Start up: VR porn!, privacy and the FBI, Baidu’s data grab, why Trump?, and more

A Nissan Leaf charging. But you’d know that if you were to plug its VIN into a public API. Photo by Janitors on Flickr.

Don’t be late! Sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs » Troy Hunt

Someone in one of Hunt’s classes discovered how to find out the battery status of Nissan’s popular electric car – and also turn its air conditioning on or off. For any LEAF. Without authorisation. Via API. From anywhere. And Nissan didn’t listen, and four different groups have discovered it independently:

»Nissan need to fix this. It’s a different class of vulnerability to the Charlie Miller and Chris Valasek Jeep hacking shenanigans of last year, but in both good and bad ways. Good in that it doesn’t impact the driving controls of the vehicle, yet bad in that the ease of gaining access to vehicle controls in this fashion doesn’t get much easier – it’s profoundly trivial. As car manufacturers rush towards joining in on the “internet of things” craze, security cannot be an afterthought nor something we’re told they take seriously after realising that they didn’t take it seriously enough in the first place. Imagine getting it as wrong as Nissan has for something like Volvo’s “digital key” initiative where you unlock your car with your phone.

By pure coincidence, this week Nissan unveiled a revised LEAF at the GSMA Mobile World Congress. Clearly, like many car makers, their future involves a strong push for greater connectivity in their vehicles:

»

In a fully connected, fully mobile world, in-vehicle connectivity is an absolute must for today’s drivers.

«

«

Perhaps not an “absolute must”, actually.
link to this extract

 


I got hacked mid-air while writing an Apple-FBI story » USAToday

Steven Petrow works for USA Today, and was writing and sending emails via Gogo Wi-Fi on a flight to Raleigh, Virginia. On touchdown, the guy in the seat behind him explained that he had hacked him, and “most people on the flight”:

»“That’s how I know you’re interested in the Apple story,” he continued. “Imagine if you had been doing a financial transaction. What if you were making a date to see a whore?” My mind raced: What about my health records? My legal documents? My Facebook messages?

And then the kicker:

“That’s why this story is so important to everyone,” he told me. “It’s about everyone’s privacy.”

Then he headed down the escalator and I headed out the front door. I may have been wearing my jacket, but I felt as exposed as if I’d been stark naked…

…[He then called Alex Abdo, a civil rights lawyer]: who is in actual danger here? The answer, apparently, is pretty much all of us. “Anyone who relies on the security of their devices,” Abdo told me.

It should be up to each of us to decide what to make public, and what to keep private, he continued. For me, I felt as though the stranger on the plane had robbed me of my privacy — as was explicitly his intent. He took the decision of what to share out of my hands. He went in through the back door of the GoGo connection.

«

link to this extract

 


Microsoft has acquired Xamarin » Petri

Brad Sams:

»Xamarin is one of the leading platforms for mobile app development and provides a robust platform that helps developers build mobile apps using C# and deliver fully native mobile app experiences to all major devices, including iOS, Android, and Windows. Seeing as Microsoft is a productivity focused company whose Visual Studio product is used by millions around the globe, this acquisition will fit nicely into their portfolio of products.

With more than 15,000 customers in 120 countries, of which 100 are Fortune 500 firms, Xamarin has become a leader in this space. Companies like Alaska Airlines, Coca-Cola Bottling, Thermo Fisher, Honeywell and JetBlue all use the software to develop their apps.

«

Apparently MSDN devs want to know if they’ll get it for free.
link to this extract

 


Solid support for Apple in iPhone encryption fight: poll » Reuters

Jim Finkle:

»Nearly half of Americans support Apple Inc’s (AAPL.O) decision to oppose a federal court order demanding that it unlock a smartphone used by San Bernardino shooter Rizwan Farook, according to a national online Reuters/Ipsos poll.

Forty-six percent of respondents said they agreed with Apple’s position, 35 percent said they disagreed and 20 percent said they did not know, according to poll results released on Wednesday.

Other questions in the poll showed that a majority of Americans do not want the government to have access to their phone and Internet communications, even if it is done in the name of stopping terror attacks.

«

Wait, I thought half supported the FBI? Oh god I’m so confused. As are the people being asked subtly different questions about the same topic.
link to this extract

 


Apple-FBI fight asks: is code protected as free speech? » Bloomberg Business

Adam Satriano:

»There’s some precedent for arguing that code is protected legal speech. In the 1990s, a graduate student at the University of California at Berkeley wrote an encryption program for his own research that he wanted to make public. Under federal regulations, a coder must get a license to publish cryptography tools, and the government denied the student’s license. In 1999, the U.S. Court of Appeals in San Francisco ruled for the first time that source code was protected as speech, and the student, Dan Bernstein, who is now an instructor at the University of Illinois at Chicago, was allowed to share the code freely.

The case, Bernstein v. U.S. Department of Justice, has been highlighted by those who favor less regulation of the Internet. But judges have also ruled that free speech protections don’t apply to code. Courts have been especially skeptical in cases involving piracy of music and movies.
The law “is murky in this area,” said Michael Froomkin, a law professor at the University of Miami — and that’s why Apple’s case could break new ground.

«

link to this extract

 


I tried VR porn, and I liked it » Ars Technica UK

Sebastian Anthony:

»You will probably be unsurprised to hear that VR porn is awesome. It’s like porn, but better. The porn I was sampling—made by Naughty America—was essentially a standard first-person-perspective film, but with the ability to look around. Unlike some VR experiences that are just two-dimensional 360-degree panoramas, Naughty America’s porn is stereoscopic; stuff actually sticks out, or comes flying at you. You really do want to reach out and touch things.

I watched three different scenes as I sat there in the cafe. In all three of them, “I” (a male actor) was reclining on some kind of sofa, looking down at my muscular physique and giant appendage. In some scenes, other people did things to me—in other scenes, I was much more proactive.

To be honest, it was a bit weird, looking down and seeing someone else’s body. But, after a few minutes of watching, I began to feel a sense of agency; I began to feel that yes, those rippling muscles were mine; I began to feel that it was me being tended to by two other beautiful people.

And of course, just as I was starting to get into it, the demo ended and I found myself back in the real world, being grinned at by a couple of guys from Naughty America. “Pretty cool, eh?”

All I can do is nod. Why did the demo have to end so soon?

Right now Naughty America’s films only allow have a 180-degree field of view, primarily because a standard porn scene doesn’t require anything greater, but also because it’s technologically quite challenging as well. Different varieties of porn—orgies and the like—would require a 360-degree field of view, but it doesn’t seem that Naughty America is working on that just yet.

When I asked Ian Paul, the company’s CIO, about how they actually film the VR scenes, he refused to tell me anything. “I can’t give away anything right now.” Basically, according to Paul, it’s quite hard to shoot a 3D VR film from an actor’s perspective, and lots of porn studios are currently trying to find the optimal setup.

«

You think kids playing video games is a problem now? Wait until this stuff becomes easily available.
link to this extract

 


Trump shatters the Republican Party » Politico

Shane Goldmacher:

»While Cruz has tried to tap into frustrated voters via ideology, Rubio has been far more reticent to amplify the angriest voices, saying repeatedly, “It is not enough to simply nominate someone who is angry.”

In South Carolina last week, when a voter shouted out that Hillary Clinton was a “traitor,” Rubio interjected gently, “I wouldn’t go that far, sir.” And last month, in Iowa, when another voter worried about Islamic sharia law coming to America, Rubio rebutted, “Guys, that’s not going to happen.”

While Rubio dances around the electorate’s resentments, Trump revels in them. On primary night in South Carolina, he tapped into their nationalism as he whacked at Mexico and China. “They’ve taken out jobs, they’ve taken our money, they’ve taken our everything,” he declared.

The crowd cheered wildly. “I showed anger and the people of our country are very angry!” Trump later tweeted about his South Carolina victory.

Perkins, the evangelical leader, described the Trump phenomenon’s lack of ideology this way: “You can’t be fearful and thoughtful at the same time.”

«

I remain fascinated by Trump’s rise (from the relatively safe distance of a few thousand miles of ocean). What I don’t know, and nobody seems to be saying much, is: how does Trump play with the broader electorate? If it’s Trump v Clinton (as seems likely), how does that play out?
link to this extract

 


Huawei Watch: Android Wear burn-in prevention 4K lapse [N5X] » YouTube

»

Quick 4K time lapse of Android Wear burn in prevention on the Huawei Watch. Captured with Framelapse Pro using a Nexus 5X.

«

That moves around quite a bit. Which prompts the thought – how long will always-on screens survive before they’re burnt out? Something to consider with wearables.
link to this extract

 


Announcing Spotify Infrastructure’s Googley future » News

Nicholas Harteau:

»in a business growing quickly in users, markets and features, keeping pace with scaling demands requires ever increasing amounts of focus and effort. Like good, lazy engineers, we occasionally asked ourselves: do we really need to do all this stuff?

For a long time the answer was “yes.” Operating our own data-centers may be a pain, but the core cloud services were not at a level of quality, performance and cost that would make cloud a significantly better option for Spotify in the long run. As they say: better the devil you know…

Recently that balance has shifted. The storage, compute and network services available from cloud providers are as high quality, high performance and low cost as what the traditional approach provides. This makes the move to the cloud a no-brainer for us. Google, in our experience, has an edge here, but it’s a competitive space and we expect the big players to be battling it out for the foreseeable future.

«

Lots of people are interpreting this as the first step to Spotify’s entirely Googley (ie Google-owned) future, and it’s hard not to see this that way.
link to this extract

 


Thousands of apps running Baidu code collect, leak personal data: research » Reuters

Jeremy Wagstaff and Paul Carsten:

»Thousands of apps running code built by Chinese Internet giant Baidu have collected and transmitted users’ personal information to the company, much of it easily intercepted, researchers say.

The apps have been downloaded hundreds of millions of times.

The researchers at Canada-based Citizen Lab said they found the problems in an Android software development kit developed by Baidu. These affected Baidu’s mobile browser and apps developed by Baidu and other firms using the same kit. Baidu’s Windows browser was also affected, they said.

The same researchers last year highlighted similar problems with unsecured personal data in Alibaba’s UC Browser, another mobile browser widely used in the world’s biggest Internet market.

Alibaba fixed those vulnerabilities, and Baidu told Reuters it would be fixing the encryption holes in its kits, but would still collect data for commercial use, some of which it said it shares with third parties. Baidu said it “only provides what data is lawfully requested by duly constituted law enforcement agencies.”…

…”It’s either shoddy design or it’s surveillance by design,” said Citizen Lab director Ron Deibert.

«

Tricky choice.
link to this extract

 


Errata, corrigenda and ai no corrida: yesterday’s web page headline briefly said that it was Acer’s routers, not Asus’s, which had been found to be full of holes by the FTC. This was wrong.

Start up: porn’s new business model, the real emissions scam, Jamaica’s 419 scammers, and more


What’s really using up the energy in your phone’s battery? Photo by Takashi(aes256) on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

The Emissionary Position: screwing the motorist the European way » The Register

John Wilkinson with a tour de force on the entire topic of emissions, testing, ECUs, specific heat capacity, diesel taxation, and whether you should buy a secondhand VW. It’s a long read, but will leave you feeling completely informed:

Emission cheating is not new. Caterpillar, Cummins and others were busted in 1998 for doing exactly what VW has now done – and there have been many more offenders before and since. Why has nothing learned from such instances? How is it the US emissions testing authorities appear to have done nothing for all this time to circumvent cheating?

VW is, of course German, whereas the regulations it has failed to meet are American. Years of cheap gasoline means America does not have a history of running small diesel passenger cars, and they do not form a high percentage of the fleet; nothing like the penetration in Europe.

American cars are historically less fuel efficient than European cars. So why are the American diesel emission regulations so much more stringent than the European equivalent? Could it be protectionism … or, perhaps, the European regulations are rubbish?

link to this extract


Four more carmakers join diesel emissions row » The Guardian

Damian Carrington:

In more realistic on-road tests, some Honda models emitted six times the regulatory limit of NOx pollution while some unnamed 4×4 models had 20 times the NOx limit coming out of their exhaust pipes.

“The issue is a systemic one” across the industry, said Nick Molden, whose company Emissions Analytics tested the cars. The Guardian revealed last week that diesel cars from Renault, Nissan, Hyundai, Citroen, Fiat, Volvo and Jeep all pumped out significantly more NOx in more realistic driving conditions. NOx pollution is at illegal levels in many parts of the UK and is believed to have caused many thousands of premature deaths and billions of pounds in health costs.

All the diesel cars passed the EU’s official lab-based regulatory test (called NEDC), but the test has failed to cut air pollution as governments intended because carmakers designed vehicles that perform better in the lab than on the road. There is no evidence of illegal activity, such as the “defeat devices” used by Volkswagen.

link to this extract


Satya Nadella and Microsoft’s very good day » The New Yorker

Nicholas Thompson (who edits the New Yorker website):

Much of the energy in the hardware business has been directed toward phones in recent years. But Microsoft’s strategy is sort of the opposite. The company will never catch up to Apple or to Google’s Android, where phones are concerned, at least in the developed world. So now it’s trying to make all the other devices—namely tablets and laptops—exciting again. You probably won’t buy your next laptop from Microsoft, but the company hopes to have demonstrated to other laptop manufacturers, particularly ones that preload Windows, how to make their devices exciting again. “Here’s my main point that I filter by,” Nadella told me. “Does the world need something like it and does it need it from Microsoft?” With the new laptop, he said, Microsoft was willing to take the risk of spending wildly on R. & D. to show that laptops could be exciting again—perhaps as exciting as phones.

After the event, I wrote to [Mike] Gerbasio [a consultant to construction companies who had been invited to see the event by Microsoft] to ask him if he was, in fact, going to buy anything. He told me that he’d pre-ordered the Surface Pro 4, but was thinking of maybe switching to the laptop. Either way, he said, he was happy with Nadella and the new Microsoft. For the first time, he thinks, the company genuinely cares what he, a normal consumer, actually wants.

link to this extract


Driven to death by phone scammers » CNN.com

Wayne Drash with an in-depth report (though mute the video) about what Britons would call the 419 or “forward fee” scam – where callers say you’ve won tons of money but have to send them money to get it released:

More than 200 Jamaicans a year are killed in connection with lottery scams — a fifth of the killings in the island nation, which has the dubious distinction of being among the most violent countries per capita in the world.

Scammers who sell names and numbers to callers expect a cut of their profits; if they find out they’re being cheated, they’ll hunt down and kill the caller or a member of his family. Other killings occur when rival gang members steal caller lists.

“It’s a cancer in the society,” says Luis Moreno, the U.S ambassador to Jamaica. “Gangs escalate armed competition with each other over who is going to control these lists and who is going to get the best scammers, the best phone numbers, the best phone guys. Even children as young as 10, 12 years old are tied in as couriers.”

In June, a 14-year-old was dragged out of his home and machine-gunned by gang members connected to the scams. The same fate befell a 62-year-old grandmother in July. Two American women were wounded in August at a nightclub when a gang member opened fire on a rival who owed him money. The rival was killed.

“These gangs are often indiscriminate,” says Bunting, the national security minister. “When they come looking for their target, if they don’t find him, they will shoot members of his family to essentially send a message.”

The average Jamaican makes about $300 a month. The top lottery scammers boast of bringing in $100,000 a week. They share videos of washing cars with champagne and show off by setting fire to thousands of dollars in cash…

Lottery scamming sprang up between 1998 and 1999 when legitimate American and Canadian call centers set up operations in Montego Bay. Young Jamaicans were trained on how to empathize with customers.

No one could have known how those skills would result in today’s flourishing scam business.

Unintended consequences, indeed. Just as Indian PC scam calls arose from British companies setting up call centres there.
link to this extract


On Apple’s insurmountable platform advantage » steve cheney

Cheney says it’s all about the chips:

The truth is the best people in chip design no longer want to work at Intel or Qualcomm. They want to work at Apple. I have plenty of friends in the Valley who affirm this. Sure Apple products are cooler. But Apple has also surpassed Intel in performance. This is insane. A device company – which makes CPUs for internal use – surpassing Intel, the world’s largest chip maker which practically invented the CPU and has thousands of customers.

This pedigree that Apple developed now has a secondary powerful force: portable devices serve as the reference platform whereby all chip design starts. Components from the smartphone market now power almost all other markets, giving Apple’s in-house team a comparative advantage as they enter new product categories, like wearables and electric cars.

All of this supplier / buyer power that Apple has secured will be extended to cars. And because cars are lower volume by many orders of magnitude than phones, no other car maker will be able to enter the chip making game. Both the costs and the risks of designing chips are way too high. Tesla sells around 100K cars a year. Apple sold that many iPhones every 30 minutes on opening day weekend.

link to this extract


How MindGeek transformed the economics of porn » Fusion

Felix Salmon:

Porn videos, today, have become free advertising for other business lines—whether that’s camming, or stripping, or outright prostitution. Even in the world of escorting, tube videos are increasingly replacing the photographs of old. As a result, it can make financial sense to appear in porn films even if you get paid very little for doing so, because developing an online following is a great way to build a fan base. And that is where today’s porn stars earn most of their money: fans will pay to see stars like Veronica Rodriguez in a strip club, or for one-on-one Skype sessions, or for IRL sex. It’s the “freemium” business model: most people will be perfectly happy with the free product, but a small minority will pay for more exclusive services.

Meanwhile, the cost of appearing in a porn film—both in terms of production costs and in terms of reputation—has never been lower. We live in a world where young adults are freer than ever to explore and express their sexuality, and where everybody has a high-def video camera in their pocket at all times. The shame factor of porn has been nearly eliminated in popular culture: just ask Kim Kardashian, whose sex tape essentially launched her career.

On the basis that the porn industry presages everything else that happens online..
link to this extract


See the Milky Way anew » Chromoscope

The Milky Way, viewed at different light frequencies – from gamma ray to radio. It looks very different depending on how your eyes work, as you quickly realise. Fun (though possibly not so much on mobile)
link to this extract


Smartphone energy consumption » Pete Warden’s blog

Pete Warden:

I found a lot of very useful estimates for components power usages scattered through the book. These are just rough guides, but they helped my mental modeling, so here are some I found notable:

An ARM A9 CPU can use between 500 and 2,000 mW.
• A display might use 400 mW.
• Active cell radio might use 800 mW.
• Bluetooth might use 100 mW.
• Accelerometer is 21 mW.
• Gyroscope is 130 mW.
• Microphone is 101 mW.
• GPS is 176 mW.
• Using the camera in ‘viewfinder’ mode, focusing and looking at a picture preview, might use 1,000 mW.
• Actually recording video might take another 200 to 1,000 mW on top of that.

A key problem for wireless network communication is the ‘tail energy’ used to keep the radio active after the last communication, even when nothing’s being sent. This is vital for responsiveness, but it can be ten seconds for LTE, so apparently short communications can use a lot more energy than you’d expect. Sending a single byte can use a massive amount of power if it keeps the radio active for ten seconds after!

A Microsoft paper showed that over 50% of the power on several popular games is consumed by the ads they show!

The whole blogpost is really great reading. (Warden used to work at Apple, and then was CTO at Jetpac and did some amazing work on neural network apps; so good that Google bought the company.)
link to this extract


It’s Apple’s world, so why do other smartphone makers even bother? » Bloomberg Business

Ashlee Vance:

Some struggling phone makers likely believe they can profit by selling tons of cheap phones at low margins, says Endpoint’s Kay, while companies like Microsoft and Sony will stay in the business to spread their software as far as possible.

Even Apple may not be immune to these trends. About 2 billion people have smartphones today, and another 150 million to 200 million will buy their first in each of the next three years, estimates researcher EMarketer. Most first-time buyers will be looking for high-powered phones at the lowest possible prices, and every company will have to reckon with that race to the bottom, says McMaster. The companies likely to thrive will be local players that can build money-making services on top of their cheap phones. “We will see sub-$35 devices roll out in sub-Saharan Africa in the next two years,” he says. “It’s just a matter of time.”

The question of how Apple will keep its prices up as every other smartphone maker sees price deflation is a critical one.
link to this extract


PC shipments remain depressed by volatile currencies, inventory, and OS transition in the third quarter, although 2016 should fare better » IDC

Worldwide PC shipments totaled nearly 71.0m units in the third quarter of 2015 (3Q15), according to the International Data Corporation (IDC) Worldwide Quarterly PC Tracker. This volume represented a year-on-year decline of -10.8% – slightly worse than projections for a decline of -9.2%.

The lackluster volume of PC shipments was consistent with expectations that the third quarter would face challenging financial conditions and be a transition period. Across many regions, the channel remained focused on clearing Windows 8 inventory before a more complete portfolio of models incorporating Windows 10 and Intel Skylake processors comes on the scene. Vendors and channels were also working to limit price swings in the face of changes in currency exchange rates. Though easing a bit, currency devaluation continued to inhibit PC shipments in the third quarter.

While Windows 10 has generally received favorable reviews and raised consumer interest in PCs, many users opted to upgrade existing PCs rather than purchase new hardware…

…the top four vendors performed much better than the rest of the market. Collectively, the top 4 vendors saw shipments fall by -4.5% from a year ago compared to a decline of almost -20% for the rest of the market.

2016 could hardly do worse. PC market now down 26% from the same period in 2011, when it peaked.
link to this extract