Intuit’s PR Team Has Seemingly Never Heard of the Streisand Effect ★

Nilay Patel, after interviewing Intuit CEO Sasan Goodarzi for his Decoder podcast at The Verge:

It’s also not just lobbying: in 2022, a coalition of attorneys general from all 50 states got Intuit to agree to a $141 million settlement that required Intuit to refund low-income Americans who were eligible for free filing but were redirected to paid products. In 2023, the FTC found that TurboTax’s “free” marketing was willfully deceptive, and after the agency won an appeal early this year, Intuit was ordered to stop doing it.

I asked about that, and Sasan disagreed with me, and we went back and forth for a few minutes on it. It’s Decoder; we have exchanges like this all the time, and I didn’t think anything of it.

But then I got a note from Rick Heineman, the chief communications officer at Intuit, who called the line of questioning and my tone “inappropriate,” “egregious,” and “disappointing” and demanded that we delete that entire section of the recording. I mean, literally — he wrote a long email that ended with “at the very least the end portion of your interview should be deleted.”

We don’t do that here at The Verge.

What’s bananas about this is that the contentious segment of the interview ... wasn’t really all that contentious? If not for this controversy generated entirely by Intuit’s own comms chief, I’d have listened to the episode and might not have even thought twice about the whole segment on Intuit’s lobbying against the IRS and tax code being updated to eliminate the need for complicated tax filing. Of course Patel was going to bring this up. It’d have been shocking if he hadn’t. And I think Sasan presented Intuit’s case about as well it can be presented.

But now the episode has been the number one story at The Verge all day, and surely getting way more listens than the average Decoder episode — with listeners primed to pay attention to the segment on Intuit’s anti-tax-reform lobbying and the penalty they were fined for bilking low-income users into paid service they didn’t need.

And the Streisand effect isn’t counterintuitive. It’s obvious human nature. We want to look at and listen to things we’re told not to look at or listen to.

On the Cusp of Apple Intelligence’s Launch, Joanna Stern Interviews Craig Federighi ★

Joanna Stern, writing for The Wall Street Journal (News+):

If you’re expecting AI fireworks, prepare for AI … sparklers. Back in June, at the company’s annual developers conference, executives showed off do-it-yourself emojis, ChatGPT integration and a Siri that can recall the name of a person you met months ago. Apple has even been running ads for some features. None are in this release.

“This is a big lift,” Craig Federighi, Apple’s senior vice president of software engineering, told me at the company’s headquarters. “You could put something out there and have it be sort of a mess. Apple’s point of view is more like, ‘Let’s try to get each piece right and release it when it’s ready.’”

Yes, while other companies rush out generative-AI tools, sometimes with controversy, Apple is moving cautiously. Federighi denies the company is behind, saying it’s prioritizing privacy and responsibility.

It’s a very good interview, and also available on YouTube.

And yes, the higher-profile, more whiz-bang-y Apple Intelligence features aren’t shipping next week in iOS 18.1 and MacOS 15.1. But as Stern herself points out in the article, the features that are shipping are genuinely useful. Notification summaries are good — the occasional mistakes can be funny, but overall it’s solid, and especially helpful for batches of notification from the same app or group text. The Clean Up unwanted-object-remover in Photos is great. I still haven’t spent much time trying the writing tools, but Stern has, and finds them useful. These are tools that will be used in everyday situations, in the apps they already use, by normal, non-technical iOS and Mac users. There’s a reason Apple is doing a full-court media press on this.

Trump: ‘I Need the Kind of Generals That Hitler Had’ ★

Jeffrey Goldberg, in a must-read, must-share piece for The Atlantic (this is a gift link, which should get you through The Atlantic’s subscriber paywall, and which link I encourage you to share with every potential voter you know):

In their book, The Divider: Trump in the White House, Peter Baker and Susan Glasser reported that Trump asked John Kelly, his chief of staff at the time, “Why can’t you be like the German generals?” Trump, at various points, had grown frustrated with military officials he deemed disloyal and disobedient. (Throughout the course of his presidency, Trump referred to flag officers as “my generals.”) According to Baker and Glasser, Kelly explained to Trump that German generals “tried to kill Hitler three times and almost pulled it off.” This correction did not move Trump to reconsider his view: “No, no, no, they were totally loyal to him,” the president responded.

This week, I asked Kelly about their exchange. He told me that when Trump raised the subject of “German generals,” Kelly responded by asking, “‘Do you mean Bismarck’s generals?’” He went on: “I mean, I knew he didn’t know who Bismarck was, or about the Franco-Prussian War. I said, ‘Do you mean the kaiser’s generals? Surely you can’t mean Hitler’s generals? And he said, ‘Yeah, yeah, Hitler’s generals.’ I explained to him that Rommel had to commit suicide after taking part in a plot against Hitler.” Kelly told me Trump was not acquainted with Rommel. [...]

As president, Trump evinced extreme sensitivity to criticism from retired flag officers; at one point, he proposed calling back to active duty Admiral William McRaven and General Stanley McChrystal, two highly regarded Special Operations leaders who had become critical of Trump, so that they could be court-martialed. Esper, who was the defense secretary at the time, wrote in his memoir that he and Milley talked Trump out of the plan. [...] Trump has responded incredulously when told that American military personnel swear an oath to the Constitution, not to the president.

There’s no hope for the deep-MAGA derps who actually cheer this on. Trump’s hope for another electoral victory, however, depends upon large swaths of conservative, or even just conservative-ish, voters who don’t take him seriously, who haven’t paid attention to all the red flags and evidence from his first term, and think he doesn’t mean what he says. He says a lot of crazy shit, yes, but when he talks about what he wants to do, he means it. There’s very little he said he wanted to do in his first term that he either didn’t do, or didn’t try to do.

Goldberg:

On separate occasions in 2020, Trump held private conversations in the White House with national-security officials about the George Floyd protests. “The Chinese generals would know what to do,” he said, according to former officials who described the conversations to me, referring to the leaders of the People’s Liberation Army, which carried out the Tiananmen Square massacre in 1989. (Pfeiffer denied that Trump said this.) Trump’s desire to deploy U.S. troops against American citizens is well documented. During the nerve-racking period of social unrest following Floyd’s death, Trump asked Milley and Esper, a West Point graduate and former infantry officer, if the Army could shoot protesters. “Trump seemed unable to think straight and calmly,” Esper wrote in his memoir. “The protests and violence had him so enraged that he was willing to send in active-duty forces to put down the protesters. Worse yet, he suggested we shoot them. I wondered about his sense of history, of propriety, and of his oath to the Constitution.” Esper told National Public Radio in 2022, “We reached that point in the conversation where he looked frankly at General Milley, and said, ‘Can’t you just shoot them, just shoot them in the legs or something?’” When defense officials argued against Trump’s desire, the president screamed, according to witnesses, “You are all fucking losers!”

There’s some hope our military leadership would resist such orders again. But there won’t be any civilian leaders like John Kelly or Mark Esper in a second Trump administration. It’ll be sycophants all the way down.

Former Trump Chief of Staff John Kelly Warns Trump Would Rule Like a Dictator ★

Michael S. Schmidt for The New York Times:

He said that, in his opinion, Mr. Trump met the definition of a fascist, would govern like a dictator if allowed, and had no understanding of the Constitution or the concept of rule of law. [...]

When Mr. Kelly left the White House in 2019, he decided he would speak out on the record only if Mr. Trump said something that he found deeply troubling or involved him and was wildly inaccurate. Mr. Trump’s recent comments about using the military against what he called the “enemy within” were so dangerous, he said, that he felt he had to speak out.

“And I think this issue of using the military on — to go after — American citizens is one of those things I think is a very, very bad thing — even to say it for political purposes to get elected — I think it’s a very, very bad thing, let alone actually doing it,” Mr. Kelly said.

Mr. Kelly said that Mr. Trump was repeatedly told dating back to his first year in office why he should not use the U.S. military against Americans and the limits on his authority to do so. Mr. Trump nevertheless continued while in office to push the issue and claim that he did have the authority to take such actions, Mr. Kelly said.

Regarding Trump’s praise for Adolf Hitler:

“He commented more than once that, ‘You know, Hitler did some good things, too,’” Mr. Kelly said Mr. Trump told him. [...]

“First of all, you should never say that,” Mr. Kelly said that he told Mr. Trump. “But if you knew what Hitler was all about from the beginning to the end, everything he did was in support of his racist, fascist life, you know, the, you know, philosophy, so that nothing he did, you could argue, was good — it was certainly not done for the right reason.”

Mr. Kelly said that would usually end the conversation. But Mr. Trump would occasionally bring it up again.

In his first term Trump had guardrails. He hadn’t expected to actually win in 2016 and while his administration was staffed with hard-right Republicans, they were men who respected the Constitution and rule of law. There is much to criticize about Trump’s attorneys general, Jeff Sessions and Bill Barr. But both were exactly the sort of people you’d expect as attorney general under any Republican president. In fact, Barr had previously served as attorney general, under George H.W. Bush from 1991–1993 — not exactly a time of tumult or growing fascism in the United States. For attorney general in a possible second administration, ABC News is reporting that Trump is considering Aileen Cannon, the apparatchik Florida judge — utterly unqualified for the federal bench but nominated by Trump in 2020 — who threw out Trump’s stolen classified documents case this summer. To call her decision unfounded in law and seemingly based on fealty to Trump personally is putting it mildly.

The Sordid Tale of Rudy Giuliani’s Yankees World Series Rings

Tuesday, 22 October 2024

The aforelinked piece on Rudy Giuliani losing his possessions to pay the two Georgia election officials he was convicted of defaming made reference to the dispute regarding his four World Series rings, from the Yankees championships during his time as mayor, in 1996, 1998, 1999, and 2000. The current dispute is over Giuliani’s deeply suspicious claim that he gave the rings to his nitwit son Andrew in 2018, so they’re no longer his for the court to take.

But how did Rudy get them in the first place? It’s generally reported that these rings were gifts from the Yankees, given to him, while mayor of New York, after each win. Here’s a report today from the AP that just glosses over their provenance.

The real story is — shocker — a scandal. An embarrassment for the Yankees, but almost certainly a crime on Giuliani’s part. That he received the rings in the first place seemingly wasn’t publicly known until 2007, during his ill-fated run for president, when he campaigned while wearing one of them. The whole sordid saga was exposed by reporter Wayne Barrett for The Village Voice in May 2007, in a 6,000-word feature under the headline “The Yankees’ Clean-Up Man”:

Giuliani has been seen on the campaign trail wearing a World Series ring, a valuable prize we never knew he had. Indeed, the Yankees have told the Voice that he has four rings, one for every world championship the Yankees won while he was mayor. Voice calls to other cities whose teams won the Series in the past decade have determined that Giuliani is the only mayor with a ring, much less four. If it sounds innocent, wait for the price tag. These are certainly no Canal Street cubic zirconia knockoffs.

With Giuliani’s name inscribed in the 1996, 1998, 1999, and 2000 diamond-and-gold rings, memorabilia and baseball experts say they are collectively worth a minimum of $200,000. The Yankees say that Giuliani did pay for his rings — but only $16,000, and years after he had left office. Anyone paying for the rings is as unusual as a mayor getting one, since neither the Yankees nor any other recent champion have sold rings to virtually anyone. The meager payment, however, is less than half of the replacement value of the rings, and that’s a fraction of the market price, especially with the added value of Giuliani’s name.

What’s more troubling is that Giuliani’s receipt of the rings may be a serious breach of the law, and one that could still be prosecuted. New York officials are barred from taking a gift of greater than $50 value from anyone doing business with the city, and under Giuliani, that statute was enforced aggressively against others. His administration forced a fire department chief, for example, to retire, forfeit $93,105 in salary, and pay a $6,000 fine for taking Broadway tickets to two shows and a free week in a ski condo from a city vendor. The city’s Conflicts of Interest Board (COIB) has applied the gift rule to discounts as well, unless the cheaper rate “is available generally to all government employees.”

Needless to say, World Series rings were not available for purchase by anyone else, at any price.

Four sources, two from the manufacturer and two from City Hall, have told the Voice that a ring was made with Giuliani’s name on it in 1996 or early 1997. The City Hall sources also recall him receiving the ring at that time. In addition, one of these sources, joined by two other ex–Giuliani staffers, says the mayor did not take possession of the three additional rings until much later. The best recollection of these aides is that he got these rings as a package near the end of his term in 2001, just as his administration closed a number of critical deals with the Yankees. While the Yankees could offer no explanation for why he paid for three rings in one year and the 1996 ring a year later, the chronology cited by the sources suggests one. He paid for the three he received together, and then later remembered to pay for the one he’d gotten long before. He paid $2,000 less for the 1996 ring than he did for the others — another indication of how disconnected from market factors this reputed sale was, since many ring experts believe the 1996 ring, which ended a nearly two-decade Yankee drought, is the most valuable of the four.

I’ve quoted quite a bit here from Barrett’s reporting, but there’s so much more, all of it crooked as hell — a sordid tale of both large-scale graft and petty grift. It’s an extraordinary example of investigative reporting. Read it and laugh at now-disgraced Giuliani’s expense. Barrett’s report concludes:

Those who know Giuliani well say that when he thinks he’s in love, he waives all the rules of acceptable conduct. But the story of him and his team is not just a saga of disturbing infatuation and self-absorption. It is an object lesson in what kind of a president he would be, a window into his willingness to lend himself to a special interest, to blur all lines that ordinarily separate personal and public lives. It is not so much that he identified with the Yankees. It was himself that he was serving.

Turns out, we eventually got exactly that kind of president, and might get him again. It’s just that his name isn’t Giuliani. ★

Tuesday, 22 October 2024

Rudy Giuliani Is Losing Everything to the Georgia Election Workers He Defamed ★

Katelyn Polantz, reporting for CNN:

A federal judge on Tuesday ordered former Donald Trump attorney and New York mayor Rudy Giuliani to turn over all his valuable possessions and his Manhattan penthouse apartment to the control of Ruby Freeman and Shaye Moss, the Georgia election workers he defamed and to whom he now owes $150 million.

Judge Lewis Liman of the federal court in Manhattan said Giuliani must turn over his interest in the property to the women in seven days, to a receivership they will control. The judge’s turnover order of the luxury items is swift and simple, but the penthouse apartment will have its control transferred so Freeman and Moss can sell it, potentially for millions of dollars.

The women, who counted Georgia ballots after the 2020 election, will also be entitled to about $2 million in legal fees Giuliani has said the Trump campaign still owes him, the judge ruled.

In addition to the Trump campaign fees and the New York apartment, Giuliani must also turn over a collection of several watches, including ones given to him by European presidents after the September 11, 2001, attacks; a signed Joe DiMaggio jersey and other sports memorabilia; and a 1980 Mercedes once owned by the Hollywood star Lauren Bacall. Additionally, the judge ordered that Giuliani turn over his television, items of furniture and jewelry.

Liman hasn’t yet decided if Giuliani will be able to keep a Palm Beach, Florida, condominium he also owns, or the four New York Yankees World Series rings he has, which Giuliani’s son contends his father gave him.

Donald Trump has numerous super powers. One of them is the way that — to date — he’s suffered few consequences for crimes committed in his name. Trump Organization CFO Allen Weisselberg didn’t just do time, he served hard time in Rikers Island. Former White House official Peter Navarro? Prison. Steve Bannon? Prison. Trump’s personal lawyer Michael Cohen? Prison. The list goes on.

Now, as a result of his efforts on behalf of Trump to attempt to overthrow the results of the 2020 election, Rudy Giuliani is seemingly destitute. Rightly so. The whole “America’s Mayor” schtick was unearned, but he had it. He had respect and wealth. Now he doesn’t even own a fucking television. His whole life thrown away in disgrace to do the bidding of Donald Trump, who at this point surely wouldn’t even answer a phone call from Giuliani, let alone actually help him.

Trump, meanwhile, is a nerve-rackingly close election away from escaping unscathed.

Monday, 21 October 2024

EU Considers Calculating X Corp Fines by Including Revenue From Elon Musk’s Other Firms ★

Gian Volpicelli and Samuel Stolton, reporting for Bloomberg^*:

Under the EU’s Digital Services Act, the bloc can slap online platforms with fines of as much as 6% of their yearly global revenue for failing to tackle illegal content and disinformation or follow transparency rules. Regulators are considering whether sales from SpaceX, Neuralink, xAI and the Boring Company, in addition to revenue generated from the social network, should be included to determine potential fines against X, people familiar with the matter said, asking not to be identified because the information isn’t public. [...]

X is a private company under Musk’s sole control. In considering revenue from his other companies, the commission is essentially weighing whether Musk himself should be regarded as the entity to fine as opposed to X itself, the people said. Tesla Inc.’s sales would be exempt from this calculation because it’s publicly traded and not under Musk’s full control, one of the people said. The commission hasn’t yet decided whether to penalize X, and the size of any potential fine is still under discussion, the people said.

It’d be one thing if X had been split off into a subsidiary of a larger original company, specifically to decrease the size of any potential revenue-based penalty. Like, say, if Apple suddenly decided to break off “iOS” into an independent company that licensed software to Apple to include on iPhones. But we all know that’s not what X is. X was Twitter, which was a publicly-traded company that Musk had no stake in, and which he then bought and made private.

If the EU actually decides to include revenue from SpaceX and Musk’s other companies in calculating a penalty against X, it would effectively be playing a one-sided form of Calvinball, where the rules just get made up out of whole cloth as they go along. (Except in “real” Calvinball, both sides get to change the rules as they see fit.) They’re the ones who chose percentage-of-global revenue as the basis for potential penalties. It’s not Musk’s fault that X Corp generates embarrassingly little (and decreasing) revenue. Wait, actually, that is his fault. He bought a bad business and made it a lot worse. It’s just not his fault that running X Corp into the ground financially means that he can pay any potential revenue-based penalty out of his pocket change.

* You know.

Yours Truly on the ‘Rad History’ Podcast to Talk About GoldenEye 007 for Nintendo 64 ★

Brian McCullough:

Did Nintendo try to kill GoldenEye 007 before it was completed? Why did Shigeru Miyamoto keep telling the development team to tone down the violence? And why did the famous multiplayer aspect of the game almost not happen? It’s slappers-only on Rad History, because we’re diving into the history of THE game of the late 1990s, GoldenEye 007 for the Nintendo 64.

Had a blast talking about one of my very favorite video games ever. My main link here is to the YouTube version of the episode, but it’s also available as an audio episode for all podcast players, including Overcast and Apple Podcasts.

Yankees and Dodgers Resume the Best World Series Rivalry, Finally ★

The New York Yankees are back in the World Series for the first time since 2009, and for the 41st time in franchise history. Their opponent: the Los Angeles Dodgers, who will appear for the 22nd time. This will be the 12th time the two teams have met in the World Series, but the first since 1981. (The Yankees won 8 of the previous 11.) A star-studded matchup with incredible history, to say the least. May the best team win.

See also: Jomboy’s pitch-by-pitch breakdown of Yankee hero Juan Soto’s series-clinching 3-run homer with 2 outs in the 10th inning against the Cleveland Guardians Saturday night. One of the best at-bats I’ve ever seen, and probably one of the top 5 home runs in the entire history of the Yankees.

Saturday, 19 October 2024

Weather Up ★

My thanks to Weather Up for sponsoring this week at DF. If you’re even a semi-regular reader, you know I’m an aficionado of weather apps. There are a bunch of really good ones — including Apple’s own — but there’s an incredible degree of variety and originality in their information design, style, and priorities. Weather Up is one of my favorites, and ever since version 3 shipped earlier this year, it’s been my primary iPhone weather widget, which, in turn, makes it my most-glanced-at weather app.

Widgets are where Weather Up really shines: informative, glanceable, and intuitively interactive, simultaneously presenting what’s going to happen in the next hour and the forecast for the next few days. Yes, this is my thank-you post for a paid sponsorship, but I absolutely mean this: Weather Up’s widget is the best.

The Weather Up app takes a different approach from the widget, presenting a map-first design. No other weather app (that I’m aware of) goes map-first presentation-wise — which is likely explained by the fact that, as Weather Up developer David Barnard explained on The Talk Show, weather map data is expensive.

In fact, all weather data costs money, and good weather data costs more. Most “free” weather apps are only free at the expense of your privacy. Because you generally grant your weather apps location access — for the obvious purpose of getting local weather info and notifications wherever you go — weather apps are a top category for privacy-invasive advertising.

The developers of Weather Up, on the other hand, are privacy fanatics. Weather Up takes extra steps to protect your data. GPS coordinates are rounded to prevent precise location tracking, data requests go through Weather Up’s servers to hide your IP address, and the app doesn’t collect or share any personal data. A Weather Up subscription normally costs a very reasonable $5/month or $40/year — but with this DF sponsorship link, you can start with a completely free 7-day trial and then pay just $20 for your first year, a 50 percent discount.

If you care about weather apps at all, I implore you to give Weather Up a try. You won’t regret it.

Thursday, 17 October 2024

The European Union’s Interinstitutional Style Guide on Boldfacing for ‘Emphasis’ ★

Here’s an interesting bit of follow-up. Last month, when linking to the European Commission’s announcement of “two specification proceedings to assist Apple in complying with its interoperability obligations under the Digital Markets Act”, I wrote a sidenote on the EC’s seemingly willy-nilly use of boldface text:

Honest question: Can someone explain to me the Commission’s use of boldfacing? In the first 265 words of the press release, 66 of them are bold, across 13 different spans. They seemingly use boldfacing the way Trump capitalizes words in his tweets: indiscriminately. I find it highly distracting, like trying to read a ransom letter. It’s not just this press release, they do it all the time.

It turns out, the EU publishes an Interinstitutional Style Guide, and it has an entire entry on emphasis:

Bold type is often used in titles and headings. It can also be used in running text to show changes of subject, to highlight keywords or for emphasis in the same way that some other languages use italics. However, it should be used sparingly.

If the text is already in bold roman, words to be emphasised should be in light roman characters.

Do not overuse typographical variations for emphasis. It can have a detrimental effect on getting the message across quickly and clearly, as shown in the following examples.

Their examples, showing how overuse of boldfacing makes text harder to read, look exactly like the announcement that prompted my sidenote. Whoever writes these announcements from the Commission should read the EU’s own style guide and follow its advice.

See Also: The EU style guide’s entry on italics, which they reserve for purposes other than emphasis.

FIDO Alliance Is Working on Making Passkeys Portable Across Platforms ★

Tim Hardwick, reporting for MacRumors:

The FIDO Alliance is developing new specifications to enable secure transfer of passkeys between different password managers and platforms. Announced on Monday, the initiative is the result of collaboration among members of the FIDO Alliance’s Credential Provider Special Interest Group, including Apple, Google, Microsoft, 1Password, Bitwarden, Dashlane, and others.

Passkeys are an industry standard developed by the FIDO Alliance and the World Wide Web Consortium, and were integrated into Apple’s ecosystem with iOS 16, iPadOS 16.1, and macOS Ventura. They offer a more secure and convenient alternative to traditional passwords, allowing users to sign in to apps and websites in the same way they unlock their devices: With a fingerprint, a face scan, or a passcode. Passkeys are also resistant to online attacks like phishing, making them more secure than things like SMS one-time codes.

The draft specifications, called Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF), will standardize the secure transfer of credentials across different providers. This addresses a current limitation where passkeys are often tied to specific ecosystems or password managers.

This initiative would address one of David Heinemeier Hansson’s primary complaints about passkeys, in a post I linked to earlier today.

Hardwick mentions un-phishability as an advantage of passkeys, and that’s very true. In fact, I think that was one of the primary selling points Apple emphasized when they introduced passkey support at WWDC two years ago. A scammer who gets a victim on the phone can’t trick them into revealing a passkey like they can with passwords or one-time numeric codes. But that use case is optimized for non-technical users.

A friend texted me with another argument for passkeys: it’s somewhat common for websites to break password autofill. Maybe it’s deliberate, in the name of fighting bots? But whether deliberate or not, with passkeys, they have to work with your browser’s connected password manager. So maybe passkeys are a net win for convenience, even for technically-knowledgeable users who are unlikely to fall for phishing scams.

Apple Passwords’ Generated Strong Password Format ★

Speaking of passwords, Ricky Mondello — who has long been a leading member of Apple’s “Authentication Experience” team — has an interesting blog post describing the algorithm Apple uses when it suggests new strong passwords:

To make these passwords easier to type on suboptimal keyboard layouts like my colleague’s game controller, where the mode switching might be difficult, these new passwords are actually dominated by lowercase characters. And to make it easier to short-term have in your head little chunks of it to bring over to the other device, the passwords are based on syllables. That’s consonant, vowel, consonant patterns. With these considerations put together, in our experience, these passwords are actually a lot easier to type on a foreign, weird keyboard, in the rare instances where that might be needed for some of our users.

And we weren’t going to make any changes to our password format unless we can guarantee that it was as strong or stronger than our old format. So if you want to talk in terms of Shannon entropy once again, these new passwords have 71 bits of entropy, up from the 69 from the previous format. And a little tidbit for folks who are trying to match our math — [note that] we actually have a dictionary of offensive terms on device that we filter these generated passwords against and we’ll skip over passwords that we generate that contain those offensive substrings.

I’ve noticed some of these details, like that the passwords are comprised of little “fake words” and are dominated by lowercase letters, but I hadn’t noticed all of them. It’s a bunch of clever little touches, all in the aim of making strong passwords that are convenient in odd situations (like typing them with a game controller).

DHH Argues Against Passkeys ★

David Heinemeier Hansson:

Yes, passwords have problems. If you’re using them without a password manager, you’re likely to reuse them across multiple services, and if you do, all it takes is one service with awful password practices (like storing them in plain text rather than hashing them with something like bcrypt), and a breach will mean hackers might get access to all your other services.

But just because we have a real problem doesn’t mean that all proposed solutions are actually going to be better. And at the moment, I don’t see how passkeys are actually better, and, worse still, can become better. Unless you accept the idea that all your passwords should be tied to one computing ecosystem, and thus make it hard to use alternative computers. [...]

Bottom line, I’m disappointed to report that passkeys don’t appear worth the complexity of implementation (which is substantial!) nor the complexity and gotchas of the user experience. So we’re sticking to passwords and emails. Encouraging opt-in 2FA and password managers, but not requiring them.

Passkeys seemed promising, but not all good intentions result in good solutions.

I don’t have strong feelings about passkeys, but I am vaguely unsettled by them. There’s no way to use passkeys without using a proper password manager, like Apple Passwords with iCloud Keychain, or 1Password. But if you’re using a proper password manager, your passwords should all be unique and random, and you should have convenient access to 2FA codes. So what’s the point of passkeys if they can only be used by people who are already using a good password manager? Perhaps the thinking is that too many users just can’t be budged from the risky habit of using passwords they have memorized, and passkeys are a way to break that habit because they can’t be memorized.

Also, I really dislike the practice of replacing passwords with email “magic links”. Autofilling a password from my keychain happens instantly; getting a magic link from email can take minutes sometimes, and even in the fastest case, it’s nowhere near instantaneous. Replacing something very fast — password autofill — with something slower is just a terrible idea. For people who actually prefer email magic links, it’s fine as an option, but it shouldn’t be the default, and it certainly shouldn’t be the only way to sign into an account.

Things Are Not Going Well at Automattic ★

Samantha Cole, reporting for 404 Media:

In July, before the latest WP Engine blowup, an Automattic employee wrote in Slack that they received a direct message from Mullenweg sending them an identification code for Blind, an anonymous workplace discussion platform, which was required to complete registration on the site. Blind requires employees to use their official workplace emails to sign up, as a way to authenticate that users actually work for the companies they are discussing. Mullenweg said on Slack that emails sent from Blind’s platform to employees’ email addresses were being forwarded to him. If employees wanted to log in or sign up for Blind, they’d need to ask Mullenweg for the two-factor identification code. The implication was that Automattic — and Mullenweg — could see who was trying to sign up for Blind, which is often a place where people anonymously vent or share criticism about their workplace.

“We were unaware that Matt redirected sign-up emails until current Automattic employees contacted our support team,” a spokesperson for Blind told me, adding that they’d “never seen a CEO or executive try to limit their employees from signing up for Blind by redirecting emails.”

That does not seem compatible with a culture of trust within a company. Cole also reports that Mullenweg has made another buyout offer this week, and is threatening employees who leak to the press. This very report from 404 Media, under the headline “Employees Describe an Environment of Paranoia and Fear Inside Automattic Over WordPress Chaos”, is not going to help. The whole situation is just very depressing.

Wednesday, 16 October 2024

The Secretive Dynasty That Controls the Boar’s Head Brand ★

Maureen Farrell, writing for The New York Times:

In May 2022, the chief financial officer of Boar’s Head, the processed meat company, was asked a simple question under oath.

“Who is the C.E.O. of Boar’s Head?”

“I’m not sure,” he replied.

“Who do you believe to be the C.E.O. of Boar’s Head?” the lawyer persisted.

The executive, Steve Kourelakos, who had worked at the company for more than two decades and was being deposed in a lawsuit between owners, repeated his answer: “I’m not sure.”

It is odd, to say the least, when a top executive of a company claims not to know who his boss is. And Boar’s Head is no fly-by-night enterprise. The company is one of the country’s most recognizable deli-meat brands; it generates what employees and others estimate as roughly $3 billion in annual revenue and employs thousands of people.

There’s secretive, and then there’s secretive.

Tuesday, 15 October 2024

Apple Announces New iPad Mini, With A17 Pro and Pencil Pro Support ★

Apple Newsroom:

Apple today introduced the new iPad mini, supercharged by the A17 Pro chip and Apple Intelligence, the easy-to-use personal intelligence system that understands personal context to deliver intelligence that is helpful and relevant while protecting user privacy. With a beloved ultraportable design, the new iPad mini is available in four gorgeous finishes, including a new blue and purple, and features the brilliant 8.3-inch Liquid Retina display. A17 Pro delivers a huge performance boost for even the most demanding tasks, with a faster CPU and GPU, a 2× faster Neural Engine than the previous-generation iPad mini, and support for Apple Intelligence. The versatility and advanced capabilities of the new iPad mini are taken to a whole new level with support for Apple Pencil Pro, opening up entirely new ways to be even more productive and creative. [...]

Starting at just $499 with 128GB — double the storage of the previous generation — the new iPad mini delivers incredible value and the full iPad experience in an ultraportable design.

Interesting that it sports the A17 Pro, ~~not the regular A17~~. Update: Whoops, I got my A-series numbers confused — the A17 Pro is the chip from last year’s iPhone 15 Pro models, and, notably, there was no non-“Pro” variant. Still, though: an interesting chip to use for iPad Mini. Here’s a link to the tech specs for the 2021 6th-gen iPad Mini for comparison.

Also interesting that it still uses Touch ID, not Face ID. Not surprising though — the iPad Mini has always been sort of, but not quite, a mini iPad Air. And in the iPad lineup, Face ID remains a Pro-exclusive feature.

Sunday, 13 October 2024

Sponsorship Openings at Daring Fireball, Q4 Edition ★

After being sold out for months, the upcoming sponsorship schedule at DF is unusually open at the moment — including this upcoming week.

Weekly sponsorships have been the top source of revenue for Daring Fireball ever since I started selling them back in 2007. They’ve succeeded, I think, because they make everyone happy. They generate good money. There’s only one sponsor per week and the sponsors are always relevant to at least some sizable portion of the DF audience, so you, the reader, are never annoyed and hopefully often intrigued by them. And, from the sponsors’ perspective, they work. My favorite thing about them is how many sponsors return for subsequent weeks after seeing the results.

If you’ve got a product or service you think would be of interest to DF’s audience of people obsessed with high quality and good design, get in touch. And again, this coming week remains open.

1Password ★

My thanks to 1Password — which, earlier this year, acquired longtime DF sponsor Kolide — for sponsoring last week at DF. In a 2023 survey of IT and security professionals, 50 percent of respondents said that their organization’s vulnerability management program had support from leadership to “a large/great extent”. That’s good for them. But it also leaves a full half of respondents without enough support from leadership.

If you’re trying to get buy-in at your own organization, come equipped with the facts about the risks you’re facing, and come with a clear plan to remediate them. To learn more about how vulnerability management is changing, read 1Password’s blog post, and come prepared.

Cabel Sasser’s Talk at XOXO 2024 ★

The less you know about this talk, the more you’ll enjoy watching it unfold. Just remarkably good. Trust me, watch it now, before anything about it is spoiled for you.

Mosaic Netscape 0.9 Was Released 30 Years Ago Today ★

Jamie Zawinski:

For those of you who are unaware of these finer details, 0.9 was the first release of the Netscape browser (which begat Firefox) available to the general public. This beta release was an unannounced surprise. Prior to this, everyone assumed that what we were doing was going to be a standard for-sale product where you sent off your $35 and then some time later got a disc in the mail with a license key. That we just said, “Here’s our FTP site, come get it, go crazy” was, at the time, shocking to people.

The thing that confuses people sometimes about new platforms is that while the platform and its clients are different things, you usually need both to be great for the whole thing to succeed. The World Wide Web, as conceived by Tim Berners-Lee, was and remains a remarkable, world-changing platform. But it really didn’t take off until Netscape hit. It was just such a great app, including on the Mac. It was the browser the web needed.

Friday, 11 October 2024

‘Elon Musk Makes Bold Claims About Tesla Robotaxi in Hollywood Backlot’ ★

Jonathan Gitlin, automotive editor at Ars Technica, on Tesla’s vaporware event last night:

Over time, Musk claimed the operating costs of his Cybercab would be 20 cents per mile, “and yes you’ll be able to buy one,” he told the crowd to excited shrieks. “We expect the cost to be below $30,000,” Musk said, before expounding on a business model where instead of the company owning and operating these allegedly revenue-generating assets itself, they are instead owned by private individuals who each give Tesla its regular cut. This week another four top executives left the company in advance of last night’s event, including “the global vehicle automation and safety policy lead.”

“It’s going to be a glorious future,” Musk said, albeit not one that applies to families or groups of three or more.

Musk claims that Tesla “expects to start” fully unsupervised FSD next year on public roads in California and Texas. A recent analysis by an independent testing firm found the current build requires human intervention about once every 13 miles, often on roads it has used before.

Donald Trump, Yesterday, on Autonomous Cars ★

Donald F. Trump, yesterday in Detroit:

“Do you like autonomous? Does anybody like an autonomous vehicle? Know what that is? Right? When you see a car driving along? Some people do, I don’t know. A little concerning to me, but the autonomous vehicles we’re going to stop from operating.”

This, on the very day Tesla was set to hold a high-profile event to promote autonomous vehicles. This, after Elon Musk dropped to his knees and begged for Trump’s approval — exactly as Trump predicted Musk would — at one of Trump’s Hitlerjugend rallies just last week.

It’s almost enough to make you think Trump is only in it for himself and will eventually betray and humiliate every single person who believes he’s on their side, and that his screws are now so loose that it only takes days, not weeks or months, for him to forget who his ostensible oligarchic allies are.

Why Are News Organizations Giving Any Credence to Elon Musk’s Claims About Tesla’s Previewed Self-Driving Taxi and Bus? ★

Abhirup Roy and Akash Sriram, reporting for Reuters:

CEO Elon Musk showcased on Thursday a long-awaited robotaxi with two gull-wing doors and no steering wheel or pedals and surprised with robovan, betting on a shift in focus from low-priced mass-market cars to robotic vehicles. At a glitzy unveiling, Musk reached the stage in a “Cybercab” to be produced from 2026 — eventually in high volume — and priced under $30,000. He then introduced the robovan which can carry up to 20 people though offered few further details.

But Musk, who has a record of missing projections — and himself said he tended to be optimistic with time frames — did not say how quickly Tesla could ramp up robotaxi production, clear inevitable regulatory hurdles or implement a business plan to leapfrog robotaxi rivals such as Alphabet’s Waymo.

Even with the disclaimer of Musk’s “record of missing projections”, this is far too much credence. The availability dates, the prices — they’re all just made up. It’s a complete distraction from the fact that Tesla is way behind. Waymo is actually operating in four cities today. Somewhere in San Francisco or Austin, there’s probably a Daring Fireball reader reading this post while riding in a self-driving Waymo.

Wake me up when Tesla ships any of these vehicles. Until then, stop using the present tense about any of it. It’s all vaporware for now. (And the stock market isn’t buying it — on a day when markets are flat, Tesla is down 8 percent as I type. Update: It closed down close to 9 percent for the day.)

Also: How stupid is a two-seat taxi? “Well, there are three of us, so we better hail two rides...” It makes no sense.

Consider the Plight of the VC-Backed Privacy Burglars

Thursday, 10 October 2024

Kevin Roose wrote a column for The New York Times last week under the headline “Did Apple Just Kill Social Apps?”, about which Jason Snell quipped, “It’s rare that a story is worse than its provocative headline, but this one manages it.” The gist of it is Roose positing that Apple’s new fine-grained controls over contact-sharing in iOS 18 are somehow controversial. Roose himself writes:

For years now, the way contact sharing has worked on iOS devices is that an app can trigger a message called a “data access prompt,” asking for access to a user’s contacts.

If the user agreed, the app developer got a list of all the contacts in that user’s address book, along with other information stored in the user’s contact cards, such as phone numbers and email addresses. App developers could then use that information to build out a user’s social graph, or suggest other accounts for the user to follow.

In iOS 18, however, users who agree to give an app access to their contacts are shown a second message, allowing them to select which contacts to share. Users can opt to share just a handful of contacts by selecting them one by one, rather than forking over their entire address book.

Apple’s stated rationale for these changes is simple: Users shouldn’t be forced to make an all-or-nothing choice. Many users have hundreds or thousands of contacts on their iPhones, including some they’d rather not share. (A therapist, an ex, a random person they met in a bar in 2013.) iOS has allowed users to give apps selective access to their photos for years; shouldn’t the same principle apply to their contacts?

The obvious answer is yes, the same principle should of course apply to contacts. But Roose presents the change as controversial and anticompetitive, on the grounds that burgeoning social networks have, over the last 15 years, used that all-or-nothing access to users’ contacts to great effect building out their social graphs, and pointing out that Apple’s own first-party apps like Messages and Mail aren’t faced with these restrictions.

Nick Heer wrote a splendid response to Roose’s piece at Pixel Envy — “I Do Not Care About Impediments to a Creepy Growth Hacking Technique” — the entirety of which is worth your full attention, but this paragraph sums up my first thought:

The surprise is not that Apple is allowing more granular contacts access, it is that it has taken this long for the company to do so. Developers big and small have abused this feature to a shocking degree. Facebook ingested the contact lists of a million and a half users unintentionally — and millions of users intentionally — a massive collection of data which was used to inform its People You May Know feature. LinkedIn is famously creepy and does basically the same thing. Clubhouse borrowed from the TBH playbook by slurping up contacts before you could use the app. This has real consequences in surfacing hidden connections many people would want to stay hidden.

My other thought is that new restrictions are inevitably resented by those who were abusing the newly-restricted resource. Polluters resent new regulations that force them to cease dumping chemicals into rivers and lakes, or pumping them into the air. Coal mines and factories resented child labor laws a century ago (and some still resent them today). If iOS had debuted in 2007 with per-contact sharing controls exactly like those in iOS 18 today, no one serious would ever have complained that this was wrong or unfair.¹ But Apple adding these controls only now makes it different. They’re not just giving users control they previously didn’t have, they’re taking something away from companies that seek to exploit, as Heer aptly describes it, a creepy growth-hacking technique. Writ large, this psychology explains why granting social equality to minority groups feels to some in the majority group, the small-minded and bigoted, like a loss of privilege and a downgrade in status.²

As for Roose’s contention that it’s even somewhat controversial that Apple’s own apps aren’t subject to these address book restrictions:

Some developers also pointed out that the iOS 18 changes don’t apply to Apple’s own services. For example, iMessage doesn’t have to ask for permission for access to users’ contacts the way WhatsApp, Signal, WeChat and other third-party messaging apps do. They see that as fundamentally anticompetitive — a clear-cut example of the kind of self-preferencing that antitrust regulators have objected to in other contexts.

To the first party go the first-party spoils. It’s absurd to consider a cell phone that doesn’t make the user’s full address book available to the built-in phone-call and messaging apps. All phones offer similar system-level integration between such core apps. But for Apple in particular, broad and deep integration is the company’s modus operandi. People choose to use Apple platforms because of the integration, not despite it. As I wrote last month in “The iOS Continental Drift Widens”:

Safari isn’t just a web browser that just happens to be Apple’s. It’s the web browser designed by Apple to do things the iOS way on iOS (and the Macintosh way on MacOS). If, as a user, you do things the Apple way — owning multiple Apple devices, using iCloud for sync, using Safari as your web browser — you get an integrated experience, with access on device A to the tabs open on device B, shared browsing history and bookmarks between all devices, and support for systemwide services and features. The default apps from Apple on a factory fresh iPhone are designed to work together and present themselves consistently. That’s not to say no one should use third-party apps that are alternatives to Apple’s own. Of course not. Surely almost every reader of Daring Fireball uses one or more third-party apps that are alternatives to Apple’s. I use several. But the built-in Apple apps, taken together, constitute the Apple-defined experience. Those really are the apps most non-expert users should use. And the best third-party alternatives — like Fantastical (calendar), Cardhop (contacts), Overcast (podcasts), and Bear (notes) — fit seamlessly within that overall Apple experience. They’re third-party apps that feel integrated with the first-party experience.

Cardhop is a particularly apt example, as its entire purpose is to serve as a full alternative to the system Contacts app. It wouldn’t be able to do so if it needed per-entry permission to each contact, so it asks the user for full address book read/write access, which Cardhop users grant because, duh, the entire point of the app is that it’s a full address book. A new social media network is not an address book — and users know it.

Also, even putting aside the fact that first-party apps necessarily have certain advantages third-party apps do not (otherwise, there’d be no distinction), apps from the same developer have broad permission to share data and resources via app groups. Gmail can talk to Google Calendar, and Google Calendar has full access to Gmail’s address book. It’s no more “fundamentally anticompetitive” for Messages and Apple Mail to have full access to your Contacts address book than it was for Meta to launch Threads by piggybacking on the existing accounts and social graph of Instagram. If it’s unfair, it’s only unfair in the way that life in general is unfair.

The question to ask is, “Is this what users want and expect?” Sometimes it really is that simple. I’m not sure it’s ever worth asking “Is this what growth-hacking VC-backed social-media app makers want?” ★

This is hard to believe now, but until iOS 6 in 2012, there were no access restrictions on address book data at all. All apps simply had unfettered access to all of your contact data, with no permission prompt nor any indication that they were accessing it. This came to a head with a massive controversy over the defunct social app Path’s uploading to its servers the entire address books of all its user. ↩︎︎
This sentiment has never been described more searingly than by Gene Hackman in this scene from the great film Mississippi Burning. A 1988 film about 1964 murders that, alas, captures our political moment today. ↩︎

Thursday, 10 October 2024

Calvin’s Dad Explains the Pre-Color World ★

Given that Calvin and Hobbes is almost certainly the best (and almost more certainly, the most beloved) comic strip ever, it’s devilishly hard to pick a favorite. But this might be mine. I thought about it often as I raised my own son.

Update: I sent this one to my son, and he sent me this one back. My boy gets me.

Internet Archive Hacked, Data Breach Impacts 31 Million Users ★

Lawrence Abrams, reporting for Bleeping Computer:

Internet Archive’s “The Wayback Machine” has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.

“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!,” reads a JavaScript alert shown on the compromised archive.org site.

The text “HIBP” refers to is the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service.

Hunt told BleepingComputer that the threat actor shared the Internet Archive’s authentication database nine days ago and it is a 6.4GB SQL file named “ia_users.sql”. The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.

As if that weren’t enough to make for a bad week for the Internet Archive — a seemingly irreplaceable stalwart resource of the web — they’re also under a DDoS attack. Jason Scott, archivist at Internet Archive, on Mastodon:

Someone is DDOSing the internet archive, so we’ve been down for hours. According to their twitter, they’re doing it just to do it. Just because they can. No statement, no idea, no demands.

Humane, Not Dead Yet, Ships CosmOS 1.2 Update for AI Pin ★

Bethany Bongiorno, on X:

insane battery life (17 hours with profiled usage)

calendar recall

speak in over 50 languages — in your own voice

vision gesture for quick multi-modal questions

playlist support

timers, alarms, world clock

touchcode gesture unlock

pinpoint — locate your pin!

Sometimes all you can do is put your nose to the grindstone and keep plugging. But man, I don’t even hear jokes about the AI Pin any more. (Full change log.)

Alarmo — A New $100 Alarm Clock From Nintendo ★

Kind of crazy to create an alarm clock in this era of bedside phones, but like just about everything from Nintendo, it does seem fun. (Would seem a bit more appealing if it could serve as a Bluetooth audio speaker.)

Dan Riccio, Longtime Apple Hardware Executive, Is Retiring ★

Mark Gurman, reporting for Bloomberg:

Apple Inc.’s Dan Riccio, who oversaw the company’s push into mixed-reality headsets and previously served as its hardware engineering chief, is retiring.

The veteran executive, a vice president who reports to Chief Executive Officer Tim Cook, is leaving Apple this month, according to people with knowledge of the move. Employees in Riccio’s Vision Products Group, which includes a couple thousand engineers working on headsets and related technology, were told they would become the responsibility of John Ternus, Apple’s hardware boss.

Mike Rockwell, Riccio’s current lieutenant, will continue to lead the Vision Products Group on a day-to-day basis, said the people, who asked not to be identified because the changes aren’t public.

Gurman’s framing here in his lede could leave casual readers with the impression that Riccio is perhaps leaving because of the tepid consumer response to Vision Pro, but as Gurman subsequently mentions, this timeline was seemingly in the cards ever since Riccio stepped down as senior vice president of all hardware (a role now filled by John Ternus) in 2021.

Wednesday, 9 October 2024

Crazy Stupid Tech ★

A new website/newsletter from Om Malik and Fred Vogelstein:

Both of us together have followed Silicon Valley’s innovation engine for more than 50 years. We’ve seen a lot. But one observation stands out: The best ideas — the ones that launch meaningful companies — need to seem crazy and stupid at first.

Amazon, Google and Facebook are among the most powerful companies in the world today, but each of them seemed absolutely preposterous when launched. When Jeff Bezos started Amazon as an online bookstore 30 years ago, most didn’t even know what the internet was. Larry Page and Sergey Brin founded Google in 1998 when most believed search was going nowhere. In the 2000s, Mark Zuckerberg bet Facebook could fundamentally change the way billions of people used the internet — to share everything back when most were terrified about sharing anything.

It’s this messianic belief in a vision that makes many entrepreneurs so quirky — and so interesting. It takes a unique personality to spend years saying “I’m right” when most around you say “That’s wrong.”

Love this statement of purpose.

Moom 4 Is Excellent, But Not Available in the Mac App Store ★

Many Tricks:

Moom 4 is only available directly from Many Tricks; it is not available on the Mac App Store. If it were our choice, it would also be in the Mac App Store, but it’s not our choice.

Why isn’t it in the Mac App Store? Because the Mac App Store does not allow apps that aren’t sandboxed. And Moom 4 cannot be sandboxed, as its use of the Accessibility API makes that impossible. So how was Moom 3, which also uses the Accessibility API, on the Mac App Store? Simple: Moom 3 was in the store before Apple required all Mac App Store apps to be sandboxed, so it was allowed to remain in the store, as long as we never added new features.

If Apple ever changes the rules, we will submit Moom 4 for Mac App Store review, but until/unless those rules change, you can only get Moom 4 directly from us.

What a perfect example of the shortcomings of the Mac App Store. MacOS 15 Sequoia adds new window-tiling features that, on the surface, you might think Sherlock Moom — a longstanding Mac utility that automates window resizing/arranging. But Moom does so much more than Sequoia’s tiling features. It’s a fabulous utility from a great developer, but Many Tricks isn’t allowed to offer it through the Mac App Store.

Microsoft’s Final Surface Duo Software Update ★

Zac Bowden, writing for Windows Central:

The Surface Duo 2 has just received its likely final security update, marking an end to Microsoft’s brief return to the smartphone market. The company originally launched Surface Duo 2 in October 2021, and promised to support the product with software updates for three years. Microsoft was only able to deliver one major Android version update in that time, a pitiful number for a $1,500 device.

It wasn’t that Microsoft was only able to deliver one major Android version update in 3 years. They’re Microsoft, for chrissakes. It’s that they could only be bothered to deliver one major upgrade. Commitment is vastly underestimated in the hardware game.

CoverSutra (I Think!) Is Returning ★

Fun Halloween-themed teaser.

Home Depot Is Slowly Rolling Out Apple Pay Support ★

Chance Miller, writing for 9to5Mac:

According to multiple 9to5Mac readers and reports across social media, Home Depot has also recently started rolling out Apple Pay support. Home Depot has been a major Apple Pay holdout, resisting pressure from its customers to add support for Apple’s tap-to-pay platform. Notably, Lowe’s — Home Depot’s biggest competitor — began rolling out Apple Pay support last December. It certainly seems possible that this move by Lowe’s put pressure on Home Depot to change its strategy.

Home Depot hasn’t commented on this change in policy, and the details of the rollout aren’t explicitly clear. It appears to be a very gradual rollout that started at a small number of locations over the summer and has recently picked up momentum. Your mileage may vary for the time being, though.

I could be completely wrong, but I don’t think Home Depot was ever opposed to Apple Pay. I just think they bought into a weird point-of-sale system that didn’t support it. They’re weird terminals. And I suspect what’s happening now isn’t a come-to-Jesus moment regarding Apple Pay in particular, but a replacement of those crummy POS terminals with new ones that do support Apple Pay.

Walmart is still the biggest Apple Pay holdout by a wide margin, and the company has shown no signs of changing its tune.

With Walmart, I do think it’s strategic that they don’t support Apple Pay. I think it’s wrongheaded though, and they’ll change their minds sooner (probably) or later. Walmart, just a few years ago, was spearheading the dumbass CurrentC “pay via QR code” system. Apple Pay, from a user’s perspective, is just a private way to pay via credit or debit card — no more, no less. Whatever strategic reasons Walmart has to oppose it — which I think boil down to wanting customers to instead use a Walmart-proprietary digital payment system — aren’t worth it.

Tuesday, 8 October 2024

Apple Hosted a ‘Cozy’ Mini WWDC for VisionOS ★

Todd Heberlein:

Cozy mysteries are a genre of crime fiction where the stories take place in small, socially intimate communities, and any violence is limited or happens offscreen. Yesterday, I experienced a “Cozy WWDC,” and it was wonderful!

The event took place in an intimate setting with about 170 developers. There were no highly produced skits, no jabs at the competition, no speculative non-existent products designed to make the media and influencers lose their shit, and no media. The event, titled “Envision the Future: Build Great Apps for visionOS,” was held at the Apple Developer Center in Cupertino on October 2nd.

It focused solely on visionOS and spanned just one day.

The presenters were live. Many wrote code and showed the results live. Sometimes demos didn’t work the first time.

I have heard from a few other attendees that this was an excellent and very productive little event.

Transmit Drops Support for Google Drive Because of Google’s Overbearing Annual Code Inspections ★

Panic:

Well, Google has a new set of policies that require apps that connect to Google Drive to go through expensive, time-consuming annual reviews, and this has made it extremely difficult for us to reasonably maintain Google Drive access. You may have seen iA Writer’s announcement that they are stopping development of their Android version for similar reasons. Our experience was different, but our circumstances are similar. [...]

Between the weeks of waiting, submitting the required documentation and the process of scanning the code, it took a significant amount of time from our engineers. For example, Google provided a Docker image for running the scanner, but it didn’t work. We had to spend more than a week debugging and fixing it. And because the scanner found no problems, it didn’t result in any improvements to Transmit. No one benefitted from this process. Not Google, not Panic, and not our users. [...]

But then… a couple of months later, Google completely removed the option for us to scan our own code. Instead, to keep access to Google Drive, we would now have to pay one of Google’s business partners to conduct the review. They promised a discounted minimum price, but no maximum price. We realized that either we’d most likely be paying someone else a chunk of cash to run the same scanner we were running, or our bill would end up much higher.

Never been gladder that I don’t use Google Drive for anything.

The New York Times, Finally: ‘Trump’s Rambling Speeches Reinforce Question of Age’ ★

Peter Baker and Dylan Freedman, reporting for The New York Times, with the conspicuous absence of Maggie Haberman from that shared byline:

Former President Donald J. Trump vividly recounted how the audience at his climactic debate with Vice President Kamala Harris was on his side. Except that there was no audience. The debate was held in an empty hall. No one “went crazy,” as Mr. Trump put it, because no one was there.

Anyone can misremember, of course. But the debate had been just a week earlier and a fairly memorable moment. And it was hardly the only time Mr. Trump has seemed confused, forgetful, incoherent or disconnected from reality lately. In fact, it happens so often these days that it no longer even generates much attention.

He rambles, he repeats himself, he roams from thought to thought — some of them hard to understand, some of them unfinished, some of them factually fantastical. He voices outlandish claims that seem to be made up out of whole cloth. He digresses into bizarre tangents about golf, about sharks, about his own “beautiful” body. He relishes “a great day in Louisiana” after spending the day in Georgia. He expresses fear that North Korea is “trying to kill me” when he presumably means Iran. As late as last month, Mr. Trump was still speaking as if he were running against President Biden, five weeks after his withdrawal from the race.

Better late than never, but if it were Joe Biden who had rambled on about “the audience going crazy” at a debate that had no audience, the New York Times would have been all over it the next day, not a month later.

I don’t think Donald Trump was ever hooked up right. But he’s clearly losing the few marbles he ever had to dementia, just like his father did. The signs were clear during his 2017–2021 term in office:

John F. Kelly, his second White House chief of staff, was so convinced that Mr. Trump was psychologically unbalanced that he bought a book called “The Dangerous Case of Donald Trump,” written by 27 mental health professionals, to try to understand his boss better. As it was, Mr. Kelly came to refer to Mr. Trump’s White House as “Crazytown.”

Of course the Times had to both-sides this story, and this is who they found to do it:

Sam Nunberg, a former Trump political adviser, said he still talked with people who see him almost daily, and had not heard of any concerns expressed about the former president’s age. “I don’t really see any major difference,” he said. “I just don’t see it.”

Nunberg is the guy who showed up shitfaced drunk on half a dozen cables news appearances at the height of the Robert Mueller investigation. That’s the guy saying, sure Trump is OK in the head today.

If you haven’t watched Trump speak in a while — because you’re on team “fuck that guy”, like any sane voter — you should watch the video clips the Times culled for this piece. Like I said, I don’t think the guy was ever hooked up right, but it’s very clear he’s in serious decline today.

My suggestion to the Harris campaign is that they should repeatedly describe Trump as “an 80-year-old”, and force Trump surrogates to correct them that he’s “only” 78.

Two Russian YouTubers Post Videos Unboxing Purported M4 MacBook Pro Base Models ★

Joe Rossignol, writing for MacRumors:

The latest video of what could be a next-generation MacBook Pro was shared on YouTube Shorts today by Russian channel Romancev768, just one day after another Russian channel shared a similar video. The clip shows a box for a 14-inch MacBook Pro that is apparently configured with an M4 chip with a 10-core CPU and a 10-core GPU, 16GB of RAM, 512GB of storage, three Thunderbolt 4 ports, and a Space Black finish. [...]

The source of these leaks is unclear. Last week, “ShrimpApplePro” claimed that at least one of the unannounced 14-inch MacBook Pro units was apparently being offered for sale in a private Facebook group. In a follow-up post on X on Sunday, the leaker claimed that he saw someone online who was apparently advertising 200 of the unannounced 14-inch MacBook Pro units for sale, leading him to believe this leak originates from a warehouse. It is unclear if these details are accurate, but this whole situation is clearly very sketchy.

It’s somewhat weird that the box art is identical to that of last year’s M3 MacBook Pros, but I lean toward thinking these are real. Best guess is that someone stole 200 of these from China and some or all of them wound up in Russia? No sympathy for Apple here if that’s what happened — if you assemble your products in a dictatorship, stuff like this is bound to happen. Kinda surprising it hasn’t happened with iPhones, which would garner far more attention and value a month ahead of launch. That it hasn’t happened with iPhones probably indicates that Apple puts more security around them than they do MacBook Pros.

Apple Tweaks Screen Recording App Permissions in MacOS 15.1 Beta ★

Juli Clover, MacRumors:

In the release notes for the sixth beta of the macOS Sequoia 15.1 update, Apple says that users aren’t going to see as many popups for apps they regularly use.

Applications using our deprecated content capture technologies now have enhanced user awareness policies. Users will see fewer dialogs if they regularly use apps in which they have already acknowledged and accepted the risks.

Why in the world didn’t Apple take regular use of a screen-recording app into account all along?

Monday, 7 October 2024

The Talk Show: ‘An Acoustic Nightmare’ ★

Tyler Stalman joins the show to discuss the iPhone 16 lineup’s cameras, and the state of iPhone photography.

A Few Brief Thoughts on Meta Connect 2024

Wednesday, 25 September 2024

I’ll link first to The Verge’s “Everything Announced at Meta Connect 2024” roundup because Meta still hasn’t posted today’s keynote address on YouTube; best I’ve found is this recording of the livestream, starting around the 43m:20s mark. I watched most of the keynote live and found it engaging. Just 45 minutes long — partly because it was information dense, and partly because Mark Zuckerberg hosted the entire thing himself. He seems very comfortable, confident, and natural lately. Nothing slows an on-stage keynote down more than a parade of VPs. There was clearly no political infighting at Meta for stage time in this keynote. The keynote was Zuck’s, and because of that, it was punchy and brisk.

In terms of actual products that will actually ship, Meta announced the $300 Quest 3S. That’s more than an entire order of magnitude lower-priced than Vision Pro. Vision Pro might be more than 10× more capable than Quest 3S, but I’m not sure it’s 10× better for just playing games and watching movies, which might be the only things people want to do with headsets at the moment. They also launched a 7,500-unit limited edition of their $430 actually-somewhat-popular Ray-Ban Wayfarer “smart” glasses made with translucent plastic, iMac-style. It’s been a while since someone made a “look at the insides” consumer device. That’s fun, and a little quirky, too.

The big reveal was Orion, a working prototype of see-through AR glasses. Meta themselves are describing them as a “dev kit”, but not only are they not available for purchase, they’re not available, period. They’re internal prototypes for Meta’s own developers, not outside developers. They do seem interesting, for a demo, and I’m hearing from our Dithering correspondent on the scene in Menlo Park that using them is genuinely compelling. There can be no argument that actual glasses are the form factor for AR.

The Verge’s Alex Heath opened his piece on Orion today with this line:

They look almost like a normal pair of glasses.

That’s stretching the meaning of “almost” to a breaking point. I’d say they look vaguely kinda-sorta like a pair of normal glasses. Both the frames (super chunky) and the lenses (thick, prismatic, at times glowing) are conspicuous. They look orthopedic, like glasses intended to aid people whose vision is so low they’re legally blind. It really is true that Meta’s Ray-Ban Wayfarers are nearly indistinguishable from just plain Wayfarers. Orion isn’t like that at all. If you went out in public with these — which you can’t, because they’re internal prototypes — everyone would notice that you’re wearing some sort of tech glasses, or perhaps think you walked out of a movie theater without returning the 3D goggles. But: you could wear them in public if you wanted to, and unlike going out in public wearing a VR headset, you’d just look like a nerd, not a jackass. They’re close to something. But how close to something that would actually matter, especially price-wise, is debatable. From Heath’s report:

As Meta’s executives retell it, the decision to shelve Orion mostly came down to the device’s astronomical cost to build, which is in the ballpark of $10,000 per unit. Most of that cost is due to how difficult and expensive it is to reliably manufacture the silicon carbide lenses. When it started designing Orion, Meta expected the material to become more commonly used across the industry and therefore cheaper, but that didn’t happen.

“You can’t imagine how horrible the yields are,” says Meta CTO Andrew Bosworth of the lenses. Instead, the company pivoted to making about 1,000 pairs of the Orion glasses for internal development and external demos.

Snap recently unveiled their new Spectacles, which they’re leasing, not selling, for $1,200 per year. Snap’s Spectacles are so chunky they make Orion look inconspicuous in comparison. But the race to bring AR glasses to market is clearly on.

See Also: Heath’s interview with Zuckerberg for Decoder.

Next-Day Addendum: I woke up this morning with the following competitive back-and-forth in my head:

Facebook ships VR headsets and a software platform with an emphasis so strong on “the metaverse” that they rename the company Meta.
Apple announces, and then 7 months later ships, Vision Pro with a two-fold message in comparison: (a) the “metaverse” thing is so stupid they won’t even use the term; (b) overwhelmingly superior resolution and experiential quality. Consumer response, however, is underwhelming.
Meta drops the “metaverse” thing and previews Orion, effectively declaring that they think VR headsets are the wrong thing to build to create the product that defines the next breakthrough step change in personal computing. AR glasses, not VR headsets, are the goal.

It’s a lot of back-and-forth volleying, which is what makes the early years of a new device frontier exciting and highly uncertain. Big bold ideas get tried out, and most of them wind up as dead ends to abandon. Compare and contrast to where we’ve been with laptops for the last 20 years, or the pinnacle we appear to have reached in recent years with phones. ★