Yearly Archives: 2021

News: After community backlash, Pokémon Go reinstates a COVID safety and accessibility feature

• August 26, 2021
• by:   
• in:  Blog 
• note:  no comments 

Pokémon Go announced yesterday that it will permanently keep an in-game feature that made the game easier to play while social distancing. Introduced at the onset of the COVID-19 pandemic, the feature doubled the interaction radius around key augmented reality landmarks that are essential to gameplay. Though Niantic — parent company to Pokémon Go —

Pokémon Go announced yesterday that it will permanently keep an in-game feature that made the game easier to play while social distancing. Introduced at the onset of the COVID-19 pandemic, the feature doubled the interaction radius around key augmented reality landmarks that are essential to gameplay. Though Niantic — parent company to Pokémon Go — removed the feature earlier this month, it chose to permanently reinstate it after weeks of community- and creator-led backlash.

Pre-pandemic, Pokémon Go players needed to be within 40 meters of a PokéStop or Gym to interact with it, but with the now-permanent change, the radius is expanded to 80 meters. Incidentally, disabled players found that this feature made the game more accessible to people with limited mobility. As one of the first mainstream AR mobile games, Pokémon Go is virtually unplayable if you’re unable to travel to real-world landmarks like PokéStops and Gyms — so allowing users to interact with these landmarks from further away (for example, if a wheelchair-user can’t journey off of a paved sidewalk) opened the game up to new players.

Since Pokémon Go has long positioned itself as a game that encourages real-world exploration, worldwide lockdowns posed a unique challenge for Niantic. But by making some small changes — like expanding the interaction radius by just 40 meters, increasing Pokémon spawns, and making it easier to obtain more PokéBalls– the game became easier to play from home.

These changes didn’t break the game or contradict its adventurous spirit, which made the rollback of a well-loved upgrade confusing for players, especially in light of the spreading Delta variant. From a financial standpoint, the app thrived during the pandemic. In 2020, Pokémon Go had its best-earning year since its launch in 2016, earning over $1 billion. According to app analytics firm SensorTower, this upward trend continued for Pokémon Go in the first half of 2021 with $642 million. This marked a 34% increase in consumer spending compared to the first half of 2020, when it made $479 million.

After Niantic reduced the interaction radius, Pokémon Go content creators and community members worked together to write an open letter to Niantic, which caused the hashtag #HearUsNiantic to trend on Twitter. The letter expressed that the increased radius made the game safer, more accessible, and less intrusive.

Some players organized a boycott of the game on August 5th, which was referred to as “Pokémon No Day.” That same day, Niantic issued a response letter addressed to the Pokémon Go community.

“Encouraging people to explore, exercise and safely play together in person remains Niantic’s mission. The health and wellbeing of players is our top priority,” Niantic’s statement read. The company formed an “inter cross-functional team” to address these concerns and invited prominent Pokémon Go content creators to share community feedback. While expanding the interaction radius is the first result of the task force, Pokémon Go tweeted that it will share more findings on September 1.

TechCrunch asked Niantic why it initially chose to rebuke these gameplay updates despite positive community feedback, increased revenue, and an ongoing pandemic, but Niantic declined to comment.

Despite players’ visible negative response on social media, SensorTower told TechCrunch that it didn’t see any change in consumer spending or active users for Pokemon Go around the time of the in-game strike. However, there was a significant uptick in negative App Store reviews.

Though the wider interaction radius is now reinstated, some players remain frustrated, since community leaders had previously provided this feedback in June after Niantic announced its plans to roll back these changes.

“Why did it have to take this giant community movement for any of our feedback to be heard?” said creator ZoëTwoDots in a YouTube video.

News: Popcorn’s new app brings short-form video to the workplace

• August 26, 2021
• by:   
• in:  Blog 
• note:  no comments 

A new startup called Popcorn wants to make work communication more fun and personal by offering a way for users to record short video messages, or “pops,” that can be used for any number of purposes in place of longer emails, texts, Slack messages, or Zoom calls. While there are plenty of other places to

A new startup called Popcorn wants to make work communication more fun and personal by offering a way for users to record short video messages, or “pops,” that can be used for any number of purposes in place of longer emails, texts, Slack messages, or Zoom calls. While there are plenty of other places to record short-form video these days, most of these exist in the social media space which isn’t appropriate for a work environment. Nor does it make sense to send a video you’ve recorded on your phone as an email attachment, when you really just want to check in with a colleague or say hello.

Popcorn, on the other hand, lets you create the short video and then send a URL to that video anywhere you would want add a personal touch to your message.

For example, you could use Popcorn in business networking scenario, where you’re trying to connect with someone in your industry for the first time — aka “cold outreach.” Instead of just blasting them a message on LinkedIn, you could also paste in the Popcorn URL to introduce yourself in a more natural, friendly fashion. You could also use Popcorn with your team at work for things like daily check-ins, sharing progress on an ongoing project, or to greet new hires, among other things.

Videos themselves can be up to 60 seconds in length — a time limit designed to keep Popcorn users from rambling. Users can also opt to record audio only if they don’t want to appear on video. And you can increase the playback speed if you’re in a hurry. Users who want to receive “pops” could also advertise their “popcode” (e.g. try mine at U8696).

The idea to bring short-form video to the workplace comes from Popcorn co-founder and CEO Justin Spraggins, whose background is in building consumer apps. One of his first apps to gain traction back in 2014 was a Tinder-meets-Instagram experience called Looksee that allowed users to connect around shared photos. A couple years later, he co-founded a social calling app called Unmute, a Clubhouse precursor of sorts. He then went on to co-found 9 Count, a consumer app development shop which launched more social apps like BFF (previously Wink) and Juju.

9 Count’s lead engineer, Ben Hochberg, is now also a co-founder on Popcorn (or rather, Snack Break, Inc. as the legal entity is called). They began their work on Popcorn in 2020, just after the start of the Covid-19 pandemic. But the rapid shift to remote work that’s come in the days that followed could now help Popcorn gain traction among distributed teams. Today’s remote workers may never again return to in-person meetings at the office, but they’re also are growing tired of long days stuck in Zoom meetings.

With Popcorn, the goal is to make work communication fun, personal and bite-sized, Spraggins says. “[We want to] bring all the stuff we’re really passionate about in consumer social into work, which I think is really important for us now,” he explains.

“You work with these people, but how do you — without scheduling a Zoom — how do you bring the ‘human’ to it?,” Spraggins says. “I’m really excited about making work products feel more social, more like Snapchat than utility tools.”

There is a lot Popcorn would still need to figure out to truly make a business-oriented social app work, including adding enhanced security, limiting spam, offering some sort of reporting flow for bad actors, and more. It will also eventually need to land on a successful revenue model.

Currently, Popcorn is a free download on iPhone, iPad and Mac, and offers a Slack integration so you can send video messages to co-workers directly in the communication software you already use to catch up and stay in touch. The app today is fairly simple but the company plans to enhance its short videos over time using AR frames that let users showcase their personalities.

The startup raised a $400,000 pre-seed round from General Catalyst (Nico Bonatsos) and Dream Machine (Alexia Bonatsos, previously editor-in-chief at TechCrunch.) Spraggins says the company will be looking to raise a seed round in the fall to help with hires, including in the AR space.

News: Netflix begins testing mobile games in its Android app in Poland

• August 26, 2021
• by:   
• in:  Blog 
• note:  no comments 

Netflix today announced it will begin testing mobile games inside its Android app for its members in Poland. At launch, paying subscribers will be able to try out two games, “Stranger Things: 1984” and “Stranger Things 3” — titles that have been previously available on the Apple App Store, Google Play and, in the case

Netflix today announced it will begin testing mobile games inside its Android app for its members in Poland. At launch, paying subscribers will be able to try out two games, “Stranger Things: 1984” and “Stranger Things 3” — titles that have been previously available on the Apple App Store, Google Play and, in the case of the newer release, on other platforms including desktop and consoles. While the games are offered to subscribers from within the Netflix mobile app’s center tab, users will still be directed to the Google Play Store to install the game on their devices.

To then play, members will need to confirm their Netflix credentials.

Members can later return to the game at any time by clicking “Play” on the game’s page from inside the Netflix app or by launching it directly from their mobile device.

“It’s still very, very early days and we will be working hard to deliver the best possible experience in the months ahead with our no ads, no in-app purchases approach to gaming,” a Netflix spokesperson said about the launch.

The company has been expanding its investment in gaming for years, seeing the potential for a broader entertainment universe that ties in to its most popular shows. At the E3 gaming conference back in 2019, Netflix detailed a series of gaming integrations across popular platforms like Roblox and Fortnite and its plans to bring new “Stranger Things” games to the market.

On mobile, Netflix has been working with the Allen, Texas-based game studio BonusXP, whose first game for Netflix, “Stranger Things: The Game,” has now been renamed “Stranger Things: 1984” to better differentiate it from others. While that game takes place after season 1 and before season 2, in the “Stranger Things” timeline, the follow-up title, “Stranger Things 3,” is a playable version of the third season of the Netflix series. (So watch out for spoilers!)

Netflix declined to share how popular the games had been in terms of users or installs, while they were publicly available on the app stores.

With the launch of the test in Poland, Netflix says users will need to have a membership to download the titles as they’re now exclusively available to subscribers. However, existing users who already downloaded the game from Google Play in the past will not be impacted. They will be able to play the game as usual or even re-download it from their account library if they used to have it installed. But new players will only be able to get the game from the Netflix app.

The test aims to better understand how mobile gaming will resonate with Netflix members and determine what other improvements Netflix may need to make to the overall functionality, the company said. It chose Poland as the initial test market because it has an active mobile gaming audience, which made it seem like a good fit for this early feedback.

Netflix couldn’t say when it would broaden this test to other countries, beyond “the coming months.”

The streamer recently announced during its second-quarter earnings that it would add mobile games to its offerings, noting that it viewing gaming as “another new content category” for its business, similar to its “expansion into original films, animation and unscripted TV.”

The news followed what had been a sharp slowdown in new customers after the pandemic-fueled boost to streaming. In North America, Netflix in Q2 lost a sizable 430,000 subscribers — its third-ever quarterly decline in a decade. It also issued weaker guidance for the upcoming quarter, forecasting the addition of 3.5 million subscribers when analysts had been looking for 5.9 million. But Netflix downplayed the threat of competition on its slowing growth, instead blaming a lighter content slate, in part due to Covid-related production delays.

 

 

 

 

 

News: Curio Wellness rebrands retail biz, expands its cannabis retail franchises to new states

• August 26, 2021
• by:   
• in:  Blog 
• note:  no comments 

Curio Wellness announced its innovative franchise program in 2020, and today it’s bringing the program across the United States. The company is now accepting franchise applications in ten states, including MD, VA, PA, OH, MO, NJ, FL, MA, MI, and IL. The program is designed to lower barriers to opening a dispensary. Anyone can apply

Curio Wellness announced its innovative franchise program in 2020, and today it’s bringing the program across the United States. The company is now accepting franchise applications in ten states, including MD, VA, PA, OH, MO, NJ, FL, MA, MI, and IL.

The program is designed to lower barriers to opening a dispensary. Anyone can apply to secure a franchise license, and diverse founders can seek capital through the Curio Wellness Fund. Curio Wellness expects to be able to sponsor 40 to 50 retail stores. The company is also rebranding its retail operations to Far & Dotter.

TechCrunch spoke to Jerel Registre, Managing Director at Curio WMBE Fund, who says the fund raised 20 million to date and expects to close the fundraising on October 31. He’s proud of the fund’s investor base, pointing to the diverse investor base representing 40% of the fund.

“My focus on the fund is driving diverse entrepreneurship,” Registre said. “The reason cannabis is such a great industry to do that in is that it’s a growing opportunity. It’s just a great ocean to put the boat on in terms of increasing diversity among entrepreneurs. It’s an area of the economy, and it’s a hot industry where there’s an understanding of the need for diversity.”

Registre points out that while the cannabis industry’s customer and employee base are often diverse, there’s often a lack of diversity in the executive and business ownership group. That’s what Curio Wellness is trying to address.

The fund provides selected franchisees with up to 93% of the capital needed to open a location. But it’s more than capital. It’s clear while speaking to Registre that his team is dedicated to formulating a proven strategy for their franchises. He points to Chick-fil-a as an example, saying, while he doesn’t like the company’s relationship with its franchisees, it provides a market-leading cohesive brand statement. Through Curio’s program, franchisees are provided with two phases of support. The first provides capital to franchisees to open their Curio Wellness Center and assist them in obtaining licenses, selecting a location and hiring and training employees. Once the location is operational, the fund intends to provide ongoing support around managing, sales and marketing, store operations, and ensuring employees stay updated on product information.

“After more than two years of effort to design an effective method of providing capital to diverse entrepreneurs in the cannabis industry, it is a personal honor to officially begin the application process and to truly expand diversity and enable economic empowerment in the industry,” said Registre. “The Fund is a true testament to Curio’s goal to address systemic barriers and create generational wealth among aspiring women, BIPOC, and disabled veteran entrepreneurs.”

This program is spinning up at the right time. Cannabis was one of the winners of the COVID-19 pandemic, resulting in record sales and consumer acceptance. As a result, the time is right for dispensary ownership to reflect their local neighborhoods better.

News: Facebook will reportedly launch its own advisory group for election policy decisions

• August 26, 2021
• by:   
• in:  Blog 
• note:  no comments 

Facebook is looking to create a standalone advisory committee for election-related policy decisions, according to a new report from The New York Times. The company has reportedly approached a number of policy experts and academics it is interested in recruiting for the group, which could give the company cover for some of its most consequential

Facebook is looking to create a standalone advisory committee for election-related policy decisions, according to a new report from The New York Times. The company has reportedly approached a number of policy experts and academics it is interested in recruiting for the group, which could give the company cover for some of its most consequential choices.

The group, which the Times characterizes as a commission, would potentially be empowered to weigh in on issues like election misinformation and political advertising — two of Facebook’s biggest policy headaches. Facebook reportedly plans for the commission to be in place for the 2022 U.S. midterm elections and could announce its formation as soon as this fall.

Facebook’s election commission could be modeled after the Oversight Board, the company’s first experiment in quasi-independent external decision making. The Oversight Board began reviewing cases in October of last year, but didn’t gear up in time to impact the flood of election misinformation that swept the platform during the U.S. presidential election. Initially, the board could only make policy rulings based on material that was already removed from Facebook.

The company touts the independence of the Oversight Board, and while it does operate independently, Facebook created the group and appointed its four original co-chairs. The Oversight Board is able to set policy precedents and make binding per-case moderation rulings, but ultimately its authority comes from Facebook itself, which at any point could decide to ignore the board’s decisions.

A similar external policy-setting body focused on elections would be very politically useful for Facebook. The company is a frequent target for both Republicans and Democrats, with the former claiming Facebook censors conservatives disproportionately and the latter calling attention to Facebook’s long history of incubating conspiracies and political misinformation.

Neither side was happy when Facebook decided to suspend political advertising after the election — a gesture that failed to address the exponential spread of organic misinformation. Facebook asked the Oversight Board to review its decision to suspend former President Trump, though the board ultimately kicked its most controversial case back to the company itself.

News: You can’t hack your YC application, but here’s what to avoid

• August 26, 2021
• by:   
• in:  Blog 
• note:  no comments 

Typically, you hear advice focused on ways to improve your YC application so it gets accepted. Here are some tips on what not to do and why so many YC applications get rejected.

The Y Combinator application season is upon us. I have been through YC a couple of times and have reviewed thousands of applications as a volunteer in later years.

Typically, you hear advice focused on ways to improve your YC application so it gets accepted. Here are some tips on what not to do and why so many YC applications get rejected. I’ve also put down some advice about what else to anticipate and take into consideration as you navigate the application process.

In short, don’t overthink your application, and keep it simple and straightforward.

When should I submit my YC application?

The best applications are often those made at the last minute, because applicants do not overthink their responses and toil over details they think need to be shoved into a question. While I do not recommend submitting applications at the deadline because the system has had issues receiving submissions, you can capture the essence of last-minute submissions by being clear and concise.

Remember that your application should be good enough to get an interview, not win a prize. Go back to work instead of spending more time perfecting an application.

YC experiments frequently. For this batch and the last, there was an early deadline that would give accepted teams access to YC before the batch officially began. Applying early gives you an opportunity to land an interview in the early round and to update your application to be considered in the standard round.

Is it OK to submit my YC application late?

News: Romanian marketing expert Robert Katai explains how to get the most out of your content

• August 26, 2021
• by:   
• in:  Blog 
• note:  no comments 

There’s a lot of advice out there on how to grab people’s attention, but there’s one aspect of marketing that Robert Katai thinks isn’t talked about as often: maintaining their attention.

There’s a lot of advice out there on how to grab people’s attention, but there’s one aspect of marketing that Robert Katai thinks isn’t talked about as often: maintaining their attention. The solution, he says, is a combination of content strategy and positioning.

Based in Romania, Katai is known for his podcasts and speeches covering the gamut of content marketing. A product manager at online graphic design platform Creatopy, he also works with clients as a freelance content strategist, and it is in this capacity that he was recommended to TechCrunch via our growth marketer survey. (If you have growth marketers to recommend, please fill out the survey!)

Katai was recommended by multiple Romanian clients and contacts who vouched for his content strategy prowess, so we were curious to know more. Who is he? And is his advice applicable beyond borders?

The short answer is yes. In a freewheeling interview, Katai spoke about how content marketing should integrate with users’ daily lives, and how content can be repurposed across multiple formats. He also shared some insights on the booming Romanian startup ecosystem.

Editor’s note: The interview below has been edited for length and clarity.

TC: How do you help your clients as a freelancer?

Robert Katai: One of the two things I’m doing is that I’m helping clients with creating their content strategy based on their objective. You can get web traffic, but you can also create a message and build the brand. You don’t have to start at the beginning; You can rebuild the brand later.

For instance, I’m working with a Romanian outsourcing company that started in 1993. They pioneered this industry in our city of Cluj-Napoca, but lately they started to realize that they should be more attractive from a sales as well as from an employee perspective. So I worked with them to perform an internal audit to see why employees love the company, why they leave, why they stay and what they want from the company.

From there, I got to the idea that they needed to reshape their brand to not just have people notice them but to also maintain their attention. And here comes the content: I started an ambassador program, because there are people outside of the company who love it.

I also recommended they create an internal print magazine. It’s a very well-designed magazine that their 200 to 300 employees can take home and read. It’s not just about the job; it’s also about their hobbies, things to do in the city and some thought leadership articles that can inspire them to have a better life.

What’s the second way you are helping clients?

Apart from content strategy, I’m working with clients on their positioning for their audience, community and market, but also sometimes in terms of employer branding. Content can be a bridge between the two ways I am helping clients, because I’m using a lot of content marketing here and not focusing only on performance or growth marketing hacks. I’m helping them understand that if they want to establish a memorable, long-lasting brand in the market, they have to make content marketing part of their life.

If they want to reposition themselves in the industry, they need to say: Okay, these are the kinds of content we have to create for our goals; who will amplify the content, who will connect with us, and who will consume the content. Today, content creation is free — everybody can do it. The hard part is how you distribute and amplify that. And here’s how I can help the startups: Make a big piece of content and repurpose it in several small pieces; get it in front of people so that the brand is on their minds.

---

Have you worked with a talented individual or agency who helped you find and keep more users?

Respond to our survey and help other startups find top growth marketers they can work with!

---

How can brands achieve that top-of-mind status?

We all know that there are four kinds of content: Text, video, pictures and audio. These four formats never die. The platform can change, but the format will stay the same. A video can be an Instagram Reel, a documentary or something else, but it’s a video. The same goes for a photo. So the content strategy I’m working with is how brands can use that content ecosystem.

When I work with my clients — and also with Creatopy where I’m a product marketer — I recommend them to use content to build their brand and be visible to their users every day in their feeds. Every morning, when their customers are waking up and checking their phones, they don’t open a newspaper. They will open Twitter, Instagram or Facebook, and maybe then when they get out of the bathroom and make coffee, they will open YouTube and connect with Alexa.

I really believe that brands should create content that can just be in the mind of the user. Snackable content, Reels, TikTok … It doesn’t matter what we call it.

You also talked about repurposing content. Can you explain that?

Let’s take the interview you’ve done with Peep Laja. You could have recorded it as a video. And he covered several topics, so you could have several short videos — 30 seconds, three minutes, whatever. You can publish them daily on your site or social media channels with a comment that says, “Here’s the link to the full article.” But remember that on LinkedIn, that link will need to go into the comments section, not the post itself.

You can also have a longer video that you can publish on social media or on Wistia, asking people to give their email — so now you also have subscribers.

Then the second type of content you can create is audio. You already have it from the recording. You don’t have to publish the full 45-minute conversation, but you can have a five-minute audio clip, and again link to the articles.

Now we have video and audio, but what if you also designed quotes with his headshot and messaging? If it’s part of a series, you should also give it a name.

And it’s not just motivational; it’s educational, too, so you should take these quotes and create carousels for Instagram and LinkedIn. The first slide should grab attention — it can be a question. The second slide can be a link to the interview so that even if people don’t click it, it will be on their minds. Then you can have slides with insights.

The last slide will always be a call to action: Asking people to share, comment or save it for later — it’s the new currency on Instagram! And once you have your Instagram carousel, you create a PDF and publish it on LinkedIn.

So now you have five formats of content from one piece of content.

Wow, how much do we owe you?! Just kidding, we actually do some of that for the Equity podcast, for instance. Now, what other advice do you have for startups?

I’m a big advocate of documenting the process. Just imagine if Mark Zuckerberg had done that and you could read how he launched Facebook and so on. Noah Kagan is doing that right now. I think startup founders should do it, not just from the PR and marketing perspective, but for their audience. Even if your audience is not paying for your product right now, they are staying with you and giving your brand an essence in the industry.

Just think about what Salesforce is doing right now: They launched Salesforce+, which is like Netflix for B2B. It’s to get the attention of professionals and also maintain it, and I believe this is the currency of the big companies today: People’s attention.

Do you work with any startups in Romania? And do you have any impressions to share on the Romanian startup ecosystem?

Yes, I help a few Romanian startups with their content marketing and positioning. Sometimes other startups email me with questions, so I help them, too, but I don’t charge for email advice. I work with the ones that are looking for a long-term or project-based collaboration.

Startup founders here in Romania are curious, and very courageous to experiment even if it won’t necessarily work. And Romanian startups are very smart. For instance, Planable is doing a great job with content, social media and positioning. We also have social media analytics company Socialinsider, which this year launched virtual events, and TypingDNA, which wants to get rid of needing to log in with passwords and was founded by a former colleague.

I also found that the founders here work harder than their teams and don’t just leave others do the work — at least the ones I have met. We have several startup events in Romania: How to Web, and Techsylvania here in Transylvania.

I don’t like this name, but people say that Cluj-Napoca is the “Silicon Valley of Romania.” Lots of startups have been launched here, but the city that is getting more and more traction is Oradea, where the bet on education is paying off.

(If you are a tech startup founder or investor in Cluj or Oradea, fill in TechCrunch’s European Cities Survey 2021.)

News: YouTube to roll out Picture-in-Picture viewing for all U.S. iOS users, starting with Premium subscribers

• August 26, 2021
• by:   
• in:  Blog 
• note:  no comments 

Though YouTube has supported picture-in-picture viewing on Android devices since 2018, YouTube told TechCrunch today that it plans to launch the feature to all iOS users in the U.S. on both iPhone and iPad. For now, YouTube is inviting Premium subscribers to test this feature, which lets users watch picture-in-picture videos in a mini player

Though YouTube has supported picture-in-picture viewing on Android devices since 2018, YouTube told TechCrunch today that it plans to launch the feature to all iOS users in the U.S. on both iPhone and iPad. For now, YouTube is inviting Premium subscribers to test this feature, which lets users watch picture-in-picture videos in a mini player while browsing other apps. The testing period for Premium users ends on October 31, but YouTube does not have a timeline to share on when all U.S. iOS users will gain access to the feature.

Though this is a mobile feature, Premium subscribers must enable the ability to test it via the YouTube experiments website on the desktop. Last year, YouTube made opting into experiments a Premium perk.

If you scroll down on the experiments website, you’ll see “Picture-in picture on iOS” with the option to try it. Then, if you watch a video on the YouTube app, you should see a picture-in-picture display of the video when you navigate out of the app.

Once viewing a video via picture-in-picture, you can adjust where the video appears on your screen and how big it is. When you tap on the video, you’ll return to the YouTube app. If you lock your phone, the video will pause.

Some users have reported that you might need to delete and reinstall the YouTube app to get it to work.

This feature is different from existing picture-in-picture functionality on the YouTube iOS app because it allows you to continue watching a video even while navigating elsewhere on your phone. Similar features already exist on streaming apps like Netflix.

News: To prevent cyberattacks, the government should limit the scope of a software bill of materials

• August 26, 2021
• by:   
• in:  Blog 
• note:  no comments 

There is no reason to disdain the concept of SBOM outright. Indeed, it’s heartening to see the federal government take cybersecurity so seriously.

The May 2021 executive order from the White House on improving U.S. cybersecurity includes a provision for a software bill of materials (SBOM), a formal record containing the details and supply chain relationships of various components used in building a software product.

An SBOM is the full list of every item that’s needed to build an application. It enumerates all parts, including open-source software (OSS) dependencies (direct), transitive OSS dependencies (indirect), open-source packages, vendor agents, vendor application programming interfaces (APIs) and vendor software development kits.

Software developers and vendors often create products by assembling existing open-source and commercial software components, the executive order notes. It’s useful to those who develop or manufacture software, those who select or purchase software and those who operate the software.

As the executive order describes, an SBOM enables software developers to make sure open-source and third-party components are up to date. Buyers can use an SBOM to perform vulnerability or license analysis, both of which can be used to evaluate risk in a product. And those who operate software can use SBOMs to quickly determine whether they are at potential risk of a newly discovered vulnerability.

“A widely used, machine-readable SBOM format allows for greater benefits through automation and tool integration,” the executive order says. “The SBOMs gain greater value when collectively stored in a repository that can be easily queried by other applications and systems. Understanding the supply chain of software, obtaining an SBOM and using it to analyze known vulnerabilities are crucial in managing risk.”

An SBOM is intrinsically hierarchical. The finished product sits at the top, and the hierarchy includes all of its dependencies providing a foundation for its functionality. Any one of these parts can be exploited in this hierarchical structure, leading to a ripple effect.

Not surprisingly, given the potential impact, there has been a lot of talk about the proposed SBOM provision since the executive order was announced. This is certainly true within the cybersecurity community. Anytime there are attacks such as the ones against Equifax or Solarwinds that involve software vulnerabilities being exploited, there is renewed interest in this type of concept.

Clearly, the intention of an SBOM is good. If software vendors are not upgrading dependencies to eliminate security vulnerabilities, the thinking is we need to be able to ask the vendors to share their lists of dependencies. That way, the fear of customer or public ridicule might encourage the software producers to do a better job of upgrading dependencies.

However, this is an old and outmoded way of thinking. Modern applications and microservices use many dependencies. It’s not uncommon for a small application to use tens of dependencies, which in turn might use other dependencies. Soon the list of dependencies used by a single application can run into the hundreds. And if a modern application consists of a few hundred microservices, which is not uncommon, the list of dependencies can run into the thousands.

If a software vendor were to publish such an extensive list, how will the end users of that software really benefit? Yes, we can also ask the software vendor to publish which of the dependencies is vulnerable, and let’s say that list runs into the hundreds. Now what?

Clearly, having to upgrade hundreds of vulnerable dependencies is not a trivial task. A software vendor would be constantly deciding between adding new functionality that generates revenue and allows the company to stay ahead of its competitors versus upgrading dependencies that don’t do either.

If the government formalizes an SBOM mandate and starts to financially penalize vendors that have vulnerable dependencies, it is clear that given the complexity associated with upgrading dependencies the software vendors might choose to pay fines rather than risk losing revenue or competitive advantage in the market.

Revenue drives market capitalization, which in turn drives executive and employee compensation. Fines, as small as they are, have negligible impact on the bottom line. In a purely economic sense, the choice is fairly obvious.

In addition, software vendors typically do not want to publish lists of all their dependencies because that provides a lot of information to hackers and other bad actors as well as to competitors. It’s bad enough that cybercriminals are able to find vulnerabilities on their own. Providing lists of dependencies gives them even more possible resources to discover weaknesses.

Customers and users of the software, for their part, don’t want to know all the dependencies. What would they gain from studying a list of hundreds of dependencies? Rather, software vendors and their customers want to know which dependencies, if any, make the application vulnerable. That really is the key question.

Prioritizing software composition analysis (SCA) ensures that when dependencies are analyzed in the context of an application, the dependencies that make an application vulnerable can be dramatically reduced.

Instead of publishing a list of 1,000 dependencies, or 100 that are vulnerable, organizations can publish a far more manageable list in the single digits. That is a problem that organizations can much more easily deal with. Sometimes a software vendor can fix an issue without having to upgrade the dependency. For example, it can make changes in the code, which is not always possible if we are merely looking for the list of vulnerable dependencies.

There is no reason to disdain the concept of SBOM outright. By all means, let’s make the software vendors responsible for being transparent about what goes into their software products. Plenty of organizations have paid a steep price because of software vulnerabilities that could have been prevented in the form of data breaches and other cybersecurity attacks.

Indeed, it’s heartening to see the federal government take cybersecurity so seriously and propose ways to enhance the protection of applications and data.

However, let’s make SBOM specific to the list of dependencies that actually make the application vulnerable. This serves both the vendor and its customers by cutting directly to the sources of vulnerabilities that can do damage. That way, we can address the issues at hand without creating unnecessary burdens.

News: Tesla’s redesigned iPhone app features two new home screen widgets

• August 26, 2021
• by:   
• in:  Blog 
• note:  no comments 

Saqib Shah Contributor Saqib Shah is a contributing writer at Engadget. More posts by this contributor Palantir glitch allegedly granted some FBI staff unauthorized access to a crypto hacker’s data A Tesla Megapack caught fire at the Victorian Big Battery facility in Australia Tesla is rolling out a major update for its iOS smartphone app

Tesla is rolling out a major update for its iOS smartphone app with new controls, improved management and cool visuals. Version 4.0 also gives you the choice between two different sized widgets for your iPhone home screen. As detailed by Tesla Software Updates, both feature the same information: the name of the car, battery percentage, location (or charging info), unlock status, an image of the vehicle and the time the information was last updated. Tesla previously had a “Today” extension for iOS that was nowhere near as comprehensive as the new widgets.

In terms of controls, you can send commands to your car immediately upon opening the app, instead of waiting for the vehicle to wake up. There’s also enhanced phone key support that essentially lets you unlock multiple Teslas.

An updated visual that should be immediately noticeable is the new 3D vehicle render. There are also new animations when you charge your car and in the climate and controls sections. Design-wise, Tesla has ditched the charging section and now displays that info when your car is plugged in. You can also view Supercharging history from within the app. While the speed limit, valet mode and sentry mode settings have been moved to a new category titled Security, which includes tips on how to use the Bluetooth, phone key and location services.

To sum up, this is the biggest update to the EV maker’s iOS app in a while. Recently, Tesla has mainly focused on providing bug fixes and improvements, outside of the introduction of Virtual Power Plant enrolment in July.

Editor’s note: This post originally appeared on Engadget.