By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: July 20, 2023

Thursday, 20 July 2023

Apple Tries to Explain to U.K. Legislators That You Can’t Add Back Doors to Secure Protocols ★

Zoe Kleinman, reporting for BBC News:

Apple says it will remove services such as FaceTime and iMessage from the UK rather than weaken security if new proposals are made law and acted upon.

The government is seeking to update the Investigatory Powers Act (IPA) 2016. It wants messaging services to clear security features with the Home Office before releasing them to customers. The act lets the Home Office demand security features are disabled, without telling the public. Under the update, this would have to be immediate. [...]

WhatsApp and Signal are among the platforms to have opposed a clause in the Online Safety Bill allowing the communications regulator to require companies to install technology to scan for child-abuse material in encrypted messaging apps and other services. They will not comply with it, they say, with Signal threatening to “walk” from the UK.

The BBC headline here is fair: “Apple Slams UK Surveillance-Bill Proposals”. Techmeme’s rewrite of the headline is not: “Apple Threatens to Remove Services Like FaceTime and iMessage From the UK Rather Than Weaken Their Security Under a Proposed Investigatory Powers Act Amendment”. Usually this works the other way around — Techmeme typically rewrites headlines to add clarity and omit clickbait-yness. But Apple (and Signal, and WhatsApp) aren’t making threats here. They’re patiently explaining that E2EE messaging platforms cannot comply with what the U.K. wants to demand. It’d be like trying to comply with a law that declares 1 + 1 = 3.

The U.K. legislators pushing this believe, wrongly, that it must be possible for these messaging platforms to add “good guys only” back doors. That if they pass this law, the result will be that the nerds who work at these companies will be forced to figure out a way to comply. What will actually happen is that these companies will be forced to pull the services from U.K., because they can’t comply, unless they scrap their current end-to-end encryption and replace it — worldwide — with something insecure, which they aren’t going to do.

The UK, of course, is no longer part of the EU, but the unintended consequences are similar: the intention of the EU’s Digital Markets Act (well, one intention among many) is to force big social networks to collect data in ways that are more respectful of users’ privacy. The actual result is that Threads launched everywhere else in the world but the EU. The intention of the UK’s proposed update to the IPA is to force messaging platforms to make profound technical changes that would allow law enforcement to snoop on messages; the actual result, if it goes into effect, will be to force those messaging platforms out of the UK.

And while it’s Apple and iMessage/FaceTime that are getting the headlines today, it’s WhatsApp that’s the big player in the UK, with 75 percent of adult Britons using it monthly. It’s hard to overstate how much outrage these legislators are poised to bring upon themselves if they effectively ban WhatsApp. (The legislators themselves surely all depend upon it.)

Facebook Releases Llama 2 Under an ‘Open for Everyone Other Than Really Large Rivals’ License ★

Facebook:

We’re now ready to open source the next version of Llama 2 and are making it available free of charge for research and commercial use. We’re including model weights and starting code for the pretrained model and conversational fine-tuned versions too. As Satya Nadella announced on stage at Microsoft Inspire, we’re taking our partnership to the next level with Microsoft as our preferred partner for Llama 2 and expanding our efforts in generative AI. Starting today, Llama 2 is available in the Azure AI model catalog, enabling developers using Microsoft Azure to build with it and leverage their cloud-native tools for content filtering and safety features. It is also optimized to run locally on Windows, giving developers a seamless workflow as they bring generative AI experiences to customers across different platforms. Llama 2 is available through Amazon Web Services (AWS), Hugging Face, and other providers too.

First, this is yet another sign that OpenAI has no moat around LLM AI technology. Second, I’m glad to see Facebook drop their awkward “LLaMA” letter-casing style. Third, there’s a notable restriction in Llama 2’s license:

2. Additional Commercial Terms. If, on the Llama 2 version release date, the monthly active users of the products or services made available by or for Licensee, or Licensee’s affiliates, is greater than 700 million monthly active users in the preceding calendar month, you must request a license from Meta, which Meta may grant to you in its sole discretion, and you are not authorized to exercise any of the rights under this Agreement unless or until Meta otherwise expressly grants you such rights.

700 million seems oddly specific. Obviously the other companies in the Big Five exceed that number (Apple, Google, Amazon, Microsoft), but who else? Ben Thompson, in today’s subscriber-only Stratechery update (and — spoiler — tomorrow’s episode of Dithering) notes:

Probably the closest company to that 700 million monthly active user (MAU) figure is Snap, which said it passed 750 million MAUs earlier this year. Obviously all of the other big consumer tech companies have more than 700 million MAUs, as well as other services like Telegram, which just surpassed 800 million MAUs.

Good news for Elon Musk, though: Twitter is free to use it.

The Decline of Windows: Command vs. Control Edition ★

An update I just appended to my post the other day about Command Z:

I noticed, of course, that the series is titled Command Z, not Control Z. They even use the “⌘” glyph in the logotype. But while of course a man of Soderbergh’s refined taste is a long-time Mac user, the fact that it’s not Control Z is yet another sign that the Windows hegemony is over.

Wayne Ma: Display Manufacturing Problems Might Lead to Shortages of iPhone 15 Pro and Pro Max ★

Wayne Ma, reporting for The Information (paywalled):

The iPhone 15 Pro, internally codenamed D83, and Pro Max, codenamed D84, are now in a manufacturing stage known as risk ramp in which Foxconn Technology, which does final assembly of the phones, makes hundreds of thousands of units of the device to test how reliably they can build the product without defects. Apple traditionally moves to mass production, where it begins making millions of iPhone units, in August. The phones typically start to ship to customers in late September.

One person with direct knowledge said the LG-made displays have failed reliability tests after it goes through a new process known as low injection pressure overmolding or LIPO. The process involves Apple fusing the display into its metal shell prior to assembly. Apple is repeatedly tweaking the design of LG’s display so that it can pass the tests.

However, Apple still can use displays made by its leading supplier Samsung, ensuring that it can continue to assemble a significant amount of units.

What going legit was to Michael Corleone, breaking free of dependence upon Samsung is to Tim Cook: “Just when I thought I was out, they pull me back in.”

Kevin Mitnick Dies From Pancreatic Cancer at 59 ★

Tragic news from King David Memorial Chapel and Cemetery in Las Vegas:

Kevin David Mitnick, 59, died peacefully on Sunday, July 16, 2023, after valiantly battling pancreatic cancer for more than a year. Kevin is survived by his beloved wife, Kimberley Mitnick, who remained by his side throughout their 14-month ordeal. Kimberley is pregnant with their first child. Kevin was ecstatic about this new chapter in his and Kimberley’s life together, which has now been sadly cut short.

All cancers can go fuck themselves, but man, pancreatic cancer has taken so many people of late: Alex Trebek, Pixar animator Ralph Eggleston, Ruth Bader Ginsburg, and of course Steve Jobs. Also: Jef Raskin and Randy Pausch (“The Last Lecture” professor).

Just brutal to hear that Mitnick’s wife is pregnant.

Kevin emerged from his final prison term, which he deemed a “vacation”, in January 2000. He was a changed individual, and began constructing a new career, as a White Hat hacker and security consultant. He became a highly sought-after global public speaker, a writer, and established the successful Mitnick Security Consulting. In November 2011, he became the Chief Hacking Officer and part owner of security awareness training company KnowBe4, founded by close friend and business partner Stu Sjouwerman.

Kevin attracted attention and support from unlikely sources. The bus driver who saw young Kevin memorize the bus schedules, punch cards and punch tool systems so he could ride the buses all day for free testified as a character witness for Kevin during his federal trial. The federal prosecutor offered his testimony that Kevin never tried to take one dime from any of his “victims”. The probation officer assigned to monitor Kevin after prison gave Kevin permission to write his first book on a laptop when he was not yet supposed to have access to computers. Shawn Nunley, the star witness in the FBI’s case against Kevin, became so disillusioned with the government’s treatment of Kevin that he contacted Kevin’s defense team, helped garner Kevin’s release, and became one of Kevin’s dearest friends. Kevin had an irresistible way of converting foes to friends and keeping them as friends forever.

Mitnick was technically gifted, but his greatest hacking skill was social engineering.