Posted on

Apple starts selling Mophie’s take on AirPower

There’s no shortage of AirPower knockoffs on the market. Many have been in the works since Apple took the wraps off its in-house version, positioned as more affordable alternatives. Since the company unceremoniously pulled the plug on the project, however, they’re the only game in town.

We reviewed a $99 one a while ago. It seemed fine, and Amazon is currently overloaded with even more affordable options. It’s probably unfair to lump Mophie in the knockoff category. The accessory maker produces pretty premium products at prices to match. And unlike the competition, it’s got the Apple seal of approval.

That means the company’s new 3-in-1 charging pad is most likely as close as you’re ever going to get to marching into an Apple Store and leaving with AirPower. Here’s the official description, per Mophie:

The 3-in-1 wireless charging pad conveniently charges iPhone, AirPods and Apple Watch from one central location. To ensure a seamless charging experience for all three devices, it features a dedicated cavity for AirPods, and an integrated charging stand for Apple Watch that holds it at the ideal angle for Nightstand Mode with an unobstructed view of the screen.

Sounds about right, right? The black charging pad operates similarly to most competitors, with designated slots for the three Apple products. That, after all, seems to be the source of the issues with the original AirPower product, making a pad that was capable of charging three different products with different charging needs.

This $99 AirPower knockoff is available for order now

At $140, it’s in line with the AirPower’s price. As stated above, you can get an alternative for much cheaper, but maybe there’s something in the peace of mind of getting the device from a trusted name like Mophie.


Source: Tech Crunch

Posted on

Reports say White House has drafted an order putting the FCC in charge of monitoring social media

The White House is contemplating issuing an executive order that would widen its attack on the operations of social media companies.

The White House has prepared an executive order called “Protecting Americans from Online Censorship” that would give the Federal Communications Commission oversight of how Facebook, Twitter and other tech companies monitor and manage their social networks, according to a CNN report.

Under the order, which has not yet been announced and could be revised, the FCC would be tasked with developing new regulations that would determine when and how social media companies filter posts, videos or articles on their platforms.

The draft order also calls for the Federal Trade Commission to take those new policies into account when investigating or filing lawsuits against technology companies, according to the CNN report.

Social media censorship has been a perennial talking point for President Donald Trump and his administration. In May, the White House set up a tip line for people to provide evidence of social media censorship and a systemic bias against conservative media.

The White House wants to know if you’ve been ‘censored or silenced’ by social media

In the executive order, the White House says it received more than 15,000 complaints about censorship by the technology platforms. The order also includes an offer to share the complaints with the Federal Trade Commission.

As part of the order, the Federal Trade Commission would be required to open a public complaint docket and coordinate with the Federal Communications Commission on investigations of how technology companies curate their platforms — and whether that curation is politically agnostic.

Under the proposed rule, any company whose monthly user base includes more than one-eighth of the U.S. population would be subject to oversight by the regulatory agencies. A roster of companies subject to the new scrutiny would include Facebook, Google, Instagram, Twitter, Snap and Pinterest .

At issue is how broadly or narrowly companies are protected under the Communications Decency Act, which was part of the Telecommunications Act of 1996. Social media companies use the Act to shield against liability for the posts, videos or articles that are uploaded from individual users or third parties.

The Trump administration aren’t the only politicians in Washington are focused on the laws that shield social media platforms from legal liability. House Speaker Nancy Pelosi took technology companies to task earlier this year in an interview with Recode.

Nancy Pelosi warns tech companies that Section 230 is ‘in jeopardy’

The criticisms may come from different sides of the political spectrum, but their focus on the ways in which tech companies could use Section 230 of the Act is the same.

The White House’s executive order would ask the FCC to disqualify social media companies from immunity if they remove or limit the dissemination of posts without first notifying the user or third party that posted the material, or if the decision from the companies is deemed anti-competitive or unfair.

The FTC and FCC had not responded to a request for comment at the time of publication.


Source: Tech Crunch

Posted on

Hundreds of exposed Amazon cloud backups found leaking sensitive data

How safe are your secrets? If you used Amazon’s Elastic Block Storage snapshots, you might want to check your settings.

New research just presented at the Def Con security conference reveals how companies, startups and governments are inadvertently leaking their own files from the cloud.

You may have heard of exposed S3 buckets — those Amazon-hosted storage servers packed with customer data but often misconfigured and inadvertently set to “public” for anyone to access. But you may not have heard about exposed EBS snapshots, which poses as much, if not a greater, risk.

These elastic block storage (EBS) snapshots are the “keys to the kingdom,” said Ben Morris, a senior security analyst at cybersecurity firm Bishop Fox, in a call with TechCrunch ahead of his Def Con talk. EBS snapshots store all the data for cloud applications. “They have the secret keys to your applications and they have database access to your customers’ information,” he said.

“When you get rid of the hard disk for your computer, you know, you usually shredded or wipe it completely,” he said. “But these public EBS volumes are just left for anyone to take and start poking at.”

He said that all too often cloud admins don’t choose the correct configuration settings, leaving EBS snapshots inadvertently public and unencrypted. “That means anyone on the internet can download your hard disk and boot it up, attach it to a machine they control, and then start rifling through the disk to look for any kind of secrets,” he said.

Screen Shot 2019 08 09 at 2.45.51 PM

One of Morris’ Def Con slides explaining how EBS snapshots can be exposed. (Image: Ben Morris/Bishop Fox; supplied)

Morris built a tool using Amazon’s own internal search feature to query and scrape publicly exposed EBS snapshots, then attach it, make a copy and list the contents of the volume on his system.

“If you expose the disk for even just a couple of minutes, our system will pick it up and make a copy of it,” he said.

Screen Shot 2019 08 07 at 2.14.30 PM

Another slide noting the types of compromised data found using his research, often known as the “Wall of Sheep” (Image: Ben Morris/Bishop Fox; supplied)

It took him two months to build up a database of exposed data and just a few hundred dollars spent on Amazon cloud resources. Once he validates each snapshot, he deletes the data.

Morris found dozens of snapshots exposed publicly in one region alone, he said, including application keys, critical user or administrative credentials, source code and more. He found several major companies, including healthcare providers and tech companies.

He also found VPN configurations, which he said could allow him to tunnel into a corporate network. Morris said he did not use any credentials or sensitive data, as it would be unlawful.

Among the most damaging things he found, Morris said he found a snapshot for one government contractor, which he did not name, but provided data storage services to federal agencies. “On their website, they brag about holding this data,” he said, referring to collected intelligence from messages sent to and from the so-called Islamic State terror group to data on border crossings.

“Those are the kind of things I would definitely not want to be exposed to the public internet,” he said.

He estimates the figure could be as many as 1,250 exposures across all Amazon cloud regions.

Morris plans to release his proof-of-concept code in the coming weeks.

“I’m giving companies a couple of weeks to go through their own disks and make sure that they don’t have any accidental exposures,” he said.


Source: Tech Crunch

Posted on

Cultivated data is the next Gold Rush

Bernard Moon
Contributor

Bernard Moon is co-founder and partner at SparkLabs Group, a network of accelerators and venture capital funds.
More posts by this contributor

Five years ago, Frank Meehan, my SparkLabs Global Ventures co-founder, described the goal of our seed-stage fund as follows:

“The future is data. We are looking to invest in companies that are generating valuable data around usage patterns, customer behavior, company information.”

It was prescient — it has guided us well over the years, but also allowed us to look at relevant startups with a critical eye. During the first three years of our fund, we would look at startups — especially in the Internet-of-Things space — that would collect millions of data points, but most companies weren’t willing to pay for such data. Although industries such as insurance are built on data and information, many industries are just beginning to grasp the importance of such insights, especially as our lives integrate into the digital world.

These past few years, I’ve seen a general trend of startups improving how they collect, analyze and present data across numerous industries, and Fortune 1000 companies becoming more willing to pay for such cultivated data.

Industrial manufacturing, search and social media data and a handful of other verticals are long-established gold mines for data information and analytics. What we’re seeing now is that across our portfolio of more than 250 startups, data and analytics is finally being valued and becoming mission critical: It is no longer “just another tool” to have in the toolbox, but is key to a company’s success.

Cultivated data is gold

I define “cultivated data” as existing data (i.e. ERP data, Google Analytics, public health data, inventory data) that is analyzed and developed into a more usable form than it was before. This doesn’t have to be the complex data sets using inordinate amounts of computing power that signifies “big data,” but approaches and techniques to data sets that previously weren’t utilized. Cultivated data isn’t always about volume, variety or velocity of data — it’s more important for the output to be relevant and actionable.

One of our first SparkLabs Global Ventures investments in this space was 42 Technologies. Retailers such as Rebecca Minkoff, AllSaints, Faherty Brand and others have found 42 Technologies’ data analytics invaluable. When 42 Technologies graduated from Y Combinator, it primarily analyzed point-of-sale data to find diamonds in the rough in retailers’ inventory. Today, the company has expanded to using wholesale sell-in data, sell-through data, warehouse inventory data and other data sets to provide multiple insights to retailers.

Even for companies whose core product isn’t data, the data they have access to has become extremely valuable, so new revenue lines are being created. We’ve seen this in less expected areas — ranging from niche e-commerce to pet food to consumer reviews — where for some of these companies, data has become one of the primary sources of revenues.

For example, Vizio, a large consumer electronics manufacturer (more than $3 billion in revenue), has accumulated the largest single source of opt-in smart TV viewing data available; it launched an influential subsidiary around this business called Inscape.

The new data aggregators

This new age of cultivated data has created and will create new data aggregators. Instead of traditional startups attempting to disrupt the middleman, these new startups are becoming the middlemen of data insights.

A mobility data management and analytics startup called Populus (a SparkLabs Global Ventures portfolio company) aggregates rideshare, scooter share, bike share, traffic, public transit and other mobility source data to present actionable insights for city and transportation planners. Most cities would not have the resources or knowledge to do what Populus does.

One of our SparkLabs Korea accelerator investments, Chartmetric, is rapidly becoming the go-to resource for the music industry in today’s streaming world. It has become a new data aggregator, as company founder and CEO Sung Cho describes, because Chartmetric “distills the data and distills further until they get something actionable” for its customers. Additionally, Chartmetric has become a trusted source of data and data insights, as different music labels and bands might report their numbers quite differently.

In the years to come, we expect to see more of these new data middlemen — because of similar “trusted source” issues, the shortage of good data scientists and some will want to create their own future and launch their own startups.

No data scientists is the new data scientist

The lack of AI experts is making it hard for even Fortune 500 companies to recruit them, with Google, Facebook and other top tech companies hoarding such talent. And it’s not only great AI developers, but even data scientists, whose positions are becoming harder to fill. One outcome is the rise of analytics platforms that empower people to become their own data scientists.

For example, companies such as ThoughtSpot (raised $300 million from Lightspeed, Khosla and others), Rockset (raised $21 million from Greylock and Sequoia) and more specialized plays such as Falkonry (one of our portfolio companies) have each taken different approaches to the market. ThoughtSpot provides real-time analytics and search and query capability across multiple sectors. Rockset seems focused on search and analytics query services for large enterprises. Falkonry focuses on predictive analytics for industrial operations, a much narrower focus than the other two examples.

This analytics platform space will only heat up in the coming years, and I expect other new approaches to fill this lack of talent and capabilities within company walls.

Drilling for data all over the world

One interesting thing is how our firm has seen some governments spurring more innovation within the data space. In South Korea, the Korea Data Agency, which was established in 1993, has over the past couple of years been encouraging the development of a data marketplace. Some of our SparkLabs Korea portfolio companies get paid a few hundred thousand (USD) per year to open up their data to the public, and the Korea Data Agency has created vertical consortiums to encourage standard building for data structures within specific industries such as finance, healthcare and transportation. I assume other top OECD nations will create similar programs to encourage economic growth and activity within the data aggregation and analytics space.

From well-coordinated government policies to market forces to increased startup activity around cultivated data, these trends and developments are a harbinger that this space will be one of the major gold rushes for startups and venture capital over the coming years. Data is truly the future, and the time to stake claims to mine it for insights and prosperity is now.


Source: Tech Crunch

Posted on

Apple expands its bug bounty, increases maximum payout to $1M

Apple is finally giving security researchers something they’ve wanted for years: a macOS bug bounty.

The technology giant said Thursday it will roll out the bug bounty program to include Macs and MacBooks, as well as Apple TV and Apple Watch, almost exactly three years after it debuted its bug bounty program for iOS.

The idea is simple: you find a vulnerability, you disclose it to Apple, they fix it — and in return you get a cash payout. These programs are wildly popular in the tech industry as it helps to fund security researchers in exchange for serious security flaws that could otherwise be used by malicious actors, and also helps fill the void of bug finders selling their vulnerabilities to exploit brokers, and on the black market, who might abuse the flaws to conduct surveillance.

But Apple had dragged its feet on rolling out a bug bounty to its range of computers. Some security researchers had flat-out refused to report security flaws to Apple in absence of a bug bounty.

At the Black Hat conference in Las Vegas, head of security engineering and architecture Ivan Krstić announced the program to run alongside its existing iOS bug bounty.

Patrick Wardle, a security expert and principle security researcher at Jamf, said the move was a “no brainer.”

Wardle has found several major security vulnerabilities and dropped zero-days — details of flaws published without allowing the companies a chance to fix — citing the lack of a macOS bug bounty. He has long criticized Apple for not having a bug bounty, accusing the company of leaving a void open for security researchers to sell their flaws to exploit brokers who often use the vulnerabilities for nefarious reasons.

“Granted, they hired many incredible talented researchers and security professionals — but still never really had a transparent mutually beneficial relationship with external independent researchers,” said Wardle.

“Sure this is a win for Apple, but ultimately this a huge win for Apple’s end users,” he added.

Apple said it will open its bug bounty program to all researchers and increase the size of the bounty from the current maximum of $200,000 per exploit to $1 million for a zero-click, full chain kernel code execution attack with persistence — in other words, if an attacker can gain complete control of a phone without any user interaction and simply by knowing a target’s phone number.

Apple also said that any researcher who finds a vulnerability in pre-release builds that’s reported before general release will qualify for up to 50% bonus on top of the category of vulnerability they discover.

The bug bounty programs will be available to all security researchers beginning later this year.

The company also confirmed a Forbes report, published earlier this week, saying it will give a number of “dev” iPhones to vetted and trusted security researchers and hackers under the new iOS Security Research Device Program. These devices are special devices that give the hackers greater access to the underlying software and operating system to help them find vulnerabilities typically locked away from other security researchers — such as secure shell.

Apple said that it hopes expanding its bug bounty program will encourage more researchers to privately disclose security flaws, which will help to increase the protection of its customers.

Read more:
Apple restricts ads and third-party trackers in iPhone apps for kids
New book looks inside Apple’s legal fight with the FBI
Apple has pushed a silent Mac update to remove hidden Zoom web server
Many popular iPhone apps secretly record your screen without asking
Apple rebukes Australia’s ‘dangerously ambiguous’ anti-encryption bill
Apple Card will make credit card fraud a lot more difficult


Source: Tech Crunch

Posted on

This charming little camera prints instantly to receipt paper

I’m a big instant camera fan, but the film is expensive and the digital printers just aren’t very good. So I was delighted to see this alternative seeking funds on Kickstarter: the Alulu camera, which prints photos in black and white on receipt paper. Why did no one do this before?

The idea is so simple that you’ve already gotten it — no explanation necessary, but since explaining things is my job I am going to do so anyway.

The Alulu is an idea incubated by three friends as they left college, each heading their separate directions but looking to take a shot at making this cool gadget a reality before doing so. Right now it only exists in prototype form (they only thought it up in May), but it works more or less as intended, and it’s as silly and fun as I wanted it to be; I got to test one out, as it happened that one of the team members happened to live in my neighborhood.

The camera is a little box about the size of a fat point-and-shoot, with charming little dials on the top to select exposure mode or a 10-second timer if you want it, and a shutter button that’s hard to miss. On the side is the charge port and a button to advance the paper. And the back has a little frame that flips out and helps you set up your shot — very loosely, I hardly need add.

viewfinderbrtr

Inside the 3D-printed, acrylic-plated exterior, the guts of the camera are simple. An off-the-shelf camera stack that does all the hard work of actually taking a picture — but don’t worry about the megapixels, because they don’t matter here. The camera sends its signal to a custom board that prepares and optimizes the image for black-and-white printing.

To be clear, we’re talking black and white, not shades of grey. The printer inside the camera is a standard receipt printer, which uses heat-activated ink that’s either transparent or black and nothing in between. You feed paper in via a little chamber on the bottom.

alulu

Thankfully creating the appearance of shading in 1-bit imagery is old hat for computer graphics, and an algorithm dithers and tweaks the picture so that more or fewer dots in various patterns create the illusion of a wider palette.

The results are… well, photos printed on receipt paper. Let’s keep our expectations in line. But they’re instantly printed (with a little stutter like a dot matrix printer) and charming little artifacts indeed. You can even use receipts you’re given at stores or restaurants, if they fit, and you can always fold it over a bit if it’s too large.

receiptrow4 receiptrow2

(By the way, if you’re worried about being poisoned by receipt paper, don’t be. The stuff with high BPA content was generally phased out a while back, and you can order non-poisonous rolls of paper easily and cheaply.)

I think this thing is great, though I’m afraid that the projected $99 retail price might be too high for what amounts to a novelty. The idea, I was told, was to drive the price down with mass manufacturing, but until they do so they want to be honest about the cost of the parts (the printer itself is the most expensive piece, but like everything else the price goes down when you order a thousand or more).

Whether it makes it to the factory or not, I think the Alulu is a great idea. We need more weird, one-off devices in this world of ours where every function seems to devolve to the smartphone — and I’m tired of my phone! Plus, it can’t print on receipt paper.

The Alulu is currently looking for backers on Kickstarter. Go give it a pledge.


Source: Tech Crunch

Posted on

Samsung is bringing PC game streaming to the Note 10

One of the more interesting news tidbits from yesterday’s Unpacked event got a bit drowned out in all of the noise. Understandably so — Samsung jammed a lot into an event that ran just over an hour, virtually sprinting through a handful of gaming announcements.

The below video is the best demonstration we have of PlayGalaxy Link, a new feature that makes it possible to stream games directly from a PC to the Galaxy Note 10. Why the company didn’t make a bigger deal of the feature is beyond me, but in an area when Apple and Google are really starting to get involved in gaming in earnest, Samsung really ought to have shone a bigger like light on the new offering.

From the sound of it, the feature will offer similarly to one that Microsoft has been working on for the Xbox, letting users stream games from their PC onto the mobile device, whether or not they’re on a shared WiFi.

The video showcases the connection, as a user links a Samsung Odyssey gaming laptop to a Note nestled inside a gamepad controller. Things are initiated by signing in on the desktop, opening the PlayGalaxy Link app on the Note and clicking “Start.” In the video, at least, game play happens simultaneously on both machines.

This is Samsung’s Galaxy Note 10 and 10+

PlayGalaxy is Samsung’s latest shot at getting more heavily involved in mobile gaming, arriving on the heels of the Apple Arcade and Google Stadia announcements. And while the new Note offers a number of hardware features optimized for gaming, it does appear that, as with Microsoft and Google’s offering, the PC is doing the heavy lifting here.

The offering seems to be linked to Samsung’s recently announced partnership with Microsoft — itself a clear shot across the bow against Apple’s ecosystem offering. There are still a lot of questions here, including how bad that lag is going to be. More coming soon, no doubt. 


Source: Tech Crunch

Posted on

This startup is helping food app delivery workers start their own damn delivery companies

Following many months of pressure, DoorDash, one of the most frequently used food delivery apps in the U.S., said late last month that it was finally changing its tipping policy to pass 100% of tips along to workers, rather than employ some of that money toward defraying its own costs.

The move was a step in the right direction, but as a New York Times piece recently underscored, there are many remaining challenges for food delivery couriers, including not knowing where a delivery is going until a worker picks it up (Uber Eats), having just seconds to decide whether or not to accept an order (Postmates), and not being guaranteed a minimum wage (Deliveroo), not to mention the threat of delivery robots taking their jobs.

It’s a big enough problem that a young, nine-person startup called Dumpling has decided to tackle it directly. Its big idea: turn today’s delivery workers into “solopreneurs” who build their own book of clients and keep much more of the money changing hands.

It newly has $3 million in backing from two venture firms that know the gig economy well, too: Floodgate, an early investor in Lyft (firm cofounder Ann Miura-Ko is on Lyft’s board), and Fuel Capital, where TaskRabbit founder Leah Busque is now a general partner.

We talked with Dumpling’s cofounders and co-CEOs earlier this week to learn more about the company and how viable it might be. Nate D’Anna spent eight years as a director of corporate development at Cisco; Joel Shapiro spent more than 13 years with National Instruments, where he held a variety of roles, including as a marketing director focused on emerging markets.

National Instruments, based in Austin, is also where Shapiro and D’Anna first met back in 2002. Our chat, edited lightly for length, follows:

TC: You started working together out of college. What prompted you to come together to start Dumpling?

JS: We’d stayed good friends as we’d done different things with our careers, but we were both seeing rising inequality happening at companies and within their workforces, and we were both interested in using our [respective] background and experiences to try and make a difference.

ND: When we were first started, Dumpling wasn’t a platform for people to start their own business. It was a place for people to voice opinions — kind of like a Glassdoor for workers with hourly jobs, including in retail. What jumped out at us was how many gig workers began using the platform to talk about the horrible ways they were being treated, not having a traditional boss and not being protected by traditional policies.

TC: At what point did you think you were onto a separate opportunity?

ND: We knew that a mission-driven company that’s trying to do good by people who’ve been exploited by Silicon Valley companies has to be profitable. I was an investor at Cisco, and I was very clear that the money side has to work.  So we started talking with gig workers and we asked, ‘Why are you working for a terrible company where you’re getting injured, where you’re getting penalized for not taking the next job?’ And the response was money. It was, “I need to be able to buy these groceries and I don’t want to put them on my own credit card.” That was an epiphany for us. If the biggest paint point to running these businesses is working capital and we can solve that — if business owners will pay for access to capital and for tools that help them run their business — that clicked for us.

TC: A big part of your premise is that while gig economy companies have anonymized people as best they can, there’s a meaningful segment of services where a stranger or a robot isn’t going to work.

JS: Shoppers for gig companies often hear, ‘When you [specifically] come, it makes my day,” so our philosophy was to build a platform that supports the person. When you run a business and build a clientele that you get to know, you’re incentivized for that [client] to have a good experience. So we wondered, how do we provide tools for someone who has done personal shopping and who not only needs fund to shop but also help with marketing and a website and training so they can promote their services?

ND: We also realized that to help business owners succeed that we needed to lower the transaction cost for them to find customers, so we created a marketplace where shoppers can look at reviews, understand different shoppers’ knowledge regarding when it comes to various specialties and stores, then help match them.

TC: How many shoppers are now running their own businesses on Dumpling and what do they get from you exactly?

JS: More than 500 across the country are operating in 37 states.  And we want to give then everything they need. A big part of that is capital, so we give [them] a credit card, then it’s effectively the operational support, including order management, customer relationship functionality, customer communication, a storefront, an app that they can use to run their business from their phone. . .

TC: What about insurance, tax help, that sort of stuff?

ND: A lot of VCs pushed us in that direction. The good news is a lot of companies are coming up to provide those ancillary services, and we’ll eventually partner with them if you want to export your data to Intuit or someone else. Right now, we’re really focused on [shoppers’] core business, helping then to operate it, to find customers, that’s our sweet spot for the immediate future.

TC: What are you charging? Who are you charging?

JS: A subscription model is an obvious way for us to go at some point, but right now, because we’re in the transaction flow, we’re taking a percentage of each transaction. The [solopreneuer] pays us $5 per transaction as a platform fee; the shopper pays us five percent atop the delivery fee set by the [person who is delivering their goods]. So if someone spends $100 on groceries, that customer pays us $5, and the shopper pays us $5 and the shopper gets that delivery fee, plus his or her tip.

The vast amount goes to the shopper, unlike with today’s model [wherein the vast majority goes to delivery companies]. Our average shopper is bringing home $32 in earnings per order, roughly three times as much as when they work for  other grocery delivery apps. I think that’s partly because we communicate to [shoppers] that they are supporting local businesses and local entrepreneurs and they are receiving an average tip of 17 percent on their orders. But also, when you know your shopper and that person gets to know your preferences, you’re much more comfortable ordering non-perishables, like produce picked the way you like. That leads to huge order sizes, which is another reason that average earnings are higher.

TC: You’re fronting the cost for groceries. Is that money coming from your venture funding? Do you have a debt facility?

ND: We don’t. The money moves so fast. The shoppers are using the card to shop, then getting the money back again, so the cycle time is quick. It’s two days, not six months.

TC: How does this whole thing scale? Are you collecting data that you hope will inform future products?

ND: We definitely want to use tech to empower [shoppers] instead of control them. But [our CTO and third cofounder Tom Schoellhammer] came from Google doing search there, and eventually we [expect to] recommend similar stores, or [extend into] beauty or pet other local services. Grocery delivery is one obvious place where the market is broken, but where you want a trusted person involved, and you’re in the flow when people are looking for something [the opportunity opens up]. Shoppers’ knowledge of their local operation zone can be leveraged much more.


Source: Tech Crunch

Posted on

Your security team is probably an infuriating obstacle – but it doesn’t have to be this way

Security is empty, meaningless theater — or, at least, that’s the lesson taught to most employees of most large companies. Security is your password expiring every few months, your inability to access crucial services if you’re new or a contractor, a salty message from a team you’ve never met explaining that your new initiative is not permitted, a transparently convenient excuse when someone doesn’t want to admit their real reason. Security is bullshit.

I can cite more examples from my own career as a consultancy CTO than I care to think about. The household-name company whose security team explained that cloud services were inherently insecure, until they day they decided to switch to AWS and began to explain how local servers were inherently insecure. The household-name companies who deluged us with detailed security questionnaires regarding the security of our servers, but whose assessment protocols were then unable to comprehend our “uh, everything’s in the cloud with GitHub and GSuite etc., we have no servers of our own” responses without hour-long handholding calls.

Which is why it was such a glorious breath of fresh air to hear Dino Dai Zovi‘s keynote speech at the Black Hat security conference in Las Vegas this morning. Dai Zovi, staff security engineer at Square, argued that the all-too-common model of security as a team which sits and snipes at the people who actually build things, telling them no and pointing fingers, is in fact fantastically counterproductive.

Instead, he argued, security has to change its culture, which is far more important than strategy, which in turn is far more important than tactics. Instead of security becoming a faraway flaming hoop to jump through, teams should become responsible for their own security. Furthermore, security engineers should write code to help those teams. Fuzzing is great, but as he put it, “the next level is making fuzzy easy for software developers, because there are way more of them than there are of us.”

Most importantly — and most revolutionary — he argued that instead of defaulting to saying “no” all the time, and throwing up as many obstacles as possible, security people should always start with “yes, and here’s how we can help.” The fact this is so different from today’s practice that it actually sounds comical says a lot, none of it good.

The sad truth is that still, today, in the real world of enterprise software, security as most employees and vendors encounter it tends to be at least as performatively useless as the “take off your shoes & take out your liquids” security theater of American airports. The horror stories are legion. You have your own, I’m sure. Who doesn’t?

A couple more: Once a movie studio who wanted us to do some minor web-development work, for ancillary web sites with no real connection to their intellectual property, told us we would not be able to do anything unless our (primarily remote) workforce had continuous keycard access to, and closed-circuit camera coverage of, every computer which might work on these sites … then intimated that what they really needed was just for those boxes to be checked, not for any of that to actually happen.

Another time, a big company insisted that we become SOC-2 compliant — SOC-2 being a standard birthed not in tech but in accounting, and seemingly primarily designed to provide full employment for accountants rather than, you know, meaningful security standards and processes — without caring which, if any, of SOC-2’s five “trust services” we were talking about; they just needed to tick the “SOC-2 compliant” box on their list of vendors.

It doesn’t have to be this way. Security people could be contributors, rather than gatekeepers. And if they were, everyone would find it easier, more rewarding, and more intuitive to contribute to security. Siloed security bureaucracies aren’t just slow and frustrating; in the long run they are inherently a more fundamental threat to the security of the companies infested by them than any exterior hacker or even APT ever could be. It’s long past time we all learned that lesson.


Source: Tech Crunch

Posted on

Samsung’s Galaxy Note gets even larger (and smaller)

The first Note was a spectacle. It wasn’t just the reintroduction of the stylus. In 2011, the idea of a 5.3 inch phone was laughable. Around the same time, Steve Jobs famously mocked a push toward 4-inch-plus phones, telling a press conference, “no one’s going to buy that.”

With the average phone size hovering about 5.5 inches these days, Samsung clearly won that round. Of course, the push has been helped considerably by an ever-improving screen-to-body ratio. Jobs’ concerns about not being able to get one’s hand around a device no longer apply to a majority of these handset.

Today in Brooklyn, Samsung is pushing things even further, with the introduction of a new subset of Galaxy Note devices. The Note 10+ is a 6.8 inch device. Among other things, the introduction of a new model differentiates the line slightly from Samsung’s other flagship line. The earlier arrival of an S Plus model meant that the S Pen was essentially the only distinguishing factor here.

This is Samsung’s Galaxy Note 10 and 10+

Having spent some time with both Note 10 models, I can say I’m impressed with what the company has managed to do from a design perspective. The 10+ impressively has roughly the same footprint as the 6.4 inch Note 9, making carrying around such a massive device that much less absurd.

What’s really interesting here, however, is that the company took the rare action of actually shrinking down the standard Note from 6.4 to 6.3 inches. Weird, right? Yeah, well, these are weird times, friend.

The thinking behind the smaller screen was apparently to make the device more accessible to first time buyers. That seems a bit silly when talking about a literal fraction of an inch, but the improved screen-to-body ratio makes it that much smaller.

Here are the main distinctions between the two models:

  • Note 10: Display 6.3-inch FHD+ AMOLED, 2280×1080 (401ppi); Note 10+: 6.8-inch Quad HD+ AMOLED 040×1440 (498ppi)
  • Note 10: 3,500mAh battery; Note 10+: 4,300mAh battery
  • Note 10: 8GB RAM, 256GB storage; Note 10+: 12GB RAM, 256GB storage (with 512GB option)
  • The Note 10+ also has an additional TOF sensor on the rear camera array for depth sensing and an optional 5G model
  • Note 10: Starts at $949 ; Note 10+: Starts at $1,100


Source: Tech Crunch