Linked List: February 26, 2016

Friday, 26 February 2016

My thanks to Nucleobytes for sponsoring this week’s DF RSS feed. Nucleobytes is a fascinating company. They specialize in creating Mac and iOS software for scientists and researchers, and they do it with great style — their apps have won multiple Apple Design Awards.

Their latest creations are two apps for researchers, useful for anyone who researches anything from lab results, cooking recipes, or research for blog posts: Manuscripts and Findings.

Manuscripts is a writing tool that helps you concentrate on your story. Outline, plan and edit your project, insert figures, tables and math, then format citations using a killer workflow. Manuscripts supports both importing and exporting Markdown, Word, LaTeX, and HTML.
Findings is a lab notebook app that helps you keep a journal of your research, connected to notes, photos, and files. Plan your week, track progress, and share your findings with your colleagues or the world.

Try the free basic versions, and use coupon DARINGFIREBALL for a special discount on the unlimited versions, this week only. (They have an even better offer for students.)

Donald Trump Vows to ‘Open Up’ Libel Laws ★

Hadas Gold, writing for Politico:

During a rally in Fort Worth, Texas, Trump began his usual tirade against newspapers such as The New York Times and The Washington Post, saying they’re “losing money” and are “dishonest.” The Republican presidential candidate then took a different turn, suggesting that when he’s president they’ll “have problems.”

“One of the things I’m going to do if I win, and I hope we do and we’re certainly leading. I’m going to open up our libel laws so when they write purposely negative and horrible and false articles, we can sue them and win lots of money. We’re going to open up those libel laws. So when The New York Times writes a hit piece which is a total disgrace or when The Washington Post, which is there for other reasons, writes a hit piece, we can sue them and win money instead of having no chance of winning because they’re totally protected,” Trump said.

Not worrisome at all. No sir.

Most Android Phones Are Not Encrypted ★

Jose Pagliery, writing for CNN Money:

Although 97% of Android phones have encryption as an option, less than 35% of them actually got prompted to turn it on when they first activated the phone. Even then, not everybody chooses that extra layer of security.

A Google spokesman said that encryption is now required for all “high-performing devices” — like the Galaxy S7 — running the latest version of Android, Marshmallow. But only 1.2% of Android phones even have that version, according to Google.

By comparison, most Apple products are uniformly secure: 94% of iPhones run iOS 8 or 9, which encrypt all data. Apple (AAPL, Tech30) makes its devices, designs the software, and retains full control of the phone’s operating system.

“If a person walks into a Best Buy and walks out with an iPhone, it’s encrypted by default. If they walk out with an Android phone, it’s largely vulnerable to surveillance,” said Christopher Soghoian, the principal technologist at the American Civil Liberties Union.

Google is moving in the right direction, but here’s an area where the slow uptake of new versions of Android has a serious effect.

9to5Mac: ‘Apple Likely to Drop the “5”, Call New 4-Inch Model the “iPhone SE”’ ★

Mark Gurman:

In January, we reported that Apple is preparing a new 4-inch iPhone that is essentially 2013’s iPhone 5s with upgraded internals. At the time, we heard that Apple would call the device the “iPhone 5se” based on it being both an enhanced and “special edition” version of the iPhone 5s. Now, we are hearing that Apple appears to be going all in on the special edition factor: sources say that Apple has decided to drop the “5” from the device’s name and simply call it the “iPhone SE.” This will mark the first iPhone upgrade without a number in its name and would logically remove it from a yearly update cycle.

A few points:

Apple was never going to call this phone the “5 SE”. I don’t know where Gurman got that, but that was never going to happen. Why would Apple give a new phone a name that makes it sound old?
Isn’t it more accurate to think of this as an iPhone 6S in a 4-inch body than as an iPhone 5S with “upgraded internals”? Other than the display, aren’t the “internals” the defining characteristics of any iPhone?
Dropping the number entirely fits with my theory that this phone is intended to remain on the market for 18-24 months.

Gogo Wi-Fi and Email Security ★

Reporter Steven Petrow published a scary first-hand tale in USA Today, claiming that his email was hacked by another passenger on a Gogo-enabled flight. The implication was that you shouldn’t use email on Gogo unless you’re using a VPN.

But Petrow’s email didn’t get intercepted because of some flaw with Gogo. It got intercepted because he wasn’t connecting to the POP or SMTP servers via SSL. In fact, his email provider, Earthlink, doesn’t even support SSL for email.

Robert Graham at Errata Security explains:

Early Internet stuff wasn’t encrypted, because encryption was hard, and it was hard for bad guys to tap into wires to eavesdrop. Now, with open WiFi hotspots at Starbucks or on the airplane, it’s easy for hackers to eavesdrop on your network traffic. Simultaneously, encryption has become a lot easier. All new companies, those still fighting to acquire new customers, have thus upgraded their infrastructure to support encryption. Stagnant old companies, who are just milking their customers for profits, haven’t upgraded their infrastructure.

You see this in the picture below. Earthlink supports older un-encrypted “POP3” (for fetching email from the server), but not the new encrypted POP3 over SSL. Conversely, GMail doesn’t support the older un-encrypted stuff (even if you wanted it to), but only the newer encrypted version.

Gogo is far from perfect, but it certainly wasn’t at fault in this case.

Update: Like a lot of you, I’m not even sure I buy the whole story. Whole thing seems fishy.