Here’s an essential technology you’ll need to shuft down for a successful coup. Photo by miguelb on Flickr.
A selection of 11 links for you. On such a day as this. I’m charlesarthur on Twitter. Observations and links welcome.
My experience with the Great Firewall of China • Zorinaq
Marc Bevand went to China and tried various methods to get across the Great Firewall (GFW) but kept being thwarted:
»None of the information above is new to those familiar with the GFW. It is only after I reached this point in my tests that I did some deeper reading and learned that the GFW uses machine learning algorithms to learn, discover, and block VPNs and proxies.
It all makes sense now: the GFW engineers do not even have to define explicit rules like I described above (if ApplicationData #2 is short, if ApplicationData #4 is around 1-4kB, etc). They train their models using various VPN and proxy setups, and the algorithms learns the characteristics of those connections to identify them automatically.
My proxy setup and custom relay script injecting random padding were running on my laptop which I could use at the hotel, and it worked very well. But I also needed a solution for my phone when out on the streets.
I used the commercial service ExpressVPN which seems to be 1 of the top 3 VPN service used to evade the GFW. It is simple and easy to configure: I installed their Android app and I was up and running in no time. ExpressVPN built their service on OpenVPN and have dozens of VPN servers located in many countries.
However I was not pleased when I saw that their OpenVPN root CA certificate RSA key size is only 1024 bits! Why, why, why?
«
At which point further suspicion arises.
link to this extract
Someone’s finally lifted the veil on YouTube • Bloomberg Gadfly
Leila Abboud looks at Mark Mulligan’s report into YouTube:
»
• Lesson #1: YouTube is no longer a haven for pirated music
A mere 2% of YouTube music videos are unofficial, meaning they’re technically pirated when put up by a fan. Meanwhile three-quarters are posted by labels as part of promotion efforts, or by Vevo, a joint venture between Sony, Universal and Google. Vevo, a YouTube channel, symbolizes the music labels’ contradictory approach. They want YouTube to pay more, but instead of withholding stars to wrangle better contract terms, their marketing departments are popping their best stuff up there for free. This makes it hard to swallow industry bleating about copyright reform.
• Lesson #2: YouTube has a much sweeter deal than the streamersUnlike streaming providers, YouTube pays music labels a share of the ad revenue generated each time a video gets played. This means the payment correlates with ad sales, which fluctuate by country and even by season. By contrast, Spotify pays a fixed royalty each time a song is listened to.
This is important because consumption of music on YouTube is exploding, while ad sales aren’t keeping up. So YouTube puts way more music onto the Internet than any streaming service, but its fees are far lower. Spotify paid labels €1.6bn ($1.8bn) last year, nearly all of its revenue, according to Mulligan. Meanwhile, YouTube paid out only $740m, leading him to conclude that its revenue could be about $7bn (although Google doesn’t give a number).
So YouTube’s payment to labels per video watched is dropping, even as usage soars. The rate fell from $0.0020 per video in 2014 to $0.0010 in 2015. Spotify’s rate for its free, ad-supported music – probably the fairest comparison to YouTube – is $0.0015 per song.
«
link to this extract
Tearful mum thanks Pokémon Go for changing autistic boy’s life • The Memo
Kitty Knowles found a post on Facebook, and rewrote it. The original post is really delightful, though she does a poor job of transcribing it. (Fortunately it’s included at the end of the post.)
link to this extract
Brexiters and Bremainers also divided on rights to online privacy • The Online Privacy Foundation
»Brexit supporters are far more likely than Remain supporters to support the Investigatory Powers Bill proposed by the UK Government and dubbed the ‘Snoopers Charter’. The Bill is part of the policy agenda of the new UK Prime Minister, Theresa May . It would give the Government bulk powers to record and collect citizens’ online history. The Bill also permits UK law enforcement agencies to remotely monitor and hack computers and smartphones for national security matters.
The Online Privacy Foundation study also found that:
• Leave voters scored higher on the scale of Right Wing Authoritarianism¹, a trait found to be associated with the acceptance of reductions in civil liberties in order to combat real or perceived threats such as terrorism. The higher someone scores on the Right Wing Authoritarian scale, the more likely they were to agree with the “nothing to hide, nothing to fear” argument.
• Remain voters tended to disagree with the statement across all age groups, while Leave voters’ tendency to agree with the statement increased as they got older.
«
link to this extract
How I could steal money from Instagram, Google and Microsoft • Arne Swinnen’s Security Blog
»TL;DR: Instagram ($2000), Google ($0) and Microsoft ($500) were vulnerable to direct money theft via premium phone number calls. They all offer services to supply users with a token via a computer-voiced phone call, but neglected to properly verify whether supplied phone numbers were legitimate, non-premium numbers. This allowed a dedicated attacker to steal thousands of EUR/USD/GBP/… . Microsoft was exceptionally vulnerable to mass exploitation by supporting virtually unlimited concurrent calls to one premium number. The vulnerabilities were submitted to the respective Bug Bounty programs and properly resolved.
«
Because they’ll let you link a mobile phone number to an account, and send a text to it, and a followup call – which can turn out to be via a premium-rate number.
link to this extract
Why coups in the modern age need to consider cyberpower too • Medium
“The Grugq” (an acute observer on cyber security who lives in Thailand):
»The [attempted] putsch [in Turkey at the weekend] takes over the main TV station (TRT) and has the news reader read a statement announcing the coup is “to reinstall the constitutional order, democracy, human rights and freedoms, to ensure that the rule of law once again reigns in the country, for law and order to be reinstated.” They also order the people to stay indoors.
This is very standard stuff. Take over the means of mass communication and keep the civilians out of the way so they can’t interfere.
But this is the era of cyberpower. Simply taking over the TV stations is not enough. The Internet is a more powerful means of communication than TV, and it is more resilient — especially with a sophisticated population. The Turks are experienced at handling attempts to cut their access to social media, and the putsch never even took over the ISPs.
The failure to block the Internet meant that the coup was battling a leadership that still had a very powerful capability: cyberpower. The ability to push out information that allowed them to coordinate a defence. In addition, both Twitter’s Periscope and Facebook Live allowed civilians to share their experiences, disseminate information, and build moral support for direct action.
It is an Intelligence service axiom that intelligence is of no value if not disseminated. Facebook Live, Twitter, and Periscope, provide a means of real time raw intelligence collection and dissemination. The civilian population is able to stay informed and make individual decisions, that collectively, can alter the course of events.
«
I never thought I would hear FaceTime described as a cyberweapon. But there it is, right there.
link to this extract
How LED lights can cause problems with your garage door opener • Some Content Farm Or Other
»If you’ve been experiencing problems with your garage door opener remote unit – sometimes it works, sometimes it doesn’t – and can’t track the problem down, you might look to the type of lights you’re using in and around your garage for the culprit.
The heart of the problem lies in the control circuit that provides the long life that LED (light emitting diode) lights are known for. LED lights get their efficiency from something called pulse width modulation, or PWM, which turns the light off and on more than 15 times per second. The energy savings comes from the fact that the light is actually on for only half the time. You don’t realize that the light is off part of the time because of the phenomenon of persistence of vision.
Government guidelines for LED manufacturers require these control circuits to operate on frequencies between 30 and 300 MHZ. By coincidence, most garage door opener remotes have been assigned frequencies between 288 and 360 MHZ.
«
I came across this via Marco Arment and, like him, feel that it’s simply something off a content farm. Yet it’s amazingly helpful. (And I can’t find the “original”.) I didn’t know that about LEDs and the radio frequency interference (RFI) they can cause.
(There’s more discussion on this forum.)
link to this extract
IDC estimates that Macintosh sales slipped at nearly twice the market rate • Pixel Envy
Nick Heer:
»Of the current lineup, fully half of all Macs — the Mac Pro, the Retina MacBook Pro, and the MacBook Air — are the most stale that those products have ever been.1 I’m not counting the non-Retina MacBook Pro as part of the Mac lineup because Apple seems to be winding down their promotion of the product. For the record, though, it would be the most stale product in Apple’s lineup by far: it hasn’t been refreshed in 1492 days, or just over four years.
The Mac Pro hasn’t been substantially updated since the new cylindrical model launched in December of 2013. The pro Macintosh situation is so dire that some designers and developers, like Mike Rundle and Sebastiaan de With, have opted to deal with the moderate hassle of building a “hackintosh” in order to get the performance they need for their work. Critical products like the MacBook Air and Retina MacBook Pro are well over a year old, too.
«
The incredible age of these products, and Apple’s apparent indifference to that ageing, is flummoxing and astonishing. Who is in charge of the Mac line, and don’t they care about this?
link to this extract
After one year, 10 lessons learned for Windows 10 • ZDNet
Ed Bott goes into a long list, but I feel he rather buries the story by having this right down at the very end:
»In April 2015, Terry Myerson drew a line in the sand, predicting that “Windows 10 will be installed on 1 billion devices within two to three years”.
I did the math on that claim a few weeks later and said it was realistic. But my numbers relied on Windows Phone continuing to sell at least 50 million handsets per year for a total of 200 million or more Windows 10 Mobile devices.
That’s not going to happen. And, meanwhile, the traditional PC market continues to shrink, slowly.
Add those two factors together and you get a longer ramp-up, which Microsoft officially confirmed to me this week, with a statement from Yusuf Mehdi:
»
Windows 10 is off to the hottest start in history with over 350 million monthly active devices, with record customer satisfaction and engagement. We’re pleased with our progress to date, but due to the focusing of our phone hardware business, it will take longer than FY18 for us to reach our goal of 1 billion monthly active devices.
«
«
I said last week that hitting that billion target looked tight. (I was going to do the maths for a blogpost..). Now it’s been pushed back because the PC market keeps shrinking, and so does the Windows Phone market. The statement seems to push it back by at least a year. That’s a long time in the technology world.
link to this extract
Revealed in court: 100% cast iron evidence of how Uber lies to secretly investigate and smear its critics • Pando
Paul Carr:
»A week or so ago, a judge ordered the release of documents that show beyond all reasonable doubt that Uber hired a CIA-linked private investigation firm to investigate the personal and professional life of Portland attorney Andrew Schmidt and his client, Spencer Meyer. Meyer had recently filed a lawsuit against Uber and Kalanick.
The emails, some of which are embedded below courtesy of the Bangor Daily News, show Uber executives contracting the investigations firm, Ergo, to dig into the backround of Meyer and Schmidt.
The plan begins with Ergo contacting colleagues and friends of Schmidt, and lying about the purpose of their emails and calls, in order to trick them into revealing damaging information which could form the basis of further investigation. Kalanick had previously denied that Uber was aware of any kind of secret investigation against Meyer and Schmidt.
«
They also encrypted the emails. (NB: this article might be paywalled by the time this goes up.)
link to this extract
Apple, stop being stingy with the iCloud storage • Macworld
Kirk McElhearn:
»These services, once dependent on an annual subscription ($99 a year for MobileMe in the US; $149 for a family plan), are now free. But as the price dropped, so did the amount of storage allocated to users. From 10GB with .Mac (initially, .Mac offered 100MB), to 20GB with MobileMe, iCloud only offers 5GB per user. You can pay to get more storage, of course, and that’s how Apple makes some spare change. But only 5GB per user? Seriously?
Remember, you use your iCloud storage not only for your data—photos, email, files, etc.—but also to back up your iOS devices. The files are stored just once, no matter how many devices you own, but each device needs space for its backup. I’m probably not alone in having more than one iOS device. Many people have an iPhone and an iPad, and backing up two devices with a 5GB plan is difficult. If you have an average photo library (mine is 3.9GB), and I don’t take a lot of photos, then you’re quickly short on space. And while I’m not an email hoarder, I know people who have gigabytes of email. And when people run out of space, the first thing they probably do is turn off backups for their devices, which isn’t a good idea. If anything, device backups shouldn’t count against the iCloud storage quota, because they are so important.
There is no such thing as a free lunch, and that iCloud account really isn’t “free;” it’s factored into the cost of the devices we buy. So why doesn’t Apple give us 5GB of iCloud storage for each device we own? If you have an iPhone, you get 5GB. If you also have an iPad, you get another 5GB. And if you have a Mac, perhaps you get an additional 10GB, especially because of the new optimized storage feature in macOS Sierra that will let you offload infrequently used files to iCloud.
«
There are lots of oddities about Apple’s policy on iCloud storage. For one, the free tier hasn’t shifted in years, even while the base amount you get with a phone or iPad has doubled. For another, there’s the fact that it’s per account, not per device. And there’s the puzzle of quite what in your backups counts against it.
Possibly Apple is waiting to double it along with the next iPhone launch; at the same time it could update its ancient Mac Pros (900+ days since update), and the Mac mini (keeps going backward) and the MacBook Pros (only really gained Force Touch, no significant processor upgrades).
link to this extract
You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
Errata, corrigenda and ai no corrida: none notified
Filed under: links 
