View profile

held together with bubble gum and string

Tech Revolution
Issue #1030 • View online
Hello there,
I’m going to try something new this week and bring you a summary of the whole newsletter in a paragraph. Of course, the full thing is below, but if you want to quickly grab the highlights, here we go…
THE NEWSLETTER IN A PARAGRAPH: The Log4j vulnerability has experts terrified; crypto tokens might be a rip-off for football fans; ‘assisted reality’ is basically a personal HUD; NSO Group might take drastic action as it faces opposition around the world; Kickstarter is going Web3; a UK spy chief is worried about China’s own cryptocurrency; Nike is getting deeper into virtual goods; games legend Peter Molyneux has taken the blockchain gaming red pill; Google is bringing Android games to Windows; Apple has an app for paranoid Android users, and MGM Resorts has resorted to VR to stop staff quitting shortly after joining.
phew! And there’s plenty more below, too…
Meanwhile, this week I have been:
  • Bemused that Google Toolbar has only just shut down
  • Wincing at the person who sold a valuable NFT for $3,000 instead of $300,000 because of a typo
  • Still intrigued by Tim Berners-Lee’s startup Inrupt, which wants to give internet users more control of their data. It’s just raised $30m in fresh funding, although we don’t know a lot about what it’s doing yet
I’ve had my Covid vaccine booster today, which is why this newsletter is a little later than usual landing in your inbox . No side effects yet, but at the very least I’m waiting for that annoying arm pain to kick in.
Okay let’s get down to it, boppers…
— Martin

Also on our network
The MUST-READ newsletter for busy social media managers.
Your guide to ALL the latest platform updates, tips, tricks & new features in one geeky email. 10,000+ subscribers
Subscribe with one click
🤔 Big questions
From this week’s news…
💩 Just how bad is the latest really-bad tech vulnerability?
The biggest story in cybersecurity—and perhaps in the whole of tech—this week has been the Log4j vulnerability. As Wired summarised:
A vulnerability in the open source Apache logging library Log4j sent system administrators and security professionals scrambling over the weekend. Known as Log4Shell, the flaw is exposing some of the world’s most popular applications and services to attack, and the outlook hasn’t improved since the vulnerability came to light on Thursday. If anything, it’s now excruciatingly clear that Log4Shell will continue to wreak havoc across the internet for years to come.
Hackers have been exploiting the bug since the beginning of the month, according to researchers from Cisco and Cloudflare. But attacks ramped up dramatically following Apache’s disclosure on Thursday.
As Ars Technica reported yesterday, “hackers around the world have launched more than 840,000 attacks on companies globally since last Friday.” Cloudflare founder Matthew Prince tweeted yesterday that “We’re seeing >1,000 attempted exploits per second. And payloads getting scarier. Ransomware payloads started in force in last 24 hours.”
In short: 😬😬😬
This is big. In the US, Cybersecurity and Infrastructure Security Agency Director Jen Easterly described Log4Shell as “one of the most serious [vulnerabilities] I’ve seen in my entire career, if not the most serious.”
Because Log4j is so widely used by developers to build logs of events in software, it’s easy for hackers to attack millions of apps and devices. Wired again:
To exploit Log4Shell, an attacker only needs to get the system to log a strategically crafted string of code. From there they can load arbitrary code on the targeted server and install malware or launch other attacks. Notably, hackers can introduce the snippet in seemingly benign ways, like by sending the string in an email or setting it as an account username.
While big companies and organisations have been scrambling to patch their software over the past few days, the many less well-resourced companies and less well-maintained apps out there mean that this could be a serious issue for a long time to come.
Shockingly, Log4j is the latest example of a key piece of code, relied on by developers (and therefore end users) around the world, that is maintained by unpaid volunteers. When building software, developers often rely on open source code to save them having to reinvent the wheel for each project. But when the code they use is being maintained as an unpaid passion project, it can lead to massive problems down the line.
As Filippo Valsorda pointed out at the weekend, there’s a big opportunity for large tech companies to pay people to maintain the open source code on which they rely. Then maintainers can start to build careers around the software they love to work on, rather than doing it in a spare hour here and there or abandoning a key piece of code relied on by millions because their life circumstances change.
It’s a common observation that the internet is held together with bubble gum and string (or a variation on the analogy), and situations like this are exactly what that saying is all about. Isn’t it time we invested in some proper bricks and mortar?
⚽ Are sports team tokens just swindling fans?
It’s easy to criticise any and every use of cryptocurrencies because of the grubby reputation many such projects have. I try not to do that in this newsletter, but here’s just another example of ‘the potential of Web3 is being held back by shady money-grabbing’.
Football clubs across Europe have started offering ‘fan tokens’ as a way of making money, boosting fan engagement, and looking like they’re on top of the latest trends.
It’s not a wholly terrible idea, but as the BBC reports, there’s not necessarily enough protection for fans who maybe don’t understand what they’re getting themselves into.
The idea here is for fans to buy the tokens and hold onto them to make use of the perks they provide and feel like they’re a closer to the club they support. But the tokens are being traded by some buyers just like other cryptocurrencies are. This has led some tokens, like Manchester City’s and Lazio’s, to fall in value by 50% or more since the first day of trading. If you were a fan who bought a lot of your club’s tokens and then later wanted to cash out, you might find yourself in trouble.
The Wild West days of cryptocurrency are numbered as regulation begins to slowly kick into gear around the world, but that’s not going to stop the goldrush in the meantime. Football clubs might wish they’d not rushed into this one.
🗣️ Jargon of the week
You’ve heard of virtual reality, augmented reality, and mixed reality. But how about ‘assisted reality’?
As the Verge reports:
Oppo has announced the Air Glass, an AR device that’ll go on sale early next year. Oppo describes the Air Glass as an “assisted reality” product, as opposed to augmented reality, meaning it projects 2D information into your field of view rather than overlaying 3D objects onto the real world.
Designed for the Chinese market, Oppo’s Air Glass is described as supporting notifications, directions, teleprompting, and real-time translation. So essentially it’s a head-up display. That means many pilots and drivers have been living in ‘assisted reality’ for years.
More news you shouldn’t miss from the past week…
  • NSO Group might sell itself or shut down its much criticised Pegasus spyware. The tools have reportedly been used by repressive regimes to keep track of journalists, activists, and dissidents. Israel-based NSO has faced increased pressure of late after it was blacklisted by the US Department of Commerce and sued by Apple. [Bloomberg $$$]
  • Kickstarter sees Web3 as a threat, so it’s working on a blockchain-based version of its platform. [Decrypt]
  • A UK spy chief is worried about China’s national cryptocurrency. Beijing is promoting the digital renminbi ahead of the Winter Olympics there in February, but GCHQ’s boss warns that widespread adoption could lead to it becoming “a tool to surveil users and exert control over global currency transactions,” the FT reports. [Financial Times $$$]
  • Nike has acquired a company that makes virtual shoes. Buying RTFKT is the latest step in Nike’s realignment from just being a sports shoe clothing company to going deep on its role as a limited edition fashion brand in both the physical world and…. yes, the metaverse. [The Verge]
  • Veteran game designer Peter Molyneux is building a ‘blockchain business simulator’. It supposedly incorporates “player ownership, play-to-earn, lend-to-earn, highly functional NFTs and a truly unique community driven economy” - all the buzzwords, essentially. That said, long-time Molyneux watchers will know how his ambitions can often crash into reality with disappointing results. [Nintendo Life]
  • Google is planning an app store for Android games on Windows next year. I’m going to be playing Final Fantasy Record Keeper even more than I already do, aren’t I? [The Verge]
  • Apple has launched an app to help Android users detect if someone is tracking their movements with a surreptitiously placed AirTag. iOS devices alert you to this danger automatically, so it’s nice to see the new Tracker Detect app for the Android crowd. [CNet]
🏭 Future of work
MGM Resorts is letting job seekers try out roles using virtual reality as it looks to reduce employee churn
The End of a Return-to-Office Date
Amazon Emerges as the Wage-and-Benefits Setter for Low-Skilled Workers Across Industries
Gig Worker Protections Get a Push in European Proposal
📰 Big reads
The Case of Tennis Star Peng Shuai Reveals the Real Purpose of China's Censorship
Birds Aren’t Real, or Are They? Inside a Gen Z Conspiracy Theory.
Getting Married in the Metaverse
Her Instagram Handle Was ‘Metaverse.’ Last Month, It Vanished.
🐣 Tweet of the week
After Time magazine made Elon Musk its Person of the Year for 2021, a highly criticised move, here’s one that would perhaps have made a bolder statement…
That's all for now...
…and that’s this newsletter done for 2021. I’ll be back in the new year. I’ll see you in your inbox then. Have a great Christmas (if you celebrate) and New Year - and stay safe.
— Martin
Did you enjoy this issue?