Linked List: February 2021

Sunday, 28 February 2021

My thanks to Instabug for sponsoring last week at DF. Investigate, diagnose, and resolve issues up to 4 times faster with Instabug’s latest Application Performance Monitoring.

Instabug SDK provides you the same level of profiling you get in Xcode Instruments from your live users, with a lightweight SDK and minimal footprint. Whether it’s a crash, slow screen transitions, slow network call, or UI hangs, utilize performance patterns to fix issues faster and spot trends and spikes.

Find out what your app is missing and join the top mobile teams like Verizon, Ventee Privee, and Lyft relying on Instabug for app quality.

Saturday, 27 February 2021

The Talk Show: ‘Pinkies on the Semicolon’ ★

The state of the Mac, with special guest John Siracusa.

Friday, 26 February 2021

MailTrackerBlocker for Apple Mail on MacOS ★

Open source plugin for Apple Mail on MacOS, by Aaron Lee:

MailTrackerBlocker is a plugin (mailbundle) for the default Mail app built-in to macOS. Email marketers and other interests often embed these trackers in HTML emails so they can track how often, when and where you open your emails. This plugin works by stripping out a good majority of these spy pixels out of the HTML before display, rendering the typical advice of disabling “load remote content in messages” unnecessary.

Browse your inbox privately with images displayed once again.

There’s a simple installer to download, and the project’s GitHub page has instructions for installing via HomeBrew. I’ve been running it since Wednesday, and it seems to do just what it says on the tin — it blocks many (most?) marketing and newsletter trackers without requiring you to turn off all remote images. When it does block something, there’s a very subtle indication — the small “ⓧ” button turns blue. Click that button and you get an alert telling you what it blocked. Simple and unobtrusive.

MailTrackerBlocker is a cool project Lee has made available for free, but he has a sponsor page where you can send some dough to thank him. (I sent him a one-time donation via PayPal — you should too if you dig this as much as I do.)

Spoonbill ★

Speaking of Justin Duke, in addition to Buttondown, he also created and runs Spoonbill, a nifty free service that lets you track changes to the bios of the people you follow on Twitter:

How it works.

First, you sign up. (Duh.)

Then we look at all the folks you’re following on Twitter.

We check every couple minutes to see if they’ve changed their profile information.

If they have, we record it!

Then, every morning (or every week), we send you an email with all the changes.

Daily was too much for me, perhaps because I follow too many accounts on Twitter, but once a week is perfect. And you can subscribe via RSS instead of email — this is a very natural service for RSS.

Mailcoach: Another Self-Hosted Newsletter Service ★

“Mailcoach is a self-hosted email marketing platform that integrates with services like Amazon SES, Mailgun, Postmark or Sendgrid to send out bulk mailings affordably.”

Mailcoach lets you disable tracking with a checkbox, and the next version will have tracking off by default.

Sendy: Self-Hosted Newsletter Service Built Atop Amazon SES ★

Sendy is an interesting newsletter service recommended by a longtime DF reader:

Sendy is a self hosted email newsletter application that lets you send trackable emails via Amazon Simple Email Service (SES). This makes it possible for you to send authenticated bulk emails at an insanely low price without sacrificing deliverability.

You need to host the PHP application yourself (more or less like self-hosting, say, WordPress), but the emails go out via Amazon’s service. Sendy makes it easy to disable tracking pixels, and, even if you do track subscribers, the tracking information never involves any third parties, including Sendy. Just you.

Sendy’s big pitch isn’t privacy but cost: they claim to be 100-200 times cheaper than MailChimp or Campaign Monitor.

Buttondown: Newsletter Service That Allows Opting Out of Tracking ★

It’s hard to find newsletter services that even allow you — the purveyor of the newsletter — not to track your subscribers. Buttondown — from Justin Duke — is one option, and it looks pretty sweet. (Markdown editing, for example.) From Buttondown’s privacy feature page:

Many busineses thrive the concept of collecting data about individuals based on their email addresses and inbox usage. (You can read about that here.) Buttondown is different. As a bootstrapped business, I don’t need to engage with data on level. Your information is yours, and yours alone.

Buttondown collects the standard bevy of email analytics: IP addresses, open and click events, client information. Buttondown sends that to absolutely nobody besides, well, you, the beloved customer. And if you want to completely opt out, you can.

By default, Buttondown seems just as privacy-intrusive as all the other newsletter providers:

Track Opens and Clicks — Per-email analytics mean you get an easy funnel of how many folks are engaging with your emails and what content they’re interested in.

Translated to plain English: “Spy tracking allows you to know when each of your subscribers opens and reads your newsletter, including the ability to creep on them individually.” Buttondown’s privacy “win” is that it at least allows you to turn tracking off with a simple checkbox. Most services don’t. I can’t find any hosted service that doesn’t offer tracking period, or even defaults to no tracking.

[Update: Justin Duke, on Twitter: “thanks for the buttondown mention! agreed that defaulting to opt out of tracking automatically is better: the current default wasn’t a deliberate choice so much as an artifact of the initial behavior’s implementation.” He’s changing the default to not use analytics, as of tonight. Nice!]

One message I’ve heard from folks who would know is that two of the reasons for the ubiquitous use of tracking pixels in newsletters are anti-spam tools (anti-anti-spam tools, really) and the expense of sending emails to people who never read them. Newsletters being flagged as spam — especially by major players like Gmail and Hotmail — is a never-ending game of whack-a-mole, and spy pixels help alert newsletter providers that their messages are being flagged. Expense-wise, those who send free newsletters want to cull from their lists people who never open them or click any of the links. Sending newsletters to thousands (let alone tens of thousands or more) of subscribers is, relatively speaking, expensive.

I’m sympathetic, but that’s a YP, not an MP, so fuck you and your tracking pixels. I’m blocking them and you should too.

But that’s why the world needs a company like Apple to take action. If Apple were to kneecap email tracking in Mail for Mac and iOS, the industry would have to adapt.

Thursday, 25 February 2021

Twitter Teases Upcoming Features: Paid ‘Super Follows’ and Community Groups ★

Jacob Kastrenakes, reporting for The Verge:

The payment feature, called Super Follows, will allow Twitter users to charge followers and give them access to extra content. That could be bonus tweets, access to a community group, subscription to a newsletter, or a badge indicating your support. In a mockup screenshot, Twitter showed an example where a user charges $4.99 per month to receive a series of perks. Twitter sees it as a way to let creators and publishers get paid directly by their fans.

Twitter also announced a new feature called Communities, which appear to be its take on something like Facebook Groups. People can create and join groups around specific interests — like cats or plants, Twitter suggests — allowing them to see more tweets focused on those topics. Groups have been a huge success for Facebook (and a huge moderation problem, too), and they could be a particularly helpful tool on Twitter, since the service’s open-ended nature can make it difficult for new users to get started on the platform.

Both these features sound great. Ben Thompson and I encouraged Twitter to do something like “Super Follows” a few weeks ago on Dithering. Almost certainly, though, all of this will only work in Twitter’s own client, not third-party apps like Tweetbot and Twitterrific.

Twitter hasn’t said how the economics will work — what cut of the money they’re going to take — but last month when they acquired paid-newsletter Substack rival Revue, they cut Revue’s take to just 5 percent. (Substack takes 10.)

‘Steve Jobs Stories’ on Clubhouse ★

Computer History Museum:

Chris Fralic, Steven Levy, Esther Dyson, Mike Slade, John Sculley, Seth Godin, Andy Cunningham, Dan’l Lewin, Doug Menuez, Regis McKenna, Andy Hertzfeld, and Steven Rosenblatt share their “Steve Jobs Stories” in honor of what would have been the Apple cofounder’s 66th birthday.

I missed the first half of this show on Clubhouse, but caught the second half live. Easily the best event I’ve heard on Clubhouse. Good stories, well told. Nice job by the Computer History Museum getting this recorded and posted to YouTube for posterity.

El Toro ‘One-to-One IP Targeting’ ★

“Ad tech” (read: spyware) company El Toro is just one company in an industry full of competitors, but their description of their capabilities struck me as particularly flagrant in its utter disregard for privacy:

As a marketing organization focused on sales not metrics, El Toro’s ad tech brings the location-specific accuracy of direct mail to digital advertising. Through our patented IP Targeting technology we target digital ads to your customer by matching their IP address with their physical address, bringing a wide variety of banner and display ads to the sites the targeted customer visits on the Internet.

Specifically, El Toro offers: Targeting without having to use cookies, census blocks, or geo-location tools.

They claim the ability not just to match your IP address to a general location, but to your exact home street address, and from there to specific devices within your home. Their pitch to would-be advertisers is that they can target you by IP address the same way marketers send all those print catalogs to your house. From their above-linked IP Targeting website:

The El Toro patented algoirthm [sic] uses 38+ points of data to match an IP to a household with 95% accuracy.

Do I believe they can match IPs to street addresses with 95 percent accuracy? No. I wouldn’t believe a word out of these guys’ mouths, to be honest. But the fact that they can do it with any degree of accuracy is a problem that needs to be solved.

Why doesn’t Apple build a VPN into its OSes? Or as an offering of paid iCloud accounts at least? At this point, if privacy truly is a paramount concern, it might be necessary to do everything over a trusted VPN. IP addresses are inherently not private.

Wednesday, 24 February 2021

From the DF Archive: Superhuman and Email Privacy ★

Yours truly, back in July 2019:

They call them “read receipts”, and functionally they do work like read receipts, insofar as they indicate when you read a message. But real email read receipts are under the recipient’s control, and they’re a simple binary flag, read or unread — they don’t tell the sender how many times or when you view a message.

This post was about Superhuman in particular, but it applies to all email services using tracking pixels. Email has an official “read receipt” feature, a feature that is under the recipient’s control, as it should be. These spy pixels are a surreptitious circumvention.

I know that mailing list software generally includes tracking pixels. I don’t think that’s ethical either. On a personal level, though, with Superhuman, tracking when and how many times a recipient views a message is simply absurdly wrong.

It’s also something the vast, overwhelming majority of people don’t even realize is possible. I’ve told the basic Superhuman tracking story to a few people over the last few weeks, and asked whether they realized this was possible; all of them expressed shock and many of them outrage as well. Email should be private, and most people assume, incorrectly, that it is. You have to be a web developer of some sort to understand how this is possible. Email is supposed to be like paper mail — you send it, they get it, and you have no idea whether they read it or not. It bounces back to you if they never even receive it, say, because you addressed it incorrectly. The original conception of email is completely private.

But also, the original conception of email is that messages are plain text. No fonts, no styles, just plain text, with optional attachments. But those attachments are embedded in the message, not pulled from a server when the message is viewed.

Once we allowed email clients to act as de facto web browsers, loading remote content from servers when messages are viewed, we opened up not just a can of worms but an entire case of canned worms. Every privacy exploit for a web browser is now a privacy exploit for email. But it’s worse, because people naturally assume that email is completely private.

It’s a little depressing re-reading this piece today. Everything I’m arguing today, I argued then. Email privacy in the face of these trackers remains an industry-wide disgrace.

The Apple Store App Has an Easter Egg ★

Search for “10 years” and you get a fun animation. Any others?

Updates:

Also in the Apple Store app: “Let it snow”.

The Hidden Message in the Parachute of NASA’s Mars Rover ★

Joey Roulette, writing for The Verge:

The parachute that helped NASA’s Perseverance rover land on Mars last week unfurled to reveal a seemingly random pattern of colors in video clips of the rover’s landing. But there was more to the story: NASA officials later said it contained a hidden message written in binary computer code.

Internet sleuths cracked the message within hours. The red and white pattern spelled out “Dare Mighty Things” in concentric rings. The saying is the Perseverance team’s motto, and it is also emblazoned on the walls of Mission Control at NASA’s Jet Propulsion Laboratory (JPL), the mission team’s Southern California headquarters.

The parachute’s outer ring appears to translate to coordinates for JPL: 34°11′58″ N 118°10′31″ W.

Tonya Fish posted a handy guide on Twitter (also available as a PDF) explaining how the code works. (Via Kottke.)

Seems sad to me that NASA and JPL are willing to have some fun with clever Easter eggs with a Mars rover, yet Apple, of all companies, no longer does any Easter eggs at all. Computers are supposed to be fun.

Tuesday, 23 February 2021

BBC News: ‘Spy Pixels in Emails Have Become Endemic’ ★

Speaking of Hey, BBC News ran a piece on email spy pixels last week:

The use of “invisible” tracking tech in emails is now “endemic”, according to a messaging service that analysed its traffic at the BBC’s request. Hey’s review indicated that two-thirds of emails sent to its users’ personal accounts contained a “spy pixel”, even after excluding for spam. [...]

Defenders of the trackers say they are a commonplace marketing tactic. And several of the companies involved noted their use of such tech was mentioned within their wider privacy policies.

“It’s in our privacy policy” is nonsense when it comes to email spy pixels. It’s nonsense for most privacy policies, period, because most privacy policies are so deliberately long, opaque, and abstruse as to be unintelligible. But with email they’re absurd. The recipient of an email containing a tracking pixel never agreed to any privacy policy from the sender.

And “it’s a commonplace marketing tactic” is not a defense. It’s an excuse, but it’s a shitty one. It just shows how out of control the entire tracking industry is. Their justification for all of it is, effectively, “It’s pervasive so it must be OK.” That’s like saying back in the 1960s that most people smoke so it must be safe. Or that most people don’t wear seat belts so that must be safe.

Emails pixels can be used to log:

if and when an email is opened

how many times it is opened

what device or devices are involved

the user’s rough physical location, deduced from their internet protocol (IP) address - in some cases making it possible to see the street the recipient is on

Hey’s default blocking of spy pixels — along with displaying a prominent badge shaming the sender for using them — is one of its best features. Apple should take a long hard look at Mail and the way that it does nothing to protect users’ privacy from these trackers. They’re insidious and offensive.

‘Hey, World!’ ★

Jason Fried, on an experimental blogging service Basecamp has built into their email service Hey:

So we set out to do it. To test the theory. And over the last few weeks we built it into HEY, our new email service. We’re calling the feature HEY World. This post you’re reading right now is the world’s first HEY World post. And I published it by simply emailing this text directly to [email protected] from my [email protected] account. That was it.

For now, this remains an experiment. I’ve got my own HEY World blog, and David has his. We’re going to play for a while. And, if there’s demand, we’ll roll this out to anyone with a personal @hey.com account. It feels like Web 1.0 again in all the right ways. And it’s about time.

Speaking of Web 1.0, HEY World pages are lighting fast. No javascript, no tracking, no junk. They’re a shoutout to simpler times. Respect.

You can subscribe to a Hey World blog via email (of course) or RSS. Feels as though simple stuff — like RSS — is experiencing a renaissance.

‘Hello, World’ ★

MIT’s Computer Science & Artificial Intelligence Lab:

Today’s the day that “hello world” said “hello world!”

The term was coined in a textbook published #otd in 1978: “C Programming Language,” written by Brian Kernighan and Dennis Ritchie.

Tweeted yesterday, so it’s no longer “on this day”, sorry, but interesting history nonetheless.

I still write “Hello, world” as a first exercise in any new language or programming environment. Not a superstition per se, but more like a talisman. Just seems like the right thing to do.

The C Programming Language is a wonderfully-written book. It explains the basics of C better than anything I’ve ever seen. C is a weird, hard language but K&R describe it with joy. It’s a serious book written in a conversational style.

‘I’m Being Censored, and You Can Read, Hear, and See Me Talk About It in the News, on the Radio, and on TV’ ★

Eli Grober, writing for McSweeney’s:

Hi there, thanks for reading this. I’m being censored. That’s why I’m writing a piece in a major publication that you are consuming easily and for free. Because I am being absolutely and completely muzzled.

Also, I just went on a massively-watched TV show to let you know that my voice is being down-right suffocated. I basically can’t talk to anyone. Which is why I’m talking to all of you.

As Jeanetta Grace Susan has convincingly argued, conservative voices are being silenced.

Monday, 22 February 2021

500,000 Lives Lost ★: Staggering, sobering data visualization from Reuters.

Sunday, 21 February 2021

Mux Video ★

My thanks to Mux for once again sponsoring DF last week. Mux Video is an API to powerful video streaming — think of it as akin to Stripe for video — built by the founders of Zencoder and creators of Video.js, and a team of ex-YouTube and Twitch engineers. Take any video file or live stream and make it play beautifully at scale on any device, powered by magical-feeling features like automatic thumbnails, animated GIFs, and data-driven encoding decisions.

Spend your time building what people want, not drudging through ffmpeg documentation.

Friday, 19 February 2021

The Talk Show: ‘Peak Hubris’ ★

Christina Warren returns to the show to talk about Apple Car, Apple TV, Clubhouse, and Bloomberg hamfistedly revisiting “The Big Hack”.

Thursday, 18 February 2021

NASA’s Perseverance Rover Lands on Mars ★

Kenneth Chang, reporting for The New York Times:

NASA safely landed a new robotic rover on Mars on Thursday, beginning its most ambitious effort in decades to directly study whether there was ever life on the now barren red planet.

While the agency has completed other missions to Mars, the $2.7 billion robotic explorer, named Perseverance, carries scientific tools that will bring advanced capabilities to the search for life beyond Earth. The rover, about the size of a car, can use its sophisticated cameras, lasers that can analyze the chemical makeup of Martian rocks and ground-penetrating radar to identify the chemical signatures of fossilized microbial life that may have thrived on Mars when it was a planet full of flowing water.

Great landing, and a great day for science.

More here, from NASA’s own website.

‘Smart’ TVs Track Everything You Watch ★

Geoffrey Fowler, writing for The Washington Post back in September 2019:

Lately I’ve been on the hunt for what happens to my data behind the cloak of computer code and privacy policies. So I ran an experiment on my own Internet-connected Samsung, as well as new “smart TV” models from four of the best-selling brands: Samsung, TCL Roku TV, Vizio and LG.

I set up each smart TV as most people do: by tapping “OK” with the remote to each on-screen prompt. Then using software from Princeton University called the IoT Inspector, I watched how each model transmitted data. Lots went flying from streaming apps and their advertising partners. But even when I switched to a live broadcast signal, I could see each TV sending out reports as often as once per second.

When tracking is active, some TVs record and send out everything that crosses the pixels on your screen. It doesn’t matter whether the source is cable, an app, your DVD player or streaming box.

Every damn second. Disconnect your TV from the internet and use a set top box or stick with some degree of privacy you can control. Even if you’re not worried about the privacy angle, it’s just a waste of bandwidth. And even if you’re not that concerned with the bandwidth, per se, it’s just obnoxious. It should bother you on an aesthetic sense alone to have a TV set needlessly phoning home constantly to send analytics that don’t help you at all.

Roku Streaming Devices Default to ‘Scary’ Privacy ★

Mozilla’s Privacy Not Included project’s take on Roku:

Roku is the nosey, gossipy neighbor of connected devices. They track just about everything! And then they share that data with way too many people. According to Roku’s privacy policy, they share your personal data with advertisers to show you targeted ads and create profiles about you over time and across different services and devices. Roku also gives advertisers detailed data about your interactions with advertisements, your demographic data, and audience segment. Roku shares viewing data with measurement providers who may target you with ads. Roku may share your personal information with third parties for their own marketing purposes. One of the researchers working on this guide said, “It had such a scary privacy policy, I didn’t even connect it to my TV.” Another researcher referred to Roku as a “privacy nightmare.”

You can opt-out, but they won’t ask you. You have to go look for it, which means most Roku users don’t even know they’re being snooped on this way.

Most (all?) major smart TVs are privacy disasters too. Privacy is probably the main Apple TV advantage I didn’t mention the other day when speculating on why Apple TV even still exists. But even on an Apple TV box, you’re at the mercy of each app you use, and the major streaming services all collect information on everything you do. I mean, how else would their recommendation algorithms work? Or even just picking from where you left off in a movie you paused a day or two ago?

But Roku (and similar boxes, and smart TVs) track you at the system level.

I don’t let my LG TV connect to the internet. I mean why would I, if I don’t use its built-in apps for anything?

Apple TV+ Is Now Available on Google TV ★

Jonathan Zepp, writing on the Google Blog:

Starting today, the Apple TV app, including Apple TV+, is now globally available on the new Chromecast with Google TV, with more Google TV devices to come. To access the Apple TV app, navigate to the Apps tab or the apps row in the For you tab.

What’s left on the list of devices where Apple TV could be available but isn’t? Nintendo Switch — but they don’t even have Netflix. What else?

‘Facebook Calls Australia’s Bluff’ ★

Casey Newton, writing at Platformer:

On Wednesday morning, the splintering arrived: Google cut a deal with News Corp. that will ensure its services continue to be provided in Australia, and Facebook walked away from the bargaining table and began preventing people from sharing news links from Australian publishers around the world.

I think Facebook basically did the right thing, and Google basically did the wrong thing, even though Google had a much tougher call to make. Today, let’s talk about why the tech giants made the decisions that they did, why Australia’s shakedown is rotten, and what’s likely to happen next.

Calling Australia’s bluff is exactly the right framing. What’s surprising is that Australian government officials (and others around the world, like David Cicilline, chairman of the U.S. House Antitrust Subcommittee), didn’t even see it as a bluff that could be called. The mindset behind this law seemed to be that Australia could demand whatever crazy stuff they wanted (like Facebook being required to pay major news organizations just for links to their articles — which the news organizations themselves would be free to post to their own Facebook accounts) and Facebook and Google would just say “OK, sure.”

‘The Bizarre Reaction to Facebook’s Decision to Get Out of the News Business in Australia’ ★

Mike Masnick, writing at Techdirt:

First is the link tax. This is fundamentally against the principles of an open internet. The government saying that you can’t link to a news site unless you pay a tax should be seen as inherently problematic for a long list of reasons. At a most basic level, it’s demanding payment for traffic. [...] This is like saying that not only should NBC have to run an advertisement for Techdirt, but it should have to pay me for it. If that seems totally nonsensical, that’s because it is. The link tax makes no sense.

And, most importantly, as any economist will tell you, taxing something doesn’t just bring in revenue, it decreases whatever you tax. This is why we have things like cigarette taxes and pollution taxes. It’s a tool to get less of something. So, in this case, Australia is saying it wants to tax links to news on Facebook, and Facebook responds in the exact way any reasonable economist would predict: it says that’s just not worth it and bans links. That’s not incompatible with democracy. It’s not bringing a country to its knees. The country said “this is how much news links cost” and Facebook said “oh, that’s too expensive, so we’ll stop.”

Contrary to the idea that this is an “attack” on journalism or news in Australia, it’s not. The news still exists in Australia. News companies still have websites. People can still visit those websites.

Facebook’s doing the right thing here. Australia’s law is a bad one — it might as well have been written by Rupert Murdoch himself.

Wednesday, 17 February 2021

‘I Miss My Bar’ ★

What a beautiful, fun little website. Love the typography, love the colors, love that the whole thing is such a fun dumb concept. Make something cool and share it with the world.

Bookfeed.io ★

Lukas Mathis:

Bookfeed.io is a simple tool that allows you to specify a list of authors, and generates an RSS feed with each author’s most recently released book. I made this because I don’t want a recommendation algorithm to tell me what to read, I just want to know when my favorite authors release new books.

What a great idea. Make something cool and share it with the world.

Jeff Carlson on Why Webcams Suck ★

Jeff Carlson, in a comprehensive — thousands of words, dozens of example images and videos — piece for the Reincubate blog:

After consulting numerous webcam buying guides and reviews, purchasing a handful of the most popular models, and testing them in varying lighting situations, I can’t escape the grim truth: there are no good webcams. Even webcams recommended by reputable outlets produce poor quality imagery—a significant failing, given it’s the one job they’re supposed to provide.

Uneven color. Blown highlights. Smudgy detail, especially in low light. Any affordable webcam (even at the high end of affordability, $100+), uses inadequate and typically years-old hardware backed by mediocre software that literally makes you look bad. You might not notice this if you’re using video software that makes your own image small, but it will be obvious to other people on the call.

Reincubate makes Camo, a good app that lets you use an iPhone as a live webcam with your Mac, so you might think, well, of course an article on the Reincubate blog is going to conclude that an iPhone provides better image quality than a webcam. But you know and I know it’s true: iPhone camera image quality is way higher than that of even “good” webcams. Carlson has taken the time here to explain why and prove it.

Tuesday, 16 February 2021

Microsoft Claims Russian SolarWinds Hackers Have Defeated Brooks’s Law ★

60 Minutes did a segment on the SolarWinds hack, and spoke with Microsoft president Brad Smith:

“SolarWinds Orion” is one of the most ubiquitous software products you probably never heard of, but to thousands of I.T. departments worldwide, it’s indispensable. It’s made up of millions of lines of computer code. 4,032 of them were clandestinely re-written and distributed to customers in a routine update, opening up a secret backdoor to the 18,000 infected networks. Microsoft has assigned 500 engineers to dig in to the attack. One compared it to a Rembrandt painting, the closer they looked, the more details emerged.

Brad Smith: “When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000.”

One can only assume that “thousand engineers” who Microsoft claims worked on the hack for Russia did more than rewrite those 4,032 lines of code. Presumably, those 4,000+ lines of code enabled the backdoor, and much of the Russians’ engineering efforts went into code that was executed after breaking in to these exploited SolarWinds installations.

But, still, 1,000 engineers? That seems contrary to Fred Brooks’s famed maxim that “adding manpower to a late software project makes it later”. Same goes with Microsoft putting 500 engineers on the job of investigating the hack. No matter how bad the crime, putting 500 detectives on the case isn’t going to work.

I don’t know jack shit about the details of this SolarWinds case, but I know I’m a lot more worried about a small team of truly talented hackers — a team so small they could fit in a car — than a 1,000-person initiative. Brooks’s Law aside, how is a 1,000-person team expected to keep something like this hack secret?

Monday, 15 February 2021

White House Chief of Staff Ron Klain on Twitter ★

Speaking of the Biden administration, I’ve been greatly enjoying the Twitter feed of chief of staff Ron Klain. He’s put his personal account (@RonaldKlain) mostly on ice, and primarily tweets from the official @WHCOS account. He’s very good at Twitter — I began following him early in the campaign.

Klain’s use of Twitter is a fascinating contrast with Trump’s. For many of you, I’m sure, there are nothing but bad connotations when it comes to the use of Twitter from the White House. But Klain’s use of Twitter strikes me as nearing the canonical ideal of how Jack Dorsey might have imagined Twitter being used by, say, the White House. It harks back to the early days of Twitter, when the prompt was “What are you doing?” Except Klain is tweeting not about what he, personally, is doing, but rather what the administration is doing. What they see as their accomplishments, drip by drip, and what issues they deem their highest priorities. (COVID vaccinations, decreasing the spread of COVID, and economic stimulus, I think it’s fair to say in that order — but all three of them are inexorably related.)

Following Klain is of course in no way a substitute for reading news coverage of the administration. Of course Klain is biased — he’s the White House chief of staff. But just as it’s important to follow news coverage and analysis from outside observers, it’s useful to see what the Biden administration itself — unfiltered — deems important. Klain’s Twitter feed is an hour-by-hour log of what they see as their accomplishments and what they see as important.

Biden’s Daily Routine ★

Kevin Liptak, writing for CNN:

As Biden settles into a job he has been seeking on-and-off for three decades, the daily routine of being president — with a phalanx of Secret Service agents, regular updates on the nation’s top secrets and an ever-present press corps — has come more naturally for him than for his more recent predecessors.

He has established a regular schedule, including coffee in the mornings with the first lady, meetings and phone calls from the Oval Office starting just after 9 a.m. and a return to his residence by 7 p.m. As he walks home along the Colonnade, he’s often seen carrying a stack of binders or manila folders under one arm. He still brings a brown leather briefcase into the office.

I love stories like this, about the mundane details of how people work, like that Biden digs a real fire in the Oval Office fireplace.

(Via Taegan Goddard.)

A Fool and His Money... ★

Shawn Boburg and Jon Swaine, reporting for The Washington Post:

Like many Trump supporters, conservative donor Fred Eshelman awoke the day after the presidential election with the suspicion that something wasn’t right. His candidate’s apparent lead in key battleground states had evaporated overnight. The next day, the North Carolina financier and his advisers reached out to a small conservative nonprofit group in Texas that was seeking to expose voter fraud. After a 20-minute talk with the group’s president, their first-ever conversation, Eshelman was sold.

“I’m in for 2,” he told the president of True the Vote, according to court documents and interviews with Eshelman and others.

“$200,000?” one of his advisers on the call asked.

“$2 million,” Eshelman responded.

Over the next 12 days, Eshelman came to regret his donation and to doubt conspiracy theories of rampant illegal voting, according to court records and interviews.

Now, he wants his money back.

‘Postcard From Peru: Why the Morality Plays Inside the Times Won’t Stop’ ★

Good piece from Times media columnist Ben Smith on l’affaire McNeil:

The questions about The Times’s identity and political leanings are real; the differences inside the newsroom won’t be easily resolved. But the paper needs to figure out how to resolve these issues more clearly: Is The Times the leading newspaper for like-minded, left-leaning Americans? Or is it trying to hold what seems to be a disappearing center in a deeply divided country? Is it Elizabeth Warren or Joe Biden? One thing that’s clear is that these questions probably aren’t best arbitrated through firings or resignations freighted with symbolic meaning, or hashed out inside the human resources department.

One thing is clear: Don McNeil was an absolutely bizarre choice to lead a two-week expedition to Peru with a group of wealthy private school teenagers.

Update: Alex Leo, on Twitter, summing up what a bad idea this was:

“I’ve got a great idea: we charge teenagers $6,000 for two weeks and we send Archie Bunker to watch over them.”

Clubhouse and the Primacy of iPhone ★

From a post on Clubhouse’s blog a few weeks ago, laying out their plans for 2021:

From the earliest days, we’ve wanted to build Clubhouse for everyone. With this in mind, we are thrilled to begin work on our Android app soon, and to add more accessibility and localization features so that people all over the world can experience Clubhouse in a way that feels native to them.

Clubhouse, though it remains invitation-only, is growing fast, and has a lot of buzz. And it remains iPhone-only. They’ve only just begun working on an Android app. Nothing in this regard has changed in the 10 years since Instagram launched as an iPhone-only app in October 2010. Expanding to Android is inevitable, but it can wait. Conversely, if Clubhouse were Android-only, it’s likely almost no one would have heard of it today. I don’t really even see anyone talking about this with Clubhouse. It just goes unnoticed, like the oxygen we breathe, that iPhone is dominant, culturally.

See also: Ben Thompson: “Clubhouse’s Inevitability”.

Sunday, 14 February 2021

Flatfile Portal ★

My thanks to Flatfile for sponsoring last week at DF. Importing data from spreadsheets is a pain (to say the least). Everything from encoding formats to document structure. Countless engineers are tasked with building data parsers from scratch: importing, mapping, validating, even presentation and UI. Rolling your own data importer takes developer time away from working on core product features. Flatfile has a solution.

Flatfile Portal is the elegant import button for your web app. It drops into your product with pre-built SDKs, and guides users through an intuitive import experience in minutes. You can get Flatfile’s drop-in data importer running in your product in hours, not weeks. Give your users the import experience you always dreamed of, but never had time to build.

Get started with Flatfile Portal today, for free.

Bret Stephens’s Spiked Column Regarding Reporter Donald McNeil’s Ouster From The Times ★

The New York Post:

Last weekend, New York Times columnist Bret Stephens wrote a piece criticizing the rationale behind the forced ouster of Times reporter Donald G. McNeil Jr., but it was never published. Stephens told colleagues the column was killed by publisher A.G. Sulzberger. Since then, the piece has circulated among Times staffers and others — and it was from one of them, not Stephens himself, that The Post obtained it. We publish his spiked column here in full.

Bret Stephens:

Every serious moral philosophy, every decent legal system and every ethical organization cares deeply about intention.

It is the difference between murder and manslaughter. It is an aggravating or extenuating factor in judicial settings. It is a cardinal consideration in pardons (or at least it was until Donald Trump got in on the act). It’s an elementary aspect of parenting, friendship, courtship and marriage.

A hallmark of injustice is indifference to intention. Most of what is cruel, intolerant, stupid and misjudged in life stems from that indifference. Read accounts about life in repressive societies — I’d recommend Vaclav Havel’s “Power of the Powerless” and Nien Cheng’s “Life and Death in Shanghai” — and what strikes you first is how deeply the regimes care about outward conformity, and how little for personal intention.

It’s worth noting that it is rather extraordinary for the Times to spike a column from one of their op-ed page columnists — Times columnists have broad discretion to write what they want.

Stephens’s column is bracing, to be sure, but any discussion of the N-word is inherently bracing. Whatever your thoughts on the McNeil controversy, I don’t see how Stephens’s column about it should not have been published. The column wasn’t bad (I think it’s very good in fact) — but it makes the Times look bad.

Why Does the Apple TV Still Exist? ★

Jason Snell, writing at Six Colors:

The other possibility that I’ve come up with is to merge the Apple TV with some other technologies in order to make something more than just a simple TV streamer. Gaming can be a part of that, yes, but there needs to be more. Broader HomeKit support, perhaps with support for other wireless home standards, would help, as would a much more sophisticated set of home automations.

And if Apple really wants to continue to play in the home-theater space, I’ve been saying for years that there’s room for an Apple SoundBar, that could integrate the big sound of HomePod with the Apple TV software to create a solid music and video experience.

Snell is playing off a recent episode of Dithering, where Ben Thompson and I pondered the question of why Apple TV (hardware) exists in a world where the Apple TV app is built into TVs and present on other cheaper boxes, and where those new TVs also support AirPlay 2. My thought was gaming — double-down on it. Put a controller in the box. If you want to separate Apple TV from Roku and Amazon Fire and Chromecast, remember that there is no Roku/Fire/Chromecast Arcade. Only Apple Arcade.

Really, Apple Arcade is the only recent evidence that Apple remains strongly committed to the Apple TV platform. Every single Apple Arcade game is available on Apple TV — which is difficult for games designed for touchscreen phones. And I will bet that it’s been difficult for some games performance-wise to achieve 30+ FPS on Apple TV 4K. I think Apple’s requirement that Arcade games not just play but play well on Apple TV is a sign that they’re committed.

Apple’s not going to win the war for AAA shooters against PlayStation or Xbox, but they could out-casual-game those two. Make Apple Arcade more of a competitor to Nintendo Switch, with an Apple TV plugged into your TV and mobile play on your iPhone or iPad.

Making Apple TV a first-class HomeKit hub is a great idea too, and I’d buy an Apple sound bar in a heartbeat. I’ve been using two HomePods for audio output from my Apple TV, and it works so great — but HomePods clearly aren’t optimized for this. A sound bar (SoundPod? HomeBar?) could be great.

Saturday, 13 February 2021

Trump Acquitted; 57-43 Vote in Senate Falls Short of Two-Thirds Needed for Conviction ★

The Washington Post, today:

Former president Donald Trump was acquitted Saturday of inciting the Jan. 6 attack on the Capitol, becoming the first president in U.S. history to face a second impeachment trial — and surviving it in part because of his continuing hold on the Republican Party despite his electoral defeat in November.

That grip appeared to loosen slightly during the vote Saturday afternoon, when seven Republicans crossed party lines to vote for conviction — a sign of the rift the Capitol siege has caused within GOP ranks and the desire by some in the party to move on from Trump. Still, the 57-to-43 vote, in which all Democrats and two independents voted against the president, fell far short of the two-thirds required to convict.

Yesterday:

The Senate ended Friday’s impeachment trial proceedings with a unanimous vote to award the Congressional Gold Medal, one of the nation’s highest civilian honors, to U.S. Capitol Police Officer Eugene Goodman, who directed the violent mob away from the Senate chamber on Jan. 6.

“Here in this trial, we saw a new video, powerful video showing calmness under pressure, his courage in the line of duty, his foresight in the midst of chaos, and his willingness to make himself a target of the mob’s rage so that others might reach safety,” Senate Majority Leader Charles E. Schumer (D-N.Y.) said before recognizing Goodman, who was sitting in the back of the chamber.

Goodman received a standing ovation from the senators, whom he saved from danger on Jan. 6. Goodman joined in the applause when Schumer mentioned the heroism of other law enforcement officers that day.

“It is curious that physical courage should be so common in the world, and moral courage so rare.”
—Mark Twain

Friday, 12 February 2021

The Pink Hat Lady’s Path to Insurrection (Spoiler: Through Facebook) ★

“Pink hat lady” was one of the most-noted rioters in the January 6 Capitol insurrection mob. The New Yorker’s Ronan Farrow identified her, and got her to speak for an extensive interview:

Before the pandemic, Rachel Powell, a forty-year-old mother of eight from western Pennsylvania, sold cheese and yogurt at local farmers’ markets and used Facebook mostly to discuss yoga, organic food, and her children’s baseball games. But, last year, Powell began to post more frequently, embracing more extreme political views. Her interests grew to include conspiracy theories about covid-19 and the results of the Presidential election, filtered through such figures as Donald Trump, Rudy Giuliani, and the Infowars founder Alex Jones. On May 3, 2020, Powell wrote on Facebook, “One good thing about this whole CV crisis is that I suddenly feel very patriotic.” Expressing outrage at the restrictions that accompanied the pandemic, she wrote, “It isn’t to late to wake up, say no, and restore freedoms.” Several days later, she posted a distraught seven-minute video, shot outside a local gym that had been closed. “Police need to see there’s people that are citizens that are not afraid of you guys showing up in your masks. We’re going to be here banded together, and we’re not afraid of you,” she said. “Maybe they should be a little bit afraid.”

On January 6th, during the storming of the United States Capitol, Powell made good on that threat. Videos show her, wearing a pink hat and sunglasses, using a battering ram to smash a window and a bullhorn to issue orders. “People should probably coördinate together if you’re going to take this building,” she called out, leaning through a shattered window and addressing a group of rioters already inside. “We got another window to break to make in-and-out easy.”

It’s a fascinating interview. But what jumps out, electrically, is the role Facebook clearly played in Powell’s radicalization.

Matt Tait Disassembles Bloomberg’s ‘The Long Hack’ Point by Point ★

Matt Tait, in a thread on Twitter, deconstructed today’s Bloomberg follow-up to “The Big Hack” in exquisite detail. The whole thread is worth your attention. The gist of it:

FWIW, my money is on this whole saga being, if you dig deeply enough, just briefings related to the 2016 Supermicro bad firmware update incident filtered through so many games of telephone that it’s eventually twisted itself into a story about tiny chips that never happened. [...]

This story is too big, and the refutations too blunt and too numerous to support on this level of third- and fourth-hand sourcing. If they have documents: go for it. Make fools of Apple, Amazon, FBI, NSA, DHS and ODNI by publishing them. Otherwise, this story should not have run.

Bingo. And there’s still nothing — nothing — that refutes the argument that the original 2018 story should be entirely, or at least largely, retracted.

Maybe the Unique Thing Is That the Entire Story Is Wrong ★

Bloomberg’s Michael Riley, co-reporter of “The Big Hack”, on 5 October 2018, just after the original report was published:

That’s the unique thing about this attack. Although details have been very tightly held, there is physical evidence out there in the world. Now that details are out, it will be hard to keep more from emerging.

He’s 100 percent right — once the details were out, it would have been nearly impossible for more details, including physical evidence (actual secret chips on actual Supermicro components) not to emerge.

If the story were true.

Bloomberg, at Long Last, Follows up on ‘The Big Hack’, and It’s Nothing but a Pile of Sophistic Horseshit ★

Well, holy shit, two years and four months after publishing “The Big Hack”, Bloomberg has finally followed up. The follow up is even from the same two reporters, Jordan Robertson and Michael Riley.

It’s a 4,000-word exercise in journalistic sophistry. It creates the illusion of something being there, but there is nothing there. The only good purpose this report could serve is as source material for a class on critical thinking. Bloomberg headlined this followup “The Long Hack: How China Exploited a U.S. Tech Supplier”, but it’s looking ever more like a long con on Bloomberg’s part.

The original story’s key allegations — what made it a blockbuster — were that Chinese government operatives had surreptitiously added “phone home” chips to server components made by a company named Supermicro, and that Apple and Amazon were among the companies who’d been breached by these compromised servers. Apple and Amazon adamantly refuted the entire story, in unambiguous language. Bloomberg’s original report offered no firsthand evidence of these compromised servers. In the years since, no one has ever discovered any evidence of such compromised servers.

Today’s follow-up from Bloomberg offers no evidence either.

Regarding Apple and Amazon, today’s report offers the following (again, in a 4,000+ word story):

Bloomberg Businessweek first reported on China’s meddling with Supermicro products in October 2018, in an article that focused on accounts of added malicious chips found on server motherboards in 2015. That story said Apple Inc. and Amazon.com Inc. had discovered the chips on equipment they’d purchased. Supermicro, Apple and Amazon publicly called for a retraction. U.S. government officials also disputed the article.

No other paragraph in the story mentions either Apple or Amazon. Bloomberg still hasn’t retracted their allegations regarding Apple or Amazon. Yet they still haven’t produced one shred of evidence supporting their allegations. Apple and Amazon aside, they still haven’t produced one shred of evidence regarding these surreptitious “phone home” chips on Supermicro components.

Shameful.

Thursday, 11 February 2021

Hygiene Theater Is Still a Huge Waste of Time in Fight Against COVID-19 ★

Derek Thompson, writing for The Atlantic:

Six months ago, I wrote that Americans had embraced a backwards view of the coronavirus. Too many people imagined the fight against COVID-19 as a land war to be waged with sudsy hand-to-hand combat against grimy surfaces. Meanwhile, the science suggested we should be focused on an aerial strategy. The virus spreads most efficiently through the air via the spittle spray that we emit when we exhale — especially when we cough, talk loudly, sing, or exercise. I called this conceptual error, and the bonanza of pointless power-scrubbing that it had inspired, “hygiene theater.”

My chief inspiration was an essay in the medical journal The Lancet called “Exaggerated Risk of Transmission of COVID-19 by Fomites.” (Fomites is a medical term for objects and surfaces that can pass along an infectious pathogen.) Its author was Emanuel Goldman, a microbiology professor at Rutgers New Jersey Medical School. At the time, Goldman was a lonely voice in the wilderness. Lysol wipes were flying off the shelves, and it was controversial to suggest that this behavior was anything less than saintly and salutary. Other journals had rejected Goldman’s short essay, and some were still publishing frightening research about the possible danger of our groceries and Amazon packages.

But half a year later, Goldman looks oracular. Since last spring, the CDC has expanded its guidance to clarify that the coronavirus “spreads less commonly through contact with contaminated surfaces.” In the past month, the leading scientific journal Nature published both a long analysis and a sharp editorial reiterating Goldman’s thesis. “A year into the pandemic, the evidence is now clear,” the editorial begins. “Catching the virus from surfaces — although plausible — seems to be rare.”

‘Why Are You Still Here?’ ★

Adam Lashinsky profiled Tim Cook for Fortune in 2008, and a few months later, when Steve Jobs began an extended medical leave for his liver transplant, I pulled the following quote from Lashinsky’s profile:

One day back then, he convened a meeting with his team, and the discussion turned to a particular problem in Asia. “This is really bad,” Cook told the group. “Someone should be in China driving this.” Thirty minutes into that meeting Cook looked at Sabih Khan, a key operations executive, and abruptly asked, without a trace of emotion, “Why are you still here?”

Khan, who remains one of Cook’s top lieutenants to this day, immediately stood up, drove to San Francisco International Airport, and, without a change of clothes, booked a flight to China with no return date, according to people familiar with the episode. The story is vintage Cook: demanding and unemotional.

“Boring” does not seem the right word.

[Sabih Khan], by the way, is now on Apple’s senior leadership team as SVP of operations — the title Jeff Williams held before becoming COO, and the title Cook himself held when he joined Apple in 1998.

Businessweek Cover Story on Apple Under Tim Cook ★

Feature story for Bloomberg Businessweek,^* by Austin Carr and Mark Gurman:

Cook came to Apple in 1998 after a dozen years at IBM Corp. and a six-month stint at Compaq and seemed, at least to old Apple hands, devoid of any obvious personality. He’d work 18‑hour days and send emails all through the night. When he wasn’t at the office he seemed to live at the gym. Unlike Jobs, he had no pretensions to being an artist. “Tim was always pure work: grind, grind, grind, grind,” says one former Apple executive who worked with Cook in his early years at the company and who, as with other sources in this story, spoke on the condition of anonymity because of nondisclosure agreements and fear of corporate reprisals. “I always found him exceptionally boring.”

The magazine cover is a play on Cook’s obvious contrasts with Steve Jobs: “Here’s to the sensible ones, the team players, the problem solvers, the round pegs in the round holes...”

Is Cook boring, though? His public persona certainly is staid. He’s very rarely knocked off what feel like prepared talking points in his public remarks. And even when he opens up, he doesn’t reveal much. But is he boring, or just so intensely private and self-controlled that he comes across as a bit of a cipher to those who aren’t close to him?

This Businessweek piece is a good report — very fair, and rings true. There’s not much new in it for close followers of Apple, but it’s a good primer for those who aren’t. It ably addresses what I see as Apple’s and Tim Cook’s biggest risk: the almost indescribable scope of the company’s reliance on China for manufacturing. Here’s a bit:

[Foxconn founder Terry] Gou always seemed happy to accommodate, often building entire factories to handle whatever minimalist-chic design specs Apple threw at Foxconn. Jon Rubinstein, a senior vice president for hardware engineering during Jobs’s second tour at Apple, recalls almost having a heart attack in 2005 when he went with Gou to see a new factory in Shenzhen for the iPod Nano — a tiny device 80% smaller than Apple’s original MP3 player — only to find an empty field. Within months, though, a large structure and production line were in place. “In the U.S. you couldn’t even get the permits approved in that time frame,” he says.

* Bloomberg, of course, is the publication that published “The Big Hack” in October 2018 — a sensational story alleging that data centers of Apple, Amazon, and dozens of other companies were compromised by China’s intelligence services. The story presented no confirmable evidence at all, was vehemently denied by all companies involved, has not been confirmed by a single other publication (despite much effort to do so), and has been largely discredited by one of Bloomberg’s own sources. By all appearances “The Big Hack” was complete bullshit. Yet Bloomberg has issued no correction or retraction, and seemingly hopes we’ll all just forget about it. I say we do not just forget about it. Bloomberg’s institutional credibility is severely damaged, and everything they publish should be treated with skepticism until they retract the story or provide evidence that it was true.

Wednesday, 10 February 2021

Google’s iOS Apps, Which Still Haven’t Been Updated Since Early December, Are Now Warning Users They’re Out of Date ★

Spencer Dailey:

Amid Apple pushing mandatory privacy labels, Google is stalling on releasing updates for its iOS apps. Yet Google itself is now telling users that their own apps are out of date. [...]

About an hour ago, I opened my Gmail app to find that some of my accounts had been logged out. When I tried logging back in, Google informed me that “This app is out of date.” Indeed!

After saying “This app is out of date”, its warning goes on to say “You should update this app.” We can’t. “The version you’re using doesn’t include the latest security features to keep you protected. Only continue if you understand the risks.”

I followed Dailey’s instructions with a fresh install of the Gmail app, and got the same message. Seems like Google’s handling of this Privacy Nutrition Labels change at the App Store is utter chaos. [Update: A few hours and seems like Google has pushed a server-side change to suppress these warnings. But the apps themselves were not updated, and Google still hasn’t supplied privacy nutrition labels.]

I posted about this saga two weeks ago, and nothing has changed since. Still no updates to Google’s major iOS apps, still no privacy nutrition label information for them, either. Yet Google was confident back on January 5 they’d soon start rolling out labels for all their apps.

My utterly uninformed theory is that Google somehow didn’t understand the magnitude of what these iOS privacy changes entailed. It’s not just about a single device identifier used for targeted advertising. As Allen Pike speculated this week, full compliance with Apple’s new privacy rules may well rule out all sorts of “analytics” in apps that show targeted ads. And Google’s apps all collect massive amounts of analytics and all show targeted ads. Aren’t “analytics” and “tracking” two words for the same set of practices? Maybe Google is like, We’re not doing tracking. We’re just collecting analytics, and Apple is like, That’s the same fucking thing.

My only other theory is that Google thinks they can wait Apple out — that public pressure from iPhone owners who use Google apps will result in Apple conceding to better terms for what Google needs to admit to in its nutrition labels. I don’t see that working.

The question is why Google doesn’t just do what Facebook did, and cop to all of it, even if it’s a bad look to have a privacy nutrition label as long as an unspooled roll of toilet paper. Facebook’s nutrition labels being very long, but published on time, seemingly confirmed what we all suspected: that Facebook collects a breathtaking amount of data about the users of its apps. The way Google is handling this makes it look like (a) they have something to hide, (b) they were caught unprepared despite the fact Apple announced this policy back in June, or (c) both.

‘They Stormed the Capitol. Their Apps Tracked Them.’ ★

Charlie Warzel and Stuart A. Thompson, reporting for The New York Times:

A source has provided another data set, this time following the smartphones of thousands of Trump supporters, rioters and passers-by in Washington, D.C., on January 6, as Donald Trump’s political rally turned into a violent insurrection. At least five people died because of the riot at the Capitol. Key to bringing the mob to justice has been the event’s digital detritus: location data, geotagged photos, facial recognition, surveillance cameras and crowdsourcing. [...]

While there were no names or phone numbers in the data, we were once again able to connect dozens of devices to their owners, tying anonymous locations back to names, home addresses, social networks and phone numbers of people in attendance. In one instance, three members of a single family were tracked in the data.

The source shared this information, in part, because the individual was outraged by the events of Jan. 6. The source wanted answers, accountability, justice. The person was also deeply concerned about the privacy implications of this surreptitious data collection. Not just that it happens, but also that most consumers don’t know it is being collected and it is insecure and vulnerable to law enforcement as well as bad actors — or an online mob — who might use it to inflict harm on innocent people. (The source asked to remain anonymous because the person was not authorized to share the data and could face severe penalties for doing so.)

I understand why the source asked to remain anonymous, but it sure would be interesting to know which apps were supplying this data. My best guess is that it come from a mobile ad network. But that’s just a guess. And if the data did come from just one ad network, how much data is being collected in the aggregate by all ad networks?

It’s really just flabbergasting what Warzel and Thompson were able to do with this.

Tuesday, 9 February 2021

Is Apple Banning Free Analytics SDKs? ★

Allen Pike, writing on the Steamclock blog:

The challenging thing for developers evaluating all this is that many of the points above have not been said so explicitly by Apple. Apple has instead outlined a series of rules, each rule being worded somewhat differently between the App Privacy documentation and the App Tracking Transparency documentation. A generous reading makes it seem like you maybe could comply with the rules and still use some of these SDKs. Maybe.

Apple did not — and from a legal perspective likely can’t — explicitly ban the Google Analytics, Flurry, Facebook, and Firebase SDKs. Their wording leaves some wiggle room. It seems like it could be possible to use them. It seems even more possible that Facebook and Google could make them usable. However, this puts developers in the situation of evaluating the changing documentation, complex privacy policies, and large settings panels that these tools offer, trying to judge whether a given setup of a given SDK would now pass muster from Apple’s perspective.

What’s becoming obvious is that these coming changes in iOS 14.5 are about a lot more than just the IDFA tracking identifier.

Sunday, 7 February 2021

Flatfile Concierge ★

My thanks to Flatfile for sponsoring last week at DF. Think of the last time you imported a spreadsheet. Did it work the first time? Nearly everyone has dealt with formatting CSV or Excel files so that the data can be imported into an application. It’s a pain.

Enter Flatfile Concierge. Invite your customers to securely import, format, or merge spreadsheet data. No fumbling with FTP uploads, no emailing sensitive Excel files back and forth, no need to format yet another CSV template. And best of all, there’s no programming required.

Get access to Flatfile Concierge today.

Friday, 5 February 2021

Parler Offered Trump 40 Percent Ownership Stake if He Joined and Posted There Exclusively ★

Ryan Mac and Rosie Gray, reporting for BuzzFeed News:

The Trump Organization negotiated on behalf of then-president Donald Trump to make Parler his primary social network, but it had a condition: an ownership stake in return for joining, according to documents and four people familiar with the conversations. The deal was never finalized, but legal experts said the discussions alone, which occurred while Trump was still in office, raise legal concerns with regards to anti-bribery laws.

Talks between members of Trump’s campaign and Parler about Trump’s potential involvement began last summer, and were revisited in November by the Trump Organization after Trump lost the 2020 election to the Democratic nominee and current president, Joe Biden. Documents seen by BuzzFeed News show that Parler offered the Trump Organization a 40% stake in the company.

It’s really been a busy couple of months.

Fox News Cancels Lou Dobbs’s Show One Day After Dobbs Is Named in Election Lies Lawsuit ★

You hate to see it.

Bloomberg Reports That Google Is Exploring Fig-Leaf Privacy Controls for Android ★

Mark Gurman and Nico Grant, reporting for Bloomberg^*:

Google is exploring an alternative to Apple Inc.’s new anti-tracking feature, the latest sign that the internet industry is slowly embracing user privacy, according to people with knowledge of the matter.

Internally, the search giant is discussing how it can limit data collection and cross-app tracking on the Android operating system in a way that is less stringent than Apple’s solution, said the people, who asked not to be identified discussing private plans.

“Alternative” is the wrong word. It’s not like you can choose between Apple’s system and Google’s. Apple’s system only exists on iOS, and Google’s would only exist on Android.

And Apple’s new tracking-related features are not “anti-tracking”. They’re simply about raising user awareness of tracking and giving users control over it. I’m not being facetious here. Nothing Apple is doing is “anti-tracking”. It’s only “anti-surreptitious-tracking”, and that’s a huge difference. It’s very easy and clear how to opt in to being tracked.

Let’s say a cottage industry arose where commercial companies were, unbeknownst to most people, plugging their fleets of electric vehicles into the outdoor power outlets on people’s homes overnight. “No one told us not to plug our electric delivery vans into these homes’ freely available power outlets.” And then, after this practice comes to light, the electric company adds a feature where every time a new vehicle is plugged into your outdoor power outlet, you, the homeowner, need to authorize that vehicle as being allowed to charge using the electricity you pay for. If you don’t authorize it, they don’t get the juice.

By Gurman and Grant’s logic, Bloomberg would describe this as an “anti-electric-vehicle” feature. That’s nonsense. It’s just putting the owner in charge of access to a resource that, heretofore, they didn’t realize companies were taking from them without asking.

A Google solution is likely to be less strict and won’t require a prompt to opt in to data tracking like Apple’s, the people said. The exploration into an Android alternative to Apple’s feature is still in the early stages, and Google hasn’t decided when, or if, it will go ahead with the changes.

If it doesn’t require opting in, it might as well not exist.

Beeper: Multi-Service Multi-Platform Messaging App That Supports iMessage ★

Beeper is a new $10/month app/service that aims to provide a unified chat app for 15 messaging platforms (and counting) — including iMessage. From their FAQ:

How in the world did you get iMessage to work on Android and Windows?

This was a tough one to figure out! Beeper has two ways of enabling Android, Windows and Linux users to use iMessage: we send each user a Jailbroken iPhone with the Beeper app installed which bridges to iMessage, or if they have a Mac that is always connected to the internet, they can install the Beeper Mac app which acts as a bridge. This is not a joke, it really works!

The idea of a single app with support for multiple messaging services harks back to Adium — and even Apple’s own iChat, which supported several services back in the day (AIM, Jabber, Yahoo, ICQ, and more). One of Beeper’s founders is Eric Migicovsky, who created the Pebble smartwatch back in 2013. When Beeper was announced two weeks ago, he tweeted to confirm that the jailbroken old iPhone trick was no joke, with photos.

Running the Beeper app on an always-on Mac as a bridge for iMessage is reasonable — and is how AirMessage, an unofficial (needless to say) iMessage client for Android works. Sending users old iPhones running old jailbroken versions of iOS is delightfully clever, but — scaling issues aside (what happens if Beeper gets hundreds of thousands of users, let alone millions?) — is a security nightmare. It strikes me as utterly irresponsible.

Thursday, 4 February 2021

Parler CEO John Matze Forced Out by Mercer-Controlled ‘Board’ ★

Fox News:

Parler has terminated CEO John Matze, according to a memo Matze sent to staffers that has been obtained by Fox News.

“On January 29, 2021, the Parler board controlled by Rebekah Mercer decided to immediately terminate my position as CEO of Parler. I did not participate in this decision,” Matze wrote. “I understand that those who now control the company have made some communications to employees and other third parties that have unfortunately created confusion and prompted me to make this public statement.”

I believe his surname rhymes with “rates”, but it’s a shame it doesn’t rhyme with “patsy”, because that’s what he is.

Wednesday, 3 February 2021

The H. Moser & Cie Swiss Alp Watch ‘Final Upgrade’ ★

You may recall the original H. Moser & Cie Swiss Alp Watch from 2016. It’s the high-end Swiss mechanical watch that looks like an Apple Watch. Not like sorta kinda looks like an Apple Watch — it really, deliberately, looks almost exactly like a pre-Series 4 Apple Watch. It cost $25,000.

Now, Moser has released their “Final Upgrade” edition, and Bilal Khan at A Blog to Watch has the details:

With that classic Moser sense of humor, the Vantablack dial has a seconds subdial done to resemble the “spinning” loading icon that Mac users are all too familiar with.

The Swiss Alp Watch Final Upgrade incorporates some of Moser’s signature touches, like the use of Vantablack and the unmarked dial (you can’t print on Vantablack). Vantablack is the blackest manmade material, and my first interaction with it was when Moser released its Endeavour Perpetual Moon Concept back in 2018, and I can’t describe it better now than I did then when I said it feels like “a black hole on the wrist.”

It’s a limited edition of 50 pieces, which cost $31,000. That seems crazy, particularly for a watch that seems half a prank. But when you think about it, it’s less crazy than the fact that Apple itself was selling $17,000 solid gold Series 0 Apple Watches in 2015. These Moser Swiss App Watches will still function perfectly for years to come. Decades, with proper maintenance. Those gold $17,000 Apple Watches only received three years of software updates before they were deprecated.

Story. When I was in grade school, maybe 4th grade, we had a creative assignment where we were asked what we’d buy if we had a fortune to spend. My friend Mark, who was delightfully clever and never one to care about pleasing the teachers, said, and I quote, “a solid gold Etch-A-Sketch”. His delivery, as always, was deadpan. I laughed out loud, because that was both funny and a much better answer than whatever I had come up with. (I don’t remember; it was probably a sports car.) Our teacher, Mrs. Latimer, was annoyed. We were supposed to be taking this seriously. But Mark was adamant that that’s what he’d buy. A solid gold Etch-A-Sketch. I don’t recall his reasoning verbatim, but it was something to the effect of “Because it’s pointless and no one else would have one.”

I always think about Mark and his Etch-A-Sketch when I think about those gold Apple Watch Editions.

CNBC: Apple and Hyundai-Kia Pushing Towards Deal to Manufacture Apple Cars in Georgia ★

Phil LeBeau and Meghan Reeder, reporting for CNBC:

After years of speculation that it will eventually get into the auto business with its own vehicle, Apple is close to finalizing a deal with Hyundai-Kia to manufacture an Apple-branded autonomous electric vehicle at the Kia assembly plant in West Point, Georgia according to multiple sources who briefed CNBC on the plan.

The so-called “Apple Car,” which is being developed by a team at Apple, is tentatively scheduled to go into production in 2024, though people familiar with the talks between Apple and Hyundai-Kia say the eventual rollout could be pushed back. [...]

Sources familiar with Apple’s interest in working with Hyundai say the tech giant wants to build the “Apple Car” in North America with an established automaker willing to allow Apple to control the software and hardware that will go into the vehicle.

In other words, this will be an “Apple Car,” not a Kia model featuring Apple software.

This follows a report yesterday at the Korean website DongA Ilbo that Apple is set to invest $3.6 billion in Hyundai-Kia.

All Rogue Amoeba Apps Now Have Official Support for the New M1 Macs and Big Sur ★

While I’m posting about utilities and M1 Mac compatibility, some month-old news from Rogue Amoeba:

As of today, our entire product line now has support for Apple’s newest M chip-based Macs. The latest versions of our software now run natively on the new Apple Silicon-powered machines, to provide the best possible performance on this impressive new hardware. If you’ve already got an M chip-based Mac, just download the latest versions of our products and you should be all set.

Not an easy transition for Rogue Amoeba, either:

As we noted in previous posts, a bit more setup is required to install our audio handling extension “ACE”, used by Airfoil, Audio Hijack, Loopback, Piezo, and SoundSource. Those apps will guide you through the necessary steps to get up and running, but if you need more assistance, we have a comprehensive step-by-step guide as well.

Fortunately, this process is quick, and it only needs to be done once. After you’ve authorized ACE on your Mac, future updates will be lightning-fast.

I use a few Rogue Amoeba utilities (a Mac feels broken to me without SoundSource, for example), and their beta versions during the Big Sur/Apple Silicon transition were more reliable than most apps’ stable releases. This was a difficult transition for something like their ACE extension, but as a user, Rogue Amoeba made it look like it was no sweat.

Call Recorder Calling It Quits ★

Jason Snell:

A tool I have used for a dozen years seems to be officially, finally on its way into oblivion, as noted in an Ecamm Network tech note posted last week:

Call Recorder for Skype will not be updated for compatibility with M1 Macs.

I still use Call Recorder for Skype for every podcast I record with Skype, mostly because it’s directly integrated into Skype and records calls automatically.

But I suppose the writing has been on the wall for quite a while now. Over the past year, nearly every Skype update has broken compatibility with Call Recorder, requiring Ecamm to issue repeated updates and even change how the app behaves so that it automatically reinstalls itself after Skype kicks it out. It’s been ugly.

Same boat for me. With the exception of unusual episodes recorded with my guest(s) in person, I’ve recorded every episode of The Talk Show using Call Recorder. It does one thing and does it well, and I love the option to record all Skype calls automatically. I live in perpetual fear of forgetting to record a show. If this really is the end of the line for Call Recorder, it goes into the Hall of Fame on retirement.

A SuperDuper Workaround for Big Sur and M1 Macs ★

Dave Nanian, at Shirt Pocket:

It seems clear that the future of bootable backups is unclear.

M1 Macs can’t be copied in a way that makes them bootable. Bare metal recovery on an M1 Mac isn’t possible, since they depend on the contents of their internal drive even when booting externally. And the tools required to make bootable copies of Intel Macs are limited, often fail, and produce inscrutable and undocumented diagnostics when they do.

Everything’s a tradeoff, and with the M1 Macs, Apple has given us an amazing new platform, while taking away some of the things that made macOS such a joy to work with. And one of those things is bootable backups.

The workaround is pretty clever. Use an older version of SuperDuper that will copy just the Data partition of your M1 Mac’s boot volume — that’s everything you really need to be backed up. Then if you want to restore, do a fresh OS install on the internal boot drive and restore your data from the external drive where you cloned your Data partition.

SuperDuper is one of my all-time favorite and most-trusted Mac utilities. Big Sur is a big transition for a disk cloning utility; M1 Macs are an even bigger one. They’ll get it.

Tim Carmody on Jeff Bezos ★

Tim Carmody:

[Amazon] will not abandon the hard work of physical infrastructure for the sweet, high-margin lure of the cloud.

There are a few reasons for this. The first one is that it is impossible to do digital retail (and increasingly, brick-and-mortar retail) at Amazon’s scale without having the technological capacity a company like Amazon has. If you spun off or sidelined the retail business, you’d be either kneecapping it or forcing it to buy back the services that the retail side of the business already gets in house. Amazon has a huge advantage in both digital and physical logistics; that’s better than a moat, it’s two moats. It’s a moat surrounded by a ring of fire with a dragon inside. You don’t let that go because a consultant or activist shareholder points out that technically your profit margins could be higher if you only did one or the other. Amazon has never run its business that way under Bezos and it would be incredibly foolish for the company to start doing so now, especially when he’s still in a position to influence precisely those sorts of decisions.

Dithering ★

Speaking of Ben Thompson, the start of a new month is always a good time to remind you about Dithering, our new(ish) thrice-weekly podcast. 15 minutes per episode. Not a minute less, not a minute more.

$5/month or $50/year. Signing up is easy, and it’s designed to work with whatever podcast player you like best.

The Relentless Jeff Bezos ★

Ben Thompson on Jeff Bezos:

What is somewhat ironic, though, is that while the Internet is unquestionably a critical component of what makes Amazon Amazon, what makes the company so valuable and seemingly impregnable is the way it has integrated backwards into the world of atoms. Real moats are built with real dollars, and Bezos has been relentless in pushing the company to continually invest in solving problems with real world costs, from delivery trucks to data centers and everything in-between. This application of tech economics to the real world is what sets Bezos apart.

Kara Swisher on Andy Jassy ★

Kara Swisher, in her column at The New York Times:

That same steel will was certainly on display in a long interview I did with Mr. Jassy in mid-2019 about AWS. I have always preferred to talk to him more than almost any other Amazon executive, because he does not shirk from a debate or retreat to stale talking points. He also was not going to give an inch when it came to tougher topics like potential bias in facial recognition.

On that hot-button issue, Mr. Jassy said clearly that it was not up to Amazon to be the moral arbiter of the world, but that he would like government to step in. “People are looking for those extra sets of protections around the federal government explaining how they want the (facial-recognition) technology to be used and [to have] real ramifications if you misuse it,” he said. “And I wish they would hurry up, because if they don’t … you’re going to have 50 different laws in 50 different states.”

When I asked him about having to spin off AWS in the wake of a potential antitrust investigation — a prospect that would scare many — he shrugged. “If we were forced to do it, I guess we would have to do it,” he said. “We don’t spend a lot of time talking about it.”

Testing the HomePod Mini’s New U1 Handoff Functionality ★

Juli Clover, with a nice overview of the new HomePod Mini Handoff features:

If you’re listening to a song on your iPhone 11 or iPhone 12 and bring the phone near the HomePod mini, there are now visual, audio, and haptic effects when the song transfers. As the iPhone gets closer to the HomePod mini’s location, it begins a soft haptic touch rhythm that gets faster and faster as the iPhone continues to approach the HomePod mini. Eventually, the song transfer interface options up, and the song transitions from the iPhone to the mini.

Transferring a song is quicker and more reliable with these visual and haptic-based transfer cues, and there are some other useful changes enabled by the U1 chip too. When an iPhone is held near a HomePod mini, you’ll see personalized listening suggestions and song recommendations.

There’s something special about this feature. I didn’t really think about it much when Apple first talked about it in the October announcement of the HomePod Mini, but now that I’ve used it, I see now that it’s extraordinarily clever user interface design. “User interface” isn’t just what you see on screen. It’s how we, the users, interface with these devices and services. How do you use it? It’s hard to imagine a more obvious way to transfer playback from your iPhone to a HomePod than this.

AirPlay has long supported moving a song or podcast from your phone to a HomePod, and AirPlay 2 was a big improvement in terms of latency and reliability. I think the on-screen UI for controlling AirPlay is pretty good. In the playback controls for whatever you’re listening to, you look for the AirPlay icon, tap it, and you get a list of available sources to choose from. And you can always get it from the system playback controls in Control Center. It’s pretty obvious and pretty consistent.

But “just move your iPhone close to the HomePod” — that’s pretty hard to beat. There’s nothing to hunt for. You can explain it to anyone, and they’ll understand what you mean. And it’s very easy to remember. Maybe you haven’t looked for the AirPlay on-screen menu in a few months and you forget how to get to it. If you don’t use it often it’s easy to forget it’s in Control Center. But “just move your iPhone close to the HomePod”? That’s memorable. The action you take is very physical, not abstract. The haptic feedback makes it feel like a connection is being made. And the U1 chip’s fine-grained proximity detection means you don’t have to worry about it kicking in inadvertently.

This is good design.

Update: Guy English: “The most visceral OK/Cancel dialog I’ve ever seen.”

E.B. White on ‘The Meaning of Democracy’ ★

E.B. White, writing for The New Yorker in July 1943:

We received a letter from the Writers’ War Board the other day asking for a statement on “The Meaning of Democracy.” It presumably is our duty to comply with such a request, and it is certainly our pleasure.

Surely the Board knows what democracy is. It is the line that forms on the right. It is the don’t in don’t shove. It is the hole in the stuffed shirt through which the sawdust slowly trickles; it is the dent in the high hat. Democracy is the recurrent suspicion that more than half of the people are right more than half of the time. It is the feeling of privacy in the voting booths, the feeling of communion in the libraries, the feeling of vitality everywhere. Democracy is a letter to the editor. Democracy is the score at the beginning of the ninth. It is an idea which hasn’t been disproved yet, a song the words of which have not gone bad. It’s the mustard on the hot dog and the cream in the rationed coffee. Democracy is a request from a War Board, in the middle of a morning in the middle of a war, wanting to know what democracy is.

Tuesday, 2 February 2021

Jeff Bezos’s Email to Employees ★

Jeff Bezos:

This journey began some 27 years ago. Amazon was only an idea, and it had no name. The question I was asked most frequently at that time was, “What’s the internet?” Blessedly, I haven’t had to explain that in a long while.

I am reminded of the fact that Bezos’s longstanding policy bans PowerPoint presentations from meetings, replacing them with “narratively structured six-page memos”. You can hide unclear thinking in a slide deck; you can’t hide unclear thinking in a narrative memo.

WSJ: ‘Facebook Knew Calls for Violence Plagued “Groups”, Now Plans Overhaul’ ★

Jeff Horwitz, reporting for The Wall Street Journal (News+ link):

The company’s data scientists had warned Facebook executives in August that what they called blatant misinformation and calls to violence were filling the majority of the platform’s top “civic” Groups, according to documents The Wall Street Journal reviewed. Those Groups are generally dedicated to politics and related issues and collectively reach hundreds of millions of users.

The researchers told executives that “enthusiastic calls for violence every day” filled one 58,000-member Group, according to an internal presentation. Another top Group claimed it was set up by fans of Donald Trump but it was actually run by “financially motivated Albanians” directing a million views daily to fake news stories and other provocative content.

Roughly “70% of the top 100 most active US Civic Groups are considered non-recommendable for issues such as hate, misinfo, bullying and harassment,” the presentation concluded. “We need to do something to stop these conversations from happening and growing as quickly as they do,” the researchers wrote, suggesting measures to slow the growth of Groups at least long enough to give Facebook staffers time to address violations.

“Our existing integrity systems,” they wrote, “aren’t addressing these issues.”

You need actual integrity to implement integrity systems that work.

The Trend of CEOs Transitioning to Executive Chairmen ★

Interesting 2016 paper by Susan Schroeder for CAP, an executive compensation consulting firm:

Companies transitioning from a long-term Chief Executive Officer and involved in CEO succession planning, especially for a company founder or head of a family-owned company, are looking to retain and capitalize on the outgoing CEO’s institutional knowledge while ensuring a smooth transition to the new leader. In response to this need, some creative companies are transitioning their outgoing Chief Executive Officer to the position of Executive Chairman of the Board. The Executive Chairman position allows the organization to leverage the former CEO’s personal client relationships and institutional knowledge while allowing him to retain employee rights and benefits, assist in the transition process, and gradually phase out of CEO responsibilities.

That’s what Jeff Bezos is doing at Amazon. It was also Apple’s plan when Steve Jobs stepped down as CEO in August 2011, if he’d been able to stay a few steps ahead of the cancer. A year ago Bob Iger made this transition at Disney.

Jeff Bezos to Step Down as Amazon CEO, Will Become Executive Chairman ★

Karen Weise, reporting for The New York Times:

Jeff Bezos, Amazon’s founder and chief executive, will hand over the reins of the e-commerce giant this summer and transition into the role of executive chairman, the company announced Tuesday.

Andy Jassy, the chief executive of Amazon’s cloud computing division, will be promoted to run all of Amazon.

The end of an era.

Monday, 1 February 2021

iOS 14.5 Beta 1 Allows Your Apple Watch to Unlock Your iPhone if You’re Wearing a Mask ★

Juli Clover, MacRumors:

In iOS 14.5, there’s a new option to unlock an iPhone with Face ID and an Apple Watch paired together, with the Apple Watch’s authentication providing an extra layer of security.

If you’re wearing an unlocked Apple Watch and use Face ID as you normally would, the iPhone will unlock after a partial face scan. When the unlock happens, you’ll feel a haptic buzz and will receive a notification on the Apple Watch informing you that the unlocking procedure was successful, similar to how it works when unlocking a Mac with an Apple Watch.

Sincere, non-sarcastic finally for this one. I jumped on this beta to try this feature out, and it works great. Pretty much just like the excellent longstanding feature that lets you log into your Mac automatically if you’re wearing an Apple Watch — it just works. I don’t know how much longer we’ll be wearing face masks when we go out, but this pretty much guarantees I’ll be wearing my Apple Watch every day.

My understanding is that this feature was a lot trickier to implement than you might think, because of the fact that you can also use your iPhone to unlock your watch. The “chain of trust” was originally designed to work in one direction — from your iPhone to your watch.

The Talk Show: ‘Soviet Toilet Paper’ ★

John Moltz returns to the show to give stock market investment advice.