TIL Safari on iOS 12 has built-in protection against fake software keyboard


Safari on iOS 12 has a security mechanism in place to make sure malicious websites aren’t displaying a software keyboard that mimics the iOS one in order to act as a keylogger.

To trigger the warning: open a webpage in full-screen mode, for example a full-screen video on YouTube’s mobile website. Then tap several times at the bottom of the screen, as if you were typing on an invisible keyboard.

A warning message will appear telling you the website may be showing you a fake keyboard to trick you into disclosing personal or financial information.

Worth reading the comments on this page.

Note that this seems to only work on an iPad (something to do with the way iPad supports a full-screen mode that iPhone does not).

I have not been able to replicate this, but I am running a beta, so that might be an issue. A number of people have replicated this. If you can, please do ping me with specifics.

And here’s a screen shot of the warning message.

Jeff Benjamin’s Apple Watch Series 4 video

[VIDEO] The beginning of the video (embedded in the main Loop post) is all about unboxing. If you want to skip ahead to the actual features, jump to about five minutes in.

One thing Jeff does that really shows off the difference between Apple Watch Series 3 and Series 4? He puts both on his wrist at the same time, so you really get a sense of how much more screen real estate you get with the Series 4. Nicely done.

How to delete Facebook and not lose your friends (and photos)

This was an interesting read, an update on downloading your Facebook data more than anything else. The author ends up with a JSON version of their friend list, which is really just a list of friend names.

It’d be interesting if there was a way to end up with a JSON list of links to your friends as part of this process. Though, personally, I’m shed of the whole thing.

AnandTech’s iPhone XS and XS Max review

This is a really detailed review, with no kowtowing to Apple. One particular point worth highlighting:

The Apple A12 is a beast of a SoC. While the A11 already bested the competition in terms of performance and power efficiency, the A12 doubles down on it in this regard, thanks to Apple’s world-class design teams which were able to squeeze out even more out of their CPU microarchitectures. The Vortex CPU’s memory subsystem saw an enormous boost, which grants the A12 a significant performance boost in a lot of workloads. Apple’s marketing department was really underselling the improvements here by just quoting 15% – a lot of workloads will be seeing performance improvements I estimate to be around 40%, with even greater improvements in some corner-cases. Apple’s CPU have gotten so performant now, that we’re just margins off the best desktop CPUs; it will be interesting to see how the coming years evolve, and what this means for Apple’s non-mobile products.

Good read.

TidBITS: Why SMS is not reliable for two factor authentication

Glenn Fleishman, TidBITS:

Many Web sites and apps now offer two-factor authentication (2FA), which requires you to enter a short numeric code—the so-called second factor—in addition to your username and password. These temporary codes are either sent to you via text message or are generated by an authentication app. In iOS 12 and macOS 10.14 Mojave, Apple has streamlined entering such codes when sent via an SMS text message, reducing multiple steps and keyboard entry to a single tap or click.

I explain just below how this new feature works, but I also want to raise a caution flag. SMS is no longer a reliable way to send a second factor because it’s too easy for even small-time attackers to intercept those messages.

Read the article, especially the section titled “It’s Easy to Hijack SMS Codes”.

Oddly satisfying videos

[VIDEO] These videos (the first one is embedded in the main Loop post) really click for me. There’s a sense of the real world about these objects, a sense of gravity-obeying mass.

Apple’s new proprietary software locks kill independent repair on new MacBook Pros

Jason Koebler, Motherboard:

Apple has introduced software locks that will effectively prevent independent and third-party repair on 2018 MacBook Pro computers, according to internal Apple documents obtained by Motherboard. The new system will render the computer “inoperative” unless a proprietary Apple “system configuration” software is run after parts of the system are replaced.

According to the document, which was distributed to Apple’s Authorized Service Providers late last month, this policy will apply to all Apple computers with the “T2” security chip, which is present in 2018 MacBook Pros as well as the iMac Pro.

I’m looking forward to reading a response from Apple on this issue. I can’t imagine, if true, that this is an effort from Apple to keep all those sweet, sweet repair dollars all to themselves. I’d expect this has something to do with protecting the chain of security, preventing malware from somehow gaining a foothold.

Grain of salt.

PSA: When you switch phones and you have your health data in the cloud, be very, very patient for it to come back

Reddit user u/pilif:

Since September of 2016 I’m running daily and tracking the runs with the Apple Watch. Sometime last year, I have told iCloud to store the health data in the cloud and now that I have updated to an XS Max, I noticed that most of my past workout data was gone.

Don’t worry though – it’s still there, the phone downloaded 2228 (in my case) files that contain the actual workout data and it’s processing them one by one.

But the kicker: This can only run while the phone is unlocked. When it’s locked, /var/mobile/Library/Health becomes inaccessible and the process stops.

This is a solid PSA. I hear complaints about lost “ring closing” data all the time, from people who switch to a new iPhone and fear they’ve lost their workout history. Read the rest for a way the more ambitious of you can track the transfer progress.

Secret Amazon brands are quietly taking over Amazon.com


Arabella. Lark & Roe. Mae. NuPro. Small Parts.

You might not know it from their names, but these brands all belong to Amazon.


Amazon’s private label business is booming, on pace to generate $7.5 billion this year and $25 billion by 2022, according to estimates from investment firm SunTrust Robinson Humphrey. To accelerate that growth, the company is inviting manufacturers to create products exclusively for its collection of private brands.


Amazon’s push into private labels could threaten the third-party sellers who do business on its website, and are important to the company’s own bottom line.


The massive volume of stuff peddled by third-party sellers also creates problems. Amazon at times has struggled to police offensive products, or to banish counterfeits from the marketplace. Private label brands created by Amazon and manufacturers it works with exclusively could help the company get a tighter grip on the quality of merchandise sold across the site.

I’ve long encountered AmazonBasics labeled products, such as these Lightning cables. But this is different. These appear as private-label brands and compete directly with all the other private-label brands but with a clear, home-field advantage.

DxOMark detailed review of iPhone XS Max camera

Read the review. There’s a lot to process, lots of images to look through.

One tiny detail (out of many):

It is also worth mentioning that, thanks to the beefed-up processor, the iPhone XS Max is capable of displaying HDR images in real-time in the preview image, so what you see is what you get. As far as we are aware, this feature is not currently available from any of the device’s close competitors.

Computational photography is becoming a more and more important part of the smartphone camera space. This is certainly a strong point for Apple.

The raw power of the Apple Watch Series 4

Watch the video embedded in this tweet. As the wheel turns, keep your eye on the little balls:


That’s not a simulator. That’s an app running on an Apple Watch Series 4. I wish the video was a bit longer, just to make it easier to appreciate the physics of the turning wheel and the gravity-obeying balls. There’s a lot of math going on and it’s all being rendered in real time.


Incredibly detailed Lego model of Apple Park


This mini version of Apple’s Cupertino campus is made entirely of Lego, and was modelled on drone footage taken during construction.

The Lego Apple Park depicts the 175-acre (71-hectare) expanse of California’s Santa Clara Valley at 1/650th of its real size. The model includes Apple’s Foster + Partners-designed ring-shaped headquarters, ancillary buildings, and large areas of surrounding foliage.

Follow the link to read about the project and check out some closeups. [H/T Roman Meliška]

Apple strongly denies Bloomberg report of Chinese spy chips in hardware

From this morning’s Bloomberg report titled The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies:

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.


One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world’s most valuable company, Apple Inc. Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons.

Apple’s response to Bloomberg:

“On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” Apple wrote. “We remain unaware of any such investigation,” wrote a spokesman for Supermicro, Perry Hayes. The Chinese government didn’t directly address questions about manipulation of Supermicro servers, issuing a statement that read, in part, “Supply chain safety in cyberspace is an issue of common concern, and China is also a victim.” The FBI and the Office of the Director of National Intelligence, representing the CIA and NSA, declined to comment.

And another Apple reply, from this CNBC article:

Apple has issued strong denials of the report, stating: “We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple.”

The Bloomberg article is a fascinating read. Scary possibilities, and amazing that someone figured this out.

Every Apple TV screensaver: 4K, 60FPS, and 20x speed

[VIDEO] If you are at all a fan of the Apple TV flyover screensavers, this video (embedded in the main Loop post) is terrifically fun to watch.

Here’s the order of the clips, from the video info section:

  • 00:00 China – 6 clips (3 clips 4K, 3 clips 1080p)
  • 01:29 Dubai – 6 (4K)
  • 03:33 Greenland – 3 (2x 4K, 1x 1080p)
  • 04:48 Hawaii – 6 (1080p)
  • 06:00 Hong Kong – 5 (4K)
  • 08:23 Int’l Space Station – 13 (4K) ⭐️locations below⭐️
  • 10:57 Liwa – 1 (4K)
  • 11:18 London – 4 (1080p)
  • 12:16 Los Angeles – 6 (4K)
  • 14:17 New York City – 5 (1080p)
  • 15:15 San Francisco – 11 (1080p)

ISS Locations:

  • 08:23 Africa (night)
  • 08:35 Africa and the Middle East
  • 08:52 California to Vegas
  • 09:01 Caribbean
  • 09:12 Caribbean Day
  • 09:30 China
  • 09:32 Iran and Afghanistan
  • 09:37 Ireland to Asia
  • 09:47 Korea and Japan (night)
  • 10:01 New Zealand
  • 10:12 Sahara and Italy
  • 10:29 Southern California to Baja
  • 10:44 West Africa to the Alps


Shot on iPhone XS: Users share their best

Follow the link, and just start scrolling. These are some gorgeous photos. If you’ve not felt the pull to upgrade to the iPhone XS, this will definitely tug that particular string.

Google streaming a blockbuster video game

Google blog:

We’ve been working on Project Stream, a technical test to solve some of the biggest challenges of streaming. For this test, we’re going to push the limits with one of the most demanding applications for streaming—a blockbuster video game.

We’ve partnered with one of the most innovative and successful video game publishers, Ubisoft, to stream their soon-to-be released Assassin’s Creed Odyssey® to your Chrome browser on a laptop or desktop. Starting on October 5, a limited number of participants will get to play the latest in this best-selling franchise at no charge for the duration of the Project Stream test.


The idea of streaming such graphically-rich content that requires near-instant interaction between the game controller and the graphics on the screen poses a number of challenges. When streaming TV or movies, consumers are comfortable with a few seconds of buffering at the start, but streaming high-quality games requires latency measured in milliseconds, with no graphic degradation.

This is a big deal. This is less about streaming a video game and more about making a major improvement to streaming latency. This has implications in the gaming console market, for sure, reducing the need for a high end console that is separate from a desktop computer.

But this also might impact the delivery of video itself, impacting services like Netflix and YouTube. Very interesting.

Why cops can force you to unlock your iPhone with your face, and how to disable Face ID


“Big picture, a warrant is required for the search of a device except in certain circumstances at the border,” says Greg Nojeim, director of the Freedom, Security and Technology Project at the Center for Democracy & Technology. In the newly reported Face ID case, police did have a warrant to compel 28-year-old Grant Michalski of Ohio to unlock his smartphone, and Michalski has gone on to face child pornography charges.


“There might be less intrusion and physical coercion with forcing a faceprint versus a fingerprint.”

This is an important test case and precedent and this Wired article is an interesting read.

In related news, in New Zealand, Travellers refusing to hand over phone password at airport now face $5000 Customs fine. That’s one way to get folks to hand over the keys.

And finally, here’s how to disable Face ID:


Apple adds support for contactless student ID cards in Wallet


Starting today, students at three universities are among the first to enjoy the convenience of using just their iPhone and Apple Watch to get around on and off campus. At Duke University and the Universities of Alabama and Oklahoma, students can now add their ID card to Apple Wallet and use it to pay quickly and easily for laundry, coffee or lunch, and even get into their dorms, the gym or the school library.

This is a brilliant move, making iOS desirable for every new generation of students.

Amazon raises minimum wage to $15 for all US employees


Amazon today announced it is increasing its minimum wage to $15 for all full-time, part-time, temporary (including those hired by agencies), and seasonal employees across the U.S.—effective November 1. The new Amazon $15 minimum wage will benefit more than 250,000 Amazon employees, as well as over 100,000 seasonal employees who will be hired at Amazon sites across the country this holiday.

This more than doubles the current hourly rate of $7.25.

Definitely a step in the right direction for Amazon, addressing one of its biggest criticisms. It’d be nice if they enhanced this move by making it easier for part time employees to work enough hours to get health benefits.

New iPhone ad: Growth Spurt

[VIDEO] Hard to wrap my head around this one. Watch the commercial (embedded in the main Loop post), then read on.

Watched it? OK. To me, the ad had nice special effects, was humorous, but seemed to be about the zoom lens, as if when you take a picture, things will appear larger. The focus was on the camera.

But check the text at the bottom of the ad page:

Everything you love just got bigger. Introducing iPhone XS and iPhone XS Max. Super Retina in two sizes, including the largest display on an iPhone ever.

So it’s about the display being bigger, not about the camera. Confusing message.

Feds force suspect to unlock an Apple iPhone X with their face

You cannot be forced to reveal your passcode. But Face ID is a whole different issue.

Could you defeat Face ID simply by refusing to focus on the device? And does the law allow for you to be forced to unlock your phone using your face?

“The law is not well formed to provide the intuitive protections people think about when they’re using a Face ID unlock,” Jennings said. “People aren’t typically thinking [when they use Face ID] that it’s a physical act so I don’t have this right against self-incrimination.”

Current law, obviously, was written before Face ID was a thing. So I’d expect challenges to make their way up the appeals court ladder, possibly being decided by the Supreme Court. And I’d expect new laws to be crafted specifically to address Face ID.

Fascinating issue.

Professional queuers left out in the cold at Moscow iPhone launch


Hundreds of Russians braved the cold and rain to queue for days outside a Moscow phone store ahead of the release of the new Apple iPhones on Friday, but when the doors opened none stepped in to buy.


Banking on strong enthusiasm for the phones, which have drawn days-long queues outside stores in Singapore, Sydney and elsewhere, the queue sellers set the price of the first place at 450,000 roubles ($7,000).

Basically, the queue sellers were banking on very limited stock. But:

The store manager called out ticket numbers to invite in the first buyers, but his calls went unanswered.

Eventually, ticket holder number 247 came to the door and Russian photographer Anatoly Doroshchenko, who had arrived that morning and didn’t pay for the right to queue-jump, became the first purchaser in Russia of one of the new phones.

Sad trombone.

iPhone XS users complain about skin-smoothing selfie camera

Juli Clover, MacRumors:

Over the course of the last week, the front-facing camera in the iPhone XS and XS Max has been receiving a lot of attention because the selfies captured on the new devices are drastically different from those captured with the iPhone X or earlier iPhone models.

In a MacRumors forum thread and on Reddit, Apple has been accused of using a skin-smoothing feature or a “beauty filter” for prettier selfies from the front-facing camera.


When taking a selfie in a situation where lighting is less than ideal, such as indoors or outdoors in areas with lower lighting, the iPhone XS Max appears to be applying a drastic smoothing effect that can hide freckles, blemishes, and other issues.

More to the point:

In full outdoor lighting the problem is less apparent, which has led to speculation that the skin smoothing is actually a result of some heavy-handed noise reduction techniques.

The iPhone intentionally applying a “beauty filter” without specifically calling out a setting just doesn’t click for me. Heavy handed noise reduction or, perhaps, over zealous Smart HDR sounds more likely.

Turning off HDR does not remove the smoothing effect, nor does tweaking any other camera setting, so if the ultra skin smoothing is a result of something like unintentional excessive noise reduction, it needs to be tweaked on Apple’s end through a software update.

Couple of things to look at here:

My instinct here is that we are seeing unintended consequences, perhaps driven by machine learning, rather than an intentional “beautifying filter”.

Inside iOS 12: Photos

Jeff Carlson, writing for TidBITS, digs into what’s changed with the iOS 12 version of Photos.

At the core is that new For You tab. Good stuff.

The Evolution of the App Store and the App Business

Denys Zhadanov:

Why can I talk about the App Store so confidently? I have spent the last decade heading Marketing and Strategy operations at Readdle. Readdle is one of the few product companies out there that has had a presence in the App Store from the beginning and has built a successful business around it. If you have an iPhone, you’ve probably used our Documents, Spark, and Scanner Pro apps. We’ve been an independent company throughout this decade, without raising external funding; and over 100M people have downloaded our apps. Our 135 person team has built more than 40 products. 32 of them failed, but we didn’t give up.


By the way, our service was available on iPhones before the App Store launched in 2008, a year after the original iPhone went on sale.


Then, the call that changed our lives for good.

It was a call from the Apple HQ in Cupertino. We were sitting in Odessa when a voice over the phone briefed us, “We’re launching the App Store soon. Here’s a deadline, build an app, and maybe we’ll add it to the App Store.”

I love this story. If you are interested in the evolution of the App Store or have ever considered writing an app of your very own, put your feet up and dig in. Who better to talk App Store success than someone who was there from day one?

Twins show off logging into each other’s iPhone XS Max using Face ID

The whole identical twins logging into each other’s Face ID has been around since the beginning, but these two are just so delighted with their new “iPhone XS Plus” and the process of using their twin superpower to fool Face ID, thought it was worth sharing.

If anything, this shows how well Face ID works for normal people, even if they add a beard or a hat to their appearance.

iOS 12.1 beta shows how eSims are implemented

I am really looking forward to adding a second phone number or data plan to my phone for traveling overseas. The sense I get is that this will take time to roll out to various carriers, but I would hope that would happen reasonably quickly.