Start up: Apple’s hacker flaw, Downing St’s FOI oddity, machines that parse art, and more

Posted on June 18, 2015 by charlesarthur

“You mean all we need to do to defeat him is adopt HTML5? Why didn’t you say?” Photo by Tom Simpson on Flickr.

A selection of 8 links for you. Uninflammable. I’m charlesarthur on Twitter. Observations and links welcome.

Encryption “would not have helped” at OPM, says DHS official » Ars Technica

Sean Gallagher:

pressed on why systems had not been protected with encryption prior to the recent discovery of an intrusion that gave attackers access to sensitive data on millions of government employees and government contractors, [US Office of Personnel Management Katherine Archuleta] said, “It is not feasible to implement on networks that are too old.” She added that the agency is now working to encrypt data within its networks.

But even if the systems had been encrypted, it likely wouldn’t have mattered. Department of Homeland Security Assistant Secretary for Cybersecurity Dr. Andy Ozment testified that encryption would “not have helped in this case” because the attackers had gained valid user credentials to the systems that they attacked—likely through social engineering. And because of the lack of multifactor authentication on these systems, the attackers would have been able to use those credentials at will to access systems from within and potentially even from outside the network…

…nearly every question of substance about the breach—which systems were affected, how many individuals’ data was exposed, what type of data was accessed, and the potential security implications of that data—was deferred by Archuleta on the grounds that the information was classified. What wasn’t classified was OPM’s horrible track record on security, which dates back at least to the George W. Bush administration—if not further.

Serious OS X and iOS flaws let hackers steal keychain, 1Password contents » Ars Technica

Dan Goodin:

The malicious proof-of-concept apps were approved by the Apple Store, which requires all qualifying submissions to treat every other app as untrusted. Despite the supposed vetting by Apple engineers, the researchers’ apps were able to bypass sandboxing protections that are supposed to prevent one app from accessing the credentials, contacts, and other resources belonging to another app. Like Linux, Android, Windows, and most other mainstream OSes, OS X and iOS strictly limit app access for the purpose of protecting them against malware. The success of the researchers’ cross-app resource access—or XARA—attacks, raises troubling doubts about those assurances on the widely used Apple platforms.

“The consequences are dire,” they wrote in a research paper titled Unauthorized Cross-App Resource Access on MAC OS X and iOS. “For example, on the latest Mac OS X 10.10.3, our sandboxed app successfully retrieved from the system’s keychain the passwords and secret tokens of iCloud, email and all kinds of social networks stored there by the system app Internet Accounts, and bank and Gmail passwords from Google Chrome.”…

…It’s not the first time researchers have found flaws in application sandboxes. The attack exploiting WebSocket weaknesses, for instance, can also succeed in Windows under certain conditions, the researchers said. Interestingly, they said application sandboxing in Google’s Android OS was much better at withstanding XARA threats.

For the time being, the researchers told Ars, there isn’t much end users can do except wait for Apple to fix the vulnerabilities.

Bad (though not deluge-of-malware bad; instead it’s sneaky-Trojan bad). Apple was told about this in October 2014. The best hope is that this is fixed in OS X 10.11 and iOS 9, but there’s no clear indication of how hard it is to fix.

Freedom of information turns into Mission Impossible for Downing St emails » FT.com

Jim Pickard and Kiran Stacey:

Emails sent from computers in Downing Street are automatically deleted within three months under a system that makes it harder for the public to obtain answers to “freedom of information” requests, former staff have disclosed.

The system, instigated a decade ago but not widely known about, means that messages are only held beyond that period if an individual saves them. It is widely blamed by government advisers for what one former employee called a sometimes “dysfunctional” operation at the heart of Whitehall.

The email system was introduced under the Labour government in late 2004, just weeks before January 2005 when the Freedom of Information Act belatedly came into force.

“The timing of this very strongly indicates that it was not a coincidence,” said Maurice Frankel, director of the UK Campaign for Freedom of Information.

Gee, ya think?

China and Russia almost definitely have the Snowden docs » WIRED

Bruce Schneier (who is a veritable security expert; if he says it, it’s true):

The vulnerability is not Snowden; it’s everyone who has access to the files.

First, the journalists working with the documents. I’ve handled some of the Snowden documents myself, and even though I’m a paranoid cryptographer, I know how difficult it is to maintain perfect security. It’s been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it’s almost certainly not enough to keep out the world’s intelligence services…

…In general, it’s far easier to attack a network than it is to defend the same network. This isn’t a statement about willpower or budget; it’s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game.

Even airgapped, never-connected computers can be attacked (don’t ask me how). The Guardian took extraordinary pains with its London copy: two people needed to enter passwords, at least two people needed to be present when documents were read, the computers used had never been online and had no connection.

But a simpler thought is this: if Snowden was one of 10,000 or so NSA staff with access to that data (and more in the UK), what are the chances that absolutely none of those has somehow been coerced or willingly turned over data to foreign powers? Pretty much zero.

Flash will soon be obsolete: it’s time for agencies to adapt » Advertising Age

David Evans on the fact that major browsers on desktop are hurrying to dump Flash:

If this sounds like a big problem to you, you’re absolutely right. If the major browsers were to disable Flash immediately, we could be looking at a scenario where roughly 84% of banners across the internet would not be viewable on desktop browsers. Rather than clicking on a visually dynamic, animated ad created to capture attention with movement and video, users would instead see a static banner in place of the intended ad, and most advertising creatives don’t pay much attention to the creation of static backups.

For advertisers, this could mean shelling out first-class money for economy-class impressions.
Though it might be painful to admit for an industry that has relied on Flash for over a decade, the right choice is to start creating desktop ads in the HTML5 language used to create ads for mobile.

This is a bit obvious to anyone who’s been paying attention for the past three years (minimum), but perhaps advertising has been looking somewhere else.

Market Monitor Q1 2015: LATAM smartphones grow 25% annually » Counterpoint Technology

Tina Lu:

LATAM is third, behind North America and Europe in the global ranking of smartphone shipment penetration.

• Except for Peru, majority of the key LATAM markets are seeing a significantly higher smartphone demand, with shipment penetration of total handsets between 77% and 99%.

• Overall feature phone demand has been declining, and so has been the overall scale and profitability of manufacturing and selling them. As a result, in countries like Argentina, due to government protectionist measures and import restrictions, vendors are manufacturing and selling only the more profitable smartphones. This has led to smartphone shipment penetration of sales to reach 99%; the highest in the region.

Here’s the shipment figure: Latam smartphone shipments Q1 2015

If you do the maths, on a 25% yoy growth both Samsung’s and LG’s shipments actually fell; Apple’s more than doubled. Alcatel and “Others” both grew faster than the market.

Apple’s Siri, Spotlight extend Google-like search inside iOS 9 apps, without tracking users » Apple Insider

Daniel Eran Dilger:

Because Apple is indexing in-app content for its search results, it can more easily suppress “Search Engine Optimization” malicious content or link spamming, as relevancy is tied to user engagement. If few users find a search result worthwhile, it can fade from relevance.

Many of the new search-related features Apple debuted for iOS 9 and OS X El Capitan bear a strong resemblance to some of predictive search features first introduced by Google starting back in 2012 as part of Android 4.1, branded as “Google Now.”

Since then, Google has introduced “app indexing,” a related feature designed to make the company’s web-style search more relevant to mobile users by delivering results that can open within local apps. For example, a recipe might open within a cookbook app, rather than just presenting the same information on a web page or dumping users into the app to find the recipe on their own.

The most profound difference between the two companies’ approach to in-app search is that Apple does not monetize its search with ads, and therefore has no need to capture and store users’ data and behaviors for future profiling, tied to a persistent user and device identifier that individuals can’t easily remove.

Apple is perhaps two years behind Google on this – but most people are using a version of Android that is at least two years old (87% are using 4.4, KitKat, from November 2013, or earlier). Which means that by November or so, Apple will roughly have parity on this feature.

Machine vision algorithm chooses the most creative paintings in history » MIT Technology Review

The job of distinguishing the most creative from the others falls to art historians. And it is no easy task. It requires, at the very least, an encyclopedic knowledge of the history of art. The historian must then spot novel features and be able to recognize similar features in future paintings to determine their influence.

Those are tricky tasks for a human and until recently, it would have been unimaginable that a computer could take them on. But today that changes thanks to the work of Ahmed Elgammal and Babak Saleh at Rutgers University in New Jersey, who say they have a machine that can do just this.

They’ve put it to work on a database of some 62,000 pictures of fine art paintings to determine those that are the most creative in history. The results provide a new way to explore the history of art and the role that creativity has played in it.

Can’t be long before someone puts a human art historian up against the machine to see who spots the fake. (By the way, there was no byline I could find on the story. Maybe a robot wrote it.)

Start up: Grexit to bitcoin?, Google’s antitrust deadline, Merkel’s suspect PC, Samsung security hole and more

Posted on June 17, 2015 by charlesarthur

Stockpiled – a bit like HTC’s unsold phones. Photo by .dh on Flickr.

A selection of 7 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Bitcoin surges as Grexit worries mount, posts best run in 18 months » Reuters

Jemima Kelly:

Joshua Scigala, co-founder of Vaultoro.com, a firm that holds bitcoin for its customers and allows them to exchange it for gold and vice versa, said that Greeks were buying the currency as their trust in the authorities waned. It is also unclear what currency would be used if a Grexit does occur — another potential factor driving Greek demand for bitcoin.

“Some people aren’t waiting for the government to figure out an exit plan and are doing it for themselves,” said Scigala.

“You have people worrying about their families’ wealth or their life savings, and worrying that their money might be locked up in banks … They’d rather hold money in a private asset like gold or bitcoin.”

Scigala said over the past two months, with Greece locked in talks with its creditors, the company had seen a 124% pick-up in inflows from Greek IP addresses – numerical labels that identify computers and other internet-enabled devices.

124% = doubling. Which doesn’t amount to much, really, unless Greece was already a lot of business. Here’s the problem with this story. To buy bitcoin, you have to sell the euros to someone. If Greeks are withdrawing their euros from banks, why not hold on to those euros instead of buying bitcoin with them? Do they really think a post-Grexit euro will be worth less, rather than more? I’d bet on the latter.

There may be some Greek euros moving into bitcoin, which is moving bitcoin – but that only indicates that bitcoin has low liquidity, and so small amounts of money can move the value easily. Or else it’s something else altogether causing it.

Critics due to get EU’s Google antitrust charge sheet this week: sources » Reuters

Foo Yun Chee:

Microsoft, German publisher Axel Springer and 17 other critics of Google are expected to get a copy of the EU’s antitrust charge sheet against the search engine giant this week in order to allow them to provide feedback, four people familiar with the matter said on Tuesday.

The 19 companies, which include U.S. online travel site Expedia, U.S. consumer reviews website Yelp, online mapping service Hot-map and British price comparison site Foundem, helped triggered the European Commission’s case against Google nearly five years ago…

…Google has until July 7 to respond to the accusations. This can be extended on request. It can also seek a closed-door hearing to argue its case before a broad audience of antitrust officials and the critics.

The complainants were told on Monday to sign confidentiality waivers not to disclose the so-called statement of objections to journalists or public affairs consultants before they could get a copy of the redacted document, according to a Commission letter seen by Reuters.

The critics were told to restrict the charge sheet to their lawyers and economists.

Leaks in 3,2,1… And there’s Andrew Orlowski’s writeup of the Foundem examination into Google’s “search for harm” blogpost.

One tiny number can reveal big problems at a global smartphone maker » Bloomberg Business

Tim Culpan:

Tucked away in a corporate earnings report—past the data on profit margins and revenue growth, hidden deep inside a balance sheet—is a number that can tell you a lot about a mobile phone maker’s health. In the global smartphone war, brands are routinely measured by market share, revenue, profit, and the coolness of their ads. But one line item called finished goods inventory, which refers to the percentage of materials that were manufactured into phones but went unsold, can give insight into whether a company’s fortunes are changing.

The latest company to let phones pile up in warehouses and on store shelves is HTC. The Taiwanese company’s stock just fell to its lowest point in a decade after lowering its sales forecast on June 5 and announcing a NT$2.9 billion ($93 million) writedown, though it’s recovered some of that loss amid speculation the decline could make it a buyout target. HTC’s finished goods inventory had climbed to a record high 2.35% of total assets at the end of last quarter. During the company’s heyday, that figure rarely nudged above 1%.

Culpan has done a neat job, building on what I pointed out last week about HTC’s broader inventory numbers. Relating inventory to total assets is an effective way to look at it; here’s the graph.

HTC inventory as percent of assets
So now it’s higher than ever before. Finished goods inventory is going to be one of the first numbers people look at when the Q2 figures are published (in late July, probably).

Merkel’s PC was the first one infected in the Bundestag hack »Security Affairs

I have written many posts regarding a recent attack against the German Bundestag with caused a major data breach.

We discussed the possibility that the cyber attack against the German Parliament was coordinated by Russian state-sponsored hackers that spread a highly sophisticated malware inside the network of the Bundestag.

The consequence of the data breach could be serious for the German Government, German media states that Bundestag may need to replace 20,000 computers after the intrusion, an operation that could cost millions of euros.

New revelations in the investigation confirms that the cyber attack on the German Bundestag began with the compromise of Chancellor Angela Merkel’s personal computer.

Her phone by the NSA, her computer by Russia…

Flaw lingers in Samsung phones, illustrating hacking risk » WSJ

Danny Yadron:

Last fall, researchers at cybersecurity firm NowSecure found a bug in most Samsung smartphones that could allow hackers to spy on users.

In March, Samsung told NowSecure it had sent a fix to wireless carriers that they could distribute to users. It asked NowSecure to wait three months before going public.

Last week, the researchers bought two new Samsung Galaxy S6’s from Verizon Wireless and Sprint. They found both were still vulnerable to the security hole, which involves how the phone accepts data when updating keyboard software.

NowSecure CEO Andrew Hoog shared his version of events with The Wall Street Journal as his company prepared to release its research Tuesday. The story helps illuminate why hacking is so hard to stamp out.

That’s particularly true in smartphones, with its diffuse system of device makers, software programmers and network operators. Things likely are only to get worse as Americans connect their thermostats, door locks and cars to the Internet and face the need to update their software…

…Welton found he could hijack the process of updating one of the virtual keyboards Samsung installs on many Android smartphones. From there, he could eavesdrop on phone conversations, rummage through text messages and contacts, or turn on the microphone to capture audio.

That was possible, Hoog said, because Samsung didn’t encrypt the update process.

It’s the IOT vulnerability that’s the real worry here, much more than which make of phone is involved. Except that Samsung asked NowSecure for a year to fix the bug – a month after it was told about it. And what does this mean for Google’s “we find a bug and we publicise it in 90 days” stance?

Nokia faces lengthy arbitration over LG patent royalty payments » Reuters

Jussi Rosendahl:

Nokia said the arbitration with LG is expected to conclude within two years. Shares in Nokia rose 1.4 percent by 1204 GMT (8.04 a.m ET).

“This is becoming a more and more common model. The companies won’t go to the court but instead let an independent party decide,” said Nordea analyst Sami Sarkamies.

He estimated that the Samsung deal, expected to conclude later this year, could eventually mean Nokia receives 100-200 million euros of additional royalty payments annually, on top of retroactive payments.

Seems to be related to 4G patents; Nokia signed a similar deal with Samsung a while back. For LG, means that profitability in the smartphone side becomes that little bit more elusive – especially after the back payment.

Apple News curation will have human editors and that will raise important questions » 9to5Mac

Jordan Kahn:

Techmeme‘s founder Gabe Rivera gave us the hard truth on why being an algorithm-based service like Google News doesn’t make sense for the Apple News app saying, “All news aggregators intended for the mass market need editors, so this makes sense for Apple.” But the flip side of Apple’s human-based curation is that without a separation of editorial and the business, there will undoubtedly be conflicts of interest. Rivera points out that “…as the world’s most valuable corporation, they can’t and shouldn’t be trusted to present well-rounded coverage on many important topics.” Rivera continues, “But most readers won’t care about that.”

Apple doesn’t want this to be an algorithm thing, because (a) algorithms might not pull outré-yet-fascinating stuff to the surface (b) if some story that were grisly/violent/sexual – pick the topic you think Americans in particular would react in horror to – popped up, Apple would of course get the blame. Apple hates that.

So it wants humans on hand to stop the Bad Stuff that will Offend People finding its way into the app. But that immediately raises the question: what will it define as Bad Stuff? Are Mark Gurman’s well-sourced leaks of Apple plans Bad Stuff? Is vicious criticism of Apple?

I suspect people are overplaying this; Apple is really wary of consumer backlashes over pr0n. Look at how Facebook struggles with the same topic, and the issue of content posted by millions of people which some find offensive and others really don’t.

No simple answer, but Apple may not have realised it was putting itself in the position of a publisher.

Start up: thin those CDs!, U2’s many listeners, IT price hikes coming?, YouTube’s zero profit, and more

Posted on February 27, 2015 by charlesarthur

These guys just get everywhere. Photo by Dunechaser on Flickr.

A selection of 9 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Kantar data on free U2 album consumption by Apple device users » Kantar

Annoyed as some Apple customers may have been over being “force-fed” U2’s new album last fall, the impact of the free release is still visible five months later: 23% of all music users on Apple’s operating system listened to at least one U2 track in January-more than twice the percentage who listened to the second-placing artist, Taylor Swift (11%).

Quite a few of those who complained to me about the U2 album weren’t iTunes users at all. This seems to back up the suspicion that a lot of this noise was just commentariat chatter. (Link via Neil Cybart.)

MELTDOWN: Samsung, Sony not-so-smart TVs go titsup for TWO days » The Register

Shaun Nichols:

Samsung smart TVs have been turned into dumb goggle boxes for the past two days – after the devices have been unable use the internet. Coincidently, Sony smart TVs are also having troubles using the web.

A Samsung spokesperson told The Register it is investigating reports that some of its web-connected tellies and Blu-Ray players are unable to stream video from YouTube, iPlayer, Netflix and other sites. The issue appears to affect Samsung D and E series TVs worldwide.

The televisions’ Smart Hub software, which helps people find stuff to watch and apps to use, is refusing to work – in fact, any software on the sets that tries to use the internet just simply won’t work, Reg readers have told us.

Problem seems to be DNS-related – the IP address at the far end has moved and the TVs can’t figure out how to find it. A dress rehearsal for the Internet Of Broken Things.

EFF unearths evidence of possible Superfish-style attacks in the wild » Ars Technica

Dan Goodin:

It’s starting to look like Superfish and other software containing the same HTTPS-breaking code library may have posed more than a merely theoretical danger to Internet users. For the first time, researchers have uncovered evidence suggesting the critical weakness may have been exploited against real people visiting real sites, including Gmail, Amazon, eBay, Twitter, and Gpg4Win.org, to name just a few.

I wonder how much feverish activity there is in other PC OEM headquarters as they check all their third-party install apps and contracts.

YouTube: 1 billion viewers, no profit » WSJ

Rolfe Winkler, with one of the tightest, hardest-hitting intros [ledes, for American readers] you’ll see this week:

Google nurtured YouTube into a cultural phenomenon, attracting more than one billion users each month. Still, YouTube hasn’t become a profitable business.

The online-video unit posted revenue of about $4bn in 2014, up from $3bn a year earlier, according to two people familiar with its financials, as advertiser-friendly moves enticed some big brands to spend more. But while YouTube accounted for about 6% of Google’s overall sales last year, it didn’t contribute to earnings. After paying for content, and the equipment to deliver speedy videos, YouTube’s bottom line is “roughly break-even,” according to a person with knowledge of the figure.

By comparison, Facebook Inc. generated more than $12bn in revenue, and nearly $3bn in profit, from its 1.3 billion users last year.

Google would like people to turn to YouTube as though it were TV. To which an analyst retorts that “there’s a lot of junk” and that it needs investment to get TV ad budgets. That’s been tried before, though.

Also, just 9% of viewers account for 85% of page views. It’s the “whale” model used by games like Candy Clash – not the “many watching a bit all the time” of TV.

Why I’m saying goodbye to Apple, Google and Microsoft » Medium

Dan Gillmor has renounced Those Three and is using Linux and a phone running CyanogenMod:

The tools I use now are, to the extent possible, based on community values, not corporate ones.

I’m not acting on some paranoid fantasies here. I’m emulating, in the tech sphere, some of the principles that have led so many people to adopt “slow food” or vegetarian lifestyles, or to minimize their carbon footprint, or to do business only with socially responsible companies.

Nor do I intend to preach. But if I can persuade even a few of you to join me, even in some small ways, I’ll be thrilled.

I know and like Dan, though one has to pause a bit: the PC is a Lenovo (made in China, home of a not-at-all oppressive government). He doesn’t specify who made the handset. I fear his quest is quixotic; even Taiwan-owned companies manufacture in China. So is China’s government better or worse than Google, Microsoft or Apple?

Exclusive: Sundar Pichai on Google’s vision, mobile revenue, Apple and China » Forbes

Miguel Helft tries hard, but this is largely a snoozer because people like Pichai provide answers that are so vague and distant – and won’t give a hard statistic for anything. This seems a relevant point, though:

Q: Messaging outside of email has become huge, as proven by things like WhatsApp, Snapchat and Facebook Messenger. Does Google need a play there to be competitive?

A: We think about it at two levels. We build platforms. We don’t expect Google as a first party service to provide all the answers. Part of the reason a platform is successful is because there are very very important things from other companies and other developers on top of the platform. Things like WhatsApp are a great example of success that others have had on Android, which we see as welcome innovation on the platform. It’s great for users, it’s great for our platform and I think it’s a virtuous cycle. In the aggregate, we also care about building great services for people. At that level, we view communications as an important area. But that doesn’t mean the answer is always a vertical service. We do have products like Hangouts which we will invest in and evolve. But we also care about the platform in these areas, how we evolve the platform so we support others to do these innovations as well. It’s a more nuanced answer. It’s a more complicated approach. I think we are comfortable with where we are.

Also covers Google+, Android, and China. Doesn’t have a truly interesting insight on any of them; you have to work it out from what isn’t said (he doesn’t emote about Android at Home; won’t talk about how enterprise is going).

Of course various blogs have filleted it for comments about Apple, but that’s a snooze too.

Weak euro puts pressure on hardware pricing » InCONTEXT

Marie-Christine Pygott is senior analyst at the research company:

Towards the end of January, the euro hit a new low against the US dollar. Having lost 11% of its value between July and the end of December last year, the Eurozone currency was down by another 6.8% against the US dollar in January after the new year opened with a series of events that led to increased pressure on the currency.

For the large, non-European IT manufacturers, this has been bad news; where components are sourced in US dollars and revenues generated in euros, the devaluation has meant a significant increase in production costs and a strain on margins. Our distributor pricing data shows a 7% rise in the euro cost of components in the few months between July and December last year, despite a small decline in dollar terms. While prices did not go up to the same extent in real life, it is only a question of time before pricing shifts will show in our Channel data.

And show, it will. It is clear that IT vendors cannot just simply absorb the recent rise in costs.

List prices are already rising for PCs, it seems. That’s going to be a problem. Will smartphones be affected too?

High End Produkte und feinmechanische Geräte » Audiodesksysteme Gläß

The tuning of a CD with the CD Sound Improver is incredibly easy and takes barely a minute. The tungsten carbide blade is automatically set at the right angle during manufacture of the unit. A test CD is included in the delivery package. All following CDs are bevelled under exactly the same conditions. Shavings are removed via the vacuum cleaner link.

Shavings! It’s trimming your CD!

Starting out on Android » iA Writer team

iA Writer (it’s a writing app) has been ported to Android, which was a learning experience for the team who’d previously written for iOS:

The core APIs offered by the Android SDK have proven to be very stable. Lollipop is at its core a completely new OS with a new VM philosophy, but when we updated our first device, the app just continued to work. That’s an amazing feat. Whenever the iOS people took a break from laughing at the stack of test devices, they were toiling away updating their app to work with one iOS upgrade after the other.

Whatever madness has flown into the Android core APIs, it’s there to stay. That can be seen as the reverse side of the coin. Hanging indents are not rendered correctly? Yep, since 2011 — it’s a feature by now. Want to handle a text larger than a few 1000 characters? Sorry, the guy who wrote the SpannableString Builder class is now enjoying early retirement in Malibu. The Android APIs are stable, but sometimes we’d have wished them to be less stubborn.

Via Russell Ivanovic, who cites this as evidence that (in his words) 2015 will be the year of Android. However, this doesn’t show anyone going Android-first; quite the opposite. It’s more that, having wrung the market pretty much dry on iOS and the Mac, they’re now targeting the Android market, which must have a high end who will want to use this.

It’ll be interesting to follow up with iA and see how sales/installs/piracy goes on Android and compares to iOS.

Start up: another Lenovo preinstall, abandoning GPG, video game breasts (yup), the watch business, and more

Posted on February 26, 2015 by charlesarthur

Bank of England: visualise this. Photo by Michael Sissons on Flickr.

A selection of 9 links for you. Yes, you. I’m charlesarthur on Twitter. Observations and links welcome.

August 2013: renegade Windows App Store Pokki lands Lenovo as its latest OEM partner, will preload on its PCs » TechCrunch

Alex Wilhelm, in August 2013:

After securing Acer as its first major OEM deal, Pokki, an alternative Windows application marketplace and Start Button replacement, today secured Lenovo as its newest partner. The deal will see Pokki’s game arcade and Start Menu shipped with Lenovo machines, greatly boosting its marketshare in the PC ecosystem.

I’ve asked Lenovo about this: it hasn’t so far been able to tell me how much Pokki paid to be installed. It seems to me a fair presumption that Pokki did pay to be included – it offers various shareware apps via its menu. (Pokki doesn’t interfere with network traffic.) Here’s Pokki’s blogpost on the “partnership”. (That’s an Internet Archive link because I can’t get the original to load.)

Superfish might be the most recent, but it wasn’t the first time Lenovo was trying to improve its margins with preloaded software.

Meet Ross, the IBM Watson-powered lawyer » PSFK

Adriana Krasniansky:

Lawyers using Ross ask a legal question, and the program sifts through thousands of legal documents, statutes, and cases to provide an answer. Ross’s responses include legal citations, suggest articles for further reading, and even calculate a confidence rating to help lawyers prepare for cases. Because Ross is a cognitive computing platform, it learns from past interactions, meaning that Ross’s responses will grow to be more accurate as lawyers continue to use its system.

Via Mark Gould, who says that this sort of thing could automate legal functions… so what happens to those white-collar jobs?

Windows was less vulnerable than OS X, Linux, and iOS in 2014: report » NDTV Gadgets

Robin Sinha, somewhat perfunctorily:

Apple’s OS X operating system was the most vulnerable in 2014, according to a new report by the US National Vulnerability Database (NVD).

As per the report, OS X leads the list followed by iOS, Linux, Microsoft Windows Server 2008, Windows 7, Windows Server 2012, Windows 8, Windows 8.1, Windows Vista, and Windows RT. It has been noted that 7,038 new vulnerabilities were added last year, which results in 19 new vulnerabilities per day.

The report adds that out of the 7,038 vulnerabilities, 80 percent were said to come via third-party applications, 13 percent from operating systems and 4 percent via hardware devices. It is worth mentioning that in 2013 the vulnerability number was low at 4,794. Also, out of the 7,038 vulnerabilities, 68 percent was said to fall under the ‘medium’ severity, 24 percent in ‘high’ and the remaining 8 percent in ‘low’.

OK, I get it had the most vulnerabilities. Was it the most exploited, though?

Data Visualisation Competition – Are you a Viz Whizz? » Bank of England

“Viz Whizz”. Cringe. But it’s real, and could be fun:

Three criteria will be used to judge the entries. Is the visualization:

• showing something novel or insightful that is relevant to the Bank?
• clear and easy to understand?
• aesthetically pleasing and original?

Prize
Those entries that make the finalist day on Thursday 4 June will receive a tour of the Bank of England and its archives in the morning, followed by lunch.
Judging will take place in the afternoon where finalists will present their entries to an expert panel.
The winning entry will then be announced and the winning team will receive the prize of £5000. Refreshments will then be served for the contestants who will have the chance to mingle with the judges and other Bank staff.
The prize will be for the entry (and not per person).

Wristwatch industry statistics » Statistic Brain

Fascinating data: 1.2bn watches sold annually, 29.2m Swiss watches, almost all the rest from China and Hong Kong. Average values hugely different. It’ll be fun to see how the annual revenues for Swatch/Omega and Rolex look in a year’s time. (Via Robin H.)

Experts dubious of Gemalto claim its SIM keys weren’t stolen by GCHQ » Forbes

Thomas Fox-Brewster on the pushback against SIM card maker Gemalto’s claim that no siree, the keys are all locked in this safe:

First, [Gemalto] has assumed that its “highly secure exchange processes” have not been compromised. Second, Gemalto’s report was put together in a week, which might not be enough time to uncover far more surreptitious activity across its network, especially given the technical ingenuity of the alleged adversary. “Do they know the truth? Do they seriously believe they can conduct an investigation uncovering the truth in less than a week? This is a rush job to placate shareholders. Hopefully, they will keep investigating,” said Dr Ralf-Philipp Weinmann, who runs Comsecuris, a security research and consulting company. “Attacking SIM card vendors is a very economic solution to breaking encryption of cellular telephony.”

Perhaps the most worrying of Gemalto’s assertions is that it’s not possible to break connections over 3G or 4G using the methods described in the report. As Gemalto must know, it’s possible to force phones to “fail over” to easily-crackable 2G by jamming 3G and 4G connections.

My money’s on GCHQ. Those people are smart.

GPG And Me » Moxie Marlinspike

“Marlinspike” is a pretty adept crypto developer:

When I receive a GPG encrypted email from a stranger, though, I immediately get the feeling that I don’t want to read it. Sometimes I actually contemplate creating a filter for them so that they bypass my inbox entirely, but for now I sigh, unlock my key, start reading, and – with a faint glimmer of hope – am typically disappointed.

I didn’t start out thinking this way. After all, my website even has my GPG key posted under my email address. It’s a feeling that has slowly crept up on me over the past decade, but I didn’t immediately understand where it came from. There’s no obvious unifying theme to the content of these emails, and they’re always written in earnest – not spam, or some form of harassment.

Eventually I realized that when I receive a GPG encrypted email, it simply means that the email was written by someone who would voluntarily use GPG…

… I think of GPG as a glorious experiment that has run its course. The journalists who depend on it struggle with it and often mess up (“I send you the private key to communicate privately, right?”), the activists who use it do so relatively sparingly (“wait, this thing wants my finger print?”), and no other sane person is willing to use it by default.

Been available 20 years, yet has only 50,000 “strong” keys and under 4m published in the keypool. I’ve had a lot of PGP keys and forgotten the passwords to them all.

How video game breasts are made (and why they can go wrong) » Kotaku UK

Patricia Hernandez did a lot of research:

One developer who I’ll call “Alex,” because they didn’t want to be identified by their own name, told me about a situation where breasts had gone wrong—and it wasn’t the result of tech limitations. Alex told me that their studio was very concerned with its depiction of breasts. Even so, there were stumbles along the way.

“The very first thing I noticed when [the studio was] animating breasts is, I would look at them, and they were just not moving in a way that was even remotely natural,” Alex said.

“I remember saying to the artist, ‘the breasts are moving wrong.’ And I remember directly asking him, ‘Have you watched breasts move? Have you actually watched breasts move?”

Game developers have all the interesting conversations. It’s a fascinating piece as much as anything for the explanation of how developers *do* cope with the problem. (As one commenter asks, should the uncanny valley of video game breasts be called the uncanny cleavage?) So much effort, and then the premise of the game is ridiculous…

On WordPress.com and Bitcoin » Matt Mullenweg

WordPress is ending the ability to pay for its services using bitcoin, principally because it’s working on a code rewrite of its payment system, and wants less complication in the number of currencies it has to support. So some questions were put to Mullenweg:

Q: You mention that bitcoin has low volume compared to other payment methods, has this always been the case? Has its volume share changed over time?

A: The volume has been dropping since launch, in 2014 it was only used about twice a week, which is vanishingly small compared to other methods of payment we offer. We supported Bitcoin for philosophical reasons, not commercial ones.

Something of a reality check there. Although Mullenweg also says:

I believe Bitcoin or some other blockchain-like system will be the basis of the majority of financial transactions in the future, from small remittances to multi-billion dollar corporate acquisitions. I think transaction costs should follow Moore’s law, and I don’t think we’re going to get there with the centralized gateways that currently account for the overwhelming majority of transactions. I also personally hold Bitcoin, I’m an advisor to Stellar.org, and my friends make fun of me for bringing up Bitcoin and the blockchain in unrelated conversations.

(Via Ben Thompson)

Start up: Google eases Project Zero, Xiaomi’s patent woe, Microsoft’s big Office vision, driving helium, and more

Posted on February 18, 2015 by charlesarthur

“Flash, I love you – but we only have 90 days excluding public holidays and weekends to issue a fix for CVE-2013-6629!” Photo via Tom Simpson on Flickr

A selection of 8 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Google amends bug disclosure policy following Apple and Microsoft scuffle » V3

Project Zero courted controversy when it publicly disclosed flaws in Microsoft’s Windows 8.1 and Apple’s Mac OS X operating systems.

Google moved to address these concerns, arguing that it may have applied the policy too rigorously but that public disclosure is effective.

“For example, the Adobe Flash team probably has the largest install base and number of build combinations of any of the products we’ve researched so far,” read the [Google] blog post.

“To date, they have fixed 37 Project Zero vulnerabilities (or 100 percent) within the 90-day deadline. More generally, of 154 Project Zero bugs fixed so far, 85% were fixed within 90 days.

“Furthermore, recent well-discussed deadline misses were typically fixed very quickly after 90 days. Looking ahead, we’re not going to have any deadline misses for at least the rest of February.

I fixed all of my Adobe Flash vulnerabilities in five minutes by removing Flash from my computer. However, Google’s position of playing private security guard to the internet remains discomforting, and I can’t help feeling that it’s going to prove embarrassing in some horrible way – a sort of schadenfreude-in-waiting.

Qualcomm deal sparks China smartphone patent skirmishes » Reuters

From last Friday (I didn’t link to it then), but as Ben Thompson points out, this element of the deal could have big implications – given that Xiaomi became China’s biggest smartphone vendor in 2014:

The settlement has allowed wireless patent holders like ZTE and Huawei Technologies to seek royalties, while introducing a new risk of litigation to China’s younger handset industry at a time when domestic patent law is gaining traction.

“For the first time, the settlement is forcing domestic manufacturers to recognize the value of IP (intellectual property) and consider how to use it strategically, which companies do in the West,” said Wang Yanhui, secretary general of the Mobile China Alliance, an industry consortium. “That’s the real significance of the (Qualcomm) settlement.”

The competitive dynamics are particularly complex in China, the world’s biggest smartphone manufacturer and consumer, as large Chinese telecom equipment makers that hold many essential patents for wireless technology also compete in the phone market against younger, nimbler manufacturers.

The settlement could prove tricky for companies like Xiaomi Inc, a four-year-old Beijing-based smartphone maker whose weak patent position has proved a major vulnerability. In December, a court in India temporarily halted its shipments there after Swedish telecom firm Ericsson complained Xiaomi had not been paying its royalties.

Although Xiaomi has been reported by Chinese media to be one of the handset makers now targeted by ZTE’s lawyers, both companies declined to discuss the issue.

But in response to questions from Reuters, Bin Lin, Xiaomi’s president, said he expects Xiaomi to only attract more patent threats and litigation from rivals in the future, as does any young firm that enjoys explosive growth.

Rembrandt Technologies wins $15.7m jury verdict in patent infringement case against Samsung » PRNewswire

A Texas federal jury has awarded $15.7 million to Rembrandt Wireless Technologies LP after finding that Korean electronics giant Samsung Electronics Co. Ltd. infringed on two Rembrandt patents covering Bluetooth technology.

Jurors deliberated only one hour before issuing the Feb. 13 verdict. The five-day trial focused on two Rembrandt patents, U.S. Patent Nos. 8,023,580 and 8,457,228. In addition to the $15.7 million award, Rembrandt also will receive royalty payments on all Samsung Bluetooth sales for the life of the patents.

Rembrandt, a Pennsylvania-based business technology company, sued Samsung and Blackberry Ltd. in 2013. Blackberry settled before the trial. Rembrandt argued that its patents for Bluetooth “enhanced data rate” inventions were infringed by Samsung in its Galaxy S phones.

That’s a brief deliberation, and a brief trial.

New cloud storage integration for Office » Microsoft Office Blogs

Kirk Koenigsbauer, corporate VP of Office:

We want Office to be the preferred way to work with documents no matter where they’re stored. In November we announced a special partnership with Dropbox to make it easy to access, edit and share Dropbox files from the Office apps. And today, in addition to the existing Dropbox integrations, we’re pleased to announce two new integration features for an even broader set of cloud services: First, file picker integration for the iPad and iPhone; and second, Office Online integration for viewing and editing. While these may seem like small enhancements, these new features represent a big step forward for Office integration into the apps and services that are important to our customers.

This is huge. It’s actually all in that first sentence, which is all you need: “We want Office to be the preferred way to work with documents no matter where they’re stored.” Microsoft wants Office – its most lucrative monopoly – to endure. This is part of how it does that.

May 2012: once deemed evil, Google now embraces “paid inclusion”

Danny Sullivan, in May 2012, noting changes in how Google represented and collated its Flight Search, Hotel Search and Shopping categories so that they became pay-to-play for companies to appear – a reversal of Google’s previous stance:

paid inclusion isn’t necessarily bad, especially if it’s used to solve an otherwise difficult challenge in search, rather than being an excuse to generate revenue. However, it it still feels odd watching Google, having previously attacked the objectivity of its competitors over the practice, quietly adopt paid inclusion now that it’s the search market leader. That doesn’t sit right. At the very least, I kind of want someone at Google to acknowledge that it was wrong those years ago.

Postscript (7:30pm ET): Google, after seeing this article, sent along this statement about paid inclusion:

Paid inclusion has historically been used to describe results that the website owner paid to place, but which were not labelled differently from organic search results. We are making it very clear to users that there is a difference between these results for which Google may be compensated by the providers, and our organic search results.

I have to disagree.

The reason I’m linking to this now is that it’s pertinent to all the antitrust discussion that’s reopening in Europe over Google and particularly vertical search. Google presents its results as untouched by human hand, but there’s a whole lotta touching really going on. (One point on the headline: Sullivan means that paid inclusion used to be deemed evil, not Google.)

November 2013: Western Digital adds helium to enterprise hard drives » AllThingsD

Arik Hesseldahl:

It turns out that the insides of hard drives are pretty violent places. There’s a lot of high-speed motion, what with the disk platters spinning at several thousand rotations per minute, and the head moving back and forth across its surface. If you’ve ever held your arm out the window of a fast-moving car, you get some sense of the problem…

…The secret sauce to all this is that the drives are built to be hermetically sealed, which means they’re both perfectly airtight and leakproof. While the science behind doing all this has been well understood for a while, Cordan says that Western Digital is the first to figure how to do it in a repeatable manufacturing process. It adds an extra step or two to the manufacturing process, and thus some cost.

It gets more interesting: Hermetically sealed drives don’t let the helium out, but they also don’t let anything else in, including liquid. That makes them good for use in immersion-cooled data centers. These are small, dense collections of IT gear packed into a box the size of a shipping container and filled to the top with nonconductive liquid that keeps everything running at a constant temperature. (If you didn’t know that this was a thing, you’re not alone, because I didn’t, either.)

This came (via @jearle) after I happened across a Digitimes report about helium-filled drives. Presumably vacuum is next, since if a drive can survive being immersed then it must have tough joints.

Intel reportedly to delay launch of 14nm Skylake desktop CPUs » Digitimes

Monica Chen:

Intel reportedly has informed its motherboard partners that it will delay the release of its 14nm Skylake desktop CPUs and corresponding 100-series chipsets to the end of August, compared to its original schedule set for the second quarter of 2015, according to sources in Taiwan’s motherboard industry.

The delay will affect PC makers’ production and shipment plans for Haswell Refresh and Broadwell-U series products and may also delay the development of Broadwell models with a TDP of 65W, the sources noted.

PC makers will also not be able to unveil Skylake-based models during the upcoming Computex 2015 to be held in June in Taipei, thereby affecting PC sales in the second haft of 2015, said motherboard makers.

Intel is saying that it always planned to release Skylake in the second half of the year. For reference, the Pentium 4, introduced in 2000, had transistor sizes of 0.18 micron – or 180nm.

$1.75m in bitcoin stolen from Chinese exchange Bter » The Next Web

Abhimanyu Ghoshal:

Even as Bitcoin is starting to shake things up in the US, all is not well in the cryptocurrency world. China-based Bitcoin exchange Bter was hacked on Valentine’s Day and $1.75m worth of Bitcoin was stolen.

The company hasn’t revealed much about the breach, except that 7,170 BTC was taken from its cold (offline) wallet on February 14 via a single transaction (link) and that the platform is suspending operations until further notice.

I feel like we’re getting so used to this that $1.75m is like “yeah, sure”.

Start up: Google v security redux, how your browser can track you, unboiling eggs (really), Android MVNO = flop, and more

Posted on January 28, 2015 by charlesarthur

Don’t worry, we’ll soon have that nice and runny for you. Photo by Sidereal on Flickr.

A selection of 10 links for you. Avoid contact with hands. I’m charlesarthur on Twitter. Observations and links welcome.

This guy found a way to block robocalls when phone companies wouldn’t » WIRED

Robert McMillan:

Aaron Foss won a $25,000 cash prize from the Federal Trade Commission for figuring out how eliminate all those annoying robocalls that dial into your phone from a world of sleazy marketers.

The year was 2013. Using a little telephone hackery, Foss found a way of blocking spammers while still allowing the emergency alert service and other legitimate entities to call in bulk. Basically, he re-routed all calls through a service that would check them against a whitelist of legitimate operations and a blacklist of spammers, and this little trick was so effective, he soon parlayed it into a modest business.

Last year, his service, called Nomorobo, blocked 15.1 million robocalls. He uses cloud computing services—primarily Amazon Web Services and Twilio—to block Florida timeshare sellers and fake Microsoft support gurus from the 190,000 VOIP customers¹ who use his free product.

I know, you’re saying “Where do I sign up??” Except for this addendum to the story:

¹13:00 EST. Correction. An earlier version of this story stated that the Nomorobo service works with mobile phones. It runs on VOIP phones only.

Damn.

How you can be tracked by your browser’s fingerprint and how you can stop it » CompTutor

You have your browser set to Private Browsing or Incognito mode where it doesn’t store coookies or history. You load up your favorite VPN, Tor, or I2P and are thinking, “I am totally secure and no one can track me now.” Wrong. You still are possibly leaving a digital fingerprint or browser fingerprint behind. Just because you have a secure computer and can change your IP, people can still find you. Browser Fingerprinting is how some agencies have been able to identify people even through Tor or a VPN.

The EFF, or Electronic Frontier Foundation, discovered this a few years ago and has set up a website to demonstrate their findings. Check out the website below, run their fingerprinting test, and see if your online fingerprint is unique to you out of everyone they have tested. I’m guessing it will be.

https://panopticlick.eff.org

It’s “canvas fingerprinting”, which has already found favour with Google, and relies on characteristics of HTML5-capable browsers.

Microsoft is no longer manufacturing the Surface 2 » The Verge

The big unmentioned detail there is that it’s the end of the line for Windows RT, which everyone except for Microsoft had already given up on. Its future looked even bleaker during Microsoft’s Windows 10 announcements last week, with the company saying that the new OS was not coming to the Surface RT or Surface 2, its last remaining Windows RT devices.

The Surface 2 debuted near in the fall of 2013 as a successor to the Surface RT, which received a lukewarm response and ended up costing Microsoft millions in stock that did not sell. It was thinner and lighter than the previous model, and also had a considerably better display, but was still stymied by Windows RT, which did not support traditional Windows programs.

RT’s really dead now, Jim.

Android Wi-Fi Direct vulnerability disclosed » Threatpost

Michael Mimoso:

Google and Core Security are at odds over the severity of a vulnerability affecting a number of Android mobile devices, details of which were released by the security vendor today.

The issue was reported to the Android security team on Sept. 26 and in subsequent communication between the two parties, the severity of the vulnerability was debated, culminating today with Core’s disclosure. Google three times acknowledged Core’s report and request for a timeline on a patch, and each time Google said it did not have one.

The flaw is a remotely exploitable denial-of-service vulnerability in Wi-Fi-Direct, a standard that allows wireless devices to connect directly. The implementation is used not only between Android devices, but also printers, cameras, PCs and more.

So here’s Google not fixing new flaws in Android. Shouldn’t Core Security feel justified in releasing exploit code and full details?

Read on for Google justifying not fixing old code in Android….

Google defends policy that leaves most Android devices unpatched » Computerworld

Remember the WebView weaknesses that had everyone jumping up and down because around 60% of Android devices that hit Google Play (and potentially many more altogether) are vulnerable? Gregg Keizer followed up:

“Until recently, we have also provided backports for the version of WebKit that is used by WebView on Android 4.3 and earlier,” wrote Adrian Ludwig, Android lead security engineer on Google+. “But WebKit alone is over 5 million lines of code and hundreds of developers are adding thousands of new commits every month, so in some instances applying vulnerability patches to a two-plus-year-old branch of WebKit required changes to significant portions of the code and was no longer practical to do safely.”

So it’s too much trouble for Google to fix code that’s over two years old, but it feels justified in publicising security flaws – and exploit code – for Windows and OSX? What’s that Biblical saying about beams and motes?

‘Thunderstrike’ attack also fixed in OS X 10.10.2 » iMore

Rene Ritchie:

“Thunderstrike” is the name for an attack that can target Mac hardware via the Thunderbolt port. Apple had previously updated the Retina 5K iMac and 2014 Mac mini to partially secure them against Thunderstrike. Now, the upcoming OS X Yosemite 10.10.2 will fix the problem for all recent Macs running Yosemite.

Thunderstrike was explained here: it requires physical access or very good social engineering. Good that it’s being fixed for “all recent Macs running Yosemite”; bad that it isn’t going further back. (Is it even possible to fix it further back? Nobody seems to know for sure.)

Why an Apple-featured indie dev abandoned iOS in favor of PC » Gamasutra

Alex Wawro:

what’s more interesting about [Erik] Asmussen’s current project, at least from a developer’s perspective, isn’t so much where it is now as where it isn’t — namely, Apple’s App Store.

Like many developers, Asmussen quit his job a few years ago to dive into mobile development full-time; but despite some significant success with mobile games like PWN: Combat Hacking, Asmussen has decided to devote himself to PC development.

“I finally gave up on iOS after I got a ‘Best New Games’ feature and saw how little revenue that actually brought in,” Asmussen tells me, via email. “The risk/reward profile was just terrible, combined with annoying barriers like having to put all updates through a review process. So I decided to switch to PC. That has proven to be a good decision by any measure.”

Why? Because

his final mobile game, PWN: Combat Hacking, earned roughly $10k in its launch month.

“Which sounds cool, until you consider that it took a year to build and about $3-4K in art,” adds Asmussen. “And that that figure is in the top percentile of indie mobile games. And that it got the biggest app store feature short of the top banner.”

Asmussen laments the fact that mobile game makers often can’t get people into their games until after they’re released, and believes that developing PC games for Steam’s Early Access service is more empowering for small-scale developers.

(Thanks @Jaykannan for the link.)

Apple reports record first quarter results » Apple

The results were fueled by all-time record revenue from iPhone® and Mac® sales as well as record performance of the App Store℠. iPhone unit sales of 74.5m also set a new record.

“We’d like to thank our customers for an incredible quarter, which saw demand for Apple products soar to an all-time high,” said Tim Cook, Apple’s CEO. “Our revenue grew 30 percent over last year to $74.6bn, and the execution by our teams to achieve these results was simply phenomenal.”

Oh, yeah, this happened. Not quite a record for Mac shipments (that happened in the previous quarter) but those iPhone numbers? That is phenomenal execution, as Cook says. It’s so easily overlooked that there’s no value in all the brand stuff and marketing if you can’t actually deliver product to people. Between Apple and Samsung, that’s about half of the smartphone market sewn up.

Chemists find a way to unboil eggs » Phys Org

Janet Wilson on news that will delight, well, anyone?

Like many researchers, he has struggled to efficiently produce or recycle valuable molecular proteins that have a wide range of applications but which frequently “misfold” into structurally incorrect shapes when they are formed, rendering them useless.

“It’s not so much that we’re interested in processing the eggs; that’s just demonstrating how powerful this process is,” [Gregory] Weiss [professor of chemistry and molecular biology at UCal at Irvine] said. “The real problem is there are lots of cases of gummy proteins that you spend way too much time scraping off your test tubes, and you want some means of recovering that material.”

But older methods are expensive and time-consuming: The equivalent of dialysis at the molecular level must be done for about four days. “The new process takes minutes,” Weiss noted. “It speeds things up by a factor of thousands.”

To re-create a clear protein known as lysozyme once an egg has been boiled, he and his colleagues add a urea substance that chews away at the whites, liquefying the solid material. That’s half the process; at the molecular level, protein bits are still balled up into unusable masses. The scientists then employ a vortex fluid device, a high-powered machine designed by Professor Colin Raston’s laboratory at South Australia’s Flinders University. Shear stress within thin, microfluidic films is applied to those tiny pieces, forcing them back into untangled, proper form.

Unspilling milk next, I hope.

5 reasons why a Google MVNO would fail » FierceWireless

Phil Goldstein enumerates them rather clearly. Summarised, they are:
1) engineering phones and networks is difficult (you can’t get one phone to join both T-Mobile and Sprint in the US as they use GSM and CDMA)
2) Google would need customer service centres and distribution – outside its core competency
3) incumbent carriers spend billions on ads, and have inbuilt advantages
4) the service wouldn’t be differentiated, and what’s the target audience?
5) if it doesn’t get scale, Google might kill it.

His article goes into much more detail. It feels persuasive.

Start up: web design for 2015, Nexus 6’s long slipway, hacking journalism under threat?, Zoë Keating v YouTube redux, and more

Posted on January 27, 2015 by charlesarthur

In 2012 the Nexus 6 designers were expecting to deal with these to unlock the phone. Photo by kevin dooley on Flickr.

A selection of 7 links for you. Refrigerate before use. I’m charlesarthur on Twitter. Observations and links welcome.

The challenge for web designers in 2015 (or how to cheat at the future) » Memespring

Richard Pope:

The 7 years of the Apple App Store and the android equivalents have, in effect, been mass, micro funded experiments in UI design for small, touch sensitive devices with lots of sensors and outputs. They have generated winning patterns like:

Checkboxes replaced by switches
Check-ins
Edit without save button
Everything can be contextual, any bit of UI can disappear between pages
Everything has it’s own settings page
Floating buttons
Keeping primary navigation off canvas (hidden behind the page)
Minimal or zero page header (the context an old school page header / nav gives seems less important when you are holding the app in your hand.)
Multiple, focused apps for the same service
Offline by default
Overscroll to refresh
Reserving dropdown menus for actions on the current context
Search scoped to their current context (the app)
These are patterns that people use day in day out on facebook, Gmail and WhatsApp. These are the new normal, what people expect.

But with a few notable exceptions – eg the mobile versions of Wikipedia and Forecast – these are not patterns that are making their way on to the web.

So, here is the challenge for anyone designing and building for the web in 2015.

He also points out what you can do with HTML5 browsers now too. Worth considering.

Dennis Woodside on Motorola, Google and the future of Dropbox » Telegraph

Matt Warman spoke to Woodside, formerly chief executive at Motorola, and now chief operating officer at Dropbox:

the 6-inch Nexus 6, he can now admit, was stymied by just one of those big players [which he previously criticised for keeping prices high]. A dimple on the back that helps users hold the device should, in fact, have been rather more sophisticated. “The secret behind that is that it was supposed to be fingerprint recognition, and Apple bought the best supplier. So the second best supplier was the only one available to everyone else in the industry and they weren’t there yet,” says Woodside. Nonetheless, he adds, the addition of fingerprint recognition, “wouldn’t have made that big a difference.”

Here’s what’s interesting about this. Apple bought Authentec in mid-2012 (for $356m). The Nexus 6 was released in September 2014. Motorola’s development of that smartphone was so far in train that it didn’t have time to change the design of the back fascia from dimpled to flat.

Smartphones take two or more years to design and implement. Consider that: what comes out now was being worked on in early 2013.

Kudos to Woodside for admitting fingerprint recognition wouldn’t have made much difference. As it wasn’t being tied into a payment system, it would have been a gimmick – and those don’t add lasting value.

We should all step back from security journalism » Medium

Quinn Norton:

Part of Barrett Brown’s 63 month sentence, issued yesterday, is a 12 month sentence for a count of Accessory After the Fact, of the crime of hacking Stratfor. This sentence was enhanced by Brown’s posting a link in chat and possessing credit card data. This, and a broad pattern of misunderstanding and criminalizing normal behavior online, has lead me to feel that the situation for journalists and security researchers is murky and dangerous.

I am stepping back from reporting on hacking/databreach stories, and restricting my assistance to other journalists to advice. (But please, journalists, absolutely feel free to ask me for advice!) I can’t look at the specific data another journalist has, and I can’t pass it along to a security expert, without feeling like there’s risk to the journalists I work with, the security experts, and myself.

Brown’s sentence wasn’t quite as simple as “linking to stolen stuff”, but Norton’s concern is understandable – especially given the tendency of US law enforcement to go like a runaway train after hackers, and those defined as hackers, of all stripes.

Zoe Keating’s experience shows us why YouTube’s attitudes to its creators must change » Music Industry Blog

Mark Mulligan weighs in on the Zoë Keating row linked here on Monday:

it is the Content ID clause that is most nefarious. Content UD is not an added value service YouTube provides to content owners, it is the obligation of a responsible partner designed to help content creators protect their intellectual property. YouTube implemented Content ID in response to rights owners, labels in particular, who were unhappy about their content being uploaded by users without their permission. YouTube’s willingness to use Content ID as a contractual lever betrays a blatant disregard for copyright.

Ben Thompson is much more straightforward: on Stratechery.com he analyses Keating’s position, and suggests – for her particular situation, as a niche player seeking the most eager fans – that she should tell YouTube to take a hike. Especially when you look at her income breakdown: 60,000 tracks (roughly) sold on iTunes generated $38,195, while 1.9m YouTube views (mostly of her music on other peoples’ videos) earned $1,248.

Would the iTunes sales have happened without the YouTube views? Quite possibly not – but using ContentID as a lever, as Mulligan says, is to aggressively deny her copyright.

Digital music sales on iTunes and beyond are now fading as fast as CDs. – The Atlantic

Derek Thompson has some shudder-making figures:

how about the hits? The top 1% of bands and solo artists now earn about 80% of all revenue from recorded music, as I wrote in “The Shazam Effect.”

But the market for streamed music is not so concentrated. The ten most-popular songs accounted for just shy of 2% of all streams in 2013 and 2014. That sounds crazy low. But there are 35m songs on Spotify and many more remixes and covers on SoundCloud and YouTube, and one in every 50 or 60 online plays is going to a top-ten song. With the entire universe of music available on virtual jukeboxes, the typical 3.5-hour listening session still includes at least one song selected from a top-ten playlist that accounts for .00003% of that universe. The long tail of digital music is the longest of tails. Still, there is a fat head at the front.

China buying more iPhones than US » FT.com

Analysts at UBS estimate that China accounted for 36% of iPhone shipments in the most recent quarter, compared with 24% for the US. During the same period last year, 29% of units were sold in the US and 22% were in China, UBS said.

Predictable enough, given the size of China, and the fact that the US is essentially saturated. The fact that two markets probably account for 60% of all iPhone shipments – around 36m phones in the quarter – is perhaps a concern for Apple. It’s much the same for Samsung: losing its lead in China has hurt it and left the US as its key market.

However, this rather gives the lie to those stories from September which said that Apple was washed up in China when smugglers had to cut prices of the iPhone 6 – ignoring the fact that the devices were going to go on sale officially in a few weeks. Nope, then the problem was that

Four years ago, the iPhone 4 was a status symbol, with the black market booming before the product was officially introduced. Today, the iPhone is simply one option among many, as local companies like Xiaomi and Meizu Technology rival Apple in terms of coolness while charging less than half the price.

Demographics of key social networking platforms » Pew Research Center’s Internet & American Life Project

Tons of demographic data (including age, ethnicity, gender, education, income and location) about the online over-18s in the US:
• 71% use Facebook (more women than men, strong in 18-29);
• 23% use Twitter (men strongly growing, skews towards degree-qualified);
• 26% use Instagram (53% of 18-29s; also strong among Hispanics and African-Americans);
• 28% use Pinterest (up from 21% in August 2013; 3:1 women:men, strongly skewed to white)
• 28% use LinkedIn, strongly up among women since 2013, but now equal across sexes; skews strongly to university education

The whole study is fascinating: Facebook growth is slowing down, but it’s still “home base”, and used most daily.

Start up: PC sales droop, app store revenues, security on Android and Microsoft, Apple Watch promise, and more

Posted on January 13, 2015 by charlesarthur

Not so many of these. Pic by PeeZeeZicht on Flickr.

A selection of 8 links for you. Do not use as a sterile swab. I’m charlesarthur on Twitter. Observations and links welcome.

PC leaders continue growth and share gains as market remains slow » IDC

Worldwide PC shipments totalled 80.8m units in the fourth quarter of 2014 (4Q14), a year-on-year decline of -2.4%, according to the International Data Corporation (IDC) Worldwide Quarterly PC Tracker. Total shipments were slightly above expectations of -4.8% growth, but the market still contracted both year on year and in comparison to the third quarter.

Although the holiday quarter saw shipment volume inch above 80m for the first time in 2014, the final quarter nonetheless marked the end of yet another difficult year – the third consecutive year with overall volumes declining. On an annual basis, 2014 shipments totaled 308.6m units, down -2.1% from the prior year.

Gartner gives 4Q 2014 a +1% growth, to 83.7m, and the whole year essentially level at 315.9m. Gartner includes 2-in-1 units, where IDC doesn’t. And growth came from enterprise – consumer sales kept falling.

Also remarkable: Apple shows as fifth largest, ahead of Asus, for IDC, with 5.75m; Gartner reckons Asus shipped 6.2m units (because it includes 2-in-1s).

App Annie Index Market Q3 2014 » App Annie

Google Play worldwide quarterly downloads were about 60% higher than iOS App Store downloads in Q3 2014, roughly the same lead as last quarter.

Emerging markets continued to show remarkable growth on Google Play and have helped drive the store’s impressive download growth over the last year. In the Q3 2013 Market Index, Google Play downloads were only 25% higher than iOS App Store downloads.

iOS retained its strong lead in app store revenue over Google Play. In Q3 2014, iOS App Store’s revenue was around 60% higher than Google Play’s.

Japan, iOS’ second largest market behind the US, led revenue growth in Q3 2014.

So iOS gets 62% of the downloads (100/160) but 160% of the revenue – in other words, 2.5x as much revenue per download on average (160/(100/160)). That gap is likely to expand as Android reaches more emerging markets. If you want to reach lots of users with a free app, Android is increasingly the place to go (other things being equal); if you want the money, it’s iOS.

Lots of other fascinating trends, including Indonesia’s growth and what is driving Google Play download growth.

Slick, useful apps put the wow in Apple Watch » WSJ

Chris Mims:

I’ve seen some of the applications that will launch for the Apple Watch when it makes its debut as early as March, albeit in simulation, and some are extraordinary. Along with the details Apple has already released about how the watch will work, it’s convinced me Apple Watch will be a launching pad for the next wave of billion-dollar consumer-tech startups…

To use a historical analogy, the shift to mobile is one reason messaging supplanted email. Email was a product of a particular set of behaviours, including sitting down at a computer at a designated time and putting a certain amount of thought into responses. BlackBerry turned email into something like messaging, and touch-screen smartphones made it apparent that email was itself an anachronism, merely one conduit among many for what has become real-time communication.

Consider the same sequence of events for contextual information—that is, alerts delivered at a particular time and place, such as reminders. Our phones buzz, we pull them out of our pockets or purses, read a push alert, swipe to unlock, wait a split second for an app to load, then perform an action that might have been designed with more free time and attention in mind than we have at that moment, if we’re on the go or preoccupied. All that friction is one reason, I suspect, why location-based social networks like Foursquare never took off.

An insightful piece; Mims isn’t just lauding the idea of a watch, but the interaction model. (Subscription required.)

A call for better coordinated vulnerability disclosure (CVD) » Microsoft Security Response Center

Chris Betz is Microsoft’s ~~Google’s~~ senior director of the MSRC, and one might guess that he’s mightily pissed off just now:

CVD philosophy and action is playing out today as one company – Google – has released information about a vulnerability in a Microsoft product, two days before our planned fix on our well known and coordinated Patch Tuesday cadence, despite our request that they avoid doing so. Specifically, we asked Google to work with us to protect customers by withholding details until Tuesday, January 13, when we will be releasing a fix. Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a “gotcha”, with customers the ones who may suffer as a result. What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal.

Google gave Microsoft 90 days to fix the vulnerability – and declined to hold back to 93 days so the fix could be rolled out. Just a bit childish?

However Google has form on this: in 2010 one of its researchers, TravisOrmandy, gave Microsoft just five days to issue a fix – and then issued proof-of-concept code when it didn’t hit that deadline. The POC was exploited in the wild.

On the other hand, Jonathan Zdziarski points to this 2005 paper (PDF) which uses empirical data to indicate that “Our results suggest that early disclosure has significant positive impact on the vendor patching speed”. Sure, but Microsoft was patching. It just wanted to do it on its own, clear, schedule; Google’s assumption is that it knows Microsoft’s security priorities better than Microsoft does.

Google under fire for quietly killing critical Android security updates for nearly one billion » Forbes

Thomas Fox-Brewster:

Android smartphone owners who aren’t running the latest version of their operating system might get some nasty surprises from malicious hackers in 2015. That’s because one of the core components of their phones won’t be getting any security updates from Google, the owner of the Android operating system.

Without openly warning any of the 939 million [devices] affected, Google has decided to stop pushing out security updates for the WebView tool within Android to those on Android 4.3, better known as Jelly Bean, or below, according to appalled security researchers. That means two-thirds of users won’t receive cover from Google, the researchers noted.

It’s a wonder that Microsoft can resist discovering a few exploits and publicising them. But it seems that Rapid7 and Rafay Baloch have been churning them out pretty regularly, so no need to bother.

Apple also stops security fixes of iOS version [x-2] – but the proportion, and number, using those is generally tiny: at present it’s 4% by Apple’s figures – compared to 60.1% running a version of Android below 4.4.

Samsung considers rolling out Windows phone » Korea Times

This is one of those “all the promise at the front, all the disappointment at the back” stories. Begin:

In a move to cut reliance on Google’s Android mobile operating system, Samsung Electronics is considering releasing cheaper handsets running on Microsoft’s Windows 8.1 platform, sources said Sunday.

“Samsung has run pilot programs on the stability of Windows 8.1 software on devices. It is interested in promoting Windows mobiles,” said an official directly involved.

But the key issue is whether Samsung and Microsoft will settle their ongoing legal dispute over royalties.

“If the companies settle their litigation, then Samsung will manufacture handsets powered by the Microsoft-developed mobile platform,” the official said. “The timing could be the third quarter of this year at the earliest.”

Third quarter? Gah. That’s not going to move the needle – if Windows Phone is still a thing in the third quarter.

Vodafone UK’s CEO talks 4G and the future of the network » Vodafone blog

“For us it’s about having the strongest network,” [CEO] Jeroen [Hoencamp] says of 4G. “One of the things that makes us different from others is that we have our ‘low band spectrum’. What that means is that our 4G is on a lower frequency, which travels further and deeper indoors. Forget all the technicalities, though: all it means is that we can offer great indoor coverage, and that’s important because the bulk of mobile activity actually takes place indoors – whether people are at work and at home.

“Wherever we build 4G, we’ve proved that we can deliver great unbeatable 4G speeds and coverage, but it’s not a race to have the highest speeds because when it comes to mobile, speed only gets you so far.”

Jeroen explains that you need to have something extra to make that speed worth having:

“We could build a network just to achieve massive speeds,” he says, “but the reality is that you don’t currently need anything beyond 20Mbps on a mobile device. Even for streaming video you only need a couple of megabits per second, so we think less about absolute speed and more about using that bandwidth to enable more customers to enjoy great content on the move, even in the busiest places and at the busiest times.”

He also claims that “customers don’t buy 4G for the latest technology – they switch to Vodafone 4G because there’s particular content they want to access.” This sounds half-right – who cares about a snazzy tech name – but you can get what you want on any network. “The strongest 4G signal” sounds like something Vodafone is going to built an ad campaign around, though.

Here’s what happens when you install the top 10 Download.com apps » How-To Geek

Lowell Heddings watched his PC suffer so that you wouldn’t have to. It’s all pretty predictable (and horrible, and entertaining), but here’s the payoff:

Freeware software vendors make almost all of their money by bundling complete nonsense and scareware that tricks users into paying to clean up their PC, despite the fact that you could prevent the need to clean up your PC by just not installing the crappy freeware to begin with.

And no matter how technical you might be, most of the installers are so confusing that there’s no way a non-geek could figure out how to avoid the awful. So if you recommend a piece of software to somebody, you are basically asking them to infect their computer.

Also read the comments, where one person claiming to run a freeware download site (it seems) says that they’ve been offered up to $1.50 per download to bundle software. Multiply by a few million…

You wondered why innovation died on the desktop? Partly it was the rise of mobile. But it is also the prevalence of this sort of thing. Imagine if you were wary of recommending any less-known app to anyone on the grounds that it could screw up their phone and spill their life out.