By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: January 26, 2021

Tuesday, 26 January 2021

iOS 14.4 Fixes Three Security Bugs That ‘May Have Been Actively Exploited’ by Hackers ★

Zack Whittaker, reporting for TechCrunch:

The technology giant said in its security update pages for iOS and iPadOS 14.4 that the three bugs affecting iPhones and iPads “may have been actively exploited.” Details of the vulnerabilities are scarce, and an Apple spokesperson declined to comment beyond what’s in the advisory.

It’s not known who is actively exploiting the vulnerabilities, or who might have fallen victim. Apple did not say if the attack was targeted against a small subset of users or if it was a wider attack. Apple granted anonymity to the individual who submitted the bug, the advisory said.

Two of the bugs were found in WebKit, the browser engine that powers the Safari browser, and the Kernel, the core of the operating system. Some successful exploits use sets of vulnerabilities chained together, rather than a single flaw. It’s not uncommon for attackers to first target vulnerabilities in a device’s browsers as a way to get access to the underlying operating system.

Bug fixes to close potential exploits aren’t uncommon, but the lack of details around these is a little curious.

Most Google Apps for iOS Still Have No Privacy ‘Nutrition’ Labels ★

Juli Clover, writing a week ago at MacRumors:

As of December 8, Apple has been requiring developers submitting new apps and app updates to provide privacy label information that outlines the data that each app collects from users when it is installed. Many app developers, such as Facebook, have complied and now include the privacy labels alongside their apps, but there’s one notable outlier — Google.

Google has not updated its major apps like Gmail, Google Maps, Chrome, and YouTube since December 7 or before, and most Google apps have to date have not been updated with the Privacy Label feature. […]

On January 5, Google told TechCrunch that the data would be added to its iOS apps “this week or the next week,” but both this week and the next week have come and gone with no update. It has now been well over a month since Google last updated its apps.

One week later and still, none of Google’s flagship apps have privacy nutrition info. I don’t get it. Suck it up like Facebook did and put it out, no matter how bad it looks. And it’s not like Google was surprised by this requirement — Apple made it very clear at WWDC that this would be mandatory. They’ve had 7 months to prepare for this. What is going on here?

I’m curious too which other high-profile apps are out there that still haven’t submitted their privacy label information. If you spot any, let me know (send me an email, or reply to the tweet for this post).

Animated Timeline of the All-Time MLB Home Run Leaders ★

I need a fun baseball link to wash out the taste of the no-fun Hall of Fame voters, so here’s a fun tweet from Greg Harvey:

In memory of Hank Aaron after his passing on Friday, I have created an interactive timeline of the Top-10 Career Home Run leaders since the beginning of the Modern Era.

Check out how different players enter and exit through different eras of baseball.

One thing that jumps out here is how far ahead of his time Babe Ruth was — why his home run hitting was such a cultural phenomenon. When Ruth hit his 500th homer, second place was Rogers Hornsby at 264. When Ruth hit his 714th (and final) homer, no one else had hit 400, and only three had even gotten to 300. (And the next player to get to 400 was Ruth’s own teammate, Lou Gehrig.)

Via Dave Mark.

No One Elected to Baseball Hall of Fame Class of 2021 ★

Bradford Doolittle, reporting for ESPN:

No player on the Hall’s 2021 Baseball Writers’ Association of America ballot reached the 75 percent threshold needed for enshrinement in Cooperstown. The results of the voting were announced by Hall of Fame president Tim Mead on MLB Network on Tuesday night.

The leading vote-getter was controversial pitcher Curt Schilling, who was named on 71.1 percent of the ballots, 16 votes shy of the minimum needed for selection. Schilling was followed by all-time home run leader Barry Bonds (61.8 percent) and 354-game winner Roger Clemens (61.6) in the voting.

These BBWAA voters need to get over themselves. It’s embarrassing to the sport that Bonds and Clemens aren’t in. Same for Pete Rose. Put them in the hall and explain what they did in the exhibit of their careers.

Schilling is a good counter-example. I think he’s a borderline hall of famer, based on performance alone. Letting his personal odiousness be the deciding factor to leave him off your ballot is reasonable. Same thing with a guy like Sammy Sosa — borderline, statistically, so sure, let your feelings about his use of PEDs be a factor in your vote. But Clemens and Bonds? There’s nothing borderline about them.

Twitter Acquires Revue, a Substack Competitor ★

Kayvon Beykpour and Mike Park, writing on the Twitter blog:

To jumpstart our efforts, Twitter has acquired Revue, a service that makes it free and easy for anyone to start and publish editorial newsletters. Revue will accelerate our work to help people stay informed about their interests while giving all types of writers a way to monetize their audience — whether it’s through the one they built at a publication, their website, on Twitter, or elsewhere. […]

Starting today, we’re making Revue’s Pro features free for all accounts and lowering the paid newsletter fee to 5%, a competitive rate that lets writers keep more of the revenue generated from subscriptions.

Substack charges 10 percent, so this gives Revue a leg up on that front. The path forward for Twitter seems obvious:

• Let Twitter users attach a credit card (or a Square Cash account — I’m sure Twitter’s CEO can get a few minutes of time with the folks at Square) to their Twitter account.
• Let those users with a card attached sign up for “Twitter Pro”, which would give them a badge on their avatar like the blue-check verified badge.
• Sell access to Revue content right in the Twitter app. See a tweet with a link to an article from a subscriber-only newsletter? Subscribe to the newsletter in two taps, right in the app, just like buying apps from the App Store.

This seems rather obvious, and a good idea, so I’m sure Twitter won’t do it.