Start up: the iCloud celeb hack, a Chinese ransom?, the real terrorist phone, Trump as Berlusconi, and more

Posted on March 17, 2016 by charlesarthur

“Hey, Miss Lawrence! My name’s iCloud! What’s your password?” Photo by YourWay Magazine on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 12 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

The disturbingly simple way dozens of celebrities had their nude photos stolen » Fusion

Kashmir Hill:

»According to court documents, Collins gained access to the intimate images of nude celebrities via a disturbingly simple technique: phishing.

Though many people assumed that the hacker took advantage of an iCloud vulnerability to brute-force his way into the celebrities’ accounts, the government makes no mention of that. Instead, it says that Collins hacked over 100 people by sending emails that looked like they came from Apple and Google, such as “e-mail.protection318@icloud.com,” “noreply_helpdesk0118@outlook.com,” and “secure.helpdesk0019@gmail.com.” According to the government, Collins asked for his victims’ iCloud or Gmail usernames and passwords and “because of the victims’ belief that the email had come from their [Internet Service Providers], numerous victims responded by giving [them].”

Celebrities really need better computer security advisers. If a dedicated enough attacker comes at you, it’s hard to avoid being compromised, but it helps immensely to turn on two-factor authentication for your online accounts. That way a person needs not just your password but a code sent to your phone to get into your account.

Once Collins had their credentials, says the government, he went through their email accounts looking for nude photos and videos. The government says that Collins got into approximately 50 iCloud accounts and 72 Gmail accounts this way, most of them belonging to celebrities. He “accessed full Apple iCloud backups belonging to numerous victims, including at least 18 celebrities” and “used a software program to download those full Apple iCloud backups.”

Ironically, that program was likely one that’s used by law enforcement to get evidence from phones.

«

The idea that someone had used a cutting-edge brute-force attack to break into the passwords always seemed like vapour trails to me. Social engineering is the Occam’s Razor explanation (and also the Hanlon’s Razor explanation) to stuff like this.
link to this extract

Exclusive: Chinese hackers behind U.S. ransomware attacks – security firms » Reuters

Joseph Menn:

»executives of the security firms have seen a level of sophistication in at least a half dozen cases over the last three months akin to those used in state-sponsored attacks, including techniques to gain entry and move around the networks, as well as the software used to manage intrusions.

“It is obviously a group of skilled of operators that have some amount of experience conducting intrusions,” said Phil Burdette, who heads an incident response team at Dell SecureWorks.

Burdette said his team was called in on three cases in as many months where hackers spread ransomware after exploiting known vulnerabilities in application servers. From there, the hackers tricked more than 100 computers in each of the companies into installing the malicious programs.

The victims included a transportation company and a technology firm that had 30 percent of its machines captured.

Security firms Attack Research, InGuardians and G-C Partners, said they had separately investigated three other similar ransomware attacks since December.

Although they cannot be positive, the companies concluded that all were the work of a known advanced threat group from China, Attack Research Chief Executive Val Smith told Reuters.

«

link to this extract

Reformed LulzSec hacktivist joins payments firm » The Register

John Leyden:

»A payments firm has hired reformed LulzSec hactivist Mustafa Al-Bassam (formerly known as tFlow) for a new blockchain research project.

London-based payments group Secure Trading has taken on Al-Bassam to help develop a platform that applies the verification benefits of blockchain technology in order to improve the visibility and security of online payments. Codenamed “Trustery”, the project aims to create a commercial platform.

Secure Trading approached Al-Bassam, who agreed to work for the firm part time while continuing his computer science degree at King’s College London.

«

Smart move: al-Bassam is a clever guy.
link to this extract

Crypto-ransomware spreads via poisoned ads on major websites » Tripwire

Graham Cluley:

»Some of the world’s most popular news and entertainment websites have been spreading poisoned adverts to potentially hundreds of thousands of visitors, putting innocent readers at risk of having their computers hit by threats such as ransomware.

Famous sites which displayed the malicious ads and endangered visiting computers include MSN, bbc.com, the New York Times, AOL and Newsweek.

As a result, researchers at Malwarebytes say that they saw a “huge spike in malicious activity” over the weekend.

Security analysts at TrendLabs and Malwarebytes report that the attack is one of the largest ransomware campaigns seen in years, taking advantage of a recently-updated version of the notorious Angler Exploit Kit to spread malware.

Just last month the Angler Exploit Kit was found to be targeting PCs and Macs after it was updated to take advantage of a known vulnerability in Microsoft Silverlight…

…It seems glaringly apparent to me that there is so much malicious advertising on the internet that anytime you surf even legitimate sites without an ad blocker in place, you are putting your computer’s data at risk.

«

link to this extract

Why is the Nokia 105 cellphone a favourite among ISIS fighters? » NBC News

Alexander Smith:

»The must-have cellphone for ISIS fighters in Iraq doesn’t have apps or a camera, and ships for less than $30.

The small and simple Nokia model is frequently used as a trigger device to set off ISIS’ improvised explosive devices, known as IEDs, according to a Conflict Armament Research report released last month.

As part of a study looking at civilian components in ISIS bombs, CAR documented 10 of the phones captured from members of the terror group in Iraq in December 2014.

The research showed the terror group “consistently” used the Nokia 105 above all others “in the manufacture of a specific type of remote controlled IED.”

Two phones are used in the bomb-making process: one to call the other, which then sends a signal to a circuit board and sparks the explosion.

There are plenty of other cheap, durable phones with long battery life that ISIS fighters could use — and yet this particular model, also branded as the Microsoft Mobile 105 after the tech giant bought Nokia in 2014, shows up again and again.

«

I’m sure there’ll be widespread condemnation of Microsoft for aiding terrorists any moment now.
link to this extract

Why Sony will win first in VR » Jon Peddie Research

The aforenamed Mr Peddie:

»Now that Oculus has revealed its consumer version of the Rift HMD, consumers can start planning how they might engage with VR, and they have a choice—a DIY rig with a PC and Rift, or a turn-key system with Sony.

Sony’s HMD will be about 30% less expensive than the Oculus HDM. And Sony buyers probably already have a PS4, and possibly PS4 accessory controllers. Most importantly, Sony also has content.

«

So, first couple of rounds to Sony.
link to this extract

The best things in Android are free — with in-app purchases » Medium

The iA team:

»A year ago, iA Writer for Android entered the Play Store. So far, we have sold a little more than 6’000 apps. At a price of 1 to 5 Dollars, this doesn’t cover much more than one month of app development. So we decided to go free and add in app purchases later.

We are not sure why apps sell in the Apple universe but not in the Android world. It just seems to be a hard cold fact:

Worldwide App Downloads by Store vs Worldwide App Revenue by Store

Looking at the sales numbers of paid Android apps it becomes apparent that plain paid offerings just do not get traction on Android. Why? We are not sure. Here is what we have learned.

«

There’s a point in there about price elasticity which is remarkable. But also that stuff with an upfront price tag does not sell.
link to this extract

Windows 10 Store will continue to support bitcoin » Softpedia

Bogdan Popa:

»while there was a lot of speculation online regarding the removal of Bitcoin support for new deposits in the Windows Store – some people said it’s because of the limited adoption of Bitcoin – it appears that the change made to the FAQ page was just “a mistake.”

In other words, Microsoft will continue to support Bitcoin in the Windows Store, so you can keep on using the digital currency for new deposits. A statement we received from a Microsoft spokesperson a few minutes ago provides us with some details on this:

“We continue to support Bitcoin for adding money to your Microsoft Account which can be used for purchasing content in the Windows and Xbox stores. We apologize for inaccurate information that was inadvertently posted to a Microsoft site, which is currently being corrected.”

«

Would love to know what volume of transactions they see.
link to this extract

Teenager wins $250,000 in biggest drone race yet » The Verge

Rich McCormick:

»The sport has already attracted investment from the likes of NFL team owners, but it still has some way to go before it breaks into the mainstream. Particularly difficult is the question of how to actually observe the races. Drone pilots fly their racing craft in first-person, using special headsets to see as the drone sees, but for observers the footage can feel — and sound — like being strapped to the front of a particularly excitable wasp. A second camera following the action might help human brains contextualize the movements in space, but some of the nascent racing leagues set their courses inside buildings, making a chase camera’s operation difficult. Still, though, the speed of the craft and the deftness of his control make watching [15-year-old winner] Luke [Bannister]’s victory from Dubai an exhilarating — if slightly nauseating — experience.

«

Dubai, of course.
link to this extract

Music streaming has a nearly undetectable fraud problem » Quartz

Amy X Wang:

»For an in-depth look into how click fraud works, there’s Sharky Laguana’s thorough explanation here. Laguana—a music industry veteran who now owns a rental company—tells Quartz it certainly wouldn’t be hard to run the “perfect” scheme to con Spotify. First, set up a couple hundred fake artists. Next, upload some auto-generated tunes—mediocre dance music is particularly easy to “produce” online—and just make sure your bots click on an array of songs both real and fake, so no one gets suspicious. (He uses Spotify as an example because of its size, but the scheme could theoretically work for any music subscription service.)

“If it’s done properly, it’s nearly impossible to detect,” says Laguana. “There’s no way to know why somebody chose to click on something.”

«

Should we just turn off the internet?
link to this extract

Donald Trump, America’s own Silvio Berlusconi » The Intercept

Alexander Stille:

»Neither Trump nor Berlusconi has a real political program; what they are selling is themselves. Berlusconi used to say that what Italy needs is more Berlusconi. I recall a very telling moment in his first election campaign: During a TV debate, his opponent, the economist Luigi Spaventa, was pointing out the holes and inconsistencies in Berlusconi’s economic program, and Berlusconi stopped him mid-sentence and pointed to the victories of his soccer club, AC Milan: “Before trying to compete with me, try, at least, winning a couple of national championships!” The remark had the air of unassailable truth — however irrelevant it might be to Berlusconi’s fitness to govern. Similarly, when asked how he is going to get Mexico to pay for a giant wall between its country and ours, Trump simply responds, “Don’t worry, they’ll pay!”

Yet there is another element — a systemic one — that helps explain why Italy and the U.S. are the only major democracies in which a billionaire circus has raised its tent: the almost total deregulation of broadcast media.

«

The latter matters, as Stille explains. (Via @papanic.)
link to this extract

Errata, corrigenda and ai no corrida:

Start up: Gravity’s mystery CEO, Android audio latency, Engadget v Wikipedia v AI, and more

Posted on December 3, 2015 by charlesarthur

The Pill – so well-known and powerful it only needs the noun to describe it. Photo by Beppie K on Flickr.

Haven’t you heard? You can receive each day’s Start Up post by email. None of this “web” nonsense. (You’ll need to click a confirmation link, so no spam.)

A selection of 10 links for you. Aren’t they pretty. I’m charlesarthur on Twitter. Observations and links welcome.

The CEO paying everyone $70,000 salaries has something to hide » Bloomberg BusinessWeek

Karen Weise does a wonderful job of just checking the damn facts about Dan Price, the guy who cut his own salary and raised his staff’s to $70,000 on 13 April:

In a follow-up interview in mid-November, I pressed Price about the inconsistency. How could what he told me about being served two weeks after announcing the raise be true when the court records indicated otherwise?

“Umm, I’m not, I have to look,” he said. The court document, I said, definitely says March 16. “I am only aware of the suit being initiated after the raise,” he replied.

“The court record shows you being served on March 16 … at 1:25 p.m.,” I said. “And actually, your answer to it was dated April 3,” also before the pay hike.

“I am only aware of the suit being initiated after the raise,” he repeated. I asked again how that could be, saying the declaration of service shows Price was served with the complaint, the summons, and other documents, “that you are a male, who is white, age 30, 5-feet-8-inches, medium height, dark hair.”

He paused for 20 seconds. “Are you there?” he asked, then twice repeated his statement that he was only aware of the suit being initiated in late April. “I’d be happy to answer any other questions you may have,” he added.

That’s not the end of it either. There’s deeper stuff to come.
link to this extract

Android audio latency in depth: it’s getting better, especially with the Nexus 5X and 6P » Android Police

Martim Lobao:

In a study published by the Audio Engineering Society, researchers attempted to determine the lowest latency detectable by different kinds of musicians…

What they found was a set of values below which absolutely no kind of delay or artifact was detected at all. With an 80% confidence level, this value was at least 28 ms for keyboards, whereas for drums, guitars, and bass, it was 9 ms, 5 ms, and 5 ms, respectively. Predictably, the lowest value found was for vocals, where singers only began to notice some slight artifacts at around 2 ms.

Using this data, we drew up another chart to compare these values with several Nexus devices running different versions of Android, as well as the iPhone 6, the iPad Air 2, and human reaction times to various kinds of stimuli. The red and green dashed lines represent the typical thresholds for detecting audio lags and for perceiving audio artifacts, respectively.

While it’s clear that OS updates play a large role (perhaps even the most important one), not everything can be attributed to software alone. Devices with older hardware like the 2013 Nexus 7 still have a latency of 55 ms, compared to the 15 ms on the Nexus 9 — and yet both are running Android 6.0. On the other hand, the Note 5 is roughly on par with the Nexus 5, even though the former runs Lollipop and the latter runs Marshmallow.

Audio latency is a perennial “it’ll get better next time, honest” challenge for Android. What the graph clearly shows is that every iOS device runs under the “detectable lag” threshold, and that every tested Android device runs above that same threshold. (Lobao calls this “unfortunate” and “an unfair advantage”, as though iOS were somehow cheating.)

Lobao pulls out some excellent examples of what the real-world effect of different delays sound like, such as this from SoundCloud.
link to this extract

Doing real design work on an iPad » Subtraction.com

Khoi Vinh (who works at Adobe):

Some folks may have little tolerance for hoop jumping at all when OS X is so powerful and precise, and many people I talk to find my desire to go all iPad all the time to be somewhat pointless. But it’s more than an academic exercise to me; I genuinely enjoy using my iPad more than my MacBook. It’s lightness and portability is a joy, and its nimbleness—I can use it in portrait or landscape, with or without a Bluetooth keyboard, seated, standing or even walking—makes it right for almost every usage scenario. I also like its ability to run iOS apps because that’s what I’m thinking about in my day-to-day work more than anything; it’s invaluable to me to be embedded in the native environment and mostly free from accessing desktop apps.

I’ve already written a column about the “real work” conundrum for next Sunday’s Tech Monthly in The Guardian. Notable how articles like this are cropping up more and more.
link to this extract

Samsung pulls out of cameras in the UK, cites decline in interest » Pocket-lint

Rik Henderson:

Samsung has confirmed to Pocket-lint that it will phase out the sale and marketing of digital cameras, camcorders and related accessories in the UK.

The company had been rumoured to be considering such a move on a global scale, with some suggesting that it would make a formal announcement during the CES trade show in Las Vegas in January. However, in response to such speculation in September, Samsung replied that it would be continuing with production of cameras and lenses.

It just won’t be selling them in the UK anymore, it seems.

First PCs, now this. Hard to think anyone is buying digital cameras or camcorders in appreciable numbers any more.
link to this extract

I taught a computer to write like Engadget » Engadget

Aaron Souppouris:

Building on this, you can seed Engadgetbot with an idea by adding some “primetext” that it’ll build a sentence or paragraph from. A few examples, with the primetext in italics:

A display with 1,920 x 1,080 resolution, for all it’s worth, is an excellent companion at $200.

The problem with Android is one that affects the search to find a standard chipset for Android.

The problem with iPhone is products of the same section and everything is closer than one of the plungentications.

Some of those sentences are more prescient than others, and I don’t know where it learned “plungentications” from, but structurally all of these sentences are perfect. An RNN certainly can’t replace an Engadget writer, but an RNN can definitely form sentences like an Engadget writer.

Definitely. I can see it getting its own blog pretty soon.
link to this extract

Despite privacy scare, Adele smashes secondary ticketing » MusicAlly

Stuart Dredge:

Coldplay’s six UK dates had 17,631 tickets available across the three secondary sites; Rihanna’s six UK gigs had 9,290 tickets available; and Adele’s 12-concert run had 649 tickets for secondary sale.

Or to put it another way, the average number of secondary tickets per Coldplay gig was 2,939, compared to 1,548 for Rihanna and just 54 for Adele:

Sources: Seatwave, GetMeIn, StubHub – evening of 1 December 2015

Even with caveats – Adele is playing arenas while Coldplay and Rihanna are playing stadiums, and StubHub had no Adele tickets available at all – those figures are startling.

The promise by Adele’s management that “the resale of tickets will not be tolerated” appears to have been followed through with action that hugely restricted the secondary market for the most-anticipated tour in years – Songkick said more than 500,000 people registered on Adele’s website for the pre-sale.

What action? “Songkick provided the opportunity to allow fans to register, and to use its proprietary technology to identify touts, reduce their ability to purchase tickets when advance sales commenced on December 1 and to cancel as many tickets appearing on secondary ticketing sites as possible,” claimed that company’s statement.

No further details have been given, but we suspect there’s a bigger story in that “proprietary technology to identify touts”.

Adele’s manager later said that 18,000 “known or likely touts” had been deregistered before presales, and more than 100 tickets cancelled after appearing on secondary sites. Chalk another one up to Adele and her management.

Wonder if they’ll share the “known or likely” list with other sites and/or artists?
link to this extract

The Pill versus the Bomb: what digital technologists need to know about power » Medium

Tom Steinberg:

The oral contraceptive pill doesn’t, at first glance, appear to have the same visceral connection to power as a bomb or an engine. And yet as a technology that shifts power around it is perhaps unmatched.

This is because the Pill allowed women from the late 1960s onwards to control their own fertility, which allowed them to postpone marriage, postpone the birth of their first child, and turn these advantages into more education and greater involvement in the employment markets. Put together this gave women with access to the pill relatively greater power than they had before, both through greater earnings and through greater ability to choose how to live their own lives.

But what is most interesting to me about the nature of this technological power shift is that it did not dissipate as the technology became ubiquitous.

…Like a diode, the power of the Pill only flows one way.

(Emphasis in original.) Steinberg, who set up MySociety, and was a technology adviser to the 2010-2015 coalition in the UK, is now looking for people who’ve got comparable power-spreading technologies.
link to this extract

Nokia’s Ozo VR camera marks a rebirth for the phone giant » WIRED

Maurizio Pesce:

The Ozo is set to be unveiled on November 30 in Los Angeles, and expected to cost around $50,000. That’s about three times the price tag of the GoPro Odyssey. However, while the GoPro’s footage must still be assembled in laborious post-production processes, the Ozo can generate a full 360-degree stereoscopic video in real time. Thanks to HD-SDI connections on the body, the camera can stream 1.5 Gbps of compressed RAW footage to store data from the streams from the eight lens, broadcast full 360-degree panoramic video, and also stream a low-res feed for monitoring. The camera is Wi-Fi enabled, too, allowing filmmakers to control the system remotely in real time while shooting.

Nokia’s bold move into virtual reality is a clear statement that the Finns are still alive, and that they’re more interested in the projected $150bn dollar VR industry than they are in the mobile handset industry.

It’s less a “rebirth” – Nokia’s network business has been doing OK – than a new direction, but the point about the VR industry compared to the handset business is a good one. And this is clearly aimed at content producers, a smart move.

So… when does Apple update Final Cut Pro to handle VR? Or will it introduce something entirely new?
link to this extract

Wikipedia deploys AI to expand its ranks of human editors » WIRED

Cade Metz:

With his new AI project — dubbed the Objective Revision Evaluation Service, or ORES — [senior research scientist at the Wikimedia Foundation, Aaron] Halfaker aims to boost participation by making Wikipedia more friendly to newbie editors. Using a set of open source machine learning algorithms known as SciKit Learn—code freely available to the world at large—the service seeks to automatically identify blatant vandalism and separate it from well-intentioned changes. With a more nuanced view of new edits, the thinking goes, these algorithms can continue cracking down on vandals without chasing away legitimate participants. It’s not that Wikipedia needs to do away with automated tools to attract more human editors. It’s that Wikipedia needs better automated tools.

“We don’t have to flag good-faith edits the same way we flag bad-faith damaging edits,” says Halfaker, who used Wikipedia as basis for his PhD work in the computer science department at the University of Minnesota.

In the grand scheme of things, the new AI algorithms are rather simple examples of machine learning. But they can be effective. They work by identifying certain words, variants of certain words, or particular keyboard patterns. For instance, they can spot unusually large blocks of characters. “Vandals tend to mash the keyboard and not put spaces in between their characters,” Halfaker says.

I CAN TYPING confirmed as fact. Next step: get the AI to write the Wikipedia articles. (Step after that: humans stop bothering to read Wikipedia?)
link to this extract

The Surface Phone you’ve always wanted is happening » Windows Central

Daniel Rubino:

Sources familiar with Microsoft’s plans have revealed that the rumored Intel-powered Windows 10 phone slated for May 2016 has been cancelled. Instead, an all-new flagship phone lead by Panos Panay and the team of engineers that built the Microsoft Surface and Surface Book has been given the green light. Slated for a release in the second half of 2016 this may be the long-wished-for Surface phone. Here is what we know and what we don’t.

What we know:
1) it’s about five years too late.
2) that’s all, really. It doesn’t matter if it’s a super-amazing premium flagship able to cure cancer while landing on the moon. Nobody (to a sufficiently good approximation) will buy it.
link to this extract

Errata, corrigenda and ai no corrida:

Start up: adblockers v retailers, robot nail technicians, who killed Nokia?, the SKU wars, and more

Posted on September 25, 2015 by charlesarthur

Apple Watch owners might get left behind with new phones unless they back up. Photo by Ian Muttoo on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

(Apologies if yesterday’s didn’t arrive: WordPress’s RSS feed is co-written by Volkswagen, it seems.)

A selection of 9 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Symantec employees fired for issuing rogue HTTPS certificate for Google » Ars Technica

Dan Goodin:

Symantec has fired an undisclosed number of employees after they were caught issuing unauthorized cryptographic certificates that made it possible to impersonate HTTPS-protected Google webpages.

“We learned on Wednesday that a small number of test certificates were inappropriately issued internally this week for three domains during product testing,” Symantec officials wrote in a blog post published Friday. “All of these test certificates and keys were always within our control and were immediately revoked when we discovered the issue. There was no direct impact to any of the domains and never any danger to the Internet.”

The post went on to say that the unnamed employees were terminated for failing to follow Symantec policies. Symantec officials didn’t identify the three domains the test certificates covered, but in a http://googleonlinesecurity.blogspot.com/2015/09/improved-digital-certificate-security.html, Google researchers said Symantec’s Thawte-branded certificate authority service issued an Extended Validation pre-certificate for the domains google.com and http://www.google.com.

“This pre-certificate was neither requested nor authorized by Google,” they wrote.

link to this extract

How to swap iPhones and not lose Apple Watch data » Finer Things in Tech

David Chartier:

When you unpair an Apple Watch from an iPhone, your iPhone creates a backup of your Watch data and configuration, then wipes the Watch. Since so many people will be getting a new iPhone 6S [from Friday], I wanted to see if there was an easy way to pair an Apple Watch to a new phone and restore all important data.

According to this Apple document (thanks to Rob Wensing), iPhone includes your Watch backups when it runs an iCloud backup. So, in theory, and supported by a few of my Twitter followers, here is the easiest way to switch your Apple Watch to a new iPhone and keep all your data. I don’t know what your schedule is like, but it might be best to start this the night before you get your new iPhone.

It’s a five-step process but it could take a while; crucial to it is making iCloud/iTunes backups.
link to this extract

Apple’s ad-blocking move is hurting retailers like Walmart » Fortune

Dan Primack points out that the Crystal adblocker doesn’t play nicely with some US retail sites:

Walgreens.com had a similar problem to Sears, when using Crystal. The homepage worked, but the Safari browser went blank after clicking the “Shop Products” link.

And, as Mason said, this issue goes far beyond just image rendering. For example, everything (mostly) loaded just fine on the mobile sites for Lululemon and Walmart with Crystal enabled. But it was impossible to add any products to the shopping cart. So if you just went to browse the pretty pictures, then there’s no problem. If you want to actually buy something, however…

Even for mobile websites that are working properly from a customer perspective, such ad-blocking technology also can strip out back-end code like Google Analytics or Adobe’s Omniture, which provide retailers with real-time insights into customer behavior. And then there is the whole matter of how retailers generate around 60% of their mobile web traffic inorganically, via online ads that Crystal and other ad-blockers are designed to eliminate.

“Retailers can work around it on the consumer side by doing a lot of recoding, but a lot of them freeze their codes on November 1, ahead of the holiday shopping season,” Branding Brand’s Mason says. “So that gives them just over a month or so to get it done. On the back-end they could use different sources of information for sales — kind of like checking the cash register instead of receipts — but it is a different process and also depends, in part, on if the sites are hosted on servers in-house or not.”

Do these retailers have any of the world’s smallest violins in stock? I feel I need one. A few things: Crystal isn’t the only adblocking app; Dean Murphy, Crystal’s developer, is looking at the problem; and as for “real-time insights into customer behaviour”, well, tough. Looks like it might be back to interpreting logs.
link to this extract

Preemadonna turns your smartphone into a nail salon » TechCrunch

Megan Rose Dickey:

Preemadonna just unveiled the Lacey Nailbot, a nail decorating robot, at TechCrunch Disrupt SF 2015.

The Lacey, which will retail for $199, uses your smartphone’s back camera and prints full color art on nails in just a few seconds. The only thing you have to do before putting your finger under the Nailbot is prime your nail with white polish.

The Nailbot uses inkjet, and will eventually use actual nail polish, that is controlled through its system over wireless connection (BLE) to decorate the nail with a swipe or through a motorized solution. The Nailbot utilizes Hewlett Packard’s thermal technology, your phone’s camera, machine vision, computer vision and other technologies. In addition to the Nailbot itself, users can create, design, modify and share their art with the accompanying app.

Wow. If there were a job I would have thought was safe from robots, it would be nail salon worker. Side note: how great to see a story about something involving a service for women.
link to this extract

Who killed Nokia? Nokia did » INSEAD Knowledge

Quy Huy, INSEAD Professor of Strategy and Timo Vuori, Assistant Professor of Strategy, Aalto University:

Nokia’s fall from the top of the smartphone pyramid is typically put down to three factors by executives who attempt to explain it: 1) that Nokia was technically inferior to Apple, 2) that the company was complacent and 3) that its leaders didn’t see the disruptive iPhone coming.

We argue that it was none of the above. As we have previously asserted, Nokia lost the smartphone battle because of divergent shared fears among the company’s middle and top managers led to company-wide inertia that left it powerless to respond to Apple’s game changing device.

In a recent paper, we dug deeper into why such fear was so prevalent. Based on the findings of an in-depth investigation and 76 interviews with top and middle managers, engineers and external experts, we find that this organisational fear was grounded in a culture of temperamental leaders and frightened middle managers, scared of telling the truth.

Ex-Nokia people on Twitter disagree pretty strongly. And it’s hardly as if Apple was led by a gentle consensus-seeking always-relaxed paragon. (We don’t know how frightened its middle managers are/were, either.)
link to this extract

More BlackBerry layoffs: 200 Venice devs binned amid Android shift » The Register

Reuters reports that around 200 hardware and design staff have been laid off, following the completion of work on an Android device codenamed “Venice”. It’s the latest in a succession of “resource reallocations”.

BlackBerry has struggled to achieve significant volumes since BB10 launched in January 2013, with only 1.1 million units shipped last quarter. The total number is shipped is probably lower than 10 million.

BlackBerry’s CEO John Chen has repeatedly said that BlackBerry will only continue to develop handsets if it’s profitable to do so, and that the break-even point hadn’t yet been reached. Chen has shied away from committing to enhancing BlackBerry’s own BB10 platform, and various indicators suggest it’s now Android or bust for BlackBerry phones, with BB10 placed in maintenance mode while continuing to receive critical security updates.

BlackBerry continues to hire in its QNX embedded systems division, but hasn’t advertised for BB10 developers for some time. While the company released a redesigned Passport in August, it hasn’t revealed any significant enhancements to BB10 this year. Its BB10 developer program is gathering cobwebs.

Chen has also qualified a commitment he made at MWC in March to produce four phones this year. It may just be one annually.

BlackBerry announces its second-quarter results at 0800EST (1300BST). Analysts reckon its revenues will be $611m, down a third from a year ago – its lowest figure since the same period in 2006.
link to this extract

Mail Online digital advertising slows down to 16% annual growth » The Guardian

Mark Sweney:

Stephen Daintith, finance director at DMGT [which owns the Daily Mail and Mail Online], said the company expects Mail Online to “comfortably” pass £70m for its full financial year to the end of September.

The company has previously said that it was aiming to make £80m in revenue this year, although it has said this is not a “hard target”.

The slowdown prompted analysts at Exane to publish a note to investors earlier this month warning that Mail Online was likely to miss its stated revenue target of £100m by the end of next year.

“We see the recent revenue slowdown of Mail Online (despite strong audience growth) as more structural than cyclical, with mobile, ad blocking and social media all bringing new challenges to monetisation,” said William Packer, analyst at Exane. “We now expect Mail Online to miss their £100m revenue target.”

Daintith admitted that given the slowdown, hitting £100m next year was now a “big goal”.

Never seen adblocking mentioned before in an analyst note, but this is quite a slowdown; previously it was 50%.
link to this extract

Note to readers » Toronto Sun

James Wallace, vp editorial, Toronto Sun:

As a paper, we pride ourselves both on dishing out and taking criticism – especially when the latter comes from our readers.

And part of that conversation has taken place on our online comment boards.

However, the increasing use of Sun comment boards for anonymous, negative, even malicious personal attacks, albeit by a minority, has led us to conclude our current commenting system is not serving the interests of the majority of our readers.

Therefore we have decided, for the time being, to no longer allow commenting on most online articles until we sort out a better and more accountable way for our readers to interact with us and each other.

Like a growing number of news organizations, we are also moving away from anonymous commenting because there are other options that encourage respectful, civil debate.

Much of that debate already takes place on social media.

Should we call this “reader-blocking”? “Comment-blocking”?
link to this extract

Why aren’t some smartphone makers simplifying SKU count to increase profitability? » Forbes

Patrick Moorhead:

many OEMs who never thought they could compete on the global market are now directly competing with Samsung Electronics and Apple for market share and consumers’ mind share. To compete with Samsung Electronics and Apple, many upcoming OEMs are wasting millions of dollars creating too many SKUs that they may eventually never sell. We created an economic model that shows that through SKU consolidation, one could see an 8% margin improvement through aggressive SKU management. This column is a flyover, but you can find more information here.

Apple has 6 SKUs, globally (different models; memory capacity and colour aren’t counted as SKUs) while Samsung’s SKU count is 14 for the Galaxy S6, 13 for the S6 Edge, 6 for the Edge Plus and 1 for the S6 active. That’s 34 SKUs, even before you look at the Note 5 and all the others.

Too many SKUs are an obvious problem because you have to match production, distribution, demand and sales – else you’re left with inventory or other writeoffs.
link to this extract

Start up: YouTube’s smartest change, Google + Huawei, the truth on ads, Windows Phone redux, and more

Posted on July 10, 2015 by charlesarthur

When Javascript hits a particular temperature… Photo by Tom Gill on Flickr.

A selection of 11 links for you. Too much, right? I’m charlesarthur on Twitter. Observations and links welcome.

The ‘terrifying’ moment in 2012 when YouTube changed its entire philosophy » Business Insider

Jillian D’Onfro:

the discovery algorithm often recommended videos that weren’t the best fit. For example, if a user searched for the footage from a recent fight, YouTube might recommend a clip with a thumbnail image of a juicy punch and a title about someone getting knocked out. When the user clicked, the actual video would be not fight footage, but a dude sitting in his living room just talking about the epic punch.

But when the frustrated user clicked through several different videos, the algorithm tallied up the views and counted it as an accomplishment.

“We realized that if we made the viewer click that many times, it didn’t seem to be a good estimate of how much value they were deriving from YouTube,” [YouTube’s director of engineering for search and discovery, Cristos] Goodrow said. “Instead, we realized that if they didn’t leave a video and continued watching, that seemed like a better estimate of the value they were getting.”

So, after bouts of data collection and analysis coupled with countless meetings, YouTube re-jiggered its search-and-discovery algorithm on March 15 to make watch time, not views, the determining factor in what videos to recommend.

Seems obvious. But actually, that’s the sort of customer dissatisfaction that’s really hard to spot in the first place, and then really hard to change – because it upsets the existing order.

Google’s best Android friend » The Information

Amir Efrati:

Unlike other Android hardware partners like Samsung and Xiaomi, Huawei has no ambition whatsoever to compete with Google in mobile software and services. Huawei has agreed to help Google distribute a mobile app store in China, a market where Google has largely been shut out, say people briefed on the talks between the companies. (It remains to be seen whether Google can get a green light from the government to do so.)

Huawei, whose core networking-equipment business has helped it develop relationships with wireless carriers globally, could help Google expand its nascent wireless network service outside the U.S. and work on other wireless experiments to expand Internet access in emerging markets. Google might also seek to license some of Huawei’s patents in that area.

Meanwhile, Huawei this fall will become the first mainland China manufacturer to produce a “Nexus” smartphone together with Google, people with direct knowledge of the project have said. While the phone likely won’t be a big seller, it will serve as a status symbol for a privately-held Chinese firm that is trying to boost its consumer brand around the world and be as beloved as Coca-Cola.

Risky game for Google: Huawei has found it impossible to shake off suspicions in the US about its Chinese ownership and allegations of spying. There’s absolutely no evidence against Huawei, but that isn’t an obstacle for some.

Content blockers, bad ads, and what we’re doing about it » iMore

Rene Ritchie explains why there are sometimes tons of ads on iMore pages – which led one person to write a content blocker for iOS 9. This part though is worth noting:

Just as desktop ads pay far less than old-fashioned print ads, mobile ads pay far less than desktop. Because phone displays are smaller than desktop, ads are also far harder to ignore. They’re not off to the side or a small strip on a big screen. They’re in our faces and in our way.

As more and more people move to mobile, revenue goes down, and the typical response is to amp up the ads in an attempt to mitigate the loss. That, of course, just makes them even more annoying.

Ad networks have not responded well to any of this. Hell, they still haven’t fully responded to Retina and HiDPI displays, and those came out in 2011.

You’d think the ad industry would be at the forefront of user experience, and that making gorgeous, high performance, highly engaging ads would boost conversion and ultimately income for everyone. Unfortunately, it seems like whatever math they’re running shows crappy ads perform well enough that making great ads isn’t worth the extra effort.

Note that first paragraph: “because phone displays are smaller than desktop, ads are also far harder to ignore”. In that case, why do they pay less on mobile, which has more readers?

Scary internet scam becoming disturbingly common » TidBITS

Randy Singer:

While the legions of Mac viruses still haven’t appeared, there is a new nasty out there that takes advantage of this paranoia. It isn’t a virus, a Trojan Horse, or any other sort of actual malware. Instead, it’s more like a phishing scam, using social engineering to get you to do something that the bad guys want you to do. It does it by scaring the willies out of you, and it is becoming disturbingly common. Some call it “scareware” or “ransomware.”

What happens is that you visit a Web site and seemingly have your browser maliciously frozen. You’ll find that you can’t quit, nor can you navigate away from the page by clicking the Back button.

Next, a page or pop-up appears telling you any of a number of stories (often tailored to your location), perhaps that your Mac has a problem or has illegal material on it, or that your data has been encrypted by some malevolent entity.

The real culprit: a (non-destructive) Javascript hack. But if you follow the scam instructions, you will have a real problem.

Musings on autonomous transport: are self-driving Starbucks the future? » Core77

Michael Ditullo:

what happens when the car evolves from a means of transport to a place itself? Commuting to work? Take a Starbucks owned and operated car where you can get a latte and lounge at a table while working on your laptop along the way. A long drive to see the in-laws? Call for a movie car where you can watch a Michael Bay blockbuster in full surround sound on that two hour ride. Need to run some errands and grab lunch? Sounds like a burrito car. Need to work off the day’s stress on the way home? Pick from a workout car or a zen meditation car.

Once upon a time Starbucks called itself the “third place.” Not home, not work, that other place you wanted to go in-between. The self-driving car could very well evolve into that third place, but a place on-the-go. The in-between place becomes something that can also get you where you need to go. I imagine an entire crop of small businesses existing solely on cars. The payment in exchange for the goods and services these businesses provide would pay for the car journey itself.

This all assumes that we’ll need to travel to exactly the same extent. Can we be sure that’s true? Why take the Michael Bay blockbuster car if you could get the same at home? Does the car become a relief from home? So many assumptions are built into the way we view self-driving cars. More working from home, less travel?

The three unlikely lessons from the Microsoft/Nokia Adventure » VisionMobile

Michael Vakulenko:

Looking at the industry through the lens of software-defined business models has helped us to accurately predict years before the story unraveled the duopoly of Apple and Google (2009), the demise of Palm (2009), the outcome of HP’s foray into mobile with WebOS (2010), BlackBerry’s meltdown (2010), and the failure of Windows Phone (2012).

The story repeats in Internet of Things. Much like in mobile, software-defined business models cause deep shifts in how value is created and delivered. The IoT winners will be decided by business model innovation, not by technology, product features or standard committees. VisionMobile’s Stijn Schuermans wrote about it here – What the Internet of Things is not about.

How bad is it for Microsoft if it misses out on the IoT?

Microsoft takes $7.6bn Nokia writedown and cuts 7,800 jobs » FT.com

Richard Waters and Richard Milne with the collateral damage:

The job cuts will include 2,300 of the 3,200 remaining Nokia handset workers in its home country of Finland, adding to a decline in the pulp and paper industry that has led some to dub it the new “sick man” of Europe as unemployment and public debt levels have risen.

Microsoft took on 25,000 workers with the acquisition in April last year, inflating its headcount to 128,000. By the end of March this year it had cut its workforce back to about 119,000.

“In practice, this means the end of Nokia’s old business in Finland,” Juha Sipilä, the country’s prime minister, told a hastily-convened press conference on Wednesday. The situation is so serious in the country, which has been mired in recession for the past three years, that the new centre-right government has called for an extra budget in September to help the affected workers.

Also in the story:

“It’s a repudiation of the Ballmer strategy to buy Nokia,” said Ken Dulaney, an analyst at Gartner. Microsoft should have acquired BlackBerry instead to focus on its core business users, he added — a strategy that the company backed on Wednesday, as Mr Nadella announced a narrowing of the handset division’s focus to making handsets for workers and a smaller number of “flagship” devices.

Yes: Microsoft really should have bought BlackBerry. Wouldn’t have cost much more, and would have been a valuable asset adding to what it’s trying to do. Love to know the discussions that happened, or didn’t, over that.

Wikileaks release indicates Hacking Team sold spyware to FSB, Russia’s secret police » Forbes

Tom Fox-Brewster:

in December 2012, a NICE employee asked Hacking Team whether it had sold directly to the FSB rather than via the Israeli company.

“Yes we did,” the Hacking Team employee responded. “We discussed this opportunity in the past and you were aware of the fact we were working there. I’d like to take advantage of this conversation to ask you a feedback about Azerbaijan.”

Asked about working in Russia, Hacking Team head of communications Eric Rabe said: “We have not sold to blacklisted countries — at least when they were actually on a blacklist. As you know these things can change and a country, that is considered respectable, may later on turn out not to be.”

So classy. Here’s the Wikileaks link, if you’ve got a few spare years to read through the emails.

Hacking Team Flash zero-day tied to attacks in Korea and Japan… on July 1 » Trend Micro

Weimin Wu:

Earlier this week several vulnerabilities were disclosed as part of the leak of information from the Italian company Hacking Team. We’ve noted that this exploit is now in use by various exploit kits. However, feedback provided by the Smart Protection Network also indicates that this exploit was also used in limited attacks in Korea and Japan. Most significantly, these took place before the Hacking Team leak took place; we first found this activity on July 1.

The exploit code we found is very similar to the code published as part of the Hacking Team leak. As a result of this, we believe that this attack was carried out by someone with access to the Hacking Team tools and code.

According to the Adobe security bulletin, the vulnerability CVE-2015-5119 affects all of the latest Flash versions on Windows, Mac, and Linux. Adobe has since provided a security update for this vulnerability.

Not clear from this – and apparently not to Trend Micro either – whether this attack was by Hacking Team, or by someone who had already broken into their systems and was using this attack for themselves.

In other news, Adobe’s security update team must be one of the hardest-working in the industry.

Apple plans record number of new iPhones » WSJ

Lorraine Luk and Daisuke Wakabayashi say it has ordered 85m-90m devices – up from 70m-80m last year:

The changes in the iPhone models expected to be released later this year will be less noticeable than last year’s. The phones are expected to feature Apple’s Force Touch technology that can distinguish between a light tap and deep press, allowing users to control a device differently depending on how hard they push on the screen, according to people familiar with the matter. Apple has added this feature to the Apple Watch and MacBook laptop computer.

In addition to keeping the display size unchanged, Apple is expected to keep the screen resolution about the same, according to people familiar with the matter.

It may offer a fourth color for the aluminum casing of the iPhone, in addition to silver, gold and space gray, these people said.

Force Touch is being signalled so strongly it would be surprising if it weren’t there. (I’ll elucidate later.)

Finland enlists convicted Lizard Squad hacker to fight cyber crime » Newsweek

Caroline Baylon:

17-year-old Julis Kivimaki, a member of the infamous Lizard Squad hacking group, was found guilty of over 50,000 counts of computer crime by a Finnish court, local media have reported, but rather than face prison time, the judge has ordered that Kivimaki himself help “fight against cyber crime”.

The extent of Kivimaki’s punishment will be a two-year suspended sentence, the confiscation of his computer, and being made to return some €6,500 in profits earned from cyber crime.

Kivimaki, known by the online nickname “zekill”, has been hacking since age 15 and committed a wide range of attacks directed at individuals, engaging in online harassment and identity theft, as well as corporations, where he triggered data breaches, hijacking of emails, and stealing credit card information.

To catch a thief…

Start up: who’ll buy HERE?, Loon gets ready, Vermeer and the Apple Watch, web v native redux, and more

Posted on April 24, 2015 by charlesarthur

A Project Loon balloon. Photo by theglobalpanorama on Flickr.

A selection of 8 links for you. Links as in, you know, links. I’m charlesarthur on Twitter. Observations and links welcome.

Microsoft’s Q3 2015: Surface and Lumia up, but profit down » The Verge

Tom Warren:

Microsoft sold 8.6m Lumia devices in the most recent quarter, and the company says that’s an 18% increase over the prior year. Microsoft completed its acquisition of Nokia around this time last year, and neither company revealed Lumia sales at the time, but it’s safe to say they’re rising again. Either way, Windows Phone revenue has dropped by 16%.

While Microsoft is heading towards finalizing Windows 10 in the coming months, the PC market is still fragile. OEM revenue for Windows decreased by a massive 22% this quarter, following an equally bad quarter over the holiday period. Part of this decline is related to less business PC sales, and the general PC market as a whole. Office appears to be a mixed bag for Microsoft. While it’s helping drive commercial revenues, Office consumer revenues declined 41% due to the transition to Office 365 and weaknesses in Japan where Office is popular on PCs. However, Office 365 Consumer subscriptions have grown to 12.4m, so Microsoft is continuing to convince consumers that the cloud is the future.

If 8.6m is an 18% increase, a total of 7.3m were sold (well, shipped) in Q1 2014. The fall in revenue maybe isn’t surprising as the Lumia line has all been focussed on the lower end.

Surface revenue was up 44% year-on-year to $713m. As usual, no news on how many sold.

How Uber surge pricing really works » The Washington Post

Nicholas Diakopoulos:

is Uber’s surge pricing algorithm really doing what they claim? Do surge prices really get more cars on the road?

My analysis suggests that rather than motivating a fresh supply of drivers, surge pricing instead re-distributes drivers already on the road.

I collected four weeks worth of Uber’s dynamic pricing information from their own publicly available data for five locations in Washington, DC. Every 15 seconds between March 15 and April 11, I pinged their servers and collected the surge price and estimated waiting time for an UberX car at those locations. Though only a tiny sliver of all of Uber’s data, it provided an initial window into how their algorithms are working…

…So, why don’t surge prices work to get new drivers on the road? It might simply be that surge prices jump around too much.

Reverse-engineering these algorithms seems to be the way forward.

Nokia targeting Apple, Alibaba and Amazon in maps-unit sale » Bloomberg Business

Nokia Oyj, the Finnish company selling its money-losing maps business, is trying to drum up interest from some of the biggest names in technology including Apple Inc., Alibaba Group Holding Ltd. and Amazon.com Inc., people with knowledge of the matter said.
Those companies as well as Facebook Inc., a group of German carmakers, and private-equity firms are among the companies looking at Nokia’s maps operations, known as HERE, highlighting the ubiquity and utility of location-based services. Nokia is seeking more than €3bn ($3.2bn) from a sale of the unit, said one of the people, who asked not to be identified discussing private information.

Bought it for €8.1bn in 2008; valued at €2bn in the accounts last year. Big lossmaker; the question is how any company that bought HERE would be able to make the purchase worthwhile in monetary terms.

Google’s Project Loon close to launching thousands of balloons » Computerworld

Martyn Williams:

Google says its Project Loon is close to being able to produce and launch thousands of balloons to provide Internet access from the sky.

Such a number would be required to provide reliable Internet access to users in remote areas that are currently unserved by terrestrial networks, said Mike Cassidy, the Google engineer in charge of the project, in a video posted Friday.

The ambitious project has been under way for a couple of years and involves beaming down LTE cellular signals to handsets on the ground from balloons thousands of feet in the air, well above the altitude that passenger jets fly.

“At first it would take us 3 or 4 days to tape together a balloon,” Cassidy says in the video. “Today, through our own manufacturing facility, the automated systems can get a balloon produced in just a few hours. We’re getting close to the point where we can roll out thousands of balloons.”

Why Apple Watch margins should set a new record for Apple » carlhowe.com/blog

Carl Howe with a new thought experiment:

Last week, I asked readers to imagine how they’d manufacture a million Origami lobsters out of paper. I’m going to continue that though experiment theme this week with a different question. If you’re not interested in such context, skip ahead to the next section where we’ll dive into revisions to the model I posted last week.

Meanwhile, this week’s thought experiment question is this:

What were the parts cost and gross margin of a Johannes Vermeer painting in his day?

Johannes Vermeer, of course, was a modestly successful 17th century Dutch painter, known for such paintings as Girl with a Pearl Earring and The Music Lesson. Art historians the world over praise his works for their subtle portrayal of light and his use of brilliant and lifelike color. Today, historians attribute 34 surviving paintings to undoubtedly be Vermeer’s work. While priceless due to their rarity, owners who have sold Vermeer paintings have invariably seen prices in the tens of millions of dollars.

But what did they cost to paint?

In other words, why do we think it’s OK for art to have high added value, but not technology? The whole post is wonderful.

In Google case, do what’s best for consumers » TheHill

Thomas Lenard:

Since the FTC closed its [antitrust investigation] case in 2013, the search space has become, if anything, more competitive. In addition to competition from general search engines such as Bing, Google faces competition from Facebook, Apple (Siri) and Amazon — all of which perform search functions. There is vigorous competition in shopping sites in Europe with Amazon and eBay being the major players. Numerous local shopping sites provide additional competition. In fact, Google is a minor player with a very small share of this (online shopping) market. And there is a whole new world of apps through which consumers search for a variety of information, including product information.

Thus, despite the fact that Google’s share of general search is higher in Europe than in the U.S., it is unlikely the European authorities will now find harm to consumers or to competition where the U.S. authorities didn’t.

Lenard is a senior fellow at the Technology Policy Institute, whose “supporters” include Amazon, Facebook, Intel, the MPAA, Motorola, Yahoo and – hey! – Google. I include this to show the way that one can distort reality by chucking some names in: look at all the alternative search engines! Bing, Yahoo, DuckDuckGo, er, Yandex.. but the reality is that none has more than a tiny fraction of the market in Europe. It’s like Microsoft suggesting that there are loads of desktop OSs – MacOS, Ubuntu, FreeBSD, umm..

And while Google might be a minor player in the local shopping market, the EC data (and to some extent Google itself) suggests it would be nowhere if Google Shopping had to compete in the same way as all the other shopping sites – and hadn’t penalised the search ranking and access to AdWords of rivals (who then complained).

And, finally, “harm to consumers” isn’t the EC test for antitrust. It’s the US test.

Skipping the web » Remains of the Day

Eugene Wei:

Having grown up in the U.S., the web was one of the first and still longest-running touchpoint to the internet. My first was using newsgroups in college, and the web came about towards the end of my undergrad days. I can understand why so many in the U.S. are nostalgic and defensive of the web as a medium. Seeing so much content and online interaction move behind the walls of social networks seems like an epic tragedy to many, and I empathize.

Many people in India, China, and other parts of the world, where bandwidth is low and slow, and where mobile phones are their one and only computer, have no room for such sentimentality. They may never have experienced the same heyday of the web, so they feel no analogous nostalgia for it as a medium. Path dependence matters here, as it does in lots of areas of tech, and one of the best ways to detect it is to widen your geographic scope of study outside the U.S. Asia is a wonderful comparison group, especially for me because I have so many friends and relatives there and because I still interact with them online at a decent frequency.

In the U.S., many tech companies were lauded as pioneers for going mobile first when in Asia companies are already going mobile only.

Mobile malware is like Ebola – an overhyped threat » Net Security

Reporting from the RSA Conference 2015:

In 2012, monitoring 33% of US Mobile Data Traffic, Damballa saw 3,492 out of a total of 23M mobile devices – 0.015% – contacting a domain on the mobile blacklist (MBL). In Q4 2014, monitoring nearly 50% of US Mobile Data Traffic, only 9,688 out of a total of 151M mobile devices contacted mobile black list domains (.0064%). The National Weather Services says the odds of being struck by lightning in a lifetime are 0.01%.

“This research shows that mobile malware in the Unites States is very much like Ebola – harmful, but greatly over exaggerated, and contained to a limited percentage of the population that are engaging in behavior that puts them at risk for infection,” said Charles Lever, senior scientific researcher at Damballa. “Ask yourself, ‘How many of you have been infected by mobile malware? How many of you know someone infected by mobile malware?’”

Start up: so who did hack Sony? Apple on Pay, Pegatron workers, BlackBerry’s phone timing, and more

Posted on December 19, 2014 by charlesarthur

“Hey, from here you can see the posters for The Interview coming down!” Photo of Pyongyang, North Korea, by orangetruck1 on Flickr. (Searching Flickr for CC-licensed photos of “North Korea” yields some strangely anodyne pictures from “North Korea travel”.)

A selection of 9 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Why the Sony hack is unlikely to be the work of North Korea >> Marc’s Security Ramblings

Marc Rogers, with the only piece you need to read on the Sony hack, making 10 points (a couple excerpted here):

It’s clear from the hard-coded paths and passwords in the malware that whoever wrote it had extensive knowledge of Sony’s internal architecture and access to key passwords. While it’s plausible that an attacker could have built up this knowledge over time and then used it to make the malware, Occam’s razor suggests the simpler explanation of an insider. It also fits with the pure revenge tact that this started out as.

4. Whoever did this is in it for revenge. The info and access they had could have easily been used to cash out, yet, instead, they are making every effort to burn Sony down. Just think what they could have done with passwords to all of Sony’s financial accounts? With the competitive intelligence in their business documents? From simple theft, to the sale of intellectual property, or even extortion – the attackers had many ways to become rich. Yet, instead, they chose to dump the data, rendering it useless. Likewise, I find it hard to believe that a “Nation State” which lives by propaganda would be so willing to just throw away such an unprecedented level of access to the beating heart of Hollywood itself.

5. The attackers only latched onto “The Interview” after the media did – the film was never mentioned by GOP right at the start of their campaign.

CNN was reporting on Thursday night that (unnamed) hackers stole a sysadmin’s credentials to get access to the company’s system. That fits with everything we know, though that’s not unknown for hackers who aren’t nation states; it’s been used by external hackers trying to get into companies for ages. What doesn’t fit a nation state attack is what Rogers points to in No.4: if North Korea wanted, it could ruin Sony silently.

What still puzzles me is why US sources are indicating that they think it is North Korea. Perhaps I’m too disbelieving it would do something weird like this.

Apple Pay will change marketing, not just payments >> Business Insider

If you think Apple Pay is only about payments, you’re not alone. UBS recently noted that Apple Pay (unlike Google Wallet) doesn’t let you “push” offers to people, and speculated that flaw would keep some merchants away from the platform.

[CEO of Vibes, Jack] Philbin disagrees because Apple already has a way for merchants to push these offers: Passbook.

“The marketing is done through Passbook,” said Philbin. “Apple Pay is just the payment functionality.”

Passbook has been around since 2012. What’s changed is that iPhone users are paying a lot more attention to their mobile wallets now that there’s an easy way to pay for things from their phones as well.

Vibes’ clients — which include retailers like Gap, The Home Depot, and Bloomingdales— saw a 54% increase in people installing coupons or loyalty cards into Passbook from September to October, which Philbin attributes to the introduction of Apple Pay.

Apple ‘failing to protect Chinese factory workers’ >> BBC News

Filming on an iPhone 6 production line showed Apple’s promises to protect workers were routinely broken. It found standards on workers’ hours, ID cards, dormitories, work meetings and juvenile workers were being breached at the Pegatron factories.

Apple said it strongly disagreed with the programme’s conclusions. Exhausted workers were filmed falling asleep on their 12-hour shifts at the Pegatron factories on the outskirts of Shanghai.

One undercover reporter, working in a factory making parts for Apple computers, had to work 18 days in a row despite repeated requests for a day off. Another reporter, whose longest shift was 16 hours, said: “Every time I got back to the dormitories, I wouldn’t want to move.

“Even if I was hungry I wouldn’t want to get up to eat. I just wanted to lie down and rest. I was unable to sleep at night because of the stress.”

Apple declined to be interviewed for the programme but said “”We are aware of no other company doing as much as Apple to ensure fair and safe working conditions.We work with suppliers to address shortfalls, and we see continuous and significant improvement, but we know our work is never done.”

Pegatron’s Wikipedia entry doesn’t say who else it makes things for. Its corporate social responsibility report for 2013 (PDF) says “‘Joyful Working; Happy Living’ is Pegatron Group’s caring philosophy to employees.” Some employees, perhaps.

Former Apple supplier Wintek shutters China plants >> FT.com

Taiwanese group Wintek, formerly a major supplier of touchscreens for Apple’s iPhone and iPad, has shuttered two plants in southern China and axed 7,000 jobs, leaving unpaid suppliers to chase debts of Rmb230m ($37m).

Armed police surrounded the plants in the city of Dongguan as workers collected their final pay this week, while suppliers demonstrated in front of the factories.

The company sought insolvency protection in October, filing in Taiwan for a restructuring of more than NT30bn ($961m) in debts owed to both local and mainland lenders and suppliers.

The move to in-panel technology with the iPhone 5 didn’t go Wintek’s way; now it’s laying off thousands of staff and may go bust. Keeping up with Apple’s demands is tough.

Stop the presses! >> Counternotions

Kontra, on the dire “reporting” of the (untrue) suggestion by the replacement plaintiff’s lawyers that Apple had deleted songs on peoples’ iPods (it hadn’t):

Yes, journalism isn’t exact science, but from epidemiology to space exploration, from technology reporting to business coverage, the sheer amount of fact-free, opinion-framing ‘news’ is now exceeding our collective ability to notice, care or correct. Yes, journalism has always been messy, but the speed with which it’s generated, aggregated and distributed may now be overwhelming us. Yes, we have ever growing access to filtering software to shape our own sphere of coverage, and yet tens of millions of people read, and likely most believed, that Apple had deliberately and secretly deleted competitors’ songs from users’ iPods, an impression which may never be sufficiently corrected.

All people needed to do was say “Apple deleted songs, court told” and they’d have been factually correct, even if the claim is bunkum.

Sony Pictures employees now working in an office “from ten years ago” >> TechCrunch

John Biggs:

She works for Sony Pictures. She said she’s now working in an office on lock-down, a throw-back to an earlier time when the Internet wasn’t around.

“We are stuck in 1992 over here,” she said.

She requested anonymity but agreed to talk a bit about her day-to-day experience as a Sony Pictures Employee post-hack. She said things were getting back to normal and were, in some ways, more pleasant.

But the thing that bothers her most is the need to depend on old technology to do new work, now.

“We had barely working email and no voicemail so people talked to each other. Some people had to send faxes. They were dragging old printers out of storage to cut checks,” she said. “It was crazy.”

…“My bank account was hacked [on the day of the first attack,]” said our source who works at SPE offices in Los Angeles. “At first we just thought it was total coincidence.”

Now she suspects someone found something in the email dump that allowed them to access her accounts.

Smart journalism from Biggs.

Why the BlackBerry Classic is critical to the new BlackBerry >> CNET

Roger Cheng:

CEO John Chen made a few remarks, then pulled out the Classic for a photo opportunity. But as the presentation went on, it was clear whom the company was targeting: the IT guy working in a highly regulated business.

The conversation dashed past the typical walkthrough of the Classic’s features, spending a healthy chunk of time on the phone’s enterprise software capabilities and looping in guests like the chief information officer for Citco Fund Services, the founder of Niederhoffer Capital Management and the chief operating officer of Ontario-based Mackenzie Richmond Hill Hospital.

It’s a far cry from Alicia Keys, the pop music sensation BlackBerry once played up as its “global creative director.”

The timing of this launch fascinates me: two days before BlackBerry announces its quarterly results. Look back to September, and BlackBerry launched the Passport on 24 September – two days before it announced (not great) results.

And yes, BlackBerry’s quarterly results are today (Friday) at 1300GMT. Analyst forecasts are for $936m in revenue (a fall against the year-ago period) and a 5c per share loss. Perhaps we’ll hear how many Passports were sold, and whether it has a future.

Different relationships with their phones: iPhone versus Android >> The Network Garden

Mark Sigal did some user testing:

in the new app that we are building, one question in user testing was how important having a desktop web version of the functionality would be.

Get this, 90% of the Android users thought it was pretty important, most commonly because the test user saw the PC as the central part of their computing experience — even though the app is for a highly mobile type of action.

By contrast, 90% of the iPhone users looked cockeyed at the question, noting that the action is designed for palm in the hand, on the go types of behaviors, adding (I’m paraphrasing) that their iPhone is their hub, not the PC.

Same questions. Same product feature for feature; a variety of young to middle age males and females, and the only difference is iPhone versus Android.

His blog is worth reading more generally.

Nokia publishes maps on your iPhone, leaves Lumia in the shadows >> IT Vikko

This is a link to the Google Translation of this page (the headline is from the Bing translation, but it doesn’t have a static URL):

Nokia is not planning to upgrade in the near future the Here Maps application for Lumia phones. “When Nokia made handsets, we were a little different. Now, we are developing application on the basis of a realistic markets.”

Ouch. Harsh divorce; the parent doesn’t want to see its child any more.

Start up: Roombas v dogs, native v web redux, Intel’s mobile loss, Samsung slims, and more

Posted on November 19, 2014 by charlesarthur

“Hatin’ on Roomba” by obloquy on Flickr

A selection of 8 links for you. Use them wisely. I’m @charlesarthur on Twitter. Send links, comments, etc there, or drop them at the end of the article.

Intel to combine PC and mobile chip divisions to reflect market shifts >> Computerworld

The Mobile and Communications Group, as it’s known, will be broken up. The teams that develop mobile processors will join the new client group, while the remainder, which builds modems, will be part of a new wireless R&D group.

Herman Eul, who leads the mobile group today, will oversee the move to the new structure until at least the end of the first quarter, with a new role for him to be announced after that, Mulloy said.

The reorganization comes as Intel battles to improve its position in the market for smartphones and tablets, which is dominated by chips based on designs from Arm Holdings, a UK competitor.

The Mobile and Communications Group reported an operating loss of more than US$1bn in the third quarter, in part because it’s been making payments to tablet makers to encourage them to use its chips. As a result of those and other efforts, Intel has said it aims to get its processors into 40m new tablets this year.

Ah. A good way to bury bad losses.

Samsung plans to cut smartphone models by up to 30% in 2015 >> WSJ

Here we are in November 2014:

Samsung Electronics said it would reduce the number of smartphone models it offers next year, part of a move to cut costs to combat declining profit.

The South Korean technology major said it would cut the number of models by about 25% to 30%, Robert Yi, head of investor relations, said during a presentation in New York. His remarks were confirmed by a company spokesman Tuesday.

Samsung didn’t disclose the exact number of models that would be affected by the reduction.

Yeah, so cost-cutting. But now – with thanks to Stefan Constantine – let’s revisit Nokia in April 2011:

An unnamed Nokia Executive, in an interview with the Hindustan Times, has said: “We will be launching 40 models in 2011 of which at least 30% would be smartphones.” This news isn’t exactly making us bust out the champagne because that’s right around how many models Nokia has been releasing every year for the past five years. The Finnish firm has consistently told us that they’re going to take a “more wood behind fewer arrows” approach, meaning that they’ll come out with less new models, but said models would be further refined, but we’ve yet to actually see that materialize.

“Fewer models” seems easy to say, but when your business has been about “lots of models” is hard to do.

Google’s secret NSA alliance: The terrifying deals between Silicon Valley and the security state >> Salon.com

Remember when Google’s servers were broken into by Chinese hackers at the end of 2009? Shane Harris points out that something more happened afterwards:

On the day that Google’s lawyer [David Drummond] wrote the blog post [condemning China], the NSA’s general counsel began drafting a “cooperative research and development agreement,” a legal pact that was originally devised under a 1980 law to speed up the commercial development of new technologies that are of mutual interest to companies and the government. The agreement’s purpose is to build something — a device or a technique, for instance. The participating company isn’t paid, but it can rely on the government to front the research and development costs, and it can use government personnel and facilities for the research. Each side gets to keep the products of the collaboration private until they choose to disclose them. In the end, the company has the exclusive patent rights to build whatever was designed, and the government can use any information that was generated during the collaboration.

It’s not clear what the NSA and Google built after the China hack. But a spokeswoman at the agency gave hints at the time the agreement was written. “As a general matter, as part of its information-assurance mission, NSA works with a broad range of commercial partners and research associates to ensure the availability of secure tailored solutions for Department of Defense and national security systems customers,” she said. It was the phrase “tailored solutions” that was so intriguing. That implied something custom built for the agency, so that it could perform its intelligence-gathering mission.

According to officials who were privy to the details of Google’s arrangements with the NSA, the company agreed to provide information about traffic on its networks in exchange for intelligence from the NSA about what it knew of foreign hackers. It was a quid pro quo, information for information.

Must-read. Including this:

Google’s Sergey Brin is just one of hundreds of CEOs who have been brought into the NSA’s circle of secrecy. Starting in 2008, the agency began offering executives temporary security clearances, some good for only one day, so they could sit in on classified threat briefings.

Starts slow. Goes deep, deep.

4K lens development limited by physics >> TVTechnology

Craig Johnston:

Large venue live sports production promises to be a huge market for 4K production equipment in what could be the very near future. And while there are 4K cameras aplenty, switchers that can be upgraded and a host of other 4K equipment ready to go, there’s no long focal-range, highly telephoto 4K lenses to mate with the Super 35 single-sensor cameras.

The motto of high quality lens makers might as well be: “Physics will fight you.”

“When we talk about a 100×1 zoom, and the 35mm sensor, 4K, we’re talking about something we don’t think is very practical today,” said Larry Thorpe, national marketing executive at Canon USA Inc. “Once you jump from 2/3-inch imagers up to something like a Super 35, you set a baseline in element sizes, so the lens by definition is going to be larger.”

Long story short, it’s going to be expensive, or perhaps just not feasible.

Samsung strikes chip deal with Apple >> Korea Times

“Apple has designated Samsung as the primary supplier of its next A-series chips powering iOS devices from 2016 as the alliance with GlobalFoundries (GF) enabled Samsung to cut off capacity risk,” a source familiar with the deal said.

The value of the deal is said to be worth “billions of dollars,” according to the sources.

Production of the APs will start early next year at Samsung’s local factory in Giheung, Gyeonggi Province, and the volume will grow as Samsung plans to use its facilities in Austin, Texas and the GF-owned factory in New York for increased output, another source said.

That will be about 80% of the application processors for iOS devices. Good for Samsung, though doesn’t really get its flywheel (make chips and screens for more profitable devices such as its own smartphones) turning.

Nokia partners with Foxconn to take on Apple with tablet device >> FT.com

Daniel Thomas:

Ramzi Haidamus, Nokia’s technology chief, said the N1 tablet would be as good as Apple’s iPad mini but cost less. He added that it was just the first consumer product that would be designed and labelled as Nokia devices.

“It’s the first of many coming – more SKUs [items for sale], more sizes, more features,” he told the Financial Times in his first interview since becoming head of Nokia’s technology division three months ago. “We will go beyond tablets for sure.”

Nokia is prohibited from making smartphones until 2016 under the terms of the sale of its handset business to Microsoft. But Mr Haidamus said that “we will be looking at going into the cell phone licensing business post-Microsoft rights”.

The N1 is the first Nokia-branded consumer device brought to market following the sale of the Lumia and Asha businesses to Microsoft. Nokia did not manufacture tablets.
The company said it would be the first tablet operated by a “predictive engine” that gradually learnt a user’s habits and created customised shortcuts to commonly used apps, contacts and web content.

The tablet has a 7.9 inch screen, a 2.4Ghz 64-bit quad-core processor, 2GB of memory and 32GB of storage.

Foxconn also makes lots of Apple devices, and is partnering with BlackBerry too. Big ambitions. Can’t see Nokia’s tablet making much impression on the Chinese market though.

Native apps are part of the web >> Daring Fireball

John Gruber wrote the complete rejoinder (with some pointed notes about paywalls and free sites) to Christopher Mims’s “web is dying” piece from the previous roundup:

Users love apps, developers love apps — the only people who don’t love apps are pundits who don’t understand that apps aren’t really in opposition to the open Internet. They’re just superior clients to open Internet services. Instagram didn’t even have a web interface for years, but native app clients for iOS and Android didn’t lock Instagram into anything. Their back-end is just as open as it would have been if they had only had a web browser client interface. They just wouldn’t have gotten popular.

I spoke about this four years ago at O’Reilly’s Web 2.0 conference, in a talk titled “Apple and the Open Web: A Love Story”. The gist of it being that native iOS apps (and native apps for Android, Mac OS X, Windows, and everything else) aren’t in opposition to the “web”. They live on top of the web. A new layer. They are alternatives to websites that run in web browsers. They’re just better clients.

Clear thinking is easy to recognise when you see it. This is an example. Although the debate goes on: Tim Bray says on Twitter: “What @gruber says is correct, but native apps have gatekeepers, browser apps don’t. Call me old-fashioned, but that really bothers me. It doesn’t trump all the other issues, but it’s a big deal.” (The discussion continued on Twitter.)

When dogs and robots collide, somebody needs a talking to >> WSJ

This dates from 2008, but is still relevant:

To keep the peace at home, Keith Hearn had to scold his new robotic vacuum cleaner.

The trouble started when Mr. Hearn first turned on his Roomba automatic cleaner. When the device started scooting around the floor, Mr. Hearn’s dog, Argos, attacked it.

Seeking help, Mr. Hearn found an online forum dedicated to the hundred-dollar Roomba buzzing with similar stories of pet assailants. Owners were offering advice. Among the most popular: chastise the vacuum in front of the dog.

And so, with Argos looking on, Mr. Hearn shook his finger at his gadget and sternly called it “a bad Roomba.” Argos appeared to be mollified. “After that, he never tried nipping at it again,” says Mr. Hearn, a software engineer in San Carlos, Calif.

We’re only just beginning to get self-organising devices in the home, but where will pets fit into the internet of things? They have their own social structures that they believe exist.