October 9, 2018

This is the actual letter Apple sent to Congress calling the recent Bloomberg account of compromised servers and a spy chip untrue.

This is interesting both for the content of the letter (it’s short, an easy read) and the fact that you are seeing a copy of the actual letter.

October 8, 2018

Why this watch costs over $450,000

This level of watch and their valuation always fascinates me. Not just for the incredible workmanship of the watches but because, generally, I find the individual watches to be butt ugly. But that may just mean I’m uncultured.

Over the years we’ve received feedback that people want to better understand how to control the data they choose to share with apps on Google+. So as part of Project Strobe, one of our first priorities was to closely review all the APIs associated with Google+.

This review crystallized what we’ve known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds.

Seriously, who didn’t see this coming… five years ago.

Reddit:

Safari on iOS 12 has a security mechanism in place to make sure malicious websites aren’t displaying a software keyboard that mimics the iOS one in order to act as a keylogger.

To trigger the warning: open a webpage in full-screen mode, for example a full-screen video on YouTube’s mobile website. Then tap several times at the bottom of the screen, as if you were typing on an invisible keyboard.

A warning message will appear telling you the website may be showing you a fake keyboard to trick you into disclosing personal or financial information.

Worth reading the comments on this page.

Note that this seems to only work on an iPad (something to do with the way iPad supports a full-screen mode that iPhone does not).

I have not been able to replicate this, but I am running a beta, so that might be an issue. A number of people have replicated this. If you can, please do ping me with specifics.

And here’s a screen shot of the warning message.

The beginning of the video is all about unboxing. If you want to skip ahead to the actual features, jump to about five minutes in.

One thing Jeff does that really shows off the difference between Apple Watch Series 3 and Series 4? He puts both on his wrist at the same time, so you really get a sense of how much more screen real estate you get with the Series 4. Nicely done.

This was an interesting read, an update on downloading your Facebook data more than anything else. The author ends up with a JSON version of their friend list, which is really just a list of friend names.

It’d be interesting if there was a way to end up with a JSON list of links to your friends as part of this process. Though, personally, I’m shed of the whole thing.

This is a really detailed review, with no kowtowing to Apple. One particular point worth highlighting:

The Apple A12 is a beast of a SoC. While the A11 already bested the competition in terms of performance and power efficiency, the A12 doubles down on it in this regard, thanks to Apple’s world-class design teams which were able to squeeze out even more out of their CPU microarchitectures. The Vortex CPU’s memory subsystem saw an enormous boost, which grants the A12 a significant performance boost in a lot of workloads. Apple’s marketing department was really underselling the improvements here by just quoting 15% – a lot of workloads will be seeing performance improvements I estimate to be around 40%, with even greater improvements in some corner-cases. Apple’s CPU have gotten so performant now, that we’re just margins off the best desktop CPUs; it will be interesting to see how the coming years evolve, and what this means for Apple’s non-mobile products.

Good read.

Glenn Fleishman, TidBITS:

Many Web sites and apps now offer two-factor authentication (2FA), which requires you to enter a short numeric code—the so-called second factor—in addition to your username and password. These temporary codes are either sent to you via text message or are generated by an authentication app. In iOS 12 and macOS 10.14 Mojave, Apple has streamlined entering such codes when sent via an SMS text message, reducing multiple steps and keyboard entry to a single tap or click.

I explain just below how this new feature works, but I also want to raise a caution flag. SMS is no longer a reliable way to send a second factor because it’s too easy for even small-time attackers to intercept those messages.

Read the article, especially the section titled “It’s Easy to Hijack SMS Codes”.

October 7, 2018

Reuters:

The U.S. Department of Homeland Security said on Saturday it currently had no reason to doubt statements from companies that have denied a Bloomberg report that their supply chains were compromised by malicious computer chips inserted by Chinese intelligence services.

“The Department of Homeland Security is aware of the media reports of a technology supply chain compromise,” DHS said in a statement.

“Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story,” it said.

This story just keeps getting stranger and stranger.

New York Times:

There may be no more perfectly satisfying treat than a Canadian butter tart. It is small and sweet, bracingly so, with hints of butterscotch and caramel. And each bite delivers three textures: flaky crust, chewy top, gooey center. While its exact origins may never be found, the tart became popular in Ontario in the early 20th century and spread across Canada thanks to its inclusion in the 1913 “Five Roses Cook Book.” Today there are numerous variations. Runny or firm? Raisins or plain? This recipe can be adapted to please all partisans.

I had no idea butter tarts were a Canadian thing until I moved to the US. I just assumed everyone enjoyed these yummy little desserts. It is definitely a delicious holiday tradition for many of us in Canada and, even better, fairly easy to make.

Happy Thanksgiving to all of our Canadian readers!

Silver man secret revealed London street performer, floating and levitating trick

I used this video to blow my kid’s mind this morning.

October 6, 2018

iFixit:

Well, stop the presses. Turns out, ‘Apple makes your MacBook inoperative if you get it fixed at local repair shops’ isn’t quite true—not yet, no matter what The Sun says. Our lab testing has found that independent (and DIY) repair is alive and well. But it is under threat.

This service document certainly paints a grim picture, but ever the optimists, we headed down to our friendly local Apple Store and bought a brand new 2018 13” MacBook Pro Touch Bar unit. Then we disassembled it and traded displays with our teardown unit from this summer. To our surprise, the displays and MacBooks functioned normally in every combination we tried. We also updated to Mojave and swapped logic boards with the same results.

That’s a promising sign, and it means the sky isn’t quite falling—yet.

As is often the case, the furor that arose from this earlier in the week is tempered with time. It doesn’t mean that Apple won’t turn this “feature” on in the future though.

New York Times:

The British street artist Banksy pulled off one of his most spectacular pranks on Friday night, when one of his trademark paintings appeared to self-destruct at Sotheby’s in London after selling for $1.4 million at auction.

The work, “Girl With Balloon,” a 2006 spray paint on canvas, was the last lot of Sotheby’s “Frieze Week” evening contemporary art sale. After competition between two telephone bidders, it was hammered down by the auctioneer Oliver Barker for 1 million pounds, more than three times the estimate and a new auction high for a work solely by the artist, according to Sotheby’s.

“Then we heard an alarm go off,” Morgan Long, the head of art investment at the London-based advisory firm Fine Art Group, who was sitting in the front row of the room, said in an interview on Saturday. “Everyone turned round, and the picture had slipped through its frame.”

This is a fascinating story. Did Sotheby’s know it was going to happen? Is the art destroyed? Has it become more valuable? What a great stunt.

October 5, 2018

Founded in 1958 by Bill Putnam Sr., Universal Audio has been synonymous with innovative recording products since its inception. A favorite engineer of Frank Sinatra, Nat King Cole, Ray Charles and more, the late Bill Putnam Sr. was a passionate innovator who is widely regarded as the father of modern recording — with many of his legendary studio and equipment designs still in use today.

I have long praised Universal Audio as my favorite music company. They don’t just model a plug-in to sound “something like” the original EQ, amp, or compressor, it is an exact replication of the analog gear. I trust all of my music to Universal Audio and have for many years. There is a video and story on their web site that gives you a bit more information on the company’s history.

CBS Sacramento:

You might see new faces at Apple stores across the Sacramento region because Apple has contracted with several local police departments to bring police officers in as extra security.

This follows a months-long rash of store thefts by a criminal ring. So far, that ring is suspected of stealing a million dollars worth of Apple products.

I suspected Apple would do this eventually in some locations. There were just too many of these kinds of smash and grab robberies happening. Obviously, this won’t prevent all of them but it will deter some.

These videos really click for me. There’s a sense of the real world about these objects, a sense of gravity-obeying mass.

Here’s the first one, called Pendulum vs Marble:

If you like this one, follow the headline link and watch the others.

Jason Koebler, Motherboard:

Apple has introduced software locks that will effectively prevent independent and third-party repair on 2018 MacBook Pro computers, according to internal Apple documents obtained by Motherboard. The new system will render the computer “inoperative” unless a proprietary Apple “system configuration” software is run after parts of the system are replaced.

According to the document, which was distributed to Apple’s Authorized Service Providers late last month, this policy will apply to all Apple computers with the “T2” security chip, which is present in 2018 MacBook Pros as well as the iMac Pro.

I’m looking forward to reading a response from Apple on this issue. I can’t imagine, if true, that this is an effort from Apple to keep all those sweet, sweet repair dollars all to themselves. I’d expect this has something to do with protecting the chain of security, preventing malware from somehow gaining a foothold.

Grain of salt.

Reddit user u/pilif:

Since September of 2016 I’m running daily and tracking the runs with the Apple Watch. Sometime last year, I have told iCloud to store the health data in the cloud and now that I have updated to an XS Max, I noticed that most of my past workout data was gone.

Don’t worry though – it’s still there, the phone downloaded 2228 (in my case) files that contain the actual workout data and it’s processing them one by one.

But the kicker: This can only run while the phone is unlocked. When it’s locked, /var/mobile/Library/Health becomes inaccessible and the process stops.

This is a solid PSA. I hear complaints about lost “ring closing” data all the time, from people who switch to a new iPhone and fear they’ve lost their workout history. Read the rest for a way the more ambitious of you can track the transfer progress.

Very interesting piece from Slate about the origins of the Internet. It’s a book excerpt, but does a nice job standing alone.

If you are interested in history, this is a nice roll-up of what is obviously a much more complex and detailed origin story.

Ben Lovejoy, writing for 9to5Mac, digs in to all sides of this Bloomberg said / Apple said issue, makes a compelling case to buy Apple’s denials.

Makes me wonder if we’ll ever know the truth. And, if it does turn out that Bloomberg got this wrong, will they ever own up to it?

Quartz:

Arabella. Lark & Roe. Mae. NuPro. Small Parts.

You might not know it from their names, but these brands all belong to Amazon.

And:

Amazon’s private label business is booming, on pace to generate $7.5 billion this year and $25 billion by 2022, according to estimates from investment firm SunTrust Robinson Humphrey. To accelerate that growth, the company is inviting manufacturers to create products exclusively for its collection of private brands.

And:

Amazon’s push into private labels could threaten the third-party sellers who do business on its website, and are important to the company’s own bottom line.

And:

The massive volume of stuff peddled by third-party sellers also creates problems. Amazon at times has struggled to police offensive products, or to banish counterfeits from the marketplace. Private label brands created by Amazon and manufacturers it works with exclusively could help the company get a tighter grip on the quality of merchandise sold across the site.

I’ve long encountered AmazonBasics labeled products, such as these Lightning cables. But this is different. These appear as private-label brands and compete directly with all the other private-label brands but with a clear, home-field advantage.

October 4, 2018

Apple:

The October 8, 2018 issue of Bloomberg Businessweek incorrectly reports that Apple found “malicious chips” in servers on its network in 2015. As Apple has repeatedly explained to Bloomberg reporters and editors over the past 12 months, there is no truth to these claims.

Apple provided Bloomberg Businessweek with the following statement before their story was published.

We quoted pieces of this strongly worded rebuttal/denial in our story this morning but here is the full text of what Apple sent to Bloomberg regarding the Businessweek story.

TidBITS:

Thanks to its health monitoring features, the new Apple Watch Series 4 will save lives, probably within weeks of launch. I’ve been on real calls that may have had happier endings had the person been wearing one. I don’t know if wearing one would have saved that first victim—probably not—but Apple should get full credit for building a mainstream device that will save some lives.

That doesn’t mean it’s perfect.

Rich Mogull is not only my go-to Mac Security guy, but he’s also been a licensed paramedic for many years. His perspective on this particular feature is very interesting.

European Data Protection Supervisor:

The European Data Protection Supervisor (EDPS) is pleased to announce that Tim Cook, CEO of Apple, will deliver the keynote speech at Debating Ethics, the public session of the International Conference of Data Protection and Privacy Commissioners, on Wednesday 24 October 2018.

Giovanni Buttarelli, EDPS, said: “We are delighted that Tim has agreed to speak at the International Conference of Data Protection and Privacy Commissioners. Tim has been a strong voice in the debate around privacy, as the leader of a company which has taken a clear privacy position, we look forward to hearing his perspective. He joins an already superb line up of keynote speakers and panellists who want to be part of a discussion about technology serving humankind.”

This is not (just) marketing fluff. This is a concerted effort by Apple to signal their intentions regarding customer data protection and security.

New York Times:

If you have hearing difficulties, the idea of spending hours watching a play may not be that attractive given the risk of key dialogue slipping from your grasp. The National Theater in London is hoping to change that.

On Wednesday, the theater introduced “smart caption glasses” that display dialogue on the lenses as actors speak. The glasses can be used without charge for the play “War Horse” and for the musical “Hadestown,” and they will be available for all of the theater’s 2019 season.

I went to an opera once and they had subtitles above the stage. While I really appreciated it, it was a bit distracting. The audience would “get the joke” before the singers had actually sung the lyric. While these glasses may be targeted at those with hearing difficulties, I can see it being a boon to a lot of different people attending productions.

Read the review. There’s a lot to process, lots of images to look through.

One tiny detail (out of many):

It is also worth mentioning that, thanks to the beefed-up processor, the iPhone XS Max is capable of displaying HDR images in real-time in the preview image, so what you see is what you get. As far as we are aware, this feature is not currently available from any of the device’s close competitors.

Computational photography is becoming a more and more important part of the smartphone camera space. This is certainly a strong point for Apple.

Watch the video embedded in this tweet. As the wheel turns, keep your eye on the little balls:

That’s not a simulator. That’s an app running on an Apple Watch Series 4. I wish the video was a bit longer, just to make it easier to appreciate the physics of the turning wheel and the gravity-obeying balls. There’s a lot of math going on and it’s all being rendered in real time.

Wow!

Dezeen:

This mini version of Apple’s Cupertino campus is made entirely of Lego, and was modelled on drone footage taken during construction.

The Lego Apple Park depicts the 175-acre (71-hectare) expanse of California’s Santa Clara Valley at 1/650th of its real size. The model includes Apple’s Foster + Partners-designed ring-shaped headquarters, ancillary buildings, and large areas of surrounding foliage.

Follow the link to read about the project and check out some closeups. [H/T Roman Meliška]

Ben Bajarin shared this on Twitter:

As Ben points out down the thread, obvious use cases (such as checking the time) were left out of the report.

From this morning’s Bloomberg report titled The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies:

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

And:

One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world’s most valuable company, Apple Inc. Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons.

Apple’s response to Bloomberg:

“On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” Apple wrote. “We remain unaware of any such investigation,” wrote a spokesman for Supermicro, Perry Hayes. The Chinese government didn’t directly address questions about manipulation of Supermicro servers, issuing a statement that read, in part, “Supply chain safety in cyberspace is an issue of common concern, and China is also a victim.” The FBI and the Office of the Director of National Intelligence, representing the CIA and NSA, declined to comment.

And another Apple reply, from this CNBC article:

Apple has issued strong denials of the report, stating: “We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple.”

The Bloomberg article is a fascinating read. Scary possibilities, and amazing that someone figured this out.