press Lock.

Enter a new PIN. Now you’ll be able to unlock your phone with your new PIN.

«

You can’t do this with an iPhone – you need to enter the existing PIN first. Clearly, the answer is for the FBI to issue would-be terrorists with Windows Phones running Windows Mobile 10 (it doesn’t work on 8) to simplify subsequent investigations. (Thanks Tero Alhonen for the link.)
link to this extract

 


Errata, corrigenda and ai no corrida: none noted.

Start up: talking to Barbie, BlackBerry’s criminal approach, mobile theses, tracing bitcoin, and more


I know – it’s backspace, 28 times. Photo by totumweb on Flickr.

Oh, you could get each day’s Start Up post by email. But it’s email, isn’t it? Email.

A selection of 9 links for you. Apply topically. I’m charlesarthur on Twitter. Observations and links welcome.

Talking toys are getting smarter: should we be worried? » WSJ

Geoffrey Fowler:

Maybe the best way to understand whether these toys hinder imagination is to look at their underlying technology. From an interactive standpoint, Hello Barbie is basically a voice-activated Choose-Your-Own-Adventure book, in that she gives children a limited number of choices as they go down the conversational path and has a finite, albeit vast, number of dialogue lines (8,000 in total, recorded by an actress).

Once you start talking to Hello Barbie, what you soon realize is that, although she can remember details—a child’s favorite color or whether she has a sibling—the doll is not a very good listener. Many of her questions are just setups to tell a scripted story. “If you could go on vacation anywhere in the world, where would you want to go?” she asked [test child] Riley before describing her own recent vacation. Sure, every now and then she invites Riley to chime in. (“It’s a warm day and my friends invited me to go to the beach. I’m not really sure what to wear. Um, maybe some mittens and a scarf?”) But ultimately, whatever the child says, Hello Barbie sticks to her script.

Despite Hello Barbie’s inability to participate in a child’s flights of fancy, the doll is programmed to extol the virtues of imagination. “I think it’s great to exercise your imagination and creativity!” she said to Riley. Also: “We love using our imaginations. We are so avant-garde!”

So the answer to the question posed in the headline is “not yet”. But not “not ever”. It feels very much like a slice from a Philip K Dick novella.
link to this extract


Detect and disconnect WiFi cameras in that AirBnB you’re staying in » Julian Oliver

There have been a few too many stories lately of AirBnB hosts caught spying on their guests with WiFi cameras, using DropCam cameras in particular. Here’s a quick script that will detect two popular brands of WiFi cameras during your stay and disconnect them in turn. It’s based on glasshole.sh. It should do away with the need to rummage around in other people’s stuff, racked with paranoia, looking for the things.

Thanks to Adam Harvey for giving me the push, not to mention for naming it.

May be illegal to use this script in the US (not that that will stop people). Note how the sharing, trusting economy has its limits.
link to this extract


Bypass Linux passwords by pressing backspace 28 times » Apextribune

Daniel Austin:

if certain conditions are met (mostly the proper version of the OS), pressing the backspace key 28 time in a row will cause the computer to reboot, or it will put Grub in rescue mode, Linux’s version of Safe Mode.

This will provide the would-be hacker with unauthorized access to a shell, which he can then use to rewrite the code in the Grub2 in order to gain full unauthorized access to the machine.

From this point, anything is possible, since the hacker would be able to do anything he wanted to the computer.

Vulnerable versions: Linux GRUB 1.98 (from 2009) through to the current 2.02 version. (Not Linux as said in earlier version of this post.)
link to this extract


Tracing the Bitcoinica theft of 40,000 btc in July 2012 » YouTube

So 10,000 bitcoins were stolen from MtGox in July 2012. You thought bitcoin were untraceable? Not at all. Watch and learn. Though this doesn’t mean the people named here are guilty of theft (he said, covering himself against any potential libel).


link to this extract


Activation lock checker » Apple

Before transferring ownership of an iPhone, iPad, iPod touch, or Apple Watch, make sure Activation Lock has been disabled and the device is ready for the next user.

The implication there is that it’s for you, the seller, to do the checking that you’ve turned it off – but the protection is really for buyers to make sure they don’t get a hot phone.
link to this extract


Competition is shifting to the high end » Tech.pinions

Jan Dawson:

Sony has abandoned PCs and continues to struggle in smartphones, HTC increasingly looks like it’s on its last legs as an Android vendor, Toshiba is considering spinning off its PC business, and Samsung’s smartphone business – once the poster child for success making Android phones – continues to slip. It sometimes seems as if the only vendors making Android phones and Windows PCs who aren’t struggling in some way are the licensors of the operating systems. And though we don’t have detailed financials for either company’s hardware business, they’ve both done it by focusing on selling premium devices at premium prices, and by tightening the integration between hardware and software.
What’s interesting is we haven’t seen any of the OEMs pursue this strategy. That likely reflects, in equal parts, a lack of capability and a lack of will, as these OEMs have neither the experience nor the desire to pursue the high end of the market. And yet it’s been clear for years that, while scale may be in the mass market, the margins are in the high end.

link to this extract


16 mobile theses » Benedict Evans

We’re now coming up to 9 years since the launch of the iPhone kicked off the smartphone revolution, and some of the first phases are over – Apple and Google both won the platform war, mostly, Facebook made the transition, mostly, and it’s now perfectly clear that mobile is the future of technology and of the internet. But within that, there’s a huge range of different themes and issues, many of which are still pretty unsettled.

In this post, I outline what I think are the 16 topics to think about within the current generation, and then link to the things I’ve written about them. In January, I’ll dig into some of the themes for the future – VR, AR, drones and AI, but this is where we are today.

I wouldn’t be surprised if the title is a subtle reference to Martin Luther (though he rambled on for 95 theses), but it’s impossible to argue against any of these; they simply state the ground where the world now stands. The point about mobile being 10x larger as an ecosystem now than the PC is an important one, though not the only important one.
link to this extract


August 2010: RIM’s Deal: Saudi Arabia Can Access BlackBerry User Data » DailyFinance

From August 2010, by Douglas McIntyre:

Saudi Arabia’s government announced it reached a deal with Research In Motion (RIMM) that will allow the Canadian maker of BlackBerry smartphones to continue operating its service there. Under the agreement, RIM will put a server in the nation that will allow the government to monitor messages to and from Blackberries. All of RIM’s servers have been in Canada until now so the company could guarantee confidentiality for its customers though the encryption process on those servers.

According to several news sources, similar deals will probably be sought by other countries that have voiced concerns about the Blackberry encryption procedures. First among these is the United Arab Emirates, which threatened to shut down RIM’s services there on Oct. 11. India and Indonesia have also said they’re concerned about the RIM confidentiality system and their inability to track information that they claim may not be in the best interests of their governments.

Everyone’s a criminal, after all – they just need to work out what they’re guilty of. Now read on.
link to this extract


The encryption debate: a way forward » Inside BlackBerry

John Chen, who is chief executive of BlackBerry, in December 2015:

For years, government officials have pleaded to the technology industry for help yet have been met with disdain. In fact, one of the world’s most powerful tech companies recently refused a lawful access request in an investigation of a known drug dealer because doing so would “substantially tarnish the brand” of the company. We are indeed in a dark place when companies put their reputations above the greater good. At BlackBerry, we understand, arguably more than any other large tech company, the importance of our privacy commitment to product success and brand value: privacy and security form the crux of everything we do. However, our privacy commitment does not extend to criminals.

BlackBerry is in a unique position to help bring the two sides of this debate together, to find common ground and a way forward. BlackBerry’s customers include not only millions of privacy-conscious consumers but also the banks, law firms, hospitals, and – yes, governments (including 16 of the G20) – that use our products and services to protect their highest value resources every single day. We stand as an existence proof that a proper balance can be struck.

We reject the notion that tech companies should refuse reasonable, lawful access requests.

The “powerful tech company” Chen is referring to there is Apple, which has refused to cooperate in unlocking an iOS 7-powered phone in a federal case (which remains under seal). There’s a search warrant for the phone, which is locked.

Chen’s stance though is really surprising. He seems to be saying “sure, we’ll cooperate with the government if it asks.” But what if it’s the Chinese government? Or the Syrian government? And what’s the mechanism that lets BlackBerry cooperate? From iOS 8 onwards, Apple simply can’t decrypt a phone, no matter what access it gets. Is BlackBerry ceding that ground?
link to this extract


Errata, corrigenda and ai no corrida: