By John Gruber
Streaks: The to-do list that helps you form good habits. For iPhone, iPad and Mac.
Many Tricks:
Say hello to Menuwhere, Many Tricks’ newest app. This handy $3 utility puts the frontmost app’s menu bar into a pop-up menu at your mouse’s location — say goodbye to those long trips to the menu bar; the main menu is now just a hot key away.
Very cool idea, and just $3.
Update: Already up to version 2.0!
The obituaries for Adobe cofounder Chuck Geschke all mention his 1992 kidnapping, but they make it seem like it wasn’t all that serious. It was, in fact, crazy serious. This 4-part 2009 series for The Los Altos Town Crier, by Anne Chappell Belden, has the details:
“Do you work here?” the man asked.
“Yes, can I help you?” Chuck asked and instinctively moved toward him. The man pulled his map aside and revealed a gun. “You’re coming with me,” the man said. By then Chuck was within arms reach so he did not protest when the man grabbed his arm and directed him into the car. He would later replay this moment dozens of times, questioning his decision to obey.
With the gun jammed against Chuck’s ribs, the man said, “You’re being kidnapped. I want you to keep your eyes down.” He took two duct tape cut-outs and placed them over Chuck’s eyes. He covered those with a pair of sunglasses, so no one could see from outside that Chuck was blindfolded. As the car pulled away, his abductor told Chuck, “If you attempt to do anything, like get away from us, we’ll kill you. We know where your family is. We’ll kill them, too.”
Delightful post from Signal founder Moxie Marlinspike, regarding Signal’s reverse-engineering of a Cellebrite device for hacking into locked iPhones (they recently claimed to be able to read local files stored by Signal):
For example, by including a specially formatted but otherwise innocuous file in an app on a device that is then scanned by Cellebrite, it’s possible to execute code that modifies not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way (inserting or removing text, email, photos, contacts, files, or any other data), with no detectable timestamp changes or checksum failures. This could even be done at random, and would seriously call the data integrity of Cellebrite’s reports into question.
Any app could contain such a file, and until Cellebrite is able to accurately repair all vulnerabilities in its software with extremely high confidence, the only remedy a Cellebrite user has is to not scan devices. Cellebrite could reduce the risk to their users by updating their software to stop scanning apps it considers high risk for these types of data integrity problems, but even that is no guarantee.
We are of course willing to responsibly disclose the specific vulnerabilities we know about to Cellebrite if they do the same for all the vulnerabilities they use in their physical extraction and other services to their respective vendors, now and in the future.
Lots more than this — including the fact that Cellebrite is embedding DLLs from Apple in their software.
Catalin Cimpanu, reporting for The Record:
The operators of the REvil ransomware are demanding that Apple pay a ransom demand to avoid having confidential information leaked on the dark web.
The REvil crew claims it came into possession of Apple product data after breaching Quanta Computer, a Taiwanese company that is the biggest laptop manufacturer in the world and which is also one of the companies that assemble official Apple products based on pre-supplied product designs and schematics.
In a message posted on a dark web portal where the ransomware gang usually threatens victims and leaks their data, the REvil gang said that Quanta refused to pay to get its stolen data back and, as a result, the REvil operators have now decided to go after the company’s primary customer instead.
9to5Mac has already gleaned confirmation about the ports on upcoming MacBook Pros from the schematics the REvil crew has already leaked.
Nathan Gathright:
I read through the “Apple Podcasters Program Agreement” and related documentation so you don’t have to. Here’s a thread of 11 things that caught my eye that I hadn’t seen mentioned anywhere else. […]
10. 💸 Just like the App Store, Apple owns the customer relationship and can choose to offer a refund if they decide you haven’t fulfilled the benefits offered in your subscription. You have to reimburse the money, but Apple retains their cut, natch.
It’s pretty much exactly like the App Store: 70/30 for the first year of a subscription, 85/15 after that, and the customer relationship is between the user and Apple, not the user and the podcaster.