The worst thing to happen to them since the last thing

Techie real estate upstart and VC cash furnace WeWork has called off its IPO amidst mounting corporate disasters.

The office-subletting company on Monday confirmed to the US Securities and Exchange Commission that it was withdrawing its request to go public with a stock offering.

“We have decided to postpone our IPO to focus on our core business, the fundamentals of which remain strong. We are as committed as ever to serving our members, enterprise customers, landlord partners, employees and shareholders,” WeWork co-CEOs Artie Minson and Sebastian Gunningham said in announcing the decision.

“We have every intention to operate WeWork as a public company and look forward to revisiting the public equity markets in the future.”

The decision to call off the IPO comes less than six weeks after WeWork formally filed its S-1 paperwork with the SEC in hopes of going public. At the time, WeWork provided a hefty package or promotional materials and financial tables making its case to potential investors.

“Our strong unit economics, together with the increasing cost efficiency with which we open new locations, gives us the conviction to continue to invest in finding, building and filling locations in order to drive long-term value creation,” execs said in the S1 filing.

Since making the filing, however, things have gone downhill fast for a company that fancies itself the future of offices.

WeWork filed its IPO homework. So we had a look at its small print and… yowser. What has El Reg got itself into?

READ MORE

The same S-1 filing intended to hype up WeWork to investors also showed that the firm had already burned through billions in cash and over the first half of this year losses topped an average of $100m per month.

Things only got worse from there. By September, investors were valuing the biz at less than half of its peak $47bn mark when word got out that WeWork had to make significant staff cuts, and that the matter was handled so poorly by CEO and aspiring immortal trillionaire Adam Neumann that he had to step down from the company to spend more time walking around Manhattan barefoot.

Given all the headaches that have hit the company in less than two months, it is small wonder that WeWork’s CEOs and board (on which Neumann is still serving) have opted to call off the IPO for now, if for no other reason than to try and get a few more news cycles in between themselves and this disastrous run. ®

Full disclosure: The Register is housed at WeWork offices in London and San Francisco. The coffee at the SF office is terrible and the toilets aren’t much better.

Sponsored: Transforming infrastructure to enable top-performing development teams

Household appliances will become easier to repair thanks to new standards being adopted across the European Union.

From 2021, firms will have to make appliances longer-lasting, and they will have to supply spare parts for machines for up to 10 years.

The rules apply to lighting, washing machines, dishwashers and fridges.

But campaigners for the “right to repair” say they do not go far enough as only professionals – not consumers – will be able carry out the repairs.

The legislation has been prompted by complaints from consumers across Europe and North America infuriated by machines that break down when they are just out of warranty.

Owners are usually unable to repair the machines themselves – or find anyone else to do it at a decent price – so are forced to buy a replacement.

This creates waste and fuels global warming through the greenhouse gases created in the manufacturing process for new machines.

In the US, around 20 states are said to have right to repair legislation in progress.

Under the European Commission’s new standards, manufacturers will have to make spares, such as door gaskets and thermostats, available to professional repairers.

These parts will have to be accessible with commonly-available tools and without damaging the product.

Campaigners say individual consumers should also be allowed to buy spares and mend their own machines. But manufacturers said this would raise questions about risk and liability.

Instead, manufacturers will have to ensure that key parts of the product can be replaced by independent professionals.

If British firms want to sell into Europe after Brexit they will have to follow the new rules, which apply from April 2021.

‘Massive step’

It is estimated that the new standards will ensure that appliances have a longer life. The rules also include provisions to make appliances more energy efficient.

For example, star ratings for the energy efficiency of appliances will be ratcheted up. Current regulations are seen to be outdated, with more than 55% of washing machines sold in the EU ranked A+++ on the label.

The move could directly save €20bn on energy bills per year in Europe from 2030 onwards – equivalent to 5% of EU electricity consumption.

Chloe Fayole of environmental group Ecos said: “From the US to Europe, people are demanding their right to repair things they own because they’re tired of products that are designed to break prematurely.”

Libby Peake from the UK Green alliance told BBC News: “These new standards are a massive step in the right direction and could result in nearly 50 million tonnes of CO2 emissions savings.”

But Stephane Arditi of the European Environment Bureau said: “When repair activities stay in the hands of a few firms, we’re missing an opportunity to make it more affordable and readily available.

“Small independent repairers can make a great contribution to the economy and our society. We need to help them do their job.”

Follow Roger on Twitter @rharrabin

The government has prepared the legal text of an updated Brexit deal, government sources have told the BBC.

It is expected to make more of the plans public in the next few days, a senior government figure says.

The government has suggested creating “customs clearance zones” in Northern Ireland and Ireland, as part of the proposals put to the EU.

Proposals for reaching a Brexit deal had been expected ahead of a crucial EU summit on 17 October.

The UK is due to leave the EU on 31 October, and Prime Minister Boris Johnson says this will happen whether or not there is a new deal with Brussels.

Mr Johnson says that he would prefer leaving with a deal.

At the Conservative party conference on Monday, he said: “I’m cautiously optimistic. We have made some pretty big moves, we are waiting to see whether our European friends will help us and whether we can find the right landing zone.”

MPs have passed a law requiring Mr Johnson to seek an extension to the deadline from the bloc if he is unable to pass a deal in Parliament, or get MPs to approve a no-deal Brexit, by 19 October.

Detailed plan

With the detailed proposals on the table, the UK side hopes that by the end of the week, both the EU and UK would be in a period of intense negotiations where both sides thrash out a final text.

But there is no certainty over whether the EU will accept the premise of the plans in order to move to the next phase of talks.

The biggest obstacle to a deal is the backstop – the plan to prevent a hard border between Northern Ireland and the Irish Republic.

The policy – agreed to by former PM Theresa May in her withdrawal deal with the EU, which was rejected three times by Parliament – is unacceptable to many Conservative MPs.

Since becoming prime minister, Mr Johnson has stressed to EU leaders the backstop would have to be replaced if any deal was to be passed by Parliament.

Mr Johnson has argued that the backstop would keep the UK too closely aligned with EU rules after Brexit.

The EU Commission has said it is willing to look at new proposals but these must achieve the same aims as the backstop – and be legally enforceable.

Sources involved in the negotiations with the EU say the checks proposed would not be at the Irish border, and suggestions there would be a series of checkpoints along the border are a misunderstanding.

Talks have continued between the UK and EU, at a technical level. Brexit Secretary Stephen Barclay and the EU’s chief negotiator, Michel Barnier met on Friday.

The BBC understands the proposals will accept the need for customs checks on the island of Ireland – but insist these checks, as the government previously pledged, would be conducted away from the border.

Customs formalities would be carried out mostly where goods originate or at their final destination.

The UK government maintains that any further customs inspections would be very limited – and these could be conducted either at new locations or at existing business premises.

The Irish broadcaster RTE had reported that a “string of customs posts perhaps five to 10 miles away from the frontier” had been floated by the UK.

However, government sources have denied that UK officials had proposed a series of inspection posts on either side of the Irish border.

Please upgrade your browser

Your guide to Brexit jargon

Remote code flaw sparks calls for major updates

Amins of Linux and Unix boxes running Exim would be well-advised to update the software following the disclosure of another critical security flaw.

The Exim 4.92.3 patch, released on September 28th, includes a fix to close up the CVE-2019-16928 flaw.

Discovered by bug-hunters with the QAX A-Team, the vulnerability is caused by a buffer overflow error that occurs when Exim processes an extremely long string in an Extended HELO (EHLO) Extended Simple Mail Transfer Protocol (ESMTP) command message.

In practice, an attacker could write an exploit into the EHLO message and remotely trigger the bug to get control over the targeted server. So far, no active attacks on the flaw have been reported in the wild.

“It’s a simple coding error, not growing a string by enough,” said Jeremy Harris, the Exim dev who patched the flaw in what he described as a simple “one-line fix.”

Exim marks the spot… of remote code execution: Patch due out today for ‘give me root’ flaw in mail server

READ MORE

Debian and Ubuntu have already posted updates to address the bug in their respective distros, so most admins should be able to get a fixed Exim build through their package managers. Interestingly, the flaw is only present in Exim 4.92 and later, so boxes that still use 4.91 or earlier are not vulnerable.

The update arrives just a few weeks after Exim was patched for another critical RCE bug. That flaw, designated CVE-2019-15846, would have allowed a remote attacker to run code and commands with root level privileges.

While not particularly well known, Exim is an extremely common component for Unix and Linux servers and workstations where it is used as a message transfer agent (MTA) to handle emails.

Thanks to the advent of Shodan and other IP-crawling tools, it has been shown that there are millions of internet-facing that use Exim, making the software an attractive target for exploits. ®

Sponsored: Beyond the Data Frontier

The good news? It can’t do it again for three years

Samsung has agreed to pay purchasers of its Galaxy S4 roughly $10 each for over alleged cheating on benchmark tests. And in case you’re wondering: yes, that’s the S4 that came out in 2013.

The mobile giant has settled [PDF] a long-standing class action lawsuit for $13.4m (two-and-a-half hours of profit), with $2.8m put into a settlement fund and $10.6m in injunctive relief. The lawyers will get $1.5m (roughly 11 per cent) for their years of chasing the company. Everyone else will need to apply.

The case was brought back in 2014 when testers revealed that Samsung was appeared to be cheating on benchmark tests – frequently used to compare the speeds of different phones in reviews – by adding source code that detected whether a benchmarking app was running on the phone, and if so, ran the phone at a faster speed (532MHz rather than 480MHz).

Amazingly, Samsung has never denied it the test claims, but has fought the case furiously all the way up to the Supreme Court by arguing it is not legally obliged to tell consumers if it has included the code that would allow it to cheat. It only has to made public security issues, it has argued repeatedly.

During the long legal process, the court dismissed a related claim that Samsung has misled consumers by offering a 16GB hard drive on the phone when in reality it was more like 8GB after you account for the operating system and related apps that are pre-installed on the phone.

After spending years in the courts, the case was due to go to trial when the company and the plaintiff’s lawyer hashed out an agreement. The plaintiff, Daniel Norcia, will get $7,500 for his trouble. In agreeing to settle, his lawyers stressed that part of their reasoning was how aggressively Samsung had fought the case.

“Samsung has vigorously contested liability in this case, including through two partially successful dispositive motions and an appeal to the Ninth Circuit seeking the enforcement of an arbitration clause… Plaintiff’s sole remaining claim against Samsung is a claim under the ‘unfair’ prong for unfair business practices under the UCL.”

Safety issue

Even after five years in the courts, it still hadn’t been agreed that there was even a case to answer for Samsung cheating on the benchmark tests because, under California law, Samsung said it was under no duty to disclose its code.

Which is in stark contrast to what happened with Volkswagen when it was caught doing a very similar thing with emissions tests on its diesel cars. In that case, Volkswagen added software to detect whether it was being tested and then temporarily adjusted its system to provide better test results.

Its CEO resigned, the company had to pay a $2.8bn fine for cheating and several of its executives have been charged with fraud and conspiracy. That’s the difference between a government-mandated test and a consumer test.

As for the actual details in the Samsung case, it added code into the firmware of the Galaxy S4 with the Qualcomm Snapdragon 600 processor that automatically put the CPU’s voltage/frequency into its highest state, immediately using all four processing cores, when it detected a range of benchmarking apps, including Geekbench, Quadrant, Antutu, Linpack, SunSpider, Rightware and GFXBench. As soon as those apps aren’t detected, the processors ran at a lower speed.

The lawsuit [PDF], through various iterations imposed by the legal process, ended up claiming that this process amounted to Samsung making false representations to people that ran benchmarking apps, in the knowledge that they would then be passed onto consumers who would in turn be influenced in their purchase decision.

In settling, Samsung admits no wrongdoing but has agreed “to require the entity from which it purchases new Samsung smartphones to confirm that such smartphones have not been pre-loaded with software that detects and boosts the performance scores from benchmarking applications.”

Wait until 2024…

Or, in other words, not cheat in critical speed tests. But only for three years and then Samsung could, if it so wanted, go back to fudging the tests. Although pretty much everyone is now on the lookout for mobile phone companies that try to cheat on such tests.

TAG, you’re s*!t: Internet advertising industry bods admit self-policing approach is a sham

READ MORE

So, if you are one of the 10 million people that bought a Galaxy S4 back in 2013 for $649 (or around $250 with a service contract), you should be receiving an email informing you about the settlement with a link to apply to receive your $10, yes ten whole dollars! Maybe you can go to the movies, by yourself.

And if you didn’t provide an email to whoever you bought your phone from with your email address, then you need to buy USA Today every Monday for the next few months and look in the Legal Notices or Money section for details on the settlement.

This is a really good system and it has worked extremely well to everyone’s benefit – and anyone who tells you different is mad. ®

Sponsored: Delivering on the multi-cloud dream: Clear strategies for success

Let’s hope that ‘take this job and shove it’ moment was worth it

A former system admin for a US Army contractor has been sentenced to two years behind bars for trashing his employer’s network on his way out the door.

Barrence Anthony, 40, of Waldorf, Maryland, was given the sentence by US District Judge Leonie Brinkema in the Eastern District of Virginia court after pleading guilty to one count of accessing a protected computer without authorization.

In December of 2016, Anthony learned his job with government contractor Federated IT was soon to be terminated. Anthony, who had been assigned as an administrator for a series of AWS servers managed for the US Army Chaplain Corps, responded by removing all admin accounts apart from his own and having DNS registration transferred to his name.

This resulted in an outage of the Army’s Chaplain Corps Religious Support System as pastoral staff were unable to log into the portal and students were locked out of training materials.

Anthony went on to delete critical project files from the server, including network diagrams and login information for the AWS accounts, while also making backups of the machine’s data for his personal use. In the following weeks it is said that Anthony, who by now had been terminated, also launched a series of denial of service attacks against the Army’s AWS servers to further disrupt the portal.

Rogue IT admin goes off the rails, shuts down Canadian train switches

READ MORE

“He specifically targeted his actions to do harm to one of the company’s most lucrative contracts with the US Army Chaplain Corps,” the DOJ said in announcing the two-year sentence.

“The proprietary information that Anthony took was specifically built for the US Army Chaplain Corps and the victim company assigned it a value of over $1m. The cyber sabotage also disrupted a Chaplaincy Resource Management Course in Jackson, South Carolina, impacting 19 chaplain corps students.”

Anthony’s legal team countered that while he did make backups of the data, he never used that information and the $1m estimate for damage caused was overblown. They also noted that well into 2017, long after he had left the company, Federated left Anthony’s access rights to the AWS servers active, without any further incidents occurring.

In addition to two years with credit for time served, Anthony has been ordered to pay Federated IT $49,233.09 in restitution and will get three years supervised release once he is out of prison. ®

Sponsored: Beyond the Data Frontier

Worried customers of the defunct pawnbroker Albemarle & Bond (A&B) have been told they can collect their pawned goods from branches of rival chain H&T.

Many have faced difficulties redeeming items used as collateral for loans after 116 A&B pawn shops shut abruptly earlier this month.

Some even feared goods such as jewellery and gold would never be returned.

H&T said its “immediate focus” was to support A&B’s 30,000 customers.

The firm has agreed to buy £8m worth of loans linked to customers’ belongings – known as “pledge books” – from Speedloan Finance, which had traded under the name Albemarle & Bond.

The deal will mean customers of A&B can redeem or extend their existing loans at H&T’s 248 UK pawn shops.

Customers were taken by surprise when A&B abruptly ceased trading earlier in September, blaming “significant” financial losses.

Pawned items at its shops were swiftly moved to a central storage facility in Oxford, giving customers little chance to redeem them. And there was outcry when many were unable to get through to the company’s helpline to find out about the whereabouts of their goods.

Many customers also did not feel comfortable about transferring large sums of cash to A&B over the phone, given its financial position, in order to retrieve their goods.

Nor did they want to have precious items returned to them by post.

Part-time cleaner Jackie Alderson pledged 10 rings and two necklaces – some of which were inherited from her late parents – as collateral for a loan from A&B .

“I tried calling them hundreds and hundreds of times but no answer,” she told the BBC. “It left me in tears.”

When she finally got through she was given the option of redeeming the items, but she did not like the idea of having to transfer £1,200 to A&B over the phone. “I wanted to pick it up in person,” she said.

The delay in redeeming her goods has already cost her £80 in additional interest on her loan, Ms Alderson said.

‘We deeply apologise’

H&T said customers would now be able to call its helpline and get their goods sent to branches of H&T near where they live.

In the rare instances where there is no H&T shop nearby, the firm said it would send goods directly to customers.

Kohei Ogawa, the head of Daikokuya Holdings, owner of A&B, said: “We deeply apologise to customers for any uncertainty and upset caused by our decision to close in the UK.

“Once we decided to do this, we had to move quickly, in order to secure more than 35,000 customer pledges in our central secure facility.

“This agreement with H&T is a good outcome for customers and will enable them to redeem or extend their pledges with minimal disruption.”

The deal with H&T does not include A&B’s stores, which all remain shut. About 400 staff have also been made redundant, although H&T said it had hired a number of them to work in its own shops.

US wants to take St. Vitamin, the yacht of Yevgeniy Prigozhin

On Monday, the US Department of the Treasury (DoT) expanded its sanctions against entities associated with the Internet Research Agency (IRA), the Russian organization accused of meddling with US elections in 2016 and 2018.

The DoT said it had taken action against Russian entities and individuals that allegedly tried to interfere with the 2018 US midterm elections, even as the agency insisted, “there was no indication that foreign actors were able to compromise election infrastructure that would have prevented voting, changed vote counts, or disrupted the tallying of votes.”

DoT’s Office of Foreign Assets Control announced sanctions against four organizations, seven individuals, three aircraft and a yacht associated with Yevgeniy Prigozhin, the Russian financier, who is accused of bankrolling the Internet Research Agency.

Prigozhin has been sanctioned by the DoT twice before in 2016 and 2018 for alleged involvement with IRA electoral influence operations. He was indicted by a US grand jury, along with twelve other defendants, for conspiracy and fraud based on the findings of Special Prosecutor Robert Mueller.

The sanctions are the first under Executive Order 13848, which authorizes punitive action against foreign entities and individuals determined to have interfered with US elections.

“As a result of today’s designations,” the DoT said in a statement, “all property and interests in property of these persons, including the identified aircraft and vessel, that are or come within the possession of US persons are blocked, and US persons are generally prohibited from engaging in transactions with them.”

Russian ‘troll factory’ firebombed – but still fit to fiddle with our minds

READ MORE

In other words, were Prigozhin careless enough to take one of his private jets, designated M-VITO, VP-CSP, and M-SAAN, or his yacht, St. Vitamin, to the US or a US controlled-territory, he’d be unlikely to get it back. Chances are he would be arrested if identified on US soil. The DoT sanctions are also intended to deter third-parties from servicing these transport craft.

“Free and fair elections are the cornerstone of American democracy, and we will use our authorities against anyone seeking to undermine our processes and subversively influence voters,” said Secretary Steven Mnuchin. “This Administration will work tirelessly to safeguard our electoral process, and will aggressively pursue any other foreign actor that attempts to interfere in the 2020 elections.”

Mnuchin earlier this year refused to release President Trump’s tax returns to Congress, arguing that House Ways and Means Committee chairman Richard Neal’s request “lacks a legitimate legislative purpose.”

One of the reasons cited for reviewing Trump’s tax returns is to determine whether any transactions can be tied to Russian electoral interference. ®

Sponsored: What next after Netezza?

It should be illegal not to report child abuse, victims have told the child abuse inquiry at the start of its investigation into boarding schools.

The Independent Inquiry into Child Sexual Abuse heard of an “overwhelming body of evidence” to support the introduction of “mandatory reporting”.

The inquiry was given a summary of past emotional, physical and sexual abuse at private residential schools.

A senior IICSA lawyer warned that such abuse could happen again.

The residential schools phase is one of 14 separate investigations by the inquiry.

In 2016, the government in England carried out a consultation which examined the case for mandatory reporting – and this is a field where the inquiry is likely to make key recommendations.

If a law were introduced, it would be illegal for professionals working with children not to pass on reports of abuse.

In 2014, Wales introduced a duty to inform authorities of suspicions.

The inquiry is beginning two weeks of hearings looking at how to prevent abuse happening again, with a focus on residential private boarding schools, along with special schools for music and for children with special needs.

A ‘rotten’ institution

The inquiry’s lead counsel read a summary of harrowing evidence of past abuse at seven private boarding schools, all of which have been closed or taken over by other bodies.

Fiona Scolding QC described the abuse at St William’s in Yorkshire, run by the De La Salle Brothers, a Roman Catholic order until 1992.

She said boys were raped and sexually assaulted by the head teacher, Brother James Carragher, and other teachers.

“This institution,” she said, “seems to be rotten to its very core”.

The inquiry also heard that at Sherborne Prep school the head teacher, Robin Lindsay, would walk around in his pyjamas, “exposing himself, stinking of alcohol and tobacco,” she said.

But his behaviour continued “unimpeded” for 24 years. He was regarded as eccentric, despite being a “fixated paedophile” who posed a risk to children.

He died in 2016.

The inquiry has examined past abuse at Ashdown House, in East Sussex, once attended by Prime Minister Boris Johnson.

Evidence against one teacher, Martin Haigh, between 1973 and 1975, was set out in detail to the inquiry.

He would make boys masturbate, while standing in a circle, telling them it was a “scientific exercise”.

The headmaster of two schools, St George’s and Dalesdown, Derek Slade, committed “calculated, and deliberate brutality”.

“Every student was scared witless of him,” Ms Scolding told the inquiry.

After fleeing abroad, having used the identity of a dead child, Slade was convicted of serious child abuse in 2010 and jailed for 21 years. He died behind bars.

Ms Scolding said there were few procedures for safeguarding, whistleblowing or staff training in those days.

“Before individuals start decrying red tape and bureaucracy, they may wish to reflect that in an era of almost total self-regulation, these kinds of behaviours went unchecked and undiscovered.”

She said the current system may have improved, but she said there were still many cases where abuse could happen.

Chetham’s School

The inquiry will also look at more concerns about four music schools, in particular, Chetham’s in Manchester where Michael Brewer abused one of his students, Frances Andrade, in the 1970s and 1980s.

Ms Andrade took her own life after giving evidence against him in 2013.

Another teacher Christopher Ling, who taught strings, acted like a “rather dated lothario”, Ms Scolding said.

“He is described as having a leather jacket, unbuttoned shirts and a medallion, crocodile shoes and a sports car,” said Ms Scolding.

He moved to the United States in the 1990s and shot himself dead when police came to arrest him at his home for extradition to the UK.

Ms Scolding said in the 1980s and 90s he “operated a system of punishment and reward, lowering the children’s self-esteem and confidence and making them entirely in his thrall, then engaging in sexual activity with them”.

Lawyer Richard Scorer said Chetham’s victims had been let down by their school.

“The support has been non-existent. There has been no attempt to reach out to former pupils.”

He also criticised the Crown Prosecution Service for failing to prosecute Ling.

On the eve of the inquiry, a spokesman for Chetham’s said: “It is a matter of deep and profound regret to Chetham’s that former teachers at our school betrayed and manipulated the trust that had been placed in them in order to harm children for which we are truly sorry.”

A police force has auctioned off more than £240,000 of cryptocurrency confiscated from a teenage hacker.

The Eastern Region Special Operations Unit sold the stash, which included Bitcoin, Ripple and Ethereum, in what it said was a first for UK police.

It is understood the currency came from Elliott Gunton, of Old Catton, near Norwich, who received a jail sentence for hacking internet provider TalkTalk.

The unit said the money raised would go towards fighting crime.

The assets were sold in small lots by Wilsons Auctions and all bidders were approved users of cryptocurrency, to ensure the digital money could not fall back into criminal hands.

‘No place to hide’

Det Ch Insp Martin Peters, of the Eastern Region Special Operations Unit, said: “Asset recovery in a digital world has evolved, so it’s really important that, working alongside commercial partners, we have a clear process for the storage and sale of cryptocurrency.

“This goes to show there is no place to hide criminal assets – we are constantly developing our techniques and capabilities to ensure that proceeds of crime are either given back to the rightful owner or, as in this case, are reinvested in crime.”

Gunton pleaded guilty to computer misuse and money-laundering among other offences and was jailed for 20 months and given a three-year community order.

He had offered to supply compromised personal data, including mobile phone numbers, for others to use for criminal purposes, such as intercepting calls and texts to commit fraud.

He advertised his services in exchange for Bitcoin, in a bid to hide the payments from police.

Meanwhile, Gunton’s parents Carlie and Jason have admitted helping him by moving ill-gotten cryptocurrency from a seized Bitcoin wallet.

His mother pleaded guilty at Norwich Crown Court to transferring criminal property, while his father admitted the same charge at an earlier hearing. He also admitted perverting the course of justice.

They are due to be sentenced at the same court on Wednesday.