February 23, 2022

Wordle has a flipped a switch for me. I’m enjoying short, free, non-invasive puzzlers.

Neumorphic Knot is a fun, easy-to-play challenge. Solve a level, move on to the next one.

The only nit I have is the game mechanic itself. Once you figure it out (click on a puzzle piece, then click on an adjacent piece to swap them — The shaded piece is fixed in place, unswappable) it’s smooth sailing.

Have other similar games you love? Send ’em at me, please and thank you.

Reuters:

A single activist helped turn the tide against NSO Group, one of the world’s most sophisticated spyware companies now facing a cascade of legal action and scrutiny in Washington over damaging new allegations that its software was used to hack government officials and dissidents around the world.

It all started with a software glitch on her iPhone.

And:

A mysterious fake image file within her phone, mistakenly left behind by the spyware, tipped off security researchers.

Interesting read. Were it not for that mysterious fake image, we still might not know about this.

Bowdoin College:

Bowdoin College’s groundbreaking Digital Excellence Commitment (DExC) will provide every current student and all future students with a suite of the latest Apple technology and access to a full range of course-specific software designed to advance learning, inspire innovative teaching, and create digital equity across the student body in the use of tools essential for success in the twenty-first century.

That’s an M1 MacBook Pro.

The effort started a few years ago:

In summer 2020, the College issued each student an iPad Pro Wi-Fi + Cellular (activated and funded by the College for those students who had internet connectivity needs), an Apple Pencil, and an Apple Magic Keyboard.

From the FAQ:

students will have the option to pay $1 to keep their equipment when they graduate.

Nice.

February 22, 2022

Nice origin story. Amazingly, Daring Fireball has been a going concern for 20 years now.

Filipe Espósito, 9to5Mac:

Safari remains the second most-used desktop web browser in the world as of January 2022, but two of its competitors are close to taking over second place this time around.

While Safari is used by 9.84% of desktop users, Microsoft Edge is right behind with 9.54% market share. Firefox, which had only 8.1% share in January 2021, has gained new users during the past few months and now has 9.18% of the desktop market share. Unsurprisingly, Google Chrome is still in first place with 65.38% of the share.

And:

While StatCounter or even Apple doesn’t provide details on the reason why Safari is losing users, we can easily make a few assumptions about it. Safari is the default web browser for Apple devices such as the iPhone and the Mac, which certainly contributes to it being the second most used web browser worldwide.

Last year, Apple introduced a completely redesigned version of Safari that unified the address bar with the tab bar. However, the update left some users unhappy, which made Apple revert Safari back to its old design and make the new interface optional for users. This, of course, wasn’t enough to stop many users from switching to other web browsers.

Not sure how big a deal this is. If you look at the StatCounter chart embedded in the 9to5Mac post, the lines are pretty flat. Chrome absolutely dominates, and the rest of the players, including Safari, sit way down in the mix. If I did not read the article and just looked at the chart, I’d say any movement is negligible, in the noise.

Personally, I trust Safari more than other web browsers, both with privacy and with behaving properly in the macOS ecosystem (just search for “chrome Mac battery drain” for one example). Safari is not perfect, obviously, but it works really well for me.

Rene Ritchie had the chance to interview Sumbul Desai, MD, Vice President of Health at Apple.

The entire interview is interesting, especially the way Rene lays out detailed Health tracking scenarios, pulls together background info/footage as lead-ins that allow Dr. Desai to lay out Apple’s Health efforts.

Fabian Braunlein, Positive Security (via AppleInsider):

Recently, reports about AirTags being used to track other people and their belongings were becoming much more frequent.

In one exemplary stalking case, a fashion and fitness model discovered an AirTag in her coat pocket after having received a tracking warning notification from her iPhone. Other times, AirTags were placed in expensive cars or motorbikes to track them from parking spots to their owner’s home, where they were then stolen.

Lots of press on this issue, and this response from Apple, titled An update on AirTag and unwanted tracking, wherein Apple lays out their work with safety groups and law enforcement agencies to “update AirTag safety warnings and help guard against further unwanted tracking.”

Back to Fabian’s headline linked blog post:

I might be slightly more familiar with AirTags than the average hacker (having designed and implemented a communication protocol on top of Find My for arbitrary data transmission), but even so I was quite surprised, that when reading Apple’s statement I was able to immediately devise quite obvious bypass ideas for every current and upcoming protection measure mentioned in that relatively long list.

The following section will discuss each anti-stalking feature and how it can be bypassed in theory. Thereafter I will describe how I implemented those ideas to build a stealth AirTag and successfully tracked an iPhone user (with their consent of course) for over 5 days without triggering a tracking notification.

There’s a market for stalking devices. Apple did not invent the concept. But consider:

Apple needs to incorporate non-genuine AirTags into their threat model, thus implementing security and anti-stalking features into the Find My protocol and ecosystem instead of in the AirTag itself, which can run modified firmware or not be an AirTag at all (Apple devices currently have no way to distinguish genuine AirTags from clones via Bluetooth).

Hoping the AirTag team digs into this post.

Apple:

Apple Original Films today announced that audience favorite “CODA” will be re-released in theaters for a limited theatrical run following its history-making Academy Award nominations, including a nomination for Best Picture. The film will be presented in major cities across the U.S. and London, free of charge and with open captions.

The free showings are this weekend only, starting Friday. Follow this link to find the theater nearest you.

And if you are in Los Angeles:

Audiences at a special showing in Los Angeles will have the opportunity to be part of a live Q&A with the cast and writer/director Siân Heder, which will have translators in ASL.

Since the showings are free, presumably Apple has to pay the theaters for the privilege.

Interesting that Apple chose this weekend for the showings. It’s a month until Oscar voting closes (March 22nd). But CODA is also nominated for 12 Screen Actors Guild (SAG) awards, and SAG voting closes at the end of this weekend. Two birds. One stone.

February 18, 2022

The Dalrymple Report: Mac tricks, Collectables, and Privacy

This week, Dave and I talk about a twitter thread that has a lot of Mac tips and tricks—things that are really useful that you may not have known about. We also talk about Google’s new stance on privacy and what they said about Apple. Finally, we look at the market of collectables and a new auction selling Apple memorabilia.

Follow this podcast

Brought to you by:

Zocdoc: NOW is the time to prioritize your health. Go to Zocdoc.com/DALRYMPLE and download the Zocdoc app to sign-up for FREE and book a top-rated doctor. Many are available as soon as today.

February 17, 2022

Absolutely love this Twitter thread from 9to5Mac:

So many great Mac tips and tricks. Just start scrolling. And if you have a Mac tip that’s not represented already, reply to the tweet to add it.

If you find it hard to search for content on Netflix, follow the headline link and start scrolling through the list of genre/subgenre codes (like 3269, which is the code for Independent thrillers).

Once you find a genre that interests you, click on the link (or go to https://netflix.com/browse/genre/XXX, where XXX is the genre code — In the example above, you’d go to https://netflix.com/browse/genre/3269).

Cool.

Wesley Hilliard, AppleInsider:

Your iPhone, iPad, and Mac all have a free password manager made by Apple called iCloud Keychain. Here’s how to use it, set up two-factor authentication, and never have to remember a password again.

Nice little exploration of Apple’s updated password management process. If you use Keychain Access, you definitely need to read this.

Anthony Chavez, VP, Product Management, Android Security & Privacy at Google:

Currently over 90% of the apps on Google Play are free, providing access to valuable content and services to billions of users. Digital advertising plays a key role in making this possible. But in order to ensure a healthy app ecosystem — benefiting users, developers and businesses — the industry must continue to evolve how digital advertising works to improve user privacy.

Can’t help but be reminded of the quote, “If you are not paying for it, you’re not the customer; you’re the product being sold.”

The quote is often attributed to Steve Jobs, but I believe the original lies here.

Today, we’re announcing a multi-year initiative to build the Privacy Sandbox on Android, with the goal of introducing new, more private advertising solutions. Specifically, these solutions will limit sharing of user data with third parties and operate without cross-app identifiers, including advertising ID. We’re also exploring technologies that reduce the potential for covert data collection, including safer ways for apps to integrate with advertising SDKs.

From the section titled, “Blunt approaches are proving ineffective”:

We realize that other platforms have taken a different approach to ads privacy, bluntly restricting existing technologies used by developers and advertisers. We believe that — without first providing a privacy-preserving alternative path — such approaches can be ineffective and lead to worse outcomes for user privacy and developer businesses.

Seems pretty clear that Chavez is referring to Apple here. Blunt? Yes. Ineffective? Hardly. Just ask Facebook.

Google’s “ineffective” claim comes from this study, with the title “Effectiveness of Apple’s App Tracking Transparency”. Feel free to read it, but you might first click through to the company page, where they hawk a pair of privacy products of their own: Firewall and Secure Tunnel VPN. Free and open source, but with some in-app purchases:

  • One Month of Lockdown VPN — $8.99
  • One Year of Lockdown VPN — $59.99
  • One Month of Lockdown VPN Pro — $11.99
  • One Year of Lockdown VPN Pro — $99.99

Not judging the products (I haven’t used them), but feels a little disingenuous for Google to base their “ineffective” claim on a study so closely tied to an app designed to capitalize on that claimed ineffectiveness.

While we design, build and test these new solutions, we plan to support existing ads platform features for at least two years, and we intend to provide substantial notice ahead of any future changes.

So no privacy for at least two years. Got it.

February 16, 2022

Sultans of Swing

Sultans of Swing (original video here, Apple Music here) is a darling of Classic Rock, a rite of passage for guitar players, a song that demands to be covered.

The cover embedded below is one of my favorites. The sound is clean, the performance laid back and down-tempo, but the guitar work is right on the money. There’s a lot to enjoy here, especially the fade out at the end, not by turning a knob, but by lowering voices, softening the touch.

Love the guitars themselves. Check out that red Strat. Are those marks on the first few frets the sign of well worn finger placement? And don’t miss that reel-to-reel in the background.

Shout out to Kevin Hoctor for the share.

Chance Miller, 9to5Mac:

Apple today released the third betas of macOS Monterey 12.3 and iPadOS 15.4. These updates contain the long-awaited Universal Control feature, and today’s macOS Monterey 12.3 beta continues to iterate on the feature — specifically in regard to controls in System Preferences.

Follow the headline link, scroll through the images to see the latest iteration of the Universal Control settings. These controls are easier to find, more obvious.

Can’t wait until Universal Control hits the public, non-beta releases.

Rene Ritchie: M1 Pro Max vs M2 — Buy now or wait?

As usual, this Rene Ritchie explainer is a firehose of information, but really well explained. What I found most interesting is the comparison of the iPhone processors, like the A14, to their Mac counterparts.

As you watch Rene walk through the various Apple Silicon architectures, he lays out the similarities between the iPhone and Mac chips, makes it clear how one begat the other, and how the design evolved from the iPhone’s smaller enclosure to the bigger, higher powered, better cooled Mac.

Antoinette Siu, The Wrap:

TikTok can circumvent security protections on Apple and Google app stores and uses device tracking that gives TikTok’s Beijing-based parent company ByteDance full access to user data, according to the summaries of two major studies obtained by TheWrap that appear to confirm longstanding concerns raised by privacy experts about the popular video-sharing app.

The studies, conducted by “white hat” cybersecurity experts that hack for the public good, were completed in November 2020 and January 2021. TheWrap verified the studies and confirmed their conclusions with five independent experts.

When asked by TheWrap, reps for TikTok — whose parent company ByteDance has had ties to the Chinese government — declined to confirm or deny the validity of the research.

Most alarming of all:

The summaries of the studies, shared exclusively with TheWrap, suggest that TikTok is able to avoid code audits on the Apple and Google app stores. More alarmingly, the research found that TikTok is capable of changing the app’s behavior as it pleases without users’ knowledge and utilizes device tracking that essentially gives the company and third parties an all-access pass to user data. This is highly unusual and exceeds the abilities of U.S.-based apps such as Facebook, Twitter and other social media platforms.

And:

Examining the backend, researchers also found that the app essentially acts like a web browser. It uses a JavaScript bridge, the programming language for the web, to directly pull the app from TikTok’s servers when it’s launched. This makes the security of the app hard to assess, because that can keep changing, according to Lockerman at Conquest Cyber. Theoretically, it also means TikTok can change its app behavior dynamically or test certain things on the fly without pushing an update to users.

If true, how is this possible? How does the TikTok app get through the App Store review process?

A spokesperson for TikTok declined to address the studies directly, but told TheWrap that the company adheres to app store policies, adding that its product meets information security standards in the U.S., the U.K., Ireland, India and Singapore and recently received certification by the ioXt Alliance for meeting standards and commitments to cybersecurity and transparency. In fact, TikTok said it works with the ethical hacker community and researchers through a program called HackerOne to test its product.

So is this much ado about nothing? Or is TikTok getting away with privacy-evading practices? And, if the latter, how is this getting past App Store reviewers?

Heather Kelly, Washington Post:

Starting this week, Uber passengers can see what ratings drivers such as Clarke have left them, though they are kept anonymous for everyone’s safety. In the past, riders were able to see an average score based on all past trips, for example 4.25 stars. The new setting, buried deep in the Uber app, breaks it down so you can see totals for how many drivers assigned you 5 stars or 4 stars, all the way down to a 1-star rating. The chart only shows your last 500 trips.

When Heather says “buried deep in the Uber app”, she’s not kidding. If you want a challenge, launch the app (make sure you have the latest update) and try to find your ratings.

Even following Heather’s instructions, it was not easy to find. I laid out the steps as a list, tweeted here, might make it a bit easier to find.

February 15, 2022

This is a terrific collection of artifacts up for auction.

My favorites:

  • Apple Computer Inc check signed by Steve Jobs and Woz, dated 1976, with an address of 770 Welch Road (adjacent to Stanford campus)
  • Steven Jobs, Vice President, Apple business card
  • Another Steve Jobs business card, this one for Pixar, with a @next.com email address

Lots more. A fun browse through early Apple/tech history.

Apple Support: How to watch together on your Apple TV during a FaceTime call

Another excellent Apple Support video. This one walks through the process of syncing your Apple TV watching experience with other folks on a FaceTime call.

Interesting that the Mac is not mentioned, even though SharePlay via FaceTime was introduced in macOS Monterey 12.1, as described here.

No matter, good to see the SharePlay process in action. Well done.

UPDATE: Note that everyone on the SharePlay needs to be in the same Apple Store Region (no simultaneous watching with folks from UK and US, say). [H/T Samir Estefan]

Daniel Deakin, NotebookCheck:

Xiaomi built its well-regarded reputation by selling affordable Android smartphones under its Mi, Redmi, and POCO brands, which consisted of devices that frequently “borrowed” popular features and design language from other tech products, with Apple typically being a target for “inspiration”.

Jarring dissonance there, with “well-regarded reputation” fighting against “frequently borrowed features and design language”.

The release of the iPhone 13 series allowed Apple to roar ahead again, and by Q4 2021 the fruit company had soared to 22% of worldwide smartphone shipments while Samsung lost a bit of ground on 17% and Xiaomi dipped drastically to 12%.

And, therefore, Xiaomi now sees its salvation in the high end market dominated by Apple.

Peter Kafka, Recode:

Facebook built one of the most amazing money machines the world has ever seen. Then Apple came and threw a wrench in the gears.

That’s one of the narratives that sprang from last week’s news, when Facebook’s parent company Meta delivered an alarming earnings report to Wall Street, which promptly cut an astonishing $250 billion out of the company’s value in a single day — a 26 percent drop.

Obviously, the goal was better privacy, not a move against Facebook specifically. But Facebook did get hammered. But they are still healthy enough:

Facebook is still making an enormous amount of money from advertising — analyst Michael Nathanson estimates the company will generate $129 billion in ad revenue in 2022. But that would mean its ad business will only grow about 12 percent this year, compared to a 36 percent increase the previous year.

A specific sign of the drop:

Alex Austin, the CEO of Branch, a company that helps advertisers figure out how their campaigns are working: After Apple introduced its anti-tracking changes in the spring of 2021, advertisers who used Branch’s services to measure paid ads on iOS dropped by 20 percent.

And this, on the push to grow Facebook’s Marketplace Platform, with digital storefronts on Insta and Facebook:

Facebook can’t tell a shoe store if someone saw their ad on the app, then clicked through to the store’s site or app and bought something — but it can tell them if a Facebook user saw the ad on Facebook and then bought the shoes on Facebook.

Obviously, that depends on building traffic to Facebook and Instagram, having people view those platforms as a trusted shopping option.

February 14, 2022

Follow the headline link, click on dailydordle or freedordle. Both will display a Wordle-like word guessing setup, with two words being guessed in parallel.

Once you get one of the words (all green), that word will lock and you’ll be left working on the other word.

Nice twist.

Malcolm Owen, AppleInsider:

A nursing student in Australia is encouraging Apple Watch owners to enable heart rate notifications, after the wearable device detected symptoms of a thyroid condition months before being diagnosed.

And:

“Instead of me waiting for the symptoms to get really bad, I could have gone to the doctor back in October, when there was this dramatic drop in a matter of days,” Lauren adds, alongside a screenshot of a graph from the Health app. “It dramatically dropped, which means my cardiovascular system wasn’t working as well as it once was.”

The drop also correlated with other symptoms, including fatigue, a sensitivity to heat, gaining weight, dry skin, and increased irritability. In December, she was diagnosed with thyroid hemiagenesis, and is undergoing treatment.

Here’s a link to Lauren’s video. Sound on.

A few years ago, I had a long conversation with a cardiologist about the future of Apple Watch and the patterns that indicate various health conditions. I walked away from that conversation feeling that the potential for Apple Watch as diagnostic tool is massive, far beyond the benefits we already see, especially as more sensors are developed and integrated with Apple’s Health infrastructure. Lauren’s video made me feel this even more strongly.

Crypto, Facebook/Meta Super Bowl ads

Crypto rivals Coinbase and FTX spent big on these two Super Bowl ads (first two videos embedded below). Clearly, the Coinbase ad (with its floating, corner-seeking QR code) was incredibly successful, as it saw the Coinbase ad shoot from 186th place on the App Store all the way to 2nd place. More importantly, it overwhelmed the Coinbase servers:

Interestingly, from all the NFL and Super Bowl crypto hype, the NFL prohibits crypto, as covered in The Athletic:

“Clubs are prohibited from selling, or otherwise allowing within club controlled media, advertisements for specific cryptocurrencies, initial coin offerings, other cryptocurrency sales or any other media category as it relates to blockchain, digital asset or as a blockchain development company, except as outlined in this policy,” according to the new guidelines, as read by a team official, who requested anonymity.

Another ad that stuck out in yesterday’s ad-apalooza was the Meta/Facebook Oculus ad (Third embed below). Quality of the ad aside, it’s interesting that the Facebook brand is completely absent (gives me a feeling that peak Facebook is in the past) and that Meta is betting its future on its take on the future of VR.

Whets my appetite to see what AR/VR device Apple has up its sleeve. Four months until WWDC.

February 11, 2022

The Dalrymple Report: Apple wishes, AirPods, and realityOS

Dave and I talk about a few things we would like Apple to add or fix in their current software. We also look at how dominating Apple has become in the headphone industry with its AirPods line of products. Finally, is realityOS finally coming to the consumer?

Follow this podcast

Brought to you by:

LinkedIn Jobs: LinkedIn Jobs helps you find the candidates you want to talk to, faster. Did you know every week, nearly 40 million job seekers visit LinkedIn? Post your job for free at LinkedIn.com/DALRYMPLE. Terms and conditions apply.

MasterClass: I highly recommend you check it out. Get unlimited access to EVERY MasterClass, and as a listener of The Dalrymple Report, you get 15% off an annual membership! Go to MASTERCLASS.com/dalrymple now. That’s MASTERCLASS.com/dalrymple for 15% off MasterClass.

February 10, 2022

Follow the headline link, watch the video.

The implication is that Siri thinks it’s speaking on a HomePod with a display. Is this fake? An accidental beta leak? A Siri misspeak?

Either way, interesting. According to the post, this is iOS 14.5 B1, audioOS 15.3.

From the FAQ (click the headline link):

Q: Why is your website so popular? Are you one of those famous people that no one knows why they’re famous? A: No, I’m not famous. It seems likely that most visitors simply mistype gmail.com and end up visiting gail.com by mistake.

And:

Q: How did you manage to get gail.com? A: My husband registered it as a birthday gift back in 1996.

Gmail launched in 2004. So this domain is OG.

And, finally:

Q: How many times a day is this page visited? A: In 2020 this page received a total of 5,950,012 hits, which is an average of 16,257 per day. Looking at just unique hits, we received a total of 1,295,284, for an average of 3,539 unique hits per day. Occasionally, we get Twitter-bombed and may get several tens of thousands of visitors a day. As an example, on July 21st 2020 we received 109,316 hits.

That’s amazing traffic, all accidental. Fascinating.

Statista:

When Apple introduced AirPods alongside the iPhone 7 and 7 Plus in September 2016, the reactions were mixed at best. While many were impressed with the technology behind Apple’s first true wireless headphones, their design drew a lot of criticism and the internet was having a field day cracking jokes about the headphones’ looks, price and overall appeal.

That was then. This is now. Follow the headline link and check out the numbers.

  • Apple has 34.4% of the market
  • Beats is next with 15.3% of the market

Taken together, that’s 49.7% of the market. Astonishing.

Reed Albergotti, Washington Post:

Inside Apple, your job classification can mean a lot. The difference between a “level 4″ engineer and a “level 5,” for instance, could mean a difference of hundreds of thousands of dollars in compensation. And those titles help determine how much Apple employees can make when they leave the company for another job.

And:

In widely used databases that companies refer to for verification of job information, Apple changes the job title for every employee, whether they’re a PhD in computer science or a product manager, to “associate,” the company confirms.

And:

The practice recently came to light when Cher Scarlett, a former Apple software engineer who raised concerns about alleged discrimination and misconduct at the company, filed a complaint to the Securities and Exchange Commission, alleging that when Apple changed her job title to “associate,” it delayed the hiring process at a prospective employer by nearly a week, during which time the company rescinded the offer.

This is a long-standing practice for Apple, but it seems obvious that this can be an issue for folks who leave Apple and list a specific job title on their resume. What’s the harm to Apple if they change someone’s title to, say, “Former Level 4 Engineer” or some such? And what’s the benefit to Apple in changing someone’s title to “Associate”?