Shared posts

17 Oct 08:18

Goodbye Gatekeepers

by Ben Thompson

I’d be remiss in not stating the obvious: Harvey Weinstein is a despicable human being, who did evil things. It’s worth noting, though, the structure of Hollywood that made it possible for him to do so much evil with such frequency for so long.

The Structure of Hollywood

                           

There has always been a large “supply” of movie actors, directors, script writers, etc.; Los Angeles is famous for being a city of transplants, particularly young men and women eager to make a go of it in show business, certain their breakthrough opportunity is the next audition, the next script, the next movie pitch.

The supply of movies, though, is limited. These two charts from Stephen Follows tell the story. First, the number of feature films:

Then, the number of studio versus non-studio films:

Back in 1980, shortly after the creation of Weinstein’s Miramax production company, there were just over 100 movies release in US cinemas a year; in 2016, there were 736, but for “wide Studio releases” — Weinstein’s territory — there were only 93. Suppose there are five meaningful acting jobs per movie: that means there are only about 500 meaningful acting jobs a year. And Weinstein not only decided who filled many of those 500 roles, he had an outsized ability to affect who filled the rest by making or breaking reputations.

Weinstein was a gatekeeper, presented with virtually unlimited supply while controlling limited distribution: those that wished to reach consumers had to accede to his demands, no matter how criminally perverse they may have been. Lauren O’Connor, an employee at the Weinstein Company, summed up the power differential that resulted in an internal memo uncovered by the New York Times:

I am a 28 year old woman trying to make a living and a career. Harvey Weinstein is a 64 year old, world famous man and this is his company. The balance of power is me: 0, Harvey Weinstein: 10.

What made Hollywood’s structure particularly nefarious was the fact that selecting actors is such a subjective process. Movies are art — what appeals to one person may not appeal to another — making people like Weinstein cultural curators. If he were to not select an actor, or purposely damaged their reputation through his extensive contacts with the press, they wouldn’t have a chance in Hollywood. After all, there were many others to choose from, and no other routes to making movies.

All the News That’s Fit to Print

Jim Rutenberg, the New York Times’ media columnist, highlighted Weinstein’s press contacts in a follow-up piece entitled Harvey Weinstein’s Media Enablers:

The real story didn’t surface until now because too many people in the intertwined news and entertainment industries had too much to gain from Mr. Weinstein for too long. Across a run of more than 30 years, he had the power to mint stars, to launch careers, to feed the ever-famished content beast. And he did so with quality films that won statuettes and made a whole lot of money for a whole lot of people.

Sharon Waxman, a former reporter for the New York Times, said on The Wrap that the New York Times itself belonged on that list:

I simply gagged when I read Jim Rutenberg’s sanctimonious piece on Saturday about the “media enablers” who kept this story from the public for decades…That’s right, Jim. No one — including The New York Times. In 2004, I was still a fairly new reporter at The New York Times when I got the green light to look into oft-repeated allegations of sexual misconduct by Weinstein…The story I reported never ran.

After intense pressure from Weinstein, which included having Matt Damon and Russell Crowe call me directly to vouch for Lombardo and unknown discussions well above my head at the Times, the story was gutted. I was told at the time that Weinstein had visited the newsroom in person to make his displeasure known. I knew he was a major advertiser in the Times, and that he was a powerful person overall.

Weinstein’s alleged pressuring of the New York Times — and his ability to influence the media generally — rested on the fact that the media is also a gatekeeper. The New York Times still brags as such in its print edition:

“All the News That’s Fit to Print” is rather clear about how the New York Times’ views itself: the arbiter — that is gatekeeper — of what news ought to be consumed by the public. In truth, though, by 2004 that gatekeeper role was already breaking down; perhaps the most famous example involved another set of allegations of sexual misconduct, when in 1998 the Drudge Report reported the news that Newsweek wouldn’t:

The gate could not hold.

The Structure of Newspapers

After Waxman’s post, New York Times’ editor-in-chief Dean Baquet argued that “it is unimaginable” that her story was killed due to pressure from Weinstein; in fact, though, an examination of the structure of the newspaper business suggests it is quite imaginable.

In 2004, the New York Times had $3.3 billion in revenue, up 2.4% year-over-year. That increase, though, belied deeper problems: circulation had dropped a percentage point year-over-year; revenue growth came from a 6% increase in adverting rates. Advertising was the New York Times’ primary revenue source, accounting for 66% of total revenue, and given that in 2003 the average Hollywood movie spent an average of $34.8 million in advertising, some portion of that undoubtedly came from Weinstein specifically.

The reason that circulation decline suggested a problem is that the ability of the New York Times and other newspapers to command advertising depended on being a gatekeeper: advertisers didn’t take out newspaper ads because they loved newspapers, they took out newspaper ads because it was an effective way to reach potential customers:

“Gatekeeper” is another way to say “integrator”, and as I have explained previously, the key to the newspaper business model was controlling distribution and integrating editorial content and ads. In 2004, though, that integration was the verge of falling apart; the Internet meant advertisers would reach customers directly. It had already happened with Craigslist and classifieds, and first ad networks and then social networks would do the same to display ads, causing newspaper advertising revenue to plummet to levels not seen since the 1950s:

2004 came after that first Craigslist-inspired decline, and it’s all too easy to imagine Weinstein’s threats having their intended effect.

Journalism Worth Paying For

The ultimate credit for the New York Times story goes first and foremost to the women willing to go on the record, and then to Jodi Kantor and Megan Twohey, the reporters who investigated and wrote it. If Waxman’s allegations are true, though, then it’s worth pointing out that the New York Times is in a very different place than it was in 2004.

Last year the New York Times had $1.6 billion in revenue, a 53% decrease from 2004. Critically, though, the source of that revenue had flipped on its head: advertising accounted for only 37% of revenue, while circulation was 57%, up from 54% in 2015, and only 27% in 2004; by all account circulation is up significantly more in 2017.

That image is from the company’s 2020 strategy report, which declared that the editorial product should align with the company’s focus on subscriptions; Baquet told Recode that it was his job “to do as many ‘Amazons’ as possible”, referring to the paper’s investigative report on Amazon’s working conditions. Certainly this Weinstein piece fits: whatever expenses the New York Times spent reporting this story will be more than made up in the burnishing of the company’s reputation for journalism that is worth paying for.

Admittedly, “Journalism worth paying for” doesn’t have the same ring as “All the News That’s Fit to Print”, but it is a far better descriptor of the New York Times’ new business model:

In a world where the default news source is the Facebook News Feed, the New York Times is breaking out of the inevitable modularization and commodification entailed in supplying the “news” to the feed. That, in turn, requires building a direct relationship with customers: they are the ones in charge, not the gatekeepers of old — even they must now go direct.

YouTube and the Movies

In the aftermath of the New York Times report (and another from The New Yorker), various stories have alluded to the fact that Weinstein has less power than he used to. I can’t say I know enough about the particulars of Hollywood to know whether that it true in a relative sense, but there’s no question movies are less important than ever before. Indeed, the industry looks a lot like newspapers in 2004; revenue is increasing due to higher prices, even as the number of movie-goers steadily declines (graph from The Numbers):

Meanwhile, more and more cachet — and star power — is flowing to serialized television, particularly distributors like Netflix and HBO that go directly to customers. And don’t forget YouTube: video is a zero sum activity — time spent watching one source of video is time not spent watching another — and YouTube showed over a billion hours of video worldwide every day in 2016.

YouTube represents something else that is just as important: the complete lack of gatekeepers. Google CEO Sundar Pichai said on an earnings’ call earlier this year that “Every single day, over 1,000 creators reached the milestone of having 1,000 channel subscribers.” That is an astounding number in its own right; what is even more remarkable is that while Hollywood has only ~3,500 acting slots a year (including all movies, not just major studios), YouTube creates 100 times as many “stars” over the same time period.

The End of Gatekeepers

It is easy to see the downsides of the destruction of gatekeepers; in 2016, before the election, I explained how the collapse of media gatekeepers meant the collapse of political gatekeepers. From The Voters Decide:

There is no one dominant force when it comes to the dispersal of political information, and that includes the parties described in the previous section. Remember, in a Facebook world, information suppliers are modularized and commoditized as most people get their news from their feed. This has two implications:

  • All news sources are competing on an equal footing; those controlled or bought by a party are not inherently privileged
  • The likelihood any particular message will “break out” is based not on who is propagating said message but on how many users are receptive to hearing it. The power has shifted from the supply side to the demand side

This is a big problem for the parties as described in The Party Decides. Remember, in Noel and company’s description party actors care more about their policy preferences than they do voter preferences, but in an aggregated world it is voters aka users who decide which issues get traction and which don’t. And, by extension, the most successful politicians in an aggregated world are not those who serve the party but rather those who tell voters what they most want to hear.

I can imagine there are many that long for the days when the media — and by extension the parties — could effectively determine presidential nominees. The Weinstein case, though, is a reminder of just how rotten gatekeepers can be. Their very structure is ripe for abuse by those in power, and suppression of those wishing to break through; consumers, meanwhile, are taken for granted.

For my part, I’m thankful such structures are increasingly untenable: perhaps the New York Times didn’t spike that 2004 story because of pressure from Weinstein, but there’s no doubt that for decades “All the News That’s Fit to Print” was shamefully deficient in reporting about news and groups that weren’t on the radar of New York newspaper editors. And, selfishly, I wouldn’t have the career I do without the absence of gatekeepers: anyone can set up a website and send an email and instantly compete with the New York Times and everyone else for attention and subscription dollars.

Most importantly, though, the end of gatekeepers is inevitable: the Internet provides abundance, not scarcity, and power flows from discovery, not distribution.1 We can regret the change or relish it, but we cannot halt it: best to get on with making it work for far more people than gatekeepers ever helped — or harassed.

  1. And fortunately, to date, those that own distribution — the aggregators — have tried to be neutral; that’s a good thing
17 Oct 07:56

The crowdsourcing fallacy

files/images/31th_day_hong_kong_umbrella_revolution.jpg

Jake Orlowitz, Wikimedia, Oct 19, 2017


Icon

Jake Orlowitz makes the important point thta crowdsourcing isn't simply about assembling a crowd. A number of things need to be in place before the crowd can work effectively, and he lists a bunch of them: the crowd has to be diverse, there are areas for growth and engagement, there are mechanisms to address abuse, and there aren't hoops you have to jump through to participate, among others. "Knowing all this, next time you have a problem and want to add some crowd to it, at least consider the people, ideology, task, mission, platform, journey, adaptations, mores, resiliency, motivators, barriers to entry, prerequisites, distractions, and competitors." Good advice.

[Link] [Comment]
17 Oct 07:55

The Best Lurkers An Online Community Can Have

by Richard Millington

Don’t waste your limited time trying to convert lurkers into regulars. It’s an uphill struggle and most lurkers are already as active as they’re ever going to be.

Instead, turn your lurkers into the best lurkers they can be. Don’t try to create new behaviors, shift existing habits instead.

What is the most valuable thing your lurker can read, watch, see, like, or share?

If your community goal is to increase customer retention, make sure lurkers are reading the top 3 tips shared in the community each month.

If your community goal is to generate leads, make sure they’re downloading information which identifies themselves as leads.

If your community goal is to get feedback, make sure they’re liking, voting, or clicking on the topics which most interest them.

Most people have the balance completely wrong. They spend 90% of their time on the 10% of their audience that participates. Yet most value is going to come from what lurkers (the group which does represent 90% of your audience) watch, see, read, and do.

Don’t leave lurkers to aimlessly browse for something interesting to read. Set specific objectives for this group instead. These should be activities which drive the best value?

  • What is the advice that will help them the most?
  • What is the information that will most change their minds on a topic?
  • What are the tips that will solve their questions before they have to ask it?
  • What is the news they most need to know?

Once you have objectives for lurkers, you can design a strategy and tactics to match.

In short, spend more time on lurkers. Don’t try to get them to increase behavior, simply adjust what they do today. Make sure they’re doing the most valuable things they’re ever likely to do.

17 Oct 07:54

Two Years at Microsoft

by Rui Carmo

Well, that was quick. Like last year, the weeks that led up to this weekend were hectic, so this is (again) written somewhat off the cuff, in an attempt to glean a bigger picture out of the incredible amount of stuff you can actually pack into a little over seven hundred days – all of them pretty unique in some ways.

On further reflection, however, a few things stand out. For starters, I had a bunch of personal goals when I joined, two of which were pretty obvious, and a third that might elude the casual reader who typically pegs me as a technologist:

  • I wanted to experience firsthand the way Microsoft was transforming itself to re-focus on cloud (in much the same way as I experienced and took an active role in Vodafone‘s re-invention as a fixed-mobile operator).
  • Catching up on the Microsoft technology stack, and understanding how it fit together as it was rebuilt from the ground up for the cloud.
  • And, finally, getting a handle on the business itself. I’ve gone back and forth from tech to biz a number of times over my career (and I expect to keep twharting people’s tendency to pigeonhole me until I die), and building the cloud business is the best way to understand it.

Two years on, all those goals were unquestionably met and I can move on to other stuff, such as enjoying the ride a bit more and peeking at what’s just around the corner. But first, let’s take a look at the status quo.

What I Do

I’m still a Cloud Solution Architect, and still (primarily) think “in the large” while making good use of my Open Source background. As needs evoved, I moved around in different ways: on one hand, and after a stint dealing with systems integrators and reacquainting myself with the consulting world, I’m now dealing with some of the largest national customers, and tech-wise I moved squarely into what Microsoft terms the “Data & AI” side of Azure, diving into the hard realities of turning analytics and machine learning into actionable business intelligence – and, more importantly, turning it into a process.

As it turned out, my in-depth experience with Python helped a fair bit, and even though I’m still not a fan of R (which I nearly gave up on five or so years ago), I got reacquainted with it for exploratory analytics – although it’s still not the cleanest thing to run in production as a standalone runtime, embedding it in other stuff actually works pretty well.

I still get a kick out of doing infrastructure and networking, but the bread and butter stuff of firing up VMs doesn’t appeal much to me unless there are zeroes to the right of the number of instances – that’s where automation and orchestration come in, and where I’m most productive. From a service architecture standpoint, most large enterprises just aren’t innovative enough to go all out on containers, so I’m a couple of Kubernetes releases behind the cool kids – which might actually be a good thing, given that it’s driving me to catch up.

Looking Back

Well, for starters, it’s also been a couple of years since the first time I logged in to our “inner circle” Slack and laughed myself silly with this:

My friends are the absolute best.

It did feel a little dramatic at first, but now it doesn’t even seem strange anymore, even considering that I’m still largely using Linux and a Mac to get things done. It’s not as if any platform is without flaws these days, and I’ve always stayed steadfastly neutral in many regards – after all, some of the best things in life are acquired tastes.

Taking in the bigger picture, it’s sobering to think that over the course of the past two years, Azure grew in complexity and sophistication to a point where there’s no doubt it is more than a match for the competition – something that I try to have an unbiased view on, to the extent of trying out that very same competition from time to time and peering closely at the gaps. And I find it symptomatic that, of late, many of those gaps are on the other side(s).

There’s still a lot of work to do, and the hectic pace at which the entire industry is moving makes it hard to keep track of everything that’s happening, but that’s par for the course. On a more personal level, I still miss running (and delivering) projects, still miss leading a team (even if multinationals strive to empower individual contributors, enlightened management is a rare asset), and am definitely still coming to terms with moving about constantly, but I’ve been able to carve out the occasional bubble of focus time to actually get done some Stuff That Matters To Me, and it sort of suffices – for now.

Looking Forward

I’m rather more optimistic than last year, since I’m now under new management – the team I’m a part of is now an independent unit with tigher leadership and focus, and as a direct result a lot of the casual frustration that comes with organizational dithering, non-committals and plain lack of understanding regarding what we actually need to do simply melted away overnight, something I’m going to chalk up to the kind of transformation pains I wanted to experience in the first place (oh, the irony!).

In addition, the data stuff that I’ve been doing increasingly steers me away from having to deal with “traditional” IT and more towards the business side of my customers, and even when I have to do purely technical stuff sticking to the Open Source side of things keeps me sharp(er), so I’m OK with what I’m doing even if being in constant demand can get wearisome.

Aside from that, I’ve got my bearings and am now absolutely certain of what I want to do next (and whom I want to do it with). And it’s going to be fun – especially because I have a few tricks up my sleeve.

It’s gonna be… wait for it…

16 Oct 22:12

Twitter Favorites: [opendna] @sillygwailo Socially, you need a quiver of metaphors to riff off. You're a Ghostbuster. When there's an evil spiri… https://t.co/ZEvf5fm3Hf

Jay McKinnon @opendna
@sillygwailo Socially, you need a quiver of metaphors to riff off. You're a Ghostbuster. When there's an evil spiri… twitter.com/i/web/status/9…
16 Oct 22:11

The Unexamined Algorithm Is Not Worth Using

files/images/Facial_recognition_ethics_social_innovation.jpg

Ruben Mancha, Haslina Ali, Stanford Social Innovation Review, Oct 17, 2017


Icon

"Algorithms can be an asset to nonprofit organizations, reducing costs and making processes more efficient," write Mancha and Ali, "but they can also be an ethical liability. "There are many examples of algorithms making unethical decisions. For example, " in mid-September, when Hurricane Irma battered the Florida peninsula, the algorithms airline companies use to price flights increased rates in response to peaks in demand." Uber's surge pricing did the same during the London attacks and New York Bombing. The simple principle that's it's not ethical to profit from tragedy eluded these systems. Algorithms also violated basic ethical codes when making hiringlending and face recognition decisions. These lapses are problems with the technology per se, they're the result of companies that don't care about ethics. This article makes recommendations to change that: make ethics important in your organization, hire employees well-versed in ethics, and test your algorithms against ethical standards.

[Link] [Comment]
16 Oct 22:11

You Probably Need a Public Portfolio Even If You're Not a Freelancer or a "Creative"

files/images/fibvawv658ls7aoe5cns.jpg

Nick Douglas, LifeHacker, Oct 17, 2017


Icon

The messaging for personal portfolios, as in this post, is that people with online portfolios will stand out when being considered for work, interviews, or any other thing related to their profession. As more and more people create portfolios, though, this advantage will slowly disappear (of course, if everyone stays on Facebook and Twitter, the advantage of having your own personal portfolio will never go away). I think what this author (and most authors) don't see yet is that these portfolios will be the basis for automated talent searching algorithms. The cheap and easy algorithms will focus on things like LinkedIn or resume searches on Monster. But the good systems will be looking through personal websites (or whatever we use for portfolios in 20 years). As I've said before, the credentials of the future won't be credentials. They'll be your own work, and you'll be recognized with job offers.

[Link] [Comment]
16 Oct 22:11

Open Badges: A Low-Cost Toolkit for Measuring Team Communication and Dynamics

files/images/MIT_Open_Badges.PNG

Oren Lederman, Dan Calacci, Angus MacMullen, Daniel C. Fehder, Fiona E.
Murray
, Alex “Sandy” Pentland , arXiv, Oct 17, 2017


Icon

This article came to me via the Badge News newsletter, but it has nothing to do with what we think of as open badges. "The Open Badge system consists of three main components: (1) an electronic “badge” that is worn around the neck and is capable of continuously collecting social interaction data from teams in real-time, (2) a smart phone version of the system, and (3) a modular visualization platform that creates summary visual feedback from the data collected by the badges." So: post-apocalyptic surveillance from the MIT Media Lab. Though I doubt whether this system would distinguish between Dr. Jekyll or Mr. Hyde interactions (which is really kind of relevant).

[Link] [Comment]
16 Oct 22:11

Self-Regulated Learning as a Critical Attribute for Successful Teaching and Learning

files/images/1-s2.0-S0883035516301227-gr1.jpg

Darren H. Iwamoto, Jace Hargis, Richard Bordner, Pomaika'inani Chandler, International Journal for the Scholarship of
Teaching and Learning
, Oct 17, 2017


Icon

My worst year in university was my first and I studied like the students described in this article studied, by reading the text and my notes. In the summer before my third year I learned to approach it more methodically, taking these apart and reconstructing the knowledge from scratch (classic constructivism, I know). This is the sort of self-regulation described in this paper (12 page PDF). For example, "Self-regulated learning refers to learning that occurs largely from the influence of student’s self-generated thoughts, feelings, strategies, and behaviors, which are oriented toward the attainment of goals (Schunk & Zimmerman, 1998, p. viii)." This plus skill in clear journalistic writing developed at the student newspapers was the key to success and straight As by the time I graduated. The research in this paper lies mostly in documenting the inability of the students described to do this, but several promising lines of inquiry are suggested in the conclusion: would 'grit' promote self-regulation? Would presence? Is self-regulation influenced by cultural factors? Would an artificial tutor help? Image: Dörrenbächer and Perels.

[Link] [Comment]
16 Oct 22:10

Learning styles terminology: What is the researcher talking about?

files/images/Learning_Dimensions.PNG

Warren W. Lake, William E. Boyd, Wendy Boyd, International Journal for the Scholarship of Teaching and Learning, Oct 17, 2017


Icon

Despite the learning style sceptics, academic papers devoted to learning styles continue to appear. This paper (8 page PDF) serves the useful function of calling for people writing about learning styles to be clear about terminology and of describing and clarifying some learning approaches to learning styles in terms of their meaning, reproduction and orientation, "making inconsistencies appear to be less of an issue." They also seek clarity on whether the author thinks the dimension in question is fixed or changeable. All of this goes to show, I think, that thinking of 'learning styles' as a simple four-dimensional taxonomy used for differentiating instruction is narrow and unhelpful. We can look at factors related to intrinsic interest, the relation of ideas and evidence, the structure of critical reasoning processes, intention, and more. Additionally, "the author should, if possible, refer to an overarching term such as learning patterns or learning dimensions as suggested in this paper, and most importantly specify the model used if based on existing models, as well as the tradition to which the research has been most based." That should apply to critics as well as researchers.

[Link] [Comment]
16 Oct 22:10

Steve Wozniak just created his own online university

files/images/Woz.PNG

Mallory Locklear, Engadget, Oct 17, 2017


Icon

I'm thinking that this is exactly the opposite of what the world needs: "our goal is to identify and develop the most elite talent through our Online and Academy platforms and place them into the fastest growing, top technology companies around the world." This is the goal of Woz U, which will run this 'elite talent' through "an aggressive 12-16 month fully-immersive program" of "entrepreneur programs (and) how to finance and capital raise for start-ups." This seems to me to be more like brainwashing than education. This sham initiative is run through Exeter Education and is "considered" part of Southern Careers Institute (SCI).

[Link] [Comment]
16 Oct 22:08

Twitter Favorites: [DenimAndSteel] @sillygwailo And then Smartify as one that enhances your already-happening engagement. These are very cursory opinions of course.

Denim & Steel @DenimAndSteel
@sillygwailo And then Smartify as one that enhances your already-happening engagement. These are very cursory opinions of course.
16 Oct 22:08

Twitter Favorites: [DenimAndSteel] A Shazam for art feels like a long overdue idea, and a huge undertaking. Looking forward to trying this out. https://t.co/nrZ9GnObKJ

Denim & Steel @DenimAndSteel
A Shazam for art feels like a long overdue idea, and a huge undertaking. Looking forward to trying this out. dezeen.com/2017/10/08/new…
16 Oct 22:08

Twitter Favorites: [SnarkySteff] Dear TV manufacturers: Stop making speakers an afterthought. Not everyone/everywhere hooks it up to stereos, and your sound fucking sucks.

Steffani Cameron @SnarkySteff
Dear TV manufacturers: Stop making speakers an afterthought. Not everyone/everywhere hooks it up to stereos, and your sound fucking sucks.
16 Oct 22:08

Change of Times: Data over Voice to Voice over Data

by Martin

Recently, I reflected a bit over how fixed and mobile networks have evolved in the past 30 years, i.e. since the mid-1980s. For the first time I realized then that during that time frame, networks have been totally turned inside out.

Here’s what I mean:

In the 1980’s people had a telephone line at home and the only service running over it was voice. The network and the service were the same. Voice calling was a circuit switched service which means that a physical end to end connection was established between two parties by using switching matrices in switching centers to transparently connect two parties during a call

In the 1990’s the same circuit switched technique was still used for voice services. Digitized in the back end, yes, but still circuit switched. However, by that time, data modems had become very popular to connect to Bulletin Board Systems (BBS) or to an Internet service provider. Data to and from the other end was exchanged over modulated tones over the speech channel. In other words, voice and data services used the same underlying network.

In the 2000s, DSL became popular and for the first time, voice and data services were not using the same underlying network infrastructure anymore. While voice telephony continued to use a circuit switched network, Internet connectivity over DSL was using a packet switched form of transmission on the copper cable to the customer in a different frequency band from the voice channel. This was the decade of separation.

And now in the 2010s it is becoming more and more common that the so far circuit switched voice service is transitioned to a voice over IP service, e.g. fixed line IMS. This means that the copper cable to the subscriber is now just used by DSL and the frequency band so far used for the voice service has now also been taken over by DSL.

Let’s think about this for a moment: Back then the voice channel was used to transmit IP packets. Today, IP packets are used to transport a voice channel. A total reversal of roles in telecommunication with a step of total separation in between to two.

In the mobile world pretty much the same thing has happened as well: At first there was only telephony (GSM), followed by voice + circuit switched data (GSM + HSCSD). After that came the split into circuit and packet radio channels with GSM+GPRS and UMTS that had a circuit switched and packet switched radio component. And today there is LTE with Voice over LTE (VoLTE).

16 Oct 22:02

Writings from Communications Study @ SFU

by crow

During my time at the School of Communications in Simon Fraser University, I studied and wrote on a variety of different topics including cultural theory in advertising, affects of technology on communications, innovation theory as well as other traditional communications theory.  Below are some of the papers produced during that time.

16 Oct 22:02

Google Drops Its $20 USB-C to 3.5mm Adapter For The Pixel 2 to $9

by Rajesh Pandey
As if the lack of a headphone jack on the Pixel 2 and Pixel 2 XL was not already disappointing enough, Google also went ahead and priced the USB-C to 3.5mm adapter for the handsets at a steep $20. While the company will bundle one such adapter with the devices, most people are likely to lose them and hunt for replacement units soon after. Continue reading →
16 Oct 21:55

Razer’s new phone might have dual cameras and resemble the Nextbit Robin

by Sameer Chhabra

Just a few days after the phone’s internal specs leaked on GFXBench, details have now emerged about the Razer Phone’s externals.

The new leaks are courtesy of Slovak-language tech publication TechByte, which managed to get its hand on an alleged photo of the phone thanks to an anonymous source.

A purported image of the Razer Phone, sourced from TechByte

According to TechByte, Razer’s device will feature a 5.7-inch display, as well as dual rear cameras.

The photo also reveals circular side buttons — most likely volume controls — that bare a striking resemblance to the buttons on the Nextbit Robin.

Razer acquired Nextbit in January 2017.

Razer is set to unveil the new device on November 1st, 2017.

Source: TechByte

Header image courtesy of Flickr user Tobis.

The post Razer’s new phone might have dual cameras and resemble the Nextbit Robin appeared first on MobileSyrup.

16 Oct 21:55

LunaR smartwatch promises endless sun-powered battery life [Sticky or Not]

by Rose Behar

Despite being moon-themed, the LunaR smartwatch is a solar-powered wearable.

Aiming to solve one of the most frustrating elements of wearables — the need to take it off and charge it on a frequent, even daily, basis — the team behind LunaR developed a hybrid mechanical smartwatch.

Owing to a partnership with solar tech company, the company bills its device as the first to include an “invisible solar cell watch face.” LunaR says that with a daily exposure of one hour, or more than 10k LUX, the device’s solar panel can harvest enough power to deliver infinite battery life.

In case you reside mostly indoors in front of the glow of your laptop screen (same), LunaR says the smartwatch can still pick up charge from artificial or indoor light. You may want to move closer to a window, though. The company also includes a USB charger in its retail package — “just for emergencies!”

The watch, which connects via Bluetooth to an app on your smartphone, can track sleep and activities using its 3-axis accelerometer. It also features all the normal activity tracker functions, including phone notifications and alarms.

It works with iOS 10 and higher and Android 4.3 and higher, and is compatible with Apple Healthkit and Google Health.

The device also features waterproofing up to 5ATM (50 meters).

The gadget is currently up for pre-order through Kickstarter, starting at $158 CAD and promising a December 2017 delivery date.

Verdict: Sticky!

Infinite battery life? Sign me up.

I test quite a lot of wearables, and nothing would make me happier than not having to find a place to connect another fidgety little charger that’s apt to fall down or disconnect from the tracker at the slightest nudge.

If this tracker can truly provide the seamless continuous charge it promises, it’ll be the rare exception for wearables — offering sensible utility over entertaining gimmicks.

The post LunaR smartwatch promises endless sun-powered battery life [Sticky or Not] appeared first on MobileSyrup.

16 Oct 21:52

Why the CRA thought it could take a bite of your free lunch

mkalus shared this story .

In theory, employee discounts should be treated as compensation and taxed as if they were salary. In theory, this is a no-brainer.

After all, if your company gives you a $1 raise, you will pay, depending on where you live and which tax bracket you're in, up to 54 cents of that in provincial and federal income tax. What if your company, instead of giving you a raise, just gave you free merchandise? Should you pay no tax just because the pay was in kind, rather than in cash?

In theory, of course not. In theory, that $5 hamburger a fast-food worker got for free at the end of her shift should be taxed the same as if she got $5 on her paycheque.

Story continues below advertisement

And yet when the Canada Revenue Agency put out a tax interpretation that appeared to call for exactly that, pretty much everyone, including the Liberal government, said the CRA had got it wrong. And the CRA, though right in theory, did get it wrong. But it's important to spell out why.

It's especially important that the Liberal government gets it head around the practical problem with the CRA's plan. Doing so will help it figure out its next steps on its own much more sweeping proposals on small-business taxation – including understanding which it should push through, which it should soften, and why.

The idea of taxing income equally is at the heart of any idea of tax fairness. Unless we want to encourage the creation of tax loopholes, our tax system has to try to respect it. That's been the Liberal government's main argument in favour of its plans to close small-business tax loopholes, and it's a good place to start thinking about tax fairness.

Our tax code already says that if your employer gives you benefits as part of your employment, those are normally taxable. If you ask your boss to give you a $50,000 boat instead of a $50,000 salary, your ship won't come sailing in, tax-free. That loophole was closed long ago.

When I was a teenager, I worked as a waiter at several restaurants. (Highest-end joint: Red Lobster). Some offered a discounted meal at the end of a shift. These weren't treated as taxable benefits, but at first blush, you can see why the CRA concluded they should be. And then, at second and third blush, you start to realize why doing so might not make sense.

It comes down to a question of proportionality and reasonableness.

Take John, working in the kitchen at the neighbourhood Italian restaurant. At the end of his night, the restaurant sells him a $20 pasta and salad combo for half price. Operating under the guidelines the CRA originally proposed, did John get a $10 benefit from his employer? What if the restaurant claims it sold him the meal at cost, and lists his taxable benefit as $0? What if the restaurant decides to avoid the whole tax issue by simply giving him the meal under the table for free, and never even rings it up in the billing system?

Story continues below advertisement

Story continues below advertisement

There's an old Latin expression: De minimis non curat lex. The law should not concern itself with trifles. In theory, John's half-price meal is a benefit, and thus must be taxed. But figuring out how to extract an extra dollar or two of income tax out of John as a result of his discounted meal seems likely to turn into a very costly and complicated exercise, repeated a million times across the country, for little or no gain or even a negative return to society, which is its own type of unfairness.

Now consider Jane, who works as a manager at a major grocery chain. Let's say that as part of her compensation, her employer decides to give her $500 a week of free groceries. That's $26,000 of free groceries a year.

Should she have to pay tax on that employee benefit? Yes she should, and yes she will. The CRA already taxes major employee benefits, like a car allowance or free parking (with a few exceptions such as health and dental coverage). Aside from that, the principle of treating cash payments and in-kind benefits as equally taxable is generally upheld, at least when the perk is large and easy to spot.

But when what's at issue is small, the same principle is often ignored, and understandably so. The question of where to draw the line – what's a big enough breach to be taxed and what's peripheral enough to be better off left alone – comes down to whether the benefit to society of that extra dollar in tax revenue outweighs the costs imposed on taxpayers in collecting it.

That's the equation the Liberals have to consider as they refine their small-business tax proposals.

When tax law goes after tax trifles, it's likely to create a whole new set of problems, which will themselves require a future fix. As carpenters say, measure twice, cut once.

Story continues below advertisement

16 Oct 21:51

Weinstein's actions are revolting – but don't tell me all men are to blame

mkalus shared this story .

As the hours pass, and fresh, grisly details emerge regarding the Harvey Weinstein sex scandal, I feel strangely compelled – and highly pressurised – to apologise for the inexcusable actions of a Hollywood exec I've never met.

Why? Simple because I am a man.

In the age of social media, for a man to not immediately condemn a sexual predator is to imply that he is, at least in part, OK with that monster's actions.

So, for the record, let me say as clear as day: I do not endorse the actions of Harvey Weinstein. Of course I don't. The stories we are hearing are awful, the undercover audio tape that emerged yesterday of him admitting sexual assault makes my skin crawl, and if proven guilty in a court of law of the allegations of rape that have been made, you can chuck Weinstein in a cell and throw away the key for all I care. I’ll be cheering along with you.

14 Oct 02:05

Cheep-Cheep

by Reza
mkalus shared this story from Poorly Drawn Lines.

14 Oct 02:05

Police Spinner from Blade Runner 2049 by George Hull

by Igor Tkac (noreply@blogger.com)
mkalus shared this story from concept ships.

George Hull.










Keywords: spinner flying automobile vehicle digital concept illustration design for th emovie blade runner 20498 by george hull
13 Oct 23:46

Wheels, Rustines, and Bullmoose Restock

by noreply@blogger.com (VeloOrange)
By Scott

We just got in some grippy bits, some rolly hoozits, and some fancy bars - Rustines, complete wheels, and Fairweather Bullmoose bars. The last couple of days has seen a variety of product land here at VO HQ, and we love it.

We got a resupply of wheels on Wednesday - more fixed wheel sets, 126 mm rear wheels, and Diagonale 700C wheels are back in stock.


Supplementary inventory of Rustines product arrived Thursday. The perennially popular Campy Gum Hoods. are back in stock. We've been told by many customers that the Campy Hoods also work well for Modolo levers.

Derek checking Rustines 
An addition to their line up this month is constructeur bar plugs in yellow.                                              
Finally, the long awaited return of Fairweather Bullmoose bars, both Silver and Black, rounded out a busy week for our receiving department.


We also got a sample of a Rustines "FUBAR" Cap. We think the black is pretty sharp, what do you think?


13 Oct 23:46

The scale of tech winners

by Benedict Evans

We all know, I think, that there are now far more smartphones than PCs, and we all know that there are far more people online now than there used to be, and we also, I think, mostly know that big tech companies today are much bigger than the big tech companies of the past. It’s useful, though, to put some real numbers on that, and to get a sense of use how much the scale has changed, and what that means.

Slide1.png
Slide2.png
Slide3.png

So, the four leading tech companies of the current cycle (outside China), Google, Apple, Facebook and Amazon, or ‘GAFA’, have together over three times the revenue of Microsoft and Intel combined (‘Wintel’, the dominant partnership of the previous cycle), and close to six times that of IBM. They have far more employees, and they invest far more. (Once can of course quibble with the detail of this - the business models are different and the global scale is different. But scale is scale.)

This change is even more striking if you shift the timeline. If you compare GAFA in their current dominance with Wintel in their period of dominance, you see not a 3x difference in scale but a 10x difference. Being a big tech company means something different now to in the past.

Screen Shot 2017-10-12 at 2.01.30 PM.png

Scale means these companies can do a lot more. They can make smart speakers and watches and VR and glasses, they can commission their own microchips, and they can think about upending the $1.2tr car industry. They can pay more than many established players for content - in the past, tech companies always talked about buying premium TV shows but didn’t actually have the cash, but now it’s part of the marketing budget. Some of these things are a lot cheaper to do than in the past (smart speakers, for example, are just commodity smartphone components), but not all of them are, and the ability to do so many large experimental projects, as side-projects, without betting the company, is a consequence of this scale, and headcount.

On the other hand, that the market is big enough for four tech giants, not just one (Wintel) partnership, means we have four companies aggressively competing and cooperating with each other, and driving each other on, and each trying somehow to commoditise the others’ businesses. None of them quite pose a threat to the others’ core - Apple won’t do better search than Google and Amazon won’t do better operating systems than Apple. But the adjacencies and the new endpoints that they create do overlap, even if these companies get to them from different directions, and as consumers we all benefit. If I want a smart speaker, I can choose from two with huge, credible platforms behind them today, and probably four in six months, each making them for different reasons with different philosophies. No-one applied that kind of pressure to Microsoft.

How do the mice do when there are four elephants fighting it out? As we saw with first GoPro and now perhaps Sonos, if you’re riding the smartphone supply chain cornucopia but can’t construct a story further up the stack, around cloud, software, ecosystem or network effects, you’re just another commodity widget maker. And the aggressive competition in advertising products from Google, Facebook and now to some extent Amazon has taken a lot of the oxygen away from anyone else.

Screen Shot 2017-10-12 at 2.00.38 PM.png

Looking beyond the scale and the network effects, though, there’s a difference in character. Google, Facebook and Amazon are still controlled by their founders, and they’re aggressive street fighters. All of these companies have the benefit of twenty years more history - they saw what happened to Microsoft, and Yahoo, and AOL, and MySpace. So, they will disrupt themselves, and they will act. The shift to mobile was a fundamental structural threat that unbundled Facebook - the founder spent over 10% of the company to buy the most successful unbundlers and, as importantly, didn’t smother them after he’d bought them, unlike most large acquirers of disruptive companies. Just as index funds don’t work if everyone’s an index fund, you could propose that ‘Disruption’ doesn’t work if everyone’s read the book, and everyone has. This, to repeat, is compounded by scale, both for strategic shifts (such as chips) and for people: the big tech companies have hired a huge proportion of the stock of academic machine learning researchers in the last few years, paying huge (cash!) salaries and offering both freedom and the chance to deploy something real to billions of people. Not everyone takes the money (Evan Spiegel didn’t), but not every engineering or product genius wants to be an entrepreneur and sleep like a baby - to wake up every hour and scream.

That is, the new platforms have created unprecedented opportunities - 3bn smartphone users today are an unprecedented ‘white space’ for company creation. But they often expand into that space themselves, both on their own platform (an old problem, of course, seen at Microsoft in the past), and using their leverage to try to seize any new white space that opens up and may be a threat (Facebook buying WhatsApp and Instagram and trying to squash Snap). These impulses are not new: Microsoft was hardly a friendly competitor and Intel’s Andy Grove famously said that only the paranoid survive, but the ability to act on them is different - GAFA can do more and much bigger things than Microsoft ever could. My colleague Chris Dixon calls them ‘super-evolved organisms’ - they’re arguably more aware of where threats may come from, and certainly more able to respond.

On the other hand, both in tech and the broader economy, large, dominant companies don’t last. You lose the market or the market becomes irrelevant. Nokia had close to half of the mobile handset market a decade ago and lost it all; IBM still has the mainframe market but no-one cares. Few people can predict where the change will come from, but it does come. GAFA are very visibly conscious of that - Google experiments with everything, Apple is working on cars and mixed reality, and Facebook bought not just Instagram and WhatsApp but Oculus. But then, Microsoft was working on smartphones and mobile devices 20 years ago, and now it’s killed Windows Mobile, acknowledged that the PC is going the way of the mainframe and, like IBM, has to make its way in a market shaped by other companies. There probably won’t be a technology that has 10x greater scale than smartphones, as mobile was 10x bigger than PCs and PCs were bigger than mainframes, simply because 5bn people will have smartphones and that’s all the (adult) people. There will be something, though, and though ’something will change, but we don’t know what’ is an unfalsifiable point, so is ‘nothing will change’, and I know which side of that argument I find more likely.   

13 Oct 23:46

The next hardware-ish coffee morning is next Thursday

My Dearest Droogs,

Let's have a hardware-ish coffee morning! Soon!

Thursday 19 October, 9.30am for a couple of hours, at the Book Club, 100 Leonard St.

I'll be back from my travels, moderately jetlagged, and in no state to conduct linear conversations. So it will be especially important to (a) talk to everyone else who comes (they're always really friendly); and, (b) poke me in the ribs if you see me nodding off.

Usual rules: we don't do intros; everyone talks to everyone else; you order coffee from the counter and please don't forget to pay otherwise the staff get confused; bring a prototype if you have one; actually working with hardware IS NOT A requirement, you just have to be curious. Here's what happened last time.

Might be 5 people, might be 25. If you're a startup and want to ask me about the new R/GA IoT Venture Studio, I am happy to chat.

(Also posted to the coffee morning announce list to which you should subscribe for future updates.)

13 Oct 23:46

Samsung Electronics CEO Kwon Oh-Hyun To Step Down

Samsung Electronics CEO Kwon Oh-Hyun To Step Down:

More on the difficulties of finding low risk, high reward strategies in business these days, and the challenge of finding new ideas:

Samsung Electronics Co Ltd said on Friday its CEO and vice chairman Kwon Oh-hyun had decided to step down from management, as it forecast record third-quarter profits on the back of soaring memory chip prices. The surprise resignation comes as Kwon was expected to take a bigger role following the arrest of Samsung Group scion and heir apparent Jay Y Lee in February on bribery charges, and the departures of other key executives.

“I believe the time has come for the company to start anew with new sprit and young leadership to better respond to challenges,” Kwon, who is seen as Samsung Group No. 2, said in a statement.

“We are fortunately making record earnings right now, but this is the fruit of past decisions and investments; we are not able to even get close to finding new growth engines by reading future trends right now.

Some interpreted this post as a criticism of the departing CEO, but I intended it to also serve as a nod in the direction of the difficulties in discovering new ideas. 

13 Oct 23:46

Software complexity may doom us

The latent complexity of software systems means they will fail, and as the famous corollary to Murphy’s Law has it, they will fail at the worst possible time, with the largest possible consequences:

James Somers | The Coming Software Apocalypse

it’s been said that software is “eating the world.” More and more, critical systems that were once controlled mechanically, or by people, are coming to depend on code. This was perhaps never clearer than in the summer of 2015, when on a single day, United Airlines grounded its fleet because of a problem with its departure-management system; trading was suspended on the New York Stock Exchange after an upgrade; the front page of The Wall Street Journal’s website crashed; and Seattle’s 911 system went down again, this time because a different router failed. The simultaneous failure of so many software systems smelled at first of a coordinated cyberattack. Almost more frightening was the realization, late in the day, that it was just a coincidence.

We will soon have to hand over programming to AI, because people just aren’t very good at it, and the systems we are building are increasing in complexity on an exponential basis, and we can’t even scale linearly.

13 Oct 23:41

Why I’m Using Bitmarks on my Products

by bunnie

One dirty secret of hardware is that a profitable business isn’t just about design innovation, or even product cost reduction: it’s also about how efficiently one can move stuff from point A to B. This explains the insane density of hardware suppliers around Shenzhen; it explains the success of Ikea’s flat-packed furniture model; and it explains the rise of Amazon’s highly centralized, highly automated warehouses.

Unfortunately, reverse logistics – the system for handling returns & exchanges of hardware products – is not something on the forefront of a hardware startup’s agenda. In order to deal with defective products, one has to ship a product first – an all-consuming goal. However, leaving reverse logistics as a “we’ll fix it after we ship” detail could saddle the venture with significant unanticipated customer support costs, potentially putting the entire business model at risk.

This is because logistics are much more efficient in the “forward” direction: the cost of a centralized warehouse to deliver packages to an end consumer’s home address is orders of magnitude less than it is for a residential consumer to mail that same parcel back to the warehouse. This explains the miracle of Amazon Prime, when overnighting a pair of hand-knit mittens to your mother somehow costs you $20. Now repeat the hand-knit mittens thought experiment and replace it with a big-screen TV that has to find its way back to a factory in Shenzhen. Because the return shipment can no longer take advantage of bulk shipping discounts, the postage to China is likely more than the cost of the product itself!

Because of the asymmetry in forward versus reverse logistics cost, it’s generally not cost effective to send defective material directly back to the original factory for refurbishing, recycling, or repair. In many cases the cost of the return label plus the customer support agent’s time will exceed the cost of the product. This friction in repatriating defective product creates opportunities for unscrupulous middlemen to commit warranty fraud.

The basic scam works like this: a customer calls in with a defective product and gets sent a replacement. The returned product is sent to a local processing center, where it may be declared unsalvageable and slated for disposal. However, instead of a proper disposal, the defective goods “escape” the processing center and are resold as new to a different customer. The duped customer then calls in to exchange the same defective product and gets sent a replacement. Rinse lather repeat, and someone gets rich quick selling scrap at full market value.

Similarly, high-quality counterfeits can sap profits from companies. Clones of products are typically produced using cut-rate or recycled parts but sold at full price. What happens when customers then find quality issues with the clone? That’s right – they call the authentic brand vendor and ask for an exchange. In this case, the brand makes zero money on the customer but incurs the full cost of supporting a defective product. This kind of warranty fraud is pandemic in smart phones and can cost producers many millions of dollars per year in losses.


High-quality clones, like the card on the left, can cost businesses millions of dollars in warranty fraud claims.

Serial numbers help mitigate these problems, but it’s easy to guess a simple serial number. More sophisticated schemes tie serial numbers to silicon IDs, but that necessitates a system which can reliably download the serialization data from the factory. This might seem a trivial task but for a lot of reasons – from failures in storage media to human error to poor Internet connectivity in factories – it’s much harder than it seems to make this happen. And for a startup, losing an entire lot of serialization data due to a botched upload could prove fatal.

As a result, most hardware startups ship products with little to no plan for product serialization, much less a plan for reverse logistics. When the first email arrives from an unhappy customer, panic ensues, and the situation is quickly resolved, but by the time the product arrives back at the factory, the freight charges alone might be in the hundreds of dollars. Repeat this exercise a few dozen times, and any hope for a profitable run is rapidly wiped out.

I’ve wrestled with this problem on and off through several startups of my own and finally landed on a solution that looks promising: it’s reasonably robust, fraud-resistant, and dead simple to implement. The key is the bitmark – a small piece of digital data that links physical products to the blockchain.

Most people are familiar with blockchains through Bitcoin. Bitcoin uses the blockchain as a public ledger to prevent double-spending of the same virtual coin. This same public ledger can be applied to physical hardware products through a bitmark. Products that have been bitmarked can have their provenance tracked back to the factory using the public ledger, thus hampering cloning and warranty fraud – the physical equivalent of double-spending a Bitcoin.

One of my most recent hardware startups, Chibitronics has teamed up with Bitmark to develop an end-to-end solution for Chibitronics’ newest microcontroller product, the Chibi Chip.

As an open hardware business, we welcome people to make their own versions of our product, but we can’t afford to give free Chibi Chips to customers that bought cut-rate clones and then report them as defective for a free upgrade to an authentic unit. We’re also an extremely lean startup, so we can’t afford the personnel to build a full serialization and reverse logistics system from scratch. This is where Bitmark comes in.

Bitmark has developed a turn-key solution for serialization and reverse logistics triage. They issue us bitmarks as lists of unique, six-word phrases. The six-word phrases are less frustrating for users to type in than strings of random characters. We then print the phrases onto labels that are stuck onto the back of each Chibi Chip.


Bitmark claim code on the back of a Chibi Chip

We release just enough of these pre-printed labels to the factory to run our authorized production quantities. This allows us to trace a bitmark back to a given production lot. It also prevents “ghost shifting” – that is, authorized factories producing extra bootleg units on a midnight shift that are sold into the market at deep discounts. Bitmark created a website for us where customers can then claim their bitmarks, thus registering their product and making it eligible for warranty service. In the event of an exchange or return, the product’s bitmark is updated to record this event. Then if a product fails to be returned to the factory, it can’t be re-claimed as defective because the blockchain ledger would evidence that bitmark as being mapped to a previously returned product. This allows us to defer the repatriation of the product to the factory. It also enables us to use unverified third parties to handle returned goods, giving us a large range of options to reduce reverse logistics costs.

Bitmark also plans to roll out a site where users can verify the provenance of their bitmarks, so buyers can check if a product’s bitmark is authentic and if it has been previously returned for problems before they buy it. This increases the buyer’s confidence, thus potentially boosting the resale value of used Chibi Chips.

For the cost and convenience of a humble printed label, Bitmark enhances control over our factories, enables production lot traceability, deters cloning, prevents warranty fraud, enhances confidence in the secondary market, and gives us ample options to streamline our reverse logistics.

Of course, the solution isn’t perfect. A printed label can be peeled off one product and stuck on another, so people could potentially just peel labels off good products and resell the labels to users with broken clones looking to upgrade by committing warranty fraud. This scenario could be mitigated by using tamper-resistant labels. And for every label that’s copied by a cloner, there’s one victim who will have trouble getting support on an authentic unit. Also, if users are generally lax about claiming their bitmark codes, it creates an opportunity for labels to be sparsely duplicated in an effort to ghost-shift/clone without being detected; but this can be mitigated with a website update that encouraging customers to immediately register their bitmarks before using the web-based services tied to the product. We also have to exercise care in handling lists of unclaimed phrases because, until a customer registers their bitmark claim phrase in the blockchain, the phrases have value to would-be fraudsters.

But overall, for the cost and convenience, the solution outperforms all the other alternatives I’ve explored to date. And perhaps most importantly for hardware startups like mine that are short on time and long on tasks, printing bitmarks is simple enough for us to implement that it’s hard to justify doing anything else.

Disclosure: I am a technical advisor and shareholder of Bitmark.

13 Oct 23:27

Dangers of CSV injection

by Nathan Yau

George Mauer highlights how a hacker might access other people’s data by putting an equal sign in a CSV file, so that an import to Microsoft or Google Sheets runs a value as a formula, even if it’s quoted as a string.

The attacker starts the cell with their trusty = symbol prefix and then points IMPORTXML to a server they control, appending as a querystring of spreadsheet data. Now they can open up their server log and bam! Data that isn’t theirs. Try it yourself with a Requestb.in.

The ultra sinister thing here? No warnings, no popups, no reason to think that anything is amiss. The attacker just enters a similarly formatted time/issue/whatever entry, eventually an administrator attempts to view a CSV export and all that limited-access data is immediately, and queitly sent away.

Oh goody.

Tags: csv, security