Tag Archives: wordpress

Start up: damn internet fridges!, getting hacked, the coming phone shakeout, PGP doubts over “Satoshi”, and more

Posted on by
1


This was when the fridge calendar worked. Photo by Kaeru on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

The joy of getting hacked » Waxy.org

Andy Baio:

A quick ‘top’ revealed that MySQL was pegging the CPU, so I logged into the MySQL console and saw that a dump of the database was being written out to a file. This was very unusual: I never schedule database backups in the middle of the day, and it was using a different MySQL user to make the dumps.

Then I noticed where the mysqldump was being written to: the directory for a theme from a WordPress installation I’d set up the previous month, an experiment to finally migrate this blog off of MovableType.

This set off all my alarms. I immediately shut down Apache and MySQL, cutting off the culprit before they could download the dumped data or do any serious damage.

I’d recently updated to the latest WordPress beta, and saw that the functions.php file in the twentysixteen theme directory was replaced with hastily-obfuscated PHP allowing arbitrary commands to be run on my server through the browser.

I’ve had this sort of experience in the past – also with WordPress. It’s a total pain.

Baio points out though that the real weakness was probably not WordPress, but PhPMyAdmin, which is even worse in terms of security vulnerabilities. If you’re running it, delete it.
link to this extract

 

China’s hippest smartphone maker warns shakeout will get worse » Bloomberg Business

Shai Oster:

OnePlus, based in Shenzhen, is aiming for similar glory. After originally requiring customers to get an invitation before buying a phone, OnePlus is dropping that approach to broaden its appeal and raise its brand awareness in the U.S., Europe and India. The company says it earned $300m selling nearly 1m phones last year, but won’t reveal figures for this year.

Sales have increased to about 1.3m units worldwide in the first nine months of this year, with 57% sold in the Asia Pacific region, according to Jensen Ooi, an analyst at IDC Corp.

“2016 is the year that a lot of people will be exposed to OnePlus,” Pei said, adding that the company is spending money on promotions like a pop-up store in New York’s Times Square to advertise their brand.

The trouble is that almost no one is making money in smartphones these days except Apple. That company alone gobbles up some 90% of industry profits.

“No one is going to get rich off smartphones in the short term,” he said.

OnePlus is probably making more money than HTC.
link to this extract

 

November 2014: Can’t sign in to Google calendar on my Samsung refrigerator » Google Product Forums

Kris Spencer (apparently):

I have a Samsung RF4289HARS refrigerator.  The Google calendar app on it has been working perfectly since I purchased the refrigerator August 2012.  However, with the latest changes in Google Calendar API, I can no longer sign in to my calendar.  I receive a message stating ” Please check your email in Google Calendar website”.  I can sign in fine on my home PC and have no problem seeing the calendar on my phone.  Perhaps this is a Samsung issue, but I thought I would try here first.  Has anyone else experienced this problem and what was the solution?

Yes, other people certainly had experienced this problem. The solution? Er.. well, here’s a post from 18 November 2015:

After 2 years, I still cannot access my Calendar on my Samsung HRS4289……It says cannot connect to the server. I just got done with Samsung and they say, if it needs a software update, it will ‘come’…..that’s a freaking joke. I have software 2.550 loaded……Is there something I need to do to reestablish my calendar??…..this is so ridiculous. I’m more of a yahoo person and not really too familiar with google calendar except I did have it up and running…Ii do have a google calendar account….and it should be talking. Please be specific if there’s something I need to do. I’d really appreciate it. Very frustrating.

Anyhow, do tell me more about your plans to build an internet fridge – the ultimate zombie product.
link to this extract

 

Satoshi’s PGP keys are probably backdated and point to a hoax » Motherboard

Sarah Jeong:

there’s one really big problem with the case for Craig S. Wright as Satoshi: at least one of the key pieces of evidence appears to be fake. The “Satoshi” PGP keys associated with the Wired and Gizmodo stories were probably generated after 2009 and uploaded after 2011.

We say keys, because there are two entirely different keys implicated by Wired and by Gizmodo. And neither of them check out.

There is only one PGP key that is truly known to be associated with Satoshi Nakamoto. We’ll call this the Original Key.

Before we continue, we should note that the PGP keys are just one piece of the puzzle. When asked for comment, Gizmodo editor Katie Drummond said that the keys “are just one (relatively small) data point among many others, including in-person interviews and on-the-record corroboration.”

But the keys are important because they’re not just plain suspicious, there’s evidence of active, intentional deception with respect to the keys. (Wired’s Andy Greenberg pointed out that this was already in line with their article, which notes that Wright may have engaged in an elaborate, long-running deception).

Urgh. So much work, and a detail like this seems to sink it (although read on; key creation dates can be faked). The element that made me (as a journalist) wonder about the original story was that the details were leaked by someone who claimed to have “hacked Satoshi”. Really? And yet the characters in the story – far-flung, credible – equally point strongly to it being correct. That sort of detail doesn’t happen coincidentally.

Also, Leah Goodman – who wrote the original “not quite” Satoshi story – says the “hack” was being touted to journalists aggressively this autumn, apparently from a disgruntled employee of the latest “Satoshi”.
link to this extract

 

The dangers of setting VR expectations and valuations too high » Forbes

Anshel Sag:

One report by Juniper Research forecasts 30m head-mounted display (HMD) shipments by 2020. That expectation includes a projection that 3m HMDs will ship by 2016 driven by video and gaming use cases. My biggest problem with this projection is that there is no one combination of players that can ship 3m units. Even taking Oculus, Sony, Samsung Electronics , and HTC Valve and all their HMDs [head-mounted displays] into account, the prices and volumes simply won’t be there for 3m units in 2016.

The reality will be much closer to 1 to 2 million units in 2016, and most of those will likely be Samsung Electronics’ Gear VR headsets, since the latest version will be shipping for $99 and be compatible with all of Samsung’s latest high-end phones. Oculus doesn’t have the manufacturing capacity or the price point (around $400-$500) to drive enough volume to help reach 3m units. The same goes for the Vive; they aren’t targeting to make it a high volume product. While we don’t know the price yet, we know it’s going to be more than the Oculus Rift and that will affect volume on its own, not to mention the fact that you need quite a bit of space to set it up. Sony and Samsung are the only two companies that really have the knowhow to potentially ship enough units to hit the million mark.

link to this extract

 

The global village and its discomforts — Design Fictions » Medium

Fabien Girardin suggests that new technologies bring their own anxieties with them:

Social network platforms act as an extension of our social practices. Like with any technological extension we are right to be fascinated by its power and scale. However, we too frequently choose to ignore or minimize the ‘amputations’ and implications they produce.

Or as French cultural theorist Paul Virilio would argue: “The invention of the ship was also the invention of the shipwreck.”

For instance, our capacity to record every moment of our lives comes with the high vulnerability of digital data. In fact, no machine can today read a 15 years old hard drive. It is ironic that we have the technological means to record and share our social lives, yet we all might suffer one day from ‘digital amnesia’.

link to this extract

 

Can Theranos CEO Elizabeth Holmes fend off her critics? » Bloomberg Business

Sheelah Kolhatkar and Caroline Chen:

Theranos isn’t the only diagnostic company to provide scant details on its technology. “The process has been suboptimal across the industry, but now I think we’re at the crossroads,” [John] Ioannidis [professor of medicine at Stanford, and author of a 2005 paper “Why Most Published Research Findings Are False”] says. “Theranos caught my attention early on because they had such vibrant media stories. Other companies just don’t make such claims. Today it’s Theranos. Tomorrow it may be another company.” He adds: “If you get the wrong test result, you could go down a path that could really destroy your life.”

Holmes says the company’s era of secrecy is over, and it’s inviting outsiders, including reporters, to try the tests for themselves. (For the record, the finger prick feels like a finger prick.) In December, she says, a group of independent medical experts will spend two days in Theranos’s lab to examine the technology, the data, and the regulatory filings, and can then talk publicly about what they found.

Looking forward to that. It would be fantastic if Theranos actually does have a super-cheap blood test; it could make a vast difference to diagnosis. But are the odds in its favour?
link to this extract

 

Focus by Firefox: content blocking for the open web » The Mozilla Blog

Denelle Dixon-Thayer, Mozilla’s chief legal and business officer:

We want to build an Internet that respects users, puts them in control, and creates and maintains trust. Too many users have lost trust and lack meaningful controls over their digital lives. This loss of trust has impacted the ecosystem – sometimes negatively. Content blockers offer a way to rebuild that trust by empowering users. At the same time, it is important that these tools are used to create a healthy, open ecosystem that supports commercial activity, instead of being used to lock down the Web or to discriminate against certain industries or content. That’s why we articulated our three content blocking principles

…we’ve based a portion of our product on a list provided by our partner Disconnect under the General Public License. We think Disconnect’s public list provides a good starting point that demonstrates the value of open data. It bases its list on a public definition of tracking and publicly identifies any changes it makes to that list, so users and content providers can see and understand the standards it is applying. The fact that those standards are public means that content providers – in this case those that are tracking users – have an opportunity to improve their practices. If they do so, Disconnect has a process in place for content providers to become unblocked, creating an important feedback loop between users and content providers.

Disconnect is the company whose product was banned from Google Play for “interfering with” other apps. Disconnect formally complained in the EU in June, but hasn’t apparently done so with the FTC in the US.
link to this extract

 

EU explores whether Google, Yahoo should pay for showing online news snippets » Reuters

Julia Fioretti:

The European Union is looking into whether services such as Google News and Yahoo News should pay to display snippets of news articles, wading into a bitter debate between the online industry and publishers.

The European Commission, the EU’s executive, said on Wednesday it will consider whether “any action specific to news aggregators is needed, including intervening on the definition of rights.”

The move came as Brussels unveiled plans to loosen copyright rules in the 28-member bloc in order to allow citizens to watch more content online.

Dubbed the “Google Tax”, making online services pay to display news snippets has sparked fierce opposition from both the tech industry and some publishers.

Can’t see it ending well for those who want payment. It’s like banning people from deep linking: sounds great to people who haven’t used the internet.
link to this extract

 

Samsung, Micromax planning to discontinue 2G phones » Times of India

Writankar Mukherjee & Gulveen Aulakh:

Samsung and Micromax, the leading sellers of smartphones in India, are planning to discontinue so-called 2G phones and focus on devices that run on faster 3G and 4G networks as prices have dropped sharply for such handsets in the past year. Then there’s the Reliance Jio effect.

“The focus has shifted to 4G phones with telecom operators launching such services,” said Micromax Informatics chief executive officer Vineet Taneja. “4G models already account for 30% of our portfolio with 14 models and will increase to 20 by March.”

The imminent launch of 4G services by Reliance Jio Infocomm has prompted incumbents Bharti Airtel and Vodafone to launch their own high-speed networks in anticipation of competition. That coupled with falling prices has almost wiped out demand for handsets running on 2G.

link to this extract

 

Errata, corrigenda and ai no corrida: none notified.

Start up: the smartphone generation, OLED for iPhone?, VR’s Atari moment, and more

Posted on by
1


A new paper says this might not be enough to give an accurate measurement of your blood. Oh, hello, Theranos, didn’t see you there. Photo by biologycorner on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. (Ooh, are those turkey sandwiches?) I’m charlesarthur on Twitter. Observations and links welcome.

The generation that doesn’t remember life before smartphones » Popular Mechanics

Jacqueline Detwiler:

Zac [aged 18] probably started developing memories around 1999, the year Napster upended the music industry by turning songs into sharable files that nobody owned. Or maybe in 2000, the year Google became Google. Regardless, he is part of the first generation of human beings who never really lived before the whole world was connected by pocket-sized electronic devices. These kids might never read a map or stop at a gas station to ask directions, nor have they ever seen their parents do so. They will never need to remember anyone’s phone number. Their late-night dorm-room arguments over whether Peyton or Eli Manning won more Super Bowl MVPs will never go unsettled for more than a few seconds. They may never have to buy a flashlight. Zac is one of the first teenagers in the history of teenagers whose adult personality will be shaped by which apps he uses, how frequently he texts, and whether he’s on Facebook or Instagram or Twitter or Snapchat. Or whatever comes after Snapchat. Clicking like, clicking download, clicking buy, clicking send—each is an infinitesimal decision in the course of the modern American teenager’s life. They do this, collectively, millions of times a minute. But together these tiny decisions make up an alarming percentage of their lives. This generation is the first for whom the freedom to express every impulse to the entire world is as easy as it used to be to open your mouth and talk to a friend.

link to this extract

Samsung Gear VR review: virtual reality finds its Atari moment » WSJ

Geoffrey Fowler:

unlike other phone-goggle contraptions, the Gear VR headset has its own motion sensors, so it does a much better job of tracking your head movements when you’re turning or looking up. And it pushes the Samsung phone’s processor to cut motion delay to under 20 milliseconds, reducing the nausea-inducing blur. (My test Galaxy S6 Edge Plus worked so hard when mounted, it could blow through its huge battery with an hour or two of intensive VR.)

Other improvements also make Gear VR much more comfortable: The headset itself is less heavy—slimmed 19% from an experimental headset Samsung debuted last year. You can comfortably fit glasses inside, and there’s also a focus adjustment that makes the view more pleasurable for aging eyes.

Yet there’s still some discomfort. Wearing anything on your face for an hour can get old. Also, I occasionally encountered what appeared to be a flicker in the brightest parts of the screen. (Samsung says that’s rare, and has to do with the way my brain processes the screen refresh itself.)

link to this extract

Home Office meeting re IPBill » RevK’s rants

Adrian Kennard (who runs an internet service provider) went to talk to MPs about their Draft Investigatory Powers bill:

At the start of the briefing the the bill was explained, and we heard a story very similar to Theresa May’s comments along the lines of:-

“Consider the case of a teenage girl going missing. At present we can ask her mobile provider for call records before she went missing which could be invaluable to finding her. But for Internet access, all we get is that the Internet was accessed 300 times. What would be useful would be to know she accessed twitter just before she went missing in the same way as we could see she make a phone call”

Now, I am sure this is a well-practised speech, used many times before. I am sure the response has been nodding of heads and agreement with how important “Internet connection records” are, obviously.

However, I, and other ISPA members immediately pointed out the huge flaw in this argument. If the mobile provider was even able to tell that she had used Twitter at all (which is not as easy as it sounds), it would show that the phone had been connected to Twitter 24 hours a day, and probably Facebook as well. This is because the very nature of messaging and social media applications is that they stay connected so that they can quickly alert you to messages, calls, or amusing cat videos, without any delay.

This seemed to fool them somewhat and they had no real answer – we were not just nodding and agreeing, and that was unexpected 🙂

Not much wisdom on any other point either – including whether he could be compelled to lie if he were to use a “canary” over search warrants.
link to this extract

Apple to adopt OLED display for iPhone from 2018 » Nikkei Asian Review

Apple plans to introduce organic light-emitting diode displays for iPhones starting in 2018, sending suppliers racing to fine-tune the technology and invest in capacity expansion.

In light of the decision, South Korea’s LG Display is already planning capacity upgrades. But securing enough panels for the more than 200m phones Apples ships globally every year will likely prove difficult. The US company is thus likely to opt for offering OLED iPhones alongside those using LCD screens.

There are technical challenges as well. The brightness, energy-saving capacity and other functions of OLED panels tend to degrade over time. Apple has begun consulting with display makers and their suppliers of manufacturing equipment about the technology. The companies will work over the next year or so to see whether those drawbacks can be eliminated and a stable supply of screens secured…

…Apple’s shift to OLED displays will have major implications for two Japanese suppliers – Sharp, which is scrambling to rebuild its faltering operations, and Japan Display, which relies on the technology giant for 30% of its business.

2018? That’s a long way off. Why not jump to AMOLED? (Note: LG is spending $8.7bn on a new OLED plant to begin production in the first half of 2018. Coincidence?
link to this extract

New study spills doubt on some fingerprick blood tests » Ars Technica UK

Beth Mole:

Tiny blood droplets that leak successively from a pricked finger can have widely variable contents, researchers reported in the American Journal of Clinical Pathology. In some cases, test results on such finger-bled droplets had nearly eight times more variation than vein-harvested blood samples—the gold standard. Only when the authors tested upwards of five drops combined (60 to 100 microliters) were they able to get accurate results. The study raises concerns that new diagnostic tests that rely on blood drops may yield inaccurate results.

*turns slowly to look at Theranos*
link to this extract

OnePlus concedes that its USB type-C cables are out of spec, will offer refunds » Android Police

Ryan Whitwam:

Google engineer Benson Leung recently started a crusade against bad USB type-C cables, and one of the cables he warned people to stay away from is the one sold by OnePlus. Now OnePlus has responded to the uproar, saying that it will offer refunds to customers who purchased these cables. Well, you can apply for a refund. It’s not clear how long it’ll take.

The issue is that OP’s type-C cable and the type-C adapter both have a 10kΩ resistor, which as Benson Leung has been pointing out, is potentially dangerous to use with some devices. A proper type-C cable has a 56kΩ resistor, and OnePlus says it is in the process of designing a new version of its accessories that have this resistor. OnePlus’ Carl Pei stresses that the cable and adapter are safe to use with the OnePlus 2 because it only pulls 2A of current. However, a phone like the Nexus 5X or 6P draws 3A, and that can cause damage to the power source.

Seems like a big oversight to miss getting the correct resistor.
link to this extract

Reader’s Digest and other WordPress sites compromised to push Angler EK » Malwarebytes Unpacked

Jérôme Segura:

We’re seeing another uptick in WordPress compromises, using a slightly different modus operandi than the EITest campaign we recently blogged about, being responsible for a large number of infections via the Angler exploit kit.

The attack consists of a malicious script injected within compromised WordPress sites that launches another URL whose final purpose is to load the Angler exploit kit. Site owners that have been affected should keep in mind that those injected scripts/URLs will vary over time, although they are all using the same pattern (see IOCs below for some examples).

The website of popular magazine Reader’s Digest is one of the victims of this campaign and people who have visited the portal recently should make sure they have not been infected. The payload we observed at the time of capture was Bedep which loaded Necurs a backdoor Trojan, but that of course can change from day to day.

Solution: don’t read sites on desktop? (Thanks Ivan Ivanovich.)
link to this extract

Macbook charger teardown: the surprising complexity inside Apple’s power adapter » Righto

The wonderful Ken Shirriff, who does electronics teardowns of fabulous sophistication and insight:

The Macbook 85W charger costs $79 from Apple, but for $14 you can get a charger on eBay that looks identical. Do you get anything for the extra $65? I opened up an imitation Macbook charger to see how it compares with the genuine charger. From the outside, the charger looks just like an 85W Apple charger except it lacks the Apple name and logo. But looking inside reveals big differences. The photos below show the genuine Apple charger on the left and the imitation on the right.


Inside the Apple 85W Macbook charger (left) vs an imitation charger (right). The genuine charger is crammed full of components, while the imitation has fewer parts.

The imitation charger has about half the components of the genuine charger and a lot of blank space on the circuit board. While the genuine Apple charger is crammed full of components, the imitation leaves out a lot of filtering and regulation as well as the entire PFC [Power Factor Correction] circuit. The transformer in the imitation charger (big yellow rectangle) is much bulkier than in Apple’s charger; the higher frequency of Apple’s more advanced resonant converter allows a smaller transformer to be used.

Also included: a microprocessor with as much power as the original Mac.
link to this extract

The Telharmonium was the Spotify of 1906 » Atlas Obscura

Ella Morton:

Invented by lawyer Thaddeus Cahill and initially known as the dynamophone, the telharmonium made use of telephone networks to transmit music from a central hub in midtown Manhattan to restaurants, hotels, and homes around the city. Subscribers could pick up their phone, ask the operator to connect them to the telharmonium, and the wires of their phone line would be linked with the wires emerging from the telharmonium station. The electrically generated tunes would then stream from their phone receiver, which was fitted with a large paper funnel to help pump up the volume. (The electric amplifier had not yet been invented.) 

The music was generated live at what Cahill called a “music plant,” which was located at Broadway and 39th Street. An entire floor of the building, which came to be known as Telharmonic Hall, was filled with the 200 tons of machinery required to generate the telharmonium’s tunes. With its banks of spinning rotors, switchboards, transformers, and alternators, the behemoth instrument gave “the impression of nothing so much as a busy machine-shop, or the center of a considerable manufacturing industry,” according to a 1906 article in McClure’s Magazine.

“Facebook, invented by Thaddeus Zuckerberg..” Why isn’t anyone called Thaddeus anymore? Notice also that this is an American publication, yet it uses “Spotify” as its shortcut for “streaming service” rather than, say, Pandora.
link to this extract

Jonathan Mayer, well-known online security expert, joins F.C.C. » The New York Times

Natasha Singer:

Among digital security experts, Mr. Mayer is known, among other things, as the Stanford computer scientist who reported in 2012 that Google was bypassing privacy settings in Apple’s Safari browser by placing bits of code in digital ads that tracked the sites users visited. Google subsequently agreed to pay a $22.5 million fine to settle charges by the Federal Trade Commission that the company had misrepresented its privacy practices.

Now Mr. Mayer, 28, has a new handle: federal regulator.

On Tuesday, the Federal Communications Commission said it had hired Mr. Mayer as chief technologist in the agency’s enforcement bureau.

Impressive hiring.
link to this extract

Errata, corrigenda and ai no corrida: none notified.