Christopher.kantos

One hundred and fifty years before John Nash received his Nobel prize, a train left Versailles for Paris. On board were two brothers returning home from visiting friends. Always a pleasant journey through the French countryside, this one was, unfortunately, in peril. The train crashed and one of the two brothers, Joseph, was severely injured with a broken bone and other fractures. Joseph Bertrand on that day was 20 years old and was already a professor of mathematics with a doctorate he received at the age of 17 for a thesis in thermodynamics.

Joseph later would challenge another French mathematician Antoine Augustin Cournot, reworking an economic situation in which two companies dominate a market, formally known as the Bertrand duopoly. He proposed that in a state of duopoly, whereby players offer a non-differentiated product and are not in cooperation, their customers buy from whichever one sells it for cheaper. The Bertrand duopoly is a harsh situation where prices eventually converge to costs making it economically impossible for its players to exist in the long run. It was a time when only profitable companies existed.

Bertrand’s work was one of the foundations upon which John Nash would later build. Where Bertrand defined a cutthroat competition, Nash recognized that competitors don’t always know what the other’s cost structure is or what they would do in response to one’s actions, therefore keep making tactical decisions in their businesses resulting in certain payoffs. He stated that there exists a profile of strategies such that each competitor’s strategy is an optimal response to the other’s, there is a point of balance in which neither competitor has anything to gain by changing strategies. That point is called the “Nash Equilibrium.”

John Nash shared the Nobel prize in 1994 with another brilliant mind: John Harsanyi. Harsanyi examined the uncertainty around each party’s knowledge and understanding of the other’s decisions and how beliefs can be embedded into a framework of game theory. These games are called games of incomplete information. Harsanyi said that the payoff structures are not always known and come with a certain probability distribution so one should take probability into account when making a tactical economic move and calculating the results.

From Bertrand to Nash to Harsanyi, many companies have struggled with competition, conditions of duopoly, price pressures and survival. Some survived, some did not. Others reached a profitable state of Nash equilibrium and still exist to this day.

Fast-forward to today… here comes Uber and Lyft.

Consider a hypothetical situation where Lyft runs a promo in a specific market. Doing so will impact Lyft’s market share, total revenue, and overall profits. It will also impact Uber’s market share and total revenue in that market, but not profit per ride because they have not yet responded to the move by adjusting their price. The same situation applies to Lyft if Uber runs a promo. They will choose to respond or not respond based on their beliefs of the payoff they will receive. They will keep playing this game until they conclude there’s nothing to gain by offering more promos at which point, they will have reached Nash equilibrium.

Harsanyi’s work is quite relevant here because the two companies have a reasonably good idea about the outcome of each action and each other’s costs but do not precisely know what they were, and they compete with a certain level of belief about each other’s preferences and payoffs. Based on their beliefs, each company will have to assign a certain level of probability to the outcomes of their actions and the responses of their competitor.

We must also note that in the very beginning, competitors know less about each other, but the longer they play the game, the more they will learn and make adjustments to their moves. Going public brings more transparency about each company so with that they will learn even more. The more each competitor will know about each other the more informed their decisions and responses will be so the rideshare game should ultimately reach Nash equilibrium.

So, which one will prevail? At this point, there are a number of questions one must ask as an investor. Are Uber and Lyft in Nash equilibrium today? If they are in Nash equilibrium, and we know that this state means they’re losing money every day, they will ultimately deplete all reserves. If not, what would that final state of equilibrium be? Would it be a profitable state for these companies and their investors? In a state of Nash equilibrium, what price would each company charge their customers in a given market?

Secondly, do Uber and Lyft exist in a Bertrand duopoly? Their products are identical. One driver can drive for both companies in the same car and they often do. Bertrand would be baffled at how fierce this competition is. In his mind, price wars would end when price equals cost leaving no profit for either party or no economic interest to continue their businesses. In this case, these companies convinced investors to raise massive levels of outside capital so that they can afford to charge prices below their cost, operating at deficits hoping they would beat the competition and at some point, reach profitability.

There are two things companies can do to escape Bertrand duopoly: either come up with a lower cost structure or differentiate the product. If one can come up with a lower cost structure, such asdriverless cars, and the other does not, that one wins. If one introduces a new product, such as bikes or scooters and breaks into a brand-new market, they escape Bertrand and gain an edge. But as long as the companies maintain a status of non-differentiated products, according to Bertrand, customers would go with the cheaper of the two, prices would go lower, drivers earn less, and economic benefits erode.

Bertrand assumed a very commoditized world and did not take into consideration the softer elements of competition. In the absence of cost-cutting solutions such as driverless cars, attributes such as “company culture” come into play. If two companies charge the same price, would consumers split 50-50 like Bertrand said, or would they pick the company they think is “nicer?” Or, what is the premium or discount attributable to “niceness” of companies?

In the war between Uber and Lyft, or in any other duopoly, the ability of companies to make calculated decisions at times of competition remains a vital piece of the puzzle. The strategy comes in two steps. First, all decisions must be made at optimal levels reaching a state of Nash equilibrium. At this point, there are no further decisions to make that’ll provide an additional economic benefit to either party. Once that’s done, then differentiation efforts begin so that the parties may escape Bertrand. And those happen on two fronts: cost and product differentiation. It’s certainly a complex task and both companies have smart teams in place to make the calculations. It will be exciting to watch the battles in the years to come.

(If you’re an investor, would it make sense to invest in both companies in a Bertrand duopoly? Perhaps that’s like betting on both black and red in a game of roulette. Remember, if the ball lands on zero, both bets lose!)

Disclaimer: Venture Science is a Lyft investor.

For the NY Times, Eric Ravenscraft writes about the limitations of language apps like Duolingo in teaching you how to speak a foreign language.

After I accumulated a Duolingo streak in excess of 500 days — a feat that, thanks to the app’s notoriously insistent reminders, has now come to define my self-worth — I found myself in a better place to judge just how much an app alone can really teach you. The short answer is that you can definitely learn some things from an app, but if you want to become fluent in a language — or even conversational — they won’t be enough.

The CEFR is a standard for describing how proficient people are at language, with levels progression from Basic (A1 & A2) to Independent (B1 & B2) to Proficient (C1 & C2).

Level B1 starts to introduce more complex ideas like explaining their opinions, dreams, and ambitions, or handling complex tasks while traveling. Level B2 expects speakers to be able to speak with native speakers of a language without straining, and have complex technical discussions related to their field of expertise. These two levels make up the Independent stage.

Apps have trouble getting people past the B1 stage. Reading this I thought, aha, this is an opportunity for the internet to connect native speakers from around the world with language learners. I got all excited thinking about how to build something to facilitate this when I remembered that, duh, the internet is mature enough that someone has already built this. Tandem is one such service; they’ve got an app that allows students to video chat their way to fluency with native speaking tutors. Other sites that help connect you with native speakers are Verbling and Italki, and HelloTalk.

Has anyone tried a service like this? Is video conversation a worthy substitute for in-person conversational language learning?

Tags: Eric Ravenscraft   language

Windows 10 is getting a new terminal for command-line users, Microsoft announced at its Build developer conference today.

The new so-called “Windows Terminal” will launch in mid-June and promises to be a major update of the existing Windows Command Prompt and PowerShell experience. Indeed, it seems like the Terminal will essentially become the default environment for PowerShell, Command Prompt and Windows Subsystem for Linux users going forward.

The new terminal will feature faster GPU-accelerated text rending and “emoji-rich” fonts, because everything these days needs to support emojis, and those will sure help lighten up the command-line user experience. More importantly, though, the Windows Terminal will also support shortcuts, tabs, tear-away windows and theming, as well as extensions. It also will natively support Unicode and East Asian fonts.

The idea here, Microsoft says, is to “elevate the command-line user experience on Windows.”

The first preview of the new Windows Terminal is now available.

The U.K. government is proposing new legislation aimed at improving security of Internet of Things devices.

Digital minister Margot James MP revealed the draft law on Wednesday as part of the government’s efforts to protect from cyberattacks millions of internet-connected devices.

The law will mandate that internet-connected devices, like smart thermostats, appliances and webcams, must be sold with a unique password.

Botnets typically rely on default passwords that are hardcoded into devices when they’re built that aren’t later changed by the user. By selling a device with a unique password, it significantly slows down cybercriminals from scanning the internet and automatically logging into devices with a default password, often to launch distributed denial-of-service attacks.

On a massive scale, botnets operating thousands of hijacked Internet of Things devices took entire websites offline. Two years ago, the Mirai botnet briefly downed Dyn, a networking company that provides domain name service to major sites. That outage knocked dozens of major sites offline — like Twitter, Spotify and SoundCloud.

The new U.K. law will also mandate device makers to provide a public point of contact to allow hackers and security researchers to submit flaws and vulnerabilities.

And device makers will have to tell consumers for how long each device will receive security updates.

The law, if passed, would create a labeling scheme for consumers to easily see devices that are “Secure by Design,” said James, giving consumers greater confidence that the devices land with a baseline level of security out of the box.

“Many consumer products that are connected to the internet are often found to be insecure, putting consumers’ privacy and security at risk,” said James. “Our code of practice was the first step towards making sure that products have security features built in from the design stage and not bolted on as an afterthought.”

The U.K. is following in the footsteps of California, which in October passed a law banning default passwords in connected devices. The law will come into effect in 2020. Each device sold in the state must come with a password “unique to each device.”

Ken Munro, founder of security firm Pen Test Partners, said in a blog post that the proposed law was a “great start,” but the new rules were a “fairly light touch.”

His company finds security flaws in internet-connected devices like car alarms and other consumer goods.

“We hope that the government will also commit to a program of continual improvement of smart product security,” he said.

Over the past three years, a number of restaurants across the geographic and economic spectrum of America have experimented with eliminating tipping. The practice is outdated, creates a difficult-to-justify wage imbalance between servers and cooks, and can result in mistreatment of staff (racism, sexual harassment) because of the fucked-up power dynamic it creates.

But as Grub Street’s Nikita Richardson writes, the no-tip test has largely failed, with many of those places going back to the old ways. This happened for three main reasons:

1. No tips meant higher prices printed on the menu, and customers stayed away from what they perceived as more expensive meals. That $12 burger became a $14.50 burger and all of a sudden, people knew what they were actually paying for their food. What’s interesting is that in another situation (say, having to pay to check a bag on a flight), people would be upset at not knowing the price up front and having a “hidden charge” added to their bill when they’re drunk and happy at the end of a meal.

2. Servers can make more at tipping restaurants. Places that went tip-free lost a bunch of their staff to places that still had tipping.

Meanwhile, by raising menu prices and thus revenues, the extra money would go toward higher wages for kitchen staff, who could start making $12 to $15 an hour at a time when the state minimum wage was $8.75.

But, it turned out, many front-of-house staffers were more concerned with making money than with maintaining the moral high ground. This February, Meyer admitted that he had lost 30 to 40 percent of his “legacy” staffers since 2015. (One Meyer employee told Grub last year that her wages dropped from $60,000 per year to $50,000 under the new policy.) While he insisted that the employees that replaced them “understand ‘Hospitality Included’ and are thrilled about it,” added employee attrition in an industry where turnover is already 1.5 times that of the private sector average has to hurt.

My regular NYC spot was one of the restaurants that experimented with eliminating tipping, and I can report that the staff was indeed quite skeptical about it and they switched back to the old method very soon. (I believe they kept the raises for the chefs though somehow.)

3. Tips make diners feel powerful. With tipping, you become the boss of your server or bartender and are responsible for a large chunk of their take-home pay.

Generally speaking, Americans hated the practice of tipping when it was first introduced in the late 19th century, perceiving it as a form of bribery for service workers who should simply do their jobs. But as we’ve adjusted to it, tipping has become undeniably intertwined with a sense of power.

Short of walking into the kitchen and telling off the chef, tipping is the easiest way to express satisfaction or dissatisfaction with a dining experience.

As a customer, I loved not tipping. I don’t feel the need to have power over the staff in a restaurant, I want cooks & chefs to get paid as well as servers, and I’ve acclimated to factoring the tip into my dining expenses. But it seems that Americans in the aggregate do care about those things, and so here we are.

And if we’re going to have tipping in restaurants, we should all know how it works.

If you can’t afford to tip 20 percent of the total amount that you spend at a restaurant, you can’t afford to eat at that restaurant.

And if your meal is bad?

You still tip. If something truly egregious happened, you ask to speak privately with a manager. If you do not want to speak privately with a manager, and would rather correct this perceived slight by tipping less or not tipping at all, you do not actually care about your perceived slight; you’re just using it as an excuse to be a dick.

Tags: business   economics   food   Nikita Richardson   restaurants

Airbnb has a hidden camera problem: Airbnb hosts keep getting caught using hidden webcams to spy on people staying in their unlicensed hotel-rooms, and while the company proclaims a zero tolerance policy for the practice, the reality is that the company tacitly tolerates Airbnb hosts who engage in this creepy, voyeuristic behavior.

Andrew Barker is a Kiwi infosec professional who checked into an Airbnb in Ireland and used an Android app to scan the house wifi; he discovered an unencrypted webcam stream on port 80, and used the video feed to find the hidden camera in the house's living room.

That's when things went from bad to worse. After the Barker family relocated to a hotel, they first notified their host (who initially hung up on him and then protested that there was only one hidden camera in the house), then they notified Airbnb of their finding, whose reps "treat[ed] it like a canceled booking." Then, after a week-long "investigation," Airbnb told the family that "the host had been 'exonerated,' and the listing reinstated."

The Barkers went public with their frustrations at not having been contacted for the investigation or given any explanation for Airbnb's decision, and with the listing being reinstated with no mention of the hidden camera.

After media attention, Airbnb reversed itself and apologized.

Airbnb's policy says that hosts must disclose "any type of surveillance device" in listings, "even if it's not turned on or hooked up." Cameras are allowed in certain spaces if they are disclosed, but Airbnb "prohibit[s] any surveillance devices that are in or that observe the interior of certain private spaces (such as bedrooms and bathrooms) regardless of whether they've been disclosed."

"If a host discloses the device after booking, Airbnb will allow the guest to cancel the reservation and receive a refund. Host cancellation penalties may apply," Airbnb's policy also says.

"We have a zero tolerance stance when it comes to violations and we immediately remove anyone who has violated the policy," Airbnb told Ars.

Airbnb said that its users' "safety and privacy... is our priority," and that it "strictly prohibit[s] hidden cameras in listings and we take reports of any violations extremely seriously."

Airbnb guest found hidden surveillance camera by scanning Wi-Fi network [Jon Brodkin/Ars Technica]

(Image: Nealie Barker)

If you run most paint-spatters through OCR software, it will generate valid perl programs.

The discovery -- documented in this SIGBOVIK white-paper by Colin McMillen and Tim Toady -- came about as the result of Jake Archibald's snarky twitter response to Adrienne Porter Felt, who said that she didn't want her kid to learn to program, she wanted him to "smear paint on the walls" -- to which Archibald answered "but is it possible to smear paint on the wall without creating valid Perl?"

McMillen and Toady set out to answer the question and found that 93% of all paint spatters OCR to valid perl programs.

While the results presented in this paper are novel and important, they only begin to break ground on what could be a very fruitful area of further research.

The dataset used in this paper is a relatively small dataset of only 100 paint-splatter images. It would be good to confirm these results on a larger dataset, and with a greater variety of images. Perhaps next time ImageNet won’t be down.

We also noticed far too late that while the original question referred to paint smears, we elected to search Pinterest only for paint splatters. It is unclear at whether these results would change significantly for paint splatters vs. paint smears.

Similarly, our choice to select images from Pinterest ensured that they were reasonably high-quality paint splatters, as at least one Pinterest user had chosen to “pin” that image as something worth saving for later. It would be worth investigating whether amateurish, lower-quality paint splatters — such as those produced by a young child — are less likely to be parsed as valid Perl programs.

93% of Paint Splatters are Valid Perl Programs (paper) [Colin McMillen and Tim Toady/SIGBOVNIK]

93% of Paint Splatters are Valid Perl Programs (summary) [Colin McMillen]

(via Four Short Links)

Newsweek reports that yoga classes were reinstated in Russian prisons this week after being suspended due to a "religious scholar's" warning that it cold make prisoners gay.

Theological professor Alexander Dvorkin wrote a document suggesting yoga could cause uncontrolled sexual arousal and homosexuality in detention centers, leading to riots, the newspaper Moskovsky Komsomlets reported. Senator Elena Mizulina, who is known for her conservative views, used the document to appeal to the Prosecutor General's Office to check the legality of the yoga classes, and asked for them to be suspended, according to the paper.

The days when you could simply grow a basil plant from a seed by placing it on your windowsill and watering it regularly are gone — there’s no point now that machine learning-optimized hydroponic “cyber-agriculture” has produced a superior plant with more robust flavors. The future of pesto is here.

This research didn’t come out of a desire to improve sauces, however. It’s a study from MIT’s Media Lab and the University of Texas at Austin aimed at understanding how to both improve and automate farming.

In the study, published today in PLOS ONE, the question being asked was whether a growing environment could find and execute a growing strategy that resulted in a given goal — in this case, basil with stronger flavors.

Such a task is one with numerous variables to modify — soil type, plant characteristics, watering frequency and volume, lighting and so on — and a measurable outcome: concentration of flavor-producing molecules. That means it’s a natural fit for a machine learning model, which from that variety of inputs can make a prediction as to which will produce the best output.

“We’re really interested in building networked tools that can take a plant’s experience, its phenotype, the set of stresses it encounters, and its genetics, and digitize that to allow us to understand the plant-environment interaction,” explained MIT’s Caleb Harper in a news release. The better you understand those interactions, the better you can design the plant’s lifecycle, perhaps increasing yield, improving flavor or reducing waste.

In this case the team limited the machine learning model to analyzing and switching up the type and duration of light experienced by the plants, with the goal of increasing flavor concentration.

A first round of nine plants had light regimens designed by hand based on prior knowledge of what basil generally likes. The plants were harvested and analyzed. Then a simple model was used to make similar but slightly tweaked regimens that took the results of the first round into account. Then a third, more sophisticated model was created from the data and given significantly more leeway in its ability to recommend changes to the environment.

To the researchers’ surprise, the model recommended a highly extreme measure: Keep the plant’s UV lights on 24/7.

Naturally this isn’t how basil grows in the wild, since, as you may know, there are few places where the sun shines all day long and all night strong. And the arctic and antarctic, while fascinating ecosystems, aren’t known for their flavorful herbs and spices.

Nevertheless, the “recipe” of keeping the lights on was followed (it was an experiment, after all), and incredibly, this produced a massive increase in flavor molecules, doubling the amount found in control plants.

“You couldn’t have discovered this any other way,” said co-author John de la Parra. “Unless you’re in Antarctica, there isn’t a 24-hour photoperiod to test in the real world. You had to have artificial circumstances in order to discover that.”

But while a more flavorful basil is a welcome result, it’s not really the point. The team is more happy that the method yielded good data, validating the platform and software they used.

“You can see this paper as the opening shot for many different things that can be applied, and it’s an exhibition of the power of the tools that we’ve built so far,” said de la Parra. “With systems like ours, we can vastly increase the amount of knowledge that can be gained much more quickly.”

If we’re going to feed the world, it’s not going to be done with amber waves of grain, i.e. with traditional farming methods. Vertical, hydroponic, computer-optimized — we’ll need all these advances and more to bring food production into the 21st century.

Ford of Europe’s vision for electrification includes 16 vehicle models — eight of which will be on the road by the end of this year — the company announced at its Go Further event in Amsterdam.

Those plans include a plug-in hybrid variant of its Kuga SUV, its Mustang-inspired crossover, and a commercial transit van.

Ford’s European electrification strategy is in line with its plans for North America to focus largely on hybrids. For instance, in a separate event on Tuesday Ford took the wraps off its latest generation of the Escape, a 2020 model vehicle for the North American market that is sportier, loaded with technology and, comes with hybrid and electric options.

Last year, Ford ramped up its plans, announcing that it would phase out most cars it sells in North America. Ford will continue to produce the Mustang and focus the rest of its efforts in North America on trucks, utilities and commercial vehicles, as well as a move into electric vehicles.

The operational piece of Ford of Europe’s strategy, which does include a couple of all-electric vehicles in the mix, namely the Mustang-eseque SUV, will be largely led by Stuart Rowley.

Rowley, who took over as vice present and president of the regional outfit on April 1, will be responsible for all operational leadership of the business unit, including acceleration of the European transformation strategy. He reports to Jim Farley, president of Ford Global Markets.

The majority of the vehicles introduced Tuesday at Ford of Europe’s event are either hybrid or plug-in hybrid vehicles. Two of those vehicles – a plug-in hybrid Explorer SUV and  a new plug-in hybrid Tourneo for the commercial van market – made their global debuts at the Go Further event.

A plug-in hybrid variant of Ford’s new mid-size Kuga SUV, which will have a 31-mile range for the battery piece of the hybrid picture, was also introduced along with new Fiesta EcoBoost Hybrid and Focus EcoBoost Hybrid models that feature mild-hybrid technology for optimized fuel-efficiency.

Ford focused on the commercial end of the market as well, with plans to bring an all-electric Transit van to Europe by 2021. Ford is bringing a plug-in hybrid version of the Transit van to market this year. This plug-in hybrid will have a 13.6 kWh lithium-ion battery pack and Ford’s 1-liter EcoBoost gas engine, which acts as a range extender. The powertrain will have an all-electric (sometimes referred to as a zero-emission driving range) of 31 miles, and a total 310 miles range using the range extender. The vehicle is being trialed in London, with further testing scheduled to start soon in Valencia, Spain, and Cologne, Germany.

The Ford of Europe event confirmed that the often-teased ‘Mustang-inspired’ electric crossover will be more than a North American market. The vehicle, Ford said Tuesday, will be able to travel 600 kilometers, or 370 miles, on a single charge when it comes to market in 2020, an estimate based on European fuel consumption and emissions standard known as WLTP.

The WLTP, or World Harmonised Light Vehicle Test Procedure, is a new standard that is supposed to make European fuel economy labels more realistic. (In the past, ranges in Europe were wildly overstated compared to the more conservative EPA estimates. Vehicles in the U.S. use EPA estimates.

Ford has said it’s targeting a 300-mile range for its electric crossover in the United States.

The MSG Sphere will be located in Stratford, East London

Continue reading...

Whether you need something keto-friendly to put in your coffee, or just want to avoid animal products, lots of us are looking for alternatives to dairy milk these days. READ MORE...

Toledo's WTOL 11 crew thought they were on fleek. Da fuq?

(Thanks UPSO!)

Each week, Extra Crunch members have access to conference calls moderated by the TechCrunch writers you read every day. This week, security reporter Zack Whittaker discussed his exclusive report about Tufts University veterinary student Tiffany Filler who was expelled on charges she hacked her grades. Being Canadian and therefore in the U.S. on a student visa, she had to immediately leave the country.

From the transcript:

Firstly, given the legal risks, the potential public relations nightmare, and the ethics behind what looked like a failed due process, why didn’t Tufts hire a third-party forensics team to investigate the incident, especially given the nature of the allegations?

Secondly, how did Tufts decide that the student was to blame for these hacks? Attribution for any hack or cyber attack is often difficult, if not impossible. And the school’s IT department showed no evidence it was qualified to investigate the source of the breaches and demonstrates a clear lack of forensics, given the conclusions it came to, according to a forensics expert we spoke to.

This was definitely one of the toughest stories I’ve had to report in years, in the last seven or eight years, covering cybersecurity, national security. Those are rare for security reporters to focus on a single person for the reporting. Typically I write about data breaches or vulnerabilities or hacks that affect thousands, if not millions, of users around the world.

But this story was far too interesting not to dig into. We tried not to determine whether or not she was guilty or innocent. The fact of the matter is that both sides had conflicting evidence, but Filler offered … it was everything, and Tufts declined to comment on 19 very specific questions we sent.

This is a deeper look into a complicated story that also contains lessons for startups in varying stages of existence. Read on.

For access to Whittaker’s full transcription and for the opportunity to participate in future conference calls, become a member of Extra Crunch. Learn more and try it for free. 

---

Eric: This is Eric Eldon, the managing editor of Extra Crunch, and with me today is Zack Whittaker, our security correspondent, who covers a wide range of security and hacking issues and a variety of things. Over the past year, he has been doing a deep investigation into a rather troubling case that has happened at Tufts University .

For the format today, Zack is going to tell us all about his approach for the next few minutes in his own words. Then he will open it up to questions for all of you on the phone as well as myself. So without further ado, I’ll let Zack get started.

Zack: Yeah, thanks a lot Eric, much appreciated. Big thanks to everyone who read the story. It took a long time to get this far. The story went out on Friday. It’s received a really good reception, very happy with it. I’m very tired, for what it’s worth. Yeah, this took a long time, weeks and weeks of talking to people, calling people, and trying to figure out exactly what happened here.

Even then, we still ended with more questions than answers. For anyone who read, this was a very deep story, a deep-dive story about a veterinary student, who was accused of hacking her grades. Tufts University pulls this student, her name was Tiffany Filler, out of her classes. She was still in her bloodied scrubs from treating patients, and faced several accusations from the university. Tufts said she systematically broke into several user accounts, modified permission access to those accounts, and changed grades of others.

The school says its IT department used extensive logs and database records to trace activity back to her computer, based off a unique identifier and a Mac address, as well as using other indicators, such as the network she was allegedly using, the campus’s wireless network, or her own off-campus residence.

As she sat in the airport with a one-way ticket in her hand, Tiffany Filler wondered how she would pick up the pieces of her life, with tens of thousands of dollars in student debt and nothing to show for it.

A day earlier, she was expelled from Tufts University veterinary school. As a Canadian, her visa was no longer valid and she was told by the school to leave the U.S. “as soon as possible.” That night, her plane departed the U.S. for her native Toronto, leaving any prospect of her becoming a veterinarian behind.

Filler, 24, was accused of an elaborate months-long scheme involving stealing and using university logins to break into the student records system, view answers, and alter her own and other students’ grades.

The case Tufts presented seems compelling, if not entirely believable.

There’s just one problem: In almost every instance that the school accused Filler of hacking, she was elsewhere with proof of her whereabouts or an eyewitness account and without the laptop she’s accused of using. She has alibis: fellow students who testified to her whereabouts; photos with metadata putting her miles away at the time of the alleged hacks; and a sleep tracker that showed she was asleep during others.

Tufts is either right or it expelled an innocent student on shoddy evidence four months before she was set to graduate.

– – –

Guilty until proven innocent

Tiffany Filler always wanted to be a vet.

Ever since she was a teenager, she set her sights on her future career. With almost four years under her belt at Tufts, which is regarded as one of the best schools for veterinary medicine in North America, she could have written her ticket to any practice. Her friends hold her in high regard, telling me that she is honest and hardworking. She kept her head down, earning cumulative grade point averages of 3.9 for her masters and 3.5 for her doctorate.

For a time, she was even featured on the homepage of Tufts’ vet school. She was a model final-year student.

Tufts didn’t see it that way.

Filler was called into a meeting on the main campus on August 22 where the university told her of an investigation. She had “no idea” about the specifics of the hacking allegations, she told me on a phone call, until October 18 when she was pulled out of her shift, still in her bloodied medical scrubs, to face the accusations from the ethics and grievance committee.

For three hours, she faced eight senior academics, including one who is said to be a victim of her alleged hacks. The allegations read like a court docket, but Filler said she went in knowing nothing that she could use to defend herself.

Tufts said she stole a librarian’s password to assign a mysteriously created user account, “Scott Shaw,” with a higher level of system and network access. Filler allegedly used it to look up faculty accounts and reset passwords by swapping out the email address to one she’s accused of controlling, or in some cases obtaining passwords and bypassing the school’s two-factor authentication system by exploiting a loophole that simply didn’t require a second security check, which the school has since fixed.

Tufts accused Filler of using this extensive system access to systematically log in as “Scott Shaw” to obtain answers for tests, taking the tests under her own account, said to be traced from either her computer — based off a unique identifier, known as a MAC address — and the network she allegedly used, either the campus’s wireless network or her off-campus residence. When her grades went up, sometimes other students’ grades went down, the school said.

In other cases, she’s alleged to have broken into the accounts of several assessors in order to alter existing grades or post entirely new ones.

The bulk of the evidence came from Tufts’ IT department, which said each incident was “well supported” from log files and database records. The evidence pointed to her computer over a period of several months, the department told the committee.

“I thought due process was going to be followed,” said Filler, in a call. “I thought it was innocent until proven guilty until I was told ‘you’re guilty unless you can prove it.'”

Like any private university, Tufts can discipline — even expel — a student for almost any reason.

“Universities can operate like shadow criminal justice systems — without any of the protections or powers of a criminal court,” said Samantha Harris, vice president of policy research at FIRE, a rights group for America’s colleges and universities. “They’re without any of the due process protections for someone accused of something serious, and without any of the powers like subpoenas that you’d need to gather all of the technical evidence.”

Students face an uphill battle in defense of any charges of wrongdoing. As was the case with Filler, many students aren’t given time to prepare for hearings, have no right to an attorney, and are not given any or all of the evidence. Some of the broader charges, such as professional misconduct or ethical violations, are even harder to fight. Grade hacking is one such example — and one of the most serious offenses in academia. Where students have been expelled, many have also faced prosecution and the prospect of serving time in prison on federal computer hacking charges.

Harris reviewed documents we provided outlining the university’s allegations and Filler’s appeal.

“It’s troubling when I read her appeal,” said Harris. “It looks as though [the school has] a lot of information in their sole possession that she might try to use to prove her innocent, and she wasn’t given access to that evidence.”

Access to the university’s evidence, she said, was “critical” to due process protections that students should be given, especially when facing suspension or expulsion.

A month later, the committee served a unanimous vote that Filler was the hacker and recommended her expulsion.

– – –

A RAT in the room

What few facts Filler and Tufts could agree on is that there almost certainly was a hacker. They just disagreed on who the hacker was.

Struggling for answers and convinced her MacBook Air — the source of the alleged hacks — was itself compromised, she paid for someone through freelance marketplace Fiverr to scan her computer. Within minutes, several malicious files were found, chief among which were two remote access trojans — or RATs — commonly used by jilted or jealous lovers to spy on their exes’ webcams and remotely control their computers over the internet. The scan found two: Coldroot and CrossRAT. The former is easily deployed, and the other is highly advanced malware, said to be linked to the Lebanese government.

Evidence of a RAT might suggest someone had remote control of her computer without her knowledge. But existence of both on the same machine, experts say, is unlikely if not entirely implausible.

Thomas Reed, director of Mac and Mobile at Malwarebytes, the same software used to scan Filler’s computer, confirmed the detections but said there was no conclusive evidence to show the malware was functional.

“The Coldroot infection was just the app and was missing the launch daemon that would have been key to keeping it running,” said Reed.

Even if it were functional, how could the hacker have framed her? Could Filler have paid someone to hack her grades? If she paid someone to hack her grades, why implicate her — and potentially the hacker — by using her computer? Filler said she was not cautious about her own cybersecurity — insofar that she pinned her password to a corkboard in her room. Could this have been a stitch-up? Was someone in her house trying to frame her?

The landlord told me a staff resident at Tufts veterinary school, who has since left the house, “has bad feelings” and “anger” toward Filler. The former housemate may have motive but no discernible means. We reached out to the former housemate for comment but did not hear back, and therefore are not naming the person.

Filler took her computer to an Apple Store, claiming the “mouse was acting on its own and the green light for the camera started turning on,” she said. The support staff backed up her files but wiped her computer, along with any evidence of malicious software beyond a handful of screenshots she took as part of the dossier of evidence she submitted in her appeal.

It didn’t convince the grievance committee of possible malicious interference.

“Feedback from [IT] indicated that these issues with her computer were in no way related to the alleged allegations,” said Angie Warner, the committee’s acting chair, in an email we’ve seen, recommending Filler’s expulsion. Citing an unnamed IT staffer, the department claimed with “high degree of certainty” that it was “highly unlikely” that the grade changes were “performed by malicious software or persons without detailed and extensive hacking ability.”

Unable to prove who was behind the remote access malware — or even if it was active — she turned back to fighting her defense.

– – –

‘Why wait?’

It took more than a month before Filler would get the specific times of the alleged hacks, revealing down to the second when each breach happened

Filler thought she could convince the committee that she wasn’t the hacker, but later learned that the timings “did not factor” into the deliberations of the grievance committee, wrote Tufts’ veterinary school dean Joyce Knoll in an email dated December 21.

But Filler said she could in all but a handful of cases provide evidence showing that she was not at her computer.

In one of the first allegations of hacking, Filler was in a packed lecture room, with her laptop open, surrounded by her fellow vet school colleagues both besides and behind her. We spoke to several students who knew Filler — none wanted to be named for fear of retribution from Tufts — who wrote letters to testify in Filler’s defense.

All of the students we spoke to said they were never approached by Tufts to confirm or scrutinize their accounts. Two other classmates who saw Filler’s computer screen during the lecture told me they saw nothing suspicious — only her email or the lecture slides.

Another time Filler is accused of hacking, she was on rounds with other doctors, residents and students to discuss patients in their care. One student said Filler was “with the entire rotation group and the residents, without any access to a computer” for two hours.

For another accusation, Filler was out for dinner in a neighboring town. “She did not have her laptop with her,” said one of the fellow student who was with Filler at dinner. The other students sent letters to Tufts in her defense. Tufts said on that occasion, her computer — eight miles away from the restaurant — was allegedly used to access another staff member’s login and tried to bypass the two-factor authentication, using an iPhone 5S, a model Filler doesn’t own. Filler has an iPhone 6. (We asked an IT systems administrator at another company about Duo audit logs: They said if a device not enrolled with Duo tried to enter a valid username and password but couldn’t get past the two-factor prompt, the administrator would only see the device’s software version and not see the device type. A Duo spokesperson confirmed that the system does not collect device names.)

Filler, who wears a Xiaomi fitness and sleep tracker, said the tracker’s records showed she was asleep in most, but not all of the times she’s accused of hacking. She allowed TechCrunch to access the data in her cloud-stored account, which confirmed her accounts.

The list of accusations included a flurry of activity from her computer at her residence, Tufts said took place between 1am and 2am on June 27, 2018 — during which her fitness tracker shows she was asleep — and from 5:30 p.m. and 6:30 p.m. on June 28, 2018.

But Filler was 70 miles away visiting the Mark Twain House in neighboring Hartford, Connecticut. She took two photos of her visit — one of her in the house, and another of her standing outside.

We asked Jake Williams, a former NSA hacker who founded cybersecurity and digital forensics firm Rendition Infosec, to examine the metadata embedded in the photos. The photos, taken from her iPhone, contained a matching date and time for the alleged hack, as well as a set of coordinates putting her at the Mark Twain House.

While photo metadata can be modified, Williams said the signs he expected to see for metadata modification weren’t there. “There is no evidence that these were modified,” he said.

Yet none of it was good enough to keep her enrolled at Tufts. In a letter on January 16 affirming her expulsion, Knoll rejected the evidence.

“Date stamps are easy to edit,” said Knoll. “In fact, the photos you shared with me clearly include an ‘edit’ button in the upper corner for this exact purpose,” she wrote, referring to the iPhone software’s native photo editing feature. “Why wait until after you’d been informed that you were going to be expelled to show me months’ old photos?” she said.

“My decision is final,” said her letter. Filler was expelled.

– – –

The little things

Filler is back home in Toronto. As her class is preparing to graduate without her in May, Tufts has already emailed her to begin reclaiming her loans.

News of Filler’s expulsion was not unexpected given the drawn-out length of the investigation, but many were stunned by the result, according to the students we spoke to. From the time of the initial investigation, many believed Filler would not escape the trap of “guilty until proven innocent.”

“I do not believe Tiffany received fair treatment,” said one student. “As a private institution, it seems like we have few protections [or] ways of recourse. If they could do this to Tiffany, they could do it to any of us.”

TechCrunch sent Tufts a list of 19 questions prior to publication — including if the university hired qualified forensics specialists to investigate, and if law enforcement was contacted and whether the school plans to press criminal charges for the alleged hacking.

“Due to student privacy concerns, we are not able to discuss disciplinary matters involving any current or former student of Cummings School of Veterinary Medicine at Tufts University,” said Tara Pettinato, a Tufts spokesperson. “We take seriously our responsibility to ensure our students’ privacy, to maintain the highest standards of academic integrity, and to adhere to our policies and processes, which are designed to be fair and equitable to all students.”

We asked if the university would answer our questions if Filler waived her right to privacy. The spokesperson said the school “is obligated to follow federal law and its own standards and practices relating to privacy,” and would not discuss disciplinary matters involving any current or former student.

The spokesperson declined to comment further.

But even the little things don’t add up.

Tufts never said how it obtained her IP address. Her landlord told me Tufts never asked for it, let alone confirmed it was accurate. Courts have thrown out cases that rely on them as evidence when others share the same network. MAC addresses can identify devices but can be easily spoofed. Filler owns an iPhone 6, not an iPhone 5S, as claimed by Tufts. And her computer name was different to what Tufts said.

And how did she allegedly get access to the “Scott Shaw” password in the first place?

Warner, the committee chair, said in a letter that the school “does not know” how the initial librarian’s account was compromised, and that it was “irrelevant” if Filler even created the “Scott Shaw” account.

Many accounts were breached as part of this apparent elaborate scheme to alter grades, but there is no evidence Tufts hired any forensics experts to investigate. Did the IT department investigate with an inherent confirmation bias to try to find evidence that connected Filler’s account with the suspicious activity, or were the allegations constructed after Filler was identified as a suspect? And why did the university take months from the first alleged hack to move to protect user accounts with two-factor authentication, and not sooner?

“The data they are looking at doesn’t support the conclusions they’ve drawn,” said Williams, following his analysis of the case. “It’s entirely possible that the data they’re relying on — is far from normal or necessary burdens of evidence that you would use for an adverse action like this.

“They did DIY forensics,” he continued. “And they opened themselves up to legal exposure by doing the investigation themselves.”

Not every story has a clear ending. This is one of them. As much as you would want answers reading this far into the story, we do, too.

But we know two things for certain. First, Tufts expelled a student months before she was set to graduate based on a broken system of academic-led, non-technical committees forced to rely on weak evidence from IT technicians who had no discernible qualifications in digital forensics. And second, it doesn’t have to say why.

Or as one student said: “We got her side of the story, and Tufts was not transparent.”

Extra Crunch members — join our conference call on Tuesday, March 12 at 11AM PST / 2PM EST with host Zack Whittaker. He’ll discuss the story’s developments and take your questions. Not a member yet? Learn more about Extra Crunch and try it free.

Read more on TechCrunch:

• Two hackers behind 2016 Uber data breach have been indicted for another hack
• Millions of bank loan and mortgage documents have leaked online
• Hackers are spreading Islamic State propaganda by hijacking Twitter accounts
• Many popular iPhone apps secretly record your screen without asking
• Dow Jones’ watchlist of 2.4 million high-risk individuals has leaked
• India’s state gas company leaks millions of Aadhaar numbers

Dick Dale, the "King of the Surf Guitar," has died at age 81. RIP, maestro. Dale's pioneering sound was inspired by his Lebanese uncle who played the oud and taught his nephew the tarabaki, a goblet-shaped drum. Dale's 1961 instrumental "Let's Go Trippin'," recorded with his band The Del-Tones, sparked the vibrant surf rock scene that spawned the Beach Boys. Dale was shredding right up until his death. RIP, maestro. From The Guardian:

Born Richard Anthony Monsour in May 1937, Dale developed his distinctive sound by adding to instrumental rock influences from his Middle Eastern heritage, along with a “wet” reverb sound and his rapid alternative picking style.

In 2011, he told the Miami New Times that the hectic drumming of Gene Krupa, along with the “screams” of wild animals and the sound and sensation of being in the ocean inspired his sound.

Walmart self-insures its workforce, rather than relying on an outside insurer like Cigna or Blue Cross; this means that it gets to make judgment calls that other firms cannot, and that has led the retail giant to a pretty weird place: for certain procedures that it believes to be overused by local hospitals, it flies its employees (even front-line, low-waged employees) to see the nation's top specialists in out-of-state facilities where they receive "concierge, white-glove care that was reserved at other companies only for highly paid executives."

Walmart has written up the results of its program in an HBR case-study that details the company's mandatory policy that its employees be treated for spinal issues, cancer diagnoses and heart surgeries at the Mayo Clinic and others, including Pennsylvania's Geisinger Medical Center.

American hospitals are notorious for opaque billing practices and rampant price-gouging, a phenomenon that is only exacerbated by their adversarial relationships with insurers, with the two parties locked in an arms race to generate and deny charges.

Bill, an employee at Walmart, had been suffering from mild neck pain and a tremor in his hands. A local surgeon recommended spine surgery as the next course of action.

Walmart decided to send him and his wife on a flight to a hospital in another state, all expenses paid, so he could get a second opinion. He saw a team of clinicians at Geisinger Medical Center, a top hospital system in Pennsylvania. They noticed a subtle shuffle in his step and diagnosed him with Parkinson’s Disease.

The employee avoided a painful, expensive surgery that he did not need. Walmart (which is self-insured) saved about $30,000 it would have paid for that surgery, and it also benefited when Bill went back to work after his symptoms improved. Geisinger got paid for the consult.

Walmart is so desperate to fix health care, it flies employees to top hospitals in other states for treatment [Christina Farr/CNBC]

(via Naked Capitalism)

(Image: Mike Mozart, CC-BY)

Apple likes to tout its smartwatch’s heart-tracking features as being able to potentially save a user’s life one day. But a man in Nimbin, New South Wales, Australia, may owe his life to his smartphone, which stopped an arrow fired by an assailant while he was trying to snap a photo.

Read more...

The United Kingdom’s Royal Mint will honor the work of Stephen Hawking with a commemorative coin featuring the physicist’s name above concentric circles representing a black hole. It looks pretty awesome.

Read more...

I can open your eyes
Take you wonder by wonder
Over sideways and under
On a magic carpet ride

Credits: Hiskm and Dahlek88 (r/Aquariums, thanks Dustin Hostetler!)

Prince was self-conscious about his height -- 5'3" -- and wore high-heeled boots (either 4" or 3 1/3") whenever he went out in public, and moreover, he did not like to be seen wearing the same pair of boots at two different appearances on the same day.

Prince contracted with Andre No. 1, a famous cobbler-to-the-stars on Sunset Boulevard founded by Andre Rostomyan, whose client roster includes everyone from Frank Sinatra to Lady Gaga. Rostomyan made a shoe last -- a wooden model -- of Prince's feet, and would take orders for 30-40 pairs of boots/month, eventually supplying more than 3,000 pairs to Prince.

Each pair was identical in shape, but used unique mixes of materials, colors, and gimmicks like light-up lucite heels. Prince consulted closely on the details, visiting the store in person with fabric, making calls as to whether to cut it with or against the bias, etc. Boots that were to be worn onstage -- where Prince gave incredibly athletic, graceful performances -- got extra-strong structural wood to ensure that they could survive the workout that Prince put them through.

Prince refused to have his wooden lasts improved by means of a 3D scanning system, saying that the religious tenets of the Jehovah's Witnesses forbade believers like him from using technology to capture a part of the human body.

There was only one instance in which Prince was adamantly against something Gary suggested. “He was a Jehovah’s Witness,” the shoemaker explains. “I wanted to use one of the 3-D scanning machines I’d just gotten to mold the new shoe forms for him and make the process a bit faster, but he refused. I guess they don’t believe in using technology to re-create a certain part of the body.” Gary continued to make Prince’s footwear by hand, even crafting “slippers” for him to wear while he was at home. “They were actually more like platform flip-flops,” he says. “They looked a lot like those ’90s platform thongs made by brands like Rocket Dog and Soda.” Mostly, though, whether at home, onstage, or in public, Prince had his bespoke man stilts on. “I’ve seen a lot of people pull off a lot of different shoes, but there were definitely times where I thought Prince couldn’t do it, especially with all of the splits and the dancing,” Gary says. “But no matter the heel, he always did.”

Meet the Man Who Made 3,000 Pairs of High Heels for Prince [Brooke Bobb/Vogue]

(via JWZ)

No, this is not the next Arnold Palmer. READ MORE...

The Portmanteau and Rhyme Generator accepts two input words and produces weird coinages that are often surprisingly funny. "Rhino" and "Hospital", for example, produces "Boarphanage" and "hotelephant" among other things.

I tried "chaste caravaggio" and got "Vermeerotic". "Moist carpet" yielded "flavorniture". "Lube barrel" turned into "bluebrication". Magic.

America's first pizzeria isn't where the experts thought it was. Ed Levine talks to Peter Regas, the man who discovered the truth; our own Sasha Marx joins the conversation; and J. Kenji Lopez-Alt weighs in at the end. Read More

“Do your plants have names?” I was asked over dinner this past weekend. I shook my head. I couldn’t help but feel like I was a bad plant mom. The next morning, I woke up and spent an hour thoroughly overthinking and finding a name for my green friends. A weirdly satisfying experiment.

Now, I keep a list of potential names for new plants. One of them, I just added today, is Leif.

A book about the art of Swiss Cat Ladders. Love this so much.

(via Clay)

GIPHY, in collaboration with Paisley Park and Prince’s estate, has done a truly remarkable thing. It’s created an official archive of high-quality Prince GIFs, from virtually all of his music videos. You can browse it by album and by song.

The result is a veritable gold mine for both Prince fans and meme hunters.

It’s got the early stuff:

The classic stuff:

The stuff that’s so sexy it’s a little uncomfortable:

And the self-iconographic work at (what shouldn’t have been) the end:

Please note, however, that if you want reaction GIFs from Prince interviews, live shows, and other non-music-video appearances, you still have to use the regular search function like everyone else.

Via Anil Dash (who else?)

Tags: Anil Dash   GIFs   music   Prince

The Times reported yesterday that the International Association of Athletics Federation (IAAF) will argue in front of the Court for Arbitration for Sport (CAS) that Caster Semenya, the 2016 Olympic champion in the 800 meters, is “biologically male.” The IAAF quickly issued a statement denying this claim, but did…

Read more...

“Do what you feel in your heart to be right —
for you’ll be criticized anyway.”
— Eleanor Roosevelt

Brian Ashcraft:

Grande posted a photo of her tattoo. In Japanese, it reads, 七輪 (shichirin). You can see the pic photo (via Grande’s official Japanese Twitter), which has since been deleted from her Instagram. The kanji character 七 means “seven,” while 輪 means “hoop,” “circle,” “ring,” or “wheel.” However, when you put them together, the meaning is different! 七輪 (shichirin) is a “small charcoal grill” and not “seven rings,” which is written differently in Japanese.

The mistake could have been avoided had she googled her new tat: