Monday, March 31, 2014

Industrial Toys Raises $5M From Accel To Build Tablet Games For Serious Players


Industrial Toys, the tablet and mobile gaming startup led by Bungie Studios co-founder Alex Seropian (Bungie was behind the enormously successful Halo franchise), is announcing that it has raised $5 million in Series A funding from Accel Partners.


Accel’s Vas Natarajan, who’s joining the Industrial Toys board, said that when there’s “a big platform shift” in gaming, it creates new opportunities to build “big, independent game companies.” In this case, even though the firm has already made big bets on Angry Birds-maker Rovio and Clash of Clans-maker Supercell (among others), Natarajan suggested there’s still room for a tablet-focused developer that’s less focused on casual gamers and more on the “core” gaming audience.


“I wouldn’t say that core gamers have been left on the sidelines,” Natarajan said. “I would say, in some ways, they’ve been a little bit underserved.”


Industrial Toys plans to release a beta version of its debut title Midnight Star this summer. It’s a science fiction shooter developed for tablets and smartphones, with a story by author John Scalzi and art by Mike Choi. (I studied briefly with Scalzi at the Viable Paradise science fiction workshop, and I wrote about his serialized novel The Human Division last year.) They’re also working on a related, interactive graphic novel, Midnight Rises.


Industrial Toys President Tim Harris described Midnight Star as a “reimagining” of the shooter on tablets, as opposed something that just moves existing titles and game mechanics over from other platforms. Seropian (the company’s CEO) compared the process to developing the first Halo game for the Xbox. “Your mechanics, your level design, your AI system, and all your core gaming systems” end up being very different, he said. However, those changes may not be apparent to players, since the goal is to create gameplay that feels natural and intuitive.


One difference: The Industrial Toys team didn’t try to emulate the joystick. Instead, you touch the screen to fire and zoom. (You can read a little more about Midnight Star‘s gameplay here.)


This will be a free-to-play game, with the company making money through in-app purchases. That model has taken off in social and mobile gaming, and Seropian said it appeals to him as a developer, since “the onus is to create lots of cool stuff that you want to do and spend money on” rather than trying to “cross some threshold to make it worth 60 bucks.”


The company has funded itself for two years with seed money, but Seropian said that by raising this round from Accel, “We could do a lot more and be in this for the long term.” Beyond the initial Midnight Star release, the company’s plans include additional content for the game, as well as more titles.


Natarajan said that aside from some seed investments, this is the first gaming company he’s backed at Accel. He attributed that to broad interest across the firm. Nine of Accel’s partners have made gaming investments, so he joked, “When a great gaming deal comes in, it’s a bit of a knife fight” to see who can take the lead.


Roamer Makes It Easier To Make Calls From Foreign Climes


A month ago in Barcelona I met with one of the founders of Roamer, a clever SIM hack/app that allows you to bring your own phone number along with you around the world. The company raised £300,000 in December and is closing a £1 million with the Angel Co-fund and UK Angels.


So how does it work? The Roamer app allows you to make calls cheaply anywhere in the world. When you’re ready to travel, you tell Roamer your local, home phone number and then buy an international SIM card. Any calls to your home number are forwarded to a local number in the country you’re visiting and you answer them just as you would at home, paying local rates instead of exorbitant roaming ones.


The founding team, Simon Rabin, Petr Antropov, and Nick Ustinov, all have experience in European telecom startups and Rabin created one of the first mobile checkout apps called Txt2Buy. Ustinov founded inbox.lv, Latvia’s first big exit.


Screen Shot 2014-03-31 at 7.30.06 PM


The idea is fairly compelling – you basically subvert roaming charges with a few clever hacks – and it’s great for Europeans abroad. The company is working on a version for the US and will start shipping out SIMs for users who don’t want to mess with picking up local cards. They have about 3,000 users and processed 250,000 minutes of calls so far.


The company hopes to disrupt companies like HolidayPhone who simply send you a SIM card before you leave for your trip. Because your calls are routed to your local SIM, for example, loved ones can stay in touch no matter where you are.


Roaming charges are usually onerous and this makes them less so. It’s an interesting small startup and definitely an interesting idea.


This Demake Of Legend Of Zelda Is Most Fun You Can Have With Colored Squares

It's dangerous to go alone! Go play The Legend Of Zelda, deconstructed and reduced to its component concepts! You are Link, a green square, and your mission is to kill Ganon (probably a dark block). Along the way you'll grab a sword (a brown block) and fight all sorts of monsters, from Octoroks to Moblins (represented by blinking colors). Read More

One Company Betting On Oculus Rift As The Platform For VR HR Training


The Oculus Rift and its creator Oculus VR have been purchased by Facebook, and that’s causing some including Minecraft developer Mojang to reconsider their projects for the platform. But others are doubling down on their Oculus investment, including Technology Transfer Services (TTS), a company that designs training software for workforce education.


This is another story today where I had to check to make sure it wasn’t an early April Fools’ joke, but it isn’t, I’m assured by TTS’ John Hoover. The company really is building “immersive learning environments” that combine “virtual worlds, instructor-led training, site-specific training, custom elearning and simulation to effectively train your workforce,” as TTS CEO Lou Rivera explains in an emailed release.


So what does that mean exactly? Well, the next time you want to learn how to properly dispose of hazardous materials when you work at a factory that handles depleted uranium, you might be able to do it within the safe embrace of a virtual environment, instead of risking life and limb. Already, TTS has a Power Plant Simulation prototype up and running, where new employees can cut their teeth without potentially endangering the lives of millions.


Another prospective use: helping office workers prepare for the dangers of doors, cabinets, chairs, pencils, waste bins before the encounter the real things.


Microsoft Azure Matches Amazon’s Price Cuts And Introduces New “Basic” Tier

After Google's drastic price cuts for its cloud computing services, Amazon quickly matched them. Given that Microsoft always promised to match prices, it doesn't come as a surprise that the company today announced its own round of massive price cuts. Prices for compute on Microsoft Azure (previously known as Windows Azure) dropped by up to 35 percent and Microsoft cut storage prices by up to 65… Read More

OkCupid Offers Firefox Visitors Links To Alternate Browsers To Protest New Mozilla CEO


Online dating site OkCupid is presenting Firefox visitors with something other than the standard home page you’d normally encounter – instead, there’s a lengthy message apologizing for the interruption and explaining that OkCupid opposes the political views of Mozilla’s new CEO Brendan Eich, who made donations to a campaign in support of California’s anti-LGBT Proposition 8 campaign.


Eich is the inventor of JavaScript, but the donation in 2008 has resulted in a fairly widespread call for his removal as CEO of Mozilla, even from voices within the company speaking out on Twitter. OkCupid says in its statement that while they wouldn’t normally venture into politics, and they essentially admit that there are bigger fish to fry, they still take particular issue in this case and felt the need to speak up. Specifically, they say equal marriage rights for same-sex couples are an issue because around 8 percent of all relationships begun on their platform would be illegal without it.


The offer a pass-through link if you still want to continue to your destination, as well as redirect links first for the other major browsers including Chrome, IE, Opera and Safari. There’s also a brief paragraph of relative background information, which includes why not only the 2008 donation, but also Eich’s public statements since then lead OkCupid to believe he maintains his anti-LGBT views.


We’ve reached out to Mozilla to see if they have any statement in response to this move by OkCupid. The full text of OkCupid’s explanation is in the screenshot below.


Screen Shot 2014-03-31 at 5.33.07 PM


Meetups Are Coming (To Boston And LA Next Week So Buy Tickets Now!)


Brace yourselves, residents of Los Angeles and Boston, for TechCrunch arrives in less than a fortnight.


The TechCrunch Meetup + Pitch-off will go down in Boston on April 8, and on the even of my 26th name day, April 10, we’ll hit up Los Angeles with bells on.


It should be a week to remember.


Applications to the pitch-offs are officially closed, but tickets to attend the event are still available. You can purchase one here, for $10, which will get you admission to the event, a beer ticket, and memories that will last a life time. Maybe you’ll meet your future co-founder, or a big investor, or ME!


Dreams may very well come true, so don’t miss out on purchasing a ticket.


Did I mention we’ll be having some amazing speakers and judges at these events?


Maxim Lobovsky from FormLabs will be joining us in Boston to talk 3D printing, while Michael Heyward from Whisper will join us on-stage to talk anonymity. Two coasts, two talks, too much fun.


And if that weren’t enough, you’ll bear witness to one of the most awesome startup competitions in the world, the TC Pitch-Off. About a dozen companies will have the opportunity to pitch their stealth product in under sixty seconds to a panel of expert judges, including local VCs and TC staff.


We will be announcing our star-studded judges list shortly, but in the meantime, get a ticket (Boston and LA). Prices go up next week, and you might as well save some cash.


See you there?


Of course I will.


Our sponsors and exhibitors make all of this possible. If you’re a local startup looking to gain traction, recruit, or simply want to support the TechCrunch mission, send an email over to sponsors@techcrunch.com and ask how you can get involved.


Square Market Partners With Coinbase To Accept Bitcoin


In the sci-fi show Almost Human, everyone has a bitcoin wallet. More and more places to spend bitcoin means that could become a reality, and popular indie merchant mobile payment provider Square is the latest to accept the cryptocurrency.


In an announcement today on their blog, which isn’t an April Fool’s Joke pushed early Square assures us, the company notes that bitcoin can be used to buy goods and services with Square Market as of today. That means shoppers can pay using the virtual currency on Square’s online storefront, which includes items from merchants around the world collected in one place.


Square isn’t just throwing bitcoin in to ride the hype wave, however. It’s taken steps to make sure that for both buyer and seller, the experience is as painless and as close to using any other form of payment as possible. Accordingly, they’ve streamlined it on the buyer side with QR code scanning for mobile bitcoin wallets, and easy to follow instructions for web-based hosted storage mechanisms.


On the seller side, worrying about converting bitcoin to real money isn’t an issue; the selling party automatically gets the amount for whatever they sold in USD, in the full amount of USD the product or service was advertised at (there are no fees associated with bitcoin payments for either seller or buyer, Square tells us). Square is working with Coinbase to process bitcoin exchange.


This is a nice free service addition for Square Market sellers and buyers, and possibly one more step towards a future where bionic detectives and their android counterparts check our bitcoin wallets during homicide investigations for theft as a motive.


Video Chat Marketplace LiveNinja Raises Additional $500K, Launches Tools For Online Businesses

Video Chat Marketplace LiveNinja Raises Additional $500K, Launches Tools For Online Businesses


HTC One (M8) Review: The New Best Android Smartphone

There’s a new contender for Android top dog on the market, and it’s the HTC One (M8), the latest from the Taiwanese firm. This metal-clad unibody slab inherits the good looks of its predecessor, last year’s HTC One (retroactively referred to as the M7), but refines the look and adds a lot of significant software changes, too. It makes the new One a great device, and well worth a… Read More

After Launching In 135 Markets, Word For iPad Is #1 In 120 Countries

Microsoft's Office suite for iPad continues to dominate the iOS app store days after its release, retaining the top three free slots in the U.S. App Store, with Word, Excel and PowerPoint retaining the top three free slots. Read More

Frontback Update Adds Better User Profiles


Photo-sharing app Frontback just received an update in the App Store. The company revamped user profiles to make them a little more informative. Now, you can see an avatar, the nickname and full name, a user description and a location. You can also easily access followers and following lists. Finally, you can block someone if you don’t want this particular person to see your Frontbacks.


As a reminder, Frontback started as a photo-taking app to capture fleeting moments. A Frontback post is a digital collage of what’s in front of you, and your face as it happens.


Frontback still doesn’t allow comments and doesn’t show your number of followers. It’s easy to understand why comments were left out. It’s a selfie-heavy app — there is a risk of having to deal with bullying comments. As for follower numbers, not knowing whether you have more followers than your friends seems deliberate as well. Frontback defines itself as a global community of photo enthusiasts, not a competition.


Launched last summer, the app received hundreds of thousands of downloads in just a few weeks. But its growth is only starting now.


The company worked hard to comply with Apple’s standards when it comes to design. And it has paid off as the app has been regularly featured on the App Store homepage for the past two months. You can see the featuring effect on App Annie:


Screen Shot 2014-03-31 at 18.43.56

App Store rankings


Frontback is also getting popular in Japan and China. Super users are emerging — the Japanese community even self-organized a Frontback meetup in Tokyo. The app receives an average rating of 4.5 stars in both China and Japan.


Back in February, co-founder and CEO Frédéric della Faille told me that every time someone launches the app, he or she gives 12.5 likes on average. A photo community is slowly but surely adopting this new medium.


Last week, I received more likes than usual with one of my Frontbacks, making me wonder where these new users were coming from. I asked della Faille whether Frontback pays for downloads. His answer was “never.”


frontback-meetup


Twitter Buys France’s Mesagraph And UK’s SecondSync To Ramp Up Social TV Efforts In Europe

Twitter is adding more global firepower to its ambitions to cosy up to broadcasters and TV advertisers: it is buying France’s Mesagraph, and it is also acquiring SecondSync in the UK. Mesagraph works with broadcasters in France such as Canal+, France Télévisions, M6, TF1.


With the acquisition, Twitter is buying infrastructure: instead of building up relationships in Europe, Mesagraph has them in place already, working with analytics provider Médiamétrie as well as Microsoft and Mediabrands on marketing. “We’ve learned a lot from our partners and really enjoyed being part of their most innovative projects,” the startup notes in its blog post.


Terms of the deal were not disclosed but the company says it will be working out of Twitter’s UK office in London.


More to come.


Major League Baseball’s “At Bat” App Gets Updated To Support Expanded Instant Replay

It's opening day for the first Major League Baseball season to feature "expanded instant replay," a system that allows reviews of umpires' calls through video footage. And today the MLB is also releasing an update to its official app, MLB.com At Bat, that supports the new system. The league added a limited form of instant replay in 2008, for reviewing home run calls, but this will be a major… Read More

Google’s Pokémon Challenge Asks You To Prove You’re The Very Best, Like No One Ever Was


Do you want to be the very best? Like no one ever was?


Google wants you to prove it.


At least, they would in a world where April Fools jokes were real and companies weren’t allowed to tug at our heart strings with pretend commercials for games that we’d actually totally play…


Getting started a bit early on their annual April Foolery, the Google Maps team just released this teaser for a totally-amazing augmented reality Pokemon game.


But wait! It doesn’t end there. Google went particularly deep with this one, right under our noses. They actually did build out a proper Poke-collection game — it’s just not quite as mind blowing as the impossibly intense live-action AR game shown in the video.


Pop into Google Maps on your phone (I tested it on Android 4.4) and scroll around the map for a bit. You should eventually find a Pokemon. Tap it, and bam — captured!


Pokemon 3 Pokemon 2


There’s even a Pokédex-of-sorts built in that keeps a running list of what you’ve captured so far. What happens when you collect all 150? It’s a mystery!


Be right back — Gotta catch ‘Em all.


How To Play Quake (Again) On Your Raspberry Pi


A month ago, the folks at Raspberry Pi announced that they now had access, thanks to Broadcomm, to an open driver for the BCM21553 cellphone processor chip. This meant that DIYers now had complete access to the board and would be able to access the onboard Raspberry BCM2835 chip (a similar chip to the BCM21553) with an open source driver – as long as someone ported it over from the BCM21553.


Anywho, a programmer named Simon Hall took up the challenge and for his efforts was able to win the $10,000 bounty and port Quake III over to the Raspberry Pi, thereby allowing you to waste some nasty aliens on a machine approximately the size of an Atari 2600 joystick. The process is pretty slow (“Compiling will take around 12 hours, so it is helpful to overclock the Pi for this task,” writes Eben Upton, without a trace of irony) but it’s amazing that you can literally download, compile, and install open source graphics driver onto the Pi and play a shooter in the time it used to take to download Doom from the warez boards over dial-up.


You can read the how to here and start bursting alien heads with your sweet BFG.


Twitter Poaches Googler Philippe Dauman To Lead Commerce Partnerships


Twitter has not yet officially launched commerce services but it continues to build out the systems it will need to have in place when it does. The latest development on that front is that it has hired away Philippe Dauman Jr from Google to lead commerce partnerships. Dauman, who had been at Google for the last six and a half years, announced the news himself on Twitter and also on LinkedIn.



The news comes in the wake of several other developments that point to Twitter developing a platform where brands and businesses will be able to sell products and services in Twitter’s stream. They include reports that Twitter has talked with third parties like Stripe and Paypal to provide commerce services at the backend, key hires (chief among them Nathan Hubbard from Ticketmaster, but also others), and a leak on another e-commerce site, Fancy, that even detailed how the service might look.


Twitter’s CEO Dick Costolo, when asked about commerce services in Twitter’s first-ever quarterly earnings call, also didn’t mince words when addressed directly about the leaks.


Describing the Cards platform, which lets third parties, and Twitter, add rich media and widgets into the river of other accounts that a user follow, Costolo called it a “rich canvas and additional kinds of action to Twitter in which the 140 characters really becomes a caption to this much richer card that carries with it interactivity and actions.” He described Cards as “the vehicle through which we think about commerce opportunities.”


Adding in a commerce platform will give Twitter an additional revenue source that it can gain from the “real estate” in its river. And at a time when all social networks are trying to keep its users spending ever more time on their platforms, adding in more functions and features could help increase engagement among consumers — that is, if it doesn’t turn them off by becoming too commercial and less informative.


For now, Twitter needs all the talent it can get to get commerce off the ground: ironically, a look at Google and its own stumbles in the area of commerce shows just how tricky it can be to break into the space.


Dauman, the son of media heavyweight and Viacom CEO Philippe Dauman (who has been leading his own company’s link-up with Twitter on social TV initiatives), will be transferring two different sets of skills that he honed while at Google, that of working on content partnerships with third parties and experience specifically in commerce (and mobile commerce at that)/


His most recent job there was as “Strategic Partner Development Manager” within Google’s mobile commerce division. According to his LinkedIn description he “helped build Google’s commerce & payments business across online, offline and mobile channels” and worked with merchants to integrate Google Commerce into their marketing and shopping services.


Before that, he worked on more general content partnerships as “Strategic Partner Development Manager”. As part of that he “led worldwide strategy and acquisition of content to power Maps, Local Search, and Web Search.”


Rdio Adds Chromecast Support For TV Music Streaming


Streaming music service Rdio has added support for Google’s Chromecast media accessory, the company announced today. What that means is that you’ll be able to send your Rdio music from your iPhone, iPad, Android phone, Chrome for Mac and Chrome for Windows to your Chromecast-connected TV or HDMI display wirelessly. Using Rdio’s existing remote feature, you’ll also be able to control playback on the Chromecast from anywhere you’re logged into your Rdio account.


As with other Chromecast-enabled apps, the icon for Chromecast discovery now appears in the Rdio apps on iOS, Mac and Chrome. If you’ve already set up your Chromecast, it should appear when you click the icon and you can get streaming right away. Rdio had previously announced it would be bringing Chromecast support to its service, but rival Spotify has yet to add support for Google’s streamer, though it does offer its own Spotify Connect Wi-Fi audio streaming protocol.


Updates for the iOS apps and the Android apps should be available soon, and the feature is live on the web, too.


Fly Or Die: Secret

With last week's episode focusing on Whisper, we thought it only fair to take a hard look at its biggest competitor, Secret. Welcome to another episode of Fly or Die. Read More

iPhone 6 “Air” Concept Imagines A Return To The Glass Back Design


A new take on the yet-to-be-announced iPhone 6 from an independent designer provides a look at what we might expect from a thinner, larger-screened next-generation device. This latest one is just the most recent in a spate of design takes by Martin Hajek on potential future Apple products, and this one is commissioned by French blog NWE based on recently leaked sketches, which may or may not be authentic. However close this is to what we actually see in September when the next iPhone is likely unveiled, it’s a fun look at what might come next.


iPhone-6-CBAs you can see, this design embraces the glass back Apple did away with on the iPhone 5, in favor of an aluminum enclosure. The edges are matte metal, however, and the key feature here is the nearly edge-to-edge display and the ultra-thin design. It’s sort of like a cross between the new iPad mini with Retina Display, and the iPhone 4/4S.


iPhone-6-CWI can’t help but lust after that larger screen, but luckily it’s looking more and more like a bigger display is a lock for the next version of Apple’ iPhone. The thickness here is a little more than I can credibly believe for this generation of hardware, but this is a concept, after all, so a little artistic license is to be expected. Apple has managed to shave depth off of ever version so far, too, so there’s precedent for believing it may be able to do it again.


With $2 Million In New Seed Funding, Classtivity Rebrands As ClassPass To Add Variety To Your Workout


ClassPass, an NY-based company focused on bringing value to athletes and local gyms, has today announced a $2 million seed round from an assortment of angel investors, including Fritz Lanman, SV Angel, Hank Vigil, Blake Krikorian, Gordy Crawford, Owen Van Natta, Vivi Nevo & Keith Nowak, Kal Vepuri, and Dave Tisch.


ClassPass originally launched out of TechStars NY as Classtivity, looking to give users an easy, centralized location to figure out which gym classes had available slots, for things like Yoga, spin, etc. Over time, however, the company realized that a pay-per-class model might not be sticky enough for users, which led to the launch of ClassPass.


ClassPass is a monthly $49 payment that lets users go to any class at any gym as part of a monthly subscription. The service integrates from the get-go with the gym’s POS system so that users don’t have to go through any arduous registration process, and vendors already have their new guest’s information when they walk in.


Since it’s launch, ClassPass has been so successful that the company got rid of the pay-per-class model entirely and re-branded from Classtivity to ClassPass.


The idea behind ClassPass is to throw the traditional model of user discounts on its head. After brick-and-mortar stores have been burned by peaked traffic off of a Groupon or LivingSocial deal, they’re not too keen on trying out the same tactic. But with ClassPass, people who visit the gym become more sticky.


They’ve already paid for more classes, and if the gym gives good service and provides an enjoyable experience, there’s no reason for that user to continue using their ClassPass at that same gym.


“I began teaching my TTL class just a year ago with a small, loyal following,” said Patricia Whitcas, founder of PatriciaFit. “Since becoming a class provider through ClassPass, my classes have been consistently full and/or sold-out with many repeat students, all without any other marketing.”


The service has signed on over 65 boutique gyms in the New York area, as well as expanded into Boston with over 20 gyms on the platform there.


For $49, users buy access to 10 classes wherever they’d like to go, with no requirements on which type of class they take. Since launching the ClassPass in September of last year, the company has grown from a total of 20,000 reservations booked on the site to 100,000 reservations.


Right now, ClassPass is still in beta with an option to sign up for their waiting list. If you’re interested, hop over here and check it out.


With New AudioEngine, Findaway World Plans To Power Audiobook Stores On Mobile And The Web


Findaway World was founded back in 2006 with the aim of selling MP3 players preloaded with audiobooks. (One of its more noteworthy customers: The US Army.) Today, the company is kicking off a new digital strategy in earnest with the launch of its AudioEngine.


Findaway World isn’t trying to compete directly with an audiobook store like Audible, said co-founder and CEO Mitch Kroll. Instead, through the AudioEngine SDK and API, it’s trying to bring audiobooks to a variety of existing online stores and services.


Ralph Lazaro, vice president of Findaway’s digital products group, said that the company attempted previously to build custom audiobook apps, but it “quickly realized audiobooks are very much a complementary experience” with other digital content.


For the brands that Findaway was building apps for, the audiobooks became just another app to worry about. And if the audiobook market is going to grow (that’s what Kroll and Lazaro say is already happening, with lots of future potential thanks to the explosion of smartphones, e-books, and podcasts), Findaway needs to change consumer behavior. Lazaro said the best way to do that is to display audiobooks alongside e-books, or music, and other content.


“We believe that there is an opportunity because of how we built the platform,” he added. “That opportunity goes from the biggest sellers of digital content that we all know, to someone who’s just trying to start a store and add audiobooks to that catalog. We can service all of that.”


AudioEngine takes audio content from publishers, then takes steps like dividing it into chapters to make the content “digestible to consumers on different types of devices,” he said. It then has permission to sell the resulting audiobooks to partners — the content is sold at a set rate (which includes a payment to the publishers and a percentage for Findaway), then those partners can monetize it however they wish, whether that’s by selling audiobooks one at a time, charging a subscription fee for access, or anything else.


Kroll said that the integrations can happen relatively quickly, with partners launching their AudioEngine-powered services in 60 days. The companies that have already integrated include 3M (for its Cloud Library), Mackin (MackinVia), Baker & Taylor (Acoustik), and Follet (Catalist Digital).


Findaway says that its library now includes more than 50,000 audiobooks.


PasswordBox Partnership Lets The Nymi ECG Wristband Log You In Anywhere On Mobile


The Nymi armband from Toronto-startup Bionym is edging closer to reality, and a new partnership announced today helps make it more clear how it’ll be useful to everyday consumers. Bionym is teaming up with PasswordBox to make it possible to authenticate your mobile logins using your heart rate automatically, for super fast access to sites, devices and services.


PasswordBox is a login locker, one of those apps that stores passwords securely and lets you access them anywhere for easy retrieval. It’s the perfect partner for Nymi, which promises to offer secure, unique authentication and identification of its users based on their ECG or heart rate. With PasswordBox, Nymi can automatically log you into all your stored services, based on proximity and gesture detection, making the need to remember all those things and enter them manually irrelevant.


It works with PasswordBox’s existing “1-Tap” login feature, which normally requires just a single tap to enter your login info on mobile devices. Even that tap is removed with the Nymi integration. It’s the perfect use case for Nymi, too, which hopes to demonstrate that it can deliver authentication quickly and conveniently across a range of potential applications. It’ll need to prove that point clearly to demonstrate its value to prospective buyers when it launches later this year.


Previously, Bionym announced that it would offer an ECG-authenticated Bitcoin wallet as part of its launch features, which is another example of software with immediate use benefit to prospective buyers. Bitcoin is still a bit of an outlier tech, however, and this new login management functionality should resonate with a much wider audience.


Normally, PasswordBox works on a subscription model, but as part of the deal between the app maker and Bionym, ever Nymi pre-order both existing and through July 2015 (perhaps a clue as to the Nymi’s launch window?) will receive a free lifetime subscription to its services. That’s a savings of $12 per year for life for the upgraded service, so it’s a nice side benefit to owning the hardware.


Square Debuts New Software Partner Platform, Integrates With Xero For Seamless Merchant Accounting


After announcing a partnership with Intuit QuickBooks last Fall, Square is debuting a new integration with rival accounting software Xero. Similar to the announcement with QuickBooks, this API deal allows for the mobile payment service to feed data from transactions into their financial books on Xero.


The payments company is also announcing an official software partner platform, which formalizes Square’s focus to collaborate with third parties to build new applications that complement Square’s suite of business services. The launch also extends Works with Square, a program launched earlier this year which allows developers to build accessories for Square businesses.


The new Xero integration is Square’s second available in the U.S. The company says the QuickBooks integration has been successful, and since November, thousands of sellers have connected their Square accounts with QuickBooks, importing their Square sales data into the accounting software.


With the Xero partnership, merchants can now pull past Square sales data into Xero and each day’s transactions will automatically import, summarize, and populate the appropriate account within Xero’s general ledger.


We’re told that last week Square Japan also integrated Japanese accounting software freee.


This second accounting integration is just another example of the company’s ambitions and strategy to extend its own touchpoints with consumers and make its service more useful to merchants. With these deals (and potential future ones) with software products that merchants are already using, Square is positioning itself to potentially gain more adoption and reducing friction, which merchants will certainly enjoy.


Moto G Has Turned Motorola’s U.K. Fortunes Around, Study Finds

Turns out the 'G' in Moto G stands for 'Go!'. Motorola's well-reviewed sub-$200 Android handset has given Motorola an unexpected boost in the U.K. -- a market where the brand had gone into near-total stasis. Read More

Content Marketplace ScreenHits Closes $1.2M Angel Funding

UK-based ScreenHits, a marketplace for global content acquisition and ‘viewer feedback’, has closed a $1.2 million first round of funding. Investors include high net worth Angel investors, such as Rory Fleming, Lord Reay, and Flemming Lund among others, employing the SEIS and EIS funding schemes in the UK. The money will be used to focus on product, business development and audience acquisition.


ScreenHits focuses on acquisition and distribution for the television, digital broadcast and filmed entertainment industries, and the so-called “interactive relationship” between production and audience. The aim is to use this as a virtuous feedback loop to create relevant programming for viewers of digital and traditional content.


The startup has closed distribution deals with companies including Caracol, Fox Latin America, Relativity Media, AG Properties, Telemundo and Venevision. Other global distributors working with ScreenHits include: Hasbro, TVF, eOne and SkyVision.


Russian Square Clone 2can Raises $5M To Scale Up


Russian mobile payments startups 2can similar in operation to Square and iZettle (accepts payments from Visa and MasterCard cards through a mobile card reader connected to a smartphone) has raised a $5 million Series B round of funding led by InVenture Partners with participation by Almaz Capital Partners and ESN Group.


The cash will be used to integrate with leading Russian banks and accelerate the product.


The company claims that its revenue increased 500 times in 2013, with the number of transactions made through 2can terminals increasing 200 times over the same period – though with now actual figures these numbers should be taken with a grain of salt.


Launched in September 2012, 2can allows merchants to use iOS and Android smartphones or tablets as secure terminals for accepting card payments.


Sergey Azatyan, co-founder and managing partner of InVenture Partners says the penetration of POS terminals accepting card payments in Russia is now 5 times lower compared to Europe and 7 times lower than in USA, so there is plenty of growth to be had per the next few years.


The Series B round brings 2can’s total funding to $7.3 million. InVenture Partners led the previous investment round.


Bizzby Raises $10M From Hedge Fund To Take On TaskRabbit In UK


On-demand services marketplace Bizzby has raised $10 million, and claims to have reached 40,000 users its first three months of operation this year with a smartphone app resembling TaskRabbit-style services. The investors was undisclosed but sources say the investor is a US-based Hedge Fund with over $25B under management. Bizzby offers on-demand access to tradespeople such as cleaners, plumbers, electricians, handymen and others.


All jobs are guaranteed by Bizzby and fulfilled in seconds via its “InstantPay” system which pays out to the supply network the moment jobs are completed as opposed to week or monthly payouts.


The startup is led by founder and CEO Rohan Sinclair Luvaglio and co-founders Michael Camilleri-Ferrante and Howard Lewis, and claims that service providers are “carefully curated and fully vetted, verified by a patent pending process and interviewed in person before being able to provide a service.”


The company is based in Shoreditch, the main area of the organic clusters of startups in East London called Silicon Roundabout by local tech entrepreneurs, but later dubbed ‘Tech City’ by the UK government.


Sunday, March 30, 2014

Alibaba Will Pay $692M For 35% Stake In Retail Operator Intime


Alibaba has agreed to pay $692 million for a 35% stake in Intime Retail, which operates department stores throughout China. The two companies will form a joint initiative to focus on offline-to-online retail opportunities.


The deal is the latest flurry of M&A and investment activity among China’s top Internet companies, including Alibaba, Tencent, and Baidu, which was triggered in part by Alibaba’s highly anticipated initial public offering in New York City.


Alibaba and Intime said in a press statement that they will develop online-to-offline (O2O) initiatives in order to “provide a more convenient shopping experience.” This means that Alibaba and Intime will look for ways to combine Alibaba’s e-commerce platforms with Intime’s retail outlets, which consist of high-end department stores, shopping malls, and online marketplace Yintai.com. The two companies previously partnered on O2O projects for promotional events in November 2013 and earlier this year.


Alibaba’s Tmall.com, which hosts online stores for major brands, will have access to Intime’s inventory of offline products. This will “enable a broader product selection of international brands as well as fulfillment of online orders from Intime’s physical stores.”


Intime’s shoppers will also be able to receive targeted promotions through location-based technology while in-store, as well as use virtual pre-paid cards through Alibaba’s mobile wallet service Alipay.


The deal with Intime and focus on Tmall is significant because the site is not only one of Alibaba’s most valuable properties, but also still has significant growth potential, particularly if Alibaba raises its sales commissions.


“We see significant opportunities to extend our e-commerce platform to physical retail, developing a more engaging, omnichannel and digitally-connected shopping experience,” said Daniel Zhang, COO of Alibaba Group, in a statement.


Nielsen And Integral Ad Science Expand Their Ad Viewability Partnership Beyond The US

Nielsen And Integral Ad Science Expand Their Ad Viewability Partnership Beyond The US


New Kit Lets You Print Your Own 3D Skulls


Say, for example, you wanted a dog skull but did not want to remove said bone mass from a living dog. What to do? If you’re the team behind Quinn, the 3D-printable posable doll, you’d make and sell a set of models that you can print out on your Makerbot or similar device.


The Kickstarter project is quite interesting. Essentially you are buying a set of files – skulls from dogs, dragons, goats, humans, and Alyssa Milano (not really) – and you can print them out without supports, which is a pretty big deal.


For $35 you get all three kits emailed to you when they’re complete. The creators, 3DKitBash will email them to you.


Founded by artists Natalie Mathis and Quincy Robinson, 3DKB aims to make fun stuff you can download and print. They are selling something very unusual – 3D object files – and I hope their model takes off. Considering they already blew past their $500 funding request to about $3,000 it’s clear they’re onto something.



How Dropbox Knows When You’re Sharing Copyrighted Stuff (Without Actually Looking At Your Stuff)


Late last night, a tweet was spread far and wide showing that a DMCA notice had blocked a file from being shared on a user’s Dropbox account.



As of this afternoon, it’s seen just shy of 3 thousand retweets.


What was going on? Was Dropbox suddenly doing something sketchy? Were they suddenly lurking around their users folders, digging for copyrighted material hiding amongst personal files?


Nope. The system is neither new, nor sketchy. It’s been in place for years, and it’s about as unsketchy as an anti-copyright infringement system can get. It allows Dropbox to block pre-selected files from being shared from person-to-person (thus keeping Dropbox from getting raided by the Feds), without their anti-infringement system having any idea what most of your files actually are.


Before we dive in, a few things to clear up:



  • Some interpreted the original tweet to mean that a file just sitting there in a user’s private dropbox had been DMCA’d and blocked. This wasn’t the case. Only when a file is shared from user-to-user (or with the Internet at large) does the DMCA check system come into play. In this case, a share link was generated to be sent over IM.

  • Some thought the original file was deleted from the user’s Dropbox — that’s not the case, either. Dropbox just blocks the file from being shared.

  • The original author of the tweet has followed up to clarify that he doesn’t think Dropbox is doing anything evil here, and that he just found it interesting — he didn’t intend for it to spread the way it has.


If you know what “file hashing against a blacklist” means, feel free to skip the rest of this post. Dropbox checks the hash of a shared file against a banned list, and blocks the share if there’s a match.


If those words sound like voodoo to you, read on.


How It Works:


In computer science, there’s a incredibly popular concept called “hashing”.


It’s used just about everywhere — from allowing web services to check your password without having to actually store your original password, to confirming that a file wasn’t somehow changed as it traveled from user to user.


A hash function, in this case, is just an algorithm which spits out a unique identifier based on what you feed into it.


Hashes are usually just strings of characters. The hash for File A might be “4f2900f2fdfaf”, while the hash for File B might be “dba7b12a19fe9″. Dropbox’s hashes are probably waaaay longer than that (to allow for a higher number of unique hashes), but you get the idea.


With a properly implemented hash function, running the same exact file through the algorithm twice will return the same identifier both times — but changing a file even slightly completely changes the hash. So changing File A by even a few bits should change its hash to something entirely different, like “e3c277c771c8e”.


fingerprint chart


This identifier can be used to tell you if a file is exactly the same as another file — but it’s a one way street. The hash couldn’t tell you what that original file is, without you already knowing or having a copy of the file to compare it to.


It might help to think of a hash like a fingerprint. Everyone’s fingerprint is unique, but it can’t be used to identify a person unless you already have a record of that person’s fingerprint to compare it to. Likewise, a hash-based DMCA compliance system can’t tell what a file is, unless it’s exactly the same as a file that has received a takedown request.


When you upload a file to Dropbox, two things happen to it: a hash is generated, and then the file gets encrypted to keep any unauthorized user (be it a hacker or a Dropbox employee) who somehow stumbles it sitting on Dropbox’s servers from easily being able to open it up.


(Note on encryption: Dropbox handles the encryption keys, so they theoretically could look at your files if they were legally required to. Their system has checks in place, both physical and technical, to keep employees from poking about your stuff on a whim.)


After a DMCA complaint is verified by Dropbox’s legal team, Dropbox adds that file’s hash to a big blacklist of files they can’t legally allow to be shared. When you share a link to a file, it checks that file’s hash against the blacklist.


If the file you’re sharing is the exact same file that a copyright holder complained about, it’s blocked from being shared with others. If it’s something else — a new file, or even a slightly modified version of the same file — Dropbox’s anti-infringement system has no idea what it’s looking at.


In other words: Dropbox isn’t actively scanning through your crap on a hunt for copyrighted materials. There’s no human (or even a robot) listening to your MP3s to try and find hot leaked Fergie tracks, or reading through your Harry Potter fanfic collection. They’ve just got a big list of files that they can’t let be shared, and they identify these files in a way that is deliberately blind to what any non-blacklisted files actually are.


Now, none of this is to say the hash-based system is without its security concerns. If required to by the government, for example, Dropbox theoretically could identify any user who had a certain exact file stored on their account. But the same would hold true for pretty much any cloud-based storage system where the user isn’t handling all of the encryption themselves.


For the record, here’s Dropbox’s official comment on the tweet:



There have been some questions around how we handle copyright notices. We sometimes receive DMCA notices to remove links on copyright grounds. When we receive these, we process them according to the law and disable the identified link. We have an automated system that then prevents other users from sharing the identical material using another Dropbox link. This is done by comparing file hashes. We don’t look at the files in your private folders and are committed to keeping your stuff safe.”



#Love: Unfollowing Exes

One month ago, I got dumped. It was the third in a series of failed, long-term relationships over the past five years. All relationships end differently. Some exes stay friends, or fail to stay friends, or continue hooking up, or cut each other out entirely. Some exes combine any number of those things to form a symphony of chaos. But no matter how it ends, or how it evolves after it's over,… Read More

Launched On Kickstarter, Musaic Promises Hi-Fi Music And Home Automation


Compact wireless HiFi systems are pretty common these days, but what is less common is startups thinking more deeply about how the same systems could move into home automation and the Internet of Things. That’s the implication behind a new system launched by device startup Musaic, recently launched on Kickstarter.


It now plans to go up against much bigger audio-based companies, such as Bose. It’s speakers system is, to some extend, a Trojan Horse for it’s IoT platform.


Musaic is a new kind of HiFi system made up of wireless speakers, which also cleverly extends into home automation, and is able to deliver high quality 24 Bit content over not just Bluetooth but also Wifi.


It works over WiFi and Bluetooth (many systems are just one or the other) to play music from many different smartphones, Mac or PC, and streaming services such as Grooveshark, Aupeo, Rhapsody, Napster, SomaFM, Murfie, TuneIn and many online radio stations.


On the music side, with more than one speaker, several people in a house can play different music through different players at the same time or the same music through multiple players in sync.


Additionally, as music streaming services become more pervasive, competitors in the market like Sonos are offering integration with services such as Spotify. These systems generally plug into the Spotify API. However, this means you get only what the Spotify API can deliver to third parties. It’s not possible to create a playlist for instance on such third party services. Instead, Musaic has built an API allowing the ability to use native apps.


But it’s the IoT realm that Musaic has its eyes on, with its system able to be associated with connect e lighting systems and other home automation devices.


It’s already joined the industry association called the AllSeen Alliance, run by the Linux Foundation, alongside others such as Qualcomm, HTC, AT&T and many others. It can already control dimmers, bulbs and switches from the lighting brand LightwaveRF. And it’s working closely with LIFX and WigWag (both Kickstarter successes) on integrating their products.


The company was started in May 2013 by a team comprising of experienced audio industry people draw from the Cambridge UK high tech cluster.


Saturday, March 29, 2014

How To Run Live User Testing, Part 3: The Debrief

We've focused on getting the tests setup, which includes deciding on a specific thing to test, when and where to conduct the user study and what type of users to study. We then covered actually running the tests. This final installment will focus on taking all that amazing feedback you just gathered and parsing it into useful, actionable intelligence. Read More

Crunchweek: Facebook’s $2B Bet On Virtual Reality, Office For iPad, And YC Demo Day

In this special “Between Two Co-Editors” edition of Crunchweek, I was joined by my fearless bosses, co-editors Matthew Panzarino and Alexia Tsotsis at the White Table.


We tackled Facebook’s $2 billion acquisition of Oculus VR, and Zuck’s aggressive acquisition strategy in 2014; Microsoft’s release of Office for the iPad, and tales from Y Combinator’s recent Demo Day.


The Improbable Rise Of Roku


In 10 years, when we look back and think about which companies fundamentally changed the way viewers get their TV shows delivered to them, will Roku be a part of the conversation? Based on what the company has done to date, and where it’s going, it seems likely.


That’s because no company has done more to define what we can expect from streaming video hardware than Roku — and the company did it all while competing against much larger companies that also wanted a piece of the pie.


More Than A Survivor


Consider this: Since launching its first “Roku Netflix player” in 2008, the company has had to compete against similar hardware devices from Apple and Google (and Amazon is on its way). Not only has Roku survived that onslaught, but it’s thrived.


After Stepping Aside From Y Combinator, Paul Graham Hands Over The Reins At Hacker News


As part of his departure from day-to-day operations at Y Combinator, Paul Graham announced today that he’s handing over the reins of of Hacker News, the technology and entrepreneurship-focused social news sharing website that he built and has run through YC since 2007.


In a simple and straightforward blog post, Graham announced that the “voice of YC on HN,” responding to “Ask YC” questions and other YC-related inquiries, will now be YC outreach director Kat Manalac and YC partner Garry Tan. Additionally, Daniel Gackle has joined YC full-time to handle moderation of the YC community, YC partner Kevin Hale will be in charge of the site’s web and mobile design, and developer Nick Sivo will continue to handle the site’s code.


In his blog post, Graham said he will still drop in to Hacker News from time to time, just not as much as he used to: “I’ll still be around as a user, but less frequently than when I felt I had to check the site every hour or so to make sure nothing had broken.”


Hacker News has had a big impact on the tech and programming community over the last 7 years — arguably, it may be more influential to a wider audience than Y Combinator’s core startup accelerator itself. Leena Rao’s retrospective from May 2013 “The Evolution Of Hacker News” covers the site and its growth in-depth. It will be exciting to see what the coming years bring for HN and YC as they each move into their next chapters of growth.


Neil Young’s PonoPlayer Passes $5m In Kickstarter Pledges


The portable music player is alive and well. Pono Music’s PonoPlayer just crossed the $5 million milestone on Kickstarter, making it the fourth most funded project in the site’s history. Twelve thousand backers have pledged enough to pre-order the device. And there is still 16 days to go on its campaign.


The project launched on March 11 and hit its goal within the day. It’s clear that consumers that want something more than an iPod.


The PonoPlayer is a high-fidelity portable music player. Rather than playing back MP3s, the device supports FLAC audio files that contain significantly more data than their MP3 counterparts, resulting in a dramatically higher quality sound than a traditional MP3 player.


Music is served through the PonoPlayer’s music store, which is also part of the Kickstarter project. The files are all lossless audio, therefore the file sizes are larger than the average iTunes download. The PonoPlayer sports 128GB of storage, which is good for about 100 albums.


Neil Young isn’t creating an iPod rival. This is something for people who listen to albums over and over again and crave the highest quality audio possible. It’s for musicians rather than a causal listener.


Call it a Toblerone bar. Call it a relic of the past. But you also have to call it successful.


Box CEO Aaron Levie Takes To Quora About His (Sorta) Small IPO Stake: It’s All Gravy


Reporters and industry watchers go nuts when an S-1 is filed for an initial public offering because there are always a few surprises to be found while digging through the numbers.


The Box IPO filing this past week was no exception. Along with the in-depth details of Box’s revenue (growing quickly) and bottom line income (still in the red), the filing revealed that Aaron Levie, Box’s well-known and charismatic co-founder and CEO who is indisputably the face of the company, held a smaller stake of the firm than outsiders might have expected. Levie’s ownership of Box prior to the offering stands at 4.1 percent, and when his unexecuted stock offerings are taken into account, his overall stake is 5.7 percent.


It’s still a stake that is worth more than $100 million, which is of course a lot of money. But in some ways, Levie’s holdings seem relatively small in light of his contributions to the company. Especially when compared to the 25.5 percent stake held by VC investor Draper Fisher Jurvetson.


Someone took to Quora to anonymously wonder, “Aaron Levie is down to a 4% stake heading into the Box IPO. How does he feel watching DFJ and USVP laugh to the bank after 10 years of sweat, blood, and tears?”


Surprisingly, Levie himself pitched in with a reply:



“So far, I have yet to bleed while building Box (well, one time I was late to a meeting and cut myself shaving). And honestly, if anyone is regularly bleeding while building a software company, I would have some serious questions about their strategy and if they’re executing properly. Definitely lots of tears and sweat though. Start your company because you want to change the world, and the rest is gravy.”



It’s a response that’s equal parts funny, clever, and earnest — fun without breaking any big rules (and there are a lot of those, for a company that’s officially on the road to an IPO.) In short, classic Levie.


For more classic Levie, you can watch his fireside chat with TechCrunch founder Michael Arrington from our Disrupt Europe conference this past fall. It was a lively and solid conversation about Box’s past and future that’s fun to re-watch in light of the IPO news this week:


Watch How Matterport’s Camera Captured A 3D Model Of TechCrunch HQ



Historically, creating an accurate 3D model of a physical space has been a time-consuming and expensive process that cost tens of thousands of dollars and required teams of people and days, if not weeks, to complete. But a startup called Matterport has dramatically changed that, with a $4500 camera that the company says can capture fully immersive 3D models of physical objects and spaces in a matter of minutes. And according to Matterport, the device can be operated by pretty much anyone who knows how to use an iPad — making 3D modeling more accessible than ever.

It’s a pretty impressive claim, so we invited Matterport to stop by TechCrunch headquarters to show us just how the camera works by creating a 3D map of our TechCrunch TV green room. You can see that in the video embedded above.


In an interview, Matterport’s CEO Bill Brown told me that there are three categories of people who they expect will most benefit from the product: Customers who want to document spaces, such as people managing construction projects or setting up remote factories; people who want to promote a space such as real estate agents or entertainment venue owners; and people who want to modify and redesign spaces by changing out flooring or furniture.


And while Matterport’s current camera is impressive in its form factor and ease of use, Brown says that this is just the beginning — and that very soon, Matterport’s system could be something that fits into your smartphone. “Matterport was started with the vision that eventually everybody is going to have a 3D sensor in their pocket. When we get to that day, you are no longer going to take 2D pictures,” he said.


He went on to note that with projects like Google’s Project Tango (with which Matterport has collaborated), this technology is being pushed forward even faster than they had initially expected. “We’re not going to be surprised if you start to see the first [mobile 3D imaging] devices toward the end of this year, and within a couple years, it will be pretty commonplace.”


Matterport’s latest camera might not be quite small enough to fit in your pocket, but for now it definitely lived up to the hype. The entire process of capturing the image took less than 20 minutes, and Matterport sent over the completed 3D map that could be navigated through within just a couple of hours. We included the footage of that model in the video above, and you can also see a video of a fly through of the model here:


Gillmor Gang: Sign Language

The Gillmor Gang — Danny Sullivan, Robert Scoble, Kevin Marks, John Taschek, and Steve Gillmor — barely came out of the gates before John Taschek let Comcast have it, and really you need to see the visual on this one. After the salute to the internet provider, talk circled around Microsoft's release of Office for iPad. Is it important? Well, no one on the show seemed to use Office any more,… Read More

Whaling Is The New Harlem Shake


Have you whaled yet today? It’s the new thing. Whale at the club. Whale at school. Whale in your cubical. Just don’t whale at a funeral. That would be doing it wrong.


As the Vines below show, the premise is to act like a whale breaching the water behind an unsuspecting observer. Bonus Internet points are awarded for twisting in the air.


At the moment Twitter is awash with whaling videos but if history teaches us anything, each new viral sensation lasts less time than the last. The Harlem Shake lasted about a week and a half. This one started popping up on Vine a few weeks ago is still relatively confined to that network yet could die at any moment. Get whaling while you still can. Just don’t break your back.





The 11 Memes That Define Oculus Riftbook (NSFW)


Now that the dust has settled, it’s time to have a little fun.


Virtual reality itself used to be a punchline. Now, Facebook and its latest purchase of Oculus Rift is the joke. But can Facebook raise and nurture Oculus Rift into the virtual reality device of the future? As the following memes show, not everyone trusts Zuckerberg and team to raise and nurture Oculus VR into the chosen one.


Proceed with caution.


7rcjo


7rrh5


The Internet Is Held Together With Bubble Gum And Baling Wire


Did you know that, to quote an angry hacker:



The Internet from every angle has always been a house of cards held together with defective duct tape. It’s a miracle that anything works at all. Those who understand a lot of the technology involved generally hate it, but at the same time are astounded that for end users, things seem to usually work rather well.



Today I want to talk about all of the egregious security disasters across the Internet over the last few months, but as Inigo Montoya once said: “No, there is too much. Let me sum up.” Alas, even an incomplete summary is a lengthy litany of catastrophe. Let’s see:



Just another few months on the Internet, then. But don’t get me wrong. Things are much worse than that list makes them seem.


Did you know that downloading software safely is nearly impossible? Did you know that the certificate system which underwrites https, so-called “secure” browsing, is a disastrous mess and always has been? Did you know that the NSA — well, OK, I guess you do. (Thanks, Ed!) But did you know that OpenSSL, used extensively across the industry to secure apps of all kinds and sizes, is widely viewed as code so bad and confusing it “is written by monkeys?




Why is this? Why are we not just insecure, but increasingly insecure, in an era of widely available unbreakable cryptography? What went so terribly wrong?


Well. Three things, really.


1. Security is hard.


No, it really is.


2. Users don’t care.


No, they really don’t. The most common passwords across the Internet are “123456″ and “password”. They have no interest in practicing even the most basic security hygiene:



…until they get hacked. And then, of course, they blame the technology.


I’m sorry to report, however, that that blame is not entirely misplaced. Because


3. Security is usually an afterthought.


No, if that. Because security is hard, and users are lazy, and so making systems which are secure even for ordinary users takes way too much time and effort, so too many companies just hack together something slapdash and hope nothing goes terribly wrong.


Do I sound like I’m overstating things? To quote “The Most Dangerous Code In The World,” from a couple of years ago:



We demonstrate that SSL certificate validation is completely broken in many security-critical applications and libraries. Vulnerable software includes Amazon’s EC2 Java library and all cloud clients based on it; Amazon’s and PayPal’s merchant SDKs responsible for transmitting payment details from e-commerce sites to payment gateways; integrated shopping carts such as osCommerce, ZenCart, Ubercart, and PrestaShop; AdMob code used by mobile websites; Chase mobile banking and several other Android apps and libraries; [etc]. Any SSL connection from any of these programs is insecure against a man-in-the-middle attack. The root causes of these vulnerabilities are badly designed APIs of SSL implementations.



My friend Will Sargent recently wrote a series of blog posts about what one has to do to actually correctly enable secure HTTP connections in Java. It’s a superb primer — but it’s tens of thousands words long, because it has to be:



  1. Fixing The Most Dangerous Code In The World

  2. Fixing X.509 Certificates

  3. Fixing Certificate Revocation

  4. Fixing Hostname Verification


It’s terrific, and as a developer who’s wrestled with SSL certificates on Android with Java myself, I’m really glad he wrote it; but in a better world — not a perfect world, mind you; really, just a non-disastrous one — he wouldn’t have had to.


Credit cards are even worse, of course. The Target hack, which was at the point-of-sale, would have been prevented by the use of chip-and-PIN technology…which is widespread, y’know, everywhere else in the developed world, and has been for many years. In the UK, chip-and-PIN was piloted in 2003 and rolled out nationwide in 2004. That’s a full decade ago. But US banks and retailers have dragged their heels — and now, as a direct result, they’re fish in a barrel.


Of course, chip-and-PIN won’t help with online credit-card transactions, where, well:




To be fair, we have seen some moves in the right direction. Facebook — which seems to have impressive security, perhaps unsurprising in a company led by a hacker — last month released a new tool to make Android apps safer. There’s talk of a common server-security platform at the “Goldilocks” hypervisor level. And the FTC is beginning to pay attention and cite violators, including Fandango and Credit Karma:



But those are just a few flickers of life in a security-comatose body corporate. Meanwhile, we’re in an arms race, and while the attackers are training in the Shaolin Temple and gaining valuable work experience in the French Foreign Legion, the defenders are lazing around drinking beer because the dukes and duchesses told them to drain the moats, prop the gates open, and lose the arms and armor, all in order to encourage trade. I’m sure that always seems like such an awfully good idea … right until the day Genghis Khan rides up the road.




(1) For those coders among you who, previous to the GnuTLS revelation, blamed Apple’s ifs-without-braces code style for the bug:





Image credit: Insecurity.


Friday, March 28, 2014

After Supporting Prop 8, New CEO Brendan Eich Comes Under Fire From Mozilla Employees


Mozilla employees across the web are calling for the removal of new CEO Brendan Eich, who previously held the position of CTO and has been with the company since its formation out of Netscape in the 90′s.


In 2008, Eich donated $1,000 to support Prop 8, which was a California ballot proposition that aimed to ban gay marriage in California. In 2012, the public listing for the donation was uncovered, with Mozilla appearing right next to Eich’s name. Eich remained at the company, continuing on as CTO, after the brief scandal.


With this week’s appointment to CEO, Eich has come under fire from employees in his own organization and from members of the LGBT tech community.


Open Badges lead at Mozilla Chris McAvoy tweeted:



And a creative lead in Badges, Jess Klein…



John Bevan, from Partnerships at Mozilla Foundation…



And this design researcher…



And the list goes on.


Other employees have jotted down their issues in blog form.


Mozilla’s head of Education Christie Koehler didn’t weigh in on Eich’s suitability as a CEO, but did express her disappointment with his private endorsement of anti-LGBT legislation.



Like a lot of people, I was disappointed when I found out that Brendan had donated to the anti-marriage equality Prop. 8 campaign in California. It’s hard for me to think of a scenario where someone could donate to that campaign without feeling that queer folks are less deserving of basic rights. It frustrates me when people use their economic power to further enshrine and institutionalize discrimination.



Still, she praises the company’s progress in regards to healthcare benefits and guidelines for participation, and she doesn’t see Eich standing in the way of that.



Certainly it would be problematic if Brendan’s behavior within Mozilla was explicitly discriminatory, or implicitly so in the form of repeated microagressions. I haven’t personally seen this (although to be clear, I was not part of Brendan’s reporting structure until today). To the contrary, over the years I have watched Brendan be an ally in many areas and bring clarity and leadership when needed.



And it wasn’t just employees who spoke up about Eich’s new CEO role. Rarebit, an app developer that was quite active in the Firefox marketplace, announced that it would no longer support the platform with Eich at the helm. Founders, and married gay couple, Hampton Catlin and Michael Lintorn Catlin published a post on their blog describing the painstaking process of trying to start a company with his partner, who was in the midst of the immigration process and tied to his job on a visa.



Today, Michael has a green card and we’re able to pursue this venture in the US. These days, I am so damn proud of my country for making this all possible. It’s really stunning the support we’ve received, and thank you to everyone out there who have either changed their own minds on the subject, or convinced a relative or friend that there is nothing wrong with the government recognizing our relationship. Thank you.


The overturning of Prop 8, literally was the foundation that allowed us to start this venture.


That’s why it’s personal for us. Brendan Eich was an active supporter of denying our right to be married and even to start this business. He actively took steps to ensure that rarebit couldn’t exist!



160215.ME.0804.Prop-8.WJS


Many advocates of Eich, like Mozillian Daniel Glazeman, stand in support of Eich not based on his personal beliefs, but based on the fact that Mozilla has always promoted an environment where everyone is entitled to their own way of thinking. Others, however, believe that Eich’s appointment to CEO may play a very different role in future decisions for the company that may affect the LGBT community, such as partner health benefits in states where gay marriages aren’t recognized.


John Schneider, from Mozilla’s DevOps team, had this to say:



A CEO is publicly seen as one of the most visible faces of an organization, and is quite a bit about image, partnerships, and culture, rather than the largely technical role of a CTO.


Unfortunately, right now Brendan’s public image (which is also now in part Mozilla’s public image in his new role) is one showing that he donated money to deny equal rights to the LGBT community during Prop 8 in California. Note: I fully support Brendan’s right to hold these views and support them financially as he sees fit, even while I vigorously disagree with his views on this issue.



Eich penned his own response to the issue, with the hopes of putting some of these concerns to rest. In the post, he promised to uphold the same equality that has always been present at Mozilla, from employment to healthcare benefits. He also explained that he knows words are not enough, and that actions will seal whatever trust exists between him and his employees.


John Lilly, former CEO at Mozilla and board member, announced his resignation from the company’s board of directors with a brief statement.


As it stands now, it doesn’t seem like Eich is going anywhere. Current chairman Mitchell Baker posted a lengthy reaction of his own, promising to maintain the level of diversity and equality currently in the workplace, and hopefully grow it. But he also expressed that Eich would be a part of that.



My experience is that Brendan is as committed to opportunity and diversity inside Mozilla as anyone, and more so than many. This commitment to opportunity for all within Mozilla has been a key foundation of our work for many years. I see it in action regularly.


The CEO role is obviously a key role, with a large amount of authority. The CEO must have a commitment to the inclusive nature of Mozilla. This includes of course a commitment to the Community Participation Guidelines, inclusive HR practices and the spirit that underlies them. Brendan has made this commitment.



Mozilla’s mission is “to promote openness, innovation & opportunity on the Web.” In the world of tech, we influence legislation on a number of issues reaching well outside the scope of technology. After all, technology sets the boundaries for what is achievable in this world.


Openness and innovation, Mozilla’s cornerstones, are dependent on diversity.


Hopefully, whether Eich remains at the helm or not, Mozilla employees don’t lose sight of that.


Today In Dystopian War Robots That Will Harvest Us For Our Organs…

Oh, hey, there TIDWRTWHUFOO fans. Thinking about going for a little dip this summer? How about you go for a swim with a one-ton crab that will smash you under its massive legs? Sounds fun? Definitely! Read More

Gillmor Gang Live 03.28.14

Gillmor Gang - Danny Sullivan, Robert Scoble, John Taschek, Kevin Marks, and Steve Gillmor. Live recording session today at 1pm Pacific. Live FriendFeed chat is here Read More

Confirmed: Dropbox Aqcui-Hires Social Reading App Readmill


As TechCrunch’s Steve O’Hear predicted yesterday, Readmill just confirmed that Dropbox acquired the company and that the service will shut down. It is a pure acqui-hire as the team will join Dropbox’s team and work on its core service.


“As of today, it is no longer possible to create a new account, and on July 1, 2014, the Readmill app will no longer be available,” the two co-founders Henrik Berggren and David Kjelkerud write on the blog. Users can export their reading data and download their books.


As a reminder, the Berlin-based startup developed a social reading platform for iOS and Android. The company released a well-designed mobile application to read and share highlights and extracts with your friends.


According to our first report, the deal value is around $8 million. Most of it is in stock, and the rest in cash. The two co-founders will move to San Francisco.


The company raised a $385,000 seed round from Passion Capital and Index Ventures (€280,000) and an undisclosed Series A round from Wellington Partners and existing investors.


This Week On The TC Gadgets Podcast: Facebook Oculus, HTC One, And Microsoft’s Glass Clone


Are you ready for the future?


Facebook certainly is, considering the social giant just bought Oculus VR, which makes virtual reality gaming headsets, for a cool $2 billion. And Microsoft is joining in on the fun, with reports indicating that the company has purchased wearable computing technology similar to Google’s Glass.


And in less revolutionary news, HTC finally revealed the latest-generation HTC One smartphone, which had been leaked so hard in the weeks prior to the event that we weren’t even sure if we wanted to cover it anymore. Yet here we are, discussing it on the podcast.


This week’s episode of the TC Gadgets Podcast features John Biggs, Matt Burns, Jordan Crook, Natasha Lomas, and Darrell Etherington.


Have a good Friday, everybody!



We invite you to enjoy our weekly podcasts every Friday at 3 p.m. Eastern and noon Pacific. And feel free to check out the TechCrunch Gadgets Flipboard magazine right here.


Click here to download an MP3 of this show.

You can subscribe to the show via RSS.

Subscribe in iTunes


Intro Music by Mendhoan.