Pixel Envy

Written by Nick Heer.

Catalina’s Dialog Bureaucracy

A few weeks ago, shortly after completing a clean installation of Catalina on my MacBook Air, I had a funny idea: wouldn’t it be great to reinstall Lion, the operating system it shipped with, and see what it is like to use nearly ten years after it was released?

I haven’t touched a truly old version of MacOS in years, and certainly not one called “Mac OS X” in a very long time. For a start, installing an old version of MacOS in 2020 is more difficult than it sounds, especially if you don’t have a copy of the specific or newer version of the operating system that shipped with your Mac because you resolved to become slightly better about your data hoarding habits.

It becomes significantly easier after you recognize that you failed that resolution.

Installing Lion was refreshing — in part because there are far fewer steps in Setup Assistant. There are just eleven screens, the last of which informs users that Lion changes the direction the trackpad scrolls relative to the material onscreen. There’s an animation of this and, cleverly, Apple requires users to scroll to the bottom of a small text area to click the button that finishes the setup process. You may not start using Mac OS X Lion until you have learned how to scroll.

However, perhaps the most notable part of installing Lion was that it was ready to go immediately after completing the steps in Setup Assistant. The last screen appears and confirms that Lion is set up, then the desktop zooms in, and then you can use your computer right away. Sure, Spotlight will be indexing, so it will be slow for a while, but you can get started.

Catalina is different. Many steps have been added to Setup Assistant since Lion, including options to turn on location services, enable Siri, enable various iCloud features, and — for Macs with supported hardware — steps to enrol fingerprints for Touch ID and add credit cards for Apple Pay. Some screens have been removed (remember registering your Mac?) or consolidated (picking the user picture is now done when setting up the admin user account), but the process is still far more expansive than it used to be. I counted at least seventeen screens; some screens have been consolidated as an “express setup” option, and the Apple Pay and Touch ID features are not supported on my Mac.

And that’s just Setup Assistant. After you complete those steps and you see the Catalina desktop for the first time, you have more work ahead of you. Apps need permission to send you push notifications, permission to use your contacts, and permission to use your location. Even though you said you wanted to switch on Location Services and that it was okay for Maps to use your location, Maps will ask for your location the first time you run it. Calendar will ask to use your location immediately after setup finishes. The weather widget in Notification Centre will need to be granted location permission now and probably several times in the future. Notifications will appear that you will need to dismiss.

There’s more, too. If you download apps from a source outside of the Mac App Store, you’ll be asked if you really want to open the app upon its first launch. This has long been a feature of MacOS’ Gatekeeper security software, but Catalina requires apps to be notarized. If the app is not notarized, Catalina will tell you that the app “cannot be opened” and give you the options to cancel opening it or move it to the trash. This is a lie: you can open the app — any app — by visiting the Security & Privacy preference pane, clicking the “Open Anyway” button, and then bypassing another scary-looking warning dialog.

The way that Catalina determines whether an app is safe seems to depend on several factors, and they can collide in comical ways. While writing this piece, I wanted to install a fresh copy of Catalina on a new volume of my MacBook Air’s hard drive to verify the installation procedure above. However, I only had a copy of the installer on my iMac, so I AirDropped it to myself. When I went to run the made-and-signed-by-Apple package, originally downloaded from the Mac App Store, I was told that it could not be opened because it was potentially dangerous.

The path to this present reality more or less began with Lion. It was the first version of the system to be available through the Mac App Store, introduced in a late update to Snow Leopard, and, with it, came the “Allow Apps Downloaded From” section of the Security & Privacy preference pane. It originally contained three options:

  • Mac App Store

  • Mac App Store and Identified Developers

  • Anywhere

That last option has been hidden since MacOS Sierra. It’s still possible to open apps from anywhere, but MacOS now requires you to jump through hoops that weren’t there previously. And these hoops are ratcheted tighter with every recent version of MacOS. Catalina, in particular, is notable for the vast quantity and types of cautions that users are expected to handle.

Want to download a file from a website? Safari will get you to confirm that you actually want to download that file.

Explicitly typed a command in Terminal that accesses your desktop — even something as innocuous as ls ~/Desktop? You’ll have to confirm that you are, indeed, okay with Terminal’s desktop access.

Want to run ls ~/Downloads? You’ll have to okay access to that folder, too. There’s no way to say, in any of these dialogs, that you’re entirely okay with anything Terminal wants to do. You can, however, give Terminal full disk access in a different tab of the Security & Privacy preference pane.

Security & Privacy was one of those things in Preferences that you used to set and forget. It now seems as though it’s something you’re expected to open regularly if you are a technically inclined user.

These security prompts and confirmation dialogs also have the effect of offloading some of the responsibility for a secure environment to the user in a way that, I believe, is unfair. It’s irritating to more technically literate users because it adds work to everyday tasks. For them, it is a regression.

Less technical users, on the other hand, do not have the skillset to determine what is a security concern and what isn’t. It doesn’t help that some of Apple’s own apps, daemons, and background service have inscrutable process names and many of them need some form of permission or password to run. Nor is it helpful that the Gatekeeper warnings change in mysterious and undocumented ways. But, even if everything were perfectly labelled, a user with less technical background wouldn’t have an informed clue about what they should allow and what is genuinely dangerous.

Furthermore, we know that overloading users with permission prompts encourages them to click whatever button will allow them to move on with their task, which means that they are more likely to agree to something unintentionally. We also know that people exposed to alerts and alarms on a frequent basis learn to tune them out, even in cases where those alarms are extremely important, like in hospitals (PDF). The fire alarm in my apartment building has been mistakenly activated so frequently that it is more or less just background noise. I’ll probably burn to death one day. I’ll also probably mistakenly click an “okay” button and unleash some form of minor havoc on my computer because I am inundated with permission prompts.

It’s not just security-related permissions, either. When a MacOS app wants to show push notifications, it must ask the user for consent. It’s the same thing for location, use of the microphone, a Mac’s camera, and accessing contacts, calendars, reminders, and photos. And then there are APIs that allow apps to watch over keystrokes, control other apps, and control the computer. Individually, these permission requests aren’t dreadful, but they quickly accumulate.

I’ve seen various proposed solutions to this onslaught, often centred around the idea that MacOS now needs some sort of “pro mode” — a command line switch or something of the sort that allows an advanced user to disable much of the system’s nanny state policies. That’s not a bad idea, but I don’t think it fully acknowledges how bad this situation is.

Permission consent dialog boxes are a particularly ham-fisted approach towards privacy and security. They are a last-ditch effort; an over-reliance upon them in Windows Vista was famously parodied by Apple in a “Get a Mac” ad. At best, they are irritating. But, at their worst, they are an acknowledgement by the company that builds the platform that they have been defeated in a larger argument.

The reason there are so many privacy-centric requests is because there are basically no limits to the exploitation of personal data. If we had the confidence that allowing an app access to our contacts, for example, would not expose that list to data mining and privacy-invading marketing nonsense, we would not need to spend time granting permissions.

Unfortunately, there isn’t a comparable fight for security vulnerabilities. Users’ trust is an infinitely exploitable resource and it is the primary job of malware creators to do just that.

Yet I return to my argument that requiring users to determine which processes are safe is a demand that is overwhelming to most and disruptive to the comparatively few users who are equipped to handle such a decision.

Of course, there are other protections built into the system that help prevent malware and other problematic software from running. Apple explains several of these on its marketing page for Catalina, and there are other technologies like sandboxing and the antivirus protection offered by XProtect and MRT. But if security is, as with so many things in life, like an onion, the dialog boxes are like individually wrapping a bag of the things in clingfilm: it ends up being something that gets in the way for pseudo protection. These seemingly endless permission requests disrupt the Mac’s balance of capability and user friendliness.

The future of the Mac — a friendly face atop a powerful Unix core with an amazing software ecosystem — should not be a bureaucracy that cripples its finest qualities, nor one which users are responsible for fidgeting with.

Update: The Mac App Store was introduced in an update to Snow Leopard, not Lion, as previously and incorrectly stated.

Microsoft Says That It Is Bringing Defender, Its Security and Antivirus Software, to iOS and Android

Jordan Novet, CNBC:

Microsoft will soon offer its Defender antivirus software for phones and other devices running Google’s Android and Apple’s iOS mobile operating systems, the company announced Thursday.

[…]

Apple and Google have sought to police their app stores from instances of malware. That hasn’t stopped Microsoft from jumping in.

“They’re pretty safe, but pretty safe is not the same as safe,” Rob Lefferts, a Microsoft corporate vice president, said in an interview at company headquarters in Redmond, Washington, last week. “Malware does happen on those platforms.”

The closest thing to malware on iOS is probably targeted attacks, primarily for spying, that rely on unreported vulnerabilities. It is unclear how Microsoft’s antivirus software will scan an iPhone’s apps at all, given the sandboxing restrictions on the platform, let alone find ones that use novel ways of surreptitiously scraping users’ data.

Microsoft already offers the Intune software that IT administrators can use to manage employees’ PCs, smartphones and tablets. The Defender software coming to Android and iOS is about security, rather than management. It’s designed to prevent people from visiting online destinations that Microsoft deems unsafe, Lefferts said.

This makes it sound like Microsoft Defender for iOS will, ultimately, be a Safari content blocker, or perhaps a VPN. Microsoft says that more details will be revealed at next week’s RSA Conference. I question whether it will meaningfully address how a sandboxed antivirus scanner is supposed to work platform-wide.

Update: I forgot about that ring of click fraud apps that ran invisible ads.

Larry Tesler Dies Aged 74

Andrew Liszewski, Gizmodo:

In addition to his contributions to some of Apple’s most famous hardware, [Larry Tesler] was also known for his efforts to make software and user interfaces more accessible. In addition to the now ubiquitous “cut,” “copy,” and “paste” terminologies, Tesler was also an advocate for an approach to UI design known as modeless computing, which is reflected in his personal website. In essence, it ensures that user actions remain consistent throughout an operating system’s various functions and apps. When they’ve opened a word processor, for instance, users now just automatically assume that hitting any of the alphanumeric keys on their keyboard will result in that character showing up on-screen at the cursor’s insertion point. But there was a time when word processors could be switched between multiple modes where typing on the keyboard would either add characters to a document or alternately allow functional commands to be entered.

Last year, Riccardo Mori published a transcription of a 1997 talk given by Tesler and Chris Espinosa. It’s a talk worth reading for its depth of thought. For example:

The reason we [preferred CUT/COPY/PASTE over MOVE/COPY/DELETE] is that [while] it is two steps to do CUT and PASTE, there are a lot of advantages. […] Another reason is that you don’t have to be able to see the destination when you are copying or cutting the source. That’s the most important thing. And on a screen of limited size, when you have windows overlapping, it’s sometimes very hard to get things all lined up so you can specify two targets; or you have windows popping up and down, and you get very confused.

The other thing is that I had a secret agenda: I thought that the machine should be used not for what they talked about (office systems) — well, that was good, but I didn’t want it to be used just for that. I thought it would be a great machine for publishing and that it would be able to do cut & paste into page layouts, which was my own personal interest; and so I was advocating that because that was definitely the way you’d want to do page makeup. But we did user testing, and the users slightly preferred the CUT and PASTE model.

This, too:

Brief interpolation on keyboard shortcuts — Now, as you know, you can do command keys [command key combinations] on the Mac; you can invoke commands from the keyboard, and we knew it was important to reserve some for the most common commands. […] We wanted to make sure that CUT, COPY, PASTE, UNDO were the same for everybody. [Same for] BOLD, ITALIC, UNDERLINE, and NORMAL.

Why the Z X C V keys? — They were close on the keyboard. We did X because it was a cross out (CUT). We did V because it pointed down like this [he makes a ‘V’ shape with his hands], and you were inserting; it was like an upside-down caret (PASTE). And Z was the closest one, because we figured you’d UNDO a lot. And C for COPY — that was easy.

It’s obvious to see why Tesler’s contributions to computing are so profound: they’ve barely changed in the last forty years. He put a big dent in the universe.

Folding Flip Phones Flopping

Dieter Bohn of the Verge on the new Motorola Razr:

That is the Razr’s first major trade-off. I’m harping on the $1,500 price, but not because it’s too high for any phone. Phones are our primary computers, and many people could reasonably justify that price or something even higher for the right phone. The problem with the Razr is that it delivers so few of the things you’d expect at that — or any — price.

[…]

The Razr’s screen is made of plastic, and it was recently one-upped by Samsung’s Galaxy Z Flip, which has the first folding glass display ever. Tough break. In general, though, folding screens are so new that it’s hard to know exactly what standard to judge them by. Clearly, they require trade-offs, but which trade-offs are reasonable and which are dumb won’t be clear until we use more of them.

What I don’t like: the soft plastic is likely to pick up nicks, dings, and indentations from use — and I think fairly normal use, at that. It feels slightly more robust than the Galaxy Fold’s screen, but that may just be because it’s smaller. Motorola’s main innovation with the screen is how it constructed the hinge to minimize any creasing and allow the phone to close completely flat. There are two parts to this story.

[…]

Since we’ve talked about the hinge so much, we need to get to another trade-off. Maybe you’ve heard about it, or maybe you’ve literally heard it. The creak.

Bad luck. Maybe that glass screen in the Galaxy Z Flip will fare better?

Raymond Wong, Input:

The Galaxy Z Flip — at least according to Samsung — shouldn’t have the same issues that doomed its first foldable, the Galaxy Fold. At Unpacked, Samsung made sure to highlight all the ways it improved durability in the Z Flip. The display is made of “Ultra Thin Glass” instead of plastic (it’s better, but still pretty prone to scratching). The “hideaway hinge” has fibers inside of it to keep particles out. The hinge doesn’t creak when the phone is folded. There are two little bumpers on the bottom corners to absorb hard closures. The foldable display can handle up to 200,000 folds before it breaks; 100,000 more folds than the Razr.

[…]

Realist me remains skeptical foldable phones will ever be more than a short-lived fad. (Prove me wrong phone makers!) I keep waiting to be convinced that there’s a meaningful purpose for a foldable phone other than “it folds in half!” Samsung is on the right track with the Z Flip. The hardware is getting better and all that’s left is a killer use case. As it is, the Z Flip is an expensive toy and not a smartphone you can rely on day in and day out. It’s still too expensive and its durability is uncertain. If bleeding edge tech is a way of life for you, then this phone has your name written all over. But if you need a phone you can count on that gives you the best of everything, trust me: you can do better.

I’m not sure why anyone would buy one of these prototypical devices today, unless you have a couple thousand dollars burning a hole in your pocket. And, anyway, wouldn’t you feel better sending that money to me instead?

Apple Music Now Groups Different Versions of the Same Album

Federico Viticci:

Looks like Apple has brought back one of the best features from Beats Music with Apple Music: Other Versions of the same album.

This section collects remasters, reissues, remixes, demos, deluxe editions, and explicit/clean versions of the same album.

Because this appears to be automated, it also cleans up instances of multiple copies of the same album on artist pages. I’m still not sure why Apple Music had five copies of “First Impressions of Earth”; it now has only two, though I still can’t understand why.

This appears to be slightly conservative in its approach, too. While it groups the clean and explicit versions of Kendrick Lamar’s “Damn”, it does not group the “collector’s edition”, which has a reversed tracklist. By the way, there are at least nine copies of “good kid, m.A.A.d city” on Apple Music. Again, I am not sure why there would be more than four — clean and explicit versions of each the original release and the deluxe edition — but at least they’re all grouped together now.

Apple Promotes Its Services Through Pervasive and Often Disruptive In-App Advertising

Next month will mark a year since Apple publicly pivoted itself in the direction of a services-oriented company. As far as the company’s revenue is concerned, it has been extremely successful — but it has not come easily.

Steve Streza:

If you don’t subscribe to these services, you’ll be forced to look at these ads constantly, either in the apps you use or the push notifications they have turned on by default. The pervasiveness of ads in iOS is a topic largely unexplored, perhaps due to these services having a lot of adoption among the early adopter crowd that tends to discuss Apple and their design. This isn’t a value call on the services themselves, but a look at how aggressively Apple pushes you to pay for them, and how that growth-hack-style design comes at the expense of the user experience. In this post, I’ll break down all of the places in iOS that I’ve found that have Apple-manufactured ads. You can replicate these results yourself by doing a factory reset of an iPhone (backup first!), installing iOS 13, and signing up for a new iCloud account.

Michael Tsai has collected even more examples of where Apple has aggressively pushed users to subscribe to its services.

Streza calls iOS “adware”, which I think is hyperbolic. But there’s no denying that using Apple’s products is starting to feel like visiting a department store that’s more intent on pushing its credit card than selling you a pair of shoes.

For me, the result has been plainly obvious: I treat many of Apple’s first-party apps as mere containers for the company’s subscription services. Ever since it has become an advertisement for Apple News Plus, I have almost never opened News. It’s the same with the TV app — particularly on my Apple TV — which I previously used to watch purchased and downloaded media.

As for Music? Tyler Hall:

To date, that’s $4,755 I’ve legally paid for digital music.

[…]

I don’t have the foggiest clue where that amount of money places me as a music customer. Surely not the low end of consumers? But I doubt the high side either. I’m guessing I’m somewhere in the upper-middle compared to what most digital natives have spent on music.

But my point is this.

I happily and enthusiastically paid for all that music. But now? Every time I see the $14.99 charge for our Apple Music family plan hit my checking account, I wince. I pay it begrudgingly because I feel like I have no other choice.

In my head, I bucket all monthly charges under the category of “bills”. I pay my rent, I pay my phone bill, I pay for internet, I pay for insurance, I pay for iCloud, and I pay for Apple Music. Some of these things are utilities; music shouldn’t feel like a utility, but it does now.

Of course, I could — and do — pay to download music in much the same way Charles Avison used to. But I also pay for Apple Music every month in part because, if I didn’t, the Music app would be a portal to advertising.

I don’t think it’s necessarily wrong for Apple to use its platform owner advantage to push its services, but I do think that, currently, it is making those products worse. And there’s something else, too: if it were possible to set non-Apple apps as defaults and third-party developers were able to offer subscriptions without going through in-app purchases, would Apple’s services be so successful? I’m not sure they would.

2020 State of Mac Malware

Michael Tsai put together a collection of links that, in summary, present a more sober picture of the 2020 State of Malware Report (PDF) from Malwarebytes than some headlines have suggested.

From the report:

Macs differ drastically from Windows in terms of the types of threats seen. Where we found several different categories and families in our top detections of Windows threats that classify as traditional malware, especially those aimed at businesses, most Mac threats, and certainly the most prevalent ones of 2019, are families of adware and potentially unwanted programs (PUPs). The most common Mac malware family, OSX.Generic.Suspicious, fell well down the list at 30th place in Mac-specific detections, and hundreds of spots down on a cross-platform threat list.

[…]

Of all the [Mac] threats seen this year, only one incident involved anything other than tricking the user into downloading and opening something they shouldn’t. That is the incident in which Coinbase, and several other cryptocurrency companies, were targeted with malware that infected systems through a Firefox zero-day vulnerability.

So the chance of experiencing malware — not adware or what Malwarebytes calls “potentially unwanted programs”, but malware — on a Mac actually fell in 2019, according to this report. Meanwhile, as Ben Lovejoy points out, the primary reason adware became more prevalent on the Mac in 2019 is down to a single app.

Workers for Shipt, an Instacart-Like Company Owned by Target, Describe a Culture of Unrealistic Expectations, Retaliation, and Fear

Lauren Kaori Gurley, Vice:

When Target bought the company for $550 million in 2017, Shipt rapidly expanded its same-day delivery to half of its stores. Today, Shipt has more than 100,000 gig workers, according to the company. The company has tripled its geographic reach since 2017.

Shipt workers told Motherboard that customers who order from Target often seem surprised when independent contractors in plain clothes driving their personal cars show up at their homes with massive deliveries from Target. Because Shipt classifies its workers as contractors, not employees, workers pay for all of their expenses — including gas, wear and tear on their cars, and accidents — out of pocket. They say the tips on large orders from Target, sometimes with hundreds of items, can be meager.

Workers say Shipt customers often live in gated and upscale communities and that the app encourages workers to tack on gifts like thank you cards, hot cocoa, flowers, and balloons onto orders (paid for out of their own pocket) and to offer to walk customer’s dogs and take out their trash, as a courtesy. Shipt calls this kind of service “Bringing the Magic,” which can improve workers’ ratings from customers that factor into the algorithm that determines who gets offered the most lucrative orders.

If this “gig economy” nonsense is to have a quality of employment greater than that of a freelance servant, workers need rights, reasonable expectations, benefits, and real income. This nonsense of paying people according to a black box algorithm should not be legal.

Apple’s History of Colour-Matched Wallpapers

Jared Sorge:

I worked at an Apple Authorized Service Center and had been doing service on the iMacs with slot loading optical drives (like the one pictured above). Whenever I would need to erase a hard drive and restore the operating system I noticed that the desktop wallpaper color matched the color of the case. So a Ruby iMac would get a Ruby colored desktop, and same with Sage green, Indigo blue, and so on. How did they pull this off?

Most iPhones since the 5S and 5C have used colour-matched wallpapers by default, too, but those are highly-integrated devices. Sorge says that virtually every interior component of the iMac G3 could be swapped and it would still know which colour to use for the wallpaper. I love details like these.

A Look Inside the ‘Ghost Kitchens’ That Are Operating Out of 60 Morris Street in San Francisco

I’ve posted before about “ghost kitchens” — delivery-only restaurants that operate with little more than a range and a refrigerator. But, until today, I hadn’t seen what one looks like.

Joe Kukura, writing for Broke-Ass Stuart (via Andy Baio):

We popped by one of San Francisco’s most prominent ghost kitchen facilities, and Jesus is this place dirty and depressing. Though Business Insider gave 60 Morris a glowing write-up, we found the place looks like a combination of 850 Bryant and the kind of SRO lobby where the check-in counter has bulletproof glass. It is operated by disgraced Uber CEO Travis Kalanick’s new venture CloudKitchens, but their $400 million in VC funding from dirty Saudi Arabian money is not evident in the facility’s hand-written signs, bare bones interior, and general below-minimum-wage dystopian chic.

Surely some of the negative impression of this place comes down to the poorly-exposed nighttime cellphone photography in this article. There are no photos of the kitchen; it could be spotless, for all we know.

Yet it is hard to imagine that this is the future of food, where this is a derelict industrial building masquerading as two dozen different restaurants where, inside, workers create meals to be stashed in a locker for an underpaid delivery driver to ferry, at great expense, to its destination. After decades of lame jokes in stand-up comedy routines about the quality of airline food, it sure seems like that shouldn’t be what we aspire toward.

Meet Makan Delrahim, the Lawyer Who Leads the Antitrust Division at the U.S. Department of Justice

Speaking of the T-Mobile and Sprint merger, Eriq Gardner of the Hollywood Reporter wrote a profile of Makan Delrahim:

In addition, the Antitrust Division has in recent months raised eyebrows about politicization of competition law. During the trial of a multistate challenge to the proposed T-Mobile/Sprint merger, which federal regulators approved, text messages emerged that showed Delrahim laboring behind the scenes during the government’s review last summer to save a deal that would shrink competitors in the wireless arena, helping to arrange the sale of the two companies’ mobile spectrum to a third party, Dish Network, and offering its chairman, Charlie Ergen, advice on how to lobby the FCC and lawmakers. “Why Is the Justice Department Treating T-Mobile Like a Client?” asked a New York Times editorial in December. (On Tuesday, a judge rejected the states’ antitrust challenge and approved T-Mobile’s Sprint acquisition.)

Delrahim is notable for leading the antitrust investigations of large tech companies, disputing the AT&T and Time Warner merger, and his opposition to the Paramount Consent Decree. He has a bizarre view of antitrust law: big tech companies are scary to him, but ISPs and entertainment conglomerates — which are increasingly the same thing — are not. Oh, except for AT&T and Time Warner, which he disputed for ostensibly good reasons, only to lose that case and find that the newly-merged AT&T and Time Warner conglomerate is doing exactly what it said it wouldn’t.

T-Mobile and Sprint Were Allowed to Merge Because Sprint Sucks

Laurel Wamsley, NPR:

T-Mobile is closer to taking over Sprint after a federal judge rejected arguments by several states that the merger would stifle competition and lead to higher prices for consumers.

The deal would combine the country’s third- and fourth-largest wireless carriers. The new company, to be called T-Mobile, would still be the third-largest, after AT&T and Verizon.

U.S. District Court Judge Victor Marrero concluded that the proposed merger “is not reasonably likely to substantially lessen competition” in the wireless market.

Nilay Patel of the Verge read the decision and put together a terrific explanation of how Judge Marrero arrived at that conclusion:

And… it turns out that Judge Marrero thinks CEO John Legere and the rest of T-Mobile’s executives are extremely cool and smart and that Dish Network is definitely trustworthy and that everything is going to work out great.

Also, the judge thinks that Sprint sucks. Really, if there’s one major takeaway here, it’s that Victor Marrero, a federal judge selected by Bill Clinton for a lifetime appointment on the federal judiciary, thinks that Sprint is a bad company with a crap network run by dummies. This is the law now.

In Canada, our three major carriers operate in near lockstep. The United States is now down to three major carriers. Should be fine, right?

Essential Is Shutting Down

The history of Essential is blessedly short, yet dramatic and inherently entwined with the personal life of its founder and CEO Andy Rubin. Its first product, announced in May 2017, was supposed to be out in June of the same year, and missed that deadline for a week before journalists realized that it hadn’t started shipping yet. It ultimately wasn’t available until August, then received a price cut in October.

In November — this is all in 2017 — Rubin took a leave of absence after the Information reported that he had what they deemed an “inappropriate relationship” with a subordinate at Google. It took until the following year for the New York Times to report that Rubin was asked to resign from Google after being credibly accused of sexually assaulting the employee. He was given $90 million to leave, leading employees to walk off the job in protest of the way Google has protected men accused of sexual assault. Oh, and Rubin was also accused, in court papers, of running a sex ring.

After it cancelled work on a successor to its first phone, Essential tried to sell itself, found no buyers, and instead bought an email startup. A few months ago, it showed off a prototype of a tall and skinny smartphone.

Essential today:

In October, we introduced Project GEM, a new mobile experience that our hardware, software and cloud teams have been building and testing for the past few years. Our vision was to invent a mobile computing paradigm that more seamlessly integrated with people’s lifestyle needs. Despite our best efforts, we’ve now taken Gem as far as we can and regrettably have no clear path to deliver it to customers. Given this, we have made the difficult decision to cease operations and shutdown Essential.

The email app is also shutting down, effective April 30. I feel bad for the employees who were understandably excited to work for a unique company, only to find it subject to the distractions of its CEO’s wrongdoing and the company not publicly communicating a clear path to relevance.

See Also: Daisuke Wakabayashi and Erin Griffith’s report for the New York Times.

The Vinyl Pause of 2020

Chris Eggertsen, Billboard:

The manufacturing and storage facility for Apollo Masters Corp. — a Banning, Calif.-based manufacturing plant that supplies the lacquer used for making master discs, which are then used to create vinyl records — has burned down in a massive fire, the company confirmed in a statement posted to its official website.

[…]

The fire, which was first reported around 8 a.m. PT Friday morning (Feb. 7), broke out while employees were inside the building, though all escaped safely, according to The Desert Sun, which first reported the blaze. But the loss of the plant — which, along with MDC in Japan, is one of only two worldwide that produces the lacquers needed to create vinyl records — comes as a difficult blow to the booming vinyl record industry. Billboard reported just last month that 26% of all physical albums sold in the U.S. in 2019 were vinyl.

While vinyl may be on an upswing relative to ten or twenty years ago, its sales are nowhere near the 1970s and 1980s.

Still, I’ve long been one of those buyers. While I’m glad all of the employees of Apollo Masters are safe, I’m gutted by the likely fallout from this fire.

Steady State Sea” (via Coudal):

You will be able to buy new vinyl titles in 2020 — or most of 2020, anyway. Ironically, the long waiting time to get a respective record pressed after cutting its master may be critical in delaying the consequences of low supply of vinyl offerings. That waiting time to press can take several months — and that’s assuming all money needed for the pressing is gathered and ready to spend. (Incidentally, before the mid 2000s, the waiting time used to be dramatically shorter.) Many new albums coming out in 2020 already had their respective masters cut in 2019.

[…]

However, from the end of 2020 onward will be the big question mark regarding vinyl supply in retail.

And it wouldn’t be surprising if labels began to start a more conservative release schedule effective ASAP. If any label does have a stash of lacquers, they will likely be reserved for releases that the label would consider low-risk in sales — such as legacy artists or hot new acts.

I listen to music in two formats: for convenience, a large local library of digital files mixed with streaming; and, for a more relaxed, immersive experience, vinyl. I love spending a couple of hours in a decent record store, walking my fingers along the shelves until I find something I like. This fire has the possibility to make all of that a rare occasion. It is going to be tough to recover from, but not impossible — it sounds like direct metal mastering is a good way out.

All Your Favorite Brands Are on Amazon, From BSTOEM to ZGGCD

John Herrman, New York Times:

Mostly, you’ll notice gloves from brands that, unless you’ve spent a lot of time searching for gloves on Amazon, you’ve never heard of. Brands that evoke nothing in particular, but which do so in capital letters. Brands that are neither translated nor Romanized nor transliterated from another language, and which may contain words, or names, that do not seem to refer to the products they sell. Brands like Pvendor, RIVMOUNT, FRETREE and MAJCF. Gloves emblazoned with names like Nertpow, SHSTFD, Joyoldelf, VBIGER and Bizzliz. Gloves with hundreds or even thousands of apparently positive reviews, available for very low prices, shipped quickly, for free, with Amazon Prime.

Gloves are just one example — there are at least hundreds of popular searches that will return similar results. White socks: JourNow, Formeu, COOVAN. iPhone cables: HOVAMP, Binecsies, BSTOEM. Sleep masks: MZOO, ZGGCD, PeNeede.

These “pseudo-brands,” as some Amazon sellers call them, represent a large and growing portion of the company’s business. These thousands of new product lines, launched onto Amazon by third party sellers with minimal conventional marketing, stocking the site with disparate categories of goods, many evaporating as quickly as they appeared, are challenging what it means to be a brand.

They’ve also helped overwhelm the United States Patent and Trademark Office, which, not unlike an Amazon shopper, has for years found itself mystified by pseudo-brands as it continues to approve them. Maybe they’re the future of shopping. They’re certainly part of the now.

This is a fascinating exploration of how the combination of a handful of Amazon’s seller policies and fewer barriers between customers and manufacturers has changed the nature of what a brand is, at least in terms of household consumer goods.

The Era of Widely-Peddled Fake Products

Ganda Suthivarakom, the Wirecutter:

The rise of counterfeit goods and other phony products sold on the Internet has been swift — and it has largely gone unnoticed by many shoppers. But make no mistake: The problem is extensive. Most people don’t realize this, but the majority of listings on Amazon aren’t actually for items sold by Amazon — they’re run by third-party sellers. And even though many, many third-party sellers are upstanding merchants, an awful lot of them are peddling fakes.

A major Wall Street Journal investigation recently revealed that Amazon has listed “thousands of banned, unsafe, or mislabeled products,” from dangerous children’s products to electronics with fake certifications. The Verge reported that even Amazon’s listings for its own line of goods are “getting hijacked by impostor sellers.” CNBC found that Amazon has shipped expired foods — including baby formula — to customers, pointing to an inability to monitor something as basic as an expiration date. Because of the proliferation of counterfeits and what Birkenstock describes as Amazon’s unwillingness to help it fight them, Birkenstock won’t sell on Amazon anymore. Nike announced that it is also pulling out of Amazon. “Many consumers are … unaware of the significant probabilities they face of being defrauded by counterfeiters when they shop on e-commerce platforms,” reads a January 2020 Department of Homeland Security report (PDF) recommending measures that would force e-retailers to take counterfeits even more seriously. “These probabilities are unacceptably high and appear to be rising.”

Counterfeits, overwhelming choice, Prime Day, poor-quality recommendations, deceptive advertising, and its myriad private labels combine to make Amazon feel increasingly like a low grade flea market mixed with a liquidation store.

Here’s a true and dumb story about your silly writer: last Wednesday, as I was trying to put my MacBook Air on the coffee table, I missed and instead allowed gravity to place it directly onto my foot. My laptop is fine. One of my toes, however, is broken. I got it checked out on Thursday just to be safe — universal health care is a very good thing — and was told that I could keep buddy taping it; it’s not a serious break. They recommended I pick up a cohesive bandage, which they said could best be found on Amazon. So I tried finding it, and spent a solid hour poking around the Amazon storefront. It’s not that there’s a shortage of choice; it’s quite the opposite problem. I just wanted to find a small quantity of the narrowest bandage available. I ended up frustrated and buying a six-pack with multiple sizes made by a company I’ve never heard of. It was, oddly enough, the best choice, but not even close to the correct one.

U.S. Officials Say Huawei Can Covertly Access Telecom Networks Through Law Enforcement Backdoors

Bojan Pancevski, Wall Street Journal:

When telecom-equipment makers build and sell hardware such as switching gear, base stations and antennae to carriers — who assemble the networks that enable mobile communication and computing — they are required by law to build into their hardware ways for authorities to access the networks for lawful purposes.

They are also required to build equipment in such a way that the manufacturer can’t get access without the consent of the network operator.

Only law-enforcement officials or authorized officials at each carrier are allowed into these “lawful interception interfaces,” generally with the carrier’s permission. Such access is governed by laws and protocols specific to each country.

U.S. officials say Huawei has built equipment that secretly preserves the manufacturer’s ability to access networks through these interfaces without the carriers’ knowledge. The officials didn’t provide details of where they believe Huawei is able access networks. Other manufacturers don’t have the same ability, they said.

The only attribution that Pancevski uses for the claims throughout this article is “U.S. officials”, aside from a single time when he quotes Robert O’Brien. There is no more specific attribution for the overall thrust of the article — not even whether they entirely represent the U.S. intelligence apparatus, nor how many officials described this vulnerability.

Nevertheless, I note that these “U.S. officials”, now worried about the abuse of law enforcement backdoors, somewhat undercut the arguments made by their colleagues in the Department of Justice, who are adamant that every cellphone, tablet, and computer needs a law enforcement backdoor that they promise will not be abused.

See Also: Last year’s still-questionable report from Bloomberg Businessweek about Telnet being left on in Huawei equipment used in Vodafone’s Italian network.

Despite Charges Against Chinese Spies, Equifax and U.S. Regulators Are Not Off the Hook

Karl Bode, Techdirt:

A lack of any meaningful US privacy law for the internet era means there’s repeatedly no real punishment for companies that fail to secure the vast troves of data they’re now collecting on your every waking moment. Nor is there any real compensation for consumers who may not have wanted this data collected, stored, and sold to every nitwit with a nickel. There are so many points of failure here — from corporations that treat privacy and security as an afterthought to captured regulators too feckless to do anything about it — that focusing too extensively on national security risks us learning absolutely nothing from the experience.

The key thing to be learned from this saga is not that spies are seeking extremely high-profile targets, nor that U.S. companies’ security policies are ill-equipped to keep them out. It is that there is no reason that this cannot happen again because Equifax has no incentive or obligation to change, but neither does any other company operating in a oligopoly, or any of the thousands of companies that few people have heard of despite them vacuuming up every detail of our electronic lives.

Popular Free Email Apps Such as Edison and Cleanfox Skim Users’ Inboxes for Marketing Data

Joseph Cox, Vice:

The popular Edison email app, which is in the top 100 productivity apps on the Apple app store, scrapes users’ email inboxes and sells products based off that information to clients in the finance, travel, and e-Commerce sectors. The contents of Edison users’ inboxes are of particular interest to companies who can buy the data to make better investment decisions, according to a J.P. Morgan document obtained by Motherboard.

On its website Edison says that it does “process” users’ emails, but some users did not know that when using the Edison app the company scrapes their inbox for profit. Motherboard has also obtained documentation that provides more specifics about how two other popular apps — Cleanfox and Slice — sell products based on users’ emails to corporate clients.

Slice is owned by Rakuten, a Japanese e-commerce conglomerate that also owns Unroll.me. A few years ago, the latter company was at the centre of a similar controversy over the appropriateness of scraping users’ inboxes for marketing data that can be sold.

At the time, Karissa Bell wrote a particularly good piece for Mashable about Unroll.me’s shady policies:

Even if you took the time to read their privacy policy — and, let’s be real, no one does — it doesn’t explicitly spell this out. “We may collect and use your commercial transactional messages and associated data to build anonymous market research products and services with trusted business partners,” it says. But in no way does it make clear that Unroll.me is literally in the business of selling data.

While Unroll.me’s website was updated to include information about the company’s invasive practices so users can make a more informed choice, Slice’s website is not as forthcoming, but the app was described in a 2012 story as “creepy”.

Edison and Cleanfox are not owned by Rakuten and do not appear to have any relationship with that company. The website for the former was updated some time between September last year and today to include a disclosure; the website for Cleanfox contains no clear explanation.

People used to be worried about Google’s since discontinued policy of scraping Gmail inboxes for targeted ads. How times have changed.

Comparing Film and Digital Cinematography Is a Silly Debate, Argues Steve Yedlin

As I read this today, I couldn’t help but think of it as related to the audiophile argument that analogue processes are inherently superior to digital.

My main takeaway is that we have decades of knowledge about how different kinds of film stock and developing processes transform footage, but we have comparatively limited knowledge of equivalent digital processes. Yedlin has figured out how to convincingly simulate film with an entirely digital workflow, but there’s no reason that a 35mm lookalike should be the only goal. That’s his argument, too.

The MacBook Keyboard Saga Has Gone on for Long Enough That It’s Being Referenced During an Oscars Question Period

Sam Byford, the Verge:

Speaking with journalists after winning his first Oscar for Best Adapted Screenplay, Jojo Rabbit and Thor: Ragnarok director Taika Waititi had other things on his mind. When asked what he thought writers should be demanding in the next round of discussions with producers, Waititi put Apple’s controversial laptop keyboards on blast.

“Apple needs to fix those keyboards,” he said. “They are impossible to write on — they’ve gotten worse. It makes me want to go back to PCs. Because PC keyboards, the bounce-back for your fingers is way better. Hands up who still uses a PC? You know what I’m talking about. It’s a way better keyboard. Those Apple keyboards are horrendous.”

Daniel Jalkut:

It’s only because Apple allowed the MacBook Pro keyboard problem to go on SO LONG that it could possibly have become a talking point in an Oscar awards interview. I hope some lessons have been learned.

Apple may now be shipping a laptop with a good keyboard, but its two most popular Macs — the MacBook Air and the 13-inch MacBook Pro — still include the painful butterfly keyboard. People keep laptops for years, too. This is going to be a decade-long reputation problem.

Corp.com Domain, a Default in Active Directory and Massive Security Risk, Goes Up for Sale

Brian Krebs:

Now, none of this was much of a security concern back in the day when it was impractical for employees to lug their bulky desktop computers and monitors outside of the corporate network. But what happens when an employee working at a company with an Active Directory network path called “corp” takes a company laptop to the local Starbucks?

Chances are good that at least some resources on the employee’s laptop will still try to access that internal “corp” domain. And because of the way DNS name devolution works on Windows, that company laptop online via the Starbucks wireless connection is likely to then seek those same resources at “corp.com.”

In practical terms, this means that whoever controls corp.com can passively intercept private communications from hundreds of thousands of computers that end up being taken outside of a corporate environment which uses this “corp” designation for its Active Directory domain.

One of the things we are slowly learning is that our ten-, twenty-, and thirty-year-old bad security decisions are biting us hard. Consider, for example, how infrequently anyone but the most security-conscious people gave even a passing thought to password re-use just a few years ago. Dozens of high-profile breaches involving billions of accounts later, it’s something we’re only beginning to take seriously.

French Competition Bureau Fines Apple €25 Million for Not Communicating Slowing Effects of Battery-Preserving iOS Update

In December 2017, Apple acknowledged that an iOS update introduced a feature which prevented iPhones with degraded batteries from stability problems caused by CPU spikes. The peak performance of CPUs was reduced in iPhones with poor battery capacity.

Apple failed to communicate any of this to users; it only issued statements to the press after they reported on a Reddit post explaining that a fresh battery improved an iPhone’s performance. At the time, I wrote that this was a needless betrayal of trust which made a reasonable engineering decision look nefarious, and gave credence to conspiracy theories that the company intentionally slows down older devices to encourage users to purchase new devices.

This can be seen in the way the French government responded, according to an un-bylined BBC report from January 2018:

French prosecutors have launched a probe over allegations of “planned obsolescence” in Apple’s iPhone.

Under French law it is a crime to intentionally shorten lifespan of a product with the aim of making customers replace it.

[…]

It follows a legal complaint filed in December by pro-consumer group Stop Planned Obsolescence (Hop).

Hop said France was the third country to investigate Apple after Israel and the US, but the only one in which the alleged offence was a crime. Penalties could include up to 5% of annual turnover or even a jail term.

Romain Dillet, TechCrunch:

France’s competition watchdog DGCCRF announced earlier today that Apple will pay a $27.4 million (€25 million) fine due to an iOS update that capped performance of aging devices. The company will also have to display a statement on its website for a month.

I don’t know — or, frankly, care — if €25 million is a fine that is too small, too big, or not worth issuing at all. What I do know is that it is ridiculous to defend Apple’s decision not to explain this to users at the time.

Stephen Warwick, iMore:

But do you really think that people would have been understanding if Apple had been forthcoming about its plans? This is Apple after all. And people love to hate Apple. Can you imagine the headlines? ‘Apple announces it will intentionally slow down older iPhones‘ – ‘Apple forces customers to upgrade by ruining their old devices‘. Or worse, imagine if Apple had taken no action, and left us to our own highly unstable devices – ‘Negligent Apple lets older phones randomly shut off‘ – ‘Why hasn’t Apple issued an update to patch iPhone shutdowns?‘.

Of course it would not have been easy for Apple to explain why this decision made sense — Warwick alone spent about a thousand words retelling this saga. But it would have been right, and avoided accusations that the company was being underhanded and sneaky.

Instead of getting those make-believe headlines, we got very real headlines like “Apple: Yes, We’re Slowing Down Older iPhones”, “Apple Admits It Deliberately Slows Down iPhones as They Get Older”, and “Apple Really Does Slow Down Some Older iPhones”.

Yes, perhaps Apple could have taken the decision to be more forthcoming about its plans to enable performance management in iOS. It could have told the world that it was about to intentionally slow down its older iPhones. But would the world have been understanding about it? I think not.

In addition to the above headlines and this week’s French penalty, two U.S. government agencies investigated Apple for securities law violations, users in several states sued the company, and regulators around the world — including in South Korea, China, and Italy — assessed whether the company’s lack of communication violated any local laws.

That is the level of understanding the world had because Apple did not tell users that they should replace their battery to improve their iPhone’s performance. Instead of a difficult week for its PR team, trying to explain an engineering decision, they reinforced a dumb conspiracy theory. Was all that worth it?

To be clear, there’s no indication that this wasn’t publicized at the time to avoid poor PR; that’s something Warwick implied. If anything, this seems like an example of stupidity, not malice. But this was an indefensible mistake by Apple. There’s no reason to pretend otherwise.

Apple News Warns Publishers About Channel Removal if They Are Inactive for Three Months

Daniel Jalkut:

Apple did, in fact, accept my news sources, and for the past several years these articles have been available through the service.

I guess I’ve dropped the ball a bit as a blogger, though, because this week I received a terse email from Apple:

Dear Daniel Jalkut,

We noticed that you have not published to your Bitsplitting channel in three months or more. Your channel will be removed in one week.

Regards,

The Apple News Team

Regards, indeed. Apple will drop me in one week if I don’t publish something, or maybe even if I do; the wording is ambiguous. I’m a little annoyed at this, but I’m also a little annoyed at myself for not blogging more frequently, so I guess I’ll just say: “thanks, Apple News!”

Via Manton Reece, who writes in response:

If you hadn’t heard, Apple News dropped RSS support for new blogs, and it sounds like they rarely approve personal blogs anymore. Weeding out inactive blogs could be the first step to removing them altogether.

I haven’t found another public copy of this email posted by anyone else, and I wonder if this is something new that Apple is doing. I also couldn’t find a requirement to publish at least every three months within Apple’s News Publisher support section; I’m not saying it’s not there, just that I could not see where it might be.

Nevertheless, it seems like it’s still possible — according to that News Publisher site — to create a new channel based on RSS. Existing RSS-based channels also appear to be functional still; this one is, at least. However, it is no longer possible to subscribe to an RSS feed as a user with Apple News. iOS still declares that News is the handler for feed:// URLs, but it no longer supports them. A month ago, I asked a couple of people at Apple for clarity on this and neither has gotten back to me. I assumed it could be a bug at the time, but if it’s a policy change, it’s sloppy and poor.

Update: Reece confirms that it’s still possible to create a Apple News channel based on an RSS feed, but that it is discouraged during setup.