recentpopularlog in

jtyost2 : software   1462

« earlier  
Smart speaker recordings reviewed by humans
Amazon, Apple and Google all employ staff who listen to customer voice recordings from their smart speakers and voice assistant apps.

News site Bloomberg highlighted the topic after speaking to Amazon staff who "reviewed" Alexa recordings.

All three companies say voice recordings are occasionally reviewed to improve speech recognition.

But the reaction to the Bloomberg article suggests many customers are unaware that humans may be listening.

The news site said it had spoken to seven people who reviewed audio from Amazon Echo smart speakers and the Alexa service.
privacy  technology  software  hardware  surveillance  business  amazon.com  AmazonAlexa  AppleSiri 
april 2019 by jtyost2
Apple Drops $99 Data Migration Fee for New Macs and Repairs - TidBITS
Apple has dropped the $99 fee that it previously charged for migrating data from an old Mac to a newly purchased machine. TidBITS reader and TekBasics consultant David Price wrote to tell us that he has generally advised clients to pay Apple to migrate data to newly purchased Macs, but when he accompanied his brother-in-law to pick up a freshly migrated iMac last week, Apple informed him that there was no charge for the service.
apple  hardware  software 
april 2019 by jtyost2
Thumb drive carried by Mar-a-Lago intruder immediately installed files on a PC | Ars Technica
A Secret Service official speaking on background told Ars that the agency has strict policies over what devices can be connected to computers inside its network and that all of those policies were followed in the analysis of the malware carried by Zhang.

"No outside devices, hard drives, thumbdrives, et cetera would ever be plugged into, or could ever be plugged into, a secret service network," the official said. Instead, devices being analyzed are connected exclusively to forensic computers that are segregated from the agency network. Referring to the thumb drive confiscated from Zhang, the official said: "The agent didn’t pick it up and stick it into a Secret Service network computer to see what was on it." The agent didn't know why Ivanovich testified that the analysis was quickly halted when the connected computer became corrupted.

Monday's hearing raised yet another question about Secret Service security. Adler, the public defender representing Zhang, got agent Samuel Ivanovich to admit that "the agency that protects the president largely relied on Mar-a-Lago staff to determine whether to admit her, didn't see red flags in the devices she carried, and asked no further questions of Zhang once they believed she was related to another club member with the same last name—which is extremely common in China."

Expect more scrutiny of the event, the resulting investigation, and the lax policies that led to the breach to continue, possibly for months to come.
SecretService  government  technology  hardware  software  malware  china  MarALago  usa  security 
april 2019 by jtyost2
A Journey — if You Dare — Into the Minds of Silicon Valley Programmers
The backdrop to this book is that something is broken about Silicon Valley. To understand what isn’t working for so many people it’s necessary to scrutinize the coders themselves, their personalities and biases. The very particular culture they’ve created infuses everything they produce for the rest of us. Because deeply introverted people were drawn to coding, they did not prioritize positive human interactions. A community that indulges thoughts of anarchy was wary of adding any guardrails to the programs and products it produced.

When dealing with an algorithm that can be built for one and scaled to billions, those idiosyncratic foibles matter a lot. A few individuals’ blind spots mean a massive, world-changing system has those same blind spots. Remember that Instagram had 13 employees when Facebook bought it. WhatsApp had 55.

The mostly white men who built the tools of social networks did not recognize the danger of harassment, and so the things they built became conduits for it. If there had been women or people of color in the room, Thompson’s argument goes, there might have been tools built to protect users from the get-go. They were mostly middle-class and upper-middle-class kids from Stanford, and so some of the brightest minds focused on convenience apps, grocery delivery systems and on-demand laundry.

Coders themselves like to buttress the idea that some among them are magical. There is the notion of a 10x coder, a genius who can do the work of 10. One of those famous in Silicon Valley is Max Levchin, who built PayPal. Thompson describes the brutal hours it took Levchin to build something that never existed before, the work and obsession it required to make a thing that now seems obvious. “Empyrean feats of coderly productivity,” he calls it.

And then he dismantles the idea of the genius coder. He presents the case of a start-up ousting a “brilliant jerk” who was writing elaborate (and to everyone else, illegible) code, discovering they were more productive without him. The lesson was that if the team could work better together, “they wouldn’t need superheroes,” and this seems to be the moral of the chapter. Despite the mystique, coding is not an art.

It’s pleasing as he picks up each Silicon Valley cliché, each canard never criticized, and dumps it into this wood chip machine.

Many Silicon Valley engineers are convinced that the work is done by males (and built mostly for males) because males are better at coding. They imagine a pure meritocracy. Code either works or it doesn’t. Good code rises. There would be more female coders if females were interested in coding and were a little less neurotic, the argument goes.
culture  programming  software  discrimination  gender  feminism  politics 
april 2019 by jtyost2
Netflix confirms it killed AirPlay support, won’t let you beam shows to Apple TVs anymore
With no warning and little explanation, Netflix has removed the easiest way to sling its shows from one Apple device to another: AirPlay.

Netflix confirmed to The Verge that it pulled the wireless casting feature this past week, due to what it’s calling a “technical limitation.” But it’s not the kind of technical limitation you’d think.

You see, Apple recently partnered with most of the major TV brands to allow AirPlay 2 to send shows directly to their 2019 TV sets with a firmware update later this year, but a Netflix spokeperson tells me AirPlay 2 doesn’t have digital identifiers to let Netflix tell those TVs apart — and so the company can’t certify its users are getting the best Netflix experience when casting to those new sets.

So now, it’s throwing out the baby with the bathwater and pulling the plug on AirPlay, period. “We can’t distinguish which device is which, we can’t actually certify the devices... so we’ve had to just shut down support for it,” a Netflix spokesperson says.

To be clear, that means Apple TV set-top box users can no longer cast Netflix, either.
apple  software  technology  netflix 
april 2019 by jtyost2
Turns out Amazon buying Eero wasn’t the startup success story we thought
When Amazon bought mesh Wi-Fi router company Eero, our first reactions were of exhaustion, consternation and concern: why couldn’t a tiny company with an excellent privacy-minded product be left to its own devices, instead of getting snapped up by the big data giant from Seattle?

Now, we know why. Mashable reports that Amazon paid just $97 million for Eero, far less money than the $148 million it reportedly raised as a startup. That’s something you don’t do unless your business is in trouble, and it means Amazon may have actually saved Eero from a different fate.

The Verge can confirm that $97 million number, by the way, as well as many of the others in Mashable’s story — we’ve seen similar documents, and we believe they’re the real deal. Eero declined to comment.

There are many potential side effects to the fact that Amazon purchased Eero in a fire sale rather than at a profit, and Mashable’s report details some of them, like how Eero’s executives are making out like bandits with multi-million dollar golden parachutes, while rank-and-file employees are now sitting on worthless stock options — or worse, shares they purchased for $3 that are now worth $0.03 each. It’s a cautionary tale about how stock options work.

But — and we’re very deep in speculation territory now — I’m curious if it also means that we should expect less from Eero, under Amazon, than we might have if it were more of a success story for the startup. If Amazon was able to pay so little for Eero, it may well have smaller ambitions for the company, and it would be that much easier to justify killing it off as a failed experiment if anything goes wrong.
amazon.com  business  technology  hardware  software  eero  stock 
april 2019 by jtyost2
Analysis | What could a hacker with a USB stick actually access at Mar-a-Lago?
There are still a number of questions about the events at Mar-a-Lago this weekend that remain unanswered. If it was a clumsy attempt to access the hotel’s network, it thankfully failed. But one of Barak’s central points was that a successful intrusion attempt by a determined hacker was all but inevitable.

We’re left to hope that Mar-a-Lago’s “IT security hygiene,” as he put it, is good enough to protect a facility that Trump likes to call the “winter White House.”
Ethics  DonaldTrump  security  government  hacking  software  MarALago 
april 2019 by jtyost2
A Mathematician Just Solved a Deceptively Simple Puzzle That Has Boggled Minds for 64 Years
Mathematicians have been trying to find as many valid values for k since the 1950s and have discovered that a few numbers will never work. Any number with a remainder of 4 or 5 when divided by 9, for example, cannot have a Diophantine solution. That rules out 22 numbers below 100. Of the 78 remaining numbers that should have solutions, two have stumped researchers for years: 33 and 42.

Andrew Booker, a mathematics professor at the University of Bristol, recently knocked one of those stubborn numbers off the list.

Booker created a computer algorithm to look for solutions to x^3 + y^3 + z^3 = k, using values up to 10^16th power (that's every number up to 99 quadrillion). Booker was looking for new solutions to all the valid numbers below 100. He didn't expect to find the first-ever solution for 33 — but, within several weeks of computing, an answer turned up. That answer is:

(8,866,128,975,287,528)^3 + (–8,778,405,442,862,239)^3 + (–2,736,111,468,807,040)^3 = 33.
mathematics  computer  hardware  software  research 
april 2019 by jtyost2
Yet Another JavaScript Framework | CSS-Tricks
It exposed an essential question about the responsibility of browser makers and developers to provide an accessible and open and forgiving experience for each and every user of the web and each and every builder of the web, even when (maybe especially when) the standards of the web are completely ignored. Put simply, the question was, should we ever break the web?
javascript  programming  software  softwareengineering  softwaredesign  mootools  browser  engineering 
april 2019 by jtyost2
Small stickers on the ground trick Tesla autopilot into steering into opposing traffic lane
Researchers from Tencent Keen Security Lab have published a report detailing their successful attacks on Tesla firmware, including remote control over the steering, and an adversarial example attack on the autopilot that confuses the car into driving into the oncoming traffic lane.

The researchers used an attack chain that they disclosed to Tesla, and which Tesla now claims has been eliminated with recent patches.

To effect the remote steering attack, the researchers had to bypass several redundant layers of protection, but having done this, they were able to write an app that would let them connect a video-game controller to a mobile device and then steer a target vehicle, overriding the actual steering wheel in the car as well as the autopilot systems. This attack has some limitations: while a car in Park or traveling at high speed on Cruise Control can be taken over completely, a car that has recently shifted from R to D can only be remote controlled at speeds up to 8km/h.

Tesla vehicles use a variety of neural networks for autopilot and other functions (such as detecting rain on the windscreen and switching on the wipers); the researchers were able to use adversarial examples (small, mostly human-imperceptible changes that cause machine learning systems to make gross, out-of-proportion errors) to attack these.

Most dramatically, the researchers attacked the autopilot's lane-detection systems. By adding noise to lane-markings, they were able to fool the autopilot into losing the lanes altogether, however, the patches they had to apply to the lane-markings would not be hard for humans to spot.
Tesla  software  security  hardware  research  technology 
april 2019 by jtyost2
You probably don't need input type=“number”
Time and time again, it seems like reaching for input type="number" is a good idea, but it almost always isn’t. While input type="number triggers numeric keyboards on touchscreens leading to better mobile UX, that can also be accomplished by configuring the pattern attribute in a certain way (Zach Leatherman has a great deep dive post into all of this). I’ll also say that incrementing/decrementing a number with a mouse’s scroll wheel (especially the crappy Magic Mouse) is a lousy pattern even for proper numeric input (“Dammit! I wanted to buy two pairs of socks, not 39.”)
webdevelopment  usability  html  software  webdesign 
march 2019 by jtyost2
In Ethiopia Crash, Faulty Sensors on Boeing 737 Max Are Suspected
A similar series of events involving faulty sensor data and an automated system suspected in bringing down a Boeing plane in Indonesia may have also caused the crash of the same type of jet in Ethiopia in March, according to people who have been briefed on the contents of the black box in Ethiopia.

Data from a vane-like device, called an angle-of-attack sensor, incorrectly activated the automatic, computer-controlled system, called MCAS, which pushed the nose of the plane down, eventually leading to a crash that killed all 157 people aboard.

The black box, also called the flight data recorder, contains information on dozens of systems aboard the plane. The black boxes on both planes, Boeing’s latest generation of the 737, survived the crashes, allowing investigators to begin piecing together what caused the disasters. Both investigations are ongoing and no final determinations have been made.

There are two angle-of-attack sensors on the Boeing 737 Max, one attached to the fuselage on the pilot’s side and another on the co-pilot’s side. Investigators in Indonesia, who have produced a preliminary report and released some of the information from the box, saw that one sensor produced a reading that was at least 20 degrees different from the other as the plane took off and began its ascent.

The system was programmed to use data from only one of the sensors, which on that flight was malfunctioning. With the bad data, MCAS was activated, erroneously pushing the nose of the plane down. The pilots on the Indonesian flight tried repeatedly to override the system, but after about 12 minutes lost their battle and the plane crashed.
boeing  boeing737  software  hardware  ethics  softwareengineering  airplane  airline 
march 2019 by jtyost2
Apple cancels AirPower product, citing inability to meet its high standards for hardware | TechCrunch
Apple has canceled the AirPower product completely, citing difficulty meeting its own standards.

“After much effort, we’ve concluded AirPower will not achieve our high standards and we have cancelled the project. We apologize to those customers who were looking forward to this launch. We continue to believe that the future is wireless and are committed to push the wireless experience forward,” said Dan Riccio, Apple’s senior vice president of Hardware Engineering in an emailed statement today.

After a delay of over a year since it was first announced in September of 2017, the AirPower charging mat has become something of a focal point for Apple’s recent habit of announcing envelope tickling products and not actually shipping them on time. The AirPods, famously, had a bit of a delay before becoming widely available, and were shipped in limited quantities before finally hitting their stride and becoming a genuine cultural moment.
apple  hardware  technology  engineering  software  AirPower 
march 2019 by jtyost2
MailEclipse: Laravel Mail Editor Package
MailEclipse is a mailable editor package for your Laravel applications to create and manage mailables using a web UI. You can use this package to develop mailables without using the command line, and edit templates associated with mailables using a WYSIWYG editor, among other features.

You can even edit your markdown mailable templates:
email  laravel  software  webdevelopment 
march 2019 by jtyost2
You want AIs with that? McDonald's buys into machine learning
McDonald's is buying an artificial intelligence start-up to help serve up data-driven meal choices.

The technology developed by Israeli start-up Dynamic Yield can automatically change menus depending on the weather, time of day and traffic.

McDonald's is reported to be paying $300m (£227m) for the tech firm.

Number-plate recognition would also allow it to offer customers at drive-throughs their usual food order, McDonald's told Wired.

Dynamic Yield's technology would allow AI to determine what products are promoted, for example automatically suggesting McFlurry ice cream on hot days, or telling customers which items are already proving popular at that particular restaurant that day.

Most McDonald's outlets in the US are drive-throughs which is where the restaurant chain is planning to roll out the technology first.
technology  software  mcdonalds  business  advertising 
march 2019 by jtyost2
Huawei Security ‘Defects’ Are Found by British Authorities
A British review of Huawei found “significant” security problems with the Chinese company’s telecommunications equipment, a conclusion that supports a United States effort to ban it from next-generation wireless networks.

The British report, released on Thursday, said there were “underlying defects” in Huawei’s software engineering and security processes that governments or independent hackers could exploit, posing risks to national security. While the report did not call for an outright ban of Huawei equipment, it was endorsed by the country’s top cybersecurity agency.

The conclusions buttress the Trump administration’s push to convince its allies that Huawei, the world’s largest maker of telecommunications equipment, creates grave risks to national security. The White House has accused Huawei of being an arm of the Chinese government that can be used for spying or to sabotage communications networks, a charge that Huawei has vehemently denied.

But the American push has run into hurdles. Many countries, including Britain, have resisted the effort to ban Huawei, arguing that the risk can be mitigated. It is a critical time for wireless carriers as they prepare to spend billions of dollars to introduce next-generation wireless networks, known as 5G, which governments see as essential infrastructure for a rapidly digitizing global economy.

The British report highlights broader challenges facing many countries. While Huawei products may pose cybersecurity risks, the company is a key provider of the equipment needed to build 5G networks. If countries issue an outright ban, they could face costly delays in adopting the technology that not only will increase the download speeds of mobile phones but is expected to create breakthroughs in manufacturing, transportation and health care. And Huawei is already a central part of many countries’ telecommunications networks, making a ban logistically difficult.
Huawei  security  china  UnitedKingdom  usa  technology  hardware  software  telecommunications 
march 2019 by jtyost2
Programmers Who Don't Understand Security Are Poor at Security - Schneier on Security
A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they're not going to do a very good job at it.
security  research  programming  software  softwareengineering 
march 2019 by jtyost2
The Apple Card is a perfect example of Apple’s post-iPhone strategy
And while Apple Pay may be a bold vision of the future, it’ll likely be years before contactless digital payments become truly mainstream in the US. In the meantime, Apple wants to sell you the benign and the boring — a credit card, a cable package, a magazine subscription — in hopes it can make its software and services as intrinsic a part of everyday life as its smartphone. Changing industries from the ground up is no longer Apple’s playbook, especially as it plays catch-up to companies like Netflix and Spotify.

Apple’s strategy mirrors that of Amazon. The e-commerce giant started out selling genuinely new and best-in-class products like the Kindle and then the AI-powered Echo speaker. But Amazon has since used the consumer goodwill it garnered and the power it wields over its digital storefront to sell you everything from microwaves and wall clocks to white label clothing brands, home supplies, and AmazonBasics-branded AA batteries.
apple  software  hardware  creditcard  business 
march 2019 by jtyost2
Boeing announces fixes for its 737 Max aircraft - BBC News
Boeing has issued changes to controversial control systems linked to two fatal crashes of its 737 Max planes in the last five months.

But it's still not certain when the planes, that were grounded worldwide this month, will be allowed to fly.

Investigators have not yet determined the cause of the accidents.

As part of the upgrade, Boeing will install as a standard a warning system, which was previously an optional safety feature.

Neither of the planes, operated by Lion Air in Indonesia and Ethiopian Airlines, that were involved in the fatal crashes, carried the alert systems, designed to warn pilots when sensors produce contradictory readings.

Boeing said in future airlines would no longer be charged extra for that safety system to be installed.
boeing  boeing737  airline  airplane  safety  regulation  faa  software 
march 2019 by jtyost2
The Birth of Developer Avocados 🥑
Developer Avocados are developer advocates, developer evangelists, community engineers, and developer relations folks that embrace the power of making mistakes and wield it as a tool in making software development more accessible.
software  softwareengineering  education  culture 
march 2019 by jtyost2
Mastercard Sees Other Banks Ditching Credit Card Numbers Like Apple Did
This week, Apple Inc. introduced the Mastercard Inc.-branded Apple Card, which won’t have a number on the physical card as a way to improve security in case a customer loses it. That could encourage other banks to also ditch the static number in favor of more secure limited-use numbers, said Craig Vosburg, president of North America for Mastercard.

“We want security to be at the highest level possible across the ecosystem, and we want to do that in ways that don’t introduce friction and make payments inconvenient for consumers,” Vosburg said in an interview Tuesday with Bloomberg Television.

Craig Vosburg, president of North America at Mastercard
business  creditcard  AppleCard  ApplePay  software  technology  security  mastercard 
march 2019 by jtyost2
Apple launches its own credit card and TV shows
Apple is launching its own credit card, Apple Card, in the US this summer.

There will be both an iPhone and physical version of the card, with a cashback incentive on every purchase.

The tech giant also unveiled a new TV streaming platform, Apple TV+, with content from existing services like Hula alongside original material from high profile stars and directors.

It revealed a new gaming portal and enhanced news app as well, in an event to showcase its new focus on services.

The credit card will have no late fees, annual fees or international fees, said Apple Pay VP Jennifer Bailey.

It has been created with the help of Goldman Sachs and MasterCard.

The event was held in California and Apple Chief Executive Tim Cook was clear from the start that the announcements would be about new services, not new devices.

It is a change of direction for the 42-year-old tech giant.
apple  business  software  technology  television  creditcard 
march 2019 by jtyost2
Autonomous shuttle to be tested in New York City
Boston start-up Optimus Ride will run vehicles on private roads at the Brooklyn Navy Yard site located on New York's East River.

The shuttle will help workers get around the large site.

Self-driving vehicles are being widely trialled around the world, but vehicles sometimes crash and some regulators have halted tests.

The company would not be drawn on details about the initial deployment.

In an email to technology site The Verge a spokesperson wrote: "The fleet of self-driving vehicles at the Brooklyn Navy Yard and Paradise Valley estates will increase throughout the deployment period."

They added that the cars are designed to operate in "environments of 25mph."
newyorkcity  technology  automotive  software  selfdrivingtech 
march 2019 by jtyost2
Chrome to patch loophole that allows sites to block Incognito mode users
Future versions of Chrome will fix a loophole that lets websites detect and block users who attempt to access them using the browser’s Incognito mode, reports 9to5Google.

As well as not storing any local records of your browsing history, Chrome’s Incognito mode stops websites from being able to track you using cookies. However, because so much of the web’s ad revenue relies on this tracking data, some sites, such as The Boston Globe and MIT Technology Review, prevent you from reading their articles if you visit them using this mode.

Most sites do this by trying to use the “FileSystem” API, which is disabled while using Incognito mode because it allows permanent files to be created. However, recent commits to Chromium’s source code, which were first spotted by 9to5Google, show that the browser will soon trick websites into believing its FileSystem API is always operational.

When sites request to use the API when the browser is in Incognito mode in the future, Chrome will no longer return a conspicuous error. Instead, it will create a virtual file system in RAM. This will then get deleted at the end of your Incognito session, so that no permanent record can be created.
GoogleChrome  privacy  api  software  browser  technology  advertising 
march 2019 by jtyost2
FEMA Shared The Personal Information Of More Than 2 Million Disaster Survivors In A "Major Privacy Incident"
The Federal Emergency Management Agency shared sensitive data, including personal banking information, of 2.3 million disaster survivors with a housing contractor, putting them at risk of identity theft, in what the agency described as a “major privacy incident.”

The Department of Homeland Security's Office of Inspector General on Friday released its findings that personal information of survivors of hurricanes Harvey, Irma, and Maria, as well the 2017 California wildfires, was mishandled by the FEMA. In response, the disaster relief agency said it had taken "aggressive measures" to correct the error.

"FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system," the agency said in a statement. "To date, FEMA has found no indicators to suggest survivor data has been compromised."
fema  privacy  security  software  databreach 
march 2019 by jtyost2
Just discovered the most INSANE thing. The ORDER OF THE EPISODES for Netflix's new series Love Death & Robots changes based on whether Netflix thinks you're gay or straight.
Just discovered the most INSANE thing. The ORDER OF THE EPISODES for Netflix's new series Love Death & Robots changes based on whether Netflix thinks you're gay or straight.
netflix  algorithm  privacy  gender  datamining  machinelearning  software  technology  culture 
march 2019 by jtyost2
Spatie Laravel Flash Package
This is a lightweight package to send flash messages in Laravel apps. A flash message is a message that is carried over to the next request by storing it in the session. This package only supports one single flash message at a time.
laravel  software  webdevelopment 
march 2019 by jtyost2
CAs Reissue Over One Million Weak Certificates - Schneier on Security
Turns out that the software a bunch of CAs used to generate public-key certificates was flawed: they created random serial numbers with only 63 bits instead of the required 64. That may not seem like a big deal to the layman, but that one bit change means that the serial numbers only have half the required entropy. This really isn't a security problem; the serial numbers are to protect against attacks that involve weak hash functions, and we don't allow those weak hash functions anymore. Still, it's a good thing that the CAs are reissuing the certificates. The point of a standard is that it's to be followed.
ssl  security  cryptography  https  software 
march 2019 by jtyost2
See No Evil: Hidden Content and Accessibility
When I first started learning web development I thought hiding content was simple: slap display: none; onto your hidden element and call it a day. Since then I’ve learned about screen readers, ARIA attributes, the HTML5 hidden attribute, and more!

It’s important to ensure our websites are accessible to everyone, regardless of whether or not they use a screen reader, but with this myriad of options, how do we know when to use what?

There are four main scenarios where you may wish to hide content:
1. Hiding content for everyone, regardless of whether they use a screen reader
2. Hiding content for screen readers while showing it to other users
3. Showing additional content for screen readers while hiding it from other users
4. Hiding content at specific screen sizes

Let’s dive deeper into each of those scenarios to learn how to handle them.
design  software  webdesign  webdevelopment  accessibility  css  html 
march 2019 by jtyost2
On Spotify’s Complaints About the App Store
Overall, Apple’s response isn’t very convincing to me. There are still 2 fundamental problems with the App Store: exclusive distribution and exclusive payment. In that post from 8 years ago, I concluded with:

Apple, want to charge 30%? Go for it. Want to make the submission rules more strict? Fine. Want to adjust how you run the App Store to reflect what’s happening in the market? No problem. Just give developers an out. We are going to be back here year after year with the latest controversy until exclusive app distribution is fixed.

I think I’ve been proven right about this. This issue will never go away until Apple allows side-loading or makes it easier to let customers pay outside the App Store. In the meantime, I’ve been arguing for a 15% cut instead of 30% for all paid downloads and in-app purchase, which would go a long way to making this easier for developers.
apple  legal  business  software  technology  spotify 
march 2019 by jtyost2
Two-thirds of all Android antivirus apps are frauds | ZDNet
An organization specialized in testing antivirus products concluded in a report published this week that roughly two-thirds of all Android antivirus apps are a sham and don't work as advertised.

The report, published by Austrian antivirus testing outfit AV-Comparatives, was the result of a grueling testing process that took place in January this year and during which the organization's staff looked at 250 Android antivirus apps available on the official Google Play Store.

The report's results are tragicomical --with antivirus apps detecting themselves as malware-- and come to show the sorry state of Android antivirus industry, which appears to be filled with more snake-oilers than actual cyber-security vendors.
android  antivirus  software  mobile  technology  GoogleAndroid 
march 2019 by jtyost2
Manton Reece - My response to Apple's response to Spotify
Overall, Apple’s response isn’t very convincing to me. There are still 2 fundamental problems with the App Store: exclusive distribution and exclusive payment. In that post from 8 years ago, I concluded with:

Apple, want to charge 30%? Go for it. Want to make the submission rules more strict? Fine. Want to adjust how you run the App Store to reflect what’s happening in the market? No problem. Just give developers an out. We are going to be back here year after year with the latest controversy until exclusive app distribution is fixed.

I think I’ve been proven right about this. This issue will never go away until Apple allows side-loading or makes it easier to let customers pay outside the App Store. In the meantime, I’ve been arguing for a 15% cut instead of 30% for all paid downloads and in-app purchase, which would go a long way to making this easier for developers.
apple  software  business  spotify  legal  monopoly 
march 2019 by jtyost2
Facebook’s Data Deals Are Under Criminal Investigation
The disclosures about Cambridge last year thrust Facebook into the worst crisis of its history. Then came news reports last June and December that Facebook had given business partners — including makers of smartphones, tablets and other devices — deep access to users’ personal information, letting some companies effectively override users’ privacy settings.

The sharing deals empowered Microsoft’s Bing search engine to map out the friends of virtually all Facebook users without their explicit consent, and allowed Amazon to obtain users’ names and contact information through their friends. Apple was able to hide from Facebook users all indicators that its devices were even asking for data.

Privacy advocates said the partnerships seemed to violate a 2011 consent agreement between Facebook and the F.T.C., stemming from allegations that the company had shared data in ways that deceived consumers. The deals also appeared to contradict statements by Mark Zuckerberg and other executives that Facebook had clamped down several years ago on sharing the data of users’ friends with outside developers.

F.T.C. officials, who spent the past year investigating whether Facebook violated the 2011 agreement, are now weighing the sharing deals as they negotiate for a possible multibillion-dollar fine. That would be the largest such penalty ever imposed by the trade regulator.

Facebook has aggressively defended the partnerships, saying they were permitted under a provision in the F.T.C. agreement that covered service providers — companies that acted as extensions of the social network.

The company has taken steps in the past year to tackle data misuse and misinformation. Last week, Mr. Zuckerberg unveiled a plan that would begin to pivot Facebook away from being a platform for public sharing and put more emphasis on private communications.
facebook  privacy  apple  google  microsoft  samsung  business  legal  advertising  technology  hardware  software  socialmedia  socialnetwork  crime  ethics  government 
march 2019 by jtyost2
Creating the Blockade Runner Engine Look for Rogue One | Industrial Light & Magic
Artist Todd Vaziri explains how the team arrived at the Blockade Runner engine look for 'Rogue One'.

Today our guest writer is Todd Vaziri, Lead Artist at ILM who chronicles how the Blockade Runner engine shot from Rogue One: A Star Wars Story went from idea to reality:

I was thrilled to get to work on this shot with my friend and frequent collaborator, ILM lighter Tom Martinek. (Leia’s Blockade Runner escapes, tying Rogue One directly to the start of Star Wars (1977)? Yes, please!) We loved bringing this moment to life. It was a thrill to be able to help create the updated look of a classic ship we haven’t seen on screen since 1977. Also, it’s fun to realize that pretty much no one agrees how to pronounce “Tantive IV.”
art  technology  software  rogueone  starwars  animation  visualeffects  movie 
march 2019 by jtyost2
Microsoft’s new Skype for Web client: An early taste of the browser monoculture
Rather, it's a being bothered to do the work issue. Microsoft has said that its decision to prioritize Edge and Chrome is based on "customer value." Or, to put it another way, there's not much point in taking the time and effort to support browsers that have a small audience. This creates a negative feedback loop for those browsers, discouraging their use and pushing developers toward a world in which Chrome is the only browser that developers think about and target.

There's perhaps also some irony in that the Skype app is built with a framework designed to foster cross-platform development, between devices, desktop, and the Web. For those who can use the Web app, it looks extremely similar to the desktop apps, which also look very similar to the mobile apps. That's because it's built using ReactXP, Microsoft's layer on top of Facebook's React and React Native frameworks. These let you use Web technology to build applications not just for the Web but also the desktop and smartphone platforms. When targeting the Web, ReactXP supports Firefox, reinforcing once again that this isn't really a technology question.
software  webdevelopment  webdesign  browser  googlechrome  microsoft  firefox  internet  standards 
march 2019 by jtyost2
What was the world wide web like 30 years ago?
Dial-up tone, clunky websites and AOL free trial CDs - it's clear that the earliest versions of the world wide web came with quirks and frustrations. Thirty…
technology  history  worldwideweb  software 
march 2019 by jtyost2
Downsides of Smooth Scrolling | CSS-Tricks
I can see not being able to adjust timing being a downside, but that wasn't what made me ditch smooth scrolling. The thing that seemed to frustrate a ton of people was on-page search. It's one thing to click a link and get zoomed to some header (that feels sorta good) but it's another when you're trying to quickly pop through matches when you do a Find on the page. People found the scrolling between matches slow and frustrating. I agreed.
css  software  html  javascript  webdesign  webdevelopment 
march 2019 by jtyost2
GitDown Parsing Markdown in PHP
Air Force Secretary Heather Wilson, one of the first officials to join the Trump administration in the Pentagon, is expected to resign after being named Friday as the sole finalist to become the president of the University of Texas at El Paso, defense officials said.

Wilson sent a letter to President Trump regarding her resignation and plans to leave her post at the end of May, provided that the University of Texas approves her selection, according to one U.S. defense official, who spoke on the condition of anonymity because Wilson’s departure had not yet been announced. A second defense official said he was aware of the news, but did not have any additional information Friday morning.

The news comes after the University of Texas Board of Regents voted Friday morning to narrow its search to lead its campus in El Paso to Wilson. It announced the decision in a news release shortly after the news broke at the Pentagon. Wilson, who came to the Trump administration from academia, had expressed interest in the post, but the decision came sooner than she expected, a defense official said. Reuters first reported that the Pentagon expected her to resign.
markdown  php  gitdown  laravel  software 
march 2019 by jtyost2
Cybersecurity Insurance Not Paying for NotPetya Losses - Schneier on Security
Cybersecurity Insurance Not Paying for NotPetya Losses This will complicate things: To complicate matters, having cyber insurance might not cover everyone's…
insurance  security  hardware  technology  software  business 
march 2019 by jtyost2
Detecting Shoplifting Behavior - Schneier on Security
This system claims to detect suspicious behavior that indicates shoplifting:

Vaak, a Japanese startup, has developed artificial intelligence software that hunts for potential shoplifters, using footage from security cameras for fidgeting, restlessness and other potentially suspicious body language.

The article has no detail or analysis, so we don't know how well it works. But this kind of thing is surely the future of video surveillance.
crime  legal  ethics  privacy  video  software 
march 2019 by jtyost2
How To Spoof PDF Signatures
One year ago, we received a contract as a PDF file. It was digitally signed. We looked at the document - ignoring the "certificate is not trusted" warning shown by the viewer - and asked ourselfs:

"How do PDF signatures exactly work?"

We are quite familiar with the security of message formats like XML and JSON. But nobody had an idea, how PDFs really work. So we started our research journey.

Today, we are happy to announce our results. In this blog post, we give an overview how PDF signatures work and on top, we reveal three novel attack classes for spoofing a digitally signed PDF document. We present our evaluation of 22 different PDF viewers and show 21 of them to be vulnerable. We additionally evaluated 8 online validation services and found 6 to be vulnerable.

In cooperation with the BSI-CERT, we contacted all vendors, provided proof-of-concept exploits, and helped them to fix the issues and three generic CVEs for each attack class were issued: CVE-2018-16042, CVE-2018-18688, CVE-2018-18689.
pdf  security  technology  software 
march 2019 by jtyost2
Uber 'not liable' for self-driving death
Uber will not face criminal charges for a fatal crash involving one of its self-driving cars. Prosecutors have ruled that the company is not criminally liable…
uber  safety  crime  technology  hardware  software  business  legal  lawsuit  SelfDriving  automotive 
march 2019 by jtyost2
After Facebook’s Scandals, Mark Zuckerberg Says He’ll Shift Focus to Private Sharing
Social networking has long been predicated on people sharing their status updates, photos and messages with the world. Now Mark Zuckerberg, chief executive of Facebook, plans to shift people toward private conversations and away from such public broadcasting.

Mr. Zuckerberg, who runs Facebook, Instagram, WhatsApp and Messenger, on Wednesday detailed how he intended to change the essential nature of social media. Instead of encouraging users to publicly post material, he said he would focus on private and encrypted communications, in which users message mostly smaller groups of people they know. Unlike publicly shared posts that are kept as users’ permanent records, the communications could also be deleted after a certain period of time.

He said Facebook would achieve the shift partly by integrating Instagram, WhatsApp and Messenger so that users worldwide could easily message one another across the networks. In effect, he said, Facebook would change from being a digital town square to creating a type of “digital living room,” where people could expect their discussions to be intimate, ephemeral and secure from outsiders.
facebook  business  advertising  privacy  security  software  socialmedia  socialnetworking 
march 2019 by jtyost2
CSS Remedy
Start your project with a remedy for the technical debt of CSS.A gift to you from Mozilla Developer Outreach. This project is just getting started. It's too…
css  software  webdevelopment  webdesign  framework 
march 2019 by jtyost2
The Latest in Creepy Spyware - Schneier on Security
The Latest in Creepy Spyware The Nest home alarm system shipped with a secret microphone , which -- according to the company -- was only an accidental secret :…
hardware  technology  software  security  privacy 
march 2019 by jtyost2
Volvo is limiting its cars to a top speed of 112 mph - The Verge
Volvo announced on Monday that it will be limiting the top speed on all of its vehicles to 180 km/h (112 mph) in a bid to reduce traffic fatalities. The new speed limit will be implemented on all model year 2021 cars, the company said.
volvo  safety  technology  hardware  software  automotive 
march 2019 by jtyost2
I held the future in my hands, and it was foldable
Huawei’s zealousness about keeping journalists’ hands off its new Mate X foldable phone slipped a little today, and I got to hold and fold it for myself. The…
hardware  technology  software  mobile 
february 2019 by jtyost2
Password Managers: Under the Hood of Secrets Management - Independent Security Evaluators
All password managers we examined sufficiently secured user secrets while in a ‘not running’ state. That is, if a password database were to be extracted from disk and if a strong master password was used, then brute forcing of a password manager would be computationally prohibitive.

Each password manager also attempted to scrub secrets from memory. But residual buffers remained that contained secrets, most likely due to memory leaks, lost memory references, or complex GUI frameworks which do not expose internal memory management mechanisms to sanitize secrets.

This was most evident in 1Password7 where secrets, including the master password and its associated secret key, were present in both a locked and unlocked state. This is in contrast to 1Password4, where at most, a single entry is exposed in a ‘running unlocked’ state and the master password exists in memory in an obfuscated form, but is easily recoverable. If 1Password4 scrubbed the master password memory region upon successful unlocking, it would comply with all proposed security guarantees we outlined earlier.

This paper is not meant to criticize specific password manager implementations; however, it is to establish a reasonable minimum baseline which all password managers should comply with. It is evident that attempts are made to scrub and sensitive memory in all password managers. However, each password manager fails in implementing proper secrets sanitization for various reasons.
security  privacy  software  password 
february 2019 by jtyost2
Laravel 5.8 Blade Template File Path
February 23, 2019 / Paul Redmond Compiled blade templates in Laravel 5.8 will include the blade template path thanks to a contribution from Olga Strizhenko…
laravel  php  software  laravel58 
february 2019 by jtyost2
You Give Apps Sensitive Personal Information. Then They Tell Facebook.
Millions of smartphone users confess their most intimate secrets to apps, including when they want to work on their belly fat or the price of the house they…
facebook  privacy  legal  ethics  technology  software 
february 2019 by jtyost2
Rough Cut: Stop Giving Away Your Greatest Advantage at Work
Stakeholders don't trust programmers in part because programmers have trained stakeholders to expect substandard, low-quality work delivered late and with a fight at every turn. Or so it seems to me. On the other hand, programmers don't trust stakeholders in part because stakeholders have trained programmers to expect far too many unrealistic demands, delivered harshly, under threat of some kind of enforcement including, but not limited to, being fired. It feels like a terribly unequal relationship.

Even if we ignore all this, programmers' work looks mysterious to stakeholders. They literally cannot—in many cases—understand what the programmers do. Moreover, the programmers can't point to a physical object and say, "There is my work." The intangible nature of the work makes it harder for the average person to contemplate and the (generally) complicated nature of the work makes it tedious to inspect for problems. If I didn't understand programming, then I'd feel really worried about the imbalance: once we agree to start a project and I invest my money, the programmer holds all the leverage. I can only hope for the best.

It reminds me a lot of working with building contractors. I can inspect their work, but for much of it, I simply have to trust that the contractor is making decisions in our mutual best interest. I can notice when things slow down or go wrong, but I have a hard time arguing with their justifications. At some point, I have to trust them and hope for the best, and that frightens me when I decide to invest two years' household profit into a single project!
software  programming  softwareengineering 
december 2015 by jtyost2
Sustainable Open Source
So much of our work and infrastructure depends on Open Source, and it’s time we took the people doing this work as seriously as as the highly financed startups and corporations that depend on of all this freely available work.
opensource  software  culture  politics 
november 2015 by jtyost2
Left a good job in the city
The conventional solution to a labor supply crunch is to offer to pay people more money. But here's the problem. A person with the skills that a high-flying tech company is looking for has plenty of perfectly good employment options outside the realm of high-flying tech companies. Lots of companies are looking to employ computer programmers, and lots of those companies aren't engaged in the same kind of frenetic competition as the high-fliers. Yes, they won't pay you as much. But you'd work shorter, less-intense hours and likely live in a cheaper city with shorter commutes. And you'd still be making a very decent living.

It's just not clear that there's any amount of money you could really pay an already comfortable person with a family to switch into a role that requires 70-hour workweeks. Worse than that, if someone was clearly reluctant to go switch into your more-demanding job, you would be reluctant to tempt him into it with an insane salary offer -- worrying that he wouldn't really have his heart in it and would end up being a drain on team morale.

By the same token, the premium placed on long working hours leads to placing a premium on "culture" and morale which tends, in practice, to mean a homogeneous workplace. When people are in the office all the time, they need to be buddies which further narrows down your pool of workers. Last but by no means least, someone with the combination of skills and work-appetite to thrive in a high-flying environment is likely going to want to go and found his own company. And the more money you pay him, the quicker you are simply putting him in a position to quit!

This whole dynamic is going to look to employers and their funders like a skills shortage, but it's also not going to generate skyrocketing wages.
software  engineering  softwareengineering  employment  economics  business  startup  culture 
november 2015 by jtyost2
WPO Stats
Case studies and experiments demonstrating the impact of web performance optimization (WPO) on user experience and business metrics.
webdesign  webdevelopment  software  softwaredesign  softwareengineering  optimization  performance 
november 2015 by jtyost2
Approaching coding style rationally - Matthieu Napoli
In the end we only had a look at 5 actual examples, but I want to stress that the main point of this article is:

it’s possible to think about coding style logically
sometimes doing so forces us to challenge our habits
when unsure or dubious: just try
If you need to vent off on how some of this is stupid and ugly, there’s a comment box below. I would also be happy to hear about practices you tried and you liked!
software  programming  softwareengineering 
november 2015 by jtyost2
Own a Vizio Smart TV? It’s Watching You - ProPublica
TV makers are constantly crowing about the tricks their smart TVs can do. But one of the most popular brands has a feature that it’s not advertising: Vizio’s Smart TVs track your viewing habits and share it with advertisers, who can then find you on your phone and other devices.

The tracking — which Vizio calls “Smart Interactivity” — is turned on by default for the more than 10 million Smart TVs that the company has sold. Customers who want to escape it have to opt-out.

In a statement, Vizio said customers’ “non-personal identifiable information may be shared with select partners … to permit these companies to make, for example, better-informed decisions regarding content production, programming and advertising.”

Vizio’s actions appear to go beyond what others are doing in the emerging interactive television industry. Vizio rivals Samsung and LG Electronics only track users’ viewing habits if customers choose to turn the feature on. And unlike Vizio, they don’t appear to provide the information in a form that allows advertisers to reach users on other devices.

Vizio’s technology works by analyzing snippets of the shows you’re watching, whether on traditional television or streaming Internet services such as Netflix. Vizio determines the date, time, channel of programs — as well as whether you watched them live or recorded. The viewing patterns are then connected your IP address - the Internet address that can be used to identify every device in a home, from your TV to a phone.

IP addresses can increasingly be linked to individuals. Data broker Experian, for instance, offers a “data enrichment” service that provide “hundreds of attributes” such as age, profession and “wealth indicators” tied to a particular IP address.
privacy  technology  software  Vizio  television  media 
november 2015 by jtyost2
Mobile App Developers are Suffering
These types of mathematical relationships are called a power laws, and are often used to explain the phenomena behind the 80/20 rule (80 percent of the value is centralized in 20 percent of the distribution). More generally, a power law will explain why value is centralized to a small distribution of the ecosystem.

The app ecosystem has an extremely harsh power law where app adoption and monetization are heavily skewed towards the top few apps. It’s nowhere near 80/20. In fact, it appears to be more like 99% of the value is centralized to the top 0.01%. Let’s call it the app store 99/0.01 rule.

This would indicate that the App Store became saturated back in 2008 when we hit 1000 apps.
software  technology  mobile  research  statistics 
november 2015 by jtyost2
Apple patent case: Wisconsin university wins huge damages - BBC News
A US jury has ordered technology giant Apple to pay more than $234m (£152m) in damages for patent infringement.
The Wisconsin Alumni Research Foundation, the patent licensing arm of the University of Wisconsin-Madison, said the verdict was important to guard its inventions from unauthorised use.
The jury had earlier decided that Apple incorporated patented microchip technology into some iPhones and iPads without permission.
Apple said it would appeal.
The company declined to comment further.
The amount was less than the foundation had claimed. It had originally sought as much as $862m.
The sum was lower in part because the judge ruled that Apple had not wilfully infringed the patent.
University of Wisconsin-Madison computer sciences professor Gurindar Sohi, one of the inventors of the microchip technology - designed to boost the performance of computer processors - was in the federal court in Madison, Wisconsin, for the decision.
"For Dr Sohi, I hope you felt that your invention was vindicated,'' US District Judge William Conley said.
legal  technology  patent  apple  software 
october 2015 by jtyost2
Volkswagen facing multiple US probes - BBC News
Volkswagen is facing multiple investigations in the United States, including, reports say, a criminal probe from the Department of Justice.
They follow an admission by VW that it deceived US regulators during exhaust emissions tests.
A DoJ criminal investigation would be serious, as federal authorities can bring charges with severe penalties against a firm and individuals.
Late on Tuesday New York state's top lawyer announced an investigation.
New York Attorney General Eric Schneiderman said he will collaborate with other states to enforce consumer and environmental law.
"No company should be allowed to evade our environmental laws or promise consumers a fake bill of goods," Mr Schneiderman said in a statement announcing the probe.
Meanwhile the Environmental Protection Agency and the California Air Resources Board are investigating the way VW cheated tests to measure the amount of pollutants coming from its diesel cars.
Volkswagen said 11 million vehicles worldwide are involved and it is setting aside €6.5bn (£4.7bn) to cover costs of the scandal.
According to Bloomberg and AFP, the Department of Justice is looking into the issue, which raises the possibility of the company and individual executives facing criminal charges.
However, the DoJ often extracts hefty payments from companies to settle criminal charges.
volkswagen  legal  ethics  environment  software  softwaredesign  regulation  epa  usa  government 
september 2015 by jtyost2
Apple's App Store infected with XcodeGhost malware in China - BBC News
Apple has said it is taking steps to remove malicious code added to a number of apps commonly used on iPhones and iPads in China.

It is thought to be the first large-scale attack on Apple’s App Store.

The hackers created a counterfeit version of Apple’s software for building iOS apps, which they persuaded developers to download.

Apps compiled using the tool allow the attackers to steal data about users and send it to servers they control.

Cybersecurity firm Palo Alto Networks - which has analysed the malware dubbed XcodeGhost - said the perpetrators would also be able to send fake alerts to infected devices to trick their owners into revealing information.

It added they could also read and alter information in compromised devices’ clipboards, which would potentially allow them to see logins copied to and from password management tools.
china  usa  encryption  privacy  security  ios  hardware  software  xcode 
september 2015 by jtyost2
WTF, Volkswagen? | Mother Jones
This goes far beyond most safety issues with cars. Whether we like it or not, car manufacturers always face tradeoffs between cost and safety. Having those conversations is a normal part of engineering life. Even in infamous case like the Pinto gas tank, what you have is a normal conversation that went way overboard. As bad as it is, it's understandable that stuff like this happens occasionally.

But that's not what this is. There was no cost involved. In fact, writing the code to do this cost Volkswagen money. Nor was it something that took place just among a small group of product managers with bad incentives. This was coldly premeditated. It required substantial testing to make it work right. It happened across not just different models, but across two different nameplates. It lasted for six years until it was discovered. And it was done not as a tradeoff of some kind, but solely to make the car peppier during test drives so that VW could sell more diesel models.

How far up does this go? It's hard to believe it doesn't go up pretty far. And it must have left behind a significant paper trail. So what's next? Given the calculated nature of the crime, and the fact that it almost certainly killed people, Kleiman doesn't think civil fines are enough:
legal  ethics  environment  epa  regulation  government  business  volkswagen  software 
september 2015 by jtyost2
Drone Self-Defense and the Law - Schneier on Security
Law enforcement can deploy these technologies, but under current law it's illegal to shoot down a drone, even if it's hovering above your own property. In our society, you're generally not allowed to take the law into your own hands. You're expected to call the police and let them deal with it.

There's an alternate theory, though, from law professor Michael Froomkin. He argues that self-defense should be permissible against drones simply because you don't know their capabilities. We know, for example, that people have mounted guns on drones, which means they could pose a threat to life. Note that this legal theory has not been tested in court.

Increasingly, government is regulating drones and drone flights both at the state level and by the FAA. There are proposals to require that drones have an identifiable transponder, or no-fly zones programmed into the drone software.

Still, a large number of security issues remain unresolved. How do we feel about drones with long-range listening devices, for example? Or drones hovering outside our property and photographing us through our windows?

What's going on is that drones have changed how we think about security and privacy within our homes, by removing the protections we used to get from fences and walls. Of course, being spied on and shot at from above is nothing new, but access to those technologies was expensive and largely the purview of governments and some corporations. Drones put these capabilities into the hands of hobbyists, and we don't know what to do about it.

The issues around drones will get worse as we move from remotely piloted aircraft to true drones: aircraft that operate autonomously from a computer program. For the first time, autonomous robots -- with ever-increasing intelligence and capabilities at an ever-decreasing cost -- ­will have access to public spaces. This will create serious problems for society, because our legal system is largely based on deterring human miscreants rather than their proxies.

Our desire to shoot down a drone hovering nearby is understandable, given its potential threat. Society's need for people not to take the law into their own hands­ -- and especially not to fire guns into the air­ -- is also understandable. These two positions are increasingly coming into conflict, and will require increasing government regulation to sort out. But more importantly, we need to rethink our assumptions of security and privacy in a world of autonomous drones, long-range cameras, face recognition, and the myriad other technologies that are increasingly in the hands of everyone.
technology  software  privacy  security  legal  usa  government  faa  regulation  police  drone 
september 2015 by jtyost2
iPhones, the FBI, and Going Dark. - Lawfare
Or perhaps (putting on an oh-so-fashionable tin-foil fedora) this is all a fraudulent dance between Apple and the FBI, as Apple simply doesn't want to admit that they are already tapping iMessage for the FBI or NSA and so simply want the Washington DC noise machine to obscure this architectural defect that makes iMessage anything but "end-to-end secure" lest any other intelligence or police agency demand similar access.

I still like iPhones, I still use and recommend iPhones, and iMessage remains perhaps the best usable covert communication channel available today if your adversary can’t compromise Apple.  Yet setting up a iPhone properly is no easy task and if one desires confidentiality, I think the only role for iMessage is instructing someone how to use Signal.
apple  security  iphone  technology  hardware  software  encryption  cryptography 
september 2015 by jtyost2
Putting on the shipping goggles
One of the biggest challenges of shipping a product is knowing when to put on the shipping goggles.

The shipping goggles make you less sensitive to little nits and scrapes and things that might be able to be a little bit better, but really don’t need to be right now. Stuff that we could tweak, but really shouldn’t be grabbing our attention given all the other high value bits we need to hit.

It’s sort of like squinting – you lose the detail, but you can still see the overall big picture shape, form, and function. Your peripheral vision shrinks, but the center is still bright. Knowing when to squint is a good thing to know.

It’s not that the details don’t matter. They do, but details aren’t fixed – they’re relative. And of course any time you talk about details mattering, you’re speaking in very broad generalizations. Some matter, some don’t. Some never matter, some matter later, but not now. And some really matter now and can’t wait for later. Like everything, there are varying degrees.

Part of training yourself to ship is to recognize what details are really worth nitpicking and when. There are no hard and fast rules here – it just takes judgement and experience. These are skills that build over time. Once you’ve been around it for a while you tend to improve your sensitivity to what’s worth doing before you ship and what can wait until later.
software  softwaredesign  programming  business 
september 2015 by jtyost2
And so it begins
The battle lines are defined. Will people disable their content blockers so they can access CNET’s content? Other sites are following the same path as CNET. Many are not. Is solidarity required here? Will this strategy work unless all, or at least most sites block content blockers?
advertising  business  technology  software  ios  hardware  media  journalism 
september 2015 by jtyost2
Apple and Other Tech Companies Tangle With U.S. Over Access to Data
In an investigation involving guns and drugs, the Justice Department obtained a court order this summer demanding that Apple turn over, in real time, text messages between suspects using iPhones.

Apple’s response: Its iMessage system was encrypted and the company could not comply.

Government officials had warned for months that this type of standoff was inevitable as technology companies like Apple and Google embraced tougher encryption. The case, coming after several others in which similar requests were rebuffed, prompted some senior Justice Department and F.B.I. officials to advocate taking Apple to court, several current and former law enforcement officials said.

While that prospect has been shelved for now, the Justice Department is engaged in a court dispute with another tech company, Microsoft. The case, which goes before a federal appeals court in New York on Wednesday and is being closely watched by industry officials and civil liberties advocates, began when the company refused to comply with a warrant in December 2013 for emails from a drug trafficking suspect. Microsoft said federal officials would have to get an order from an Irish court, because the emails were stored on servers in Dublin.

The conflicts with Apple and Microsoft reflect heightened corporate resistance, in the post-Edward J. Snowden era, by American technology companies intent on demonstrating that they are trying to protect customer information.

“It’s become all wrapped up in Snowden and privacy issues,” said George J. Terwilliger III, a lawyer who represents technology companies and as a Justice Department official two decades ago faced the challenge of how to wiretap phone networks that were becoming more digital.

President Obama has charged White House, Homeland Security and cybersecurity officials, along with those at the Justice Department, the F.B.I. and the intelligence agencies, with proposing solutions to the technology access issue. They are still hashing out their differences, according to law enforcement and administration officials.
legal  cryptography  lawsuit  usa  technology  software  hardware  business  apple  microsoft  email  privacy  freedom  freedomfromsearchandseizure  warrant  government 
september 2015 by jtyost2
Partnership Boosts Users Over China’s Great Firewall
It is one of the best-guarded borders in the world, and one of the most time-consuming to cross. Yet in the past few months, a new agreement has let people speed over it billions of times.

The border is the digital one that divides China from the rest of the world. It is laden with inefficiencies and a series of filters known as the Great Firewall, which slows Internet traffic to a crawl as it travels into and out of China.

Now, a partnership between an American start-up and a Chinese Internet behemoth has created a sort of fast lane to speed traffic across the border. In the process, the two companies are establishing a novel business model with implications for other American technology firms looking to do business in China’s politically sensitive tech industry.

The partnership, signed in July 2014, is between CloudFlare, a security company based in San Francisco, and Baidu, China’s equivalent of Google. Using a mixture of CloudFlare’s web traffic technology and Baidu’s network of data centers in China, the two created a service that enables websites to load more quickly across China’s border. The service, called Yunjiasu, began operating in December. It has a unified network that makes foreign sites more easily accessible in China, and allows Chinese sites to run in destinations outside the country.

At the heart of the arrangement is an unusual structure known as a virtual joint venture. Under that arrangement, CloudFlare does not actually operate in China. Instead, CloudFlare cooperates primarily from afar as Baidu runs the business in China.

Baidu and CloudFlare’s virtual joint venture relies on a principle generally considered anathema to foreign companies looking to do business with China: trust. CloudFlare transferred its intellectual property that is used to manage and speed up Internet traffic to Baidu and works closely with its engineers to run that technology on Baidu’s network in China. The two share revenue from the service.

The virtual joint venture could prove to be a new model for American tech firms that are considering doing business in the delicate areas of China’s tech industry. Companies including Uber, LinkedIn and Airbnb have recently sought to expand in China by using the political connections and sway of Chinese investors to clear a path to opening and running their own businesses there. Yet because of the Chinese government’s preoccupation with how the Internet is run and controlled within its borders, that was not an option for CloudFlare and Baidu.
china  internet  technology  software  business 
september 2015 by jtyost2
The Security Risks of Third-Party Data - Schneier on Security
Right now, you can search the Ashley Madison database for any e-mail address, and read that person’s details. You can search the Sony data dump and read the personal chatter of people who work for the company. Tempting though it may be, there are many reasons not to search for people you know on Ashley Madison. The one I most want to focus on is context. An e-mail address might be in that database for many reasons, not all of them lascivious. But if you find your spouse or your friend in there, you don’t necessarily know the context. It’s the same with the Sony employee e-mails, and the data from whatever company is doxed next. You’ll be able to read the data, but without the full story, it can be hard to judge the meaning of what you’re reading.

Even so, of course people are going to look. Reporters will search for public figures. Individuals will search for people they know. Secrets will be read and passed around. Anguish and embarrassment will result. In some cases, lives will be destroyed.

Privacy isn’t about hiding something. It’s about being able to control how we present ourselves to the world. It’s about maintaining a public face while at the same time being permitted private thoughts and actions. It’s about personal dignity.

Organizational doxing is a powerful attack against organizations, and one that will continue because it’s so effective. And while the network owners and the hackers might be battling it out for their own reasons, sometimes it’s our data that’s the prize. Having information we thought private turn out to be public and searchable is what happens when the hackers win. It’s a result of the information age that hasn’t been fully appreciated, and one that we’re still not prepared to face.
privacy  security  technology  software  hardware 
september 2015 by jtyost2
16GB is a Bad User Experience - David Smith
What worries me more than anything about this situation is that it is a deliberate choice. When bugs emerge in software or defects surface in hardware they are the unintentional result of mistakes made during the creation of a product. While not desirable, they are much easier to excuse as the inevitable side effect of the process of creation.

The storage capacities of iPhones aren’t a side effect, they are a choice. I cannot begin to imagine the amount of discussion, research and thought that Apple has put into the capacities of their headline product. I’m sure bumping up the base model to 32GB would cost the company more and so by holding the line at 16GB for another year they will increase their profits. This near term benefit will surely help their balance sheet in their next earnings call but comes at the cost of the day-to-day experience of some of their customers.

In the end Apple has decided to continue offering a product that will almost inevitably fail their customer at some point, and potentially fail them at a moment of deep personal importance. That makes me sad, and as someone who makes my living riding their coattails, worried about the long term effects of this short term thinking. Maybe it is just sentimentality but those aren’t the priorities that I think Apple stands for.
iphone  hardware  software  apple 
september 2015 by jtyost2
« earlier      
per page:    204080120160

Copy this bookmark:





to read