Month: October 2014

Police Can Require Cellphone Fingerprint, Not Pass Code hamptonroads.com

Elisabeth Hulette, of the Virginian Pilot (via Steven Frank because, really, why would I be reading the Virginian Pilot?):

Judge Steven C. Frucci ruled this week that giving police a fingerprint is akin to providing a DNA or handwriting sample or an actual key, which the law permits. A pass code, though, requires the defendant to divulge knowledge, which the law protects against, according to Frucci’s written opinion.

You may disagree with this — I know I do — but this argument actually makes sense. A workaround for this, if you’re interested, is to simply shut off your iOS device before the police seize it; it will require the passcode when it wakes.

90% of Mobile Transactions in the US Are Made at a Starbucks geekwire.com

John Cook, GeekWire:

[J]ust how important is mobile technology for the Seattle coffee retailer?

Consider this: Starbucks said today that roughly 16 percent of its U.S. sales now occur through a mobile device, with the company now handling about seven million mobile payments each week. It also controlled about 90 percent of all mobile payment transactions last year.

You’ll notice that Starbucks is not a CurrentC partner.

A Week With the Retina iMac shawnblanc.net

Shawn Blanc:

When I’m standing here, using the iMac, I keep thinking about how it’s all about the screen. But what’s crazy is that the screen is only half the story. Inside this iMac just so happens to be one of the fastest Macintosh computers on the planet. Take away the Retina display and you’ve still got an incredible machine. But you don’t have to take away the display. With the Retina iMac you’ve got your cake and you’re eating it, too.

Like Shawn, I’ve always had a laptop as my main machine, hooked up to an external display when I’m at my desk. But, also like Shawn, the amount of time my MacBook Air actually leaves my desk has dwindled to the point where a desktop is starting to look more favourable. The Retina iMac makes that kind of decision much, much easier. This is the first time in as long as I can remember where I’ve considered giving up the “freedom” of a laptop that I have but don’t actually exercise for a desktop. And what a desktop.

Tim Cook: “I’m Proud to Be Gay” businessweek.com

Tim Cook, in a special for Bloomberg Businessweek:

While I have never denied my sexuality, I haven’t publicly acknowledged it either, until now. So let me be clear: I’m proud to be gay, and I consider being gay among the greatest gifts God has given me.

And:

I don’t consider myself an activist, but I realize how much I’ve benefited from the sacrifice of others. So if hearing that the CEO of Apple is gay can help someone struggling to come to terms with who he or she is, or bring comfort to anyone who feels alone, or inspire people to insist on their equality, then it’s worth the trade-off with my own privacy.

Beautiful.

A Translation of MCX’s Hastily-Written Blog Post from PR-Speak to Plain English

You may recall this weekend’s discussion of a new mobile payment solution called CurrentC. Though it won’t launch until next year, its exclusivity agreement prohibits retailers who will be implementing it from using any other pay-with-your-phone tech, including Apple Pay.

This set off the kind of public relations shitstorm that makes me excited for blog posts like this one, from MCX — CurrentC’s parent company — CEO Dekkers Davidson. And now, akin to Weird Al, here’s an Anglicized version of this PR disaster, vaguely in the style of John Gruber.

Does MCX Require its Merchants to Only Offer CurrentC?

MCX merchants make their own decisions about what solutions they want to bring to their customers; the choice is theirs. When merchants choose to work with MCX, they choose to do so exclusively and we’re proud of the long list of merchants who have partnered with us.

Yes.

Importantly, if a merchant decides to stop working with MCX, there are no fines.

We do not consider a lack of refunds of deposits or penalty fees to be “fines”.

Back when the MCX merchants first got together, it was in response to a market that lacked a viable mobile wallet that would benefit both consumers and retailers. Today, we believe that need still exists, and our working group is getting ready to reveal a solution that is different from other mobile payment options in many important ways.

We live in a state of perpetual denial about what features are most important to consumers, and are desperately trying to convince ourselves that QR codes really took off. That’s what makes us different: we use QR codes. None of your near-field bullshit.

What Are the Facts Around Consumer Privacy?

Our Lawyers Made Us Phrase This Section Title in an Evasive and Weird Way.

Consumers’ privacy and data security are our top priorities. CurrentC will empower consumers and merchants to make informed decisions regarding how information can be shared through our privacy dashboard.

Much like Facebook, you’ll be able to see, at a glance, just how much data we collect about you. You will have very little say, however, in how that data will be used.

By the way, we noticed you recently purchased a 24-pack of Charmin and a box of Wheaties, so we hope you enjoy 10% off Glade-brand products with this coupon.

What Are the Facts About Data Security?

On the data security side, the technology choices we’ve made take consumers’ security into account at every aspect of their core functionality. We want to assure you, MCX does not store sensitive customer information in the app. Users’ payment information is instead stored in our secure cloud-hosted network. Removing this sensitive information from the mobile device significantly lowers the risk of it being inappropriately disclosed in a case that the mobile device is hacked, stolen or otherwise compromised.

Please ignore today’s unfortunately coincidental news.

The cloud is impenetrable! Clouds are like fortresses, or adamantium, or fortresses made of adamantium.

Please ignore today’s unfortunately coincidental news.

In the event that our “cloud-hosted network” is breached, please take solace in knowing that it wouldn’t be just your banking information that would be compromised, but everybody’s. Everyone’s a winner.

Please ignore today’s unfortunately coincidental news.

We look forward to continuing to work hard to develop our app. There will be more to come in the weeks and months ahead and we can’t wait for the time when we can show you more about CurrentC and its benefits. Until then, we’ll stay hard at work.

We’ll keep trying desperately to pretend that Apple Pay doesn’t exist.

PCalc’s “Featured” Calculator Widget Isn’t Allowed in the App Store Any Longer storify.com

This is a profoundly stupid decision by Apple. James Thomson, PCalc’s developer, was apparently told that “Notification Center widgets on iOS cannot perform any calculations, and the current PCalc widget must be removed.” That, despite Apple’s own app review guidelines and extension programming guide (PDF) making no mention of this restriction. The App Store editorial team must not be aware of this rule, because PCalc is currently featured as an example of iOS 8’s extensible Notification Centre feature — this is what inspired my use of the word “profound” above.

It’s not the rules themselves that are necessarily a burden on app developers. It’s Apple’s store, so they get to set the rules. But it’s seemingly-arbitrary stuff like this that makes developers lose sleep at night. Thomson clearly spent a great deal of time and care building this extension, and now that’s gone to waste with unfortunately characteristic indifference from Apple. And it’s not like PCalc was rejected outright — Apple allowed it in the store for the past month and a half before pulling it for violating a rule that doesn’t even exist.

It can’t be that Apple doesn’t want interaction in widgets — Strava’s widget allows you to start and stop a session. It can’t even be that calculations aren’t allowed, unless it only pertains to iOS for inexplicable reasons, as Yosemite includes a calculator in its default Today widget bundle. If it’s either of these things, Apple ought to better explain their expectations before developers waste hours doing stuff that’s allowed, only to be summarily rejected for new and unwritten rules.

Profit Margin of Error recode.net

Arik Hesseldahl, of Recode:

The latest report from the research firm IHS, due later today and shared exclusively with Re/code, shows that the base model of the iPad Air 2, the 16 gigabyte Wi-Fi version, which sells for $499, costs $275 to build, exactly one dollar higher than the previous base model. The top-end model, the 128GB LTE version, which sells for $829, costs $358.

Why is this being reported as though it were factual? These reports do not factor in research and development, nor do they account for software. Anyone worth their analysis salt knows that these reports are, at best, a rough estimate.

CurrentC, Not PrivaC techcrunch.com

John Gruber:

And the reason they don’t want to allow Apple Pay is because Apple Pay doesn’t give them any personal information about the customer. It’s not about security — Apple Pay is far more secure than any credit/debit card system in the U.S. It’s not about money — Apple’s tiny slice of the transaction comes from the banks, not the merchants. It’s about data.

They’re doing this so they can pursue a system that is less secure (third-party apps don’t have access to the secure element where Apple Pay stores your credit card data, for one thing), less convenient (QR codes?), and not private.

Bingo. Josh Constine, over at TechCrunch:

CurrentC notes it may share info with your device maker, app store, or developer tool makers. Oddly, it will collect health data. Precise location information is used to verify you’re at the retailer where you’re making a transaction, and if you opt in it can be used for marketing or advertising. CurrentC notes that you can opt in to be able to capture and store photos in the app for a hypothetical visual shopping list or other features down the road.

After his investigation of the app, Aude told me “CurrentC borders on the creepy line” due to it pulling health info. He also that found that its Terms Of Service leaves high liability for fraud to the user if someone else is able to get access to a user’s phone and make CurrentC payments.

Let me get this straight: a group of retailers — including Michaels, Lowe’s, and Target, all of which have had significant security breaches in the past year — are trying to launch a payment system based on QR codes and a steady hand, and want to access significantly more data so your purchase history can be sold to advertisers. Good luck with that.

Samsung Knox Stores PINs in Plain Text mobilesecurityares.blogspot.com

“Ares”:

Samsung phones, like the Samsung Galaxy S4, are shipped with a preinstalled version of Samsung Knox. Samsung advertises Knox with the following:

“KNOX Workspace container improves the user experience, providing security for enterprise data by creating a secure zone in the employee’s device for corporate applications, and encrypting enterprise data both at rest and in motion. KNOX Workspace container provides users with an isolated and secure environment within the mobile device, complete with its own home screen, launcher, applications and widgets for easier, more intuitive and safe operation. Applications and data inside the container are separated.”

Searching around the internet to find specific information about Samsung Knox were not satisfying, as Samsung Knox is not open source. This was the reason to investigate Samsung Knox a little bit and lead to this analysis. Also today I read an article that the US government certified the use of Samsung Knox for their work and this was the reason to publish my analysis.

This sounds like something that’s definitely FBI approved.

Update: Link added. Whoops.

The Race to Archive TwitPic m.theglobeandmail.com

Pierre Chauvin, for the Globe and Mail:

Right now, a collective of Internet archivists and programmers is trying to do the impossible: save more than 800 million pictures uploaded to the Twitter photo-sharing service Twitpic before they disappear down the memory hole after the company’s scheduled shutdown on October 25.

For this group of digital librarians, saving a bunch of stranger’s pictures is about keeping alive a key piece of our digital culture.

TwitPic was huge for the first years of Twitter’s life, until the official image hosting service was launched. Its shutting down has been a botched affair; it deserves better. Another valuable contribution to history from the Archive Team.

Yosemite, Spotlight, and Privacy

Concerns about the amount of information transmitted to Apple in standard usage of Yosemite first surfaced a few days ago. To be fair, it looks like a lot of stuff that Apple is collecting: an analytics ID, kinds of email addresses, Spotlight searches, and so forth. Sounds pretty scary. But Russell Brandom of the Verge and Michael Tsai have both done a great job of reducing the amount of FUD in these claims. Brandom:

But on closer inspection, many of the claims are less damning than they seem. There’s already a public privacy policy for the new feature, as well as a more technical look at the protections in the most recent iOS security report. That document breaks down five different kinds of information transmitted in a search: the approximate location, the device type, the client app (either Spotlight or Safari), the device’s language settings and the previous three apps called up by the user. More importantly, all that information is grouped under an ephemeral session ID which automatically resets every 15 minutes, making it extremely difficult to trace a string of searches back to a specific user. That also makes the data significantly less useful to marketers, since it can’t track behavior over any meaningful length of time. And most importantly, the data is transmitted over an HTTPS connection, so it can’t be intercepted in transit.

And Tsai:

Cook frames it as Apple not needing your information because it isn’t monetizing it, but there are definitely cases where having more information would help Apple improve the user experience—at the expense of privacy. It is not always possible to maximize both.

Also of note: the fact that this Washington Post article even got published. If it were nearly any other company, an article like that probably wouldn’t be warranted. That’s not because the Post wants to target Apple or anything, but because Facebook, Google, and others collect this kind of information routinely. Apple is one of the few Silicon Valley companies to care to such an extent about user privacy. Any breach of that is considered noteworthy. By contrast, the expectation of most other tech companies is that they will take as much analytics and user data as they can get away with.

Gruber’s New iPads Review daringfireball.net

Perhaps I was a little unfair in calling the iPad Air 2 an iterative update. Gruber’s review is convincing me otherwise. The combination of big upgrades, like to the SoC and display, and little enhancements, like the thickness and Apple SIM, are much greater than the sum of their parts:

I think the sort of person who prefers the Mini form factor is less likely to be using their iPad in the ways that the iPad Air 2 is improved. (Anecdotally, most iPad photographers I see in the real world are using 9.7-inch iPads, not the Mini.) And the sort of iPad users who are pushing the performance limits of the platform are the sort of people who’ve preferred the 9.7-inch models all along. In short, I think the Mini really is more of a pure consumption device, and the Air is more of an alternative to a MacBook.

That’s a big claim, but there’s probably enough in the Air 2 to warrant it. It’s a pretty impressive update on the hardware, all things considered.

But, despite the great hardware, the iPad lineup is aching for software improvements. Last year’s iPads can do everything that this year’s iPads can, with the exception of Touch ID and Apple Pay. Yes, the Air 2 has a better user experience — it’s faster and much nicer to hold. It’s certainly a much better product than the iPad 3 or 4, which is a more appropriate comparison for most people who will upgrade. But I can’t help but wish for far greater capabilities to go with the far greater hardware.

5.5 Million Macs qz.com

Speaking of Apple’s quarterly results, how about those Mac sales figures? The iPad may be weak right now, but never have so many Macs been sold in a single quarter.

This is fascinating, especially when you consider that Macs — particularly the MacBook lines, which have traditionally been the strongest sellers — haven’t really been updated this year. Both received only relatively minor spec bumps and pricing adjustments. The back to school promotion was also the same this year as it was in previous years. I can’t think of a specific impetus for such a surge; the surge simply exists. As I said: fascinating.

iPad Air 2 Benchmarked twitter.com

While Apple is currently busy with their slightly depressing iPad sales figures for the sixth quarter in a row, the iPad itself is stronger than ever, and by a huge spec margin. The iPad Air 2 scores as well on Geekbench tests as an early 2011 MacBook Pro.

Even better, Apple doubled the iPad’s RAM, which should mean that you’ll be able to keep more than three Safari tabs in memory at the same time.

In all seriousness, the embargo has lifted and the early reviews are very positive. Nilay Patel, the Verge:

Pick up an iPad Air 2 and you’ll immediately understand why Apple pursues that thinness with such single-minded zeal. It’s so, so thin: 18 percent thinner than the older Air, and even slightly lighter. It’s hard to believe that there’s a computer back there, let alone a computer as powerful than the laptop computers of just a few years ago. If there is anything magical about this new iPad it is this, this feeling of impossibility. The Air 2 makes the original iPad look and feel archaic, like a horrible monster from a long-forgotten past.

It’s decidedly iterative, but the display seems to be significantly improved. It’s now laminated, which I’m sort of surprised hasn’t happened before.

What’s different about the iPad Air and Mini this year is that they are different. Last year, Apple made a big point about how the Air and Mini were identical aside from the size of the display.1 This year, the Mini simply gets a gold model and Touch ID. That makes the $299 iPad Mini 22 the bargain of the century. Touch ID is really, really nice, but it isn’t worth $100 to me. You may disagree.

The iterative iPad improvements this year combined with several lacklustre quarters for the product aren’t going to give investors much confidence in its future, but I still think there’s a place for it. The hardware improvements in the Air 2 will hopefully make way for powerful software enhancements in the future. It’s not going away any time soon; Apple has just had its priorities elsewhere for the past year, and it shows.

  1. Though, reviewers found the display gamut of the Mini to be much, much lower and the SoC to run slightly slower, but never mind that. ↥︎

  2. Apple sorely needs a better way of differentiating iPad models, especially if they do, indeed, launch the large 12.9″ model next year. Imagine a lineup in 2016 that consists of iPad Mini 3, 4, and 5, iPad Air 2, 3, and 4, and iPad Air Plus 1, 2, and 3. Maybe they’ll give people a free aspirin when they enter a retail store to make their selection. ↥︎

iTunes 12’s New Interface macstories.net

Federico Viticci of MacStories really doesn’t like the new iTunes’ UI:

I don’t understand most of the changes that went into the iTunes 12 interface: from the lack of a sidebar to the new tabs for navigation and separation of media types and iTunes Store, I feel completely lost using the new iTunes.

Neither does Marco Arment:

Of all of the complaints people had about iTunes… is anyone ever asking them to dramatically revamp the window layout and hide everything?

I, oddly, disagree. I actually think the new iTunes UI is extremely effective. I think the separation of views based on media type makes a lot of sense, and that the sidebar was never really a great idea in such a complex app. When you’re browsing through movies, for example, you probably don’t need to see your music playlists. The two live in separate realms.

Of course, the tenability of having so many media types shoehorned into iTunes over the years is a different matter altogether. I’ve previously argued — and I stand by this — that the all-in-one solution is the least worst option for iTunes. It’s not the best, but it would be more convoluted to have separate apps for managing music, movies, apps, and podcasts, for buying all of those things, and for syncing them. That’s too many things. The isolation of iBooks into its own app in Mavericks is a good illustration of just how confusing this is: iTunes syncs books, but you buy and manage them in iBooks. Confusing.

Apple Updates iWork Suite macstories.net

I’m still going through to see how many of the (many) bugs and feature requests I’ve filed in the past year have been taken care of, but Federico Viticci’s post on the update also pointed out that the apps have gained a new file format again:

Apple’s iWork apps for OS X had been criticized in the past for removing power user functionalities and introducing incompatibilities with their new file formats, and today’s updates confirm that Apple has been listening to its user base. The OS X updates to iWork feature various AppleScript and file format improvements – notably, files generated by the apps should play nicely with Dropbox and Gmail now.

In truth, it’s not actually a new format; it’s simply a zipped version of the previous format:

Nicks-MacBook-Air:Desktop nickheer$ file NewFormat.pages  
NewFormat.pages: Zip archive data, at least v2.0 to extract  
Nicks-MacBook-Air:Desktop nickheer$ unzip NewFormat.pages  
Archive:  NewFormat.pages  
 extracting: Index/Document.iwa      
 extracting: Index/Tables/DataList.iwa  
 extracting: Index/ViewState.iwa     
 extracting: Index/CalculationEngine.iwa  
 extracting: Index/DocumentStylesheet.iwa  
 extracting: Index/ThemeStylesheet.iwa  
 extracting: Index/AnnotationAuthorStorage.iwa  
 extracting: Data/Hardcover_bullet_black-13.png  
 extracting: Index/Metadata.iwa      
 extracting: Metadata/Properties.plist  
 extracting: Metadata/DocumentIdentifier  
 extracting: Metadata/BuildVersionHistory.plist  
 extracting: preview.jpg             
 extracting: preview-micro.jpg       
 extracting: preview-web.jpg

Looks pretty familiar, doesn’t it? This is pretty familiar — the difference between iWork ’08 and ’09 formats was pretty much the same thing. The big difference this time is that it still uses the totally impenetrable protobuf-encoded .iwa files.

Update: Because this iWork update isn’t available for Mavericks users, iWork files created on Yosemite are backwards incompatible. There is a setting to change this, but then you lose Dropbox compatibility.

iCloud’s Reliability and Trustworthiness storify.com

In introducing Time Machine at WWDC 2006, Scott Forstall made a really great point about how he doesn’t want to lose his most precious memories:

When I look on my Mac, I find these pictures of my kids that, to me, are absolutely priceless. In fact, I have thousands of these photos. If I were to lose a single one of these photos, it would be awful. But if I were to lose all of these photos because my hard drive died, I’d be devastated. I never, ever, want to lose these photos.

Forstall then talks about how Time Machine solves this by automatically backing up all your photos, along with everything else you keep on your hard drive. And that sounds great for eight years ago.

But it’s 2014 now; everything has migrated to “the cloud”. Sure, if you’re a bit controlling, you might feel a little uncomfortable that you don’t have the backups right next to you. What you lose in control, though, you gain in redundancy and offsite goodness.

If this is implemented well, it feels flawless and enables users to trust their most precious memories to it. But iCloud is so flawed so much of the time that nobody should realistically trust it. And that’s a problem in 2014.

Nate Boateng just experienced this first-hand by simply signing out of his iCloud account on his phone. Luckily, he has many copies of these photos; if he didn’t, he’d probably be crushed.

With Time Machine, you get the feeling that people at Apple truly use it to recover files when they accidentally overwrite them. It was like Scott Forstall wanted the feature so bad because something like the hypothetical situation he spoke about actually happened to him. But iCloud is the sort of product that comes across as though it’s something Apple knows it needs to have, but they’re not really that invested in it. I’m sure there are people at the company who actually care, but it comes across as lackadaisical and weak. I’m not certain anyone at Apple would entrust their photo library solely to iCloud.

The Retina iMac engadget.com

Jaw-dropping. This is probably the first time I’ve considered going desktop-only (or, at least, desktop-primary) in about ten years. I do love the mobility of my Air, but this display is perfect. It’s also really reasonably priced — just $2500 to start, though you probably don’t want the base model.

I wish the Thunderbolt Display could be updated to this resolution. But, as Marco Arment explained, it’s probably going to be a long wait. You can’t even use the new iMac in target display mode, functioning as a really expensive Thunderbolt Display. Maybe the solution is to add a graphics card to the display itself; I’d buy one in a heartbeat.