Archive for March 20, 2015

Friday, March 20, 2015

FTC Report Shows How Google Skewed Search Results

Rolfe Winkler and Brody Mullins (via John Gruber):

Instead, Google would “automatically boost” its own sites for certain specialized searches that otherwise would favor rivals, the FTC found. If a comparison-shopping site was supposed to rank highly, Google Product Search was placed above it. When Yelp was deemed relevant to a user’s search query, Google Local would pop up on top of the results page, the staff wrote.

Other regulators have found similar practices. European antitrust authorities in 2013 said Google had a different, “specialized” search algorithm for ranking its own content.

To bolster its own listings, Google sometimes copied, or “scraped,” information from rival sites. According to the FTC report, Google copied Amazon’s rankings of how well products were selling, then used that information to rank its results for product searches. Amazon declined to comment.

But it sounds like the FTC is not recommending any action.

Update (2015-03-25): Rolfe Winkler and Brody Mullins (via John Gruber):

In discussing one of the issues the FTC staff wanted to sue over, the report said the company illegally took content from rival websites such as Yelp, TripAdvisor Inc. and Amazon to improve its own websites. It cited one instance when Google copied Amazon’s sales rankings to rank its own items. It also copied Amazon’s reviews and ratings, the report found. A TripAdvisor spokesman declined to comment.

When competitors asked Google to stop taking their content, Google threatened to remove them from its search engine.

Update (2015-03-25): Danny Sullivan:

To get needed local reviews, Google made “policy decision” that if not provided, local sites dropped from web search

Update (2015-03-28): Danny Sullivan (via Nick Heer):

We’re still going through the report ourselves for follow-up stories. But the live tweet of the highlights I did earlier are rounded-up below[…]

Brody Mullins:

One way Google favored its own results was to change its ranking criteria. Google typically ranks sites based on measures like the number of links that point to a site, or how often users click on the site in search results.

But Marissa Mayer, who was then a Google vice president, said Google didn’t use click-through rates to determine the ranking for its own specialized-search sites, because they would rank too low, according to the staff report.

Via Nick Heer:

So why did this case — which, by the way, recommended a lawsuit against Google — result in no charges and no suit?

Launcher Returns to the App Store

Federico Viticci (tweet):

And yet, after months of not being available on the App Store despite being originally approved in September 2014, Launcher is about to be covered (and used as an example) by the press again. Launcher has been re-approved by Apple, and it’s coming back to the App Store today with the same feature set from six months ago.

[…]

And while in Launcher’s case the developer was told the app could never come back to the App Store, other developers had more luck after receiving press coverage and seeing a rejection reversed over the course of a few days. “You may recall that I wrote a blog post back in December where I begged Apple to publicly release the guidelines they have for widgets”, Gardner told me over email this week.

[…]

Over the past six months, Gardner has gone through a series of back and forth with Apple’s App Review (which he covers in episode 30 of the Inquisitive podcast), and he was eventually told to resubmit Launcher because, in the months since the first rejection, the company had decided to accept that kind of app-launching functionality. It’s not unusual for Apple to loosen App Store restrictions over time, even if no clear guidelines were ever provided in the first place. “I’m wondering if they never did that because maybe they knew that they were going to revisit this decision at a later time and may reverse it”, Gardner said.

Apple’s guidelines still make no mention of Notification Center widgets. See also my post from when Launcher was rejected.

IP Box Unlocks iPhone By Brute Force

MDSec (via John Gruber):

Although we’re still analyzing the device it appears to be relatively simple in that it simulates the PIN entry over the USB connection and sequentially bruteforces every possible PIN combination. That in itself is not unsurprising and has been known for some time. What is surprising however is that this still works even with the “Erase data after 10 attempts” configuration setting enabled. Our initial analysis indicates that the IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory. As such, each PIN entry takes approximately 40 seconds, meaning that it would take up to ~111 hours to bruteforce a 4 digit PIN.

Another reason not to use a 4-digit PIN. I’m trying to figure out the implications for 1Password. It stores your master password in the iOS keychain but tries to remove it from the keychain when you reboot your device. However, it sounds like the latter is enforced by the application itself rather than the system. So if you could arrange for 1Password to quit or crash before the device restarts, the (obfuscated) master password would still be in the keychain. After unlocking the device, you could jailbreak it, which would then allow 1Password’s section of the keychain to be accessed by a nefarious app.

Update (2015-03-28): Hacker News comments.

USB Type-C Power Adapter Possibilities

Thomas Brand:

By not including more capabilities in the power adapter, Apple missed the opportunity to make their new MacBook more functional both out on the road, and back at the desk. Now that power is no longer a proprietary connection on the new MacBook, I hope other companies will take this opportunity after Apple did not.

Third-party power adapters that are also desktop laptop docks. Projectors that provide power as well as video, audio, and USB. A new kind of computer monitor that provides all of the external capabilities of an iMac when plug your new MacBook to charge. The options are endless, and sound a lot more exciting than a $79 piece of plastic.

Login Screen Shows “[Update Needed]”

I recently ran into this issue where the Mac’s login screen shows, in the place of a user account icon, a generic question mark icon with name “[Update Needed]”. Despite the scary icon, I was able to select the “account,” enter my password, and log in as normal. There was no OS update available.

This seems to be related to having FileVault enabled and having multiple user accounts, not all of which have the FileVault credentials. I was able to fix it by decrypting and then encrypting the hard drive. After reading some more, perhaps it would have been possible to go into the FileVault tab of the Security & Privacy preferences pane and make sure that each user account has access to decrypt the disk.

kvdb and sfts

kvdb is an “embeddable Key-Value Database and Full Text Search” (via Hoà V. DINH). kvdbo is built on top of kvdb and uses a special key to keep track of the order in which key-value pairs were inserted. The sfts text searcher (built on kvdbo) uses 64-bit integer document IDs and supports prefix, substring, and suffix searches for individual tokens (not phrases). There does not seem to be any documentation about thread safety (looks like build-your-own) or transactions (doesn’t seem to use journal files).