Sunday, October 5, 2014

Boot Up: Ellison era ends, Toshiba PC retreat, Apple's missing canary

A burst of 9 links for you to chew over, as picked by the Technology team

Larry Ellison has agreed to step down as chief executive officer at Oracle (ORCL), ending one of the most entertaining and profitable runs for a leader in business history.

Oracle announced Ellison's departure via a press release delivered on Thursday afternoon after the close of U.S. financial markets. The company said that Ellison will remain chairman of Oracle's board and take on the role of chief technology officer. Mark Hurd and Safra Catz, both presidents at Oracle, will each inherit the CEO title. Catz will remain as chief financial officer as well.

Era. Over.

While demand for the latest generation iPhone seems even bigger than expected, just a slice of those consumers looking to purchase the iPhone 6 plan to buy an Apple Watch next year, a new survey shows.

RBC Capital Markets raised its fourth quarter and fiscal-year 2015 estimates on Apple  Wednesday after a survey of 6,000 individuals indicated strong demand for both the iPhone 6 and pricier iPhone 6 Plus.

"Post our survey, we think not just demand for iPhone 6 is robust, but the [average selling price] move could be significant," the analyst group led by RBC Capital Markets' Amit Daryanani said.

RBC lifted its price target on Apple to $114 from $110 previously. Shares of the Cupertino tech giant were up 0.44% to $101.28 in recent trade.

However, just 11% of those consumers said they plan to buy Apple's most innovative new product since the iPad when the Apple Watch hits store shelves in 2015, while just 16% said they intend on utilizing Apple Pay when it rolls out in October.

Also:

Roughly 27% of the respondents who indicated intent to purchase an iPhone are new to Apple's ecosystem, with a majority switching over from Google's Android.

Japan's Toshiba said it would cut 900 jobs in a restructuring of its PC business that will include an exit from business-to-consumer operations in some regions.

The Japanese electronics conglomerate expects the PC restructuring to cut operating profit by 45bn yen ($414m) but did not change its earnings forecast for the current year to March, as better-than-expected earnings in electricity and other operations offset the impact.

Here's the press release. Wait for the other shoe to drop.

The next generation of Google's Android operating system, due for release next month, will encrypt data by default for the first time, the company said Thursday, raising yet another barrier to police gaining access to the troves of personal data typically kept on smartphones.

Android has offered optional encryption on some devices since 2011, but security experts say few users have known how to turn on the feature. Now Google is designing the activation procedures for new Android devices so that encryption happens automatically, meaning only authorized users will be able to see the pictures, videos and communications stored on those smartphones.

Good.

The more muted reception of iOS 8 in these early stages is likely due to several confounding factors. Perhaps most importantly, the pool of iPhones eligible to upgrade to iOS 8 is limited to iPhone 5S, 5C, 5, and 4S models, and many outlets have suggested that iPhone 4S users should not upgrade due to subsequent performance and functionality issues. If most 4S users decide to stick with their current OS, then the maximum potential adoption of iOS 8 shrinks to just over 65% of the North American iPhone user base who use iPhone 5-type models.

It's also 1.2GB and needs 5GB for installation; iOS 7 was 665MB, needed 2.9GB.

When Apple published its first Transparency Report on government activity in late 2013, the document contained an important footnote that stated:

"Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us."

Writer and cyber-activist Cory Doctorow at the time recognized that language as a so-called "warrant canary," which Apple was using to thwart the secrecy imposed by the Patriot Act.

Warrant canaries are a tool used by companies and publishers to signify to their users that, so far, they have not been subject to a given type of law enforcement request such as a secret subpoena. If the canary disappears, then it is likely the situation has changed — and the company has been subject to such request.

Now, Apple's warrant canary has disappeared.

Michele Spagnuolo, Federico Maggi, and Stefano Zanero:

In this paper we present a modular framework, BitIodine, which parses the blockchain, clusters addresses that are likely to belong to a same user or group of users, classifies such users and labels them, and finally visualizes complex information extracted from the Bitcoin network. BitIodine labels users (semi-)automatically with information on their identity and actions which is automatically scraped from openly available information sources.

BitIodine is a terrific resource if you're trying to investigate bitcoin dealings.

Ross Rubin:

Steve Jobs had said in the summer of 2010 that nobody would want to buy a big phone and compared jumbo smartphones to the now-defunct Hummer SUVs. Senior Apple exec Phil Schiller said last year that it wasn't clear that NFC (near field communications), seen by some as a promising technology for mobile payments, wasn't the solution to any problem.

And now the company has embraced those former pariahs. These reversals were just the latest in a long line of reversals of direction for Apple, which also once shunned Intel processors and SD cards in Macs, and kept video off the iPod line for many years after it appeared on competitive devices.

Was Apple wrong? Did it change its mind? Can we just not trust its stated intentions?

There are 886m active mobile subscriptions in India, giving the country a cellular penetration rate of 70%. However, relatively few Indians use those phones to go online: India has 243 million Internet users, a penetration rate of 19%, according to a July report by We Are Social.

About three-quarters of those Internet users rely on their mobile phones to go online, and if Google is right, the gap between mobile subscriptions and web use should narrow quickly. The company [on Monday] unveiled new low-cost smartphones for the Indian market to take advantage of a shift to the mobile Internet. "We expect India to be the second-largest Internet market by 2017," Sundar Pichai, Google's senior vice president, said at the announcement in New Delhi, Bloomberg News reports. "And it's happening due to mobile."

Google's Android One phones will likely create even more headaches for executives at Samsung Electronics. The Korean company is no longer India's top mobile phone brand, having fallen behind Micromax. Samsung now has 14.4% of the Indian market for all mobile phones (including old-fashioned feature phones), compared with Micromax's 16.6%, according to Counterpoint Research.

You can follow Guardian Technology's linkbucket on Pinboard

To suggest a link, either add it below or tag it with @gdntech on the free Delicious service.


View the original article here

Guardian evening seminar - The Future of Secure Mobility

The event will focus on the future of mobile security. The event will focus on the future of mobile security. Photograph: PAWEL KOPCZYNSKI/REUTERS

The Guardian is opening its doors on Monday 29 September from 5:30pm - 9:00pm for a lively debate around the future challenges of securing mobile technologies for business - and you can be there.

The event will be hosted by award winning security journalist Thomas Brewster and will include a panel of leading technology and security experts including Neal Watkins, vice president of product management & development at Symantec, Sanjeev Skukla, director, cyber security consulting at Accenture and Gavin Franks, general manager of enterprise at Telefonica.

The panel will investigate how businesses are using mobile technologies to transform their business processes and make them more efficient whilst also protecting themselves against data leakage and malware attack.

The kind of questions we will be exploring during the session are:

How can you access corporate data securely?

How can you create an enterprise ‘App Store’ without compromising the native experience?

How can you provide secure alternatives to consumer apps that can form a protected workspace on the device?

Where and when is the event?

The event will be held at the Guardian head office at Kings Place, 90 York Way, London N1 9GU on 29 September 2014

A report of the event will be published in the technology section of The Guardian on Monday 13 October 2014, summarising the outcomes of the discussion and profiling the participants. The report will also be published online on the same date on the Secure + Protect Hub.

You can register to attend the event by following this link.


View the original article here

Privacy technology everyone can use would make us all more secure

Shadows of members of a panel are seen on a wall before a meeting about the Simply Secure aims to revamp the user interface of the internet’s favorite privacy tools. Photograph: ANDREA COMAS/Reuters

Internet privacy tools have an unfortunate but well-deserved reputation for being technically difficult and bothersome. There’s a persistent story that says that there is an intrinsic, irreducible complexity to the problem of keeping your communications from being snooped on and keeping your data from leaking that makes it the exclusive domain of spies and the professionally paranoid.

I don’t believe it. I think that the real reason that privacy is so user-unfriendly is that the case for privacy is intensely technical. The privacy risks presented by everyday internet use involve subtle and esoteric principles – understanding the risks of having your computer turned into a node in a botnet; or having its passwords harvested; or having your search- and browser-history logged and used against you (either to compromise you directly, or in use for attacks on your password-recovery questions); and having your metadata mined and joined up in ways that reveal your deepest secrets or result in false, incriminating, and hard-to-refute accusations being made against you, potentially costing you the ability to get credit, board an airplane, or even walk around freely.

You don’t need to be a technical expert to understand privacy risks anymore. From the Snowden revelations to the daily parade of internet security horrors around the world – like Syrian and Egyptian checkpoints where your Facebook logins are required in order to weigh your political allegiances (sometimes with fatal consequences) or celebrities having their most intimate photos splashed all over the web.

The time has come to create privacy tools for normal people – people with a normal level of technical competence. That is, all of us, no matter what our level of technical expertise, need privacy. Some privacy measures do require extraordinary technical competence; if you’re Edward Snowden, with the entire NSA bearing down on your communications, you will need to be a real expert to keep your information secure. But the kind of privacy that makes you immune to mass surveillance and attacks-of-opportunity from voyeurs, identity thieves and other bad guys is attainable by anyone.

I’m a volunteer on the advisory board for a nonprofit that’s aiming to do just that: Simply Secure (which launches Thursday at simplysecure.org) collects together some very bright usability and cryptography experts with the aim of revamping the user interface of the internet’s favorite privacy tools, starting with OTR, the extremely secure chat system whose best-known feature is “perfect forward secrecy” which gives each conversation its own unique keys, so a breach of one conversation’s keys can’t be used to snoop on others.

More importantly, Simply Secure’s process for attaining, testing and refining usability is the main product of its work. This process will be documented and published as a set of best practices for other organisations, whether they are for-profits or non-profits, creating a framework that anyone can use to make secure products easier for everyone.

Technical people need our non-technical friends to adopt good privacy practices. Every communications session has at least two parties, the sender and the recipient(s), and your privacy can leak out of either end of the wire. It doesn’t matter if I keep all my email offline, encrypted on my laptop, if it all ends up in the inboxes of people who leave it sitting on Gmail’s servers.

So this is critical, and not just for “normal people”. Even technically sophisticated people often find it difficult to follow security protocol in their own communications and computing. Things that aren’t usable just don’t get used. Making crypto as easy as your favourite websites and apps is the only way to make privacy a reality for everyone.

This is also critical, even for people who aren’t worried about their private lives spilling over into the databases of big corporations, spies, voyeurs and identity thieves. If you were lucky enough to be born with the unearned privilege of having “nothing to hide”, then you owe it to your children, brothers, sisters, parents, and friends who don’t have your good fortune to help provide cover for them: if the only people maintaining their privacy are the people with “something to hide”, then figuring out whose health, political beliefs, sexual orientation or other personal details are sensitive is just a matter of presuming the guilt of anyone who tries to protect her privacy.

In the days before the desktop publishing revolution, all the tools for setting type assumed a huge body of highly technical knowledge and skill. It’s true that beautiful, high-spec typesetting still requires this knowledge and skill. But between beautiful, professional-grade design and hand-written scribbled notes are a huge range of typesetting possibilities, things that were once the domain of skilled experts are now possible for virtually anyone to attain. Making privacy technology usable by anyone makes everyone more secure.

Bottom line: your computer should do what you ask of it. Asking it to keep your private information private is a reasonable request.


View the original article here

Boot Up: Google+ optional, iPhone benchmarked, Phones4U by an insider

A barrel of 10 links for you to chew over, as picked by the Technology team

While we're still working on the full review, I want to get out some preliminary results for the iPhone 6. For now, this means some basic performance data and battery life, which include browser benchmarks, game-type benchmarks, and our standard web browsing battery life test. There's definitely a lot more to talk about for this phone, but this should give an idea of what to expect in the full review. To start, we'll look at the browser benchmarks, which can serve as a relatively useful proxy for CPU performance.

If you like benchmarks, here are some.

Rumours of the decoupling of Google+ and Gmail first surfaced in the spring. Google, unsurprisingly, hasn't exactly gone out of its way to shout about the change from the rooftops, instead choosing to quietly shelve the mandatory integration which had previously been in place since 2012. Although the change means that new Gmail users will no longer be forced to sign up for Google+, they'll still have the option to do so, as you can see in the image above.

Conscious uncoupling?

Paul Thurrott:

Regarding the camera, I went to Twitter yesterday and foolishly announced that "it's easily and readily apparent that the iPhone 6 Plus camera is no match for the Lumia 1020, 1520 or Icon/930." I'd like to clarify that statement now. I was referring to overall camera quality there: With their superior 41 megapixel (Lumia 1020) and 20 megapixel (Lumia 1520, Icon/930) cameras, Microsoft's high-end Lumia handsets can produce better photos than can the iPhone 6. But camera quality isn't just about picture quality. And the iPhone 6 Plus's camera in particular can take excellent photos while offering a number of advantages over the high-end Lumias. In fact, it's pretty clear that the iPhone 6 Plus is the better overall choice for most people.

Gregg Keizer:

Essentially, iCloud Drive is Apple's response to Dropbox and other services, which show the cloud-based storage and its files in an OS's file manager.

When users upgrade to iOS 8 today and after, they'll be offered to update iCloud's current storage structure to iCloud Drive. (Anyone who has tried OS X Yosemite, either the developer previews or the public beta, has seen the same message.) Several iOS app developers told their customers not to take Apple up on the iCloud Drive offer, as doing so will make it impossible to synchronize with their apps on devices not running iOS 8, or with Macs running OS X Mavericks or earlier.

Mavericks is the current latest production version of OS X.

"When you upgrade to iOS 8, you need to ensure that you choose the right iCloud Drive option to ensure that Clear for iOS continues to sync with Clear for Mac," said Realmac, the maker of the to-do app Clear, in a blog post today. "If you upgrade to iCloud Drive, you will only be able to sync with devices running iOS 8 or OS X Yosemite."

If iCloud Drive isn't backported to Mavericks, it's going to cause problems.

My experience and from others I have spoken to is that the service by Phones4u was abysmal. Having worked at a Phones4u call centre briefly. I can only confirm what I saw to be completely broken. If you weren't buying a new contract today, you would be fobbed off and quickly too. You know you have a broken, strange culture when a sitcom [Phone Shop] can be made about your industry and be cringe-inducingly accurate. Some people who have walked into a Phones4u store will have experienced something out of Phone Shop at some point. The aggressive sales tactics and selfish agenda gave Phones4u the reputation of being a place to avoid. Rightly so. The networks had now got their own slick sales processes in place and knew what tricks they were up against. The public knew it too and joined in with the in-jokes of Phone Shop. Getting locked into high-tariff contracts and being offered insurance that you can cancel in 3 months (so the salesman got their commission). It all happened.

The FBI is investigating death threats and online abuse that Feminist Frequency's Tropes vs Women in Games creator Anita Sarkeesian says drove her out of her home last month, a San Francisco police spokesperson confirmed to Polygon. San Francisco police public information officer Albie Esparza told Polygon that Sarkeesian had filed a report with the police department about the threats she received online and that the police department handed the information to the FBI for investigation. Esparza declined to release any other details, saying that doing so could compromise the investigation or the safety of the victim. He also noted that the FBI is the primary agency handling the case. An FBI spokesman told Polygon that the bureau's policy is to neither confirm nor deny any investigation they may be conducting.

Other parts of the story suggest the FBI is taking a lot of notice of what's going on.

A conflict between Samsung Electronics and LG Electronics is escalating. The row was triggered last week by alleged vandalism by LG executives on Samsung's washers during an industry fair in Berlin, Germany earlier this month. In a new twist, the prosecution said it is investigating allegations that former LG executives pocketed Samsung's confidential air-conditioner business plan related to a government-run project.

It's like something out of a film. Possibly the film that comes on before the film you actually paid to watch.

Shipment volume of global PC systems - comprising of notebooks and desktops - is forecast to reach around 299m units in 2014, down 0.1% on year, according to Market Intelligence & Consulting (MIC). The global PC industry has been bolstered mainly by the PC replacement demand in the commercial market in 2014. Looking at the performance by sector, with the majority of desktop PCs shipped being commercial ones, desktops have played a significant role to bolster global PC shipments in 2014. Global desktop shipment volume is estimated at 130m units in 2014, up 3.1% on year. Though continuing eroded by tablets, the notebook industry has seen its shipment decline slowly in 2014. The notebook shipment volume is anticipated to top around 168m units, down 2.5% on year. Notebooks' share of total PC products is expected to slip to 56.2% in 2014, down from 57.6% in 2013.

Neither Asustek Computer nor Gigabyte Technology is likely to be able to achieve their 5.8m motherboard shipment targets for the third quarter, as demand in China remains weak and the retail channel's orders ahead of China's National Day holidays have been also worse than those of previous years, according market sources. Asustek and Gigabyte are expected to ship around 5.6m motherboards each in the third quarter, the sources said.

Now the PC squeeze is hitting the replacement/self-build business too.

As an article in the new issue of TIME reveals, Bono, Edge, Adam Clayton and Larry Mullen Jr believe so strongly that artists should be compensated for their work that they have embarked on a secret project with Apple to try to make that happen, no easy task when free-to-access music is everywhere (no) thanks to piracy and legitimate websites such as YouTube. Bono tells TIME he hopes that a new digital music format in the works will prove so irresistibly exciting to music fans that it will tempt them again into buying music--whole albums as well as individual tracks. The point isn't just to help U2 but less well known artists and others in the industry who can't make money, as U2 does, from live performance. "Songwriters aren't touring people," says Bono. "Cole Porter wouldn't have sold T-shirts. Cole Porter wasn't coming to a stadium near you."

The point about songwriters is valid (and generally overlooked by those who say "play live gigs!" is the answer), but a new music format? DRM on music keeps failing because people like sharing music. (The article also contains U2's reactions to the social media reaction to their album release.)

You can follow Guardian Technology's linkbucket on Pinboard.


View the original article here

Boot up: clickthroughs measured, new cybersquatters, iPhone 6 display numbers

A screenshot of Quinn's Depression Quest. A screenshot of Zoe Quinn's Depression Quest. Photograph: /Zoe Quinn

A burst of 10 links for you to chew over, as picked by the Technology team

Advanced Web Ranking has released a study showing fresh data on the click-through-rate from Google's organic search results. The data was taken from Google Webmaster Tools Search Queries reports from large accounts back in July 2014.

On average, 71.33% of searches resulted in a page one Google organic click. Page two and three get only 5.59% of the clicks. On the first page alone, the first five results account for 67.60% of all the clicks and the results from 6 to 10 account for only 3.73%.

In 2006, the AOL data showed that the first page got 89% of results. So people may be going further for clicks - or tweaking searches. The new study is available as a PDF (linked in the article.)

Katharine Byrne:

Ultimately, the Amazon Fire Phone is a deeply frustrating and woefully misconceived handset. Apart from being a cynical money-making machine for Amazon, its clunky OS is difficult to use and offers no benefit over Android or iOS. The Dynamic Perspective display is a needless gimmick and its Firefly camera isn't good enough to rival services elsewhere. It's also expensive, even if you do get a free year of Amazon Prime thrown in as a vague sweetener. It's not broken per se, but you should avoid this at all costs.

Oh.

Any business that allows customers to pay with a credit or debit card is also required to adhere to another set of standards known as the PCI security standards. Established by the top players in the payment card industry—VISA, MasterCard, Discover, American Express and JCB International—the standards require businesses to encrypt credit and debit card data any time it's stored on a business's network or crosses the public internet. The standards don't require companies to encrypt card data while it's in transit on the company's own network or as it's sent to an external processing company as long as the data is transmitted over a private network. But smart companies do secure these internal channels anyway to prevent intruders on their internal network from sniffing the data as it travels.

But even when companies encrypt data on their internal network, there are moments in the transaction process when the card data is exposed. During a brief period after the cards are first scanned, the account number and accompanying data sit in the POS system's memory unencrypted while the system determines where to send it for authorization. That's where the RAM scraper comes in.

Fully encrypted contactless payments can't come quickly enough.

Only 11 of the 71 brands (15%) in our research have registered across all four domains (or have them appear on the block/collision list): Apple, Google, Microsoft, Amazon, BMW, Shell, Siemens, iPhone, Rolex, Chanel and Hermes.
56 of the 71 brands (79%) have at least one of their brand-related domains registered by a private individual that do not appear to be associated with the brand.
37 (52%) of the 71 brands have at least two registered by private individuals - suggesting that, despite the popularity of these gTLDs, over half of the brands will have to take defensive moves if they want to regain lost domains.
In the two generic TLDs, 4% of the domains are still available for registration, compared to 29%  in the geo-TLDs. A sign that third-party registrants are looking more towards generics when registering brand terms?

New gTLDs are a boon to registries and those looking to cybersquat, but seriously - when was the last time you used a .info or .aero site intentionally?

The unsealed indictment—which was returned by a federal grand jury in April—alleges that starting in 2011, the four men targeted Microsoft and stole "Log-In Credentials, Trade Secrets, and Intellectual Property pertaining to its Xbox gaming system," specifically the still-in-development Xbox One.

The four men also allegedly turned to Epic Games and used SQL injection attacks "and other incidents of unauthorized access" like stolen passwords to pilfer "unreleased software, source code, and middleware" from the upcoming Gears of War 3 title.

The indictment goes on to say that Valve, Activision, and Zombie Studios were also broken into by the four men throughout 2011. Then the men apparently tried to up their game. "Beginning in or about October 2012, the United States Department of the Army was the victim of unauthorized access to and trespass into one of its protected computer networks that resulted in the theft of confidential data valued at more than $5,000." A Department of Justice press release accused the men of stealing Apache helicopter training software built by Zombie Studios for the US Army.

Eventually, the lulz have to end.

The iPhone 6 uses a 4.7", 1334×750 LTPS (low temperature polysilicon) TFT LCD at 326 ppi (pixels per inch); the panel suppliers are LG Display, Japan Display and Sharp. The iPhone 6 Plus has a 5.5", 1920×1080 LTPS TFT LCD at 400 ppi; the panel suppliers are LG Display and Japan Display. The iPhone 6 panels use several new technologies, such as:

• Negative IPS (in-plane-switching) liquid crystal mode, which enhances contrast ratio
• A thinner color filter with new green elements, which enhances color gamut
• An ultra-slim LGP (light guide plate) in the backlight unit, which reduces thickness
• Two-in-one LED chip package in the backlight unit for higher brightness
• New BEF (brightness enhancement film) structure that combines two films in one, which enables higher brightness and reduced thickness

The use of new technologies and materials in the iPhone 6 displays entail production challenges for the panel makers. Shipments of iPhone 6 panels started at the end of June, and panel makers have been working to improve production stability and yield rate.

The panel makers need to ramp up production quickly, as we estimate that Apple has ordered more than 100m iPhone 6 panels for 2014.

Details apart, there's a prominent name not in that list of panel suppliers - which has been the same since 2012.

Today we're introducing a brand new app to the Office portfolio. Say hello to Sway! Sway is an entirely different way to express yourself and bring your ideas to life. When your ideas are born, you want to explore, visualize and share them—quickly and easily, wherever you happen to be, and on whatever device you have. You want your ideas to be understood. Sway helps you do just that. It's a new way for you to create a beautiful, interactive, web-based expression of your ideas, from your phone or browser. It is easy to share your creation and it looks great on any screen. Your ideas have no borders, edges, page breaks, cells or slides. Your mind is a continuous canvas, and Sway brings this canvas to life. Sway helps you focus on the human part: your ideas and how they relate to each other. Sway takes care of the design work—a Sway is ready to share with the world as soon as it is born.  With today's announcement and Sway Preview, we are just starting our journey with Sway and want you to help us shape its future.

Hard to know if this is the next Google Wave or the new PowerPoint, but you'll definitely be sick of the word "sway" if you read all through the blogpost in one sitting. Invite-only at present.

Simon Parkin:

Depression Quest eschews the usual characteristics of most video games: there is no victorious ending and, as the developers warn in the preamble text, the game "is not meant to be a fun or light-hearted experience." It is, instead, one of a growing number of video games that hopes to broaden the medium's subject matter with depictions of life's darker aspects. That Dragon, Cancer, which will be released later this year, is an autobiographical game about living with a terminally ill child (David Osit and Malika Zouhali-Worrall, the director of "Call Me Kuchu," are filming a documentary about the Green family's journey while the game is in development). In Hush, you play a displaced Darfuri child trying to retrieve water while avoiding janjaweed militia patrols.

This group of games shares few similarities with Super Mario's spatial-reasoning puzzles and Call of Duty's shooting-gallery tests of reaction speed, typical attributes of video games that dominate the medium. Some of the hatred directed at Quinn has come from video-game enthusiasts who think that the darker themes are not suitable for video games, which they believe should be playful and primarily focussed on entertaining.

Rolls the whole topic (including #g_m_rg_t_) into one neat piece. Quinn has, you realise, been going through a quest of her own too.

The Lacoon Mobile Security research team has discovered a new mRAT it calls "Xsser mRAT." The Xsser mRAT specifically targets iOS devices, and is related to Android spyware already distributed broadly in Hong Kong.

A link to the Android spyware, disguised as an app to help coordinate Occupy Central protests in Hong Kong, was sent as an anonymous message to Whatsapp users there on Thursday. In its investigation of that spyware, Lacoon uncovered the Xsser mRAT hosted on the same Command and Control (CnC) domain with the project being named Xsser. Though called Xsser, this is not related to an XSS attack.

Later:

The iOS device needs to be jailbroken in order to be infected. Then with Cydia installed, the repository would be need to be added and then the package could be installed.

The "must be jailbroken" requirement may not be that unusual in Hong Kong and China. (The Android RAT doesn't require the device to have been rooted.) Lacoon reckons it's the work of a "nation state". See if you can think which nation states might want to spy on Hong Kong protesters...

Four years ago to the day, Microsoft sued Motorola over Android. A few days later, Motorola sued Apple. Disputes between Oracle and Google, Apple and HTC, as well as Nokia and Apple were already ongoing. In early October 2010 I decided to focus on smartphone patent disputes (as a blogger and as a consultant). I saw some key IP issues that had to be resolved, and I thought it would take about a year and a half for most of these to be sorted out. A year and a half is roughly the time an ITC investigation used to take.

48 months later, Motorola still hasn't taken an Android patent license from Microsoft, though more than two dozen other companies have. After more than 40 months of litigation, Samsung still hasn't paid Apple a cent. Nor has Motorola, which agreed on a ceasefire with Apple, but not on a license deal. And Oracle v. Google ceased to be patent dispute about two years ago when Oracle decided to rely exclusively on copyright, which worked out so well that Google is now on the losing track and will presumably file a last-resort petition with the Supreme Court next week.

In other words, the smartphone patent wars mostly achieved nothing except bad reputations and embarrassing court disclosures of internal documents. Though Microsoft has benefited handsomely from those licences - which earned more than Windows Phone licensing.

You can follow Guardian Technology's linkbucket on Pinboard

To suggest a link, either add it below or tag it with @gdntech on the free Delicious service.


View the original article here

Boot up: HTC's smartwatch pause, Facebook's video munch, Apple payments

Shenzhen market Shenzhen electronics market. Photograph: Bobby Yip/Reuters

A burst of 9 links for you to chew over, as picked by the Technology team

Stuart Miles:

HTC has abandoned plans to make a smartwatch Pocket-lint has learnt.

Sources familiar with the matter have told us that although the company was planning to launch a smartwatch for customers, it has now abandoned the idea for the time being.

Our source has no official confirmation as to why the project has been ditched, but believes rising costs and a lack of wow factor have played a huge part in the decision.

The watch, which was rumoured to be a reworking of the Qualcomm Toq, clearly hasn't met that expectation.

If this is correct - and Miles has a good track record on HTC stories - then it seems like a wise move. HTC's revenues are still not recovering, so sinking money into a new area that already has a lot of competition (LG, Motorola, Samsung) wouldn't look smart.

We've seen many complaints from people who have been stung with data bills after exceeding their monthly allowance and who believe it to be because of Facebook autoplaying videos (see our Cheap Mobile Broadband and wifi guide for cheap 3G and 4G access).

So we're urging those who use Facebook on their mobiles or tablets to change their settings now to either turn off the auto-play feature, or to set it so videos only auto-play on wifi, to avoid being hit with unexpected data charges. We explain how to do this below.

Warned you of this in December.

David Pierce:

But that's exactly the point: the Moto 360 isn't meant to be used all the time. It's meant to be a delightful and occasional source of useful information, reminding you at the perfect moment of the thing you forgot. You're not supposed to ask Android Wear what's next on your calendar; you're supposed to trust that it'll tell you when you need to know. And that it'll direct you there when it's time to go. All you have to do is say "Okay Google, call a car."

That's why smartwatch hardware is so important. Most of the time you won't be using the Moto 360, yet it's always visible. When it's just hanging on your wrist, it better look and feel good. That's what Motorola is getting at: the Moto 360 isn't something completely new, something you'll use for hours at a time like a phone or tablet. It's a watch. You flick your wrist, check it, and go back to your life. This watch just happens to do more than tell time.

Until, that is, it doesn't do anything at all. That happens about 12 hours after I take the watch off its charger, a cool black wireless dock that the 360 slots into sideways. Motorola says the 360's battery lasts a day, but I haven't seen it last that long yet. I don't expect a smartwatch to last weeks or years, but it ought to be able to last a day and a night no matter how much I use it. My watch now dies before my phone does, and that's unacceptable.

Joanna Stern:

As I wrote earlier this summer, the best thing about Android Wear is Google GOOGL Now — Google's timely and relevant alerts, which are pieced together based on information from my Gmail, calendar, Web searches and other Google interactions. Over the past week, my watch told me to leave for my dinner reservation early because of traffic, informed me my important package had shipped and reminded me about the Yankees-Red Sox game.

As crazy as it seems, I've also gotten quite used to speaking to my watch. It's now second nature for me to say into my wrist "Is it going to rain today?" or "Remind me to move the car in the morning."

But while those short spurts of information are useful, the constant vibrating notifications about new emails, tweets or Facebook friend requests aren't. If I wanted to see every notification on my phone, I'd just hold my phone in my hand all day. Google's director of Android engineering, David Singleton, says his team is working on improvements that will allow for more control over notifications. Bonus: fewer notifications would mean better battery life.

Current battery life: 12 hours. So with doubled battery life, you'd only be charging it once a day.

Tom Noyes is a venture capitalist with a lot of contacts in payment networks and a lot of experience at Citigroup, Wachovia, Nasa, and others:

My predictions

• Apple will have a certified EMV contactless capability from V, MA and Amex in the iPhone 6.
• Apple's contactless is a proprietary architecture, based upon both tokens, and 3 card emulation applications (4 perhaps with Paypal)
• Each Network will act as a Token Service Provider (TSP), with one token in each card emulation application. The TSP specs give this away, per the Spec, the TSP must be approved by issuer and have ability to translate token to Card. Apple may want to be the TSP… but Banks will say no. This solves a BIG problem with card provisioning, with V/MA/Amex already having the "proxy" card/token provisioned in the iPhone, and each bank working with respective network to turn on their card.  This is the Google model, with the networks running the TSP as opposed to Google/TXVIA.
• Apple will not work in iBeacon model at launch, but rather EMV Contactless. You notice I'm not saying NFC.. from a merchants perspective this will look like NFC, and use the NFC protocol, but certainly not from a GSMA NFC perspective. There are no other vendors in this solution beyond Apple and their hardware suppliers (?Broadcom?)

For predictions made in April, these increasingly look amazingly accurate.

Amazon has perhaps 1% of the US retail market by value. Should it stop entering new categories and markets and instead take profit, and by extension leave those segments and markets for other companies? Or should it keep investing to sweep them into the platform? Jeff Bezos's view is pretty clear: keep investing, because to take profit out of the business would be to waste the opportunity. He seems very happy to keep seizing new opportunities, creating new businesses, and using every last penny to do it.

Still, investors put their money into companies, Amazon and any other, with the expectation that at some point they will get cash out.  With Amazon, Bezos is deferring that profit-producing, investor-rewarding day almost indefinitely into the future. This prompts the suggestion that Amazon is the world's biggest 'lifestyle business' - Bezos is running it for fun, not to deliver economic returns to shareholders, at least not any time soon.  

Ed Bott:

Microsoft's hoping its focus on photography will divert attention from the dreaded app gap. There are some genuinely innovative features in the Lumia Denim firmware update available today in the new phones and coming later this year for its current flagship devices. But will selfie-obsessed consumers be drawn to Microsoft's new Lumias?

I asked [Microsft VP sales of mobile Chris] Weber if there's a market-share target that Windows Phone needs to hit before it can be considered a success. "Generally speaking," he replied, "getting to double-digit share in key markets is something we look at." Weber pointed to the fact that Windows Phone has already hit that target in 14 countries, including the UK, but other key markets, notably the US, still lag far behind.

Via @hedgecreep, a blind test conducted over the internet of 24-bit and 16-bit audio on audiophiles. Result: detection not statistically distinguishable from chance.

A great blog to add to your reading if you're interested in in-depth examination of audio.

What was more impressive to me even than the technology were the people that bunnie introduced us to, such as the factory boss, John, and the project managers and engineers. They were clearly hard-working, very experienced, trustworthy and excited about working with bunnie and our friends. They were willing and able to design and try all kinds of new processes to produce things that have never been manufactured before. Their work ethic and their energy reminded me very much of what I imagined many of the founding entrepreneurs and engineers in Japan must have been like who built the Japanese manufacturing industry after the war.

In all of the small factories that we visited, including AQS, the factory workers lived in dorms surrounding the factory and ate together and lived together. All of their living expenses were supported by the factory and their salaries went entirely to savings or disposable income. Also, all of the managers and even the boss lived together with the workers. I'm sure we were picking good factories to visit, but everyone seemed happy, open and very close.

From small factories to big, it's all there.

You can follow Guardian Technology's linkbucket on Pinboard

To suggest a link, either add it below or tag it with @gdntech on the free Delicious service.


View the original article here

Boot up: HTC's Nexus 9, Apple's dead livestream, and Watch in detail

screenshot of Apple's live stream failing Actually, it really looked like this inside the theatre. Photograph: Screenshot/Apple

A burst of 8 links for you to chew over, as picked by the Technology team

Mike Lowe:

HTC will be the brand behind the Nexus 9 tablet, as revealed by Nvidia in an document leak from the technology company itself as filed with the US International Trade Commission (a link which has since been pulled from Google).

"The HTC Nexus 9, expected in the third quarter of 2014, is also expected to use the Tegra K1" reads a line from the paper. Oops.

We've been scratching our brains as to where the next Nexus tablet had got to, given that it's overdue, but the leak appears to confirm what the rumour mill has been suggesting for some time. HTC will handle the hardware, while Nvidia will provide the core power from its Tegra K1 - a much needed boost for the company's otherwise widely ignored processor.

Kashmir Hill:

"The philosophy of some bug bounty hold-outs is, 'We don't negotiate with terrorists,'" says Jake Kouns of the Open Security Foundation. "Why would we incent you to try to attack and break our stuff?"

Whether Apple's having a bounty program would actually mean that a bunch of pervs wouldn't know what Jennifer Lawrence looks like naked is debatable. But Apple is one of the notable tech hold-outs in instituting a bug bounty program that incentivizes security researchers to find problems in its products and report them. "Bug bounty programs are all the rage at the moment," says Kouns. "If you're not doing a bug bounty program, you're perceived as not really caring about problems."

Google and Facebook have been running bug bounty programs for years. As of August 2013, Google had paid out $2m in rewards. Facebook has given out as much as $33,500 as a bounty for a critical bug. Twitter joined the bug bounty train this summer, and has already used it to squash 55 bugs.

Would cost Apple a lot less than a U2 album release.

Benjamin Clymer:

I was lucky enough to be invited to Cupertino to witness the announcement of the Apple Watch firsthand, and though I do not believe it poses any threat to haute horology manufactures, I do think the Apple Watch will be a big problem for low-priced quartz watches, and even some entry-level mechanical watches. In years to come, it could pose a larger threat to higher end brands, too. The reason? Apple got more details right on their watch than the vast majority of Swiss and Asian brands do with similarly priced watches, and those details add up to a really impressive piece of design. It offers so much more functionality than other digitals it's almost embarrassing. But it's not perfect, by any means.

He really knows stuff about watches. His "sleeve" remark is well-observed.

On net neutrality:

If internet access providers can block some services and cut special deals that prioritize some companies' content over others, that would threaten the innovation that makes the internet awesome.…

We believe that consumers should continue to enjoy open on-ramps to the internet.

That means no Internet access provider should block or degrade internet traffic, nor should they sell 'fast lanes' that prioritize particular internet services over others. These rules should apply regardless of whether you're accessing the internet using a cable connection, a wireless service, or any other technology.

Apple's live stream of the unveiling of the iPhone 6 and Watch was a disaster today right from the start, with many users like myself having problems trying to watch the event. While at first I assumed it must be a capacity issue pertaining to Akamai, a deeper look at the code on Apple's page and some other elements from the event shows that decisions made by Apple pertaining to their website, and problems with how they setup storage on Amazon's S3 service, contributed the biggest problems to the event.

Unlike the last live stream Apple did, this time around Apple decided to add some JSON (JavaScript Object Notation) code to the apple.com page which added an interactive element on the bottom showing tweets about the event. As a result, this was causing the page to make refresh calls every few milliseconds. By Apple making the decision to add the JSON code, it made the apple.com website un-cachable.

Social media-isation killed the video feed? Commenters disagree about the cause, however - they think (and give reasons to explain) it's somewhere in the video/broadcast production side. A gigantic screwup, whichever.

John Beatty gives a detailed explanation (want to understand tokenised NFC? Start here) and this note:

Say you're an order-ahead app enabling consumers to buy food and pick it up later. You really don't want to be in the payments business, but how else do you collect money from the consumer and to the restaurant? There's so much friction in the system that the typical way is to become the merchant-of-record, which is a position you accept begrudingly. Chargebacks and disputes? It's your problem now.

Network-level tokenization, and iPhone in particular, will radically change this dynamic. Commerce apps won't be forced to become aggregators any longer - they simply need to use the iOS payment SDKs, and the SDK from the merchant acquirer, to process the payment.

Ex-Googler Tim Bray:

An­droids have had the APIs, and most devices have had the hardware, for years now. One problem has been Apple; there are lots of apps that don't get built when a huge pro­por­tion of well-heeled cus­tomers can't play. Well, now they can, in principle. 

Payment and… Yeah, there's no doubt that payment is the ap­pli­ca­tion that's get­ting the headlin­er at­ten­tion. But it would be trag­ic ?— ? trag­ic ?— ?if Ap­ple didn't pro­vide an open API to that nifty NFC hard­ware.

Here's just one sam­ple ap­pli­ca­tion, be­cause it's the kind of thing I'm think­ing about these days. Suppose you want se­cure com­mu­ni­ca­tion, which means you've got a pri­vate key on your phone. And suppose you don't 100% trust your phone-unlock set­up to pro­tect ac­cess to your key. Wel­l, you car­ry a lit­tle NFC doohick­ey on your key­chain, and when you need to use the key, you pull it out of your pocket and tap the back of the phone with it.

Apple is expected to publish an NFC API for iOS 8, but not sure it will go into that detail.

The iPad story demonstrates why it may be a hugely ambitious for Apple to try to position the Apple Watch as a $350 premium product. Considering the display size, that price is massive compared to tablet or phablet prices out there. It's weirdly out of step with the original iPad pricing philosophy, which was based on offering a lot of value relative to expectations in 2010. And of course, Apple fans are now tied to both iPhone and iPad upgrade costs.

Selling a third device to an Apple household is not the same as selling the first or second. That's what makes projecting sales volumes for the Apple Watch so fiendishly difficult. Many analysts are now projecting 30m or even 40m annual unit sales for 2015.  That seems to be on the steep side with given the pricing approach Apple has taken.

Just going out looking for a story where a new Apple product is introduced and everyone says "that's the perfect price!" Might a little while.

You can follow Guardian Technology's linkbucket on Pinboard

To suggest a link, either add it below or tag it with @gdntech on the free Delicious service.


View the original article here