Year: 2019

One Man's Trash from We Are Films on Vimeo.

Peter Kokis makes robots or, more correctly, he turns into robots. This Brooklyn artists takes parts from different things – slicers, juicers, and the like – and sticks them together to make some amazing costumes. He then wanders the streets of Brooklyn looking like an escaped Transformer.

His studio site, Brooklyn Robotworks, features many of his creations including an alien-looking robot and an exosuit that looks like something out of Gears of War.

“I look at the shape of objects and see their potential to portray something,” he wrote. “Virtually everything can be changed to suit my needs: re-shaped, cut-down, painted…altered in my ‘foundry’, to be seen as something else.”

This cute video shows Kokis’ foundry – actually his kitchen table – up close and explores the dedication of an artist who likes to make cool stuff to make people happy – a mission that applies to us all.

Ahead of Spotify’s entry into the Indian market, the streaming service this morning announced a global content deal with a leading Indian film and music company, T-Series, which gives it access to T-Series’ entire Indian song catalog. This includes Bollywood and regional movie soundtracks, plus other non-film albums and emerging artist content, the company says.

In total the catalog boasts over 160,000 songs, and is available to Spotify listeners as of today.

The deal has been rumored to be in the works for some time, as Spotify has been negotiating with top Indian labels like T-Series as well as Times Music, Eros Music, and Zee Music to expand its catalog of local content before a launch in India.

In November, T-Series managing director Bhushan Kumar confirmed a deal with Spotify was in its final stages.

“We are bullish about India’s most popular music company tying up with the world’s most popular music streaming service,” Kumar said today, in a statement. “We are confident that together we will be able to reach new markets and spread the love for Indian music far and wide.”

Deals with labels aren’t the only way Spotify is prepping for its Indian debut. This past summer, it launched an Indian music hub on its service called Desi, which now counts over 930,000 followers and includes its own playlist, Desi Hits.

The Indian market won’t be simple for Spotify to win, as it will go up against local players including Gaana, which has over 80 million users, in addition to Saavn, Wynk, and global music services provided by Apple, Amazon and Google.

But gaining a foothold is key to Spotify’s continued international growth, due to the market’s sheer size.

Spotify has grown to over 200 million monthly users worldwide today, ahead of its launch in India, but is not profitable. (Except for that brief moment it had, thanks to a tax benefit.)

Despite not yet operating India, Spotify says over 4 million users are now regularly listening to Indian music on the service. There are also an estimated 30 million Indians living overseas, including in markets where Spotify operates, like the U.S., Mexico, Brazil, the U.K, and Germany, says Spotify.

The company is expected to launch in India in the first half of 2019, and that timeframe hasn’t changed, we understand.

“One of the ways Spotify has helped revolutionise music discovery is through its ability to connect millions of fans with the best music and artists from all over the world in a way that just wasn’t possible before streaming,” said Paul Smith, Director, Head of International Licensing at Spotify, in a statement. “Today’s deal with T-Series significantly strengthens our Indian music catalogue, bringing Bollywood to more than 200 million Spotify users worldwide. Having T-Series on Spotify is hugely significant and shows our commitment towards providing the very best music for our users,” he added.

The world wowed a few years ago when a very clever startup from Bristol, UK, came up with 3D printed bionic limbs for amputees. Uniquely, the limbs were lightweight, cheap to make and could even be made into Iron Man-style arms to enthuse amputee children.

They went on to sign a deal with the huge UK National Health Service to bring new technologies to amputees, announced at a Techcrunch Crunch Disrupt.

Today Open Bionics has successfully raised $5.9 million from investors including F1’s Williams Advanced Engineering Group.

Their Series A round was led by Foresight Williams Technology EIS Fund joined by Ananda Impact Ventures, and Downing Ventures, who continued to support the company with follow-on funding from their seed round.

The funding marks another success for the Bristol Robotics Lab, arguably the largest in the world, which plays host to other robotics startups such as Reach Robotics which closed $7.5M Series A for its augmented reality bots last year.

Open Bionics says it has achieved a price point that means their multi-grip bionic hand is the only advanced device that’s affordable enough to be covered by national healthcare systems in major western markets such as the UK, France, Germany and the USA.

The company launched private sales in May 2018 with its ‘Hero Arm’ which is now the best-selling multi-grip bionic hand in the UK and is also now selling in France and Spain with goals to serve more European countries this year. The bionic hands are small enough to fit children as young as 9 years old.

The Hero Arm allows amputees to choose between different finger speeds and movements enabling the wearer to pick up small objects like marbles with a fine pinch to carrying shopping baskets with a full hand grasp.

Samantha Payne and Joel Gibbard, named by The Europas startup awards as the ‘hottest founders’ in Europe, founded the ‘tech for good’ company in 2014.
Payne, co founder and COO said: “This funding enables us to serve multiple international markets and we’re thrilled to finally be able to deliver bionic hands to amputees and people with limb differences in the USA later this year. We’re exceptionally excited to receive this support from such high calibre investors who not only offer financial backing but incredible experience in commercialisation, measuring impact, and engineering high-performance hardware.”

Gibbard, co-founder and CEO said: “This investment provides crucial capital to help Open Bionics deliver on its vision of making advanced prostheses available to a much wider audience of limb-different users. We look forward to offering the Hero Arm in multiple international markets and continuing the development of great products that solve challenges within mobility and independence.”

Last year Open Bionics received support from Luke Skywalker himself, Mark Hamill, and the Dalai Lama.

Matthew Burke, Head of Technology Ventures, Williams Advanced Engineering, said: “Williams Advanced Engineering is excited to work with the team at Open Bionics and share our expertise in product development systems. Alongside the Fund’s investment, Open Bionics will benefit from the engineering and technology experience at Williams and the investment management and growth experience of Foresight’s team of investment professionals. Together this aims to be an ideal combination to deliver for the sector, its customers and the wider UK economy.”

Johannes Weber, founder of Ananda Impact Ventures said: “I have been in Kosovo as a NATO soldier in 1999 and during my deployment had to deal with many cases of limb differences. Since then I have always wanted to become more active in the field. At Ananda we are really excited to be supporting Open Bionics and seeing its products changing society’s perceptions around limb difference and drastically changing user’s self image.”

Ford is adding a hybrid Explorer to the mix, the first time the popular SUV has been offered with any kind of electrification.

The automaker unveiled Monday the Explorer hybrid as well as a new Explorer ST at the North American International Auto Show in Detroit. The reveal followed the debut last week of the 2020 Explorer, a re-crafted model that has a new platform and is loaded with technology. The final assembly for the entire Explorer lineup will be at the Ford Chicago Assembly plant. The Explorer hybrid will be manufactured at the Lima engine plant in Ohio.

The new Explorer hybrid, which will hit dealerships in summer, features a 3.3-liter hybrid powertrain that Ford projects will produce 318 horsepower combined. The company said it’s targeting a range of more than 500 miles between gas station fill-ups in the rear-wheel-drive model.

The hybrid SUV has new10-speed modular hybrid transmission and  liquid-cooled, lithium-ion battery built into the Explorer chassis below the second-row seats. This new configuration preserves cargo and passenger space, unlike previous hybrid vehicles, Ford said.

“Lost cargo space in hybrids is a thing of the past for Ford customers,” said Bill Gubing, Explorer chief engineer.

Ford’s unveiling follows a strategic roadmap developed last year that will place an emphasis on SUVs and hybrids. Or hybrid SUVs.

Ford estimated in March that SUVs could represent half of the U.S. retail market by 2020. The company said at the time that it planned to bring high-performance SUVs to the market, including five with hybrid powertrains and one fully battery electric model.

A security researcher has found, reported, and now disclosed a dozen bugs that made it easy to steal sensitive information or take over any customer’s account from some of the largest web hosting companies on the internet.

In some cases, clicking on a simple link would have been enough for Paulos Yibela, a well-known and respected bug hunter, to take over the accounts of anyone using five large hosting providers — Bluehost, Dreamhost, Hostgator, OVH, and iPage.

“All five had at least one serious vulnerability allowing a user account hijack,” he told TechCrunch, which he shared his findings with before going public.

The results of his vulnerability testing likely wouldn’t fill customers with much confidence. The bugs, now fixed — according to Yibela’s writeup, represent cases of aging infrastructure, complicated and sprawling web-based back-end systems, and company each with a massive user base —with the potential to go easily wrong.

In all, the bugs could have been used to target any number of the collective two millions domains under Endurance-owned Bluehost, Hostgator and iPage, Dreamhost’s one million domains and OVH’s four million domains — totaling some seven million domains.

Most of Yibela’s attacks were simple enough, but effective if combined with a targeted spearphishing campaign that targeted high-profile users. With domain registration data available for most large clients on registrar WHOIS databases, most of the attacks would have relied on sending the domain owner a malicious link by email and hoping that they click.

In the case of Bluehost, Yibela embedded malicious JavaScript on a page full of kittens or puppies, or anything he wants. As soon as a logged-in Bluehost user clicks on a link from an email or a tweet to that page, the hidden JavaScript will on the page, and inject the attacker’s own profile information into the victim’s account — assuming that the user is already logged in to Bluehost — by exploiting a cross-site request forgery (CSRF) flaw. That allows the attacker to modify data on the server from his malicious site, while the victim is none the wiser. By injecting their own information — including email address — the attacker can request a new password to that attacker’s email address, and takeover the account.

^{A demo of a simple hack, involving a one-click link that lets an attacker break in and takeover a user’s account. (Paulos Yibela/YouTube)}

Yibela also found that the attack could work in the form of a cross-site scripting (XSS) attack. He demonstrated how a single click on a malicious link could instantly swap out a Dreamhost account owner’s email address for one that an attacker uses, allowing Yibela — or an attacker — to send a password reset code to be sent to the email of the attacker, permitting an account takeover.

Hostgator, meanwhile, suffered from several vulnerabilities, including a similar CSRF flaw that tricked countermeasures to prevent a cross-site script from running, which allowed him to add, edit, or modify any data in the victim’s profile, such as an email address that could be used to reset the user’s password.

Yibela also found several other lesser-likely but still serious flaws, allowing man-in-the-middle attacks on a local network — such as a public Wi-Fi hotspot.

OVH, meanwhile, had a similar flaw that allowed Yibela to bypass its CSRF protections that allow him to add, change or edit user profile data. By using another vulnerability in its API, it could’ve allowed an attacker to fetch and read responses from OVH.

And, iPage, had a similar one-click flaw which could be easily exploited because the web host doesn’t require an old or current password when resetting the account’s login details. That made it possible for an attacker to craft a malicious web address which, when clicked, would reset the password to one of the attacker’s choosing — allowing them to login as that user.

Most of the web hosting companies also fixed other information and data leaking flaws, also discovered by Yibela.

All of the companies, besides OVH — which didn’t respond to a request for comment sent prior to publication — confirmed that the bugs were fixed.

Kristen Andrews, a spokesperson for Endurance, a web hosting company that owns Bluehost, Hostgator and iPage, said that the company has “taken steps to address and patch the potential vulnerabilities in question,” but, when asked, did not say if the bugs had been exploited or if customer accounts or data had been compromised.

Dreamhost, meanwhile, said it fixed the bugs “less than 48 hours later,” according to spokesperson Brett Dunst, and found no evidence to suggest anyone exploited the bug outside Yibelo’s testing.

“After a thorough review of our system access logs we can confirm that no customer accounts were affected and no customer data was compromised,” he said. “The exploit would have required a logged-in DreamHost user to click a specially-formatted malicious link to alter their own account’s contact information.”

It’s remarkable to think that of all the ways to break into a website, often — as Yibela showed — isn’t through any convoluted attack or busting firewalls. It’s simply through the front door of the site’s host, requiring little effort for the average hacker.

Schneider has fixed three vulnerabilities in one of its popular electric car charging stations, which security researchers said could have easily allowed an attacker to remotely take over the unit.

At its worst, an attacker can force a plugged-in vehicle to stop charging, rendering it useless in a “denial-of-service state,” an attack favored by some threat actors as it’s an effective way of forcing something to stop working.

The bugs were fixed with a software update that rolled out on September 2 shortly after the bugs were first disclosed, and limited details of the bugs were revealed in a supporting document on December 20. Now, a fuller picture of the vulnerabilities, found by New York-based security firm Positive Technologies, were released today — almost a month later.

Schneider’s EVLink charging stations come in all shapes and sizes — some for the garage wall and some at gas stations. It’s the charging stations at offices, hotels, shopping malls and parking garages that are vulnerable, said Positive.

At the center of Positive’s disclosure is Schneider’s EVLink Parking electric charging stations, one of several charging products that Schneider sells, and primarily marketed to apartment complexes, private parking area, offices and municipalities. These charging stations are, like others, designed for all-electric and plug-in hybrid electric vehicles — including Teslas, which have their own proprietary connector.

Because the EVLink Parking station can be connected to Schneider’s cloud with internet connectivity, either over a cell or a broadband connection, Positive said that the web-based user interface on the charging unit can be remotely accessed by anyone and easily send commands to the charging station — even while it’s in use.

“A hacker can stop the charging process, switch the device to the reservation mode, which would render it inaccessible to any customer until reservation mode is turned off, and even unlock the cable during the charging by manipulating the socket locking hatch, meaning attackers could walk away with the cable,” said Positive.

“For electric car drivers, this means not being able to use their vehicles since they cannot be charged,” it said.

Positive didn’t say what the since-removed password was, but, given the curiosity, we asked and will update when we hear back.

The researchers Vladimir Kononovich and Vyacheslav Moskvin also found two other bugs that gives an attacker full access over a device — a code injection flaw and an SQL injection vulnerability. Both were fixed in the same software update.

Schneider did not respond to a request for comment. If that changes, we’ll update.

Additional reporting: Kirsten Korosec.

As people increasingly use their mobile phones and other devices to shop, it has become imperative for vendors to improve the shopping experience, making it as simple as possible, given the small footprint. One way to do that is using artificial intelligence. Today, Salesforce announced some AI-enhanced APIs designed to keep us engaged as shoppers.

For starters, the company wants to keep you shopping. That means providing an intelligent recommendation engine. If you searched for a particular jacket, you might like these similar styles, or this scarf and gloves. That’s fairly basic as shopping experiences go, but Salesforce didn’t stop there. It’s letting developers embed this ability to recommend products in any app whether that’s maps, social or mobile.

That means shopping recommendations could pop up anywhere developers think it makes sense like on your maps app. Whether consumers see this as a positive thing, Salesforce says when you add intelligence to the shopping experience, it increases sales anywhere from 7-16 percent, so however you feel about it, it seems to be working.

The company also wants to make it simple to shop. Instead of entering a long faceted search as has been the traditional way of shopping in the past — footwear, men’s, sneakers, red — you can take a picture of a sneaker (or anything you like) and the visual search algorithm should recognize it and make recommendations based on that picture. It reduces data entry for users, which is typically a pain on the mobile device, even if it has been simplified by checkboxes.

Salesforce has also made inventory availability as a service, allowing shoppers to know exactly where the item they want is available in the world. If they want to pick up in-store that day, it shows where the store is on a map and could even embed that into your ride-sharing app to indicate exactly where you want to go. The idea is to create this seamless experience between consumer desire and purchase.

Finally, Salesforce has added some goodies to make developers happy too including the ability to browse the Salesforce API library and find the ones that make most sense for what they are creating. This includes code snippets to get started. It may not seem like a big deal, but as companies the size of Salesforce increase their API capabilities (especially with the Mulesoft acquisition), it’s harder to know what’s available. The company has also created a sandboxing capability to let developers experiment and build capabilities with these APIs in a safe way.

The basis of Commerce Cloud is Demandware, the company Salesforce acquired two years ago for $2.8 billion. Salesforce’s intelligence platform is called Einstein. In spite of its attempt to personify the technology, it’s really about bringing artificial intelligence across the Salesforce platform of products, as it has with today’s API announcements.

As we continue the quest for better and more efficient sources of energy to link up our connected world, companies that are developing new power solutions are attracting attention.

Today, a startup called Wiliot, which makes semiconductors that harness ambient nanowatts of electromagnetic energy from cellular, WiFi and Bluetooth networks to work without batteries or other traditional wired power sources, announced that it has closed a $30 million round of funding.

The backers are a notable mix of strategic and financial names: they include Amazon, Avery Dennison, Samsung and previous investors Norwest Venture Partners, 83North Venture Capital, Grove Venture Partners, Qualcomm Ventures, and M Ventures. Another “retail giant” is also involved in this round but the name is not being disclosed.

Sources close to the company tell me the valuation of it is $120 million post-money. It has raised $50 million to date.

Co-headquartered in San Diego and Israel, it’s important to note that the startup has yet to manufacture or commercialise its chips, which are being publicly unveiled for the first time today.

(I’ve seen a demo of them, and they definitely appear to work: Wiliot chips pasted to small pieces of paper, and supported by clothes pins arranged on a desk but linked up no way to anything else, were hooked up to small buttons and other items. When you press a button, for example, the chip transmits that information to the cloud, where you can in turn see the activity on a dashboard.)

The plan, according to co-founder and CEO Tal Tamir, will be to use this latest Series B funding to work on that next stage of the business: figuring out how to produce its chips at scale and at a competitive price point versus other solutions like RFID tags, as well as secure its first customers.

There are potentially a number of applications where you might imagine a battery-free chip and sensor — today the Wiliot chip can measure temperature, location, air pressure, and can transmit data back to the cloud — could come in handy, such as in manufacturing, logistics, and tagging and providing data about anything that isn’t inherently an electronic device, expanding the universe of what can be covered in an internet-of-things network.

But Steve Statler, Wiliot’s SVP of marketing and business development, said that likely first customers will be in the apparel industry, where the startup’s chips could be embedded on the care labels both to help track items of clothes from manufacture to sale, and subsequently to provide services to the people who buy those items.

“That can cover anything from washing instructions to helping provide wardrobing recommendations,” he noted. That will, of course, depend on whether the customer opts in for such assistance and/or doesn’t cut the label off the clothes.

Wiliot’s chip has yet to roll out commercially, but the company is banking on its investors to help it get there.

Avery Dennison is one of the world’s biggest label makers and producers of RFID tags; Samsung (and Qualcomm) have a huge presence in the global semiconductor market; and Amazon is apparently most interested by way of its cloud services business AWS — the Wiliot chip architecture hinges on most of the computing happening in the cloud — but don’t forget that Amazon has also been making some interesting moves into apparel and AI-based fashion assistance itself.

“We think that at some point in future every item will have its own identity,” said Francisco Melo, VP & GM, Global RFID, in an interview, who points out that Wiliot’s primary way of transmitting information out — by way of Bluetooth — makes the information “readable” by the most basic of devices these days, the smartphone. “How do we take that digital identity to help consumers at the end of line to know what they should or could do with a product? There are a number of use cases that you can think of and trigger with Bluetooth that you couldn’t do with RFID.”

Another boost to the company is the track record of its founders. Tamir and co-founders Yaron Elboim and Alon Yehevkely, as well as others on the founding team of Wiliot, had previously founded and worked at another startup, Wilocity, a maker of 60 GHz wireless chipsets, which was acquired by Qualcomm for about $400 million. Before that the three co-founders were together at Intel, speaking to a strong track record of chip-making.

Ambient energy harnessing has to date focused on a variety of natural, non-human produced sources such as solar energy, geothermal energy, wind, waves, river currents and so on.

A newer iteration on that has been tapping into the vast amount of electromagnetic energy that gets produced through existing wireless services, potentially a much bigger and readily available source in areas where wireless services already exist, and that is where Wiliot plays.

Of course, this will mean that Wiliot’s chips will not work in the most remote of areas where there is no connectivity at all. That is one of the challenges that the startup has yet to tackle. Another is, of course, more energy efficiency on devices themselves to operate on nanowatts rather than watts of power.

But ultimately, Wiliot and others in the same area like France’s Sigfox are taking the first steps that could open the door to more sophisticated ambient power solutions.

“This is just the tip of the iceberg,” Tamir said. “We think many edge devices will come that will harvest radio frequency energy. But the problem is not what you harvest but how much you need. If you get nanowatts of energy and a phone consumes 3-5 watts when active, you can see where this has to go.”

Immersive Labs, a cyber security skills platform founded by James Hadley, who used to be a researcher at GCHQ, has raised $8 million in Series A funding. Leading the round is Goldman Sachs, with participation from a number of unnamed private investors.

Operating in the cyber security training space, Immersive Labs helps enterprise IT and other cyber security teams acquire the latest security skills by combining up to date threat data with what is describes as “gamified” learning. This sees the startup use real-time feeds of the latest attack techniques, hacker psychology and technological vulnerabilities to quickly create “cyber wargames” for IT and security teams to learn from.

The idea is that the platform can up-skill people within hours of a threat emerging, in addition to being used more generally to help identify and remedy less immediate weaknesses in a company’s cyber security team.

“First, there is a big picture problem that the world is crying out for cyber security talent and is currently struggling to fill that gap,” Immersive Labs founder and CEO James Hadley tells me. “Secondly, the way that cyber skills are being taught is massively obsolete and puts the companies they work for at risk. On many occasions, what is taught is out of date before people leave the classroom”.

The inspiration for Immersive Labs was born out of Hadley’s experience running a summer school at GCHQ. It was while running the course that he came to the realisation that “passive classroom-based learning doesn’t suit the people, or pace, of cyber security”.

“Not only does the content date quickly, but the lack of challenge is just not enough for the curious and creative minds required to be good in cyber. You cant dictate, they have to teach themselves through exploration,” he says.

“We let technical and security teams learn cyber skills like an attacker, allowing them to keep pace by combining breaking threat data with short browser-based wargames. This takes the form of a series of stories that encourage people to research, analyse and build their own attacks and solutions. Whilst doing this, they learn in a fun and compelling way”.

To that end, Immersive Labs says its Series A funding will be used to grow its offering for enterprise IT and cyber security teams. This will include investing in headcount and infrastructure to develop the platform further, and to support the company’s go-to-market strategy. Current clients include global corporates with complex cyber security needs, such as BAE Systems, Sophos and Grant Thornton.

Instagram has found something it likes more than a Kardashian-Jenner family baby, and it’s an egg.

This weekend, a photo of a plain egg became the most-liked photo on Instagram, the social app owned by Facebook with over one billion users that’s reflective of internet culture.

The photo, which you can see below in its full glory, currently has more than 23 million likes at the time of writing. That has seen it surpass a February 18 photo from Kylie Jenner — the sister of Kim Kardashian — which announced the birth of her baby with rapper Travis Scott and has 18.2 million likes.

Unlike Jenner, who has 21 million Instagram followers, the egg account — “world_record_egg” — is a newcomer that seems to have been created in early January. Nothing is known of its ownership, although it now has 2.4 million followers which could — and I can’t believe I’m writing this… — make it an influencer account.

While much can be said about Jenner’s rise to fame, she’s a pretty successful entrepreneur. Her two-year-old ‘Kylie Cosmetics’ brand is estimated to gross over $600 million in annual revenue. While it is funny that a photo of an egg can take the record on Instagram there might be more to it. Jenner’s company trades on her brand, the egg could be a rejection or protest of today’s reality TV culture… which is best embodied by the Kardashians and, in particular, Kylie Jenner. That certainly seems the case looking at the splurge in new and egg-related comments on Jenner’s birth post from last year.

Maybe that’s wishful thinking and this is just another internet phenomenon that can’t be explained. It could simply be a joke that blew up, but don’t discount the potential that this is a stunt from a company launching a new product or wanting to make a splash.

Showing that she might have a sense of humor, 21-year-old Jenner acknowledged the new record in a video of her smashing an egg.

This is the second social media record set this year after Twitter got a new most-retweeted tweet — however, the roles were very much different.

Yusaku Maezawa, a Japanese billionaire who is paying Elon Musk’s SpaceX for a trip to the moon, saw a tweet that offered nearly $1 million in prize money for retweets surpass a true internet phenomenon, U.S. teen Carter Wilkerson. Back in April 2017, Wilkerson took to Twitter to plead for free chicken nuggets; his original tweet now has around 3.6 million retweets.