By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: March 25, 2025

Tuesday, 25 March 2025

Of Course Trump Has Surrounded Himself With Idiots This Time Around ★

Hannah Arendt, The Origins of Totalitarianism:

Totalitarianism in power invariably replaces all first-rate talents, regardless of their sympathies, with those crackpots and fools whose lack of intelligence and creativity is still the best guarantee of their loyalty.

Eight years of Trump was going to be eight years too many no matter how it worked out, but the four year Biden term between Trump terms makes the difference clear. Trump corrected what he perceived as a lack of loyalty/fealty in his first term by surrounding himself with nothing but morons this time.

Notification Summary Miscues ★

Paul Kafasis:

Since they were first enabled last year, I have frequently found Apple Intelligence’s notification summaries for emails to be something less than helpful. Here are some I spotted in just the past few days.

The first one of these is particularly interesting because it highlights a key area where LLMs are frustratingly stupid. Kafasis got a notification summary from Apple Intelligence claiming “Package shipped for $427 order” for a used book he’d purchased. The email from Amazon, from which Apple Intelligence gleaned the information, had the price formatted thus: $4²⁷ — omitting the decimal and putting the cents in superscript. That’s a centuries-old formatting idiom for prices that remains common — e.g. at Walmart — to this day. But Apple Intelligence just sees dollar-sign, four, two, seven, and thus $427.

That’s just stupid.

But where it really gets frustrating is that everyone has to learn this at some point. If you were at Walmart with a kid, and the kid asked why, say, dog food is so expensive, pointing to a sign that says it cost $9⁸⁷ per bag, you’d explain it, once, and the kid would never forget it. “Oh, that’s just another way of writing nine dollars and eighty-seven cents — they do it that way to emphasize the dollar amount and de-emphasize the cents, which really don’t matter.” This would make intuitive sense to the child as well, because they know dog food probably costs about $10 per bag, not $1,000 per bag.

There is no way to properly explain something like this to an LLM (yet?). You can’t teach it like we do with children. Or at least you can’t do it in a way that jibes with our human sense of “learning” — it’s more like how the Guy Pearce protagonist “learns” in Christopher Nolan’s Memento. Here, tattoo another thing to remember on your arm. But at least ChatGPT is trying to learn about us, albeit in its crude Memento-like way. With Apple Intelligence in particular, you can’t teach it at all. There’s no place in the system where you can correct the very simple, easily-explained mistake it made upon seeing $4²⁷ in an email. The next time an email from Amazon comes with a price formatted like that, Apple Intelligence is likely to summarize it the exact same wrong way — off by a factor of 100 — again. And there’s nothing we can do about it.

OPSEC Isn’t Even the Worst Part of ‘SignalGate’ ★

Josh Marshal, writing at Talking Points Memo:

Especially in the national security domain, many things the government does have to remain secret. Sometimes those things remain secret for years or decades. But they’re not secrets from the U.S. government. The U.S. government owns all those communications, all those facts of its own history. Using a Signal app like this is hiding what’s happening from the government itself. And that is almost certainly not an unintended byproduct but the very reason for the use. These are disappearing communications. They won’t be in the National Archives. Future administrations won’t know what happened. There also won’t be any records to determine whether crimes were committed.

This all goes to the fundamental point Trump has never been able to accept: that the U.S. government is the property of the American people and it persists over time with individual officeholders merely temporary occupants charged with administering an entity they don’t own or possess.

Think this is hyperbole? Remember that when Trump held his notorious meeting with Vladimir Putin in Helsinki in 2019 he confiscated his translator’s notes and ordered him not to divulge anything that had been discussed. Remember that Trump got impeached over an extortion plot recorded in the government record of his phone call with President Zelensky. An intelligence analyst discovered what had happened and decided he needed to report the conduct. These aren’t hypotheticals. They’ve already happened. And he’s even been caught. Which is probably one reason there’s so much use of Signal.

The Problem Is Far More Than Just Whether Signal Is ‘Secure’ ★

Maggie Miller and Dana Nickel, reporting for Politico:

The app’s security is viewed as fairly strong due to its robust privacy features and minimal data collection, as well as default end-to-end encryption of all messages and voice calls. The app also includes a function that deletes all messages from a conversation within a set time frame, adding an additional layer of data protection. But experts agree that it shouldn’t be used by government officials as an alternative to communicating through more secure, sanctioned government communications — which Signal is not.

“It’s so unbelievable,” a former White House official, granted anonymity to discuss The Atlantic’s report candidly, said Monday. “These guys all have traveling security details to set up secure comms for them, wherever they are.”

Signal’s encryption is more than just “fairly strong”. It’s very strong, arguably the gold standard in consumer-available communications. But that’s not the point. The point is it’s a consumer application. This whole fiasco happened because you can just mistakenly add the wrong person to a group conversation, which wouldn’t be possible if the Trump national security team were using appropriate channels.

And the disappearing messages thing doesn’t add security. It adds some level of privacy, but it’s an additional factor that makes all of this completely illegal. But avoiding any future scrutiny is almost certainly one reason Trump’s kakistocratic cabinet is using Signal in the first place.

The former White House official pointed out that members of Trump’s Cabinet — including the vice president, Defense Secretary Pete Hegseth, and Director of National Intelligence Tulsi Gabbard, among others — were likely using personal devices, since in most cases, Signal cannot be downloaded onto official federal devices. This alone creates a host of cybersecurity issues.

Wrote one DF reader (who has professional experience in this area) to me today, “There is no legal way whatsoever that classified information can be communicated over the public Internet — private device, personally owned device, Chromebook, anything. It is all wildly illegal.”

Days After the Trump National Security Team’s Signal Leak, the Pentagon Warned That Russian Hackers Are Using Phishing Attacks to Abuse Signal’s ‘Linked Devices’ Feature ★

NPR:

Several days after top national security officials accidentally included a reporter in a Signal chat about bombing Houthi sites in Yemen, a Pentagon-wide advisory warned against using the messaging app, even for unclassified information.

“A vulnerability has been identified in the Signal messenger application,” begins the department-wide email, dated March 18, obtained by NPR. The memo continues, “Russian professional hacking groups are employing the ‘linked devices’ features to spy on encrypted conversations.” It notes that Google has identified Russian hacking groups who are “targeting Signal Messenger to spy on persons of interest.”

It’s not a weakness in Signal’s cryptography, it’s a hole in their device-mirroring setup. From that Google Threat Intelligence post, published last month:

The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app’s legitimate “linked devices” feature that enables Signal to be used on multiple devices concurrently. Because linking an additional device typically requires scanning a quick-response (QR) code, threat actors have resorted to crafting malicious QR codes that, when scanned, will link a victim’s account to an actor-controlled Signal instance. If successful, future messages will be delivered synchronously to both the victim and the threat actor in real-time, providing a persistent means to eavesdrop on the victim’s secure conversations without the need for full-device compromise.

You’d have to be a bit of a doofus to fall for such a phishing attack if you were in a national security leadership position, but, well, our national security leadership positions are currently occupied by what the Russians call “useful idiots”.

New York Post: ‘European Union to Fine Meta Up to $1B or More for Breaching DMA’ ★

Thomas Barrabi, reporting for The New York Post:

The European Union is set to slap Mark Zuckerberg’s Meta with a fine that could stretch to $1 billion or more for allegedly violating its strict antitrust rules, The Post has learned — setting up a possible showdown with President Trump, who has compared the EU’s penalties to “overseas extortion.”

The European Commission, the EU’s antitrust watchdog, is expected to conclude that Meta is not in compliance with the Digital Markets Act, sources close to the situation told The Post on Monday. [...] The fine is expected to be hundreds of millions of dollars and potentially more than $1 billion, the sources said. [...]

Apple is also in the EU’s crosshairs and a fine against the iPhone maker could be announced this week or next week, the sources said. Earlier this month, Reuters reported that Apple and Meta were likely to face “modest fines” for DMA breaches. EU antitrust chief Theresa [sic] Ribera previously said a decision on enforcement actions for both companies was coming in March.

Reuters Reports European Commission Will Decline to Fine Apple Over Browser Choice Screen, But Hints It Will Over Anti-Steering Provisions ★

Foo Yun Chee, reporting for Reuters under the headline “Exclusive: Apple Set to Stave Off EU Fine Into Browser Options, Sources Say”:

Apple is set to stave off a possible fine and an EU order over its browser options on iPhones after it made changes to comply with landmark EU rules aimed at reining in Big Tech, people with direct knowledge of the matter said on Tuesday. The European Commission, which launched an investigation in March last year under the Digital Markets Act (DMA), is expected to close its investigation early next week, the people said.

A win’s a win and a closed investigation’s a closed investigation, but the browser choice screen never seemed like a problem for Apple. I follow this stuff closely, and have even written (at times extensively) about how dumb and ineffective these mandatory browser choice screens are, and I didn’t realize this investigation was still open, because it seemed so clear Apple had done what they needed to for compliance.

So, more interesting to me is this bit buried lower in the article, suggesting the EC is going to fine Apple next week over non-compliance with the DMA’s anti-steering provisions:

The Commission’s decision to close the investigation early next week will come at the same time as it hands out fines to Apple and Meta Platforms for DMA violations and orders to comply with the legislation, the people said.

In this second Apple case, the issue is whether the company imposes restrictions that hinder app developers from informing users about offers outside its App Store free of charge.

WWDC 2025 Dates: June 9–13 ★

Apple Newsroom:

To celebrate the start of WWDC, Apple will also host an in-person experience on June 9 that will provide developers with the opportunity to watch the Keynote and Platforms State of the Union at Apple Park, meet with Apple experts one-on-one and in group labs, and take part in special activities. Space will be limited; details on how to apply to attend can be found on the WWDC25 website.

Right on time: in recent years, WWDC dates have been announced on:

• Tuesday 30 March 2021
• Tuesday 5 April 2022
• Wednesday 29 March 2023
• Tuesday 26 March 2024

and now today, Tuesday 25 March 2025. Last Tuesday in March next year is March 31 — that’s my guess for next year’s announcement.

And, yes, the “25” in the logo has a decidedly glassy look and some animation that’s just plain fun.

Threads Is Losing to Bluesky ★

Jon Passantino, writing at Status:

Now Threads feels rather lifeless. While users still post there, for many it has become something of a second-tier platform — a place that they dump content out of habit, not because they’re having real conversations or finding meaningful engagement.

Matt Birchler:

I believe Meta that there are hundreds of millions of people signing on every month, but they seem to be doing absolutely nothing there. More interesting stuff is on Bluesky and Mastodon, and better conversation happens on those platforms as well.

I feel the same way. Threads has dropped to a decided #3 for me after Mastodon and Bluesky, and (a) I don’t really have room in my head or time in my day for 3 of these platforms, and (b) I’m more than OK with Meta’s entry falling by the wayside.

Like, if the answer at the moment for Twitter-style social media is Bluesky (general audience) and Mastodon (nerds), that’s ... the best outcome? Even X (chaos and Musk sycophancy) seems to have a better, more defined vision for what it’s supposed to be than Threads.