Pixel Envy

Written by Nick Heer.

Comcast Said to Be in Talks to Buy 21st Century Fox Assets

Brooks Barnes and Michael J. de la Merced, New York Times:

Comcast, the cable giant and owner of NBCUniversal, is in preliminary talks to buy entertainment assets owned by 21st Century Fox, including a vast overseas television distribution business, the Fox movie studio, the FX cable network and a group of regional sports channels.

Under the deal being discussed, the Murdoch family, which controls 21st Century Fox, would retain the Fox News cable network, certain sports holdings, a chain of local television stations and the Fox broadcast network.

Disney is also rumoured to be interested in these Fox assets, as is Sony. All of these companies are gigantic media conglomerates, Comcast being the largest in the United States, Disney being the second largest, and 21st Century Fox third.

One thing that’s absolutely critical to understand when considering questions about media ownership and net neutrality is that there are few major media companies that are in single lines of business. Increasingly, these conglomerates are becoming vertically integrated with unprecedented reach: they finance movies and television, distribute and market their programming, some provide the cable and internet services that transmit video to viewers’ computers and televisions, and many own or have major stakes in streaming platforms as well. So as the FCC contemplates dismantling net neutrality regulations, they are helping create a situation in which Comcast could conceivably own and prioritize their media assets from their production to your couch, while restricting competition. Imagine if heyday-era General Motors owned everything from steel mills to parts of the Interstate system, but instead of transportation, it’s information and entertainment.

I maintain that Comcast should never have been allowed to buy NBCUniversal. That kind of cross-market dominance is toxic for competition. A similar mistake should be avoided by blocking their purchase of 21st Century Fox’s entertainment businesses as well.

Gizmodo’s Review of the Google Pixel Buds

Adam Clark Estes of Gizmodo does not like Google’s Pixel Buds very much. Even a feature I was very excited about — real-time in-ear translation — sounds like a broken experience in practice:

I did get the translation feature to work, by the way, and it’s just as confusing as everything else about the Pixel Buds. You’d think that you could just tap the right earbud and ask Google to translate what you’re hearing, but it’s more complicated than that. You do have to tap the earbud and ask Google to translate, but then you have to open up the Google Translate app and hold your phone in front of your foreign language-speaking friend. And, of course, your phone must be a Google Pixel or Pixel 2.

The dream is to be able to have a relatively normal conversation with someone whose language you don’t speak, right? That’s clearly not what you get here. That’s a shame, because it’s something Google ought to be able to do very well — or, at least, that’s the promise of a company that mines the world’s data, isn’t it?

HomePod Launch Delayed Until Early Next Year

Nicole Nguyen, Buzzfeed:

In June, Apple announced that it was challenging Amazon’s sleeper hit Amazon Echo with its own voice assistant-enabled speaker, called HomePod, and said the product would be released in December 2017. Today, the company released a statement that the speaker will be delayed until 2018: “We can’t wait for people to experience HomePod, Apple’s breakthrough wireless speaker for the home, but we need a little more time before it’s ready for our customers. We’ll start shipping in the US, UK, and Australia in early 2018.”

I’ve been trying to figure out why the HomePod was announced at WWDC in June at all instead of, say, during Apple’s more product-focused September keynote. My best guess is that it was a way to complete the story of SiriKit in a broader context and encourage adoption.

No word on the iMac Pro, by the way, which is still scheduled to begin shipping in December.

FCC Reportedly Plans December Vote on Net Neutrality Rules

David Shepardson, Reuters:

The head of the Federal Communications Commission is set to unveil plans next week for a final vote to reverse a landmark 2015 net neutrality order barring the blocking or slowing of web content, two people briefed on the plans said.

In May, the FCC voted 2-1 to advance Republican FCC Chairman Ajit Pai’s plan to withdraw the former Obama administration’s order reclassifying internet service providers as if they were utilities. Pai now plans to hold a final vote on the proposal at the FCC’s Dec. 14 meeting, the people said, and roll out details of the plans next week.

The FCC is currently in Republican hands; today, they voted to lift regulations that prevent broadcasters and newspapers from common ownership in the same market. According to Shepardson, the FCC also plans to vote in December to lift rules preventing any single media company from owning television stations reaching 39% of households. The cumulative effect of this push to lift sensible regulations will likely be catastrophic for independent media and diverse viewpoints. It fundamentally rots the very idea of a free and independent press, and is ruinous for a healthy democracy.

It’s worth pointing out that rescinding net neutrality regulations is not what Americans want. Jon Brodkin, Ars Technica:

The FCC voted in May to take public comment on a preliminary proposal to overturn the 2015 net neutrality order. With the public comment period now over, Pai is free to push through a final vote.

The public comments were dominated by spam and form letters, but a study funded by ISPs found that 98.5 percent of unique comments were written by people who want the FCC to leave the rules in place.

Statistically, if you’re American, you favour preserving these regulations. Ajit Pai and the other Republican commissioners at the FCC are currently planning to vote against the will and want of an overwhelming majority of Americans. That’s outrageous.

Comparing Charging Speeds With ‘Faster Wireless Charging’ in iOS 11.2

Matt Birchler:

iOS 11.2 is currently in beta, and will be released to all iPhone and iPad users in the coming weeks, and one of the key features for iPhone 8/8 Plus/X owners is accelerated wireless charging. Previously, all wireless charging was limited to 5W, but this update will raise that limit to 7.5W. That’s a 50% increase in power on paper, but I had to know what the real world difference was.

The only place I’m considering using one of these inductive charging pads is on my desk at work, because I still use wired headphones because I can’t find a pair of wireless headphones that I like. But I’m having a hard time justifying the expense for what is effectively a glorified trickle charger, especially since battery life with my iPhone X has been fantastic.

Update: I’ve heard that 7.5W charging is only supported on certain charging bases; as far as I can figure out, that’s limited right now to the Mophie and Belkin ones that are sold through Apple’s online store. Both of those charging bases carry a note like this:

High-speed wireless charging

Leverages Qi wireless technology to deliver safe, quick-charging speeds with up to 7.5W of power.

As Federico Viticci writes, the Qi standard supports up to 15W, so I’m not sure why the third beta of iOS 11.2 unlocks only up to 7.5W, nor do I understand why only specific base stations will apparently support this faster charging rate.

SafeGraph’s 17 Trillion Data Points

Adrianne Jeffries, the Outline:

This morning, a few publications ran with a holiday-themed data study about how families that voted for opposite parties spent less time together on Thanksgiving, especially in areas that saw heavy political advertising. It’s an interesting finding about how partisan the country is becoming, and admirably, the study’s authors tried to get data that would be more accurate than self-reporting through surveys. To do this, they tapped a company called SafeGraph that provided them with 17 trillion location markers for 10 million smartphones.

The data wasn’t just staggering in sheer quantity. It also appears to be extremely granular. Researchers “used this data to identify individuals’ home locations, which they defined as the places people were most often located between the hours of 1 and 4 a.m.,” wrote The Washington Post.

SafeGraph was also able to use their data to state that attendees at Donald Trump’s inauguration had lower household incomes than those attending the Women’s March the following day which, regardless of whether you believe it, is a deeply creepy claim.

I have no idea which apps share my data with SafeGraph because I grant so many apps approval to share collected information with third parties, with no mention of what those third parties may be. I don’t like that I have seemingly no control over this; blanket approval statements are pretty standard in privacy policies on websites and in apps, and they need to be stopped. I did not explicitly give permission for my data to be shared with a creepy location tracking company, and it’s completely unfair to assume that it’s okay.

For what it’s worth, iOS should also request explicit permission to enable ad tracking. It is presently allowed by default — at least in Canada — and users must opt out in Settings.

Facebook Is a Dingleberry on Democracies

Stevan Dojcinovic, in an op-ed for the New York Times, reacting to the fallout from Facebook’s announcement last month that they would move unpaid news stories from pages into a separate News Feed in some countries:

It wasn’t just in Serbia that Facebook decided to try this experiment with keeping pages off the News Feed. Other small countries that seldom appear in Western headlines — Guatemala, Slovakia, Bolivia and Cambodia — were also chosen by Facebook for the trial.

Some tech sites have reported that this feature might eventually be rolled out to Facebook users in the rest of the world, too. But of course no one really has any way of knowing what the social media company is up to. And we don’t have any way to hold it accountable, either, aside from calling it out publicly. Maybe that’s why it has chosen to experiment with this new feature in small countries far removed from the concerns of most Americans.

But for us, changes like this can be disastrous. Attracting viewers to a story relies, above all, on making the process as simple as possible. Even one extra click can make a world of difference. This is an existential threat, not only to my organization and others like it but also to the ability of citizens in all of the countries subject to Facebook’s experimentation to discover the truth about their societies and their leaders.

It’s pretty astonishing that an experiment like this would be announced around the same time that Facebook is being questioned about the possible role that misleading targeted ads may have played in the 2016 U.S. Presidential election. There’s no indication yet just how influential these ads were on specific voters or the election itself, but if they had even a slight sway in a developed democracy like that in the U.S., just imagine how influential highly-targeted ads may be in newer and, usually, weaker democracies. Facebook’s careless U.S.-centric attitude is frightening from this non-American’s perspective.

A small quibble with Dojcinovic’s piece: its headline is “Hey, Mark Zuckerberg: My Democracy Isn’t Your Laboratory”, and he refers to “Mark Zuckerberg’s arbitrary experiments”. I think ascribing the actions of a company to its notable figureheads is unproductive as I feel that it reduces a concerning issue of egregious corporate influence and accountability to a personal spat.

The iPhone X

I’ve been using my iPhone X for nearly a week now and, while I have some thoughts about it, by no means am I interested in writing a full review. There seem to be more reviews of the iPhone X on the web than actual iPhone X models sold. Instead, here are some general observations about the features and functionality that I think are noteworthy.

The Hardware

The iPhone X is a product that feels like it shouldn’t really exist — at least, not in consumers’ hands. I know that there are millions of them in existence now, but mine feels like an incredibly well-made, one-off prototype, as I’m sure all of them do individually. It’s not just that the display feels futuristic — I’ll get to that in a bit — nor is it the speed of using it, or Face ID, or anything else that you might expect. It is all of those things, combined with how nice this product is.

I’ve written before that the magic of Apple’s products and their suppliers’ efforts is that they are mass-producing niceness at an unprecedented scale. This is something they’ve become better at with every single product they ship, and nothing demonstrates that progress better than the iPhone X.

It’s such a shame, then, that the out-of-warranty repair costs are appropriately high, to the point where not buying AppleCare+ and a case seems downright irresponsible. Using the iPhone X without a case is a supreme experience, but I don’t trust myself enough to do so. And that’s a real pity, because it’s one of those rare mass-produced items that feels truly special.

The Display

This is the first iPhone to include an OLED display. It’s made by Samsung and uses a diamond subpixel arrangement, but Apple says that it’s entirely custom-designed. Samsung’s display division is being treated here like their chip foundry was for making Apple’s Ax SoCs.

And it’s one hell of a display. It’s running at a true @3x resolution of 458 pixels per inch. During normal use, I can’t tell much of a difference between it and the 326 pixel-per-inch iPhone 6S that I upgraded from. But when I’m looking at smaller or denser text — in the status bar, for example, or in a long document — this iPhone’s display looks nothing less than perfect.

One of the reasons this display looks so good is because of Apple’s “True Tone” feature, which matches the white balance of the display to the environment. In a lot of indoor lighting conditions, that’s likely to mean that the display is yellower than you’re probably used to. Unlike Night Shift, though, which I dislike for being too heavy-handed, True Tone is much subtler. Combine all of this — the brightness of the display, its pixel density, its nearly edge-to-edge size, and True Tone — with many of iOS’ near-white interface components and it really is like a live sheet of paper in your hand.

Because it’s an OLED display that has the capability of switching on and off individual pixels, it’s only normal to consider using battery-saving techniques like choosing a black wallpaper or using Smart Invert Colours. I think this is nonsense. You probably will get better battery life by doing both of those things, but I’ve been using my iPhone X exactly the same as I have every previous phone I’ve owned and it gets terrific battery life. Unless you’re absolutely paranoid about your battery, I see no reason in day-to-day use to treat the iPhone X differently than you would any other phone.

I’m a total sucker for smaller devices. I’d love to see what an iPhone SE-sized device with an X-style display would be like.

Face ID

Face ID is, for my money, one of the best things Apple has done in years. It has worked nearly flawlessly for me, and I say that with no exaggeration or hyperbole. Compared to Touch ID, it almost always requires less effort and is of similar perceptual speed. This is particularly true for login forms on the web: where previously I’d see the Touch ID prompt and have to shuffle my thumb down to the home button, I now just continue staring at the screen and my username and password are just there.

I’m going to great pains to avoid the most obvious and clichéd expression for a feature like this, but it’s apt here: it feels like magic.

The only time Face ID seems to have trouble recognizing me is when I wake up, before I’ve put on my glasses. It could be because my eyes are still squinty at the time and it can’t detect that I’m looking at the screen, or maybe it’s just because I look like a deranged animal first thing in the morning. Note, though, that it has no trouble recognizing me without my glasses at any other time; however, I first set up Face ID while wearing my glasses and that’s almost always how I use it to unlock my phone. That’s how it recognizes me most accurately.

UI Differences

Last week, I wrote that I found that there was virtually no learning curve for me to feel comfortable using the home indicator, and I completely stand by that. If you’ve used an iPad running iOS 11, you’re probably going to feel right at home on an iPhone X. My favourite trick with the home indicator is that you can swipe left and right across it to slide between recently-used apps.

Arguably, the additional space offered by the taller display is not being radically reconsidered, since nearly everything is simply taller than it used to be. But this happens to work well for me because nearly everything I do on my iPhone is made better with a taller screen: reading, scrolling through Twitter or Instagram, or writing something.

The typing experience is, surprisingly, greatly improved through a simple change. The keyboard on an iPhone X is in a very similar place to where it is on a 4.7-inch iPhone, which means that there’s about half an inch of space below it. Apple has chosen to move the keyboard switching button and dictation control into that empty space from beside the spacebar, and this simple change has noticeably improved my typing accuracy.

In a welcome surprise, nearly all of the third-party apps I use on a regular basis were quickly updated to support the iPhone X’s display. The sole holdouts are Weather Line, NY Times, and Spotify.

I have two complaints with how the user interfaces in iOS work on the iPhone X. The first is that the system still seems like it is adapting its conventions to fit bigger displays. Yes, you can usually swipe right from the lefthand edge of the display to go back to a previous screen, but toolbars are still typically placed at the top and bottom of the screen. With a taller display, that means that there can be a little more shuffling of the device in your hand to hit buttons on opposite sides of the screen.

My other complaint is just how out of place Control Centre feels. Notification Centre retains its sheet-like appearance if it’s invoked from the left “ear” of the display, but Control Centre opens as a sort of panelled overlay with the status bar in the middle of the screen when it is invoked from the right “ear”. The lack of consistency between the two Centres doesn’t make sense to me, nor does the awkward splitting of functionality between the two upper corners of the phone. It’s almost as though it was an adjustment made late in the development cycle.

I don’t know what the ideal solution is for the iPhone X. Control Centre on the iPad is a part of the multitasking app switcher, and that seems like a reasonable way to display it on the iPhone, too. I’m curious as to why that wasn’t shipped.

Cameras and Animoji

This is the first dual-camera iPhone I’ve owned so, not only do I get to take advantage of technological progress in hardware, I also get to use features like Portrait Mode on a regular basis. Portrait Mode is very fun, and does a pretty alright job in many environments of separating a subject from its background. Portrait Lighting, new in the iPhone 8 and iPhone X, takes this one step further and tries to replicate different lighting conditions on the subject. I found this to be much less reliable, with the two spotlight-style “stage lighting” modes to be inconsistent in their subject detection abilities.

The two cameras in this phone are both excellent, and the sensor captures remarkable amounts of data, especially if you’re shooting RAW. Noise is well-controlled for such a small sensor and, in some lighting conditions, even has a somewhat filmic quality.

I really like having the secondary lens. Calling it a “telephoto” lens is, I think, a stretch, but its focal length creates some nice framing options. I used it to take a photo of my new shoes without having to get too close to the mirror in a department store.

Animoji are absurdly fun. The face tracking feels perfect — it’s better than motion capture work in some feature films I’ve seen. I’ve used Animoji more often as stickers than as video messages, and it’s almost like being able to create your own emoji that, more or less, reflects your actual face. I only have two reservations about Animoji: they’re only available as an iMessage app, and I worry that it won’t be updated regularly. The latter is something I think Apple needs to get way better at; imagine how cool it would be if new iMessage bubble effects were pushed to devices remotely every week or two, for example. It’s the same thing for Animoji: the available options are cute and wonderful, but when Snapchat and Instagram are pushing new effects constantly, it isn’t viable to have no updates by, say, this time next year.

AppleCare+

I mentioned above that I bought AppleCare+ for this iPhone. It’s the first time I’ve ever purchased AppleCare on a phone, and only the second time I’ve purchased it for any Apple product — the first was my MacBook Air because AppleCare also covered the Thunderbolt Display purchased around the same time. This time, it was not a good buying experience.

I started by opening up the Apple Store app, which quoted $249 for AppleCare+ for the iPhone X. I tapped on the “Buy Now” button in the app but received an error:

Some products in your bag require another product to be purchased. The required product was not found so the other products were removed.

As far as I can figure out, this means that I need to buy an iPhone X at the same time, which doesn’t make any sense as the Store page explicitly says that AppleCare+ can be bought within sixty days.

I somehow wound up on the check coverage page where I would actually be able to buy extended coverage. After entering my serial number and fumbling with the CAPTCHA, I clicked the link to buy AppleCare. At that point, I was quoted $299 — $50 more than the store listing. I couldn’t find any explanation for this discrepancy, so I phoned Apple’s customer service line. The representative told me that the $249 price was just an estimate, and the $299 price was the actual quote for my device, which seems absurd — there’s simply no mention that the advertised price is anything other than the absolute price for AppleCare coverage. I went ahead with my purchase, filling in all my information before arriving at a final confirmation page where the price had returned to $249, and that was what I was ultimately charged.

It’s not the $50 that troubles me in this circumstance, but the fact that there was a difference in pricing at all between pages on Apple’s website. I don’t know why I was ever shown a $299 price, nor do I understand why I’m unable to use the Apple Store app to purchase AppleCare+ for my iPhone X using my iPhone X.

How Not to Make Coffee

Albert Burneko, Deadspin:

The world has lots of very stupid ideas in it. One of them, one of the most harmful, is the prevailing idea of what it means for one thing to be technologically superior to another. Only a culture sunken to a really frightening and apocalyptic level of libertarian stupidity would regard the Keurig machine — a sophisticated, automated robot designed specifically and only to brew a single serving of coffee, rather than a big efficient pot of it; which presents only illusory ease and convenience only to whoever is using it at the moment of his or her use and to no one else, and only via fragile technologized mediations it wears atop its primary function like an anvil, or a bomb collar; which can be rendered literally unusable by the breakdown of needless components completely ancillary to that primary function — as a technological improvement upon the drip coffeemaker, or the French press, or putting some coffee grounds in a fucking saucepan with some water and holding it over a campfire for a little while until the water smells good. It is not technologically superior to any of those! It is vastly technologically inferior to all of them. It is a wasteful piece of trash. It is not a machine engineered to improve anything or to resolve a problem, but only and entirely the pretext for a sales pitch, a means to separate someone from their money.

Two things that Burneko does not cover in his otherwise comprehensive explanation of a Keurig machine’s failings: dosage and price per pound. Let’s start with dosage.

A K-Cup pod contains somewhere between 9 and 13 grams of coffee grounds. The coffee I make is a bit stronger than most people make, but it’s nowhere near knock-your-head-off territory; even so, I use about 20–22 grams of beans per cup in my AeroPress and follow a method similar to Kaye Joy Ong’s. But even if you like your coffee a little closer to average, you have to fall a long way to get to nine measly grams of beans. That and a Keurig’s low brewing temperature go a long way towards explaining why every cup of Keurig coffee I’ve ever had tastes like laundry water.

And then there’s the price of all of this — up to $50 per pound. There is almost nowhere on Earth you can’t get better coffee shipped to your door for less than $50 per pound. The Keurig is an utterly absurd way to brew expensive instant coffee not very well.

Update: It turns out that some fans of Sean Hannity are destroying their Keurig machines in a bizarre protest that they think offends liberals. This post has absolutely nothing to do with that. For extra credit, reflect on how absurd this update truly is.

Not Every Article Needs a Picture

Hanson O’Haver, the Outline:

Pictures and text often pair nicely together. You have an article about a thing, and the picture illustrates that thing, which in many cases helps you understand the thing better. But on the web, this logic no longer holds, because at some point it was decided that all texts demand a picture. It may be of a tangentially related celeb. It may be a stock photo of a person making a face. It may be a Sony logo, which is just the word SONY. I have been thinking about this for a long time and I think it is stupid. I understand that images —> clicks is industry gospel, but it seems like many publishers have forgotten their sense of pride. If a picture is worth a thousand words, it’s hard for me to imagine there’ll be much value in the text of an article illustrated by a generic stock image.

The Outline is, of course, also a contributor to this trend. A photo of Mark Zuckerberg leads this story about Facebook’s dumb-as-bricks idea to combat revenge porn — which, incidentally, is almost exactly one of O’Haver’s examples. A great article about Twitter’s inconsistent character limit for those using accessibility features is illustrated, for some reason, by an old-timey photo of a man using a Monotype keyboard.

At some point in the past several years, the millions of different possibilities of turning individual pixels into a website coalesced around a singularly recognizable and repeatable form: logo and menu, massive image, and page text distractingly split across columns or separated by even more images, subscription forms, or prompts to read more articles. The web has rapidly become a wholly unpleasant place to read. It isn’t the fault of any singular website, but a sort of collective failing to prioritize readers.

I don’t know about you, but I’ve become numb to the web’s noise. I know that I need to wait for every article I read to load fully before I click anywhere, lest anything move around as ads are pulled in through very slow scripts from ten different networks. I know that I need to wait a few seconds to cancel the autoplaying video at the top of the page, and a few more seconds to close the request for me to enter my email and receive spam. And I know that I’ll need to scroll down past that gigantic header image to read anything, especially on my phone, where that image probably cost me more to download than anything else on the page.

These photos add nothing but hundreds of kilobytes to the story. They can easily be replaced with pictures of William Howard Taft with little consequence. It’s just another reason why full-text RSS feeds continue to be one of the best ways to read a website’s articles.

Apple Releases Clips 2.0

Earlier this week, I noted on Twitter that I thought that one of Apple’s biggest misses when they released the iPhone 4 was not including a version of Photo Booth. Photo Booth was a huge deal for the Mac when it was included with new Macs that had the built-in iSight camera. Imagine if Apple had released a version of it for the iPhone at any point in the past six years and updated its built-in filters weekly. I think it would have been extremely popular.

Well, they’ve kind of done that with the second version of Clips, their quick little video editing app. I wasn’t enthralled with it when it was first released and, as far as I could tell, neither were most people.

But this new version is exciting. Apple has completely redesigned the app so it’s way easier to use, and they’ve added a new Scenes feature to allow you to virtually change your environment. Fans of Photo Booth might remember Backdrops; Scenes is like that, only far more reliable — I bet it uses ARKit — and with way cooler effects. You can place yourself into a futuristic metropolis, outer space, or even into Star Wars locations.

Clips 2.0 is still too complicated to feel as lightweight and fun as Photo Booth; Snapchat and Instagram — and, to an extent, Animojis — have that market cornered. I’d like to see Clips receive more frequent updates, but there’s something good here that’s absolutely worth checking out if you haven’t tried Clips recently.

Wallpaper’s Guided Tour of Apple Park With Jony Ive

You’ve read Steven Levy’s tour of Apple Park, and you’ve read Christina Passariello’s for the Wall Street Journal. But Apple is still putting the finishing touches on the building so they invited Nick Compton of Wallpaper to take a look as well. There is, of course, fantastic photography by Mark Mahaney in this article, but I think this bit — about the iPhone X — profound:

The most advanced iteration of the iPhone, the X, launched with great hoopla at the keynote address, is all screen. Except that’s the wrong way to look at it. The point is that, at least in the way we use it and understand it, it is entirely unfixed and fluid.

I wonder, then, if Ive misses the physical click and scroll of the first iPods, that fixed mono-functionality, the obvious working parts, the elegance of the design solution. But I’ve got him all wrong. ‘I’ve always been fascinated by these products that are more general purpose. What I think is remarkable about the iPhone X is that its functionality is so determined by software. And because of the fluid nature of software, this product is going to change and evolve. In 12 months’ time, this object will be able to do things that it can’t now. I think that is extraordinary. I think we will look back on it and see it as a very significant point in terms of the products we have been developing.

‘So while I’m completely seduced by the coherence and simplicity and how easy it is to comprehend something like the first iPod, I am quite honestly more fascinated and intrigued by an object that changes its function profoundly and evolves. That is rare. That didn’t happen 50 years ago.’

The pitch of the first iPhone was that the fixed plastic keyboards of the BlackBerry, et al., were unchangeable buttons that were there whether you needed them or not. All of that was replaced with an onscreen keyboard, when needed, and a singular “home” button. But, when viewed in the light of only displaying what is necessary, it is striking how — in just ten years — the home button has been reduced to the same level as those plastic keyboards: a fixed button that is there no matter whether it is needed. Nearly the entire user-facing surface of the iPhone X is now as flexible as the bezel-surrounded 3.5-inch display of that original iPhone.

The Case for RSS

David Sparks:

For several years now, the trend among geeks has been to abandon the RSS format.

Has it, though? Sparks doesn’t cite anything to back this up. I’ve seen the occasional tech writer indicate that links surfaced through Twitter are equating, to a certain extent, those found in their RSS subscriptions, and others who see Twitter as increasingly replacing their RSS diet. But to call it a “trend” is, I think, an exaggeration.

I love this argument that Sparks makes, though:

That was never me. The reason I’ve stuck with RSS is the way in which I work. Twitter is the social network that I participate in most and yet sometimes days go by where I don’t load the application. I like to work in focused bursts. If I’m deep into writing a book or a legal client project. I basically ignore everything else. I close my mail application, tell my phone service to take my calls, and I definitely don’t open Twitter. When I finish the job, I can then go back to the Internet. I’ll check in on Twitter, but I won’t be able to get my news from it. That only works if you go into Twitter much more frequently than I do. That’s why RSS is such a great solution for me. If a few days go by, I can open RSS and go through my carefully curated list of websites and get caught back up with the world.

I can’t remember who, but someone once gave me the best tip I’ve ever received for using RSS: subscribe to your must-read websites, and those websites you like but aren’t updated frequently. It prevents your reader from quickly becoming overwhelming.

Truly, though, this isn’t a case for RSS so much as it is a case for a simple, easy-to-use way to receive updates from the websites you trust and like most. You could theoretically replace “RSS” with “JSON Feed” or “Twitter lists” — whatever works best for you. For news junkies like me, though, there will always be a case for dedicated feeds, without the interruption of non-news tweets or Facebook posts. RSS just happens to be one of the simplest implementations of that.

The Secret Life of Hedy Lamarr

Loren King, Newport This Week:

Most people, if they know Lamarr at all, remember her as an exotic beauty who starred in such movies as “Algiers” (1938) with Charles Boyer, and “Come Live with Me” (1941) opposite James Stewart. But behind those lips and those eyes was the brain of an untrained scientist who, after a long day on the MGM lot, would come home and invent things for pleasure. As one of many screen beauties who dated the eccentric aviator Howard Hughes, Lamarr devised rounded (rather than squared-off) wings for a super-fast plane Hughes was designing. Hughes was so impressed that he set Lamarr up with a mini-laboratory in her house.

Today would have been Lamarr’s 103 birthday. A film about her life and legacy — “Bombshell” — is being screened at the Boston Jewish Film Festival running now, and will be released in select theatres November 24.

Equifax’s CEO Doesn’t Know if Customer Data Is Presently Being Encrypted

Robert McMillan and AnnaMaria Andriotis, Wall Street Journal:

Equifax has quadrupled spending on security, updated its security tools and changed its corporate structure since the breach, Paulino do Rego Barros Jr., the interim chief, said during a hearing by the Senate Commerce Committee.

But Mr. Barros stumbled when asked by Sen. Cory Gardner (R., Colo) whether Equifax was now encrypting the consumer data it stored on its computers — a basic step in hiding sensitive information from hackers, and one the company previously had admitted it didn’t take before the breach.

“I don’t know at this stage,” Mr. Barros said.

Before this catastrophic breach, your passcode-protected iPhone was more hardened against physical data access than every American’s credit information. Now, who knows? It may still be better-protected.

This is irresponsible to the point of negligence. I sincerely hope criminal charges are brought against Equifax for the results of their indifference towards basic security practices; if no criminal charges apply, it ought to trigger a process to ensure that new laws get written to hold companies accountable for inadequate protection of customer data.

In other news, Equifax reported their quarterly earnings today. Stephen Gandel of Bloomberg:

Equifax’s ability to increase its operating earnings during one of the most disastrous quarters, at least operationally and reputationally, in its history, or the history of most companies, really, attests to how entrenched the business is in the financial system. That will most likely add to the frustration of consumers and their advocates.

[…]

All that is probably why Equifax’s stock, which plunged initially after the hack, has rebounded some and been fairly steady. Shares closed at just less than $109 on Thursday before the company announced its results. That’s down from the $143 they were trading at before the hack, but up from the $94 they sank to two days after the hack was disclosed. The stock is amazingly down only 8 percent this year. What’s more, it has a price-to-earnings ratio of 18 times next year’s earnings. That’s not a P/E ratio of a company in jeopardy but one that investors think is highly valued and growing. By comparison, Apple Inc. has a similar P/E of 15.

Infuriating.

Jesus Diaz, Mountaineer of Molehills

Fast Company will apparently publish any old junk these days, like Jesus “A Man Scorned” Diaz’s hot takes on Apple’s products:

If the iPhone X’s hardware features are the epitome of fluff over function, its new navigation gestures are the epitome of needless complexity over intuition.

That’s a hell of an “if” to predicate this entire article on. I did not want to have to deal with two Diaz articles today — one is often enough — but, luckily, the Macalope dismantled that “if”.

So, now that all of the air has been taken out of Diaz’s argument, what is his argument?

You’re looking at a UX disaster, the result of eliminating what is probably the simplest, most intuitive form of navigation ever implemented in consumer electronics: the iPhone’s home button. The iPhone X replaces it with the mess above. This is bad news, because this interaction is a fundamental part of the user experience.

The home button was and is, indeed, a brilliant piece of user interface design. But don’t pretend that it’s completely simple and intuitive; pressing the home button is used to show the multitasking app switcher, access Siri, dismiss Notification Centre and Control Centre, take screenshots, activate accessibility features, invoke Reachability, and more. Oh, and it’s also used to return to the home screen. Lots of functionality has been packed into that little button.

Joanna Stern’s review for the Wall Street Journal – which still concludes that, “Yes, There Are Reasons to Pay Apple $1,000” – documents what this means in detail: “[T]he lack of a home button means your thumb is about to turn into one of those inflatable waving tube-men outside the car dealership […] you must master a list of thumb wiggles, waves and swipes […] the other gestures, however, are buried. Many moves require almost surgical precision.” Heather Kelly, for CNN Money, adds her own experience: “To fill the void left by the Home button, the iPhone X has added new gestures (the different swipes you make with a finger). The process of learning them is a pain, and some of the new options are more work than before.” The Verge declared that “there’s a whole new system of gestures and swipes to learn and master, and many of them will be annoying to remember and difficult to perform with just one hand.”

Diaz doesn’t link to any of these articles, and for good reason: it’s a rubbish argument. Joanna Stern praises the home button swipe in her piece, and the entirety of her criticisms are quoted by Diaz. She doesn’t make a big deal out of it, likely because her review was published just a day after she received her review unit. Heather Kelly was more muted in her first impressions than many reviewers, but she “[doesn’t] doubt anyone’s ability to master a few new finger movements”.

For that quote from the Verge, though, Diaz went back to the September launch of the device. Nilay Patel’s first impressions from last week are more positive:

If you want to switch apps, you either swipe along the bottom of the screen or swipe up and hold — you’ll get a little haptic bump and the app switcher will show up. It took a minute to figure out how to do that move consistently. It took me a little longer to figure out how to consistently use Reachability.

I got my iPhone X last night. The idea that there’s some sort of steep learning curve to this thing is, I think, preposterous. Yeah, there are some decade-old habits I have to break, like when I moved an app around on my home screen this morning and tried pressing on a non-existent home button instead of tapping the “done” button in the upper-right. But the home indicator strip feels completely natural. It’s a testament to the speed and responsiveness of the device and its UI that these gestures feel as smooth and predictable as pinch-to-zoom did on the first iPhone.

Do you have to learn some new stuff? Sure. Will it take a little bit to get accustomed to the device? Absolutely. Is it a “nightmare”, as Diaz frames it in this article’s headline? Hardly.

Back to Diaz:

We knew this was coming, but the reviews and the sudden spike in “how to navigate your iPhone X” tutorials puts a new spotlight on the interaction problems that the elimination of the home button created.

No, it puts a spotlight on websites that really want to cash in on some sweet Google rankings by content farms. There’s a brief three-screen guide when you first set up an iPhone X that demonstrates how to use the home indicator. Once you get used to it, it feels completely natural, particularly if you’ve used an iPad running iOS 11.

Diaz spends another few hundred words quoting writers who made their explanations of other iOS gestures overly complicated, quoting Steve Jobs — hey, remember when people who generally liked using Apple products were Steve Jobs “fanboys”? Times sure have changed — and looking through rose-tinted glasses at the history of the iPhone.

I can’t make Diaz change his mind, no matter how ridiculous his arguments. He thinks iOS 11 “sucks” because UI elements in a few apps are misaligned, that the iPhone X is an egregious excess, and that the replacement of the home button with a handful of gestures makes the device a failure. This is the molehill he wants to die on.

Dvorak’s Vistake

My favourite thing about the release of a well-received Apple product is that there’s a great new product on the market — ideally, they’ve set a new benchmark. My second favourite thing is all the piss-poor takes from the usual suspects, like John C. Dvorak writing in PC Magazine:

The first round of iPhone X reviews are out, and a number of them came from a strange place: amateur YouTubers.

As of November 1, when this piece was published, Apple’s new PR strategy had already been picked apart and scrutinized in excellent pieces from Christina Bonnington and Matt Alexander, among many others. It’s already played out. What can Dvorak possibly contribute? Well, after several paragraphs about how YouTube is new and hip with the youth, he arrives at:

Perhaps Cupertino senses that iPhone X may end up like Microsoft Vista: unfairly criticized.

Windows Vista was too long in the making, removed a litany of features, was too slow on most hardware, was a bloated mix of new ideas and legacy code, and didn’t have nearly enough of the innovative features that were announced years before it was launched. There are forged paintings with a greater attention to historical accuracy than Dvorak demonstrates by calling criticisms of Vista “unfair”.

Chief on my list of complaints is the death of what my son calls The Magic Circle.

Get your crystals and divining rods ready.

The Magic Circle has been around since Steve Jobs introduced the original iPod. On the iPhone, it took the form of the home button, but rounded edges and circles are a favorite design element for Apple; from selecting favorite artists and genres inside Apple Music to that massive spaceship campus.

This is just silly. The primary design and user interaction element of the iPhone was its touch screen. Yes, the home button was important, but the screen was clearly more important for the way that the device is actually used. Don’t believe me? Ask yourself whether you’d rather have an iPhone without a home button, or an iPhone without a multitouch display. There’s a good reason why Apple went with the former option.

The iPhone X is full of rounded edges; it just has one fewer circle on its face.

But it does not exist on the iPhone X. Not even a boot-up screen with ever-expanding circles. So if the iPhone X fails, can we blame the missing Magic Circle? Well, maybe not. A more likely culprit will be that $1,000 price tag.

If I wanted to stretch, I’d point out that the Face ID setup screens use circles extensively, as does its animation. But Dvorak changes tack in the second and third sentences here — apparently, circles are no longer all that important to the iPhone’s success or potential failure. It’s the price, dammit. But, while it is certainly higher than many smartphones, Apple doesn’t seem to think that it will be a problem. They’re forecasting an $84–87 billion October–December quarter, compared to $78 billion for the same period in 2016. Financial results aren’t inherently indicative of a product’s quality, but Apple isn’t forecasting a failure. This isn’t Apple’s Vista.

Facebook Workers, Not an Algorithm, Will Look at Volunteered Nude Photos First in an Effort to Stop Revenge Porn

Joseph Cox, the Daily Beast:

This week, multiple outlets reported on a Facebook pilot scheme that aims to combat revenge porn. In the program, users would send a message to themselves containing their nude images, which Facebook will then make a fingerprint of, and stop others from uploading similar or identical pictures.

The approach has many similarities with how Silicon Valley companies tackle child abuse material, but with a key difference—there is no already-established database of non-consensual pornography.

According to a Facebook spokesperson, Facebook workers will have to review full, uncensored versions of nude images first, volunteered by the user, to determine if malicious posts by other users qualify as revenge porn.

In a bizarre way, this actually makes some sense: Facebook already bans pornography, but there’s no algorithmic way to determine if a photo was shared non-consensually, so a user must manually state that certain images were shared without their consent. The distinction is important because someone sharing consensual porn is merely violating Facebook’s terms of use, while someone sharing non-consensual images is violating a person’s privacy and, potentially, the law.

Now, you could make a reasonable argument that Facebook should err on the side of assuming that all images that are similar to pornographic images should be hidden from public view when they’re reported as revenge porn. I would make that argument, too. But it seems like Facebook has abdicated the responsibility of monitoring their platform for these abuses for a long time, and they’re having a hard time catching up.

Ultimately, it comes down to whether users can trust Facebook, and a recent survey conducted by Reticle Research and the Verge indicates that Americans simply don’t. Oh, and one more thing:

Zuck: They “trust me”

Zuck: Dumb fucks.

That transcript from over ten years ago will never fail to bite Mark Zuckerberg in the ass.

Equifax and Yahoo Executives Skirt Questions at Senate Hearing

Zack Whittaker, ZDNet:

Marissa Mayer, who led Yahoo until she left earlier this year with a $260 million payout after the web giant was bought by Verizon, wasn’t able to tell senators how hackers were able to steal the company’s entire store of three billion user accounts during a breach in 2013.

[…]

Richard Smith, meanwhile, who retired earlier this year after the catastrophic data breach at credit agency Equifax, which affected more than 145 million Americans, couldn’t tell senators who was behind the attack.

I understand that these investigations take time, and that the people involved in these kinds of attacks try to cover their steps as best they can. What I don’t understand is how, even with prior knowledge, both Yahoo1 and Equifax2 failed to take appropriate and responsible measures. We’re allowed to click the “Install Later” button beside system updates all we want, with very few consequences; a major corporation handling unfathomable amounts of data cannot take that risk. So why did they?


  1. Yahoo experienced several security breaches prior to the 2013 one that affected three billion accounts, and several after that as well. ↩︎

  2. A known vulnerability was used to breach Equifax’s systems. ↩︎

Warby Parker Is Testing the ARKit Waters

Chaim Gartenberg, the Verge:

The glasses company is cleverly using the iPhone’s camera to take maps of people’s faces, and use that data to recommend styles of glasses that will best fit your face. It’s a step beyond the digital try on system the company has previously offered, where it would try to place a virtual pair of glasses on a picture to let you see how it looks.

I’ve always liked the styles Warby Parker has offered and I’ve been very pleased with the glasses I’ve ordered from them. But the purchasing process where I live is nowhere near as great as it is in the United States: their home try-on kit isn’t available here, and the only retail stores in Canada are both in Toronto.

This is an interesting first step, but I can’t wait to see if Warby Parker can really commit to augmented reality and offer a truly fantastic virtual try-on experience.

Apple Music Needs Better Searching

Kirk McElhearn:

[…] After reading Alex Ross’s article about John Eliot Gardiner and Monteverdi, I went to Apple Music to listen to one of his recordings. The problem is that his ensembles are called The English Baroque Soloists and The Monteverdi Choir. So the number of results that come up when searching for “Gardiner Monteverdi” is stultifying. (Yes, Sir John has recorded a lot of albums.)

Sure, there are two Monteverdi albums in that list, but there is a lot more Bach. To make things worse, this search only returns 21 albums, whereas clicking on the name of the artist on one of these album pages – English Baroque Soloists, John Eliot Gardiner, & The Monteverdi Choir – returns nearly 100 albums. But none of these searches return all the recordings that he made with this ensemble.

Apple’s search engines in Music and Photos aren’t terrible, but they need some work to feel capable and powerful. As an example, if you begin searching for, say, Queens of the Stone Age and tap the suggestion Queens of the Stone Age in Artists, there’s only one result — Queens of the Stone Age. But you have to tap that result to get to their artist page, and that feels slow and cumbersome. If there’s only one result and it’s an exact match, it should just go to the artist page.

I also find Apple’s search functionality rather limited. In Photos, for instance, you can search by date, location, keyword, person, or even different objects automatically identified in the photos. But you cannot search by camera model or lens. I get that most people probably wouldn’t use this but, as a digital camera’s make and model is part of every file’s metadata, it almost seems like the kind of thing that requires more effort to omit from Photos’ search engine.

Apple Pay for iMessage Debuts in iOS 11.2 Beta 2

Ryan Christoffel, MacStories:

Users of the latest iOS 11.2 beta release received a surprise today in their Messages app picker: the long-awaited Apple Pay iMessage app has now arrived.

Only in the United States, at the moment.

Most of the details of this feature were announced at WWDC, but Christoffel shares additional notes, including all the different access points for peer-to-peer Apple Pay:

While opening the iMessage app to initiate all payments and requests may be the idealized workflow, Apple has included several alternative methods for starting a transaction. You can use Siri to send or request money by voice, using simple commands like ‘Send John $10’ or ‘Ask Federico to send me $10.’ Within the Contacts app, there’s now a Pay button alongside other contact options, which takes you into Messages and opens the Apple Pay app. Inside the Messages app, any message you receive that includes a dollar amount will have that amount underlined, indicating it includes a link to quickly open the Apple Pay app and make a payment. Apple is clearly aware that far more often friends and family send standard messages with the requested amounts included. Lastly, the QuickType keyboard can also serve as a shortcut to initiate a payment.

It makes total sense that this is an iMessage app, but the additional access points ought to help users discover the feature which, I think, is the biggest hurdle Apple faces against a competitor like Venmo.

Slate’s Incorrect Claim That Apple Is Going to Share Face ID Data With Third Parties

Christina Bonnington, writing for Slate:

Face ID is one of the hallmark features of the iPhone X. Using facial recognition, you can unlock your phone almost as quickly as if you had no device security enabled at all—all you have to do is stare at it. It’s convenient, and potentially more secure than a four- or six-digit passcode. And because your data is stored in the phone’s so-called secure enclave and not in the cloud (as Apple did with Touch ID’s fingerprint data), the impressively detailed digital map Apple makes of your face, and the more than 50 facial expressions it can recognize, are kept safe. For the most part.

“For the most part”? Oh, please, tell me something that I’ll be shocked by after reading the title of this page in my web browser, “Apple plans to share some iPhone X Face ID data. Uh oh.”. What could possibly be next?

At launch, facial recognition data from Face ID will only be used by Apple to unlock your phone—and animate a handful of goofy emoji characters called Animoji. However, Apple plans to allow third-party app developers access to some of the biometric data Face ID collects. And this has some privacy experts concerned, as Reuters reports.

A stunning twist.

Fun fact: that Animoji link goes to another Slate article with the title “Three reasons why Apple’s iPhone X animojis are worrisome.” Those three reasons are: they are so good that users will be encouraged to use them! in public! with audio! and that can be annoying; that they are so good that they will become a selling tool for the iPhone X; and that the author gets confused about the difference between the Face ID feature and iOS’ ARKit APIs. A distinction which, as it turns out, Bonnington buries in her ostensibly panic-inducing article:

Facial recognition is everywhere these days. It’s how Facebook suggests friends you should tag in photos, how Snapchat’s lenses so masterfully morph onto your face, and how Google Photos can so intelligently collect and organize photos of people you photograph often. Apple already uses facial recognition in its Photos app on iOS, too. But until now, these companies have kept their facial recognition data private. Allowing developers to access some of that data — even if it’s only a rough map of your face and facial expressions, not the full dataset it uses for biometric identification — is new, potentially scary territory.

This is a completely confused paragraph. There is a difference between facial feature identification — the kind that’s used by Snapchat for lenses, Facebook for suggesting faces to tag in photos, and variations of which are available in a bunch of GitHub repos — and recognition of specific faces, like Google and Apple use for notating specific people in photo libraries.

Apple uses a very sophisticated version of the latter to make Face ID work, which they’ve detailed in a security white paper. But the version of face tracking that’s available to developers is not to be confused with Face ID; it is more like an enhanced version of facial identification. But even that has Bonnington worried:

To use your facial data, developers must first ask your permission in their apps, and must not sell that information to other parties. Still, while it’s forbidden under Apple developer guidelines, privacy experts worry that developers might sell this data or use it for marketing or advertising purposes. (Imagine, if you will, an ad-supported gaming app that uses your current facial expression on your avatar. How valuable would it be for an advertiser to monitor what facial expressions you make as you watch their commercial in between rounds of gameplay?)

That would, indeed, be pretty valuable and deeply creepy. Privacy experts are right to be worried about the plausibility of a company using any kind of facial identification data for marketing purposes, and that’s why Apple has prohibited it. And, yeah, they’re going to have to be pretty vigilant about that.

But let’s not pretend that this is a brand new hypothetical concern that’s exclusive to the iPhone X. Theoretically, any app the user has granted permission for the camera could also target ads using one of those open source facial identification libraries I wrote about earlier — something which is, of course, also prohibited by Apple.

The thing that confuses me most about this piece is that Bonnington is a damn good writer. On the same day that this poorly-researched article was published, she also wrote a fantastic take on those YouTube hands-on videos of the iPhone X published Monday last week. Can’t win ’em all, I guess.

Today in Apple Input Bugs

From Apple’s knowledgebase:

If you updated your iPhone, iPad, or iPod touch to iOS 11.1 and find that when you type the letter “i” it autocorrects to the letter “A” with a symbol, learn what to do.

Apple suggests creating a text replacement shortcut to swap the letter I for the letter i. Yeah, really. They also say that they’re going to fix this in an update soon.

This is an utterly ridiculous bug to have escaped Apple’s QA checks and beta testing amongst developers and a public pool. I understand that this seems like an overreaction to a relatively minor bug, but I wasn’t kidding when I wrote last month that input devices should always work. That goes for virtual input devices, too.

Criteo’s Earnings Report After the Release of Safari With Intelligent Tracking Prevention

With the release of High Sierra and iOS 11 in September, Apple introduced a machine learning-based method to restrict the ability of retargeting scripts to track users across the web. Previously, Safari users could try to prevent this by only allowing cookies from websites the user had explicitly visited — this was the default setting in Safari. Unfortunately, mischievous providers of ad retargeting, like Criteo, figured out a workaround:

Here’s what happens: when visiting a site that includes Criteo’s scripts, a bit of browser sniffing happens. If it’s a Safari variant — and only Safari — Criteo rewrites the internal links on the page to redirect through their domain, […]

The user is then sent to their intended destination page, and Criteo’s cookies are allowed to be set. All that’s needed is that split-second redirect for the first link clicked on the site.

Safari’s new tracking prevention mechanism is supposed to prevent this sort of creepy — and, arguably, unethical — behaviour. So, has it worked? Well, here’s what Criteo said in their most recent earnings report:

We believe our solution for Safari users currently allows us to mitigate about half of the potential impact from ITP. In the third quarter, ITP had a minimal net negative impact on our Revenue ex-TAC of less than $1 million. Given our expectations of the roll out of Apple’s iOS11 and our coverage of Safari users, we expect ITP to have a net negative impact on our Revenue ex-TAC in the fourth quarter of between 8% and 10% relative to our base case projections for the quarter. We will continue to improve and deploy our solution for Safari users over the coming quarters.

It appears that there’s definitely some effect on the ability for Criteo’s shitty script to work, but they’re estimating that it’s still about 50% effective. Perhaps this is just petty of me, but I wish ITP reduced Criteo’s script to 0% efficacy. The lengths to which Criteo has gone to — and will go to, according to the last sentence of that quote — in order for them to track users is an indication that they aren’t following the spirit of users’ wishes.

I’m using Criteo as an example here, but AdRoll employs a similar technique. I think that both of these companies behave disreputably, and I hope Intelligent Tracking Prevention continues to improve so it can better protect Safari users.

Google Docs Glitch That Locked Out Users Underscores Privacy Concerns

Maya Salam, New York Times:

Google Docs threw some users for a loop on Tuesday when the service suddenly locked them out of their documents for violating Google’s terms of service. The weird part? The documents were innocuous. The alerts were caused by a glitch, but they served as a stark reminder that not much is truly private in the cloud.

[…]

“Obviously this is raising questions in a lot of people’s minds about the level of surveillance in internet tools, like cloud-based tools,” Rachael Bale, whose tweets gained traction, said on Tuesday.

Ms. Bale, a reporter for National Geographic’s Wildlife Watch, said that while what happened was “problematic,” she was not too taken aback. “We know Google has access to all kinds of information about us,” she said, adding that professionally, she avoids using Google Docs for “anything sensitive.”

Bale is like so many others; she seems totally okay with the idea that Google knows a lot about us. Here’s the thing: we’re not very good about understanding what information is sensitive and should be withheld. Because so much of the web is either part of Google, funded by Google, or at least tracked by Google, the amount of data they collect on us individually is unfathomably great. Collectively, that’s likely far more dangerous than any single piece of “sensitive” data they might possess.

Seeking Trust

Yesterday, “Ellie” tweeted:

ATTENTION ALL GIRLS ALL GIRLS!!! Go to your photos and type in the ‘Brassiere’ why are apple saving these and made it a folder!!?!!?

This realization went viral; Christine Teigen posted about it, too. And, arguably, rightfully so — if you found out that your phone was, somehow, making it easier for you to search semi-nude photos, you might find that creepy, and you’d probably want to warn a lot of people about that.

Readers of Pixel Envy, on the other hand, probably aren’t surprised to hear this. You’re probably tech savvy, and you probably know that iOS’ Photos app attempts to make the contents of pictures searchable. You likely even know that this is done entirely on the device in a very private way.

None of that has been effectively communicated to users, though, if the outrage over this search term and the results of a recent poll are anything to go by. It was commissioned by the Verge and conducted by Reticle Research, and Apple didn’t fare very well against its rivals when it came to trust:

Participants trusted Amazon the most, which is not all that surprising given its e-commerce store’s ubiquity and the company’s overall drive to provide more value for lower prices with Prime and other services. Yet participants trusted Apple less than even Google, a company with a primary business model of collecting consumer data for targeting advertisements.

A question about trust, broadly, does not fully represent what people find more trustworthy about Microsoft, Google, Amazon, and respondents’ banks compared to Apple. Maybe they don’t trust Apple’s reliability, or software updates, or any number of things. But the survey finding that Google, of all companies, is more trustworthy than Apple is pretty alarming for anyone who knows anything about their business model.

What’s more, even the ability to search a photo library for pictures of bras isn’t unique to iOS. Dami Lee, the Verge:

For the record, Google Photos does the exact same thing when you search “brassiere,” except your photos are stored on the cloud, in Google’s servers. If anything, this should be the bigger security concern that’s freaking out people on Twitter.

I completely agree. When they debuted the feature at WWDC 2016, Apple said that they used freely-available public and stock photography to train their machine learning library. Google’s privacy policy, meanwhile, gives them the ability to train their search engine using the photos uploaded to their cloud services.

Yet, average users don’t seem to understand that the way Apple approaches privacy is fundamentally different than the way their competitors do. I know people who have refused to register their fingerprint with Touch ID for several years because they think it gets uploaded to Apple’s servers; even so, they happily use Google’s suite of products. Apple’s generally privacy-respecting practices get lumped in with others’ unsavoury approaches, and — I think — that leads to controversies like this one.

There’s something else, too, that’s bothering me about this: I wonder if most people — and, let’s face it, “people” is too broad a term; “women” is much more accurate — want to search for photos of bras in their image library. That is, even if this capability and the privacy protections in place had been effectively communicated, is this something that users want catalogued?

I don’t know how many women are on Apple’s machine learning teams specifically, but just 23% of their technical employees are women. Judging by Twitter users’ incredulity, it seems like something women may not actually want, and I wonder if a higher percentage of women in technical roles might have caused object recognition to be filtered more carefully.

Perhaps not, though. Perhaps this functionality sailed through all sorts of gender and ethics tests. In that case, I think it comes back to it being poorly-communicated in poisoned waters. Google is still seen as friendly and trustworthy; Apple is, apparently, not seen that way as much. In that case, perhaps Apple ought to calibrate their functionality for their privacy-cavalier competitors, or run a campaign to build trust in their brand again. Or, maybe Silicon Valley just needs to go a little slower and let us all catch up.

Mashable’s Interview With Apple Executives About the iPhone X

Lance Ulanoff of Mashable spent time with Phil Schiller, Craig Federighi, Alan Dye, and Dan Riccio to talk about the development of the iPhone X. They mostly reiterated the talking points of past statements and events, but there are some new things as well. For instance, they revealed that they had originally intended this iPhone to debut in 2018, but fast-tracked it for release this year, and that required some tough decisions to be made in a tight timeframe:

When Apple made the choice to drop the home button and Touch ID fingerprint scanning in favor of Face ID, Riccio said they went “all in” with that functional decision. “We spent no time looking at [putting] fingerprints on the back or through the glass or on the side,” he said. Apple did it because they believed in the quality of Face ID security and screen unlocking, with executives describing it as good as second-generation Touch ID, but also because there simply wasn’t time.

Matthew Panzarino of TechCrunch was told the same thing, and it seems to put to rest the sketchy photos published prior to the iPhone X’s debut indicating that a rear-mounted fingerprint reader was being tested. I’m very excited to give Face ID a shot on my own iPhone, especially after reading Nicole Nguyen’s review at Buzzfeed.

Ulanoff:

Unlike the home button, this gesture bar serves one purpose: swiping up to open the iPhone X. However, even after people learn the new gesture, you can’t switch off the bar, confirmed Federighi.

I was curious about whether there would be a toggle for that, perhaps buried deep in Accessibility settings. Even though it can’t be, I’m excited to see where Apple can take the iPhone’s on-screen interface once users get the feel of a home button-free device.

Consumer Reports Unceremoniously Shitcans Consumerist.com

This is the entirety of the notice published earlier today on Consumerist.com:

This is our last post on Consumerist.com. We’re deeply proud of all the work we’ve done on behalf of consumers, from exposing shady practices by secretive cable companies to pushing for action against dodgy payday lenders.

We’ve had a tremendous run as a standalone site. Now you’ll be able to get the same great coverage of consumer issues as part of Consumer Reports, our parent organization.

Come check it out at CR.org.

That’s it. The Consumerist was started nearly twelve years ago and has long been the publication that exposed sketchy corporate practices, bait-and-switch schemes, and unfair advertising. And, according to (former) deputy editor Chris Morran, they did so without warning and ungraciously:

To clarify: @ConsumerReports never ONCE gave @consumerist revenue or subscription goals, but we got the ax for not meeting them?

[…] I hung up on the call. That’s right… they shut down the brand via conference call.

Shameful.

Apple’s Intriguing New PR Strategy for the iPhone X

Joe Rossignol, MacRumors:

In addition to journalist Steven Levy’s first impressions of the iPhone X, Apple recently invited a number of YouTube channels to try out the highly-anticipated device at a nondescript building in New York City.

The YouTube personalities invited to a building that appears to be 144 Duane Steet include two reporters from Highsnobiety, “Soldier Knows Best”, Enobong Etteh of BooredAtWork.com, and Sam Beckerman of Fashion magazine. Not on that list include notable personalities like MBKHD and iJustine.

This sort of stuff interests me, for no reason other than it’s different than Apple’s usual pattern. It’s not important, in the big scope. It won’t change how you use the iPhone, when yours will arrive, or the company’s engineering and design. But it’s interesting to me, at least, and maybe you.

For the past few years, Apple has invited tech journalists from around the world — mostly from big newspapers and magazines, but increasingly from web-only publications as well — and a few YouTube personalities to their unveiling event in California. There, they get hands-on time with the new products. Some of these journalists and YouTubers then get review units; they’re covered by an embargo that almost always lifts at the same time for everyone, allowing them to speak freely about their thoughts.

But this is, obviously, different. None of the personalities invited to the event in New York nor any of the handful from other channels that received early access to the iPhone X were at Apple’s September unveiling, as far as I know. And Apple followed their usual review blueprint for the iPhone 8 models launched last month.

My guess is that the month-long lag between the September event and the iPhone X’s release merited a different strategy. The round of YouTube videos posted today are effectively a new round of the first impressions that event attendees get in the hands-on area after the event. They serve as a reminder of the iPhone X’s imminent release. The in-depth reviews that you would expect from some writers and prominent YouTubers will likely be posted tomorrow or Wednesday.

That leaves Steven Levy’s piece in Wired as the outlier, and it seems like it’s a nostalgia trip. Levy:

I’ve had this phone since last Tuesday. Apple had given me this early peek in part because I was one of the first pre-release reviewers of the original iPhone. Given that history, we all thought it would be interesting to get my impressions of what the company clearly believes is the next milestone in a journey that has pretty much altered our relationship with technology.

It’s a deviation from Apple’s normal PR strategy, but the release of two different models of iPhone this year — one markedly higher-end than the other, and with a delayed launch — also represents a deviation from their normal release strategy. If next year’s iPhones launch on a single date, I wouldn’t expect to see this PR strategy, but I also wouldn’t be surprised if the in-person hands-on experience is repeated for those outside of Apple’s typical sphere of tech-centric YouTubers.

Again, this isn’t really important. But because Apple tends to have a fairly predictable and deliberate playbook, and this is different, it’s an interesting case study, especially for those in a marketing, PR, or media job.

Update: Soldier Knows Best was, in fact, at the September event. Sorry for the mistake, and thanks to Alec for catching it and emailing me.

Update: I want to clarify something: I’m pointing out that this PR strategy is different, but I am not claiming that it is a better strategy: Levy’s “insider” articles are already too puffy for my tastes, and these YouTubers are not reviewing the product with a critical eye.

To be fair, they are first impressions, not reviews. I hope Apple has provided other publications with proper review units, and for enough time that they can form more rounded opinions of them; I certainly hope that Apple’s PR department isn’t simply looking for people to read the press bumf.

It isn’t negativity or some supposed “balance” for the sake of balance that makes for a good review; it’s criticality. That doesn’t necessarily need to be published before a product ships — especially when it’s backordered by several weeks — but it’s valuable nevertheless.

Update: Last one, I swear, on this post. Mike Allen of Axios received a review unit which, apparently, he passed along to his nephew. I didn’t realize that was something Apple allowed under their prerelease review nondisclosure agreement. At any rate, he noted that:

Ina Fried, Axios chief tech correspondent, will have our official review soon.

So I think my initial hunch was right: these early previews are buzz, and the full slate of reviews is still to come. The question remains whether other reviewers have been able to spend enough time with their devices to be able to make well-considered observations.

The Onion’s New Layout Feels Like a Deep Betrayal

Me, back in August, after the A.V. Club migrated their website to the ex-Gawker Kinja platform:

All of this is to say that I hope Clickhole and the Onion don’t look like Deadspin when they launch on Kinja. They’re very different websites, and their design should articulate that. I think the Onion would be markedly less funny if it didn’t look like a hard news website, and giving it the generic Kinja treatment would be a bleak milestone for one of the most consistently brilliant places on the web.

The Onion has now been publishing on Kinja for about a week and, frankly, I think I was right. It doesn’t feel like a satirical take on hard news any more; it’s more of a parody of the Gizmodo Media Group family of websites. The writing is still hilarious, but plopping that writing into Kinja’s generic layout robs it of its potency.

Google Responds to Pixel 2 XL Display Complaints

You may remember a series of news articles last week regarding the sub-par OLED display in the new Pixel 2 XL.

Google VP of engineering Seang Chau has now responded to those complaints in a lengthy post on the Google Product Forums. First, on the muted and downright weird displayed colours:

We’ve received some feedback about the Pixel 2 XL displays not appearing as saturated as other phones. We attribute this perception to our choice to calibrate the Pixel 2 XL for delivering natural, accurate colors, taking advantage of the new color management support in Android 8.0 Oreo.

I don’t fully buy this explanation. A well-calibrated display is great, but I’ve never seen the same kind of complaints about colours not displaying correctly on recent models of iPhone, which feature the same P3 colour gamut as the Pixel 2 XL’s display and are also calibrated for accuracy. I also haven’t seen the same complaints about the standard Pixel 2 which has a Samsung-supplied display, suggesting that this issue is specific to the limited viewing angles of the LG-supplied display in the XL model.

Nirave Gondhia, Android Authority:

If you look at the Pixel 2 XL screen at even a slightly off-centre angle, the screen adopts a blue tint. It’s not a bright blue hue, but more of a darkening and cooling of the display. It weakens the screen’s overall color reproduction.

Chau also writes that Google has no indication of abnormal image retention, despite users seeing it on their devices, but also says that they will be issuing a software update to fade the on-screen navigation buttons while they’re not actively being used.

If anyone is wondering why Apple is reportedly entirely dependent on Samsung for the iPhone X’s display, here’s your answer: almost nobody else makes OLED displays in large quantities, and other manufacturers simply aren’t delivering the quality that Samsung does.

iPhone X Pre-Order Demand

Aishwarya Venugopal and Arjun Panchadar, Reuters:

Pre-orders for the much-anticipated 10th anniversary phone started from 12.01 am PT (0701 GMT) on Friday.

I saw that this was true for lots of people, but not for me — neither the website nor the Apple Store app opened for me until about ten minutes later.

“We can see from the initial response, customer demand is off the charts,” an Apple spokeswoman told Reuters.

“We’re working hard to get this revolutionary new product into the hands of every customer who wants one, as quickly as possible.”

I’ve been through enough high-demand product sales that my problems accessing the store don’t really surprise me. They do, however, mean that estimated delivery dates for my iPhone are November 21–28. Shipping is now at 5–6 weeks in the United States and Canada.

If you’re hoping to get an iPhone X within the next couple of weeks and would rather not camp at your local Apple Store or cell carrier, I’d recommend trying to score an in-store reservation. The app tells me that November 4 at 8:01 AM is the earliest time I could try making a reservation; it may be different where you live.

The Most Revolutionary Thing About Tesla and Uber Would Be Their Long-Term Success

The Economist:

Investing today for profits tomorrow is what capitalism is all about. Amazon lost $4bn in 2012-14 while building an empire that now makes money. Nonetheless, it is rare for big companies to sustain heavy losses just to expand fast. If you examine the members of the Russell 1000 index of large American firms, only 25 of them, or 3.3%, lost over $1bn of free cashflow in 2016 (all figures exclude financial firms and are based on Bloomberg data). In 2007 the share was 1.4% and in 1997, under 1%. Most billion-dollar losers today are energy firms temporarily in the doldrums as they adjust to a recent plunge in oil prices. Their losses are an accident.

Ryan Felton, Jalopnik:

Oftentimes, talk about the bottom line of Tesla gets distorted because, really, the automaker could theoretically stay afloat in perpetuity, so long as Musk secures investors who’re willing to wait an unusually long time for profits to be delivered. (Again, this is unusual.) But, as the Economist puts it, “the longer it goes on for, the harder it gets.” More debt gets added on, the bigger the liability grows, and maintaining projections of huge, stable profits somewhere down the line just isn’t so easy.

If Netflix and Tesla were to go out of business, it would be sad, but likely trivial. The biggest worry would be for Tesla owners looking to repair their cars — parts would be scarce and repairs could require reverse-engineering the car’s software.

But the end of Uber would be deeply worrying indeed. Remember Wash.io? It was a Bay Area firm that offered an on-demand laundry service, and went out of business about a year ago. Andray Domise summarized its legacy in a series of tweets:

To recap, wash.io drives up the price of laundry, pushes laundromats out of business, makes cleaning clothes difficult for poor people…

And then crashes and burns anyway. Leaving bankrupt businesses behind, and entire neighbourhoods where you can’t even wash your damn clothes

Something I hear frequently from the people I know who use Uber is how much less expensive it can be than taking a cab. But it doesn’t occur to them that the reason it’s cheaper is because Uber can afford to hemorrhage $2.8 billion in a year, a rate of loss that no local taxi company could sustain. To be fair, the company’s losses shouldn’t be something for riders to consider, but it feels utterly predatory. And now Uber and Lyft are going after public transit.

So what happens if Uber shuts down, long after taxi drivers have suffered from their business practices? Is there a renewed appreciation for taxis and public transit? Or will people who cannot afford or cannot drive a car simply be left with few affordable transportation options?

Equifax Was Warned

Lorenzo Franceschi-Bicchierai, Vice:

Late last year, a security researcher started looking into some of the servers and websites that Equifax had on the internet. In just a few hours, after scanning the company’s public-facing infrastructure, the researcher couldn’t believe what they had found. One particular website allowed them to access the personal data of every American, including social security numbers, full names, birthdates, and city and state of residence, the researcher told Motherboard.

The site looked like a portal made only for employees, but was completely exposed to anyone on the internet. It displayed several search fields, and anyone — with no authentication whatsoever — could force the site to display the personal data of Equifax’s customers, according to the researcher. Motherboard saw multiple sets of the data they were able to access.

I know I shouldn’t be surprised at Equifax’s carelessness. I know that after the exposure of the Social Security Numbers of practically every American with a credit card or a loan, after the company allowed three executives to sell shares in the days after the breach was discovered, after the company took six weeks to notify consumers, after failing to responsibly respond to their breach, after launching a botched self-check service, after promoting their insecure credit freezing service, after sending some people to the wrong website, and after the company allowed its CEO to retire with a full compensation package, that I should not be surprised when it comes to their unique ability to be completely hopeless with information security or corporate responsibility.

And yet, every week seems to bring a new chapter in this saga — a new example of how Equifax has managed to fuck this up at a truly catastrophic level. For at least six months, Equifax knew that they had a freely-accessible search engine for the personal details of millions of Americans. And they did nothing.

Equifax’s stock price is up today, and is trading at about $17 per share — or about 18% — higher than the day the company announced that they had been breached.

A Tale of ‘Trons’

David Munns, writing in Aeon:

Sprawling across the 20th century, ‘trons’ marked out humanity’s hubristic desire for techno-supremacy. Today they are an endangered species. So where did the trons go, with their thrill of centralised control over particles, plants or programming? With the end of the Cold War, the term lost much of its political and social power.

There’s something about the “tron” suffix that connotes a specific time and place in history, and Munns captures that story well in this piece. Munns asks what the equivalent today is, and I’m not sure that’s possible to answer yet. Missing vowels reference a specific period on the web — ahem — as does “CamelCase”, but it’s hard to know what today’s identifying language characteristics are without the benefit of hindsight.

Apple Rumoured to Be Pushing for More Family-Friendly Original Programming

Lucas Shaw, Bloomberg:

Erlicht and Van Amburg have agreed to remake Steven Spielberg’s anthology series Amazing Stories with NBCUniversal and are in the bidding for another show, about morning TV show hosts played by Reese Witherspoon and Jennifer Aniston. Apple wants to have a small slate of shows ready for release in 2019. “I think for both NBC and Apple, it’s about finding that sweet spot with content that is creative and challenging but also allows as many people in the tent as possible,” says Jennifer Salke, president of NBC Entertainment.

However, Apple isn’t interested in the types of shows that become hits on HBO or Netflix, like Game of Thrones — at least not yet. The company plans to release the first few projects to everyone with an Apple device, potentially via its TV app, and top executives don’t want kids catching a stray nipple. Every show must be suitable for an Apple Store. Instead of the nudity, raw language, and violence that have become staples of many TV shows on cable or streaming services, Apple wants comedies and emotional dramas with broad appeal, such as the NBC hit This Is Us, and family shows like Amazing Stories. People pitching edgier fare, such as an eight-part program produced by Gravity filmmaker Alfonso Cuarón and starring Casey Affleck, have been told as much.

I’m not saying that every show needs to have nudity, profanity, and gore galore, but interesting stories, history, and real day-to-day life are rarely as sanitized as a G or PG rating requires.

If it’s their brand they’re concerned about, I don’t get why Apple doesn’t pull a Disney and create their own version of Touchstone Pictures. Aljean Harmetz, reporting for the New York Times in 1984:

In an attempt to recapture its lost teen-age and young adult audience, Walt Disney Productions announced today that it will keep some of its new movies as far away from the Disney name as possible. The Disney label will be replaced by the name Touchstone Films. The Disney name will be kept, however, on its traditional movies for young children.

I understand that Apple is taking a fairly cautious approach with their original programming efforts. Their first two shows were X Factor but for apps, and an idea purchased from late night television about celebrities singing in the car. I’m sure there’s more ambition ahead. But it’s really hard to combine this rumour with the lacklustre series they’ve released so far and not feel a bit concerned, especially when Netflix’s first original series was the rightfully-admired House of Cards. And that is not a family-friendly affair.

I don’t care where good television comes from. I don’t even care that we have way too much TV as it is, though I wish there wasn’t the expectation that I am somehow able to keep up with every hot show plus all the franchises and cinematic universes that they are somehow connected with. I just like good art. I think Apple has the taste to be the money behind some really great work — they already have. But Netflix is already there with critically-acclaimed shows and big names. Apple could do that too, which makes their very cautious — and, so far, weak — approach all the more curious.

On Bloomberg’s Report That Apple Downgraded the Accuracy of Face ID to Improve iPhone X Production Speed

Alex Webb and Sam Kim, Bloomberg:

As of early fall, it was clearer than ever that production problems meant Apple Inc. wouldn’t have enough iPhone Xs in time for the holidays. The challenge was how to make the sophisticated phone — with advanced features such as facial recognition — in large enough numbers.

As Wall Street analysts and fan blogs watched for signs that the company would stumble, Apple came up with a solution: It quietly told suppliers they could reduce the accuracy of the face-recognition technology to make it easier to manufacture, according to people familiar with the situation.

The implication at this point in the story is that the facial recognition technology that will be shipping to consumers may not necessarily be as thorough as Apple has been promoting it in its iPhone X marketing materials:

Face ID revolutionizes authentication on iPhone X, using a state-of-the-art TrueDepth camera system made up of a dot projector, infrared camera and flood illuminator, and is powered by A11 Bionic to accurately map and recognize a face. These advanced depth-sensing technologies work together to securely unlock iPhone, enable Apple Pay, gain access to secure apps and many more new features.

Face ID projects more than 30,000 invisible IR dots. The IR image and dot pattern are pushed through neural networks to create a mathematical model of your face and send the data to the secure enclave to confirm a match, while adapting to physical changes in appearance over time. All saved facial information is protected by the secure enclave to keep data extremely secure, while all of the processing is done on-device and not in the cloud to protect user privacy. Face ID only unlocks iPhone X when customers look at it and is designed to prevent spoofing by photos or masks.

All biometric technologies are subject to an elevated level of scrutiny. Even before Touch ID was announced, early skeptics predicted that it could be easily fooled like other fingerprint readers. Now, it’s Apple’s take on facial recognition that’s encouraging the same kinds of pre-launch dismissals and high levels of skepticism. That’s probably why Apple describes it in such detail in that press release excerpt above, and it’s likely also why they felt it necessary to issue a statement on Bloomberg’s report — something they rarely do for rumours:

“Customer excitement for iPhone X and Face ID has been incredible, and we can’t wait for customers to get their hands on it starting Friday, November 3. Face ID is a powerful and secure authentication system that’s incredibly easy and intuitive to use,” an Apple representative told Business Insider. “The quality and accuracy of Face ID haven’t changed. It continues to be 1 in a million probability of a random person unlocking your iPhone with Face ID.”

“Bloomberg’s claim that Apple has reduced the accuracy spec for Face ID is completely false and we expect Face ID to be the new gold standard for facial authentication,” the representative continued.

Apple’s statement here is not phrased in a deceptive or weaselly way. It is clear: Face ID won’t be worse in consumer devices than they have previously promised. This is a very clearly-worded dismissal of Bloomberg’s claim that facial recognition will be less accurate.

So what, if anything, is true in Bloomberg’s report?

Well, I can think of a few things, if we read between the lines a little later in the report:

The dot projector is at the heart of Apple’s production problems. In September, the Wall Street Journal reported that Apple was having trouble producing the modules that combine to make the dot projector, causing shortages. The dot projector uses something called a vertical cavity surface-emitting laser, or VCSEL. The laser beams light through a lens known as a wafer-level optic, which focuses it into the 30,000 points of infra-red light projected onto the user’s face. The laser is made of gallium arsenide, a semiconductor material, and the lens is constructed of glass; both are fragile and easily broken. Precision is key. If the microscopic components are off by even several microns, a fraction of a hair’s breadth, the technology might not work properly, according to people with knowledge of the situation.

[…]

To boost the number of usable dot projectors and accelerate production, Apple relaxed some of the specifications for Face ID, according to a different person with knowledge of the process. As a result, it took less time to test completed modules, one of the major sticking points, the person said.

I only know what has been published by Bloomberg and the Wall Street Journal, and what is in Apple’s press statement. Even with that limited information, though, I think it’s possible to guess at different ways that Bloomberg’s report may be a reflection of the complexity of producing the iPhone X at scale and how Apple’s statement reflects the shipping product:

  1. Apple may have over-engineered a component, or found a simpler way to make it without compromising accuracy or reliability.

  2. The testing may have been overly and unnecessarily cautious, and it was able to be relaxed slightly without compromising accuracy or reliability.

  3. Early components were required to meet more stringent requirements because the software needed a higher level of precision. Adjustments could have been made to the Face ID software to make it more reliable and exactly as accurate with components that aren’t quite as perfect as the earliest batch of components.

There is overlap between all of these possibilities — and I’m sure there are more — but I think my first guess is a reasonable interpretation of Bloomberg’s report and Apple’s statement. It also takes into account production ramp factors and last-minute adjustments that, while not ideal, are not entirely uncommon. These changes are usually made under the hood, but occasionally the results of these adjustments may be visible. For example, some early-batch first-generation iPhones had a bell icon on the ring/silent switch, for example. The point of a production ramp is that potential issues are found and, to the best they can be, eliminated so later production runs more smoothly. And it appears that this is the case, according to Bloomberg’s report:

For months, Apple investors have fretted that a shortage of iPhone Xs would send consumers into the arms of rival smartphone makers such as Samsung and Huawei Technologies Co. Apple seems to have overcome the biggest production hurdles. Sharp is working to bring the production yield for dot projectors above 50 percent, while LG Innotek has already surpassed that level, which both companies consider acceptable. Meanwhile, Apple is working with Taiwan’s Himax Technologies Inc. to boost production of lenses to make up for lower-than-needed output from Heptagon, a Singaporean company that so far has been the only lens supplier.

The iPhone X is clearly a very advanced device to produce, especially at the scale customers would like to see. But, while the facial recognition sensors seem to be a primary obstacle to that scale, Apple’s statement refutes the notion that Face ID will be compromised in any way. That doesn’t mean they haven’t taken steps to make production easier; it simply means that the production ramp is doing its job, albeit perhaps within a tighter timeframe.

I am not worried about the accuracy of Face ID today any more than I was yesterday, or any time previously. And, though I understand general skepticism of the technology, I don’t think you should worry about it any more than you might have before. The biggest worry I have is whether I’m going to get my order in fast enough to be able to get an iPhone X delivered to my door next Friday.

The Zuckerberg Bargain

Maya Kosoff, in a Vanity Fair piece with the exceptional headline “Facebook Casually Considers Annihilating the Digital Media Industry”:

Last week, Facebook launched a secondary news feed called Explore, which features posts from Facebook Pages that users don’t follow. (Facebook Pages are profiles for businesses, media organizations, public figures, and other groups.) This is different from News Feed, the primary feed where users are shown posts from Pages they follow, and from their friends. In six markets, The Guardian reports, Facebook is running a test wherein it removes all posts published on Facebook Pages from the main News Feed, integrating them into the “Explore” feed instead. Now, users’ main News Feed is only for posts from friends, advertisements, and posts that groups running Facebook Pages pay to promote. In other words, in markets where the test is active, Facebook is no longer a free playing field for digital publishers.

Cambodia is one of the six markets where this separation is being tested. Alexis C. Madrigal of the Atlantic writes about the impact it has had on publishers there:

“It’s too early to say anything definitive about the impact this is having on our traffic and reach,” Jenni Reid, the web editor at The Phnom Penh Post, told me. “The two feeds still don’t seem to be fully separated yet for some people here in Cambodia, but so far it doesn’t look positive.”

[…]

These changes are significant for the broader media ecosystem in Cambodia, Reid said. “Last year, Facebook edged ahead of television as the number-one source of news for Cambodians according to one survey. Post Khmer, the Khmer-language Facebook page for the Phnom Penh Post, has the fourth-most likes in the country, and seven out of 10 of the most popular Facebook pages here are news websites or newspapers,” she told me. “That’s striking compared to, say, the United States, where there isn’t even a news publisher in the top 50 most popular pages among Facebook users.”

The arguments you’re about to hear you’ve heard before. I get that.

You would have to be completely deluded to think that Facebook does not enjoy having two billion people using its website monthly, especially for their data-collecting ad-centric business model. One of the reasons they’ve been able to grow and retain such a large user base — in spite of how much we hate it — is because it’s constantly full of stuff: status updates, photos, videos, games, and news stories. The media is critical to Facebook’s growth; the company previously made changes to its News Feed to improve the rankings for shared links to publishers from users and pages.

But now, Facebook is considering cutting the free version of that off. Publishers can either pay to promote their stories in users’ feeds, or they can be relegated to a secondary feed that very few people will read.

I think it’s pretty easy to say that publishers should not be reliant upon traffic from any third-party source, but that minimizes the responsibility these companies now have on a worldwide scale. As companies like Facebook and Google increasingly dominate actual publishers for how users get their news, even creating proprietary formats like Instant Stories and AMP for preferential treatment, shouldn’t their practices be scrutinized to a greater degree? Is it really fair for the rug to be pulled out from under publishers’ feet when their primary referrer decides it’s convenient for their business model? Does it make sense for the future of the worldwide digital media economy to be decided by a few young men in California? To return to the argument against publishers’ reliance upon traffic sources like Facebook and Google, is it possible to build a successful new publication without them?

I don’t know the absolute answers to any of these questions. I suspect that any of them would inspire a lengthy debate. My best guesses, though, are absolutely, but not by this American administration, not entirely, no, and I doubt it.

Apple Says That the iPhone X Will Have Walk-in Availability

Apple:

iPhone X, the future of the smartphone, featuring a revolutionary new design with a stunning all-screen display, wireless charging and an incredible rear camera with dual optical image stabilization, will be available to customers for pre-order on Friday, October 27 at 12:01 a.m. PDT on apple.com/ca and the Apple Store app.

This is nitpicking, but “all-screen display” is a silly phrase. You’ve probably read Ken Segall’s commentary on Apple’s use of “all-screen”, but that’s in the context of Apple’s marketing webpage which bills the iPhone X as a phone that’s “all screen”, immediately above a photo that clearly indicates that this isn’t the case. While “all-screen display” isn’t a lie, it’s no better from a description perspective: all displays are “all-screen”. That’s just redundant.

iPhone X will be available in more than 55 countries and territories, and in Apple Stores beginning Friday, November 3 at 8:00 a.m. local time. Stores in most countries will have iPhone X available for walk-in customers, who are encouraged to arrive early.

Don’t count on it being easy, though. Nikkei reporters say that the initial iPhone X shipments from now until the end of the year will total just 20 million. For comparison, Apple shipped over 78 million iPhones between October and December last year. If you want an iPhone X before, say, March, you’ll want to be awake at midnight Pacific time on Thursday night — Friday morning, for the more pedantic readers — and try not to mis-tap the “buy” button. In some countries, you may also want to phone your bank or credit card company, just to be safe. Good luck.

The FBI Can’t Stop Fearmongering About Encryption

Dell Cameron, Gizmodo:

Never in the past century has the FBI ever had greater access to consumer data than it does today. It has never been easier to locate a person of interest — be it a terrorist, a counterfeiter, or a child predator. The quickening pace of technology has given rise to new forms of surveillance, the likes of which, two decades ago, no federal agent would’ve ever thought possible.

Yet, for years now, the FBI has argued just the opposite, painting for the American public a picture of its agents fumbling around in the shadows without a flashlight, hindered by privacy-enhancing consumer technology, helping countless criminal suspects and terrorists evade arrest. Despite a steady year-to-year increase in search warrants, subpoenas, and National Security Letters served on technology companies, the bureau assures us that its investigations are “Going Dark.”

Cameron makes good counterarguments against FBI Director Christopher Wray’s complaints today that the FBI has been unable to decrypt nearly 7,000 devices, but I think he missed one critical argument: a fundamental right to privacy.

Rewind twenty years and ask average American adults whether they would be comfortable wearing a device everywhere that allows the government to know where they are, who they’re talking to, what they watch, and what they buy. I bet nobody would willingly agree to that. In fact, if you asked that of someone today, I doubt anyone would oblige; it’s only because we are under the impression that our cellphones are relatively private spaces that we use them the way we do.

The problem is not that the FBI and other law enforcement agencies cannot read the data on our devices; the problem, for them, is that they cannot interpret this data. When we write a letter, we are under no obligation to add enough context to that letter to make it intelligible to an FBI agent. We are not obligated to write our letters in a language they can understand, nor are we obligated to ensure that the letter isn’t protected by a cypher. An average person probably will not encode their mailed correspondence, of course, but there is nothing to prevent them from doing so if it is not connected to a crime.

Suppose letters had to be written in English, and could not be encoded; if they were in any other language or happened to be encoded, imagine you had to send a translation dictionary or a copy of the cypher to your local FBI field office. Now imagine that instead of a letter, it’s the key to every webpage you visit, instant message you send, transaction you make, and location you visit. And imagine that, instead of this information being in the hands of the FBI, it’s in the hands of every law enforcement agency in the Five Eyes alliance at least.

No, there is no obligation for us to provide meaningful interpretation of the data we accumulate about our daily lives and, no, there should not be. It may absolutely make an FBI agent’s job harder to prosecute a crime if they do not have access to encrypted evidence. But we create enough evidence incidentally that is unencrypted and available to third parties. Agents should feel free to battle the legal departments of those companies to obtain this information when necessary. But I see no good reason to add a law enforcement-only door to the world’s devices. Chances are, it’s not a door that will usually remain closed, nor will it remain solely in the hands of law enforcement.

The Essential Phone Gets a $200 Price Cut

This comes less than two months after the Essential first started shipping, and less than a month after a report from BayStreet Research estimated that only about 5,000 Essential Phones were sold to consumers in the United States in September. Even if that number is off by an order of magnitude, that still represents a very low share of phones shipped. Not selling the most is, of course, Essential’s framing for this phone, and if they’re comfortable only selling a handful of these devices, I would prefer to see a more experimental product rather than a fairly generic Android phone.

Astute readers may recall that the 8GB model of the original iPhone also received a $200 price cut about two months after it was released, and the 4GB configuration was discontinued. For comparison, Apple sold their millionth iPhone just a few days after that price cut was announced.1


  1. If you subtract Q4 sales — July through September — from the Q3 numbers, Apple sold around 270,000 iPhones in its first few days. ↩︎

The Mac Mini Is Three Years Old

Brian Stucki of MacStadium:

It’s been three years since the current Mac mini was released on Oct 16, 2014. “All About That Bass” was the number one song in the land. Four hundred million humans have been born since that day and have never known a new Mac mini. My daughter is one of them. She already walks and talks and just moved to her big-girl bed. Three years is a long time.

It’s a very long time. At the time that Stucki published this post — on Monday, the third birthday of the current-generation Mac Mini — the last we had heard about the product came from Phil Schiller at the Mac Pro private press briefing in April:

The Mac Mini remains a product in our lineup, but nothing more to say about it today.

Yesterday, though, Tim Cook responded to a MacRumors reader’s email:

While it is not time to share any details, we do plan for Mac mini to be an important part of our product line going forward.

That statement isn’t entirely confidence-inspiring for me. I don’t think Cook is lying or exaggerating the role that he feels the Mac Mini may have in the future, but it’s such a vague remark for a product in such dire need of an update. The best you can say about his reply is that it’s an admission that the Mini isn’t dead.

The Mac lineup — particularly the desktop Mac lineup — feels stagnant. It feels like they’re stuck in a place where they want to re-envision those products but haven’t been able to deliver those updates in a timely fashion. What I don’t understand is their inability or reluctance to ship spec bump updates on a regular basis: prior to this summer’s iMac update, its most recent update shipped in October 2015; prior to the October 2014 Mac Mini update, its most recent was in 2012.

Spec bumps are not as splashy or as exciting as introducing a new model; they don’t afford Apple the opportunity to think about ways that the product could change to better meet customers’ needs. But, over the past few years, you’ve likely noticed a growing concern across the web that Apple doesn’t care about the Mac any more. I doubt that sentiment would be as significant or as pervasive if Apple were providing spec bump updates along the way.

Also, for what it’s worth, I think it’s difficult to justify charging the as-new price on a Mac that hasn’t been updated in three years. Not from a sales perspective, mind you, but from an ethics perspective — Macs aren’t houses, for example, and 2014 was a long time ago in technology terms.

Sarah Jeong Profiles William Alsup, the Judge on Oracle v. Google

Sarah Jeong, the Verge:

On May 18th, 2012, attorneys for Oracle and Google were battling over nine lines of code in a hearing before Judge William H. Alsup of the northern district of California. The first jury trial in Oracle v. Google, the fight over whether Google had hijacked code from Oracle for its Android system, was wrapping up.

The argument centered on a function called rangeCheck. Of all the lines of code that Oracle had tested — 15 million in total — these were the only ones that were “literally” copied. Every keystroke, a perfect duplicate. It was in Oracle’s interest to play up the significance of rangeCheck as much as possible, and David Boies, Oracle’s lawyer, began to argue that Google had copied rangeCheck so that it could take Android to market more quickly. Judge Alsup was not buying it.

“I couldn’t have told you the first thing about Java before this trial,” said the judge. “But, I have done and still do a lot of programming myself in other languages. I have written blocks of code like rangeCheck a hundred times or more. I could do it. You could do it. It is so simple.”

Alsup is the kind of judge that’s critical in trials that concern technical matters; he easily saw through Oracle’s claims in a way that less technically-inclined judges likely wouldn’t. I think there’s good reason to encourage judges with experience for highly-technical and nuanced cases like this. However, their expertise in a specific field is reminiscent of when someone with a background in an industry is appointed to regulate that industry: they’re likely to understand it in a way that outsiders may not, but they likely come with baggage. Interestingly, Alsup would be the exception to that — he learned to code as a hobby.

Tech Companies Are Resistant to Attempts to Scrutinize Employee Diversity

Will Evans and Sinduja Rangarajan, writing for Reveal, a publication by the Center for Investigative Reporting:

Diversity numbers rarely generate positive headlines, but they can make companies confront reality.

“Internally, it’s that, ‘Oh man, our numbers are coming out again, how do we look?’ ” said Judith Williams, who was head of diversity at Dropbox and a diversity manager at Google. “It forces a conversation both externally and internally.”

[…]

If they disclose any numbers at all, most companies offer limited pie charts on diversity webpages or in corporate diversity reports. They say the government reports don’t reflect how they view their own workforce. The firms invariably use percentages instead of raw numbers.

“I think they don’t want people checking their math,” Williams said.

EEO-1 reports, which reveal raw numbers instead of percentages, are kept private by the U.S. government; companies can choose to publicize their reports themselves, but few do. Percentages are, of course, not a terrible way to compare companies. But there is something powerful about recognizing that the 0.5% of Facebook’s new employees in 2015 that were black is equivalent to just seven people. Seven.

If you’re wondering why I didn’t publish a roundup of tech company diversity reports yet this year, by the way, this article largely explains the reason: companies are no longer motivated or encouraged to update their public diversity stats in a timely manner. Microsoft, Apple, and Amazon haven’t updated their reports since summer of last year; Google and Twitter updated theirs in January of this year, while Facebook updated theirs in August. Unfortunately, there’s seemingly little pressure to reveal these figures, despite the importance of a highly-diverse staff.

A Workaround for Broken Media Keys in High Sierra

In previous versions of MacOS, media keys would control whatever audio- or video-specific app was most recently foregrounded. If you launched iTunes, say, and then played some songs in the background, they would control iTunes; if you switched to Spotify and then put that in the background, the keys would automatically control Spotify instead. The keys would also work with QuickTime, VLC, and other media apps, but they never controlled playback in web apps like Netflix or YouTube, and that probably irritated some people very much.

In High Sierra, Apple has resolved this — web apps that play media now get the same priority as native apps. And that’s fine and well.

The problem is that there’s a bug where media keys simply stop working altogether. I’ve seen all sorts of tips: quitting Chrome might help, quitting Slack might help because it’s effectively a Chrome browser, quitting Safari might help, and making sure no tabs are open with embedded media. But these tips are ridiculous, and if iTunes or Spotify are presently playing audio when I press a key, it’s a no-brainer what I’m trying to control. I’ve dumped the Console output on Pastebin for those who are curious.

Anyway, I got fed up with this tonight so I started poking around for a solution and stumbled across a tiny menu bar utility by Milan Toth. It doesn’t support the Touch Bar and it seems to only work for iTunes and Spotify, but this is pretty much perfect for my needs.

One small worry is that it is unsigned, so High Sierra throws a hissy fit if you try to run it. Toth has open-sourced the app so if you’re worried about it, you can review the code. You can also easily compile and sign it yourself, which is what I did for my copy. I’m thrilled that my media keys now behave as I expect them to, but I’m once again dismayed that there’s yet another problem with an input mechanism for MacOS.

The Pixel 2 XL Has a Really Crappy Display

By all means, Google’s new line of Pixel 2 smartphones sound very impressive. They’re almost surely the best Android phones on the market. But the display in the Pixel 2 XL is clearly terrible. Vlad Savov, the Verge:

Look at that New York Times icon in the image above. Stop flinching and really look at it, soak in the kaleidoscope of colors washing over it. Just to make sure we’re all on the same page, I’m seeing a haze of green in the middle of the gothic “T”, which then blooms into a red that eventually transitions into the white that the icon is supposed to be. But the fun isn’t over; when you get up real close, you’ll see the edges of the icon are all fringed by a sort of purply-red and, again, green. The neighboring heart icon, which is also supposed to be white, presents us with a crosshatch of red and green and white micropixels.

Does that look like 2017 to you?

In their review of the Pixel 2, Ars Technica posted a comparison of the same image shown on the regular Pixel 2’s Samsung-made display and the Pixel 2 XL’s LG-made display, and it’s plainly obvious that the XL’s display is horrible.

That makes this part of Savov’s article a little more than curious:

The Verge’s Creative Director James Bareham sides with Google on this, describing the Pixel 2 XL as the phone screen tuned most closely to professional displays: “it presents natural colors in terms of photos, but is a little dark,” he says. But here’s the real problem: James uses truly pro equipment that nobody is trying to sell to consumers; what he thinks of as accurate, what might technically be accurate, is not what the majority of us see on most of the devices we use.

I don’t buy that for a second. DisplayMate hasn’t published results for the Pixel 2 yet or the iPhone 8, but they said last year that the iPhone 7 was the most accurate phone display they had ever tested; this year, when set to the DCI-P3 colour gamut, they gave the Samsung Galaxy S8 a very high grade as well. Neither of those displays produce anything like the colour variation shown by the Pixel 2 XL. I sincerely doubt that a test would show that its display is better-calibrated than displays that don’t look wonky and are measurably very accurate.

Apple Posts Knowledgebase Article Advising the Deletion of Touch Bar Data Before Selling a MacBook Pro

I dunno — I guess it’s Apple Input Device Week around here. Zac Hall of 9to5Mac points to Apple’s knowledgebase

First, start up from macOS Recovery: Hold down Command-R on your keyboard immediately after pressing the power button to turn on your Mac, or immediately after your Mac begins to restart.

When the macOS Utilities window appears, choose Utilities > Terminal in the menu bar. Type this command in Terminal:

xartutil --erase-all

According to Stephen Hackett, this command will wipe recorded fingerprints.

This isn’t a complicated command, but it does feel inelegant. You know how iOS has a button to “erase all content and settings” that you’re supposed to tap before you sell or exchange your iPhone? I feel like MacOS could use one of those, too: it would be great if you could boot into Recovery mode and then click one button to prepare your Mac for sale. It could erase Touch Bar data, remove encryption keys, and do its best to wipe data and make it unrecoverable. It’s a little thing, but the little things matter.

Queries From the Curious and Answers to Them

Jaime Fuller, writing in the Awl:

In 1908, there was no sparsely decorated webpage with a blinking cursor silently begging to answer every stupid question that had ever decided to staycation in your brain. So when New York Times reader F.S. Shaw wanted to know the know the heights of the Eiffel Tower and the Singer Building in order to settle a bet, his best option was sending a letter to the newspaper. When fellow subscriber David Levy was curious about the population of Salt Lake City, he did the same, as did the person who just wanted to know how Benedict Arnold’s descendants were doing. Eventually, the answers appeared in a column in the fashion and society section, forbear to the Sunday Styles, next to articles about the Long Branch dog show, the fine weather at Bar Harbor, and diatribes against the dearth of small hats this season. It was called “Queries from the Curious and Answers to Them.” It was mail-order Google for the exceptionally patient.

This is such a great story. As Fuller points out, there are still queries that aren’t well-suited to algorithmically-returned results. This seems to be a small obsession in the tech industry — Biz Stone’s ill-fated Jelly app was an experiment in crowd-sourced answers to questions, like Yahoo Answers without the Yahoo-ness. Those with a large-enough Twitter audience can also use that platform to answer questions in a timely manner. But none of these options are a match for having an expert research a specific question, particularly when the asker’s memory is just fuzzy enough for their question to be just too unsearchable.

Anyway, fantastic article. You should read it.

Key Press Latency of Popular Keyboards

Dan Luu tested a bunch of popular keyboard models and recorded their latency. Something that might surprise you: Apple’s Magic Keyboard, when connected over USB, had the fastest response time — albeit imperceptibly so in actual usage.

That goes to show that Apple can build great keyboards. They have, repeatedly. Apple’s trackpads are also widely considered to be the best in the industry. These products are fantastic from a technical perspective, an ergonomics perspective, and a longevity perspective. Their mice haven’t been praised to nearly the same extent, but I still think the Magic Mouse — at least — is a great product.

The latest batch of keyboards and the software that interprets input devices should be considered an anomalies, but they are worrying ones.

Google’s Pixel Buds

Earlier this month, Google announced their wireless headphones. They’re $159, they look kinda cheap, they have a wire connecting them — so, wireless might be a little generous — and Google hasn’t announced when they’re actually being released. But the Pixel Buds have a really cool feature that blows me away. Valentina Palladino, Ars Technica:

But the most intriguing feature of the Pixel Buds is the integrated Google Translate feature. Demoed on stage at Google’s event today, this feature lets two Pixel Bud wearers chat in their native languages by translating conversations in real time. In the demo, a native English speaker and a native Swedish speaker had a conversation with each other, both using their native languages. Google Translate translated the languages for each user. There was barely any lag time in between the speaker saying a phrase and the Buds’ hearing those words and translating them into the appropriate language.

Watch Google’s demo of this feature and tell me that it doesn’t look like the future. It’s limited — both parties must be using Pixel Buds and, according to Nilay Patel, this feature only works when paired to the Google Pixel smartphone, so the likelihood that you’ll meet someone by chance who can use this feature is pretty remote — but even so, it’s impressive if this works as well in the real world as it does in Google’s demo.

Update: The Google Translate app seems to work even better than the Pixel Buds, and doesn’t require both parties to have a Pixel-specific hardware combination.

Dust and Tedium

Casey Johnston, the Outline:

I was in the Grand Central Station Apple Store for a third time in a year, watching a progress bar slowly creep across my computer’s black screen as my Genius multi-tasked helping another customer with her iPad. My computer was getting its third diagnostic test in 45 minutes. The problem was not that its logic board was failing, that its battery was dying, or that its camera didn’t respond. There were no mysteriously faulty innerworkings. It was the spacebar. It was broken. And not even physically broken — it still moved and acted normally. But every time I pressed it once, it spaced twice.

“Maybe it’s a piece of dust,” the Genius had offered. The previous times I’d been to the Apple Store for the same computer with the same problem — a misbehaving keyboard — Geniuses had said to me these exact same nonchalant words, and I had been stunned into silence, the first time because it seemed so improbable to blame such a core problem on such a small thing, and the second time because I couldn’t believe the first time I was hearing this line that it was not a fluke. But this time, the third time, I was ready. “Hold on,” I said. “If a single piece of dust lays the whole computer out, don’t you think that’s kind of a problem?”

Johnston’s keyboard isn’t an outlier: various people and organizations she spoke with have indicated that dust under the keys — in particular, under the spacebar — is a common affliction of the latest generation of Apple laptop keyboards. Apple provides instructions on how to remove dust, but they are ridiculous: you must hold your laptop in one hand at a recommended 75° angle and spray the keyboard with compressed air while rotating your computer in midair.

I do not baby my electronics, but I want them to last. These instructions seem like a fantastic way to shatter the display or destroy the case.

Stephen Hackett kept running into this problem, too, with his months-old MacBook Pro, and he followed Apple’s steps to clean it:

After a couple days of light usage, the problem got worse.

The bottom lip of the key began to flip up a little bit as the key tried sprinting back up after being depressed. Light was leaking around it, and eventually this happened:

[…]

One of the tiny arms that the key cap clips onto is broken. My nearly $2,000 laptop that I bought less than a year ago is now missing a key, as I shared with our Connected audience this weekend.

This is, frankly, inexcusable. I was already hesitating on upgrading from my five-year-old MacBook Air because this generation of MacBook Pros still seems like a work-in-progress; now, I will absolutely be waiting another generation to see if this problem gets fixed.

By the way, I know there will be some people suggesting that plenty of generations of Apple products have had their teething issues. I don’t deny that; the MacBook Pro was recalled for graphics issues, the first-generation iPod Nano scratched like crazy and the battery could overheat, and the unibody plastic MacBook’s bottom case peeled off.

But input devices should always — and I mean always — work, in hardware and in software. If a speck of dust affects the functionality of the most-used key because of an attribute inherent to the design of the keyboard, that’s a poor choice of keyboard design, especially for a portable computer.

On a related note, too, there’s an existing bug in recent versions of MacOS where key and cursor inputs are sometimes delayed. I notice the keyboard bug especially frequently in Messages when I haven’t switched to it for a while, and I experience delayed trackpad input often in Safari and in Photos. But it seems to persist throughout the system, and it is infuriating. I’m glad that apps on my Mac crash less frequently but I would genuinely rather have Safari crash on me as much as it used to than I would like to keep seeing problems with input mechanisms. I can choose a different web browser; I can’t choose a different way for MacOS to process my keystrokes.

Problems like these should not escape Cupertino.

Sketchy Mattress Review Websites

David Zax, in a must-read article for Fast Company, describes the litigation initiated by Casper against several mattress review websites:

On April 29, 2016, Casper filed lawsuits against the owners of Mattress Nerd, Sleep Sherpa, and Sleepopolis (that is, Derek), alleging false advertising and deceptive practices.

Mattress Nerd and Sleep Sherpa quickly settled their cases, and suddenly their negative Casper reviews disappeared from their sites, in what many onlookers speculated was a condition of the settlements. But by the end of 2016, when I started closely studying the lawsuits, Derek’s Casper review remained, defiantly, up on Sleepopolis. He was soldiering on in his legal battle with the mattress giant. People who knew him called Derek a fighter; one of his nicknames was “Halestorm.”

Casper had another way of referring to him. Derek was “part of a surreptitious economy of affiliate scam operators who have become the online versions of the same commission-hungry mattress salesmen that online mattress shoppers have sought to avoid,” Casper’s lawsuit alleged. The company complained that Derek was not forthright enough about his affiliate relationships, noting his disclosures were buried in a remote corner of his site. This did violate recently issued FTC guidelines, and Derek updated his site to comply.

This is a deeply disturbing piece. Derek Hales, the founder of Sleepopolis, was doing some shady things that seemed to be driven by the value of affiliate links more than his honest opinion of the mattresses. But Casper’s practices are even more suspect, beginning with this correspondence between CEO Phillip Krim and Jack Mitcham of Mattress Nerd:

In January 2015, Krim wrote Mitcham that while he supported objective reviews, “it pains us to see you (or anyone) recommend a competitor over us.”

Krim went on: “As you know, we are much bigger than our newly formed competitors. I am confident we can offer you a much bigger commercial relationship because of that. How would you ideally want to structure the affiliate relationship? And also, what can we do to help to grow your business?”

[…]

Krim then upped his offer, promising to boost Mitcham’s payouts from $50 to $60 per sale, and offering his readers a $40 coupon. “I think that will move sales a little more in your direction,” replied Mitcham on March 25, 2015. In the months that followed, Mattress Nerd would become one of Casper’s leading reviews site partners. (The emails surfaced due to another mattress lawsuit, GhostBed v. Krim; if similar correspondence exists with Derek Hales, it has not become public.)

It certainly sounds like Krim was, behind the scenes, financially incentivizing reviewers to push the Casper mattress. You’ll want to read Zax’s full article for the kicker to the Sleepopolis saga. It’s atrocious.

Update: I’ve been racking my brain all day trying to think about what the end of Zax’s story reminds me of:

“Hello!” ran the text beside the headshot. “My name is Dan Scalco and I’d like to personally welcome you to the brand new version of Sleepopolis. Here’s what’s up… On July 25th, 2017 our company acquired Sleepopolis.com …. Derek Hales and Samantha Hales are no longer associated with Sleepopolis.”

An italicized note added:

“In July 2017, a subsidiary of JAKK Media LLC acquired Sleepopolis.com. Casper provided financial support to allow JAKK Media to acquire Sleepopolis.”

David Carr, writing in the New York Times in 2014:

Last week, I read an interesting article about how smart hardware can allow users to browse anonymously and thus foil snooping from governments. I found it on what looked like a nifty new technology site called SugarString.

Oddly enough, while the article mentioned the need for privacy for folks like Chinese dissidents, it didn’t address the fact that Americans might want the same kind of protection.

There’s a reason for that, although not a very savory one. At the bottom of the piece, there was a graphic saying “Presented by Verizon” followed by some teeny type that said “This article was written by an author contracted by Verizon.”

SugarString writers were apparently prohibited from writing stories about net neutrality or the NSA’s spying activity — remember, this was in 2014, when both of those topics were especially concerning. So if you were going to SugarString for your tech news, you were highly misinformed. Likewise, if you were to visit Sleepopolis — owned by Casper — do you think you’d be getting a fair review of mattress buying options?

The reason I’ve been puzzled all day about this is because I’m nearly certain that there was a similar marketing-spun publication that was created by — I think — a mining or oil and gas company. I don’t think I’m making this up or misremembering it, so if you have any idea what I might be thinking about, let me know.

Major Security Vulnerabilities Now Have Marketing Campaigns

Shannon Vavra, Axios:

There’s a four-way handshake that establishes a key for securing traffic, but the third step allows the key to be resent multiple times, which allows encryption to be undermined, according to a researcher briefed on the vulnerability. The researchers, the United States Computer Emergency Readiness Team and KU Leuven, report this breach, called KRACK (Key Reinstallation Attacks) could allow connection hijacking and malicious code injection.

Mathy Vanhoef discovered the vulnerability, which comprises ten CVEs. And, yeah, it’s a big problem, but we’re not all completely screwed. Alex Hudson explains:

Remember, there is a limited amount of physical security already on offer by WiFi: an attack needs to be in proximity. So, you’re not suddenly vulnerable to everyone on the internet. It’s very weak protection, but this is important when reviewing your threat level.

Additionally, it’s likely that you don’t have too many protocols relying on WPA2 security. Every time you access an https site – like this one – your browser is negotiating a separate layer of encryption. Accessing secure websites over WiFi is still totally safe. Hopefully – but there is no guarantee – you don’t have much information going over your network that requires the encryption WPA2 provides.

Juli Clover, MacRumors:

Apple’s iOS devices (and Windows machines) are not as vulnerable as Macs or devices running Linux or Android because the vulnerability relies on a flaw that allows what’s supposed to be a single-use encryption key to be resent and reused more than once, something the iOS operating system does not allow, but there’s still a partial vulnerability.

Apple’s latest round of betas, released to developers today, include a patch.

Here’s the thing about this: it’s clearly a bad bug, but it is both generally fixable and the fear is — at least to some extent — driven by the researcher’s PR campaign around it. Much like Heartbleed, KRACK has a cool name and a logo.

But compare the immediate groundswell of attention around Heartbleed and KRACK against, say, a critical flaw in the widely-used RSA encryption library, also announced today. Dan Goodin, Ars Technica:

The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it’s located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest.

This bug isn’t receiving anywhere near the same attention as KRACK, despite RSA being used to generate some — not all — keys for PGP and GitHub, and potentially all keys for Microsoft BitLocker and identity cards for Estonia and Slovakia.

I get why security researchers are dialling up the campaigns behind major vulnerabilities. CVE numbers aren’t interesting or explanatory, and the explanations that are attached are esoteric and precise, but not very helpful for less-technical readers. A catchy name gives a vulnerability — or, in this case, a set of vulnerabilities — an identity, helps educate consumers about the risks of having unpatched software, and gives researchers an opportunity to take public credit for their work. But, I think the histrionics that increasingly come with these vulnerabilities somewhat cheapens their effect, and potentially allows other very serious exploits to escape public attention.

Twitter’s Abuse Problem Comes Down to a Failure of Leadership and a Reliance on Algorithms

Natasha Lomas, TechCrunch:

Twitter has clearly not fixed the problem of abuse on its platform — and very clearly also continues to fail to fix the problem of abuse on its platform.

Leaning on algorithms to do this vital work appears to be a large part of this failure.

But not listening to the users who are being abused is a even greater — and more telling — lapse of leadership.

There’s an enormous disconnect between what tech companies feel compelled to restrict and what users feel is worth restricting. The New York Times illustrates this today with an interactive feature about what Facebook considers hate speech worthy of removal. The second phrase — “Poor black people should still sit at the back of the bus.” — would likely not be considered hate speech on its own by Facebook’s standards:

While Facebook’s training document lists any call for segregation as an unacceptable attack, subsets of protected groups do not receive the same protection, according to the document. While race is a protected category, social class is not, so attacks targeting “poor black people” would not seem to qualify as hate speech under those rules, Ms. Citron said. That is because including social class in the attack negates the protection granted based on race.

As of right now, 93% of over 60,000 Times readers think that statement constitutes hate speech, and I think most reasonable people would agree on that: the historical connotations of forcing black people to sit at the back of a bus far overwhelm the income status of the subject. Surely there’s enough context within that single phrase to establish that it’s driven by race, right?

But this is the thing: tech companies are generally run by people who are not subjected to abuse or targeted hate speech on their platforms. It would be prudent of them to take seriously the concerns raised by affected users. But this is also another reason why executive teams need to comprise more diverse perspectives because, as far more eloquent writers have pointed out, not doing so creates a huge blind spot.

Tech companies need to mature to a point where they recognize the responsibility they have to the billions of people on this planet, because that’s the scale they operate at now.

A Decade of Airlines Ignoring Hyphenated Names

John Scott-Railton:

United Airlines keeps changing my hyphenated last name, costing me up to hours of trouble when I travel. When an airline like United changes travelers names, all parts of a trip can be affected I am not alone in this: hyphenated users have complained about this for a decade. There are tens of thousands of hits on Google for this problem.

By deleting hyphens, United Airlines creates a Passenger Name Record mismatch, which torpedoes smooth air travel. Here are some common problems for people with hyphens who fly on United, I have encountered all of them: Online check-ins don’t work, forcing travelers to arrive early at the airport to get a paper boarding pass, or miss their flights. Customs flags travelers arriving in the US for extra scrutiny, resulting in long waits. TSA may send travelers back to airline counters.

United has publicly shrugged about this for over a decade. Noted security expert Bruce Schneier even blogged about the issue of hyphenations nine years ago. @united can be found on twitter advising passengers to simply delete their hyphens, which is bad advice and may result in a records mismatch, and delays. In 2017 the problem is still not fixed. Is United Airlines incapable of such a simple change?

Scott-Railton published this back in June, and Freia Lobo of Mashable noted at the time that this issue isn’t isolated to United Airlines: Delta’s ticketing system has the same problem.

But I’m linking to it today because Delta recently updated their app to remove the check-in process and issue boarding passes automatically. That’s terrific. Unfortunately, there’s no indication that Delta or any other airline has addressed the issue with hyphenated names — I found tweets from as recently as August with the same issue, and complaints about similar character validation problems from September.

These kinds of problems are almost certainly due to legacy or outdated equipment. There’s probably some key part of these airlines’ ticketing infrastructure that will simply never accept anything other than A–Z characters — at least, not without replacing it. But with the huge number of people out there who do have hyphens, apostrophes, or diacritical marks in their names, surely a modernization of their character palette should be a higher priority.

At the very least, this shouldn’t be a passenger problem a decade after it Schneier pointed it out. If a name needs to have characters dropped for compatibility reasons, it shouldn’t trigger a security warning or require additional scrutiny for passengers.

Google Disables Touch Functionality on Home Mini After a Reviewer’s Device Recorded Ambient Audio Constantly

Artem Russakovskii, Android Police:

Several days passed without me noticing anything wrong. In the meantime, as it turns out, the Mini was behaving very differently from all the other Homes and Echos in my home – it was waking up thousands of times a day, recording, then sending those recordings to Google. All of this was done quietly, with only the four lights on the unit I wasn’t looking at flashing on and then off.

[…]

Further clarifications arrived. The Google Home Mini supports hotword activation through a long press on the touch panel. This method allows people to activate the Google Assistant without saying the hotword. On a very small number of Google Home Mini devices, Google is seeing the touch panel register “phantom” touch events.

In response, the updated software disables the long press to activate the Google Assistant feature. Once the Google Home Mini devices receive the updated software, all long press events (real or phantom) will be ignored and Google Assistant will not be invoked accidentally.

I’m not paranoid, but it’s events like these that shake my confidence in the security of ambient audio-based assistant devices. Google’s a big company, and something like this really should have been caught far earlier; bugs like these — and, for what it’s worth, the malfunctioning LTE bug that affected the Apple Watch — suggest that far more thorough quality assurance processes are necessary.

Aaron Mamiit, Tech Times:

While it would certainly have been much better if the issue never existed in the first place, the speed and finality of Google’s response to the controversy certainly deserve praise from the technology industry and its customers.

Why, exactly, should we praise Google for this? A fast reaction is the bare minimum response anyone should expect for a device that’s unintentionally always recording and uploading audio in the background. I don’t see anything particularly praiseworthy about not including a bug that enables such an egregious privacy violation on a shipping device.

Denise Young Smith at the One Young World Summit

Aamna Mohdin, Quartz:

Apple, like many other tech titans such as Google, and Microsoft, is trying to take key steps in addressing the problem of having a lack of diversity, which has been highlighted by investors. But it does look like the company is making progress. Apple’s latest statistics show that a majority of new hires in the US are from ethnic minorities, although white employees still account for 56% of the overall current workforce.

When asked whether she would be focusing on any group of people, such as black women, in her efforts to create a more inclusive and diverse Apple, [VP of Diversity Denise Young Smith] says, “I focus on everyone.” She added: “Diversity is the human experience. I get a little bit frustrated when diversity or the term diversity is tagged to the people of color, or the women, or the LGBT.” Her answer was met with a round of applause at the session.

Young Smith went on to add that “there can be 12 white, blue-eyed, blonde men in a room and they’re going to be diverse too because they’re going to bring a different life experience and life perspective to the conversation.” The issue, Young Smith explains, “is representation and mix.” She is keen to work to bring all voices into the room that “can contribute to the outcome of any situation.”

I get where Young Smith is coming from here — that diversity is more than a single-item checkbox question. Nobody should feel like the token person on a team, only there to meet a diversity quota; everyone should feel valued. I recently attended a discussion panel concerning equity in the arts in Calgary, and a similar point was made there as well.

But it is unfair and disingenuous to make this argument without also acknowledging that the tech industry is dominated by individuals within a very narrow spectrum of diversity — typically white, typically male, and typically wealthy or from wealthier backgrounds. This tendency is more pronounced the higher up one looks at a company’s corporate ladder. Of course, these stereotypes are not fully representative — and, even if they are, those individuals may have different life experiences; that’s what Young Smith is getting at — but it’s hard to see the framing of twelve white men as a “diverse” group as anything other than a cop-out after Apple’s investors once again voted against a diversity proposal earlier this year.

Omar Ismail on Quora, responding to a user’s question about whether they’re privileged simply because they are white:

It doesn’t mean you’re rich. It doesn’t mean you’re luckier than a lucky black guy. Nobody wants you to be crippled with guilt. Nobody has ever wanted that, or means those things.

It means you have an advantage, and all anyone is asking is that you *get* that. Once you get that, it’s pretty straightforward to all the further implications.

DeRay Mckesson made a similar point in response to Young Smith’s answer at the summit:

You didn’t work hard for every band aid to look like you, for every baby doll to look like you, for the world to treat you as human, and everything as ‘other’ is not the result of your personal hard work — that’s what white privilege is.

Tech companies have a massive responsibility. They may overwhelmingly be based in the United States, but they play a significant role in how the world communicates. Right now, their senior leadership does not look like the world in which they reside. When that changes, we can start really looking at the life experience of twelve white men and how that substantially contributes to the company’s diversity objectives — however, bigger steps are needed before we can get to that point. I think we need to reconsider how people are educated, hired, and promoted. But, as I wrote near the top of this piece, nobody should feel like they’re a “token” person in a team; that can start with companies pursuing truly comprehensive opportunities to make their staff at all levels more like the world they connect.

Update: I worry that companies more lax in their diversity efforts will use this kind of defence as an excuse for hiring just 36 black Americans in a whole year.

Seven Years and One Month Since Microsoft’s Funeral for the iPhone

Peter Bright reports for Ars Technica earlier this week:

During the weekend, Microsoft’s Joe Belfiore tweeted confirmation of something that has been suspected for many months: Microsoft is no longer developing new features or new hardware for Windows Mobile. Existing supported phones will receive bug fixes and security updates, but the platform is essentially now in maintenance mode.

Microsoft already announced last year that they would stop making phones, and I expected this announcement would follow sooner than it actually did. Nevertheless, it’s unsurprising, and made worse by a cringeworthy funereal procession that Microsoft held for shipping Windows Phone 7 — their first try at an iPhone OS competitor — three and a half years after Apple first demonstrated the iPhone.

Vlad Savov writing for Engadget in September 2010:

An elaborate parade, replete with hearses and black capes, was organized last week to denote the passing of the BlackBerry and iPhone into the land of unwanted gadgets. We’d say this is done in poor taste, but we don’t enjoy stating the obvious. We will, however, enjoy the fallout from this poorly judged stunt.

They also danced to Michael Jackson’s “Thriller” at the same parade. To be fair to them, BlackBerry really has all but vanished from everyone’s pockets, but its replacements run iOS and Android, not Windows Mobile.

Uber’s iPhone App Had Screen Recording Capabilities

Kate Conger, Gizmodo:

To improve functionality between Uber’s app and the Apple Watch, Apple allowed Uber to use a powerful tool that could record a user’s iPhone screen, even if Uber’s app was only running in the background, security researchers told Gizmodo. After the researchers discovered the tool, Uber said it is no longer in use and will be removed from the app.

The screen recording capability comes from what’s called an “entitlement” — a bit of code that app developers can use for anything from setting up push notifications to interacting with Apple systems like iCloud or Apple Pay. This particular entitlement, however, was intended to improve memory management for the Apple Watch. The entitlement isn’t common and would require Apple’s explicit permission to use, the researchers explained. Will Strafach, a security researcher and CEO of Sudo Security Group, said he couldn’t find any other apps with the entitlement live on the App Store.

The Gizmodo story acknowledges later that this entitlement could have been sandboxed to function only within Uber’s app — though Apple wouldn’t say one way or another — and Uber said that it was only live for a single version of the app to make the Apple Watch app run more smoothly. Even so, given Uber’s outrageous history of violations of privacy and basic decency, it seems quite risky to me for Apple to have granted Uber’s app this entitlement. I’m sure precautions were taken, but I cannot imagine any other developer having this kind of influence, particularly an indie developer or one with such a poor track record.

App Review Should Screen Apps for Discrepancies In Device Requirements

I’ve been on vacation for the past few days and I was curious about what was stored on my hotel room keycard. So I downloaded one of those NFC-reading apps, opened it, and was surprised to see a message indicating that my device was incompatible. I re-checked the listing in the App Store and it said that my iPhone was compatible; I also remembered that my 6S does not support the new NFC-reading API in iOS 11.

I looked at a few other NFC-reading apps in the store and they all indicate that my phone is compatible, even though I know it isn’t. It turns out that there is a way for a developers to indicate when the new API is a requirement — it’s just that many developers don’t use it.

I think App Review ought to do a better job of screening apps for discrepancies between what apps say they do and what requirements they need. Dedicated NFC-reading apps that don’t correctly indicate which devices are compatible ought to be rejected, as should apps with similar inconsistencies.

Boy, Do I Feel Naïve

Laura Wagner of Deadspin reacts to Joseph Bernstein’s blockbuster story for Buzzfeed on how Breitbart cultivated a destination for white supremacists, misogynists, and other scum:

Is there a word for when you feel embarrassed about your naïveté? Because I feel dumb as hell. I assumed that when [Olivia Nuzzi] and her down-the-middle cohorts wrote things like this glowing profile of Mike Cernovich in New York magazine, they went home and immediately took a hot shower to wash off the stink. I didn’t realize they were just writing about their friends.

A very charitable part of me wants to believe that none of the writers now shown to be quite cozy with Steve Bannon and his ilk were aware of the impact of being associated with Breitbart’s brand of conspiracy-tinged journamalism. But I still don’t understand why anyone would want to be associated with them in any way, particularly after the outright discriminatory, racist, sexist, and irrationally caustic articles they’re well-known for.

Apple Releases High Sierra Security Update

This update includes fixes for the encrypted disk password-as-hint bug as well as the keychain exfiltration bug that was revealed last week.

Unfortunately, Apple recommends that those affected by the encrypted disk bug install this security update, then format and restore their drive. This applies mostly to those who think that there’s a chance that their disk password may have been exposed — I don’t set password hints, so this bug didn’t affect me. But if you’re one of the unlucky ones who are affected, you know how you’ll be spending your weekend.

I still want to know how a bug like the latter bypassed quality control checks and a multi-month developer beta, though. It’s not confidence-inspiring.

MacOS High Sierra Vulnerability Exposes Passwords of Encrypted APFS Containers

Matheus Mariano:

This week, Apple released the new macOS High Sierra with the new file system called APFS (Apple File System). It wasn’t long before I encountered issues with this update. Not a simple issue, but a potential vulnerability.

The vulnerability? Under certain not-so-uncommon conditions, a drive or container formatted as APFS can show the actual password as the hint.

Via Michael Tsai:

The bug was easy to reproduce on my Mac. Plugging the drive into another Mac also shows the password as the hint. So I’m guessing it’s not actually an APFS flaw but rather that Disk Utility is passing the wrong variable as the hint parameter.

That seems to be the case. Felix Schwarz:

Creating a volume via diskutil, the hint, not the pw is shown. Looks like the root cause is Disk Utility storing the password as hint.

So, from the looks of it, if you haven’t specified a password hint – or if you haven’t used Disk Utility, you’re probably safe.

Disk Utility was made extraordinarily buggy in a rewrite two years ago and we’re still feeling the effects of that decision. That’s a big problem for an app as consequential as Disk Utility.

Update: Apple told Rene Ritchie that they’re rolling out a fix for this today. That’s a fast response, but this is a bug that should have been caught far sooner. Why wasn’t it?

The Verge’s Preview of Google’s New Pixel 2 Phones

Dieter Bohn of the Verge got an early look at Google’s new Pixel 2 and Pixel 2 XL phones, officially announced today:

The speakers on both phones got plenty loud without too much distortion. I’m sure it was a priority to get those speakers in there, but I’m also sure I would rather have smaller bezels. The overall audio story on Pixel 2 is a big deal: it does away with the headphone jack, but it also supports a bunch of new audio codecs over Bluetooth 5. I can also tell you that the Pixel 2 is a thousand percent better at recognizing when I say “OK Google” than last year’s phone.

That’s the sole mention of the headphone port in Bohn’s preview. That’s weird, because less than a year ago, Bohn agreed with Nilay Patel’s sentiment that removing the headphone port was “user-hostile”. Even two months ago, Bohn was “going to continue to be a curmudgeon about” the removal of 3.5mm headphone port on today’s smartphones.

By the way, both Google and Apple include 3.5mm adaptors in the box. If you want to buy an extra one, Apple will charge you $9 for their Lightning-to-3.5mm adaptor, but Google will charge a whopping $20 for a USB-C-to-3.5mm adaptor. Just throwing that out there.

Bohn again:

That’s not to say there aren’t impressive design elements to point out. There are no visible antenna lines anywhere on the XL’s aluminum unibody. Even though the 6-inch screen on the XL might not technically count as edge-to-edge, it still fits a much larger screen in a body that’s just a little bigger than last year’s Pixel XL, which had a 5.5-inch screen. On both, you’ll see that there is no camera bump beyond a slight raised ridge around the lens.

But there is a camera bump, right? Either there is or there isn’t, and the photo in this article indicates that it’s virtually the same treatment as that on my iPhone 6S — a treatment that Bohn previously described as a “camera bump” and “aesthetically aggravating”.

Rather than go with dual lenses and a camera bump like Apple, […]

There is a camera bump. I get it: nobody likes camera bumps. Depending on who you ask, they’re either a symptom of an obsession with smartphone thinness, or a tolerable — if not ideal — compromise. But Bohn can’t make the bump go away by denying its existence, and I’m not sure what to make of his attempts to do so.

iPhone 8 and Qi Inductive Charging

Ben Bajarin:

There is a lot to like about the promise of wireless charging. That said, I’ve used wireless charging solutions from many smartphone manufacturers through the years, and I’ve never had a flawless experience with any of them. Unfortunately, the same is true with Apple’s latest offering with iPhone 8/8 Plus. In the few weeks, I’ve been using an iPhone 8 and the Mophie wireless charging pad I have woken up the next day to an iPhone that did not charge and has less than 10% battery at least several times a week. This last week alone it happened three times. For a myriad of reasons, from charging coils, to pad design, etc., when using this pad the iPhone and Mophie pad have to be aligned just right, or it won’t charge. You can’t just drop it down anywhere on the pad but instead need to align it just right. Where this impacts me, is throughout the night my phone may get a notification buzz and as a result will move off the sweet spot and then stop charging.

Via Michael Tsai who received a tip from Phil Wu that Panasonic’s QE-TM101 charger — which, as far as I can figure out, was never officially sold outside of Japan — includes moving charging coils that automatically align to your phone. There are also Qi charging pads that have multiple coils to reduce the likelihood of a phone slipping out of range.

Even so, this shows why Qi isn’t a real wireless charging standard. True wireless charging shouldn’t care that your phone is within a couple of centimetres of a precise area. True wireless charging wouldn’t care which way up your phone is placed, either — maybe I’m just a little bitter about that because my sleep tracking app of choice requires my iPhone to be placed screen side down on my nightstand.

There may be some relief coming: Apple says that they’re going to release a software update that will enable faster charging speeds, and the coming AirPower charger will have support for multiple devices, which indicates to me that you won’t have to be quite so precise in placing any particular device.

But I still don’t see Qi as anything more than an obvious stepping stone between a cable plugged directly into your phone, and some kind of power emitter placed in the general vicinity of your phone. Until that latter technology arrives, I think the intermediate solutions will feel half-baked and inadequate.

Designing Apps for the iPhone X’s Notch

Max Rudberg has followed his excellent piece on designing UI elements for the bottom of the iPhone X’s display with this piece about designing for the top. There are a lot of great ideas here that, to my eye, make the most of a less-than-satisfactory resolution of the sensor housing. These design decisions are currently being made without an iPhone X in hand, though; I’m very interested to see the evolution of app design within, say, the first few months of the X’s availability.

IRS Awards Multimillion-Dollar Fraud-Prevention Contract to Equifax

Steven Overly and Nancy Scola, Politico:

The IRS will pay Equifax $7.25 million to verify taxpayer identities and help prevent fraud under a no-bid contract issued last week, even as lawmakers lash the embattled company about a massive security breach that exposed personal information of as many as 145.5 million Americans.

A contract award for Equifax’s data services was posted to the Federal Business Opportunities database Sept. 30 — the final day of the fiscal year. The credit agency will “verify taxpayer identity” and “assist in ongoing identity verification and validations” at the IRS, according to the award.

The notice describes the contract as a “sole source order,” meaning Equifax is the only company deemed capable of providing the service. It says the order was issued to prevent a lapse in identity checks while officials resolve a dispute over a separate contract.

This is the single greatest example of incompetence I’ve seen today, and that includes the American president flinging paper towels at suffering people in Puerto Rico and confusing the Coast Guard and Air Force at a press conference.

Yahoo Announces That All Three Billion User Accounts Were Compromised in 2013

Hey, remember that gigantic security breach at Yahoo? No, not that one. No, not that one either. The one where they announced that over a billion user accounts had been compromised. Well, Oath’s PR department dropped a doozy of a press release today:

Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft. While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts. The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. The company is continuing to work closely with law enforcement.

Yep — every single one of the three billion accounts that Yahoo was in charge of maintaining had its information stolen. If you ignore the press release’s spin of what wasn’t stolen, you’ll notice that they omit what was: as acknowledged previously, that includes names, email addresses, MD5 hashed passwords, phone numbers, birthdates, and security questions and answers.

This is the second greatest example of incompetence I’ve seen today.

There’s an Easy Apple Maps Joke Here, I Just Know It

Kirk McElhearn:

I set up two-factor authentication for my Apple ID yesterday. I had tried previously, and it was a disaster. In spite of some confusing instructions from Apple, it seems to have worked so far.

But I was surprised to find that, when I was logging into different devices, it didn’t show the correct location.

I’m not near London; I’m about 100 miles away.

Glenn Fleishman, Macworld:

[…] My wife routinely is told she’s logging in from about 30 miles south, although on the same home network, it’s more accurate for me. If we both had this issue, I’d expect that the IP address of our network was misplaced in whatever geo-identification system Apple relied on to match IPs with a rough place on the globe.

This is particularly troubling because two factor authentication is promoted as being a more secure login option. If a typical user were to set that up and then be shown a map of a login attempt from miles away, they may be concerned, and reasonably so. I get that the map is supposed to help authenticate a login attempt with an additional piece of information, but is that enough of a reason to display it, if it is unreliable? I’m not so sure.

Taking Responsibility for Algorithms

Two great articles on the rash of bullshit — not inaccurate, not erroneous, but bullshit — stories that dominated the top of Google’s search results after Sunday night’s tragedy in Las Vegas and, indeed, after every major tragedy in recent years.

First, Charlie Warzel, Buzzfeed:

Facebook hopes to become a top destination for breaking news, but in pivotal moments it often seems to betray that intention with an ill-conceived product design or a fraught strategic decision. In 2014, it struggled to highlight news about the shooting of Michael Brown and the ensuing Ferguson protests. News coverage of the events went largely unnoticed on the network, while instead, News Feeds were jammed with algorithmically pleasing Ice Bucket Challenge videos. And during the 2016 US presidential election, it failed to moderate the fake news, propaganda, and Russian-purchased advertising for which it is now under congressional scrutiny. Meanwhile, it has made no substantive disclosures about the inner workings of its platform.

Google has had its fair share of stumbles around news curation as well, particularly in 2016. Shortly after the US presidential election, Google’s top news hits for the final 2016 election results included a fake news site claiming that Donald Trump won both the popular and electoral votes (he did not win the popular vote). Less than a month later, the company came under fire again for surfacing a Holocaust denier and white supremacist webpage as the top results for the query “The Holocaust.”

And William Turton, the Outline:

The only reasonable conclusion at this point is that tech companies like Google and Facebook do not care about fixing this. Based on Google’s statements it does not appear that the company plans to prevent 4chan from popping up in its top stories module in the future. Instead it defers to the vagaries of its algorithms, as if doing anything proactive would be interfering with their sacred work. “There are trillions of searches on Google every year. In fact, 15 percent of searches we see every day are new. Before the 4chan story broke, there wasn’t much surfacing about [geary danley], and so we weren’t showing a Top Stories section for this set of queries. So when the fresh 4chan story broke, it triggered Top Stories which unfortunately led to this inaccurate result,” the company said in an email. The wording from Google here is strange, as 4chan has no news stories, only threads populated with the images and musings of 4chan users.

As with advertising on their platforms, Google and Facebook are only too happy to take credit for the successes of the algorithms they built, but demur to take the blame when their code does something stupid. They will gladly own their code — do you think Google would ever make public their precise methodology behind search rankings? — but refuse to take responsibility for it.

Senate Confirms Ajit Pai to New Five-Year Term at FCC

David Shepardson, Reuters:

The U.S. Senate on Monday confirmed Federal Communications Commission Chairman Ajit Pai for another five-year term on the telecommunications regulatory panel where he faces decisions over dismantling Obama-era internet protections and a major television station merger.

Pai won confirmation by 52-41 over objections from Democrats, who criticized him for moving to deregulate U.S. telecommunications rules. Republicans praised him for taking steps to boost rural internet service.

The FCC under Pai was recently criticized for their slow response to the aftermath of hurricanes devastating Puerto Rico, and couldn’t be bothered to check FCC regulatory filings before demanding that Apple activate nonexistent FM radio chips in iPhones.

To his and Republicans’ credit, Pai is taking steps to improve broadband access for those in rural communities, but he’s also proposing to reduce the standard of what constitutes “broadband” internet access. If the latter adjustment passes, that could allow the FCC to fudge the numbers on how many Americans have sufficient access to broadband internet.

Even so, Pai’s proposal to reject attempts to regulate large internet service providers cum media conglomerates, and prevent them from restricting competing services or certain websites is dogmatic crappy policy, and should have been enough to turf this jackass.

This vote is retroactive; Pai’s new five-year term began in July of last year.

Equifax Announces More Americans Impacted by Security Breach

Equifax’s press release today, announcing the conclusion of Mandiant’s investigation:

The completed review determined that approximately 2.5 million additional U.S. consumers were potentially impacted, for a total of 145.5 million. Mandiant did not identify any evidence of additional or new attacker activity or any access to new databases or tables. Instead, this additional population of consumers was confirmed during Mandiant’s completion of the remaining investigative tasks and quality assurance procedures built into the investigative process.

The relatively good news is that the number of Canadians impacted is far lower than previously estimated.

Additionally, it strikes me as slimy and opportunistic of Equifax to announce this while news of the worst mass shooting in post-war American history is on everyone’s mind. Their inability to adequately secure even more Americans’ information can wait until people have time to mourn, grieve, and — over time — find any means of turning their pain into ideas and policies that make the country a better place to live.

Western Digital Bungled Their Attempt to Purchase Toshiba’s Flash Storage Business

Pavel Alpeyev and Ian King, Bloomberg:

Tempers first flared at an April meeting at Western Digital’s headquarters, where [Western Digital CEO Steve Milligan] sat across from Toshiba’s head of the chip unit, Yasuo Naruke. The American CEO made a low-ball offer of $13 billion for the business and said he’d use his rights as Toshiba’s partner to block a sale to anyone else, according to people who attended the meeting.

With a helmet of dark hair parted neatly on the side, Naruke projects an image of calm restraint, but the 62-year-old engineer fumed the whole way home to Tokyo on the airplane, according to the people. He believed Milligan was trying to take advantage of Toshiba’s problems to buy the chip business on the cheap, they said.

Ultimately, a Bain Capital consortium that includes Apple bought the division for $18 billion, which means a couple of things: Western Digital blew a major chance to own a big slice of one of the hottest industries on the planet, and this acquisition will likely be seen in the future similarly to how we now see Apple’s purchase of P.A. Semi in 2008. The biggest differences between the acquisition of P.A. Semi and this Toshiba buy are in exclusivity — Apple is just one of several buyers — and total price tag. But even if Apple won’t be taking over Toshiba’s entire production, it should give them an opportunity to lower their costs — and, hopefully, prices to consumers — in a complicated market.

Documenting Our Experiences

Hannah S. Ostroff, on Twitter, responded to Arielle Pardes’ article last week in Wired about Instagram-friendly art installations:

Let’s stop looking down on how people experience the world around them […]

People take photos to document their lives and share them with friends. This was true before Instagram. Time to embrace it.

Social media won’t put an end to educational exhibitions, thoughtful discourse. It can open up the conversation in new ways.

An always-connected camera on all of us affords such a great opportunity to artists and institutions like museums and galleries. I look forward to a new generation of exhibitions that are more cognizant of this change.

The Equifax Investigation So Far

Michael Riley, Jordan Robertson, and Anita Sharpe, in a lengthy feature for Bloomberg:

The impact of the Equifax breach will echo for years. Millions of consumers will live with the worry that the hackers — either criminals or spies — hold the keys to their financial identity, and could use them to do serious harm. The ramifications for Equifax and the larger credit reporting industry could be equally severe. The crisis has already claimed the scalp of Richard Smith, the chief executive officer. Meanwhile, the federal government has launched several probes, and the company has been hit with a flurry of lawsuits. “I think Equifax is going to pay or settle for an amount that has a ‘b’ in it,” says Erik Gordon, a University of Michigan business professor.

If you call a $90 million golden parachute a scalping, you can scalp me any time.

I’m struggling to come to grips with the likely long-term ramifications of the Equifax breach. The entire model of the credit reporting industry rests on the idea that they can secure the financial details of millions of people. But the reputation of all of this industry — and, I would argue, any company that collects sensitive information en masse — has been deeply undermined by this breach and others like it.

Lawsuits are a predictable response. However, even if this attack puts Equifax out of business — and I wholly doubt that it could — the effects of this breach will be felt for decades to come by American consumers.

I know that regulation is a touchy subject, but the kind of data that is held by companies in pretty much every major industry is far too valuable to allow for anything other than a perfect security record. If we are going to permit mass data retention, there ought to be standards for how this information is secured: latest patches must be applied immediately, frequent audits need to be conducted to ensure that data centres are secured, and there ought to be steep penalties for any violation. Self-regulation isn’t working, and failures have massive consequences.

High Sierra and EFI Verification

Dan Goodin, Ars Technica:

An analysis by security firm Duo Security of more than 73,000 Macs shows that a surprising number remained vulnerable to such attacks even though they received OS updates that were supposed to patch the EFI firmware. On average, 4.2 percent of the Macs analyzed ran EFI versions that were different from what was prescribed by the hardware model and OS version. Forty-seven Mac models remained vulnerable to the original Thunderstrike, and 31 remained vulnerable to Thunderstrike 2. At least 16 models received no EFI updates at all. EFI updates for other models were inconsistently successful, with the 21.5-inch iMac released in late 2015 topping the list, with 43 percent of those sampled running the wrong version.

EFI vulnerabilities are rarely a problem for typical users; they’re more likely to be used for high-value breaches. Still, any security vulnerability is concerning, and the same Mac models are used by high-value targets and college students alike, so it’s important that these holes get patched.

Apple’s statement:

We appreciate Duo’s work on this industry-wide issue and noting Apple’s leading approach to this challenge. Apple continues to work diligently in the area of firmware security and we’re always exploring ways to make our systems even more secure. In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly.

More information on the firmware validation built into High Sierra from the Eclectic Light Co:

The new utility eficheck, located in /usr/libexec/firmwarecheckers/eficheck, runs automatically once a week. It checks that Mac’s firmware against Apple’s database of what is known to be good. If it passes, you will see nothing of this, but if there are discrepancies, you will be invited to send a report to Apple, with the following dialog.

If you are running a real Mac, rather than a ‘Hackintosh’, Kovah asks that you agree to send the report. This will allow eficheck to send the binary data from the EFI firmware, preserving your privacy by excluding data which is stored in NVRAM. Apple will then be able to analyse the data to determine whether it has been altered by malware or anything else.

But, per Goodin, this won’t necessarily prevent the kinds of problems described in Duo’s report:

The new macOS version introduces a feature called eficheck, but Duo Security researchers said they have found no evidence it warns users when they’re running out-of-date EFI versions, as long as they’re official ones from Apple. Instead, eficheck appears only to check if EFI firmware was issued by someone other than Apple.

Moreover, eficheck depends on the user running High Sierra, though it appears that it made an appearance in Sierra 10.12.4. As Rich Smith and Pepijn Bruienne of Duo point out, older versions of MacOS are receiving security updates, but not necessarily firmware updates:

  • The security support provided for EFI firmware depends on the hardware model of Mac. Some Macs have received regular EFI updates, some have only been updated after particular vulnerabilities have been discovered, others have never seen an update to their EFI.

  • The security support provided for EFI firmware also depends on the version of the OS a system is running. A Mac model running OS X 10.11 can receive distinctly different updates to its EFI than the same Mac model running macOS 10.12. This creates the confusing situation where a system is fully patched and up to date with respect to its software, but is not fully patched with respect to its EFI firmware — we called this software secure but firmware vulnerable.

Again, it’s unlikely that you are at risk here. You’re probably not interesting enough to the kinds of entities that exploit firmware vulnerabilities. I hope that this research motivates Apple to ensure patches are rolled out more consistently across the board, and it would be awesome if eficheck could validate firmware more thoroughly in a future version of MacOS.

Twitter Tells Congress It Found 200 Russian Accounts That Overlapped With Facebook

Charlie Warzel and Emma Loop, Buzzfeed:

But Twitter’s disclosures did not impress some lawmakers. After the meeting, Sen. Mark Warner, the lead Democrat on the committee, told reporters the discussion was “deeply disappointing,” calling Twitter’s presentation “inadequate” in almost every way.

“The presentation that the Twitter team made to the Senate Intel staff today was deeply disappointing,” Warner said. “The notion that their work was basically derivative based upon accounts that Facebook had identified showed an enormous lack of understanding from the Twitter team of how serious this issue is, the threat it poses to democratic institutions, and again begs many more questions than they offered. Their response was frankly inadequate on almost every level.”

As tech companies play an increasing role in democratic processes worldwide, a regular theme has been their reluctance to admit to their own influence in a legal context. They’re perfectly happy to trot out the old Silicon Valley trope of changing the world and brag to candidates about the effectiveness of advertising on their platforms when it suits them. But when it’s time for them to be introspective about their own responsibilities, they suddenly clam up and claim that they can’t possibly have influence. They’re just “platforms”; they’re merely allowing a public forum for “all ideas”.

But their employees — generally young, generally male, and frequently white — write the algorithms that preference some of these ideas over others, recommend other users to follow, or surface different news articles. When you consider that they’re doing this for hundreds of millions — or even billions — of users around the world, that’s an enormous influence.

I’m sure these companies are thrilled to have such a significant role in our lives. But they aren’t taking responsibility for that.

You Can Help Fire Ajit Pai

I don’t like the way Ajit Pai has been running the FCC. I may be Canadian, but the influence of the FCC on worldwide telecom policy is such that I feel obligated to encourage my American readers to think critically about how well you think Pai has been running the Commission. Fortunately, if you are not a fan of the way he’s running the show, you can do something about it.

Ex-FCC counselor Gigi Sohn, in a column for the Verge:

The Senate vote on Pai is imminent. When it happens, it will be a stark referendum on the kind of communications networks and consumer protections we want to see in this country. Senators can choose a toothless FCC that will protect huge companies, allow them to further consolidate, charge higher prices with worsening service, and a create bigger disconnect between broadband haves and have-nots. Or, they can vote for what the FCC is supposed to do: protect consumers, promote competition, and ensure access for all Americans, including the most vulnerable. It shouldn’t be a hard decision, and what we’ve seen over the past eight months makes the stakes clear.

How do you help encourage the Senate to vote against Pai? Say it with me now: “call your Senator”. While you’re at it, just add the Senate’s switchboard to your iPhone’s favourite contacts list.

The Rise of Instagram-Friendly Art Installations

Arielle Pardes, Wired:

One year and three cities later, the Museum of Ice Cream has graduated to cult status on Instagram. More than 241,000 people follow its page, and countless more have posted their own photos from within the space. (Instagram doesn’t show how many photos have been posted at a particular geotag, but there are over 66,000 images with the #museumoficecream hashtag.) All those grams have made the Museum of Ice Cream a coveted place to be: In New York, the $18 tickets to visit — 300,000 in total — sold within five days of opening. At its San Francisco location, which opened this month, single tickets went up to $38. The entire six-month run sold out in less than 90 minutes.

[Co-founder Maryellis Bunn] denies that Instagram played a significant role in how she shaped the museum. “I don’t think that social is what is driving what the Museum of Ice Cream does,” she says. Yet it’s hard to walk through the space and imagine it as anything but a series of Instagram backdrops. One room in the San Francisco space is filled with giant cherries and marshmallow clouds; in LA, there’s a room with strings of pink and yellow bananas strewn from the ceiling. Visitors are allotted about 90 minutes to explore the museum, but it’s hard to imagine what you’d do during that time if you weren’t taking photos.

My interpretation of the Museum of Ice Cream is that it’s an expression of unadulterated excitement — a fantasy made real. If it were presented in a pre-Instagram — even pre-photography — world, I think visitors would still get a hell of a lot of joy out of the fantastical nature of swimming in sprinkles. Still, it was created in a world where we all have a camera and an internet connection in our pants, and I think it’s a little disingenuous for Bunn to neglect the role of Instagram in its success — the team behind it features a “#MOIC” gallery on the installation’s website.

Nevertheless, I see parallels between this piece and Casey Newton’s from earlier this year about Instagram-friendly interior design. When I linked to that, I wrote that these interiors still feel like they’re embracing social media only at a surface level, and I see the same thing happening with the Museum of Ice Cream and the Color Factory. Both sure seem to be embracing the role that Instagram can play in enjoying and promoting the installations, but neither installation seems to be taking advantage of their photo-friendliness beyond merely what they look like.

I would love to see artists pushing the use of Instagram beyond promotion. What if Instagram was integral to the experience of the artwork? What if an artwork explored how some of us are prone to sharing our experiences like they’re trading cards? What about using an Instagram-friendly installation to demonstrate the disconnect between our curated-for-Instagram selves and our more private reality? I think exploring topics like these would turn photogenic installations from novelty into critical artworks.

Equifax CEO Dick Smith to Retire With Up to $90 Million Severance

Jen Wieczner, Fortune:

Equifax said Tuesday that as a condition of [Richard Smith’s] retirement, he “irrevocably” forfeits any right to a bonus in 2017, an amount that under normal circumstances would have totaled more than $3 million — the bonus he received in 2016 — according to the company’s retirement policy.

But the CEO is still set to collect about $72 million this year alone (including nine months’ worth of his $1,450,000 salary), plus another $17.9 million over the next few years. That’s when the rest of Smith’s stock compensation hits a few important milestones or “vests,” allowing Smith to essentially put it in his bank account. Altogether, it adds up to a total potential paycheck of more than $90.1 million, according to Fortune’s calculations based on Equifax securities filings.

Smith is the third Equifax executive who has been allowed to “retire” instead of being fired for allowing the exposure of personal information of virtually every American who has ever applied for a cellphone contract, a credit card, a mortgage, or any other loan. Wieczner reports that Equifax may still retroactively change the conditions under which Smith’s employment was terminated, but no executive who oversaw a breach of trust as serious at this should be allowed to “retire” and collect their severance. That’s outrageous.

The Cost of a ‘Pivot to Video’

Ross Benes, Digiday:

According to data from comScore, the publishers that pivoted to video this summer have seen at least a 60 percent drop in their traffic in August compared to the same period from a year ago. Mic went from 17.5 million visitors in August 2016 to 6.6 million visitors in August 2017, according to comScore. The decline at Vocativ was even more drastic as it went from 4 million visitors in August 2016 to a 175,000 visitors in July 2017. By August 2017, Vocativ’s traffic had shrunk enough that comScore couldn’t detect it. Over the past six months, the Alexa ranks of Vocativ, Fox Sports and Mic have also plummeted.

Heidi N. Moore, Columbia Journalism Review:

Publishers must acknowledge the pivot to video has failed, find out why, and set about to fix the reckless pivots so that publishers focus on good video. It should be original, clever, entertaining, and part of a balanced multimedia approach to digital journalism that includes well-written, well-reported stories, strong data and graphics, and good art.

Moore’s article is killer — a well-considered dressing-down of publishers that rely on lazy video techniques to try to replace high production value journalism.

Apple Releases More Information About the TrueDepth Camera and Face ID Security

From an Apple support document:

Even if you don’t enroll in Face ID, the TrueDepth camera intelligently activates to support attention aware features, like dimming the display if you aren’t looking at your iPhone or lowering the volume of alerts if you’re looking at your device. For example, when using Safari, your device will check to determine if you’re looking at your device and turns the screen off if you aren’t. If you don’t want to use these features, you can open Settings > General > Accessibility, and disable Attention Aware Features.

And from a security white paper published today (PDF):

To improve unlock performance and keep pace with the natural changes of your face and look, Face ID augments its stored mathematical representation over time. Upon successful unlock, Face ID may use the newly calculated mathematical representation — if its quality is sufficient — for a finite number of additional unlocks before that data is discarded. Conversely, if Face ID fails to recognize you, but the match quality is higher than a certain threshold and you immediately follow the failure by entering your passcode, Face ID takes another capture and augments its enrolled Face ID data with the newly calculated mathematical representation. This new Face ID data is discarded after a finite number of unlocks and if you stop matching against it. These augmentation processes allow Face ID to keep up with dramatic changes in your facial hair or makeup use, while minimizing false acceptance.

Apple also provides information in that white paper about a Face ID Diagnostics function that users can opt into, which will record all Face ID unlock attempts as images for seven days and can optionally be sent to Apple for analysis.

I have written here before that I have no idea whether Face ID is going to be good enough in most circumstances to replace Touch ID. Outside of the lucky Apple employees who are using an iPhone X as their regular carry device, nobody truly knows. But from everything I’ve seen in Apple’s documentation and everything I’ve heard from those who know about using Face ID on an ongoing basis, it’s the real deal for secure, reliable, and fast facial recognition.

A Fix for Missing Stand Reminders After Upgrading to WatchOS 4

Earlier today, Craig Hockenberry tweeted that he hadn’t received any stand reminders since upgrading to WatchOS 4. I’m usually good about hitting my stand goal without the reminders, but yesterday, I didn’t hit my stand goal for the first time in seventy-five days, according to Activity++. I realized today that I wasn’t reminded after being stationary for over four hours.

Patrick McConnell saw the same issue with his Apple Watch, but he found a fix:

When I first updated to Watch OS4 on my original series 0 watch I didn’t get any reminders to stand. I checked the stand reminders setting was in fact set correctly and scoured the internet for other possible issues. This problem persisted even after updating to my new series 3 watch.

I don’t recall where I came across this tip, but the answer seems to be go into the health app on your phone and access your profile by clicking the icon in the upper right of the screen. From there set the wheelchair option to No.

By default, the wheelchair option is “Not Set”. This is probably a trivial bug to fix, but until it is, this silly workaround should re-enable standing reminders if you’re also affected by this bug.

Text Replacement Syncing Is, Anecdotally, iCloud’s Buggiest Feature

Brian Stucki:

Text replacement syncing is completely broken. Sometimes it works, sometimes it doesn’t. Sometimes it will only sync back old snippets that you have deleted. Sometimes the sync will work one direction, but not the other. Every time I ask about this on Twitter, it brings a strong response of similar experiences.

[…]

From my own experience, syncing of all other data via iCloud has really improved. Notes, Calendar, address book, reminders, photos, etc all sync almost instantly across all devices.

What is so special/not special about Text Replacement snippets that makes it so hard?

I know a bunch of people have been passing this link around today, but I thought I’d throw my bit in, too, because a few friends and I were chatting about this in Slack just this weekend. It’s truly astonishing that seemingly the buggiest part of iCloud is syncing plain text strings. As one person quipped in Slack, it’s amazing that I can make dozens of edits to a RAW photo and see that reflected nearly instantaneously on all my devices, but changes to text replacements remain entirely unreliable.

I used the word “astonishing” because I truly mean it. iCloud is a long way from its bug-riddled past, and features like iCloud Photo Library have worked nearly flawlessly for me since they launched. Greg Pierce’s sources say that text replacement still uses the old (and deprecated) iCloud Core Data APIs. I imagine that it’s one of the last things that does — this year’s iOS and MacOS releases migrated Safari bookmark syncing to an updated format. It’s long past the time when text replacement syncing should have been fixed, but there’s no time like the present.

Update: Apparently, if all devices under a single Apple ID have been upgraded to the latest versions of MacOS and iOS, text replacement syncing will use CloudKit instead of iCloud Core Data. Over time, we will see how much of a role the underlying technology played in its unreliability.

Update: A clarification on the above — an Apple spokesperson emailed John Gruber to state that text replacement syncing will switch to CloudKit with an update. No word on whether that’s a back-end update or a software update. On a potentially related note, the first beta of iOS 11.1 was pushed to developers today.

Credit Reporting Firms’ Dark Marketing and Information Gathering Tactics

David Lazarus, Los Angeles Times:

The ad opens with quick cuts of creepy-looking hackers in sinister surroundings. A serious male voice asks: “Is your personal information already being traded on the dark Web?”

Then the imagery brightens — a sunny kitchen, a family playing with a fluffy white dog. “Find out with Experian,” says a friendly female voice. “Act now to help keep your personal information safe.”

Consumers’ and lawmakers’ attention is rightly focused at the moment on the security breach involving Equifax, which left millions of people facing a very real possibility of fraud and identity theft.

But the recent ad from rival Experian highlights a more troublesome aspect of credit agencies — their use of questionable methods to spook people into buying services they may not need and, in so doing, giving the companies permission to share data with marketers and business partners.

Baiting practices like these are pretty gross in virtually every context, but particularly intolerable in an industry that is supposed to monitor your finances and handle your sensitive information delicately. If Experian — or any other company that uses similar tactics — were proud of the spam that you can expect to receive after giving them your email address, don’t you think they would point that out in a more obvious place that isn’t thousands of words deep inside a terms of service agreement?

Of course, similarly-buried agreements are exactly how Experian and Equifax get their data in the first place. A common misconception I’ve seen and heard is that we never agreed to their collection of information — Jimmy Kimmel was among many who claimed that. But that isn’t exactly true. Your credit card agreement probably contains something similar to the language in mine (PDF):

Credit Reporting Agencies and Other Lenders – For a credit card, line of credit, loan, mortgage or other credit facility, merchant services, or a deposit account with overdraft protection, hold and/or withdrawal or transaction limits, we will exchange Information and reports about you with credit reporting agencies and other lenders at the time of and during the application process, and on an ongoing basis to review and verify your creditworthiness, establish credit and hold limits, help us collect a debt or enforce an obligation owed to us by you, and/or manage and assess our risks.

So if you’ve ever applied for a car loan, or a mortgage, or have a cellphone or internet subscription, you probably agreed to allow the provider of that service to submit your information to Equifax, Experian, and TransUnion — the big three credit reporting firms. I don’t think that’s necessarily a good reason — as Lazarus notes, there’s a lot of text in most terms of service agreements, and it’s pretty unfair for us to be expected to interpret their language as a lawyer would.

Siri and Search on iOS, and Spotlight and Siri on MacOS (But Not Siri Image Search) Switch to Google From Bing

Matthew Panzarino, TechCrunch:

Apple is switching the default provider of its web searches from Siri, Search inside iOS (formerly called Spotlight) and Spotlight on the Mac. So, for instance, if Siri falls back to a web search on iOS when you ask it a question, you’re now going to get Google results instead of Bing.

[…]

The search results include regular ‘web links’ as well as video results. Web image results from Siri will still come from Bing, for now. Bing has had more than solid image results for some time now so that makes some sense. If you use Siri to search your own photos, it will, of course, use your own library instead. Interestingly, video results will come directly from YouTube.

I have a lot of questions about this announcement. Most of all, I wonder about Apple’s justification — their statement said, in part, that switching to Google “as the web search provider for Siri, Search within iOS and Spotlight on Mac will allow these services to have a consistent web search experience with the default in Safari”. But if consistency is what they’re aiming for, why does Siri on the Mac use Google for all searches except image searches, which still use Bing? In fact, if consistency is truly what is desired here, why don’t Siri and Spotlight match the search engine the user has selected for Safari?

The most obvious reason why this isn’t the case — and why this change was made today — is that Google’s expanded presence across Apple’s platforms is a condition of their agreement with Apple.

Also, one thing from Microsoft’s statement to TechCrunch:

Bing has grown every year since its launch, now powering over a third of all the PC search volume in the U.S., and continues to grow worldwide.

That’s unbelievable. I mean that literally — I cannot believe that a third of U.S. searches are made through Bing. There’s no citation for this, but Statista’s consolidated data from April indicates that Bing’s market share was around 23% in the U.S. at the time. I can’t imagine that Google has ceded 10% of the market to Microsoft in the past four months and nobody I know willingly uses Bing, so I wonder how this is being measured by both Statista and Microsoft.

MacOS Reportedly Vulnerable to Keychain Exfiltration Bug

Patrick Wardle of penetration testing firm Synack posted a short video of this security hole in action. In short, it appears that the only requirement is for the user to download and execute an unsigned application; after that, the user’s Keychain is dumped in plain text.

Thomas Fox-Brewster of Forbes spoke with Wardle about the vulnerability:

“Most attacks we see today involve social engineering and seem to be successful targeting Mac users,” he added. “I’m not going to say the [keychain] exploit is elegant – but it does the job, doesn’t require root and is 100% successful.”

That’s a hell of a combination.

This is being described in several places as a High Sierra-specific problem. It isn’t; Wardle has clarified on Twitter that other versions of MacOS are also vulnerable.

Update: Wardle has also stated on Twitter that signed apps could potentially be vehicles for distributing this malware, too — it’s not difficult to imagine a circumstance similar to last year’s incident when ransomware was briefly attached to copies of Transmission.

Roman Loyola of Macworld got a statement from Apple on this:

“macOS is designed to be secure by default, and Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app without explicit approval. We encourage users to download software only from trusted sources like the Mac App Store, and to pay careful attention to security dialogs that macOS presents.”

Users are inundated with dialog boxes and security warnings — surely Apple knows that very few people actually read them.1 And, again, I stress that this malware could be attached to a totally legitimate signed app. Apple could invalidate the developer’s certificate if something like this were to be discovered in the wild, but that doesn’t mean that the security issue doesn’t exist. They have to be working on a fix for this, too, right?


  1. The only effective way I’ve seen of presenting security warnings is the one that Safari displays when you try to visit an address marked as a possible phishing domain. It requires the user to click the “Show Details” button and actually read the text to find the link to visit the site. ↩︎

Sharing Links in iOS 11

Ricky Mondello, in a Twitter thread of notable Safari 11 improvements on MacOS and iOS (via Michael Tsai):

Safari on iOS 11 will share the canonical link for a page, which can improve the experience of sharing a “mobile” website.

This is a great feature. Unfortunately, it is restricted to Safari; Apple News still shares apple.news links, which I find problematic.

For whatever reason, Apple has designed their News URLs to be unintelligible strings of random characters — for example, https://apple.news/Aj3TLC1DoQ7ubOyx_-Kwc9A. That means that the publication and article topic are completely obscured. Do you know that the link I pasted here will be safe for work, or from a reliable publication, or cover a topic you’re interested in? In short, can you trust that link? I certainly don’t think that’s possible.

Publications on Apple News have similarly sketchy-looking URLs. Pixel Envy’s is https://apple.news/TAjcS0c5sRV2HYftzmJ6UMQ. Unlike article URLs, those links don’t redirect to the publication’s website on desktop computers; visiting that link on my desktop simply displays a notice that it’s only available on Apple News.

To make matters worse, iOS 11 seems to have a bug where choosing to copy an Apple News link from the sharing sheet creates two iterations of that link as one which, of course, breaks the link.

This is a solvable problem. Let’s assume that Apple would prefer to share apple.news links rather than the canonical URL for marketing purposes — it’s not a great reason, and I believe that the canonical URL should always be shared, but let’s just stick with that argument. Let’s also assume that the sharing sheet bug will be fixed. Apple could update apple.news links to include the publication name and article title, plus a unique article ID to prevent cases of overlap as this would likely be an automatically-generated URL. For example, the link above could be apple.news/national-geographic/[unique-ID]/alligators-attack-and-eat-sharks. Of course, publications would simply be the first-level directory — apple.news/national-geographic/ — and should redirect to the publication’s regular website when the Apple News app isn’t detected.

I filed this as a bug back when Apple News launched and it was closed rather quickly as a duplicate. That was about two years ago. I’m sure there is a very sound technical reason why Apple News shipped with such a terrible URL design originally, and probably a decent reason — scale, perhaps? — why it hasn’t been fixed since. But it ought to be, and soon.

More on the iPhone 8’s Camera System

John Paczkowski of Buzzfeed interviewed Phil Schiller and Johnnie Manzari of Apple:

[…] When I ask Schiller about the evolution of the iPhone’s camera, he acknowledges that the company has been deliberately and incrementally working towards a professional-caliber camera. But he quickly follows up with an addendum that tells you most everything you need to know about Apple and camera design: “It’s never just ‘let’s make a better camera,'” he says. “It’s what camera can we create? What can we contribute to photography?”

I love this sentiment. The physics of light and the pocket-friendliness of smartphones means that an iPhone will never truly replace a full-frame camera. But some of the things that were previously the exclusive domain of specific hardware — shallow depths of field and lighting, for instance — can increasingly be modelled in software. Apple’s interpretation is not perfect, but it’s damn good.

In related news, DxOMark has given the iPhone 8 Plus the highest rating of any smartphone camera they’ve tested, but I think their scoring is of dubious reliability.

First of all, I think that applying numerical scores to subjective or perceived qualities is terrible, so I’m already not a fan of their tendency to split hairs between a phone that’s an 88 and one that’s a 90. How can anyone possibly decide that one phone is two points better than another?

But, more critically, DxOMark didn’t bother testing the iPhone 7 Plus last year; in fact, they didn’t test it until last week, just one day before this year’s iPhones were announced. They rationalized this by saying that they were updating their testing protocol to cover things like ultra-low-light performance and newer software features like simulated depth-of-field.

Yet, despite their reservations about testing phones that make heavy use of software enhancements to improve image quality, they tested the Google Pixel just a couple of weeks after the iPhone 7 Plus was released. No question about it — the Pixel takes great photos and, much like dual-camera iPhones, that’s due in part to the machine learning work it does to boost image quality. In fact, not only did DxOMark test it, they felt comfortable crowning it the best smartphone camera, a feat which Google touted extensively in their marketing materials for the Pixel.

Now, I don’t think there was any collusion with Google or any nonsense like that. There are some people who believe that DxOMark’s updated protocol conveniently aligns with Apple’s camera priorities and I, too, don’t believe that there’s any favouritism going on there either — their updated test suite is simply reflecting the changing reality of these products. But I think that DxOMark somewhat soiled their credibility with such an enormous lag in testing the 7 Plus, without great reason to do so.

Austin Mann Takes the iPhone 8 Plus to India

One of the iPhone reviews I look forward to most every year is Austin Mann’s; it’s also the review that makes me the most envious. The new Portrait Lighting feature is particularly impressive, especially in Mann’s use. Also of note:

During my briefing with the Apple team, they mentioned I should expect to see improvements in how the iPhone 8 Plus meters for specific scenes like sunsets and concerts, and they also mentioned it should focus more accurately on fast moving objects.

I asked them if they had given these improvements a name and their answer was simple: “It’s a smarter sensor.” I noticed these subtle improvements every time I shot the sky and in the tack sharp images I captured of birds in super low light. It’s hard to describe with words, but it is a smarter sensor, indeed.

Though Mann quotes Apple as saying that it’s the sensor that’s responsible, I bet it’s helped a lot by some of the ISP improvements in the iPhone 8 as well.

Matthew Panzarino, reviewing the iPhone 8 for TechCrunch:

Noise reduction (NR) is the process that every digital camera system uses to remove the multi-colored speckle that’s a typical byproduct of a (relatively) tiny sensor, heat and the analog-to-digital conversion process. Most people just call this “grain.”

In previous iPhones this was done purely by software. Now it’s being done directly by the hardware. I’d always found Apple’s NR to be too “painterly” in its effect. The aggressive way that they chose to reduce noise created an overall “softening,” especially noticeable in photos with fine detail when cropped or zoomed.

One of the reasons I switched to shooting RAW on my iPhone is to have control over noise reduction. It’s especially noticeable in photos of trees and other foliage — here’s the same photo shot as a JPG and as a RAW file with my iPhone 6S.

Now that new iPhones are being delivered, I’m very interested to see how JPG and HEIF files perform compared to RAW, and whether noise reduction can still be disabled by third-party camera apps.

Anatomy of a Moral Panic

Maciej Cegłowski, reacting to the deluge of articles claiming that Amazon’s algorithms are suggesting “bomb-making supplies”:

The real story in this mess is not the threat that algorithms pose to Amazon shoppers, but the threat that algorithms pose to journalism. By forcing reporters to optimize every story for clicks, not giving them time to check or contextualize their reporting, and requiring them to race to publish follow-on articles on every topic, the clickbait economics of online media encourage carelessness and drama. This is particularly true for technical topics outside the reporter’s area of expertise.

And reporters have no choice but to chase clicks. Because Google and Facebook have a duopoly on online advertising, the only measure of success in publishing is whether a story goes viral on social media. Authors are evaluated by how individual stories perform online, and face constant pressure to make them more arresting. Highly technical pieces are farmed out to junior freelancers working under strict time limits. Corrections, if they happen at all, are inserted quietly through ‘ninja edits’ after the fact.

There are plenty of critical pieces that can be written about the dangers of machine learning and algorithmic biases. Thing is, though, those stories aren’t about Amazon.

The ‘PC Guys Are Not Going to Just Figure This Out’ of Watches

This part of Benjamin Clymer’s review of the Apple Watch Series 3 stood out to me:

So again, the Swiss were dismissive of the Apple Watch because it’s not even a watch, right? How could someone who appreciates a fine timepiece ever want a disposable digital device on their wrist?

Still, we now have smartwatches from two of the three big luxury watch groups, and likely more to come. And that’s before we actually talk about sales numbers of Apple versus the traditional players or the fact that all of theirs use what is the equivalent of an off-the-shelf caliber in Android OS while Apple’s is, to borrow a term they’ll understand, completely in-house. Ironic, really.

Recall, if you will, Tim Cook’s slide during the Series 3’s unveiling indicating that the Apple Watch is now the bestselling watch in the world by revenue. Recall, too, Ed Colligan’s now-infamous dismissal of the then-rumoured iPhone:

“PC guys are not going to just figure this out. They’re not going to just walk in.”

The Apple Watch has, very quietly, become a hit product. There have been plenty of those with doubts about its potential — yours truly included, by the way, shortly after it was announced — but, now, I see them everywhere. I’m sure you do too.

One more thing that Clymer wrote caught my eye:

And if Apple did want to have some visual cue to let others know you’ve copped the new hotness with that cellular bizness inside, why make it a red dot, a logo well known and loved by a brand with which many consumers of “luxury digital products” are well acquainted – Leica? Hell, Apple designers Jony Ive and Marc Newson even collaborated on a Leica for the Red Charity Auction in 2013. Again, the red dot isn’t a huge deal, but I’d love to get the background on this. Why that and why there?

I’m also confused about the red dot. I don’t find it revolting; I do find it ostentatious. Some configurations of the original gold Edition model also featured a red dot on the Digital Crown, and I didn’t care for it much there, either.

But, more to the point, I have a Leica, and my camera was not the first thing I thought of when I saw the red dot on the Watch. I would also like to understand why it’s red, why it’s on the Digital Crown, and why there’s anything at all to indicate that a particular Watch is an LTE model. Only the aluminum model has a non-LTE option.

Update: Matthew Achariam points out that Tim Cook’s personal Apple Watch has always had a red dot on its Digital Crown. Interesting.

Designing Elements for the Bottom of the iPhone X’s Display

Max Rudberg:

iPhone X and its curved screen is the most exciting iOS UI design challenge in many years. However, there’s not a lot of time for developers to adjust their apps to this new form.

These are explorations on how certain design patterns can be adapted to the new screen. I’ll use findings in our own apps as an example.

This is a terrific piece. Rudberg makes heavy use of floating UI elements, as does Apple in many parts of iOS: notifications, Siri panels, and the card-like layout of parts of Music, Podcasts, and Mail. These elements seem very naturally tailored for a near-bezel-free display that can switch off individual pixels for perfect black areas; I’m a little surprised floating elements aren’t used even more extensively or encouraged by the HIG.

Motherboard’s Overreaction to the Bluetooth and WiFi Toggles in iOS 11

Emanuel Maiberg, writing for Vice Motherboard on the new behaviour in iOS 11 of the Control Centre toggle switches for WiFi and Bluetooth.

Users can still completely turn off Bluetooth and Wi-Fi by digging into the devices menu settings, but essentially the button does not do what a user can reasonably assume Apple says it does, and that’s because Apple doesn’t trust you. This decision is the next logical step for what has always been Apple’s design ethos: It thinks it knows what you want more than you do.

[…]

But now Apple has taken this philosophy a step further. It has gone from protecting users by omitting or blocking features to outright deceiving to users about what certain features do. “It just works,” except when you actually know what you’re doing but aren’t allowed to do it. It would have been easy to make the Control Center customizable, but of course it is not.

I agree with Maiberg’s stance that the revised behaviour of the Control Centre toggles is not clear. However, I find the rest of his argument utterly ridiculous. The two paragraphs that I quoted effectively summarize his position, and they’re full of hot garbage:

  1. I can’t speak to Apple’s intentions here, but for everyone I know, the reason they toggle WiFi in Control Centre is because a weak WiFi signal is temporarily irritating them and they want a quick way to disconnect from the network. Similarly, a user may simply opt to disconnect from a Bluetooth speaker by tapping the Control Centre toggle. I wouldn’t be surprised if Apple had information on what users’ true intent is when using these toggles and adjusted the behaviour accordingly.

  2. Describing this behaviour change as “deceptive” gives it an unnecessarily sinister vibe. A softer version of Hanlon’s razor more correctly explains what’s going on here: poor communication, rather than duplicitous intent.

  3. Maiberg claims in the second quoted paragraph that if “you actually know what you’re doing” you “aren’t allowed to do it”, but he opens the first quoted paragraph — just two prior, in the article itself — by noting that you can switch off WiFi and Bluetooth completely in Settings.

Maiberg’s just getting started, though. He has other complaints along the same lines:

The “delete” key on MacOS does not allow you to delete files.

One may reasonably argue that this is a smart design decision to prevent taking a destructive action accidentally.

Apps must be approved by Apple before entering the App Store. Increasingly, it makes it harder for you to install third-party programs on MacOS (in Sierra, this option is hidden).

It only makes it trickier to install unsigned third-party applications. Your average user probably doesn’t run into this kind of stuff very often. Those who do need to use an unsigned app can figure out how to approve it with Gatekeeper.

Some of what Maiberg argues comes down to preference. Apple’s design direction is that normal people don’t feel lost when using their products, or get confused when things don’t behave as they were expecting. Sometimes — as with the WiFi and Bluetooth controls — this can confuse more technically-minded users. But claiming that Apple doesn’t trust their users is a misinformed overreaction.

Equifax Sent a Fake Security Advisory Site to Some Customers Inquiring via Twitter

Dell Cameron, Gizmodo:

Equifax’s response to its data breach has been a total shitshow, something the company seems determined to remind us of each and every day.

For nearly two weeks, the company’s official Twitter account has been directing users to a fake lookalike website, the sole purpose of which is to expose Equifax’s reckless response to the breach.

Much as Apple’s comeback from near-bankruptcy is studied in business schools as an incredible success story, Equifax’s response to this breach will surely be used in public relations and computer science classes as an example of everything you are not supposed to do in response to a crisis.

Given the inadequacy of Equifax’s response so far, I’m not sure what justice would look like for the victims of their incompetence. Perhaps Equifax would waive the cost of locking credit scores, or maybe they would offer five or even ten years of credit report monitoring. Maybe those in charge of ensuring the security and safety of such a large repository of private data would be fired. Instead of anything like those suggestions, Equifax reported on Friday that two executives — their Chief Information Officer and Chief Security Officer — would be “retiring”. Equifax didn’t say how much their retirement packages are worth.

Toggling Bluetooth and WiFi From Control Centre Doesn’t Switch Them On or Off in iOS 11

Joe Rossignol, MacRumors:

Even when toggled off in Control Center on an iPhone, iPad, or iPod touch running iOS 11 and later, a new support document says Bluetooth and Wi-Fi will continue to be available for AirDrop, AirPlay, Apple Pencil, Apple Watch, Location Services, and Continuity features like Handoff and Instant Hotspot.

Toggling off Bluetooth or Wi-Fi in Control Center only disconnects accessories now, rather than disabling connectivity entirely.

I don’t toggle either Bluetooth or WiFi so I didn’t notice this, but I also didn’t think to check whether Bluetooth was, indeed, switched off if I toggled it off in Control Centre. I kind of get why this change was made: a frequent barrier in my use of AirDrop “just working” is that a friend’s Bluetooth connection has been toggled off. I don’t think that most people would be fully aware that both networking services must be switched on for many of Apple’s “continuity” features to keep working.

Still, this does feel a bit wrong. A toggle switch that looks like it’s on or off should behave accordingly. There are some indicators of its true behaviour — when you toggle WiFi from Control Centre, a message across the top of the screen reads “Disconnected from WiFi Network Name”. This doesn’t say that WiFi will continue to be available for iOS features, though, and it seems counterintuitive.

Update: Changed “affordances” to “indicators” per a reader’s emailed suggestion.

Reviews of the Apple Watch Series 3 and WatchOS 4

Nicole Nguyen, Buzzfeed:

I used the on-watch keypad to dial my on-shore boyfriend, and the dial tone came blaring through the built-in speaker, which I’m pretty sure disturbed some nearby seagulls. I’m sure the high volume was intentional to compete with loud, busy outdoor environments, and I was impressed by how much audio power was packed into the thing. His voice came in loud and clear, and we had a short conversation, before I hung up and attempted to send a text. Interacting with the screen with wet fingers is mostly miserable, but voice-to-text dictation worked supremely well.

Apple’s marketing materials for the Series 3 Watch heavily feature surfers and swimmers taking calls, so that’s what several reviewers tried, including Nguyen, Joanna Stern of the Wall Street Journal, and Lauren Goode of the Verge:

I actually went surfing, in the ocean, wearing the Apple Watch, hoping to replicate the glorious ad that Apple put out of a woman surfing and receiving a phone call on her Apple Watch. (Is this glorious? Real surfers would disagree. And I looked like a serious kook shouting “Hey Siri!” at my wrist in the ocean.) I wasn’t very far from shore, but the Watch vacillated between one bar of service and being disconnected entirely. I did manage to make one phone call from a surfboard. That was kind of wild.

Goode and Stern both found that their review units struggled to connect to LTE, leaving them with either a single bar — well, dot — or no service at all. For the defining feature of this model, that’s discouraging.

Serenity Caldwell of iMore dug into this problem and found out that an existing WatchOS 4 bug is the likely culprit:

Essentially, the Series 3 GPS + Cellular watch tries to save battery life at all times by using your iPhone’s connection, or failing that, a Wi-Fi network. What’s happening here is that the watch is attempting to jump on a so-called “captive” network — a public network with an interstitial login prompt or terms and conditions agreement. (You’ve probably seen these at a Starbucks, McDonalds, or Panera.)

Caldwell’s explanation sounds reasonable, but it’s surprising to me that Goode’s experience, out in the ocean, would be affected by a WiFi bug.

Regardless of the cause, this is a bad bug. Preordered Watches have already begun shipping, so this won’t be fixed before those are delivered. And, because the process of updating an Apple Watch is so slow and cumbersome, even for small updates, this bug’s impact will be pretty noticeable for anyone who has already ordered a Series 3 Watch.

In contrast to the Series 3 hardware, WatchOS 4 has been getting rave reviews, and I’m not surprised. Goode:

Speaking of saving a workout: when you finish a workout on the Watch now, there’s only one option, Done. The Apple Watch used to offer two options, Save and Discard. I suspect some people were accidentally discarding workouts when they were finished, instead of saving them. This is a much simpler way to do it.

I imagine the number of people who intentionally discarded a workout was vanishingly small compared to the number of people who accidentally did so. I know I have. This is one of the refinements that I love most.

John Gruber:

Second, there’s a new feature in WatchOS called “Auto-launch Audio Apps”. It’s in the Apple Watch app on your iPhone, in the General: Wake Screen section. What happens with this is that when you initiate audio playback on your iPhone, if there’s a corresponding WatchOS app on your watch, when you raise your wrist that app is what you see, instead of your watch face.

The first time I saw this for Music, I was pleasantly surprised; the first time I saw this for Overcast, I was blown away that it worked for third-party apps without any developer intervention. Once you get used to it, it’s hard to imagine the Watch ever not showing audio controls by default.

The new Siri watch face is fantastic, by the way. I’m sure the other new faces featuring a kaleidoscope and Toy Story characters are cool, but I haven’t once switched from the Siri face since June. It is one of the best arguments for owning an Apple Watch, even — perhaps especially — if you are not a fitness buff. My only complaint is that it doesn’t work with third-party apps, so if you keep todos in Things, for example, it may not be as useful to you.

Matt Birchler wrote a much more comprehensive review, and it’s worth checking out. Of note, the Phone app now includes a keypad:

Second, this keypad is available from inside the app while you’re on a call, so you can interact with automated systems that require you to “PRESS 4 TO TALK TO A HUMAN”. This again is not required functionality, but it removes some of the limitations the watch used to have when making phone calls.

I never open the Phone app on my Apple Watch, but this might actually be useful for buzzing someone into my apartment. I’ll have to give that a try.