Year: 2018

Although this isn’t a stationery news site (how I should like that!), the latest collection from Moleskine is Mario-related, so technically I can write about it. There’s even a phone case and a rolltop backpack!

It’s pretty much exactly what you expect: the usual solid Moleskine notebooks with a Nintendo flourish. They’re all Mario -related, but have different styles: a cartridge and Game Boy for the pocket-size notebooks, and stylized NES graphics on the larger ones. Unfortunately there’s no planner (hint hint, Moleskine).

“It’s a newstalgic mixture of contemporary technology and timeless paper,” reads the press release. “Nostalgic” already implies both new and old so there’s no need for a portmanteau, and a Game Boy isn’t exactly “contemporary,” but they got the paper thing right.

Actually, the notebooks have some pretty dope detailing. The small ones are embossed with cartridge ridges and Game Boy controls. All of them have internal illustrations and come with a sticker pack.

I would have loved to have these in the old days, though some SMB3 gear would probably have been more timely.

In addition to the notebooks, there’s a solid-looking, candy-red phone case that you can only get in stores and a truly backpack. Look at these details (click for the gallery):

[gallery ids="1676828,1676829,1676827,1676831,1676830"]

Wear that at E3 and people will bow down. Well, it’s better than carrying around a giant swag bag from Atlus, anyway.

You can buy everything but the phone case online; you’ll have to find Moleskine dealers to get that for some reason.

When you’re a company the size of Facebook with more than two billion users on millions of servers, running thousands of configuration changes every day involving trillions of configuration checks, as you can imagine, configuration is kind of a big deal. As with most things with Facebook, they face scale problems few companies have to deal and often reach the limits of mere mortal tools.

To solve their unique issues, the company developed a new configuration delivery process called Location Aware Delivery or LAD for short. Before developing LAD, the company had been using an open source tool called Zoo Keeper to distribute configuration data, and while that tool worked, it had some fairly substantial limitations for a company the size of Facebook.

Perhaps the largest of those was being limited to 5 MB distributions with configurations limited to 2500 subscribers at a time. To give you a sense of how configuration works, it involves delivering a Facebook service like Messenger in real time with the correct configuration. That could mean delivering it in English for one user and Spanish for another, all on the fly across millions of servers.

Facebook wanted to create a tool that overcame those limitations, separated the data from the distribution mechanism, had a latency time of less than five seconds and supported 10X more files than Zoo Keeper. Oh yes, and it wanted all of that to run on millions of clients and handle the crazy update rates and traffic spikes that only Facebook could bring to the table.

The product the Facebook engineering team created, LAD (wonder how the Dodgers feel about this), consists of a couple of parts: A proxy that sits on every single machine in the Facebook family and delivers configuration files to any machine that wants or needs one. The second piece is a distributor, which as the name implies delivers configuration information. It achieves this by checking for new updates, and when it finds them, it creates a distribution tree for a set of machines, which are looking for an update.

As Facebook’s Ali Haider-Zaveri wrote in a blog post announcing the new distribution method, the tree methodology helps solve a number of problems Facebook faced when distributing configuration updates at extreme volume. “By leveraging a tree, LAD ensures that updates are pushed only to interested proxies rather than to all machines in the fleet. In addition, a parent machine can directly send updates to its children, which ensures that no single machine near the root is overwhelmed,” Haider-Zaveri wrote.

As for those limitations, the company has been able to overcome those too. Instead of a 5 MB update limit, they have increased it to 100 MB, and instead of 2500 user limit, they have increased it to 40,000.

Such a system didn’t come easily. It required testing and retesting, but it has reached production today — at least for now, until Facebook faces another challenge and finds a new way to do things nobody considered before (because they never reached the scale of Facebook).

Yet again we are reminded that the mild conveniences of the smart home are all well and good, right up until someone decides to turn one of those Wi-Fi-connected things you invited in against you.

But you probably didn’t think it was going to be the vacuum, did you?

Two researchers with enterprise security company Positive Technologies discovered vulnerabilities affecting the Dongguan Diqee 360 line of robotic vacuum cleaners and have shared details of the security flaw. The vacuum cleaners, manufactured by Chinese smart home manufacturer Diqee, are equipped with Wi-Fi and a 360-degree camera for a mode known as “dynamic monitoring” that turns the machine into a home surveillance device. The camera is probably what you need to be worried about.

The remote code vulnerability, known as CVE-2018-10987, can give an attacker who obtains the device’s MAC address system admin privileges. According to the report, the vulnerability is contained within the REQUEST_SET_WIFIPASSWD function and exploiting it requires authentication, though a default username and password combo is common (admin/888888).

The researchers suspect that the vulnerability in the Dongguan Diqee 360 robotic vacuum model might affect other products sharing the video module, including outdoor surveillance video cameras, smart doorbells and DVRs. Diqee also manufactures vacuums sold under other brands, as well, and researchers suspect that those devices would also be affected by the vulnerability.

Positive Technologies noted a second vulnerability, known as CVE-2018-10988, also affects the vacuum model, though it requires physical access through the SD card slot to compromise the machine.

The vacuum does come equipped with a privacy protection cover — a physical barrier for the camera that “solves the privacy leakage from hardware” according to the manufacturer. Positive Technologies informed the manufacturer of the vulnerability, although no information is available yet about a patch. TechCrunch reached out to Diqee about the vulnerability but had not heard back at the time of writing.

“Like any other IoT device, these robot vacuum cleaners could be marshalled into a botnet for DDoS attacks, but that’s not even the worst-case scenario, at least for owners,” Positive Technologies Cybersecurity Lead Leigh-Anne Galloway said.

“Since the vacuum has Wi-Fi, a webcam with night vision, and smartphone-controlled navigation, an attacker could secretly spy on the owner and even use the vacuum as a ‘microphone on wheels’ for maximum surveillance potential.”

Arrivo, the upstart high-speed mass transit technology developer launched by a former co-founder of Hyperloop One, has inked a massive partnership with a Chinese state-owned infrastructure developer to help finance mobility projects around the world.

Genertec America, an affiliate of the China National Technical Import and Export Corp., which is a wholly-owned subsidiary of the General Technology Group Holding Co., has agreed to put up a $1 billion credit line to finance projects anywhere in the world that will use Arrivo’s technology.

“Arrivo provides a unique solution for regional mobility and a great complement to high speed rail and airports. We are excited to be an early partner in the deployment of mobility systems utilizing Arrivo’s transformative technology,” said Yalin Li, President of Genertec America, in a statement. “We look forward to many opportunities to build this new mode of transportation in regions around the world.”

Working with a Chinese infrastructure developer may be both a blessing and a curse for Arrivo. China’s infrastructure loans have come under fire from U.S. government officials, who accuse the Chinese government of saddling countries with overwhelming loads of debt so they can seize strategic assets. And the Chinese government is working to curb profligate spending on unnecessary infrastructure projects domestically — which could impact how it deploys capital abroad.

“None of these projects will be on our balance sheet. We will be the technology vendor to the project owner, so final financing terms will be between Genertec and project owner,” Arrivo chief executive Brogan BamBrogan explained via text. “They are excited because they see the true potential of operationally profitable transportation/mobility projects – which is extremely rare today (perhaps doesn’t even exist).”

The news comes on the same day that Hyperloop Transportation Technologies (another player in the wild world of tubular transportation) announced an agreement with the government of Guizhou to set up a 10 kilometer test track in the city of Tongren.

The curbs on infrastructure spending that China is enacting may also prove problematic for HTT and its commercial project in Tongren. For the deal, HTT is going to provide the technology and talent, and the government in Tongren will finance and build the project. Financing for the joint venture will be split between Hyperloop and outside investors and the Tongren goverment.

Arrivo has one project underway in Colorado — a plan to loop Boulder and Denver together using its variation on the hyperloop model. The company is planning a $10 million to $15 million facility in the state.

Unlike the original vision of a hyperloop, which would send a vehicle speeding through an de-pressurized vacuum tube at nearly 700 miles per hour, Arrivo’s system relies on what it calls “guideways” which are built to integrate with existing infrastructure. The company touts that these thoroughfares will be able to move 10 times the number of vehicles of ordinary highways and can include public transit and delivery vehicles.

In some ways, it’s more akin to the proposed Boring Co. mdoe of transportation proposed by BamBrogan’s former boss, Elon Musk (BamBrogan was an early employee at SpaceX).

And while Arrivo and HTT are getting calls from China, Hyperloop One is looking to the UAE as one of its first international ports of call.

What’s clear is that local governments in China and the country’s state owned enterprises see promise in new mobility infrastructure investment — and look at hyperloop technologies and their offshoots as a potentially more attractive investment option than other infrastructure developments which the government might view as more of a boondoggle.

India has quickly become ground zero for the smartphone wars. Last year, the country surpassed the U.S. to become the world’s No. 1 smartphone market, and manufacturers are falling over themselves to plant a flag.

Samsung and Xiaomi have been the two biggest winners in recent quarters, battling it out for the top spot. Earlier this year, the latter edged out the former, but the battle has remained neck and neck for the huge — and growing — market. According to new numbers from Canalys, both companies shipped 9.9 million smartphones for Q2 2018.

Xiaomi held onto the top spot — though just barely, with Samsung growing 47 percent year-over-year. That’s the Korean manufacturer’s biggest growth spurt in the country since late-2015. Look, here’s a graph.

Combined, the two manufacturers comprise 60 percent of shipments in India for the quarter. Vivo and Oppo round out the top four, making Samsung the only non-Chinese company vying for a top spot. The company announced recently that it will be doubling down its efforts in the country with a factory it’s deemed the world’s largest.

ASUS has seem some growth in the country, as well, tripling since the previous quarter. Apple’s shipments, meanwhile, have dipped around 50 percent year-over-year, according to the firm, as the company adjusts its strategy in the country.

“Apple’s paring back of distributor partners and move to a ‘brand-first, volume-next’ strategy will reap rewards as it will ensure better margin per device,” says Rushabh Doshi of Canalys. “Getting priorities right will be important to smartphone vendors, and it will be a choice between profitability and volume growth.”

CloudHealth, a startup that enables customers to manage a multi-cloud environment, announced today it was adding support for Google Cloud Platform.

With today’s addition, CloudHealth now supports AWS, Azure, VMware and Google, giving customers a fairly comprehensive view of their cloud usage.

Company co-founder and CTO Joe Kinsella says the company has been seeing inbound interest for Google Cloud support dating back to 2014, but up until now there hasn’t been enough interest to warrant a startup investing the resources necessary to support another platform. He says that has changed over the last 12-18 months as they’ve seen an increase in requests and decided to take the plunge.

“I think a lot of the initiatives that have been driven since Diane Greene joined Google [at the end of 2015] and began really driving towards the enterprise are bearing fruit. And as a result, we’re starting to see a really substantial uptick in interest,” he said.

As for why Google is gaining traction, Kinsella believes they have found ways to differentiate themselves in some key areas. “Its two biggest differentiated services are in machine learning services and the App Engine service. I also think that they have generated a lot of innovation across Infrastructure as a Service and Platform as a Service, and they built really reliable, durable, flexible, highly configurable services,” he said.

Dave Bartoletti, an analyst with Forrester Research, who specializes in the public cloud says he has also seen increasing interest in Google Cloud. “Google’s developer experience (e.g., role/account management, CI/CD toolchains, and language support) now rivals AWS and Microsoft. Very strong identity and access management, security, database, and AI/ML services are drawing increasing numbers of traditional enterprise customers,” Bartoletti told TechCrunch.

CloudHealth is a cloud-based subscription service. Customers sign up and enter their cloud credentials and they get an integrated view of their cloud activity in a single interface. Kinsella says their solution provides several primary benefits including visibility, governance, compliance and cost control.

The company’s primary competitor is customers trying to build a tool to monitor multi-cloud activity themselves, something that Bartoletti also sees. “Cloud cost monitoring and optimization tools help clients pay only for what they use, pay as little as possible for what they use, and develop best practices for workload sizing and automated operations to continue to save money over time, without needing to build a large cost management practice in house,” he said.

The company, which has over 300 employees, is based in downtown Boston with multiple offices around the world. It was founded in 2012 and has raised over $87 million with its most recent Series D round generating $46 million from the likes of Kleiner Perkins, Scale Venture Partners, Meritech Capital Partners, Sapphire Ventures and .406 Ventures.

Bird, the scooter startup that has raised more than $400 million in funding, has introduced a program geared toward low-income people in order to increase access to transportation. Called One Bird, the program eliminates the $1 fee to unlock a Bird so that the rider just has to pay 15 cents per minute.

“Everyone should have access to transportation that is accessible, affordable, and environmentally-friendly,” Bird CEO Travis VanderZanden said in a statement. “One Bird makes this a reality by providing a way for everyone to ride Birds in their city. We warmly welcome all new riders, and encourage our current eligible riders to enroll in the program, so together we can create a community with fewer cars, less traffic, and reduced carbon emissions.”

The program is live in every market where Bird operates, which includes cities like Atlanta, Austin, Santa Monica, Calif. and Washington, D.C. In order to sign up for One Bird, you have to either be enrolled in or eligible for a state or federal assistance program, like CalFresh, Medicaid, SNAP or a discounted utility bill. Eligible people can reach out to one@bird .co to learn more.

Lime, a bike- and scooter-share startup, has a similar program. In May, Lime launched Lime Access to enable people who qualify for state or federal assistance programs to purchase 100 rides on pedal bikes for $5.

Increasing access to transportation has long been a talking point for companies like Uber, Lyft, Spin, Lime and Bird. In San Francisco, which still has yet to decide which companies will get to operate scooter services in the city, the Municipal Transportation Agency has asked companies to outline how they each plan to support people in low-income communities. For Bird, offering discounted rides appears to be one of its strategies.

You can read more about the scooter wars here.

Let’s all take a minute to appreciate the view in the British Airways social media cockpit, where staffers at the coalface of the airline’s Twitter account have presided over a wildly unusual ‘interpretation’ of Europe’s new data protection rules.

One that, er, suggests quite the opposite of GDPR compliance… Given the company’s social media staff have been caught encouraging customers to post personal data such as their address and passport number into a public forum — and here’s the anti-privacy cherry! — claiming it’s necessary for GDPR compliance!

Insert your own [facepalm of choice]…

Mustafa Al-Bassam, the UCL information security PhD student who flagged the company’s social media fail in the above Twitter thread has since filed his own data protection complaint against British Airways — after finding its check-in page was leaking his personal data to a bunch of third parties for ad targeting purposes.

Now that could be okay — say if the company asked for and gained consent for sharing his data. Or if it had another valid legal basis for collecting data, i.e. other than consent. Though it’s pretty hard to imagine what might legally justify an airline sharing paying customers’ personal information and travel data with advertisers without their express consent…

Well, Al-Bassam says he was not asked for consent to share his information with advertisers. And if you’re processing data by consent — as British Airways’ privacy policy appears to suggest is what the company thinks it’s doing here — then GDPR does in fact require you to actually ask for and actually obtain consent first.

tl;dr: Consent by default is not consent. So again the company appears to be suffering from some form of regulatory delusion syndrome where whatever it thinks GDPR compliance means is what GDPR compliance means. Say like embedding a catch-all ‘consent’ in the depths of a privacy policy. Or just saying the word ‘GDPR’ out loud three times while looking in the mirror.

Hint: Nope! Not compliance! No!

We reached out to British Airways to discuss its approach to GDPR compliance but at the time of writing the company had not responded to a request for comment.

Asked if it could give the company any GDPR guidance, a spokesperson for the UK’s data protection watchdog told us: “Any personal information that an organisation asks for must be limited to what’s necessary for that purpose. Any processing of that information must be secure and take appropriate technical and organisational precautions.”

Of course the airline is by no means the only company failing entirely to grok GDPR. The regulation is still pretty new (having come into force on May 25) and there are clearly A LOT of privacy dents still to be ironed out all around the online place.

Some of these are accidental and/or idiotic kinks. While others look much more like an intentional deforming of the rules (hi Facebook!). But given the GDPR regime also supports punitive fines for compliance breaches (hello lawsuits!) it’s to be hoped that none of these privacy fails — accidental, spectacularly stupid, intentionally hostile or otherwise — will be around for too long.

Our first Virtual Hackathon, which takes place at TechCrunch Disrupt San Francisco 2018 on September 5-7, is shaping up to be a world-class showdown. Thousands of the world’s best programmers, hackers, marketers, designers and developers will compete. One hundred teams will score free passes to Disrupt SF 2018, and one team will go on to win the $10,000 grand prize — but that’s not your only chance to win big.

Our sponsors keep coming up with challenging contests to test your hacking mettle (more on that in a minute). Together they’ve placed literally thousands of dollars and an impressive list of prizes on the table — and it’s yours for the winning — if you’ve got the right stuff.

If you want a chance of winning, you better get your backside in motion. The application for submitting your hack is August 2. Sign up right here, right now.

We’ve recruited some outstanding judges for the Virtual Hackathon, including folks from Pinterest and Slack. They’ll rate each submitted hack on a scale of 1 to 5 based on the idea’s quality, technical implementation, and the product’s potential impact.

Teams that score in the top 100 will receive up to five Innovator Passes to Disrupt SF. The top 30 teams from that group will move on to the semi-finals and demo their hack at Disrupt SF. The judges will then narrow the field, and 10 teams will demo their product to the world on The Next Stage. One “Best in Show” team will win the $10,000 grand prize and be crowned the first TC Disrupt Virtual Hackathon champion.

Let’s talk sponsor contests. We’ve told you about Sony Pictures and United Airlines. And we told you about the sweet cash you can win from contests sponsored by BYTON, TomTom and Viond, plus Visa and HERE Mobility.

Now we’re thrilled to tell you about this contest sponsored by Amazon.

Amazon Alexa

Alexa is Amazon’s cloud-based voice service available on tens of millions of devices from Amazon and third-party device manufacturers. With Alexa, you can build natural voice experiences that offer customers a more intuitive way to interact with the technology they use every day. The collection of tools, APIs, reference solutions and documentation make it easy for anyone to build with Alexa.

The Alexa Skills Kit (ASK) is a collection of self-service APIs, tools, documentation and code samples that makes it fast and easy for you to add skills to Alexa. ASK enables designers, developers and brands to build engaging skills and reach customers through tens of millions of Alexa-enabled devices. With ASK, you can leverage Amazon’s knowledge and pioneering work in the field of voice design.

Workshops: Head over to the Alexa Twitch channel to learn how to build engaging skills. We hold office hours every Tuesday at 1:00PM – 2:00PM PDT; get answers to any technical questions, discuss your skill use case and learn voice design best practices.

Sponsor Prizes: 

• 1st Prize: $5,000 + 10 Echo Spot Devices
• 2nd Prize: $2,000 + 10 Echo Spot Devices
• 3rd Prize: $1,000 + 10 Echo Spot Devices

Don’t miss your opportunity to score free passes to TechCrunch Disrupt San Francisco 2018 and to show the world just how freakishly good you are at creating and coding. And yes, win serious money and prizes in the process. Remember, sign up here and submit your hack by August 2. We can’t wait to see what you can do!

After launching a free program to protect election systems last December, Cloudflare has an update on how things are going. The program, known as the Athenian Project, provides Cloudflare’s services for free to state and local government websites that administer elections, host voter registration or verification data or report election results.

Those services include the DDoS protection the company is best known for but also its Web Application Firewall service, IP reputation database and the ability to cut off web traffic from a particular country or IP address. Cloudflare also is offering how-to videos and other documentation to explain its protections to potential clients.

“In November, every state and district in the country will hold congressional elections. Election officials — and all of us — want to make sure that voter information remains secure and that websites stay online as voters seek out information on polling places and voting requirements, and anxiously refresh results pages on election night,” the company wrote in its blog.

Cloudflare’s July Athenian Project update shows that more state and local governments are getting on board with the suite of free election services. Though many declined to be named, that includes the San Francisco board of elections, South Carolina’s Pickens County, North Carolina’s State Board of Elections and the state governments in Hawaii, Idaho and Rhode Island.

The company notes that it has been in talks with election officials in 27 states out of 50 and Cloudflare’s protections have been implemented in 10 state election websites so far.

Over the last six months, an increasing number of security companies have begun offering their services for free or at a discount to state and local election authorities. Last month, Synack announced free penetration testing for voter registration sites and voter databases. In April, Centrify offered a free eight months’ worth of its identity management software to state and local election boards. Because elections are run by states with mostly opt-in federal assistance, interest in these programs is uneven. Still, more security is better than no security.

“To work as designed, citizens must trust the electoral system, its strength, integrity, and the people who protect it,” Cloudflare wrote in its blog update. “Cloudflare is proud to support local officials on the front lines of election security.”