Linked List: May 8, 2025

Thursday, 8 May 2025

Yours Truly on ‘Primary Technology’ ★

Co-hosts Stephen Robles and Jason Aten were kind enough to have me on their podcast earlier today, and the show’s already up:

Special guest John Gruber joins us to break down Eddy Cue’s statements on AI replacing the iPhone in 10 years, using AI search in Safari, Apple’s continued fight for App Store control, and what we’ll hear about Siri and Apple Intelligence at WWDC 2025.

Available in Overcast, Apple Podcasts, or wherever else you get your podcasts. Or watch on YouTube. Fun show.

Patrick Collison Interviews Former Apple Designer Jony Ive at Stripe Sessions ★

I’m about halfway through and already feel the need to link to this. Good questions and thoughtful answers. Just delightful.

How to Catch a North Korean Fake Worker ★

Iain Thomson, for The Register:

According to Adam Meyers, CrowdStrike’s senior veep in the counter adversary division, North Korean infiltrators are bagging roles worldwide throughout the year. Thousands are said to have infiltrated the Fortune 500.

They’re masking IPs, exporting laptop farms to America so they can connect into those machines and appear to be working from the USA, and they are using AI — but there’s a question during job interviews that never fails to catch them out and forces them to drop out of the recruitment process.

“My favorite interview question, because we’ve interviewed quite a few of these folks, is something to the effect of ‘How fat is Kim Jong Un?’ They terminate the call instantly, because it’s not worth it to say something negative about that,” he told a panel session at the RSA Conference in San Francisco Monday.

You could do the same thing with MAGA derps too. Just ask them how fat Trump is. (Via Charles Arthur.)

The Trump Administration Signal Scandal, Somehow, Gets Worse ★

Micah Lee, in a spectacularly detailed post:

On Thursday, 404 Media reported that in the Reuters photo showing former National Security Advisor and war criminal Mike Waltz checking his Signal messages under the table, he was actually using an obscure modified Signal app called TM SGNL, and not the real and actually secure Signal app.

On Friday, I wrote an analysis of everything I could find out about TM SGNL using OSINT, including the fact that it’s nearly impossible to install without a device enrolled in an MDM service that’s tied to an Apple Business Manager or a Google Enterprise account.

On Saturday, after discovering that TeleMessage published the source code for the TM SGNL apps for Android and iPhone themselves, I re-published them on GitHub with the goal of making them easier to research. (It looks like the iOS source code is actually just unmodified Signal, so maybe they actually only published their Android code.)

On Saturday night, an anonymous source told me they hacked TeleMessage.

On Sunday, I, along with Joseph Cox, published an article about the hack to 404 Media (and to my blog).

On Monday, NBC News reported that TeleMessage suspended its service after a second hacker breached TeleMessage and “downloaded a large cache of files.”

Today, Senator Ron Wyden published a letter, which cites the 404 Media article and my analysis of TM SGNL, to Attorney General Pam Bondi, requesting that the Justice Department investigate the “serious threat to U.S. national security posed by TeleMessage, a federal contractor that sold dangerously insecure communications software to the White House and other federal agencies.”

National security leaders using this app — which effectively just removes all of Signal’s actual security features by backing up all messages as plain text — is so stupid it’s surprising, even from these idiots Trump has surrounded himself with. I mean think about how stupid it is that Mike Waltz was using this app while in front of press photographers at a Cabinet meeting.

Lee goes deep, including an analysis of TM SGNL’s open source Android source code, to show that it’s designed to transmit backups of messages in plain text to publicly-facing servers. And it turns out those servers had easily-hackable flaws.