Kindle display at Waterstone’s: they were coming soon, now they’re gone. Photo by DG Jones on Flickr.
A selection of 10 links for you. Contains no additives. I’m charlesarthur on Twitter. Observations and links welcome.
What’s in a boarding pass barcode? A lot » Krebs on Security
Brian Krebs was contacted by a reader who had looked at a friend’s boarding pass:
“I found a website that could decode the data and instantly had lots of info about his trip,” Cory said, showing this author step-by-step exactly how he was able to find this information. ‘
“Besides his name, frequent flyer number and other [personally identifiable information], I was able to get his record locator (a.k.a. “record key” for the Lufthansa flight he was taking that day,” Cory said. “I then proceeded to Lufthansa’s website and using his last name (which was encoded in the barcode) and the record locator was able to get access to his entire account. Not only could I see this one flight, but I could see ANY future flights that were booked to his frequent flyer number from the Star Alliance.”
The access granted by Lufthansa’s site also included his friend’s phone number, and the name of the person who booked the flight. More worrisome, Cory now had the ability to view all future flights tied to that frequent flyer account, change seats for the ticketed passengers, and even cancel any future flights.
The information contained in the boarding pass could make it easier for an attacker to reset the PIN number used to secure his friend’s Star Alliance frequent flyer account. For example, that information gets you past the early process of resetting a Star Alliance account PIN at United Airline’s “forgot PIN” Web site.
Worrying. Keep it on your phone instead.
link to this extract
Every device is a compromise, part 2 » Beyond Devices
immediately after the SP4 was introduced, we were shown the Surface Book. Which is a laptop. And Panos Panay, the presenter, started out by talking about all the things a laptop does that the Surface Pro does poorly – a better typing experience, a bigger screen, and so on. This was one of the most bizarre juxtapositions I’ve ever seen at a tech event. After 30 minutes of talking about how the Surface Pro 4 could replace your laptop with no compromises, the very same presenter offered up a laptop which was clearly better, because it didn’t make certain of those compromises.
Taking a step back for a minute, both products look really promising. I’ll withhold final judgment until I get to use these devices (or at least until others I trust have done so and shared their opinions). But this “no compromise” nonsense continues to do a massive disservice to Microsoft and to its customers.
Microsoft has warmed my cold cynical heart with hot new hardware » The Verge
The brand new Surface Book is, like the original Surface Pro, another effort at complete reinvention. The Surface Book deconstructs the laptop and reconstitutes it in the shape of a hybrid device of the sort we’ve never seen before. Microsoft didn’t just make a new tablet with a detachable keyboard, it designed a whole new hinge and attachment mechanism, and it intelligently split up the internal components to deliver both a light and sleek tablet and a powerful laptop. The discrete Nvidia graphics chip sits among a battery of batteries inside the keyboard dock, liberating the tablet of most of its heft when power is not a priority, but keeping it substantially PC-like when the whole thing is connected and operating as one.
I am hugely impressed by the clear-eyed purpose underpinning every one of the decisions that Microsoft has made with its two Surface devices introduced today. The boundlessly charismatic Panos Panay — now in charge of both the Lumia and Surface product lines at Microsoft — simply didn’t allow a moment’s questioning or dubiety. Every time he presented a new feature or change, he asked the rhetorical “why?” question himself, and he answered it convincingly. Here are a thousand levels of pressure sensitivity for the stylus, and here’s what you can do with that. Here’s a keyboard with 1.6mm of travel and here’s why you’d want to mash your fingers against it. Panay elicited something that every tech company strives for, but few achieve: desire.
Presentation is so important, as is explaining why something needs to exist; that’s something Steve Jobs really used to do well. Apple doesn’t have anyone who can enunciate the need for something to exist in the way he could, and technology really needs that skill.
That said, Microsoft hasn’t priced these (or its Surface Pro 4) cheaply. Which means the rest of the PC OEMs will be left scrapping for dollars while, if these sell at all, Microsoft reaps both the hardware and software profits.
link to this extract
Verizon scraps its exclusive Sony phone before it even launches » CNET
Sony said both companies agreed on the cancellation. “The decision was made after we have taken into consideration such factors as the competitive landscape and launch timing,” said a company spokeswoman. A Verizon spokesman echoed those sentiments without offering additional specific details.
There have been hints of problems with the Xperia Z4v, which was a modified version of the Xperia Z4 that added a larger battery and wireless charging. After its initial unveiling in June, both companies grew silent about the product. A Sony event held in New York over the summer was dominated by games from PlayStation, its virtual reality system, and other products like cameras, with only a single small area dedicated to showing off the Xperia Z4v.
Then there is the Xperia Z5 family, which debuted at the IFA trade show in September. The announcement of the three new phones rendered the Xperia Z4v outdated before it even launched.
Fraud is a million $ business; Here’s how they’re doing it » LinkedIn
Mike Nolet digs into a “golf” site which had fencing content (huh) and an absurd number of video views per visitor (177 per week?) but whose referrers seemed to be porn sites, among others:
as I mentioned in my disclaimer there’s never a way to know for sure, but here’s what I suspect:
• Unsurprisingly, I think the site is fake. No real users that go there.
• Traffic is sourced from adware programs and porn sites and show the site in popups, most likely hidden from view.
• They used to do display fraud, but got busted, and so started putting fake display ads to make the site seem more legitimate. They still get away with Video.
• They run a series of checks to try to determine whether or not they are being watched, and if they are, the sites behave normally.
• When they’re not being watched that they spam as many videos into a popup as they can.
• Gross they are generating $1.5m/week in ad impressions on this one site which is clearly part of a network of sites.
• Now, this traffic was caught, but even if only 2% of their traffic gets past the filters, it’s still a million $ business.
Scary. And this is just one site in a huge network. Hurrah for online advertising!
link to this extract
13 cool facts about the 2017 Porsche 911 » Motor Trend
There’s no technological reason the 991/2 doesn’t have Android Auto playing through its massively upgraded PCM system. But there is an ethical one. As part of the agreement an automaker would have to enter with Google, certain pieces of data must be collected and mailed back to Mountain View, California. Stuff like vehicle speed, throttle position, coolant and oil temp, engine revs—basically Google wants a complete OBD2 dump whenever someone activates Android Auto. Not kosher, says Porsche. Obviously, this is “off the record,” but Porsche feels info like that is the secret sauce that makes its cars special. Moreover, giving such data to a multi-billion dollar corporation that’s actively building a car, well, that ain’t good, either. Apple, by way of stark contrast, only wants to know if the car is moving while Apple Play is in use. Makes you wonder about all the other OEMs who have agreed to Google’s requests/demands, no?
That’s Acura, Chevrolet, Honda, Hyundai, and Volkswagen to start with. (Insert joke about the VW data being worthless.) None of the stories which used this snippet then bothered to ask Google if it’s true – apart from Android Police, which was told:
we take privacy very seriously and do not collect the data the Motor Trend article claims such as throttle position, oil temp and coolant temp. Users opt in to share information with Android Auto that improves their experience, so the system can be hands-free when in Drive, and provide more accurate navigation through the car’s GPS.
Apple acquires startup developing advanced AI for phones » Bloomberg Business
Jack Clark and Adam Satariano:
Apple [has] acquired Perceptio, a startup developing technology to let companies run advanced artificial intelligence systems on smartphones without needing to share as much user data.
The company’s leaders, Nicolas Pinto and Zak Stone, are both established AI researchers who specialize in developing image-recognition systems using deep learning. Deep learning is an approach to artificial intelligence that lets computers learn to identify and classify sensory input…
Perceptio’s goals were to develop techniques to run AI image-classification systems on smartphones, without having to draw from large external repositories of data. That fits Apple’s strategy of trying to minimize its usage of customer data and do as much processing as possible on the device.
Apple said last week that it had acquired a U.K.-based software startup that made AI technology to create Siri-like digital personal assistants capable of having longer conversations.
Apple really is going all-in on AI. Which of course it needs to.
link to this extract
Waterstones is removing Kindles from stores » The Bookseller
Waterstones is removing Amazon’s Kindle devices from many of it stores as sales “continue to be pitiful”.
The company’s managing director James Daunt said there had been no sign of a “bounce” in Kindle sales, so the company was “taking the display space back” to use for physical books instead.
He told The Bookseller: “Sales of Kindles continue to be pitiful so we are taking the display space back in more and more shops. It feels very much like the life of one of those inexplicable bestsellers; one day piles and piles, selling like fury; the next you count your blessings with every sale because it brings you closer to getting it off your shelves forever to make way for something new. Sometimes, of course, they ‘bounce’ but no sign yet of this being the case with Kindles.”
David Prescott, chief executive of Blackwell’s, has also confirmed that fewer e-reading devices were being sold at his chain. “We’re not seeing a great deal of people who are buying an e-reader for the first time now,” he said. “People are buying e-reader replacements, but that’s it.”
Douglas McCabe, analyst for Enders, said it was “no surprise” Waterstones was removing Kindle device sales from its shops. “The e-reader may turn out to be one of the shortest-lived consumer technology categories,” he said.
I dunno, have to compete with the Kinect there.
link to this extract
Taking pictures with flying government lasers » Generalising
A few weeks ago, the Environment Agency released the first tranche of their LIDAR survey data. This covers (most of) England, at varying resolution from 2m to 25cm, made via LIDAR airborne survey.
It’s great fun. After a bit of back-and-forth (and hastily figuring out how to use QGIS), here’s two rendered images I made of Durham, one with buildings and one without, now on Commons:
The first is shown with buildings, the second without. Both are at 1m resolution, the best currently available for the area. Note in particular the very striking embankment and cutting for the railway viaduct (top left). These look like they could be very useful things to produce for Commons, especially since it’s – effectively – very recent, openly licensed, aerial imagery…
You can play too – just download QGIS (open source, Windows/Mac/Linux) and find the place where you live. Oh, LIDAR? Laser Interferometry Detection And Ranging (though Wikipedia has it as “Laser Imaging”). You’re welcome. The whole Generalising blog is worth browsing if you like people noodling with data. They do it wonderfully.
link to this extract
Scrivener crashes after upgrading to El Capitan (OS X 10.11) » Literature & Latte Support
There is a bug in El Capitan that can cause crashes in 32-bit applications when they try to access font data. Because Scrivener is 32-bit, some of our users have reported frequent crashes when Scrivener is used after updating OS X to 10.11 El Capitan. These crashes often occur when Scrivener is launched, but sometimes they may occur while it is in use.
The fix involves a little twiddling in the Terminal. Included because if you’re doing writing of any sort, you should use Scrivener. Also available on Windows.
link to this extract
You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
The Overspill: when there's more that I want to say 