By John Gruber
Jiiiii — All your anime stream schedules in one place.
Dan Moren returns to the show to discuss this week’s introductions of the first M4 Macs: iMac, Mac Mini, and MacBook Pros.
Sponsored by:
Emma Roth, reporting for The Verge:
Claude, the AI chatbot made by Anthropic, now has a desktop app. You can download the Mac and Windows versions of the app from Anthropic’s website for free.
Big miss from Anthropic releasing a super clunky macOS electron app that feels like a bad wrapper of their website. Very weird non-standard UI all over, choppy and sloppy animations.
OpenAI is really leagues ahead in making good apps (+ has ChatGPT Search rolling out today).
There’s much talk that Anthropic’s Claude 3.5 has pulled ahead of OpenAI’s ChatGPT 4o in terms of chatbot “intelligence”, but as an overall experience ChatGPT wins hands-down. For one thing ChatGPT has been able to search the web for answers for a while now, and it works great. For another, just today OpenAI launched ChatGPT’s dedicated “search” mode. Claude has nothing like it.
But even their respective Mac apps are a stark contrast. The Claude app is a lazy Electron port. Right off the bat, the email field on the login screen doesn’t support autofill. Once you’re logged in, you don’t get any standard MacOS features. And of course because it’s Electron it’s bloated architecturally and uses a lot of memory. If you really want to use Claude as an “app” on your Mac you’d be better off saving a web app with Safari (File → Add to Dock…) than using this.
ChatGPT’s native Mac app, on the other hand, is a truly native Mac app. It looks like a Mac app and feels like a Mac app because it really is a Mac app. I’ve liked it ever since it launched back in May, and it keeps getting better. And I keep using it more and more as my go-to resource for answering questions.
I asked Claude, “What is the best way to engineer a native Mac app? What frameworks and developer tools should one use if the goal is a great Mac experience?” Claude’s answer started by positing it as a decision between SwiftUI and AppKit. Perhaps Anthropic’s Mac engineers should have asked Claude this same question before they built this turd of an Electron app.
While it’s true that after this week’s Mac announcements, every new Mac Apple sells now comes with at least 16 GB of RAM, Nick Heer reminds us that there remains a new Mac available with just 8 GB: the rather remarkable Walmart-exclusive $650 M1 MacBook Air.
Apple:
The Company posted quarterly revenue of $94.9 billion, up 6 percent year over year, and quarterly diluted earnings per share of $0.97. Diluted earnings per share was $1.64, up 12 percent year over year when excluding the one-time charge recognized during the fourth quarter of 2024 related to the impact of the reversal of the European General Court’s State Aid decision.
Jason Snell (along with his usual assortment of excellent charts illustrating Apple’s results):
The one twist: Apple recognized a one-time charge of $14.8 billion related to Apple finally having lost a long-time tax case in the European Union. That’s a lot of cash — almost exactly half of the quarter’s total income, in fact.
All in all, Apple’s business was relatively flat. iPhone sales were up 6% but flat for the fiscal year; Mac sales were up 2%, which is about how they’ve been all year; Services continues to have reliable double-digit growth, but the rate of growth slowed to 12% year-over-year.
Every product/division did fine.
Both teams had stretches of greatness on both sides of the game. Home runs. Clutch hitting in late innings. Freddie Fucking Freeman. Innings of unhittable pitching. There’s no question in my mind these are the two most talented teams in baseball. But one team made a bunch of glaring mistakes, throughout the series (and especially so tonight), and the other team made few mistakes at all.
As a lifelong Yankees fan who watched or listened to every inning of the many American League Championship Series and World Series they’ve played in since 1996, I have some experience with the various emotional results of a deep postseason baseball run. There is a new Netflix documentary devoted to one such series that did not end well for the Yankees. This year is not the worst feeling. It hurts. This sucks. But this is not the worst. These two teams were evenly matched talent-wise, but the Dodgers played much better baseball. Objectively they deserved to win. The years that really hurt are the ones when your side plays as well or even better than their opponent but loses the series anyway (usually in game 7) because there is a significant aspect of high-level baseball that comes down to chance. This was not one of those years for the Yankees.
This was a well-earned championship by the Dodgers.
(And at least they got to celebrate this at a nice ballpark.)
Apple Newsroom:
Now available in space black and silver finishes, the 14-inch MacBook Pro includes the blazing-fast performance of M4 and three Thunderbolt 4 ports, starting with 16GB of memory, all at just $1,599. The 14- and 16-inch models with M4 Pro and M4 Max offer Thunderbolt 5 for faster transfer speeds and advanced connectivity. All models include a Liquid Retina XDR display that gets even better with an all-new nano-texture display option and up to 1000 nits of brightness for SDR content, an advanced 12MP Center Stage camera, along with up to 24 hours of battery life, the longest ever in a Mac.
The base model, with the regular M4 chip, is less of a not-so-pro forgotten stepchild now. It gets a third Thunderbolt port, and is available in the same space black as the M4 Pro and Max models — last year the dark version of the plain M3 MacBook Pro was boring space gray.
After the M4 iMacs were announced Monday, my fingers were crossed for a nano-texture MacBook Pro display, and I was rewarded. The option costs just $150 on both the 14- and 16-inch models. Can’t wait to see it in person. Can we get a nano-texture display option for iPhones next year too? Matte’s where it’s at, baby.
See Also: Apple’s 15-minute mini-keynote, with a 2-minute gag at the end.
Joshua Nelken-Zitser, Business Insider:
A legal dispute between Google and Russia over suspended YouTube accounts has led to a fine so large that it exceeds all the money on Earth. Ivan Morozov, a Moscow-based lawyer, told the state-run TASS newswire that a Russian court ordered the tech giant to restore Russian media accounts on YouTube, a Google-owned company.
He said that Google’s failure to do so has resulted in a fine that had been regularly doubling for years. There is no cap on the total, the lawyer said. Morozov, who did not immediately respond to a request for comment from Business Insider, said that the cumulative amount has now reached 2 undecillion rubles — an almost unfathomable figure.
At the current exchange rate, the fine is equivalent to about $20.6 decillion. A decillion is a figure followed by 33 zeros — which, in this case, puts the fine at $20,604,600,000,000,000,000,000,000,000,000,000.
This certainly makes the EU’s fines based on a percentage of companies’ global revenue seem fair and reasonable.
Joe Rossignol, reporting for MacRumors:
Apple today in its new MacBook Pro press release announced that the MacBook Air lineup now starts with 16GB of RAM, up from 8GB previously. This change applies to the 13-inch model with the M2 chip, the 13-inch model with the M3 chip, and the 15-inch model with the M3 chip. In the U.S., the MacBook Air lineup continues to start at $999, so there is no price increase associated with the boost in RAM.
We all know Apple Intelligence has steep memory requirements, which is one factor why it’s only available on iOS devices with 8 GB or more of RAM. But 8 GB of RAM on a Mac is, practically speaking, less than 8 GB of RAM on an iPhone or iPad, because of the profound differences in how memory is managed and application life cycles work on MacOS. On MacOS, every app that looks like it’s running is actually running. And there’s no hard limit on how many apps you can run. Even if your Mac runs out of actual memory, MacOS will use swap files to handle the overflow. iOS doesn’t work that way. iOS freezes apps in the background, freeing up memory — and while M-series-based iPads do support a limited form of virtual memory swap, A-series-based iOS devices (including all iPhones) do not.
Even taking Apple Intelligence out of the equation, Apple’s MacBook lineup was years overdue for a bump in base RAM. A few months ago David Schaub created a graph showing the base RAM of Apple laptops on a logarithmic scale since 1999. Today marks only the second time in the Tim Cook era that base Mac RAM went up. (Schaub made another graph for Mac desktops that goes all the way back to 1984, and the change in slope during the Cook era is even more striking on that chart.) Base RAM on Macs has been stuck at 8 GB since 2017. Even if you count the architecture transition from Intel x86 to Apple Silicon as a de facto bump in base memory — which is arguably fair, given the performance characteristics of an 8 GB Apple Silicon Mac compared to an 8 GB Intel Mac — Macs were still grossly overdue for a bump in base memory.
So I’m not surprised that Apple took this opportunity to double base RAM in the M3 MacBook Air models. I am quite surprised, though, that they went as far as to double the base RAM even in the entry-level $999 M2 MacBook Air. Finally.
Update, 31 October: There’s always an exception to prove a rule.
Ellen Cushing, in a well-meaning piece for The Atlantic:
NPR, citing internal Post correspondence, reported that “more than 1,600 digital subscriptions had been cancelled less than four hours after the news broke.”
It was a reasonable impulse. But if Bezos is indeed why the Post is no longer endorsing candidates, and if people are worried about his outsize influence on our society, they should not be canceling their newspaper subscriptions. They should be canceling their Amazon Prime subscriptions.
Cushing wrote that Saturday; NPR yesterday reported that the Post had lost over 200,000 subscribers in the wake of Bezos blocking the paper’s endorsement of Kamala Harris. Today that number has grown to a whopping and still-growing 250,000.
I understand the sentiment but I disagree that it would be, in any way, an effective protest for two reasons. First, the Washington Post did this, not Amazon. Bezos isn’t even Amazon’s CEO anymore. I get it — he’s Amazon’s founder, and his personal wealth is largely based on his Amazon stock. But unsubscribing from the Post right now sends a direct message to the organization that prompted our collective ire.
Second, the number of Post readers and subscribers who are justifiably outraged by this constitute a significant number of the Post’s entire audience. NPR’s story pegged the Post’s pre-protest subscriber base at 2.5 million (including both print and digital). Amazon has about 200 million Prime members.
Those of us who care about this constitute no more than a tiny insignificant sliver of Amazon’s Prime subscriber base. 250,000 lost subscribers in a weekend is a shocking slap in the face for The Washington Post. It’s a significant chunk of their entire base. 250,000 lost subscribers to Amazon Prime is like taking a piss in the ocean. It doesn’t matter.
If you feel better personally cancelling your Prime membership, do it. But don’t think for a second it will matter one iota to Amazon’s bottom line. The Post, on the other hand, is reeling.
Apple Newsroom:
With M4 Pro, it takes the advanced technologies in M4 and scales them up to tackle even more demanding workloads. For more convenient connectivity, it features front and back ports, and for the first time includes Thunderbolt 5 for faster data transfer speeds on the M4 Pro model.
The M4 Mac Mini Thunderbolt story is simple not too complicated: the three rear ports on models with the regular M4 are Thunderbolt 4; the three rear ports on models with the M4 Pro are Thunderbolt 5. The front ports are just USB-C, no Thunderbolt, on all Mac Mini models. Why you might care: Thunderbolt 4 supports 40 Gbps symmetrical send/receive; Thunderbolt 5 supports 80 Gbps symmetrical send/receive or 120 Gbps send / 40 Gbps receive (e.g., for displays).
The new Mac mini footprint is less than half the size of the previous design at just 5 by 5 inches, so it takes up much less space on a desk. The super-compact system is enabled by the incredible power efficiency of Apple silicon and an innovative thermal architecture, which guides air to different levels of the system, while all venting is done through the foot.
The new Mini form factor sports a dramatically smaller footprint, but because it’s taller (which ought to be better for thermals), the difference isn’t as great by volume:
Height | Width | Depth | Area | Volume | |
---|---|---|---|---|---|
M4 Mac Mini | 5 cm | 12.7 cm | 12.7 cm | 161 cm2 | 807 cm3 |
Previous Mac Minis | 3.58 cm | 19.7 cm | 19.7 cm | 388 cm2 | 1,389 cm3 |
M2 Mac Studio | 9.5 cm | 19.7 cm | 19.7 cm | 388 cm2 | 3,689 cm3 |
Apple TV 4K | 3.1 cm | 9.3 cm | 9.3 cm | 87 cm2 | 268 cm3 |
No cheating either: the power supply remains inside the Mac Mini case. (But as shown above, the Mac Mini remains quite a bit larger than an Apple TV 4K.) One odd detail is the placement of the power button on the bottom of the case.
Base RAM goes from 8 to 16 GB (which appears to be true for all M4-based Macs) and goes up to a maximum of 64 GB with the M4 Pro, and all M4 Mac Minis support up to three displays. See Apple’s Compare page for more details on what’s new and changed.
Also interesting is the announcement format. Rather than one 30–40 minute video announcing all M4 Macs at once, Apple has made separate 10-minute-ish mini keynotes for each. iMacs yesterday, Mac Mini today, and presumably MacBook Pros tomorrow. And rather than shoot inside Steve Jobs Theater, they filmed at the new Observatory building — a smaller setting for smaller announcements.
Hartley Charlton, MacRumors:
The 2021 and 2023 iMacs have now been discontinued by Apple and prices at third-party resellers are falling. As such, some customers may be weighing up whether to pick up a 2021 or 2023 iMac instead of the latest model, while some existing iMac users may be wondering if it’s now time to upgrade to the M4 model.
The three Apple silicon iMac models share the overwhelming majority of their features, so should you consider buying or sticking with the first- or second-generation models to save money? This breakdown also serves as a way to see all the differences that the 2024 iMac brings to the table.
Super-useful comparison table of what changed between the M1, M3, and now M4 revisions.
Apple’s own ever-handy “Compare” tool on the iMac website is useful too. Here’s a comparison between the new M4 2-port and 4-port models, alongside last year’s 4-port M3 model. One difference: the entry-priced $1,300 2-port model, which has an 8-core CPU (rather than 10-core), ships with a Magic Keyboard that doesn’t have a Touch ID button; all of the 4-port/10-core configurations ship with a Touch-ID–equipped keyboard. Apple charges $150 for the Magic Keyboard With Touch ID and $100 for the one with a “lock button” instead; the bigger one with a numeric keypad is $180. Also, the new USB-C keyboards, mice, and trackpads are only available in white or black — the only way to get the color-matching models is to buy an iMac.
Jeff Bezos, in an op-ed in his Washington Post:
Let me give an analogy. Voting machines must meet two requirements. They must count the vote accurately, and people must believe they count the vote accurately. The second requirement is distinct from and just as important as the first. Likewise with newspapers. We must be accurate, and we must be believed to be accurate. It’s a bitter pill to swallow, but we are failing on the second requirement. [...]
Presidential endorsements do nothing to tip the scales of an election. No undecided voters in Pennsylvania are going to say, “I’m going with Newspaper A’s endorsement.” None. What presidential endorsements actually do is create a perception of bias. A perception of non-independence. Ending them is a principled decision, and it’s the right one. Eugene Meyer, publisher of The Washington Post from 1933 to 1946, thought the same, and he was right. By itself, declining to endorse presidential candidates is not enough to move us very far up the trust scale, but it’s a meaningful step in the right direction. I wish we had made the change earlier than we did, in a moment further from the election and the emotions around it. That was inadequate planning, and not some intentional strategy.
Bezos has always been a good writer, and this piece is no exception. But deciding to change the Post’s policy on election endorsements 12 days before any election, let alone this election, is not “inadequate planning”. Changing the policy, say, this summer, before the Republican National Convention, would be “inadequate planning”. Now though? No.
And how does any of this square with the fact that The Washington Post has an entire editorial and opinion section, that runs bylined opinion columns and commentary from the editorial board every day? You know, the section where this very column by Bezos ran?
As regards trust: declining to endorse a candidate won’t “tip the scales” an iota for Trump supporters who view The Washington Post as “fake news”. All it has done is wipe out large amounts of trust among readers who do — or at least until last week did — put their faith in the publication.
Update: Dr. Drang:
If I’m following Bezos’s logic, he must not just run the Post without letting his other business interests interfere, he must appear to run the Post without letting his other business interests interfere. The easy way to do that would be to keep his hands off the editorial board. I wonder why that didn’t occur to him? (No, I don’t really wonder.)
I wish I’d thought to make that point — Bezos’s own analogy shows how calamitous a decision this was to block an endorsement less than two weeks away from the election.
David Folkenflik, reporting for NPR:
The Washington Post has been rocked by a tidal wave of cancellations from digital subscribers and a series of resignations from columnists, as the paper grapples with the fallout of owner Jeff Bezos’s decision to block an endorsement of Vice President Kamala Harris for president.
More than 200,000 people had canceled their digital subscriptions by midday Monday, according to two people at the paper with knowledge of internal matters. Not all cancellations take effect immediately. Still, the figure represents about 8% of the paper’s paid circulation of 2.5 million subscribers, which includes print as well. The number of cancellations continued to grow Monday afternoon.
Those former subscribers who, like me, were subscribed through the App Store should already be included in that number. Apple sends developers a server notification upon cancellation, and developers can query the status of the auto-renew toggle at any time.
“It’s a colossal number,” former Post Executive Editor Marcus Brauchli told NPR. “The problem is, people don’t know why the decision was made. We basically know the decision was made but we don’t know what led to it.”
I misread this statement at first, thinking that Brauchli was saying that we don’t know why so many Post subscribers were cancelling their subscriptions. But I realized after a second read that he’s saying we don’t know why owner Jeff Bezos and publisher/CEO Will Lewis blocked the endorsement, less than two weeks out from Election Day. But we sort of do know. It’s because they’re worried Trump will win and punish, in whatever ways he can, Amazon (which has government contracts for AWS cloud services), Blue Origin (which has contracts with NASA), and Bezos personally. There’s no other explanation for this decision coming when it did, on the cusp of the election.*
Chief Executive and Publisher Will Lewis explained the decision not to endorse in this year’s presidential race or in future elections as a return to the Post’s roots: It has for years styled itself an “independent paper.” Few people inside the paper credit that rationale given the timing, however, just days before a neck-and-neck race between Harris and former President Donald Trump.
Former Executive Editor Marty Baron voiced that skepticism in an interview with NPR’s Morning Edition on Monday.
“If this decision had been made three years ago, two years ago, maybe even a year ago, that would’ve been fine,” Baron said. “It’s a certainly reasonable decision. But this was made within a couple of weeks of the election, and there was no substantive serious deliberation with the editorial board of the paper. It was clearly made for other reasons, not for reasons of high principle.”
It just doesn’t hold water to make a policy change like this 12 fucking days before any election, let alone this election. Part of what is so damaging about this to the entirety of the Post’s institutional credibility — not just its editorial page — is that Lewis’s announcement of the no-endorsement is so laughably false. Lying hurts any person or institution’s credibility. But it’s absolute poison to a news organization. And the publisher/CEO of the Post tried to sell an obvious post hoc justification. It sounds ridiculous but Bezos and Lewis would have been better off just flat out admitting they were blocking the endorsement because they fear backlash from Trump if he wins. At least that would ring true. If you’re going to serve us a pile of dog shit on a plate, tell us it’s a turd. Don’t try to tell us it’s a sandwich.
Credibility is the only true asset a news publication has.
* OK, there’s one other plausible explanation, which is that Jeff Bezos wants to see Trump win. I don’t buy that. Not because I know Bezos’s politics (although Bezos’s statements and charitable contributions on climate change certainly don’t suggest support for Donald “It’s a Hoax” Trump, a man so profoundly ignorant that he’s repeatedly espoused the belief that even if sea levels are rising, it’d be good for the world, because the result, somehow, will be more oceanfront real estate). I just don’t think Bezos would block a Post endorsement of Harris even if he personally were voting and rooting for Trump. Nothing about his stewardship of the Post since purchasing it for $250 million in 2013 suggests he’d do so. He didn’t block the Post from endorsing Hillary Clinton in 2016, nor Joe Biden in 2020. What’s different in 2024 isn’t that Harris offers a different vision than Clinton or Biden, but that Trump has laid clear his agenda of vengeance and retribution against his domestic political enemies, real and imagined, if he returns to the White House.
Apple Newsroom, in the first of what I expect to be a few days’ worth of M4 Mac updates:
The new iMac is available in an array of beautiful new colors, and the 24-inch 4.5K Retina display offers a new nano-texture glass option. iMac features a new 12MP Center Stage camera with Desk View, up to four Thunderbolt 4 ports, and color-matched accessories that include USB-C.
The new colors don’t seem all that different from the old ones, except for green, which seems much more just-plain-green green. The old iMac green was more like teal? It also seems like maybe the new colors are a bit less saturated on the back. The previous pink iMacs looked downright red from the back; the new ones look pink all around.
As a don’t-know-how-I-lived-without-it fan of the nano-texture Studio Display, I’m glad to see a nano-texture option available for the M4 iMacs. (It’s a $200 upgrade.) Fingers crossed that they offer a nano-texture option for the M4 MacBook Pros.
Nice rundown of the first wave of Apple Intelligence features from Apple Newsroom. As I wrote last week, my favorite thus far is the notification summaries. The key is not to think of them as a replacement for actually reading the messages — they just serve the same purpose as a well-written Subject line in an email. They just answer — usually quite well — “What’s this stack of notifications about?”
Update: It’s not obvious, especially given Apple’s own hype over Apple Intelligence launching to the public with today’s releases, but you still need to sign up for the Apple Intelligence waitlist to get “early access”. When I signed up during the iOS 18.1 beta cycle, it only took an hour or so before I got in. No idea if that will hold true now that it’s a public release.
(The image generation features (Image Playground, Genmoji, Image Wand) in the next round of Apple Intelligence, in the beta releases of iOS 18.2 and MacOS 15.2 that dropped last week, require a separate waiting list. I signed up for that a few hours after the betas were released last Wednesday, October 23, and I’m still waiting as I type this. The only people I know who have access to the image generation features are those who signed up for it within the first hour — maybe less — of the betas appearing.)
My thanks to WorkOS for, once again, sponsoring the week at Daring Fireball. WorkOS is a modern identity platform for B2B SaaS. Start selling to enterprise customers with just a few lines of code. Ship complex features like SSO and SCIM (pronounced skim) provisioning in minutes instead of months.
Today, some of the fastest growing startups are already powered by WorkOS, including Perplexity, Vercel, and Webflow.
For SaaS apps that care deeply about design and user experience, WorkOS is the perfect fit. From high-quality documentation to self-serve onboarding for your customers, it removes all the unnecessary complexity for your engineering team.
Greg Joswiak, on X:
Mac (😉) your calendars! We have an exciting week of announcements ahead, starting on Monday morning. Stay tuned…
Presumably these will include M4 refreshes of the MacBook Pro lineup (as foretold by those bizarre leaks to Russian YouTubers two weeks ago), iMac, and Mac Mini. And the Mac Mini, reports Mark Gurman, is set to sport an all-new, much-smaller form factor.
Reuters:
Apple convinced a federal jury on Friday that early versions of health monitoring tech company Masimo’s smartwatches infringe two of its design patents as part of a broader intellectual property dispute between the companies. The jury, in Delaware, agreed with Apple that previous iterations of Masimo’s W1 and Freedom watches and chargers willfully violated Apple’s patent rights in smartwatch designs.
But the jury awarded the tech giant, which is worth about $3.5 trillion, just $250 in damages — the statutory minimum for infringement in the United States. Apple’s attorneys told the court the “ultimate purpose” of its lawsuit was not money, but to win an injunction against sales of Masimo’s smartwatches after an infringement ruling.
On that front, jury also determined that Masimo’s current watches did not infringe Apple patents covering inventions that the tech giant had accused Masimo of copying.
$250 is just enough for Apple to buy one of its own 40mm Apple Watch SE models. (No sales tax in Delaware.) That’s about all Apple got out of this. This victory doesn’t change the ITC import ban that prevents Apple from enabling the blood oxygen sensor on watches sold in the U.S. after December 2023. It might have, if Apple had been able to win a verdict holding that Masimo’s current watches also infringe patents held by Apple. Florian Mueller, writing at IP Fray:
In order to understand the reason why Apple sued over a product practically no one buys, one has to understand the indirect ramifications for Masimo’s U.S. import ban on Apple Watches with a pulse oximetry feature. Only the indirect implications matter in this case. The short version is that if Masimo couldn’t have continued to sell its own smartwatch, they’d have lost a legally required basis for preventing Apple from selling smartwatches.
Andrew R. Chow, reporting for Time:
Twenty-four years ago, the surgeon Santiago Horgan performed the first robotically assisted gastric-bypass surgery in the world, a major medical breakthrough. Now Horgan is working with a new tool that he argues could be even more transformative in operating rooms: the Apple Vision Pro.
Over the last month, Horgan and other surgeons at the University of California, San Diego have performed more than 20 minimally invasive operations while wearing Apple’s mixed-reality headsets.
The details of this particular use case are largely about ergonomics, and the advantage Vision Pro provides seems profound:
In laparoscopic surgery, doctors send a tiny camera through a small incision in a patient’s body, and the camera’s view is projected onto a monitor. Doctors must then operate on a patient while looking up at the screen, a tricky feat of hand-eye coordination, while processing other visual variables in a pressurized environment. “I’m usually turning around and stopping the operation to see a CT scan; looking to see what happened with the endoscopy [another small camera that provides a closer look at organs]; looking at the monitor for the heart rate,” Horgan says.
As a result, most surgeons report experiencing discomfort while performing minimal-access surgery, a 2022 study found. About one-fifth of surgeons polled said they would consider retiring early because their pain was so frequent and uncomfortable. A good mixed-reality headset, then, might allow a surgeon to look at a patient’s surgical area and, without looking up, virtual screens that show them the laparoscopy camera and a patient’s vitals.
20 percent of surgeons saying they’re considering retiring early because of the discomfort from this is a high number! And the $3,500–4,000 price for Vision Pro isn’t merely acceptable in this context, it’s a downright bargain:
Christopher Longhurst, chief clinical and innovation officer at UC San Diego Health, says that while the Vision Pro’s price tag of $3,499 might seem daunting to a regular consumer, it’s inexpensive compared to most medical equipment. “The monitors in the operating room are probably $20,000 to $30,000,” he says. “So $3,500 for a headset is like budget dust in the healthcare setting.”
Makes me wonder if these high-end professional and industrial use cases are to the Vision platform this decade what desktop publishing was to the Mac in the 80s? Years ahead of mass market appeal, but a revolutionary breakthrough for a longstanding industry. Such a clear value to those in the industry that they’re not just merely ambivalently accepting the new platform, but champing at the bit to switch to them. Something for the platform to build from until boom, there’s a tipping point where it expands into the mass market. I got into graphic design and desktop publishing my sophomore year of college, in 1992, and by that time the industries of graphic design and professional printing were entirely Macintosh-based, yet the platform (counting the LaserWriter) was only 6 or 7 years old.
But in the fall of 1984, the Macintosh was considered a flop.
Chance Miller at 9to5Mac has done the yeoman’s work of providing a full illustrated change log for iOS 18.2 beta 1. Here’s one I wasn’t expecting, but which now that I think about it, isn’t surprising:
iOS 18.2 lets users set default apps for Messaging and Calling worldwide. This is managed through a new “Defaults” menu in the Settings app, where you can set defaults for these apps in the US:
- Messaging
- Calling
- Call Filtering
- Browser App
- Passwords & Codes
- Keyboards
Clearly this wouldn’t be in iOS 18.2 anywhere in the world if the European Commission weren’t demanding it for DMA compliance, but given that Apple had to do it for the EU, why not make it worldwide? This isn’t a “We think this is a bad idea” thing from Apple’s perspective, like, say, alternative app stores. It’s a “We don’t think this is all that important an idea” thing.
DMA compliance features that Apple wouldn’t have otherwise prioritized, but isn’t outright opposed to, are likely to be made available worldwide. Features Apple is opposed to will remain exclusive to the EU. For example, in iOS 18.2 beta 1 in the EU, users can now “delete” apps like Photos and Camera. That’s a spectacularly dumb idea, so it’s only in the EU.
Apple Developer News:
Following feedback from the European Commission and from developers, in these releases developers can develop and test EU-specific features, such as alternative browser engines, contactless apps, marketplace installations from web browsers, and marketplace apps, from anywhere in the world. Developers of apps that use alternative browser engines can now use WebKit in those same apps.
I just spent a few minutes trying to figure out how this works, but haven’t found it. If anyone can point me to the answer, let me know. It’s kind of bananas that EU-specific features couldn’t even be tested outside the EU until now.
Juli Clover, MacRumors:
Apple today seeded the first betas of upcoming iOS 18.2, iPadOS 18.2, and macOS Sequoia 15.2 updates to developers for testing purposes. The betas have been released while Apple is still working on iOS 18.1, iPadOS 18.1, and macOS Sequoia 15.1, updates that are set to be released next week.
Apple is rolling out Apple Intelligence features in waves, and while the first wave coming next week is relatively small, the next one is pretty big. These first developer betas of iOS 18.2 and MacOS 15.2 include: categorization and priority inbox sorting in Mail, Genmoji, Image Playgrounds (including Image Wand, where a rough sketch in Notes can be transformed into a detailed image), and ChatGPT’s integration for more complex “world knowledge” requests. And, for iPhone 16 users, Visual Intelligence.
These developer betas also contain new APIs for third-party apps: the Writing Tools API (which will allow any text app to support the features only Apple’s first-party apps have access to in iOS 18.1 and MacOS 15.1), Genmoji API (so third-party messaging apps can support them like Messages will), and Image Playground API.
With the initial wave in next week’s public releases of iOS 18.1 and MacOS 15.1, most Apple Intelligence features announced at WWDC are still missing. With these new developer betas, only a few features remain absent: priority notifications, and Siri’s more advanced features like in-app actions and personal knowledge context (the “When’s my mom’s flight arriving?” feature).
Andy McCullough, reporting for The Athletic:
Fernando Valenzuela, the Mexican southpaw who became an icon in Los Angeles during his rookie season with the Los Angeles Dodgers and remained a vibrant part of the franchise’s fabric for the next four decades, died Tuesday, the Dodgers confirmed. He was 63. [...]
In 2023, the Dodgers recognized Valenzuela’s indelible place within franchise lore by altering a club policy in his honor: Valenzuela became the first Dodger to see his number retired without reaching the Hall of Fame. Before the ceremony in August 2023, as his No. 34 took its place at Dodger Stadium in between Sandy Koufax’s No. 32 and Roy Campanella’s No. 39, Valenzuela pronounced himself shocked.
“It never crossed my mind that this would ever happen,” Valenzuela said. “Like being in the World Series my rookie year, I never thought that would happen.”
I’m only barely old enough to remember Fernandomania, but it was a genuine nationwide sensation. Everyone knew who “Fernando” was, even people who cared little to nothing about baseball. Every kid I knew, boys and girls alike, wanted a Fernando baseball card (or sticker — baseball stickers were the thing at the time).
In 1978, Valenzuela — the 12th of 12 children in a poor Mexican farming family — was a 17-year-old, pitching in an obscure Mexican pro league. A Dodgers scout who’d gone to evaluate a shortstop on the opposing team instead found himself captivated by Valenzuela’s pitching. Two years later he was an end-of-season call-up in the Dodgers’ big-league bullpen.
Then came 1981. Thanks to a fluke injury to the Dodgers’ intended starter, Valenzuela was their starting pitcher on opening day. He threw a complete game shutout. He started the season 8-0 with an ERA of 0.50. He pitched all 9 innings in each of those 8 games. His best pitch was a screwball (a breaking ball that curves the “wrong” way) — a bygone pitch no one even throws any more. His physique was more beer league than major league. His windup was comically exaggerated — more like Bugs Bunny than a typical major league pitcher. Down 2 games to 0, he led the Dodgers to victory in game 3 of the 1981 World Series against the Dodgers’ most-despised foe, the Yankees, and the Dodgers won the next 3 games to take the championship. He won both the Rookie of the Year and Cy Young awards. He spoke very little English at the time, but had a charisma that broke any language barrier. He was 20 years old.
I was 8 at the time, and already a very sore loser. Valenzuela was the first athlete I can remember from an opposing team whom I had mixed feelings about. You just couldn’t help but like him.
See More: “Remembering Fernandomania” — a splendid 11-minute short film MLB produced a few years ago. The film does a great job emphasizing how much Valenzuela meant to the Mexican-American community in Los Angeles. His playing heyday was 40 years ago, but his influence on the Dodgers’ relationship to their then-still-kinda-new home city remains palpable today.
And One More: Watch this clip from 2017 and not get goosebumps. I dare you.
Nilay Patel, after interviewing Intuit CEO Sasan Goodarzi for his Decoder podcast at The Verge:
It’s also not just lobbying: in 2022, a coalition of attorneys general from all 50 states got Intuit to agree to a $141 million settlement that required Intuit to refund low-income Americans who were eligible for free filing but were redirected to paid products. In 2023, the FTC found that TurboTax’s “free” marketing was willfully deceptive, and after the agency won an appeal early this year, Intuit was ordered to stop doing it.
I asked about that, and Sasan disagreed with me, and we went back and forth for a few minutes on it. It’s Decoder; we have exchanges like this all the time, and I didn’t think anything of it.
But then I got a note from Rick Heineman, the chief communications officer at Intuit, who called the line of questioning and my tone “inappropriate,” “egregious,” and “disappointing” and demanded that we delete that entire section of the recording. I mean, literally — he wrote a long email that ended with “at the very least the end portion of your interview should be deleted.”
We don’t do that here at The Verge.
What’s bananas about this is that the contentious segment of the interview ... wasn’t really all that contentious? If not for this controversy generated entirely by Intuit’s own comms chief, I’d have listened to the episode and might not have even thought twice about the whole segment on Intuit’s lobbying against the IRS and tax code being updated to eliminate the need for complicated tax filing. Of course Patel was going to bring this up. It’d have been shocking if he hadn’t. And I think Sasan presented Intuit’s case about as well it can be presented.
But now the episode has been the number one story at The Verge all day, and surely getting way more listens than the average Decoder episode — with listeners primed to pay attention to the segment on Intuit’s anti-tax-reform lobbying and the penalty they were fined for bilking low-income users into paid service they didn’t need.
And the Streisand effect isn’t counterintuitive. It’s obvious human nature. We want to look at and listen to things we’re told not to look at or listen to.
Joanna Stern, writing for The Wall Street Journal (News+):
If you’re expecting AI fireworks, prepare for AI … sparklers. Back in June, at the company’s annual developers conference, executives showed off do-it-yourself emojis, ChatGPT integration and a Siri that can recall the name of a person you met months ago. Apple has even been running ads for some features. None are in this release.
“This is a big lift,” Craig Federighi, Apple’s senior vice president of software engineering, told me at the company’s headquarters. “You could put something out there and have it be sort of a mess. Apple’s point of view is more like, ‘Let’s try to get each piece right and release it when it’s ready.’”
Yes, while other companies rush out generative-AI tools, sometimes with controversy, Apple is moving cautiously. Federighi denies the company is behind, saying it’s prioritizing privacy and responsibility.
It’s a very good interview, and also available on YouTube.
And yes, the higher-profile, more whiz-bang-y Apple Intelligence features aren’t shipping next week in iOS 18.1 and MacOS 15.1. But as Stern herself points out in the article, the features that are shipping are genuinely useful. Notification summaries are good — the occasional mistakes can be funny, but overall it’s solid, and especially helpful for batches of notifications from the same app or group text. The Clean Up unwanted-object-remover in Photos is great. I still haven’t spent much time trying the writing tools, but Stern has, and finds them useful. These are tools that will be used in everyday situations, in the apps they already use, by normal, non-technical iOS and Mac users. There’s a reason Apple is doing a full-court media press on this.
Jeffrey Goldberg, in a must-read, must-share piece for The Atlantic (this is a gift link, which should get you through The Atlantic’s subscriber paywall, and which link I encourage you to share with every potential voter you know):
In their book, The Divider: Trump in the White House, Peter Baker and Susan Glasser reported that Trump asked John Kelly, his chief of staff at the time, “Why can’t you be like the German generals?” Trump, at various points, had grown frustrated with military officials he deemed disloyal and disobedient. (Throughout the course of his presidency, Trump referred to flag officers as “my generals.”) According to Baker and Glasser, Kelly explained to Trump that German generals “tried to kill Hitler three times and almost pulled it off.” This correction did not move Trump to reconsider his view: “No, no, no, they were totally loyal to him,” the president responded.
This week, I asked Kelly about their exchange. He told me that when Trump raised the subject of “German generals,” Kelly responded by asking, “‘Do you mean Bismarck’s generals?’” He went on: “I mean, I knew he didn’t know who Bismarck was, or about the Franco-Prussian War. I said, ‘Do you mean the kaiser’s generals? Surely you can’t mean Hitler’s generals? And he said, ‘Yeah, yeah, Hitler’s generals.’ I explained to him that Rommel had to commit suicide after taking part in a plot against Hitler.” Kelly told me Trump was not acquainted with Rommel. [...]
As president, Trump evinced extreme sensitivity to criticism from retired flag officers; at one point, he proposed calling back to active duty Admiral William McRaven and General Stanley McChrystal, two highly regarded Special Operations leaders who had become critical of Trump, so that they could be court-martialed. Esper, who was the defense secretary at the time, wrote in his memoir that he and Milley talked Trump out of the plan. [...] Trump has responded incredulously when told that American military personnel swear an oath to the Constitution, not to the president.
There’s no hope for the deep-MAGA derps who actually cheer this on. Trump’s hope for another electoral victory, however, depends upon large swaths of conservative, or even just conservative-ish, voters who don’t take him seriously, who haven’t paid attention to all the red flags and evidence from his first term, and think he doesn’t mean what he says. He says a lot of crazy shit, yes, but when he talks about what he wants to do, he means it. There’s very little he said he wanted to do in his first term that he either didn’t do, or didn’t try to do.
Goldberg:
On separate occasions in 2020, Trump held private conversations in the White House with national-security officials about the George Floyd protests. “The Chinese generals would know what to do,” he said, according to former officials who described the conversations to me, referring to the leaders of the People’s Liberation Army, which carried out the Tiananmen Square massacre in 1989. (Pfeiffer denied that Trump said this.) Trump’s desire to deploy U.S. troops against American citizens is well documented. During the nerve-racking period of social unrest following Floyd’s death, Trump asked Milley and Esper, a West Point graduate and former infantry officer, if the Army could shoot protesters. “Trump seemed unable to think straight and calmly,” Esper wrote in his memoir. “The protests and violence had him so enraged that he was willing to send in active-duty forces to put down the protesters. Worse yet, he suggested we shoot them. I wondered about his sense of history, of propriety, and of his oath to the Constitution.” Esper told National Public Radio in 2022, “We reached that point in the conversation where he looked frankly at General Milley, and said, ‘Can’t you just shoot them, just shoot them in the legs or something?’” When defense officials argued against Trump’s desire, the president screamed, according to witnesses, “You are all fucking losers!”
There’s some hope our military leadership would resist such orders again. But there won’t be any civilian leaders like John Kelly or Mark Esper in a second Trump administration. It’d be sycophants all the way down.
Michael S. Schmidt for The New York Times:
He said that, in his opinion, Mr. Trump met the definition of a fascist, would govern like a dictator if allowed, and had no understanding of the Constitution or the concept of rule of law. [...]
When Mr. Kelly left the White House in 2019, he decided he would speak out on the record only if Mr. Trump said something that he found deeply troubling or involved him and was wildly inaccurate. Mr. Trump’s recent comments about using the military against what he called the “enemy within” were so dangerous, he said, that he felt he had to speak out.
“And I think this issue of using the military on — to go after — American citizens is one of those things I think is a very, very bad thing — even to say it for political purposes to get elected — I think it’s a very, very bad thing, let alone actually doing it,” Mr. Kelly said.
Mr. Kelly said that Mr. Trump was repeatedly told dating back to his first year in office why he should not use the U.S. military against Americans and the limits on his authority to do so. Mr. Trump nevertheless continued while in office to push the issue and claim that he did have the authority to take such actions, Mr. Kelly said.
Regarding Trump’s praise for Adolf Hitler:
“He commented more than once that, ‘You know, Hitler did some good things, too,’” Mr. Kelly said Mr. Trump told him. [...]
“First of all, you should never say that,” Mr. Kelly said that he told Mr. Trump. “But if you knew what Hitler was all about from the beginning to the end, everything he did was in support of his racist, fascist life, you know, the, you know, philosophy, so that nothing he did, you could argue, was good — it was certainly not done for the right reason.”
Mr. Kelly said that would usually end the conversation. But Mr. Trump would occasionally bring it up again.
In his first term Trump had guardrails. He hadn’t expected to actually win in 2016 and while his administration was staffed with hard-right Republicans, they were men who respected the Constitution and rule of law. There is much to criticize about Trump’s attorneys general, Jeff Sessions and Bill Barr. But both were exactly the sort of people you’d expect as attorney general under any Republican president. In fact, Barr had previously served as attorney general, under George H.W. Bush from 1991–1993 — not exactly a time of tumult or growing fascism in the United States. For attorney general in a possible second administration, ABC News is reporting that Trump is considering Aileen Cannon, the apparatchik Florida judge — utterly unqualified for the federal bench but nominated by Trump in 2020 — who threw out Trump’s stolen classified documents case this summer. To call her decision unfounded in law and seemingly based on fealty to Trump personally is putting it mildly.
Katelyn Polantz, reporting for CNN:
A federal judge on Tuesday ordered former Donald Trump attorney and New York mayor Rudy Giuliani to turn over all his valuable possessions and his Manhattan penthouse apartment to the control of Ruby Freeman and Shaye Moss, the Georgia election workers he defamed and to whom he now owes $150 million.
Judge Lewis Liman of the federal court in Manhattan said Giuliani must turn over his interest in the property to the women in seven days, to a receivership they will control. The judge’s turnover order of the luxury items is swift and simple, but the penthouse apartment will have its control transferred so Freeman and Moss can sell it, potentially for millions of dollars.
The women, who counted Georgia ballots after the 2020 election, will also be entitled to about $2 million in legal fees Giuliani has said the Trump campaign still owes him, the judge ruled.
In addition to the Trump campaign fees and the New York apartment, Giuliani must also turn over a collection of several watches, including ones given to him by European presidents after the September 11, 2001, attacks; a signed Joe DiMaggio jersey and other sports memorabilia; and a 1980 Mercedes once owned by the Hollywood star Lauren Bacall. Additionally, the judge ordered that Giuliani turn over his television, items of furniture and jewelry.
Liman hasn’t yet decided if Giuliani will be able to keep a Palm Beach, Florida, condominium he also owns, or the four New York Yankees World Series rings he has, which Giuliani’s son contends his father gave him.
Donald Trump has numerous super powers. One of them is the way that — to date — he’s suffered few consequences for crimes committed in his name. Trump Organization CFO Allen Weisselberg didn’t just do time, he served hard time in Rikers Island. Former White House official Peter Navarro? Prison. Steve Bannon? Prison. Trump’s personal lawyer Michael Cohen? Prison. The list goes on.
Now, as a result of his efforts on behalf of Trump to attempt to overthrow the results of the 2020 election, Rudy Giuliani is seemingly destitute. Rightly so. The whole “America’s Mayor” schtick was unearned, but he had it. He had respect and wealth. Now he doesn’t even own a fucking television. His whole life thrown away in disgrace to do the bidding of Donald Trump, who at this point surely wouldn’t even answer a phone call from Giuliani, let alone actually help him.
Trump, meanwhile, is a nerve-rackingly close election away from escaping unscathed.
Gian Volpicelli and Samuel Stolton, reporting for Bloomberg*:
Under the EU’s Digital Services Act, the bloc can slap online platforms with fines of as much as 6% of their yearly global revenue for failing to tackle illegal content and disinformation or follow transparency rules. Regulators are considering whether sales from SpaceX, Neuralink, xAI and the Boring Company, in addition to revenue generated from the social network, should be included to determine potential fines against X, people familiar with the matter said, asking not to be identified because the information isn’t public. [...]
X is a private company under Musk’s sole control. In considering revenue from his other companies, the commission is essentially weighing whether Musk himself should be regarded as the entity to fine as opposed to X itself, the people said. Tesla Inc.’s sales would be exempt from this calculation because it’s publicly traded and not under Musk’s full control, one of the people said. The commission hasn’t yet decided whether to penalize X, and the size of any potential fine is still under discussion, the people said.
It’d be one thing if X had been split off into a subsidiary of a larger original company, specifically to decrease the size of any potential revenue-based penalty. Like, say, if Apple suddenly decided to break off “iOS” into an independent company that licensed software to Apple to include on iPhones. But we all know that’s not what X is. X was Twitter, which was a publicly-traded company that Musk had no stake in, and which he then bought and made private.
If the EU actually decides to include revenue from SpaceX and Musk’s other companies in calculating a penalty against X, it would effectively be playing a one-sided form of Calvinball, where the rules just get made up out of whole cloth as they go along. (Except in “real” Calvinball, both sides get to change the rules as they see fit.) They’re the ones who chose percentage-of-global revenue as the basis for potential penalties. It’s not Musk’s fault that X Corp generates embarrassingly little (and decreasing) revenue. Wait, actually, that is his fault. He bought a bad business and made it a lot worse. It’s just not his fault that running X Corp into the ground financially means that he can pay any potential revenue-based penalty out of his pocket change.
* You know.
Brian McCullough:
Did Nintendo try to kill GoldenEye 007 before it was completed? Why did Shigeru Miyamoto keep telling the development team to tone down the violence? And why did the famous multiplayer aspect of the game almost not happen? It’s slappers-only on Rad History, because we’re diving into the history of THE game of the late 1990s, GoldenEye 007 for the Nintendo 64.
Had a blast talking about one of my very favorite video games ever. My main link here is to the YouTube version of the episode, but it’s also available as an audio episode for all podcast players, including Overcast and Apple Podcasts.
The New York Yankees are back in the World Series for the first time since 2009, and for the 41st time in franchise history. Their opponent: the Los Angeles Dodgers, who will appear for the 22nd time. This will be the 12th time the two teams have met in the World Series, but the first since 1981. (The Yankees won 8 of the previous 11.) A star-studded matchup with incredible history, to say the least. May the best team win.
See also: Jomboy’s pitch-by-pitch breakdown of Yankee hero Juan Soto’s series-clinching 3-run homer with 2 outs in the 10th inning against the Cleveland Guardians Saturday night. One of the best at-bats I’ve ever seen, and probably one of the top 5 home runs in the entire history of the Yankees.
My thanks to Weather Up for sponsoring this week at DF. If you’re even a semi-regular reader, you know I’m an aficionado of weather apps. There are a bunch of really good ones — including Apple’s own — but there’s an incredible degree of variety and originality in their information design, style, and priorities. Weather Up is one of my favorites, and ever since version 3 shipped earlier this year, it’s been my primary iPhone weather widget, which, in turn, makes it my most-glanced-at weather app.
Widgets are where Weather Up really shines: informative, glanceable, and intuitively interactive, simultaneously presenting what’s going to happen in the next hour and the forecast for the next few days. Yes, this is my thank-you post for a paid sponsorship, but I absolutely mean this: Weather Up’s widget is the best.
The Weather Up app takes a different approach from the widget, presenting a map-first design. No other weather app (that I’m aware of) goes map-first presentation-wise — which is likely explained by the fact that, as Weather Up developer David Barnard explained on The Talk Show, weather map data is expensive.
In fact, all weather data costs money, and good weather data costs more. Most “free” weather apps are only free at the expense of your privacy. Because you generally grant your weather apps location access — for the obvious purpose of getting local weather info and notifications wherever you go — weather apps are a top category for privacy-invasive advertising.
The developers of Weather Up, on the other hand, are privacy fanatics. Weather Up takes extra steps to protect your data. GPS coordinates are rounded to prevent precise location tracking, data requests go through Weather Up’s servers to hide your IP address, and the app doesn’t collect or share any personal data. A Weather Up subscription normally costs a very reasonable $5/month or $40/year — but with this DF sponsorship link, you can start with a completely free 7-day trial and then pay just $20 for your first year, a 50 percent discount.
If you care about weather apps at all, I implore you to give Weather Up a try. You won’t regret it.
Here’s an interesting bit of follow-up. Last month, when linking to the European Commission’s announcement of “two specification proceedings to assist Apple in complying with its interoperability obligations under the Digital Markets Act”, I wrote a sidenote on the EC’s seemingly willy-nilly use of boldface text:
Honest question: Can someone explain to me the Commission’s use of boldfacing? In the first 265 words of the press release, 66 of them are bold, across 13 different spans. They seemingly use boldfacing the way Trump capitalizes words in his tweets: indiscriminately. I find it highly distracting, like trying to read a ransom letter. It’s not just this press release, they do it all the time.
It turns out, the EU publishes an Interinstitutional Style Guide, and it has an entire entry on emphasis:
Bold type is often used in titles and headings. It can also be used in running text to show changes of subject, to highlight keywords or for emphasis in the same way that some other languages use italics. However, it should be used sparingly.
If the text is already in bold roman, words to be emphasised should be in light roman characters.
Do not overuse typographical variations for emphasis. It can have a detrimental effect on getting the message across quickly and clearly, as shown in the following examples.
Their examples, showing how overuse of boldfacing makes text harder to read, look exactly like the announcement that prompted my sidenote. Whoever writes these announcements from the Commission should read the EU’s own style guide and follow its advice.
See Also: The EU style guide’s entry on italics, which they reserve for purposes other than emphasis.
Tim Hardwick, reporting for MacRumors:
The FIDO Alliance is developing new specifications to enable secure transfer of passkeys between different password managers and platforms. Announced on Monday, the initiative is the result of collaboration among members of the FIDO Alliance’s Credential Provider Special Interest Group, including Apple, Google, Microsoft, 1Password, Bitwarden, Dashlane, and others.
Passkeys are an industry standard developed by the FIDO Alliance and the World Wide Web Consortium, and were integrated into Apple’s ecosystem with iOS 16, iPadOS 16.1, and macOS Ventura. They offer a more secure and convenient alternative to traditional passwords, allowing users to sign in to apps and websites in the same way they unlock their devices: With a fingerprint, a face scan, or a passcode. Passkeys are also resistant to online attacks like phishing, making them more secure than things like SMS one-time codes.
The draft specifications, called Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF), will standardize the secure transfer of credentials across different providers. This addresses a current limitation where passkeys are often tied to specific ecosystems or password managers.
This initiative would address one of David Heinemeier Hansson’s primary complaints about passkeys, in a post I linked to earlier today.
Hardwick mentions un-phishability as an advantage of passkeys, and that’s very true. In fact, I think that was one of the primary selling points Apple emphasized when they introduced passkey support at WWDC two years ago. A scammer who gets a victim on the phone can’t trick them into revealing a passkey like they can with passwords or one-time numeric codes. But that use case is optimized for non-technical users.
A friend texted me with another argument for passkeys: it’s somewhat common for websites to break password autofill. Maybe it’s deliberate, in the name of fighting bots? But whether deliberate or not, with passkeys, they have to work with your browser’s connected password manager. So maybe passkeys are a net win for convenience, even for technically-knowledgeable users who are unlikely to fall for phishing scams.
Speaking of passwords, Ricky Mondello — who has long been a leading member of Apple’s “Authentication Experience” team — has an interesting blog post describing the algorithm Apple uses when it suggests new strong passwords:
To make these passwords easier to type on suboptimal keyboard layouts like my colleague’s game controller, where the mode switching might be difficult, these new passwords are actually dominated by lowercase characters. And to make it easier to short-term have in your head little chunks of it to bring over to the other device, the passwords are based on syllables. That’s consonant, vowel, consonant patterns. With these considerations put together, in our experience, these passwords are actually a lot easier to type on a foreign, weird keyboard, in the rare instances where that might be needed for some of our users.
And we weren’t going to make any changes to our password format unless we can guarantee that it was as strong or stronger than our old format. So if you want to talk in terms of Shannon entropy once again, these new passwords have 71 bits of entropy, up from the 69 from the previous format. And a little tidbit for folks who are trying to match our math — [note that] we actually have a dictionary of offensive terms on device that we filter these generated passwords against and we’ll skip over passwords that we generate that contain those offensive substrings.
I’ve noticed some of these details, like that the passwords are comprised of little “fake words” and are dominated by lowercase letters, but I hadn’t noticed all of them. It’s a bunch of clever little touches, all in the aim of making strong passwords that are convenient in odd situations (like typing them with a game controller).
David Heinemeier Hansson:
Yes, passwords have problems. If you’re using them without a password manager, you’re likely to reuse them across multiple services, and if you do, all it takes is one service with awful password practices (like storing them in plain text rather than hashing them with something like bcrypt), and a breach will mean hackers might get access to all your other services.
But just because we have a real problem doesn’t mean that all proposed solutions are actually going to be better. And at the moment, I don’t see how passkeys are actually better, and, worse still, can become better. Unless you accept the idea that all your passwords should be tied to one computing ecosystem, and thus make it hard to use alternative computers. [...]
Bottom line, I’m disappointed to report that passkeys don’t appear worth the complexity of implementation (which is substantial!) nor the complexity and gotchas of the user experience. So we’re sticking to passwords and emails. Encouraging opt-in 2FA and password managers, but not requiring them.
Passkeys seemed promising, but not all good intentions result in good solutions.
I don’t have strong feelings about passkeys, but I am vaguely unsettled by them. There’s no way to use passkeys without using a proper password manager, like Apple Passwords with iCloud Keychain, or 1Password. But if you’re using a proper password manager, your passwords should all be unique and random, and you should have convenient access to 2FA codes. So what’s the point of passkeys if they can only be used by people who are already using a good password manager? Perhaps the thinking is that too many users just can’t be budged from the risky habit of using passwords they have memorized, and passkeys are a way to break that habit because they can’t be memorized.
Also, I really dislike the practice of replacing passwords with email “magic links”. Autofilling a password from my keychain happens instantly; getting a magic link from email can take minutes sometimes, and even in the fastest case, it’s nowhere near instantaneous. Replacing something very fast — password autofill — with something slower is just a terrible idea. For people who actually prefer email magic links, it’s fine as an option, but it shouldn’t be the default, and it certainly shouldn’t be the only way to sign into an account.
Samantha Cole, reporting for 404 Media:
In July, before the latest WP Engine blowup, an Automattic employee wrote in Slack that they received a direct message from Mullenweg sending them an identification code for Blind, an anonymous workplace discussion platform, which was required to complete registration on the site. Blind requires employees to use their official workplace emails to sign up, as a way to authenticate that users actually work for the companies they are discussing. Mullenweg said on Slack that emails sent from Blind’s platform to employees’ email addresses were being forwarded to him. If employees wanted to log in or sign up for Blind, they’d need to ask Mullenweg for the two-factor identification code. The implication was that Automattic — and Mullenweg — could see who was trying to sign up for Blind, which is often a place where people anonymously vent or share criticism about their workplace.
“We were unaware that Matt redirected sign-up emails until current Automattic employees contacted our support team,” a spokesperson for Blind told me, adding that they’d “never seen a CEO or executive try to limit their employees from signing up for Blind by redirecting emails.”
That does not seem compatible with a culture of trust within a company. Cole also reports that Mullenweg has made another buyout offer this week, and is threatening employees who leak to the press. This very report from 404 Media, under the headline “Employees Describe an Environment of Paranoia and Fear Inside Automattic Over WordPress Chaos”, is not going to help. The whole situation is just very depressing.
Maureen Farrell, writing for The New York Times:
In May 2022, the chief financial officer of Boar’s Head, the processed meat company, was asked a simple question under oath.
“Who is the C.E.O. of Boar’s Head?”
“I’m not sure,” he replied.
“Who do you believe to be the C.E.O. of Boar’s Head?” the lawyer persisted.
The executive, Steve Kourelakos, who had worked at the company for more than two decades and was being deposed in a lawsuit between owners, repeated his answer: “I’m not sure.”
It is odd, to say the least, when a top executive of a company claims not to know who his boss is. And Boar’s Head is no fly-by-night enterprise. The company is one of the country’s most recognizable deli-meat brands; it generates what employees and others estimate as roughly $3 billion in annual revenue and employs thousands of people.
There’s secretive, and then there’s secretive.
Apple Newsroom:
Apple today introduced the new iPad mini, supercharged by the A17 Pro chip and Apple Intelligence, the easy-to-use personal intelligence system that understands personal context to deliver intelligence that is helpful and relevant while protecting user privacy. With a beloved ultraportable design, the new iPad mini is available in four gorgeous finishes, including a new blue and purple, and features the brilliant 8.3-inch Liquid Retina display. A17 Pro delivers a huge performance boost for even the most demanding tasks, with a faster CPU and GPU, a 2× faster Neural Engine than the previous-generation iPad mini, and support for Apple Intelligence. The versatility and advanced capabilities of the new iPad mini are taken to a whole new level with support for Apple Pencil Pro, opening up entirely new ways to be even more productive and creative. [...]
Starting at just $499 with 128GB — double the storage of the previous generation — the new iPad mini delivers incredible value and the full iPad experience in an ultraportable design.
Interesting that it sports the A17 Pro, not the regular A17. Update: Whoops, I got my A-series numbers confused — the A17 Pro is the chip from last year’s iPhone 15 Pro models, and, notably, there was no non-“Pro” variant. Still, though: an interesting chip to use for iPad Mini. Here’s a link to the tech specs for the 2021 6th-gen iPad Mini for comparison.
Also interesting that it still uses Touch ID, not Face ID. Not surprising though — the iPad Mini has always been sort of, but not quite, a mini iPad Air. And in the iPad lineup, Face ID remains a Pro-exclusive feature.
After being sold out for months, the upcoming sponsorship schedule at DF is unusually open at the moment — including this upcoming week.
Weekly sponsorships have been the top source of revenue for Daring Fireball ever since I started selling them back in 2007. They’ve succeeded, I think, because they make everyone happy. They generate good money. There’s only one sponsor per week and the sponsors are always relevant to at least some sizable portion of the DF audience, so you, the reader, are never annoyed and hopefully often intrigued by them. And, from the sponsors’ perspective, they work. My favorite thing about them is how many sponsors return for subsequent weeks after seeing the results.
If you’ve got a product or service you think would be of interest to DF’s audience of people obsessed with high quality and good design, get in touch. And again, this coming week remains open.
My thanks to 1Password — which, earlier this year, acquired longtime DF sponsor Kolide — for sponsoring last week at DF. In a 2023 survey of IT and security professionals, 50 percent of respondents said that their organization’s vulnerability management program had support from leadership to “a large/great extent”. That’s good for them. But it also leaves a full half of respondents without enough support from leadership.
If you’re trying to get buy-in at your own organization, come equipped with the facts about the risks you’re facing, and come with a clear plan to remediate them. To learn more about how vulnerability management is changing, read 1Password’s blog post, and come prepared.
The less you know about this talk, the more you’ll enjoy watching it unfold. Just remarkably good. Trust me, watch it now, before anything about it is spoiled for you.
Jamie Zawinski:
For those of you who are unaware of these finer details, 0.9 was the first release of the Netscape browser (which begat Firefox) available to the general public. This beta release was an unannounced surprise. Prior to this, everyone assumed that what we were doing was going to be a standard for-sale product where you sent off your $35 and then some time later got a disc in the mail with a license key. That we just said, “Here’s our FTP site, come get it, go crazy” was, at the time, shocking to people.
The thing that confuses people sometimes about new platforms is that while the platform and its clients are different things, you usually need both to be great for the whole thing to succeed. The World Wide Web, as conceived by Tim Berners-Lee, was and remains a remarkable, world-changing platform. But it really didn’t take off until Netscape hit. It was just such a great app, including on the Mac. It was the browser the web needed.
Jonathan Gitlin, automotive editor at Ars Technica, on Tesla’s vaporware event last night:
Over time, Musk claimed the operating costs of his Cybercab would be 20 cents per mile, “and yes you’ll be able to buy one,” he told the crowd to excited shrieks. “We expect the cost to be below $30,000,” Musk said, before expounding on a business model where instead of the company owning and operating these allegedly revenue-generating assets itself, they are instead owned by private individuals who each give Tesla its regular cut. This week another four top executives left the company in advance of last night’s event, including “the global vehicle automation and safety policy lead.”
“It’s going to be a glorious future,” Musk said, albeit not one that applies to families or groups of three or more.
Musk claims that Tesla “expects to start” fully unsupervised FSD next year on public roads in California and Texas. A recent analysis by an independent testing firm found the current build requires human intervention about once every 13 miles, often on roads it has used before.
Donald F. Trump, yesterday in Detroit:
“Do you like autonomous? Does anybody like an autonomous vehicle? Know what that is? Right? When you see a car driving along? Some people do, I don’t know. A little concerning to me, but the autonomous vehicles we’re going to stop from operating.”
This, on the very day Tesla was set to hold a high-profile event to promote autonomous vehicles. This, after Elon Musk dropped to his knees and begged for Trump’s approval — exactly as Trump predicted Musk would — at one of Trump’s Hitlerjugend rallies just last week.
It’s almost enough to make you think Trump is only in it for himself and will eventually betray and humiliate every single person who believes he’s on their side, and that his screws are now so loose that it only takes days, not weeks or months, for him to forget who his ostensible oligarchic allies are.
Abhirup Roy and Akash Sriram, reporting for Reuters:
CEO Elon Musk showcased on Thursday a long-awaited robotaxi with two gull-wing doors and no steering wheel or pedals and surprised with robovan, betting on a shift in focus from low-priced mass-market cars to robotic vehicles. At a glitzy unveiling, Musk reached the stage in a “Cybercab” to be produced from 2026 — eventually in high volume — and priced under $30,000. He then introduced the robovan which can carry up to 20 people though offered few further details.
But Musk, who has a record of missing projections — and himself said he tended to be optimistic with time frames — did not say how quickly Tesla could ramp up robotaxi production, clear inevitable regulatory hurdles or implement a business plan to leapfrog robotaxi rivals such as Alphabet’s Waymo.
Even with the disclaimer of Musk’s “record of missing projections”, this is far too much credence. The availability dates, the prices — they’re all just made up. It’s a complete distraction from the fact that Tesla is way behind. Waymo is actually operating in four cities today. Somewhere in San Francisco or Austin, there’s probably a Daring Fireball reader reading this post while riding in a self-driving Waymo.
Wake me up when Tesla ships any of these vehicles. Until then, stop using the present tense about any of it. It’s all vaporware for now. (And the stock market isn’t buying it — on a day when markets are flat, Tesla is down 8 percent as I type. Update: It closed down close to 9 percent for the day.)
Also: How stupid is a two-seat taxi? “Well, there are three of us, so we better hail two rides...” It makes no sense.
Given that Calvin and Hobbes is almost certainly the best (and almost more certainly, the most beloved) comic strip ever, it’s devilishly hard to pick a favorite. But this might be mine. I thought about it often as I raised my own son.
Update: I sent this one to my son, and he sent me this one back. My boy gets me.
Lawrence Abrams, reporting for Bleeping Computer:
Internet Archive’s “The Wayback Machine” has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!,” reads a JavaScript alert shown on the compromised archive.org site.
The text “HIBP” refers to is the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service.
Hunt told BleepingComputer that the threat actor shared the Internet Archive’s authentication database nine days ago and it is a 6.4GB SQL file named “ia_users.sql”. The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.
As if that weren’t enough to make for a bad week for the Internet Archive — a seemingly irreplaceable stalwart resource of the web — they’re also under a DDoS attack. Jason Scott, archivist at Internet Archive, on Mastodon:
Someone is DDOSing the internet archive, so we’ve been down for hours. According to their twitter, they’re doing it just to do it. Just because they can. No statement, no idea, no demands.
Bethany Bongiorno, on X:
- insane battery life (17 hours with profiled usage)
- calendar recall
- speak in over 50 languages — in your own voice
- vision gesture for quick multi-modal questions
- playlist support
- timers, alarms, world clock
- touchcode gesture unlock
- pinpoint — locate your pin!
Sometimes all you can do is put your nose to the grindstone and keep plugging. But man, I don’t even hear jokes about the AI Pin any more. (Full change log.)
Kind of crazy to create an alarm clock in this era of bedside phones, but like just about everything from Nintendo, it does seem fun. (Would seem a bit more appealing if it could serve as a Bluetooth audio speaker.)
Mark Gurman, reporting for Bloomberg:
Apple Inc.’s Dan Riccio, who oversaw the company’s push into mixed-reality headsets and previously served as its hardware engineering chief, is retiring.
The veteran executive, a vice president who reports to Chief Executive Officer Tim Cook, is leaving Apple this month, according to people with knowledge of the move. Employees in Riccio’s Vision Products Group, which includes a couple thousand engineers working on headsets and related technology, were told they would become the responsibility of John Ternus, Apple’s hardware boss.
Mike Rockwell, Riccio’s current lieutenant, will continue to lead the Vision Products Group on a day-to-day basis, said the people, who asked not to be identified because the changes aren’t public.
Gurman’s framing here in his lede could leave casual readers with the impression that Riccio is perhaps leaving because of the tepid consumer response to Vision Pro, but as Gurman subsequently mentions, this timeline was seemingly in the cards ever since Riccio stepped down as senior vice president of all hardware (a role now filled by John Ternus) in 2021.
A new website/newsletter from Om Malik and Fred Vogelstein:
Both of us together have followed Silicon Valley’s innovation engine for more than 50 years. We’ve seen a lot. But one observation stands out: The best ideas — the ones that launch meaningful companies — need to seem crazy and stupid at first.
Amazon, Google and Facebook are among the most powerful companies in the world today, but each of them seemed absolutely preposterous when launched. When Jeff Bezos started Amazon as an online bookstore 30 years ago, most didn’t even know what the internet was. Larry Page and Sergey Brin founded Google in 1998 when most believed search was going nowhere. In the 2000s, Mark Zuckerberg bet Facebook could fundamentally change the way billions of people used the internet — to share everything back when most were terrified about sharing anything.
It’s this messianic belief in a vision that makes many entrepreneurs so quirky — and so interesting. It takes a unique personality to spend years saying “I’m right” when most around you say “That’s wrong.”
Love this statement of purpose.
Many Tricks:
Moom 4 is only available directly from Many Tricks; it is not available on the Mac App Store. If it were our choice, it would also be in the Mac App Store, but it’s not our choice.
Why isn’t it in the Mac App Store? Because the Mac App Store does not allow apps that aren’t sandboxed. And Moom 4 cannot be sandboxed, as its use of the Accessibility API makes that impossible. So how was Moom 3, which also uses the Accessibility API, on the Mac App Store? Simple: Moom 3 was in the store before Apple required all Mac App Store apps to be sandboxed, so it was allowed to remain in the store, as long as we never added new features.
If Apple ever changes the rules, we will submit Moom 4 for Mac App Store review, but until/unless those rules change, you can only get Moom 4 directly from us.
What a perfect example of the shortcomings of the Mac App Store. MacOS 15 Sequoia adds new window-tiling features that, on the surface, you might think Sherlock Moom — a longstanding Mac utility that automates window resizing/arranging. But Moom does so much more than Sequoia’s tiling features. It’s a fabulous utility from a great developer, but Many Tricks isn’t allowed to offer it through the Mac App Store.
Zac Bowden, writing for Windows Central:
The Surface Duo 2 has just received its likely final security update, marking an end to Microsoft’s brief return to the smartphone market. The company originally launched Surface Duo 2 in October 2021, and promised to support the product with software updates for three years. Microsoft was only able to deliver one major Android version update in that time, a pitiful number for a $1,500 device.
It wasn’t that Microsoft was only able to deliver one major Android version update in 3 years. They’re Microsoft, for chrissakes. It’s that they could only be bothered to deliver one major upgrade. Commitment is vastly underestimated in the hardware game.
Fun Halloween-themed teaser.
Chance Miller, writing for 9to5Mac:
According to multiple 9to5Mac readers and reports across social media, Home Depot has also recently started rolling out Apple Pay support. Home Depot has been a major Apple Pay holdout, resisting pressure from its customers to add support for Apple’s tap-to-pay platform. Notably, Lowe’s — Home Depot’s biggest competitor — began rolling out Apple Pay support last December. It certainly seems possible that this move by Lowe’s put pressure on Home Depot to change its strategy.
Home Depot hasn’t commented on this change in policy, and the details of the rollout aren’t explicitly clear. It appears to be a very gradual rollout that started at a small number of locations over the summer and has recently picked up momentum. Your mileage may vary for the time being, though.
I could be completely wrong, but I don’t think Home Depot was ever opposed to Apple Pay. I just think they bought into a weird point-of-sale system that didn’t support it. They’re weird terminals. And I suspect what’s happening now isn’t a come-to-Jesus moment regarding Apple Pay in particular, but a replacement of those crummy POS terminals with new ones that do support Apple Pay.
Walmart is still the biggest Apple Pay holdout by a wide margin, and the company has shown no signs of changing its tune.
With Walmart, I do think it’s strategic that they don’t support Apple Pay. I think it’s wrongheaded though, and they’ll change their minds sooner (probably) or later. Walmart, just a few years ago, was spearheading the dumbass CurrentC “pay via QR code” system. Apple Pay, from a user’s perspective, is just a private way to pay via credit or debit card — no more, no less. Whatever strategic reasons Walmart has to oppose it — which I think boil down to wanting customers to instead use a Walmart-proprietary digital payment system — aren’t worth it.
Todd Heberlein:
Cozy mysteries are a genre of crime fiction where the stories take place in small, socially intimate communities, and any violence is limited or happens offscreen. Yesterday, I experienced a “Cozy WWDC,” and it was wonderful!
The event took place in an intimate setting with about 170 developers. There were no highly produced skits, no jabs at the competition, no speculative non-existent products designed to make the media and influencers lose their shit, and no media. The event, titled “Envision the Future: Build Great Apps for visionOS,” was held at the Apple Developer Center in Cupertino on October 2nd.
It focused solely on visionOS and spanned just one day.
The presenters were live. Many wrote code and showed the results live. Sometimes demos didn’t work the first time.
I have heard from a few other attendees that this was an excellent and very productive little event.
Panic:
Well, Google has a new set of policies that require apps that connect to Google Drive to go through expensive, time-consuming annual reviews, and this has made it extremely difficult for us to reasonably maintain Google Drive access. You may have seen iA Writer’s announcement that they are stopping development of their Android version for similar reasons. Our experience was different, but our circumstances are similar. [...]
Between the weeks of waiting, submitting the required documentation and the process of scanning the code, it took a significant amount of time from our engineers. For example, Google provided a Docker image for running the scanner, but it didn’t work. We had to spend more than a week debugging and fixing it. And because the scanner found no problems, it didn’t result in any improvements to Transmit. No one benefitted from this process. Not Google, not Panic, and not our users. [...]
But then… a couple of months later, Google completely removed the option for us to scan our own code. Instead, to keep access to Google Drive, we would now have to pay one of Google’s business partners to conduct the review. They promised a discounted minimum price, but no maximum price. We realized that either we’d most likely be paying someone else a chunk of cash to run the same scanner we were running, or our bill would end up much higher.
Never been gladder that I don’t use Google Drive for anything.
Peter Baker and Dylan Freedman, reporting for The New York Times, with the conspicuous absence of Maggie Haberman from that shared byline:
Former President Donald J. Trump vividly recounted how the audience at his climactic debate with Vice President Kamala Harris was on his side. Except that there was no audience. The debate was held in an empty hall. No one “went crazy,” as Mr. Trump put it, because no one was there.
Anyone can misremember, of course. But the debate had been just a week earlier and a fairly memorable moment. And it was hardly the only time Mr. Trump has seemed confused, forgetful, incoherent or disconnected from reality lately. In fact, it happens so often these days that it no longer even generates much attention.
He rambles, he repeats himself, he roams from thought to thought — some of them hard to understand, some of them unfinished, some of them factually fantastical. He voices outlandish claims that seem to be made up out of whole cloth. He digresses into bizarre tangents about golf, about sharks, about his own “beautiful” body. He relishes “a great day in Louisiana” after spending the day in Georgia. He expresses fear that North Korea is “trying to kill me” when he presumably means Iran. As late as last month, Mr. Trump was still speaking as if he were running against President Biden, five weeks after his withdrawal from the race.
Better late than never, but if it were Joe Biden who had rambled on about “the audience going crazy” at a debate that had no audience, the New York Times would have been all over it the next day, not a month later.
I don’t think Donald Trump was ever hooked up right. But he’s clearly losing the few marbles he ever had to dementia, just like his father did. The signs were clear during his 2017–2021 term in office:
John F. Kelly, his second White House chief of staff, was so convinced that Mr. Trump was psychologically unbalanced that he bought a book called “The Dangerous Case of Donald Trump,” written by 27 mental health professionals, to try to understand his boss better. As it was, Mr. Kelly came to refer to Mr. Trump’s White House as “Crazytown.”
Of course the Times had to both-sides this story, and this is who they found to do it:
Sam Nunberg, a former Trump political adviser, said he still talked with people who see him almost daily, and had not heard of any concerns expressed about the former president’s age. “I don’t really see any major difference,” he said. “I just don’t see it.”
Nunberg is the guy who showed up shitfaced drunk on half a dozen cables news appearances at the height of the Robert Mueller investigation. That’s the guy saying, sure Trump is OK in the head today.
If you haven’t watched Trump speak in a while — because you’re on team “fuck that guy”, like any sane voter — you should watch the video clips the Times culled for this piece. Like I said, I don’t think the guy was ever hooked up right, but it’s very clear he’s in serious decline today.
My suggestion to the Harris campaign is that they should repeatedly describe Trump as “an 80-year-old”, and force Trump surrogates to correct them that he’s “only” 78.
Joe Rossignol, writing for MacRumors:
The latest video of what could be a next-generation MacBook Pro was shared on YouTube Shorts today by Russian channel Romancev768, just one day after another Russian channel shared a similar video. The clip shows a box for a 14-inch MacBook Pro that is apparently configured with an M4 chip with a 10-core CPU and a 10-core GPU, 16GB of RAM, 512GB of storage, three Thunderbolt 4 ports, and a Space Black finish. [...]
The source of these leaks is unclear. Last week, “ShrimpApplePro” claimed that at least one of the unannounced 14-inch MacBook Pro units was apparently being offered for sale in a private Facebook group. In a follow-up post on X on Sunday, the leaker claimed that he saw someone online who was apparently advertising 200 of the unannounced 14-inch MacBook Pro units for sale, leading him to believe this leak originates from a warehouse. It is unclear if these details are accurate, but this whole situation is clearly very sketchy.
It’s somewhat weird that the box art is identical to that of last year’s M3 MacBook Pros, but I lean toward thinking these are real. Best guess is that someone stole 200 of these from China and some or all of them wound up in Russia? No sympathy for Apple here if that’s what happened — if you assemble your products in a dictatorship, stuff like this is bound to happen. Kinda surprising it hasn’t happened with iPhones, which would garner far more attention and value a month ahead of launch. That it hasn’t happened with iPhones probably indicates that Apple puts more security around them than they do MacBook Pros.
Juli Clover, MacRumors:
In the release notes for the sixth beta of the macOS Sequoia 15.1 update, Apple says that users aren’t going to see as many popups for apps they regularly use.
Applications using our deprecated content capture technologies now have enhanced user awareness policies. Users will see fewer dialogs if they regularly use apps in which they have already acknowledged and accepted the risks.
Why in the world didn’t Apple take regular use of a screen-recording app into account all along?
Tyler Stalman joins the show to discuss the iPhone 16 lineup’s cameras, and the state of iPhone photography.
Sponsored by:
Sean Hollister, writing for The Verge:
Google’s Android app store is an illegal monopoly — and now it will have to change. Today, Judge James Donato issued his final ruling in Epic v. Google, ordering Google to effectively open up the Google Play app store to competition for three whole years. Google will have to distribute rival third-party app stores within Google Play, and it must give rival third-party app stores access to the full catalog of Google Play apps, unless developers opt out individually.
These were Epic’s biggest asks, and they might change the Android app marketplace forever — if they aren’t immediately paused or blocked on appeal. And they’re not all that Epic has won today. Starting November 1st, 2024, and ending November 1st, 2027, Google must also:
- Stop requiring Google Play Billing for apps distributed on the Google Play Store (the jury found that Google had illegally tied its payment system to its app store)
- Let Android developers tell users about other ways to pay from within the Play Store
- Let Android developers link to ways to download their apps outside of the Play Store
- Let Android developers set their own prices for apps irrespective of Play Billing
If this ruling holds on appeal, it’s a real loss for Google, not a token loss.
Update: Regarding the bit in the first paragraph above, about rival app stores getting access to all apps in the Play Store unless the developers opt out, I was originally confused how this could possibly work. I should have read the injunction first. It states:
For a period of three years, Google will permit third-party Android app stores to access the Google Play Store’s catalog of apps so that they may offer the Play Store apps to users. For apps available only in the Google Play Store (i.e., that are not independently available through the third-party Android app store), Google will permit users to complete the download of the app through the Google Play Store on the same terms as any other download that is made directly through the Google Play Store. Google may keep all revenues associated with such downloads. Google will provide developers with a mechanism for opting out of inclusion in catalog access for any particular third-party Android app store. Google will have up to eight months from the date of this order to implement the technology necessary to comply with this provision, and the three-year time period will start once the technology is fully functional.
This is far less radical a dictum than Hollister’s description led me to believe. What Judge Donato is demanding is effectively pass-through to the actual Play Store listing for any apps and games that aren’t available in a third-party app store. So if you search in the Brand X app store for “FooApp” but FooApp isn’t available in the Brand X store, Brand X’s store app can let you install and download FooApp from the Play Store. But that counts as a regular Play Store installation. It’s just a way to encourage users of third-party stores to search those stores first, even though the vast majority of apps will likely remain exclusively in the Play Store.
Sarah Krouse, Dustin Volz, Aruna Viswanatha, and Robert McMillan, reporting for The Wall Street Journal:
For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk. The attackers also had access to other tranches of more generic internet traffic, they said. Verizon Communications, AT&T and Lumen Technologies are among the companies whose networks were breached by the recently discovered intrusion, the people said.
The widespread compromise is considered a potentially catastrophic security breach and was carried out by a sophisticated Chinese hacking group dubbed Salt Typhoon. It appeared to be geared toward intelligence collection, the people said. [...]
The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldn’t be determined if systems that support foreign intelligence surveillance were also vulnerable in the breach.
This incident should henceforth be the canonical example when arguing against “back doors for the good guys” in any networks or protocols. It’s not fair to say that all back doors will, with certainty, eventually be compromised, but the more sensitive and valuable the communications, the more likely it is that they will. And this one was incredibly sensitive and valuable. There are downsides to the inability of law enforcement to easily intercept end-to-end encrypted communication, but the potential downsides of back doors are far worse. Law enforcement is supposed to be hard work.
We should rightfully blame China first for this attack — and the U.S. government ought to start treating such attacks by China as part of the second Cold War that they are, and retaliate in big ways — but secondary blame must go to Congress for passing the Communications Assistance for Law Enforcement Act (CALEA) in 1994, and to the FCC for broadening its interpretation a decade later. Verizon, AT&T, and the other companies whose networks were breached were — and remain — required by law to provide the back doors that the Chinese hackers exploited.
John Naughton, writing for The Guardian:
Once the use of RSS feeds had become common, someone had the idea that audio files could be attached to them, and Dave implemented the idea with a nice geeky touch — attaching a song by the Grateful Dead. Initially the new technology was called audio blogging, but eventually a British journalist came up with the term “podcasting” and it stuck.
So Dave was present at the creation of some cool stuff, but it was blogging that brought him to a wider public. “Some people were born to play country music,” he wrote at one stage. “I was born to blog. At the beginning of blogging I thought everyone would be a blogger. I was wrong. Most people don’t have the impulse to say what they think.” Dave was the exact opposite. He was (and remains) articulate and forthright. His formidable record as a tech innovator meant that he couldn’t be written off as a crank. The fact that he was financially secure meant that he didn’t have to suck up to anyone: he could speak his mind. And he did. So from the moment he launched Scripting News in October 1994 he was a distinctive presence on the web.
One of Winer’s numerous aphorisms that resonates deeply with me: People return to places that send them away.
Dave Winer:
Today is the 30th anniversary of this blog. Hola!
I did a roundup of thoughts when this blog turned 25. I stand by what I wrote then, but I’d add this. My blog started because I needed content to test a script I had written that sent emails on my Mac using Eudora, which was an early scriptable app and I had a nice scripting system that worked with it. I looked around for something to send (30 years ago today), and shot out an email to the people whose business cards I had collected at various tech conferences. It was a thrill, so I did it again, and again and three more times, before I realized hey I could use this thing to get my own ideas out there. And thus began this thing that I still do to this day. Look at the two posts I wrote about WordPress in the last few days. There may be hope to find a blogosphere buried somewhere in there. And it may be possible to give them some sweet new writing tools so they can get excited about writing on the web the way we did all those years ago. I actually am kind of optimistic about that. Maybe we can stand up something in the midst of the noise. When we booted up podcasting, approx 20 years ago, we had a slogan — “Users and developers party together.” It worked! That is still the way I want to build stuff, it’s the only way I know how to do it. Blogging started out as a programming adventure and eventually became a form of literature. How about that. I’m up for doing more of that if you all are. But please expect to make contributions, don’t expect it all to come to you for free, because as we know nothing really is free.
Winer is rightfully renowned for his technical achievements — outliners as an application genre, RSS in general, and RSS in the specific context of podcasting in particular — but what’s kept me reading Scripting News for the entirety of Scripting News’s 30-years-and-counting run is his writing. He has such a distinctive writing voice that is impossible to imagine in any medium other than the web. But I think that’s because he helped define what writing not just on the web, but for the web, even meant.
Thanks for it all, Dave.
Aaron Vegh and Ben Rice McCarthy (of Obscura renown) have teamed up to create Croissant, a new app — currently iPhone-only — for cross-posting to Mastodon, Threads, and Bluesky. 15 years ago I wrote “Twitter Clients Are a UI Design Playground” and that piece stands up, but it’s not Twitter/X in particular (certainly not anymore — X support is conspicuously omitted from Croissant’s current lineup up supported platforms), but tweet-like platforms in general. Croissant proves that this domain remains a UI playground. It’s both visually distinctive and intuitively familiar, with a fun and fluid UI. It’s the sort of app that I want to find reasons to use.
Free to download and try with a single account; $3/month, $20/year, or $60 as a one-time purchase for multi-account support, which is where Croissant really shines.
See also: Dan Moren at Six Colors, John Voorhees at MacStories, and Nick Heer at Pixel Envy.
My thanks to WorkOS for, once again, sponsoring the week at Daring Fireball. WorkOS is a modern identity platform for B2B SaaS. Start selling to enterprise customers with just a few lines of code. Ship complex features like SSO and SCIM (pronounced skim) provisioning in minutes instead of months.
Today, some of the fastest growing startups are already powered by WorkOS, including Perplexity, Vercel, and Webflow.
For SaaS apps that care deeply about design and user experience, WorkOS is the perfect fit. From high-quality documentation to self-serve onboarding for your customers, it removes all the unnecessary complexity for your engineering team.
Another good overview of the Automattic/WP Engine saga, this one from Ari Levy at CNBC:
Mullenweg may be openly enthusiastic and grateful for the employees he still has on board, but the WordPress community is a mess. Many WP Engine customers are suffering, and Automattic is gearing up for a legal fight against a private equity firm with over $100 billion in assets.
Hard not to be reminded, somewhat, of the righteous indignation fueling Steve Jobs’s end of life crusade against Google for creating Android. Some big fundamental differences, of course. WordPress is GPL open source and iOS isn’t open at all. It’s the righteous fervor of the founder/leader of the company that’s reminiscent.
Emma Roth does the yeoman’s work of summarizing the complex and fast-moving legal feud between WordPress’s commercial arm and WP Engine, a major WordPress hosting provider:
Over the past several weeks, WordPress cofounder Matt Mullenweg has made one thing exceedingly clear: he’s in charge of WordPress’ future.
Mullenweg heads up WordPress.com and its parent company, Automattic. He owns the WordPress.org project, and he even leads the nonprofit foundation that controls the WordPress trademark. To the outside observer, these might appear to be independent organizations, all separately designed around the WordPress open-source project. But as he wages a battle against WP Engine, a third-party WordPress hosting service, Mullenweg has muddied the boundaries between three essential entities that lead a sprawling ecosystem powering almost half of the web.
To Mullenweg, that’s all fine — as long as it supports the health of WordPress long-term.
See also: Mullenweg’s “alignment” offer to Automattic’s nearly 1,900 employees.
Taegan Goddard, writing at Political Wire:
It’s worth recalling that a major reason Trump won in 2016 was that, just before the election, news broke about emails related to a closed investigation into Hillary Clinton’s emails being found on Anthony Weiner’s computer, the estranged husband of a top Clinton aide.
In the end, nothing came of this discovery, but the extensive news coverage of it almost certainly swayed the election. It was the top story in every major newspaper.
But this new evidence presented against Trump wasn’t even the lead story in the New York Times or Washington Post this morning. And it didn’t even make the front page of the Wall Street Journal or USA Today.
It’s true that millions of words have already been written about Trump’s attempt to overturn the 2020 election. But there was plenty of new information included in this filing which is directly relevant to the biggest news story this month.
This, I think, is entirely explained by the conventional wisdom that the U.S. news media is “liberal”, a decades-long work-the-refs strategy from Republicans. The truth is the news media is effectively in the tank for Trump, sanewashing his literal nonsense, outright lies, and violence-inspiring hate speech against even legal immigrants. But our major political news media remains so hyper-focused on appearing not to favor one political side over the other that it’s completely lost sight of what ought to be their north star: the truth. If the truth favors one party over the other, so be it. That’s the job of reporting the news.
The difference between how these same publications treated Hillary Clinton’s “but her emails” nonsense in 2016 compared to Jack Smith’s motion this week could not be more stark.
Update: If you prefer, imagine if a special counsel appointed by the Attorney General submitted a brief alleging any crimes at all committed by Kamala Harris. Let’s say personal tax evasion — crimes, but insignificant compared to multiple attempts to overthrow the results of the last presidential election. The major U.S. newspapers and cable channels would have covered nothing else in the days since. Yet for this brief laying out copious evidence that Trump attempted the worst crime imaginable against U.S. democracy itself, it’s relative crickets chirping and shoulder shrugs. Remember too that Trump is already a convicted felon. If Harris had been convicted of a felony this year, do you think it would be mentioned more frequently in news stories than it actually is for Trump? If you don’t, I have a bridge to sell you.
I missed this announcement from MLB a month ago:
Major League Baseball today announced a new multi-year international partnership with European workwear leader STRAUSS that makes the German company the Official Workwear Partner of MLB. The partnership marks STRAUSS’ first league-wide deal in the United States. STRAUSS entered the U.S. market in late 2023, and American brand awareness is the cornerstone of its marketing efforts. The new partnership also affords STRAUSS marketing rights with MLB across Canada, Mexico and Europe. As part of the deal, STRAUSS’ name and logo will adorn MLB batting helmets during the Postseason and regular season games in Europe, as well as MiLB batting helmets all season long, beginning in 2025.
But I couldn’t miss it watching postseason games on TV this week: there’s a ridiculous-looking “Strauss” on both sides of every player’s batting helmet now, as prominent as the team logo on the front. It looks even more desperate and obsequious on the helmets than it does printed in all-caps in MLB’s bootlicking press release. This is the sort of gimmick you expect from a struggling independent minor league team, not Major League Baseball.
They should’ve put the rights to these on-helmet ads up for public auction. I’d have chipped in for a fan-backed initiative to buy that on-helmet ad space to affix this slogan: “FIRE ROB MANFRED”.
Victoria Gomelsky, reporting with absurd credulity for The New York Times:
Hodinkee, the watch enthusiast website based in Manhattan that has helped spread the gospel of mechanical watchmaking since its founding in 2008, has a new owner.
On Friday, the Watches of Switzerland Group, one of the world’s largest watch retailers with more than 220 multibrand and brand stores in Britain and the United States, announced that it had acquired the media company, which includes a website, a magazine, a brand partnerships division and an insurance business. Neither company would disclose the terms of the deal. [...]
Both Mr. Clymer and Mr. Hurley said Hodinkee’s staff, which now totals about 35 people, would remain intact and that its editorial team would remain independent of Watches of Switzerland oversight.
“But at a point in time,” Mr. Hurley said, “when you click on the Hodinkee Shop, you will see the full range of the product that WatchesofSwitzerland.com carries. We are going to do some work over the next several months to make that effectively seamless.”
There is a name for a publication that is owned by a retailer: catalog. I’d love to be proven wrong and see Hodinkee return to excellence, but that seemed far more likely as an independent website than as a subsidiary of the world’s largest premium watch retailer. For years I read Hodinkee daily; for the last few years I largely stopped reading it at all. Here’s Clymer’s own column announcing the acquisition (“joining forces”) and his return to day-to-day leadership of the site.
An important follow-up to yesterday’s item about Russia demanding Apple remove VPN apps from the Russian App Store: you can use a VPN on iOS without an app. It just requires some futzing in Settings and a VPN provider that supports it. Presumably, this technique remains available to iPhone users in Russia. Here are instructions from one such VPN provider, ForestVPN:
- Access Settings:
- Open the Settings app on your iPhone.
- Tap on General and scroll to VPN & Device Management.
- Add VPN Configuration:
- Select Add VPN Configuration.
- Choose your desired protocol, such as L2TP or IKEv2.
- Enter VPN Details:
- Fill in the necessary fields like Description, Server, Remote ID, and Local ID. These details can be found on the ForestVPN website.
- Save and Connect:
- Tap Done to save your configuration.
- Enable the VPN by toggling the switch next to your newly created profile.
VPN apps remove complexity from this process, but it’s worth noting that VPN access doesn’t require an app.
Chili Palmer, reporting for HighSpeedInternet:
Starlink announced on Oct. 2 it will offer one month of free internet in Hurricane Helene disaster areas. The free service will be available to new customers who order through the Starlink website and to customers who activate a kit they already have, whether it was donated or purchased at a retail store. Existing customers may also be eligible.
The announcement comes after more than 500 Starlink kits were distributed throughout the disaster area by private relief organizations.
It’s hard to overstate how differently Elon Musk would be perceived if he weren’t a whackjob on political and cultural issues.
Ryan Christoffel, writing for 9to5Mac:
Hurricane Helene has caused massive damage and taken over 100 lives across several US states. Many thousands of people are without power and/or cell service. But in the wake of the storm, reports have surfaced about a key iOS 18 feature that has been a lifeline for survivors: Messages via satellite.
Apple added Messages via satellite to millions of iPhones via its recent iOS 18 update. And now, according to reports on social media, it seems the feature arrived just in time. Here are a few tweets highlighting how useful the feature has proven.
It’s great that iOS 18 shipped before Helene hit, but a shame that it’s so new that most users haven’t yet upgraded. And once Helene hit and knocked out all comms in the most severely-hit areas, it was too late. (Apple hasn’t yet pushed iOS 18 to the majority of users whose devices are set to install updates automatically, and typically doesn’t do so with new iOS versions until the .1 release in October or November.) Some heads-up people were specifically recommending that iPhone 14 and 15 users in Helene’s path update to iOS 18 before it hit specifically to get this feature. But still: the feature is already making a huge difference.
Cool Hunting:
We love getting into the nerdy details of design innovations and the iPhone 16‘s new Camera Control button presented a perfect opportunity to dig in. For this first podcast of our new Design Tangents series aptly named Nerdy Details we sit down with Johnnie Manzari from the Apple Human Interface team and Rich Dinh, Senior Director of Product Design, to talk about cameras and photography through the lens of the new control on “the world’s most popular camera.”
You don’t often get to hear Apple employees speak about their work. When you do, it’s often largely about trying to get the feel right.
Zac Hall, 9to5Mac:
iPhone users are being notified about an excessive heat weather event through Apple’s Weather app on iPhone. While the weather event is happening in the Santa Clara Valley region of California, the alert says that the occurrence is happening in an area nearby regardless of where you live.
Hall had a good theory — that the warnings were being to delivered to people who live nowhere near Santa Clara Valley because Apple includes Cupertino as a default location for the Weather app — but in an update acknowledges that the warning notification is being received by users who don’t have any saved locations near the heat wave. (I’ve gotten the notification on multiple devices, and don’t have Cupertino saved as a Weather location.)
What a weird bug.
The United States Attorney’s Office for the District of Columbia:
Haotian Sun, 34, and Pengfei Xue, 34, both Chinese nationals, were sentenced today for participating in a sophisticated scheme to defraud Apple Inc. out of millions of dollars’ worth of iPhones. U.S. District Court Judge Timothy J. Kelly sentenced Sun to 57 months in prison, and sentenced Xue to 54 months in prison. [...]
According to the government’s evidence, between May 2017 and September 2019, Sun, Xue, and other conspirators defrauded Apple Inc. by submitting counterfeit iPhones to Apple Inc. for repair to get Apple to exchange them with genuine replacement iPhones. Sun and Xue received shipments of inauthentic iPhones from Hong Kong at UPS mailboxes throughout the D.C. metropolitan area. They then submitted the fake iPhones, with spoofed serial numbers and/or IMEI numbers, to Apple retail stores and Apple Authorized Service Providers, including the Apple Store in Georgetown. Trial evidence and evidence developed after trial showed that members of the conspiracy submitted more than 6,000 inauthentic phones to Apple during the conspiracy, causing an intended loss of approximately $3.8 million and an actual loss of more than $2.5 million.
This seems like a scam you might expect to get away with a few times. Maybe more than a few, if you keep taking the counterfeit iPhones to different stores. But 6,000?
Novaya Gazeta Europe:
Apple removed nearly 60 additional virtual private network (VPN) apps from its Russia App Store between July and September, significantly more than the 25 acknowledged by the Russian authorities, according to a report published on Tuesday by the Apple Censorship Project, which campaigns for greater transparency from Apple over such moves.
According to researchers at GreatFire, an organisation which monitors online censorship in China, data indicates that Apple silently removed nearly 60 VPN services from the Russia App Store between 4 July and 18 September, bringing the total number of VPN apps now unavailable in the country to 98.
The report suggests that the scale of online censorship in Russia is much greater than was previously acknowledged when Roskomnadzor, Russia’s media regulator, announced in early July that it would be blocking 25 VPN apps in the Russian App Store, including some of the world’s most popular services such as NordVPN, ExpressVPN and Proton VPN.
The kneejerk criticism to purges like this is to fault Apple for complying. But of course they have to comply. If Apple responded to this demand from the Russian government with “Nah, we’re not going to comply”, the Russian government would shut down the App Store in Russia. It’s the same reason Apple can’t just say “Nah” to complying with the DMA in the EU even though the company staunchly disagrees with the entirety of the DMA’s requirements. The law’s the law, whether the country is a brutal dictatorship or a liberal democracy.
The correct criticism to target at Apple is that this is the best argument against the App Store as the sole distribution channel of software for iOS. VPN software is still available for the Mac in Russia, and, I presume, is still available via sideloading for Android phones. When you create a choke point, you can be choked.
Christian Selig:
For those not aware, a few months ago after reaching out to me, YouTube contacted the App Store stating that Juno does not adhere to YouTube guidelines and modifies the website in a way they don’t approve of, and alludes to their trademarks and iconography.
I don’t personally agree with this, as Juno is just a web view, and acts as little more than a browser extension that modifies CSS to make the website and video player look more “visionOS” like. No logos are placed other than those already on the website, and the “for YouTube” suffix is permitted in their branding guidelines. Juno also doesn’t block ads in any capacity, for the curious.
I stated as much to YouTube, they wouldn’t really clarify or budge any, and as a result of both parties not being able to come to a conclusion I received an email a few minutes ago from Apple that Juno has been removed from the App Store.
This, to say the least, sucks. Juno is a wonderful VisionOS app — one of the very best third-party apps for the platform. It turns YouTube video watching from a totally meh experience inside Safari into a totally wow experience as a native app. It’s not like Juno was keeping people from using YouTube’s own native app because, famously, there isn’t one. A YouTube spokesperson told Nilay Patel at The Verge back in February that “a Vision Pro app is on our roadmap”, but as I wrote at the time, “given the design quality and adherence to platform design idioms of Google’s iOS apps (poor), I’m not sure they’re even capable of making a Juno-quality app.”
I still stand by that. I don’t expect to see YouTube launch a native VisionOS app soon, and even if they do, I doubt it’ll be anywhere near as good as Juno. What I was obviously wrong about in that February post was thinking that YouTube wouldn’t care about Juno’s existence, given that Juno did not block ads. All it did was make the YouTube experience great on Vision Pro.
This makes Selig — one of the most gifted indie developers working on Apple’s platforms today — 2 for 2 on getting hosed by big platforms for which Selig created exquisitely well-crafted clients. (The first, of course, was his beloved Reddit client Apollo.) If he goes 3 for 3, Phil Schiller should grant him a “trifecta” lifetime exemption from App Store commission fees.
The AP:
Technology reporter Taylor Lorenz said Tuesday that she is leaving The Washington Post, less than two months after the newspaper launched an internal review following her social media post about President Joe Biden.
Lorenz, a well-regarded expert on internet culture, wrote a book “Extremely Online” last year and said she is launching a newsletter, “User Mag,” on Substack.
Well-regarded by whom? Lorenz is a hack — a self-proclaimed social media expert done in by her own “private” Instagram post describing President Joe Biden as a “war criminal” that she subsequently lied about having posted. She didn’t “exit” the Post. She was obviously and rightfully fired.
This video from “MTT” warmed my heart. And that takes a lot. I learned Pascal on this keyboard. I absolutely loved this keyboard when I first encountered it. But, today, man, what a weird keyboard it is. I mean the arrow-key layout is one thing (up, down, left, right — arranged horizontally). But how about putting the backslash (\) key on the right of the space bar and the backtick (`) key on the left? I mean that’s just crazy. I recall absolutely loving the feel of this keyboard as a teenager but I’ve never bothered chasing one down in my adult life because I know today I could never bear the weird layout. But MTT didn’t just do the lazy thing (buy an ADB-USB adapter), he went the whole nine yards and designed and soldered his own custom parts to turn this 1986 gem into a modern day Bluetooth keyboard. Masterful.