Year: 2019

An update to Apple’s iOS operating system, out today, will give parents a new set of tools to fight back against kids’ iPhone addiction. With the release of iOS 13.3, parents will for the first time be able to set limits over who kids can talk to and text with during certain hours of the day. These limits will apply across phone calls, Messages, and FaceTime. Parents can also apply a different set of limitations on calls and messaging during the child’s permitted screen time and their downtime hours.

In a new Communication Limits section of Apple’s Screen Time in Settings, iPhone users can set limits based on their contacts. During allowed screen time, users can be contacted by everyone or only by people in their contacts, for example. And during Downtime, they can opt to either be contacted by everyone or only by designated contacts.

And if this is set up under Screen Time’s Parental Controls, parents get to choose who can contact their children and when and vice versa. During Downtime, parents can also designate which particular contacts the child can message and call — like only mom or dad, for example.

In practice, this means parents could stop the child from texting friends late at night or during the school day, by scheduling Downtime to run. (To clarify, Downtime doesn’t necessarily mean “night time” — it’s just any time you only want designated apps to be available, and only calls to get through.)

The feature also allows parents to manage the child’s iCloud contacts remotely, which makes it easier for parents to share important numbers with their child.

These new Communication Limits are a part of Apple’s larger Screen Time system, which was introduced with iOS 12 last year. The system allows iPhone owners to schedule time away from their screen, set time limits on apps, view usage and activity reports, and more.

Many parents have already leveraged these controls to more strictly limit how their children used their devices, including by setting limits on individual apps they wanted to block, like games, as well as by configuring “Downtime” hours.

In addition, parents could set times when the child’s device could not be used at all.

Apple isn’t the only tech company that’s been rethinking how to address consumers’ often dysfunctional relationship with technology. Google also introduced its own set of “digital wellbeing” controls and tools for Android, and even Facebook and Instagram have rewritten parts their software and algorithms with a focus on new metrics like “time well spent,” for example.

While Apple’s Screen Time may have worked well for younger kids, teens quickly found and shared loopholes and workarounds much to parents’ chagrin.

Time will tell if teens come up with a hack to get their iMessages sent under the new parental control system, too.

Zetwerk, an Indian business-to-business marketplace for manufacturing items, has closed a significantly large financing round as it scales its operations in the nation and also helps local businesses find customers overseas.

The 18-month-old startup said on Wednesday it has raised $32 million in a Series B financing round led by Lightspeed and Greenoaks Capital. Zetwerk co-founder and chief executive Amrit Acharya told TechCrunch in an interview that the startup has also raised about $14.2 million in debt from a consortium of banks, and others.

Existing investors Accel, Sequoia India and Kae Capital also participated in the round, which pushes the Bangalore-based startup’s total raise to date to about $41 million. Vaibhav Gupta, co-founder of business-to-business marketplace Udaan, and Maninder Gulati, one of the top executives at budget lodging startup Oyo also participated.

Zetwerk was founded by Acharya, Srinath Ramakkrushnan, Rahul Sharma and Vishal Chaudhary last year. The startup connects OEMs (original equipment manufacturers) and EPC (engineering procurement construction) customers with manufacturing small-businesses and enterprises.

Unlike the more common e-commerce firms we come across every day, Zetwerk sells goods such as parts of a crane, doors, chassis of different machines and ladders. The startup operates to serve customers in fabrication, machining, casting and forging businesses. Currently, Zetwerk works with more than 100 enterprises and 1,500 small and medium-sized businesses. It delivers more than 15,000 parts each month.

“These are all custom-made products,” explained Acharya. “Nobody has a stock of such inventories. You get the order, you find manufacturers and workshops that make them. Our customers are companies that are in the business of building infrastructure.”

“We index these small workshops and understand the kinds of products they have built before. These indexes help bigger companies discover and work with them,” he added.

Once a firm has placed an order, Zetwerk allows them to keep a tab on the progress of manufacturing and then the shipping. This “hand-holding” is crucial, as in this line of business, manufacturing and shipping typically take more than two to three months.

Zetwerk has also enabled manufacturers in India to discover and find clients overseas. Today, manufacturers on the platform export their goods to North America and Southeast Asia, Acharya said. “India has a lot of depth in manufacturing, but much of it has not been tapped well,” he said.

Helping these manufacturing workshops find clients online is still a new phenomenon in the nation. Acharya said Zetwerk largely competes with domain project consultants in the offline work. “They specialize in certain products and geographies. So let’s say someone wanted to buy a machine XYZ in Orissa, they reach out to consultants who help them find workshops and estimate how much time it would take to get the project done.”

According to industry reports, manufacturing today accounts for 14% of India’s GDP. But the nation lacks a supporting ecosystem to execute projects in an efficient manner.

Vaibhav Agarwal, a partner at Lightspeed, said it was unusual to come across a market that is as large as $40 billion to $60 billion in India and global trade-tailwinds that creates opportunity to serve international demand.

The startup plans to infuse portions of the fresh capital into expanding its international operations. Acharya did not share exactly how many clients it has outside of India but said exports currently account for less than 5% of the startup’s GMV, or gross merchandize value.

He said the startup will continue to focus on helping Indian manufacturers find clients outside, as it is better suited to address this, as opposed to helping Indian companies find manufacturers overseas.

The startup will also explore helping its manufacturing workshops access working capital, though Acharya cautioned that it is not something that would happen anytime soon.

In a statement, Prayank Swaroop, a partner at Accel, said, “the use of technology in project planning, procurement, audits, and supply chain transparency is the core offering of Zetwerk which is completely original. Accel is very fortunate to be part of Zetwerk journey since the startup’s inception.”

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

1. Away CEO is stepping down in light of reports of toxic culture

Steph Korey is stepping down from her role as CEO, although she will remain on-board as executive chairman. She’ll be replaced by Lululemon COO Stuart Haselden.

The timing of the announcement comes just a few days after The Verge published an in-depth story about management practices at the luggage startup, which included extensive quotes from Korey’s Slack messages. However, the company says that the executive search has been underway for months.

2. VSCO acquires video editing startup Rylo

The photo-sharing app behind the 2019 meme craze “VSCO girls” has acquired Rylo, a video editing startup founded by the original developer of Instagram’s Hyperlapse. Founded in 2015, Rylo is best known for its 360° camera capable of creating cinematic video in 5.8K resolution.

3. Apple Card’s interest-free iPhone installment plan goes live, now with 6% back on Apple holiday purchases

The company already announced its plans for the program — allowing cardholders to purchase a new iPhone, then pay it back over 24 months with no interest — but now it’s actually opening up to all Apple Card customers. In addition, Apple is sweetening the deal with 6% back on all Apple purchases made from December 10 through December 31.

4. India proposes new rules to access its citizens’ data

India has proposed new rules that would require companies to obtain consent from Indian citizens before collecting and processing their personal data. At the same time, the new rules also state that companies would have to hand over “non-personal” user data to the government, which would also hold the power to collect any data about its citizens without consent.

5. Waze adds unplowed road reporting feature for better awareness of winter driving hazards

Waze says it developed this update after it received a recommendation from the Virginia Department of Transportation, working with the municipal agency through its “Waze for Cities Data” partnership and data-sharing program.

6. Jiji raises $21M for its Africa online classifieds business

Buyers and sellers use Jiji to make purchases ranging from real estate to car sales. The classifieds site says it has 2 million listings on its Africa platforms and hit 8 million unique monthly users in 2018.

7. AWS is sick of waiting for your company to move to the cloud

AWS held its annual re:Invent customer conference last week in Las Vegas, where CEO Andy Jassy made it clear he’s tired of the slow pace of change inside the enterprise. The company also announced some big bets designed to accelerate cloud adoption. (Extra Crunch membership required.)

Apple has fixed a bug in iOS 13.3, out today, which let anyone temporarily lock users out of their iPhones and iPads by forcing their devices into an inescapable loop.

Kishan Bagaria found a bug in AirDrop, which lets users share files from one iOS device to another. He found the bug let him repeatedly sent files to all devices able to accept files within wireless range of an attacker.

When a file is received, iOS blocks the display until the file is accepted or rejected. But because iOS didn’t limit the number of file requests a device can accept, an attacker can simply keep sending files again and again, repeatedly displaying the file accept box, causing the device to get stuck in a loop.

Using an open source tool, Bagaria could repeatedly send files again and again to not only a specific target in range, but every device set to accept files in wireless range. 

A demonstration of an ‘AirDoS’ attack. (Image: Kishan Bagaria/supplied)

Bagaria calls the bug “AirDoS,” the latter part is short for “denial-of-service,” which effectively denies a user access to their device.

Devices that had their AirDrop setting set to receive files from “Everyone” were mostly at risk. Turning off Bluetooth would effectively prevent the attack. But Bararia said that the file accept box is so persistent it’s near-impossible to turn off Bluetooth when an attack is under way.

The only other way to stop an attack? “Simply run away,” he said. Once a user is out of wireless range of the attacker, they can turn off Bluetooth.

“I’m not sure how well this’d work in an airplane,” he joked.

Apple fixed the bug by adding a rate-limit, preventing a barrage of requests over a short period of time. Because the bug wasn’t strictly a security vulnerability, Apple said it would not issue a common vulnerability and exposure (CVE) score, typically associated with security-related issues, but would “publicly acknowledge” his findings in the security advisory.

We’ve talked about securing your startup, the need to understand phishing risks and how not to handle a data breach. But we haven’t yet discussed one of the more damaging threats that all businesses large and small face: the insider threat.

The insider threat is exactly as it sounds — someone within your organization who has malicious intent. Your employees will be one of your biggest assets, but human beings are the weakest link in the security chain. Your staff are already in a privileged position — in the sense that they are in a place where they have access to far more than they would as an outsider. That means taking data, either maliciously or inadvertently, is easier for staff than it might be for a hacker.

“Organizations need to understand that the threats coming from inside their organizations are as critical as, if not more dangerous than, the threats coming from the outside,” said Stephanie Carruthers, a social engineering expert who serves as chief people hacker at IBM X-Force Red, a division of Big Blue that looks for breaches in IoT devices before — and after — they go to market.

Insider risks can become active threats for many reasons. Some individuals may become disgruntled, some want to blow the whistle on wrongdoing and others can be approached (or even manipulated) by career criminals over debts or other matters in their private life.

There are plenty of examples, many not too far back in recent history.

Today, Microsoft announced a public preview of Microsoft Teams for Linux, the first Office 365 tool that’s available for the open source operating system.

The hope is that by making it available for preview, the company can get feedback from the community and improve it before it becomes generally available. “Starting today, Microsoft Teams is available for Linux users in public preview, enabling high quality collaboration experiences for the open source community at work and in educational institutions,” the company wrote in the blog post announcing the release.

The goal here ultimately is to help get Teams into the hands of more customers by expanding the platforms it runs on. “Most of our customers have devices running on a variety of different platforms such as Windows 10, Linux and others. We are committed to supporting mixed environments across our cloud and productivity offerings, and with this announcement, we are pleased to extend the Teams experience to Linux users,” the company wrote in the blog post.

This announcement significant for a couple of reasons. For starters, Microsoft has had a complicated history with Linux and open source, although in recent years under Satya Nadella it has embraced open source. This shows that Microsoft is willing to put its tools wherever customers need them, regardless of the platform or operating system.

Secondly, since it marks the first Office 365 app on Linux, if there is positive feedback, it could open the door for more apps on the platform down the road.

The announcement also comes against the backdrop of the company’s on-going battles with Slack for enterprise collaboration platform users. In July, Microsoft announced 13 million daily active users on Teams. Meanwhile, Slack has 12 million DAUs. It’s worth noting that Slack has been available on Linux for almost two years.

Today’s devices have been secured against innumerable software attacks, but a new exploit called Plundervolt uses distinctly physical means to compromise a chip’s security. By fiddling with the actual amount of electricity being fed to the chip, an attacker can trick it into giving up its innermost secrets.

It should be noted at the outset that while this is not a flaw on the scale of Meltdown or Spectre, it is a powerful and unique one and may lead to changes in how chips are designed.

There are two important things to know in order to understand how Plundervolt works.

The first is simply that chips these days have very precise and complex rules as to how much power they draw at any given time. They don’t just run at full power 24/7; that would drain your battery and produce a lot of heat. So part of designing an efficient chip is making sure that for a given task, the processor is given exactly the amount of power it needs — no more, no less.

The second is that Intel’s chips, like many others now, have what’s called a secure enclave, a special quarantined area of the chip where important things like cryptographic processes take place. The enclave (here called SGX) is inaccessible to normal processes, so even if the computer is thoroughly hacked, the attacker can’t access the data inside.

The creators of Plundervolt were intrigued by recent work by curious security researchers who had, through reverse engineering, discovered the hidden channels by which Intel chips manage their own power.

Hidden, but not inaccessible, it turns out. If you have control over the operating system, which many attacks exist to provide, you can get at these “Model-Specific Registers,” which control chip voltage, and can tweak them to your heart’s content.

Modern processors are so carefully tuned, however, that such tweak will generally just cause the chip to malfunction. The trick is to tweak it just enough to cause the exact kind of malfunction you expect. And because the entire process takes place within the chip itself, protections against outside influence are ineffective.

The Plundervolt attack does just this, using the hidden registers to very slightly change the voltage going to the chip at the exact moment that the secure enclave is executing an important task. By doing so they can induce predictable faults inside SGX, and by means of these carefully controlled failures cause it and related processes to expose privileged information. It can even be performed remotely, though of course full access to the OS is a prerequisite.

In a way it’s a very primitive attack, essentially giving the chip a whack at the right time to make it spit out something good, like it’s a gumball machine. But of course it’s actually quite sophisticated, since the whack is an electrical manipulation on the scale of millivolts, which needs to be applied at exactly the right microsecond.

The researchers explain that this can be mitigated by Intel, but only through updates at the BIOS and microcode level — the kind of thing that many users will never bother to go through with. Fortunately for important systems there will be a way to verify that the exploit has been patched when establishing a trusted connection with another device.

Intel, for its part, downplayed the seriousness of the attack. “We are aware of publications by various academic researchers that have come up with some interesting names for this class of issues, including “VoltJockey” and “Plundervolt,” it wrote in a blog post acknowledging the existence of the exploit. “We are not aware of any of these issues being used in the wild, but as always, we recommend installing security updates as soon as possible.”

Plundervolt is one of a variety of attacks that have emerged recently taking advantage of the ways that computing hardware has evolved over the last few years. Increased efficiency usually means increased complexity, which means increased surface area for non-traditional attacks like this.

The researchers who discovered and documented Plundervolt hail from the UK’s University of Birmingham, Graz University of Technology in Austria, and KU Leuven in Belgium. They are presenting their paper at IEEE S&P 2020.

Facebook is making its line of Portal-branded smart video calling devices more relevant to consumers, including those who don’t even have a Facebook account. The company today says its Portal family of products will now work with just a WhatsApp account, allowing users to make video calls to friends and family, as well as access Portal features like its interactive “Story Time.” In addition, the Portal devices are gaining new AR features, support for Facebook’s Workplace product for businesses, and a number of new streaming services, including Amazon Prime Video, FandangoNOW, SlingTV, and others, and more.

The company’s original Facebook Portal devices were aimed at helping connect friends and family over video calling devices used in the home. This year, it expanded the line to include a video chat set-top box for TVs, called Portal TV, to give Facebook better traction in the living room.

But video calling alone has not proved to be enough of a selling point for Portal, whose sales are reportedly “very low,” according to supply chain sources. That’s led Facebook to tacking on new features and services that give consumers more of a reason to invite Facebook into their home.

That trend continues today with the notable addition of WhatsApp login.

This feature allows Portal owners to sign in to the device using only their WhatsApp account. They don’t even need a Facebook account at all. This opens up Portal to a potentially larger market, given WhatsApp’s 1.5 billion monthly users, not all of whom also have Facebook accounts.

In addition, Facebook Portal is looking to find traction in businesses, by adding support for Facebook Workplace — its corporate version of Facebook that’s used by 3 million paying users, from mostly enterprise-sized businesses. The company announced its plans to launch a Workplace app on Portal earlier this fall, and now it’s rolled out.

For fun, Facebook is adding a lip-sync AR app called Mic Drop to Portal TV, which includes songs from the Backstreet Boys, Coldplay, Katy Perry, and others. Portal TV is also gaining Photo Booth, which lets you take selfies, photos, and videos to share through Messenger.

Across the Portal line, the interactive, AR Story Time app is being updated to include new renditions of classics like Little Red Riding Hood and Goldilocks and the Three Bears, plus new tales from Llama Llama, Pete the Cat and Otto.

Portal users today will be able to livestream from their device directly to their Facebook Profile via Facebook Live — an obvious addition for a streaming video product like this, and one that could help Portal find customers among the influencer, gamer, or vlogger crowd, perhaps.

Facebook’s co-watching feature, Watch Together, is also coming to Portal Mini, Portal, and Portal+ so users can view Facebook Watch shows and programs together.

Portal is slowly edging its way into the streaming media player market, as well, with added support for a number of streaming services, including Amazon Prime Video. The company had announced Prime Video was on its way when it debuted new hardware this fall, but the service was not available at launch.

Now, Prime Video is supported in the U.S., U.K., Canada, and France, along with the recently added FandangoNOW and Sling TV in the U.S. For music and podcasts, Deezer is also supported, plus Crave in Canada and France Télévisions in France.

The additions make Portal products more than just fancy video chat cameras, but they don’t solve Portal’s larger challenge: that people aren’t comfortable bringing Facebook products into their homes. The company has repeatedly broken trust with its customer base. And while its users may not be able to quit Facebook just yet, they aren’t rushing out to integrate it more deeply in their lives, either.

The addition of Prime Now and other streaming services also places Portal into a different category of devices, where it has to compete with more advanced media players like Apple TV, Amazon’s Fire TV and Fire TV Stick, Chromecast, Roku, Android TV, and others. In this market, Portal’s small handful of supported streaming services just isn’t enough to make it a compelling competitor in this race.

But Facebook isn’t giving up on Portal, having launched a huge marketing blitz featuring promotions in ABC TV shows as well as TV commercials starring the likes of Kim Kardashian West, Jennifer Lopez, and lately, the Muppets. According to Kantar, Facebook spent nearly $62.7 million out of $97.3 million on TV advertising in the first half of the year, Variety reported.

Facebook says it’s planning to bring more content and experiences to Portal with future software updates.

Back in 2017, Y Combinator began offering a 10 week, once-a-year online course called Startup School. Part forum community and part video classroom, the program offers up a variety of lectures on topics like raising money or evaluating startup ideas, as led by YC partners and other entrepreneurs from their network.

Three years and 40,000+ students later, they’re switching up the schedule; beginning in 2020, Startup School will now be running multiple times per year. It’s also shifting from being a 10-week program to being an 8-week program.

In its first few years, Y Combinator set a hard cap on the number of founders it accepted into each Startup School session. After acceptance letters were accidentally sent to the wrong teams in 2018, the company opted to let in everyone who applied, modifying the program to focus less on personal advising and more on small peer-to-peer advice groups. It sounds like they’re sticking with this strategy moving forward, as an FAQ on the Startup School site notes that they “do not have a limit on the number of participants” with this year’s sessions.

Took part in Startup School previously and curious if it’s worth doing again? YC says that while “a few lectures will be updated or replaced”, the video content of 2020’s Startup School will be largely the same as 2019. The structure of the course itself will see some changes, though: they’ll be doing fewer group video chat sessions, but introducing weekly Q&A sessions with YC partners.

Just how many times “multiple times per year” will actually be still seems to be up in the air; YC tells me that they’re still working that out. In a post announcing the change, YC notes that its first 2020 course will start in January (whereas previous sessions have started closer to mid-year.)

Also still a bit up in the air is YC’s Startup School grant program. In previous years, graduates of the course were able to apply for an equity-free grant (initially $10,000, later increased to $15,000). With Startup School now occurring multiple times per year, YC says it’s “in the process of evaluating the grant program.”

In the same post, YC outlined some stats from this most recent year — like that of 41,777 founders who took part in the course, 10,193 graduated. They say that 57% of the founders worked on their startups full-time, and 62% of founders were from outside of the US.

That last bit seems key to YC’s strategy here. Startup School is at least partly meant to serve as a potential funnel into the core YC accelerator program. By putting everything online, they’re letting people from around the world get their foot in the door and get the ball rolling without making the massive commitment of moving to the US.

Alarm clocks were one of the most obvious implementations since the introduction of the smart screen. Devices like Lenovo’s Smart Clock and the Amazon Echo Show 5 have demonstrated some interesting in the bedside display form factor, and Google has worked with the former the refine the experience.

This morning, the company introduced a handful of features to refine the experience. “Impromptu” is an interesting new addition to the portfolio that constructs a customized alarm based on a series of factors, including weather and time of day.

Here’s what an 50 degree, early morning wake up sounds like:

Not a bad thing to wake up to. A little Gershwin-esque, perhaps. 

Per a blog post that went up this morning, the alarm ringtone is based on the company’s open-source project, Magenta. Google AI describes it thusly,

Magenta was started by researchers and engineers from the Google Brain team, but many others have contributed significantly to the project. We develop new deep learning and reinforcement learning algorithms for generating songs, images, drawings, and other materials. But it’s also an exploration in building smart tools and interfaces that allow artists and musicians to extend their processes using these models. We use TensorFlow and release our models and tools in open source on our GitHub.

The new feature rolls out today.