By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: January 29, 2021

Friday, 29 January 2021

5-4-3-2-1: Robinhood’s Reputation Drops Along With the Number of Shares They Let Users Buy ★

Mitchell Clark, writing for The Verge:

Robinhood only wants users to have a limited number of shares of companies like GameStop, and that number keeps getting smaller and smaller. On Thursday, the company halted users’ ability to buy stocks that were associated with r/WallStreetBets, including GameStop, AMC, and Nokia, but the company promised that users would be able to buy limited quantities on Friday. Today, it released a shifting support document that details just how limited things are — and to slightly paraphrase Lando, the deal’s getting worse all the time.

When trading opened earlier today, users were limited to owning five shares of GameStop in aggregate, meaning they could only own up to five — if they already had three GameStop stocks, they could only buy two more — but even that restriction hasn’t lasted. Soon, the number of shares you could buy in GME dropped to two and then finally down to a single share. That’s right: you couldn’t buy more than one.

One share. At least the stock that so many Robinhood users wanted to buy only went up 70 percent today, so I’m sure no one is angry.

Robinhood’s old slogan: “Let the people trade.”

New slogan: “Play with us at the kiddie table.”

‘Meme Stock’ Rally Rescues AMC Theaters From $600M Debt ★

Owen S. Good, writing for Polygon:

Just Monday, AMC was warning investors that “there is substantial doubt about our ability to continue as a going concern.” The reason is obvious: the COVID-19 pandemic has savaged the movie theater business, and the broader stimulus, payroll, and recovery actions by the U.S. government have done little to prop it up.

Wiping out more than half-a-billion dollars in debt, though, should take a lot of pressure off AMC in the short term. “A week ago, it was not crazy to think this company was doomed,” Bloomberg’s Matt Levine wrote on Thursday. “Now it is entirely possible that it will survive and thrive and show movies in movie theaters for decades to come because everyone went nuts and bought meme stocks this week.”

What a week.

Hover Text on MacOS ★

Cool MacOS accessibility feature I did not know about, from Sommer Panage:

One of my fave Mac #accessibility features: Hover Text. I have 2 displays; one is always harder for me to see, especially content to the far right. Hover Text is an awesome and super lightweight way to bring things into view! Find it in System Preferences -> Accessibility -> Zoom

Turn this on, and when you press the Command key, whatever is under the mouse pointer gets a large text tooltip. Hover over a small button labeled “Foo” and the tooltip will show a big “Foo”. But it works for buttons and controls that don’t have text labels too, thanks to accessibility. So if you hover over the red close button in the top left corner of a window, the tooltip will say “Close”.

Dave DeLong points out that this feature could be very useful when screensharing too. Steven Aquino points out that there are options for font size, colors, and the modifier key that triggers it.

‘BlastDoor’: iMessage’s New Sandbox in iOS 14 and MacOS 11 ★

Catalin Cimpanu, writing for ZDNet Zero Day:

Named BlastDoor, this new iOS security feature was discovered by Samuel Groß, a security researcher with Project Zero, a Google security team tasked with finding vulnerabilities in commonly-used software. [...]

While iOS ships with multiple sandbox mechanisms, BlastDoor is a new addition that operates only at the level of the iMessage app. Its role is to take incoming messages and unpack and process their content inside a secure and isolated environment, where any malicious code hidden inside a message can’t interact or harm the underlying operating system or retrieve with user data.

The need for a service like BlastDoor had become obvious after several security researchers had pointed out in the past that the iMessage service was doing a poor job of sanitizing incoming user data. Over the past three years, there had been multiple instances where security researchers or real-world attackers found iMessage remote code execution (RCE) bugs and abused these issues to develop exploits that allowed them to take control over an iPhone just by sending a simple text, photo, or video to someone’s device.

Samuel Groß’s report on Google’s Project Zero blog is chock full of technical details and analysis.

This is a big deal, and from what I understand, a major multi-year undertaking by the iMessage team. Cimpanu’s report makes it sound like it’s an iOS 14 feature, but it’s on MacOS 11, too — it’s an iMessage feature. The basic idea is that parsing untrusted input is always a potential source for bugs. Rather than whack-a-moling these bugs one-by-one as they’re discovered, BlastDoor puts the entire process of parsing input (the text of messages, any file attachments, or even just generating URL previews) into a very sturdy vault. Anything inside the vault has almost no file system access and no network access. Open the attachments inside the vault, and only then pass them on for display.

Very clever. It doesn’t just close a bunch of specific exploits, it should close an entire class of potential exploits. But it’s the sort of thing Apple can’t really announce or promote, so it’s nice to see the effort get some publicity.

Also: “BlastDoor” is a great name for this.

Huawei’s Losses Are Apple’s Gain in China ★

Catherine Shu, reporting for TechCrunch:

The impact of United States government sanctions on Huawei is continuing to hurt the company and dampen overall smartphone shipments in China, where it is the largest smartphone vendor, according to a new report by Canalys. But Huawei’s decline also opens new opportunities for its main rivals, including Apple. [...]

Apple benefited from Huawei’s decline because the company’s Mate series is the iPhone’s main rival in the high-end category, and only 4 million Mate units were shipped in the fourth quarter.

Robinhood Needed Emergency $1 Billion Cash Injection, Yet Remains Underfunded ★

Kate Kelly, Erin Griffith, Andrew Ross Sorkin, and Nathaniel Popper, in a multi-byline report for the NYT:

On Thursday, Robinhood was forced to stop customers from buying a number of stocks like GameStop that were heavily traded this week. To continue operating, it drew on a line of credit from six banks amounting to between $500 million and $600 million to meet higher margin, or lending, requirements from its central clearing facility for stock trades, known as the Depository Trust & Clearing Corporation.

Robinhood still needed more cash quickly to ensure that it didn’t have to place further limits on customer trading, said two people briefed on the situation who insisted on remaining anonymous because the negotiations were confidential.

Robinhood, which is privately held, contacted several of its investors, including the venture capital firms Sequoia Capital and Ribbit Capital, who came together on Thursday night to offer the emergency funding, five people involved in the negotiations said.

Basically, Robinhood blew it by not being honest about this. They should have just come clean and explained that they were short of cash to cover all the action on these stocks. But because they were embarrassed to appear insolvent, they destroyed their ethical reputation instead. And now it’s come out that they were in over their heads financially anyway.

Even today, Robinhood is not even close to allowing users to trade GameStop freely. A friend with a Robinhood account was only able to buy five shares before getting an error message that he held the maximum number of shares. And when you sell GameStop on Robinhood, you can only sell at market price, not a limit order. It’s a complete clown show.