Start up: the Foodpanda takeaway scam, watch iOS 9 grow!, 2 billion lines of Google, and more


“Hi! You look like you want an (artificially) intelligent conversation!” Photo by RomitaGirl67 on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. May cause. I’m charlesarthur on Twitter. Observations and links welcome.

Mixpanel Trends » Mixpanel Mobile Analytics

The link is to the iOS 9 adoption curve from Mixpanel; it’s live, so when you click through it’ll be the latest figures. At the time of writing, three hours after iOS 9 went live, its adoption was at 3.2%, against 7.2% for “older than iOS 8” and 89.6% for iOS 8. (Apple’s own stats on September 14 were 87% iOS 8, 11% iOS 7, 2% earlier.)
link to this extract


The trouble with Foodpanda » Livemint

Ashish Mishra with a terrific tale of a much-funded startup which didn’t quite figure out that not everyone is honest:

Let’s say you are a restaurant. Now, place 10 orders using 10 names or even the same name, each for Rs.300. Every order is a takeaway. Pay online using the BOGO voucher, a campaign (Buy One Get One) run by Foodpanda. So for Rs.300, get Rs.300 free. So for a Rs.600 order, you paid only Rs.300. How much does Foodpanda have to return to you, the restaurant? Rs.600. After deducting 12% as its cut, Rs.528. How much did you make in the process? Rs.228 . Did you have to deliver that order? Nope. So, a straight profit of Rs.228.

Now, let’s say you processed 100 such orders a day. For a month. Total investment: Rs.9 lakh. Reimbursed by Foodpanda: Rs.15.84 lakh. Your total gain, by just processing fake orders: Rs.6.84 lakh.

Now imagine you are not the only restaurant on the platform doing this.

link to this extract


Issue 178139 – android – Android full lockscreen bypass – 5.1.1 PoC » Android Open Source Project

John Gordon at the University of Texas at Austin:

Android 5.1.1 Lockscreen Bypass
—–
Summary: Unlock a locked device to access the homescreen, run arbitrary applications, and enable full adb access to the device. This includes access to encrypted user data on encrypted devices.
Prerequisites: Must have a password lockscreen enabled. (PIN / swipe untested)
Hardware: Nexus 4
Software: Google factory image – occam 5.1.1 (LMY47V)

Attack details:
Pasting a sufficiently large string into an input field will cause portions of the lockscreen to become unresponsive and allow the user to terminate those processes. An attacker can construct a large string by typing characters into the Emergency Dialer, then select all + copy + paste repeatedly to increase the string size exponentially. Once the string has been pasted, either into the Emergency Dialer or the lockscreen password prompt, attempting to type more characters or performing other intaractions quickly and repeatedly causes the process to become overloaded and crash, or produce a dialog allowing the user to kill the process. If done in a password prompt in the foreground of the camera application, this crash results in the homescreen or Settings applcation being exposed.

PIN/swipe is untested, rather than safe (as far as we can see). This seems to be pretty hard to do – the video is 18 minutes long, involving lots of copy/pasting. It’s not really a giant flaw like Stagefright; and Apple has had some egregious lockscreen bypasses in the past. (Though none in iOS 8 that I’ve seen.) The problem though is that this doesn’t help Android’s reputation among businesses considering whether to buy it. It’s not the exploit; it’s the suggestion of vulnerability.
link to this extract


Popping the publishing bubble » Stratechery

Ben Thompson, in his weekly “free to view” article, says that iOS 9’s adblockers are just going to finish what was already happening:

It is easy to feel sorry for publishers: before the Internet most were swimming in money, and for the first few years online it looked like online publications with lower costs of production would be profitable as well. The problem, though, was the assumption that advertising money would always be there, resulting in a “build it and they will come” mentality that focused almost exclusively on content product and far too little on sustainable business models.

In fact, publishers going forward need to have the exact opposite attitude of publishers in the past: instead of focusing on journalism and getting the business model for free, publishers need to start with a sustainable business model and focus on journalism that works hand-in-hand with the business model they have chosen. First and foremost that means publishers need to answer the most fundamental question required of any enterprise: are they a niche or scale business?

• Niche businesses make money by maximizing revenue per user on a (relatively) small user base
• Scale businesses make money by maximizing the number of users they reach
The truth is most publications are trying to do a little bit of everything: gain more revenue per user here, reach more users over there.

Worth it for the illustrations. You should subscribe so he can afford an iPad Pro and a stylus.
link to this extract


Google is 2 billion lines of code — and it’s all in one place » WIRED

Cade Metz:

Google has built its own “version control system” for juggling all this code. The system is called Piper, and it runs across the vast online infrastructure Google has built to run all its online services. According to [Google’s head of… big stuff? Rachel] Potvin, the system spans 10 different Google data centers.

It’s not just that all 2 billion lines of code sit inside a single system available to just about every engineer inside the company. It’s that this system gives Google engineers an unusual freedom to use and combine code from across myriad projects. “When you start a new project,” Potvin tells WIRED, “you have a wealth of libraries already available to you. Almost everything has already been done.” What’s more, engineers can make a single code change and instantly deploy it across all Google services. In updating one thing, they can update everything.

There are limitations this system. Potvin says certain highly sensitive code—stuff akin to the Google’s PageRank search algorithm—resides in separate repositories only available to specific employees. And because they don’t run on the ‘net and are very different things, Google stores code for its two device operating systems — Android and Chrome — on separate version control systems. But for the most part, Google code is a monolith that allows for the free flow of software building blocks, ideas, and solutions.

The point about Android and Chrome being on separate version control systems is one to note. Can’t merge the code until those two come together.
link to this extract


IPv6 will get a big boost from iOS 9, Facebook says » Computerworld

Stephen Lawson:

Even when all the pieces are in place for IPv6, iOS 8 makes an IPv6 connection only about half the time or less because of the way it treats the new protocol. With iOS 9, and IPv6 connection will happen 99% of the time, Saab predicts. 

IPv4 is running out of unused Internet addresses, while IPv6 is expected to have more than enough for all uses long into the future. Adoption has been slow since its completion in 1998 but is starting to accelerate. The release of iOS 9 may give a big boost to that trend. 

“Immediately, starting on the 16th, I’m expecting to see a lot more v6 traffic show up,” said Samir Vaidya, director of device technology at Verizon Wireless. About 50% of Verizon Wireless traffic uses IPv6, and Vaidya thinks it may be 70% by this time next year as subscribers flock to the iPhone 6s. 

Apple’s change should help drive more IPv6 use on Comcast’s network, too. About 25% of its traffic uses the new protocol now, and that figure could rise above 50% by early next year, said John Brzozowski, Comcast Cable’s chief IPv6 architect. 

This is the point, again and again. Android has the installed base; but iOS adoption is so rapid that it can drive change almost immediately.
link to this extract


Barbie wants to get to know your child » The New York Times

James Vlahos:

Hello Barbie is by far the most advanced to date in a new generation of A.I. toys whose makers share the aspiration of Geppetto: to persuade children that their toys are alive — or, at any rate, are something more than inanimate. At Ariana’s product-testing session, which took place in May at Mattel’s Imagination Center in El Segundo, Calif., near Los Angeles, Barbie asked her whether she would like to do randomly selected jobs, like being a scuba instructor or a hot-air-balloon pilot. Then they played a goofy chef game, in which Ariana told a mixed-up Barbie which ingredients went with which recipes — pepperoni with the pizza, marshmallows with the s’mores. ‘‘It’s really fun to cook with you,’’ Ariana said.

At one point, Barbie’s voice got serious. ‘‘I was wondering if I could get your advice on something,’’ Barbie asked. The doll explained that she and her friend Teresa had argued and weren’t speaking. ‘‘I really miss her, but I don’t know what to say to her now,’’ Barbie said. ‘‘What should I do?’’

‘‘Say ‘I’m sorry,’ ’’ Ariana replied.

‘‘You’re right. I should apologize,’’ Barbie said. ‘‘I’m not mad anymore. I just want to be friends again.’’

We now return you to our regular scheduled programming of “Philip K Dick short stories brought to life.” Take your pick: War Game, Second Variety or The Days of Perky Pat?
link to this extract


One great reason to update to iOS 9 – a nasty silent AirDrop attack is in town » Forbes

Australian researcher Mark Dowd, who heads up Azimuth Security, told FORBES ahead of Apple’s iOS 9 release on Wednesday that the flaw allowed anyone within range of an AirDrop user to install malware on a target device and tweak iOS settings so the exploit would still work if the victim rejected an incoming AirDrop file, as seen in the video below.

Users should update to iOS 9 and Mac OS X El Capitan, version 10.11, as soon as possible to avoid losing control of their phones and PCs to malware. Any iOS versions that support AirDrop, from iOS 7 onwards, are affected, as are Mac OS X versions from Yosemite onwards. There are few protections outside of upgrading, other than turning AirDrop off altogether. The service is off by default, though it’s possible to start it running from the lockscreen.

By carrying out what’s known as a “directory traversal attack”, where a hacker enters sections of the operating system they should not be able to access, Dowd found it was possible to exploit AirDrop and then alter configuration files to ensure iOS would accept any software signed with an Apple enterprise certificate. Those certificates are typically used by businesses to install software not hosted in the App Store and are supposed to guarantee trust in the provenance of the application. But, as FORBES found in a recent investigation into the Chinese iPhone jailbreaking industry, they’re often used to bypass Apple security protections.

I dunno, getting AirDrop to work is usually the biggest challenge I face. (The mitigation is pretty easy on any version – turn off Wi-Fi or Bluetooth, or turn Airdrop to accept files from Contacts Only or off; this leaves Wi-Fi and Bluetooth untouched.)
link to this extract


Google taken to court to uncloak ebook pirates » TorrentFreak

Early June, GAU [the Dutch trade organisation representing dozens of book publishers in the Netherlands] reported that Google appeared to be taking steps to prevent rogue sellers from offering illegal content via its Play store. The group also noted that BREIN was attempting to obtain the personal details of the ‘pirate’ seller from Google.

Unsurprisingly that wasn’t a straightforward exercise, with Google refusing to hand over the personal details of its user on a voluntary basis. If BREIN really wanted the seller’s identity it would have to obtain it via a court order. Yesterday the anti-piracy group began the process to do just that.

Appearing before the Court of The Hague, BREIN presented its case, arguing that the rogue seller was not merely a user of Google, but actually a commercial partner of Google Play, a partnership that earned revenue for both parties.

“The case is clear,” BREIN said in a statement.

“There was infringement carried out by an anonymous seller that was actually a commercial ‘partner’ of Google via Google Play. This is how Google refers to sellers in its own terms of use.”

BREIN says that ultimately Google is responsible for the unauthorized distribution and sales carried out via its service.

“There is no right to anonymously sell illegal stuff, not even on Google Play while Google earns money,” the anti-piracy group concludes.

In the UK I think this would be a fairly straightforward “Norwich Pharmacal” case. Wonder if Holland has anything comparable.
link to this extract


Start up: Apple’s AI hires, Spotify’s smart music, why refugees have smartphones, and more


What’s the motive for downloading the top 40 every week from a torrent site? Completism? Photo by DigitalTribes on Flickr.

A selection of 8 links for you. Handle with care. I’m charlesarthur on Twitter. Observations and links welcome.

Exclusive: Apple ups hiring, but faces obstacles to making phones smarter » Reuters

Apple has ramped up its hiring of artificial intelligence experts, recruiting from PhD programs, posting dozens of job listings and greatly increasing the size of its AI staff, a review of hiring sites suggests and numerous sources confirm.

The goal is to challenge Google in an area the Internet search giant has long dominated: smartphone features that give users what they want before they ask.

As part of its push, the company is currently trying to hire at least 86 more employees with expertise in the branch of artificial intelligence known as machine learning, according to a recent analysis of Apple job postings. The company has also stepped up its courtship of machine-learning PhDs, joining Google, Amazon, Facebook and others in a fierce contest, leading academics say.

But some experts say the iPhone maker’s strict stance on privacy is likely to undermine its ability to compete in the rapidly progressing field.

It’s certainly the case that Apple’s privacy stance is, as Sameer Singh says, its “strategy tax” (a strategy tax is an approach to a business area that prevents you exploiting it to the maximum: “Windows everywhere” was Microsoft’s strategy tax that prevented it doing mobile really well, Google’s is the need to collect data). The question is how much you do need that pooled personal information (as opposed to anonymous information) to do this well.
link to this extract


Field Notice: FN – 63697 – Protective Boot on Certain Network Cables Might Push the Mode Button and Cause an Unexpected Reset on the 48-Port Models of Cisco Catalyst 3650 and 3850 Series Switches » Cisco

“Certain” network cables being “pretty much every Ethernet cable you buy”. Like this:

Design screwups like this deserve their own Tumblr. Of note: the Cisco 3650 was released on October 10 2013; this note is dated October 30 2013. Of course it wasn’t caught in testing, but one suspects that customers discovered this pretty much on day one.
link to this extract


Inside Spotify and the future of music » Tech Insider

Alex Heath:

Spotify’s progress in sorting its library of 35 million songs can be traced back to The Echo Nest, a music intelligence company that was created within the MIT Media Lab a decade ago. Spotify bought The Echo Nest last March in what was reported to be a $100m deal.

Jim Lucchese, CEO of The Echo Nest, tells Tech Insider that his team of about 70 people are focused on delivering “the right listening experience at the right time” within Spotify.

They do this by analyzing the makeup of every song, how people are talking about music online, and how people are listening to it. While the company continues to work with clients like Rdio, Microsoft, Sirius, and Vevo, as it did before it was sold, its most cutting-edge work is developed and honed for Spotify.

One of The Echo Nest’s first projects for Spotify, reported last September on FiveThirtyEight, was developing dossiers of every user’s listening habits, which are now called “taste profiles.”

Ajay Kalia, who oversees the project, tells us they realized early on that there’s an important distinction between the music you listen to and music you actually like.

For example, just because I play a lot of instrumental, ambient music while I’m at work doesn’t mean that I have a particular affinity for those kinds of artists. And just because your significant other plays a lot of country music while you’re both in the car doesn’t mean you want a bunch of country playlists shoved at you.

This “listen to but not like” has often been the problem about music. This makes it sound as though Echo Nest is human-curated, which it really isn’t.
link to this extract


Google nears re-entry to mainland China » The Information

Amir Efrati:

As part of its broader China push, Google is expected to offer new incentives to phone makers to upgrade Android phones to the latest versions of the operating system, says one person briefed on its plans. The company wants more phones to run the advanced version of Android so that the software platform and experience can be more consistent for app developers and consumers.

As more Chinese app developers look to extend their apps beyond China’s borders and more non-Chinese app makers try to tap the Chinese market, Google wants to ensure all the apps work well across Android devices globally. Thus, hardware partners that will distribute Android Wear or Google Play in China will need to adhere to certain global compatibility standards, says the person familiar with the plan.

For its app store, Google has promised authorities that it will follow local laws and block apps that the government deems objectionable, say the people familiar with Google’s plans. In some parts of the world and among Internet policy wonks, this move will be viewed as a back-tracking from Google’s posture following its departure from China in 2010. At that time Google ended its engineering operations in China and moved its Chinese-language Web-search engine to a Hong Kong-based Web domain, out of reach of mainland China officials, after being breached from a cyber attack that it linked to the Chinese government.

Authorities denied involvement in the attack, which successfully breached many American companies and is known as Operation Aurora. At the time, though, Google co-founder Sergey Brin publicly compared China to the totalitarian Soviet Union in which he grew up. (Mr. Brin is now part of Alphabet, Google’s soon-to-be parent company, and isn’t involved in Google’s day-to-day affairs.)

Some forces within Google always believed that the company’s and Mr. Brin’s response was rash. It should have viewed the China-based hacking, which occurred in late 2009, as a natural consequence of being a major tech company in an age of increasing cyber attacks by all governments.

A long extract (but it’s a long article). That last paragraph is telling; Eric Schmidt was the pro-China voice, Brin the no-to-China voice, and Larry Page effectively had the casting vote back in 2010. Sundar Pichai clearly leans towards Eric Schmidt’s stance: better to deal than to stand on principle.
link to this extract


Police raid fails to dent UK Top 40 music piracy » TorrentFreak

Police arrested a Liverpudlian who was a determined uploader of the top 40 releases to torrent sites:

Yet again it appears that the arrest last week was a case of rightsholders and police targeting low-hanging fruit. Using widely available research tools we were able to quickly uncover important names plus associated addresses, both email and physical. It seems likely that he made close to no effort to conceal his identity.

Due to being in the police spotlight it will come as little surprise that there was no weekly upload of the UK’s Top 40 most-popular tracks from OldSkoolScouse last Friday, something which probably disappointed the releaser’s fans. However, any upset would have been very temporary indeed.

As shown below, at least four other releases of exactly the same content were widely available on public torrent sites within hours of the UK chart results being announced last Friday, meaning the impact on availability was almost non-existent.

But who, seriously, actually wants to listen to all the top 40 tracks week after week? It would be pretty numbing even if you worked in the business. I bet this guy barely listened to the music. He, and the downloaders who waited avidly for the songs, strike me as more like stamp collectors: uninterested in what is conveyed, obsessed with completing sets.
link to this extract


iPhone supply chain makers set to see strong sales in September, say sources » Digitimes

Monica Chen and Steve Shen:

Incoming parts and components orders for the new iPhones are even stronger than orders for the iPhone 6 devices in the corresponding period of a year earlier, indicated the sources, adding that shipments of updated iPhones will once again squeeze sales of other vendors including Samsung Electronics, Sony Mobile Communications and LG Electronics, commented the sources.

Thus, sales of the new iPhones are expected to dominate smartphone sales globally in the fourth quarter of 2015 as current sales of LG Electronics’ G4, HTC’s One M9/M9+ series products and Sony Mobile’s Xperia Z3+ have been lower than expected, indicated the sources.

To lessen the impact of the release of the new iPhones, Samsung has been implementing a “Ultimate Test Drive” program that encourages current iPhone users to pay US$1 to test its Galaxy Note 5 or Galaxy S6 Edge+ for one month.

Good luck with that, Samsung.
link to this extract


Academic study reveals urban and rural broadband speed gaps » ISPreview UK

Mark Jackson:

The study (‘Two-Speed Britain: Rural Internet Use‘) claims that more than 1 million people in Britain are “excluded or face challenges in engaging in normal online activities because they live in remote rural areas“, where slow or non-existent Internet connectivity is still a serious problem.

The report separated areas into several groups and examined each separately: Deep Rural (remote), Shallow Rural (less remote) and Urban internet users. It reveals that just 5% of those in Urban areas had an average broadband speed below 6.3Mbps, but in Deep Rural areas only 53% could achieve this “modest speed“.

Furthermore the gap is unsurprisingly found to be most pronounced in upland areas of Scotland, Wales and England, but also in many areas in lowland rural Britain. It affects 1.3 million people in deep rural Britain, and 9.2 million people in less remote areas with poor internet connection (or ‘shallow’ rural areas).

The report itself isn’t available for download (yet?) because neither Oxford University nor dot.rural has actually put a usable link up.
link to this extract


Surprised that Syrian refugees have smartphones? Sorry to break this to you, but you’re an idiot » The Independent

James O’Malley, in somewhat straightforward mood:

So we know that Syria isn’t dirt poor and we know that there’s a lot of mobile phones: but why smartphones? Well, why not? In the West many people own desktop computers, laptops and tablets as well as smartphones. But if you had to give up many of your possessions and live on $1850/year, after clothes and food, what would you buy next? It is hard to think of a more useful thing to own than a smartphone, especially if you’re fleeing your home.

Even when utility isn’t considered, the reason Syrians are using smartphones and not old Nokia 3210s is the same reason that benefits claimants have (gasp!) “flatscreen” TVs… have you tried buying any other kind lately? Budget Android smartphones can be picked up for well under £100, and come with cameras, large screens and everything you would expect from a modern phone. As we’re now in the habit of replacing our phones with a new model every year or two the price of slightly older phones also drops significantly.

The headline certainly falls into the “no mimsy hedging here” bucket.
link to this extract


Start up: Wi-Fi password sharing?, machine intelligence smart and stupid, Pebble Time review, and more


You’ll never believe what happens if you play it backwards. Photo by Janitors on Flickr.

A selection of 9 links for you. Show them eagerly to the person beside you! I’m charlesarthur on Twitter. Observations and links welcome.

UH OH: Windows 10 will share your WiFi key with your friends’ friends » The Register

Simon Rockman:

A Windows 10 feature, Wi-Fi Sense, smells like a security risk: it shares WiFi passwords with the user’s contacts.

Those contacts include their Outlook.com (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends. There is method in the Microsoft madness – it saves having to shout across the office or house “what’s the Wi-Fi password?” – but ease of use has to be teamed with security. If you wander close to a wireless network, and your friend knows the password, and you both have Wi-Fi Sense, you can now log into that network.

Wi-Fi Sense doesn’t reveal the plaintext password to your family, friends, acquaintances, and the chap at the takeaway who’s an Outlook.com contact, but it does allow them, if they are also running Wi-Fi Sense, to log in to your Wi-Fi. The password must be stored centrally by Microsoft, and is copied to a device for it to work; Microsoft just tries to stop you looking at it. How successful that will be isn’t yet known.

“For networks you choose to share access to, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts’ phone if they use Wi-Fi Sense and they’re in range of the Wi-Fi network you shared,” the Wi-Fi Sense FAQ states.

Has been on Windows Phone for ages, yes, but most WP users don’t know any significant number of other WP users (because they’re so few). Not so with Windows. Microsoft says it only allows internet access and not LAN access – via port restrictions? That’s going to get hacked for sure.

Or could people maliciously spread their Wi-Fi details to try to sniff people’s viewing habits and details?


Pebble Time review » Wareable

Sophie Charara:

First things first, the Pebble looks better in real life than the pics you’ll have seen online. The black model is a little boring but will look neat under suit sleeves – for the record, we prefer the red and black Time.

Admittedly, the Time is plasticky, with a stainless steel bezel, but it retains the toy-like charm of the original Pebble while adding friendlier, more unisex curves. It’s very light at just 42.5g including the standard strap, 20% thinner at 9.5mm and the new slightly curved body helps to make it comfortable to wear on the wrist.

It’s amazing how many smartwatch manufacturers are satisfied with making devices that sit flat on top. The Time is the kind of smartwatch you can forget you’re wearing, until it vibrates.

I bought an original Pebble on Kickstarter. This? Looks like a toy compared to the Apple Watch. Not quite half the price, but really nothing like half as attractive.


Apple Sim iPads change the international data roaming game » Fortune

This morning, Apple and GigSky teamed up to offer travelers the ability to instantly connect to a local data network in more than 90 countries and territories upon touchdown—no need to visit a kiosk, talk to a service agent, or really, do anything at all. Instead, iPads with AppleSIM cards will automatically offer the option to sign up for a data plans as soon as a local network is in reach. (The GigSky network includes most of Western Europe, from France and Germany to the Netherlands; Australia; South Africa; parts of the Middle East; and beyond.)

Because travelers are accessing onto local networks, rather that roaming from their domestic carrier, prices are impressively affordable as long as you’re traveling on the beaten path. Entry-level data plans begin at just $10, covering anywhere between 10MB (in Papua New Guinea) to 75 MB (in Italy); in countries with better access, the premium plans top out at 3GB for $50. By comparison, AT&T’s best deal currently charges $30 for 120 MB or $120 for 800 MB.

Latest iPads only have them preinstalled, although for older ones you can get Apple SIMs in its stores, apparently.


Superconductivity record bolstered by magnetic data » Scientific American

Edwin Cartlidge:

The long-standing quest to find a material that can conduct electricity without resistance at room temperature may have taken a decisive step forward. Scientists in Germany have observed the common molecule hydrogen sulfide superconducting at a record-breaking 203 kelvin (–70 ˚C) when subjected to very high pressures. The result confirms preliminary findings released by the researchers late last year, and is said to be corroborated by data from several other groups.

Some physicists urge caution, however. Ivan Schuller at the University of California in San Diego, says that the results “look promising” but are not yet watertight.

Pressure of 1.5 million atmospheres. Don’t hold your breath for this one.


Why the BBC is wrong to republish ‘right to be forgotten’ links » The Guardian

Julia Powles:

The reaction to [BBC Online managing editor Neil] McIntosh’s post was predictable, inaccurate and devastating. The Times led with “BBC lists stories on abusers and rapists hidden under ‘right to be forgotten’”, gratuitously highlighting two stories.

The first was a 12-year-old story about a settlement between an alleged rape victim and the Catholic church, over incidents that occurred a half-century ago. The long-deceased abuser clearly couldn’t have filed the obscurity request with Google – leaving, rather less salaciously, the victim.

The second case concerned a nanny jailed for child abuse. Even a cursory Google search coupled with the basics of the Rehabilitation of Offenders Act would have told the journalist that an unspent conviction for such an offence clearly denied any reasonable claim to delisting. Caution raised, a bit more searching would have revealed the truth: that the conviction was overturned by the Court of Appeal. That former nanny has been exculpated under the law of the land – but not by Google and not, it seems, by the press either.

Other publications followed suit. Boing Boing drew attention to a rape story. Given it concerned a fairly recent conviction in 2012, clearly the sex offender has no entitlement to be delisted.

But what about his friend who was also named in the article because he happened to be in the house where the attack took place?

The “right to be forgotten” is so poorly understood, which frustrates the hell out of me. (See the comments under the article.) I wrote an explanation of what it is, and what it is not; please, before you discuss the topic with me (or anyone), read and absorb it. The topic is simple. It just takes a bit of thought.


Growing conspiracy theory: is spy equipment really included in Samsung smartphone batteries? » BusinessKorea

Cho Jin-young:

A video circulating on Facebook and YouTube that was posted at the beginning of the last week of June shows that after tearing off a sticker that wraps around the battery of the Galaxy S4, the man in the video points to a small coil inside, saying, “This is the spy equipment.”

He remarked, “Samsung can record pictures on your smartphone and overhear your calls through the coil shaped like this antenna,” adding, “So, you’d better tear off the sticker that wraps the battery first and use the phone.”

In fact, this video attracted 12 million views on Facebook only four days after it was initially posted, and around 300,000 people reportedly shared the video.

However, local media outlets pointed out that this conspiratorial video originated from a misunderstanding about the Near Field Communication (NFC) antenna, a communication technology that makes it possible to transmit different kinds of wireless data to a distance of 10 cm.

Would be fun to know how weird ideas like this get started. I’ve seen a few incoming search queries on this to this blog, and wondered what was going on (it was because I wrote about Samsung obviously knowing whether people use replacement batteries).


DRAM spot prices hit 28-month low, says Taiwan Central News Agency » Digitimes

Jessie Chen:

Spot prices for 4Gb DDR3 chips already declined 17.55% in the second quarter, after falling 12.77% in the first quarter, the report quoted DRAMeXchange as saying.

Since 2015, DRAM spot prices have been dragged down by sluggish PC sales and a slowdown in smartphone demand, the report noted.

Hadn’t heard about this slowdown in smartphone demand anywhere else. China has, but elsewhere? Dram prices are often an early warning though.


Google apologises for Photos app’s racist blunder » BBC News

Google says it is “appalled” that its new Photos app mistakenly labelled a black couple as being “gorillas”.

Its product automatically tags uploaded pictures using its own artificial intelligence software.
The error was brought to its attention by a New York-based software developer who was one of the people pictured in the photos involved.

Google was later criticised on social media because of the label’s racist connotations.
“This is 100% not OK,” acknowledged Google executive Yonatan Zunger after being contacted by Jacky Alcine via Twitter.

“[It was] high on my list of bugs you ‘never’ want to see happen.”

Machines can’t be racist, of course; but quite how Google is going to prevent this happening again is an open question. Neural network/deep learning like this isn’t something you can tweak directly. You can’t really peer inside it. Great when it’s drawing arcane pictures, not good when it’s mislabelling pictures.


Could this computer save your life? » CNN

Jillian Eugenios:

“In one panel of scans that we looked at, when you look at the number of times that radiologists sent someone home with a clean bill of health, about 7% of the time that patient was ultimately found to have cancer,” said John Zedlewski, a data scientist with Enlitic, a medical technology company.

When Zedlewski used Enlitic’s algorithm against the same panel, there weren’t any mistakes.

How does it work? Enlitic’s technology uses machine learning — which some say is a version of artificial intelligence. It takes medical information from one patient — whether it’s a CT scan, an X-ray or details about, say, a tumor — and then converts it into a mathematical representation. It’s then added to a large pool of data and compared to other patients who have experienced similar issues.

Think of it as crowdsourcing your symptoms. And not just with one or two people, but millions. The more data the computer has, the smarter it gets, and the more accurate the diagnoses.

At least that’s the dream.

Seems to have a large base of data.


Start up: Apple’s hacker flaw, Downing St’s FOI oddity, machines that parse art, and more


“You mean all we need to do to defeat him is adopt HTML5? Why didn’t you say?” Photo by Tom Simpson on Flickr.

A selection of 8 links for you. Uninflammable. I’m charlesarthur on Twitter. Observations and links welcome.

Encryption “would not have helped” at OPM, says DHS official » Ars Technica

Sean Gallagher:

pressed on why systems had not been protected with encryption prior to the recent discovery of an intrusion that gave attackers access to sensitive data on millions of government employees and government contractors, [US Office of Personnel Management Katherine Archuleta] said, “It is not feasible to implement on networks that are too old.” She added that the agency is now working to encrypt data within its networks.

But even if the systems had been encrypted, it likely wouldn’t have mattered. Department of Homeland Security Assistant Secretary for Cybersecurity Dr. Andy Ozment testified that encryption would “not have helped in this case” because the attackers had gained valid user credentials to the systems that they attacked—likely through social engineering. And because of the lack of multifactor authentication on these systems, the attackers would have been able to use those credentials at will to access systems from within and potentially even from outside the network…

…nearly every question of substance about the breach—which systems were affected, how many individuals’ data was exposed, what type of data was accessed, and the potential security implications of that data—was deferred by Archuleta on the grounds that the information was classified. What wasn’t classified was OPM’s horrible track record on security, which dates back at least to the George W. Bush administration—if not further.


Serious OS X and iOS flaws let hackers steal keychain, 1Password contents » Ars Technica

Dan Goodin:

The malicious proof-of-concept apps were approved by the Apple Store, which requires all qualifying submissions to treat every other app as untrusted. Despite the supposed vetting by Apple engineers, the researchers’ apps were able to bypass sandboxing protections that are supposed to prevent one app from accessing the credentials, contacts, and other resources belonging to another app. Like Linux, Android, Windows, and most other mainstream OSes, OS X and iOS strictly limit app access for the purpose of protecting them against malware. The success of the researchers’ cross-app resource access—or XARA—attacks, raises troubling doubts about those assurances on the widely used Apple platforms.

“The consequences are dire,” they wrote in a research paper titled Unauthorized Cross-App Resource Access on MAC OS X and iOS. “For example, on the latest Mac OS X 10.10.3, our sandboxed app successfully retrieved from the system’s keychain the passwords and secret tokens of iCloud, email and all kinds of social networks stored there by the system app Internet Accounts, and bank and Gmail passwords from Google Chrome.”…

…It’s not the first time researchers have found flaws in application sandboxes. The attack exploiting WebSocket weaknesses, for instance, can also succeed in Windows under certain conditions, the researchers said. Interestingly, they said application sandboxing in Google’s Android OS was much better at withstanding XARA threats.

For the time being, the researchers told Ars, there isn’t much end users can do except wait for Apple to fix the vulnerabilities.

Bad (though not deluge-of-malware bad; instead it’s sneaky-Trojan bad). Apple was told about this in October 2014. The best hope is that this is fixed in OS X 10.11 and iOS 9, but there’s no clear indication of how hard it is to fix.


Freedom of information turns into Mission Impossible for Downing St emails » FT.com

Jim Pickard and Kiran Stacey:

Emails sent from computers in Downing Street are automatically deleted within three months under a system that makes it harder for the public to obtain answers to “freedom of information” requests, former staff have disclosed.

The system, instigated a decade ago but not widely known about, means that messages are only held beyond that period if an individual saves them. It is widely blamed by government advisers for what one former employee called a sometimes “dysfunctional” operation at the heart of Whitehall.

The email system was introduced under the Labour government in late 2004, just weeks before January 2005 when the Freedom of Information Act belatedly came into force.

“The timing of this very strongly indicates that it was not a coincidence,” said Maurice Frankel, director of the UK Campaign for Freedom of Information.

Gee, ya think?


China and Russia almost definitely have the Snowden docs » WIRED

Bruce Schneier (who is a veritable security expert; if he says it, it’s true):

The vulnerability is not Snowden; it’s everyone who has access to the files.

First, the journalists working with the documents. I’ve handled some of the Snowden documents myself, and even though I’m a paranoid cryptographer, I know how difficult it is to maintain perfect security. It’s been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it’s almost certainly not enough to keep out the world’s intelligence services…

…In general, it’s far easier to attack a network than it is to defend the same network. This isn’t a statement about willpower or budget; it’s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game.

Even airgapped, never-connected computers can be attacked (don’t ask me how). The Guardian took extraordinary pains with its London copy: two people needed to enter passwords, at least two people needed to be present when documents were read, the computers used had never been online and had no connection.

But a simpler thought is this: if Snowden was one of 10,000 or so NSA staff with access to that data (and more in the UK), what are the chances that absolutely none of those has somehow been coerced or willingly turned over data to foreign powers? Pretty much zero.


Flash will soon be obsolete: it’s time for agencies to adapt » Advertising Age

David Evans on the fact that major browsers on desktop are hurrying to dump Flash:

If this sounds like a big problem to you, you’re absolutely right. If the major browsers were to disable Flash immediately, we could be looking at a scenario where roughly 84% of banners across the internet would not be viewable on desktop browsers. Rather than clicking on a visually dynamic, animated ad created to capture attention with movement and video, users would instead see a static banner in place of the intended ad, and most advertising creatives don’t pay much attention to the creation of static backups.

For advertisers, this could mean shelling out first-class money for economy-class impressions.
Though it might be painful to admit for an industry that has relied on Flash for over a decade, the right choice is to start creating desktop ads in the HTML5 language used to create ads for mobile.

This is a bit obvious to anyone who’s been paying attention for the past three years (minimum), but perhaps advertising has been looking somewhere else.


Market Monitor Q1 2015: LATAM smartphones grow 25% annually » Counterpoint Technology

Tina Lu:

LATAM is third, behind North America and Europe in the global ranking of smartphone shipment penetration.

• Except for Peru, majority of the key LATAM markets are seeing a significantly higher smartphone demand, with shipment penetration of total handsets between 77% and 99%.

• Overall feature phone demand has been declining, and so has been the overall scale and profitability of manufacturing and selling them. As a result, in countries like Argentina, due to government protectionist measures and import restrictions, vendors are manufacturing and selling only the more profitable smartphones. This has led to smartphone shipment penetration of sales to reach 99%; the highest in the region.

Here’s the shipment figure: Latam smartphone shipments Q1 2015

If you do the maths, on a 25% yoy growth both Samsung’s and LG’s shipments actually fell; Apple’s more than doubled. Alcatel and “Others” both grew faster than the market.


Apple’s Siri, Spotlight extend Google-like search inside iOS 9 apps, without tracking users » Apple Insider

Daniel Eran Dilger:

Because Apple is indexing in-app content for its search results, it can more easily suppress “Search Engine Optimization” malicious content or link spamming, as relevancy is tied to user engagement. If few users find a search result worthwhile, it can fade from relevance.

Many of the new search-related features Apple debuted for iOS 9 and OS X El Capitan bear a strong resemblance to some of predictive search features first introduced by Google starting back in 2012 as part of Android 4.1, branded as “Google Now.”

Since then, Google has introduced “app indexing,” a related feature designed to make the company’s web-style search more relevant to mobile users by delivering results that can open within local apps. For example, a recipe might open within a cookbook app, rather than just presenting the same information on a web page or dumping users into the app to find the recipe on their own.

The most profound difference between the two companies’ approach to in-app search is that Apple does not monetize its search with ads, and therefore has no need to capture and store users’ data and behaviors for future profiling, tied to a persistent user and device identifier that individuals can’t easily remove.

Apple is perhaps two years behind Google on this – but most people are using a version of Android that is at least two years old (87% are using 4.4, KitKat, from November 2013, or earlier). Which means that by November or so, Apple will roughly have parity on this feature.


Machine vision algorithm chooses the most creative paintings in history » MIT Technology Review

The job of distinguishing the most creative from the others falls to art historians. And it is no easy task. It requires, at the very least, an encyclopedic knowledge of the history of art. The historian must then spot novel features and be able to recognize similar features in future paintings to determine their influence.

Those are tricky tasks for a human and until recently, it would have been unimaginable that a computer could take them on. But today that changes thanks to the work of Ahmed Elgammal and Babak Saleh at Rutgers University in New Jersey, who say they have a machine that can do just this.

machine vision view of art

They’ve put it to work on a database of some 62,000 pictures of fine art paintings to determine those that are the most creative in history. The results provide a new way to explore the history of art and the role that creativity has played in it.

Can’t be long before someone puts a human art historian up against the machine to see who spots the fake. (By the way, there was no byline I could find on the story. Maybe a robot wrote it.)