Month: February 2015

Google, Our Patron Saint of the Closed Web sealedabstract.com

Drew Crawford on Google’s acquisition of the .app TLD, and planned acquisition of .blog:

My point is that if you think Google is some kind of Patron Saint of the Open Web, shit son. Tim Cook on his best day could not conceive of a dastardly plan like this. This is a methodical, coordinated, long-running and well-planned attack on the open web that comes from the highest levels of Google leadership. And we’re giving Apple a free pass? Pshaw.

There’s Optimism and Then There’s Delusional blogs.barrons.com

One of those “financial analysts”, Jim Suva of Citigroup, is in the latter category with his predictions for Apple’s upcoming media event:

We expect Apple to give specifics on the launch time, price, and geographic locations, which we estimate as: Launch date: April 16th; Price points: $350, $550 and $950; with a launch limited to the U.S., followed by Europe and Asia in the subsequent months. A flurry of fashionable accessories including various colors and materials (plastic, leather, and metal, including high-end metals such as gold, silver and platinum), starting at $29 and ranging over several hundred dollars.

$350 was announced, while $550 is very optimistic for the no-suffix Watch. But $950 is delusional for the Edition model — it’s made of fucking gold. (I would also be surprised if the Sport Band starts at $29, if that’s the implication.)

Samsung’s Ebb and Flow businessinsider.com

Business Insider’s Steve Kovach penned a well-researched missive on Samsung’s astronomical rise and quick downfall in the smartphone space:

A powerful narrative began to emerge in the press: Apple was in trouble if it didn’t catch up with Samsung and start offering phones with bigger screens. Many asked if Apple had lost its knack for innovation following the death of Steve Jobs, and Samsung was doing a good job at making that theory seem plausible. Apple’s stock dropped as low as about $380 from its all-time high of about $705, largely on fears that Apple didn’t have a revolutionary new product up its sleeves.

I wonder who might have pushed such a narrative.

Net Neutrality Is Now the Law recode.net

Amy Schatz, Recode:

The new proposal essentially reverses a 2003 agency decision to deregulate Internet lines. The FCC is relying on legal authority Congress granted it under Title II of the Communications Act, which was written for old phone lines, to police Internet providers.

Since many of the provisions of Title II don’t make sense when applied to modern networks, the agency is only using a few of those provisions when it comes to net neutrality. For example, FCC officials have vowed to not try and regulate broadband rates, or require current broadband providers to offer a potential rival access to their networks at reasonable rates.

This is very, very good news. There are plenty of reasons why service providers shouldn’t be policing themselves, chief among which is exemplified by Verizon’s petulant response:

Today (Feb. 26) the Federal Communications Commission approved an order urged by President Obama that imposes rules on broadband Internet services that were written in the era of the steam locomotive and the telegraph.

Only rules that apply to the internet and which make sense will be used. And I’m really not sure why the age of a rule has any bearing on its validity. In fact, I’m not sure Verizon even believes that:

Verizon pressed its argument against the Federal Communications Commission’s new network neutrality rules on Monday; filing a legal brief with the United States Court of Appeals for the DC Circuit. The company argued the FCC’s rules not only exceeded the agency’s regulatory authority, but also violated network owners’ constitutional rights. Specifically, Verizon believes that the FCC is threatening its First Amendment right to freedom of speech and its property rights under the Fifth Amendment.

The Bill of Rights was ratified in 1791, or as a Verizon PR person might write, in the time of the French Revolution and George Washington.

“What has been and will remain constant before, during and after the existence of any regulations is Verizon’s commitment to an open Internet that provides consumers with competitive broadband choices and Internet access when, where, and how they want.”

Limited time offer, subject to additional rules which can be found at verizon.com. Not valid when combined with other offers. See store for details.

Update: The Times illustrates why this is necessary.

The Apple Watch Edition’s Upgrade Dilemma imore.com

Serenity Caldwell, iMore:

I understand the justification of replacing an iPhone or a Mac when they’ve become too slow or outdated for their task — at most, I’ve spent $2000-$3000 on such a device, and its cost-per-year averages out to something where I don’t feel wasteful in replacing the machine.

Watches are different. They’re jewelry. They’re as much a fashion accessory as they are a device. And watches can have a long lifespan, if treated properly. Watches have people trained in the art of repair, keeping someone’s $20,000 timepiece from becoming a useless paperweight.

Once Apple jumps into that price point and that industry, should it expect that users will pay $10,000 again 18-30 months down the line to replace their watch? Does the advent of digital mean we’re expected to replace our heirlooms now, rather than pass them down? I really don’t know. Maybe the Edition is truly just meant for those who look at $5000 cost-per-year of ownership as no big deal on their bank account. Companies like Vertu have made a living off those customers; why shouldn’t Apple?

But I’d like to believe Apple is better than that. If they truly want to command the watch industry, they might take another page from watch-makers: repairability.

I’d love for this to be the case. I think owners of the Edition, especially, but also the no-suffix Watch, should be able to go into an Apple Store and get the S1 swapped for an S2, when the second version is released. Then, they could leave with the same watch they’ve worn for a year, complete with the unique characteristics that make it distinctly yours. Potentially in favour of this is Abdel Ibrahim’s suggestion that the Watch might not change shapes year-to-year, which means Apple can design subsequent modular chip designs to fit the same space. Further in favour of this is the fact that the Apple Watch has an everything-in-one chip. But I don’t think it’s going to happen.

If the animation in the introduction video is to be believed, the S1 is sandwiched in the middle of the Watch’s stack, between the Taptic Engine and the sensors on the back. And, if Apple’s site is to be believed, the body of the Watch is one seamless form, with cutouts only for the buttons, display, and sensors. Perhaps there’s some way of cracking one open; perhaps there’s a hidden latch in strap attachment areas or something. Or perhaps the front or back glass — excuse me — sapphire can be removed. But this strikes me as exceedingly unlikely.

Furthermore, the next-generation Watch is likely to have more than an upgraded processor. It’s likely to include new sensors, which may require somewhat different capabilities than the current hardware can provide.

I would love to be proved wrong on this, but I think it’s unlikely that the Watch will be upgradeable into the future. I think Apple sees the Edition1 similarly to the other models in the lineup in this regard. They’re packing it with some pretty good hardware that should be better than adequate for a few solid years of use.

Apple really is in uncharted territory here. A Rolex can be handed down generation after generation because the technology inside it hasn’t changed that much for a hundred years. It’s not really a question of whether a tech company can make a good watch; it’s whether the watch industry can support rapid technology changes.

  1. Which, by the way, isn’t going to sell in the mad hotcakes fashion that the WSJ predicts↥︎

Permalinks mattgemmell.com

Matt Gemmell on the ugliness of having dates in permalinks:

Right now, a tiny subset of humans (technical people, who think of code examples or software tutorials when they read the phrase “blog post”) are going to argue that the date does matter. They are wrong. Any article with time-sensitive information will either mention its vintage explicitly, or is by definition poorly constructed.

Entirely agreed. Someone emailed or tweeted at me a few years ago asking why I don’t have dates in my permalinks. My response was a lot simpler than Gemmell’s: they just look better without.

Gemalto Has No Clue Whether It Was Hacked by the NSA motherboard.vice.com

Lorenzo Franceschi-Bicchierai, Vice:

In the press release, Gemalto refers to two “sophisticated” hacking attempts it detected in 2010 and 2011, which at the time it didn’t think were coming from NSA or GHCQ. But now, given the Snowden documents, the company believes those attacks actually came from the spy agencies.

The two “sophisticated” attacks are described pretty vaguely. The statement refers to one attempt to “spy on the office network” of one of Gemalto’s French sites, and another involving emails that tried to trick receivers into installing malware.

But for Ronald Prins, the founder of Dutch security firm Fox-IT, Gemalto has “no clue if the traces they’ve seen were from the NSA,” since the spy agency is “very good” at removing evidence of its attacks, and using phishing emails with malware is not the way the NSA hacks its targets.

Apparently, Gemalto thinks it can dust its hands after six days of investigation and they think it’s sufficiently thorough. Weak.

Reddit Blocks Non-Consensual Sharing of Nude Photos and Video buzzfeed.com

Charlie Warzel of Buzzfeed asked them twelve questions about this policy. This is relieving:

Will users need to meet a certain standard of proof — or will requests immediately trigger a takedown?

Reddit: We are not going to require proof. That is salt in the wound to someone going through the process of removing images like this. It’s often not limited to reddit and is rather difficult. The requests will be treated individually and not trigger an automatic takedown.

Good move, but I have a thirteenth question: why has it taken this long to prohibit this on Reddit? And a fourteenth question: how is this not illegal everywhere in the world by now? The only way that it may run afoul of the law is that the subject(s) could claim copyright infringement, but only if they were the photographer.

New Emoji and Paul Kafasis’ Favourite Radar onefoottsunami.com

Paul Kafasis reacts to the new emoji in iOS 8.3 and OS X 10.10.3:

None of the emoji from the updated Unicode 7 spec are included. Apple continues to flip us the figurative bird by refusing to provide us with a literal middle finger. Diversity of races is surely a good thing, but where is the diversity for people who wish to communicate with widely recognized hand gestures?

This is actually — no bullshit — a very good question. Apple tends to be super cautious about being family friendly, to a sometimes ridiculous degree, but the “Reversed Hand With Middle Finger Extended” emoji is a totally valid Unicode character, as much as the letter ‘p’ is. Does Apple’s avoidance of anything even slightly profane trump their full support of the Unicode character set? I don’t think it should. It’s a character, like anything else, and Apple should support it.

On a less challenging note, you might be interested to know the new multiracial emoji appear to be ligatures. If you send one of them to a device that doesn’t support the new character set, that device will display the old-style “white” version plus the fallback “not found” character. Conversely, sending an old-style emoji from a device that doesn’t support multiracial emoji to a device that does will display the cartoonish yellow character on the updated device.

Test-Driving Amazon Prime Now boingboing.net

Nicole Dieker, Boing Boing:

I like sparkling water, so I add a liter bottle of San Pellegrino ($1.50) to my order. I wonder if it will arrive cold. This feels ridiculous, like I am the most decadent and silly person ever. I am going to order this bottled water and then I am going to be disappointed when Amazon delivers a room-temperature bottle. In the midst of luxury, I am frustrated that my experience is not luxurious enough.

Kinda sums this whole service up, doesn’t it?

“It’s Just This Feeling I Have That This Person Will Be Able to Get Stuff Done Faster Than You” latimes.com

Tracey Lien, Los Angeles Times:

[Ana Redmond] had built a prototype for a travel website, she said, a feature to auto-suggest cities and airports based on the first three letters typed into the search field, fixing a long-standing problem.

Her male bosses told her she’d built it without permission. Then they said only architects within the company could pitch features — and all the architects were male. In the end, the project was handed to someone else, and she was assigned to less interesting tasks.

[…]

Tracy Chou, 27, a well-known engineer at Pinterest, said she was once bypassed at a previous start-up because her boss thought a new male hire was more qualified. When Chou pressed for an explanation, she recalled him saying: “It’s just this feeling I have that this person will be able to get stuff done faster than you.”

This weekend, my girlfriend headed to Home Depot to pick up a few pieces of hardware for a work she’s exhibiting later this month; I tagged along because the nearby Williams-Sonoma was having a pretty sweet sale. We couldn’t find a water pump, so she asked an employee, who — in a dismissive and almost condescending tone — told her that they don’t carry them in the winter. I checked online and found one in stock, then asked another associate to point us to it, which he helpfully did.

This isn’t an isolated incident. Each and every time we’ve gone into Home Depot together, I see sales staff treating her differently. Whenever she asks for something, they always look at me as if I need to confirm what she’s asking for, or ask me directly if that’s the case. It’s insulting and it is infuriating. She knows way more about this than pretty much anyone I know, but they don’t trust her because she lacks a penis.

I can’t imagine being subjected to that day in, day out.

Behind the Relaunch of The New York Times Magazine nytimes.com

Jake Silverstein, of the Times:

This magazine is 119 years old; nearly four million people read it in print every weekend. It did not need to be dismantled, sawed into pieces or drilled full of holes. Instead, we have set out to honor the shape of the magazine as it has been, while creating something that will, we hope, strike you as a version you have never read before.

To this end we have made many alterations. You will find new concepts for columns, new writers, new ideas about how to compose headlines, new typefaces, new page designs in print and online, new ideas about the relationship between print and digital and, animating it all, a new spirit of inquiry that is both subversive and sincere. (You will also find, in this Sunday’s print edition, more pages of advertising than in any issue since October 2007.)

Make no mistake: this is a tall order. The new page layouts are seriously impressive, with big, wide imagery and a recognizable kinship with the rest of the Times’ site, though decidedly its own style. The typography is fairly impressive as well:

The redesign was led by our design director, Gail Bichler, a 10-year veteran of The Times, along with our art director, Matt Willey. They worked closely with the talented designer Anton Ioukhnovets, who created the look and feel of these pages. Gail and Matt also oversaw the creation of an entire suite of typefaces.

Not a single letter in this relaunch issue has ever seen the light of day. They are infants; treat them gently. Gail also had the magazine’s logo redrawn by the typographer Matthew Carter.

I love the redrawn logo. Carter has done a terrific job of retaining the feel of it while allowing it a little more breathing room. It’s way easier to read, too. I love the standard serif and sans-serif faces, too; the latter is particularly exciting, as it shares qualities of Gotham, Avenir, and Akzidenz Grotesk, without directly aping any of them or feeling like an ungainly mashup.

I’m much less keen on the condensed slab serif the magazine is using for headlines, though. It feels a bit Old West, and it’s pretty tricky to read on index pages. It’s not so much that it’s bad; it’s a perfectly functional and rather nice condensed slab. It just doesn’t fit the Times very well, I don’t think.

New Oakridge Apple Store flickr.com

Maybe I was a bit hard on Apple’s decision to remove the Genius Bar logos from behind the counter. The new Oakridge store is a much nicer example, but I still feel like it lacks some character. More importantly, it’s also a little confusing. I know plenty of people who are already weirded out by the somewhat awkward and undefined buying process in an Apple Store, where there’s no clear register or cash counter. Now, there’s no obvious signposting of the support area.

It does look less dated than the embedded TVs, though, so that’s something.

Update: The Stonestown store in San Francisco has a similar treatment, as do the Westfarms, Rockingham Park, Nanuet, Twelve Oaks, and several other stores. I’m not sure why I hadn’t noticed this before. It looks as though Apple started omitting the Genius Bar signage with stores opened around the time of the iPhone 5S/5C release, or perhaps even earlier.

Crazy Apple Rumours bitsplitting.org

Remember CARS? The site that John Moltz ran? “Crazy Apple Rumors”? It’s back, insomuch as actual crazy Apple rumours about cars constitutes Crazy Apple Rumors.

Daniel Jalkut:

Personally, I’ve flipped over to being cautiously optimistic that the Apple car will become a reality. My first inclination was to worry that it represented a deparature of focus for Apple, and that it would mean stretching their limited resources even thinner. But the 9to5Mac story drives home that a lot of the expertise required to pursue this dream, if that’s what they do, can be hired from outside the pool of software and hardware engineers that Apple has typically employed. I think it’s reasonable, for example, to be optimistic that a drive-train engineer’s efforts are not being wasted by working on a car instead of a MacBook Pro’s cooling fans.

I was initially skeptical of these rumours, but when you see a list of employees working on such a project, like the one 9to5Mac published, it goes from zero to “this is happening” faster than a hypothetical Apple Car.

iOS Rumoured to Receive Public Beta Program 9to5mac.com

Once again, it’s the guy with the Cupertino hotline, Mark Gurman, breaking this news:1

Following the successful launch of the OS X Public Beta program with OS X Yosemite last year, Apple intends to release the upcoming iOS 8.3 as a public beta via the company’s existing AppleSeed program in mid-March, according to the sources. This release will match the third iOS 8.3 beta for developers, which is planned for release the same week. Apple then expects to debut iOS 9 at its June Worldwide Developer Conference, with a public beta release during the summer, and final release in the fall.

Makes sense. It should minimize the amount of developer account reselling that goes on around the release of every iOS beta, and those people likely weren’t filing radars.

With this program should, hopefully, come an automatic block on App Store ratings and reviews from devices enrolled in the beta program, but this isn’t as straightforward as it sounds. Apple could simply block ratings and reviews on the device itself, but this doesn’t prevent the extra determined from submitting a review on a non-beta device. This could be solved by blocking ratings from users with any device enrolled in a beta program, but that means that developers with multiple devices — some running beta releases, some not — couldn’t submit any App Store ratings. I anticipate that Apple would take the first route here, which is “just enough”.

  1. Also, Gurman clarifies that “Stowe” is the codename for iOS 8.3. ↥︎

Apple Watch Configurations lmnt.me

The array of personalization options with the Apple Watch is kind of dizzying. Louie Mantia has put together a huge table showing all of the default Watch and strap combinations, based on the information available on Apple’s website.

However, this table doesn’t answer a lot of questions, and raises some new ones. What about the Edition’s apparently matched crown and strap? The straps are designed to be easily swappable, but my hunch is that the crown colour can’t be changed, even if the strap can. Why does it appear that there are so few strap options available for the Space Black Stainless model? Do you think all of the straps will be available for separate purchase? Why are some straps only available for the 38mm case, while others are only available for the 42mm model?

SuperPhish blog.erratasec.com

Robert Graham of Errata Security has more details on that crazy Lenovo adware story:

Note that the password “komodia” is suggestive — that’s a company that makes an SSL “redirector” for doing exactly the sort of interception that SuperFish is doing. They market it as security software so you can spy on your kids, and stuff. A description of this component, their “SSL Digester”, is here. They market it for “ad injection” here. That site teaches us a lot about what SuperFish can do.

Meanwhile, Lenovo’s PR department is really working for their paycheques today:

We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns.

Bullshit. Anything that intercepts or falsifies an SSL certificate is a security concern. Period.

The relationship with Superfish is not financially significant; our goal was to enhance the experience for users.

Bullshit. Lenovo thought they could fatten their per-unit profit by installing this software.

Lenovo does provide uninstall instructions, but…

Superfish will be removed from Program Files and Program Data directories, files in user directory will stay intact for the privacy reason. Registry entry and root certificate will remain as well.

The emphasis is mine, but the words are all theirs. They’re actually going to leave the enormous security hole — their root self-signed security certificate — installed on machines. That’s super sketchy.

Thursday, Creepy Thursday firstlook.org

Jeremy Scahill and Josh Begley, writing for the Intercept:

The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.

The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.

“Well that’s the government,” you begin, “can’t trust ’em.” Surely, then, a private corporation will fare better?

Allow Ars Technica’s Dan Goodin to pour cold water all over that theory:

Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said.

The critical threat is present on Lenovo PCs that have adware from a company called Superfish installed. As unsavory as many people find software that injects ads into Web pages, there’s something much more nefarious about the Superfish package. It installs a self-signed root HTTPS certificate that can intercept encrypted traffic for every website a user visits. When a user visits an HTTPS site, the site certificate is signed and controlled by Superfish and falsely represents itself as the official website certificate.

Even worse, the private encryption key accompanying the Superfish-signed Transport Layer Security certificate appears to be the same for every Lenovo machine.

“Phew, at least I don’t have a Lenovo PC,” you sigh.

Yeah, but do you have OnStar? Or a Kinect? Or an LG TV? Or a bunch of other products?

Earlier this month, Samsung was the target of a privacy dust-up due to a disturbing sentence in the privacy policy for its smart TVs: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”

[…]

But Samsung’s televisions are far from the only seeing-and-listening devices coming into our lives. If we’re going to freak out about a Samsung TV that listens in on our living rooms, we should also be panicking about a number of other emergent gadgets that capture voice and visual data in many of the same ways.

At this point, you’re forgiven if you’re preparing to crawl into the fetal position under your desk. Happy Thursday, everyone.