By John Gruber
1Password — Secure every sign-in for every app on every device.
Look closely.
Tim Sweeney on X, with what can only be described as a weird take on Find My:
This feature is super creepy surveillance tech and shouldn’t exist. Years ago, a kid stole a Mac laptop out of my car. Years later, I was checking out Find My and it showed a map with the house where the kid who stole my Mac lived. WTF Apple? How is that okay?!
Responding to arguments that Find My only allows people to track devices that they own, Sweeney dug deeper:
A lot of people are saying this here. While technically true, it misses the point: you can’t track the location of a device that’s in someone’s possession without tracking that person, and people have a right to privacy. This right applies to second hand device buyers and even to thieves.
Thieves deserve privacy too is quite the take.
When you reset a Mac, iPhone, or iPad before selling it, the original owner can no longer track it. Find My poses no problem at all for legitimately transferred pre-owned devices. It only poses a problem for thieves — a group Sweeney perhaps has an affinity for.
Update: Benjamin Mayo, on Threads:
If Find My didn’t exist, he’d says it’s a racket that Apple doesn’t help users recover their lost devices in order to sell more new hardware.
Interesting new site, offering AI-powered answers to WWDC-related developer questions. Ask a question, it tries to answer (some answers seem great, some not), and offers links to relevant WWDC sessions.
The small print at the bottom of the page disclaims “Ask WWDC is not affiliated with Apple Inc.” Instead it’s the work of developer Matt Spear, using a new tool he’s building that aims to allow anyone to build a similar “ask site”.
Dan Moren, writing at Six Colors:
Not all features, as I said, will be available to try out in this release. Among those included are the systemwide Writing Tools features to help proofread and rewrite text; inbox prioritization, summaries, and smart reply in Mail; the new Reduce Interruptions focus mode; natural language search for photos and videos as well as the ability to create Memories movies on demands; summaries for transcriptions; and, perhaps most enticingly, improved Siri functionality, including the ability to move between voice and typing, more resilient requests for when you stumble over your words, and answering questions about Apple products.
As for what you won’t find here, don’t expect the contentious image generation features like Image Playground, the ability to clean up and remove unwanted details from photos, and integration with ChatGPT. It’s unclear if those will appear in future builds of these betas, or as subsequent updates after public release. Also unclear is whether there will be a public beta of these versions down the road for non-developers.
I wish I would have predicted that Apple was going to start seeding these .1 OS betas previewing Apple Intelligence features while the .0 versions remain in beta until (presumably) release in September, because in hindsight it seems obvious. Will there be public betas of these Apple Intelligence OS versions soon? Unknown at the moment.
See also: MacRumors: “Here Are All of the Apple Intelligence Features in the iOS 18.1 Developer Beta”.
My thanks to 1Password — which, earlier this year, acquired longtime DF sponsor Kolide — for sponsoring last week at DF. When the EU enacted GDPR in 2018, executives and security professionals waited anxiously to see how the law would be enforced. And then they kept waiting ... and waiting ... but the Great European Privacy Crackdown never came.
But the days of betting that you’re too big or too small to be noticed by GDPR are over. Recently, EU member nations (plus the UK) have started taking action against data controllers of all sizes–from the big (Amazon), to the medium (a trucking company), to the truly minuscule (a Spanish citizen whose home security cameras bothered their neighbors).
If you’re an IT or security professional, you may be wondering what to do. Unfortunately, GDPR compliance isn’t the kind of thing you can solve by buying a tool or scheduling a training session. The best place to start is to adopt a policy of data minimization: collect only the data you truly need to function, on both customers and employees. After that, your second priority should be securing the data you have — keeping it only as long as you absolutely need to, and then destroying it.
1Password can help with all aspects of GDPR compliance. To learn more about GDPR compliance, check out this post at 1Password’s blog.
Apple Newsroom, last week:
Today, Apple Maps on the web is available in public beta, allowing users around the world to access Maps directly from their browser.
Now, users can get driving and walking directions; find great places and useful information including photos, hours, ratings, and reviews; take actions like ordering food directly from the Maps place card; and browse curated Guides to discover places to eat, shop, and explore in cities around the world. Additional features, including Look Around, will be available in the coming months.
All developers, including those using MapKit JS, can also link out to Maps on the web, so their users can get driving directions, see detailed place information, and more.
Apple Maps is one of the best examples of the power of persistence I can think of. It started as a laughing stock, but now, for people in many countries, it’s arguably the best maps service.
Lorenzo Franceschi-Bicchierai, writing for TechCrunch:
CrowdStrike, the cybersecurity firm that crashed millions of computers with a botched update all over the world last week, is offering its partners a $10 Uber Eats gift card as an apology, according to several people who say they received the gift card, as well as a source who also received one. [...]
On Wednesday, some of the people who posted about the gift card said that when they went to redeem the offer, they got an error message saying the voucher had been canceled. When TechCrunch checked the voucher, the Uber Eats page provided an error message that said the gift card “has been canceled by the issuing party and is no longer valid.”
CrowdStrike spokesperson Kevin Benacci confirmed to TechCrunch that the company sent the gift cards. “We did send these to our teammates and partners who have been helping customers through this situation. Uber flagged it as fraud because of high usage rates,” Benacci said in an email.
I’d say the odds are pretty high that CrowdStrike renames itself, like ValuJet and Philip Morris did. That’ll solve the problem.
Mark Zuckerberg, in an essay extolling the virtues of Meta’s open source approach to AI development:
People often ask if I’m worried about giving up a technical advantage by open sourcing Llama, but I think this misses the big picture for a few reasons:
First, to ensure that we have access to the best technology and aren’t locked into a closed ecosystem over the long term, Llama needs to develop into a full ecosystem of tools, efficiency improvements, silicon optimizations, and other integrations. If we were the only company using Llama, this ecosystem wouldn’t develop and we’d fare no better than the closed variants of Unix.
Second, I expect AI development will continue to be very competitive, which means that open sourcing any given model isn’t giving away a massive advantage over the next best models at that point in time. The path for Llama to become the industry standard is by being consistently competitive, efficient, and open generation after generation.
Third, a key difference between Meta and closed model providers is that selling access to AI models isn’t our business model. That means openly releasing Llama doesn’t undercut our revenue, sustainability, or ability to invest in research like it does for closed providers. (This is one reason several closed providers consistently lobby governments against open source.)
Zuckerberg’s argument makes numerous references to Linux winning the war against proprietary Unix variants. I’m not sure how good an analogy that is. Perhaps a better analogy is to programming languages, where instead of one winner (like Linux in the field of operating systems) there are dozens, but they’re all open source, even the ones spearheaded by commercial companies. I’ve been on board with the argument that there is no moat with LLMs, and if there’s no moat, there’s little reason to bank on proprietary solutions. Proprietary solutions require a moat.
One of my formative experiences has been building our services constrained by what Apple will let us build on their platforms. Between the way they tax developers, the arbitrary rules they apply, and all the product innovations they block from shipping, it’s clear that Meta and many other companies would be freed up to build much better services for people if we could build the best versions of our products and competitors were not able to constrain what we could build. On a philosophical level, this is a major reason why I believe so strongly in building open ecosystems in AI and AR/VR for the next generation of computing.
Apple’s App Store payments commission — which most definitely is not a “tax” — is what it is. But it’s just about money. As for the “product innovations they block from shipping”, one man’s product innovation is another man’s CrowdStrike.
I realize this is an aside in an essay that otherwise has nothing to do with Apple or iOS, but to me it speaks to how obsessed Zuckerberg is with the subordinate role Meta has been relegated to on mobile platforms — which of course are the platforms where Meta’s platforms are primarily used. But what exactly are the innovations Apple has blocked Meta from shipping? Why haven’t they shipped those same innovations on Android, which is significantly more open? Why doesn’t Meta just ship its own phone? Oh wait.
As frustrating as Apple’s control over iOS can be at times — for users, for developers, and for the fifth-wealthiest man on the planet — there are really compelling arguments that iOS has succeeded, and remained so popular for so long, not despite Apple’s opinionated control over the platform but because of it.
Emanuel Maiberg, reporting for 404 Media:
If you use Bing, DuckDuckGo, Mojeek, Qwant or any other alternative search engine that doesn’t rely on Google’s indexing and search Reddit by using “site:reddit.com,” you will not see any results from the last week. DuckDuckGo is currently turning up seven links when searching Reddit, but provides no data on where the links go or why, instead only saying that “We would like to show you a description here but the site won’t allow us.” Older results will still show up, but these search engines are no longer able to “crawl” Reddit, meaning that Google is the only search engine that will turn up results from Reddit going forward. Searching for Reddit still works on Kagi, an independent, paid search engine that buys part of its search index from Google.
The news shows how Google’s near monopoly on search is now actively hindering other companies’ ability to compete at a time when Google is facing increasing criticism over the quality of its search results. This exclusion of other search engines also comes after Reddit locked down access to its site to stop companies from scraping it for AI training data, which at the moment only Google can do as a result of a multi-million dollar deal that gives Google the right to scrape Reddit for data to train its AI products.
“They’re [Reddit] killing everything for search but Google,” Colin Hayhurst, CEO of the search engine Mojeek told me on a call.
I have to blame Reddit for this, not Google. But it’s not a good look for Google, either.
Marco Arment, introducing the 10th-anniversary re-write of Overcast:
Most of Overcast’s core code was 10 years old, which made it cumbersome or impossible to easily move with the times, adopt new iOS functionality, or add new features, especially as one person.
That’s why there haven’t been many new features or changes in years.
You saw it, and I saw it. I wasn’t able to serve my customers as well as I wanted.
For Overcast to have a future, it needed a modern foundation for its second decade. I’ve spent the past 18 months rebuilding most of the app with Swift, SwiftUI, Blackbird, and modern Swift concurrency.
Now, development is rapidly accelerating. I’m more responsive, iterating more quickly, and ultimately making the app much better.
Promotions for podcasts will often end with a call to action along the lines of “Available wherever you get your podcasts.” As Anil Dash noted a few months ago, that’s a radical statement. Using whatever client software you want to access content published using open standards on the internet is the way the internet was designed to be. But it’s not the way it’s worked out, by and large. Streaming video is largely available only via proprietary apps from each individual service. Same with streaming music.
But not so with podcasts. Podcasts, more than any other medium, exemplify the original spirit of the open internet. “Wherever you get your podcasts”, for me, has meant Overcast for the last decade. And I feel confident that will be true for the next decade. I’ve got a few small gripes with this major update, but overall it’s clear that Overcast is better than ever.
Margi Murphy and Katrina Manson, reporting for Bloomberg:
The local FBI bureau in Pittsburgh held a license for Cellebrite software, which lets law enforcement identify or bypass a phone’s passcode. But it didn’t work with Crooks’ device, according to the people, who said the deceased shooter owned a newer Samsung model that runs Android’s operating system.
The agents called Cellebrite’s federal team, which liaises with law enforcement and government agencies, according to the people.
Within hours, Cellebrite transferred to the FBI in Quantico, Virginia, additional technical support and new software that was still being developed. The details about the unsuccessful initial attempt to access the phone, and the unreleased software, haven’t been previously reported.
Once the FBI had the Cellebrite software update, unlocking the phone took 40 minutes, according to reporting in the Washington Post, which first detailed the FBI’s use of Cellebrite.
Reporting it like this is like running a commercial advertisement for Cellebrite. What kind of passcode was Crooks using on his phone? Digits only or alphanumeric? How many characters? Did they crack the passcode or get in some other way?
Without that information all that should have been reported here is that the FBI was able to get access to his phone’s contents, and that the phone was from Samsung. That’s it. I totally understand why the FBI — and Cellebrite — might not want to say how they got in, but without that context, there’s no reason to sing their praises for having gotten in.
My thanks to WorkOS for sponsoring last week at Daring Fireball. WorkOS is a modern identity platform for B2B SaaS. Start selling to enterprise customers with just a few lines of code. Ship complex features like SSO and SCIM (pronounced skim) provisioning in minutes instead of months.
Today, some of the fastest growing startups are already powered by WorkOS, including Perplexity, Vercel, and Webflow.
For SaaS apps that care deeply about design and user experience, WorkOS is the perfect fit. From high-quality documentation to self-serve onboarding for your customers, it removes all the unnecessary complexity for your engineering team.
Joe Biden, in a letter to the nation (same post, on Instagram):
It has been the greatest honor of my life to serve as your President. And while it has been my intention to seek reelection, I believe it is in the best interest of my party and the country for me to stand down and to focus solely on fulfilling my duties as President for the remainder of my term.
And in a follow-up post on X:
My fellow Democrats, I have decided not to accept the nomination and to focus all my energies on my duties as President for the remainder of my term. My very first decision as the party nominee in 2020 was to pick Kamala Harris as my Vice President. And it’s been the best decision I’ve made. Today I want to offer my full support and endorsement for Kamala to be the nominee of our party this year. Democrats — it’s time to come together and beat Trump. Let’s do this.
I’ve been ambivalent about Biden dropping out since The Debate. I see clearly that he’s diminished. He’s lost his fastball. Watch Biden on 60 Minutes from just four years ago, on the cusp of the 2020 election. That’s Joe Biden. Biden today, even at his best, doesn’t have that zip. He’s no longer able to serve as a compelling communicator but a communicator is first and foremost what a candidate needs to be. I admire Biden more than ever for coming to grips with and accepting this inconvenient truth, and putting both his country and party above his own ambition. More than any other fissure in our fractious, highly-polarized politics today, the difference between Democrats and Republicans is that Democrats tend to face and address inconvenient truths, and Republicans are nothing more than a weird, gross, terrifying personality cult worshipping one old corrupt man.
Here’s how I think it will play out. This might be wishful thinking, but it’s what I’d bet on. The entire Democratic establishment will get behind Kamala Harris as the nominee. Ambitious and popular Democratic leaders like Gavin Newsom, Gretchen Whitmer, Josh Shapiro, Andy Beshear, and Pete Buttigieg won’t challenge her for the nomination. They’ll compete only to be her pick for VP. (Except Newsom, who, coming from the same state as Harris, wouldn’t work). My top two picks for VP would be Buttigieg and Whitmer. Watch Buttigieg on Bill Maher’s show this weekend, talking about J.D. Vance and why Peter Thiel backs him. He’s so smart, and so good at explaining things.
The knee-jerk reaction to my suggestion of picking Buttigieg or Whitmer is obvious: isn’t a black woman at the top of the ticket already asking a lot? Why go with two women, or a black woman and a gay man? Because they’re smart and they’re sharp and they’re good on TV. If you don’t like their message or platform, don’t vote for them. But if you don’t want to vote for a ticket with two women, or a ticket with gay man as VP, just because, then fuck you. Go vote for Trump, because you’re a bigot, and he’s the candidate for you. There are too many racists and sexists in America, but they’re not a majority.
Like I wrote last weekend after the assassination attempt against Trump: this will be old news by November. The reason why U.S. presidential candidates tend to announce their campaigns two years before elections is because unlike parliamentary systems, our election dates and presidential terms are set in stone. Candidates announce early in the U.S. simply because they can. It’s a good thing, in an election where the overwhelming majority of independent voters wanted both Biden and Trump to drop out of the race, for the Democrats to start fresh, with almost four full months to run a campaign emphasizing youth, intelligence, competence, honesty, and change. New is a positive adjective in America.
November is a long way out. Buckle up.
Sumit Chandel and Eldhose Mathokkil Babu, writing for the Google Developers blog:
In 2018, we announced the deprecation and transition of Google URL Shortener to Firebase Dynamic Links because of the changes we’ve seen in how people find content on the internet, and the number of new popular URL shortening services that emerged in that time. This meant that we no longer accepted new URLs to shorten but that we would continue serving existing URLs.
Today, the time has come to turn off the serving portion of Google URL Shortener. Please read on below to understand more about how this will impact you if you’re using Google URL Shortener.
Any developers using links built with the Google URL Shortener in the form
https://goo.gl/*
will be impacted, and these URLs will no longer return a response after August 25th, 2025.
How much money could it possible cost to just keep this service running in perpetuity? Tim Berners-Lee wrote his seminal essay, “Cool URIs Don’t Change” back in 1998. It’s bad enough when companies go out of business, taking their web servers down with them. But Google isn’t struggling financially. In fact, they’re thriving.
Ina Fried, reporting for Axios:
“We will release a multimodal Llama model over the coming months, but not in the EU due to the unpredictable nature of the European regulatory environment,” Meta said in a statement to Axios.
Apple similarly said last month that it won’t release its Apple Intelligence features in Europe because of regulatory concerns. [...]
Meta plans to incorporate the new multimodal models, which are able to reason across video, audio, images and text, in a wide range of products, including smartphones and its Meta Ray-Ban smart glasses. Meta says its decision also means that European companies will not be able to use the multimodal models even though they are being released under an open license. It could also prevent companies outside of the EU from offering products and services in Europe that make use of the new multimodal models.
The company is also planning to release a larger, text-only version of its Llama 3 model soon. That will be made available for customers and companies in the EU, Meta said.
Another big win for Thierry Breton and Margrethe Vestager. I’m sure EU tech companies will do just fine sitting out the AI boom, and EU customers will be happy to wait for years before getting features available to the rest of the world.
Tom Warren, The Verge:
Thousands of Windows machines are experiencing a Blue Screen of Death (BSOD) issue at boot today, impacting banks, airlines, TV broadcasters, supermarkets, and many more businesses worldwide. A faulty update from cybersecurity provider CrowdStrike is knocking affected PCs and servers offline, forcing them into a recovery boot loop so machines can’t start properly. The issue is not being caused by Microsoft but by third-party CrowdStrike software that’s widely used by many businesses worldwide for managing the security of Windows PCs and servers.
Airlines are down, and hospitals are cancelling elective procedures. Unbelievable, to me, that this is not caused by a bug in Windows but from a third-party tool that I’d never really heard of until today.
The New York Times reports that while the overnight software update from CrowdStrike was automatic and “inescapable” (their word), fixing this might be painstaking and require each affected PC to be fixed manually: rebooting into safe mode, deleting the problematic data file, and then rebooting again to get a clean software update from CrowdStrike. The Times also waited until the 10th paragraph to make this important note:
Apple and Linux machines were not affected by the CrowdStrike software update.
See also: Techmeme’s roundup of coverage, commentary, and jokes.
I don’t post many affiliate links but here’s a great one: Amazon has second-gen AirPods Pro for just $169 for Prime Day, discounted a full third from the usual price of $249. AirPods Pro are not just my favorite earbuds ever, they’re one of my favorite products ever, full stop. Buy through this link and I’ll get rich.
Pete Wells:
The first thing you learn as a restaurant critic is that nobody wants to hear you complain. The work of going out to eat every night with hand-chosen groups of friends and family sounds suspiciously like what other people do on vacation. If you happen to work in New York or another major city, your beat is almost unimaginably rich and endlessly novel. [...]
So we tend to save our gripes until two or three of us are gathered around the tar pits. Then we’ll talk about the things nobody will pity us for, like the unflattering mug shots of us that restaurants hang on kitchen walls and the unlikable food in unreviewable restaurants.
One thing we almost never bring up, though, is our health. We avoid mentioning weight the way actors avoid saying “Macbeth.” Partly, we do this out of politeness. Mostly, though, we all know that we’re standing on the rim of an endlessly deep hole and that if we look down we might fall in.
It’s a funny thing about getting older. You put on weight yet you can’t eat nearly as much as you used to. Somehow, though, here in Philly, Craig Laban has been The Inquirer’s restaurant critic since 1998, and he’s still going strong.
Good critics — whether their beat is food, movies, books, whatever — review every genre, with an open mind. Some of Wells’s best writing was about the most approachable restaurants. This recent review of Hamburger America makes me hungry just glancing at it. His scathing review of Guy Fieri’s American Kitchen & Bar is famous, but don’t miss his review of the unsurprisingly-now-closed Señor Frog’s in Times Square:
Señor Frog’s is not a good restaurant by most conventional measures, including the fairly basic one of serving food. One night I got just two of the half-dozen appetizers I had asked for. Another time, the starters showed up on schedule, but after nearly two hours the main courses still had not appeared.
“What happened to our food?” we finally asked.
“That’s what I’m wondering!” our server said brightly. “Like, where is it?”
Getting just half of what you order at Señor Frog’s can be a blessing if it’s the right half.
One of the all-time great talk show guests.
Apple Newsroom:
Today, Apple introduced HomePod mini in midnight, made with 100 percent recycled mesh fabric. At just 3.3 inches tall, HomePod mini offers big sound in an impressively compact design. With a seamless, acoustically transparent mesh exterior and a backlit touch surface that illuminates from edge to edge, HomePod mini is a stunning smart speaker that complements any space. HomePod mini in midnight is available starting Wednesday, July 17, and joins other bold colors, including yellow, orange, blue, and white.
This confused me for a moment, because they make it sound like they’re simply adding this new color to the lineup. But midnight is actually replacing the subtly different space gray. The bigger question: is this a sign that a second-gen HomePod Mini is not coming soon? The current models debuted in November 2020, and are powered by the S5 chip from Apple Watch Series 5.
Update: Thinking about this some more, it’s kind of odd that it took Apple this long to swap space gray for midnight with the HomePod Mini. For consumer-y products they shifted from space gray to dark-with-a-slight-hint-of-blue “midnight” starting, I think, with the Series 7 Apple Watch models in 2021. (The Series 6 lineup introduced a dark blue, but it was called “blue”, and there was still a color called space gray.) The entry model MacBook Pros still offer space gray for their dark option, but the higher-end models are either silver or space black. Dark iPad Pros are space black. Dark iPhones are “black”, not gray — both Pro and non-pro. And the second-gen full-size HomePods, introduced in January 2023, have only ever been offered in white and midnight. Makes me wonder if Apple produced a bunch of space gray HomePod Minis all at once, when the product debuted, and has been waiting for them to sell out before switching to midnight.
Space gray remains a color in Apple’s palette, though. The darkest MacBook Airs have been offered in midnight ever since the new form factor debuted with the M2 models in 2022, but they do still offer models in space gray (along with silver and starlight). iPad Air and the due-for-an-update iPad Mini are still offered in space gray too. The pattern I detect is that if it’s black-ish and consumer, Apple uses midnight; if it’s black-ish and pro, it’s space black or just black. The exception is the regular iPhone 15, which is offered in just plain “black”, but the superseding pattern there is that Apple has always offered (at least one!) “black” iPhone with each generation.
Tim Hardwick, reporting for MacRumors:
Apple this weekend approved free PC emulator “UTM SE” for the App Store on iPhone, iPad, and Vision Pro. The app allows users to emulate old versions of Windows OS, macOS, Linux, and more to fire up classic software and games on Apple devices. [...]
After Apple’s rejection, UTM’s developer said they would not keep going back and forth because the app would become “a subpar experience.” However, after help from the AltStore team and another developer to work on some changes, UTM SE was finally approved by Apple on Saturday.
As with other emulators, UTM SE requires that users supply the operating systems they want to emulate, but the UTM site includes guides for Windows XP through Windows 11 emulation, as well as downloads of pre-built virtual Linux machines.
Not sure what changed since last month, when Apple not only rejected UTM SE from the App Store but also from notarization for distribution on third-party marketplaces in the EU (and, perhaps soon, Japan).
In other emulation-on-iOS news, Delta 1.6 now fully supports iPadOS.
My thanks to Dabba for sponsoring last week at DF. (You may recall them sponsoring previously.) Dabba is a low-cost broadband internet service provider in India owned and powered by engineers and startup founders from around the world. Relative to its population, India lags behind most other countries in broadband penetration:
Anyone, anywhere in the world can help the Dabba network by buying a hotspot. It’s the bootstrapping and installation costs for new hotspots that are holding India back. Through Dabba, you help subsidize those costs. As a hotspot owner you can monitor the performance of your hotspot on their publicly available explorer. It puts you in on the ground floor of a telecom with broad aspirations in an absolutely enormous market.
Brian Krebs:
In a written statement shared with KrebsOnSecurity, the FBI confirmed that it asked AT&T to delay notifying affected customers.
“Shortly after identifying a potential breach to customer data and before making its materiality decision, AT&T contacted the FBI to report the incident,” the FBI statement reads. “In assessing the nature of the breach, all parties discussed a potential delay to public reporting under Item 1.05(c) of the SEC Rule, due to potential risks to national security and/or public safety. AT&T, FBI, and DOJ worked collaboratively through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work.”
Techcrunch quoted an AT&T spokesperson saying the customer data was stolen as a result of a still-unfolding data breach involving more than 160 customers of the cloud data provider Snowflake.
Mark Burnett is an application security architect, consultant and author. Burnett said the only real use for the data stolen in the most recent AT&T breach is to know who is contacting whom and how many times.
“The most concerning thing to me about this AT&T breach of ALL customer call and text records is that this isn’t one of their main databases; it is metadata on who is contacting who,” Burnett wrote on Mastodon. “Which makes me wonder what would call logs without timestamps or names have been used for.”
It remains unclear why so many major corporations persist in the belief that it is somehow acceptable to store so much sensitive customer data with so few security protections. For example, Advance Auto Parts said the data exposed included full names, Social Security numbers, drivers licenses and government issued ID numbers on 2.3 million people who were former employees or job applicants.
Luca Casonato:
So, Google Chrome gives all *.google.com sites full access to system / tab CPU usage, GPU usage, and memory usage. It also gives access to detailed processor information, and provides a logging backchannel.
This API is not exposed to other sites - only to *.google.com.
This is interesting because it is a clear violation of the idea that browser vendors should not give preference to their websites over anyone else’s.
The DMA codifies this idea into law: browser vendors, as gatekeepers of the internet, must give the same capabilities to everyone. Depending on how you interpret the DMA, this additional exposure of information only to Google properties may be considered a violation of the DMA. Take for example Zoom - they are now at a disadvantage because they can not provide the same CPU debugging feature as Google Meet.
I frequently bemoan the DMA’s ambiguity but here I’d say it’s crystal clear. Chrome is a designated gatekeeping platform, and granting system-monitoring privileges only to Google’s own websites is clearly in violation. Here’s a Hacker News comment from a purported Google employee who calls the feature “mundane” while admitting that Google Meet uses it as a tool to debug bad connections, even though no other web-based meeting app has access to it. I can think of no better example proving that Google views the open web as a platform that it owns.
But put the DMA aside. This is just creepy. It’s clearly a privacy violation. I don’t want Google to know what kind of CPU I have, how many cores, and how busy they are. And the makers of other Chromium-based browsers are so lazy that their browsers — Microsoft Edge and Brave at least — include this same “feature”. I don’t mean that Edge grants system-monitoring privileges to Microsoft’s websites. Edge grants these privileges to Google’s websites, and Google’s alone.
But speaking of the DMA, Chromium is, far and away, the most popular browser engine that the DMA compels Apple to allow on iOS. There are legitimate reasons to wish that Apple allowed third-party browser engines on iOS. But there are also legitimate reasons why Apple doesn’t allow them. Chrome really is bad. Better to let the market decide than let clueless regulators decide.
Matt Egan and Sean Lyngaas, reporting for CNN:
The call and text message records from mid-to-late 2022 of tens of millions of AT&T cellphone customers and many non-AT&T customers were exposed in a massive data breach, the telecom company revealed Friday. AT&T said the compromised data includes the telephone numbers of “nearly all” of its cellular customers and the customers of wireless providers that use its network between May 1, 2022 and October 31, 2022.
The stolen logs also contain a record of every number AT&T customers called or texted — including customers of other wireless networks — the number of times they interacted, and the call duration.
Importantly, AT&T said the stolen data did not include the contents of calls and text messages nor the time of those communications.
Of course the breach didn’t contain the content of (most) phone calls and (most) text messages, because carriers don’t record phone calls and, thankfully, don’t log the contents of text messages. This isn’t an important distinction at all. This is a devastating breach.
(I added those “mosts” because the carriers facilitate the recording/logging of some calls and text messages at the behest of law enforcement agencies. Which is exactly why we should all be moving as much of our communications as possible to E2EE platforms.)
I’ve seen a few people arguing that Samsung’s Galaxy Watch Ultra, though clearly inspired by Apple Watch Ultra, isn’t a rip-off, per se, because it’s not an exact clone. Ben Thompson even tried to argue such with me on Dithering this week.
Here, for example, is a literal clone of Apple Watch Ultra that I bought on Temu last year for $16. (I’m linking to the user manual because the watch itself is no longer available, but here’s a thumbnail photo from Temu.) But of course Samsung wasn’t going to go that far and literally clone Apple Watch Ultra. That’s absurd. What they did was rip off as much as they thought they could get away with.
What I neglected to point out, but have since updated the post to mention, is that whatever elements of the Galaxy Watch Ultra weren’t copied from Apple Watch Ultra were clearly ripped off from Hermès’s H08 watch:
That’s a handsome watch in and of itself, but it should be noted that Hermès is a longstanding partner of a smartwatch maker named — checks notes... — Apple.
I guess the European Commission hasn’t taken off for their months-long summer vacation quite yet:
[T]he Commission has issued preliminary findings of non-compliance on three grievances:
First, X designs and operates its interface for the “verified accounts” with the “Blue checkmark” in a way that does not correspond to industry practice and deceives users. Since anyone can subscribe to obtain such a “verified” status, it negatively affects users’ ability to make free and informed decisions about the authenticity of the accounts and the content they interact with. There is evidence of motivated malicious actors abusing the “verified account” to deceive users.
Second, X does not comply with the required transparency on advertising, as it does not provide a searchable and reliable advertisement repository, but instead put in place design features and access barriers that make the repository unfit for its transparency purpose towards users. In particular, the design does not allow for the required supervision and research into emerging risks brought about by the distribution of advertising online.
Third, X fails to provide access to its public data to researchers in line with the conditions set out in the DSA. In particular, X prohibits eligible researchers from independently accessing its public data, such as by scraping, as stated in its terms of service. In addition, X’s process to grant eligible researchers access to its application programming interface (API) appears to dissuade researchers from carrying out their research projects or leave them with no other choice than to pay disproportionally high fees.
I don’t really have an opinion on the second and third points, but the first one seems daft to me. Here’s how commissioner Thierry Breton is quoted in the EC’s press release:
“Back in the day, BlueChecks used to mean trustworthy sources of information. Now with X, our preliminary view is that they deceive users and infringe the DSA. We also consider that X’s ads repository and conditions for data access by researchers are not in line with the DSA transparency requirements. X has now the right of defence — but if our view is confirmed we will impose fines and require significant changes.”
Blue checkmarks were indeed used, “back in the day”, to indicate “verified” accounts. But upon purchasing Twitter, Elon Musk eliminated that program. They don’t advertise it as “Verified” any more; they just call it “Twitter Premium” and make it very clear that blue checkmarks indicate premium account status. That’s illegal under the DSA?
Anyway, here’s Elon Musk, replying to Breton’s announcement of this investigation:
How we know you’re real? 🧐
And:
We look forward to a very public battle in court, so that the people of Europe can know the truth.
And, more intriguingly, replying to Margrethe Vestager:
The European Commission offered X an illegal secret deal: if we quietly censored speech without telling anyone, they would not fine us.
The other platforms accepted that deal.
X did not.
The weapon the EC wields is their ability to fine companies 10–20 percent of global revenue. Musk is in a unique position to tell them to fuck off. Twitter’s revenue peaked at $5 billion in 2021 — when the company was still publicly-held — and has surely declined since then. A $500 million fine is figuratively nothing to Musk. He’d gladly pay that just for the attention a public fight over this will bring to him personally and X as a platform.
Camilla Hodgson and George Hammond, reporting for The Financial Times:
Microsoft has given up its seat as an observer on the board of OpenAI while Apple will not take up a similar position, amid growing scrutiny by global regulators of Big Tech’s investments in AI start-ups.
Microsoft, which has invested $13bn in the maker of the generative AI chatbot ChatGPT, said in a letter to OpenAI that its withdrawal from its board role would be “effective immediately”.
Apple had also been expected to take an observer role on OpenAI’s board as part of a deal to integrate ChatGPT into the iPhone maker’s devices, but would not do so, according to a person with direct knowledge of the matter. Apple declined to comment.
OpenAI would instead host regular meetings with partners such as Microsoft and Apple and investors Thrive Capital and Khosla Ventures.
Apple’s board observer seat, set to be taken by Phil Schiller, was never officially announced. But after Mark Gurman broke the story at Bloomberg, it was confirmed by the Financial Times. So it really does seem like a fast reversal. Or as Emily Litella would say, “Never mind”. But I suspect these “regular meetings” will serve the same purpose, and I bet Schiller will be in those meetings representing Apple.
See also Reporting for Axios, Ina Fried has excerpts from Microsoft’s letter to OpenAI.
Joe Rossignol, MacRumors:
Walmart+ members have early access to the deal as of 12 p.m. Eastern Time today, and it will be available to all Walmart customers starting at 6 p.m. Eastern Time today.
Walmart first began selling the MacBook Air with the M1 chip for $699 in March, marking the first time the retailer ever sold Macs directly. Now, it is available for an even lower $649 heading into the back-to-school shopping season. It is unclear how long the deal will last.
The M1 MacBook Air will turn 4 years old in November, but it remains an excellent laptop, including support for the upcoming Apple Intelligence features in MacOS 15 Sequoia. As I wrote in March, when this partnership started:
And while, yes, these machines are now over three years old, for $700 this is a great deal. That’s 30 percent less than the cheapest MacBook in an Apple Store. I’d bet serious money that a base M1 MacBook Air outperforms any other $700 laptop on the market. Show me another $700 laptop with a retina display. I’ll wait.
Fascinating example of pricing-as-branding that Apple won’t sell this machine in its own stores, but will through Walmart — which doesn’t sell any other Macs.
I’ve been a big fan of Pennsylvania governor Josh Shapiro since his term as our attorney general. He was absolutely fantastic in the aftermath of the 2020 election, when Trump attempted to steal Pennsylvania.
But as of this week he might be my favorite politician in the entire country. He accomplished what I had long ago given up hope of ever seeing: replacing PA’s fugly-as-sin license plates with a new design that’s among the best I’ve ever seen. Good typography, great colors, and a new slogan and icon that exemplify Pennsylvania’s role as the birthplace of the longest-standing democracy the world has ever seen: the Liberty Bell.
Bravo.
(Next job: Apply this same design language to our god-awful driver’s licenses.)
Update: Design credit for both the new plates and welcome signage goes to Robyn Kanner.
Quinn Nelson on X:
- Watch Ultra is the most shameless copy of an Apple product in ages — and it’s hideous
- Wait, it gets more shameless — Buds3 and Buds3 Pro are clones of AirPods
It’s sad to see Samsung — who once was a leader in design and innovation — start knocking off popular products like some third-rate OEM. Do better.
I agree that the new Buds are AirPod rip-offs, and the new Galaxy Watch Ultra is such a blatant rip-off — the name, the orange accents, the comically slavish copy of Apple’s Ocean Band — that it defies parody. It’s an outright disgrace. Theft, pure and simple. Whatever elements of this watch weren’t ripped off from Apple Watch Ultra were ripped off from Hermès’s H08 watch — and Hermès, of course, has a longstanding partnership with Apple. (Victoria Song at The Verge calls it “not exactly hiding where it got its inspiration from” and “That’s not necessarily a bad thing!”; I doubt she’d consider it “inspiration” and “not necessarily a bad thing” if someone were to rip off her articles to the degree Samsung rips off Apple’s designs. There is no reason to defend this. Call it what it is: theft.)
I disagree that Samsung was ever “a leader in design”. I don’t recall a time when their strategy was anything other than just outright stealing the designs of whoever the current market leader is and undercutting them on price just enough to take the Pepsi position (happy to be in second place, happy to have no shame). Before they started ripping off the iPhone, they ripped off BlackBerry, and called their rip-off lineup of phones “BlackJack”. Really. These new blatant, shameful rip-offs aren’t an aberration; they define the company that Samsung is.
Nelson Aguilar and Blake Stimac, writing for CNet:
That’s right. There’s a hidden flight tracker built right into iMessage that you probably would have never noticed unless you threw in the right combination of details within a message. [...]
Although the airline name/flight number format highlighted above is the best way to go, there are other texting options that will lead you to the same result. So let’s say we stick with American Airlines 9707, other options that may bring up the flight tracker include:
AmericanAirlines9707
(no spaces)AmericanAirlines 9707
(only one space)AA9707
(airline name is abbreviated and no space)AA 9707
(abbreviated and space)
This is a cool feature — that dates back to iOS 9 in 2015 — but don’t cancel your Flighty subscription. It’s maddeningly inconsistent. Even some of CNet’s own suggestions don’t work — neither AmericanAirlines1776
nor AmericanAirlines 1776
works, but American Airlines 9707
does.
The abbreviated names work for the major U.S. airlines — AA123
(American), DL123
(Delta), and UA123
(United) are all recognized. But neither B6123
nor JBU123
(JetBlue) works, nor F9123
or FFT123
(Frontier). JetBlue 123
, JetBlue Airways 123
, and JetBlue Airlines 123
work (and even Jet Blue 123
works, with the erroneous space), but you need to include “Airlines” for most carriers. None of these work: American 123
, Delta 123
, United 123
, Frontier 123
. All of those do work if you include “Airlines” in the name.
(Update: Turns out it’s not about major vs. regional airlines, because JetBlue is classified as a major by the DOT. Instead it seems that only flight codes from airlines whose IATA abbreviation consists of two alphabetic letters work. JetBlue’s B6 and Frontier’s F9 don’t work because they contain numbers. But even with British Airways, whose code is BA, BA123
isn’t recognized. But if you put words like “airline” or “flight” after the flight code — BA123 airline
, BA1588 flight
— it does, because the data detector picks up the additional context.)
CNet attributes this feature to iMessage, going so far as to claim that it doesn’t work for messages sent using SMS, but that’s wrong. It works just fine for SMS messages. In fact, it’s not even a feature specific to the Messages app. It’s a feature from Apple’s DataDetection framework — the same system-wide feature that recognizes calendar events, postal addresses, URLs, shipment tracking numbers, and more. So you can use this same flight-code trick with, say, Apple Mail. Or if you’re just sending it to yourself, put it in Apple Notes. It even works with text recognized in screenshots.
Update 2: You can also type flight codes into Spotlight search on the iOS Home screen to search for and track flight status.
Dave Grochocki, writing for Microsoft’s Windows Insider Blog:
With this update, Notepad will now highlight misspelled words and provide suggestions so that you can easily identify and correct mistakes. We are also introducing autocorrect which seamlessly fixes common typing mistakes as you type.
Getting started with spellcheck in Notepad is easy as misspelled words are automatically underlined in red. To fix a spelling mistake, click, tap, or use the keyboard shortcut Shift + F10 on the misspelled word to see suggested spellings. Selecting a suggestion immediately updates the word. You can also choose to ignore words in a single document or add them to the dictionary, so they are not flagged as a mistake again. Spellcheck in Notepad supports multiple languages.
Better late than never, but it’s kind of wild that Notepad is 41 years old and only getting these features now. I haven’t used a single Mac app that doesn’t offer the system’s built-in spellchecking for over 20 years.
Kieran Kelly, reporting for LBC:
New cars that are sold in Europe from this week will host automatically-installed speed limiters, following the introduction of a new EU law.
Even though the rule to install the technology does not apply in the UK, many of the cars will have been made in Europe and so will feature the Intelligent Speed Assistance (ISA) anyway.
The technology allows the car to automatically restrict its speed based on GPS location, speed-sign recognition and cameras within the vehicle. This is not done simply by applying the brakes, which could be dangerous, but by gradually reducing the engine’s power. However, drivers will first get a warning that they are driving too fast and be told to slow down before the measure takes affect.
When a friend sent me this link, I thought at first that LBC was some sort of Onion/Babylon Bee-style parody site. But no, this is real. Any politician in the U.S. seeking to end their career should propose similar legislation here.
In the EU, drivers will be able to turn off the system every time they start their car. It cannot be permanently shut off.
I take back my complaint that the EU no longer innovates in technology. They brought the EU cookie-consent web experience to cars. Nonstop pointless nagging and annoyance.
Mark Gurman, in his Power On column for Bloomberg:
For the first time, the digital assistant will have precise control over actions inside of Apple’s apps. That means you can ask Siri to, say, edit a photo and then ship it off to a friend. It also will have the ability to understand what you’re looking at on your display, helping Siri determine what you want to do based on the context. But neither of those upgrades will be ready when Apple Intelligence launches this fall, as I’ve previously reported.
Instead, I’m told, Siri features are likely to go into beta testing for developers in January and then debut publicly around the springtime — part of an iOS 18.4 upgrade that’s already in the works. Other Siri features, such as a new design and ChatGPT integration, will be coming later this year.
Recent dates for iOS x.4 updates:
If the usual pattern holds, it’s a safe guess that iOS 18.4 will arrive in mid-to-late March. (iOS 14.4 came in January, but 2020 was, needless to say, an unusual year.) This jibes with my take post-WWDC, when I wrote:
If generative AI weren’t seen as essential — both in terms of consumer marketing and investor confidence — I think much, if not most, of what Apple unveiled in “Apple Intelligence” wouldn’t even have been announced until next year’s WWDC, not last week’s WWDC. Again, none of the features in “Apple Intelligence” are even available in beta yet, and I think all or most of them will be available only under a “beta” label until next year.
My thanks to BriefLook for sponsoring last week at DF. BriefLook is a clever iPhone app that does one thing and does it well: it summarizes your postal (paper) mail. Just point your iPhone camera at a letter, and boom, a few moments later you get an AI-generated summary. Who it’s from, what it’s about, and what you’re expected to do about it. That’s useful for summarizing long letters in your own native language, but BriefLook can read and translate between dozens of languages. Truly an amazing use case for AI. Not too long ago a “universal mail translator / summarizer” was the stuff of science fiction. Now you can carry one in your pocket.
Download BriefLook and try it free of charge. Super useful, yet so utterly simple.
Epic Games, on X two days ago:
Apple has rejected our Epic Games Store notarization submission twice now, claiming the design and position of Epic’s “Install” button is too similar to Apple’s “Get” button and that our “In-app purchases” label is too similar to the App Store’s “In-App Purchases” label.
We are using the same “Install” and “In-app purchases” naming conventions that are used across popular app stores on multiple platforms, and are following standard conventions for buttons in iOS apps. We’re just trying to build a store that mobile users can easily understand, and the disclosure of in-app purchases is a regulatory best practice followed by all stores nowadays.
Apple’s rejection is arbitrary, obstructive, and in violation of the DMA, and we’ve shared our concerns with the European Commission. Barring further roadblocks from Apple, we remain ready to launch in the Epic Games Store and Fortnite on iOS in the EU in the next couple of months.
Update: Apple has informed us that our previously rejected Epic Games Store notarization submission has now been accepted.
Epic had supported notarization during Epic v Apple on the basis that Mac’s mandatory malware scanning could add value to iOS. Now it’s disheartening to see Apple twist its once-honest notarization process into another vector to manipulate and thwart competition.
Asked if he would provide screenshots of the rejected screens, Sweeney responded:
We shared screenshots with EC regulators. We want to compete with other stores by having a big exciting product rollout, which means not trickling out media publicly before launch with the Apple fan press doing a teardown using Phil Schiller crafted talking points.
Epic is certainly under no obligation to reveal screenshots of its in-progress iOS games marketplace, but without screenshots, there’s also no reason for anyone to take their own description of the notarization dispute with Apple at face value. Epic Games is an unreliable narrator. Last year the FTC fined Epic $245 million “to settle charges that the company used dark patterns to trick players into making unwanted purchases and let children rack up unauthorized charges without any parental involvement.”
Was Apple’s rejection of Epic’s notarization submission as petty and silly as Epic makes it sound? Maybe! Or perhaps Epic’s Game Store is designed to trick users into thinking it’s Apple’s own official App Store, and there’s nothing silly about the rejection at all. But in that case, it still might be illegal under the DMA for Apple to reject the submission for notarization — the DMA may well require Apple to notarize a third-party marketplace app that is a pixel-for-pixel rip-off of the App Store app, so long as it’s not outright malware.
The point is, we don’t know. And one party, Apple, is barely commenting on the fracas, and the other, Epic, was just fined a quarter of a billion dollars for tricking users, including children, into making unwanted purchases.
Mark Gurman, reporting for Bloomberg last week:
Apple Inc. will get an observer role on OpenAI’s board as part of a landmark agreement announced last month, further tightening ties between the once-unlikely partners. Phil Schiller, the head of Apple’s App Store and its former marketing chief, was chosen for the position, according to people familiar with the situation. As a board observer, he won’t be serving as a full-fledged director, said the people, who asked not to be identified because the matter isn’t public. [...]
The board observer role will put Apple on par with Microsoft Corp., OpenAI’s biggest backer and its main AI technology provider. The job allows someone to attend board meetings without being able to vote or exercise other director powers. Observers, however, do gain insights into how decisions are made at the company.
“Trust, but verify” the adage goes. This board observer role gives Apple a position to verify that OpenAI remains the trustworthy partner Apple thinks they are. I can think of no one better than Schiller for this position. Perhaps you’re no fan of Schiller’s stewardship of the App Store, but he’s long been a staunch proponent of user privacy at Apple. He’s significantly responsible for Apple’s shift toward making “privacy” a major selling point of their products and services.
Sarah Perez, TechCrunch:
Figma CEO Dylan Field says the company will temporarily disable its “Make Design” AI feature that was said to be ripping off the designs of Apple’s own Weather app. The problem was first spotted by Andy Allen, the founder of NotBoring Software, which makes a suite of apps that includes a popular, skinnable Weather app and other utilities. He found by testing Figma’s tool that it would repeatedly reproduce Apple’s Weather app when used as a design aid.
Field is right to pull the feature but this explanation is sophistry. The feature is clearly fundamentally flawed. It’s not in need of a tweak. It’s in need of being completely scrapped.
Generative AI is really good and truly useful when you say “Here’s a thing, help me tweak it or change it”. But when you say “Make a new thing for me” you’re effectively just getting a rip-off a lot — or perhaps most — of the time.
Andy Allen:
Figma AI looks rather heavily trained on existing apps.
This is a “weather app” using the new Make Designs feature and the results are basically Apple’s Weather app (left). Tried three times, same results.
This is even more disgraceful than a human rip-off. Figma knows what they trained this thing on, and they know what it outputs. In the case of this utter, shameless, abject rip-off of Apple Weather, they’re even copying Weather’s semi-inscrutable (semi-scrutable?) daily temperature range bars.
“AI” didn’t do this. Figma did this. And they’re handing this feature to designers who trust Figma and are the ones who are going to be on the hook when they present a design that, unbeknownst to them, is a blatant rip-off of some existing app.
Maybe now that the Adobe deal fell through, Figma is looking to sell itself to Samsung?