Archive for June 3, 2016

Friday, June 3, 2016

Twitterrific Adds Patronage

Ged Maheux:

Most importantly, however, today’s release addresses a long-standing request we’ve received from users over the years – a way to donate additional funds towards the continued development of the app. To address this desire we’re pleased to introduce Ollie’s Tip Jar – a series of in-app purchases that users can voluntarily buy to help keep Twitterrific up and running.

The Tip Jar is our way of continuing to offer free and notable updates to Twitterrific while still (hopefully) paying for the cost of development. Since it’s launch in December of 2012, Twitterrific has been updated over 40 times – all for free. Rather than stopping development on Twitterrific version 5 and launching an all-new paid version 6, we’ve decided to include the Tip Jar in the hopes that users who enjoy and love the app will give generously so we can continue to provide updates.

Previously: Overcast 2.5.

Fixing App Store Discovery

John Voorhees:

The App Store’s Top Free, Paid, and Grossing charts are probably the most effective aspect of the App Store […] The trouble is, without a good way to discover apps beyond the most popular ones, it is extremely hard for new apps to break into the charts. Instead, the very existence of the charts perpetuates the position of the apps already on them, making it even more difficult for a new app to break into the charts.


As I write this, Twitterrific is the fourth result if you search for ‘twitter.’ The search results also include many other relevant results, but still return games, alarm clock apps, and other irrelevant results.

In my own experience, I have found that search results are also often inconsistent between platforms. The results returned for an app search in iTunes are often different than the results I get from the App Store on iOS, which are both different than the results returned by the iTunes Search API, which are oftentimes the worst of all. In short, App Store search results have two main problems – relevance and consistency.


Another area that needs work is search ranking. Precisely what goes into the ranking of search results is unknown and changes from time to time, but the rankings seem broken, which is curious.


The App Store's ability to filter search results should also be expanded. This is something that Amazon does particularly well. If I run a search and it returns thousands of results, I can narrow the search by criteria like price, color, and rating.

A2: Analog Malicious Hardware

Kaiyuan Yang et al. (PDF) (via Brendan O’Connor):

While the move to smaller transistors has been a boon for performance it has dramatically increased the cost to fabricate chips using those smaller transistors. This forces the vast majority of chip design companies to trust a third party— often overseas—to fabricate their design. To guard against shipping chips with errors (intentional or otherwise) chip design companies rely on post-fabrication testing. Unfortunately, this type of testing leaves the door open to malicious modifications since attackers can craft attack triggers requiring a sequence of unlikely events, which will never be encountered by even the most diligent tester.

In this paper, we show how a fabrication-time attacker can leverage analog circuits to create a hardware attack that is small (i.e., requires as little as one gate) and stealthy (i.e., requires an unlikely trigger sequence before effecting a chip’s functionality).

Andy Greenberg:

In fact, researchers at the University of Michigan haven’t just imagined that computer security nightmare; they’ve built and proved it works. In a study that won the “best paper” award at last week’s IEEE Symposium on Privacy and Security, they detailed the creation of an insidious, microscopic hardware backdoor proof-of-concept. And they showed that by running a series of seemingly innocuous commands on their minutely sabotaged processor, a hacker could reliably trigger a feature of the chip that gives them full access to the operating system. Most disturbingly, they write, that microscopic hardware backdoor wouldn’t be caught by practically any modern method of hardware security analysis, and could be planted by a single employee of a chip factory.


The “demonically clever” feature of the Michigan researchers’ backdoor isn’t just its size, or that it’s hidden in hardware rather than software. It’s that it violates the security industry’s most basic assumptions about a chip’s digital functions and how they might be sabotaged. Instead of a mere change to the “digital” properties of a chip—a tweak to the chip’s logical computing functions—the researchers describe their backdoor as an “analog” one: a physical hack that takes advantage of how the actual electricity flowing through the chip’s transistors can be hijacked to trigger an unexpected outcome.