By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: February 19, 2013

Tuesday, 19 February 2013

OAuth and Changing Your Twitter Password ★

Brent Simmons:

When Twitter was recently hacked, I was among those who got an email saying I was affected. So I changed my password.

But here’s what I’ve noticed: changing my password does not cause any of the Twitter clients on my iPhone to ask me again for authentication. They just keep working normally. […]

I understand that OAuth is a security win in some ways. But implementors should, I think, be mindful of what normal people expect — which is that changing your password locks out every app until you re-authenticate.

Innovation Through Simplicity ★

“iHKDesign” ably responds to this jacktastic CNN piece by Steve Kovach, arguing that Samsung is “out-innovating” Apple. This bit (from Kovach) caught my eye:

Based on all this evidence, Apple feels behind. Take a look at its newest fourth-generation iPad. It has a killer processor and other great hardware features, but the operating system doesn’t take advantage of any of that. The home screen is still just a grid of static icons that launch apps.

Kovach’s whole piece is inane, but the above criticism — that iOS’s home screen is behind because it’s “just a grid of static icons” — is one I’ve seen from other, more reasonable critics. Such a mindset completely ignores simplicity and obviousness as benefits. The utter simplicity and obviousness of the iOS “system”, from a user’s standpoint, is arguably the primary reason iPhones and iPads are so popular. Is such simplicity for everyone? No. Is it suitable for all computers? No. But it is both comforting and comfortable for everyone who’s spent the last two decades more confused than not by their computers.

The utter simplicity of the iOS home screen is Apple’s innovation. It’s the simplest, most obvious “system” ever designed. It is a false and foolish but widespread misconception that “innovation” goes only in the direction of additional complexity.

Removing Duplicates From the Finder’s ‘Open With’ Menu ★

Nice tip from Dr. Drang.

Google’s War Against Account Hijackers ★

Google security engineer Mike Hearn:

With stolen passwords in hand, attackers attempt to break into accounts across the web and across many different services. We’ve seen a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time. A different gang attempted sign-ins at a rate of more than 100 accounts per second. Other services are often more vulnerable to this type of attack, but when someone tries to log into your Google Account, our security system does more than just check that a password is correct.

If a sign-in is deemed suspicious or risky for some reason — maybe it’s coming from a country oceans away from your last sign-in — we ask some simple questions about your account. For example, we may ask for the phone number associated with your account, or for the answer to your security question. These questions are normally hard for a hijacker to solve, but are easy for the real owner. Using security measures like these, we’ve dramatically reduced the number of compromised accounts by 99.7 percent since the peak of these hijacking attempts in 2011.

iPhoneDevSDK ★

Mike Isaac has identified the site responsible for the recent spate of hacking exploits against Apple, Facebook, and Twitter:

The site is called iPhonedevSdk, according to sources close to the Facebook hacking investigation. After Facebook employees visited the mobile development site in recent weeks, malicious code injected into the HTML of the site used an exploit in Oracle’s Java plugin to infect employee laptops, as the company divulged last Friday. […]

Of note: Do not visit this site, as it may continue to be compromised. While it’s potentially risky to publicize the web site, AllThingsD is providing the name to inform readers, mobile developers and organizations interested in mobile development in order to keep them from becoming infected.

The site has a Twitter account, but hasn’t posted since June.

Gender Divide in Tablet Size ★

Darren Murph, writing from the AllThingsD Dive Into Media conference:

Kafka then asked about the subscription split, and where the iPad fit into that mix. Carey’s response? “The iPad is the dominant player, because the volume is there. What Barnes & Noble and Amazon figured out early was the 7-inch screen. Our men’s products did well on the 10-inch iPad, but our women’s products did not. But, they did really well on the 7-inch units — something that you can easily slip into your purse. We saw the 7-inch devices having more traction with women, while the larger 10-inch devices had more traction with men. We’re really happy that Apple introduced the iPad mini, and we’re awaiting the most recent numbers on how our publications are doing on that.” When Kafka specifically asked about Android traction, Carey added: “Google Play isn’t the biggest storefront at this point, but we want to work with everyone.”

New York City MTA Graphic Standards Manual ★

Joe Clark:

This style manual, written by Massimo Vignelli and Bob Noorda for Unimark, is the sword in the stone of transit wayfinding manuals.

Brilliant.

Andrew Kim’s Sony RX1 Review ★

Another good review.

Reuters: Apple Hit by Hackers Who Targeted Facebook Last Week ★

Jim Finkle and Joseph Menn:

Apple, which is working with law enforcement to track down the hackers, told Reuters that only a small number of its employees’ Macintosh computers were breached, but “there was no evidence that any data left Apple.”

The iPhone and iPad maker said it would release a software tool later on Tuesday to protect customers against the malicious software used in the attacks.

The recent Java exploit is the root of these recent attacks.

Update: A bit more detail, in a statement Apple provided to Jim Dalrymple at The Loop.

HTC One’s Camera ★

Alexandra Chang, writing for Wired Gadget Lab:

The most exciting is “Zoe” mode (from which the camera gets its name). Zoe lets you take full-resolution videos while simultaneously taking full-resolution still photos in burst mode. Shoot a video and the camera is taking photos for you. […]

This is by far the most useful addition to a smartphone camera. You can return to a video and literally scroll through the images, select one and save it to your camera roll or share it. Instead of pulling a low-res screenshot, you can pull a full-res photo of the exact moment you want.

Sounds like a great feature. Interesting too, that HTC has gone with fewer but bigger pixels on the camera sensor — this almost certainly makes for better images, but at the expense of a lower megapixel count.

Sounds Familiar ★

Dan Seifert of The Verge, on HTC’s new flagship One phone (sporting a 4.7-inch 1920 x 1080 display with a remarkable 468 pixels-per-inch density):

But instead of having a soft-touch plastic body, the One features an all aluminum design that is not unlike the iPhone 5 […]

But how do the antennas work if the casing is aluminum? Matt Brian at The Next Web writes:

Developing the One, HTC has opted for an all metal unibody chassis that measures 9mm at its thickest point. Not only does it feel sturdy in the hand, the company says it has been able to use 12 years of R&D to incorporate all its antennae into the metal, using a complex system of patented technologies to automatically utilise antennae not obscured by your hand when you use it.

Back to The Verge:

Oddly enough, HTC felt that the three capacitive buttons that it used on its 2012 Android phones were one too many, and it has pared it down to just two for the One (one on each side of the HTC logo below the display). The button that got the axe is the multitasking key, which HTC believes is not used by most Android customers. We tend to disagree on how important the dedicated multitasking key is (as would most of our readers, we imagine), but HTC has now buried the function behind a double-tap of the home key. Similarly hidden is Google Now, which requires you to long press on the home button.

Aluminum casing with antennas integrated in the exterior? Long press the home button to get a voice-driven interface, double-tap the home button to bring up the multitasking switcher? Can’t quite put my finger on where I’ve seen these things before.

Unit 61398: The Computer-Hacking Division of China’s Military ★

The NYT reports:

An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.

“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”

Samsung SodaStream Refrigerator ★

First time I’ve ever been excited about a new product from Samsung.

James Duncan Davidson Reviews the Sony RX1 Camera ★

James Duncan Davidson:

The Sony RX1 is as expensive as a full-frame SLR, yet small enough to fit in a jacket pocket or a smallish bag or purse with ease. It pairs one of the best full-frame sensors made to date with an amazing lens that has few peers, yet carries a commodity Cyber-shot label. From more than a few feet away, it looks fairly ordinary. Maybe even quaint. Close-up and in hand, however, the fit and finish is exquisite. It’s a study in juxtapositions.

I got to use one for an hour or so last month; it’s a remarkable camera.

Google Reportedly Planning Retail Stores ★

Nice scoop by Seth Weintraub:

An extremely reliable source has confirmed to us that Google is in the process of building stand-alone retail stores in the U.S. and hopes to have the first flagship Google Stores open for the holidays in major metropolitan areas.

The mission of the stores is to get new Google Nexus, Chrome, and especially upcoming products into the hands of prospective customers.

The WSJ backed up the story yesterday.