By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: January 22, 2020

Wednesday, 22 January 2020

Go Dragons ★

News from my alma mater, from Philadelphia Inquirer reporter Jeremy Roebuck:

The former head of Drexel University’s electrical engineering department was charged with theft Tuesday, three months after he stuck the school with a $190,000 tab for research money he allegedly misspent at strip clubs and on personal expenses.

Philadelphia prosecutors accused Chikaodinaka Nwankpa, 57, of spending $96,000 in federal grant funds at adult entertainment venues and sports bars between 2010 and 2017. He allegedly squandered $89,000 — funding he had secured for science, energy, and naval research — on iTunes purchases and meals.

I’ll go out on a limb and guess it was mostly on meals, but perhaps in addition to his other hobbies, Nwankpa is quite the cinephile.

Update: I completely blanked on in-app purchases for games. Something on the order of $1,000/month in IAP over this seven-year stretch would only make Nwankpa a low-level “whale” in mobile gaming. He could have easily blown a bigger chunk of the $89K on iTunes than on expensive meals. It’s Vegas, and Apple owns the biggest casino.

(Kind of hard to believe there’s only one hit for “Nwankpa” at The Triangle. A college newspaper ought to live for a story like this. I’d have gotten a month’s worth of columns out of it in my day.)

Away Co-Founder Steph Korey Is Back as Co-CEO ★

Lauren Thomas, reporting for CNBC a week ago:

Just weeks after stepping down as chief executive officer of luggage maker Away following a report about her leadership tactics, Steph Korey is back as co-CEO. […]

But she told Away employees in a companywide Slack message Monday, which was reviewed by CNBC: “The inaccurate reporting that was published in December about our company unleashed a social media mob — not just on me, but also on many of you.” She added that her move to executive chairman had caused “more confusion than clarity. … So, let me clear that up: I am not leaving the company.”

Korey went on to say the company will contemplate its “legal options” after The Verge responds to its “demands for retractions and corrections.” A representative from The Verge wasn’t immediately available to respond to CNBC’s request for comment.

Away said it has hired Libby Locke, the lawyer who won a defamation case against Rolling Stone magazine for a retracted story about an alleged gang rape at the University of Virginia. Locke said in an email Monday that the Verge “published hit pieces filled with lies and distortions designed to damage Away’s reputation.”

Surprise twist, to say the least. This seemingly puts the kibosh on my theory that Korey was stabbed in the back by Away’s board.

(Disclaimer: Away has been a frequent sponsor of my podcast.)

MacOS 10.15 Catalina Bug: LG 5K Display Resets to Maximum Brightness Every Reboot ★

Lloyd Chambers:

There are so many bugs in Catalina that I could spend weeks writing them up. Here’s one that is not just eye-popping (literally), but of great annoyance to me as a photographer — I need the display to remain stable and predictable.

After every reboot, the LG 5K display goes to maximum brightness.

Chambers quotes from several others encountering the same issue. A DF reader — also a professional photographer — wrote to me about this bug last week. He (the DF reader) was using a $6,000 new 16-inch MacBook Pro. I say was, past tense, because after a few days he returned it because this brightness issue was no small thing for him, because he sets his display brightness precisely using a display calibrator. Doing this several times per day every day quickly drove him mad.

Is this the worst bug in the world? Not even close. It’s a paper-cut bug. No data loss, no crash, not some sort of thing where something doesn’t even work — just an annoyance. But no one wants to use a tool that gives you half a dozen paper cuts every day. And MacOS 10.15 is chockablock with paper-cut bugs. And it’s not like the LG 5K Display is some obscure unsupported display — it’s the one and only external 5K display sold by Apple itself.

2016 WSJ Story on Apple’s Plans for E2E Encryption for iCloud Data ★

Daisuke Wakabayashi, reporting for The Wall Street Journal four years ago:

Apple Inc. has refused federal requests to help unlock the phone of San Bernardino gunman Syed Rizwan Farook. But the company turned over data from his phone that Mr. Farook had backed up on its iCloud service.

Soon, that may not be so simple. Apple is working to bolster its encryption so that it won’t be able to decode user information stored in iCloud, according to people familiar with the matter.

But Apple executives are wrestling with how to strengthen iCloud encryption without inconveniencing users. Apple prides itself on creating intuitive, easy-to-use software, and some in the company worry about adding complexity.

If a user forgets a password, for example, and Apple doesn’t have the keys, the user might lose access to photos and other important data. If Apple keeps a copy of the key, the copy “can be compromised or the service can be compelled to turn it over,” said Window Snyder, a former Apple security and privacy manager who is now chief security officer at Fastly, a content-delivery network.

If Apple were to implement E2E encryption for iCloud backups, there’s no “might” about it — if the customer forgets their password, they would lose access to the data. That’s the entire point of this debate.

Given that this was four years ago, something clearly interrupted this plan. I’ve heard from a few additional sources at Apple (or very recently at Apple), and all believe that Apple’s reluctance to use end-to-end encryption for iCloud backups is about how frequently customers don’t know their password but need to access their backups. My idea is to make it optional, but every additional option makes a feature more complicated. No one expects to forget their password — even if this were only an option, some number of iCloud users would turn it on because it’s more secure, forget their password, and be forever locked out of their backups. If it weren’t optional — if backups were E2E encrypted with the keys solely in the hands of users — thousands of iCloud users would be forever locked out of their data each year.

Also, let me emphasize that with the sole exception of email — which is expected — all iCloud data is encrypted both in transit and in storage on Apple’s servers. (Email is encrypted in transit, of course, just not in storage.) The difference is whether Apple also has a key to the data. End-to-end encryption is when only the user controls the keys. Just plain “encryption” is when Apple also has a key.