Episode 571 – Aussie Tech Heads Shownotes

posted in: Show Notes

Google to debut emails that automatically update in Gmail

Gmail is about to get dynamic. Google unveiled plans to demonstrate a software programming system that would enable emails to feature continuously updating information and greater interactivity.

Users could see automatically updated flight information in a booking confirmation email. They could fill out surveys without leaving a message or review close-up shots of products in a marketing pitch without opening a browser window.


The initial version is aimed at bulk senders. A retailer, for example, that sends a weekly sales notice could ensure that recipients see the current price or availability of an item no matter when the email is opened.



Apple iPhone source code leaks on GitHub


The purported iPhone operating system code was posted on code-sharing site GitHub and was reportedly removed after a request from Apple that cited copyright law.

Apple filed a Digital Millennium Copyright Act (DMCA) notice, indicating it had been “injured by a violation of the US Copyright laws” and forcing GitHub to remove the code.

The move by Apple would seem to confirm the authenticity of the code.


According to the DMCA notice filed by Apple, the leaked content was “reproduction of Apple’s ‘iBoot’ source code, which is responsible for ensuring trusted boot operation of Apple’s iOS software.

“The ‘iBoot’ source code is proprietary and it includes Apple’s copyright notice. It is not open-source.”

The so-called iBoot source code is involved in securely booting up iPhones, and was actually a part of iOS 9 – although it’s likely to still be a part of the current version of iPhone operating system software, iOS 11, according to Motherboard.


Google sued for “knowingly” selling faulty Pixel and Pixel XL phones


The class action complaint was filed this week, with plaintiffs alleging that Google was already aware the microphones in its first Pixel line-up were defective before they went on sale, and claim Google continued to sell defective phones amid widespread grievances right after launch.

Google originally acknowledged the Pixel phones’ microphone issues in March 2017 when an employee on Google’s support forums said the problems were due to “a hairline crack in the solder connection on the audio codec”. He also noted that the issue can come and go depending on the temperature of the phone or how it is held in the hand.


The second iteration of Pixel phones also experienced problems. In October last year, some Pixel 2 XL users reported a number of issues right after launch, including faded colours and images burnt into the screen.

Some users also reported that their screens had suddenly developed a blue tint, while others complained of a “black bleed”, where the black edges of images would linger as you swiped up and down.

There were also reports that sound levels were dramatically reduced when sent through some messaging platforms including Google Allo, WhatsApp, Instagram and Telegram.

Although Google said it was working on rectifying the issue and hoping to address it through a patch, it was yet another upset for owners of a device plagued with problems since its release.

Nevertheless, in response to Pixel 2 complaints, Google extended customers’ standard warranties to two years.



Search tool accesses firms’ documents in the cloud



A website created by anonymous hackers has been launched that allows anyone to search for sensitive data stored in the cloud.

Buckhacker is a tool that trawls servers at Amazon Web Services (AWS), a popular cloud computing platform.


Exposed data has been found on it before, but Buckhacker makes searching for it much easier.

The name comes from the fact that AWS Simple Storage Servers (S3) are known as “buckets” – this is the part of AWS that Buckhacker accesses.

Buckhacker went offline “for maintenance”, though it had previously been working allowing a number of cyber-security experts to explore it.

“We went online with the alpha version [too] early,” said a Twitter account associated with the Buckhacker site.

Security expert Kevin Beaumont told the BBC: “It’s a goldmine of stuff which shouldn’t be public.”



Twitter posts its first quarterly profit as ad sales rise


Twitter has reported its first quarterly net profit helped by a rise in video advertising sales.



Twitter’s previous failure to make a profit had confounded investors given its widespread use and popularity among celebrities and politicians.

Net profit was $91.1m (£65m) in the fourth quarter of 2017, compared with a loss of $167.1m for the same period a year ago.

Twitter, which has posted consistent losses since it became a public company in 2013, said it expected to be profitable for the full year of 2018 as well.


The company has found success with video and other changes, deepening the experiences on offer, James Erkine, director at marketing firm The Social Circle, told the BBC.


The firm’s shares were trading around $32 per share in mid-morning trade.


Chrome 68 to condemn all unencrypted sites by summer

Google in July will start inserting a ‘not secure’ label in the address bar of every website that uses HTTP connections between its servers and use


Google has put a July deadline on a 2016 promise that its Chrome browser would tag all websites that don’t encrypt their traffic.

“Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as ‘not secure,'” wrote Emily Schechter, a Chrome security product manager


Sites that instead rely on HTTPS to encrypt the back-and-forth traffic will display their URLs normally in the address bar.


Users can enable Chrome’s new HTTP tagging now by typing chrome://flags in the address bar, then finding the item described as “Mark non-secure origins as non-secure.” Selecting “Enable (mark with a Not Secure warning)” and relaunching Chrome replicates what Chrome 68 will display after Google sets that option as the default. Choosing “Enable (mark as actively dangerous)” displays the red icon as well.


Facebook’s two-factor authentication system auto-posts replies on your profile

Facebook’s two-factor authentication (2FA) system has come under fire today for some bizarre design elements that seem to have gone largely unnoticed for quite some time. Bay Area software engineer Gabriel Lewis noticed earlier this week that Facebook was using the same phone number he used for 2FA, which offers a more secure way to log into an online account by asking for secondary confirmation of the user’s identity, to notify him about friends’ posts.

Even worse, it seems that replying to this message with any message, such as “Please stop,” auto-posts that message to your Facebook profile. (It doesn’t cause the messages to stop, either.) The Verge confirmed that this behavior occurs with any reply to a Facebook 2FA text message, and other users have popped up on Twitter to say both Facebook and Instagram have spammed them with notifications to their 2FA phone number. In Lewis’ case, he says he never opted in to notifications via text messaging in the first place.

Lewis’ case gained steam today when prominent technology critic and sociologist Zeynep Tufekci tweeted about it in a series of harsh criticisms of Facebook and its behavior regarding alleged “juicing” of its user engagement metrics:

There’s a legal layer to this situation, as well. Facebook is currently embroiled in a number of class-action lawsuits over alleged violations of the Telephone Consumer Protection Act, or TCPA, which states that no company may contact you via text without being given express permission first. In those past cases, Facebook was spamming users with birthday reminder text messages and other automated spam, even when users opted out of text message notifications or had never given Facebook their phone number.

It is unclear whether this more recent behavior is a bug, though the auto-posting feature certainly looks like one. If the company is indeed intentionally using 2FA phone numbers to lure users back to Facebook without getting those users’ express user consent, it could open the company up to lawsuits.

In a statement, a Facebook representative did not address whether the auto-posting of replies was intentional or a bug. (The Verge is seeking clarification on this matter.) The company also says that it’s looking into the text notification issue, and that it’s 2FA system can be used with a code generator if any user does not wish to provide a phone number. “We give people control over their notifications, including those that relate to security features like two-factor authentication. We’re looking into this situation to see if there’s more we can do to help people manage their communications,” the statement reads. “Also, people who sign up for two-factor authentication using a U2F security key and code generator do not need to register a phone number with Facebook.”



Don’t use Huawei phones, say heads of FBI, CIA, and NSA


The heads of six major US intelligence agencies have warned that American citizens shouldn’t use products and services made by Chinese tech giants Huawei and ZTE. According to a report from CNBC, the intelligence chiefs made the recommendation during a Senate Intelligence Committee hearing on Tuesday. The group included the heads of the FBI, the CIA, the NSA, and the director of national intelligence.

During his testimony, FBI Director Chris Wray said the the government was “deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks.” He added that this would provide “the capacity to maliciously modify or steal information. And it provides the capacity to conduct undetected espionage.”

These warnings are nothing new. The US intelligence community has long been wary of Huawei, which was founded by a former engineer in China’s People’s Liberation Army and has been described by US politicians as “effectively an arm of the Chinese government.” This caution led to a ban on Huawei bidding for US government contracts in 2014, and it’s now causing problems for the company’s push into consumer electronics.

Although Huawei started life as a telecoms firm, creating hardware for communications infrastructure, the company’s smartphones have proved incredibly successful in recent years. Last September, it even surpassed Apple as the world’s second biggest smartphone maker, behind Samsung.


But the company has never been able to make inroads in the lucrative American market, a failure which is in part due to hostility from the US government. Last month, Huawei planned to launch its new Mate 10 Pro flagship in the US through AT&T, but the carrier pulled out of the deal at the last minute, reportedly due to political pressure. The decision prompted Huawei’s CEO Richard Yu to go off-script during a speech at CES, describing the move as a “big loss” for the company, but a bigger loss for consumers.

Huawei is still trying to sell the Mate 10 Pro unlocked in the US, but this effort seems to have pushed the company to desperate measures — including getting users to write fake reviewsfor the handset.

US lawmakers are currently considering a bill that would ban government employees from using Huawei and ZTE phones altogether. During Tuesday’s hearing, Republican Senator Richard Burr, chairman of the Senate Intelligence Committee, said: “The focus of my concern today is China, and specifically Chinese telecoms like Huawei and ZTE, that are widely understood to have extraordinary ties to the Chinese government.”

In response to these comments, a spokesperson for Huawei told CNBC: ”Huawei is aware of a range of U.S. government activities seemingly aimed at inhibiting Huawei’s business in the U.S. market. Huawei is trusted by governments and customers in 170 countries worldwide and poses no greater cybersecurity risk than any ICT vendor, sharing as we do common global supply chains and production capabilities.”



Facebook’s ‘Protect’ feature on iOS essentially installs spyware on iPhone and iPad


Facebook is rolling out a new security feature called Protect to many users of its iOS app. While the name might make unknowing users feel good about installing the associated free app, the Facebook owned VPN is designed to collect and analyze user data to “improve Facebook products and services.”

As reported by TechCrunch, Facebook purchased the security software company Onavo back in 2013. It is the Facebook owned Onavo Protect iOS app that is linked to in the Facebook iOS app settings under the “Protect” label.

While the VPN app is designed to give users “peace of mind” and “an added layer of security” by routing your web browsing through its servers, the company also analyzes and collects users data to improve its services as well as Facebook’s products and services.

After a paragraph about the protection that Onavo provides and some bullet points on how the service works, the company states that it is essentially spyware, which is buried beneath the read more link on both the iOS App Store and the web.

To provide this layer of protection, Onavo uses a VPN to establish a secure connection to direct all of your network communications through Onavo’s servers. As part of this process, Onavo collects your mobile data traffic. This helps us improve and operate the Onavo service by analyzing your use of websites, apps and data. Because we’re part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences.

While some users may feel okay about trading their privacy for a free VPN client, many users are likely unaware that Onavo Protect is specialized spyware for Facebook, and may feel misled by the marketing of the app in Facebook’s settings and on the App Store.

TechCrunch reports that there are an estimated 33 million users who have Onavo Protect installed, with 38% being on iOS and the remaining 62% on Android.