By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: June 1, 2020

Monday, 1 June 2020

TPM: ‘Cops Break Up Peaceful Protest With Tear Gas So Trump Can Have a Church Photo-Op’ ★

This raises an interesting theological question: How much tear gas would Jesus use on protesters to clear a path for a photo of him in front of a church, holding a bible in a way that, sure, normal people hold bibles?

This photo from Doug Mills of the NYT captures the moment more honestly.

Researcher Reports Zero-Day in Sign In With Apple, Gets Paid $100,000 Bounty ★

Bhavuk Jain:

In the month of April, I found a zero-day in Sign in with Apple that affected third-party applications which were using it and didn’t implement their own additional security measures. This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not.

For this vulnerability, I was paid $100,000 by Apple under their Apple Security Bounty program. […]

Apple also did an investigation of their logs and determined there was no misuse or account compromise due to this vulnerability.

Nice write-up of the technical details too.

Amazon No Longer Puts What You Ordered in Email Confirmations, Presumably to Thwart Data Harvesters ★

I’ve noticed this too, but hadn’t really thought about it until I saw this post from Michael Tsai (based on tweets from Paul Rosania and Andrew Chen): Amazon no longer puts a list of items in order confirmation and shipment notice emails. Almost certainly they’re doing this to thwart email-scraping data harvesters from obtaining information about Amazon sales. All sorts of companies harvest this info, and people volunteer to let them do it (including Edison Mail, the iOS mail client whose recent egregious bug granted full access to email accounts to random other users — at least they’re up front about it in their “how we use data” statement). Edison is far from alone in this — there’s an entire cottage industry of email clients and “tools” whose entire business model is based on scraping their users’ email for e-commerce trends.

So, from the Department of This Is Why We Can’t Have Nice Things, Amazon has responded by removing product information from its emails. One reason this change was merely a low-grade annoyance for me, personally, is that I allow the Amazon iPhone app to send me notifications, and these notifications include shipping updates and delivery confirmation. If you’re notification-permission-averse — and who isn’t these days? — I recommend making an exception for the Amazon app. I can’t promise Amazon will never use these notifications to send you an ad, but in my experience they only send me notifications regarding things I’ve ordered from them — their notifications serve me, not them. And Amazon’s website and app continue to have a nicely searchable archive of your entire order history — mine goes back to the Clinton administration, which feels like another epoch. But it was nice having your own searchable archive of purchased items right in your email.

The Magic Puzzle Company ★

My thanks to The Magic Puzzle Company for sponsoring DF last week. They’re debuting with a set of three new 1,000-piece jigsaw puzzles with original art and a magical surprise at the end. These are not typical jigsaw puzzles:

• They commissioned incredible, original art from independent artists, designed from the very beginning to be used in a jigsaw puzzle.
• They designed surprise endings using techniques from optical illusions and magic that add an extra experience to the end of the puzzle.
• Each puzzle has over 50 easter eggs to find as you solve (and they come with a guide to help).

Series One is a Kickstarter campaign that, just hours ago, crossed the $3 million mark. I can see why — all three puzzles are gorgeous. They sent me a prototype and it’s exquisite. I mean come on — the company commissioned Susan Kare to make their logo (and, of course, the logo is perfect).

iOS 13.5.1 Is Out With Security Fixes, Presumably to Patch Last Week’s ‘Unc0ver’ Jailbreak ★

There’s a MacOS 10.15 Catalina update out today too.

Facebook Employees Begin to Revolt ★

Sheera Frenkel, Mike Isaac, and Cecilia Kang, reporting for The New York Times:

Mr. Zuckerberg’s post last week explaining his decision on Mr. Trump’s tweets frustrated many inside the company. More than a dozen Facebook employees tweeted that they disagreed with Mr. Zuckerberg’s decision, including the head of design of Facebook’s portal product, Andrew Crow.

An engineer for the platform, Lauren Tan, posted about the situation on Friday. “Facebook’s inaction in taking down Trump’s post inciting violence makes me ashamed to work here,” Ms. Tan wrote in a tweet. “Silence is complicity.”

Two senior Facebook employees told The New York Times that they had informed their managers that they would resign if Mr. Zuckerberg did not reverse his decision. Another person, who was supposed to start work at the company next month, told Facebook they were no longer willing to accept a position at the company because of Mr. Zuckerberg’s decision.

I don’t know why the Times linked to Tan’s tweet but not Crow’s:

Censoring information that might help people see the complete picture is wrong. But giving a platform to incite violence and spread disinformation is unacceptable, regardless who you are or if it’s newsworthy. I disagree with Mark’s position and will work to make change happen.

I’ve seen some people making hay over this Times story, based on the framing of it as a “virtual walkout”. Forget about the “walkout”. What’s important here are Facebook employees speaking out, unequivocally. Interesting too that they’re using Twitter to express their dissent.

Facebook’s real risk here, as I see it, is getting branded as the social network for racists. Talent retention is the top challenge for every tech company. We’re going through history, right now, and Facebook is on the wrong side of it. No one wants that on their resume.

Barack Obama: ‘How to Make This Moment the Turning Point for Real Change’ ★

Barack Obama:

I recognize that these past few months have been hard and dispiriting — that the fear, sorrow, uncertainty, and hardship of a pandemic have been compounded by tragic reminders that prejudice and inequality still shape so much of American life. But watching the heightened activism of young people in recent weeks, of every race and every station, makes me hopeful. If, going forward, we can channel our justifiable anger into peaceful, sustained, and effective action, then this moment can be a real turning point in our nation’s long journey to live up to our highest ideals.

Let’s get to work.