Morning Brew 

My thanks to Morning Brew for once again sponsoring last week at DF. There’s a reason over 1 million people start their day with Morning Brew — the daily email that delivers the latest news from Wall Street to Silicon Valley. I subscribed months ago when they first sponsored DF, and I’ve stayed subscribed. Not because they’re a sponsor but because I genuinely enjoy their daily briefing.

Business news doesn’t have to be dry and dense. Make your mornings more enjoyable, for free. Check it out.

Deconstructing Google’s Excuses on Tracking Protection 

Jonathan Mayer and Arvind Narayanan, writing at Freedom to Tinker:

Blocking cookies is bad for privacy. That’s the new disingenuous argument from Google, trying to justify why Chrome is so far behind Safari and Firefox in offering privacy protections. As researchers who have spent over a decade studying web tracking and online advertising, we want to set the record straight. […]

Google is trying to thread a needle here, implying that some level of tracking is consistent with both the original design intent for web technology and user privacy expectations. Neither is true.

If the benchmark is original design intent, let’s be clear: cookies were not supposed to enable third-party tracking, and browsers were supposed to block third-party cookies. We know this because the authors of the original cookie technical specification said so (RFC 2109, Section 4.3.5).

Similarly, if the benchmark is user privacy expectations, let’s be clear: study after study has demonstrated that users don’t understand and don’t want the pervasive web tracking that occurs today.

A bad look for Google.

News Corp Readies News App to Address Publishers’ Concerns About Google and Facebook 

Jeffrey A. Trachtenberg and Lillian Rizzo, reporting for The Wall Street Journal:

News Corp is developing a news-aggregation service meant to address concerns that Alphabet Inc.’s Google News and other digital platforms don’t reward publishers’ work adequately and play down articles from certain types of sites, according to people familiar with the plans.

The service, currently called, is expected to be a website and a mobile app.

No gnews is good gnews with Gary Gnu.

EFF: ‘Apple’s New WebKit Policy Takes a Hard Line for User Privacy’ 

Bill Budington, writing for the EFF:

The policy ends with the clause

We want to see a healthy web ecosystem, with privacy by design.

We couldn’t agree more. We sincerely hope more browsers, such as Google’s Chrome, adopt the tenet of “privacy by design” as well.

MLB Warns Sexual Enhancers May Include PEDs 

Jeff Passan, reporting for MLB:

Major League Baseball in a memo warned about the “very real risk” of over-the-counter sexual-enhancement pills after at least two players this year were suspended for performance-enhancing drugs and said the banned substances found in their urine came from the unregulated products, sources familiar with the situation told ESPN.

The use of over-the-counter pills, which are often sold at gas stations, is prevalent among baseball players, according to multiple sources. It prompted the league to send out a memo on Monday that outlines the risk of consuming non-NSF-certified supplements.

Michael Kay:

You can’t make it up. Millions of dollars at risk and you pop a couple of pills you buy at a gas station. Mind boggling.

“Gas Station Boner Pills” would be a good name for a band.

Apple Support: ‘How to Clean Your Apple Card’ 

Apple Support:

Some fabrics, like leather and denim, might cause permanent discoloration that will not wash off. […]

Place your card in a slot in your wallet or billfold without touching another credit card. If two credit cards are placed in the same slot your card could become scratched.

My first instinct was to make fun of this: This is no big deal, because it’s not like anyone uses a leather wallet or wears denim jeans. I mean, who cleans a credit card? But after thinking about it, I feel like this really is no big deal because all of the credit cards I’ve ever owned get used-looking over time. If Apple Card gets genuinely sloppy-looking after carrying it like you would any other card — if it’s atypically prone to staining or scratching — that’s a problem. But I suspect these are instructions for obsessives who want to keep their cards in mint condition.

Steven Sinofsky on Steve Jobs’s ‘Bicycle for the Mind’ Metaphor for Personal Computers 

It’s a Twitter thread collected in a Medium post, so the narrative doesn’t read perfectly straight through, but it’s worth your time. Jobs’s 1981 appearance on Nightline is worth it alone. I hadn’t seen this before, and both Jobs (on the potential of personal computers, and their inevitable ubiquity — at a time when only 1 in 1,000 U.S. households owned one) and his counterpart David Burnham (who, even then, was deeply concerned about the privacy implications of computing) are remarkably prescient.

WebKit Tracking Prevention Policy 

Major new policy from WebKit, with inspiration credit given to Mozilla:

We treat circumvention of shipping anti-tracking measures with the same seriousness as exploitation of security vulnerabilities.

If a party attempts to circumvent our tracking prevention methods, we may add additional restrictions without prior notice. These restrictions may apply universally; to algorithmically classified targets; or to specific parties engaging in circumvention.

No Exceptions

We do not grant exceptions to our tracking prevention technologies to specific parties. Some parties might have valid uses for techniques that are also used for tracking. But WebKit often has no technical means to distinguish valid uses from tracking, and doesn’t know what the parties involved will do with the collected data, either now or in the future.

Unintended Impact

There are practices on the web that we do not intend to disrupt, but which may be inadvertently affected because they rely on techniques that can also be used for tracking. We consider this to be unintended impact.

Equating tracking with malware and security exploits is a major policy change, and absolutely correct. Notably, they are not respecting commercial interests at all. The user’s privacy comes first, and if there is commercial collateral damage from that, fuck it:

WebKit will do its best to prevent all covert tracking, and all cross-site tracking (even when it’s not covert). These goals apply to all types of tracking listed above, as well as tracking techniques currently unknown to us.

If a particular tracking technique cannot be completely prevented without undue user harm, WebKit will limit the capability of using the technique. For example, limiting the time window for tracking or reducing the available bits of entropy — unique data points that may be used to identify a user or a user’s behavior.

Hopefully, this will help close the email tracking-pixel loophole as well.

The ball is now in Chrome’s court to follow suit. I think Google could aggressively close these same privacy-invasive loopholes without losing their ability to serve targeted ads — they’d simply be limited to serving targeted ads to users who sign into Chrome with their Google accounts.

Google DeepMind Co-Founder Mustafa Suleyman Placed on Leave 

Giles Turner and Mark Bergen, reporting for Bloomberg*:

The co-founder of DeepMind, the high-profile artificial intelligence lab owned by Google, has been placed on leave after controversy over some of the projects he led.

Mustafa Suleyman runs DeepMind’s “applied” division, which seeks practical uses for the lab’s research in health, energy and other fields. Suleyman is also a key public face for DeepMind, speaking to officials and at events about the promise of AI and the ethical guardrails needed to limit malicious use of the technology.

“Mustafa is taking time out right now after 10 hectic years,” a DeepMind spokeswoman said. She didn’t say why he was put on leave.

Probably not a good sign.

* Bloomberg, of course, is the publication that published “The Big Hack” last October — a sensational story alleging that data centers of Apple, Amazon, and dozens of other companies were compromised by China’s intelligence services. The story presented no confirmable evidence at all, was vehemently denied by all companies involved, has not been confirmed by a single other publication (despite much effort to do so), and has been largely discredited by one of Bloomberg’s own sources. By all appearances “The Big Hack” was complete bullshit. Yet Bloomberg has issued no correction or retraction, and seemingly hopes we’ll all just forget about it. I say we do not just forget about it. Bloomberg’s institutional credibility is severely damaged, and everything they publish should be treated with skepticism until they retract the story or provide evidence that it was true.

‘No Time to Die’ 

Good title, I say, and the brief black-and-white teaser hearkens back to the opening of Casino Royale, before Bond earned 00 status. The most exciting thing about the movie remains the fact that it’s directed by Cary Joji Fukunaga — so much potential with his talent.

As the years pass, Sam Mendes’s Skyfall and (especially) Spectre age worse and worse. Neither film’s story makes a lick of sense. My feeling remains that Daniel Craig has had a very good run as Bond, but that’s held up almost entirely by how spectacularly good Casino Royale was.

Interesting tidbit from the BBC:

007 fans may be aware that famed Bond producer Cubby Broccoli was also behind a 1958 prisoner of war film called No Time To Die (which was also known as Tank Force). That film was directed by Terence Young, who also worked on the Bond movies Dr No, From Russia With Love, and Thunderball.

If You Get an Apple Card, Opt Out of Arbitration 

John Moltz:

If you get an Apple Card today, remember to reject arbitration! It’s crazy easy. Go to the card in Wallet, tap the ellipsis and then Message. Then just text that you want to reject arbitration and they’ll connect you with the poor sap at Goldman Sachs who’s doing all these.

See also: Barbara Krasnoff at The Verge: “You Should Opt Out of the Apple Card’s Arbitration Clause — Here’s How”.

Apple Card Account Information Is Only Accessible Via iOS Wallet App 

Nicole Nguyen, writing for Buzzfeed News:

Apple Card is a new cash-rewards credit card that — Apple purports — is designed to be simple and transparent. But it’s also aimed at keeping you locked into your iPhone.

There are no paper statements with the digital-first Apple Card. Unlike a traditional credit card, everything is accessed through the Wallet app on the iPhone, including transaction histories, total balances, previous statements, and payments. There’s no website to view the latest transactions made on the card or make a payment if you lose access to that Wallet app.

I don’t think the reason for this is to keep you locked to your iPhone, although that’s certainly a side effect. I think this simply reflects Apple’s internal culture. Apple’s culture is to make native apps for everything as a first priority, with web interfaces as a much lower priority. And in recent years, that’s shifted from native apps for iOS and Mac to just native apps for iOS. (E.g. the craptacular Catalyst apps for Stocks, News, Voice Memos, and most especially Home.) It feels ridiculous that you can’t access your Apple Card account from a Mac, whether from a native Mac app or from a website.

In some ways making the iOS Wallet app the primary interface to your Apple Card probably makes for a great experience. (I haven’t signed up for one — yet? — so I can’t say firsthand.) But not having access from a desktop computer is severely limiting in ways. Nguyen focuses on the scenario of what happens if you only have access to one iOS device and lose it (or it breaks). That’s a legitimate scenario. But what about being able to, say, export your monthly and annual statements? Or being able to search?

My hope is that Apple Card is only accessible via the iOS Wallet app for now, and that will eventually be a full-featured interface to your card account.

Automattic CEO Matt Mullenweg on What’s Next for Tumblr 

Great interview by Nilay Patel and Julia Alexander from The Verge with Matt Mullenweg, on Automattic’s acquisition of Tumblr from Verizon.

A lot of people are making hay over the price — Yahoo paid $1.1 billion for Tumblr six years ago, and Verizon apparently sold it to Automattic (best known as the parent company of WordPress) for just $3 million. But it seems clear that Verizon wasn’t looking for the best price — they were looking for the best home. Might be hard to believe because we’re talking about Verizon here, but there’s no other explanation than that they wanted to do what was best for Tumblr — both its employees and its users. Admirable.

Mullenweg’s remarks on the influence of app stores — and I think it’s pretty clear he was largely talking about Apple’s, and that he talked about them in the general lowercase sense so as not to come across as impolitic — was rather eye-opening. Automattic pretty much embodies the ideal of a for-profit company that fully embraces the open web. Their core product, WordPress, is and always has been fully open source. But apps are so important today — and so important for Tumblr users, apparently — that app store policies have significant influence on Automattic’s decisions on content policies.

Counterfeit George Orwell Books on Amazon 

David Streitfeld, writing for The New York Times:

In George Orwell’s “1984,” the classics of literature are rewritten into Newspeak, a revision and reduction of the language meant to make bad thoughts literally unthinkable. “It’s a beautiful thing, the destruction of words,” one true believer exults.

Now some of the writer’s own words are getting reworked in Amazon’s vast virtual bookstore, a place where copyright laws hold remarkably little sway. Orwell’s reputation may be secure, but his sentences are not.

Over the last few weeks I got a close-up view of this process when I bought a dozen fake and illegitimate Orwell books from Amazon. Some of them were printed in India, where the writer is in the public domain, and sold to me in the United States, where he is under copyright.

Amazon’s credibility problem with counterfeit products is as bad as ever, but it’s particularly rich when it comes to bastardized versions of Orwell’s oeuvre.

Rambo: Apple Arcade to Cost $5/Month 

Guilherme Rambo, writing at 9to5Mac:

Today, I was able to get information about the price of an Apple Arcade subscription to customers. This information is available in one of the APIs used by the App Store app. According to a promotional message found in the service, the price for Apple Arcade will be $4.99 / month, including a one-month free trial. As Apple previously announced, the service will allow access to all members in a Family Sharing account.

That’s a very appealing price, especially considering that it includes family sharing. And from what I hear, Apple is aggressively recruiting developers to create exclusive games for Arcade. I not only think this will be very successful for Apple and participating developers, but I think it could disrupt the whole mobile gaming industry. Pay-to-win games could see a big decline.

Jamf Now 

My thanks to Jamf for sponsoring last week at Daring Fireball to promote Jamf Now. For many people, IT is a task and not a career. Now you can support your users without help from IT.

Jamf Now is a simple, cloud-based solution designed to help anyone set up, manage, and protect Apple devices at work. Easily configure company email and Wi-Fi networks, distribute apps to your team, and protect sensitive data without locking down devices.

Daring Fireball readers can create an account and manage three devices for free. Each additional device starts at just $2 per month. Create your free account today.

Yankees Clinch 27th Straight Winning Season 

Bryan Hoch, MLB:

Securing their 27th consecutive season with a winning record, a streak that dates to 1993 and is second in Major League history only to their 39-season run from 1926-64, the Yankees peppered rookie starter Aaron Civale for three runs and eight hits over six innings.

What a streak. Next best in MLB are the Cardinals with 11.

Trump’s Large Union Crowd at Shell Was Given the Option of Not Showing Up — and Not Getting Paid 

Anya Litvak, reporting for The Pittsburgh Post-Gazette:

The choice for thousands of union workers at Royal Dutch Shell’s petrochemical plant in Beaver County was clear Tuesday: Either stand in a giant hall waiting for President Donald Trump to speak or take the day off with no pay.

“Your attendance is not mandatory,” said the rules that one contractor relayed to employees, summarizing points from a memo that Shell sent to union leaders a day ahead of the visit to the $6 billion construction site. But only those who showed up at 7 a.m., scanned their ID cards, and prepared to stand for hours — through lunch but without lunch — would be paid.

“NO SCAN, NO PAY,” a supervisor for that contractor wrote.

Easy call to boycott all Shell products — forcing your employees to serve as paid supporters is authoritarian bullshit. And this is why Trump accuses protestors of being paid stooges — pure projection.

WatchOS 6 Beta Suggests New Series 5 Watches in Titanium and Ceramic 

Nice scoop from iHelpBR. Marco Arment’s take:

Two fantastic watch materials. Titanium in watches can be made to look like steel but slightly darker and much lighter-weight, and the previous white-ceramic Editions were really cool.

Agreed. Watch-grade titanium is a very different beast than the titanium in the original PowerBook G4 models. The fact that it’s much lighter should make haptics better than in the stainless steel models.

Siri, Privacy, and Trust

Three weeks ago, writing for The Guardian, Alex Hern reported:

Apple contractors regularly hear confidential medical information, drug deals, and recordings of couples having sex, as part of their job providing quality control, or “grading”, the company’s Siri voice assistant, the Guardian has learned.

Although Apple does not explicitly disclose it in its consumer-facing privacy documentation, a small proportion of Siri recordings are passed on to contractors working for the company around the world. They are tasked with grading the responses on a variety of factors, including whether the activation of the voice assistant was deliberate or accidental, whether the query was something Siri could be expected to help with and whether Siri’s response was appropriate.

Apple says the data “is used to help Siri and dictation … understand you better and recognise what you say”.

But the company does not explicitly state that that work is undertaken by humans who listen to the pseudonymised recordings.

I pooh-poohed this story at first, mostly on the grounds that I thought we knew about this, and that the recordings were only saved from users who had consented to it. I was mistaken. This is a privacy fiasco, and a betrayal of Siri users’ trust.

A week later, Apple issued statements to TechCrunch and The Verge stating that it was suspending this “grading” program. From Matthew Panzarino’s report at TechCrunch:

Apple says it will review the process that it uses, called grading, to determine whether Siri is hearing queries correctly, or being invoked by mistake.

In addition, it will be issuing a software update in the future that will let Siri users choose whether they participate in the grading process or not.

My reading of this is that until last week, if you used Siri in any way, your recordings might be used in this “grading” process. If I graded Apple on the privacy and trust implications of this, I’d give them an F. I don’t think it’s debatable whether users of any voice assistant should have their recordings listened to or even reviewed (in text form) by human employees without their express consent. But especially users of Siri, given Apple’s prominent position as a privacy focused company. Apple literally advertises on the basis of its user-focused privacy policies — but apparently the billboards should have read “What happens on your iPhone stays on your iPhone, except for some of your Siri recordings, which we listen to.”

From Sam Byford’s report for The Verge:

Apple did not comment on whether, in addition to pausing the program where contractors listen to Siri voice recordings, it would also stop actually saving those recordings on its servers. Currently the company says it keeps recordings for six months before removing identifying information from a copy that it could keep for two years or more.

Until the opt-in process is crystal clear, Apple should delete all existing recordings and confirm that it is no longer saving them. I don’t even know where to start with the fact that until this story broke, they were keeping copies with identifying information for six months. This defies everyone’s expectations of privacy for a voice assistant.

We should expect Apple to lead the industry on this front, but in fact, they’re far behind. Amazon has a FAQ written in plain language that explains how Alexa works, and how to view your voice recordings from Alexa-powered devices. You can review them in the Alexa app in Settings: Alexa Privacy (a pretty obvious location) or on the web. That settings page also has an option: “Use Voice Recordings to Improve Amazon Services and to Develop New Features”. I think Amazon should make clear that with this turned on, some of your recordings may be listened to by Amazon employees, but it’s not too hard to surmise that’s what’s going on.

Apple offers no such setting, and offers absolutely no way to know which, if any, of our Siri recordings have been saved for review by employees. This is something we should have explicit, precise control over, but instead it’s a completely black box we have no control over or insight into whatsoever.

From a privacy perspective, there are two fundamental types of Siri interactions: purposeful and accidental. Purposeful interactions are when you press the side button or say “Hey Siri” with the intention of invoking Siri. Accidental interactions occur when the button is pressed too long accidentally, or when a device incorrectly hears “Hey Siri” even though you said no such thing. All recorded Siri interactions should be treated by Apple with extraordinary care, but accidental invocations, when identified, should be deleted immediately unless the user has expressly agreed to allow it — each and every time. Having Apple contractors listen to random conversations or audio is the nightmare scenario for an always-listening voice assistant.

Compare and contrast with iOS’s transcript feature for voicemail. At the bottom of each transcription, iOS asks whether the transcription was “useful” or “not useful”. Tap on either of those and you get a very explicit prompt:

Help Improve Transcriptions?

Would you like to submit this voicemail to Apple to improve transcription accuracy?

Recordings will only be used to improve the quality of speech recognition in Apple products.

Do not submit recordings if you believe the speaker would be uncomfortable with you submitting the content to Apple.

The two buttons at the bottom of the prompt: Cancel and Submit. You must address this same prompt every single time you flag a transcription as useful or not useful. Every time. That’s how you do it.

In addition to being correctly respectful of privacy, the voicemail transcription feature also puts the user in control. So when a voicemail is transcribed poorly, you can flag it and submit it to Apple. That would be a great feature for Siri — when an interaction goes poorly, and we know the interaction was innocuous in terms of revealing anything private, we should be able to flag it and submit it to Apple. I firmly believe that Siri has gotten far more useful and far more accurate in the last few years, but clearly it’s still very far from perfect. I’d be happy to help Apple by submitting failed interactions on a per-interaction basis. Apple needs to stop pretending Siri is perfect.

I’ll give the final word to Steve Jobs, speaking about privacy back in 2010 at Kara Swisher and Walt Mossberg’s D8 conference:

“Privacy means people know what they’re signing up for, in plain English and repeatedly. I believe people are smart and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you’re going to do with their data.”

I can’t say it any better than that. 

‘Performance Matters‘ 

Hillel Wayne:

Many ambulances now have electronic PCRs, which fix a lot of these problems. The report is automatically filed with the hospital. The software can enter timestamps and fill in necessary boilerplate. By spellchecking known medications it saves time at the hospital. Nobody has to guess whether you scrawled “100mg” or “160mg”.

The ambulance I shadowed had an ePCR. Nobody used it. I talked to the EMTs about this, and they said nobody they knew used it either. Lack of training? «No, we all got trained.» Crippling bugs? No, it worked fine. Paper was good enough? No, the ePCR was much better than paper PCRs in almost every way. It just had one problem: it was too slow.

It wasn’t even that slow. Something like a quarter-second lag when you opened a dropdown or clicked a button. But it made things so unpleasant that nobody wanted to touch it. Paper was slow and annoying and easy to screw up, but at least it wasn’t that.

I think about that a lot.

I think the difference between UI design and UX design often gets lost in a lot of highfalutin jargon. But at a basic level there is a clear difference: the interface might be well designed and clear, but if it is slow and laggy, the experience of using it will be unpleasant, and people will go out of their way to avoid using whatever it is.

I repeat this point often, but it’s a moral obligation for designers to keep in mind what users will do, not what they “should” do. These EMTs perhaps should use the ePCRs because doing so might reduce errors; but in practice they stick with paper and pen because the ePCR machines are slow.

See also: Craig Mod’s “Fast Software, the Best Software” essay, which I linked to a few weeks ago.

‘WeWork Isn’t a Tech Company; It’s a Soap Opera’ 

Elizabeth Lopatto, writing for The Verge:

On August 14th, The We Company (the company formerly known as WeWork) filed its mandatory S-1 paperwork to go public, and it’s worth reading in full. I mean, forget the serious stuff for a moment. The thing begins with an epigram: “We dedicate this to the energy of we — greater than any one of us, but inside all of us.”

The energy of we. I get it from a branding perspective — they’re literally calling themselves The We Company — but, you know, normal people would just say “our energy.” I tease Silicon Valley’s tech companies a lot, but New York easily matches them in ego. Look at these kids, literally bending the English language to their will!

Anyway, please join me on an annotated trip through my favorite parts of the mandatory filing.

Lopatto’s piece is a truly joyful look at a wacky company. Anyone who thinks The We Company should be valued at $50 billion is nuts — they’re more like a cult than a tech startup.

Version Museum: A Visual History of Your Favorite Technology 

Neat project from an anonymous (?) father and son team:

Version Museum showcases the visual history of popular websites, operating systems, applications, and games that have shaped our lives. Much like walking through a real-life museum, this site focuses on the design changes of historic versions of technology, rather than just the written history behind it.

(Via Kottke.)

App Store Editorial Stories Are Now Available on the Web 

Benjamin Mayo, writing for 9to5Mac:

Apple has recently updated its App Store Preview pages for stories to allow users to view the full content of stories from inside their desktop web browser. App Store stories have always been shareable as links, but the web version was just a title and a navigation link to ‘open this story in the App Store’.

Between August 9th and August 11th, Apple has upgraded the experience and now includes full imagery, app lists and paragraphs copy in the web version. This means you can access the same content online as you would be ale to find in the native App Store experience.

Apple has put together a great editorial staff for the App Store, and works with many talented freelance writers and artists, so it’s great that their work can now be seen on the regular web. I have many times decided against linking to App Store articles simply because the stories weren’t on the web — prior to this, the only way to read them was using a recent version of iOS or MacOS. I get that these stories are intended to drive engagement with the App Store, but it just seemed spiteful not to put them on the open web.

Here, for example, is a nice write-up about Yoink, one of my very favorite Mac utilities.

Update: Mayo, on Twitter, points to one significant shortcoming of these articles on the web — they don’t include video.

Ugly Gerry 

Type design as political activism — very clever.

Trump’s Horrific Photo With El Paso Victim 

Rhonda Garelick, writing at The Cut:

Imagine this: A shooter has entered a public place, where you are walking with your family. You have but a minute to realize you can save your 2-month-old by using your own body to shield him from the bullets raining down around you. Mere days later, your baby, the youngest survivor of the El Paso massacre, will appear on television with the very man who inspired the terrorist who killed both you and your husband. A photograph is taken, for posterity. […]

Neither the president nor Melania so much as glances at Baby Paul. Oblivious (as ever) to the solemnity of their occasion, they smile broadly, matching veneers on full beam. Your husband came from a family of Trump supporters. Perhaps, in a different world, you might even have wanted to meet Donald Trump, or take a photo with him as he gave one of his signature thumbs-up gestures — everything is A-OK here.

This photo isn’t emblematic of what’s truly wrong with Trump’s kakistocratic administration, but it is emblematic of the fact that he is clearly mentally unwell, so deeply in the grips of narcissistic personality disorder that he can smile and thumbs-up his way through a profoundly tragic moment. His supporters and shoulder-shruggers might look at this photo today and chalk it up to Trump being Trump, but the rest of us see what history will judge: he’s a sociopath with no capacity for empathy.

Trump Administration Weakens Protections for Endangered Species 

Lisa Friedman, reporting for The New York Times:

The Trump administration on Monday announced that it would change the way the Endangered Species Act is applied, significantly weakening the nation’s bedrock conservation law credited with rescuing the bald eagle, the grizzly bear and the American alligator from extinction.

Why in the world would they do this?

The changes could clear the way for new mining, oil and gas drilling, and development in areas where protected species live.

Oh, that’s why.

Tim Cook Meets With U.S. Coast Guard Commandant Admiral Karl Schultz at Apple Park 

Steve Jobs, 1983: “It’s better to be a pirate than join the navy.”

The Talk Show: ‘A Clear Eyed Look at Dishwashers’ 

Special guest John Siracusa finally returns to the show. Topics include the Siri voice recording fiasco, Siracusa’s epic Mac OS X reviews, and making good ice.

Brought to you by these fine sponsors:

  • Away: Because this season, everyone wants to get Away.
  • Eero: Use promo code thetalkshow at checkout to get free overnight shipping with your order.
  • Squarespace: Make your next move. Use code talkshow for 10% off your first order.
iOS 13 Will Let You Delete Apps Right From the App Store Update List 

Old news from WWDC two months ago, but this is a feature I’ve long been wishing for.

Mud Maker: The Man Behind MLB’s Essential Secret Sauce 

Emma Baccellieri, writing for Sports Illustrated:

This always does the trick. It prevents anyone from exploring what he’s actually doing, which is what he’s done for decades, what his father did before him, and his grandfather before him: Bintliff is collecting the mud that is used to treat every single regulation major league baseball, roughly 240,000 per season.

Mud is a family business; it has been for more than half a century. For decades, baseball’s official rule book has required that every ball be rubbed before being used in a game. Bintliff’s mud is the only substance allowed. Originally marketed as “magic,” it’s just a little thicker than chocolate pudding — a tiny dab is enough to remove the factory gloss from a new ball without mucking up the seams or getting the cover too filthy. Equipment managers rub it on before every game, allowing pitchers to get a dependable grip. The mud is found only along a short stretch of that tributary of the Delaware, with the precise location kept secret from everyone, including MLB.

I’ve long known that baseballs are treated with mud, but I had no idea it all comes from the same source. And it’s crazy that even MLB doesn’t know the exact location.

The History of Clarus the Dogcow 

With FileMaker changing its name back to Claris — with an i — it’s worth revisiting Stephen Hackett’s history of Clarus — with a u — the dogcow.

FileMaker Goes Back to ‘Claris’ 


“Claris stems from the Latin root ‘clarus,’ which means ‘clear, bright and shining,’” said Brad Freitag, Claris CEO. “Nothing better encapsulates the company’s mission: to empower the problem-solver with smart solutions that work for their business. By extending the reach of our platform as a modern, multi-faceted, and powerful merger of on-premises custom apps and third-party services, our customers can streamline their business processes across the cloud services that they use every day.”

If this name change doesn’t bring a nostalgic smile to your face, you probably weren’t a Mac user in the 1990s. FileMaker is still going strong, but back in the day, Claris had a slew of great Mac productivity apps.

Uber Posts $5.2 Billion Loss and Slowest Ever Growth Rate 

Kate Conger, reporting for The New York Times:

Uber set two dubious quarterly records on Thursday as it reported its results: its largest-ever loss, exceeding $5 billion, and its slowest-ever revenue growth.

The double whammy immediately renewed questions about the prospects for the company, the world’s biggest ride-hailing business. Uber has been dogged by concerns about sluggish sales and whether it can make money, worries that were compounded by a disappointing initial public offering in May.

Is there any evidence to suggest that Uber will ever turn a profit? I just don’t see it.

Samsung Galaxy Note 10 

Dieter Bohn, writing for The Verge:

The Note 10 starts at $949 and comes in just one configuration: 8GB of RAM and 256GB of storage. The Note 10 Plus starts at $1,099 with 12GB RAM / 256GB storage and you can spend $100 more to get 512GB of storage. Both are available for preorder today and will ship on August 23rd.

Kind of interesting to ship the regular Note with just one storage configuration. Also: Samsung’s first flagship phones without headphone jacks.

The Note 10 Plus 5G — temporarily exclusive to Verizon in the U.S. — will cost $1,300. I don’t think that’s crazy — for most people, their phone is both their most-used, most-important computer and their main camera.

Shape Up 

My thanks to Basecamp for sponsoring DF last week to promote Shape Up. If your team struggles to make progress on projects, it’s time to reconsider the way you work.

There’s a whole new approach called Shape Up. It’s not agile, it’s not scrum, and your walls won’t be lined with Post-It Notes. There are no daily stand ups, design sprints, backlogs, velocity tracking, or busywork. None of that.

Shape Up is an entirely different approach. One developed and honed over 15 years of building one of the world’s most popular collaboration tools. The method is unlike anything you’ve tried — and quite a bit better.

I’ve been friends with and following the team from Basecamp for as long as DF has existed and I’ve always been inspired by their willingness to share everything they know. Read up for free at

The Talk Show: ‘Start a Bakin’ Timer’ 

Another new episode, with special guest Marco Arment. Topics include MacBook Pro rumors, breakfast cereal, Siri frustrations, and more.

Sponsored by:

  • Squarespace: Make your next move. Use code talkshow for 10% off your first order.
  • Fracture: Photos printed in vivid color directly on glass. Get 10% off your first order.
  • Linode: Instantly deploy and manage an SSD server in the Linode Cloud. Get a server running in seconds with your choice of Linux distro, resources, and choice of 10 node locations.
Damned If They Do, Damned If They Don’t 

Headline from Jon Swartz’s report for MarketWatch on Apple’s Q3 results: “The iPhone Just Did Something It Hasn’t Done in Nearly 7 Years, and It Isn’t Good for Apple”.

What could it be? This:

Sales of signature smartphone are less than half of Apple’s quarterly revenue for the first time since 2012.

So from 2013-2018, the oft-repeated narrative was that Apple was in trouble because they were too dependent on iPhone sales. Now they’re diversifying, particularly through services and wearables, and that’s “not good for Apple”. OK.

LG Updates Their 5K 27-Inch UltraFine Display 

Juli Clover, writing for MacRumors:

Available for $1,299.95, the new LG UltraFine 5K Display offers the same 5120 × 2880 resolution as the previous UltraFine 5K Display with 14.7 million pixels and P3 wide color gamut.

The display connects to a Mac using a Thunderbolt 3 cable, and this version of the monitor can connect using USB-C, which means that it’s also compatible with the iPad Pro. There are three downstream USB-C ports with speeds up to 5Gb/s, and when used with a Mac notebook, charging over TB3 is supported with up to 94W of power available.

When connected to an iPad Pro via USB-C, it’s limited to 4K resolution, but the old 5K UltraFine Display didn’t support iPad Pro at all. When the previous 5K UltraFine Display started disappearing from retailers — especially Apple’s own store — most of us assumed it was being discontinued, leaving Mac users with no good options for a 5K display. Good to know it was simply being updated.

But I’ve been holding out hope that in addition to the $5,000–7,000 Pro Display XDR, Apple might also release their own 6K (or even 5K) Pro Display without all of the advanced color and brightness capabilities, for pro users whose work doesn’t require those expensive features. This update to LG’s UltraFine Display makes me think that’s now less likely.

Apple Maps in iOS 13 

Ryan Christoffel, writing for MacStories:

Timed with the spread of its first-party mapping data, Apple is giving the Maps app a big upgrade in iOS 13 that represents the company’s biggest push yet to overtake Google Maps as the world’s most trusted, go-to mapping service. Apple Maps in iOS 13 represents — if you’re in the US at least — Apple’s purest vision to date for a modern mapping service. Here’s everything that it brings.

Comprehensive overview of what’s new, and where Apple Maps stands versus Google Maps.

Apple Reports Third Quarter Results 

Apple Newsroom:

Apple today announced financial results for its fiscal 2019 third quarter ended June 29, 2019. The Company posted quarterly revenue of $53.8 billion, an increase of 1 percent from the year-ago quarter, and quarterly earnings per diluted share of $2.18, down 7 percent. International sales accounted for 59 percent of the quarter’s revenue.

“This was our biggest June quarter ever — driven by all-time record revenue from Services, accelerating growth from Wearables, strong performance from iPad and Mac and significant improvement in iPhone trends,” said Tim Cook, Apple’s CEO. “These results are promising across all our geographic segments, and we’re confident about what’s ahead. The balance of calendar 2019 will be an exciting period, with major launches on all of our platforms, new services and several new products.”

Solid quarter. As usual, Jason Snell has a bunch of informative charts and graphs.

Superhuman and Email Privacy

Mike Davidson, “Superhuman’s Superficial Privacy Fixes Do Not Prevent It From Spying on You”:

Last week was a good week for privacy. Or was it?

It took an article I almost didn’t publish and tens of thousands of people saying they were creeped out, but Superhuman admitted they were wrong and reduced the danger that their surveillance pixels introduce. Good on Rahul Vohra and team for that.

I will say, however, that I’m a little surprised how quickly some people are rolling over and giving Superhuman credit for fixing a problem that they didn’t actually fix. From tech press articles implying that the company quickly closed all of its privacy issues, to friends sending me nice notes, I don’t think people are paying close enough attention here. This is not “Mission Accomplished” for ethical product design or privacy — at all.

If you haven’t been following this saga from earlier this month, it’s well worth your time to read the whole thing, including Davidson’s original post and Superhuman CEO Rahul Vohra’s genuinely thoughtful — but ultimately unsatisfying — response.

Basically, Superhuman is an invitation-only Gmail front-end whose users seem to genuinely love it. But they embed tracking pixels in emails by default, and use these pixels to show the sender when (and until last week, where, which is truly fucked up) the recipient views them. They call them “read receipts”, and functionally they do work like read receipts, insofar as they indicate when you read a message. But real email read receipts are under the recipient’s control, and they’re a simple binary flag, read or unread — they don’t tell the sender how many times or when you view a message.

I know that mailing list software generally includes tracking pixels. I don’t think that’s ethical either. On a personal level, though, with Superhuman, tracking when and how many times a recipient views a message is simply absurdly wrong.

It’s also something the vast, overwhelming majority of people don’t even realize is possible. I’ve told the basic Superhuman tracking story to a few people over the last few weeks, and asked whether they realized this was possible; all of them expressed shock and many of them outrage as well. Email should be private, and most people assume, incorrectly, that it is. You have to be a web developer of some sort to understand how this is possible. Email is supposed to be like paper mail — you send it, they get it, and you have no idea whether they read it or not. It bounces back to you if they never even receive it, say, because you addressed it incorrectly. The original conception of email is completely private.

But also, the original conception of email is that messages are plain text. No fonts, no styles, just plain text, with optional attachments. But those attachments are embedded in the message, not pulled from a server when the message is viewed.

Once we allowed email clients to act as de facto web browsers, loading remote content from servers when messages are viewed, we opened up not just a can of worms but an entire case of canned worms. Every privacy exploit for a web browser is now a privacy exploit for email. But it’s worse, because people naturally assume that email is completely private.

Read receipts should be under the control of the recipient, not the sender. Full stop. The strength of email is that it is open and decentralized, but that’s email’s weakness too. No closed messaging platform that I’m aware of allows for read receipts that are controlled by the sender, not the recipient.

I think Superhuman should be ashamed of themselves for building this feature in the first place — particularly the geo-tracking. But ultimately, email clients should defend against this. The fact that this nonconsensual tracking is even possible should be treated as a serious bug in all email clients. Apple Mail — both on Mac and iOS — allows you to disable loading of remote images as a preference, but that breaks most graphically rich emails. Mail clients should allow remote images but load them anonymously, through a proxy server perhaps. I’m sure it’s a tricky problem to solve, but I’m convinced it can be solved.

Email should be every bit as private as people assume that it is. 

Apple Is Sending Out Another Silent Update To Fix the Webcam Flaw in Zoom’s Partner Apps

Nicole Nguyen, reporting for BuzzFeed News:

The fallout from Zoom’s massive webcam vulnerability continues. In a report published today, security researcher Karan Lyons shows that the same flaw — which gave attackers easy access to laptop cameras and microphones — affects RingCentral, which is used by over 350,000 businesses, as well as Zhumu, essentially the Chinese version of Zoom.

On July 16, Apple confirmed that it had released another silent update to Macs patching the vulnerability affecting Zoom’s partner apps. The update, which went out this morning, requires no user action, but may take some time to roll out to all impacted Macs. Lyons tweeted that Apple’s latest update takes action on 11 different apps, all vulnerable to the Zoom webcam flaw.

So here’s an interesting question. I’ve been using the phrase “nonconsensual technology” to describe Zoom’s invisible web server that remained installed and running even after you deleted the Zoom app. But when Apple first issued a silent, emergency system update to remove Zoom’s software, a few DF readers emailed or tweeted to ask: Isn’t this “nonconsensual technology” too?

Clearly, the answer sounds like yes at first. Users get no indication of the update, and “requires no user action” makes it sound like it’s mandatory. But there is a setting to control this, allowing Mac users to disable the automatic installation of such updates. On MacOS 10.14 Mojave, it’s in System Prefs → Software Update → Advanced (screenshot); on 10.13 High Sierra, it’s in System Prefs → App Store (screenshot). In both versions, the checkbox is labeled “Install system data files and security updates”, and resides at the bottom of the section that controls what gets installed automatically.

This option is enabled by default — even if you choose to install regular system updates manually — which is why the vast majority of Mac users are getting these “silent” updates automatically. But if you disable this option, even these silent updates won’t be installed automatically. I confirmed this with an Apple spokesperson, who emphasized that Apple only issues such updates “extremely judiciously”. Any pending security updates will be installed the next time you manually update software.

I think Apple has struck a nearly perfect balance here, between doing what’s right for most users (installing these rare emergency updates automatically) and doing what’s right for power users who really do want to control when updates — even essential ones — are installed. I also think Apple is doing the right thing by going to the press and explaining when they issue such updates. If I could tweak anything, it would be to have these updates show up in the regular list of pending software updates if you have “Install system data files and security updates” turned off.