Tech Brew Ride Home - Wed. 08/24 – Is The Twitter Whistleblower A “Material Adverse Effect”?

Episode Date: August 24, 2022

A deep dive into that Twitter whistleblower, because the allegations are getting pretty interesting, and it turns out he’s a bigger deal than I knew. Apple is breaking it’s iPadOS release cadence.... Fitbit has unveiled three new wearables. And why just deciding to bring the silicon industry back onshore is not as easy as just passing billions in subsidies. Sponsors: Split.io/techmeme Links: India forced Twitter to put agent on payroll, whistleblower says (Reuters) Former security chief claims Twitter buried ‘egregious deficiencies’ (Washington Post) Twitter whistleblower won hacker acclaim for exposing software flaws (Washington Post) Apple delivers iPadOS 16.1 beta ahead of iOS 16 fall release (TechCrunch) Plex tells users to reset their passwords after potential data breach (Engadget) Fitbit Drops 3 New Fitness Trackers—and None Have Wear OS 3 (Wired) Wanted: 7,000 construction workers for Intel chip plants (AP) Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco. Hey, who did this to you? What happened next turned the story into a political firestorm. Reports have identified the victim as Bob Lee, the founder of Cash App. From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16. Welcome to the Tech meme right home for Wednesday, August 24th, 2020. I'm Brian McCullough today. A deep dive into that Twitter whistleblower because the allegations are getting pretty interesting.
Starting point is 00:00:44 And it turns out he's a bigger deal than I knew. Apple is breaking its iPad OS release cadence. Fitbit has unveiled three new wearables. And why just deciding to bring the Silicon industry back onshore is not as easy as just passing billions in subsidies? Here's what you miss today in the world of tech. So this Twitter whistleblower complaint has gotten very interesting. Among the details coming out, the complaint alleges the government of India forced Twitter to hire one of its agents who could have accessed sensitive user data due to Twitter's overall weak security, quoting Reuters. Peter Mudge Zatko
Starting point is 00:01:24 raised the issue with the U.S. Securities and Exchange Commission, among other security lapse claims at Twitter. He said the government agent would have had access to sensitive user data due to Twitter's weak security infrastructure, according to a redacted version of the complaint, uploaded by the Washington Post newspaper and verified by Zatko's attorney at whistleblower aid. A company source told Reuters that the allegations about the Indian government had surfaced previously within Twitter without elaborating further. Twitter is engaged in a legal challenge against the Indian government after it asked a local court in July to overturn some government orders to remove content from the social media platform and alleged abuse of power by officials. The next hearing in the case is set for Thursday.
Starting point is 00:02:04 The company did not, in fact, disclose to users that it was believed by the executive team that the Indian government had succeeded in placing agents on the company payroll. Zatko's complaint noted, end quote. Oh, and there's this little nugget, quote, the complaint also alleges that Zatko warned the board early in his tenure that overlapping outages in the company's data centers could leave it unable to correctly restart its servers. That could have left the service down for months or even have caused all of its data to be lost. That came close to happening in 2021 when an impending catastrophic crisis threatened the platform's survival before engineers were able to save the day, the complaint says, without providing further details. One current and one former employee recalled that incident when failures at two Twitter data
Starting point is 00:02:51 centers drove concerns that the service could have collapsed for an extended period. I wondered if the company would exist in a few days, one of them said. Security and privacy have long been top company-wide priorities at Twitter, said Twitter spokeswoman Rebecca Hahn. She said that Zacko's allegations appeared to be, quote, riddled with inaccuracies, end quote, and that Zacko, quote, now appears to be opportunistically seeking to inflict harm on Twitter, its customers, and its shareholders, end quote. Han said that Twitter fired Zacko after 15 months, quote, for poor performance and leadership, end quote. Attorneys for Zacko confirmed he was fired, but denied it was for performance or leadership,
Starting point is 00:03:27 end quote. So, who is this Peter Zatko, aka Mudge? Well, According to the Washington Post, he's sort of a hacker legend. He worked at DARPA, Google, and Stripe before Twitter and was a member of the hacker group's loft and cult of the dead cow. Zatko, who was fired in January less than two years after then-chief executive Jack Dorsey brought him on, says he is simply trying to fulfill his commitment to make Twitter and its users, including dissidents of authoritarian regimes, safer through any legal means. That tracks with why Dorsey hired him in the first place as an expert known for following his own moral compass and telling the truth to urge change even at personal risk. His longtime motto, make a dent in the universe.
Starting point is 00:04:12 Zatko 51 has a long track record of forcing secrets into the open, especially when they protect malicious activity or corporate irresponsibility. By age 30, he had written one of the most powerful tools for cracking passwords, still in use, testified to Congress under his hacker handle about the susceptibility of the internet to drastic hacks, and co-founded one of the first hacking consultant. backed by venture capital aiming to bring insights from the cyber underground into major companies with the most to lose. Zacko turned a temporary tech support assignment into a real security job at what was then called BBN Technologies, an elite government contractor responsible for the early
Starting point is 00:04:49 internet's basic plumbing. In those days, the most serious hacking was done inside such big labs, experimenting on mainframes and networks of smaller computers. In 1996, Zatko joined the loft, often held up as the first U.S. Hacker Space. The collective included a handful of hardware, software, and wireless tinkers who won renown for issuing public warnings about security flaws in programs. Zacko and fellow Loft member Christian Rieu, later co-founder of security company Veracode, also joined a larger and wilder group, cult of the dead cow, which coined the term hacktivism, a portmanteau of hacking and activism that the group said promoted human rights by spreading information and fighting censorship and surveillance. An early member of that group was
Starting point is 00:05:33 Beto O'Rourke, now running for Governor of Texas. Zacko later joined the Pentagon Innovation Center DARPA, the Defense Advanced Research Projects Agency. There he created a fast-track program to dole out small grants quickly, giving loan hackers a way to help the government. Zacko returned to the corporate world by working on special projects at Motorola Mobility and Google, which soon bought the company. Zacko also advised Google's security team members, including distinct engineer Niels Provost, who led hundreds of specialists. His next stop was Electronic Payments Startup Stripe, which had a small security team despite becoming a massive target for criminals as its popularity soared. After the 2020 Twitter hack, Dorsey lured Zaco away from Stripe,
Starting point is 00:06:14 telling him he had been inspired by Zacko's career. Two sources familiar with the conversation said, Jack loves hackers and Mudge is a hacker legend, one of them said, on the condition of anonymity to discuss internal company matters, end quote. Well, Democrats and Republicans in Congress are investigating Zacko's claims and are seeking a meeting with him to get more info. And yes, experts say Elon Musk's legal team could use Zatko's whistleblower complaint to bolster its arguments or seek more time in its suit against Twitter. The allegations about bots strengthen Musk's case for sure because you have someone with inside knowledge, said Anthony Casey, a professor of law and economics at the University of Chicago Law School. But he cautioned that the allegations don't seem to be a smoking gun because there doesn't appear to be concrete evidence that the company was intentionally lying about the number of bots.
Starting point is 00:07:06 It has to be more than just, you guys were sloppy about this because you didn't really care, Casey said. It adds to Musk's case, but I still think that he's got a weak case, end quote. I don't know. What's the phrase Musk is trying to prove material adverse effect? Seems at the very least, like Musk and his lawyers have got some fuel for that particular. fire now. Apple has officially said that iPadOS will ship after iOS this fall as version 16.1, thereby skipping iPadOS version 16, full stop, a break from releasing iOS and iPadOS updates concurrently, quoting TechCrunch. This means the first version of iPadOS 16 will ship to non-beta users after the arrival of the first iOS version. It seems likely the two 16.1 releases will arrive at or around the
Starting point is 00:08:01 time, though Apple hasn't confirmed the speculation. The move is unique, but not unprecedented for Apple software releases. It may also represent a further differentiation between the OS's, which have been mostly uniform, save for workflow and other features customized for the larger screen. The two operating systems are built on the same foundation, but it seems likely the company will do more to distinguish the two going forward as it continues to position the iPad as a tool for serious work. As Apple notes in its comment, at the very least, this means that, much like, say, MacOS, The iPadOS release is not directly tied to the iOS release schedule. The company can update the tablet's operating system as it sees fit, end quote.
Starting point is 00:08:39 By the way, iPadOS 16.1 beta code indicates that iOS 16.1 could let users delete the wallet app, probably in response to EU antitrust concerns over Apple Pay. Plex is telling users to reset passwords immediately after a hacker accessed some data, including emails, usernames, and encrypted passwords. Quoting a gadget. Plex users may want to change their passwords as soon as they're able. The digital media player and streaming service said a bad actor had infiltrated its system and a letter sent to users affected by the breach.
Starting point is 00:09:19 In it, the company has revealed that it immediately started an investigation after it saw suspicious activity in one of its databases. Based on what it saw, Plex said, it does appear that a third-party entity got access to a subset of its data, which includes people's emails, usernames, and encrypted passwords. passwords. Even Troy Hunt of Have I Been Poned was affected, as he noted in his tweet, there's nothing anyone can do to be exempt from service hacks, but using a password generator and two-factor authentication make their impact much less severe. To note, he encountered an error while trying to change passwords and found that not signing out existing devices made the switch go
Starting point is 00:09:58 through. Plex said it has already addressed the method the bad actor used to infiltrate its system, but it didn't elaborate on what method that is or what vulnerability the hacker exploited, if any. The company also vowed to do additional reviews to make sure its systems are, quote, further hardened to prevent future incursions. For now, Plex is requiring all users to change their passwords out of an abundance of caution, even if all the passwords the hacker got access to were hashed. It also assured all users in its letter that it doesn't store credit card numbers and other payment data in its servers so the bad actor wasn't able to get access to them, end quote.
Starting point is 00:10:31 Fitbit this morning announced three new wearables, the entry-level $100 Inspire 3, which claims a 10-day battery life, alongside the $230-V-3, and $300-0.00 cents-2, none of which run Google's WearOS 3, quoting Wired. Today, Fitbit released updates to three of its most popular fitness wearables, the Inspire 3, the verse of 4, and the Sense 2. All three are available for pre-order starting today. Each is slimmer and smarter than before, but all of the new watches still use Fitbit's own operating system and not the latest iteration of parent company Google's wearable OS. Fitbit has at least updated the operating system of the Versa and Sense to more closely mimic competitors like the Apple Watch. And so far, Google feature creep seems to be minimal,
Starting point is 00:11:25 such as the ability to easily access Google Maps and Google Wallet on your wrist. If you're curious to see Google's thinking about how a wearOS device should behave, maybe October's pixel watch debut will be a better forecast of things to come. The Inspire 3 is an update to Fitbit's entry-level wearable at $100. It's the company's most affordable tracker and a clear competitor to Garmin's Vivo Smart line. There's a host of features that you really don't see that often in a tracker at this price, like an always-on colored Amelad display and 10-day battery life, which will probably be closer to a week based on my experience with other Inspire models.
Starting point is 00:12:00 Along with the ability to track classic Fitbit stats like step count and distance covered, the Inspire 3 also has newer health monitoring features. It has always on tracking for blood oxygen and skin temperature, as well as irregular heartbeat rhythms that could be indicative of atrial fibrillation. Fitbit says these features have received both FDA clearance and CE marking. It also includes features that were previously available only on higher end trackers like ActiveZone Minutes, which pings you whenever your heart rate goes up into cardio, fat burning or peak zones. The Versa 4 is optimized more for working out with built-in GPS and 40 different
Starting point is 00:12:38 exercise modes. However, the Sense 2 now has a new body response sensor. When you measured stress on the first sense, you held your hand on the watch's metal bezel. Rather than spot testing, the Sense 2 now continuously monitors your electrodermal activity along with your heart rate, heart rate variability, and skin temperature to help you identify your stress triggers. A check-in button prompts you to decompress with stress management tools like guided breathing. Both watches are also much lighter and thinner than previous iterations. The Versa and Sense lines include accessories designed by the black-owned fashion brand brother Vili's. There are infinity band options as well, certainly a take on the Apple's solo loop. As with the Inspire 3, the daily readiness score, sleep profiles, and
Starting point is 00:13:25 advanced stress management metrics are all available with a Fitbit premium subscription. At least Fitbit offers six months of Fitbit premium for free with the purchase of any of its trackers, end quote. Finally, today I look at Intel's challenges in building its $20 billion Ohio chip fabs set to open in 2025, including the problem of finding 7,000 construction workers during a local building boom. It turns out, you can't just flip a switch and bring an industry back on shore after it's been lying dormant for a decade, quoting the Associated Press. Ohio's largest ever economic development project comes with a big employment challenge, how to find 7,000 construction workers in an already booming building environment
Starting point is 00:14:13 when there's also a national shortage of people working in the trades. At hand is the $20 billion semiconductor manufacturing operation near the state's capital announced by Intel earlier this year. When the two factories known as FABs opened in 2025, the facility will employ 3,000 people with an average annual salary of around $135,000. $1,000. Construction is expected to accelerate following Congress's approval last month of a package boosting the semiconductor industry and scientific research in a bid to create more high-tech jobs in the U.S. and help it better compete with international rivals. It includes more than $52 billion in grants and other incentives for the semiconductor industry as well as a 25% tax credit for those companies that invest in chip plants in the U.S. For the Central Ohio Project, all 7,000 construction workers aren't required right away. There are also only a portion of what will be needed as the Intel project transforms hundreds of
Starting point is 00:15:07 largely rural acres about 30 minutes east of Columbus. Just six months after Intel revealed the Ohio operation, for example, Missouri-based Van Trust real estate announced it was building a 500-acre, 200-hector business park next door to house Intel suppliers. The site's 5 million square feet is equivalent to nearly nine football fields. Other projects for additional suppliers are expected. Labor leaders and state officials acknowledge there's not currently a pool of 7,000 extra workers in central Ohio, where other current projects include a 28-story Hilton near downtown Columbus, a $2 billion addition to the Ohio State University's Medical Center, and a $365 million Amgen Biomanufacturing plant not far from the Intel plant. And that's not counting at least three new Google
Starting point is 00:15:53 and Amazon data centers, plans for a new $200 million municipal courthouse south of downtown Columbus, and solar array projects that could require nearly 6,000 construction jobs by themselves. Federal data shows about 45,000 home and commercial construction workers in Central Ohio. That number is increased by 1800 from May 2021 to May 22, meaning a future deficit given current and future demands. I don't know of a single commercial construction company that's not hiring, said Mary Tebu, executive director of the Builders Exchange of Central Ohio, a construction industry trade Association, offsetting the imbalance are training programs, a push to encourage more high school
Starting point is 00:16:30 students to enter the trades, and pure economics. Including overtime, pay for skilled tradespeople could hit $125,000 annually, said Dorsey Hager, Executive Secretary, Treasurer of the Columbus Building Trades Council, end quote. Chris and I are doing a Twitter space tomorrow night at the usual time, but if you've been listening in before we start recording, I've had no end of technical issues with my standard recording setup. Basically, I can't hear what anyone is saying. I've had to resort to using wired earbuds and just hoping that Chris has recorded successfully. But I'm going to try to test things out again and get everything back on track. So if you see me open up a Twitter space, either this afternoon or more likely tomorrow afternoon, please jump into the room
Starting point is 00:17:23 with me for about five minutes or so so I can test things out. Happy to talk to you about whatever whilst that happens. Talk to you tomorrow.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.