Matthew Panzarino on Google and Apple’s Joint COVID-19 Contact Tracing Project 

Matthew Panzarino, writing at TechCrunch:

The project was started two weeks ago by engineers from both companies. One of the reasons the companies got involved is that there is poor interoperability between systems on various manufacturer’s devices. With contact tracing, every time you fragment a system like this between multiple apps, you limit its effectiveness greatly. You need a massive amount of adoption in one system for contact tracing to work well.

At the same time, you run into technical problems like Bluetooth power suck, privacy concerns about centralized data collection and the sheer effort it takes to get enough people to install the apps to be effective.

Great overview of how the project will work, and how it preserves privacy.

Draft Technical Documentation for Apple and Google’s Privacy-Preserving Contact Tracing 

Bluetooth, cryptography, and framework API documentation.

Apple and Google Partner on COVID-19 Contact Tracing Technology 

Joint announcement from Google and Apple:

Since COVID-19 can be transmitted through close proximity to affected individuals, public health organizations have identified contact tracing as a valuable tool to help contain its spread. A number of leading public health authorities, universities, and NGOs around the world have been doing important work to develop opt-in contact tracing technology. To further this cause, Apple and Google will be launching a comprehensive solution that includes application programming interfaces (APIs) and operating system-level technology to assist in enabling contact tracing. Given the urgent need, the plan is to implement this solution in two steps while maintaining strong protections around user privacy.

First, in May, both companies will release APIs that enable interoperability between Android and iOS devices using apps from public health authorities. These official apps will be available for users to download via their respective app stores.

Second, in the coming months, Apple and Google will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms. This is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities. Privacy, transparency, and consent are of utmost importance in this effort, and we look forward to building this functionality in consultation with interested stakeholders. We will openly publish information about our work for others to analyze.

Strange times make for strange bedfellows, but this is clearly a problem both companies are fully aligned together to help solve.

‘How the U.S. Ended Up With Nurses Wearing Garbage Bags’ 

Susan B. Glasser, reporting for The New Yorker:

What they did not foresee was that the federal government might never come to the rescue. They did not realize this was a government failure by design — not a problem to be fixed but a policy choice by President Trump that either would not or could not be undone. “No one can believe it. That’s the No. 1 problem with the whole situation: the facts are known, but they are inconceivable,” Ries told me. “So we are just in denial.”

Independent reporting has corroborated what Ries and other volunteers saw for themselves: “a fragmented procurement system now descending into chaos,” as the Associated Press put it. The news agency found that not a single shipment of medical-grade N95 masks arrived at U.S. ports during the month of March. The federal government was not only disorganized; it was absent. Federal agencies waited until mid-March to begin placing bulk orders for the urgently needed supplies, the A.P. found. The first large U.S. government order to the big U.S. producer 3M, for a hundred and seventy-three million dollars’ worth of N95 masks, was not placed until March 21st — the same day that Ries got his first phone call about the Kushner effort. The order, according to the A.P., did not even require the supplies to be delivered until the end of April, far too late to help with the thousands of cases already overwhelming hospitals.

Pixelmator Photo 1.2 

Pixelmator blog:

The latest major update — months in the making — brings Magic Keyboard, trackpad, and mouse support, Split View support, the machine-learning powered ML Match Colors, and more. Let’s take a closer look.

The machine-learning-based color matching is fascinating. More here, on their What’s New page. Pixelmator Photo exemplifies what a great iPad app should be.

There Is No Plan to Return to Normalcy in 2020 

Ezra Klein, writing at Vox:

Over the past few days, I’ve been reading the major plans for what comes after social distancing. You can read them, too. There’s one from the right-leaning American Enterprise Institute, the left-leaning Center for American Progress, Harvard University’s Safra Center for Ethics, and Nobel Prize-winning economist Paul Romer.

I thought, perhaps naively, that reading them would be a comfort — at least then I’d be able to imagine the path back to normal. But it wasn’t. In different ways, all these plans say the same thing: Even if you can imagine the herculean political, social, and economic changes necessary to manage our way through this crisis effectively, there is no normal for the foreseeable future. Until there’s a vaccine, the US either needs economically ruinous levels of social distancing, a digital surveillance state of shocking size and scope, or a mass testing apparatus of even more shocking size and intrusiveness.

Brutal, but we need to look this square in the eye. A lot of this just seems politically unviable in the U.S. Especially so with a president who — despite spending over an hour on TV every single evening — has not spoken in even vague terms about any actionable plan whatsoever.

Any feasible plan starts with massive testing, completely subsidized by the government. And yet just yesterday the president claimed we don’t need mass testing. The one thing that everyone who knows what they’re talking about agrees on is that we need mass testing — and the president is arguing we don’t need it.

Another Stellar Front Page Data Visualization From The New York Times 

A shocking design for a shocking graphic.

Mort Drucker, Master of the ‘Mad’ Caricature, Dies at 91 

J. Hoberman, The New York Times:

From the early 1960s on, nearly every issue of Mad included a movie parody, and before Mr. Drucker retired he had illustrated 238, more than half of them. The last one, “The Chronic-Ills of Yawnia: Prince Thespian,” appeared in 2008.

Mr. Drucker compared his method to creating a movie storyboard: “I become the ‘camera,’” he once said, “and look for angles, lighting, close-ups, wide angles, long shots — just as a director does to tell the story in the most visually interesting way he can.”

I simply adored Drucker’s parodies in Mad. I could never decide what was better — when Mad poked holes in a good movie, or when they skewered a bad one.

Loved this bit:

But not everyone was so pleased. According to Mr. Hendrix, Mad’s 1981 parody of “The Empire Strikes Back,” “The Empire Strikes Out,” prompted the Lucasfilm legal department to send a cease-and-desist letter demanding that the issue be recalled. “Mad replied by sending a copy of another letter they had received the previous month — from George Lucas, offering to buy the original artwork for the ‘Empire’ parody and comparing Mort Drucker to Leonardo da Vinci.”

9to5Mac: Early iOS 14 Build Contains ‘Clips’ Feature for Interactive App Views Without Having the App Installed 

Filipe Espósito, 9to5Mac:

As 9to5Mac has analyzed this new API, we can say that it allows developers to offer interactive and dynamic content from their apps even if you haven’t installed them. The Clips API is directly related to the QR Code reader in the build we have access to, so the user can scan a code linked to an app and then interact with it directly from a card that will appear on the screen.

Let’s say you get a QR Code with a link to a video from YouTube but you don’t have the official app installed on your iPhone. With iOS 14 and the Clips API, you’ll be able to scan that code and the video will be reproduced on a floating card that shows a native user interface instead of a web page.

Three thoughts:

  • Some interesting security and parental control implications to this, if true. Also, what about the case where — like me — you don’t have Google’s YouTube app installed because you want all YouTube links to open in Safari?

  • I’m truly fascinated by this iOS 14 build that 9to5Mac has its hands on. It’s obvious why they can’t talk about it now, but I hope someday we hear the backstory on this.

  • Keep in mind that it was Filipe Espósito’s byline on the 9to5Mac report that stated as fact that the new 2020 iPad Pros have a U1 ultra-wideband chip, which by all appearances is wrong.

Dolly Broadway 

Stephanie Farr, writing for The Philadelphia Inquirer:

If Danny DeVito was an Italian grandma from South Philly who made red gravy three times a week, he’d be Dolores Paolino.

Blunt as a pickax handle with a fierce fervor for White Claw hard seltzers, the 4-foot-5 Paolino earned the nickname “Dolly Broadway” growing up in South Philly, where she spent every night out on the town. “I was a party animal,” Paolino said. “It’s a shame kids don’t know that kind of fun today.”

Now 86, Paolino — under her nickname — has once again earned a reputation for partying, but this time it’s on social media, where she’s got more than 1.2 million followers on TikTok and more than 5,000 on Instagram.

She’s the most Philly Philadelphian I’ve ever seen.

How Jigsaw Puzzles Are Made 

Amie Tsang, writing for The New York Times:

The rush to get hold of a jigsaw puzzle — and even stockpiling by regular enthusiasts — has transformed this quiet hobby and put companies under pressure as demand surges past Christmas levels. […]

Each puzzle piece must be uniquely shaped, to avoid one accidentally fitting into the wrong place. That means 1,000 different shapes for a 1,000-piece puzzle, each drawn by hand by workers. Before a puzzle is cut for the first time, each piece is sketched on a sheet of paper draped over the finished image.

Pieces of metal are then shaped to form an elaborate cookie cutter made just for that jigsaw puzzle; it takes about four weeks to build one. The cutter can be used only a limited number of times before its edges are dulled. It can be resharpened once and must then be discarded. At busy times of the year, the company will go through several cutters a day.

I would not have guessed each puzzle is so labor intensive. I simply assumed each puzzle of the same size was cut with the same pattern. Even having read this I’m not sure why they don’t do it that way. But the machines sure look cool. I’m also curious how they ensure they don’t package up the puzzle with a piece or two missing, which is surely a recipe for driving someone mad.

(I’ve long been curious how Lego does that too — I’ve put together untold dozens of Lego models in my life, and never once had a missing piece in a kit. Sometimes a few extras, but never something missing.)

Jason Snell on the Brydge Pro+ iPad Keyboard With Trackpad 

Jason Snell, writing at Six Colors:

Still, I figured that the Brydge Pro+ would find an ecological niche to fill. It’s going to be $100 or $120 cheaper than the Magic Keyboard, and will probably offer a more traditional laptop feel than Apple’s cantilevered design.

Unfortunately, none of that matters if Brydge doesn’t get the trackpad right on the Pro+, and I’m sorry to report that it hasn’t. The trackpad on the Pro+ isn’t remotely close to Apple’s trackpads in class. Sometimes I move my finger across the trackpad and the cursor appears, but doesn’t move. Other times it moves, hesitates, and then moves some more. Two-finger scrolling is similarly unpleasant. The result is an imprecise, jerky experience. It’s no good. And there’s no support for navigating between apps via three-finger gestures, either.

I’ve been using the Brydge Pro+ to write this article, and I find myself actively avoiding using the trackpad, because every time I try it, I just end up frustrated.

Federico Viticci:

Unfortunately, have to agree with Jason. I was sent a final production unit a couple weeks ago, and I had all the cursor issues Jason mentions too. Also: no three-finger gestures. I’ll be waiting for the Magic Keyboard.

Aaron Vegh:

I guess Brydge is finding out what most PC trackpad vendors have known for ages: trackpads are hard.

More on Apple’s IS&T Group 

“IST-Throwaway”, on Hacker News:

Although my experience is several years old, everything in this article rings true. The contracting companies they had us working for were taking a huge cut, the quality of the code they produced was dismal, (as soon as we were no longer allowed to re-write their code major things began breaking almost immediately) and people getting transferred around constantly and having no time to understand any one project was common. (rkho’s comment about their hiring process seeming like it was simply a beard for a nepotistic contractor conversion was something we definitely saw a number of times.)

All in all it was an extremely eye-opening experience. Considering how “do it the Apple way” every other department we interacted with was, being in the IS&T buildings was like landing on an alien planet.

Via Michael Tsai’s updated post, which has a few more links and comments from readers.

A note from a long-time but now former Apple engineer (and long-time DF reader):

Inside Apple, IS&T is pronounced isn’t. As in, the network isn’t up right now.

Assembly Instructions for Apple’s PPE Face Shields 

Replete with Apple’s typically high-quality illustrations and animations.

Bernie Sanders Drops Out 

Sydney Embers, reporting for The New York Times:

Mr. Sanders, 78, leaves the campaign having almost single-handedly moved the Democratic Party to the left. He inspired the modern progressive movement with his expansive policy agenda and his impassioned message that “health care is a human right,” and electrified a legion of loyal supporters who wholeheartedly embraced his promise to lift up those who need it most. He also transformed the way Democratic campaigns raised money, eschewing big fund-raisers and instead relying on an army of small-dollar donors.

All true. By exiting now, Sanders leaves this race with his head high. Next up: pull his supporters behind Biden.

Faucimania 

Jelisa Castrodale, writing for Vice:

Then there’s that “Sexiest Man Alive” petition, which someone at People magazine actually had to respond to. “He has helped bring back ‘must-see TV’ to the masses, who are hungry for wisdom about how to best care for their family’s health and safety in this time of uncertainty,” Dan Wakeford, People’s editor-in-chief told Women’s Wear Daily. “Smart is sexy, no doubt.”

And, because each passing day presents the opportunity for me to type sentences that have never existed before, the National Bobblehead Hall of Fame and Museum is currently taking pre-orders for a Dr. Fauci bobblehead.

Alex Kantrowitz on Apple’s Dysfunctional Information Systems and Technology Group 

An excerpt from Alex Kantrowitz’s Always Day One, published at BuzzFeed News:

A group inside Apple called Information Systems & Technology, or IS&T, builds much of the company’s internal technology tools — from servers and data infrastructure to retail and corporate sales software — and operates in a state of tumult.

IS&T is made up largely of contractors hired by rival consulting companies, and its dysfunction has led to a rolling state of war. “It’s a huge contractor org that handles a crazy amount of infrastructure for the company,” one ex-employee who worked closely with IS&T told me. “That whole organization is a Game of Thrones nightmare.” […]

When IS&T’s projects are finally completed, they can cause even more headaches for Apple employees, who are left with a mess to clean up. Multiple people told me their Apple colleagues were forced to rewrite code after IS&T-built products showed up broken.

Michael Tsai:

From what I’ve heard, this is a longtime problem, and it’s a mystery to me why this group has been immune to the Cook Doctrine. Apple buys forests to manage the paper used in its packaging and designs the desks its employees use and even the pizza boxes for its cafeteria. But when it comes to building the software that runs the company, that’s not considered a core competency.

I have to raise an eyebrow at Kantrowitz’s closing:

For Apple, fixing its broken IS&T division would not only be the right thing to do from a moral standpoint — it would help the company’s business as well. If Apple is going to become inventive again, it will need to give its employees more time to develop new ideas.

If Apple is no longer inventive, what is Apple Watch? What are AirPods? If it wasn’t inventiveness, what was it when Apple completely redesigned the fundamental interaction design of the iPhone with the iPhone X? When was Apple “inventive”? Once in 1984, and once more in 2007?

‘This Is What Happens When a Narcissist Runs a Crisis’ 

Jennifer Senior, writing for The New York Times:

And most relevant, as far as history is concerned: Narcissistic personalities are weak.

What that means, during this pandemic: Trump is genuinely afraid to lead. He can’t bring himself to make robust use of the Defense Production Act, because the buck would stop with him. (To this day, he insists states should be acquiring their own ventilators.) When asked about delays in testing, he said, “I don’t take responsibility at all.” During Friday’s news conference, he added the tests “we inherited were “broken, were obsolete,” when this form of coronavirus didn’t even exist under his predecessor.

This sounds an awful lot like one of the three sentences that Homer Simpson swears will get you through life: “It was like that when I got here.

Cut through the nightly bluster at the podium and it’s simply strikingly clear: Trump is afraid to actually do anything in this crisis.

Sony Unveils DualSense, the New Wireless Game Controller for PlayStation 5 

Looks beautiful, and very Sony. My son’s observation is that it looks “off-brand” to get away from color-coding the triangle/circle/X/square buttons. But this looks better.

Let’s All Wear a Mask 

Maciej Ceglowski:

The medical evidence for the practice is overwhelming. The post-SARS countries in East Asia have known this for a long time, and America and Europe are finally coming around. I’ve put a bunch of resources about the medical benefits of mask wearing in a further reading section at the bottom of this post.

But in this essay, I want to persuade you not just to wear a mask, but to go beyond the new CDC guidelines and help make mask wearing a social norm. That means always wearing a mask when you go out in public, and becoming a pest and nuisance to the people in your life until they do the same.

It’s encouraging how many people wearing masks I now see on the sidewalk here in Philly, but the number needs to go much higher. If you have family or friends who are resisting getting on board Team Face Mask, send them this link. Ceglowski makes the case.

Last Week Tonight With John Oliver on One America News 

Last Week Tonight:

One America News, or OAN, is a far-right news network being embraced by President Trump at his coronavirus press briefings. John Oliver takes a look at who they are, how they report, and why they could be a big problem during the pandemic.

If you think Fox News is in the bag for Trump and the Republican Party, well, meet OAN. Just jaw-dropping.

Larry David, Master of His Quarantine 

I’m trying to end each day here at DF on an upbeat note. This interview with Larry David by Maureen Dowd for The New York Times fits the bill nicely:

When I ask if he is hoarding anything, he is outraged. “Not a hoarder,” he said. “In fact, in a few months, if I walk into someone’s house and stumble onto 50 rolls of toilet paper in a closet somewhere, I will end the friendship. It’s tantamount to being a horse thief in the Old West.”

“I never could have lived in the Old West,” he added parenthetically. “I would have been completely paranoid about someone stealing my horse. No locks. You tie them to a post! How could you go into a saloon and enjoy yourself knowing your horse could get taken any moment? I would be so distracted. Constantly checking to see if he was still there.”

2020 iPad Pros Do Not Have U1 Ultra Wideband Chips 

Joe Rossignol, MacRumors, “2020 iPad Pro May Not Have a U1 Ultra Wideband Chip After All”:

As a reminder, Apple’s tech specs for the iPhone 11 and iPhone 11 Pro list an Ultra Wideband chip for spatial awareness, but the chip is not mentioned in Apple’s tech specs for the new iPad Pro. Apple also did not mention the new iPad Pro featuring the U1 chip in its press release or in any other marketing materials for the device.

Beyond that, the directional AirDrop feature that the U1 chip enables on iPhone 11 models is not present on the new iPad Pro running iPadOS 13.4, nor is the Ultra Wideband toggle switch that Apple added to iPhones in iOS 13.3.1.

So the tech specs don’t mention it, Apple never mentioned it, and the U1-enabled features in iPhone 11 models aren’t there. And iFixit’s teardown found no hidden U1 chip.

There’s no reason to think the iPad Pros have a secret U1 chip other than this March 18 post at 9to5Mac that stated it does, “based on code from the latest iOS 13.4 build”. “Based on code” is a pretty dumb way to source this as true.

I confirmed with a little birdie who would certainly know the answer: there is no U1 chip in the new iPad Pro, and if there were one, Apple would have told us so.

Jake Tapper to Trump: ‘Mr. President, What’s the Plan?’ 

Jake Tapper, closing his State of the Union show on CNN yesterday:

Mr. President, I know you, like millions of Americans, are eager to have the nation go back to some semblance of normal. One of the questions the American people need answered for that to happen responsibly: What’s the plan?

Queen Elizabeth: ‘We Will Be With Our Friends Again. We Will Be With Our Families Again. We Will Meet Again.’ 

Remarkable address from Queen Elizabeth — well-written, well-delivered. Honest and truthful, yet hopeful. All the more powerful that it’s only her fourth formal address in 68 years.

Joanna Stern: ‘A MacBook Air Review at the Worst Possible Time’ 

Joanna Stern, writing for The Wall Street Journal:

It’s hard to know if the satisfyingly bouncy yet quiet keys are fabulous by themselves, or just a welcome relief after years of the flat, loud yet delicate butterfly keys. You know what? I’m going to go with “fabulous.”

Since those butterfly keys began to show issues after a few months of use, I’d hesitated to declare everything fixed. I’m happy to report, however, that six months into using the 16-inch MacBook Pro, I’ve had no issues with the new keyboard. In fact, it now feels even more broken-in—versus, you know, just broken.

She makes a great point about laptop web cameras sucking — and how their suckiness has been brought to the forefront during our collective stay-at-home saga. Her video comparing webcam footage from a bunch of laptops — including a 2010 MacBook Pro, whose camera at times outperforms the new MacBook Air’s — is excellent. But I think the problem here is technically difficult — laptop lids are way thinner than phones and tablets, and that thinness severely limits camera sensor size. Everyone wants a better MacBook camera, but I suspect few would accept the tradeoff of a MacBook with a lid as thick as an iPad.

(Apple News link, for News+ subscribers who don’t have a standalone WSJ subscription.)

Ryne Hager, Writing at Android Police: ‘Do Yourself a Favor and Buy an iPad During Lockdown’ 

Not the usual fare at Android Police. (I have never understood the name “Android Police”. What is that all about?) Feels like the inconvenient truth, though. There are flagship Android phones from several companies that are, undeniably, competitive with the iPhone. Tablets, not so much (other than at the low end of the market, with devices like Amazon’s Fire tablets). But what I’m most interested in isn’t what Hager likes about iPads, but what he doesn’t:

By far, the biggest advantage of having an iPad comes down to apps. iOS has more of them. It also has more exclusives, it usually gets apps for new services or games first, and apps for iPads often make better use of big-screen layouts than Android apps do. Even if you hate iOS and its weird dated home screen layout, awkwardly monolithic Settings app, arbitrary and draconian default app restrictions, and the lack of deep Google services integration, the apps kind of make up for it.

That’s a pretty interesting list. First, not one of them is hardware related. (He does mention subsequently that Samsung has tablets with AMOLED displays, but that’s tech spec gibberish — no one can argue that iPad displays aren’t best of breed at each price point). iPad hardware is undeniably great. Second, his software complaints don’t even include the multitasking UI complaints I’ve been preoccupied with. Instead his list is:

  • Weird dated home screen layout”. Near universal agreement on this one. I don’t think Android shows the way forward here, at all, but the iOS home screen really is dated and limited. And it’s not even simple — it’s downright tricky and error prone to move apps around to rearrange them.

  • Awkwardly monolithic Settings app”. This I don’t get. Yes, the iOS Settings app contains a lot of stuff. But it’s organized pretty well for the most part, and search helps quite a bit when looking for something deep. Ideally every single setting in Settings would be indexed for search, but I find the iOS Settings app easier to navigate logically than the Android Settings app on my Pixel. Regarding monolithism, I assume he’s referring to the fact that Apple’s built-in apps keep their settings in Settings, rather than in each app. At the outset of the App Store, Apple’s guidelines prescribed that all apps put their settings in the Settings app — an idea that was clear on day one wouldn’t scale.

  • Arbitrary and draconian default app restrictions”. Nothing arbitrary about it, but yeah, that’s been a complaint ever since the App Store opened. According to Mark Gurman, though, Apple is considering changing this in iOS 14.

  • Lack of deep Google services integrations”. From this side of the fence, that’s a feature, not a bug. Makes about as much sense to complain about this as it would to complain about the lack of iCloud integration on an Android phone, except for the fact that Google actually does offer a slew of iOS apps, whereas Apple’s offerings for Android are, uh, Apple Music. (Why no Apple TV? If they’re making Apple TV apps for TVs running Android why not make an Apple TV app for Android phones?)

(And, of course, the comments section on this post is a goldmine of hot takes.)

Hobby Lobby vs. Coronavirus, a Tale in Three Acts 

Act 1: March 19. Hobby Lobby owner’s wife receives a message from god telling her their stores should remain open.

Act 2: April 1. Hobby Lobby re-opens dozens of stores in states with strict shelter-in-place orders.

Act 3: April 3. Hobby Lobby to furlough most of its employees, close most operations nationwide.

Bonus Post-Credit-Sequence Flashback: Hobby Lobby founder Steve Green spent millions of dollars on “Dead Sea Scrolls” that turned out to be fakes made from used shoe leather.

Free Epix Via Apple TV App Through May 2 

Good roundup of free trials and special offers for streaming video from Chance Miller at 9to5Mac:

A handful of streaming services are offering extended trials through the Apple TV app during the COVID-19 pandemic. Currently, you can get extended one-month trials of Showtime and other services, as well as completely free access to Epix. […]

Epix is unique because it’s not offering an extended free trial right now, but rather completely free access for the next month. That means you can access all Epix content in the Apple TV app for free, without signing up for anything, until May 2.

Among Epix’s offerings: the entire library of James Bond films. Goldfinger awaits.

(Pretty cool offer from Epix, where you don’t even need to sign up. They’re simply looking to raise brand awareness and simultaneously do something good in the midst of this stay-at-home saga.)

Honor Blackman, Pussy Galore in ‘Goldfinger’, Dies at 94 

Simon Murphy and Andrew Pulver, writing for The Guardian:

Honor Blackman, the actor best-known for playing Bond girl Pussy Galore, has died aged 94.

The actor, who became a household name in the 1960s as Cathy Gale in The Avengers and enjoyed a career spanning eight decades, died of natural causes unrelated to coronavirus.

One of the greats. Feels like a good time to rewatch Goldfinger.

California King 

They’re back.

SoundSource 

My thanks to Rogue Amoeba for sponsoring this week at DF to promote SoundSource, their powerful Mac menu bar app that provides quick access to audio devices, per-app volume control, and much more.

One year ago — to the day! — I wrote about SoundSource 4:

[I]f you’re not familiar with SoundSource, their description is spot-on: “Sound control so good, it ought to be built in”.

Basically, SoundSource is a menu bar app that gives you quick access to input and output devices, and level settings, and lets you apply equalizer effects — both system-wide and on a per-app basis. All with a thoughtful, intuitive interface […] a great example of a distinctive, branded UI that still looks and feels in every way like a standard Mac app.

If you’re doing more with audio on your Mac now — remote meetings, Skype calls, recording podcasts, whatever — and wish you had more control over your audio input and output devices, you’re going to love SoundSource. It encapsulates a lot of features in a very easy to understand interface. (If you’re into decluttering your menu bar icons, SoundSource can fully replace the system’s built-in Volume menu item — take a look in SoundSource’s preferences for the alternate menu bar icon that shows your current volume. Update: And Sound Source’s “Super Volume Keys” feature lets you use your keyboard volume keys to control the volume of any speakers connected to your Mac.)

Try it out: download the free trial, and use coupon code DF2020 to save 20% when you purchase by April 10.

Facebook Wanted NSO Spyware to Monitor iOS Users 

Joseph Cox, who has been absolutely killing it in his reporting for Motherboard:

According to a declaration from NSO CEO Shalev Hulio, two Facebook representatives approached NSO in October 2017 and asked to purchase the right to use certain capabilities of Pegasus.

At the time, Facebook was in the early stages of deploying a VPN product called Onavo Protect, which, unbeknownst to some users, analyzed the web traffic of users who downloaded it to see what other apps they were using. According to the court documents, it seems the Facebook representatives were not interested in buying parts of Pegasus as a hacking tool to remotely break into phones, but more as a way to more effectively monitor phones of users who had already installed Onavo.

“The Facebook representatives stated that Facebook was concerned that its method for gathering user data through Onavo Protect was less effective on Apple devices than on Android devices,” the court filing reads. “The Facebook representatives also stated that Facebook wanted to use purported capabilities of Pegasus to monitor users on Apple devices and were willing to pay for the ability to monitor Onavo Protect users.”

This was just a little over two years ago. The NSO software that Facebook was attempting to license is intended for legitimate counterintelligence and law enforcement agencies to use in the pursuit of criminals and enemies of the state. There’s certainly a debate to be had regarding the NSO Group and its services, but Facebook’s stated intention for this software was to use it for mass surveillance of its own honest users. That is profoundly fucked up — sociopathic.

Let me repeat what I’ve stated before: Facebook is a criminal enterprise.

‘Thank God for the Internet’ 

Josh Topolsky, writing at Input:

But thank god for the internet. What the hell would we do right now without the internet? How would so many of us work, stay connected, stay informed, stay entertained? For all of its failings and flops, all of its breaches and blunders, the internet has become the digital town square that we always believed it could and should be. At a time when politicians and many corporations have exhibited the worst instincts, we’re seeing some of the best of what humanity has to offer — and we’re seeing it because the internet exists.

Now, I’m not letting Mark Zuckerberg or Jeff Bezos off the hook, but we also can’t deny that there is still good, still utility, still humanity present here — and it’s saving us in huge ways and little ones, too. In the shadow of the coronavirus, the sum of the “good” internet has dwarfed its bad parts. The din of a connected humanity that needs the internet has all but drowned out its worst parts. Oh, they’re still there, but it’s clear they aren’t what the internet is; they’re merely the runoff, the waste product.

So true. Feeling isolated? Cooped up? Me too. But imagine what this would’ve been like 30 years ago. This sort of crisis is what the internet was designed for, and it’s working.

Bruce Schneier on Zoom 

Bruce Schneier:

I’m okay with AES-128, but using ECB (electronic codebook) mode indicates that there is no one at the company who knows anything about cryptography. […]

In the meantime, you should either lock Zoom down as best you can, or — better yet — abandon the platform altogether.

If Bruce Schneier recommends you don’t use Zoom, you probably shouldn’t use Zoom — at least for anything you wouldn’t be willing to conduct over an unencrypted channel.

TechCrunch: ‘Zoom Admits Some Calls Were Routed Through China by Mistake’ 

Sometimes a headline says it all. This is really one hell of a “mistake”. It’s China. Considering everything we know about China — human rights violations, untrustworthy track record, unaccountable totalitarian leadership, vast resources, and their technical expertise to act, at scale, on access to potentially sensitive poorly-encrypted video calls — China is quite literally and obviously the last country on the face of the earth where you’d want video calls routed.

But I suppose Zoom is probably right, it must have been a mistake — despite the fact that Zoom has over 700 employees in China, including a large portion of its engineering staff; despite the fact that Zoom’s purported end-to-end encryption is no such thing, which means Chinese snoops already have access to the keys used to weakly-encrypt Zoom chats — because Zoom CEO Eric Yuan assured us that Zoom was designed with the security and privacy needs of the enterprise in mind. What a relief.

NASA Brings Back Its Rightful Logo 

NASA, with some much-needed good news:

Enter a cleaner, sleeker design born of the Federal Design Improvement Program and officially introduced in 1975. It featured a simple, red unique type style of the word NASA. The world knew it as “the worm.” Created by the firm of Danne & Blackburn, the logo was honored in 1984 by President Reagan for its simplistic, yet innovative design.

NASA was able to thrive with multiple graphic designs. There was a place for both the meatball and the worm. However, in 1992, the 1970s brand was retired - except on clothing and other souvenir items - in favor of the original late 1950s graphic.

Until today.

This should be the only logo NASA uses. 45 years old and it still feels like the future.

Security Researchers: Zoom’s Encryption Is ‘Not Suited for Secrets’; Key Servers and 700 Employees Are in China 

Security researchers Bill Marczak and John Scott-Railton, in a cogent, eye-opening report for the University of Toronto’s Citizen Lab:

Key Findings:

  • Zoom documentation claims that the app uses “AES-256” encryption for meetings where possible. However, we find that in each Zoom meeting, a single AES-128 key is used in ECB mode by all participants to encrypt and decrypt audio and video. The use of ECB mode is not recommended because patterns present in the plaintext are preserved during encryption.

  • The AES-128 keys, which we verified are sufficient to decrypt Zoom packets intercepted in Internet traffic, appear to be generated by Zoom servers, and in some cases, are delivered to participants in a Zoom meeting through servers in China, even when all meeting participants, and the Zoom subscriber’s company, are outside of China.

  • Zoom, a Silicon Valley-based company, appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software. This arrangement is ostensibly an effort at labor arbitrage: Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin. However, this arrangement may make Zoom responsive to pressure from Chinese authorities.

Apparently these security researchers aren’t aware that Zoom was designed with the security and privacy needs of the enterprise in mind.

Thousands of Zoom Videos Exposed Online Because File Names Are Guessable 

Drew Harwell, reporting for The Washington Post:

Videos viewed by The Washington Post included one-on-one therapy sessions; a training orientation for workers doing telehealth calls that included people’s names and phone numbers; small-business meetings that included private company financial statements; and elementary school classes, in which children’s faces, voices and personal details were exposed.

Many of the videos include personally identifiable information and deeply intimate conversations, recorded in people’s homes. Other videos include nudity, such as one in which an aesthetician teaches students how to give a Brazilian wax. […]

But because Zoom names every video recording in an identical way, a simple online search can reveal a long stream of videos elsewhere that anyone can download and watch. The Washington Post is not revealing the naming convention that Zoom uses, and Zoom was alerted to the issue before this story was published.

But Zoom was designed for the enterprise. I don’t get how this could happen.

Every Zoom Security and Privacy Flaw So Far, and What You Can Do to Protect Yourself 

Because it’s by Glenn Fleishman, this piece is both a great read and comprehensive. Because it’s comprehensive — and about Zoom — it’s remarkably long.


Amazon and Apple Strike Deal for Prime Video In-App Purchases and Subscriptions

Benjamin Mayo, writing for 9to5Mac yesterday:

In a significant shift, the Amazon Prime Video app on iOS and Apple TV now features a built-in content store. This means users can now buy or rent TV shows and movies directly inside the app on Apple platforms. The change was first spotted by The Verge.

For the longest time, Amazon did not support this because of Apple’s App Store rules which require the developer to use Apple’s In-App purchase system for digital content and give 30% of the revenue to Apple. The app now seems to use Amazon payment method if you have a card on file, otherwise it uses Apple In-App Purchase.

I’ve been digging into this since the news broke, and I think it’s even more significant than Mayo suggests. It’s not about whether Amazon has a credit card on file for your account — it’s about whether you’re already a Prime subscriber.

Here’s Apple’s official statement, which I was given yesterday:

Apple has an established program for premium subscription video entertainment providers to offer a variety of customer benefits — including integration with the Apple TV app, AirPlay 2 support, tvOS apps, universal search, Siri support and, where applicable, single or zero sign-on. On qualifying premium video entertainment apps such as Prime Video, Altice One and Canal+, customers have the option to buy or rent movies and TV shows using the payment method tied to their existing video subscription.

I’ve never heard of Altice One prior to this (it’s a regional cable provider), and Canal+ I only know as a service popular in France. (So the “+” is pronounced plooce, not pluss.) So while Apple is technically correct that this program isn’t new, with the addition of Prime Video it’s effectively new to most of us.

Here’s how it seems to work.

First, Amazon’s Prime Video app only works if you’re signed in with an Amazon account. You can create a new account in the app, but you need to be signed in. (Screenshot.) I’m using app, singular, and showing screenshots from iOS, but everything here applies equally to the Prime Video apps for both iOS, iPadOS, and tvOS.

If Your Amazon Account Has an Existing Prime Subscription

If you already subscribe to Prime (full Prime or just Prime Video), when you rent or purchase a movie in the app, the transaction is now handled by Amazon, using your credit card on file with Amazon. This is, in plain English, an in-app purchase insofar as you are making a purchase within the app, but it is not an Apple In-App Purchase. The interface is Amazon’s, and the transaction is processed by Amazon.

.

Amazon’s permission to do this — to process credit card transactions on its own, right in the app — is new as of yesterday. And while Altice One and Canal+ have apparently been in the same program for some time, for most of us this is unprecedented. Apple’s insistence that all in-app purchases of digital content go through Apple’s official In-App Purchase mechanism — giving Apple its significant cut of each transaction — has been so steadfast ever since the inception of the App Store in 2008 that many observers genuinely wondered if Amazon had gone rogue yesterday, and was doing this without Apple’s permission, hoping to provoke a high-stakes fight.

But this is completely sanctioned by Apple. If you have an existing Prime account — one you signed up for at Amazon’s website — you can now purchase and rent movies and TV shows in the Prime Video app directly through Amazon. Apple doesn’t see a dime.

If Your Amazon Account Does Not Have a Prime Subscription

If the Amazon account you’re signed into does not have a Prime subscription, you can purchase or rent movies in the Prime Video app, and they will be processed as Apple In-App Purchases. This is true even if Amazon has a credit card on file for your account. If you are not subscribed to Prime, in-app purchases are Apple’s In-App Purchases.

.

That’s not even the most interesting part. If you don’t subscribe to Prime, you can subscribe to Prime Video in-app for $9/month and it’s an Apple iTunes subscription. Apple gets a cut and your subscription to Prime Video is managed like any other iTunes subscription.

.

You get the same one-month free trial, and pay the same $9/month price thereafter, that you get when you sign up for Prime Video directly on Amazon.com. And it’s a full cross-platform Prime Video account — you can use it to watch Prime Video content on the web, on Android devices — anywhere.

On Amazon’s website, if you go to Prime Video → Settings, it is very clear that your account is managed through iTunes, and Amazon provides a very clear “Edit in iTunes” button.

.

On MacOS 10.15 Catalina, clicking the “Edit in iTunes” button takes you to the subscriptions management section of your account settings in Apple’s Music app; on iOS, it takes you to the subscriptions management section in the iTunes Store app.

In the Payment Settings section pictured above on Amazon’s website, you can add a credit card payment method for “rentals or purchases”. However, if your Prime Video subscription is through iTunes, in-app purchases on Apple devices will still go through Apple. This payment option only applies when buying or renting movies in Prime Video on non-Apple platforms. (I tested it on the web and Android.)

If you do not have a saved payment method in your Amazon account, when you attempt to purchase or rent a movie in the Prime Video app on Android, you will be prompted for your credit card info.

What Happens If You Sign Up for Full-Fledged Prime If You’re Subscribed to Prime Video Via iTunes

There are two ways to get Prime Video content: a full-fledged Prime subscription (which includes all the free/discounted shipping benefits from real-world Amazon purchases, Amazon Music, etc.) or a Prime Video subscription. Full-fledged Prime costs $13/month; Prime Video costs $9/month. So what happens if you subscribe to Prime Video through iTunes, but subsequently decide to upgrade to a full-fledged Prime subscription at Amazon?

Well, you don’t really get to “upgrade”. You subscribe to Prime at Amazon.com as though you’re altogether new to Prime. You must have a saved credit card on your account, and after your one-month trial, you’ll be charged the full $13/month in addition to your existing $9/month iTunes subscription to Prime Video.

When you then visit your Prime Video settings — either on Amazon’s website or in the Prime Video app — Amazon displays a prominent warning in red: “You might be charged twice for Prime Benefits.” (Screenshots: web and app.)

The Quid Pro Quo

Let’s return to Apple’s statement on this program:

Apple has an established program for premium subscription video entertainment providers to offer a variety of customer benefits — including integration with the Apple TV app, AirPlay 2 support, tvOS apps, universal search, Siri support and, where applicable, single or zero sign-on.

What Apple is saying here is that for a video subscription service — pardon me, a premium video subscription service — to qualify for this program, the service has to support all of Apple’s features for video content apps: AirPlay 2 support, a native tvOS app, single sign-on if applicable, universal search and Siri support (so if you search in the TV app for a show or movie, results from Amazon Prime Video show up). This includes integration with the TV app for features like Up Next — start watching a TV series in Prime Video and when you go to Apple’s TV app (on any device) your next episode should appear in Up Next. Supporting all of these features is a lot of work, and Amazon has done it all.

So the deal seems to be this:

  • The Prime Video app supports every feature that makes a third-party subscription video service a first-class citizen in Apple’s multi-device TV ecosystem.
  • For users with existing Prime subscriptions, or new subscriptions made on Amazon’s website, Amazon now gets to bill them directly for movie rentals and purchases made in the app, giving Apple no cut of the transactions.
  • Users can subscribe to Prime Video in-app using an iTunes subscription, giving Apple a recurring cut, and leaving subscription management in Apple’s hands.
  • For users without a Prime subscription, or with a Prime subscription made through the app, Amazon now bills them for purchases and rentals through Apple’s In-App Purchase mechanism, giving Apple a cut.

Why would Apple agree to this? Financially, Apple now gets a cut of some Prime Video rentals and purchases, and a recurring cut of new Prime Video subscriptions made in-app. And Apple TV users get all the benefits from the Prime Video app supporting AirPlay 2, universal search, and integration with the TV app that Apple is trying to make the default interface for watching shows and movies. Prior to this deal, Apple made nothing from Prime Video — it was a free app with no in-app purchases, and there was no way to subscribe to Prime Video through iTunes.

Why would Amazon agree to this? Amazon now gets to sell movies and TV shows directly in the Prime Video app for iOS and tvOS users. For existing Prime subscribers, they get to keep all of the money from these purchases and rentals. The tricky question is why would Amazon agree to allow people to subscribe to Prime Video through iTunes, giving Apple a cut of the recurring subscription. Apple’s standard terms for subscriptions are a 70/30 percent split for the first year, and 85/15 thereafter. I would bet that Amazon negotiated more favorable terms than this, but no one but Amazon and Apple know that. (It is widely understood that Netflix negotiated more favorable terms with Apple back when Netflix supported subscriptions through iTunes — they had an 85/15 split for the first year, too.) But even if Amazon is getting the standard 70/30-then-85/15 terms — I doubt that, but let’s just say even if they are — I can see why they’d agree to it if they think they’ve already saturated the potential market for Prime subscribers they can get on their own.

If their new sign-ups for Prime are tapering off in the U.S. — which seems very possible, given how popular Prime is and how long it’s been around — any new subscriptions they can get through in-app iTunes subscriptions may well be worth the recurring cut Apple will take. There’s practically zero risk that any existing Prime Video subscribers are going to cancel just to resubscribe using iTunes, and even less risk that any full-fledged Prime subscribers would downgrade to Prime Video only. It’s all upside for Amazon, even with Apple’s cut of in-app transactions.

It’s a win for Apple, a win for Amazon, and a win for users in the Apple TV ecosystem.

Amazon has, effectively, pulled a reverse Netflix


Regarding Zoom

Joseph Cox, reporting for Motherboard last week:

As people work and socialize from home, video conferencing software Zoom has exploded in popularity. What the company and its privacy policy don’t make clear is that the iOS version of the Zoom app is sending some analytics data to Facebook, even if Zoom users don’t have a Facebook account, according to a Motherboard analysis of the app. […]

“That’s shocking. There is nothing in the privacy policy that addresses that,” Pat Walshe, an activist from Privacy Matters who has analyzed Zoom’s privacy policy, said in a Twitter direct message.

Zoom subsequently removed the Facebook integration code and fast-tracked an update to the App Store. But still. This is a company with a history of playing fast and loose with privacy and security. You may recall last summer, when it came to light that the Mac version of Zoom secretly installed a web server, which remained installed and running even if you deleted the Zoom app from your machine. Shockingly, this enabled a security exploit that allowed hackers to take control of your Mac’s camera — the sort of privacy nightmare scenario that leads folks to tape over their cameras. Zoom called this hidden unremovable-through-normal-means web server a feature, not a bug. The bug was so insidious that Apple had to push a silent MacOS update to remove Zoom’s hidden web servers.

I wrote at the time:

I’m not prone to histrionics but this is genuinely outrageous — not even to mention the fact that Leitschuh reported this to Zoom months ago and Zoom effectively shrugged its corporate shoulders.

If you ever installed Zoom, I’d go through the steps to eradicate it and never install it again.

This Facebook data issue is nowhere near as bad as the web server issue. But it betrays Zoom’s institutionally cavalier attitude to privacy. Their privacy policy more or less grants them carte blanche to do whatever the hell they want.

Mistakes happen. Bugs happen. I not only forgive mistakes, I enjoy forgiving mistakes. But Zoom’s callous disregard for privacy does not seem to be a mistake. As Zoom itself said about the hidden web server they secretly installed on Macs, it’s a feature not a bug.

Alas, Zoom’s video conferencing technology is best of breed, and because Zoom is easy to use and the quality is so high, it is exploding in popularity now that the whole world is working and socializing remotely. All of the following can be — and I believe are — true: Zoom is popular, useful, and by their own admission not trustworthy.

If you must use Zoom or simply want to use it, I highly recommend using it on your iPad and iPhone only.1 The iOS version is sandboxed and reviewed by the App Store. The Mac version of Zoom is not available through the App Store, which makes me trust it not a bit. Much of the Mac software I rely on every day is not from the App Store — but all of it comes from developers I trust, who have proven reputations.

Zoom is not on that list.

Update: On the Mac, Zoom requires the use of an installer, and Zoom’s installer experience is… not confidence inspiring. The entire installation takes place during the preflight stage of the installation. Again, that’s clearly not an oversight or honest mistake. Everyone knows what “preflight” means. It’s a complete disregard for doing things properly and honestly on Zoom’s part. There’s no way to check what files will be installed and where before their installer has gone ahead and installed them. (Hacker News thread with details.)

Update 2: Zoom also has a web version, with fewer features than the desktop app. If you need to use Zoom from your Mac, try that — using a private browser window — before you download and install their app.

In closing, I’ll turn the virtual mic over to Doc Searls, who wrote this in the closing paragraphs of the first of a series of posts on Zoom and privacy:

Here’s the thing: Zoom doesn’t need to be in the advertising business, least of all in the part of it that lives like a vampire off the blood of human data. If Zoom needs more money, it should charge more for its services, or give less away for free. Zoom has an extremely valuable service, which it performs very well — better than anybody else, apparently. It also has a platform with lots of apps with just as absolute an interest in privacy. They should be concerned as well. (Unless, of course, they also want to be in the privacy-violating end of the advertising business.)

What Zoom’s current privacy policy says is worse than “You don’t have any privacy here.” It says, “We expose your virtual necks to data vampires who can do what they will with it.” 


  1. It’s worth noting that iPhones and iPads have much better front-facing cameras than any MacBook — you’ll look better on Zoom using one. ↩︎


Curse Words

Cursor is an overloaded term. There are two discrete elements of modern computing that we loosely refer to as “cursors”:

  • The icon that moves around on the screen that you control with your mouse or trackpad.
  • The vertical bar that blinks in a text editing field to indicate where typed characters will appear.

For clarity, it’s best not to refer to either of these things as cursors. Instead:

  • Mouse/trackpad pointer.
  • Insertion point.

This terminology has been slightly confusing over the last week, since Apple’s surprise announcement of pointer support in iPadOS 13.4. In their marketing materials, Apple is calling pointers “cursors”. E.g, on the webpage for the refreshed iPad Pros:

The click-anywhere trackpad opens up a whole new way to work in iPadOS. It allows control of the new cursor in iPadOS, which is perfect for tasks like editing a spreadsheet, selecting text, or simply doing everything right from the trackpad.

From the Apple Newsroom announcement:

iPadOS 13.4 brings trackpad support to iPad for the first time for a more natural typing experience and added precision for tasks such as writing and selecting text, working with spreadsheets and pro workflows. Designed specifically for the touch-first experience on iPad, the cursor appears as a circle that highlights user interface elements, text fields and apps on the Home screen and Dock, giving a clear indication of what users can click on.

In neither of these cases is cursor ambiguous — in context, it’s completely clear they’re referring to the trackpad pointer. But as a general rule, it’s better to err on the side of precision, and pointer and insertion point always avoid ambiguity.

In its technical documentation, Apple is clear. In the updated Human Interface Guidelines:

Pointers (iPadOS)

iPadOS 13.4 introduces dynamic pointer effects and behaviors that enhance the experience of using a pointing device with iPad. As people use a pointing device, iPadOS automatically adapts the pointer to the current context, providing rich visual feedback and just the right level of precision needed to enhance productivity and simplify common tasks.

The iPadOS pointing system gives people an additional way to interact with apps and content — it doesn’t replace touch. Some people may continue to use touch only, while others may prefer to use the pointer or a combination of both. Let people choose how to interact with your app, and avoid condensing your interface or making changes that require them to use the pointer.

From Apple’s excellent Apple Style Guide (available free of charge in the Apple Books store):

cursor
Don’t use in describing the macOS or iOS interface; use insertion point or pointer, depending on the context. The term cursor is appropriate when you describe the VoiceOver interface and may be appropriate when you describe other interfaces and in developer materials.

“Other interfaces” would include the terminal/command-line, where the (perhaps) blinking insertion point is properly called the cursor.

When it comes to pointers, it’s worth noting the Apple Style Guide recommends getting specific:

pointer
OK in general references, but be specific whenever appropriate: arrow, crosshair, I-beam.

And, of course, the Apple Style Guide prescribes OK, never okay