By John Gruber
WorkOS is a modern identity platform for B2B SaaS, supporting SSO, SCIM, user management, and RBAC.
Linked List: October 8, 2020
Thursday, 8 October 2020
- Business Insider: Microsoft Plans to Bring Xbox Game Pass to iOS as a Web App ★
-
Ashley Stewart, reporting for Business Insider:
Microsoft’s gaming boss Phil Spencer told employees at an all-hands meeting on Wednesday the company is planning to bring Game Pass to Apple’s iPhone and iPad, targeting 2021 for the potential release of a “direct browser-based solution,” Business Insider has learned.
“We absolutely will end up on iOS,” Spencer told employees, according to two people with direct knowledge of his comments. Microsoft did not comment at the time of publication.
I wondered if the web app route might be what Microsoft would try after Amazon announced that’s what it’s doing for its game streaming service. Really curious to see how well this will work.
- ‘We Hacked Apple for 3 Months: Here’s What We Found’ ★
-
Sam Curry:
Between the period of July 6th to October 6th myself, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked together and hacked on the Apple bug bounty program. […] During our engagement, we found a variety of vulnerabilities in core portions of their infrastructure that would’ve allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.
There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. […] As of October 6th, 2020, the vast majority of these findings have been fixed and credited. They were typically remediated within 1-2 business days (with some being fixed in as little as 4-6 hours).
This is some truly eye-popping stuff. Read-only access to the source code to iOS and MacOS? That’s a far cry from read-write access, but still well into “wow” territory. Hacker News has good commentary, including this sub-thread with perspective from Thomas Ptacek on the economics of bug bounty hunting.
- Denoting Texting Corrections ★
-
Ever since this XKCD comic appeared back in July, I’ve taken note of how people in my circle make texting corrections. Most just type the corrected spelling (often a de-autocorrection) without punctuation, but I’ve noticed a few who use asterisks. I use a carrot, which I’ve always thought was a natural mark for corrections.
^caret
- Ars Technica: ‘Google’s Supreme Court Faceoff With Oracle Was a Disaster for Google’ ★
-
Timothy B. Lee, writing for Ars Technica:
The Supreme Court’s eight justices on Wednesday seemed skeptical of Google’s argument that application programming interfaces (APIs) are not protected by copyright law. The high court was hearing oral arguments in Google’s decade-long legal battle with Oracle. Oracle argues that Google infringed its copyright in the Java programming language when it re-implemented Java APIs for use by Android app developers. […]
Arguably Goldstein’s most important task here — and throughout Wednesday’s argument — was to convince justices that there was an important difference between APIs and other code and that this difference had legal implications.
“He did an abysmal job,” Cornell University legal scholar James Grimmelmann told Ars in a Wednesday phone interview. “At the level of nuance he was willing to get into, his case was a loser. The only way to make it stick is to be nuanced about what it means to declare code.”
My gut feeling is that Google is in the right here — APIs should not be copyrightable — but that they utterly failed to make the argument in a clear way.
The Verge’s Sarah Jeong live-tweeted the arguments, and as usual, her notes are a wonderful way to get the condensed gist.