Linked List: October 2018

Blind Taste Test Between iPhone XR and Xiaomi Pocophone F1 Displays 

Jonathan Morrison set up a blind display comparison between the iPhone XR and Xiaomi Pocophone. Both displays are 6.1 inches, both are LCDs, but the Pocophone is 1080p (1080 x 2246 pixels, 403 PPI) and the XR is not (1792 x 828, 326 PPI).

Rene Ritchie on iPhone XR vs. XS Displays 

Good explanation from Rene Ritchie on the many nuances involved comparing the iPhone XS and XR displays. It’s a lot more complicated than “OLED is better”, and it’s just plain nonsense that the 326 pixels per inch is not enough to make for a great display.

New Tech Talk Has Developer Info on New iPad Pros 

Apple Developer

Take advantage of the all-screen design of the new iPad Pro by building your app with the iOS 12.1 SDK and making sure it appears correctly with the display’s rounded corners and home indicator. Learn about the new common inset compatibility mode and what it means for apps running in multitasking mode. Find out how to provide support for Face ID and for the second generation Apple Pencil with its double-tap feature.

One change is that these new iPads don’t have a 4:3 (1.33:1) aspect ratio. The aspect ratio is 199:139, which works out to about 1.43:1 — a little wider in landscape than 1.33:1.

The video also has a great overview of the ways third-party apps can use the double-tap gesture on the new Apple Pencil.

Update: Another good video: “Designing for iPad Pro and Apple Pencil”.

Undocumented API in Google Home Devices Is Easily Exploitable 

Jerry Gamblin:

I am genuinely shocked by how poor the overall security of these devices are, even more so when you see that these endpoints have been known for years and relatively well documented.

I usually would have worked directly with Google to reboot these issues if they had not previously disclosed, but due to the sheer amount of prior work online and committed code in their own codebase, it is obvious they know.

Very strange — you can cause any of these devices to reboot or forget their wireless network with a simple curl one-liner. You have to be on the same local network, but still.

Buy USB-C to 3.5 MM Headphone Jack Adapter 

$9, same price as the Lightning version. (The new headphone-jack-less iPad Pros don’t come with one.)

Fifty Years of BASIC, the Language That Made Computers Personal 

Harry McCracken, in a nice feature for Time:

It was huge news among the small number of people who could be called computer nerds at the time — people like Paul Allen, who was working as a programmer for Honeywell in Boston.

When he bought a copy of the January 1975 issue of Popular Electronics at the Out of Town newsstand in Harvard Square, with the Altair on the cover, he and an old friend — a Harvard sophomore named Bill Gates — got excited. Immediately, they knew they wanted to try to make the Altair run BASIC, a language they’d both learned in its original timeshared-via-Teletype form at the Lakeside School in Seattle.

Actually, Allen had been ruminating about the possibility of building his own BASIC even before he knew about the Altair. “There hadn’t been attempts to write a full-blown programming language for a microprocessor,” he explains. “But when the chips leading up to the 8080 processor became available, I realized we could write a program for it that would be powerful enough to run BASIC.”

For those of us of a certain age, a BASIC prompt was what you’d expect to see when you turned any computer on.

Halide and Focal Depth on iPhone XR 

Ben Sandofsky:

Now we get to do that again: Halide 1.11 will let you take Portrait mode photos of just about anything, not just people.

We do this by grabbing the focus pixel disparity map and running the image through our custom blur. When you open Halide on iPhone XR, simply tap ‘Depth’ to enable depth capture. Any photo you take will have a depth map, and if there’s sufficient data to determine a foreground and background, the image will get beautifully rendered bokeh, just like iPhone XS shots.

You’ll notice that enabling the Depth Capture mode does not allow you to preview Portrait blur effect or even automatically detect people. Unfortunately, the iPhone XR does not stream depth data in realtime, so we can’t do a portrait preview. You’ll have to review your portrait effects after having taken the photo, much like the Google Pixel.

I’m so glad Halide offers this, but I can see why Apple hasn’t enabled it for non-human subjects in the built-in Camera app. It’s hit or miss. But when it hits it can look great. What you want to do is let Halide handle the focus blurring; if you don’t like the result, disable “Depth” for that shot in Halide.

With frequent updates and support for the latest iPhone hardware, Halide has established itself as an essential app for serious iPhone photography. Doesn’t hurt that it’s a beautiful app, either.

BMW Executive Says Electric Cars Will Always Cost More Than Conventional Cars 

Filed away for future claim chowder:

Electric vehicles will always be more costly than fuel-burners, according to a senior BMW executive. “No, no, no,” is Klaus Fröhlich’s reply when asked if EVs will ever equal the prices of equivalent conventional cars. “Never.”

Audio Memos Pro 

My thanks to Audio Memos Pro for sponsoring Daring Fireball last week. Audio Memos Pro is the pro voice recorder for iPhone and iPad (and Apple Watch can be used as a remote control). Interviews, lectures, business meetings, even music sessions — Audio Memos is great for recording anything. And it’s not just about recording — Audio Memos Pro lets you keep a library of recordings organized with tags. You can attach photos to recordings, make annotations at time stamps, and more.

Audio Memos just celebrated its 10th anniversary on the App Store. Join the million of users who have recorded with it. Get it before Monday evening and save 10 percent off the regular price.

The Talk Show: ‘I’ll Eat My Hat’ 

Special guest John Moltz returns to the show (finally). Topics include the iPhone XR, next week’s Apple event at the Brooklyn Academy of Music, and more.

Brought to you by these fine sponsors:

  • Squarespace: Make your next move. Use code talkshow for 10% off your first order.
  • RXBAR: Real food that tastes good and is good for you.
  • Prime Video Channels: Create a TV lineup you love from 100+ premium and specialty channels.
Andy Rubin Responds to New York Times Story 

Andy Rubin on Twitter:

The New York Times story contains numerous inaccuracies about my employment at Google and wild exaggerations about my compensation. Specifically, I never coerced a woman to have sex in a hotel room. These false allegations are part of a smear campaign to disparage me during a divorce and custody battle. Also, I am deeply troubled that anonymous Google executives are commenting about my personnel file and misrepresenting the facts.

Donate to The Great Slate 

The Great Slate:

Tech Solidarity is endorsing thirteen candidates for Congress. Each of them is a first-time progressive candidate with no ties to the political establishment, an excellent campaign team, and a clear path to victory in a poor, rural district that is being ignored by the national Democratic Party. None of the candidates takes money from corporations.

In the third quarter of 2018, the Great Slate raised $1.18M for our candidates. Let’s keep the momentum going into the election!

These are great candidates for Congress. No corporate money. Progressive agendas. Ignored (mostly) by the national Democratic Party. And fighting for seats in districts that in years past sometimes didn’t even field a Democratic candidate. Republicans simply ran unopposed.

I’m particularly impressed by Jess King, who is running in district PA-11 in nearby Lancaster, PA. I have close family who live in that district. I don’t just like her as a candidate — I really do think she can win. If you listen to her talk or read what she writes, she sounds like a real human being, not a full of shit politician. Jess King is smart, informed, and empathetic, and she’s out there every day talking to the citizens in her district. She’s held 52 town halls and counting during this election. Her opponent, Rep. Lloyd Smucker (that’s his name, I swear) has not held a single town hall in over 600 days. He is taking his reelection for granted as a supposedly “safe” Republican seat. I say to hell with that, no seat is safe.

Lancaster Online:

King, a former economic development nonprofit director, has raised nearly 100 percent of her funds from individuals while refusing to accept money from corporations’ political action committees.

The majority of Smucker’s funds, meanwhile, have come from PACs representing corporations such as General Electric, Exelon, Koch Industries and Williams, the company that recently built the Atlantic Sunrise pipeline going through Lancaster County.

I’ve donated to The Great Slate before, and today my wife and I donated another $1,000. It’s easy — they even support Apple Pay. By default your contribution is distributed between all 13 candidates, but you can distribute it however you choose if there’s a particular candidate you want to get behind. They’ve set a goal to raise $1,000,000, and they’re currently sitting at $952,154.

I would love to see this link from Daring Fireball help them blow past that goal. If you can give a lot, do it. If you can only give $10, do it! Every single dollar helps — I mean this so sincerely I just used an exclamation point. If you’re feeling like me — anxious about this upcoming election, deeply concerned because the stakes are so high — donating to The Great Slate is one of the most effective ways you can make a difference today.

The Stakes Are Dire 

Josh Marshall, writing at TPM:

As a friend pointed out yesterday, 2016 can be seen as a fluke. A series of perfect storm factors coming together to make Donald Trump President with a minority of the popular vote and razor thin margins in three critical states. 2018, if it’s a winning election for the Republicans, will be a choice. A ratification of everything we’ve seen over the last two years. That will be a reality we’ll all have to contend with for what it says about the state of the country. It will send a signal abroad that this is now the American political reality and unquestionably accelerate all the geo-political processes Trump has spurred or which drove him to the White House in the first place.

A lot of people are calling this election the most important of our lifetimes. That can sound like hyperbole, I know. You can find some people saying the same thing about every election. But I think Marshall puts his finger on it above. 2016 was certainly a momentous election, but there was no consensus on what a Trump presidency would mean. A lot of people voted for Trump arguing that while he said crazy, ignorant, reckless, hateful things, he wouldn’t actually do crazy, ignorant, reckless, hateful things when in office. Now we know, we all know.

If the Republicans hold Congress it will ratify that this is who we are.

China Recommends Trump Switch to Huawei Phone 


Chinese Foreign Ministry spokeswoman Hua Chunying also dismissed the Times story, calling such reports “evidence that the New York Times makes fake news.”

Speaking at a news conference on Thursday, she also offered two suggestions apparently aimed at the Trump administration.

“If they are really very worried about Apple phones being bugged, then they can change to using Huawei,” she said, referring to China’s biggest telecommunications equipment maker.

A nice burn, but if Russia and China really are listening to Trump’s unsecure cell phone calls, they’re almost certainly doing it by tapping the cellular signal or phone network, not by hacking the iPhones he uses. I don’t think the Times story made this clear, but it should have.

Google’s Night Sight Feature for Pixel Cameras Looks Astounding 

Vlad Savov:

Night Sight is the next evolution of Google’s computational photography, combining machine learning, clever algorithms, and up to four seconds of exposure to generate shockingly good low-light images. I’ve tried it ahead of its upcoming release, courtesy of a camera app tweak released by XDA Developers user cstark27, and the results are nothing short of amazing. Even in its pre-official state before Google is officially happy enough to ship it, this new night mode makes any Pixel phone that uses it the best low-light camera.

Some of these results seem impossible. Handheld long exposures are a huge breakthrough.

In a Huff, Google Style 

Andrew Marantz, writing for The New Yorker two years ago about HBO’s Silicon Valley:

During one visit to Google’s headquarters, in Mountain View, about six writers sat in a conference room with Astro Teller, the head of GoogleX, who wore a midi ring and kept his long hair in a ponytail. “Most of our research meetings are fun, but this one was uncomfortable,” Kemper told me. GoogleX is the company’s “moonshot factory,” devoted to projects, such as self-driving cars, that are difficult to build but might have monumental impact. Hooli, a multibillion-dollar company on “Silicon Valley,” bears a singular resemblance to Google. (The Google founder Larry Page, in Fortune: “We’d like to have a bigger impact on the world by doing more things.” Hooli’s C.E.O., in season two: “I don’t want to live in a world where someone makes the world a better place better than we do.”) The previous season, Hooli had launched HooliXYZ, its own “moonshot factory,” whose experiments were slapstick absurdities: monkeys who use bionic arms to masturbate; powerful cannons for launching potatoes across a room. “He claimed he hadn’t seen the show, and then he referred many times to specific things that had happened on the show,” Kemper said. “His message was, ‘We don’t do stupid things here. We do things that actually are going to change the world, whether you choose to make fun of that or not.’ ” (Teller could not be reached for comment.)

Teller ended the meeting by standing up in a huff, but his attempt at a dramatic exit was marred by the fact that he was wearing Rollerblades. He wobbled to the door in silence. “Then there was this awkward moment of him fumbling with his I.D. badge, trying to get the door to open,” Kemper said. “It felt like it lasted an hour. We were all trying not to laugh. Even while it was happening, I knew we were all thinking the same thing: Can we use this?” In the end, the joke was deemed “too hacky to use on the show.”

Via Tom Gara, who quipped, “Whenever there’s a big Google story in the news, I always think of this, the funniest thing ever written about Google.”

Andy Rubin: ‘Being Owned Is Kinda Like You Are My Property, and I Can Loan You to Other People’ 

Daisuke Wakabayashi and Katie Benner have published a scathing exposé in The New York Times on Google’s massive payouts and protection to senior executives credibly accused of sexual misconduct. Like many long reports in The Times, some of the most intriguing details are buried deep in the report. Almost 1,900 words in, is this regarding Andy Rubin:

Mr. Rubin, 55, who met his wife at Google, also dated other women at the company while married, said four people who worked with him. In 2011, he had a consensual relationship with a woman on the Android team who did not report to him, they said. They said Google’s human resources department was not informed, despite rules requiring disclosure when managers date someone who directly or indirectly reports to them.

In a civil suit filed this month by Mr. Rubin’s ex-wife, Rie Rubin, she claimed he had multiple “ownership relationships” with other women during their marriage, paying hundreds of thousands of dollars to them. The couple were divorced in August.

The suit included a screenshot of an August 2015 email Mr. Rubin sent to one woman. “You will be happy being taken care of,” he wrote. “Being owned is kinda like you are my property, and I can loan you to other people.”

How is this buried so deep in the story and not the lede?

Also this:

Mr. Rubin often berated subordinates as stupid or incompetent, they said. Google did little to curb that behavior. It took action only when security staff found bondage sex videos on Mr. Rubin’s work computer, said three former and current Google executives briefed on the incident. That year, the company docked his bonus, they said.

Here’s another story, also buried over 1,100 words deep:

In 2013, Richard DeVaul, a director at Google X, the company’s research and development arm, interviewed Star Simpson, a hardware engineer. During the job interview, she said he told her that he and his wife were “polyamorous,” a word often used to describe an open marriage. She said he invited her to Burning Man, an annual festival in the Nevada desert, the following week.

Ms. Simpson went with her mother and said she thought it was an opportunity to talk to Mr. DeVaul about the job. She said she brought conservative clothes suitable for a professional meeting.

At Mr. DeVaul’s encampment, Ms. Simpson said, he asked her to remove her shirt and offered a back rub. She said she refused. When he insisted, she said she relented to a neck rub.

“I didn’t have enough spine or backbone to shut that down as a 24-year-old,” said Ms. Simpson, now 30.

A few weeks later, Google told her she did not get the job, without explaining why.

This guy still works at Google as a director of Google X.

In-App Purchasing Scams in the App Store 

Apple’s App Store isn’t free from scams, either. John Koetsier, writing for Forbes:

I tried it myself, and the flow is very clear:

  1. Download the app
  2. Open it
  3. Click the big “Start” button (this has small, hard-to-read pricing information, but even though I was testing the app and forewarned, I missed it)
  4. Instantly be taken to an Apple payments confirmation screen: free for three days, and then $3.99/week in perpetuity.

The flow is smart and sneaky. It’s carefully designed to have you “agree” to the charges without having any intention of paying

“Users open the app and quickly tap a ‘Start’ button or ‘Continue’ button on the first page,” she told me via email. “Unfortunately this loads the Apple payment prompt instead of starting the free app as most users would expect. Users then panic and press the home screen to exit the app — unfortunately on fingerprint devices this makes payment or signs up for the free trial.”

Needless to say, $4/week for a very, very, very simple barcode-scanning device is completely ridiculous. $156/year borders on criminal.

Apple has since pulled most of these apps from the App Store, but how did they get there in the first place? I can see how a new app with a malicious IAP scam might slip through review, but once an app is generating tens of thousands of dollars a month, it ought to get a thorough review from the App Store.

The scam outlined above is admittedly pretty clever. I’d never really thought about it before, but the fact that the home button on Touch ID devices serves both as the “Yes I really do want to authorize this payment” verification and the “Get me out of this app and back to the home screen” escape hatch makes it ripe for abuse like this. Face ID doesn’t make X-class iPhones immune from scams, but the requirement that you double-click the side button to verify a payment means you can’t be tricked into doing it inadvertently.

BuzzFeed News: ‘Apps Installed on Millions of Android Phones Tracked User Behavior to Execute a Multimillion-Dollar Ad Fraud Scheme’ 

Craig Silverman, reporting for BuzzFeed News:

One way the fraudsters find apps for their scheme is to acquire legitimate apps through We Purchase Apps and transfer them to shell companies. They then capture the behavior of the app’s human users and program a vast network of bots to mimic it, according to analysis from Protected Media, a cybersecurity and fraud detection firm that analyzed the apps and websites at BuzzFeed News’ request.

This means a significant portion of the millions of Android phone owners who downloaded these apps were secretly tracked as they scrolled and clicked inside the application. By copying actual user behavior in the apps, the fraudsters were able to generate fake traffic that bypassed major fraud detection systems. [...]

In total, the apps identified by BuzzFeed News have been installed on Android phones more than 115 million times, according to data from analytics service AppBrain. Most are games, but others include a flashlight app, a selfie app, and a healthy eating app. One app connected to the scheme, EverythingMe, has been installed more than 20 million times.

These criminals raked in tens of millions of dollars, maybe hundreds of millions, including millions from Google’s own ad network.

The bottom line: if the metric used for charging for advertising can be faked, it will be faked. Ad tracking is both an invasion of privacy and an open invitation to fraud.

Google Pixel 3 and ‘Fast’ Inductive Charging 

Ron Amadeo, writing at Ars Technica:

For some unexplained reason, Google is locking out third-party Qi chargers from reaching the highest charging speeds on the Pixel 3. Third-party chargers are capped to a pokey 5W charging speed. If you want 10 watts of wireless charging, Google hopes you will invest in its outrageously priced Pixel Stand, which is $79. [...]

Regular 10W wireless chargers can be had for around $15-$25, so Google’s $79 Pixel Stand comes at a hefty markup. Qi is a standard, and a phone should strive to work with every charger. The Qi standard goes up to 15W, so there doesn’t seem to be any reason for Google’s 5W limit.

Amadeo’s take captures the consensus reaction to this news — that it’s a money grab on Google’s part, trying to get Pixel 3 owners to buy Google’s own proprietary charging stand. Maybe that’s true. But it may not be true. This idea that Google should have supported the Qi standard for higher charging speeds is based on the assumption that the Qi standard is technically good. I don’t think that’s a safe assumption at all.

A money grab for $79 charging stands doesn’t sound like Google at all to me. I think it’s more likely that Google went with a proprietary technology for higher charging speeds because their proprietary technology works better than whatever the Qi standard specifies for 10W charging. Keep in mind too that they’ve surely been working on the Pixel 3 hardware for years.

I could be wrong. But it seems far more likely to me, and more in character for Google, that they’re not sticking with the Qi standard simply because the standard isn’t good enough — or wasn’t good enough two years ago when they were making engineering decisions for the Pixel 3. Here’s the thing about industry standards like Qi: they usually suck.

Qi not being good enough is exactly why Apple’s mythical AirPower charging pad was touted as supporting a basic level of the Qi standard, but adding a lot of proprietary features on top.

‘What the Hell Happened to Darius Miles?’ 

Darius Miles on going straight from high school to the L.A. Clippers in 2000. Remarkably compelling read, capturing both the joy and the tragedy of his life. Trust me, even if you’re not into sports, you want to read this.

iPhone Type R 

Engadget’s Chris Velazco got to sit down with Phil Schiller to talk about the iPhone XR:

To add to the curiosity of it all, the R doesn’t mean much either. Phil Schiller, gingerly gripping a cup of coffee across from me, said the letters Apple uses never stand for something specific. But then his voice softened a little as he started to tell me about what the letters mean to him.

“I love cars and things that go fast, and R and S are both letters used to denote sport cars that are really extra special,” he said with a smile.

It just isn’t worth worrying whether the “R” (or “S” for that matter) stands for anything in particular. R sounds cool and is one click “less than” S.


My thanks to Flow for sponsoring Daring Fireball last week. Flow is a professional UI animation tool that lets you design in Sketch and export your animations to production-ready code (iOS or HTML).

Flow offers a new class of motion design for anyone with a creative flair and a taste for building beautiful products and writing great software. Don’t just hand your developers static screenshots — send them animations and working code. It’s a powerful tool for crafting your vision and exporting high-quality layout and animation code.

They have a bunch of tutorials to get you started, and a fun introductory video on their homepage. Give Flow a shot with a 30-day free trial.

‘Your Move, Bloomberg’ 

Washington Post media critic Erik Wemple:

Sources tell the Erik Wemple Blog that the New York Times, the Wall Street Journal and The Post have each sunk resources into confirming the story, only to come up empty-handed. [...]

The best journalism lends itself to reverse engineering. Though no news organization may ever match the recent New York Times investigation of Trump family finances, for instance, the newspaper published documents, cited sources and described entities with a public footprint. “Fear,” the recent book on the dysfunction of the Trump White House, starts with the story of a top official removing a trade document from the president’s desk, an account supported by an image of the purloined paper.

Bloomberg, on the other hand, gives readers virtually no road map for reproducing its scoop, which helps to explain why competitors have whiffed in their efforts to corroborate it. The relentlessness of the denials and doubts from companies and government officials obligate Bloomberg to add the sort of proof that will make believers of its skeptics. Assign more reporters to the story, re-interview sources, ask for photos and emails. Should it fail in this effort, it’ll need to retract the entire thing.

The Verge: ‘How China Rips Off the iPhone and Reinvents Android’ 

I just loved this deep dive into Chinese phone makers’ custom Android-based OSes by Sam Byford:

Many experienced Android users in the West who try out Chinese phones, including reviewers here at The Verge, often find themselves unable to get over an immediate stumbling block: the software. For the unfamiliar, Chinese phone software can be garish, heavy-handed, and quite unlike anything installed on phones that are popular outside of Asia. If there’s anything that’s going to turn you off the brand-new Huawei Mate 20 Pro, for example — unsubstantiated Cold War-esque paranoia aside — it’s likely to be the software.

But for the last year-plus, I’ve used almost every major Chinese phone extensively, traveled to the country several times, and met with dozens of people at its biggest phone manufacturers. This experience hasn’t altogether stopped me from feeling that most Chinese phone companies have a long way to go in many areas of software development. No one has a great answer for why everyone copies the iPhone camera app so embarrassingly. But I have learned a lot about the design principles behind many of these phones, and — as you ought to expect — there does tend to be a method behind what some may assume to be madness.

Byford makes a compelling case that these Android derivatives — Xiaomi’s MIUI, Vivo’s Funtouch OS (real name, I swear), Oppo’s ColorOS, and Huawei’s EMUI, just to name some of them — are best thought of as Android-based OSes, not mere “skins” atop Google’s canonical Android. There really is no canonical Android anymore, because the OS Google ships on its Pixels isn’t available to other handset makers.

And these Chinese companies all rip off iOS with absolutely no shame:

As for the camera apps, it’s really incredible how similar the vast majority are — both to each other and to Apple. Judging by the accuracy and specificity of the rip-offs, the camera app from iOS 7 has a serious claim to being one of the most influential software designs of the past decade. Just look at the picture above. Xiaomi wins an extremely low number of points for putting the modes in a lowercase blue font. But otherwise, only Huawei has succeeded in creating a genuinely new camera app design, which happens to be very good. I consider it penance for the company’s egregious and barely functional rip-off of the iOS share sheet.

Oculus Co-Founder Brendan Iribe Departs Facebook 

Jamie Feltham,

Oculus co-founder Brendan Iribe, the company’s first and only CEO, is parting ways with parent company Facebook.

In a post on Facebook Iribe noted he would be taking his “first real break” in over 20 years, though didn’t provide a reason for his departure.

I wonder how long John Carmack will last?

Update: John Carmack:

I do intend to stay at Facebook past the launch of Oculus Quest.

The Quest is a $399 standalone (no PC or phone required) VR headset slated for Spring 2019.

AWS CEO Andy Jassy: ‘Bloomberg Should Retract’ 

Amazon Web Services CEO Andy Jassy on Twitter:

@tim_cook is right. Bloomberg story is wrong about Amazon, too. They offered no proof, story kept changing, and showed no interest in our answers unless we could validate their theories. Reporters got played or took liberties. Bloomberg should retract.

If you want a taste of Bloomberg’s attitude toward Apple’s and Amazon’s protestations, check out this video from Bloomberg TV from the day after the story was originally published. Jordan Robertson, co-author of the story, says this:

In addition, there is no consumer data that is alleged to have been stolen. This attack was about long term access to sensitive networks. So by that logic, companies are not required to disclose this information, so there’s no advantage for these companies in confirming this reporting.

This shows their dismissive attitude toward Amazon’s and Apple’s strenuous, unambiguous denials. Rather than give them pause, they blew it off.

I would argue that Amazon and Apple have a tremendous amount to lose — their credibility. If they wanted to hide something, whether for publicity or national security reasons (or both), the way to do it without risking their credibility is not to comment at all. Both Amazon and Apple have instead vigorously denied the veracity of this story.

‘Transgender’ Could Be Defined Out of Existence Under Trump Administration 

Erica L. Green, Katie Benner, and Robert Pear:

The Trump administration is considering narrowly defining gender as a biological, immutable condition determined by genitalia at birth, the most drastic move yet in a governmentwide effort to roll back recognition and protections of transgender people under federal civil rights law.

Needlessly cruel, and out of touch with demographic trends. This might play with Trump’s base today, but with these retrograde policies, the Republican Party is digging itself into a deep hole they’ll likely never climb out of as younger generations take over the U.S. electorate. Among kids today, support for transgender people — not just legally but socially — is a bedrock. Outright hateful policies will neither be forgotten nor forgiven.

‘How to Vote’ 

Demi Adejuyigbe with a short lesson on how to democracy.

Jony Ive on the Apple Watch and Big Tech’s Responsibilities 

Nice little interview with Ive by Nicholas Foulkes for The Financial Times:

“I think we have been lulled into this sense that people will accept new products and services very quickly, and I don’t believe that’s true at all,” he says. “Very often, so much of what a product ends up being able to do isn’t what you initially thought. If you’re creating something new, it is inevitable there will be consequences that were not foreseen — some that will be great, and then there are those that aren’t as positive. There is a responsibility to try and predict as many of the consequences as possible and I think you have a moral responsibility to try to understand, try to mitigate those that you didn’t predict.”

“If you genuinely have a concern for humanity, you will be preoccupied with trying to understand the implications, the consequences of creating something that hasn’t existed before. I think it’s part of the culture at Apple to believe that there is a responsibility that doesn’t end when you ship a product.” As he speaks, his face rearranges itself into a troubled frown. “It keeps me awake.”

If you can’t get past the FT’s paywall, going through a Google search might help.

Apple CEO Tim Cook Is Calling for Bloomberg to Retract Its Chinese Spy Chip Story 

John Paczkowski and Joseph Bernstein, reporting for BuzzFeed News:

“There is no truth in their story about Apple,” Cook told BuzzFeed News in a phone interview.

This is an extraordinary statement from Cook and Apple. The company has never previously publicly (though it may have done so privately) called for the retraction of a news story — even in cases where the stories have had major errors, or were demonstrably false, such as a This American Life episode that was shown to be fabricated.

Reached for comment, Bloomberg reiterated its previous defense of the story. “Bloomberg Businessweek’s investigation is the result of more than a year of reporting, during which we conducted more than 100 interviews,” a spokesperson told BuzzFeed News in response to a series of questions. “Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks. We also published three companies’ full statements, as well as a statement from China’s Ministry of Foreign Affairs. We stand by our story and are confident in our reporting and sources.”

I’m calling it now. Bloomberg is fucked on this story. The longer they drag this out before a full retraction, the more damage they’re taking to their long-term credibility. Read their statement closely — they’re not saying their story is true or that Apple and Tim Cook are wrong. All they say is they spent a year on the story and spoke to 17 sources multiple times.

And the bottom half of BuzzFeed’s story is even more damning than the top — no one in the security community has been able to verify anything in Bloomberg’s story. Anything at all. And no other news publication has backed the story. Bloomberg is all alone on this.

Landscapes of Ladakh, India 

Gorgeous photos from Om Malik, all shot on an iPhone XS Max.

Apple Announces October 30 Event 

Presumably to announce all-new iPad Pro models, and, I hope, new MacBooks. (I don’t want to jinx anything by even mentioning new Mac Minis outside a parenthetical.) The event is being held on the east coast, at the Brooklyn Academy of Music’s 2,100-seat Howard Gilman Opera House.

Apple often holds private press briefings in New York, including an iPhone XR preview for YouTube creators yesterday. But the only media event I can recall in New York was their education-focused event in January 2012 at the Guggenheim. Unless I’m overlooking something, Apple has not introduced new hardware products at an event in New York since the days of Macworld Expo. 1999, maybe, when they introduced the first iBook and AirPort base station and Phil Schiller performed a genuinely impressive stunt on stage.

Q4 Daring Fireball Sponsorships 

The schedule is mostly open for DF sponsorships through the end of the year. If you’ve got a product or service you want to promote to DF’s savvy audience, get in touch. Weekly sponsorships now include both a sponsored post in the DF RSS feed at the start of the week and the display ad you see over there in the sidebar. Sponsors have been reporting great results from this combination.

Special: The sponsorship for this current week remains open. Act quickly and you can scoop it up at a discount.

Also, The Talk Show is largely sold out through the end of the year, but does have a few openings remaining. I think the show is a great opportunity for smaller indie companies — hardware or software. Get in touch with for details, or with me directly if you want to work out a deal for a combination of a weekly sponsorship and a podcast spot.

Lawsuit Claims Facebook Inflated Ad Metrics Up to 900 Percent 

Ethan Baron:

Not only did Facebook inflate ad-watching metrics by up to 900 percent, it knew for more than a year that its average-viewership estimates were wrong and kept quiet about it, a new legal filing claims.

A group of small advertisers suing the Menlo Park social media titan alleged in the filing that Facebook “induced” advertisers to buy video ads on its platform because advertisers believed Facebook users were watching video ads for longer than they actually were.

That “unethical, unscrupulous” behavior by Facebook constituted fraud because it was “likely to deceive” advertisers, the filing alleged.

If true, Facebook’s big “pivot” to video was really a scam. Again, Facebook is looking more and more like a criminal enterprise. A Silicon Valley racket.

The Talk Show: ‘It’s a Deep Notch’ 

Dan Frommer returns to the show. Topics include Apple Watch Series 4 and the notion of third-party watch faces, Google’s Pixel 3 phones and Pixel Slate two-in-one tablet/notebook, and Bloomberg’s disputed “The Big Hack” story.

Brought to you by these fine sponsors:

  • Casper: Save $50 on select mattresses with code talkshow.
  • Squarespace: Make your next move. Check out with code talkshow for 10% off your first order.
  • Tres Pontas: Freshly-roasted coffee from a single farm in Brazil, shipped directly to you. Use code thetalkshow at checkout and save an extra 10% on any subscription.
Google Will Start Charging Android Device Makers a Fee for Using Its Apps in Europe 

Jacob Kastrenakes and Nilay Patel, writing for The Verge:

There is one other key change happening here. In the past, Google required that companies building phones or tablets that included the Play Store only build phones and tablets that included the Play Store — they couldn’t make some other Android device that dropped the Play Store in favor of something else. Now, that’ll be allowed. So if Samsung wanted to ship a Galaxy phone that only included the Galaxy Apps store, it could now do that in Europe.

This seems like the real news here, not the licensing fees.

Every Article About Huawei Phones Should Mention Their Egregious Design Rip-Offs 

Three cameras, a big screen, blah blah blah. What I don’t get is why every single article about Huawei phones doesn’t mention their egregious design rip-offs. Right on their default home screen, they flat out copied the icons for Music and Health from Apple. Their “live photo” icon in their camera app is ripped-off from Apple, and on and on.

This cavalier attitude toward design rip-offs might fly in China, but it shouldn’t fly here in the West, and Huawei should be called out for it in every single article until they stop doing it.

A Google Pixel 3 Review in the Age of Incremental Updates and Unrelenting Trauma 

I just loved Mat Honan’s Pixel 3 review — it’s half review of this particular phone, and half condemnation of the outsized role phones play in our lives today.

Facebook Will Use Data Collected From Its Portal in-Home Video Device to Target You With Ads 

Kurt Wagner, writing for Recode:

Last Monday, we wrote: “No data collected through Portal — even call log data or app usage data, like the fact that you listened to Spotify — will be used to target users with ads on Facebook.”

We wrote that because that’s what we were told by Facebook executives.

But Facebook has since reached out to change its answer: Portal doesn’t have ads, but data about who you call and data about which apps you use on Portal can be used to target you with ads on other Facebook-owned properties.

If you trust Facebook with a camera and microphone in your house, I’d love to have you at my table in a poker game.

Apple Fixes Bagel Emoji 

The original really is a crummy-looking bagel. I’m an everything bagel man, myself, but I can accept this plain one for the emoji.

The Magic Leap Con 

Brian Merchant, reporting from Magic Leap’s developer conference for Gizmodo:

You know that weird sensation when it feels like everyone around you is participating in some mild mass hallucination, and you missed the dosing? The old ‘what am I possibly missing here’ phenomenon? That’s how I felt at LEAP a lot of the time, amidst crowds of people dropping buzzwords and acronym soup at light speed, and then again while I was reading reviews of the device afterwards — somehow, despite years of failing to deliver anything of substance, lots of the press is still in Leap’s thrall. [...]

“This is more like the Apple Newton than the Apple iPhone,” one venture capitalist told me. It’s something that I thought about a lot as I moved from demo to demo, listened to keynotes, and sat in on developer meetings. Magic Leap has spent over half a decade and quite actually billions of dollars, and has not yet come up with something particularly compelling to do with its allegedly world-transforming computing system, besides shoot robots in the face.

I’d say this is unfair to the Newton. The Newton was a complete system. It worked, and it was good. Its experience was a cohesive whole. Its problem was that it was ahead of its time — we now know mobile devices need ubiquitous wireless networking, and when the Newton debuted, we didn’t even have Wi-Fi, let alone cellular data. Magic Leap isn’t even a cohesive whole.

Anyway, great piece by Merchant.

Paul Allen, Microsoft Co-Founder and Seahawks Owner, Dies at 65 

Rachel Lerman, reporting for The Seattle Times:

Paul Allen, the co-founder of Microsoft and a prominent leader of both business and philanthropy in the Seattle area, has died at age 65 from complications of non-Hodgkin lymphoma.

Allen died Monday afternoon, according to his multifaceted holding company Vulcan Inc., just two weeks after announcing he had restarted treatment for the cancer that he was first treated for in 2009.

Allen co-founded Redmond tech giant Microsoft with childhood friend Bill Gates. After leaving the company, he turned his focus to a wide range of other business and scientific pursuits, which including founding the Allen Institute for Brain Science, and the real estate arm of Vulcan, which went on to build much of Amazon’s campus.

See also: Statement from Vulcan on behalf of the company and Allen’s family.

Morgan Knutson on Working as a Designer on the Google Plus Team 

Morgan Knutson on Twitter:

Now that Google+ has been shuttered, I should air my dirty laundry on how awful the project and exec team was.

I’m still pissed about the bait and switch they pulled by telling me I’d be working on Chrome, then putting me on this god forsaken piece of shit on day one.

Air some dirty laundry indeed. This whole thread is kind of nuts — you just don’t see former employees expose dysfunctional workplaces like this very often. Here’s a real eye-opener — teams across Google were effectively bribed to integrate Google Plus, regardless if such integration made sense for their products:

If your team, say on Gmail or Android, was to integrate Google+’s features then your team would be awarded a 1.5-3× multiplier on top of your yearly bonus. Your bonus was already something like 15% of your salary.

You read that correctly. A fuck ton of money to ruin the product you were building with bloated garbage that no one wanted. No one really liked this. People drank the kool-aid though, but mostly because it was green and made of paper.

Adobe Previews Photoshop for iPad 

Dami Lee, writing for the The Verge:

Adobe really wants you to know that the upcoming Photoshop CC for the iPad, which was announced today and is set to be released sometime in 2019, is “real Photoshop.”

The phrase “real Photoshop” came up several times during my week-long preview of an early version of the software giant’s long-awaited app. The underlying code is the same as desktop Photoshop, and although the interface has been rethought for the iPad, the same core tools line the edges of the screen.

The “touch modifier” button is a great idea. It’s a button in the corner that you can press and hold to toggle the current tool. E.g. if you’re using a paintbrush, you can press the touch modifier button to turn it into the eraser. Let go of the button and your tool is back to the paintbrush.

The video here is more interesting than the article — a bunch of artists from The Verge give their thoughts on using this for their work.

The New Palm Is a Tiny Phone to Keep You Away From Your Phone 

Dieter Bohn, writing at The Verge:

That’s the idea behind the new Palm phone. It’s a sidecar for your phone. You should almost think of it more as a thing to get instead of a connected smartwatch than as a second phone. In fact, thinking of it as a smartwatch is a good move since that’s precisely how Verizon (and only Verizon) is selling it: as an add-on for existing plans. You can’t just go buy the thing on its own or unlocked as your primary phone.

It’s cute, and I’m glad to see someone working on smaller phones, but a secondary phone seems like something no one wants. I wish they would have tried making a phone this small that could be your primary phone.

If you want to put your phone away at night and on weekends but still stay connected, get an Apple Watch.


My thanks to Hyper for sponsoring Daring Fireball this week to promote HyperJuice, their airline-safe 27,000 mAh battery pack with dual USB-C ports (100W and 60W) and one 18W USB-A port. All three ports can be used at once, so you can charge a 15-inch MacBook Pro, a smaller MacBook or iPad Pro, and an iPhone all once, all at high speeds.

Using the 100W USB-C input, you can recharge HyperJuice from empty to full in about one hour using a MacBook Pro’s charger. HyperJuice weighs only 550 grams and can fit in the palm of your hand. It’s a lot of power in a small package.

It’s a Kickstarter project that has already been funded (many times over). The campaign ends on Monday so act quickly — right now you can order HyperJuice for up to 50 percent off the expected retail price. Over 5,700 backers have already pledged over $1 million to get HyperJuice at these discounted prices.

Latest Revision to ARM Instruction Set Includes Optimizations Just for JavaScript 

Greg Parker:

More precisely: ARMv8.3 adds a new float-to-int instruction with errors and out-of-range values handled the way that JavaScript wants. The previous [instructions] to get JavaScript’s semantics were much slower. JavaScript’s numbers are double by default so it needs this conversion a lot.

Back when the iPhone XS first shipped, people noticed that it performed seemingly impossibly well on JavaScript benchmarks. E.g., David Heinemeier Hansson:

The iPhone XS is faster than an iMac Pro on the Speedometer 2.0 JavaScript benchmark. It’s the fastest device I’ve ever tested. Insane 45% jump over the iPhone 8/X chip. How does Apple do it?!

Apple touts the new A12 as “only” 15 percent faster than the A11 at CPU tasks, and JavaScript is mostly (entirely?) CPU-bound. These new instructions make that big a difference. The iMac Pro is a professional desktop and it’s getting beaten by a phone. [Update: Turns out JavaScriptCore (Safari’s JavaScript engine) doesn’t use this new instruction yet — it should make things even faster once it does but the A12 chip is getting these benchmark scores without this new instruction’s help.]

Everyone can enjoy the fact that ARMv8.3 makes JavaScript faster. Comp sci nerds can further enjoy the fact that we now have CPUs being optimized for a specific weird programming language and not the other way around.

The Pixel 3: Everything You Need to Know About Google’s New Phone 

I watched the Made by Google keynote video, and was in New York yesterday for some hands-on time with their new products. Nicole Nguyen’s summary of the Pixel 3 is the best I’ve seen — really does capture just about everything you should know about it. She’s got a video of the new Call Screening feature in action — man oh man, do I want that feature on iOS. (I got to see a live demo as well.)

DuckDuckGo Search Growth 

DuckDuckGo, on Twitter:

DuckDuckGo fun fact: it took us seven years to reach 10 million private searches in one day, then another two years to hit 20 million, and now less than a year later we’re at 30 million!

What a great little upstart DuckDuckGo is. I’ve been using DuckDuckGo as my primary web search engine for years now, and it keeps getting better.

Twitter Makes Moments Creation a Desktop Exclusive 

Chance Miller, writing for 9to5Google:

Twitter has announced today that it is removing the ability to create Twitter Moments from its iOS and Android applications. The company says that making Moments will still be possible from the desktop web version of Twitter, while you’ll also still be able to view Moments from iOS and Android.

In a series of tweets this afternoon, Twitter explained that when features aren’t used very often, it removes them in an effort to focus on building other features. In this instance, support for creating Twitter Moments through the iOS and Android applications has been around since 2016, so it’s certainly noticeable to see Twitter pulling the plug on the capability.

If Moments isn’t getting enough use, sure, kill the feature. But kill it everywhere. It makes no sense to keep it but make it desktop-only. Mobile is where people use Twitter most.

Wi-Fi Switches From Obscure Protocol Names to Simple Generation Numbers 

Glenn Fleishman — who knows more about Wi-Fi than anyone I know — explains the whole “Wi-Fi 6” thing:

The Wi-Fi Alliance’s new numbering system focuses on generations of speed improvements but looks back only to 802.11n, which is a decade old. Given that 802.11a and 802.11b were approved at the same time, implicitly calling them Wi-Fi 1 and Wi-Fi 2, and extending Wi-Fi 3 to 802.11g, isn’t quite right. But we anticipate people will do it anyway.

Simplifying device compatibility through better naming seems like a clever idea that’s long overdue, and one that should help people who have no interest in technical standards arcana. The next time someone asks me what Wi-Fi router they should buy, I look forward to saying, “Wi-Fi 6. Look for it on the box.”

Not Voting Doubles the Value of Someone Else’s Vote 

David Foster Wallace, back in 2000:

If you are bored and disgusted by politics and don’t bother to vote, you are in effect voting for the entrenched Establishments of the two major parties, who please rest assured are not dumb, and who are keenly aware that it is in their interests to keep you disgusted and bored and cynical and to give you every possible psychological reason to stay at home doing one-hitters and watching MTV on primary day. By all means stay home if you want, but don’t bullshit yourself that you’re not voting. In reality, there is no such thing as not voting: you either vote by voting, or you vote by staying home and tacitly doubling the value of some Diehard’s vote.

Jason Kottke:

Please check your registration status and register to vote… it takes two minutes. Voter registration deadlines are fast approaching in many US states — there are deadlines tomorrow in Arizona, Arkansas, Florida, Georgia, Indiana, Kentucky, Louisiana, Michigan, Mississippi, New Mexico, Ohio, Pennsylvania, Tennessee, and Texas.

Kottke wrote that yesterday, so those registration deadlines are today. I don’t care who you want to vote for, I implore you to register and vote. And if you think you are registered, double-check. It really does just take a minute.

Named Source in ‘The Big Hack’ Has Doubts About the Story 

Hardware security researcher Joe Fitzpatrick was one of the very few named sources in Bloomberg’s blockbuster “The Big Hack” story. He provided only background information on the potential of hardware exploits in general — he claimed no knowledge of this specific case. On Patrick Gray’s Risky Business (great name) podcast, he expresses serious unease with the story Bloomberg published. The whole episode is worth a listen, but here’s partial transcript:

Fitzpatrick: But what really struck me is that like all the details that were even remotely technical, seemed like they had been lifted from from the conversations I had about theoretically how hardware implants work and how the devices I was making to show off at Black Hat two years ago worked.

Gray: So I guess what you are saying here is, the report, I mean all of the technical details of the report, you’d covered that ground with that reporter.

Fitzpatrick: Yeah, I had conversations about all the technical details and various contexts. But there are a lot of filters that happen, you know? When I explain hardware things even to software people, I don’t expect people to get it the first time and I don’t expect people to be able to describe it accurately all the time. So there is definitely a lot of telephone exchange happening

Gray: OK but why did that make you feel uneasy? Could it be the case that you know that the technical things you told him lined up perfectly with the technical things that some of these 17 of the anonymous sources told him?

Fitzpatrick: You know, I’m just Joe. I do this stuff solo. I am building hardware implants for phones to show off at conferences. I’m not a pro at building hardware implants. I don’t work for any nation or any state building and shipping these as products. I feel like I have a good grasp at what’s possible and what’s available and how to do it just from my practice. But it was surprising to me that in a scenario where I would describe these things and then he would go and confirm these and 100 percent of what I described was confirmed by sources.

Gray: And that’s what he was telling you through this process?

Fitzpatrick: That’s what I read in the article.

Gray: OK, right. You find that a bit strange? That every single thing you seem to tell him, or a large proportion of what you told him, was then confirmed by his other sources.

Fitzpatrick: Yeah, basically. Either I have excellent foresight or something else is going on.

I’m going to go with “something else is going on”.

‘Facebook Unveils the Portal, a Video Chat Camera for the People Who Still Trust Facebook’ 

Geoffrey Fowler, writing for The Washington Post:

The Portal is a sleek new video camera and screen that makes chats with family and friends look great.

It has just one problem: It was made by Mark Zuckerberg.

On Monday, Facebook unveiled the $200 Portal, the first-ever consumer hardware from the world’s largest social network. The toaster-size gadget, along with a larger $350 version called Portal+, is a cross between a smart speaker, video camera and digital photo frame. But at a time when CEO Zuckerberg’s privacy and security decisions are a matter of congressional inquiry, how many people will trust one in their living room?

Say what you want about putting any of these always-on listening devices in your home, anyone who buys one of these — which doesn’t just listen but has a camera too — is nuts. Is there any company you’d trust less than Facebook with this?

Rich Mogull on How the Apple Watch Series 4 Will and Won’t Save Lives 

Rich Mogull — a trained paramedic, in addition to being a terrific information security expert — writing at TidBITS:

Even if the Apple Watch Series 4’s health-monitoring features are imperfect, even if they detect only a subset of issues and incidents, wearing one will allow some people to live longer and healthier lives.

Now that Apple has put its stake in the ground, I expect a few advancements moving forward.

It sounds corny to say that a new digital watch is going to save lives, but I think it’s undeniably true here. Dozens, hundreds, thousands? I don’t know the number. But some number of people are going to get help for heart problems who otherwise would not have, and another number of people are going to get EMS help after a bad fall who otherwise would not have.

After thinking about it for a few weeks, though, my thoughts turn to the long run, not the near future. This is clearly just a first step. 80 years ago, a family in the U.S. likely had one audio system — a big cabinet-sized AM radio in their living room. How many “audio” devices does a typical family own today? Dozens, and they’re with us all day every day in the form of phones and headphones. In a few decades, we’re all going to be monitored by connected devices all day every day. I think it’s likely such devices will be able to identify things like heart attacks and strokes before they happen. Apple Watch is the first serious step in that direction.

Apple Tells Congress It Found No Signs of Hacking Attack 


Apple Vice President for Information Security George Stathakopoulos wrote in a letter to the Senate and House commerce committees that the company had repeatedly investigated and found no evidence for the main points in a Bloomberg Businessweek article published on Thursday, including that chips inside servers sold to Apple by Super Micro Computer Inc (SMCI.PK) allowed for backdoor transmissions to China.

“Apple’s proprietary security tools are continuously scanning for precisely this kind of outbound traffic, as it indicates the existence of malware or other malicious activity. Nothing was ever found,” he wrote in the letter provided to Reuters.

Update: Here’s the entire letter.

Statement From DHS Press Secretary on Recent Media Reports of Potential Supply Chain Compromise 

Official statement from DHS:

The Department of Homeland Security is aware of the media reports of a technology supply chain compromise. Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story. Information and communications technology supply chain security is core to DHS’s cybersecurity mission and we are committed to the security and integrity of the technology on which Americans and others around the world increasingly rely. Just this month — National Cybersecurity Awareness Month — we launched several government-industry initiatives to develop near- and long-term solutions to manage risk posed by the complex challenges of increasingly global supply chains. These initiatives will build on existing partnerships with a wide range of technology companies to strengthen our nation’s collective cybersecurity and risk management efforts.

For me, having the current U.S. government weighing in publicly on this issue does not fill me with any sense of confidence or reassurance on either side of this story.

But, still: Bloomberg’s Big Hack story should eventually be fully-corroborated, if true. According to their report, there are thousands of compromised servers out there. If there are, security experts will eventually identify these rogue chips and document them.

And whatever you think of a statement from DHS, from what I’ve heard, this is only beginning. Apple is not letting this go.


My thanks to Skillshare for sponsoring this week’s DF RSS feed. With over 4 million members and more than 20,000 classes, Skillshare is basically Netflix for online learning. Interested in web development or data science? How about UX design or SEO? Mobile photography, filmmaking, creative writing, even coffee brewing? Skillshare truly has it all.

And it’s all professionally produced — well-shot, well-edited, high-quality audio. The production quality is just so much better than what you expect from online video. I’ll repeat a personal recommendation: “Logo Design With Aaron Draplin”. Yeah, that Aaron Draplin — cofounder of Field Notes and designer/raconteur extraordinaire. He’s one of my favorite designers in the world, a generous teacher, and fantastically compelling on camera. Get the free demo and watch Draplin’s course. (Draplin has a bunch of great courses on Skillshare already.)

And for this week only, Skillshare is offering the first 1,000 Daring Fireball readers two free months of Skillshare Premium.

Banksy Painting Self-Destructs After Fetching $1.4 Million at Sotheby’s 

Simply brilliant.

Buzzfeed: ‘Apple Insiders Say Nobody Internally Knows What’s Going on With Bloomberg’s China Hack Story’ 

John Paczkowski and Charlie Warzel, reporting for BuzzFeed:

“We tried to figure out if there was anything, anything, that transpired that’s even remotely close to this,” a senior Apple security executive told BuzzFeed News. “We found nothing.”

A senior security engineer directly involved in Apple’s internal investigation described it as “endoscopic”, noting they had never seen a chip like the one described in the story, let alone found one. “I don’t know if something like this even exists”, this person said, noting that Apple was not provided with a malicious chip or motherboard to examine. “We were given nothing. No hardware. No chips. No emails.”

Equally puzzling to Apple execs is the assertion that it was party to an FBI investigation — Bloomberg wrote that Apple “reported the incident to the FBI.” A senior Apple legal official told BuzzFeed News the company had not contacted the FBI, nor had it been contacted by the FBI, the CIA, the NSA or any government agency in regards to the incidents described in the Bloomberg report. This person’s purview and responsibilities are of such a high level that it’s unlikely they would not have been aware of government outreach.

This is an extraordinary stalemate. There’s no equivocation in Apple’s response, but Bloomberg stands by their story. Keep in mind, Bloomberg isn’t some fringe publication — they’re a very well-respected news organization with a lot at stake here. They’ve published some dubious stuff about Apple in the past — this piece last year claiming Apple “let suppliers reduce accuracy of the phone’s Face ID system to speed up production” comes to mind — but that’s just gossip. This “Big Hack” story isn’t gossip; it’s as serious as it gets. But Apple, officially, and now from multiple unnamed senior executives and engineers in this BuzzFeed story, are saying flat out that at least as pertains to them, it did not happen. (Keep in mind too that every single source in Bloomberg’s story was unnamed.)

Customizing the Infograph Face on Apple Watch Series 4 

Zac Hall, writing at 9to5Mac:

Infograph can show up to eight complications, but that doesn’t mean it must — even if the default version is fully loaded. For me, stripping Infograph down to just the clock is a great starting place.

This requires a lot of Digital Crown scrolling on the Apple Watch to set each complication slot to empty and may be faster on the Watch app for iPhone. The end result is a simple and attractive clock without all of the noise of complications recommended for you.

I love this advice — strip it down to nothing and start adding complications. Hall has some great tips on third-party corner complications for Infograph. (You wouldn’t think I’d need to worry about humidity in Philadelphia in October, but it’s been muggy as hell all this week.)

Apple Newsroom: ‘What Businessweek Got Wrong About Apple’ 

Apple Newsroom has just published an even stronger denial of Bloomberg Businessweek’s “The Big Hack” story:

Apple has always believed in being transparent about the ways we handle and protect data. If there were ever such an event as Bloomberg News has claimed, we would be forthcoming about it and we would work closely with law enforcement. Apple engineers conduct regular and rigorous security screenings to ensure that our systems are safe. We know that security is an endless race and that’s why we constantly fortify our systems against increasingly sophisticated hackers and cybercriminals who want to steal our data. [...]

Finally, in response to questions we have received from other news organizations since Businessweek published its story, we are not under any kind of gag order or other confidentiality obligations.

They’re defending both the security of their data center servers and the integrity of their public statements.

In my earlier piece on this story, I forgot to mention one particularly odd tidbit in Bloomberg’s reporting. Bloomberg wrote (italics added):

Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons. [...] Apple made its discovery of suspicious chips inside Supermicro servers around May 2015, after detecting odd network activity and firmware problems, according to a person familiar with the timeline. Two of the senior Apple insiders say the company reported the incident to the FBI but kept details about what it had detected tightly held, even internally.

What sense does it make that Apple discovered a profound security problem in Super Micro motherboards in May 2015, so serious that the company reported it to the FBI, but then didn’t sever ties with Supermicro until at least eight months later? That timeline makes no sense.

Also, what exactly is a “senior insider”? I’ve never seen that phrase before. An odd attribution. This Google search only finds four hits in Bloomberg’s archive — once in 1996, once in 1998, once in January 2018, and this story today. (And Google finds no hits at all for the phrase in their archive of

LG’s New Watch Has Mechanical Hands That Cover the Display 

You can push a button to make the hands go horizontal. It looks like a swimmer doing the butterfly stroke. You have to see the video to believe it. Good lord. Of all the days for me to post about small issues with Apple Watch face design.

Jason Snell: ‘Why Are Apple Watch Faces Such a Mess?’ 

Jason Snell, writing at Macworld:

It takes time to get a new operating system up and running. With watchOS 5, it feels like Apple has finally addressed most of the rough edges. Apps are more powerful; devices are more capable of acting on their own without the aid of an iPhone. I can understand why other features trumped the prioritization of watch faces, but it’s time. Apple needs to really revisit how it approaches watch faces.

Since the day the Apple Watch was announced, developers have clamored for the opportunity to design custom watch faces. That may never happen — there are plenty of reasons for Apple to consider the face designs sacred and something the company must control itself. But if Apple insists on having a monopoly on face design, it’s incumbent on the company to be a better steward of those faces.

I’ve been splitting my Apple Watch time the last week or so between my Series 4 review unit and my personal Series 3, upgraded to WatchOS 5. I’m more convinced than ever that what I wrote in my Series 4 review is true: the new Series 4 faces only look exactly right on the Series 4 watch, and the old watch faces only look exactly right on the older watches. And nothing brings these issues to light better than the complication situation.

I won’t say any of the faces look bad on any of the watches. Just that they don’t look exactly right — the difference between an expertly tailored jacket and one that comes off the rack. When it comes to watch faces, “good” isn’t good enough. Every element on a watch face ought to be perfect.

Lego Scale Model of Apple Park 

Insanely detailed model by Spencer Rezkalla.

Wi-Fi Now Has Version Numbers, and Wi-Fi 6 Comes Out Next Year 

Jacob Kastrenakes, writing for The Verge:

In the past, Wi-Fi versions were identified by a letter or a pair of letters that referred to a wireless standard. The current version is 802.11ac, but before that, we had 802.11n, 802.11g, 802.11a, and 802.11b. It was not comprehensible, so the Wi-Fi Alliance — the group that stewards the implementation of Wi-Fi — is changing it.

All of those convoluted codenames are being changed. So instead of the current Wi-Fi being called 802.11ac, it’ll be called Wi-Fi 5 (because it’s the fifth version). It’ll probably make more sense this way, starting with the first version of Wi-Fi, 802.11b:

  • Wi-Fi 1: 802.11b (1999)
  • Wi-Fi 2: 802.11a (1999)
  • Wi-Fi 3: 802.11g (2003)
  • Wi-Fi 4: 802.11n (2009)
  • Wi-Fi 5: 802.11ac (2014)

What a great change — I love it. Not only were those letters inscrutable, they didn’t even go in alphabetical order.

Nooses, Rotting Teeth, and Neglect: Inspectors Find Dismal Conditions at For-Profit California Immigration Jail 

Nick Miroff, reporting for The Washington Post:

Homeland Security inspectors who made an unannounced visit to a private, for-profit immigration jail in California in May found major violations of federal detention standards, including cells with nooses dangling from air vents, detainees losing teeth from lack of dental care and one disabled inmate left alone in a wheelchair for nine days. [...]

One dentist told inspectors that there was no time for cleanings or fillings, and that it was up to inmates to take care of their own oral hygiene despite a lack of supplies. “The dentist dismissed the necessity of fillings if patients commit to brushing and flossing,” the report said. “Floss is only available through detainee commissary accounts, but the dentist suggested detainees could use string from their socks to floss if they were dedicated to dental hygiene.”

DHS inspectors reviewed all requests for dental fillings since 2014 and found that although the jail’s two dentists identified cavities and placed detainees on a waiting list for fillings, no detainees received them. “One detainee we interviewed reported having multiple teeth fall out while waiting more than 2 years for cavities to be filled,” the report said.

ICE didn’t even exist until after 9/11. They were founded in response to terrorist attacks. Letting these people suffer in jail has nothing to do with fighting terrorism. These conditions would be deplorable anywhere in the world, but to have this going on in the United States of America is just astounding.

‘Vice’ — New Film From Adam McKay 


I loved McKay’s The Big Short, so despite never wanting to think about any of those horrible men ever again, I am looking forward to watching this.

Hell yeah to this. Christian Bale looks and sounds more like Dick Cheney than Dick Cheney does. And The Big Short wasn’t just good, it was highly inventive. Recommended.

Adding Device Frames to iPhone XS and XS Max Screenshots With Shortcuts 

Very cool scripts for the iOS 12 Shortcuts app from Federico Viticci.

Apple Watch Series 4 Fall Detection Tested by a Hollywood Stunt Double 

Of course Joanna Stern would hire a professional stuntwoman. Spoiler: the fall detection seems to work very well.

iPhone XS: Why It’s a Whole New Camera 

Sebastiaan de With — co-creator of the excellent Halide camera app — has a deep dive on changes to the iPhone XS camera system. One fascinating development: RAW images are way noisier than they are on an iPhone X. Halide has a pretty good solution they’re calling “Smart RAW”.

If you’ve seen people wondering whether the iPhone XS is applying a tacky “beauty filter” to skin tones, send them to this article. It explains what is really going on.

Microsoft Surface Event 2018: The 5 Biggest Announcements 

Tablets, laptops, Bluetooth headphones. A new black color option. They all look nice.

Jason Snell on Apple Watch Series 4 

Jason Snell, writing at Six Colors:

The result is that I like lots of aspects of the watch faces on the Series 4, but after more than a week of fiddling with complications and faces, I’ve yet to settle on one that I am comfortable with. I find myself wanting to mix and match, which isn’t actually allowed. Perhaps as more apps add support for the new complication sizes, I will find that their utility balances out my preference for the aesthetics of the older faces. Right now I’m using Infograph with a handful of complications around the edges, but I don’t love it. There’s still something missing.

The circle of the Utility and Infograph watch faces are exactly the same size. There’s no reason that Utility shouldn’t use modern complications. I understand that Apple may have had bigger fish to fry in watchOS 5, but it feels like it’s time for a upgrade and rethink of all the Apple Watch faces.

Agreed completely.

Amazon to Raise Minimum Wage to $15 for All U.S. Workers 

Karen Weise, reporting for The New York Times:

Even Amazon can get squeezed by political pressure and a tight labor market. The online giant on Tuesday said it would raise the minimum wage to $15 an hour for all of its United States workers.

It said the pay increase would include part-time workers and those hired through temporary agencies. The company said it would also lobby Washington to raise the federal minimum wage.

Amazon said the new wages would apply to more than 250,000 Amazon employees, including those at the grocery chain Whole Foods, as well as the more than 100,000 seasonal employees it will hire for the holiday season. They go into effect on Nov. 1.

Check out the exuberant reaction from employees at a California fulfillment center when this was announced this morning.

The iPhone Franchise 

I’m still catching up on coverage of Apple’s iPhone and Apple Watch event last month. Ben Thompson makes some excellent points:

The strategy is, dare I say, bordering on over-confidence. Apple is raising prices on its best product even as that product’s relative differentiation from the company’s next best model is the smallest it has ever been.

Here, though, I thought the keynote’s “Mission: Impossible”-themed opening really hit the mark: the reason why franchises rule Hollywood is their dependability. Sure, they cost a fortune to make and to market, but they are known quantities that sell all over the world — $735 million-to-date for the latest Tom Cruise thriller, to take a pertinent example.

That is the iPhone: it is a franchise, the closest thing to a hardware annuity stream tech has ever seen. Some people buy an iPhone every year; some are on a two-year cycle; others wait for screens to crack, batteries to die, or apps to slow. Nearly all, though, buy another iPhone, making the purpose of yesterday’s keynote less an exercise in selling a device and more a matter of informing self-selected segments which device they will ultimately buy, and for what price.

How long does this continue? Ten years? Longer? It seems to me there’s no end in sight. The franchise isn’t just still going strong, it’s stronger than ever.