Month: February 2014

Obfuscation by Disclosure: A Lawyerly Design Pattern counternotions.com

In a similar vein to Dark Patterns comes this article from the ever-elusive Kontra:

This is not earth shattering news. Not even news per se. It’s what you get if you were to slow down the insane rush of ‘news’ just a split second to see how the sausage is made. In this instance, how the news (Comcast acquisition of TimeWarner) is packaged, from a quick, high-level design point of view.

What we have here is a legal document dressed as a press release masquerading as a blog post presented at a corporate website in a section called “ComcastVoices: A Place For Conversations With Comcast”. In other words, it’s lobbying collateral raised to the level of public conversation.

You’ve probably noticed these patterns in all sorts of legal documents, but particularly in contracts. Canadian regulators certainly did: they passed a law stating that all cellular contracts must be presented to consumers in plain language. This should be the standard where appropriate and applicable.

“Espresso” Roast Profiles Usually Suck heartroasters.com

Willie Yi-Luoma of Portland’s Heart Coffee:

Most espresso roasts are a poor representation of specialty coffee. Roasting is really hard, and to roast consistently requires a lot of work.  Roasting a coffee that is properly developed and that will extract on your espresso machine in 25-35 seconds is the problem we run into. Most people would blame the grinders, but the biggest impact starts is with your roasting process [sic].

We have a few world-class roasters here in Calgary and, of those, only Phil & Sebastian gets their espresso roast profile right. Most are far too dark and flat-tasting. But roast profiles for filter coffee usually work just as well in an espresso machine; I’ve even had great espresso made from coffees at the cinnamon roast stage. The lesson here is that darker coffees or coffees labelled “espresso roast” don’t necessarily make better espresso.

The Story of “House of Cards Against Humanity” cah.tumblr.com

Netflix asked Cards Against Humanity if they’d be interested in a tie-in promotion to launch the second season of “House of Cards” and, well, they’re not big fans of “compromising with a bunch of humorless, corporate suits”:

We submitted about 41 cards to Netflix, and they rejected the ones they didn’t like, like “Binge-watching 12 hours of House of Cards while wearing an adult diaper,” because they “didn’t like their brand being associated with adult diapers.” (They also rejected a lot of other amazing cards, but they told us we weren’t allowed to say them in this blog post).

The End of the Swipe-and-Sign Credit Card blogs.wsj.com

Tom Gara, of the Wall Street Journal:

Beginning later next year, you will stop swiping the credit card. Instead, you will insert your card into a slot, just like people do in much of the rest of the world, where the machine will read a microchip, not a magnetic stripe. You’ll still be signing for the time being, but the new system also enables the use of PIN numbers, if card issuers decide to add them to their cards.

We’ve had chip-and-PIN cards in Canada for several years now and, while not 100% perfect, they’re vastly more secure than the old swipe-and-sign cards while taking about the same amount of time to complete the transaction. It’s about time the United States got on board with this.

Apple Supplier Responsibility Report 2014 apple.com

When the issue of working conditions for Apple’s contractor factories is raised, there are often three threads of rebuttal:

  1. These are contractors, and Apple shouldn’t wholly be held responsible.
  2. Similarly, other companies are using these factories. Or they may be using other factories where the conditions may be worse.
  3. In other countries, laws and expectations are different.

I completely understand the first point, but I disagree: Apple is one of the biggest companies in the world, and they absolutely have the power to make necessary changes. It doesn’t come without its challenges, though: there are complex political issues surrounding how much influence Western companies can exert. But with Apple’s growing presence in China and their focus on the country, perhaps they can make inroads where other companies were unable.

With regard to the second point, it’s true that Apple is the only major technology company — hell, one of the only companies of any kind — that regularly releases such a comprehensive and revealing report on a regular basis. The 2014 report (PDF) shows a significant improvement over 2013 (also a PDF): more audits were conducted, facilities increasingly complied with working hours restrictions, and more factory workers attended higher education programs.

But while Apple does more than anyone else to ensure contract employees are being treated respectfully and fairly, it’s hard to reconcile this report with the stories of poor working conditions that pop up in the news regularly. Of course, the negativity of these experiences is what is deemed newsworthy. But it seems as though conditions are not as good as they should be, despite Apple’s documented efforts. And while Apple is absolutely the focus of many of these reports — perhaps to an unfair or egregious extent — due to their size and image, it is this size and image that should give them greater leverage (see above).

Finally, while expectations of labour conditions differ country-to-country, there are certain obligations Apple arguably should have as a company representing the United States. I think that’s where my discomfort mostly comes from: the cultural divide is strong, but it doesn’t preclude a more hospitable working environment.

Android OEM Licensing Terms Leaked arstechnica.com

Ron Amadeo, Ars Technica:

The agreement places a company-wide ban on Android forks, saying OEMs are forbidden from taking “any actions that may cause or result in the fragmentation of Android” and specifically disallows distributing or encouraging a third party to distribute “a software development kit derived from Android.”

That’s a weird definition of “open”.

Editorially Is Shutting Down stet.editorially.com

Come May 30, Editorially will be no more:

We’re proud of the team and tool that we built together and incredibly thankful that so many of you were willing to give it a try. And we continue to believe that evolving the way we collaborate as writers and editors is important work. But Editorially has failed to attract enough users to be sustainable, and we cannot honestly say we have reason to expect that to change.

We wish that were not the case — we’ve spent much of the past two years working on the hypothesis that the reverse was true — but today we must be honest with ourselves, and with you: this isn’t going to work.

For those who haven’t used it, Editorially was a great collaborative writing tool. When I wrote that iOS photo editing apps article for the Sweet Setup, it was a fantastic collaborative editing tool. Jeff Abbott, Shawn Blanc, and myself could all see where the edits were being made and leave notes. What a shame.

Comcast Set to Acquire Time Warner Cable for $45 Billion dealbook.nytimes.com

This deal is for the biggest cable provider in the US to buy the second-biggest. This is a huge deal, and one that would be terrible for consumers. Or would it? Peter Kafka or Recode thinks that this acquisition will be okay:

So here’s the big idea that’s supposed to get the deal approved in the coming months: It’s okay for a giant cable company to buy another giant cable company, because cable companies don’t compete.

Translation: due to weird little fiefdoms, the market is already so shitty that a merger of the two largest companies in that market won’t actually reduce consumer choice.

Lots of Smoke, But No Fire (Yet) bloomberg.com

There’s been a lot of chatter about a new Apple TV for a while now, but recent stories seem to be painting a (slightly) clearer picture. Today, Bloomberg — who have apparently recently redesigned their website to be 75% more reader-hostile — published a pretty big scoop by Adam Satariano and Edmund Lee:

Apple Inc. is planning to introduce a new Apple TV set-top box and is negotiating with Time Warner Cable Inc. and other potential partners to add video content, according to people with knowledge of the matter. […]

The new device, which plugs into a television set, will have a faster processor than the previous version and an upgraded interface to make it easier for customers to navigate between TV shows, movies and other online content, one person said. An agreement with Time Warner Cable would mark the first such deal with a cable or satellite company.

A couple of things seem to be getting clearer:

  1. This won’t be a dedicated TV set, which makes sense: TV sets are expensive but relatively low-margin, and people don’t replace them that often. There’s no great reason for Apple to build their own set.
  2. This box is focused on expansive professional content. The existing Apple TV is great for YouTube or Vimeo videos, or content from specific providers like Red Bull or the Wall Street Journal, but it’s too cumbersome to start watching a movie or, even worse, a TV show.

But there’s one part of Satariano and Lee’s story that doesn’t quite stack up:

Apple is aiming to unveil the device by April and have it available for sale by the Christmas holidays, […]

The April introduction seems realistic, but the other part doesn’t smell right. Assuming the “by the Christmas holidays” bit means October at the latest, that’s a six month lag time between introduction and release. Only two other products have equalled that length of lag time: the new Mac Pro and the first iPhone, both of which required further development because of their superlative complexity (Apple also required FCC approval for the iPhone). An Apple TV set top box doesn’t seem to fit this mould.

Update: Jay Tyler pointed out that the original Apple TV was introduced six months prior to availability because it wasn’t done yet, and the sneak peek fit with that event’s theme. But why would Apple create six months of awkward Apple TV sales, where nobody buys the current model because everyone’s waiting? I think Jonathan Geller makes the possible best case for why, but it still smells funny.

VSCO Cam 3.0 vsco.co

In December, I picked VSCO Cam as my favourite iOS photo editing app. Little did I know that the team were hard at work building a major update, and it’s here today. VSCO Grid is much better integrated, and there are a couple of great new tools, including a clever level in the camera. Good stuff.

Mozilla to Sell Ads in Firefox adage.com

Alex Kantrowitz, Advertising Age:

The ads will appear within the tiles of Firefox’s new tabs page, which will also begin to suggest pre-packaged content for first time users. Mozilla is calling the new initiative “Directory Tiles.”

[…]

Mozilla is a non-profit, so the move to sell ads may seem odd. It also launched a browser But the company makes 97% of its revenue from search and it’s looking to diversify that revenue. [sic]

Given that Mozilla’s $300 million per year deal with Google expires later this year, Mozilla’s move to diversify its revenue makes sense; likewise, in the context of Firefox blocking third-party cookies by default, it’s clear that the Mozilla Foundation isn’t on Google’s good side. Despite this, the inclusion of ads in a desktop piece of software still feels gross. Perhaps Mozilla will take the Opera route in the future and offer a paid version of Firefox.

Is Amazon Bad for Books? newyorker.com

For the New Yorker, George Packer wrote a thorough critique of Amazon’s business practices:

Even its bitterest critics reluctantly admit to using Amazon, unable to resist its unparalleled selection, price, and convenience. When Bezos talks about serving the customer, it’s as if he were articulating his purpose in life. “The customer is almost theological,” James Marcus said. “Any sacrifice is suitable for the customer.”

“Jeff is trying to create a machine that assumes the shape of public demand,” Tim Appelo, the former entertainment editor, said. “He resembles a very, very smart shmoo—he only wants to serve, to make you happy.” Appelo was referring to Al Capp’s smiling blob of a cartoon character, which happily provides people with whatever they need: milk, eggs, butter, even its own tasty self. With Amazon’s patented 1-Click shopping, which already knows your address and credit-card information, there’s just you and the buy button; transactions are as quick and thoughtless as scratching an itch. “It’s sort of a masturbatory culture,”

Amazon’s magic is in not revealing the gears and cogs required to make online shopping appear so effortless and simple. There’s a vast, deep undercurrent of lousy working conditions and near-extortive threats which are masked by the vision of the future. This isn’t necessarily unique to Amazon — consider the deals Apple struck to start the iTunes Store, or the piss-poor conditions of Far East factories which assemble products for almost all major electronics companies.

What’s most striking about Packer’s profile of Amazon, though, is just how dehumanized the company comes across. Everything — right down to their first original content series — is generated algorithmically, not artistically. If the original content that results from these sales predictions becomes popular, is that damning to people who work to create new ideas? Is the scriptwriter in as much danger of being made redundant as the factory worker?

Carl Icahn Abandons Apple Buyback Proposal recode.net

From Icahn’s letter to shareholders:

As Tim Cook describes them, these recent actions taken by the company to repurchase shares have been both “opportunistic” and “aggressive” and we are supportive. In light of these actions, and ISS’s recommendation, we see no reason to persist with our non-binding proposal, especially when the company is already so close to fulfilling our requested repurchase target.

The “recent actions” he references includes $14 billion in buybacks over the past two weeks, and Apple’s existing plan to buy back a total of $32 billion in 2014. Icahn claims that this is “only” $18 billion away from the $50 billion Icahn claims that he wanted. However, he originally requested that Apple buy back $150 billion of their own shares.

I guess what I’m saying is that Icahn realized he couldn’t buy off Tim Cook with dinner, nor could he convince shareholders of the merit of this. He was, of course, trying to be opportunistic, and it backfired.

The Pixel Density Race and Its Technical Merits anandtech.com

Joshua Ho, AnandTech:

Realistically, humans seem to only be able to have a practical resolution of around .8 to 1 arcminute. So while getting to 600 PPI would mean near zero noticeable pixelation for the vast majority of edge cases, the returns are diminishing after passing the 1 arcminute point. For smartphones around the display size of 4.7 to 5 inches in diagonal length, this effectively frames the argument around the choice of a few reasonable display resolutions with PPI ranging from 300 to 600. For both OLED and LCD displays, pushing higher pixel densities incurs a cost in the form of greater power consumption for a given luminance value.

This is as in-depth as you’ve come to expect from AnandTech.

Steve Wozniak Opens Mouth Again, Again, Again anewdomain.net

Gina Smith, author of “iWoz”, reporting for the incredibly generically-named A New Domain:

In an email to me, Steve [Wozniak] said, “They got it quite wrong for their own reasons … I’m used to things like this, (where the media turns) ‘could’ into ‘should.’ But the idea caught a lot of attention. It was just (my) independent idea … I’m sure others have said it before but I get more attention …”

Looks like Wired spun that the wrong way.

“Technology” and the “Media” nytimes.com

The New York Times has contributed to what seems to be a running series over the past couple of days concerning the way technology is portrayed in the media. Here’s David E. Sanger and Eric Schmitt (no, not him):

Using “web crawler” software designed to search, index and back up a website, Mr. Snowden “scraped data out of our systems” while he went about his day job, according to a senior intelligence official. “We do not believe this was an individual sitting at a machine and downloading this much material in sequence,” the official said. The process, he added, was “quite automated.” […]

Among the materials prominent in the Snowden files are the agency’s shared “wikis,” databases to which intelligence analysts, operatives and others contributed their knowledge. Some of that material indicates that Mr. Snowden “accessed” the documents. But experts say they may well have been downloaded not by him but by the program acting on his behalf.

My “Spidey senses” tell me that this was “probably wget“. Crack “reporting”.

LinkedIn Intro, Outro help.linkedin.com

Remember this nutty piece of software from LinkedIn?

Once you install the Intro app, all of your emails, both sent and received, are transmitted via LinkedIn’s servers. LinkedIn is forcing all your IMAP and SMTP data through their own servers and then analyzing and scraping your emails for data pertaining to… whatever they feel like.

Well, they’re turning it off. Good.

Behind the Trend Micro-NBC News Honeypots (PDF) trendmicro.com

Kyle Wilhoit just released a white paper to more clearly explain the details of that bogus NBC story. Let’s dive in, starting on the third page:

After roughly 30 hours, Richard’s fake account received a spear-phishing email. The email came from quentorn1971@gmail.com (MD5: 85a97e1550be413b850f76a5a3a36272), someone who supposedly had some information to share with Richard in the form of a link to a Sochi-Olympic-related document.

Richard’s email address appears to have been obtained from the compromised Samsung Galaxy S4 smartphone we used. It is possible that the attacker who gained access to the phone realized that Richard was a high-value target and so sent him a spear-phishing email.

Why did I start on the third page? Because I think these two paragraphs are the crux of this part of the story. If it was indeed the case that high-value targets — like media personalities or executives — were the specific targets for this attack, then the general public probably doesn’t need to worry. Furthermore, it makes this, on the first page, all the more ridiculous:

NBC News wanted the experiment to be performed on new gadgets with no security or software updates. The decision to not put basic precautions in place was made because we were supposed to be regular users in Russia for the Sochi Olympics and wanted to understand the threats attendees who do not take proper precautions faced.

If they’re going after high-value targets, any respectable IT department would ensure that those people have antivirus software on their computers.

If, on the other hand, this is a more general spam-style attack, then the fact that the email address they used “resided within the NBC News domain and was very similar to Richard’s true email address” (as on the first page of the white paper) is not relevant to the attack.

What about the individual attacks? Let’s tackle them one by one, starting with the Android phone:

We unboxed the Samsung Galaxy S4 running Android when we arrived in Russia. We left all of its security settings in the default state. […]

We visited a Sochi-Olympic-themed site and were redirected to another, which prompted us to download an app (avito.apk) that seemed to have relevant travel information. After downloading the .APK file (MD5: 6d6cb42286c3c19f642a087c9a545943), we were prompted to install it. We clicked “Accept” because we believe that’s what typical users would do.

What was reported in the NBC broadcast is exactly what the APK with that MD5 would, in fact, do: it will intercept SMS messages and read arbitrary data on the phone.

But, let’s back up a minute: they apparently left the Galaxy S4 in its default state. However, according to page 93 of its manual (PDF), the Galaxy S4 ships with the option for allowing apps from “unknown sources” deselected. That is to say that there shouldn’t be a way, out of the box, for an APK downloaded from an arbitrary web page to be installed. I’ve asked Wilhoit to clarify this, and will update if I get a reply.

Onto the Windows attack, which was a bog-standard malicious Office document. When run, the attacker gains access, unless…

Patching the OS to the latest level would have also helped prevent the exploit from properly executing.

Breaking: newer system versions often contain important security updates.

And how about that MacBook Air that was compromised?

We proceeded to right-click and choose “Open.” Had we not right-clicked and opened the file, Macintosh Gatekeeper running on OS X 10.8.5 would have caught and prevented the file from running.

To be fair, Wilhoit was simply following the sketchy-looking instructions on the strange Russian page which specifically told him to right-click. But who does that in the real world? Everyone double clicks to open applications.

Does NBC’s original report have any value at all? Well, not really:

While the infections appeared to have automatically occurred due to the editing process on TV (which did not show the user interaction), no zero-days were used and all infections required user interaction and several risky behaviors to succeed.

NBC basically cut out the critical steps required to execute the attacks and failed to mention this, giving the impression that these were all drive-by attacks which will occur the moment you land in Russia. This makes me think that NBC worked to create their chosen narrative in lieu of accurate, correct reporting. And that’s shitty journalism.