- Meet Horovod: Uber’s Open Source Distributed Deep Learning Framework for TensorFlow
- On Building a Cloud, and Choosing Lisp: Because Nobody Told Me I Couldn't
- An Overview of the Security Ecosystem in Programming
- Naming Things In CSS Grid Layout
- Dangerous Pickles — Malicious Python Serialization
- Programming Tensor Cores in CUDA 9
- ButterCMS Architecture: a Mission-Critical API Serving Millions of Requests per Month
- A Monad Writer for F#
- A Cache is Fast: Enhancing our API with Redis
- Big Data Processing at Spotify: The Road to Scio (Part 1)
It's very good at what it does.
It's very shivery when they realise how far the horrible grey mist on the universe has spread.
It sets up a very convincing backdrop of angels and other beings fighting against badness with human help, in ways where this is how the universe works, and what people stumble upon is the same stuff that scientists like the childrens' parents are just starting to discover.
The characters of the children (well, mostly Meg and precious Charles Wallace at this point) are very good.
I stumbled on the narrative convention of mentor figures swooping in and saying "hey children, only you can do this, you need to go through this set of trials, when this happens, do this, you don't need to know about X, good luck". Like, that's a common narrative convention that works very well: you just don't question too hard the mentor figures have some special insight into how quests turn out. It's especially useful in childrens books because you can explain what needs to happen directly to the main character and reader. (Think of all the stories of stumbling onto the first person you meet in a secondary world who says, you need to do X, Y and Z.) But eventually you read too many books where it doesn't work like that that you start to question. Even if you don't ask if they might be lying, you wonder, could they really not spare twenty minutes to summarise the biggest risks and how to avoid them? How do they know what's going to happen? If this is all preordained, they why are they providing even this much help, and if not, and the fate of the world hangs on it, can they really not provide any more help?
This is partly me having been spoiled for some simple narrative conventions by being exposed to too many variants, and possibly (?) me not understanding theology well enough (I'm not sure how much this is something that is supposed to actually happen for real, and how mcuh it's just a book thing?) It doesn't always fail me, this is basically how Gandalf acts all the way through LOTR "OK, now we're going to do this because, um, fate" and I'm happy to accept it all at face value, even when other people quibble, but in some books it bothers me.
- Captains Gabriel Lorca and Matthew Gideon: "obstinate, difficult, independent, not prone to following orders from home, not politically astute...but he'll get the job done" (quote via Wikipedia).
- Michael Burnham and John Matheson: not trusted by all of their crewmates.
- "Discovery" and "Excalibur": experimental ships running on a blend of technologies.
- The tension between conflict and exploration: the intended rôles for the ships and how we see them, and the series in question considered against its progenitor.
A selection of 11 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.
“If there is one thing to learn from this, it’s that standards can’t be closed off from security researchers,” says Robert Graham, an analyst for the cybersecurity firm Erratasec. “The bug here is actually pretty easy to prevent, and pretty obvious. It’s the fact that security researchers couldn’t get their hands on the standards that meant that it was able to hide.”
The WPA2 protocol was developed by the Wi-Fi Alliance and the Institute of Electrical and Electronics Engineers (IEEE), which acts as a standards body for numerous technical industries, including wireless security. But unlike, say, Transport Layer Security, the popular cryptographic protocol used in web encryption, WPA2 doesn’t make its specifications widely available. IEEE wireless security standards carry a retail cost of hundreds of dollars to access, and costs to review multiple interoperable standards can quickly add up to thousands of dollars.
I’ve got an inkling what happened here. The proposal for WEP was widely available before being chosen as a standard, and it was demonstrated to be utterly flawed before becoming a standard. (Buy my book next year!)
I wonder if the IEEE was so embarrassed by that episode that it decided to erect paywalls around standards so that they wouldn’t be so open to examination by any random person who might be able to critique them – or, equally, to prevent a hacker discovering a zero-day and never disclosing it.
link to this extract
Others who’d made an attempt at creating software had used a technique called feature extraction, where they’d identify a few key “variables” in the sound waves, then correlate them with the pitch. But this method was overly-simplistic, and didn’t consider the finer minutia of the human voice. For instance, it didn’t recognize dipthongs (when the human voice transitions from one vowel to another in a continuous glide), and, as a result, created false artifacts in the sound.
Hildebrand had a different idea.
As an oil engineer, when dealing with massive datasets, he’d employed autocorrelation (an attribute of signal processing) to examine not just key variables, but all of the data, to get much more reliable estimates. He realized that it could also be applied to music:
“When you’re processing pitch, you add wave cycles to go sharp, and subtract them when you go flat. With autocorrelation, you have a clearly identifiable event that tells you what the period of repetition for repeated peak values is. It’s never fooled by the changing waveform. It’s very elegant.”
While elegant, Hildebrand’s solution required an incredibly complex, almost savant application of signal processing and statistics. When we asked him to provide a simple explanation of what happens, computationally, when a voice signal enters his software, he opened his desk and pulled out thick stacks of folders, each stuffed with hundreds of pages of mathematical equations.
“In my mind it’s not very complex,” he says, sheepishly, “but I haven’t yet found anyone I can explain it to who understands it. I usually just say, ‘It’s magic.’”
A great long read.
link to this extract
If wearable technology is the next big thing for our tech-connected society, why is Apple the only company paying attention to the smaller-wristed set? Lady or dude, there are quite a few people on this earth whose arms don’t resemble the trunk of a Sequoia tree — many of whom would be excited to use a smartwatch.
And for that reason, I love that Apple supports multiple sizes for the Apple Watch. Smartwatches are one of the more personal technology purchases available out there today, and the company is committed to making them accessible to people young, old, large, or small. Engineering LTE inside a 38mm Series 3 was no small feat; Apple could have limited it to the 42mm set, but it chose to attack the problem and make it accessible to all.
I can’t say the same for the rest of the smartwatch market. I’ve been looking avidly across the Android Wear (and Android Wear-adjacent, like Fitbit) lines since 2015 for alternative smartwatch options, but have struck out every time.
It’s not that I dislike my Apple Watch — it’d probably be my favorite smartwatch even if I were limited to a 42mm size. But I want to like Android Wear. Competition is good, and Android Wear does some smart things with notifications that I’d love to see over on the Apple side. Its hardware (mostly) isn’t terribly-designed, either: On the contrary, for those with applicably-sized wrists, the watches look quite natural.
The Android OEMs don’t have the incentive – they aren’t selling about an order of magnitude fewer than Apple – and (Huawei possibly excepted; Samsung doesn’t use Android Wear) they don’t have the technological capability.
Apart from that, nothing’s stopping them.
link to this extract
Russian journalists publish massive investigation into St. Petersburg troll factory’s U.S. operations • Meduza
The Internet Research Agency, Russia’s infamous “troll farm,” reportedly devoted up to a third of its entire staff to meddling in U.S. politics during the 2016 presidential election. At the peak of the campaign, as many as 90 people were working for the IRA’s U.S. desk, sources told RBC, revealing that the entire agency employs upwards of 250 people. Salaries for staff working in the U.S. department apparently range from 80,000 to 120,000 rubles ($1,400 to $2,100) per month.
The head of the IRA’s U.S. desk is apparently a man originally from Azerbaijan named Dzheikhun Aslanov (though he denies any involvement with the troll factory).
In August and September this year, Facebook, Instagram, and Twitter suspended 118 communities and accounts run by the St. Petersburg “troll factory,” disabling a network capable of reaching 6 million subscribers. In 2016, at the height of the U.S. presidential campaign, this network reportedly produced content that reached 30 million people each week.
A source also told RBC that the Internet Research Agency spent almost $80,000 over two years, hiring roughly 100 local American activists to stage about 40 rallies in different cities across the United States. The activists were hired over the Internet, communicating in English, without their knowledge that they were accepting money or organizing support from a Russian organization. According to RBC, internal records from the IRA verify its role in these activities.
The main activity in the troll factory’s U.S. desk was to incite racial animosity (playing both sides of the issue), and promoting the secession of Texas, objections to illegal immigration, and gun rights.
An ex St. Petersburg ‘troll’ speaks out: Russian independent TV network interviews former troll at the Internet Research Agency • Meduza
According to “Max”, the IRA’s [Russia’s Internet Research Agency] “foreign desk” had open orders to “influence opinions” and change the direction of online discussions. He says this department within the agency considered itself above the “Russian desk,” which he claims is generally “bots and trolls.” The foreign desk was supposedly more sophisticated. “It’s not just writing ‘Obama is a monkey’ and ‘Putin is great.’ They’ll even fine you for that kind of [primitive] stuff,” Max told Dozhd. People in his department, he says, were even trained and educated to know the nuances of American social polemics on tax issues, LGBT rights, the gun debate, and more.
Max says that IRA staff were tasked with monitoring tens of thousands of comments on major U.S. media outlets, in order to grasp the general trends of American Internet users. Once employees got a sense of what Americans naturally discussed in comment forums and on social media, their job was to incite them further and try to “rock the boat.”
According to Max, the Internet Research Agency’s foreign desk was prohibited from promoting anything about Russia or Putin. One thing the staff learned quickly was that Americans don’t normally talk about Russia: “They don’t really care about it,” Max told Dozhd. “Our goal wasn’t to turn the Americans toward Russia,” he claims. “Our task was to set Americans against their own government: to provoke unrest and discontent, and to lower Obama’s support ratings.”
Programmatic publishers’ ad rates have taken a hit since Apple updated its Safari browser last month to prevent third parties from tracking users for more than 24 hours after a user visited a website. Although Apple’s move hurts publishers reliant on third-party data that advertisers depend on to target niche audiences at scale, publishers that sell their inventory directly say they aren’t affected by the Safari update.
“It has already had an impact on our revenue, and that will only be compounded as adoption [of Safari’s update] increases,” said Paul Bannister, co-founder of CafeMedia, which sells more than half of its impressions programmatically. “It’s hard to quantify what it will end up as since it’s so early still and lots of other variables are at play, but it’s a [measurable] impact.”
Because users didn’t update their operating systems all at once and Apple released the update near the end of a quarter, when ad rates tend to be higher, gauging the impact of Safari’s tracking change isn’t as simple as comparing monthly CPMs. Apple did not reply to an interview request for this story.
Bannister said CPMs on Safari are about 10% lower than what he’d expect them to be heading into the fourth quarter. CafeMedia gets about a third of its mobile traffic from Safari, which is in line with industry averages, according to NetMarketShare.
Since Apple’s Safari update, Ranker saw the gap between its yields on iOS and Android (which doesn’t use the Safari browser) increase by 8% in favor of Android, said Ranker CEO Clark Benson, who estimated that Apple’s move could potentially lead to a 1% to 2% drop in overall ad revenue.
I’m standing at the production line for the world’s tiniest violins, where output has been increased substantially.
link to this extract
Microsoft’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago, according to five former employees, in only the second known breach of such a corporate database.
The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it to Reuters in separate interviews. Microsoft declined to discuss the incident.
The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system. Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins.
The Microsoft flaws were fixed likely within months of the hack, according to the former employees. Yet speaking out for the first time, these former employees as well as US officials informed of the breach by Reuters said it alarmed them because the hackers could have used the data at the time to mount attacks elsewhere, spreading their reach into government and corporate networks.
“Bad guys with inside access to that information would literally have a ‘skeleton key’ for hundreds of millions of computers around the world,” said Eric Rosenbach, who was US deputy assistant secretary of defense for cyber at the time.
Smart move by the hackers.
link to this extract
Taiwan’s Digitimes, which often finds news from deep in the supply chain, on Monday reported that Toshiba halted production for three to six weeks while it sorted out a ransomware mess. Doing so, the report suggested, saw production of 100,000 wafers deferred.
The outlet pondered that the supposed shutdown may be helping contribute to ongoing high memory prices.
Analyst firm DRAMeXchange, which specialises in solid-state memory, reached in to the supply chain and found no evidence of missing shipments. The firm’s senior research manager Alan Chen said “there is no module supplier suspending quotes or shipments after knowing this information.”
Chen didn’t rule out a disruption of some sort, saying “This incident is expected to be resolved immediately with Toshiba quickly ramping up production to lower or fully compensate for the wafer deficit.”
But Toshiba did smack it down: the company’s media relations team told The Register “There is no such a fact that Toshiba Memory’s Yokkaichi Operation is suspending its production line as reported in DigiTimes.”
Hasn’t quite denied the ransomware report, though. Only that it hasn’t suspended production. People scoff at Digitimes, but it’s well-sourced within the supply chain.
link to this extract
My [MacBook Pro] was getting its third diagnostic test in 45 minutes. The problem was not that its logic board was failing, that its battery was dying, or that its camera didn’t respond. There were no mysteriously faulty innerworkings. It was the spacebar. It was broken. And not even physically broken — it still moved and acted normally. But every time I pressed it once, it spaced twice.
“Maybe it’s a piece of dust,” the Genius had offered. The previous times I’d been to the Apple Store for the same computer with the same problem — a misbehaving keyboard — Geniuses had said to me these exact same nonchalant words, and I had been stunned into silence, the first time because it seemed so improbable to blame such a core problem on such a small thing, and the second time because I couldn’t believe the first time I was hearing this line that it was not a fluke. But this time, the third time, I was ready. “Hold on,” I said. “If a single piece of dust lays the whole computer out, don’t you think that’s kind of a problem?”
In every other computer I’ve owned before I bought the latest MacBook Pro last fall, fixing this would have begun by removing the key and peering around in its well to see if it was simply dirty. Not this keyboard. In fact, all of Apple’s keyboards are now composed of a single, irreparable piece of technology. There is no fixing it; there is only replacing half the computer.
This seems to be a problem. Rather as with USB-C, Apple jumped in, but the water hasn’t been lovely.
link to this extract
A startup funded by iPod creator Tony Fadell is suing Andy Rubin’s new company over smartphone trade secrets • Reuters
Keyssa has been working since 2009 on a chip for mobile phones to transfer large amounts of data without using wires or Wi-Fi connections. In August, Keyssa said it was partnering with Samsung, Foxconn parent Hon Hai Precision Industry and others to make its technology a standard feature on mobile phones.
In September, the Essential Phone was released. One of the first devices on the market to feature a wireless connector, the phone uses it to communicate with a camera accessory the company released at the same time.
Keyssa alleged in its lawsuit that Essential engaged in technology and design discussions with Keyssa for 10 months but ultimately ended the relationship. In November 2016, Essential said it would use a competing chip from SiBEAM, a division of Lattice Semiconductor, the lawsuit alleges.
Keyssa alleged that despite Essential’s use of a different chip, the final Essential Phone design incorporates many of the techniques developed by Keyssa to make wireless connectors function well in a phone, from antenna designs to methods for testing phones on the manufacturing line.
Headline from CNBC, but story from Reuters. Essential is really getting hit by trucks.
link to this extract
The discussions have been happening inside Apple’s health team for more than a year, one of the people said. It is not yet clear whether Apple would build out its own network of primary care clinics, in a similar manner to its highly successful retail stores, or simply partner with existing players.
It’s also possible Apple will just decide not to make this move.
Some experts see a move into primary care as a way to build out its retail footprint. Apple’s worldwide network of more than 300 stores has been one of its most important sales channels.
Canaan’s Nina Kjellson, a prominent health tech investor who has no knowledge of Apple’s plans, believes the move is plausible. “It would help build credibility with Apple Watch and other health apps,” she explained.
“Apple has cracked a nut in terms of consumer delight, and in the health care setting a non-trivial proportion of satisfaction comes from the quality of interaction in the waiting room and physical space,” she continued.
It seems a bit excessive to buy that sort of chain, though maybe they would be good for selling the Watch. Also perhaps if there were apps much more tightly tailored for health and more particularly medical needs.
link to this extract
Errata, corrigenda and ai no corrida: none notified
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
Filed under: links
Just about anyone who's been around the ZX Spectrum emulation scene in the past 18 months or so is probably aware of the ongoing saga of the Vega+ and its failure to be released. One of the allegations which has been made is that the emulator involved in the original Vega (not Plus) was in fact a rip-off of Fuse, and not the work of Chris Smith. This is frankly, complete rubbish, and I've told Retro Computers that in the past. While it's pretty easy for those of us who enjoy digging into t-state timings to spot the differences, there's actually one very easy way to tell: as part of Fuse's development, the team have developed a utility called "fusetest" which digs into a few dark corners of the ZX Spectrum's behaviour. The primary use of this tool is as a regression test to make sure that we haven't broken anything before doing a new release, but it can serve a secondary purpose of spotting differences between one emulator and another.
And what happens if you run fusetest on the Vega? Yep, you guessed it, it displays significantly different behaviour from Fuse - in particular, it fails the "floating bus" test in both 48K and 128K modes, and the "High port contention 2" test in 128K mode. You can see all this in this short video I made with my Vega.
Let's hope this puts to bed any further repetitions of this allegation.
Oh, and anyone playing silly buggers in the comments, either here or on YouTube, will discover that I can play quite well too.
- Effective phone number verification
- Stretching Spokes
- Building a Blockchain DApp using truffle, React, Next.js and MobX (part 2)
- The Future of Microservices Monitoring & Instrumentation
- A Brief Tour of Grouping and Aggregating in Pandas
- Videos series: Modernizing Java Apps for IT Pros
- AWS Elastic Beanstalk and Private Docker Hub Repos
A selection of 13 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.
Apple says ‘KRACK’ Wi-Fi vulnerabilities are already patched in iOS, macOS, watchOS, and tvOS betas • Mac Rumors
Apple has already patched serious vulnerabilities in the WPA2 Wi-Fi standard that protects many modern Wi-Fi networks, the company told iMore’s Rene Ritchie this morning.
The exploits have been addressed in the iOS, tvOS, watchOS, and macOS betas that are currently available to developers and will be rolling out to consumers soon.
Disclosed just this morning by researcher Mathy Vanhoef, the WPA2 vulnerabilities affect millions of routers, smartphones, PCs, and other devices, including Apple’s Macs, iPhones, and iPads.
Using a key reinstallation attack, or “KRACK,” attackers can exploit weaknesses in the WPA2 protocol to decrypt network traffic to sniff out credit card numbers, usernames, passwords, photos, and other sensitive information. With certain network configurations, attackers can also inject data into the network, remotely installing malware and other malicious software.
Slightly pushing it with the use of “already” there, given that this has been disclosed for months for vendors to get on top of it. But perhaps they couldn’t fix it in time for 11.0.
link to this extract
Android 6.0 and above contains a vulnerability that researchers claim “makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices.” 41% of Android devices are vulnerable to an “exceptionally devastating” variant of the Wi-Fi attack that involves manipulating traffic. Attackers might be able to inject ransomware or malware into websites thanks to the attack, and Android devices will require security patches to protect against this. Google says the company is “aware of the issue, and we will be patching any affected devices in the coming weeks.”
Although most devices appear to be vulnerable to attacks reading Wi-Fi traffic, the exploit doesn’t target access points. The attack exploits vulnerabilities in the 4-way handshake of the WPA2 protocol, a security handshake that ensures client and access points have the same password when joining a Wi-Fi network.
As this is a client-based attack, expect to see a number of patches for devices in the coming weeks. Researchers sent out notifications to specific vendors in July, and a broad notification was distributed in late August. Security researchers note that it’s not worth changing your Wi-Fi password as this won’t help prevent attacks, but that it’s worth updating router firmware and all client devices to the latest security fixes.
The implications of this new attack are pretty scary sounding, and the news is still developing but a few things are fairly clear:
• Almost every mobile/desktop device on the planet is affected and needs patching
• Your router will need a software update at some point
• Nobody will know how to update their router, or how to check if it’s patched
If you’re affected (and you almost certainly are) it’s important to check if your devices can be patched immediately. Not just your router, but whatever you’re using to get online too.
To be clear, however, the most important fix to apply is the one for your phones, laptops and other devices. The data transmitted by these devices could now be exposed.
There are quite a few sites which are keeping rolling lists of who has and hasn’t offered an update. The risk, of course, is to people who are using old devices which will never get an update. There’s also some risk to products – hello Internet of Things! – which can’t or won’t be updated.
The crack is nothing like as bad as that affecting WEP (which was flawed even before it was released; it could be cracked by anyone within an hour). But it is significant.
The journalist who led the Panama Papers investigation into corruption in Malta was killed on Monday in a car bomb near her home.
Daphne Caruana Galizia died on Monday afternoon when her car, a Peugeot 108, was destroyed by a powerful explosive device which blew the car into several pieces and threw the debris into a nearby field.
A blogger whose posts often attracted more readers than the combined circulation of the country’s newspapers, Caruana Galizia was recently described by the Politico website as a “one-woman WikiLeaks”. Her blogs were a thorn in the side of both the establishment and underworld figures that hold sway in Europe’s smallest member state.
Her most recent revelations pointed the finger at Malta’s prime minister, Joseph Muscat, and two of his closest aides, connecting offshore companies linked to the three men with the sale of Maltese passports and payments from the government of Azerbaijan.
No group or individual has come forward to claim responsibility for the attack…
…In a statement, Muscat condemned the “barbaric attack”, saying he had asked police to reach out to other countries’ security services for help identifying the perpetrators.
“Everyone knows Ms Caruana Galizia was a harsh critic of mine,” Muscat at a hastily convened press conference, “both politically and personally, but nobody can justify this barbaric act in any way”.
just as Western analysts once scoffed at the potential of the North’s nuclear program, so did experts dismiss its cyberpotential — only to now acknowledge that hacking is an almost perfect weapon for a Pyongyang that is isolated and has little to lose.
The country’s primitive infrastructure is far less vulnerable to cyberretaliation, and North Korean hackers operate outside the country, anyway. Sanctions offer no useful response, since a raft of sanctions are already imposed. And Mr. Kim’s advisers are betting that no one will respond to a cyberattack with a military attack, for fear of a catastrophic escalation between North and South Korea.
“Cyber is a tailor-made instrument of power for them,” said Chris Inglis, a former deputy director of the National Security Agency, who now teaches about security at the United States Naval Academy. “There’s a low cost of entry, it’s largely asymmetrical, there’s some degree of anonymity and stealth in its use. It can hold large swaths of nation state infrastructure and private-sector infrastructure at risk. It’s a source of income.”
Mr. Inglis, speaking at the Cambridge Cyber Summit this month, added: “You could argue that they have one of the most successful cyberprograms on the planet, not because it’s technically sophisticated, but because it has achieved all of their aims at very low cost.”
It is hardly a one-way conflict: By some measures the United States and North Korea have been engaged in an active cyberconflict for years.
I’m writing a book about hacking (to be published next year); one of the chapters is about the Sony Pictures hack in late 2014, which was by North Korea. At the time, lots of people dismissed the idea. But they overlooked Kim Jong-un’s understanding when he took over that cyberwarfare has gigantic returns – and huge deniability. It’s almost the opposite of nuclear weapons.
link to this extract
I think I broke my Facebook.
That might sound like something your Luddite aunt would say, but I’m being serious. It started about two years ago, when, in a fit of annoyance at all the baby pictures flooding my news feed, I systematically unfollowed every single person and organization in my network except the actual news outlets. That promptly turned my sprawling social network of friends, frenemies, and strangers into a mere news reader plugged into just a half-dozen publications. Problem solved! No more updates about people’s lives.
Two years later, this seems like a grave mistake. I find myself curious about what people are doing. I’m falling behind in real-life conversations about what’s happening with friends. Put another way, it’s literally impossible for me to use Facebook for its original purpose. There’s a follow-on effect that I didn’t realize either: If you unfollow people on Facebook, you drop out of their Facebook feed as well. So now, whenever I have something I really want to share–a new job, or the final draft of the book I’ve been writing for years–I’m met with crickets. I’m stranded on the digital equivalent of a deserted island.
There’s no obvious way to get off this island. I could manually re-follow everyone I unfollowed. But even if I do that, I have no idea if Facebook automatically makes them follow me. For all intents and purposes, my Facebook is ruined. And I suspect that over time, you’re ruining yours without even realizing it.
And in time, you’ll find yourself stuck in a form of this situation – he calls it dead-end UX – which makes it no fun to use that network. And then you’ll abandon it. But he has a great idea for fixing it.
link to this extract
Foxconn Electronics (Hon Hai) has started shipping iPhone X devices, with the first batch of 46,500 units already being shipped out from Zhengzhou and Shanghai to the Netherlands and United Arab Emirates (UAE), respectively, according to a China-based Xinhuanet.com report.
Apple said previously that it will begin to take pre-sale orders for iPhone X on October 27 and start delivering the devices on November 3.
However, the first-batch shipments of the iPhone X units were much lower than the previous iPhone models, which apparently will make the iPhone X one of the most difficult-to-find smartphone these days, according to a Chinese-language Commercial Times report.
Although Foxconn has ramped up its output of iPhone X to 400,000 units a week recently from the previous 100,000 units, the increased production still cannot meet market demand, said the report, citing data from Rosenblatt.
Those are really tiny numbers compared to the demand that’s sure to be out there.
link to this extract
to former NSA staffer and chief of cybersecurity company RenditionSec, Jake Williams, the ROCA issue is more severe than KRACK. The latter was only executable within Wi-Fi range, while it’s uncertain as to whether patches will be rolled out widely for ROCA, given it’s a more esoteric issue, he added. The vulnerability has also been present in affected devices since at least 2012.
Williams theorized two attacks over ROCA. First, by abusing code signing certificates, used to validate software is coming from a legitimate, trusted source. “Given a code signing certificate’s public key (which an organization has to publish), an attacker could derive the private key allowing them to sign software impersonating the victim,” Williams said. Given the kinds of attacks that have recently relied on fake software updates (remember the NotPetya ransomware and the CCleaner infection), this could be a serious threat.
An attacker could also potentially fool a Trusted Platform Module (TPM) — a specialized chip on a computer or smartphone that stores RSA encryption keys – to run malicious, untrusted code, Williams added. “The TPM is used to ensure the code used to boot the kernel is valid. Bypassing a TPM could allow the attacker to perform an inception style attack where they virtualize the host operating system. There are dozens of other variations of attacks, but these Infineon chips are huge in hardware security modules (HSMs) and TPMs,” he warned.
This is the article to read if you want to understand this (very serious) pitch.
link to this extract
Kaspersky Labs reports that a new Adobe Flash vulnerability was exploited by a group called BlackOasis, which used it to plant malware on computers across a number of countries. Kaspersky says the group appears to be interested in Middle Eastern politics, United Nations officials, opposition activists and journalists, and BlackOasis victims have so far been located in Russia, Iraq, Afghanistan, Nigeria, Libya, Jordan, Tunisia, Saudi Arabia, Iran, the Netherlands, Bahrain, United Kingdom and Angola.
The attack took place on October 10th and the malware planted by BlackOasis is a commercial product called FinSpy or FinFisher, typically sold to governments and law enforcement agencies. Kaspersky notified Adobe of the vulnerability and it has since released a Flash Player security update for Windows, Macintosh, Linux and Chrome OS. Kaspersky said that it believes BlackOasis, which it has been tracking since last year, was behind a similar exploit in September.
There is no longer any rational reason to keep using Flash. Honestly, there isn’t. It’s a mess of vulnerabilities.
link to this extract
“Many respondents indicated that a meaningful portion of customers are buying iPhone 7 in lieu of the new iPhone 8, given the lack of significant enhancements in the new phone,” KeyBanc analyst John Vinh wrote in a client note.
Vinh also said feedback from stores indicated that customers were waiting to purchase the iPhone X or to compare the iPhone X with other models before buying the iPhone 8.
Apple last month introduced the iPhone 8 and iPhone 8 Plus, which resemble the iPhone 7 but have a glass back for wireless charging. While iPhone 8 starts from $699 in the United States, iPhone 7 is retailing from $549 after a price cut.
The iPhone X, a glass and stainless steel device with an edge-to-edge display, will start shipping from Nov. 3. The 10th-anniversary iPhone is priced from $999 – Apple’s most expensive mobile till date.
One investor in Apple’s shares played down any concern around a dip in sales of the iPhone 7 or 8, given the much-anticipated debut of iPhone X.
“Worrying about any small down-tick in margins from the sale of the iPhone 7 or 8 is a wrong-headed way to look at it as iPhone X is really the flagship device where we’re going to see a strong upgrade cycle,” said Jason Ware, chief investment officer of Albion Financial Group.
Scale means these companies can do a lot more. They can make smart speakers and watches and VR and glasses, they can commission their own microchips, and they can think about upending the $1.2tr car industry. They can pay more than many established players for content – in the past, tech companies always talked about buying premium TV shows but didn’t actually have the cash, but now it’s part of the marketing budget. Some of these things are a lot cheaper to do than in the past (smart speakers, for example, are just commodity smartphone components), but not all of them are, and the ability to do so many large experimental projects, as side-projects, without betting the company, is a consequence of this scale, and headcount.
On the other hand, that the market is big enough for four tech giants, not just one (Wintel) partnership, means we have four companies aggressively competing and cooperating with each other, and driving each other on, and each trying somehow to commoditise the others’ businesses. None of them quite pose a threat to the others’ core – Apple won’t do better search than Google and Amazon won’t do better operating systems than Apple. But the adjacencies and the new endpoints that they create do overlap, even if these companies get to them from different directions, and as consumers we all benefit. If I want a smart speaker, I can choose from two with huge, credible platforms behind them today, and probably four in six months, each making them for different reasons with different philosophies. No-one applied that kind of pressure to Microsoft.
How do the mice do when there are four elephants fighting it out? As we saw with first GoPro and now perhaps Sonos, if you’re riding the smartphone supply chain cornucopia but can’t construct a story further up the stack, around cloud, software, ecosystem or network effects, you’re just another commodity widget maker. And the aggressive competition in advertising products from Google, Facebook and now to some extent Amazon has taken a lot of the oxygen away from anyone else.
We set out to find an alternative to the Astropad ring. The obvious first option was to make a new gesture, but we realized pretty quickly that there was limited room for this. Every edge of the iPad is already occupied with an existing gesture: swipe up for your dock, left to search, and down for notifications. We really needed something novel to work with.
Our Astro HQ cofounder Giovanni Donelli said that the idea to turn the camera into a button came like lightning, “I had been staring at a white bezel iPad for so long, and I kept wishing there was another home button we could use. My eyes kept falling on the camera, and I really wanted to touch it!” Giovanni built an initial prototype of the Camera Button within an hour.
Turning the camera into a reliably functioning button didn’t come without challenges. In total, we spent four months of continuous engineering efforts to get past these hurdles…
Once you see it, it’s completely obvious – like all the great ideas. Though this does remind me of the Camera+ hack, which years ago found a way to make the camera fire by pressing the volume button. Apple then blocked it. Then, uh, stole it: you can now take pictures on iPhones by pressing the volume button. Not sure if Astro is going to go through the same. Hope not.
link to this extract
A few years ago, my wife convinced me that we had to buy a $400 juicer. It’ll make us healthier, the juice will taste great, and it’ll be fun to use, she said. I eventually agreed, and we made some carrot juice and orange juice that did taste pretty good. But after dumping eight pounds of pulp into the trash, we put it in a box and never used it again. Now, every time she wants to buy X or Y questionable, expensive thing, my go-to snarky reply is “remember the juicer?”
Unfortunately, now I have my own juicer.
It’s called the Oculus Rift.
This story surely repeated many times around the world.
link to this extract
Errata, corrigenda and ai no corrida: Sophie Warnes’s newsletter is called Fair Warning, not Fiar Warning. You should still sign up, however it’s spelled.
You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
Filed under: links
( links and personal observations about sexual violence against women )
I absolutely believe everybody else's experiences, people I know and strangers writing brave, brave columns and blog posts. I am just a total outlier, and I really shouldn't be. So I'm signal boosting others' accounts, because I know that I needed to be made aware of the scale of the problem, and perhaps some other people reading this could also use the information.
- Scaling PhantomJS: Taking Thousands of Full Page Screenshots Every Day
- Developer Experience Lessons Operating a Serverless-like Platform At Netflix — Part II
- Transit and Peering: How your requests reach GitHub
- Atom’s new concurrency-friendly buffer implementation
- Why Are Webhooks Better Than Serverless Extensibility?
- How Shopify Governs Containers at Scale with Grafeas and Kritis
- Remaking Lightbeam as a browser extension
- Airflow: The Missing Context
- Go Python, Go! Stream Processing for Python
- Bayesian Nonparametrics
In this case, there were some failing tests and I was trying to debug some of them, and the result was the same every time, but only when I ran a failing test by itself and it passed did I realise that the tests weren't actually independent. They weren't actually non-deterministic in that the same combination of tests always had the same result, but I hadn't realised what was going on.
And in fact, I'd not validated the initial state of some tests enough, or I would have noticed that what was going wrong was not what the test *did* but what it started with.
I was doing something like, there was some code that loaded a module which contained data for the game -- initial room layout, rules for how-objects-interact, etc. And I didn't *intend* to change that module. Because I'm used to C or C++ header files, I'd forgotten that could be possible. But when I created a room based on the initial data, I copied it without remembering to make sure I was actually *copying* all the relevant sub-objects. And then when you move stuff around the room, that (apparently) moved stuff around in the original copy in the initialisation data module.
And then some other test fails because everything has moved around.
Once I realised, I tested a workaround using deepcopy, but I need to check the one or two places where I need a real copy and implement one there instead.
Writing a game makes me think about copying objects a lot more than any other sort of programming I've done.
I'll be going along with my big Film Premiere coat :-)
It will be made public on vimeo the next day and I can post it here if anyone's interested.
Dish Life (short with children being stem cells in petri dish) has made New York Times' Ten Things To Do In NYC This Week list (For Children section) - the director and scientist are over there now and having a great time.