Category Archives: Cloud Computing

Mitigating arbitrary native code execution in Microsoft Edge

Some of the most important security features in modern web browsers are those that you never actually see as you browse the web. These security features work behind the scenes to protect you from browser-based vulnerabilities that could be abused by hackers to compromise your device or personal data.

In previous blog posts and presentations, we described some of the recent improvements that have been made to Windows 10 and Microsoft Edge in this space. Today we’re kicking off a two-part blog post that describes our vulnerability mitigation strategy and provides a technical deep-dive into some of the major security improvements that are coming to Microsoft Edge in the Creators Update of Windows 10.

Framing our Vulnerability Mitigation Strategy

Before we dive in, it may help to start with an overview of how we approach the problem of web browser vulnerabilities. The Microsoft Edge security team employs a layered, data-driven defense strategy that focuses investments at key points along the kill-chain that attackers follow when exploiting vulnerabilities.

Table illustrating the Edge vulnerability mitigation strategy. The Strategy row reads: "Make it difficult & costly to find, exploit, and leverage software vulnerabilities." The "Tactics" read: "Eliminate entire classes of vulnerabilities," "Break exploitation techniques," "Contain damage & prevent persistence," and "Limit hte window of opportunity to exploit."

First and foremost in this strategy, we look for ways to eliminate classes of vulnerabilities by reducing attack surface and by finding or mitigating specific patterns of vulnerabilities (such as use after free issues, see MemGC). In this way, we try to counter the classic asymmetry between attackers and defenders, e.g. where attackers only need to find one good security issue whereas defenders need to ensure there are none.

Still, we assume that we won’t be able to eliminate all vulnerabilities, so we look for ways to break the techniques that attackers can use to exploit them. This helps to spoil the recipes that attackers prefer to use when trying to transform a vulnerability into a way of running code on a device. This further counters the asymmetry by removing the underlying ingredients and primitives that enable vulnerabilities to be exploited.

We assume that we won’t be able to break all exploits, so we look for ways to contain damage and prevent persistence on a device if a vulnerability is exploited. We do this by once again applying the two previous tactics but this time directed at the attack surface that is accessible from code running within Microsoft Edge’s browser sandbox. This helps constrain attacker capabilities and further increases the cost of achieving their objective.

Finally, assuming all else fails, we look to limit the window of opportunity for an attacker to exploit a vulnerability by having effective tools and processes in place. On the processes side, we take advantage of the well-oiled security incident response processes in the Microsoft Security Response Center (MSRC). On the tools side, we have technologies like Windows Defender and SmartScreen which can be used to block malicious URLs that attempt to deliver an exploit and Windows Update to rapidly deploy and install security updates.

While we’re continuing to invest in security improvements along all of these fronts, the remainder of this post will focus on investments we’ve made to break techniques that are used to exploit the most common type of security issue in modern browsers: memory safety vulnerabilities. More specifically, the next section will explore the technologies we’ve built to help mitigate arbitrary native code execution.

Transparency

Browser security is a difficult problem space. Despite the best efforts of all browser vendors, vulnerabilities exist and can potentially be exploited. This is why Microsoft currently offers bug bounties of up to $15,000 USD for vulnerabilities found in Microsoft Edge and up to $200,000 USD for novel mitigation bypasses and defenses as part of our Mitigation Bypass and Defense Bounty. These bounty programs reinforce our commitment to our vulnerability mitigation strategy and help us reward the great work of security researchers around the world.

Mitigating Arbitrary Native Code Execution

Most modern browser exploits attempt to transform a memory safety vulnerability into a method of running arbitrary native code on a target device. This technique is prevalent because it provides the path of least resistance for attackers by enabling them to flexibly and uniformly stage each phase of their attack. For defenders, preventing arbitrary native code execution is desirable because it can substantially limit an attacker’s range of freedom without requiring prior knowledge of a vulnerability. To this end, Microsoft Edge in the Creators Update of Windows 10 leverages Code Integrity Guard (CIG) and Arbitrary Code Guard (ACG) to help break the most universal primitive found in modern web browser exploits: loading malicious code into memory.

Hackers are developers, too

A typical web browser exploit chain consists of three parts:

  1. An exploit for a remote code execution (RCE) vulnerability which is used to get native code running on the target device.
  2. An exploit for elevation of privilege (EOP) vulnerability which is used to increase privileges and escape the sandbox.
  3. A payload that leverages the obtained access to achieve the attacker’s objective (e.g. ransomware, implant, recon, etc).

These parts naturally translate into a modular design for exploits which enables attackers to select different RCE, EOP, and payload combinations based on their target. As a consequence, modern exploits ubiquitously rely on executing arbitrary native code in order to run the 2nd and 3rd stages of their exploit. By breaking this critical link in the chain, we can influence the exploit economics by invalidating the attacker’s software design assumptions and forcing refactoring costs on them.

Preventing the loading of malicious native code

An application can directly load malicious native code into memory by either 1) loading a malicious DLL/EXE from disk or 2) dynamically generating/modifying code in memory. CIG prevents the first method by enabling DLL code signing requirements for Microsoft Edge. This ensures that only properly signed DLLs are allowed to load by a process. ACG then complements this by ensuring that signed code pages are immutable and that new unsigned code pages cannot be created.

CIG: Only allow properly signed images to load

CIG was first enabled for Microsoft Edge starting with the Windows 10 1511 update. In a previous blog post, we explained how a kernel-enforced User Mode Code Integrity (UMCI) policy has been enabled for Microsoft Edge content processes that requires DLLs to be Microsoft, Windows Store, or WHQL-signed. With this policy in place, the kernel will fail attempts to load a DLL that is not properly signed. In practice, exploits do not typically rely on loading a DLL from disk, but it has been used by some exploits and it must be addressed to achieve our objective and to have a comprehensive solution. Since the Windows 10 1511 release, we’ve made additional improvements to help strengthen CIG:

  1. Preventing child process creation (Windows 10 1607): As the UMCI policy is applied per-process, it is also important to prevent an attacker from spawning a new process with a weaker or non-existent UMCI policy. In Windows 10 1607, Microsoft Edge enabled the no child process mitigation policy for content processes which ensures that a child process cannot be created. This policy is currently enforced as a property of the token for a content process which ensures both direct (e.g. calling WinExec) and indirect (e.g. out-of-process COM server) process launches are blocked.
  1. Enabling the CIG policy sooner (Windows 10 Creators Update): The enablement of the UMCI policy has been moved to process creation time rather than during process initialization. This was done to further improve reliability by eliminating a process launch time gap where local injection of improperly signed DLLs into a content process could occur. This was achieved by taking advantage of the UpdateProcThreadAttribute API to specify the code signing policy for the process being launched.

ACG: Code cannot be dynamically generated or modified

While CIG provides strong guarantees that only properly signed DLLs can be loaded from disk, it does not provide any guarantees about the state of image code pages after they are mapped into memory or dynamically generated code pages. This means an attacker can load malicious code by creating new code pages or modifying existing ones even when CIG is enabled. In practice, most modern web browser exploits eventually rely on invoking APIs like VirtualAlloc or VirtualProtect to do just this. Once an attacker has created new code pages, they then copy their native code payload into memory and execute it.

With ACG enabled, the Windows kernel prevents a content process from creating and modifying code pages in memory by enforcing the following policy:

  1. Code pages are immutable. Existing code pages cannot be made writable and therefore always have their intended content. This is enforced with additional checks in the memory manager that prevent code pages from becoming writable or otherwise being modified by the process itself. For example, it is no longer possible to use VirtualProtect to make an image code page become PAGE_EXECUTE_READWRITE.
  1. New, unsigned code pages cannot be created. For example, it is no longer possible to use VirtualAlloc to create a new PAGE_EXECUTE_READWRITE code page.

When combined, the restrictions imposed by ACG and CIG ensure that a process can only directly map signed code pages into memory. Although this is great for security, ACG introduces a serious complication: modern web browsers rely on Just-in-Time (JIT) compilers for best performance. How can we satisfy both needs?

Supporting Just-in-Time (JIT) Compilers

Modern web browsers achieve great performance by transforming JavaScript and other higher-level languages into native code. As a result, they inherently rely on the ability to generate some amount of unsigned native code in a content process. Enabling JIT compilers to work with ACG enabled is a non-trivial engineering task, but it is an investment that we’ve made for Microsoft Edge in the Windows 10 Creators Update. To support this, we moved the JIT functionality of Chakra into a separate process that runs in its own isolated sandbox. The JIT process is responsible for compiling JavaScript to native code and mapping it into the requesting content process. In this way, the content process itself is never allowed to directly map or modify its own JIT code pages.

Impact on attackers

Together, CIG and ACG provide strong protection against a fundamental primitive that is ubiquitously used when exploiting web browser vulnerabilities. This means attackers must develop new methods for chaining the stages of their exploits.

In the Windows 10 Creators Update, CIG is enabled by default for Microsoft Edge, except for scenarios where certain incompatible extensions are present (such as IMEs) – in these scenarios, both CIG and ACG are currently disabled by default.

For compatibility reasons, ACG is currently only enforced on 64-bit desktop devices with a primary GPU running a WDDM 2.2 driver (the driver model released with the Windows 10 Anniversary Update), or when software rendering is use. For experimental purposes, software rendering can be forced via Control Panel ->Internet Options -> ”Advanced”. Current Microsoft devices (Surface Book, Surface Pro 4, and Surface Studio) as well as a few other existing desktop systems with GPU drivers known to be compatible with ACG are opted into ACG enforcement. We intend to improve the coverage and accuracy of the ACG GPU opt-in list as we evaluate the telemetry and feedback from customers.

One of the limitations of CIG and ACG is that they don’t prevent an attacker from leveraging valid signed code pages in an unintended way. For Example, this means attackers could still use well-known techniques like return-oriented programming (ROP) to construct a full payload that doesn’t rely on loading malicious code into memory. In order to help keep signed code “on the rails” as it executes, Microsoft Edge takes advantage of Control Flow Guard (CFG) which applies a control-flow integrity policy to indirect calls. In the future, we hope to further mitigate control-flow hijacking such as by taking advantage of Intel’s Control-flow Enforcement Technology (CET) to protect return addresses on the stack.

Finally, it should be noted that the use of CIG and ACG in Edge is not intended to fully prevent privileged code running on the system from injecting unsigned native code into a content process.  Rather, these features are intended to prevent the scenario of the content process itself attempting to load malicious native code.

Up Next

In an upcoming post, we’ll shift gears to focus on some of the major improvements that have been made to strengthen containment and isolation for Microsoft Edge in the Creators Update of Windows 10. These improvements provide the next line of defense in our efforts to help prevent web browser vulnerabilities from being used to compromise your device or personal data.

Matt Miller, Principal Security Software Engineer, MSRC

Microsoft Office 2010
Polycom Cx5000 Unified Conference Station For Microsoft Lync (Amazon) Amazon Logo

$4300.00



Buy Now

Microsoft Surface (32gb) (Amazon) Amazon Logo

$539.95



Buy Now

+ 11 others available from Amazon
Microsoft Office Home & Business 2010 - 2pc/1user (one Desktop And One Portable) (disc Version) (Amazon) Amazon Logo

$278.00

Buy Now
Microsoft Software Office Home And Business 2010 English Pc Attach Key Product Key Card For 1pc (Amazon) Amazon Logo

$219.69

Buy Now
Microsoft Office Home & Student 2010 - 3pc/1user (disc Version) (Amazon) Amazon Logo

$179.99

Buy Now
Microsoft Office Home & Business 2010 Product Key Card- 1pc/1user [download] (Amazon) Amazon Logo

$150.09

Buy Now
Go! With Microsoft Office 2010, Vol. 1, And Student Videos (Amazon) Amazon Logo

$128.49



Buy Now

Microsoft Office Home & Student 2010 - 3pc/1user [download] (Amazon) Amazon Logo

$124.99

Buy Now
Microsoft Office Home & Student 2010 Product Key Card- 1pc/1user [download] (Amazon) Amazon Logo

$99.99

Buy Now
New Perspectives On Microsoft Office 2010, First Course (Amazon) Amazon Logo

$87.20



Buy Now

Microsoft Natural Ergonomic Desktop 7000 (Amazon) Amazon Logo

$81.78



Buy Now

Microsoft Office 2010: Introductory (shelly Cashman Series(r) Office 2010) (Amazon) Amazon Logo

$69.49



Buy Now

Technorati Tags: , , , , ,

A New Monetization Opportunity: Application Extensions + Microsoft Affiliate Program

Looking for more ways to monetize your app? App developers can boost their revenue through the Microsoft Affiliate Program. As an affiliate you can earn revenue by promoting content in the Windows Store and Microsoft Store, such as apps, games, music and video.

Developers who place links and/or banners on their apps directing users to the Windows Store will receive a commission for each online sale driven by that in-app marketing. You may have participated in other affiliate programs where you get a commission when someone buys something that you link to – the Microsoft Affiliate Program works in much the same way, but is more expansive.

A New Opportunity

As an app developer, this is a golden opportunity to open a new revenue stream for Universal Windows Apps.

Not only do you earn commission on the link that you directly sent the user if he or she purchases an extension, but you also earn up to 10% commission on anything else the user buys online from Microsoft within a window of time lasting up to 14 days.

By using the Affiliate program tools for creating, promoting and tracking campaigns, you can maximize revenue. This includes commission on apps, in-app purchases, games, movies, music downloads, Groove Music Passes, Microsoft Office and even hardware.

App Services/App Extensions + Microsoft Affiliate Program

Now when you combine the Microsoft Affiliate Program with app extensibility, new monetization opportunities open up on the Windows platform that just aren’t available on other app platforms. Three different types of app developers could benefit from combining App Services and Extensions with the Microsoft Affiliate Program:

  1. App developers who host extensibility to their apps can now earn commission on sales of extensions and other store purchases triggered by the installation of those extensions.
  2. App developers who build extensions can now have a store to put their extension in and their extensions get discovered in the context of the app when they are needed.
  3. App developers can make it easy to use their app’s service with the Microsoft Affiliate Program.

To help you get set up to participate in this affiliate-marketing program, let’s talk about App Extensions and App Services.

The Challenge with App Extensibility

The basics are simple: An app defines a plug-in or extensibility protocol, publishes it and then finds ways of getting extension developers to build extensions using the protocol.

Applications have had extensibility mechanisms for years. Desktop apps such as Microsoft Word, Microsoft Outlook, Adobe Photoshop, Visual Studio and Google Chrome have enabled third-party developers to build extensions to enhance and extend the apps in interesting ways, and even in directions that the app developer hadn’t imagined.

But though they are quite often easy to build, there are several challenges with the business of building App Extensions:

  • Extension developers would have to run their own commerce engine or trialware mechanism.
  • Promotional ability is typically limited to being listed in a catalog of available extensions.
  • The best option is quite often to be bought by the app developer.
  • The extension is strictly tied to the protocol and deployment mechanism defined by the host app and making it work with another vendor’s app is an additional effort.

Universal Windows Platform extends App Services

Windows 10 makes this process easier: Apps can now expose App Services to other apps, extending their capabilities.

Apps can even expose multiple services, each with a different protocol, depending on the usage model. The communication between apps via App Services is through an async protocol sending value sets of simple values – you can even share files via tokens with the SharedStorageAccessManager class.

To use an app’s service, you need to know the name of the app, the name of the service and the protocol that it’s expecting. Once you know that, the calling app can send and receive message to and from the app that is running the app service.

App Extensions enhance App Services

A new feature in the Windows Anniversary Edition that works great with App Services is App Extensions.

With App Extensions, an extensible app declares in its manifest that it hosts extensions with a specific named extension mechanism. App extension developers then declare in their apps’ manifests that their extension implements that named extension mechanism.

A new feature in the Microsoft Edge browser is this extension mechanism so that third-party developers can extend Microsoft Edge to add new capabilities. Apps that host extensions can also use the AppExtensionCatalog API to list all of the extensions that are installed and available on the system for the extension protocols declared in the app’s manifest.

As an example, here’s the manifest of my Journalist app, which hosts two different types of extensions:


<uap3:Extension Category="windows.appExtensionHost">
    <uap3:AppExtensionHost>
        <uap3:Name>Journalist.Export.1</uap3:Name>
        <uap3:Name>Journalist.PageItem.1</uap3:Name>
    </uap3:AppExtensionHost>
</uap3:Extension>

The catalog exposes metadata for each extension, including its display name, package family name, and it could even expose the service name – everything necessary to call its app service. My Animated GIF Creator app then declares this in its manifest:


<uap3:Extension Category="windows.appExtension">
    <uap3:AppExtension Name="Journalist.Export.1" 
        Id="AnimatedGifTranscoder" PublicFolder="Public" 
        DisplayName="ms-resource:AnimatedGIF" 
        Description="ms-resource:JournalistExportDescription">
        <uap3:Properties>
            <Service>AnimatedGifCreator.Journalist.1</Service>
            <ExportType>File</ExportType>
            <SuggestedStartLocation>PicturesLibrary</SuggestedStartLocation>
            <ExtensionHtml>Extension.html</ExtensionHtml>
        </uap3:Properties>
    </uap3:AppExtension>
</uap3:Extension>

The only thing missing for an app that hosts extensions is a catalog of available extensions that are not installed on the system but available in the store.

Continuing the example with my Journalist app, I show a list of extensions available to install.

This could be a hardcoded list or a list retrieved from an app service, but the point is that as an app developer, I can detect if a specific app extension is available; if it isn’t, I can provide the UI to install it.

The Install button for each extension will take the user to the page for the app in the Windows Store so he or she can purchase (if it’s not free) and install the app – and this is where the new monetization opportunity is – the Microsoft Affiliate Program. Once the user gets into the store with that affiliate link, the developer can earn commission revenue on ANYTHING the user purchases within the time window mentioned above.

If the user clicks on install, the app will launch a web URL for the Microsoft Affiliate Program and then take the user to a product page for extension in the Windows Store (one extra hop). In another place in my Journalist app, I show related journaling supplies and I used the affiliate program’s link-builder tools to build links to the products circled below:

More Details

As you can see, as an app developer, I’m super excited about app extension and this new opportunity.  Here are some additional details that will help you on your new UWP monetization opportunity:

Microsoft Office 2010
Polycom Cx5000 Unified Conference Station For Microsoft Lync (Amazon) Amazon Logo

$4300.00



Buy Now

Microsoft Surface (32gb) (Amazon) Amazon Logo

$539.95



Buy Now

+ 11 others available from Amazon
Microsoft Office Home & Business 2010 - 2pc/1user (one Desktop And One Portable) (disc Version) (Amazon) Amazon Logo

$278.00

Buy Now
Microsoft Software Office Home And Business 2010 English Pc Attach Key Product Key Card For 1pc (Amazon) Amazon Logo

$219.69

Buy Now
Microsoft Office Home & Student 2010 - 3pc/1user (disc Version) (Amazon) Amazon Logo

$179.99

Buy Now
Microsoft Office Home & Business 2010 Product Key Card- 1pc/1user [download] (Amazon) Amazon Logo

$150.09

Buy Now
Go! With Microsoft Office 2010, Vol. 1, And Student Videos (Amazon) Amazon Logo

$128.49



Buy Now

Microsoft Office Home & Student 2010 - 3pc/1user [download] (Amazon) Amazon Logo

$124.99

Buy Now
Microsoft Office Home & Student 2010 Product Key Card- 1pc/1user [download] (Amazon) Amazon Logo

$99.99

Buy Now
New Perspectives On Microsoft Office 2010, First Course (Amazon) Amazon Logo

$87.20



Buy Now

Microsoft Natural Ergonomic Desktop 7000 (Amazon) Amazon Logo

$81.78



Buy Now

Microsoft Office 2010: Introductory (shelly Cashman Series(r) Office 2010) (Amazon) Amazon Logo

$69.49



Buy Now

Technorati Tags: , , , , ,

I'm a Silicon Valley liberal, and I traveled across the country to interview 100 Trump supporters — here's what I learned

Sam Altman

Sam Altman runs a prestigious Silicon Valley startup incubator, Y Combinator. He did not vote for Trump. But he wanted to learn about how the rest of America thinks and feels. So he spent months traveling the country, interviewing Trump supporters. He published his findings on his personal blog, and has allowed Business Insider to publish them here as well.

After the election, I decided to talk to 100 Trump voters from around the country. I went to the middle of the country, the middle of the state, and talked to many online.

This was a surprisingly interesting and helpful experience — I highly recommend it. With three exceptions, I found something to like about everyone I talked to (though I strongly disagreed with many of the things they said). Although it shouldn’t have surprised me given the voting data, I was definitely surprised by the diversity of the people I spoke to — I did not expect to talk to so many Muslims, Mexicans, Black people, and women in the course of this project.

Almost everyone I asked was willing to talk to me, but almost none of them wanted me to use their names — even people from very red states were worried about getting “targeted by those people in Silicon Valley if they knew I voted for him.” One person in Silicon Valley even asked me to sign a confidentiality agreement before she would talk to me, as she worried she’d lose her job if people at her company knew she was a strong Trump supporter.

I wanted to understand what Trump voters liked and didn’t like about the president, what they were nervous about, what they thought about the left’s response so far, and most importantly, what would convince them not to vote for him in the future.

Obviously, this is not a poll, and not ‘data.’ But I think narratives are really important.

Here’s what I heard.

The TL;DR quote is this:

“You all can defeat Trump next time, but not if you keep mocking us, refusing to listen to us, and cutting us out. It’s Republicans, not Democrats, who will take Trump down.”

trump supporters

What do you like about Trump?

“He is not politically correct.” Note: This sentiment came up a lot, probably in at least a third of the conversations I had.

“He says true but unpopular things. If you can’t talk about problems, you can’t fix them.”

I’m a Jewish libertarian who’s [sic] grandparents were Holocaust survivors. Over the last few years the mainstream left has resorted to name-calling and character assassination, instead of debate, any time their positions are questioned. This atmosphere became extremely oppressive and threatening to people, like myself, who disagreed with many of Obama’s policies over the past several years. Intelligent debate has become rare.”

“It’s a lot like political discussion was in Soviet Union, actually. I think the inability to acknowledge obvious truths, and the ever-increasing scope of these restrictions makes it particularly frustrating. And personally, for whatever reason, I find inability to have more subtle discussion very frustrating — things are not white or black, but you can’t talk about greys since the politically correct answer is white.”

Donald Trump“He is anti-abortion.” Note: This sentiment came up a lot. A number of people I spoke to said they didn’t care about anything else he did and would always vote for whichever candidate was more anti-abortion.

“I like that he puts the interests of Americans first. American policy needs to be made from a position of how Americans benefit from it, as that is the role of government.”

“He is anti-immigration.” Note: This sentiment came up a lot. The most surprising takeaway for me how little it seemed to be driven by economic concerns, and how much it was driven by fears about “losing our culture,” “safety,” “community,” and a general Us-vs.-Them mentality.

“He will preserve our culture. Preservation of culture is considered good in most cases. What’s wrong with preserving the good parts of American culture?”

“He’s not Hillary Clinton.”

“I’m Mexican. I support the wall. The people who have stayed have destroyed Mexico, and now they want to get out and cause damage here. We need to protect our borders, but now any policy is like that is called racist. Trump was the first person willing to say that out loud.”

“I am socially very liberal. I am fiscally very conservative. I don’t feel I have a party — never have. I grew up in a more socially conservative time and picked the “lesser of two evils” during elections. Now, the more socially liberal side supports bigger governments, more aid and support and that money has to come from somewhere. I see what’s deducted from my check each week. I’m OK with never being rich but I’d like more security and that doesn’t come from more government spending.”

“We need borders at every level of our society.”

“I’m willing to postpone some further social justice progress, which doesn’t really result in loss of life, in favor of less foreign policy involvement, the opposite of which does.”

“Brown people are always the out-crowd. I think subconsciously, part of the reason I supported him was a way to be in the in-crowd for once.”

trump rally fayetteville

What don’t you like about him?

“The way he talks about women is despicable.”

“Everything about his style. We only voted for him because this election was too important to worry about style.”

“I don’t like most things about him. The way it worked is we got to choose one of two terrible options.”

“I think our nation needs Trumpism to survive long term, and to me that supersedes almost every other reservation I have. My issue is with Trump himself — I think he’s the wrong vessel for his movement, but he’s all we’ve got so I’m behind him.”

“I think the rollout of the immigration executive order is emblematic of a clusterf-ck, to be completely frank.”

“I now believe the Muslim ban actually makes us less safe.”

“Isolationism and protectionism at this point is insane. We’ve done that before.”

“I, too, worry about the dishonesty. His relationship with Russia, his relationship with women. His relationship with questionable financial matters. These all worry me and were they to continue I would lose all respect.”

“He continually plays into a character that he has created to rile his fan base. Accepting anti-semitism, white nationalism, or hate emanating unnecessarily, creates a vacuum of fear on social media, on television, and around the dinner table. Even though the policies may be similar to that of any recent Republican President, the behavior to act so immaturely sets a bad example for children and undercuts many cultural norms, which more than anything causes disruption to our sociological foundations.”

“I hate that he discredits the press all the time. That seems to forebode great evil.”

Trump supporters celebrate

What are you nervous about with Trump as president?

“The thing I’m most worried about is war, and that he could destroy the whole world. I think I may have underestimated that risk, because he is more of an alpha strongman that I realized when I voted for him. Otherwise I still like him.” Note: Most people weren’t that worried about war. More frequent comments were along these lines:

“I know he’s taking strong positions on certain foreign issues, but I feel in negotiations you need to do things to move the needle and when a whole country is watching its hard to keep a poker face, but at least his business track record overall gives us reason to believe ultimately stability will prevail.”

and

“He’s crazy, but it’s a tactic to get other nations not to mess with us.”

“I worry he will drive us apart as a nation. I believed him when he said that would stop with the campaign, but I haven’t seen signs of it so far.”

“I am nervous that his mental health is actually bad.”

“I worry he is actually going to roll back social change we’ve fought so hard for. But I hope not.”

What do you think about the left’s response so far?

“You need to give us an opportunity to admit we may have been wrong without saying we’re bad people. I am already thinking I made a mistake, but I feel ostracized from my community.”

“The left is more intolerant than the right.” Note: This concept came up a lot, with real animosity in otherwise pleasant conversations.

“Stop calling us racists. Stop calling us idiots. We aren’t. Listen to us when we try to tell you why we aren’t. Oh, and stop making fun of us.”

“I’d love to see one-tenth of the outrage about the state of our lives out here that you have for Muslims from another country. You have no idea what our lives are like.”

“I’m so tired of hearing about white privilege. I’m white, but way less privileged than a black person from your world. I have no hope my life will ever get any better.”

I am tired of feeling silenced and demonized. We have mostly the same goals, and different opinions about how to get there. Maybe I’m wrong, maybe you’re wrong. But enough with calling all of us the devil for wanting to try Trump. I hate Hillary and think she wants to destroy the country of us but I don’t demonize her supporters.”

“I’m angry that they’re so outraged now, but were never outraged over an existing terrible system.”

trump“The attacks against Trump have taught me something about myself. I have defended him and said things I really didn’t believe or support because I was put in a defensive position. Protesters may have pushed many people in this direction BUT it is ultimately our responsibility and must stop.”

“I’d like to also add that the demonization of Trump by calling him and his supporters: Nazis, KKK, white supremacists, fascists, etc. works very well in entrenching Trump supporters on his side. These attacks are counter-factual and in my opinion very helpful to Trump.”

“So far his election has driven our nation apart. So far I see most of the divisiveness coming from the left. Shame on them. I don’t see it quite as bad as during Nixon’s era but we are truly headed in that direction. I could not speak with my parents during that time because political division would intrude. This Thanksgiving and holiday season were as close as I’ve felt to that in 40 years. We are increasingly polarized. It doesn’t seem to be strictly generational, though that exists. There is an east coast-west coast, rural vs. urban, racial, and gender division forming now. It has the potential to be devastating.”

“The amount of violent attacks and economic attacks perpetrated by the left are troublesome. My wife and I recently moved to the Bay Area. I was expecting a place which was a welcoming meritocracy of ideas. Instead, I found a place where everyone constantly watches everyone else for any thoughtcrime.”

“Silicon Valley is incredibly unwelcoming to alternative points of view. Your curiosity, if it is sincere, is the very rare exception to the rule.”

“There is something hypocritical about the left saying the are uniters not dividers, they are inclusive and then excluding half the population with comments on intelligence and irrelevance in the modern world.”

Donald Trump rally

What would convince you not to vote for him again?

“War would be unforgivable.”

“If the Russia thing were true, I’d turn against him. Why don’t y’all focus on that instead of his tweets?”

“Give us a better option, and we’ll be happy. But it needs to be a moderate — Sanders won’t win.”

“I’ll happily vote for someone else. There’s a lot I hate about Trump. But our lives are basically destroyed, and he was the first person to talk about fixing that.”

“Generally hard to say. Extreme corruption would do it.”

Second person in the same conversation: “I don’t care if he’s corrupt. Y’all voted for Hillary and she was the most corrupt candidate of all time.”

“Another worry is an escalation of overreaches between him and the left that culminates in the breakdown of our system of law. I’d hold him responsible for that.”

“If he were to get the US involved in a major military conflict (I think the odds of this have actually decreased versus Hillary, but I’m willing to be proven wrong). If he were to substantially increase the cost of doing business (by increasing regulation or taxes for instance).”

“I’m socially very liberal. If he were to do something like restart a war on drugs, try to restrict rights of LGBT, or make first trimester abortions difficult or dangerous, I’d rethink my position. I think these type of things are extremely unlikely though, especially with an election a few years away the country as a whole becoming more socially liberal.”

“I think if 2008 happened again (further into Trump’s tenure, so that causation can be shown, hypothetically), the base would evaporate.”

“Based on Trump’s history before politics I don’t believe he is racist, sexist, homophobic or bigoted. If that were true it would supersede everything else since it would be even worse for individual liberty and freedom than any freedom of speech restrictions or increases in government size proposed by the Democratic Party.”

Sam Altman is the president of Y Combinator, Silicon Valley’s largest startup accelerator. This post originally appeared on his blog.

Join the conversation about this story »

NOW WATCH: ‘Hollywood is known for being far to the left’: Sean Spicer talks about Trump’s plans during the Oscars

Technorati Tags: , , , , ,

Tour the exclusive, $25,000-a-year club where athletes and billionaires vacation in Hawaii

Kohanaiki Bar

An average of eight million people visit the Hawaiian islands each year. But it’s not likely that many of those tourists will have an experience that parallels what members can have at Kohanaiki, an exclusive club near Kona on the Big Island of Hawaii. 

With an annual membership fee of $25,000 (in addition to a one-time entrance fee of $100,000), Kohanaiki offers travelers a plethora of activities and real estate options to enjoy. Members can either purchase pre-constructed, fully furnished homes or build out custom homes themselves.

Several C-suite finance executives, as well as golf legend Ben Crenshaw, former tennis pro Lindsey Davenport, and Jacksonville Jaguar Davon House have all joined the club. 

“Our members are a very well-traveled, sophisticated set. This is not the first high-end, private club that they’re a member of, and it’s not their first vacation home,” general manager George Panoose recently told Business Insider. “They’ve experienced the finest things in life and know what service and luxury is.”

Let’s take a tour of the 450-acre resort community where entrepreneurs, hedge funders, athletes, and entertainment industry pros vacation together.

SEE ALSO: Inside the swanky private club where Bill Gates, Eric Schmidt, and Justin Timberlake go to ski

Kohanaiki is surrounded by lava flows, white-sand beaches, and bright blue waters.

The golf course is one obvious draw for vacationers …

… as is the beach and all of the activities it has to offer. Kohanaiki’s “A-Team” will take members surfing, snorkeling, scuba diving, and hiking.

See the rest of the story at Business Insider

Technorati Tags: , , , , ,

Verizon trials 5G in 11 US cities (VZ)

Mobile Operators 5g plan

This story was delivered to BI Intelligence IoT Briefing subscribers. To learn more and subscribe, please click here.

Verizon recently announced that it will begin trialing 5G networks in 11 cities in the US in the first half of 2017, Reuters reports.

IoT providers and their customers have been planning for the onset of 5G for some time — namely because it offers faster data speeds and lower latency. And now that 5G is close enough to arriving, network providers like Verizon are vying for an early-mover advantage, which would position them well to contribute to the creation of a universal global standard for 5G.

It’s widely recognized that a standard is needed for 5G, and Verizon is aiming to get this standard crafted to include its preferred items. Verizon, by aggressively moving to trial 5G in a number of locations, is likely trying to push groups such as the International Telecommunications Union to craft this standard earlier than it would have otherwise, while also betting that the group will follow the telco’s lead in crafting the standard thanks to its early-mover status.

5G’s chief benefit to the IoT is its ability to handle larger amounts of data and reduce network latency. Reuters notes that 5G is expected to provide speeds around 10-100 times that of 4G LTE, the current cellular network standard for IoT devices. Here’s how this ability to handle more data will impact the IoT:

  • It will allow for less networking hardware to handle the current device load, cutting costs and leading to fewer devices. Greater data transmission capabilities from 5G means that providers will be able to employ fewer pieces of networking hardware to cover the same area. This would allow these IoT providers to cut down on costs associated with deploying more hardware in their solutions.
  • It may also make more sense to compute certain functions in the cloud rather than at the edge. As BI Intelligence outlined last year, edge computing, where data is processed and analyzed at a local device rather than in the cloud, is becoming a larger phenomenon within the IoT. But if providers move to connect their devices with 5G, it would then be easier to transmit data to the cloud than it is currently with 4G LTE. This means that certain providers could move specific data analytics and computing functions to the cloud rather than keeping them at the edge.

The Internet of Things (IoT) is disrupting businesses, governments, and consumers and transforming how they interact with the world. Companies are going to spend almost $5 trillion on the IoT in the next five years — and the proliferation of connected devices and massive increase in data has started an analytical revolution.

To gain insight into this emerging trend, BI Intelligence conducted an exclusive Global IoT Executive Survey on the impact of the IoT on companies around the world. The study included over 500 respondents from a wide array of industries, including manufacturing, technology, and finance, with significant numbers of C-suite and director-level respondents. 

Peter Newman, research analyst for BI Intelligence, Business Insider’s premium research service, has conducted an exclusive study with in-depth research into the field and created a detailed report on the IoT that describes the components that make up IoT ecosystem. We size the IoT market in terms of device installations and investment through 2021. And we examine the importance of IoT providers, the challenges they face, and what they do with the data they collect. Finally, we take a look at the opportunities, challenges, and barriers related to mass adoption of IoT devices among consumers, governments, and enterprises.

Here are some key takeaways from the report:

  • We project that there will be a total of 22.5 billion IoT devices in 2021, up from 6.6 billion in 2016.
  • We forecast there will be $4.8 trillion in aggregate IoT investment between 2016 and 2021.
  • It highlights the opinions and experiences of IoT decision-makers on topics that include: drivers for adoption; major challenges and pain points; stages of adoption, deployment, and maturity of IoT implementations; investment in and utilization of devices, platforms, and services; the decision-making process; and forward- looking plans.

In full, the report:

  • Provides a primer on the basics of the IoT ecosystem
  • Offers forecasts for the IoT moving forward and highlights areas of interest in the coming years
  • Looks at who is and is not adopting the IoT, and why
  • Highlights drivers and challenges facing companies implementing IoT solutions

To get your copy of this invaluable guide to the IoT, choose one of these options:

  1. Subscribe to an ALL-ACCESS Membership with BI Intelligence and gain immediate access to this report AND over 100 other expertly researched deep-dive reports, subscriptions to all of our daily newsletters, and much more. >> START A MEMBERSHIP
  2. Purchase the report and download it immediately from our research store. >> BUY THE REPORT

The choice is yours. But however you decide to acquire this report, you’ve given yourself a powerful advantage in your understanding of the IoT.

Join the conversation about this story »

Technorati Tags: , , , , ,

How Marc Andreessen got Cisco's John Chambers to invest in a startup that's conquering 'the next interface' (CSCO)

John Chambers

“I viewed voice as the past, where it’s really the future,” says Cisco Executive Chairman and former CEO John Chambers.

That’s why he’s made a personal investment in hot voice security and fraud-fighting startup Pindrop, and it’s why he’s joining the company’s board of directors, Chambers tells Business Insider. Representatives for Pindrop declined to share the size of the investment.

Chambers was brought in to Pindrop by famed Andreessen Horowitz cofounder Marc Andreessen, he says — who, incidentally, will also be joining Pindrop as a Board Observer, with Andreesen Horowitz general partner Martin Casado joining the Pindrop board directly.

What attracted Chambers to Pindrop, he says, is the opportunity to apply the security expertise he gained at Cisco to what he views as the next logical step in computing.

“What I do very well is get market transitions right,” says Chambers. “Voice is the next interface.”

From Chambers’ perspective, voice has gone beyond just the good old phone call: As evidenced by the rise of gadgets like the Amazon Echo or the Google Home, and even by the prevalence of automated customer service systems, the human voice is emerging as a major new way for people to interact with computers.

That voice shift is going to require a massive rethinking of how to handle security — and Chambers thinks that Pindrop has the potential to be that rare company that both improves security and makes people’s lives easier. “It is a world where security is a must,” says Chambers, and he thinks Pindrop could be “the industry standard.”Vijay pindrop

Today, Pindrop claims that its customers include “eight of the top 10 US banks alongside two of top five insurance carriers,” and claims it doubled its revenue from 2015 to 2016.

The big voice

The basic promise of Pindrop, says CEO Vijay Balasubramaniyan, is that proving you are who you say you are on the phone shouldn’t require “answering a bunch of stupid questions.” By tracking the sound of your voice, what you’re trying to do, and even the device you’re using, Pindrop can make a good guess that you are who you say you are.

So if you’re calling your bank or your cell phone provider, Pindrop promises that you won’t have to remember a password or give your social security number (a particular sticking point for Balasubramaniyan). If you’re using your phone, and you sound like you, and you’re using it in a way that doesn’t raise red flags, you’re in.

But Balasubramaniyan says that if you’re a bad guy, Pindrop’s technology will detect that you’re on the wrong phone and that you’re trying to do something that you ordinarily wouldn’t do — if you’re an iPhone user from Kentucky, it’s probably not great if an Android phone is trying to drain your life savings into an offshore bank account.

That makes it a win-win-win. Better security, fewer passwords, plus the system knows exactly who’s talking to it. That last part is going to be even more clutch as the Amazon Echo and devices like it get traction, opening the door to all kinds of new opportunities for personalization.

“This is a classic, canonical example to take IT and bring it to people in a natural way,” says Casado.

Voice of leadership

Chambers and Casado both praise the leadership and industry knowledge of Balasubramaniyan, who took a project he worked on while still a PhD student at Georgia Tech and turned it into a hot startup with $122 million in funding — including a rare double-play investment from both Alphabet’s GV and Google Capital.

Beyond the product and its technology, “I invest in the CEO,” says Chambers.

Martin Casado

Casado says that the academia-to-startup route reminds him of his own path into Silicon Valley, where his own PhD project turned into networking startup Nicira, which in turn sparked a bidding war (with Chambers’ Cisco, actually) and got bought by VMware for $1.26 billion in 2014.

He sees the potential for Pindrop to make similar ripples in the tech industry, as developers look for ways to build this kind of security into their voice applications, and find that the startup is already doing it. In other words, as Alexa, Google Assistant, and other voice interfaces grow, so too does Pindrop’s market.

“I love a big story,” says Casado. “I’m just a sucker for these things.”

SEE ALSO: Pindrop can pick up when someone is trying to steal your identity over the phone

Join the conversation about this story »

NOW WATCH: These popular devices keep a recording of everything you ask them — here’s how to find it and delete it

Technorati Tags: , , , , ,

The relaunched Nokia 3310 will reportedly be a Carphone Warehouse exclusive in the UK

nokia 3310 phone dumbphone

The highly anticipated modern remake of the Nokia 3310 will only be available to buy at the mobile phone retailer Carphone Warehouse in the UK, according to Mobile Today’s industry sources.

Finnish company HMD Global — which has exclusive rights to market phones under the Nokia brand — reportedly struck the exclusive deal with Carphone Warehouse, owned by the FTSE 100-listed Dixons Carphone.

The relaunched phone is set to be unveiled in Barcelona, Spain, ahead of the mobile industry conference Mobile World Congress at the end of this month, according to VentureBeat which first reported on the phone’s relaunch.

It will be retailing for €59 ($63; £50) , according to the VentureBeat report . That’s less than some of the original, 17-year-old Nokia 3310 handsets are up for on Amazon.

Nokia The 3310 model achieved a cult-like status because it was a better, lighter version of its predecessor the 3210, as Techradar put it, which was the first affordable, mass-market Nokia phone.

Carphone Warehouse did not immediately respond to Business Insider for a comment.

Join the conversation about this story »

NOW WATCH: Meet the forgotten co-founder of Apple who once owned 10% of the company

Technorati Tags: , , , , ,

The Chinese government is funding a new lab from China's most powerful AI company

Baidu China Chinese

Baidu, a Chinese tech giant making rapid advances in the field of artificial intelligence (AI), has received funding from the Chinese government for a new research project, Quartz reports.

AI has the potential to be of the most influential technologies that humanity has ever invented. Governments around the world are giving it increasing amounts of attention and Silicon Valley tech giants like Google and Facebook are putting hundreds of millions of dollars into AI research.

Now China’s National Development and Reform Commission, a government organisation tasked with growing and restructuring China’s economy, is pumping money into a deep learning lab that will be led by Baidu, according to the Quartz report, which is based on a post on Baidu’s Chinese WeChat account.

The lab won’t have a single physical presence but instead it will be a “digital network of researchers” working on problems in their respective fields from wherever they happen to be based in China, according to The South China Morning Post.

The lab’s research areas reportedly include:

  • computer vision
  • biometric identification
  • intellectual property rights
  • and human-computer interaction

Baidu will reportedly work with Tsinghua University and Beihang University, along with other Chinese research organisations.

Lin Yuanqing, head of the Baidu Deep Learning Institute, and Xu Wei, a computer scientist at Baidu, will reportedly work on developing the lab, as will two representatives from The Chinese Academy of Scientists.

Baidu also has an AI research lab in Silicon Valley, which is home to the company’s chief scientist, Andrew Ng.

The amount of funding allocated by China’s Development and Reform Commission has not been disclosed.

Baidu did not immediately respond to Business Insider’s request for comment.

Join the conversation about this story »

NOW WATCH: Why there are small bumps on the ‘F’ and ‘J’ keys of every keyboard

Technorati Tags: , , , , ,

Verizon plans 5G trial service in 11 cities this year

Lab tests of pre-standard 5G wireless with multi-gigabit speeds are evolving into trial services that users can actually enjoy in the real world – though not necessarily while walking around with a smartphone.

Verizon said Wednesday it will launch pre-commercial 5G service in 11 markets around the U.S. by the middle of this year, joining rival AT&T in aggressively deploying the future technology.

At Mobile World Congress in Barcelona next week, carriers are expected to announce more upcoming 5G trials.

To read this article in full or to leave a comment, please click here

Technorati Tags: , , , , ,

India’s top mobile operator Airtel is buying smaller rival Telenor

bharti-airtel Less than a month after Vodafone confirmed it is in talks to merge with Idea Cellular and create India’s largest mobile operator, one piece of M&A has been confirmed in that space. Bharti Airtel has gobbled up smaller player Telenor India in a deal announced today. The Airtel-Telenor deal is subject to regulatory approvals, but both sides said it should be completed within the next… Read More

Technorati Tags: , , , , ,