SQLPro Studio 

My thanks to SQLPro Studio for sponsoring last week at DF. Look, it is no surprise to anyone reading this that I care deeply and feel strongly about using truly native Mac and iOS apps. That’s especially true for professional tools. SQLPro Studio is an exquisite truly native app for developers working with SQL databases — MySQL, PostgreSQL, Microsoft SQL Server, and the one I use the most, SQLite.

But native for what? All Apple platforms: Mac, iPad, and even iPhone. Yes, SQLPro Studio has an excellent SQL database client for iPhone. This isn’t some crummy Java app. It handles everything from schema design to browsing and editing records, with full syntax coloring. The developer, Kyle Hankinson of Hankinsoft Development, has been working on this suite of apps for years now, frequently updates them, and is incredibly responsive to users. Dark Mode support on Mac and iOS? Of course. This is how you do a cross-platform suite of serious pro apps.

Special offer for Daring Fireball readers: Save 20 percent on any SQLPro Studio web store purchase using the promo code GRUBER, or download a free trial on the iOS App Store.

Students may receive one year free by visiting https://www.sqlprostudio.com/edu/.


Hacked to Bits

Another blockbuster security story last week, initially broken by Stephanie Kirchgaessner for The Guardian:

The Amazon billionaire Jeff Bezos had his mobile phone “hacked” in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of Saudi Arabia, sources have told the Guardian.

The encrypted message from the number used by Mohammed bin Salman is believed to have included a malicious file that infiltrated the phone of the world’s richest man, according to the results of a digital forensic analysis.

This analysis found it “highly probable” that the intrusion into the phone was triggered by an infected video file sent from the account of the Saudi heir to Bezos, the owner of the Washington Post.

The two men had been having a seemingly friendly WhatsApp exchange when, on 1 May of that year, the unsolicited file was sent, according to sources who spoke to the Guardian on the condition of anonymity.

Large amounts of data were exfiltrated from Bezos’s phone within hours, according to a person familiar with the matter. The Guardian has no knowledge of what was taken from the phone or how it was used.

You will recall that The National Enquirer published intimate text messages and personal photographs from Bezos that revealed an extramarital affair, which in turn led to Bezos and his wife of 25 years divorcing.

Bezos unsurprisingly launched his own investigation into how the text messages and photos had been stolen from his phone and wound up in the hands of the Enquirer. According to Bezos’s team, early evidence pointed to Saudi Arabia. That Bezos’s investigators had evidence pointing to the Saudis spooked Enquirer publisher David Pecker enough that Pecker literally attempted to extort Bezos — offering not to publish additional photos in the Enquirer’s possession in exchange for Bezos dropping his investigation. Needless to say, Bezos told Pecker to fuck off, in a remarkably cogent open letter publicly revealing both the extortion scheme and Bezos’s investigative team’s suspicion that the Saudis were the culprits.1

At the time, there was much speculation as to how the Saudis hacked Bezos’s phone. Did they have agents intercepting his cellular signal? Technically possible, perhaps, especially if the text messages were SMS (we still don’t know what type of “texts” they were — we now know Bezos and MBS texted via WhatsApp, but we don’t know how Bezos and his girlfriend texted), but if the Saudis had in fact captured the information over the air, how would Bezos’s investigators ever have detected it months after the fact?

Now, we seemingly know. Bezos had a personal relationship with MBS and MBS personally sent Bezos the payload to exploit his phone. The evidence is strong enough and the allegations serious enough that the United Nations has issued a report on the matter, considers it part of a pattern of human rights violations from the Saudi regime, and is calling for the United States to further investigate.

But — but! — two days ago, The Wall Street Journal reported that federal prosecutors in Manhattan have evidence that The National Enquirer obtained the photos from Lauren Sanchez’s brother, who in turn was sent them from his sister’s phone. Whether Lauren Sanchez sent them to her brother, or her brother had access to her phone and sent them to his phone from her phone himself, is unclear, but the fact that Bezos and Sanchez are still together suggests Bezos believes the latter. It seems entirely possible that the Saudis pwned Bezos’s phone but that it was his girlfriend’s brother who betrayed them to The Enquirer. Or, more conspiratorially, perhaps her brother — a prominent Trump supporter with ties to the recently convicted felon and Trump advisor Roger Stone, a man who describes himself as a “dirty trickster” — was in cahoots with the Saudis and the Enquirer to cover their tracks.

This whole saga is extraordinary to say the least. With zero hyperbole, it sounds like the pitch for a Hollywood thriller:

The richest man in the world — a billionaire a hundred times over — meets and exchanges phone numbers with the crown prince of Saudi Arabia, the most powerful dictator in the Middle East. The richest man in the world happens to own, as a mere side business, The Washington Post — a newspaper whose news coverage and opinion columns have been highly critical of the Saudi Arabian royal family’s brutal and regressive regime. The crown prince uses this superficial personal relationship with the richest man in the world to hack his phone via an infected attachment sent in a WhatsApp chat, using military-grade technology seemingly created by NSO Group, a secretive firm from Israel that supposedly only offers its services to trusted governments. Among the information the Saudis exfiltrate from the richest man in the world’s phone are text messages and intimate photos revealing an extramarital affair, which wind up published in The National Enquirer, whose publisher has long been a trusted confidant of the corrupt president of the United States, and had a stack of scandalous stories regarding said corrupt president’s own extra-marital affairs locked in a safe as part of a decades-long conspiracy to keep those scandals out of the public eye. Said corrupt president of the United States is also a vociferous critic of The Washington Post and its owner, the richest man in the world. The publication of these intimate texts and photos leads to the dissolution of the richest man in the world’s 25-year marriage, and unsurprisingly angers him, leading him to hire a team of investigators to figure out how the texts and images from his phone were stolen. A few months later a team of Saudi agents brutally murders and dismembers Saudi dissident Jamal Khashoggi — who was — wait for it — a journalist at The Washington Post whose columns were scathingly critical of the Saudi regime. The CIA soon determines that the Saudi hit team was acting at the direct behest of the crown prince; when informed of this, the corrupt president of the United States brushes it off with a more-or-less “Shit happens, what do you expect when you criticize our friends the Saudis? Those guys play hardball.” response.

Oh. And the corrupt president of the United States is also a nepotist. His son-in-law is a senior White House advisor with a sprawling portfolio of responsibilities, a top-secret security clearance that was granted only because the president demanded it (overriding concerns of national security officials). Said son-in-law is known to communicate with the crown prince of Saudi Arabia via — wait for it — WhatsApp.2

I take it back, this is not the pitch for a movie. It’s the pitch for a season-long TV series. My proposed title: Hacked to Bits


  1. Bezos, in his 2017 letter to shareholders: “We don’t do PowerPoint (or any other slide-oriented) presentations at Amazon. Instead, we write narratively structured six-page memos. We silently read one at the beginning of each meeting in a kind of ‘study hall.’ ” The idea is that lazy thinking, if not outright sophistry, is easily disguised within slide decks, but narrative prose — not bullet points but a real narrative — forces the writer to think everything through. Writing is thinking, I’ve always thought, too. I frequently start a column thinking my argument is A, but as I write, I realize I was wrong and in fact my argument is Z. It’s the act of writing that forces you to think the idea through right down to the bedrock. Anyway, Bezos’s open letter revealing the Enquirer’s scheme and his suspicion that the Saudis were the culprits shows that, unsurprisingly, he’s a remarkably cogent writer. Reminds me of someone else↩︎

  2. I actually think it’s unlikely that MBS hacked Kushner’s phone. Think about it. The hack of Bezos’s phone was eventually uncovered. If he hacked Kushner, it would have come out eventually too. Trump is embarrassingly cozy with the Saudis, but he would surely be furious if it were revealed the Saudis hacked Kushner’s phone. However useful hacking Kushner’s phone would be to their intelligence gathering, it couldn’t possibly be worth spoiling their relationship with Trump. Killing and dismembering a journalist working for The Washington ought to outrage the president. Hacking the phone of an American citizen — any American, prince or pauper — ought to outrage the president. But hacking the phone of someone in his family actually would. Trump’s strident antipathy toward Bezos effectively served as a free pass for the Saudis to hack his phone. That the United Nations is more outraged than the United States says it all.

    But, still, the fact that it’s even possible that MBS did the same thing to Kushner that he did to Bezos — combined with the fact that security officials in the U.S. were alarmed by Kushner’s use of WhatsApp all along — is deeply concerning, to say the least. ↩︎︎


How Jeff Bezos’s iPhone X Was Hacked 

Good summary from The New York Times. Until this week’s news, I don’t believe we knew what type of phone Bezos was using when he was hacked. Now we know: an iPhone X.

‘An Embarrassment From Start to Finish’ 

Ron Amadeo, reviewing the Samsung Galaxy Fold for Ars Technica:

And that brings us to today — the Ars review. This one is going to be a little different, since I don’t think the Galaxy Fold has any viability as a serious device anyone should consider purchasing. Should you buy a Galaxy Fold? NO! God no. Are you crazy? The sky-high price, durability issues, nascent form factor, and new screen technology should rule the phone out for just about everyone.

Worth reading and looking at the screenshots comparing it to normal top-tier Android phones. The Fold’s front screen is nearly worthless and the interior “big” screen displays significantly less content in most apps.

Jiminy.

You Might Like Front and Center Even If You Don’t Like Classic Switching 

Dr. Drang, regarding my enthusiasm for John Siracusa’s new Front and Center utility for the Mac:

I would argue that just because Gruber misses the old behavior doesn’t make it right. When you switch to an app via the Dock, all its windows come forward because you have clicked on a icon for the app. Similarly, when you switch to an app via ⌘-Tab, all its windows come forward because you have selected the icon for that app. But when you click on a background window, you are not selecting an app, you’re selecting a window. So it’s the window that should come forward, not the app as a whole.

I completely agree with Drang. I’d never endorse changing today’s MacOS to use the classic-style “click a window to bring all that app’s windows to the front” behavior. Both for Drang’s reasons above, and simply because Mac OS X has been around too long for it to change. (The Mac was 17 years old when Mac OS X 10.0 shipped in March 2001; Mac OS X/OS X/MacOS will have been around for 19 years soon. Classic remained essential until at least 2004, though — Steve Jobs’s 2002 “funeral” for Mac OS 9 be damned, Mac OS X was way too slow and too incomplete until 10.4 Tiger or so for most serious Mac users. So let’s just call it 20 years of classic MacOS and 20 years and counting of Mac OS X.)

But I think classic-style window activation is worthwhile as an option. And more important is Front and Center’s Shift-click override. When using Front and Center in “Classic” mode, you can Shift-click a background window to bring just that window forward. And, if you prefer the “Modern” mode, where just-plain-clicking a window brings just that window forward, you can Shift-click a window to bring all of that app’s windows forward. That’s the killer feature, no matter which mode you prefer by default, and why I suggest trying it even if you don’t want Classic behavior by default.

Gorgeous Maps of the Streets of Any City in the World 

Enter the name of any city, and Andrei Kashcha’s City Roads website will use OpenStreetMap data to draw all of its streets. Simple and beautiful monochromatic design. (Via Jason Kottke, travel photographer.)

Fast Company: ‘Apple and Google’s Location Privacy Controls Are Working’ 

Jared Newman, writing for Fast Company:

Some recent data points to consider:

  • Since the launch of iOS 13 last fall, the amount of background location data that marketers collect has dropped by 68% according to Location Sciences, a firm that helps marketers analyze location data.

  • Location Sciences also found that foreground data sharing, which occurs only while an app is open, dropped by 24%.

  • A Google spokesman tells Fast Company that when Android users have the option to only share location data when they’re actively using an app, they choose that option about half the time.

  • As Digiday reported last week, apps are now seeing opt-in rates under 50% for collecting location data when they’re not in use, according to Benoit Grouchko, CEO of the ad tech business Teemo.

Good news for everyone except dirtbags.

‘If Right Doesn’t Matter, We’re Lost. If the Truth Doesn’t Matter, We’re Lost.’ 

Adam Schiff’s summary argument in the Senate trial of Donald Trump’s impeachment. “If truth doesn’t matter, we’re lost” sums up more than the abject corruption of Trump’s presidency — it sums up the state of the world today.

Interesting Stats on the U.S. Streaming Service Market 

This links to a Wall Street Journal story about the fact that two-thirds of Amazon Prime’s content is user-uploaded, and a lot of it is (unsurprisingly) sketchy. Interesting.

But what caught my eye was this graphic halfway down the page, showing “Q4 2019 U.S. customer base by service”, sourced to Ampere Analysis. Their numbers, in millions:

  1. Netflix: 61.3
  2. Amazon Prime: 42.2
  3. Apple TV+: 33.6
  4. Hulu: 31.8
  5. Disney+: 23.2

If that’s even close to accurate I’d say Apple TV+ is a roaring success. Yes, of course, surely most of those customers are using it free of charge for the first year. But that’s the point of this “buy any Apple device, get a free year of TV+” promotion. Apple wants people to take advantage of it — it’s the answer to the question of how you launch a paid streaming service with no content other than 11 original shows. Make Apple TV+ a habit now, get paid later. Apple can afford to be patient.

I’ve been curious how many people who qualify for TV+ know about it, and realize just how easy Apple’s TV app makes it to start your year-long free subscription. Apparently, a lot.

It’s worth noting that Disney+ didn’t launch until November 12, halfway through the quarter; I expect Disney+ to eventually take the number one spot on this list.

(Apple News link for News+ subscribers.)

The Talk Show: ‘Fake Faces’ 

Special guest Glenn Fleishman returns to the show. Topics include iPhone encryption, the privacy implications of widely-available reverse image search for faces, deep-learning-powered algorithmically-generated faces, and Jeopardy’s “Greatest of All Time” tournament. The show notes are an epic reading list.

Brought to you by these fine sponsors:

  • Clear: Get through security even faster. Get your first 2 months free with code talkshow.
  • Squarespace: Make your next move. Use code talkshow for 10% off your first order.
  • Hover: Find a domain name for your passion. Get 10% off your first purchase.
George Soros to Start $1 Billion School to Fight Nationalists, Climate Change 

Katherine Burton, writing for Bloomberg:

Soros also once again criticized Facebook for its failure to police the social media network.

“There’s nothing to stop them, and I think there is a kind of informal mutual assistance operation or agreement developing between Trump and Facebook,” Soros said. “Facebook will work together to re-elect Trump and Trump will work to protect Facebook.”

Bingo.

98.6 Degrees Fahrenheit Isn’t the Average Anymore 

Jo Craven McGinty, reporting for The Wall Street Journal:

Nearly 150 years ago, a German physician analyzed a million temperatures from 25,000 patients and concluded that normal human-body temperature is 98.6 degrees Fahrenheit. That standard has been published in numerous medical texts and helped generations of parents judge the gravity of a child’s illness. But at least two dozen modern studies have concluded the number is too high.

The findings have prompted speculation that the pioneering analysis published in 1869 by Carl Reinhold August Wunderlich was flawed.

Or was it?

In a new study, researchers from Stanford University argue that Wunderlich’s number was correct at the time but is no longer accurate because the human body has changed. Today, they say, the average normal human-body temperature is closer to 97.5 degrees Fahrenheit.

JetBrains Mono 

New free and open source typeface for developers. I’m not sure it’s for me, but I do appreciate it. It has a much higher than usual x-height, and an emphasis on rectangular oval shapes for round characters. One idea I haven’t seen before: it comes with ligatures for punctuation combinations frequent in code; for example, the ligature for -> (hyphen + greater-than) looks like a two-character-wide . Certainly worth a download if, like me, you’re a hoarder of monospaced fonts.

Via Gus Mueller, who correctly notes that the website JetBrains created for the font is perhaps more interesting than the font itself. Absolutely worth checking out even if you have no interest in the font itself.

Google Search Results Zip Up Leather Jacket, Strap On Water Skis 

Danny Sullivan — who for years wrote about search engines independently, but is now Google’s “Search Liaison”:

Last year, our search results on mobile gained a new look. That’s now rolling out to desktop results this week, presenting site domain names and brand icons prominently, along with a bolded “Ad” label for ads. Here’s a mockup.

To say that this design blurs the line between real search results and sponsored items is an understatement. They’ve been inching toward this for a decade, but I’d say this marks the line where they’ve gone too far. Yes, they still have an “Ad” label next to sponsored results, in the spot where legit results now show a small site logo, but to paraphrase a wise man, what’s wrong about this design isn’t the think of it but the feel of it. I haven’t seen anyone react well to it, and most think the problem is that it makes ads look more like search results.

That’s not quite right though. Craig Mod put his finger on it precisely:

There’s something strange about the recent design change to google search results, favicons and extra header text: they all look like ads, which is perhaps the point?

That’s it. It’s not that ads look like legit results but that results look like ads too. It’s genius, but perverse. Google is losing the soul of its crown jewel.

Go Dragons 

News from my alma mater, from Philadelphia Inquirer reporter Jeremy Roebuck:

The former head of Drexel University’s electrical engineering department was charged with theft Tuesday, three months after he stuck the school with a $190,000 tab for research money he allegedly misspent at strip clubs and on personal expenses.

Philadelphia prosecutors accused Chikaodinaka Nwankpa, 57, of spending $96,000 in federal grant funds at adult entertainment venues and sports bars between 2010 and 2017. He allegedly squandered $89,000 — funding he had secured for science, energy, and naval research — on iTunes purchases and meals.

I’ll go out on a limb and guess it was mostly on meals, but perhaps in addition to his other hobbies, Nwankpa is quite the cinephile.

Update: I completely blanked on in-app purchases for games. Something on the order of $1,000/month in IAP over this seven-year stretch would only make Nwankpa a low-level “whale” in mobile gaming. He could have easily blown a bigger chunk of the $89K on iTunes than on expensive meals. It’s Vegas, and Apple owns the biggest casino.

(Kind of hard to believe there’s only one hit for “Nwankpa” at The Triangle. A college newspaper ought to live for a story like this. I’d have gotten a month’s worth of columns out of it in my day.)

Away Co-Founder Steph Korey Is Back as Co-CEO 

Lauren Thomas, reporting for CNBC a week ago:

Just weeks after stepping down as chief executive officer of luggage maker Away following a report about her leadership tactics, Steph Korey is back as co-CEO. […]

But she told Away employees in a companywide Slack message Monday, which was reviewed by CNBC: “The inaccurate reporting that was published in December about our company unleashed a social media mob — not just on me, but also on many of you.” She added that her move to executive chairman had caused “more confusion than clarity. … So, let me clear that up: I am not leaving the company.”

Korey went on to say the company will contemplate its “legal options” after The Verge responds to its “demands for retractions and corrections.” A representative from The Verge wasn’t immediately available to respond to CNBC’s request for comment.

Away said it has hired Libby Locke, the lawyer who won a defamation case against Rolling Stone magazine for a retracted story about an alleged gang rape at the University of Virginia. Locke said in an email Monday that the Verge “published hit pieces filled with lies and distortions designed to damage Away’s reputation.”

Surprise twist, to say the least. This seemingly puts the kibosh on my theory that Korey was stabbed in the back by Away’s board.

(Disclaimer: Away has been a frequent sponsor of my podcast.)

MacOS 10.15 Catalina Bug: LG 5K Display Resets to Maximum Brightness Every Reboot 

Lloyd Chambers:

There are so many bugs in Catalina that I could spend weeks writing them up. Here’s one that is not just eye-popping (literally), but of great annoyance to me as a photographer — I need the display to remain stable and predictable.

After every reboot, the LG 5K display goes to maximum brightness.

Chambers quotes from several others encountering the same issue. A DF reader — also a professional photographer — wrote to me about this bug last week. He (the DF reader) was using a $6,000 new 16-inch MacBook Pro. I say was, past tense, because after a few days he returned it because this brightness issue was no small thing for him, because he sets his display brightness precisely using a display calibrator. Doing this several times per day every day quickly drove him mad.

Is this the worst bug in the world? Not even close. It’s a paper-cut bug. No data loss, no crash, not some sort of thing where something doesn’t even work — just an annoyance. But no one wants to use a tool that gives you half a dozen paper cuts every day. And MacOS 10.15 is chockablock with paper-cut bugs. And it’s not like the LG 5K Display is some obscure unsupported display — it’s the one and only external 5K display sold by Apple itself.

2016 WSJ Story on Apple’s Plans for E2E Encryption for iCloud Data 

Daisuke Wakabayashi, reporting for The Wall Street Journal four years ago:

Apple Inc. has refused federal requests to help unlock the phone of San Bernardino gunman Syed Rizwan Farook. But the company turned over data from his phone that Mr. Farook had backed up on its iCloud service.

Soon, that may not be so simple. Apple is working to bolster its encryption so that it won’t be able to decode user information stored in iCloud, according to people familiar with the matter.

But Apple executives are wrestling with how to strengthen iCloud encryption without inconveniencing users. Apple prides itself on creating intuitive, easy-to-use software, and some in the company worry about adding complexity.

If a user forgets a password, for example, and Apple doesn’t have the keys, the user might lose access to photos and other important data. If Apple keeps a copy of the key, the copy “can be compromised or the service can be compelled to turn it over,” said Window Snyder, a former Apple security and privacy manager who is now chief security officer at Fastly, a content-delivery network.

If Apple were to implement E2E encryption for iCloud backups, there’s no “might” about it — if the customer forgets their password, they would lose access to the data. That’s the entire point of this debate.

Given that this was four years ago, something clearly interrupted this plan. I’ve heard from a few additional sources at Apple (or very recently at Apple), and all believe that Apple’s reluctance to use end-to-end encryption for iCloud backups is about the frequency of customers who don’t know their password but need to access their backup. My idea is to make it optional, but every additional option makes a feature more complicated. No one expects to forget their password — even if this were only an option, some number of iCloud users would turn it on because it’s more secure, forget their password, and be forever locked out of their backup. If it weren’t optional — if backups were E2E encrypted with the keys solely in the hands of users — thousands of iCloud users would be forever locked out of their data.

Also, let me emphasize that with the sole exception of email — which is expected — all iCloud data is encrypted both in transit and in storage on Apple’s servers. (Email is encrypted in transit, of course, just not in storage.) The difference is whether Apple also has a key to the data. End-to-end encryption is when only the user controls the keys. Just plain “encryption” is when Apple also has a key.

Tim Cook to Der Spiegel a Little Over a Year Ago: Apple Will Eventually No Longer Have a Key to iCloud Data 

From a wide-ranging interview from October 2018 (filtered through Google Translate):

Spiegel Online: Is the data as secure on your iCloud online service as on the devices?

Cook: Our users have a key there, and we have one. We do this because some users lose or forget their key and then expect help from us to get their data back. It is difficult to estimate when we will change this practice. But I think that in the future it will be regulated like the devices. We will therefore no longer have a key for this in the future.

I believe “regulated” is an idiomatic glitch in the translation. In English we tend to reserve that word for rules and laws from the government; Cook I think clearly is talking about Apple’s own policies.

[Update: Via my friend Glenn Fleishman, who speaks German: “You are correct about the Spiegel story. The machine translation is quite good, but ‘regulated’ was translated from the verb ‘regeln’ which can be regulated, but also controlled/set/etc. So it would be better to say, ‘I believe that in the future, it will be handled like on devices.’ ”]

Joseph Menn’s blockbuster report for Reuters today claims Apple abandoned its plans for encrypting iCloud backups “about two years ago”. Something in the timeline doesn’t add up there. (It’s also very clear from the Der Spiegel interview that Cook is keenly aware of how encryption works with Apple’s devices and services.)

Android 9 and Later Offers Encrypted Backups to Google 

From the end of Joseph Menn’s report for Reuters today, claiming Apple dropped plans for encrypted iOS backups after the FBI objected:

In October 2018, Alphabet Inc’s Google announced a similar system to Apple’s dropped plan for secure backups. The maker of Android software, which runs on about three-quarters of the world’s mobile devices, said users could back up their data to its own cloud without trusting the company with the key.

Two people familiar with the project said Google gave no advance notice to governments, and picked a time to announce it when encryption was not in the news.

First, while Android runs on 75 percent of mobile devices worldwide, not all of those devices use Google services like backup. None of the Android phones in China, for example — which is a lot of phones. It’s lazy to conflate Android phones with Google Android phones.

Second, I wasn’t aware of this until today. And it makes iCloud’s lack of backup encryption look bad. From Google’s official announcement of the feature a little over a year ago:

Starting in Android Pie, devices can take advantage of a new capability where backed-up application data can only be decrypted by a key that is randomly generated at the client. This decryption key is encrypted using the user’s lockscreen PIN/pattern/passcode, which isn’t known by Google. Then, this passcode-protected key material is encrypted to a Titan security chip on our datacenter floor. The Titan chip is configured to only release the backup decryption key when presented with a correct claim derived from the user’s passcode. Because the Titan chip must authorize every access to the decryption key, it can permanently block access after too many incorrect attempts at guessing the user’s passcode, thus mitigating brute force attacks. The limited number of incorrect attempts is strictly enforced by a custom Titan firmware that cannot be updated without erasing the contents of the chip. By design, this means that no one (including Google) can access a user’s backed-up application data without specifically knowing their passcode.

I can’t find much additional information about this. For example, how many failed attempts trigger the permanent lockout to the backup? That would be useful to know, but I can’t find it.

It also doesn’t seem to be optional on (some?) devices that support it. My Pixel 4 running Android 10 (Android Pie was version 9) doesn’t say anything about backups being encrypted by my device passcode — I believe they just are.

Not sure why the Department of Justice isn’t publicly complaining about this.

(Keep in mind that anything with a web interface, like Google Photos and Google Docs and Google Drive, cannot be end-to-end encrypted. Same goes for iCloud Photos.)


Regarding Reuters’s Report That Apple Dropped Plan for Encrypting iCloud Backups

Blockbuster report by Joseph Menn for Reuters:

Apple Inc. dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

The tech giant’s reversal, about two years ago, has not previously been reported. It shows how much Apple has been willing to help U.S. law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers’ information.

I want to go deep on this, because, if true, it’s staggering, heartbreaking news. Go read Menn’s entire report. I’ll wait.

OK. First, Reuters’ headline — “Apple Dropped Plan for Encrypting Backups After FBI Complained” — is missing one essential word: iCloud. For at least the last decade, Apple has offered truly secure encrypted local backups of iOS devices, using iTunes on a Mac or PC. (Starting with MacOS 10.15 Catalina, this feature is now in the Finder.) With encrypted local backups, if you don’t have the passphrase used to encrypt the backup, no one, including Apple, can access the backup data. (Local backups to your Mac or PC are not encrypted by default — more on this below — and non-encrypted local backups therefore omit sensitive data like your passwords.)

It’s essential that Apple still supports local backups, for many reasons, but for most iPhone and iPad users it’s irrelevant, because they never connect their devices to a Mac or PC, and the overwhelming majority of them surely have no idea that the feature even exists. iCloud backups are the only backups most iOS users ever use, and it is a fact that there is no option to truly encrypt them.

This fact has been, to me, a bit of a head-scratcher for the last few years — it’s the one gaping hole in Apple’s commitment to cryptographically-guaranteed privacy for its customers.1

In fact, it’s so contrary to Apple’s stance as The Privacy Company that I’ve already heard from several tech-savvy users today, in the wake of Reuters’s report, that they had assumed until now that their iCloud backups were encrypted.

The bottom line is that iCloud backups are not end-to-end encrypted, but should be, at least optionally. Menn’s report for Reuters suggests the reason they’re not is that Apple bowed to requests from the FBI. I do not believe his report is entirely correct. Menn writes:

More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under court order.

In private talks with Apple soon after, representatives of the FBI’s cyber crime agents and its operational technology division objected to the plan, arguing it would deny them the most effective means for gaining evidence against iPhone-using suspects, the government sources said.

When Apple spoke privately to the FBI about its work on phone security the following year, the end-to-end encryption plan had been dropped, according to the six sources. Reuters could not determine why exactly Apple dropped the plan.

Menn is a solid reporter and I have no reason to doubt what he is reporting. What I suspect though, based on (a) everything we all know about Apple, and (b) my own private conversations over the last several years, with rank-and-file Apple sources who’ve been directly involved with the company’s security engineering, is that Menn’s sources for the “Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud” bit were the FBI sources, not the Apple sources, and that it is not accurate.

It simply is not in Apple’s nature to tell anyone outside the company about any of its future product plans. I’m not sure how I could make that more clear. It is not in Apple’s DNA to ask permission for anything. (Cf. the theory that a company’s culture is permanently shaped by the personality of its founders.)

Encrypting iCloud backups would be perfectly legal. There would be no legal requirement for Apple to brief the FBI ahead of time. Nor would there be any reason to brief the FBI ahead of time just to get the FBI’s opinion on the idea. We all know what the FBI thinks about strong encryption. How would this supposed conversation have gone down?

FBI Official: So, what brings you here?

Apple Representative: Well, we’re thinking about offering encrypted iCloud backups, such that only the user would hold the keys.

FBI Official: ——

Apple Representative: And, uh, we were wondering what you folks thought about that.

FBI Official: Is this a joke?

I would find it less surprising to know that Apple acquiesced to the FBI’s request not to allow encrypted iCloud backups than that Apple briefed the FBI about such a plan before it was put in place.

I’ll take as fact all of the following, based on Menn’s report and common sense:

  1. Apple had and perhaps still has a plan to encrypt iCloud backups in a way that only the user controls the keys. I.e. that without the backup passphrase, there would be no way for Apple to access the data contained in the backup.

  2. The FBI has requested that Apple not offer encrypted iCloud backups. I would be surprised if the FBI does not reiterate its stance on this issue whenever they meet with Apple regarding security matters. Apple might never have mentioned a plan to encrypt iCloud backups, but the FBI isn’t stupid. It has surely occurred to anyone who has followed Apple’s progress on security — which to date has only ever moved in the direction of providing customers with more cryptographically-guaranteed privacy — that encrypted iCloud backups are something the company has at the very least considered.

  3. Apple cancelled or postponed its plan to offer encrypted iCloud backups.

It does not necessarily follow that #3 is the result of #2.

It could be the reason, but there are several other logical explanations. It’s a subtle point, but the “due to” in VentureBeat’s headline on Reuter’s syndicated report — “Apple’s iCloud Backups Are Unencrypted Due to Law Enforcement Pressure” — is not justified by the reporting. (Reuters’s original headline uses “after”.)

I’ll repeat the last line of the previous quote from Menn’s report:

Reuters could not determine why exactly Apple dropped the plan.

Dueling sources follow:

“Legal killed it, for reasons you can imagine,” another former Apple employee said he was told, without any specific mention of why the plan was dropped or if the FBI was a factor in the decision.

That person told Reuters the company did not want to risk being attacked by public officials for protecting criminals, sued for moving previously accessible data out of reach of government agencies or used as an excuse for new legislation against encryption.

“They decided they weren’t going to poke the bear anymore,” the person said, referring to Apple’s court battle with the FBI in 2016 over access to an iPhone used by one of the suspects in a mass shooting in San Bernardino, California.

If that is the case — that Apple’s legal department killed the project to avoid “poking the bear” — then it’s ultimately irrelevant whether Apple briefed the FBI in advance or not. It’s acquiescence, and users will be left unprotected. Not just in the U.S., where the FBI has jurisdiction, but everywhere in the world where encryption is legal.

Menn’s FBI sources clearly think that’s the case:

Two of the former FBI officials, who were not present in talks with Apple, told Reuters it appeared that the FBI’s arguments that the backups provided vital evidence in thousands of cases had prevailed.

“It’s because Apple was convinced,” said one. “Outside of that public spat over San Bernardino, Apple gets along with the federal government.”

What else could it be? This:

However, a former Apple employee said it was possible the encryption project was dropped for other reasons, such as concern that more customers would find themselves locked out of their data more often.

That’s a key point. Surely there are hundreds, maybe thousands, of people every day who need to access their iCloud backups who do not remember their password. The fact that Apple can help them is a benefit to those users. That’s why I would endorse following the way local iTunes device backups work: make encryption an option, with a clear warning that if you lose your backup password, no one, including Apple, will be able to restore your data. I would be surprised if Apple’s plan for encrypted iCloud backups were not exactly that.

Buried deep in the article is, to me, the most alarming aspect of Menn’s report:

Once the decision was made, the 10 or so experts on the Apple encryption project — variously code-named Plesio and KeyDrop — were told to stop working on the effort, three people familiar with the matter told Reuters.

The proof of the pudding is in the eating — let’s see what Apple actually does. Reuters’s report notwithstanding, I would not be surprised if end-to-end encrypted iCloud backups are forthcoming. This should be at the top of our list of hoped-for features at WWDC 2020.

This isn’t about Apple foiling law enforcement. It isn’t about Apple helping criminals. It’s about Apple enabling its customers to own and control their own data. As things stand, if you use iCloud backup, you do not own and control the data therein. 


  1. Email is another gaping hole. But that’s how email works everywhere — it’s inherently insecure by design. Read this 2013 piece by Geoff Duncan for a cogent explanation. ↩︎


Derek Jeter, Hall of Famer 

James Wagner, reporting for The New York Times:

It was never a question that Derek Jeter, the longtime captain of the Yankees and one of the most celebrated players in baseball history, was going to be enshrined in the Baseball Hall of Fame. The intrigue instead centered on whether he would become the second unanimously elected player, following his former teammate and fellow five-time World Series champion Mariano Rivera.

On Tuesday, Jeter fell just short of Rivera’s historic mark from last season.

Jeter was named on all but one of the 397 ballots cast by members of the Baseball Writers’ Association of America — more than enough to clear the 75 percent hurdle for election. He eclipsed the previous second-highest voting mark, 99.3 percent, for outfielder Ken Griffey Jr. in 2016. Jeter received 99.7 percent of the vote.

The surprise isn’t that some cowardly little man decided to hide behind the anonymity of his vote and deny Jeter unanimity. The surprise is that there wasn’t a single cowardly dope who did the same last year for Rivera. Every single player among the top 30 on this list should have been unanimous. For chrissake Babe Ruth and Willie Mays only got 95 percent of the vote.

Jeter and Rivera were teammates for 19 seasons — the most, by far, of any Hall of Fame teammates. What a privilege it was to watch them play and win five World Series, all while playing for the greatest team in the history of professional sports.

Instagram for Windows 95 

Delightful work by Petrick Studio. I miss buttons that look like buttons and clear distinctions between app chrome and content.

A horse, a horse, my kingdom for a classic Mac OS version of the same idea.

How Modern iPhone Encryption Works 

Great explanation from Jack Nicas, in his column for The New York Times:

Tools like those from Cellebrite and Grayshift don’t actually break iPhones’ encryption; they guess the password. To do so, they exploit flaws in the software, like Checkm8, to remove the limit of 10 password attempts. (After about 10 failed attempts, an iPhone erases its data.) The tools then use a so-called brute-force attack, which automatically tries thousands of passcodes until one works.

That approach means the wild card in the Pensacola case is the length of the suspect’s passcode. If it’s six numbers — the default on iPhones — authorities almost certainly can break it. If it’s longer, it might be impossible.

A four-number passcode, the previous default length, would take on average about seven minutes to guess. If it’s six digits, it would take on average about 11 hours. Eight digits: 46 days. Ten digits: 12.5 years.

If the passcode uses both numbers and letters, there are far more possible passcodes — and thus cracking it takes much longer. A six-character alphanumeric passcode would take on average 72 years to guess.

It takes 80 milliseconds for an iPhone to compute each guess. While that may seem small, consider that software can theoretically try thousands of passcodes a second. With the delay, it can try only about 12 a second.

The basic thing to understand is that there are effectively two systems on a modern iPhone: (1) the iPhone itself, running iOS; and (2) the Secure Enclave. iOS can be hacked. That’s how these tools remove the 10-passcode-guesses-and-you’re-out limit. But it’s the Secure Enclave that evaluates a passcode and controls encryption, and the 80 millisecond processing time for passcode evaluation isn’t an artificial limit that could be set to 0 by hackers. It’s a hardware limitation, not software.

So, if you’re worried about any of this, the answer is simple: use an alphanumeric passphrase to unlock your iOS device, not a 6-digit numeric passcode.

MyNetDiary 

My thanks to MyNetDiary for sponsoring DF this week. MyNetDiary is a modern diet/food tracking app with a strong focus on design, quality, and usability.

Developed with a team of registered dietitians, MyNetDiary offers a huge and reliable database, lightning-fast food tracking, a totally configurable dashboard, and no ads or user tracking — even in the free version. Their UI design for food tracking is incredibly efficient, with features ranging from a huge database of food, smart parsing of your typed input, and bar code scanning. They even have an AR “grocery check” feature — point your camera at a barcode while shopping and you’ll see a heads-up display with information and recommendations.

A lot of apps like this are just thin wrappers around web apps. MyNetDiary offers excellent native apps — for iPhone, iPad, and Apple Watch. They even have an iMessage app. They are really on top of Apple’s latest stuff, and very privacy-minded. You can use the app fully without signing up for a (free) MyNetDiary account. But if you do sign up for an account, your data will sync between devices and the MyNetDiary website seamlessly. They even support Sign In With Apple when you create an account. I’ve been using MyNetDiary all week, and this is the first service I’ve used with Sign In With Apple — and it was a terrific experience. Probably the best “sign up for a new account with a service” experience I’ve ever seen.

MyNetDiary is now the most comprehensive, accurate, and user-friendly diet app in the App Store, as well as on the web and Google Play, and users and reviewers love it. If you’re looking for an app to help you lose weight or just eat better, you should check out MyNetDiary.

The Talk Show: ‘Sport Mode’ 

Special guest Merlin Mann returns to the show. Topics include the renewal of U.S. law enforcement officials’ disingenuous campaign against iPhone encryption, the Houston Astros cheating scandal, how that cheating scandal relates to the Trump impeachment saga, and Catalyst and the art of Mac software design. But mostly we talk about finding a good pair of slippers.

Brought to you by these fine sponsors:

  • Techmeme Ride Home: 20-minutes of today’s top tech news, every day around 5p ET. A terrific podcast that you should subscribe to.
  • Squarespace: Make your next move. Use code talkshow for 10% off your first order.
  • Linode: Instantly deploy and manage an SSD server in the Linode Cloud. Get a server running in seconds with your choice of Linux distro, resources, and choice of 10 node locations.
Which Emoji Scissors Close 

“Wh0”:

Ah, scissors. They’re important enough that we have an emoji for them. On your device, it appears as ✂️. Unlike the real world tool it represents, the emoji’s job is to convey the idea, especially at small sizes. It doesn’t need to be able to swing or cut things. Nevertheless, let’s judge them on that irrelevant criterion.

Fun work. Turns out most emoji scissors wouldn’t actually close. I’m curious if the ones that would close somehow look worse at small sizes, or if this is something that most scissor emoji artists never bothered to consider. (Via Andy Baio.)

The FBI Used a GrayKey to Obtain Data From a Locked iPhone 11 Pro Max 

Thomas Brewster, reporting for Forbes:

Last year, FBI investigators in Ohio used a hacking device called a GrayKey to draw data from the latest Apple model, the iPhone 11 Pro Max. The phone belonged to Baris Ali Koch, who was accused of helping his convicted brother flee the country by providing him with his own ID documents and lying to the police. He has now entered a plea agreement and is awaiting sentencing.

Forbes confirmed with Koch’s lawyer, Ameer Mabjish, that the device was locked. Mabjish also said he was unaware of any way the investigators could’ve acquired the passcode; Koch had not given it to them nor did they force the defendant to use his face to unlock the phone via Face ID, as far as the lawyer was aware. The search warrant document obtained by Forbes, dated October 16, 2019, also showed the phone in a locked state, giving the strongest indication yet that the FBI has access to a device that can acquire data from the latest iPhone.

Nothing is confirmed by anyone involved — the FBI, Apple, or Grayshift (the company that makes the GrayKey) — but this sure sounds like the FBI accessed data on an iPhone 11 Pro Max using a GrayKey. Two things if this is true. First, this really puts the lie to the FBI’s claim of needing Apple’s help accessing the Pensacola shooter’s iPhones (which were older models, and thus presumably easier to crack). Second, this is the first suggestion I’ve seen that GrayKey can unlock, or somehow otherwise access the data of, Apple’s latest generation of iPhones.

More on how GrayKey works — or at least used to work — from an April 2018 link. At one point later in 2018, it was believed that bug fixes in iOS 12 stopped GrayKey from working. It’s a canonical cat-and-mouse game. Also worth noting: Grayshift co-founder Braden Thomas previously worked as a security engineer at Apple.

WSJ: ‘Barr’s Encryption Push Is Decades in the Making, but Troubles Some at FBI’ 

Sadie Gurman, Dustin Volz, and Tripp Mickle, reporting for The Wall Street Journal:

Some FBI officials were stunned by Mr. Barr’s rebuke of Apple, the people familiar with the matter said, and believe the Pensacola case is the wrong one to press in the encryption fight, in part because they believed Apple had already provided ample assistance to the probe.

Like I’ve been arguing, this has nothing to do with the Pensacola case in particular and everything to do with a push to make encryption illegal.

More on Tile’s Complaints About Apple in Congressional Testimony 

Juli Clover, writing for MacRumors, reports that Tile is complaining about Find My too:

The smaller companies are aiming to provide evidence that the tech giants have become too big and have practices in place that stifle competition and hurt sales. Tile in particular is gunning for Apple, claiming that Apple’s iOS 13 Bluetooth and location tracking devices have hurt its business, and that Find My resembles Tile’s own service.

Find My — originally Find My iPhone — has been around since 2010. And it seems like weak sauce to argue that it’s a feature Apple shouldn’t be able to provide on antitrust grounds. Putting aside Apple’s rumored dedicated location-tracking tile dinguses, if Tile’s business has been hurt by iOS 13 and Find My, their business was in bad shape to start.

It seems one of Tile’s specific complaints is related to the changes in iOS 13 that discourage third-party apps from having “Always Allow” access to location data. Apple has been pushing for apps to use “Only While Using the App”, and, when apps do use “Always Allow”, iOS will periodically remind you which apps are doing so in the background, and how often. And to turn on “Always Allow” access, the user must do so in the Privacy section of Settings — the app itself can’t prompt for it. Apple’s statement seems to suggest they’re reconsidering that.

Remember Apple’s priorities: Apple first, users second, developers third. Developers of location-tracking apps might be peeved by iOS 13’s changes, but users are much better off. A lot of apps that were asking for “Always Allow” location access were not doing so with the users’ interests at heart.

There’s just no way a third-party tile tracking product will be as integrated with iOS as an Apple product would be. It’s like rival smart watch makers complaining that Apple Watch’s integration with iPhone is unfair. Same with AirPods. At some level it is unfair, but what’s the alternative? You’re either asking for Apple (and other big platform vendors) to be severely hamstrung from innovating with integrated new products, or you’re asking for third-parties to be given low-level access to the OS on mobile platforms — a privacy and security nightmare.

There are definitely good antitrust arguments to be made against all of the tech giants, including Apple, but I don’t think Tile is a good example.

Tile to Testify Before Congress About Unreleased, Unannounced Apple Product 

Nandita Bose, writing for Reuters:

In April 2019, Tile.com, which helps users find lost or misplaced items, suddenly found itself competing with Apple Inc, after years of enjoying a mutually beneficial relationship with the iPhone maker.

Apple carried Tile on its app store and sold its products at its stores since 2015. It even showcased Tile’s technology at its biggest annual event in 2018 and the startup sent an engineer to Apple’s headquarters to develop a feature with the company’s voice assistant Siri.

Early the following year, Tile’s executives read news reports of Apple launching a hardware product along with a service that resembled what Tile sold. By June, Apple had stopped selling Tile’s products in stores and has since hired away one of its engineers.

It sucks to get Sherlocked. But is there anything vaguely illegal here? And it seems… premature to testify before Congress about a product Apple hasn’t even announced (and for all we know, never will). What exactly is Tile’s preferred remedy here?

The Case for a Low Power Mode for Mac Laptops — and iPads 

Marco Arment:

In light of today’s rumor that a Pro Mode may be coming that seems to offer benefits in the opposite direction, I wanted to re-make the case for a Low Power Mode on macOS — and explain why now is the time.

Modern hardware constantly pushes thermal and power limits, trying to strike a balance that minimizes noise and heat while maximizing performance and battery life. […] Apple’s customers don’t usually have control over these balances, and they’re usually fixed at design time with little opportunity to adapt to changing circumstances or customer priorities.

The sole exception, Low Power Mode on iOS, seems to be a huge hit: by offering a single toggle that chooses a different balance, people are able to greatly extend their battery life when they know they’ll need it.

Arment has some interesting numbers showing the difference on a new 16-inch MacBook Pro while running a third-party kernel extension that disables Intel’s “Turbo Mode”. You lose about 50 percent of performance but gain maybe an additional 50 percent of battery life — and your MacBook stays very cool. A lot of people in a lot of situations would happily make that trade-off, especially if it were as easy to toggle and as noninvasive as it is on iOS. When I use Low Power Mode on my iPhone, I’m hard-pressed to notice any difference other than the yellow battery icon, even though benchmarks suggest the CPU is throttled to about half speed. Apple’s A-series CPUs are so fast that half-speed is plenty fast.

The elephant in the room is the Mac’s transition to Apple-designed ARM processors — a transition we’ve all expected to come any year now for, well, quite a few years. Apple’s plan for extending MacBook battery life might just be to switch processor architectures and nothing else. Note too that iOS’s Low Power Mode is for iPhones only — iPads don’t have it. That bodes poorly for the odds of a Low Power Mode for MacBooks — it feels like a feature Apple believes is needed only for phones.

Now that I think about it, why doesn’t the iPad have Lower Power Mode? This could be a huge game changer in a “forgot to charge my iPad before a long flight or car trip” scenario. I just spent 15 minutes searching the web to make sure the iPad really doesn’t offer this feature, because it seems so bananas that it doesn’t.

Study Claims YouTube Ads of 100 Top Brands Fund Climate Misinformation 

Alex Hern, reporting for The Guardian:

Some of the biggest companies in the world are funding climate misinformation by advertising on YouTube, according to a study from activist group Avaaz.

The group found that more than 100 brands had adverts running on YouTube videos on the site that were actively promoting climate misinformation. The brands, including Samsung, L’Oreal and Decathlon, were unaware that their adverts were being played before and during the videos.

How do we know they were unaware? I highly doubt any of these brands specifically wanted their ads to run against climate change disinformation videos, but doesn’t the scattershot “just let the algorithm figure out where to run our ads” strategy many (most?) big YouTube advertisers take imply that some of the spots are going to run against unsavory content?

I really feel as a culture we are barely coming to grips with the power of YouTube, Facebook, and to some degree, Twitter, as means of spreading mass-market disinformation. The pre-internet era of TV, print, and radio was far from a panacea. But it just wasn’t feasible in those days for a disinformation campaign — whether from crackpots who believe the nonsense, corporate industry groups, or foreign governments — to get in front of the eyes of millions of people.

It feels like something out of a Kurt Vonnegut novel that this is not only the state we’re in today, but that big name mass market advertisers are running commercials on this stuff.

Fun With Charts: A Decade of Apple Growth 

Jason Snell:

I have been making charts based on Apple’s financials every three months for most of the last decade, and if there’s one thing that I think the charts don’t properly convey is just how explosive Apple’s growth has been. The iPhone’s growth in the middle of the decade changed the game. And while that growth has slowed or stopped, it leaves Apple as a company that is working at a scale that’s nothing like it was when Steve Jobs was in his final years as CEO.

That last chart is a real doozy.

Steve Bannon: ‘If I Were the Guys at Apple I Would Pay Attention to the President’s Tweets. I Would Treat His Tweets as a Papal Bull.’ 

The notion that anyone should treat any president’s tweets as “papal bulls” is one of the most un-American things I’ve heard.

Wireless Networks Pose No Known Health Risk 

Glenn Fleishman, writing at TidBITS:

Can cell phones or Wi-Fi give you cancer? The answer is reasonably definitive: No. That’s equally true for new 5G cellular networks currently being rolled out worldwide, all previous cellular networks, and all versions of Wi-Fi.

‘We Reject the Characterization That Apple Has Not Provided Substantive Assistance in the Pensacola Investigation’ 

Scott Lucas, reporting for BuzzFeed News:

“We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation. Our responses to their many requests since the attack have been timely, thorough and are ongoing,” the company said in a statement. “We responded to each request promptly, often within hours, sharing information with FBI offices in Jacksonville, Pensacola and New York. The queries resulted in many gigabytes of information that we turned over to investigators. In every instance, we responded with all of the information that we had.”

But Apple said nothing about actually unlocking the gunman’s two iPhones. Instead, it reiterated its stance on privacy.

“We have always maintained there is no such thing as a backdoor just for the good guys,” the company explained. “Backdoors can also be exploited by those who threaten our national security and the data security of our customers. … We feel strongly encryption is vital to protecting our country and our users’ data.”

The big question remains unclear in all this coverage: did Apple refuse the DOJ’s request, or are they unable — technically — to fulfill the request? The DOJ continues to talk as though this is something Apple could do but refuses to. I believe it’s something Apple is mathematically unable to do. News coverage should make this clear.

Barr Asks Apple to Unlock Pensacola Killer’s Phones, Setting Up Clash 

Katie Benner, reporting for The New York Times:

“We’re not trying to weaken encryption, to be clear,” Mr. Bowdich said at a news conference, noting that the issue has come up with thousands of devices that investigators want to see in other cases.

That’s exactly what they are trying to do. There is no magic way to allow law enforcement to access encrypted contents without allowing everyone else the same path. Mathematics doesn’t discern between “good guys” and “bad guys”.

Disney+ Was the Most Downloaded App in the US in Q4 2019 

Sarah Perez, reporting for TechCrunch:

U.S. consumers have shown strong interest in Disney’s new family-friendly streaming service, Disney+, according to new data from Sensor Tower, which focused on app trends in the final quarter of 2019. Following the app’s mid-November launch in the U.S., Disney+ was downloaded more than 30 million times in Q4 2019 — that’s more than double its next nearest competitor, TikTok, the firm said.

These total downloads were counted across both the Apple App Store and Google Play, with the App Store accounting for over 18 million of the Disney+ downloads and Google Play accounting for more than 12 million. This allowed the new streaming app to become the most downloaded app in the App Store and Google Play, individually, in addition to being the most downloaded app overall in the quarter.

Very impressive launch, both technically and marketing-wise.

Astros Manager and G.M. Fired Over Cheating Scandal 

James Wagner, reporting for The New York Times:

It is an enduring part of baseball strategy: As a batter is at the plate, his teammates carefully watch a catcher’s fingers to figure out what pitch is about to be thrown.

And it’s all fair play as long as teams do not enhance the abilities of the naked eye and clever minds with either cameras or electronic devices that allow teammates to signal the batter whether a fastball or a breaking ball is on the way.

But that is exactly what the Houston Astros did during their 2017 championship-winning season, clouding that World Series title and causing one of baseball’s biggest cheating scandals in years, Major League Baseball officials said on Monday in a scathing report detailing the team’s scheme.

By the end of the day, Houston General Manager Jeff Luhnow and Manager A.J. Hinch — the two men who helped propel the Astros to the top of the sport — had been suspended and then fired, while their club was left with severe penalties for deploying a scheme involving cameras and monitors to decode the hand signals of catchers and tip off Houston batters. One of their favorite communication methods was banging on a trash can just outside the dugout.

Commissioner Manfred’s report (PDF) is a scathing read (with a crazy file name). My favorite part of this whole sad saga is the indignant way A.J. Hinch responded to allegations that the Astros were illegally signaling signs against the Yankees this postseason. My guess is it’s not “making him laugh” any more.

Put a big asterisk next to that 2017 World Series. What an embarrassing stain on the sport.

Kolide 

My thanks to Kolide for sponsoring last week at DF. Kolide is a new Slack app that messages employees when their Mac, Windows, or Linux device is not compliant with security best-practices or policy.

With this app, Kolide will notify users or groups when a device is out of compliance along with clear instructions about what is wrong, and step by step instructions to remediate the issue themselves. They can even confirm in real-time that they resolved the problem with an interactive button inside the Slack message.

Unlike most endpoint security solutions, Kolide was designed with user privacy in mind. Your users will know what data is collected about their device, who can see that data, and can even view the full source code of the agent that is run on the device.

Kolide is already used by hundreds of fast growing companies who want to level-up their device security without locking down their devices. Try Kolide’s new product for free for 30 days for your entire fleet.


Quit Confirmation for Safari on MacOS

Here’s a quick little AppleScript I wrote recently that I’ve found helpful.

Backstory: When you quit a web browser on MacOS, they just quit. Whatever windows and tabs are open, boom, they just go away. In the old days, quitting a browser closed all windows, so when you relaunched your browser, you were sitting there staring at a new empty browser window. This sucked if you needed to restart, and it really sucked if you quit your browser accidentally. How do you quit accidentally? Typically, by pressing ⌘Q by mistake when you meant to press Q’s neighbor W to close the current tab.

A few years ago all modern browsers added a feature that restores your previously-open windows and tabs automatically upon relaunching. This restoration of previously open windows and tabs is so useful that in the current version of Safari, there isn’t even an option not to do it. The only choices in Safari’s General preferences tab for “Safari opens with” are “All windows from last session” and “All non-private windows from last session”. Quitting Safari and closing tabs are completely discrete, and it’s clear to me that’s the correct design.

[Update: The above is not the whole story. I only see two options because in System Preferences: General, I have the “Close windows when quitting an app” checkbox turned off. If you have that checkbox turned on, you’ll see four options in Safari for “Safari opens with”: the two mentioned above, along with “A new window” and “A new private window”. If you have the system-wide “Close windows when quitting an app” turned off and choose “A new window” or “A new private window” in Safari, you will in fact start fresh with a single empty window upon relaunching Safari. (But even then, you can go to History → Reopen All Windows from Last Session to re-open all of your previous windows and tabs.)]

But, even with this automatic session restoration, it can still be disruptive if you quit your browser accidentally. When windows come back, sometimes you lose your place on a page, or you get logged out, or a dozen other potential hiccups.

Chrome addresses this by blocking ⌘Q by default. If you press and release ⌘Q in Chrome, with default settings, instead of quitting, Chrome displays a message in a temporary notification banner: “Hold ⌘Q to Quit”. With this setting enabled — and it’s on by default — you have to hold ⌘Q to quit Chrome. Other Chromium-derived browsers, like the excellent Brave (which I heartily recommend as an alternative to Chrome), do the same thing. This does solve the problem of having your entire browser quit when you just meant to close the current tab with ⌘W, but it’s a decidedly unidiomatic solution. Press-and-hold to invoke a menu key shortcut just isn’t a thing on the Mac. It’s weird.

If you want to disable this feature in Chrome, don’t bother looking in Chrome’s labyrinthian Preferences window. You control this setting with the “Warn Before Quitting (⌘Q)” menu item above the “Quit Chrome” command in the Chrome menu.

That’s not even a good description for the setting. You don’t get warned before quitting when it’s enabled — you’re instead required to press-and-hold the ⌘Q shortcut.

But a confirmation warning is exactly what you should get. This is how the Mac has protected against quitting when you might lose data or state since the dawn of time — like when you try to close a document window with unsaved changes.

I don’t accidentally quit Safari often, but it does happen. And it’s mildly annoying every time. The last time it happened, I resolved to fix it myself. That’s where my AppleScript comes in:

use AppleScript version “2.4” — Yosemite (10.10) or later use scripting additions

use AppleScript version “2.4” — Yosemite (10.10) or later use scripting additions

tell application "Safari"
    set _window_count to count windows
    set _tab_count to 0

    repeat with _w in every window
        set _tab_count to _tab_count + (count tabs of _w)
    end repeat

    -- Make a string like "1 window containing 3 tabs."
    if _window_count is 1 then
        set _msg to _window_count & " window containing " as string
    else
        set _msg to _window_count & " windows containing " as string
    end if
    if _tab_count is 1 then
        set _msg to _msg & _tab_count & " tab." as string
    else
        set _msg to _msg & _tab_count & " tabs." as string
    end if

    display alert ¬
        "Are you sure you want to quit Safari?" message _msg ¬
        buttons {"Cancel", "Quit"} ¬
        giving up after 60
    if button returned of result is "Quit" then quit
end tell

Run this script, and it shows an alert like this:

Screenshot of an alert dialog.

Last step: how do we get this script to run when we press ⌘Q in Safari? I use FastScripts, Red Sweater Software’s excellent alternative to Apple’s own system-wide scripts menu. Among numerous other features, FastScripts allows you to assign custom keyboard shortcuts to scripts — and FastScripts will “see” those shortcuts before the application you’re using does.

So I’ve saved this script as “Quit With Confirmation” and placed it in the “Safari” folder in the “Applications” folder inside my “Scripts” folder. See FastScripts’s excellent documentation for more information on where to place application-specific scripts. Then in FastScript’s preferences, I assigned it ⌘Q. When I press ⌘Q in Safari, the script runs instead of Safari’s menu command.

Now I can wildly stab at ⌘W to close tabs without a care in the world.1 Enjoy. 


  1. If the only thing you want to do is disable ⌘Q in Safari (or any other shortcut, in any other app, for that matter), the easiest thing to do is use the Keyboards panel in System Prefs (then go to Shortcuts: App Shortcuts) to either set Safari’s shortcut for File → Quit to nothing at all, or to something you won’t hit accidentally, like, say, Control-Option-Shift-Command-Q. Almost no work at all, no third-party software required. This ability to fully customize every menu key shortcut in every single app on the system is one of the best power-user tips I know of. But that’s not what I want. I want to defend against hitting ⌘Q accidentally, but I also want to be able to use ⌘Q on purpose when I really do want to quit Safari. That means a confirmation alert. ↩︎


Apple’s One Remaining Use of the Word ‘Macintosh’ 

Adam Engst, writing at TidBITS:

Some weeks ago, I was struck by the thought that Apple had almost entirely managed to scrub its corporate communications of the word “Macintosh.” It’s not surprising, of course, but I was curious if the company had slipped up anywhere. To find out, I put together a complex Google search that focused on just Apple sites, eliminating those which host third-party content like discussions.apple.com. It also eliminates pages pointing at technical specifications for old products, a page listing obsolete products, and a spurious link to the Wikipedia page on HyperCard that somehow got an apple.com URL.

My search confirmed my initial hunch that there is only one official remaining use of the word “Macintosh” by today’s Apple.

Be sure to read the comments — there’s more than just one instance.