Another Stellar Front Page Data Visualization From The New York Times 

A shocking design for a shocking graphic.

Mort Drucker, Master of the ‘Mad’ Caricature, Dies at 91 

J. Hoberman, The New York Times:

From the early 1960s on, nearly every issue of Mad included a movie parody, and before Mr. Drucker retired he had illustrated 238, more than half of them. The last one, “The Chronic-Ills of Yawnia: Prince Thespian,” appeared in 2008.

Mr. Drucker compared his method to creating a movie storyboard: “I become the ‘camera,’” he once said, “and look for angles, lighting, close-ups, wide angles, long shots — just as a director does to tell the story in the most visually interesting way he can.”

I simply adored Drucker’s parodies in Mad. I could never decide what was better — when Mad poked holes in a good movie, or when they skewered a bad one.

Loved this bit:

But not everyone was so pleased. According to Mr. Hendrix, Mad’s 1981 parody of “The Empire Strikes Back,” “The Empire Strikes Out,” prompted the Lucasfilm legal department to send a cease-and-desist letter demanding that the issue be recalled. “Mad replied by sending a copy of another letter they had received the previous month — from George Lucas, offering to buy the original artwork for the ‘Empire’ parody and comparing Mort Drucker to Leonardo da Vinci.”

9to5Mac: Early iOS 14 Build Contains ‘Clips’ Feature for Interactive App Views Without Having the App Installed 

Filipe Espósito, 9to5Mac:

As 9to5Mac has analyzed this new API, we can say that it allows developers to offer interactive and dynamic content from their apps even if you haven’t installed them. The Clips API is directly related to the QR Code reader in the build we have access to, so the user can scan a code linked to an app and then interact with it directly from a card that will appear on the screen.

Let’s say you get a QR Code with a link to a video from YouTube but you don’t have the official app installed on your iPhone. With iOS 14 and the Clips API, you’ll be able to scan that code and the video will be reproduced on a floating card that shows a native user interface instead of a web page.

Three thoughts:

  • Some interesting security and parental control implications to this, if true. Also, what about the case where — like me — you don’t have Google’s YouTube app installed because you want all YouTube links to open in Safari?

  • I’m truly fascinated by this iOS 14 build that 9to5Mac has its hands on. It’s obvious why they can’t talk about it now, but I hope someday we hear the backstory on this.

  • Keep in mind that it was Filipe Espósito’s byline on the 9to5Mac report that stated as fact that the new 2020 iPad Pros have a U1 ultra-wideband chip, which by all appearances is wrong.

Dolly Broadway 

Stephanie Farr, writing for The Philadelphia Inquirer:

If Danny DeVito was an Italian grandma from South Philly who made red gravy three times a week, he’d be Dolores Paolino.

Blunt as a pickax handle with a fierce fervor for White Claw hard seltzers, the 4-foot-5 Paolino earned the nickname “Dolly Broadway” growing up in South Philly, where she spent every night out on the town. “I was a party animal,” Paolino said. “It’s a shame kids don’t know that kind of fun today.”

Now 86, Paolino — under her nickname — has once again earned a reputation for partying, but this time it’s on social media, where she’s got more than 1.2 million followers on TikTok and more than 5,000 on Instagram.

She’s the most Philly Philadelphian I’ve ever seen.

How Jigsaw Puzzles Are Made 

Amie Tsang, writing for The New York Times:

The rush to get hold of a jigsaw puzzle — and even stockpiling by regular enthusiasts — has transformed this quiet hobby and put companies under pressure as demand surges past Christmas levels. […]

Each puzzle piece must be uniquely shaped, to avoid one accidentally fitting into the wrong place. That means 1,000 different shapes for a 1,000-piece puzzle, each drawn by hand by workers. Before a puzzle is cut for the first time, each piece is sketched on a sheet of paper draped over the finished image.

Pieces of metal are then shaped to form an elaborate cookie cutter made just for that jigsaw puzzle; it takes about four weeks to build one. The cutter can be used only a limited number of times before its edges are dulled. It can be resharpened once and must then be discarded. At busy times of the year, the company will go through several cutters a day.

I would not have guessed each puzzle is so labor intensive. I simply assumed each puzzle of the same size was cut with the same pattern. Even having read this I’m not sure why they don’t do it that way. But the machines sure look cool. I’m also curious how they ensure they don’t package up the puzzle with a piece or two missing, which is surely a recipe for driving someone mad.

(I’ve long been curious how Lego does that too — I’ve put together untold dozens of Lego models in my life, and never once had a missing piece in a kit. Sometimes a few extras, but never something missing.)

Jason Snell on the Brydge Pro+ iPad Keyboard With Trackpad 

Jason Snell, writing at Six Colors:

Still, I figured that the Brydge Pro+ would find an ecological niche to fill. It’s going to be $100 or $120 cheaper than the Magic Keyboard, and will probably offer a more traditional laptop feel than Apple’s cantilevered design.

Unfortunately, none of that matters if Brydge doesn’t get the trackpad right on the Pro+, and I’m sorry to report that it hasn’t. The trackpad on the Pro+ isn’t remotely close to Apple’s trackpads in class. Sometimes I move my finger across the trackpad and the cursor appears, but doesn’t move. Other times it moves, hesitates, and then moves some more. Two-finger scrolling is similarly unpleasant. The result is an imprecise, jerky experience. It’s no good. And there’s no support for navigating between apps via three-finger gestures, either.

I’ve been using the Brydge Pro+ to write this article, and I find myself actively avoiding using the trackpad, because every time I try it, I just end up frustrated.

Federico Viticci:

Unfortunately, have to agree with Jason. I was sent a final production unit a couple weeks ago, and I had all the cursor issues Jason mentions too. Also: no three-finger gestures. I’ll be waiting for the Magic Keyboard.

Aaron Vegh:

I guess Brydge is finding out what most PC trackpad vendors have known for ages: trackpads are hard.

More on Apple’s IS&T Group 

“IST-Throwaway”, on Hacker News:

Although my experience is several years old, everything in this article rings true. The contracting companies they had us working for were taking a huge cut, the quality of the code they produced was dismal, (as soon as we were no longer allowed to re-write their code major things began breaking almost immediately) and people getting transferred around constantly and having no time to understand any one project was common. (rkho’s comment about their hiring process seeming like it was simply a beard for a nepotistic contractor conversion was something we definitely saw a number of times.)

All in all it was an extremely eye-opening experience. Considering how “do it the Apple way” every other department we interacted with was, being in the IS&T buildings was like landing on an alien planet.

Via Michael Tsai’s updated post, which has a few more links and comments from readers.

A note from a long-time but now former Apple engineer (and long-time DF reader):

Inside Apple, IS&T is pronounced isn’t. As in, the network isn’t up right now.

Assembly Instructions for Apple’s PPE Face Shields 

Replete with Apple’s typically high-quality illustrations and animations.

Bernie Sanders Drops Out 

Sydney Embers, reporting for The New York Times:

Mr. Sanders, 78, leaves the campaign having almost single-handedly moved the Democratic Party to the left. He inspired the modern progressive movement with his expansive policy agenda and his impassioned message that “health care is a human right,” and electrified a legion of loyal supporters who wholeheartedly embraced his promise to lift up those who need it most. He also transformed the way Democratic campaigns raised money, eschewing big fund-raisers and instead relying on an army of small-dollar donors.

All true. By exiting now, Sanders leaves this race with his head high. Next up: pull his supporters behind Biden.

Faucimania 

Jelisa Castrodale, writing for Vice:

Then there’s that “Sexiest Man Alive” petition, which someone at People magazine actually had to respond to. “He has helped bring back ‘must-see TV’ to the masses, who are hungry for wisdom about how to best care for their family’s health and safety in this time of uncertainty,” Dan Wakeford, People’s editor-in-chief told Women’s Wear Daily. “Smart is sexy, no doubt.”

And, because each passing day presents the opportunity for me to type sentences that have never existed before, the National Bobblehead Hall of Fame and Museum is currently taking pre-orders for a Dr. Fauci bobblehead.

Alex Kantrowitz on Apple’s Dysfunctional Information Systems and Technology Group 

An excerpt from Alex Kantrowitz’s Always Day One, published at BuzzFeed News:

A group inside Apple called Information Systems & Technology, or IS&T, builds much of the company’s internal technology tools — from servers and data infrastructure to retail and corporate sales software — and operates in a state of tumult.

IS&T is made up largely of contractors hired by rival consulting companies, and its dysfunction has led to a rolling state of war. “It’s a huge contractor org that handles a crazy amount of infrastructure for the company,” one ex-employee who worked closely with IS&T told me. “That whole organization is a Game of Thrones nightmare.” […]

When IS&T’s projects are finally completed, they can cause even more headaches for Apple employees, who are left with a mess to clean up. Multiple people told me their Apple colleagues were forced to rewrite code after IS&T-built products showed up broken.

Michael Tsai:

From what I’ve heard, this is a longtime problem, and it’s a mystery to me why this group has been immune to the Cook Doctrine. Apple buys forests to manage the paper used in its packaging and designs the desks its employees use and even the pizza boxes for its cafeteria. But when it comes to building the software that runs the company, that’s not considered a core competency.

I have to raise an eyebrow at Kantrowitz’s closing:

For Apple, fixing its broken IS&T division would not only be the right thing to do from a moral standpoint — it would help the company’s business as well. If Apple is going to become inventive again, it will need to give its employees more time to develop new ideas.

If Apple is no longer inventive, what is Apple Watch? What are AirPods? If it wasn’t inventiveness, what was it when Apple completely redesigned the fundamental interaction design of the iPhone with the iPhone X? When was Apple “inventive”? Once in 1984, and once more in 2007?

‘This Is What Happens When a Narcissist Runs a Crisis’ 

Jennifer Senior, writing for The New York Times:

And most relevant, as far as history is concerned: Narcissistic personalities are weak.

What that means, during this pandemic: Trump is genuinely afraid to lead. He can’t bring himself to make robust use of the Defense Production Act, because the buck would stop with him. (To this day, he insists states should be acquiring their own ventilators.) When asked about delays in testing, he said, “I don’t take responsibility at all.” During Friday’s news conference, he added the tests “we inherited were “broken, were obsolete,” when this form of coronavirus didn’t even exist under his predecessor.

This sounds an awful lot like one of the three sentences that Homer Simpson swears will get you through life: “It was like that when I got here.

Cut through the nightly bluster at the podium and it’s simply strikingly clear: Trump is afraid to actually do anything in this crisis.

Sony Unveils DualSense, the New Wireless Game Controller for PlayStation 5 

Looks beautiful, and very Sony. My son’s observation is that it looks “off-brand” to get away from color-coding the triangle/circle/X/square buttons. But this looks better.

Let’s All Wear a Mask 

Maciej Ceglowski:

The medical evidence for the practice is overwhelming. The post-SARS countries in East Asia have known this for a long time, and America and Europe are finally coming around. I’ve put a bunch of resources about the medical benefits of mask wearing in a further reading section at the bottom of this post.

But in this essay, I want to persuade you not just to wear a mask, but to go beyond the new CDC guidelines and help make mask wearing a social norm. That means always wearing a mask when you go out in public, and becoming a pest and nuisance to the people in your life until they do the same.

It’s encouraging how many people wearing masks I now see on the sidewalk here in Philly, but the number needs to go much higher. If you have family or friends who are resisting getting on board Team Face Mask, send them this link. Ceglowski makes the case.

Last Week Tonight With John Oliver on One America News 

Last Week Tonight:

One America News, or OAN, is a far-right news network being embraced by President Trump at his coronavirus press briefings. John Oliver takes a look at who they are, how they report, and why they could be a big problem during the pandemic.

If you think Fox News is in the bag for Trump and the Republican Party, well, meet OAN. Just jaw-dropping.

Larry David, Master of His Quarantine 

I’m trying to end each day here at DF on an upbeat note. This interview with Larry David by Maureen Dowd for The New York Times fits the bill nicely:

When I ask if he is hoarding anything, he is outraged. “Not a hoarder,” he said. “In fact, in a few months, if I walk into someone’s house and stumble onto 50 rolls of toilet paper in a closet somewhere, I will end the friendship. It’s tantamount to being a horse thief in the Old West.”

“I never could have lived in the Old West,” he added parenthetically. “I would have been completely paranoid about someone stealing my horse. No locks. You tie them to a post! How could you go into a saloon and enjoy yourself knowing your horse could get taken any moment? I would be so distracted. Constantly checking to see if he was still there.”

2020 iPad Pros Do Not Have U1 Ultra Wideband Chips 

Joe Rossignol, MacRumors, “2020 iPad Pro May Not Have a U1 Ultra Wideband Chip After All”:

As a reminder, Apple’s tech specs for the iPhone 11 and iPhone 11 Pro list an Ultra Wideband chip for spatial awareness, but the chip is not mentioned in Apple’s tech specs for the new iPad Pro. Apple also did not mention the new iPad Pro featuring the U1 chip in its press release or in any other marketing materials for the device.

Beyond that, the directional AirDrop feature that the U1 chip enables on iPhone 11 models is not present on the new iPad Pro running iPadOS 13.4, nor is the Ultra Wideband toggle switch that Apple added to iPhones in iOS 13.3.1.

So the tech specs don’t mention it, Apple never mentioned it, and the U1-enabled features in iPhone 11 models aren’t there. And iFixit’s teardown found no hidden U1 chip.

There’s no reason to think the iPad Pros have a secret U1 chip other than this March 18 post at 9to5Mac that stated it does, “based on code from the latest iOS 13.4 build”. “Based on code” is a pretty dumb way to source this as true.

I confirmed with a little birdie who would certainly know the answer: there is no U1 chip in the new iPad Pro, and if there were one, Apple would have told us so.

Jake Tapper to Trump: ‘Mr. President, What’s the Plan?’ 

Jake Tapper, closing his State of the Union show on CNN yesterday:

Mr. President, I know you, like millions of Americans, are eager to have the nation go back to some semblance of normal. One of the questions the American people need answered for that to happen responsibly: What’s the plan?

Queen Elizabeth: ‘We Will Be With Our Friends Again. We Will Be With Our Families Again. We Will Meet Again.’ 

Remarkable address from Queen Elizabeth — well-written, well-delivered. Honest and truthful, yet hopeful. All the more powerful that it’s only her fourth formal address in 68 years.

Joanna Stern: ‘A MacBook Air Review at the Worst Possible Time’ 

Joanna Stern, writing for The Wall Street Journal:

It’s hard to know if the satisfyingly bouncy yet quiet keys are fabulous by themselves, or just a welcome relief after years of the flat, loud yet delicate butterfly keys. You know what? I’m going to go with “fabulous.”

Since those butterfly keys began to show issues after a few months of use, I’d hesitated to declare everything fixed. I’m happy to report, however, that six months into using the 16-inch MacBook Pro, I’ve had no issues with the new keyboard. In fact, it now feels even more broken-in—versus, you know, just broken.

She makes a great point about laptop web cameras sucking — and how their suckiness has been brought to the forefront during our collective stay-at-home saga. Her video comparing webcam footage from a bunch of laptops — including a 2010 MacBook Pro, whose camera at times outperforms the new MacBook Air’s — is excellent. But I think the problem here is technically difficult — laptop lids are way thinner than phones and tablets, and that thinness severely limits camera sensor size. Everyone wants a better MacBook camera, but I suspect few would accept the tradeoff of a MacBook with a lid as thick as an iPad.

(Apple News link, for News+ subscribers who don’t have a standalone WSJ subscription.)

Ryne Hager, Writing at Android Police: ‘Do Yourself a Favor and Buy an iPad During Lockdown’ 

Not the usual fare at Android Police. (I have never understood the name “Android Police”. What is that all about?) Feels like the inconvenient truth, though. There are flagship Android phones from several companies that are, undeniably, competitive with the iPhone. Tablets, not so much (other than at the low end of the market, with devices like Amazon’s Fire tablets). But what I’m most interested in isn’t what Hager likes about iPads, but what he doesn’t:

By far, the biggest advantage of having an iPad comes down to apps. iOS has more of them. It also has more exclusives, it usually gets apps for new services or games first, and apps for iPads often make better use of big-screen layouts than Android apps do. Even if you hate iOS and its weird dated home screen layout, awkwardly monolithic Settings app, arbitrary and draconian default app restrictions, and the lack of deep Google services integration, the apps kind of make up for it.

That’s a pretty interesting list. First, not one of them is hardware related. (He does mention subsequently that Samsung has tablets with AMOLED displays, but that’s tech spec gibberish — no one can argue that iPad displays aren’t best of breed at each price point). iPad hardware is undeniably great. Second, his software complaints don’t even include the multitasking UI complaints I’ve been preoccupied with. Instead his list is:

  • Weird dated home screen layout”. Near universal agreement on this one. I don’t think Android shows the way forward here, at all, but the iOS home screen really is dated and limited. And it’s not even simple — it’s downright tricky and error prone to move apps around to rearrange them.

  • Awkwardly monolithic Settings app”. This I don’t get. Yes, the iOS Settings app contains a lot of stuff. But it’s organized pretty well for the most part, and search helps quite a bit when looking for something deep. Ideally every single setting in Settings would be indexed for search, but I find the iOS Settings app easier to navigate logically than the Android Settings app on my Pixel. Regarding monolithism, I assume he’s referring to the fact that Apple’s built-in apps keep their settings in Settings, rather than in each app. At the outset of the App Store, Apple’s guidelines prescribed that all apps put their settings in the Settings app — an idea that was clear on day one wouldn’t scale.

  • Arbitrary and draconian default app restrictions”. Nothing arbitrary about it, but yeah, that’s been a complaint ever since the App Store opened. According to Mark Gurman, though, Apple is considering changing this in iOS 14.

  • Lack of deep Google services integrations”. From this side of the fence, that’s a feature, not a bug. Makes about as much sense to complain about this as it would to complain about the lack of iCloud integration on an Android phone, except for the fact that Google actually does offer a slew of iOS apps, whereas Apple’s offerings for Android are, uh, Apple Music. (Why no Apple TV? If they’re making Apple TV apps for TVs running Android why not make an Apple TV app for Android phones?)

(And, of course, the comments section on this post is a goldmine of hot takes.)

Hobby Lobby vs. Coronavirus, a Tale in Three Acts 

Act 1: March 19. Hobby Lobby owner’s wife receives a message from god telling her their stores should remain open.

Act 2: April 1. Hobby Lobby re-opens dozens of stores in states with strict shelter-in-place orders.

Act 3: April 3. Hobby Lobby to furlough most of its employees, close most operations nationwide.

Bonus Post-Credit-Sequence Flashback: Hobby Lobby founder Steve Green spent millions of dollars on “Dead Sea Scrolls” that turned out to be fakes made from used shoe leather.

Free Epix Via Apple TV App Through May 2 

Good roundup of free trials and special offers for streaming video from Chance Miller at 9to5Mac:

A handful of streaming services are offering extended trials through the Apple TV app during the COVID-19 pandemic. Currently, you can get extended one-month trials of Showtime and other services, as well as completely free access to Epix. […]

Epix is unique because it’s not offering an extended free trial right now, but rather completely free access for the next month. That means you can access all Epix content in the Apple TV app for free, without signing up for anything, until May 2.

Among Epix’s offerings: the entire library of James Bond films. Goldfinger awaits.

(Pretty cool offer from Epix, where you don’t even need to sign up. They’re simply looking to raise brand awareness and simultaneously do something good in the midst of this stay-at-home saga.)

Honor Blackman, Pussy Galore in ‘Goldfinger’, Dies at 94 

Simon Murphy and Andrew Pulver, writing for The Guardian:

Honor Blackman, the actor best-known for playing Bond girl Pussy Galore, has died aged 94.

The actor, who became a household name in the 1960s as Cathy Gale in The Avengers and enjoyed a career spanning eight decades, died of natural causes unrelated to coronavirus.

One of the greats. Feels like a good time to rewatch Goldfinger.

California King 

They’re back.

SoundSource 

My thanks to Rogue Amoeba for sponsoring this week at DF to promote SoundSource, their powerful Mac menu bar app that provides quick access to audio devices, per-app volume control, and much more.

One year ago — to the day! — I wrote about SoundSource 4:

[I]f you’re not familiar with SoundSource, their description is spot-on: “Sound control so good, it ought to be built in”.

Basically, SoundSource is a menu bar app that gives you quick access to input and output devices, and level settings, and lets you apply equalizer effects — both system-wide and on a per-app basis. All with a thoughtful, intuitive interface […] a great example of a distinctive, branded UI that still looks and feels in every way like a standard Mac app.

If you’re doing more with audio on your Mac now — remote meetings, Skype calls, recording podcasts, whatever — and wish you had more control over your audio input and output devices, you’re going to love SoundSource. It encapsulates a lot of features in a very easy to understand interface. (If you’re into decluttering your menu bar icons, SoundSource can fully replace the system’s built-in Volume menu item — take a look in SoundSource’s preferences for the alternate menu bar icon that shows your current volume. Update: And Sound Source’s “Super Volume Keys” feature lets you use your keyboard volume keys to control the volume of any speakers connected to your Mac.)

Try it out: download the free trial, and use coupon code DF2020 to save 20% when you purchase by April 10.

Facebook Wanted NSO Spyware to Monitor iOS Users 

Joseph Cox, who has been absolutely killing it in his reporting for Motherboard:

According to a declaration from NSO CEO Shalev Hulio, two Facebook representatives approached NSO in October 2017 and asked to purchase the right to use certain capabilities of Pegasus.

At the time, Facebook was in the early stages of deploying a VPN product called Onavo Protect, which, unbeknownst to some users, analyzed the web traffic of users who downloaded it to see what other apps they were using. According to the court documents, it seems the Facebook representatives were not interested in buying parts of Pegasus as a hacking tool to remotely break into phones, but more as a way to more effectively monitor phones of users who had already installed Onavo.

“The Facebook representatives stated that Facebook was concerned that its method for gathering user data through Onavo Protect was less effective on Apple devices than on Android devices,” the court filing reads. “The Facebook representatives also stated that Facebook wanted to use purported capabilities of Pegasus to monitor users on Apple devices and were willing to pay for the ability to monitor Onavo Protect users.”

This was just a little over two years ago. The NSO software that Facebook was attempting to license is intended for legitimate counterintelligence and law enforcement agencies to use in the pursuit of criminals and enemies of the state. There’s certainly a debate to be had regarding the NSO Group and its services, but Facebook’s stated intention for this software was to use it for mass surveillance of its own honest users. That is profoundly fucked up — sociopathic.

Let me repeat what I’ve stated before: Facebook is a criminal enterprise.

‘Thank God for the Internet’ 

Josh Topolsky, writing at Input:

But thank god for the internet. What the hell would we do right now without the internet? How would so many of us work, stay connected, stay informed, stay entertained? For all of its failings and flops, all of its breaches and blunders, the internet has become the digital town square that we always believed it could and should be. At a time when politicians and many corporations have exhibited the worst instincts, we’re seeing some of the best of what humanity has to offer — and we’re seeing it because the internet exists.

Now, I’m not letting Mark Zuckerberg or Jeff Bezos off the hook, but we also can’t deny that there is still good, still utility, still humanity present here — and it’s saving us in huge ways and little ones, too. In the shadow of the coronavirus, the sum of the “good” internet has dwarfed its bad parts. The din of a connected humanity that needs the internet has all but drowned out its worst parts. Oh, they’re still there, but it’s clear they aren’t what the internet is; they’re merely the runoff, the waste product.

So true. Feeling isolated? Cooped up? Me too. But imagine what this would’ve been like 30 years ago. This sort of crisis is what the internet was designed for, and it’s working.

Bruce Schneier on Zoom 

Bruce Schneier:

I’m okay with AES-128, but using ECB (electronic codebook) mode indicates that there is no one at the company who knows anything about cryptography. […]

In the meantime, you should either lock Zoom down as best you can, or — better yet — abandon the platform altogether.

If Bruce Schneier recommends you don’t use Zoom, you probably shouldn’t use Zoom — at least for anything you wouldn’t be willing to conduct over an unencrypted channel.

TechCrunch: ‘Zoom Admits Some Calls Were Routed Through China by Mistake’ 

Sometimes a headline says it all. This is really one hell of a “mistake”. It’s China. Considering everything we know about China — human rights violations, untrustworthy track record, unaccountable totalitarian leadership, vast resources, and their technical expertise to act, at scale, on access to potentially sensitive poorly-encrypted video calls — China is quite literally and obviously the last country on the face of the earth where you’d want video calls routed.

But I suppose Zoom is probably right, it must have been a mistake — despite the fact that Zoom has over 700 employees in China, including a large portion of its engineering staff; despite the fact that Zoom’s purported end-to-end encryption is no such thing, which means Chinese snoops already have access to the keys used to weakly-encrypt Zoom chats — because Zoom CEO Eric Yuan assured us that Zoom was designed with the security and privacy needs of the enterprise in mind. What a relief.

NASA Brings Back Its Rightful Logo 

NASA, with some much-needed good news:

Enter a cleaner, sleeker design born of the Federal Design Improvement Program and officially introduced in 1975. It featured a simple, red unique type style of the word NASA. The world knew it as “the worm.” Created by the firm of Danne & Blackburn, the logo was honored in 1984 by President Reagan for its simplistic, yet innovative design.

NASA was able to thrive with multiple graphic designs. There was a place for both the meatball and the worm. However, in 1992, the 1970s brand was retired - except on clothing and other souvenir items - in favor of the original late 1950s graphic.

Until today.

This should be the only logo NASA uses. 45 years old and it still feels like the future.

Security Researchers: Zoom’s Encryption Is ‘Not Suited for Secrets’; Key Servers and 700 Employees Are in China 

Security researchers Bill Marczak and John Scott-Railton, in a cogent, eye-opening report for the University of Toronto’s Citizen Lab:

Key Findings:

  • Zoom documentation claims that the app uses “AES-256” encryption for meetings where possible. However, we find that in each Zoom meeting, a single AES-128 key is used in ECB mode by all participants to encrypt and decrypt audio and video. The use of ECB mode is not recommended because patterns present in the plaintext are preserved during encryption.

  • The AES-128 keys, which we verified are sufficient to decrypt Zoom packets intercepted in Internet traffic, appear to be generated by Zoom servers, and in some cases, are delivered to participants in a Zoom meeting through servers in China, even when all meeting participants, and the Zoom subscriber’s company, are outside of China.

  • Zoom, a Silicon Valley-based company, appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software. This arrangement is ostensibly an effort at labor arbitrage: Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin. However, this arrangement may make Zoom responsive to pressure from Chinese authorities.

Apparently these security researchers aren’t aware that Zoom was designed with the security and privacy needs of the enterprise in mind.

Thousands of Zoom Videos Exposed Online Because File Names Are Guessable 

Drew Harwell, reporting for The Washington Post:

Videos viewed by The Washington Post included one-on-one therapy sessions; a training orientation for workers doing telehealth calls that included people’s names and phone numbers; small-business meetings that included private company financial statements; and elementary school classes, in which children’s faces, voices and personal details were exposed.

Many of the videos include personally identifiable information and deeply intimate conversations, recorded in people’s homes. Other videos include nudity, such as one in which an aesthetician teaches students how to give a Brazilian wax. […]

But because Zoom names every video recording in an identical way, a simple online search can reveal a long stream of videos elsewhere that anyone can download and watch. The Washington Post is not revealing the naming convention that Zoom uses, and Zoom was alerted to the issue before this story was published.

But Zoom was designed for the enterprise. I don’t get how this could happen.

Every Zoom Security and Privacy Flaw So Far, and What You Can Do to Protect Yourself 

Because it’s by Glenn Fleishman, this piece is both a great read and comprehensive. Because it’s comprehensive — and about Zoom — it’s remarkably long.

Quick Turnaround From Zoom on Mac Issues, But Their Story Remains Bullshit 

Zoom founder and CEO Eric S. Yuan:

Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively. We are also committed to being transparent throughout this process. We want to do what it takes to maintain your trust. This includes:

  • Enacting a feature freeze, effectively immediately, and shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues.

Good for Zoom. I mean that. And no one can complain that Zoom acts slowly: on Wednesday they released a new version of their Mac app that fixed their installer issues and the security vulnerabilities discovered by Patrick Wardle just one day prior. They fixed at least one major Windows problem this week too.

But this blog post from Yuan contains a lot of bullshit:

First, some background: our platform was built primarily for enterprise customers — large institutions with full IT support. These range from the world’s largest financial services companies to leading telecommunications providers, government agencies, universities, healthcare organizations, and telemedicine practices. Thousands of enterprises around the world have done exhaustive security reviews of our user, network, and data center layers and confidently selected Zoom for complete deployment.

However, we did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.

These new, mostly consumer use cases have helped us uncover unforeseen issues with our platform.

It makes no sense on the surface that a product purportedly designed for the enterprise would have lousy security and privacy. Most of the known problems with Zoom are specifically about all the corners they cut to ease onboarding for consumer users. The truth is Zoom has had a bifurcated strategy: one for enterprise and one for consumers. The consumer thing did not just sneak up on them in the last few weeks.

For chrissake just think about that secretly-installed hidden web server issue from last summer. That wasn’t a feature for the enterprise. Zoom has been playing very loose with consumer security and privacy not by accident, but as part of a strategy that emphasized ease of use above all else.

‘The Case for Universal Cloth Mask Adoption & Policies to Increase the Supply of Medical Masks for Health Workers’ 

White paper jointly authored by seven professors at Yale, including economists, statisticians, and MDs:

We estimate that the benefits of each additional cloth mask worn by the public are conservatively in the $3,000-$6,000 range due to their impact in slowing the spread of the virus. The benefits of each medical mask for healthcare personnel may be hundreds of times larger, and there is an ethical imperative to safeguard frontline healthcare workers. We must both encourage universal mask adoption and deal with the urgent policy priority that front-line healthcare workers face shortages of personal protective equipment, such as N95 respirators and surgical masks.

Twitter thread from lead author Jason Abaluck:

We have very good evidence that universal adoption of cloth masks will combat the spread of the virus. Specifically, we know that 1) asymptomatic people spread the virus, 2) mask wearing by infected people prevents them from transmitting the virus (the report provides citations).

How large are the benefits? Even if masks reduce transmission probabilities by only 10% (and as you’ll see, that is likely very conservative), the value of each cloth mask is between $3,000 and $6,000. Our best estimate is that their protective value is closer to 40-50%.

These estimates are of course sensitive to the assumptions made in the underlying epidemiological models. But even if those models overstate mortality risk by a factor of TEN, each cloth mask conservatively generates $300 in value!

Basically: even if cloth masks only reduce the rate of transmission a little (say 10%), every single one worn is incredibly valuable. And the current best estimates are that cloth masks in fact reduce transmission by 40-50%.

Both the paper and Abaluck’s tweet thread are worth reading in full. But the takeaways are: make cloth masks and wear them if and when you must venture out; reserve all medical-grade masks for health workers.

And I’ll add this: it’s humiliating that the richest nation in the history of civilization has no supply of paper fucking surgical masks. We should be handing them out like candy but we can’t.

CDC Recommends Face Masks for All Americans, Trump Undermines Message While Announcing It 

Addy Baird and Miriam Elder, reporting for BuzzFeed News:

The Centers for Disease Control and Prevention called for all Americans to wear face coverings in public to help stop the spread of the coronavirus Friday, pushing for people to wear cloth coverings like a bandana or a scarf.

Announcing the move at his daily briefing, President Trump undermined the recommendation of his experts by emphasizing that it was voluntary and he would not be wearing one.

“So it’s voluntary, you don’t have to do it,” he said. “They suggest it for a period of time. This is voluntary, I don’t think I’m gonna be doing it.”

This fucking guy.

In the recommendation published online Friday, the CDC said that because the virus can “spread between people interacting in close proximity,” they would recommend “wearing cloth face coverings in public settings where other social distancing measures are difficult to maintain (e.g., grocery stores and pharmacies) especially in areas of significant community-based transmission.”

I implore all of you, get on board with Team Face Mask. Stay at home, wash your hands, use hand sanitizer, keep your distance from others when out, and, when out, wear a face mask. Every thing we can do helps, and wearing a mask helps.

‘Dilettantism Raised to the Level of Sociopathy’ 

Michelle Goldberg, in her column for The New York Times:

Kushner has succeeded at exactly three things in his life. He was born to the right parents, married well and learned how to influence his father-in-law. Most of his other endeavors — his biggest real estate deal, his foray into newspaper ownership, his attempt to broker a peace deal between the Israelis and the Palestinians — have been failures.

Undeterred, he has now arrogated to himself a major role in fighting the epochal health crisis that’s brought America to its knees. “Behind the scenes, Kushner takes charge of coronavirus response,” said a Politico headline on Wednesday. This is dilettantism raised to the level of sociopathy.

The Times seems unsure how to headline this column. Right now on the web it’s running as “Putting Jared Kushner In Charge Is Utter Madness”. The <title> element in the page’s HTML (which, as I’ve noted several times in the past, often don’t change in many CMSes) is the rather anodyne “Jared Kushner Will Not Save Us From the Coronavirus”.

But when it first hit Twitter earlier today, the headline read “Jared Kushner Is Going to Get Us All Killed”.

The French Pronunciation of Letter ‘U’ 

In my piece yesterday on the Amazon/Apple deal with Prime Video and Apple TV, I snuck in this sidenote regarding the French video service Canal+:

(So the “+” is pronounced plooce, not pluss.)

I heard from a bunch of French readers that the French hard U doesn’t sound anything like oo in English. Alas, looking into it, the French hard U doesn’t sound like anything in English. Maybe I should’ve spelled my phonetic approximation pleuse (like deuce), but given my hopelessly U.S.-English-centric ears, I should probably just give up.

2020 iPad Models Now Feature Hardware Microphone Disconnect 

From Apple’s updated Platform Security Guide:

All Mac portables with the Apple T2 Security Chip feature a hardware disconnect that ensures the microphone is disabled whenever the lid is closed. On the 13-inch MacBook Pro and MacBook Air computers with the T2 chip, and on the 15-inch MacBook Pro portables from 2019 or later, this disconnect is implemented in hardware alone. The disconnect prevents any software — even with root or kernel privileges in macOS, and even the software on the T2 chip — from engaging the microphone when the lid is closed. (The camera is not disconnected in hardware, because its field of view is completely obstructed with the lid closed.)

iPad models beginning in 2020 also feature the hardware microphone disconnect. When an MFI compliant case (including those sold by Apple) is attached to the iPad and closed, the microphone is disconnected in hardware, preventing microphone audio data being made available to any software — even with root or kernel privileges in iPadOS or in case the firmware is compromised.

That first paragraph above is not new; the second paragraph obviously is. This is what it looks like when a company is focused on security as an utmost priority. (Via DJ Capelis.)


Amazon and Apple Strike Deal for Prime Video In-App Purchases and Subscriptions

Benjamin Mayo, writing for 9to5Mac yesterday:

In a significant shift, the Amazon Prime Video app on iOS and Apple TV now features a built-in content store. This means users can now buy or rent TV shows and movies directly inside the app on Apple platforms. The change was first spotted by The Verge.

For the longest time, Amazon did not support this because of Apple’s App Store rules which require the developer to use Apple’s In-App purchase system for digital content and give 30% of the revenue to Apple. The app now seems to use Amazon payment method if you have a card on file, otherwise it uses Apple In-App Purchase.

I’ve been digging into this since the news broke, and I think it’s even more significant than Mayo suggests. It’s not about whether Amazon has a credit card on file for your account — it’s about whether you’re already a Prime subscriber.

Here’s Apple’s official statement, which I was given yesterday:

Apple has an established program for premium subscription video entertainment providers to offer a variety of customer benefits — including integration with the Apple TV app, AirPlay 2 support, tvOS apps, universal search, Siri support and, where applicable, single or zero sign-on. On qualifying premium video entertainment apps such as Prime Video, Altice One and Canal+, customers have the option to buy or rent movies and TV shows using the payment method tied to their existing video subscription.

I’ve never heard of Altice One prior to this (it’s a regional cable provider), and Canal+ I only know as a service popular in France. (So the “+” is pronounced plooce, not pluss.) So while Apple is technically correct that this program isn’t new, with the addition of Prime Video it’s effectively new to most of us.

Here’s how it seems to work.

First, Amazon’s Prime Video app only works if you’re signed in with an Amazon account. You can create a new account in the app, but you need to be signed in. (Screenshot.) I’m using app, singular, and showing screenshots from iOS, but everything here applies equally to the Prime Video apps for both iOS, iPadOS, and tvOS.

If Your Amazon Account Has an Existing Prime Subscription

If you already subscribe to Prime (full Prime or just Prime Video), when you rent or purchase a movie in the app, the transaction is now handled by Amazon, using your credit card on file with Amazon. This is, in plain English, an in-app purchase insofar as you are making a purchase within the app, but it is not an Apple In-App Purchase. The interface is Amazon’s, and the transaction is processed by Amazon.

.

Amazon’s permission to do this — to process credit card transactions on its own, right in the app — is new as of yesterday. And while Altice One and Canal+ have apparently been in the same program for some time, for most of us this is unprecedented. Apple’s insistence that all in-app purchases of digital content go through Apple’s official In-App Purchase mechanism — giving Apple its significant cut of each transaction — has been so steadfast ever since the inception of the App Store in 2008 that many observers genuinely wondered if Amazon had gone rogue yesterday, and was doing this without Apple’s permission, hoping to provoke a high-stakes fight.

But this is completely sanctioned by Apple. If you have an existing Prime account — one you signed up for at Amazon’s website — you can now purchase and rent movies and TV shows in the Prime Video app directly through Amazon. Apple doesn’t see a dime.

If Your Amazon Account Does Not Have a Prime Subscription

If the Amazon account you’re signed into does not have a Prime subscription, you can purchase or rent movies in the Prime Video app, and they will be processed as Apple In-App Purchases. This is true even if Amazon has a credit card on file for your account. If you are not subscribed to Prime, in-app purchases are Apple’s In-App Purchases.

.

That’s not even the most interesting part. If you don’t subscribe to Prime, you can subscribe to Prime Video in-app for $9/month and it’s an Apple iTunes subscription. Apple gets a cut and your subscription to Prime Video is managed like any other iTunes subscription.

.

You get the same one-month free trial, and pay the same $9/month price thereafter, that you get when you sign up for Prime Video directly on Amazon.com. And it’s a full cross-platform Prime Video account — you can use it to watch Prime Video content on the web, on Android devices — anywhere.

On Amazon’s website, if you go to Prime Video → Settings, it is very clear that your account is managed through iTunes, and Amazon provides a very clear “Edit in iTunes” button.

.

On MacOS 10.15 Catalina, clicking the “Edit in iTunes” button takes you to the subscriptions management section of your account settings in Apple’s Music app; on iOS, it takes you to the subscriptions management section in the iTunes Store app.

In the Payment Settings section pictured above on Amazon’s website, you can add a credit card payment method for “rentals or purchases”. However, if your Prime Video subscription is through iTunes, in-app purchases on Apple devices will still go through Apple. This payment option only applies when buying or renting movies in Prime Video on non-Apple platforms. (I tested it on the web and Android.)

If you do not have a saved payment method in your Amazon account, when you attempt to purchase or rent a movie in the Prime Video app on Android, you will be prompted for your credit card info.

What Happens If You Sign Up for Full-Fledged Prime If You’re Subscribed to Prime Video Via iTunes

There are two ways to get Prime Video content: a full-fledged Prime subscription (which includes all the free/discounted shipping benefits from real-world Amazon purchases, Amazon Music, etc.) or a Prime Video subscription. Full-fledged Prime costs $13/month; Prime Video costs $9/month. So what happens if you subscribe to Prime Video through iTunes, but subsequently decide to upgrade to a full-fledged Prime subscription at Amazon?

Well, you don’t really get to “upgrade”. You subscribe to Prime at Amazon.com as though you’re altogether new to Prime. You must have a saved credit card on your account, and after your one-month trial, you’ll be charged the full $13/month in addition to your existing $9/month iTunes subscription to Prime Video.

When you then visit your Prime Video settings — either on Amazon’s website or in the Prime Video app — Amazon displays a prominent warning in red: “You might be charged twice for Prime Benefits.” (Screenshots: web and app.)

The Quid Pro Quo

Let’s return to Apple’s statement on this program:

Apple has an established program for premium subscription video entertainment providers to offer a variety of customer benefits — including integration with the Apple TV app, AirPlay 2 support, tvOS apps, universal search, Siri support and, where applicable, single or zero sign-on.

What Apple is saying here is that for a video subscription service — pardon me, a premium video subscription service — to qualify for this program, the service has to support all of Apple’s features for video content apps: AirPlay 2 support, a native tvOS app, single sign-on if applicable, universal search and Siri support (so if you search in the TV app for a show or movie, results from Amazon Prime Video show up). This includes integration with the TV app for features like Up Next — start watching a TV series in Prime Video and when you go to Apple’s TV app (on any device) your next episode should appear in Up Next. Supporting all of these features is a lot of work, and Amazon has done it all.

So the deal seems to be this:

  • The Prime Video app supports every feature that makes a third-party subscription video service a first-class citizen in Apple’s multi-device TV ecosystem.
  • For users with existing Prime subscriptions, or new subscriptions made on Amazon’s website, Amazon now gets to bill them directly for movie rentals and purchases made in the app, giving Apple no cut of the transactions.
  • Users can subscribe to Prime Video in-app using an iTunes subscription, giving Apple a recurring cut, and leaving subscription management in Apple’s hands.
  • For users without a Prime subscription, or with a Prime subscription made through the app, Amazon now bills them for purchases and rentals through Apple’s In-App Purchase mechanism, giving Apple a cut.

Why would Apple agree to this? Financially, Apple now gets a cut of some Prime Video rentals and purchases, and a recurring cut of new Prime Video subscriptions made in-app. And Apple TV users get all the benefits from the Prime Video app supporting AirPlay 2, universal search, and integration with the TV app that Apple is trying to make the default interface for watching shows and movies. Prior to this deal, Apple made nothing from Prime Video — it was a free app with no in-app purchases, and there was no way to subscribe to Prime Video through iTunes.

Why would Amazon agree to this? Amazon now gets to sell movies and TV shows directly in the Prime Video app for iOS and tvOS users. For existing Prime subscribers, they get to keep all of the money from these purchases and rentals. The tricky question is why would Amazon agree to allow people to subscribe to Prime Video through iTunes, giving Apple a cut of the recurring subscription. Apple’s standard terms for subscriptions are a 70/30 percent split for the first year, and 85/15 thereafter. I would bet that Amazon negotiated more favorable terms than this, but no one but Amazon and Apple know that. (It is widely understood that Netflix negotiated more favorable terms with Apple back when Netflix supported subscriptions through iTunes — they had an 85/15 split for the first year, too.) But even if Amazon is getting the standard 70/30-then-85/15 terms — I doubt that, but let’s just say even if they are — I can see why they’d agree to it if they think they’ve already saturated the potential market for Prime subscribers they can get on their own.

If their new sign-ups for Prime are tapering off in the U.S. — which seems very possible, given how popular Prime is and how long it’s been around — any new subscriptions they can get through in-app iTunes subscriptions may well be worth the recurring cut Apple will take. There’s practically zero risk that any existing Prime Video subscribers are going to cancel just to resubscribe using iTunes, and even less risk that any full-fledged Prime subscribers would downgrade to Prime Video only. It’s all upside for Amazon, even with Apple’s cut of in-app transactions.

It’s a win for Apple, a win for Amazon, and a win for users in the Apple TV ecosystem.

Amazon has, effectively, pulled a reverse Netflix


Regarding Zoom

Joseph Cox, reporting for Motherboard last week:

As people work and socialize from home, video conferencing software Zoom has exploded in popularity. What the company and its privacy policy don’t make clear is that the iOS version of the Zoom app is sending some analytics data to Facebook, even if Zoom users don’t have a Facebook account, according to a Motherboard analysis of the app. […]

“That’s shocking. There is nothing in the privacy policy that addresses that,” Pat Walshe, an activist from Privacy Matters who has analyzed Zoom’s privacy policy, said in a Twitter direct message.

Zoom subsequently removed the Facebook integration code and fast-tracked an update to the App Store. But still. This is a company with a history of playing fast and loose with privacy and security. You may recall last summer, when it came to light that the Mac version of Zoom secretly installed a web server, which remained installed and running even if you deleted the Zoom app from your machine. Shockingly, this enabled a security exploit that allowed hackers to take control of your Mac’s camera — the sort of privacy nightmare scenario that leads folks to tape over their cameras. Zoom called this hidden unremovable-through-normal-means web server a feature, not a bug. The bug was so insidious that Apple had to push a silent MacOS update to remove Zoom’s hidden web servers.

I wrote at the time:

I’m not prone to histrionics but this is genuinely outrageous — not even to mention the fact that Leitschuh reported this to Zoom months ago and Zoom effectively shrugged its corporate shoulders.

If you ever installed Zoom, I’d go through the steps to eradicate it and never install it again.

This Facebook data issue is nowhere near as bad as the web server issue. But it betrays Zoom’s institutionally cavalier attitude to privacy. Their privacy policy more or less grants them carte blanche to do whatever the hell they want.

Mistakes happen. Bugs happen. I not only forgive mistakes, I enjoy forgiving mistakes. But Zoom’s callous disregard for privacy does not seem to be a mistake. As Zoom itself said about the hidden web server they secretly installed on Macs, it’s a feature not a bug.

Alas, Zoom’s video conferencing technology is best of breed, and because Zoom is easy to use and the quality is so high, it is exploding in popularity now that the whole world is working and socializing remotely. All of the following can be — and I believe are — true: Zoom is popular, useful, and by their own admission not trustworthy.

If you must use Zoom or simply want to use it, I highly recommend using it on your iPad and iPhone only.1 The iOS version is sandboxed and reviewed by the App Store. The Mac version of Zoom is not available through the App Store, which makes me trust it not a bit. Much of the Mac software I rely on every day is not from the App Store — but all of it comes from developers I trust, who have proven reputations.

Zoom is not on that list.

Update: On the Mac, Zoom requires the use of an installer, and Zoom’s installer experience is… not confidence inspiring. The entire installation takes place during the preflight stage of the installation. Again, that’s clearly not an oversight or honest mistake. Everyone knows what “preflight” means. It’s a complete disregard for doing things properly and honestly on Zoom’s part. There’s no way to check what files will be installed and where before their installer has gone ahead and installed them. (Hacker News thread with details.)

Update 2: Zoom also has a web version, with fewer features than the desktop app. If you need to use Zoom from your Mac, try that — using a private browser window — before you download and install their app.

In closing, I’ll turn the virtual mic over to Doc Searls, who wrote this in the closing paragraphs of the first of a series of posts on Zoom and privacy:

Here’s the thing: Zoom doesn’t need to be in the advertising business, least of all in the part of it that lives like a vampire off the blood of human data. If Zoom needs more money, it should charge more for its services, or give less away for free. Zoom has an extremely valuable service, which it performs very well — better than anybody else, apparently. It also has a platform with lots of apps with just as absolute an interest in privacy. They should be concerned as well. (Unless, of course, they also want to be in the privacy-violating end of the advertising business.)

What Zoom’s current privacy policy says is worse than “You don’t have any privacy here.” It says, “We expose your virtual necks to data vampires who can do what they will with it.” 


  1. It’s worth noting that iPhones and iPads have much better front-facing cameras than any MacBook — you’ll look better on Zoom using one. ↩︎


Curse Words

Cursor is an overloaded term. There are two discrete elements of modern computing that we loosely refer to as “cursors”:

  • The icon that moves around on the screen that you control with your mouse or trackpad.
  • The vertical bar that blinks in a text editing field to indicate where typed characters will appear.

For clarity, it’s best not to refer to either of these things as cursors. Instead:

  • Mouse/trackpad pointer.
  • Insertion point.

This terminology has been slightly confusing over the last week, since Apple’s surprise announcement of pointer support in iPadOS 13.4. In their marketing materials, Apple is calling pointers “cursors”. E.g, on the webpage for the refreshed iPad Pros:

The click-anywhere trackpad opens up a whole new way to work in iPadOS. It allows control of the new cursor in iPadOS, which is perfect for tasks like editing a spreadsheet, selecting text, or simply doing everything right from the trackpad.

From the Apple Newsroom announcement:

iPadOS 13.4 brings trackpad support to iPad for the first time for a more natural typing experience and added precision for tasks such as writing and selecting text, working with spreadsheets and pro workflows. Designed specifically for the touch-first experience on iPad, the cursor appears as a circle that highlights user interface elements, text fields and apps on the Home screen and Dock, giving a clear indication of what users can click on.

In neither of these cases is cursor ambiguous — in context, it’s completely clear they’re referring to the trackpad pointer. But as a general rule, it’s better to err on the side of precision, and pointer and insertion point always avoid ambiguity.

In its technical documentation, Apple is clear. In the updated Human Interface Guidelines:

Pointers (iPadOS)

iPadOS 13.4 introduces dynamic pointer effects and behaviors that enhance the experience of using a pointing device with iPad. As people use a pointing device, iPadOS automatically adapts the pointer to the current context, providing rich visual feedback and just the right level of precision needed to enhance productivity and simplify common tasks.

The iPadOS pointing system gives people an additional way to interact with apps and content — it doesn’t replace touch. Some people may continue to use touch only, while others may prefer to use the pointer or a combination of both. Let people choose how to interact with your app, and avoid condensing your interface or making changes that require them to use the pointer.

From Apple’s excellent Apple Style Guide (available free of charge in the Apple Books store):

cursor
Don’t use in describing the macOS or iOS interface; use insertion point or pointer, depending on the context. The term cursor is appropriate when you describe the VoiceOver interface and may be appropriate when you describe other interfaces and in developer materials.

“Other interfaces” would include the terminal/command-line, where the (perhaps) blinking insertion point is properly called the cursor.

When it comes to pointers, it’s worth noting the Apple Style Guide recommends getting specific:

pointer
OK in general references, but be specific whenever appropriate: arrow, crosshair, I-beam.

And, of course, the Apple Style Guide prescribes OK, never okay