Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years 

Brian Krebs:

The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees. The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords dating back to 2012.

Always bet the Over when Facebook announces something like this. They’ll admit it’s 750 million or more soon.


The New iPad Mini

I’ve been a fan of the iPad Mini form factor ever since the first one. The only thing I didn’t like about the original Mini was its non-retina display. (The iPad 3 went retina earlier in 2012, and the original iPad Mini debuted alongside the iPad 4 in October 2012.) The conclusion of my review then:

If the Mini had a retina display, I’d switch from the iPad 3 in a heartbeat. As it stands, I’m going to switch anyway. Going non-retina is a particularly bitter pill for me, but I like the iPad Mini’s size and weight so much that I’m going to swallow it.

That original Mini didn’t have a retina display because that model served two purposes: it was smaller and it was the cheapest (or, in Apple’s parlance, “most affordable”) iPad in the lineup. The original iPad Mini also saved on cost by including a then-year-old A5 chip; the iPad 4 had the then-brand-new A6X chip.

This week’s new 5th generation iPad Mini doesn’t make any technical compromises. It has the same A12 CPU as the iPhone XR and XS (with 3 GB of RAM on the system-on-a-chip, like the XR, not 4 GB, like the XS models — but those XS models need extra RAM for their 3× retina displays). The new Mini supports Apple Pencil, has a laminated display (which puts the pixels closer to the surface of the glass), and very thankfully supports True Tone.

The new Mini is exactly like the new iPad Air, just smaller — and the new iPad Air is in almost every way the replacement for the 10.5-inch iPad Pro, which until now was still hanging around in the iPad lineup. As I wrote Monday, Apple “could have just called them both ‘iPad Air’ and had one be mini-sized and one regular-sized, similar to how the two sizes of iPad Pro have the same product name”. It’s my understanding that this naming scheme was actually considered, and ultimately rejected simply because everyone would call the 7.9-inch model the “Mini” anyway.

I’ve been testing the new iPad Mini since Monday afternoon and I am deeply enamored. Is it as good as today’s iPad Pros? No — see below. But it costs so much less than an iPad Pro. I think of the iPad Pros as the iPad Nexts, and these new iPad Air and iPad Mini models as the iPad Nows. A 64 GB 11-inch iPad Pro costs $800, the 64 GB new 10.5-inch Air costs $500, and the Mini is just $400. You even save on cellular models compared to the Pro — it costs $150 to add cellular to an iPad Pro, but only $130 to an iPad Air or Mini.

Technology-wise, the iPad Mini is missing obvious things that make the iPad Pros so much more expensive: no edge-to-edge display, no inductive (and magnetic) charging port for the superior Apple Pencil 2, no Face ID, no tap-to-wake. I own and use an 11-inch iPad Pro, and it’s been a bit hard to adjust to losing those features. But people who already own a new 2018 iPad Pro aren’t in the market for a new iPad. Again, it’s iPad Now vs. iPad Next — it just so happens that I’m already used to iPad Next.

Basically, it really comes down to the most obvious attribute: size. The iPad Mini hits a sweet spot: it’s way bigger than any phone and way smaller than any laptop. It’s the physical manifestation of what Steve Jobs in 2010 said the iPad set out to be: something between a phone and a laptop. He was speaking conceptually but the iPad Mini takes it literally. If you want to use your iPad as a laptop replacement, the iPad Mini is probably too small, and it definitely doesn’t fit as well with physical keyboards. There’s a reason why Apple doesn’t make a Smart Keyboard Cover for the Mini. The iPad Mini is meant to be in your hand. But if you use your iPad as something in addition to your laptop, it’s a marvelous size, and no competitor has a tablet even close in terms of performance or quality. And the addition of Apple Pencil support works perfectly with its hand-held size.

A lot of the complaints we in the commentariat have lodged against iOS as a tablet OS are washed away when using an iPad Mini. You can split-screen multitask etc., but who cares if it’s a kludge? With a 7.9-inch display you’re almost always going to be using one app at a time, and that feels right on this device. Really, in a lot of ways, the iPad Mini feels like the one true iPad, and the others are all just blown-up siblings that don’t quite know how to take advantage of their larger displays.

Look, I really like my 11-inch iPad Pro and I’m not going to replace it with a new iPad Mini. But damn, it’s a surprisingly close call, simply because I like this size so much.

Here are some cons. The old Pencil 1 feels greasy in hand because it’s glossy, not matte, and the silly caps and charging story are so inferior. Also, the Pencil 1 rolls around annoyingly. ProMotion (which the Pro models have and the new Air and Mini don’t) is nice, but not essential.1 The 11-inch iPad Pro has way better speakers. Tap-to-wake combined with Face ID is so much better than Touch ID.

But here’s a really big pro in the iPad Mini’s column that I didn’t fully anticipate until diving in with it this week: it’s so much better for thumb-typing. Honestly, I hate typing on the on-screen keyboard on my iPad Pro. I hate it. I really do. If I have to do it I’ll put it in landscape and set it down on a table or counter and try to touch type with all my fingers. But holding the iPad Pro in portrait, I literally can’t type with my thumbs. When I try, everything comes out garbled. I can’t reach all the keys, and inexplicably, the iPad Pro keyboards no longer support splitting them into two smaller more reachable halves. I don’t understand that decision at all. Whereas thumb-typing on the iPad Mini is a joy. I type better with the on-screen keyboard on the iPad Mini than I do on any other iPad because it is perfectly sized for thumbs, and my thumbs have been trained by my iPhone usage. Why in the world does the small iPad Mini support split keyboards and the much bigger 11- and 12.9-inch iPad Pros don’t? I don’t even need the split keyboard to reach all the keys with my thumbs on the Mini, but the Mini supports a split on-screen keyboard and the iPad Pros don’t.

Once again, I’ll refer back to my review of the original iPad Mini from 2012:

Typing is interesting. In portrait, I actually find it easier to type on the Mini than a full-size iPad. All thumbs, with less distance to travel between keys, it feels more like typing on an iPhone. In landscape, though, typing is decidedly worse. The keyboard in landscape is only a tad wider than a full-size iPad keyboard in portrait. That’s too small to use all eight of my fingers, so I wind up using a four-finger hunt-and-peck style with my index and middle fingers.

This is even more pronounced now, at least between iPad Mini and iPad Pro (as opposed to iPad Mini and iPad Air) because iPad Pro — inexplicably, as I said — does not support split keyboards, even though they’re bigger devices. I honestly don’t know how anyone is supposed to type on an iPad Pro while holding it in their hands. It’s crazy.

Basically, the iPad Mini knows exactly what it is and the iPad Pros do not — the iPad Pros are lost between the iOS world of conceptual simplicity and the complex world of competing with desktop OSes.

The iPad Mini puts the “pad” in iPad. If you want a device that is bigger than a phone, but smaller and more holdable than a laptop-screen-sized thing for reading and just walking around with, the iPad Mini is it. It’s in no way a laptop replacement and doesn’t aspire to be. It just is what it is, and what it is is great. 


  1. ProMotion is Apple’s technology that adaptively updates the display at 120 Hz instead of 60 Hz. The old 10.5-inch iPad Pro had it, the new iPad Air and Mini don’t. But even the iPhone XS and XS Max don’t have ProMotion. ↩︎


Google Hit by Another E.U. Fine; Investors Don’t Bat an Eye 

Sara Salinas, reporting for CNBC:

Google was hit with another fine from EU antitrust regulators Wednesday, and investors didn’t bat an eye.

The stock rose 2 percent by the end of trading, outpacing Apple and Microsoft for the day and adding nearly $17 billion to the company’s market value. Google was fined about one-tenth of that amount by the European Commission on Competition early Wednesday.

Investors don’t care about cash, they only care about future growth. Fines like this just don’t matter to Google or Facebook. Write a check, stay the course.

Some Jet Black Claim Chowder 

MacRumors, a month ago: “Apple to Release AirPods With New Coating and Black Color in the Spring”:

Apple is planning to release AirPods that feature a new surface coating, wireless charging, and a black color option, according to a report from Taiwanese Economic Daily News.

There are no black AirPods, and there is no new coating or texture. MacRumors is a great publication, but I don’t get why they run headlines that report rumors as facts.

Apple Announces New AirPods Via Press Release 

Apple Newsroom:

The new Apple-designed H1 chip features custom audio architecture to create a revolutionary audio experience and improved synchronization. H1 allows AirPods to deliver up to 50 percent more talk time compared to first generation AirPods. Switching between devices while listening to music on iPhone, Apple Watch or iPad is more seamless than ever with two times faster connect times. For the first time, AirPods now feature the convenience of “Hey Siri” making it easier to change songs, make a call, adjust the volume or get directions simply by saying, “Hey Siri.”

Curious why it’s the H1 and not a new W-series chip. Update: Apple Watch is still using W-series chips (W3 in Series 4 watches, W2 in Series 3). The H1 is a new chip series specifically for headphones. Makes sense.

The new AirPods are $160 with a Lightning case, and $200 with a case that charges via either Qi-compatible charging pads or Lightning. That inductive charging case is available by itself for $80 and works with first-generation AirPods.

They require MacOS 10.14.4 and iOS 12.2, both of which are still in beta. Presumably this means the release versions will come out Monday.

Sure would be neat if there were a single charging pad you could buy to charge your iPhone, AirPods, and even Apple Watch all at once.

Google Announces Stadia, Streaming Video Game Service 

Phil Harrison, vice president and GM of Google Stadia:

Using our globally connected network of Google data centers, Stadia will free players from the limitations of traditional consoles and PCs.

When players use Stadia, they’ll be able to access their games at all times, and on virtually any screen. And developers will have access to nearly unlimited resources to create the games they’ve always dreamed of. It’s a powerful hardware stack combining server class GPU, CPU, memory and storage, and with the power of Google’s data center infrastructure, Stadia can evolve as quickly as the imagination of game creators.

They have a custom game controller too, which from the outside looks a lot like a Sony Dualshock. The innovation is that the controller isn’t a peripheral to a local device — it connects by Wi-Fi to the Stadia cloud.

Streaming high-performance games over the internet sounds like something that could never compete with a local device, but no less an authority than John Carmack vouches for it in principle.

It’s worth pointing out too that this is a very Google-like strategy, where your device doesn’t really matter, only the cloud service.

Apple’s M68 Prototype Board for the Original iPhone 

A fascinating bit of computing history. I sure am curious about the person who owns this, though — seems like it would be a hard thing for most engineers to walk out of the building with.

Jason Snell on the Updated iMac Lineup 

Jason Snell, writing at Six Colors:

What this means is that these new iMacs have closed a bit of the gap between the highest-end iMac and the lowest-end iMac Pro. You’ll need to pay extra in configurable options, but the highest-end eight-core iMac should creep close to iMac Pro territory in terms of processor and graphics performance.

Nice (Non-Pro) iMac Speed Bumps 

Nothing radical here — no T2 chip* or anything that makes them look new. Just faster CPUs from Intel and faster GPUs (including Vega options) from Radeon. This is an industrial design that deserves to last years. It still doesn’t seem possible to get displays of this caliber at these prices in the PC world — or at any price for 5K in an all-in-one. These speed bumps are just what the doctor ordered.

* If there’s one disappointment for me with these updated iMacs, it’s that the low-end configurations still ship with spinning hard drives — either as the sole storage device or as part of a Fusion drive. I get it — SSDs cost a lot more than hard drives. But SSDs are just so much better in every regard other than price. I think this decision goes hand-in-hand with the lack of a T2 subsystem, though — no iOS device has ever shipped with support for hard drives. The iMac Pro can have a T2 because the iMac Pro is SSD only, so the T2 can depend on solid state storage for its boot partition. I’d wager heavily that non-Pro iMacs won’t get T-whatever security subsystems until they go SSD-only.


Apple Releases New A12-Based iPad Air and iPad Mini

The best way to think of today’s new iPads is not as an updated iPad Air and updated iPad Mini. The new iPad Air isn’t based on the old iPad Air — it’s an update to the 10.5-inch iPad Pro. (It even works with the same cover and keyboard peripherals.) And the new Mini is really just a smaller version of the new iPad Air — they could have just called them both “iPad Air” and had one be mini-sized and one regular-sized, similar to how the two sizes of iPad Pro have the same product name. As far as I can see, there is no difference between the new iPad Air and iPad Mini other than size.

When it debuted in 2012, the iPad Mini was both the small iPad and the low-cost iPad. Today, the low-cost iPad is the $329 9.7-inch just-plain no-adjective iPad. The new iPad Mini is a full-fledged peer to the new iPad Air technically. It’s all about the size. (And there are no old iPad Minis hanging around in the product lineup at lower prices.)

Looking at tweets and reader emails today, it seems like the most confusing thing about these iPads is why they use the original Apple Pencil instead of the new Apple Pencil 2. It’s obviously not ideal, but I suspect the explanation is multi-factor:

  • The Pencil 2 requires an iPad with flat sides for the magnetic charging and pairing.
  • The flat sides of the newest iPad Pros go hand-in-hand, design-wise, with the edge-to-edge (or “edge-to-edge” if you prefer) round-corned displays, and Face ID instead of Touch ID. Those things all add to the price of iPad Pros.
  • In theory Apple could have given these new iPads flat sides just to support the new Pencil, sticking with the square-cornered display, larger chin and forehead, and Touch ID — but that’s not how Apple rolls. Such design elements are integrated with the whole.
  • Update, 19 March: And, I am reliably informed, the inductive charging data port for connecting Pencil 2 on the latest iPad Pros is expensive enough to be prohibitive for the new Air and Mini.

If Apple had wanted the new Pencil 2 to work on all new iPads, they would’ve had to put a Lightning plug on the new Pencil in addition to supporting conductive charging and pairing. But that’s really not how Apple rolls — that would have ruined one of the things that makes the new Pencil so much nicer than the old Pencil. Better to have a messy product lineup where some new iPads only support the new Pencil and others only support the old Pencil than to have a messy new Pencil. 


Seattle Times: ‘Flawed Analysis, Failed Oversight: How Boeing, FAA Certified the Suspect 737 Max Flight Control System’ 

Dominic Gates, reporting for The Seattle Times:

As Boeing hustled in 2015 to catch up to Airbus and certify its new 737 MAX, Federal Aviation Administration (FAA) managers pushed the agency’s safety engineers to delegate safety assessments to Boeing itself, and to speedily approve the resulting analysis.

But the original safety analysis that Boeing delivered to the FAA for a new flight control system on the MAX — a report used to certify the plane as safe to fly — had several crucial flaws.

Absolutely scathing. The Seattle Times contacted both the FAA and Boeing with details of its reporting four days before the crash in Ethiopia. It now seems clear this plane should not have been certified, for exactly the reasons that led to both crashes.

Phil Schiller on ATP 

Terrific interview, including a hilarious anecdote about Schiller’s on-stage stunt at Macworld Expo in New York in 1999.

Jamf Now 

My thanks to Jamf for sponsoring this week at DF. For many people, IT is a task and not a career. It’s time to get your nights and weekends back.

Jamf Now is a simple, cloud-based solution designed to help anyone set up, manage, and protect Apple devices at work. Easily configure company email and Wi-Fi networks, distribute apps to your team, and protect sensitive data without locking down devices.

Daring Fireball readers can create an account and manage three devices for free — no credit card required. Each additional device starts at just $2 per month. Two bucks! Create your free account today.

The Talk Show: ‘Loan It to Nien Nunb’ 

Matthew “Hondo” Panzarino returns to the show. Topics include WWDC 2019, the 30th anniversary of the World Wide Web, Apple and privacy, the Boeing 737 Max, and Disney’s upcoming Star Wars: Galaxy’s Edge theme park lands.

Brought to you by these fine sponsors:

  • Eero: Finally, Wi-Fi that works. Get $100 off a Wi-Fi system and a year of eero Plus with code thetalkshow.
  • Mack Weldon: Modern men’s essentials. Save 20% off your first purchase with code talkshow.
  • Squarespace: Make your next move. Use code talkshow for 10% off your first order.
Security Researchers Claim Two-Thirds of All Android Antivirus Apps Are Frauds 

Catalin Cimpanu, writing for ZDNet’s Zero Day:

An organization specialized in testing antivirus products concluded in a report published this week that roughly two-thirds of all Android antivirus apps are a sham and don’t work as advertised.

The report, published by Austrian antivirus testing outfit AV-Comparatives, was the result of a grueling testing process that took place in January this year and during which the organization’s staff looked at 250 Android antivirus apps available on the official Google Play Store.

How many do-nothing “antivirus” apps are in the iOS (and Mac) App Store though? Seriously — search for “antivirus” in the iOS App Store and look at the results. All sorts of “cleaners” and “security” apps that are placebos at best, and who knows what (especially if they offer VPNs) at worst. Some of them actually claim to be “antivirus” — especially on the Mac App Store. How would that actually work given App Store sandboxing rules?


On Spotify’s Complaints About the App Store

From Spotify’s 5-point “Time to Play Fair” complaint against Apple:

Apple requires that certain apps pay a 30% fee for use of their in-app purchase system (IAP) — as is their prerogative. However, the reality is that the rules are not applied evenly across the board. Does Uber pay it? No. Deliveroo? No. Does Apple Music pay it? No. So Apple gives the advantage to its own services.

I think Spotify (along with any other company selling digital content or subscriptions) has a case. But they’re being disingenuous comparing themselves to Uber and Deliveroo. If it’s a physical product or service, there’s never been a requirement to use Apple’s IAP. Amazon’s app sells physical goods without paying a penny to Apple, but they don’t sell e-books or music or movies because those purchases would be subject to Apple’s “use our IAP and pay us 30 percent” rule.

Apple hasn’t singled out Spotify. They’ve singled out the categories of digital content and subscriptions. They’re in the same boat as Netflix.

If users want to upgrade from our Free service to Premium, great, we’d love to have them! But Apple bars us from offering that option in our app, instead, forcing users to take multiple steps of going to a browser or desktop. Some of our users don’t even have a desktop. And to top it off, we can’t even tell them that or point them in the right direction. You have to figure it out all on your own.

The “we can’t even tell them that or point them in the right direction” is a sticking point for me — as I wrote when Netflix removed in-app subscriptions a few months ago. And this is something that was allowed in the early days of the App Store — the Kindle app used to kick you over to Safari to buy books, for example.

What Apple should do is allow apps that opt out of IAP to explain that users need to subscribe or make purchases using a web browser, and allow them to link to their website from within the app (even if they’d be required to open that link in Safari, as opposed to an in-app web view).

Everything else in Spotify’s list of complaints seems like noise to me, and distracts from the central issues — which happen to be the issues where Spotify should be on the strongest legal footing.

Apple published a detailed response to Spotify’s complaints today. It’s a cogent read and their points are all well-made — but Apple conspicuously avoids addressing the fact that apps like Spotify aren’t even allowed to tell users how to subscribe using a web browser. Apple executives should take a hard look at why they chose not to defend that policy. 


American Leadership on Air Safety Under Question Across the Globe 

Anthony Faiola, writing for The Washington Post:

Around the globe, the U.S. Federal Aviation Administration for decades represented the gold standard for air safety — a regulator whose decisions, particularly on American-made aircraft, boosted the confidence of plane travelers in New York, Miami and Los Angeles, as well as London, Rio de Janeiro and Beijing.

Yet since Sunday’s Ethiopian Airlines crash shortly after takeoff — the second 737 Max to go down in less than five months — foreign observers have watched Washington’s handling of the crisis with mounting alarm. Critics at home and abroad are blaming, at best, erratic decision-making and, at worst, domestic commercial interests, for what many of them decry as a flawed U.S. reaction. […]

The outcome, critics say, has undermined American credibility as the pacesetter for global aircraft standards, while potentially ushering in an era in which international regulators — particularly those in China and Europe — assert growing clout. The global response now stands in contrast to 2013, when foreign aviation authorities largely followed the U.S. lead in dealing with a rash of battery problems that led to the temporary grounding of the Boeing 787 Dreamliner.

Keep in mind that the FAA hasn’t had a commissioner for over a year, after Trump nominated his own personal private jet pilot for the role and the Senate rightly laughed at the notion. This is a real-world consequence of Trump’s — and his supporters’ — rejection of the notion of expertise and the importance of staffing the federal government with experts.

For all his bluster to the contrary, Trump is ceding global leadership to China and the EU.

The Apology Machine 

Sarah Frier, in a cover story for Bloomberg Businessweek*:

Unfortunately, the reporting system they described, which relies on low-wage human moderators and software, remains slow and under-resourced. Facebook could afford to pay its moderators more money, or hire more of them, or place much more stringent rules on what users can post — but any of those things would hurt the company’s profits and revenue. Instead, it’s adopted a reactive posture, attempting to make rules after problems have appeared. The rules are helping, but critics say Facebook needs to be much more proactive.

“The whole concept that you’re going to find things and fix them after they’ve gone into the system is flawed — it’s mathematically impossible,” says Roger McNamee, one of Facebook’s early investors and, now, its loudest critic. McNamee, who recently published a book titled Zucked, argues that because the company’s ability to offer personalized advertising is dependent on collecting and processing huge quantities of user data, it has a strong disincentive to limit questionable content. “The way they’re looking at this, it’s just to avoid fixing problems inherent with the business model,” he says.

I absolutely love the magazine cover. I despise the custom text selection color they’ve chosen for the article on the website, which is — I swear — only 10 percent lighter than the pure black background.

* Bloomberg, of course, is the publication that published “The Big Hack” in October — a sensational story alleging that data centers of Apple, Amazon, and dozens of other companies were compromised by China’s intelligence services. The story presented no confirmable evidence at all, was vehemently denied by all companies involved, has not been confirmed by a single other publication (despite much effort to do so), and has been largely discredited by one of Bloomberg’s own sources. By all appearances “The Big Hack” was complete bullshit. Yet Bloomberg has issued no correction or retraction, and seemingly hopes we’ll all just forget about it. I say we do not just forget about it. Bloomberg’s institutional credibility is severely damaged, and everything they publish should be treated with skepticism until they retract the story or provide evidence that it was true.

The WWDC 2019 Poster Art Guessing Game 

One fun annual tradition is examining the poster art for WWDC and trying to surmise if it hints at anything that’s going to be announced. I’ll make one guess based on this year’s art: system-wide dark mode in iOS 13.

WWDC 2019: June 3-7 in San Jose 

Apple Newsroom:

Apple today announced it will host its annual Worldwide Developers Conference in San Jose from June 3 through June 7 at the McEnery Convention Center. Now in its 30th year, Apple’s biggest event will bring together the world’s most innovative and creative developers. […]

Developers can apply for tickets today through March 20 at 5 p.m. PDT through the WWDC website. Tickets are issued through a random selection process, and developers will be notified of their application status by March 21 at 5 p.m. PDT. Developers and Apple enthusiasts everywhere can live-stream the conference on the WWDC app for iPhone, iPad and Apple TV as well as through the Apple Developer website.

No big surprises: same venue, expected dates, same lottery system for tickets.

‘The World Pulls the Andon Cord on the 737 Max’ 

Jon Ostrower, writing at The Air Current (Ostrower has been reporting on — and cultivating sources in — the aviation industry for decades):

Every airplane development is a series of compromises, but to deliver the 737 Max with its promised fuel efficiency, Boeing had to fit 12 gallons into a 10 gallon jug. Its bigger engines made for creative solutions as it found a way to mount the larger CFM International turbines under the notoriously low-slung jetliner. It lengthened the nose landing gear by eight inches, cleaned up the aerodynamics of the tail cone, added new winglets, fly-by-wire spoilers and big displays for the next generation of pilots. It pushed technology, as it had done time and time again with ever-increasing costs, to deliver a product that made its jets more-efficient and less-costly to fly.

In the case of the 737 Max, with its nose pointed high in the air, the larger engines — generating their own lift — nudged it even higher. The risk Boeing found through analysis and later flight testing was that under certain high-speed conditions both in wind-up turns and wings-level flight, that upward nudge created a greater risk of stalling. Its solution was MCAS, the Maneuvering Characteristics Augmentation System control law that would allow for both generations of 737 to behave the same way. MCAS would automatically trim the horizontal stabilizer to bring the nose down, activated with Angle of Attack data. It’s now at the center of the Lion Air investigation and stalking the periphery of the Ethiopian crash.

A riveting read.

Several Boeing 737 Max 8 Pilots in U.S. Complained About Suspected Safety Flaw 

Cary Aspinwall, Ariana Giorgi, and Dom DiFurio, reporting for The Dallas Morning News:

Pilots repeatedly voiced safety concerns about the Boeing 737 Max 8 to federal authorities, with one captain calling the flight manual “inadequate and almost criminally insufficient” several months before Sunday’s Ethiopian Air crash that killed 157 people, an investigation by The Dallas Morning News found.

The News found five complaints about the Boeing model in a federal database where pilots can voluntarily report about aviation incidents without fear of repercussions. […]

The disclosures found by The News reference problems with an autopilot system, and they all occurred during the ascent after takeoff. Many mentioned the plane suddenly nosing down. While records show these flights occurred in October and November, the airlines the pilots were flying for is redacted from the database.

This, more than anything else I’ve read, makes me think it is the right decision to ground these planes pending an investigation. Here the key part of one of the pilot’s reports:

This description is not currently in the 737 Flight Manual Part 2, nor the Boeing FCOM, though it will be added to them soon. This communication highlights that an entire system is not described in our Flight Manual. This system is now the subject of an AD.

I think it is unconscionable that a manufacturer, the FAA, and the airlines would have pilots flying an airplane without adequately training, or even providing available resources and sufficient documentation to understand the highly complex systems that differentiate this aircraft from prior models. The fact that this airplane requires such jury rigging to fly is a red flag. Now we know the systems employed are error prone — even if the pilots aren’t sure what those systems are, what redundancies are in place, and failure modes.

I am left to wonder: what else don’t I know? The Flight Manual is inadequate and almost criminally insufficient. All airlines that operate the MAX must insist that Boeing incorporate ALL systems in their manuals.

(Airworthiness Directives (ADs) are “legally enforceable regulations issued by the FAA in accordance with 14 CFR part 39 to correct an unsafe condition in a product. Part 39 defines a product as an aircraft, engine, propeller, or appliance.”)

Boeing 737 Max Flights Banned by U.S. After Other Countries Ground Planes 

Ian Austen and Selam Gebrekidan, reporting for The New York Times:

President Trump announced on Wednesday that the United States was grounding Boeing’s 737 Max aircraft, reversing an earlier decision by American regulators to keep the jets flying after a second deadly crash in Ethiopia.

The order came hours after Canada’s transport minister said that newly available satellite-tracking data suggested similarities between the crash in Ethiopia and another accident last October. In a statement released after Mr. Trump’s announcement, the F.A.A. also cited “newly refined satellite data” as supporting the decision to ground the jets. […]

The accidents have put Boeing on the defensive. The 737 Max is Boeing’s best-selling jet ever and expected to be a major driver of profit with around 5,000 of the planes on order. Its shares have fallen about 13 percent this week.

I’m not sure how to bet on how this is going to turn out. My gut feeling until today has been that these two crashes were flukes, and that the similarities between them were just a very unfortunate coincidence. Trump rage-tweeting about the complexity of newer aircraft seemingly put the FAA into a position where they had to ground them, though. And I can definitely see the argument that an overabundance of caution is called for.

Update: After reading about multiple similar complaints filed by pilots about the 737 Max — specifically about problems with the planes going nose down shortly after takeoff — I’m now convinced grounding them pending investigation is the right move, and now I’m wondering why it took the FAA so long to do so.

I also wonder what this means for non-“Max” Boeing 737s — how many air travelers will be spooked just because they sport the 737 name?

Atoms 

My thanks again to Atoms for sponsoring last week at DF. Atoms makes beautiful, super comfortable shoes that slip on and off easily and even come in quarter sizes to ensure you get the perfect fit. More importantly, they’re looking to hire designers and a head of growth in Brooklyn. Cool stuff about working at Atoms: not only is their office located in the historic Brooklyn Navy Yard, but you also receive killer company perks like membership at The Met and other museums.

I got a pair of their shoes a little over a week ago (black and white, of course), and I can vouch for their quality and comfort. Super soft, super cushiony. Right out of the box they feel like old favorites, and I keep getting compliments about them.

For now there’s a waitlist to score a pair of Atoms — but not for Daring Fireball readers. Just use this secret link to jump the line.

‘Encyclopedia Netflixia’ 

Jason Snell:

In the aftermath I’ve seen lots of folks stepping up to defend Encyclopedia Britannica(!) and Netflix. Maybe Greenblatt’s statement isn’t the most artfully worded. If you want to point and laugh, Nelson style, you can. Netflix is wildly successful… it’s not just a brand, it’s a powerful cultural force, the kind that can fill thrift stores after the launch of a show about de-cluttering, when it’s not winning multiple Academy Awards.

But I think I understand what Greenblatt is getting at.

Interesting counterpoint to my short take the other day. I think what Greenblatt was trying to say is that Netflix doesn’t have a premium brand, not that they don’t have a brand, period. I think that’s still very debatable, but not ridiculous.

AT&T’s New HBO Chief Criticizes Netflix, Says It ‘Doesn’t Have a Brand’ 

Shannon Liao, writing for The Verge:

AT&T’s new head of HBO, Bob Greenblatt, was just hired on Monday, and by Tuesday, he was already criticizing Netflix. He told NBC News’ Dylan Byers, “Netflix doesn’t have a brand. It’s just a place you go to get anything — it’s like Encyclopedia Britannica.”

I don’t expect the head of HBO to say good things about Netflix, but this is so stupidly backward. Netflix’s brand is amazing. They’re a verb, for chrissakes. I love HBO, but no one has ever said “HBO and chill.”

(I’ll also add that Encyclopedia Britannica had a great brand.)

Tim Cook’s Updated Twitter Profile 

See also: “Eddy Internet”.

Tim Culpan: ‘Apple Deserves Kudos for Doing Right by Workers’ 

Tim Culpan, writing for Bloomberg*:

Two of my major beefs with Apple relate to the issues of bonded and underage labor. In the first instance, employees working for the iPhone maker’s suppliers are required to pay upfront fees just to secure a job. This money is usually paid to recruitment agencies. The second is self-explanatory.

Both problems have almost been stamped out.

I’m not aware of any other company that issues supply chain labor reports like Apple does, either.

* Bloomberg, of course, is the publication that published “The Big Hack” in October — a sensational story alleging that data centers of Apple, Amazon, and dozens of other companies were compromised by China’s intelligence services. The story presented no confirmable evidence at all, was vehemently denied by all companies involved, has not been confirmed by a single other publication (despite much effort to do so), and has been largely discredited by one of Bloomberg’s own sources. By all appearances “The Big Hack” was complete bullshit. Yet Bloomberg has issued no correction or retraction, and seemingly hopes we’ll all just forget about it. I say we do not just forget about it. Bloomberg’s institutional credibility is severely damaged, and everything they publish should be treated with skepticism until they retract the story or provide evidence that it was true.

Trump Called Apple’s CEO ‘Tim Apple’ 

Taylor Hatmaker, writing at TechCrunch:

In the video from Cook’s appearance with the American Workforce Policy Advisory Board, Trump invents Tim Apple at 1:03 before launching into a tirade on unspecified murders in Mexico.

“You’ve really put a great investment in our country. We really appreciate it very much, Tim Apple,” Trump said.

Mr. Apple looks happy as a clam to be there, as well.

Daring Fireball Weekly Sponsorship Openings 

The spring schedule for weekly sponsorships is pretty open right now — including a last-minute opening for this current week. If you’ve got a product or service you want to promote to DF’s savvy audience, get in touch.

Teen Who Defied Anti-Vax Mom Says She Got False Information From One Source: Facebook 

Michael Brice-Saddler, reporting for The Washington Post:

An 18-year-old from Ohio who famously inoculated himself against his mother’s wishes in December says he attributes his mother’s anti-vaccine ideology to a single source: Facebook.

Nice work, Zuckerberg.

The New York Post on Apple’s Hollywood Efforts 

Alexandra Steigrad and Nicolas Vega, writing for The New York Post:

Shortly after Apple announced its Hollywood ambitions in 2017, Tinseltown’s wheeler-dealers were lining up to work with the iPhone maker. But as the company’s streaming project gets ready for launch, agents and producers can’t stop griping about how “difficult” Apple is to deal with — citing a “lack of transparency,” “lack of clarity” and “intrusive” executives, including CEO Cook.

One of the biggest complaints involves the many “notes” from Apple executives seeking family-friendly shows, sources said.

“Tim Cook is giving notes and getting involved,” said a producer who has worked with Apple. One of the CEO’s most repeated notes is “don’t be so mean!” the source said.

Sounds bad, but I wouldn’t read too much into this. It’s The New York Post, for one thing, and all the quotes are so anonymous they don’t even say which shows they’re talking about. We’d see catty pieces like this about Apple’s original content efforts no matter how things were going. And of course Apple is difficult to work with.

Trump Vows ‘A-Plus Treatment’ for Alabama 

One more item on the state of Trump’s kakistocracy. Reis Thebault, writing for The Washington Post:

“FEMA has been told directly by me to give the A Plus treatment to the Great State of Alabama and the wonderful people who have been so devastated by the Tornadoes,” Trump wrote Monday, referring to the Federal Emergency Management Agency’s relief efforts. […]

Trump’s enthusiastic assurance that Alabama would get top-flight help contrasts sharply with his barbed rhetoric following horrific wildfires in California and Hurricane Maria in Puerto Rico, when he repeatedly threatened to cut off federal aid and picked fights with local politicians, in one instance calling the mayor of San Juan “totally incompetent.”

The difference between Alabama and Puerto Rico and California, the president’s critics say, is obvious.

“The president really treats differently those people who have supported him in the past and those people who haven’t,” Brian Ott, a rhetoric professor at Texas Tech University, told The Washington Post. “Not all lives are equal in the eyes of the president. … The lives of red states matter, and the lives of blue states don’t.”

It’s one outrage after another with this administration, I know. A non-stop barrage on our collective sense of normalcy and decency. But it’s worth taking a moment here to ponder just how morally bankrupt Trump is to see emergency disaster relief as a reward to be doled out based on his perceived political support among those affected.

The Making of the Fox News White House 

The New Yorker’s Jane Mayer went deep on the relationship between Fox News and Trump’s White House, and makes a compelling case that the line between the two organizations is almost comically blurred:

Fox has long been a bane of liberals, but in the past two years many people who watch the network closely, including some Fox alumni, say that it has evolved into something that hasn’t existed before in the United States. Nicole Hemmer, an assistant professor of Presidential studies at the University of Virginia’s Miller Center and the author of “Messengers of the Right,” a history of the conservative media’s impact on American politics, says of Fox, “It’s the closest we’ve come to having state TV.” […]

The White House and Fox interact so seamlessly that it can be hard to determine, during a particular news cycle, which one is following the other’s lead. All day long, Trump retweets claims made on the network; his press secretary, Sarah Sanders, has largely stopped holding press conferences, but she has made some thirty appearances on such shows as “Fox & Friends” and “Hannity.” Trump, Hemmer says, has “almost become a programmer.”

I still think Trump needs Fox News more than Fox News needs Trump, but ultimately Fox News is at the mercy of its audience. And its audience is crazy.

T-Mobile Spending at Trump’s Washington Hotel Increased Sharply After Announcement of Merger With Sprint 

David A. Fahrenthold and Jonathan O’Connell, reporting for The Washington Post:

T-Mobile’s patronage of President Trump’s Washington hotel increased sharply after the announcement in April of its merger with Sprint, with executives spending about $195,000 at the property since then, the company told congressional Democrats in a letter last month.

Before news of the megadeal between rival companies broke on April 29, the company said, only two top officials from T-Mobile had ever stayed at Trump’s hotel, with one overnight stay each in August 2017.

But the day after the merger’s announcement, nine of T-Mobile’s top executives were scheduled to check in, The Washington Post reported in January. The Post, relying on internal Trump hotel documents, found that T-Mobile executives had reserved at least 52 nights at the hotel since the announcement.

Two stays at Trump’s hotel, ever, until T-Mobile needed this acquisition approved, and then they drop almost $200,000 in a year. Shame on Trump and his administration for running the federal government as a patronage racket — but shame on T-Mobile, too, for participating in it.

See also: My rant on this back when the story broke in January.

Steven Troughton-Smith’s ‘Marzipanify’ 

Steven Troughton-Smith:

At WWDC 2018 Apple gave us a ‘sneak peek’ at perhaps one of the most impactful developments on macOS since the transition to Mac OS X: UIKit apps running on the desktop. Today, I’m going to detail a special tool I built, called Marzipanify, to get started with UIKit on the Mac early, and start the initial bringup of your iOS app on macOS. […]

Marzipanify is a tool I created to statically convert an iOS app built for the iOS Simulator to macOS. It means you can continue working on and building your existing iOS app from its existing project, using the existing iOS SDK, and just run the tool against the Simulator build to create a functioning Mac app. As a bonus, Marzipanify will yell at you when you’re linking against a framework or library that doesn’t currently exist in the iOSMac runtime. It trivializes the process so you can focus on adapting your app rather than managing a build environment.

What a crazy project. It’s not meant for production obviously — much is surely going to change in whatever Apple winds up announcing at WWDC. But it’s an incredibly interesting examination of how Marzipan works today on MacOS 10.14. And it works — James Thompson used it to get the iOS version of PCalc running on the Mac.

Absher: Saudi App That Tracks Women 

Bill Bostock, writing for Business Insider:

Google has declined to remove from its app store a Saudi government app which lets men track women and control where they travel, on the grounds that it meets all their terms and conditions.

Google reviewed the app — called Absher — and concluded that it does not violate any agreements, and can therefore remain on the Google Play store. […]

Insider last month reported how Absher — an all-purpose app which Saudis use to interact with the state — offers features which allow Saudi men to grant and rescind travel permission for women, and to set up SMS alerts for when women use their passports. […]

Apple told Speier’s office on Thursday they are still reviewing Absher, following calls from Senator Ron Wyden for them to “stop stalling” and make a decision.

Would be good to see a little of Apple’s famous courage here.

Facebook Won’t Let You Opt Out of Its Phone Number ‘Look Up’ Setting 

Zack Whittaker, writing for TechCrunch:

Others criticized Facebook’s move to expose phone numbers to “look ups,” calling it “unconscionable.”

Alex Stamos, former chief security officer and now adjunct professor at Stanford University, also called out the practice in a tweet. “Facebook can’t credibly require two-factor for high-risk accounts without segmenting that from search and ads,” he said.

Since Stamos left Facebook in August, Facebook has not hired a replacement chief security officer.

I’m sure they’ll get right on that.

Facebook Is Allowing Anyone to Look You Up Using Your Two-Factor Authentication Phone Number 

Michael Grothaus, writing for Fast Company:

On the surface, Facebook prompting people to enable 2FA was a good thing — if you have 2FA enabled it’s much harder for someone who isn’t you to log in to your account. But this being Facebook, they’re not just going to do something that is only good for the user, are they?

Last year it came to light that Facebook was using the phone numbers people submitted to the company solely so they could protect their accounts with 2FA for targeted advertising. And now, as security researcher and New York Times columnist Zeynep Tufekci pointed out, Facebook is allowing anyone to look up a user by their phone number, the same phone number that was supposed to be for security purposes only.

This is surely the least surprising thing you’ll read all day, but in addition to being an abuse of users’ privacy, it’s pernicious in terms of security practices. The lesson some people are going to take from this is that enabling two-factor authentication is for suckers.

Update: A friend messaged me: “My takeaway from the Mat Honan debacle was that 2FA that involves SMS or a phone number is absolutely for suckers and/or chumps. (The 2FA implementation in 1Password, using the same TOTP protocol as Google Authenticator or Authy, is glorious.)”

That’s a good point, and I agree. I spent an afternoon last year decoupling my phone as second factor from every account I could. But it’s depressing how many services — like my bank — only support SMS as a second factor.

5 Percent, 18 Percent, What’s the Difference? 

Kieren McCarthy, writing for The Register:

In just the latest in a seemingly endless stream of half-truths, Facebook has admitted it misled the public when it claimed that only 5 per cent of the users of its banned tracking app were teenagers.

The real figure, the Silicon Valley wunderkind has since confirmed to US Senator Mark Warner (D-VA), was nearly four times higher: 18 per cent.

Every single time Facebook puts a number on something, the truth turns out to be worse.

Buddy: The Fastest Website Deployments 

My thanks to Buddy for sponsoring this week at Daring Fireball. Buddy automates building, testing and deploying websites to any cloud. It’s fast and easy. Here’s a handful of comments from their users:

“I don’t understand how they do it, but Docker image building on Buddy is so much faster than any other CI platform I have used.”
—Scott Roberston

“Buddy is a stellar example of how great design and UX can benefit development tools. Super easy and intuitive experience for a CI/CD tool! Kudos for making such a great product.”
—Ibrahim AshShohail

Sign up for a free trial with Buddy.

Turnaround Time on Facebook’s Spying: 12 Hours 

Katherine Bindley, writing for The Wall Street Journal:

If we take advantage of all these privacy controls, it shouldn’t still feel as if Facebook is spying on us, right? We shouldn’t see so many ads that seem so closely tied to our activity on our phones, on the internet or in real life.

The reality? I took those steps months ago, from turning off location services to opting out of ads on Facebook and its sibling Instagram tied to off-site behavior. I told my iPhone to “limit ad tracking.” Yet I continue to see eerily relevant ads.

I tested my suspicion by downloading the What to Expect pregnancy app. I didn’t so much as share an email address, yet in less than 12 hours, I got a maternity-wear ad in my Instagram feed. I’m not pregnant, nor otherwise in a target market for maternity-wear. When I tried to retrace the pathway, discussing the issue with the app’s publisher, its data partners, the advertiser and Facebook itself — dozens of emails and phone calls — not one would draw a connection between the two events. Often, they suggested I ask one of the other parties.

Bindley’s piece ran under the headline “Why Facebook Still Seems to Spy on You”. I get that the Journal wants to be cautious, but there’s no “seems to” about it. They spy on us.

The Talk Show: ‘40 Hours a Day of Murder’ 

Special guest Rene Ritchie returns to the show. Topics include, but are not limited to, privacy concerns with apps from the App Store, Google’s payments to Apple to keep Google Search the default in Safari, Apple’s Shot on iPhone contest winners, and speculation about Apple’s purported March 25 media event.

Brought to you by these fine sponsors:

  • Marine Layer: Clothes that make it easy to get dressed in the morning. Use code TTS for 15% off your first order.
  • Squarespace: Make your next move. Use code talkshow for 10% off your first order.
  • Fracture: Photos printed in vivid color directly on glass. Get 10% off your first order.