Tag Archives: physics

Start up: Schrödinger’s Satoshi, the trouble with VC funding, stalking with Waze, dentists get malware, and more

Posted on by
Reply

Would you put yourself in front of a rifle underwater?

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link. So troubling

A selection of 10 links for you. Proceed in a westerly direction. I’m charlesarthur on Twitter. Observations and links welcome.

Craig Wright’s New Evidence That He Is Satoshi Nakamoto Is Worthless | Motherboard

Jordan PEarson and Lorenzo Francheschi-Bucchierai:

»While that [blogpost signature] looks legit, according to experts, the evidence Wright provided seems to actually be worthless. As it turns out, Wright simply reused an old signature from a bitcoin transaction performed in 2009 by Satoshi.

Dan Kaminsky, a well-known security researcher, wrote in a post debunking Wright’s alleged evidence that the whole thing is a scam. “Satoshi signed a transaction in 2009. Wright copied that specific signature and tried to pass it off as new,” he added on Twitter. “He’s lying. Full stop.”

Longtime bitcoin developers also pointed out that this signature could have been copied from a public source, and does not prove that Wright controls the associated addresses.

“It would be like if I was trying to prove that I was George Washington and to do that provided a photocopy of the constitution and said, look, I have George Washington’s signature,” Bitcoin developer Peter Todd said.

Todd added that someone contacted him by email two weeks ago, claiming to be Satoshi, and using the same signature trick as proof. He says he ignored the email.

«

In the space of a few hours this story went from “Bitcoin inventor found!” to “HOAAAAXX!”, leaving a lot of very puzzled citizens in the middle. The point about the “ignored email” could be key: if Wright, or someone, has been hawking this around, something is fishy.
link to this extract

 

Physicist fires a gun at himself underwater to prove a point » Mashable

»

To demonstrate the difference between air and water resistance, Norweigan physicist Andreas Wahl decided to plonk himself in front of a submerged rifle and pull the trigger.

«

Fantastic. Turns out that if you search on Wahl’s name on YouTube, he’s done a ton of these sorts of experiments.

It does however show that Leonardo DiCaprio need not have been so worried when he jumped into that river while being pursued by rifle-wielding enemies in The Revenant. Bigger risk was hypothermia.

link to this extract

 

Theranos and Elizabeth Holmes expose the perverse incentives at work in Silicon Valley » Quartz

Jay Edelson and Christopher Dore, of the law firm Edelson (which has taken class actions against a number of tech companies), argue that the VC model drives companies to ignore rules:

»Take Zynga, the gaming company responsible for Farmville, which has earned the moniker “Scamville” for its allegedly deceptive advertising. The co-founder of Zynga, Mark Pincus, famously said, “I knew I needed revenues…. Like I needed revenues now. So I funded the company myself but I did every horrible thing in the book … just to get revenues right away.” While Pincus, incredibly, made this statement in public, he expressed the private sentiment of countless entrepreneurs faced with the ticking of the VC clock. (Disclosure: our law firm, Edelson PC, has brought class-action lawsuits against Zynga and some of the other companies mentioned below, but not for the conduct discussed in this article.)

This is bad for investors, including venture investors who care just about growth. (Fraudulent companies are, at best, an unreliable source of revenue.) But the reckless pursuit of growth often comes at consumers’ expense as well. That’s because the way that companies grow rapidly is to expand their user bases by hook or by crook, in a process called “growth hacking.”

One of the most common examples of this involves “spam-viting,” or hijacking a consumer’s contact list to blast them with text messages or emails, knowingly in violation of various federal and state statutes. Companies spam-vite because it works. Sending millions of text messages or emails to consumers, dressed up as if they came from those consumers’ friends, is a viable, illegal way to grow a business quickly. LinkedIn, for example, settled a lawsuit for $13 million over its practice of repeatedly sending “add connections” emails to a new user’s entire email contact list. And TextMe, a text-based social network, generated its growth by sending a large volume of text messages to new user’s phone contacts, although it eventually won its legal battle with the Federal Communications Commission.

The pressure to growth-hack begets pressure to disregard the law, at least temporarily.

«

This is a terrific essay; you read it and think “wow, that’s so true”. The saying in Silicon Valley is “it’s better to ask forgiveness than ask permission”; it’s how so many of today’s giants got started – Google, YouTube, Uber and AirBnB being particular examples. All broke, or break, the rules in many ways regularly.
link to this extract

 

Google and Microsoft have made a pact to protect surveillance capitalism » The Guardian

Julia Powles on the surprising (to many) decision by Microsoft to withdraw from antitrust complaints and lobbying against Google:

»Microsoft today is facing a very different business ecosystem to the one it dominated in the 1990s. It needs to adapt. And it appears to want to do so by positioning itself at the heart of what Satya Nadella describes as “systems of intelligence”.

Explaining this concept at Hannover Messe 2016, Nadella defined systems of intelligence as cloud-enabled digital feedback loops. They rely on the continuous flow of data from people, places and things, connected to a web of activity. And they promise unprecedented power to reason, predict and gain insight.

This is unbridled Big Data utopianism. And it is a vision that brings Microsoft squarely into Google territory. So maybe Microsoft is pulling out of regulatory battles because it doesn’t want to shoot itself in the foot. For emeritus Harvard Business School professor Shoshana Zuboff, this gets to the core of the Google-Microsoft deal.

Zuboff is a leading critic of what she calls “surveillance capitalism”, the monetization of free behavioral data acquired through surveillance and sold on to entities with an interest in your future behaviour. As she explained to the Guardian: “Google discovered surveillance capitalism. Microsoft has been late to this game, but it has now waded in. Viewed in this way, its agreement with Google is predictable and rational.”

«

link to this extract

 

Are maps necessary? » ROUGH TYPE

Nick Carr, musing on Jason O’Beirne’s post (linked yesterday) about the changes in Google Maps over the years:

»O’Beirne is a bit mystified by the changes Google has wrought. He suspects that they were inspired by a decision to optimize Google Maps for smartphone displays. “Unfortunately,” he writes, “these ‘optimizations’ only served to exacerbate the longstanding imbalances [between levels of detail] already in the maps. As is often the case with cartography: less isn’t more. Less is just less. And that’s certainly the case here.”

I’m sure that’s true. Adapting to “mobile” is the bane of the modern interface designer. (And, you’ll note, the “cleaner” Google Map provides a lot of open space for future ad placements.) But, when it comes to maps, there’s something more profound going on than just the need to squeeze a map onto a tiny screen. Implicit in the Google changes is the obsolescence of the map as a navigational tool. Turn-by-turn directions and automated route selection mean that fewer and fewer people ever have to figure out how to get from one place to another or even to know where they are. As a navigation aid, the map is a vestigial organ. So why not get rid of the useful details and start to think of the map as merely a picture or an image, or a canvas for advertisements?

«

Carr has such a deliciously sardonic tone, yet deployed so sparingly and precisely, it’s shocking he isn’t British.
link to this extract

 

Drake’s Spotify gamble is paying off: Views just made $8m in a day » Music Business Worldwide

Tim Ingham:

»On Friday (April 29), Beyonce’s Lemonade became the biggest album of the year so far in the US.

Within another 24 hours, Drake’s Views had surpassed Lemonade’s entire week-one album download figure, with around 600,000 sales.

Views is now easily on course to smash through a million North American sales before the weekend.

Drake and his team will have breathed a big sigh of relief at this news – early vindication for a digital strategy which was by no means a safe bet.

Aside from its status as one of the most eagerly anticipated records of the year, Views (previously ‘Views From The 6’), is a complete Apple exclusive.

In its first week, it’s available to stream on Apple Music and buy on iTunes, but not available anywhere else – including physical stores.

Significantly, fans can’t ‘un-bundle’ Views on iTunes, as they could with Beyonce’s Lemonade last week; they only have the option to buy it as one package, with the exception of recent singles One Dance and Hotline Bling.

Drake took a sizable risk with this approach.

«

Really interested by how some artists can still hit it out of the ground by going for the download-only/one-service-only approach, while others can’t. It’s not just about age, either.
link to this extract

 

A poem about Silicon Valley, made up of Quora questions » Fusion

Jason Gilbert:

»Why do so many startups fail?
Why are all the hosts on CouchSurfing male?
Are we going to be tweeting for the rest of our lives?
Why do Silicon Valley billionaires choose average-looking wives?

What makes a startup ecosystem thrive?
What do people plan to do once they’re over 35?
Is an income of $160K enough to survive?
What kind of car does Mark Zuckerberg drive?

«

And there’s more. This is splendid.
link to this extract

 

Dental Assn mails malware to members » Krebs on Security

Brian Krebs:

»The American Dental Association (ADA) says it may have inadvertently mailed malware-laced USB thumb drives to thousands of dental offices nationwide.

The problem first came to light in a post on the DSL Reports Security Forum. DSLR member “Mike” from Pittsburgh got curious about the integrity of a USB drive that the ADA mailed to members to share updated “dental procedure codes” — codes that dental offices use to track procedures for billing and insurance purposes…

«

It had a launcher which would take a PC to a site which would try to download malware; and few antivirus checkers would find it.

»

In response to questions from this author, the ADA said the USB media was manufactured in China by a subcontractor of an ADA vendor, and that some 37,000 of the devices have been distributed. The not-for-profit ADA is the nation’s largest dental association, with more than 159,000 members.

“Upon investigation, the ADA concluded that only a small percentage of the manufactured USB devices were infected,” the organization wrote in an emailed statement.

«

One should now routinely assume that anything involving (a) Flash (b) USB drives is potentially a malware route. Fortunately, both are avoidable in normal life.
link to this extract

 

Yahoo’s $8bn black hole » Bloomberg Businessweek

Max Chafkin and Brian Womack:

»In some ways, [Yahoo CEO Marissa] Mayer’s strategy has worked. Yahoo’s apps have received stellar marks from both reviewers and users, and the company has created new lines of business that accounted for $390m in revenue last quarter. “Mavens as a revenue source didn’t exist at all in 2011 and was nascent in 2012,” Mayer said proudly on the February earnings call, using an acronym that stands for “mobile, video, native advertising, social.” Yahoo has more than 600 million mobile users, up from about 150 million before she took the job.

But those improvements are nowhere near big enough to turn the company around. “Marissa likes to present Mavens as though it should be compared to some nascent startup,” says SpringOwl’s Jackson. But startups, he points out, don’t begin with a billion users. “It’s as if Yahoo took an above-ground pool, dumped it into a bucket, and said, ‘Wow, we’re really filling up this bucket fast,’ ” he says.

And that traffic isn’t necessarily users delighting in Mayer’s new products and telling their friends; much of it comes from Yahoo paying ever-larger sums to other companies to direct their users to Yahoo’s sites and apps. It paid almost $900m in traffic acquisition fees in 2015, up from $200m in 2014. Predictably, Yahoo users are spending less and less time with its sites. A report by The Information, a tech news site, showed that as of early December, the average time spent on Yahoo properties had declined 32% for Yahoo Mail, 29% for the home page, and 20% for Tumblr over the previous 12 months.

«

link to this extract

 

If you use Waze, hackers can stalk you » Fusion

Kashmir Hill:

»Last week, I tested the Waze vulnerability myself, to see how successfully the UC-Santa Barbara team could track me over a three-day period. I told them I’d be in Las Vegas and San Francisco, and where I was staying—the kind of information a snoopy stalker might know about someone he or she wanted to track. Then, their ghost army tried to keep tabs on where I went.

The researchers caught my movements on three occasions, including when I took a taxi to downtown Las Vegas for dinner:

And they caught me commuting to work on the bus in San Francisco. (Though they lost me when I went underground to take the subway.)

The security researchers were only able to track me while I was in a vehicle with Waze running in the foreground of my smartphone. Previously, they could track someone even if Waze was just running in the background of the phone. Waze, an Israeli start-up, was purchased by Google in 2013 for $1.1 billion. Zhao informed the security team at Google about the problem and made a version of the paper about their findings public last year. An update to the app in January of this year prevents it from broadcasting your location when the app is running in the background, an update that Waze described as an energy-saving feature. (So update your Waze app if you haven’t done so recently!)

«

The only way not to be trackable is to choose to be “invisible”. Or not to use Waze, of course. Once more, it’s a theoretical risk – you’d need clever, determined hackers to use it against you – but it also shows how much data these apps leak intentionally.
link to this extract

 

Errata, corrigenda and ai no corrida: none notified.

Did you miss yesterday’s Start up: Overspill? Google’s health data grab, Intel’s mobile halt, satire wars, iPad Pro beats Surface Pro, and more.

Start up: Google v security redux, how your browser can track you, unboiling eggs (really), Android MVNO = flop, and more

Posted on by
Reply


Don’t worry, we’ll soon have that nice and runny for you. Photo by Sidereal on Flickr.

A selection of 10 links for you. Avoid contact with hands. I’m charlesarthur on Twitter. Observations and links welcome.

This guy found a way to block robocalls when phone companies wouldn’t » WIRED

Robert McMillan:

Aaron Foss won a $25,000 cash prize from the Federal Trade Commission for figuring out how eliminate all those annoying robocalls that dial into your phone from a world of sleazy marketers.

The year was 2013. Using a little telephone hackery, Foss found a way of blocking spammers while still allowing the emergency alert service and other legitimate entities to call in bulk. Basically, he re-routed all calls through a service that would check them against a whitelist of legitimate operations and a blacklist of spammers, and this little trick was so effective, he soon parlayed it into a modest business.

Last year, his service, called Nomorobo, blocked 15.1 million robocalls. He uses cloud computing services—primarily Amazon Web Services and Twilio—to block Florida timeshare sellers and fake Microsoft support gurus from the 190,000 VOIP customers1 who use his free product.

I know, you’re saying “Where do I sign up??” Except for this addendum to the story:

113:00 EST. Correction. An earlier version of this story stated that the Nomorobo service works with mobile phones. It runs on VOIP phones only.

Damn.

How you can be tracked by your browser’s fingerprint and how you can stop it » CompTutor

You have your browser set to Private Browsing or Incognito mode where it doesn’t store coookies or history. You load up your favorite VPN, Tor, or I2P and are thinking, “I am totally secure and no one can track me now.” Wrong. You still are possibly leaving a digital fingerprint or browser fingerprint behind. Just because you have a secure computer and can change your IP, people can still find you. Browser Fingerprinting is how some agencies have been able to identify people even through Tor or a VPN.

The EFF, or Electronic Frontier Foundation, discovered this a few years ago and has set up a website to demonstrate their findings. Check out the website below, run their fingerprinting test, and see if your online fingerprint is unique to you out of everyone they have tested. I’m guessing it will be.

https://panopticlick.eff.org

It’s “canvas fingerprinting”, which has already found favour with Google, and relies on characteristics of HTML5-capable browsers.

Microsoft is no longer manufacturing the Surface 2 » The Verge

The big unmentioned detail there is that it’s the end of the line for Windows RT, which everyone except for Microsoft had already given up on. Its future looked even bleaker during Microsoft’s Windows 10 announcements last week, with the company saying that the new OS was not coming to the Surface RT or Surface 2, its last remaining Windows RT devices.

The Surface 2 debuted near in the fall of 2013 as a successor to the Surface RT, which received a lukewarm response and ended up costing Microsoft millions in stock that did not sell. It was thinner and lighter than the previous model, and also had a considerably better display, but was still stymied by Windows RT, which did not support traditional Windows programs.

RT’s really dead now, Jim.

Android Wi-Fi Direct vulnerability disclosed » Threatpost

Michael Mimoso:

Google and Core Security are at odds over the severity of a vulnerability affecting a number of Android mobile devices, details of which were released by the security vendor today.

The issue was reported to the Android security team on Sept. 26 and in subsequent communication between the two parties, the severity of the vulnerability was debated, culminating today with Core’s disclosure. Google three times acknowledged Core’s report and request for a timeline on a patch, and each time Google said it did not have one.

The flaw is a remotely exploitable denial-of-service vulnerability in Wi-Fi-Direct, a standard that allows wireless devices to connect directly. The implementation is used not only between Android devices, but also printers, cameras, PCs and more.

So here’s Google not fixing new flaws in Android. Shouldn’t Core Security feel justified in releasing exploit code and full details?

Read on for Google justifying not fixing old code in Android….

Google defends policy that leaves most Android devices unpatched » Computerworld

Remember the WebView weaknesses that had everyone jumping up and down because around 60% of Android devices that hit Google Play (and potentially many more altogether) are vulnerable? Gregg Keizer followed up:

“Until recently, we have also provided backports for the version of WebKit that is used by WebView on Android 4.3 and earlier,” wrote Adrian Ludwig, Android lead security engineer on Google+. “But WebKit alone is over 5 million lines of code and hundreds of developers are adding thousands of new commits every month, so in some instances applying vulnerability patches to a two-plus-year-old branch of WebKit required changes to significant portions of the code and was no longer practical to do safely.”

So it’s too much trouble for Google to fix code that’s over two years old, but it feels justified in publicising security flaws – and exploit code – for Windows and OSX? What’s that Biblical saying about beams and motes?

‘Thunderstrike’ attack also fixed in OS X 10.10.2 » iMore

Rene Ritchie:

“Thunderstrike” is the name for an attack that can target Mac hardware via the Thunderbolt port. Apple had previously updated the Retina 5K iMac and 2014 Mac mini to partially secure them against Thunderstrike. Now, the upcoming OS X Yosemite 10.10.2 will fix the problem for all recent Macs running Yosemite.

Thunderstrike was explained here: it requires physical access or very good social engineering. Good that it’s being fixed for “all recent Macs running Yosemite”; bad that it isn’t going further back. (Is it even possible to fix it further back? Nobody seems to know for sure.)

Why an Apple-featured indie dev abandoned iOS in favor of PC » Gamasutra

Alex Wawro:

what’s more interesting about [Erik] Asmussen’s current project, at least from a developer’s perspective, isn’t so much where it is now as where it isn’t — namely, Apple’s App Store.

Like many developers, Asmussen quit his job a few years ago to dive into mobile development full-time; but despite some significant success with mobile games like PWN: Combat Hacking, Asmussen has decided to devote himself to PC development.

“I finally gave up on iOS after I got a ‘Best New Games’ feature and saw how little revenue that actually brought in,” Asmussen tells me, via email. “The risk/reward profile was just terrible, combined with annoying barriers like having to put all updates through a review process. So I decided to switch to PC. That has proven to be a good decision by any measure.”

Why? Because

his final mobile game, PWN: Combat Hacking, earned roughly $10k in its launch month.

“Which sounds cool, until you consider that it took a year to build and about $3-4K in art,” adds Asmussen. “And that that figure is in the top percentile of indie mobile games. And that it got the biggest app store feature short of the top banner.”

Asmussen laments the fact that mobile game makers often can’t get people into their games until after they’re released, and believes that developing PC games for Steam’s Early Access service is more empowering for small-scale developers.

(Thanks @Jaykannan for the link.)

Apple reports record first quarter results » Apple

The results were fueled by all-time record revenue from iPhone® and Mac® sales as well as record performance of the App Store℠. iPhone unit sales of 74.5m also set a new record.

“We’d like to thank our customers for an incredible quarter, which saw demand for Apple products soar to an all-time high,” said Tim Cook, Apple’s CEO. “Our revenue grew 30 percent over last year to $74.6bn, and the execution by our teams to achieve these results was simply phenomenal.” 

Oh, yeah, this happened. Not quite a record for Mac shipments (that happened in the previous quarter) but those iPhone numbers? That is phenomenal execution, as Cook says. It’s so easily overlooked that there’s no value in all the brand stuff and marketing if you can’t actually deliver product to people. Between Apple and Samsung, that’s about half of the smartphone market sewn up.

Chemists find a way to unboil eggs » Phys Org

Janet Wilson on news that will delight, well, anyone?

Like many researchers, he has struggled to efficiently produce or recycle valuable molecular proteins that have a wide range of applications but which frequently “misfold” into structurally incorrect shapes when they are formed, rendering them useless.

“It’s not so much that we’re interested in processing the eggs; that’s just demonstrating how powerful this process is,” [Gregory] Weiss [professor of chemistry and molecular biology at UCal at Irvine] said. “The real problem is there are lots of cases of gummy proteins that you spend way too much time scraping off your test tubes, and you want some means of recovering that material.”

But older methods are expensive and time-consuming: The equivalent of dialysis at the molecular level must be done for about four days. “The new process takes minutes,” Weiss noted. “It speeds things up by a factor of thousands.”

To re-create a clear protein known as lysozyme once an egg has been boiled, he and his colleagues add a urea substance that chews away at the whites, liquefying the solid material. That’s half the process; at the molecular level, protein bits are still balled up into unusable masses. The scientists then employ a vortex fluid device, a high-powered machine designed by Professor Colin Raston’s laboratory at South Australia’s Flinders University. Shear stress within thin, microfluidic films is applied to those tiny pieces, forcing them back into untangled, proper form.

Unspilling milk next, I hope.

5 reasons why a Google MVNO would fail » FierceWireless

Phil Goldstein enumerates them rather clearly. Summarised, they are:
1) engineering phones and networks is difficult (you can’t get one phone to join both T-Mobile and Sprint in the US as they use GSM and CDMA)
2) Google would need customer service centres and distribution – outside its core competency
3) incumbent carriers spend billions on ads, and have inbuilt advantages
4) the service wouldn’t be differentiated, and what’s the target audience?
5) if it doesn’t get scale, Google might kill it.

His article goes into much more detail. It feels persuasive.