By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: August 24, 2020

Monday, 24 August 2020

Xbox Executive Kevin Gammill’s ‘Declaration of Support’ for Epic Is Specifically About Unreal Engine, not Fortnite ★

Regarding the Unreal Engine part of the Epic v. Apple legal battle, Microsoft Xbox executive Kevin Gammill filed a declaration for Epic over the weekend. I’m a little surprised Microsoft waded into this at all, but read Gammill’s declaration — it’s only three pages and very cogent. All his declaration states is that Apple revoking Epic’s license to develop Unreal Engine for Apple platforms would be bad for Epic and bad for all games that use Unreal Engine to target iOS or MacOS. Basically: duh. It doesn’t even contain the terms “Fortnite” or “App Store”.

This doesn’t contradict my prediction that you won’t see Microsoft, Sony, or Nintendo file amicus briefs on Epic’s behalf about the App Store’s control over software and mandatory use of Apple’s payment system. If Apple hadn’t threatened to revoke the developer program license for Unreal Engine, Microsoft wouldn’t have piped in here.

Apple and Epic Square Off in Preliminary Hearing on Zoom ★

Russell Brandom, reporting for The Verge:

On Monday, Epic Games and Apple faced off in the first hearing of their ongoing legal fight, held in a public Zoom call because of the ongoing quarantine restrictions. The hearing sought to determine whether Epic’s developer privileges should be legally protected — initially by a temporary restraining order, setting the stage for a more powerful preliminary injunction that would remain in force for the duration of the trial.

Judge Yvonne Gonzalez Rogers did not issue an immediate ruling on the issue, but said she would be issuing a written order after the fact “and I will issue it quickly.”

However, Judge Gonzalez Rogers opened the hearing by indicating she was likely to take action to protect the Unreal Engine, but let the Fortnite ban stand. “I am not inclined to grant relief with respect to the games,” the judge said, “but I am inclined to grant relief with respect to the Unreal Engine.”

Effectively, Apple’s threat to revoke all of Epic’s Apple Developer Program memberships — not just the account for the subsidiary behind Fortnite but also that of the subsidiary behind Unreal Engine — has made this into two cases: the main part regarding Fortnite and the iOS App Store, and a second part regarding Unreal Engine and all Apple platforms.

Judge Gonzalez Rogers’s take sounds right for now: in Apple’s favor regarding Fortnite, and in Epic’s favor regarding Unreal Engine.

For good play-by-play livestream coverage of the hearing, I suggest reading Sarah Jeong’s thread on Twitter.

Update: Judge Gonzalez Rogers ruled exactly as she was inclined. Seems fair, and the ruling’s “background” section is an excellent, accurate, and fair assessment of the saga to date.

Can Thieves Crack 6-Digit iPhone Passcodes? ★

Henrique Prange, on Twitter:

Stop using 6-digit iPhone passcodes! Do you think I am overly paranoid? Keep reading.

Last week, a friend of mine had his iPhone stolen. What follows is the sequence of events that started as an unfortunate event and ended up with $30,000 in unauthorized wire transfers, $2,500 spent on the AppStore, and accounts of multiple services compromised. […]

So, how could the wrongdoers do all of that in less than 5 hours? After considering many options, the only reasonable explanation is they cracked the 6-digit passcode on the stolen iPhone using some kind of device like the GrayKey.

The passcode gave them access to the keychain. They searched for the iCloud credentials, disabled the Lost Mode, and turned off the Find My.

This is an interesting but alarming story. Did the thieves crack his 6-digit passcode with a GrayKey or GrayKey-like device? Impossible to say. But it’s worth thinking about it. We know GrayKey exists, and if it exists, thieves could have it. It’s also easier for a would-be thief to snoop a target entering a 6-digit passcode than an alphanumeric passphrase.

I mention this in the wake of the aforelinked piece on Face ID vs. face masks because months ago, when I first started grocery shopping while wearing a mask, I switched my iPhone from an alphanumeric passphrase back to a 6-digit passcode for convenience. I did so thinking, basically, that even though a 6-digit passcode is less secure, anything truly dangerous like disabling Find My iPhone requires my iCloud password as well.

It simply never occurred to me that if a thief (or law enforcement, or any adversary) has the device passcode, and your iCloud password is in your keychain, they can get your iCloud password from your keychain. All you need is the device passcode to access all of the passwords in iCloud keychain. Try it — you can.

So I’m back on an alphanumeric passphrase, inconvenience while wearing a mask be damned. Remember too: you don’t need to make an alphanumeric device passphrase long or complicated to make it very secure — a 6-character alphanumeric passphrase would take on average 72 years to crack by brute force because it takes 80-milliseconds for the secure enclave to process each guess.

Face ID vs. Face Masks ★

David Porter, reporting for the AP two weeks ago (again, yesterday in coronatime):

In a letter to CEO Tim Cook obtained by The Associated Press, Metropolitan Transportation Authority Chairman Patrick Foye said riders have been seen removing their masks to unlock their phones using face-recognition technology, despite a recent update by Apple that simplifies the unlock process for people wearing masks.

Previously, an iPhone user wearing a mask would have to wait a few seconds as face recognition software tried to identify them before they eventually could enter a passcode. In response to the pandemic, Apple’s iOS 13.5, released in May, automatically presents the passcode field after a user swipes up from the bottom of the lock screen. Also, Apple Pay Express Transit, introduced last year, allows riders on some bus and subway lines to pay with their iPhone or Apple Watch without having to wake the device.

I’m not sure what such a letter accomplishes other than giving Foye the ability to say he did what he could. Face ID isn’t just software, it’s hardware, and I don’t think any of the existing Face ID iPhones can be updated, via software, to somehow work to authenticate faces while wearing a mask.

It’s interesting to ponder what a disaster, publicity wise, the iPhone X would have been if COVID-19 had hit in 2017. It’s one thing for hundreds of millions of Face ID devices to be made inconvenient by face masks, years after introduction. It would have been another thing altogether for Apple to introduce Face ID amidst a worldwide face mask mandate.

It’s certainly possible that future Face ID systems will be able to securely authenticate you while wearing a face mask. If we can recognize people we know while they’re wearing a mask, a computer system can too — but anything that makes it harder for us to recognize a face is going to make it harder for Face ID too, and face masks are obviously disguising. Will this year’s new iPhones be able to do it? I doubt it. All of the hardware for this year’s iPhones was set in stone long before COVID hit.

Microsoft’s Surface Duo, A Split-Screen Folding Android Tablet, Arrives on September 10 for $1,400 ★

Tom Warren, writing for The Verge two weeks ago (or yesterday, in coronatime):

While Microsoft had revealed the design of the Surface Duo back in October, the company has kept the specs relatively secret. The device includes two separate 5.6-inch OLED displays (1800 x 1350) with a 4:3 aspect ratio that connect together to form a 8.1-inch overall workspace (2700 x 1800) with a 3:2 aspect ratio. Unlike foldables like Samsung’s Galaxy Fold, the Surface Duo is using real Gorilla Glass, and the displays are designed to work in a similar way to multiple monitors on a Windows PC.

One big question over the Surface Duo has been the camera. Microsoft is using an 11-megapixel f/2.0 camera, which will include auto modes for low light, HDR multi-frame captures, and a “super zoom” up to 7x. Both 4K and 1080p video recording will be supported at 30fps and 60fps, with electronic image stabilization. There’s only a single camera on the Surface Duo, which can be used both for video calls and as a main camera.

So I’m deeply intrigued by the Surface Duo but at the same time incredibly dubious that anyone wants this. I don’t get the confusion over whether it’s a phone or not. It can make phone calls and act as a phone, but Microsoft never calls it one. My take is it’s a folding tablet that might as well act like a phone if you have a cellular plan, in case that’s what you really want. But I’d guess most people who do get one of these will still carry a dedicated phone — I’ve been skeptical about giant ass phones for a decade now and I’ve been proven largely wrong (no pun intended) about the size of phones many people want to carry, but this is preposterous as something you might want to pocket.

People are dinging it for the broad bezels at the top and bottom but that’s just superficial. My fundamental skepticism is whether Android is actually a good OS for this, and whether there are actual use cases for this form factor regardless of OS and application support for the split screen. At $1,400 it’s clearly a premium product — is there a premium use case?