Tag Archives: stagefright

Start up: malware for all!, Tim Cook v FBI, US gov seeks source code, bedtime for robots, and more

Posted on by
2

Facebook discovered that tons of ads are as fake as this “pound coin”. Photo by Steve Parker on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. Off you go. I’m charlesarthur on Twitter. Observations and links welcome.

Building towards value with Atlas » Facebook Atlas Solutions

Dave Jakubowski, head of ad tech, Facebook:

»Marketing pioneer John Wanamaker once famously said, “Half the money I spend on advertising is wasted; the trouble is, I don’t know which half.” Despite the promises of the past two decades, digital still faces the same issue.

Through Atlas and the people-based layer that powers it, we’ve been able to identify and measure where most waste comes from: exchanges and banners.

We realized this by testing out a buying platform in Atlas last year. During that test, we plugged into a number of the usual exchanges and bought across several formats. There were two major takeaways:

1: We were able to deliver ads to real people with unprecedented accuracy, but came up against many bad ads and fraud (like bots). While we were fortunately able to root out the bad actors and only buy quality ads, we were amazed by the volume of valueless inventory.
2: Only two ad formats delivered significant value: native & video.

Based on those findings, we began to dig into the ads that came through LiveRail. And when we saw the same thing, we immediately shut off the low quality ads. In fact, we removed over 75% of the volume coming from our exchange by turning off publishers circulating bad inventory into LiveRail.

«

Wonder how many news sites will take note of those points.
link to this extract

 

AceDeceiver: first iOS trojan exploiting Apple DRM design flaws to infect any iOS device » Palo Alto Networks

Claud Xiao:

»We’ve discovered a new family of iOS malware that successfully infected non-jailbroken devices we’ve named “AceDeceiver”.

What makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all. It does so by exploiting design flaws in Apple’s DRM mechanism, and even as Apple has removed AceDeceiver from App Store, it may still spread thanks to a novel attack vector…

…To carry out the attack, the [malware] author created a Windows client called ”爱思助手 (Aisi Helper)” to perform the FairPlay MITM attack. Aisi Helper purports to be software that provides services for iOS devices such as system re-installation, jailbreaking, system backup, device management and system cleaning. But what it’s also doing is surreptitiously installing the malicious apps on any iOS device that is connected to the PC on which Aisi Helper is installed. (Of note, only the most recent app is installed on the iOS device(s) at the time of infection, not all three at the same time.) These malicious iOS apps provide a connection to a third party app store controlled by the author for user to download iOS apps or games. It encourages users to input their Apple IDs and passwords for more features, and provided these credentials will be uploaded to AceDeceiver’s C2 server after being encrypted. We also identified some earlier versions of AceDeceiver that had enterprise certificates dated March 2015.

As of this writing, it looks as though AceDeceiver only affects users in mainland China.

«

So it’s really a Windows infection?
link to this extract

 

275 million Android phones imperiled by new code-execution exploit » Ars Technica UK

Dan Goodin:

»The NorthBit-developed attack exploits a Stagefright vulnerability discovered and disclosed last year by Zimperium, the security firm that first demonstrated the severe weaknesses in the code library. For reasons that aren’t yet clear, Google didn’t fix the vulnerability in some versions, even though the company eventually issued a patch for a different bug that had made the Zimperium exploits possible. While the newer attack is in many ways a rehash of the Zimperium work, it’s able to exploit an information leak vulnerability in a novel way that makes code execution much more reliable in newer Android releases. Starting with version 4.1, Android was fortified with an anti-exploitation defense known as address space layout randomization, which loads downloaded code into unpredictable memory regions to make it harder for attackers to execute malicious payloads. The breakthrough of Metaphor is its improved ability to bypass it.

“They’ve proven that it’s possible to use an information leak to bypass ASLR,” Joshua Drake, Zimperium’s vice president for platform research and exploitation, told Ars. “Whereas all my exploits were exploiting it with a brute force, theirs isn’t making a blind guess. Theirs actually leaks address info from the media server that will allow them to craft an exploit for whoever is using the device.”

«

Affects versions 2.2 through to 4.0, and 5.0 and 5.1. Which is 41.1% of phones, according to latest data from Google. Would have thought that is more than 275m, actually.
link to this extract

 

Microsoft apologizes for GDC party with skimpily-clad dancers » Reuters

Anya George Tharakan:

»Microsoft Corp apologized for hiring dancers dressed as skimpily-clad schoolgirls for its Game Developer Conference (GDC) afterparty in San Francisco on Thursday night, responding to media reports citing attendees’ pictures on Twitter and Instagram.

“It has come to my attention that at Xbox-hosted events at GDC this past week, we represented Xbox and Microsoft in a way that was absolutely not consistent or aligned to our values,” Microsoft’s head of Xbox Phil Spencer said in a statement.

“That was unequivocally wrong and will not be tolerated,” Spencer said.

Photos purportedly from the party surfaced on Twitter and Instagram, with many users expressing their anger at Microsoft’s actions.

«

“Will not be tolerated”? What’s the penalty? Of course it would have been better if this hadn’t happened in the first place. Ah, San Francisco.
link to this extract

 

Google could beat Apple at fashion – just like it did phones » Co.Design

Mark Wilson:

»”when you think about things people wear, they have really diverse styles. It isn’t the case that one style fits all, in any clothing or accessory or other kind of apparel,” David Singleton, VP of Android Wear, says. “A lot of our DNA working on Android has always been to create an ecosystem of partners to work together to create something bigger than the sum of its parts, and that’s what we’re trying to do here.”

That strategy worked for Android Wear’s first fashion partnership, Fossil, which cites its Fossil Q Founder as its top-selling watch, period, of the 2015 holiday season. At $295, it’s more or less the Bentley of Fossils. But watches are just one small swatch of a much larger piece of fabric. Google’s open platform is poised to leave a much larger impact on the $1.2 trillion fashion industry than it has on smartphones—because while everyone is happy to use the same phone as the person sitting next to them, fashion is a form of personal expression. Even those who ride the latest trends don’t want to be matchy-matchy with everyone else on the street…

…what gets concerning about the viability of Apple’s strategy — if we really are to consider it a fashion company now — is how its closed approach not only will limit overall adoption of the Apple Watch, but limit the extent to which Apple can keep afloat in the sheer depth of wearables to come.

«

This would be a strong argument if Android Wear weren’t miles behind Apple Watch in sales; and the article doesn’t offer any explanation for what would make its adoption increase.
link to this extract

 

Silicon Valley’s unchecked arrogance » Medium

Ross Baird and Lenny Mendonca:

»Snapchat may be solving an important problem for well-connected young people in America who don’t have to worry about basic needs. But whether it’s unemployed young people in St. Louis looking for their next paycheck or a family in Flint, Michigan worried about clean water, many Americans have more immediate problems.

Because most of today’s entrepreneurs have their basic needs taken care of, their problem-solving often seems frivolous to the rest of the country.

Take Uber, for example. Uber’s great at solving how people with smartphones and disposable income can get around major cities — a small fraction of the global population. Uber is less good at helping the drivers, whose income is much lower than the riders, benefit from this new paradigm. Uber has hailed their impact as letting people work flexibly and use assets more productively, but strategically is investing hugely in driverless cars.

And we don’t blame Travis Kalanick (actually we do, but that’s not the point of this story). Uber’s founders’ experiences are as riders, not drivers. But imagine an ownership structure in which, for example, drivers could earn fractional equity in the company for each ride they gave. What if a percentage of the $50bn valuation were shared among the drivers, based on a merit-based system?

«

It’s quite a thought, isn’t it? Now *that* would be a sharing economy.

link to this extract

 

US government pushed tech firms to hand over source code » ZDNet

Terrific scoop by Zack Whittaker:

»The US government has made numerous attempts to obtain source code from tech companies in an effort to find security flaws that could be used for surveillance or investigations.

The government has demanded source code in civil cases filed under seal but also by seeking clandestine rulings authorized under the secretive Foreign Intelligence Surveillance Act (FISA), a person with direct knowledge of these demands told ZDNet. We’re not naming the person as they relayed information that is likely classified.

With these hearings held in secret and away from the public gaze, the person said that the tech companies hit by these demands are losing “most of the time.”

When asked, a spokesperson for the Justice Dept. acknowledged that the department has demanded source code and private encryption keys before. In a recent filing against Apple, the government cited a 2013 case where it won a court order demanding that Lavabit, an encrypted email provider said to have been used by whistleblower Edward Snowden, must turn over its source code and private keys.

«

The fact that Justice Department says it might demand the same from Apple does slightly imply that it doesn’t have it already.
link to this extract

 

Can we teach robots right from wrong by reading them bedtime stories? » Public Radio International

Elizabeth Shockman:

»“We’re still at a simpler stage,” [computer science professor at the Georgia Institute of Technology in Atlanta, Mark] Riedl says. “Natural language processing is very hard. Story understanding is hard in terms of figuring out what are the morals and what are the values and how they’re manifesting. Storytelling is actually a very complicated sort of thing.”

Eventually, however, Riedl hopes it will be possible to give robots entire libraries of stories.

“We imagine feeding entire sets of stories that might have been created by an entire culture or entire society into a computer and having him reverse engineer the values out. So this could be everything from the stories we see on TV, in the movies, in the books we read. Really kind of the popular fiction that we see,” Riedl says.

He doesn’t worry about robots being able to determine what right or wrong is in a story — whether it’s better to side with a heroic figure in a story or an anti-hero.

“What artificial intelligence is really good at doing is picking out the most prevalent signals,” Riedl says.

«

link to this extract

 

Full transcript of TIME’s interview with Apple CEO Tim Cook » TIME

Nancy Gibbs and Lev Grossman:

»Q: As a business person, as the guy running Apple, should this go to Congress, they rule, goes against you, how bad is it for Apple from a business point of view?

COOK: I think, first of all it’s bad for the United States. Because going against us doesn’t just mean going against us. It means likely banning, limiting or forcing back doors for [everyone]. I think it makes the U.S. much more vulnerable. Not only in privacy but also in security. The national infrastructure, everything. And I can’t imagine it happening because it would be outlandish for something like that to happen. I think everybody has better judgment than that.

But at the end of the day, we’re going to fight the good fight not only for our customers but for the country. We’re in this bizarre position where we’re defending the civil liberties of the country against the government. Who would have ever thought this would happen?

«

Absorbing read; the only point where Cook seems to bodyswerve the question is when he’s asked “what if it’s about finding out where the terrorist’s nuclear bomb is ticking down, or the child is being tortured?” Which is of course the question which pours grease onto the slippery slope.
link to this extract

 

Errata, corrigenda and ai no corrida: none notified.

Start up: the Nexus puzzle, Stagefright 2.0 (bigger!), T-Mobile US data hack, Fiorina’s iPod miss and more

Posted on by
Reply


How do you make cakes sell better if they make people feel guilty? Photo by ricardogz10 on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 12 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Google’s Nexus phones are just ads » The Verge

Vlad Savov:

new Nexus phones are also profitless love letters to fans, designed to induce goodwill for the Google brand. How can a company that depends on making money from each unit of hardware sold hope to compete with that?

Motorola went all-out with the Moto X Pure this year, seeking to deliver the cleanest possible Android experience, best possible specs, and lowest possible price, all while operating independently of carrier interference. That’s as close to Google’s Nexus ideal as any Android manufacturer has ever come. So if Google’s Nexus motivation was truly to set a template of good practices to follow, to define a user experience benchmark, and to seed the development of a better Android ecosystem, it would have stopped and applauded Motorola for its efforts this year.

Instead, Google is undercutting the $399 Moto X Pure with the $379 Nexus 5X, which has the added benefit of a fingerprint sensor and matches the Moto X with a highly rated camera capable of 4K video. I don’t know whether to describe this as a knife in the back or an arrow to the knee, but Google’s actions are certainly doing violence to its Android partners’ best-laid plans.

Lenovo/Motorola’s mobile division loses money. So it’s pretty certain that if the Nexus phones undercut them, they lose money. That makes them deflationary to the Android ecosystem; it’s as though Microsoft were selling $150 full-spec PCs under its own brand. Savov hits the nail on the head (once more): the Nexus program just doesn’t make sense in a wider view.
link to this extract

Stagefright 2.0: MP3 and MP4 can hack billion Android phones » Fortune

Robert Hackett:

It’s time to evacuate the Android dance floor—lest you be infected by the sound.

Two new critical vulnerabilities in Google’s mobile operating system announced by security researchers on Thursday put more than a billion Android devices at risk of being hacked. That means “almost every Android device” is affected, ranging from Android version 1.0 to the latest version 5.0, also known as “Lollipop,” the researcher said.

Attackers can exploit these computer bugs by tricking users into visiting websites that host malicious MP3 or MP4 files. Once a victim previews one of these infected multimedia files, which commonly package music or video, that person’s machine can swiftly be compromised. The issue involves how Android processes these files’ metadata through a media playback engine named Stagefright.

Yes, it’s Stagefright, and it’s back; it can once more access data, cameras, microphone and photos. But on pretty much any Android phone ever. It’s incredibly unlikely to be exploited by any but state-level hackers.

Still, Google was told on 15 August, and sent updates to OEMs and carriers on September 10. Have they rolled out? Find out by using Zimperium’s Stagefright detector app. (You have to love the reviews complaining that it shows “false positives”.)
link to this extract

Amazon to ban sale of Apple, Google video-streaming devices » Bloomberg Business

Spencer Soper:

Amazon.com is flexing its e-commerce muscles to gain an edge on competitors in the video-streaming market by ending the sale of devices from Google and Apple that aren’t easily compatible with Amazon’s video service.

The Seattle-based Web retailer sent an e-mail to its marketplace sellers that it will stop selling Apple TV and Google’s Chromecast. No new listings for the products will be allowed and posting of existing inventory will be removed Oct. 29, Amazon said. Amazon’s streaming service, called Prime Video, doesn’t run easily on its rival’s hardware.

Filed under “strategy tax”. Possibly the profits on the Apple TV and Chromecast weren’t very high, but Amazon still sells smart TVs that don’t play Prime Video.
link to this extract

CEO responds to Experian data breach » T-Mobile

John Legere:

We have been notified by Experian, a vendor that processes our credit applications, that they have experienced a data breach. The investigation is ongoing, but what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015. These records include information such as name, address and birthdate as well as encrypted fields with Social Security number and ID number (such as driver’s license or passport number), and additional information used in T-Mobile’s own credit assessment. Experian has determined that this encryption may have been compromised. We are working with Experian to take protective steps for all of these consumers as quickly as possible.

Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected. I take our customer and prospective customer privacy VERY seriously.

Sure, you take it seriously, Mr Legere (and I mean that seriously) but there’s a single point of failure in the way that you trusted a third party with your customers’ data. That’s poor system design, which means that actually customer privacy wasn’t taken that seriously. Wonder if a class action will follow.
link to this extract

Xiaomi confronts an unnerving time » WSJ

Li Yuan speaks to Xiaomi’s founder Lei Jun:

How Xiaomi responds [to new challengers] could offer a clue to how well China’s booming tech industry transitions to its next stage. Riding a wave of growing mobile Internet adoption, China’s technology sector has churned out significant global companies and minted fortunes. But growth is slowing across the board, presenting challenges to a new generation of entrepreneurs who must learn how to manage in tougher times.

Mr. Lei sees a five-year lull in smartphone innovation that will make “wow” moments harder to come by, and will require competitors to focus on user experience to differentiate and tap consumer niches. The key, he says, is to provide value.

“We’re doing what Uniqlo, Muji and Ikea have been doing,” he said. “Our ultimate goal is to make good but cheap things.”

That five-year lull is quite a thing to contemplate.
link to this extract

The cost of mobile ads on 50 news websites » The New York Times

Gregor Aisch, Wilson Andrews and Josh Keller:

Ad blockers, which Apple first allowed on the iPhone in September, promise to conserve data and make websites load faster. But how much of your mobile data comes from advertising? We measured the mix of advertising and editorial on the mobile home pages of the top 50 news websites – including ours – and found that more than half of all data came from ads and other content filtered by ad blockers.

It’s a hell of a graphic. The “cost to load” data is eye-opening: it’s pretty much always far, far bigger than that of the editorial. (Why? I mean, one comes for the editorial, including pictures; why are ads so much bigger?) The Guardian comes a long way down the list – as in, it has a very low ad load – which might be, I suspect, because the US version of the site doesn’t yet have that many ads.

There’s an accompanying article by Brian X Chen, which also appeared in print.

Note too that articles like this fulfils one of my expectations ahead of the launch of iOS 9: it spreads the word of the existence of this facility on iOS, which will lead to Android users wanting to know how they can get it too.
link to this extract

A creativity lesson from Betty Crocker » Psychology Today

Drew Boyd:

In the 1950s, General Mills launched a line of cake mixes under the famous Betty Crocker brand. The cake mixes included all the dry ingredients in the package, plus milk and eggs in powdered form. All you needed was to add water, mix it all together, and stick the pan in the oven. For busy homemakers, it saved time and effort, and the recipe was virtually error free. General Mills had a sure winner on its hands.

Or so it thought. Despite the many benefits of the new product, it did not sell well. Even the iconic and trusted Betty Crocker brand could not convince homemakers to adopt the new product.

General Mills brought in a team of psychologists. Something unusual was going on. The company needed to make its next move very carefully if it was going to get this product off the ground.

Why were consumers resisting it? The short answer: guilt. The psychologists concluded that average American housewives felt bad using the product despite its convenience. It saved so much time and effort when compared with the traditional cake baking routine that they felt they were deceiving their husbands and guests. In fact, the cake tasted so good that people thought women were spending hours baking. Women felt guilty getting more credit than they deserved. So they stopped using the product.

Now think carefully: what’s your next step? (Scrapping the line is not an option.) I wonder if there are any lessons for smartphone makers in this.
link to this extract

How Steve Jobs fleeced Carly Fiorina » Medium

Steven Levy utterly destroys any claims to negotiating competence that would-be Republican presidential candidate Carly Fiorina might have, pointing to the many ways that Jobs steamrollered her (from the colour of the iPod to the pre-installation of iTunes on HP PCs). But this is the coup de grace:

The ultimate irony is that if Fiorina had been familiar with the assets of the company she ran, she might have had much more leverage to cut a better deal with Jobs. When she made her disastrous 2002 acquisition of Compaq, HP took possession of its patents, including those generated by the research division of the Digital Equipment Corporation, the iconic minicomputer company that Compaq itself bought in 1998. It turns out that researchers in DEC’s Palo Alto lab had created a hard-disk MP3 player — essentially inventing key parts of the iPod several years before Apple did. The project never got any love, though a clunky version of it had actually been announced at CES in 2000. Still, among the patents DEC secured were some very broad ones regarding the way music was drawn from the disk drive while conserving battery power. Had Fiorina known this, she might had been able to get a much better deal with Apple  —  because she could have credibly claimed that the iPod infringed on HP’s intellectual property.

Based on this, you’d have to (holds nose) vote for Trump. At least he has actually succeeded in negotiations, and created rather than destroyed shareholder value. If, that is, you think those are things that matter in presidential candidates. Which isn’t self-evident.
link to this extract

EMV’s reality: more online fraud » PaymentsSource

Rurik Bradbury:

Only 22% of small to mid-sized retailers reported that they are prepared to meet the [October 1] deadline [when retailers have to make customers use EMV-compliant payment terminals]. And, according to a recent SoftwareAdvice.com study, 23% believe upgrading to EMV is unnecessary.

Additional data from a large research firm suggests that almost 50% of U.S. retailers will not be EMV-compliant by the end of 2015. These merchants, just under half of all U.S. retailers, will be in for a rude awakening when they start receiving chargeback bills for fraudulent transactions.

The shift to EMV should significantly reduce in-store fraud for retailers that upgrade their payments processing systems, as the new cards will have an embedded chip that generates a unique token for each transaction, making them extremely difficult or nearly impossible to counterfeit. However, fraudsters will not just throw in the towel and get day jobs, they will simply change their tactics to exploit less secure payment channels.

In many ways, criminal fraud is like running water, when one area is firmly sealed off, it simply flows to the next open gap, which in this case is e-commerce. In the digital world, only the card digits and Card Verification Value (CVV) are used, and chip technology cannot help, which will make digital payments an easier, more lucrative target for fraudsters to target. According to a study by the Aite Group, in Australia, online or card not present (CNP), fraud increased from $72.6 million AU in 2008 to $198.1 million AU in 2011 – a 100 percent increase in CNP fraud in three years following the EMV upgrade. A similar spike occurred in Canada and the UK after each country migrated to EMV terminals.

The same, or worse is expected to happen in the U.S.

link to this extract

Apple’s software king Eddy Cue on streaming battles, the iPhone 6s and getting rid of roaming charges » London Evening Standard

Jimi Famurewa got some time just ahead of the iPhone launch. Most of the interview is straightforward, but for this snippet at the end:

[Cue] taps his phone and makes an offhand comment about “trying not to get roaming charges” while in London which, I note, proves how insanely expensive phone calls and data can be abroad. “It’s sad, it’s another problem,” says Cue. “We’re trying to fix it and we’re making a little bit of progress but you’ve got to convince a lot of people.” It sounds like an impossible task. But that, you would imagine, is where the famous flair will come in.

“We’re trying to fix it”? That throwaway remark is going to fuel a lot of “OMG Apple roaming MVNO” talk. But it’s certainly not an accident.
link to this extract

The new Apple Maps vs. Google Maps: which is right for you? » Howto Geek

Chris Stobing:

If you’ve been using Google Maps for a number of years and your account already has all your contacts saved – great, go for Google. If you prefer to use Siri to launch your Maps application or want to be able to see where you’re going without having to unlock the phone, Apple Maps is on the job. There may have been a point in time when Google Maps held the crown as the best (and for awhile; only) real map app out there, but now Apple Maps lives alongside its legacy with just as much functionality and flexibility as the rest.

“Apple Maps in ‘no longer as bad as on first day'” shocker. (Plus “Google Maps unable to improve beyond where it was three years ago”.) The biggest gap is in public transport; while apps can close that, it’s still unsatisfying when your only offerings are cars or Shanks’s pony.
link to this extract

Samsung TVs appear less energy efficient in real life than in tests » The Guardian

Arthur Nelsen:

The lab studies found that Samsung’s ‘motion lighting’ feature reduced the TV sets’ brightness – and power consumption – under international electrotechnical commission (IEC) test conditions. These involve the playback of fast sequences of varied material, such as recorded TV shows, DVDs and live broadcasts.

But under real-world viewing conditions, no reductions in power consumption were registered, making the sets’ power consumption, fuel bills and carbon emissions correspondingly higher.

After tests in February, a ComplianTV report, which did not name Samsung, said: “The laboratories observed different TV behaviours during the measurements and this raised the possibility of the TV’s detecting a test procedure and adapting their power consumption accordingly. Such phenomenon was not proven within the ComplianTV tests, but some tested TVs gave the impression that they detected a test situation.”

“Samsung is meeting the letter of the law but not the spirit of the law,” Rudolf Heinz, the project manager of ComplianTV’s product lab, told the Guardian.

Oh, come on, Samsung would never.. oh.
link to this extract

Start up: Uber’s China fight, Stagefright goes public, women and Apple, Wileyfox reviewed, and more

Posted on by
2


Feast your eyes: you’ll never see its like again. (Hopefully.) Photo by MarkGregory007 on Flickr.

A selection of 10 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Inside Uber’s fight with its Chinese nemesis, Didi Kuaidi » WSJ

Fabulous in-depth piece by Eva Dou and Rick Carew:

Both companies have sought to woo drivers with bonuses to those who rack up rides. Uber has offered larger bonuses in an effort to catch up in scale, earlier this year giving as much as 7,000 yuan weekly to Beijing drivers who completed a high number of rides—quadruple a traditional taxi driver’s wages, according to drivers. Both companies have bonuses for individual rides during peak times and smaller bonuses for individual achievements, such as referring friends or getting high ratings.

Now the challenge for both is keeping drivers and riders while weaning them off bonuses and coupons.

Yang Yang, a 33-year-old Uber driver in Beijing, says bonuses are increasingly difficult to get. He stays on the road 12 to 14 hours a day to qualify for the weekly bonus, using minty salves to stay awake.

The lure of bonuses has led drivers to game the system. Uber and Didi Kuaidi battle drivers who book fake rides—known as “brushing” in China. In brushing, the scammer will typically pose as both driver and rider, essentially paying himself multiple times to build up enough fake business to win a bonus.

Rings of scammers use specialized software bought online to rack up fake rides while they sit at home, drivers interviewed say. They say they get calls and texts from people offering to help them scam Uber for a fee. Didi Kuaidi is suffering less from the problem, according to drivers, as its lower driver bonuses are less of a draw.

I love how people find ways to game systems like this; it’s the thing that definitely keeps us a step ahead of the damn robots.
link to this extract

The Washington Post has begun blocking the ad blockers » BuzzFeed News

Matthew Zeitlin:

“Many people already receive our journalism for free online, with digital advertising paying only a portion of the cost,” a Washington Post spokesperson told BuzzFeed News.

“Without income via subscriptions or advertising, we are unable to deliver the journalism that people coming to our site expect from us. We are currently running a test using a few different approaches to see what moves these readers to either enable ads on The Washington Post, or subscribe.”

There’s a kind of Cold War brewing between publishers who say that ad blocking software cuts off the lifeblood of free media online, and readers who complain about pages crammed with garish ads and intrusive trackers, which make many sites bloated and slow to load.

Not sure it’s a cold war. It’s about to get a lot more heated: iOS 9 comes out next week, and the content blocking apps will all be lining up for it.
link to this extract

Android Stagefright exploit code released to public » Threatpost

Michael Mimoso:

[Joshua] Drake, vice president of platform research and exploitation at Zimperium zLabs, said in July the bug could affect more than 950m Android devices. He chose not to publish exploit code at the time, giving Google time to push patches to the Android Open Source Project and subsequently to handset manufacturers and carriers. He originally planned to release exploit code on Aug. 24.

Google, meanwhile, wasted no time in changing the way it releases security updates for Android, announcing at Black Hat that it would send monthly over-the-air updates its Nexus phones. The move was mirrored by others, including Samsung and LG, and the first Nexus updates included patches for Stagefright. Silent Circle also patched its Blackphone and Mozilla patched Firefox, which uses Stagefright code in the browser.

Stagefright is the name of the media playback engine native to Android, and the vulnerabilities Drake discovered date back to version 2.2; devices older than Jelly Bean (4.2) are especially at risk since they lack exploit mitigations such as Address Space Layout Randomization (ASLR) that are present in newer versions of Android.

The problem is that Stagefright is an over-privileged application with system access on some devices, which enables privileges similar to apps with root access.

When the tide goes out, you discover who’s been swimming naked, or hasn’t put on their security trousers.
link to this extract

Focusing on the full picture with data » FlowingData

Nathan Yau:

I don’t know the full context of this discussion, but in the interview below, Hans Rosling talks to media person Adam Holm about why we shouldn’t use the media to form our opinions about the world. Media person disputes. Rosling puts foot on table and says Holm is wrong.

This is terrific. Enjoy.

Rosling also gave a TED talk in 2014: “How not to be ignorant about the world“.
link to this extract

Wileyfox Swift: Brit startup budget ‘droid is the mutt’s nuts » The Register

Alun Taylor:

If someone asked me what my ideal smartphone would be I’d say one that costs no more than £120, has 16GB of storage, at least 2GB of RAM, a 5-inch IPS screen, a removable battery, two SIM slots, space for a microSD card, the best iteration of Android available (that’s the Cyanogen OS Android fork, in my opinion) and is waterproof.

There’s nothing revolutionary about the Swift’s design, it’s just smart and well made
Wileyfox’s new Swift actually fails to meet two of those criteria – the cost is £130, and there’s no waterproofing. But as we’ll see, considering the rest of the package, it’s very easy to forgive those two failings.

In an increasingly competitive market the Swift is up against the likes of the Motorola Moto G and Sony Xperia M4 Aqua, both of which we have reviewed recently. And both of which are rather more expensive at £189 (for the 2GB RAM version) and £199 respectively.

Along with price deflation, Android is splitting into niches, as well as software specialisation – such as the use of Cyanogen here. This is great value; it’s not going to sell in huge volumes (simply because of supply chain constraints) but it’s where the Android market is going.
link to this extract

Bullshit, selfies and Photoshopped smiles: Apple’s iPhone 6S announcement was a joke » Gadgette

Holly Brockwell is pissed off and she isn’t going to take it any more:

It’s no secret that I’m far from Apple’s biggest fan. In fact, despite what Reddit seems to think, I’m firmly Team Android. But that doesn’t mean I don’t give Apple credit where it’s due – it’s just that it seems to be due less and less these days. Last night’s announcement was their worst yet.

Her principal complaint seems to be “these things have all been done before!” along with “there was a Photoshop demo using a woman’s face!”. The “where were the women?” thing seemed to become a mini-meme on Twitter. Perhaps I was missing the bit where Jen Folse came out and demoed Apple TV entirely on her own. Or where a female doctor showed off the iPad Pro, again, entirely on her own. Or a female entrepreneur from Gilt showed what she could do on Apple TV. Sure, there were more men. But that’s true in pretty much any tech event.

My wife constantly quotes a friend says you can divide the world into drains and radiators – some suck you dry, some warm you up. I prefer radiators. Which is why I love this tweet from Lia Napolitano, who used to work on the Apple TV team, praising Folse, who still does.

link to this extract

Production of new 21-inch iMac begins, say Taiwan makers » Digitimes

Aaron Lee and Joseph Tsai:

Production of a new 21-inch iMac featuring a 4096 by 2304 screen kicked off in early September and will be launched in the fourth quarter, with shipments in the quarter estimated at 1.4m-1.5m units, according to Taiwan-based supply chain makers.

With shipments from existing iMac products, Apple’s overall all-in-one PC shipments could surpass those of Lenovo in the second half.

The sources pointed out that the new 21-inch iMac only has a limited change in industrial design, but is upgraded with better hardware specifications, especially the Ultra HD display.

This will probably be no more than a press release from Apple. The current 21in iMac is 1920 by 1080 pixels – so this is going to be an amazing screen.
link to this extract

Amazon finally stops selling the Fire Phone, as company adjusts its hardware strategy » GeekWire

Tricia Duryee:

It’s taken more than a year, but Amazon has finally exhausted its supply of Fire Phones.

At least that appears to be the case based on the phone’s product page, which now lists the device as “currently unavailable,” with an additional note in the buy box, stating: “We don’t know when or if this item will be back in stock.”

That’s true for both the 32GB and 64GB models.

A year ago I calculated that no more than 35,000 had been sold. I wonder what the final number was.
link to this extract

Electronic noise is drowning out the Internet of Things » IEEE Spectrum

Mark McHenry, Dennis Roberson and Robert Matheson:

it is expensive to trace RF [radio frequency] pollution to a source and, when you do, it is often challenging to get offenders to stop offending.

The coming Internet of Things is going to make things worse. Much worse. It will do so by adding complex RF-control chips to countless common devices, like door locks, light switches, appliances of every type, our cars, and maybe even our bodies, which will enable them to connect to the Internet. Each of these chips is a potential source of noise. Plenty of technological fixes are available, of course, but the huge number of chips means that manufacturers will be more reluctant to add costly shielding and other noise-muffling features to their products. Silence is golden: It costs money to get it.

link to this extract

Apple promo video confirms the 6s has a smaller battery » TechCrunch

Fitz Teppper:

a 3D Touch promotional video released by the company seems to confirm that the 6s will indeed have a smaller battery than the iPhone 6. Specifically, GSMArena discovered that the video shows a shot of the battery marked “1715 mAh”, which is less than the iPhone 6’s 1810 mAh battery.

The extra space gained from reducing the device’s battery is most likely being used to fit new, larger components like the Taptic Engine and Force Touch-enabled display.

It’s important to note that this doesn’t mean the device will provide fewer hours of usage. In fact, Apple’s specs on the 6s show that the device will have the exact same talk, Internet browsing, and video playback time as its predecessor. This is most likely due to increased power efficiency in the new phone.

In my (beta) experience, iOS 9 has better battery life than iOS 8. Have to see how the rest of it plays out. Safe bet though that “smaller battery!” will be found in the comments sections of many blogs in the days – months even – to come.
link to this extract