Year: 2020

Best known as leading purveyors of device teardowns, iFixit today announced that it’s turned much of its focus to even more pressing matters. For two months, the site had roughly half of its staff turn its focus to the creation of a medical repair database — one it’s labeled the “world’s largest.”

That includes 13,000+ manuals from hundreds of companies available for anyone to use for free. Along with iFixit’s own staff, a good portion of the do-gooder work was crowdsourced with the help from experts.

“This has been an absolutely massive undertaking—and we were fortunate to have the help and support of over 200 librarians and archivists from across the country,” iFixit CEO Kyle Wiens writes in a post. “Archivists from university and public libraries, research institutes, insurance and software companies, and of course biomeds themselves—all donated their valuable time. Collectively, they’ve contributed thousands of hours organizing piles of documents into a navigable, searchable system.”

The site offer a long list of volunteers, from a slew of universities, libraries and even companies like LinkedIn. Pulling such a project off might have seemed an impossible task until recently, but an overtaxed medical system straining to manage the COVID-19 pandemic has caused many to pitch in where they can.

iFixit notes that the database’s use extends beyond COVID-19, but the need for such a resource feel more necessary than ever in the current climate. 

With more than 1,200 employees distributed across over 65 countries and a valuation of nearly $3 billion, GitLab is one of the world’s most successful fully remote startups.

Describing it as a textbook example of a remote company would be redundant, because the company actually wrote a textbook about it.

I recently had a chance to talk to GitLab’s head of Remote, Darren Murph, who filled me in on how they get stuff done, his advice for all the companies that had to suddenly shift to remote work and why GitLab gets rid of all its Slack messages after 90 days. (Fun fact: Darren wrote for TechCrunch’s corporate cousin Engadget in a past life, where he earned a Guinness World Record for writing an absolutely ridiculous number of posts.)

Darren and I chatted for quite a while, so I’ve split the transcript into two parts for easier reading. Part two coming tomorrow!

TechCrunch: So your official title is “Head of Remote.” What does that entail?

Darren Murph: It’s three things.

It’s telling our remote story to the world, it’s making sure that people who join the company acclimate to working in an all-remote setting and it’s building out the educational piece. The “all-remote” section of our handbook has dozens of guides on how we do everything remotely, from async, to meetings, to hiring and compensation, and I’m the author of all of that.

We do that to better the world; we put it all out there, it’s open source. We want other companies to read it, implement it and use it. We never saw COVID coming, but I kind of knew that down the road [this handbook] would be necessary. Thankfully, I started working on it in advance. Now that the world needs it… it’s been crazy. We packaged up our best thinking in that remote playbook, and it’s just been off the charts with companies downloading it. It’s been wild.

Why did GitLab go remote in the first place?

It was remote by default. The first three people to join the company were in three different countries… so the only way to do it was through the internet.

The one brief moment in time where there was a co-located wrinkle to the company… they’d moved to California for Y Combinator. I think there was like nine or 10 people at the time. Of course, coming out of Y Combinator, at the time, you just get an office — it’s just what you did.

I think that lasted about three days. Then people just stopped showing up.

[Laughs]

But work kept getting done! Because even in the office they were just communicating on… whatever it was at the time. It probably wasn’t Slack, I don’t think Slack existed.

With more than 1,200 employees distributed across over 65 countries and a valuation of nearly $3 billion, GitLab is one of the world’s most successful fully remote startups.

Describing it as a textbook example of a remote company would be redundant, because the company actually wrote a textbook about it.

I recently had a chance to talk to GitLab’s head of Remote, Darren Murph, who filled me in on how they get stuff done, his advice for all the companies that had to suddenly shift to remote work and why GitLab gets rid of all its Slack messages after 90 days. (Fun fact: Darren wrote for TechCrunch’s corporate cousin Engadget in a past life, where he earned a Guinness World Record for writing an absolutely ridiculous number of posts.)

Darren and I chatted for quite a while, so I’ve split the transcript into two parts for easier reading. Part two coming tomorrow!

TechCrunch: So your official title is “Head of Remote.” What does that entail?

Darren Murph: It’s three things.

It’s telling our remote story to the world, it’s making sure that people who join the company acclimate to working in an all-remote setting and it’s building out the educational piece. The “all-remote” section of our handbook has dozens of guides on how we do everything remotely, from async, to meetings, to hiring and compensation, and I’m the author of all of that.

We do that to better the world; we put it all out there, it’s open source. We want other companies to read it, implement it and use it. We never saw COVID coming, but I kind of knew that down the road [this handbook] would be necessary. Thankfully, I started working on it in advance. Now that the world needs it… it’s been crazy. We packaged up our best thinking in that remote playbook, and it’s just been off the charts with companies downloading it. It’s been wild.

Why did GitLab go remote in the first place?

It was remote by default. The first three people to join the company were in three different countries… so the only way to do it was through the internet.

The one brief moment in time where there was a co-located wrinkle to the company… they’d moved to California for Y Combinator. I think there was like nine or 10 people at the time. Of course, coming out of Y Combinator, at the time, you just get an office — it’s just what you did.

I think that lasted about three days. Then people just stopped showing up.

[Laughs]

But work kept getting done! Because even in the office they were just communicating on… whatever it was at the time. It probably wasn’t Slack, I don’t think Slack existed.

Porsche has been placing more resources into developing digital services as it tries to match the tech demands of its customers. The latest effort borne out of its Porsche Digital subsidiary is an app that lets U.S. buyers who have ordered a 911 sports car to track its progress from production to the dealership.

The app, which is integrated with the My Porsche web portal, provides customers updates on 14 events, including production in Germany, the vehicle’s departure and trek across the Atlantic, port entry into the U.S. and its arrival at the dealership. The digital service, called Porsche Track Your Dream, provides background information about each milestone and shows a countdown in miles and days. 

The Porsche tracker is a niche product with a narrow customer base. It will only be offered to 911 buyers. The automaker sold last year 9,265 Porsche 911 sports cars in the United States. But the company does plan to add other vehicles in the future including its all-electric Taycan.

The app is part of a broader strategy to up its digital game. Earlier this month, Porsche Cars North America launched an online platform called Porsche Finder that lets customers search for used vehicles across its dealership network. The platform lets customers to search by vehicle model and generation and includes additional filters for price, equipment and packages, as well as interior and exterior vehicle colors.

In April, the automaker unveiled a line of head units designed to replicate the vintage look while still featuring modern connectivity such as Bluetooth, DAB+, and Apple CarPlay.

Porsche has been placing more resources into developing digital services as it tries to match the tech demands of its customers. The latest effort borne out of its Porsche Digital subsidiary is an app that lets U.S. buyers who have ordered a 911 sports car to track its progress from production to the dealership.

The app, which is integrated with the My Porsche web portal, provides customers updates on 14 events, including production in Germany, the vehicle’s departure and trek across the Atlantic, port entry into the U.S. and its arrival at the dealership. The digital service, called Porsche Track Your Dream, provides background information about each milestone and shows a countdown in miles and days. 

The Porsche tracker is a niche product with a narrow customer base. It will only be offered to 911 buyers. The automaker sold last year 9,265 Porsche 911 sports cars in the United States. But the company does plan to add other vehicles in the future including its all-electric Taycan.

The app is part of a broader strategy to up its digital game. Earlier this month, Porsche Cars North America launched an online platform called Porsche Finder that lets customers search for used vehicles across its dealership network. The platform lets customers to search by vehicle model and generation and includes additional filters for price, equipment and packages, as well as interior and exterior vehicle colors.

In April, the automaker unveiled a line of head units designed to replicate the vintage look while still featuring modern connectivity such as Bluetooth, DAB+, and Apple CarPlay.

Notion, a popular note-taking and wiki creation app, revamped their personal pricing plans today stripping many of the user limitations from the free tier, bringing it on par with the functionality offered by the $5 per month paid plan of yore.

The company’s previous free tier had a fairly low usage limit (1,000 “blocks” which are Notion’s content units) that ultimately kept users from doing anything too robust without paying up. By completely removing this limit on the amount of text and data you’re able to log, Notion is ensuring that most paid users can get everything they need from a free account.

They’re not completely abandoning premium tier personal accounts, in fact all existing paid customers are being transitioned to “Personal Pro” accounts at the same price they were paying for before. The new plan, among other features, allows for file uploads larger than 5MB, unlimited guest collaborators and, most interestingly, upcoming access to a long-awaited Notion API which the company says is “coming soon, for real.” In September, Notion announced they were making the app free for students and teachers, now the company is rolling out access to the Personal Pro plan to these users as well.

Users that were tying multiple accounts to a single free account to manage some small shared database will be automatically transitioned to a free trial of the company’s teams product. Once they hit the 1,000 block limit, they’ll have to upgrade to the teams product or figure out a way to make the guest collaboration workflow on the free personal tier meet their needs.

Last month, Notion shared that they had closed a new round of funding at a staggering $2 billion valuation. It certainly seems they’ve determined their future revenues will rely on expanding their teams product rather than monetizing individual users quite as aggressively. Like many workplace tools companies, Notion has relied somewhat on bottom-up scaling so it’s likely they saw the opportunity of getting their platform in more users’ personal workflows and transitioning some of them to their teams products as a worthwhile long-term bet.

Over the years I’ve seen hundreds, probably thousands, of data breach notifications warning that a company’s data was lost, stolen or left online for anyone to grab.

Most of them look largely the same. It’s my job to decode what they actually mean for the victims whose information is put at risk.

Data breach notifications are meant to tell you what happened, when and what impact it may have on you. You’ve probably already seen a few this year. That’s because most U.S. states have laws that compel companies to publicly disclose security incidents, like a data breach, as soon as possible. Europe’s rules are stricter, and fines can be a common occurrence if breaches aren’t disclosed.

But data breach notifications have become an all-too-regular exercise in crisis communications. These notices increasingly try to deflect blame, obfuscate important details and omit key facts. After all, it’s in a company’s best interest to keep the stock markets happy, investors satisfied and regulators off their backs. Why would it want to say anything to the contrary?

The next time you get a data breach notification, read between the lines. By knowing the common bullshit lines to avoid, you can understand the questions you need to ask.

“We take security and privacy seriously.”
Read: “We clearly don’t.”

A phrase frequently featured in data breach notifications, we first wrote about companies taking security and privacy “seriously” last year. We found that about one-third of all notices filed with the California attorney general in 2019 had some variation of this line. The reality is that most companies have shown little compassion or care about the privacy or security of your data, but do care about having to explain to their customers that their data was stolen. It’s a hollow, overused phrase that means nothing.

“We recently discovered a security incident…”
Read: “Someone else found it but we’re trying to do damage control.”

It sounds innocuous enough, but it’s an important remark to get right. When a company says they’ve “recently discovered” a security incident, ask who actually reported the incident. All too often it’s a reporter — like me — who’s reached out for comment because a hacker dropped off a file containing their customer database and now the company is scrambling to take ownership of the incident because it looks better than the company being in the dark.

“An unauthorized individual…”
Read: “We don’t know who’s to blame, but don’t blame us.”

This is one of the most contentious parts of a data breach notification, and it boils down to a simple question: Who was to blame for a security incident? Legally speaking, “unauthorized access” means someone unlawfully broke into a system, often using someone else’s password or bypassing a login screen. But companies often get this wrong, or can’t — or don’t want to — distinguish between whether or not an incident was malicious. If a system was exposed or left online without a password, you’d blame the company for lax security controls. If a good-faith security researcher finds and reports an unprotected system, for example, there’s no reason to paint them as a malicious actor. Companies love to shift the blame, so keep an open mind.

“We took immediate steps…”
Read: “We sprung into action… as soon as we found out.”

Hackers aren’t always caught in the act. In a lot of cases, most hackers are long gone by the time a company learns of a breach. When a company says it took immediate steps, don’t assume it’s from the moment of the breach. Equifax said it “acted immediately” to stop its intrusion, which saw hackers steal nearly 150 million consumers’ credit records. But hackers had already been in its system for two months before Equifax found the suspicious activity. What really matters is when did the security incident start; when did the company learn of the security incident; and when did the company inform regulators of the breach?

“Our forensic investigation shows…”
Read: “We asked someone to tell us how f**ked we are.”

Incident responders help to understand how an intrusion or a data breach happened. It helps the company collect on cyber-insurance and prevent a similar breach happening again. But some companies use the term “forensics” loosely. Internal investigations are not transparent or accountable, and their outcomes are rarely scrutinized or published, whereas incident responders are independent, qualified assessors that will tell a company what it needs to hear and not what it wants to hear — even if their findings may still remain private.

“Out of an abundance of caution, we want to inform you of the incident.”
Read: “We were forced to tell you.”

Don’t think for a second that a company is doing “the right thing” by disclosing a security incident. In the U.S. and Europe, companies aren’t given a choice. Most states have some form of a data breach notification law that compels companies to disclose incidents that affect a certain number of residents and above. Failing to disclose a breach can lead to massive penalties. Just look at Yahoo (which, like TechCrunch, is owned by Verizon), which was fined $35 million in 2018 by a U.S. federal regulator for failing to disclose one of its data breaches that saw 500 million user accounts stolen.

“A sophisticated cyberattack…”
Read: “We’re trying not to look as stupid as we actually are.”

Just because a company says it was hit by a “sophisticated” cyberattack doesn’t mean it was. It’s hyperbole, designed to serve as a “cover your ass” statement to downplay a security incident. What it really tells you is that the company has no idea how the attack happened. After all, some of the biggest breaches in history happened because of unpatched systems, weak passwords or because someone clicked on a malicious email.

“There is no evidence that data was taken.”
Read: “That we know of.”

“No evidence” doesn’t mean that something hasn’t happened, it’s that it hasn’t been seen yet. Either the company isn’t looking hard enough or it doesn’t know. Even if a company says it has “no evidence” that data was stolen, it’s worth asking how it arrived at that conclusion.

“A small percentage of our customers are affected.”
Read: “It sounds way worse if we say ‘millions’ of users.”

The next time you see a data breach notification that says only a “small percentage” of customers are affected by a breach, take a minute to think what that actually means. Houzz admitted a data breach in January 2019, in which it said “some of our user data” was taken. Months later, a hacker posted some 57 million Houzz user records. CBS-owned Last.fm also said in 2012 that “some” of its passwords were stolen in a breach. It later amounted to 43 million passwords. If a company doesn’t tell you how many people are affected, it’s because they don’t know — or they don’t want you to know.

Over the past couple of years, Spotify has demonstrating a long-term commitment to the podcasting format by shelling out money hand over fist. The music streaming service has made a number of high profile acquisitions, including production company Gimlet and editing tool Anchor, but today’s news may well be the biggest of all.

The company has signed The Joe Rogan Experience to an exclusive multi-year licensing deal. The show will hit Spotify September 1, and become exclusive to the platform later in the year. Rogan is arguably the biggest and most influential voice in the medium.

The podcast has dominated Apple’s podcasting charts and YouTube views. Rogan currently has 8.41 million subscribers on YouTube, where his videos regularly rack up more than a million views. A recent interview with Elon Musk has already generated more than 13 million views. As of this writing, the show is currently #2 on Apple’s charts and comprises three of the service’s top ten episodes. “The talk series has long been the most-searched-for podcast on Spotify,” according to the service.

In an audio message attached the the release, Rogan noted that, “It will be the exact same show. I will not be an employee of Spotify.” It’s a key point, not just in order to ease the minds of a rabid fanbase, but because the left has often been critical of Rogan’s show and message. The program has often featured right-wing voices, including members of the so-called Intellectual Dark Web, Proud Boy founder Gavin McInnes and de-platformed conspiracy trafficker, Alex Jones.

Other high profile guests include Elon Musk, who recently made another appearance on the program and Senator Bernie Sanders. Sanders’ campaign came under criticism from the DNC establishment after promoting Rogan’s offhanded nomination for president. At the time, the Human Rights Campaign said Sanders “must reconsider” the endorsement, stating that Rogan has “attacked transgender people, gay men, women, people of color and countless marginalized groups at every opportunity.”

While the show has long been hosted on a variety of audio and video platforms, Spotify could well come under fire from similar groups from similar groups. Rogan has described himself as not belonging to any political party and holding largely libertarian views.

GM has a “big team” working on an advanced version of its hands-free driving assistance system Super Cruise that will expand its capability beyond highways and apply it to city streets, the automaker’s vice president of global product development Doug Parks said Tuesday.

GM is also continuing to improve its existing Super Cruise product, Parks said during a webcasted interview at Citi’s 2020 Car of the Future Symposium.

“As we continue to ratchet up Super Cruise, we continue to add capability and not just highway roads,” Parks said, adding that a separate team is working on the hands-free city driving product known internally as “Ultra Cruise.”

“We’re trying to take that same capability off the highway,” he said. “Ultra cruise would be all of the Super Cruise plus the neighborhoods, city streets and subdivisions. So Ultra Cruise’s domain would be  essentially all driving, all the time.”

Parks was quick to add that this would not be autonomous driving. Advanced driving assistance systems have become more capable, but they still require a human driver to take control and to be paying attention.

“What we’re not saying is that Ultra Cruise will be fully autonomous 100% of the time, although that could be one of the end games,” Parks said.

Parks didn’t provide a timeline for when Ultra Cruise might be available. A GM spokesperson said in a statement after his interview that the company continues to expand its hands-free driver assistance system technology across its vehicle portfolio and has “teams looking at how we can expand the capabilities to more scenarios.”

GM said it “does not have a name or anything specific to announce today, but stay tuned.”

This new Ultra Cruise feature would put it in competition with Tesla’s Autopilot advanced driving system, which is largely viewed as the most capable on the market today. Tesla’s “full self-driving” package, a more capable version of Autopilot, can now identify stop signs and traffic lights and automatically slows the car to a stop on approach. This feature is still considered to be in beta.

GM’s Super Cruise uses a combination of lidar map data, high-precision GPS,  cameras and radar sensors, as well as a driver attention system, which monitors the person behind the wheel to ensure they’re paying attention. Unlike Tesla’s Autopilot driver assistance system, users of Super Cruise do not need to have their hands on the wheel. However, their eyes must remain directed straight ahead.

GM has taken a slower approach to Super Cruise compared to Tesla’s method of rolling out software updates that gives early access to some owners to test the improved features. When GM launched Super Cruise in 2017, it was only available in one Cadillac model — the full-size CT6 sedan — and restricted to divided highways. That began to change in 2019 when GM announced plans to expand where Super Cruise would be available.

GM’s new digital vehicle platform, which provides more electrical bandwidth and data processing power, enabled engineers to add to Super Cruise’s capabilities. In January, GM added a feature to Super Cruise that automated lane changes for drivers of certain Cadillac models, including the upcoming 2021 Escalade.

This enhanced version of Super Cruise includes better steering and speed control. The improved version will be introduced starting with the 2021 Cadillac CT4 and CT5 sedans, followed by the new 2021 Cadillac Escalade. The vehicles are expected to become available in the second half of 2020.

Here’s another edition of “Dear Sophie,” the advice column that answers immigration-related questions about working at technology companies.

“Your questions are vital to the spread of knowledge that allows people all over the world to rise above borders and pursue their dreams,” says Sophie Alcorn, a Silicon Valley immigration attorney. “Whether you’re in people ops, a founder or seeking a job in Silicon Valley, I would love to answer your questions in my next column.”

“Dear Sophie” columns are accessible for Extra Crunch subscribers; use promo code ALCORN to purchase a one or two-year subscription for 50% off.

Dear Sophie:

Fallout from COVID-19 is forcing our startup to downsize. What legal requirements do we need to consider if we’re laying off foreign-born employees or scaling back their hours?

— HR Manager in San Mateo

Dear HR Manager:

Thank you for your question; a lot of people are going through the same thing. Keep in mind that terminating an employee that your company sponsored for a visa or green card can have ramifications for future hiring.