Month: March 2016

NSA Data Will Soon Be Used for U.S. Domestic Policing privacysos.org

The Massachusetts branch of the ACLU:

The wall separating “foreign” intelligence operations from domestic criminal investigations has finally, fully collapsed. The FBI now plans to act on a rule change initiated by the Bush administration and finally massaged into actionable policy by Obama: Soon, domestic law enforcement agencies like the FBI will be able to search through communications collected under the mysterious authority of executive order 12333. Now, FBI agents can query the NSA’s database of Americans’ international communications, collected without warrants pursuant to Section 702 of the 2008 FISA Amendments Act.

Actions like these cannot be legitimized. This is disturbing.

Sir Ken Adam, Dead at 95 core77.com

Watching my first Bond film, Thunderball, at a very young age left a significant impression on me. The action, the music — Thunderball’s soundtrack remains one of the best in the series — and the quick dialogue all remain locked in my brain. But perhaps the single biggest contribution, for me, was Ken Adam’s gorgeous SPECTRE lair set. It is one of the first times I really took notice of architecture and design.

His work continues to inspire me to this day. From his indelible mark on every Bond film — whether he worked on the film or not — to the Dr. Strangelove war room set, Adam’s work is second-to-none. That’s one hell of a life.

The Force Quit Fallacy martiancraft.com

Craig Federighi replied to a customer’s email:

Do you quit your iOS multitasking apps frequently and is this necessary for battery life?

No and No.

Kyle Richter of MartianCraft elaborated a couple of weeks ago on why this is completely unnecessary:

Many people think that force-quitting these apps will at the very least do no harm since “they aren’t running anyways.” The logic of “…you might as well quit, just in case” comes into play. The problem is that force-quitting apps that are Suspended, and not taxing the battery, produces negative effect and can do quite the opposite of the intention.

If you force-quit an app, it’s removed from memory, its state is instead saved to disk, and the app is closed or quit. This event triggers a multitude of tasks from disk i/o, to memory swaps, and even cpu cycles processing data. If the app is relaunched, additional resources are required to open it from a closed state as opposed to the faster Suspended state. Since the OS manages purging apps when memory is already low there is no benefit to force-quitting suspended apps, unless of course they are misbehaving and need to be relaunched.

Let us put an end to the misinformation right now.

In the overwhelming majority of circumstances, there is simply no need to manually manage applications on your iOS device. In fact, it’s almost always wasteful to do so; it is to your benefit to not force quit apps.

‘Let Us Loop You In’ loopinsight.com

Jim Dalrymple:

Apple on Thursday sent out invites for an event to be held at its Cupertino headquarters on Monday, March 21, 2016. The event will take place at 10:00 am — I’ll be there covering the news.

There are a number of products rumored to be announced at the event including a smaller iPhone (think iPhone 5s), iPads, Apple Watch bands, and Apple Pay updates.

Probably the last time they’ll be using 4 Infinite Loop, hence the titular pun. That, or the iPhone (5)SE will have an iPod Touch-style loop attachment.

Update: The event will, as usual these days, be streamed live.

Eric Schmidt, iPhone User appleinsider.com

AppleInsider:

Former Google CEO and current Alphabet Executive Chairman Eric Schmidt was in South Korea for a press event this week, where he was spotted taking pictures of the event using an Apple iPhone instead of a Google Android handset.

On some level, this seems like petty gossip, but could you imagine any Apple executive — even at a non-senior, rarely-public level — using anything other than an iPhone in public?

Wired’s Tired Flickr Article wired.com

On Tuesday, Flickr announced that they would making their automatic uploader application available only to Pro users. I didn’t write about this change because I considered it a non-story — the $35/year rate helps filter out people who aren’t judicious about what they upload.

But David Pierce of Wired thinks that this move spells the end of Flickr, in an article misleadingly titled “Uploading Photos to Flickr Is No Longer Free, So Bye Flickr”:

Just shy of a year ago, Flickr started offering 1,000 gigs of free storage to every user, along with an automatic uploader tool that would help you take every photo from your computer, your external drives, and SD cards, and dump them into one place. Flickr’s search engine was good, the new universal Camera Roll interface was great, and Flickr suddenly seemed to have a chance as a permanent archive of all of our photos. But then, this morning, Flickr announced that once again its best tools will only be available to paying users. It’s time to call it: Flickr is dead. Over. Kaput. In the search for a few more people willing to fork over $35 a year to fund more purple offices, Yahoo has killed its photo service.

Today’s announcements really only include one change of consequence: The desktop Auto-Uploadr tool is now reserved only for Pro users.

In two paragraphs, Pierce pitches Flickr as a great service with a useful UI, accurate search, and lots of space. Then, he says that Flickr is limiting “its best tools” to Flickr Pro subscribers, admitting that it’s only a single change, and protesting that this singular move will be found responsible for Flickr’s eventual downfall.

First, I’ll note that Wired’s track record for predicting the imminent demise of technology is spotty, to say the least.

More than that, this move seems to be unpopular, but it’s not unreasonable. Allowing the automatic upload of many gigabytes of photos at full resolution for free is a recipe for allowing users to dump onto Yahoo servers whatever random crap they have that matches an image format-finding regular expression. Launching this as a free product and shifting to a paid one feels more wrong than it is.

Pierce, continued:

The move feels a bit like ransomware, Yahoo forcing people who’ve already bought into the idea of Flickr as a permanent backup to start paying for the privilege.

The tone that Pierce strikes while describing this is entirely unsympathetic. Yahoo is not healthy, and to suggest that this amounts to nickel-and-diming users — or that it compares, in any way, to ransomware — is sensationalist garbage.

This move turns Flickr back into a niche product, a social network for photographers. And that’s fine!

“Fine”? I thought Pierce said this move killed Flickr and left its rotting corpse behind a purple dumpster. Can’t have it both ways.

Luckily for the rest of us, we can just head to photos.google.com. Google’s automatic uploading tool is still as free as can be.

Sure, it’s free if you like your photos compressed and “optimized”. If you want to upload your photos in full resolution at their original quality, you only get 15 GB of space for free; to get the terabyte of space Flickr promises would cost $120 per year.

I admit that I have no idea if this move will be a net positive or negative for Flickr. Maybe they’ll have fewer monthly uploads but more people will be paying, or perhaps plenty of people will, in fact, switch to a competitior. But, while I doubt that this is Flickr’s death knell, I certainly have no confusion about what a crappy article this is.

Mr. Fart’s Favorite Colours medium.com

Blake Ross wrote one of the best explanations of the FBI/Apple fracas:

It’s easy to assume that digital security is just another spectrum, and politicians love to reinforce that — gray’s their favorite color. Every presidential candidate is offering the same Michael Scott solution: Let’s preserve everyone’s security at once! Give a little here, take a little there, half-pregnancies for all.

Unfortunately it’s not that complicated, which means it’s not that simple.

Absolutely terrific.

‘Polaris’ Framework Loads Web Pages One-Third Faster news.mit.edu

Adam Conner-Simons, writing for the MIT news blog:

What Polaris does is automatically track all of the interactions between objects, which can number in the thousands for a single page. For example, it notes when one object reads the data in another object, or updates a value in another object. It then uses its detailed log of these interactions to create a “dependency graph” for the page. […]

Polaris is particularly suited for larger, more complex sites, which aligns nicely with recent trends of modern pages ballooning to thousands of (JavaScript-heavy) objects. The system is also valuable for mobile networks, since those tend to have larger delays than wired networks.

Unlike the AMP project, this doesn’t target web pages that should be small but are bloated with excess objects and scripts. Polaris seems like it’s built for pages that are necessarily large, like the homepage of a newspaper or an online store with lots of items on a single page.

I appreciate any effort to speed up an increasingly-sluggish web, but I have a nasty feeling that any speed gains will be temporary, and superseded as soon as some marketing technology company sees the now-available bonus bandwidth as a way to track users to an even greater extent. That’s what has happened before, and that’s the way it’s going to go in the future. The number of marketing technology companies has steadily increased until 2015, when there was a reported 98% increase. The 2016 version of that infographic hasn’t been released yet because the guy who makes them says that there are far more this year. Gross.

Which, in a way, brings me back to Polaris. While I appreciate any effort to speed up the web, I know that this is just an excuse for some to stuff yet another tracker or two into every page. The best way to make a fast webpage is, as ever, to reduce the amount of stuff on it to the bare minimum, and optimize the hell out of whatever is left over. In a way, Polaris solves the wrong problem; it gives bad developers a reason to add complexity.

Aperture Migration Plan mjtsai.com

If you’re still hanging onto Aperture despite its long-tolling bell, you might want to look into Aperture Exporter if you’re considering switching to Lightroom. You’ll also need this terrific overview from John Gordon, and Michael Tsai’s collection of notes and caveats.

Me? I strongly dislike Lightroom. Something about its workflow just doesn’t agree with me. When Apple stopped supporting Aperture, I moved my library over to Photos, as it became clear that it’s the closest thing I could find to replace Aperture, and it’s where Apple would be focusing their development efforts. However, while I’ve been enjoying the iCloud integration — which, for me, has worked flawlessly — and easy editing, I’ve found its lack of advanced editing options hampers my use of the app.

I’m sure that Apple’s hope was that third-party developers would sieze upon the chance to build extensions for Photos that would replicate and perhaps improve upon lost Aperture functionality. But I’ve seen only a handful of third-party Photos extensions, the vast majority of which are intended to add effects and textures. I just want a selective colour tool built into Photos; this seems impossible to find.

Very few of Apple’s recent decisions have made me more disappointed than the loss of Aperture. I understand why it was discontinued, and I agree with their focus on Photos, but it’s still a loss for my workflow.

How FOIA Reform Was Killed news.vice.com

Jason Leopold, Vice:

The FOIA Oversight and Implementation Act of 2014, co-sponsored by then–House Oversight and Government Reform Committee Chairman Darrell Issa and ranking member Elijah Cummings, would have codified into law Obama’s presidential memorandum, signed on his first day in office in 2009, that instructed all government agencies to “adopt a presumption in favor of disclosure, in order to renew their commitment to the principles embodied in FOIA, and to usher in a new era of open Government.” […]

Additionally, the legislation called for the implementation of a centralized online portal, overseen by the Office of Management and Budget (OMB), to handle all FOIA requests and required government agencies to update their FOIA regulations. The bill unanimously passed by a vote of 410-0, one of the few pieces of legislation during President Barack Obama’s tenure to receive bipartisan support.

But the administration “strongly opposed passage” of the House bill and opposed nearly every provision that would have made it easier for journalists, historians, and the public to access government records. The White House claimed it would increase the FOIA backlog, result in astronomical costs, and cause unforeseen problems with processing requests, according to a secret six-page DOJ set of talking points turned over to the Freedom of the Press Foundation along with 100 pages of internal DOJ emails about the FOIA bill.

I’ve filed only a handful of FOIA requests, but the process for doing so is archaic and byzantine. It’s also slightly different from agency-to-agency, department-to-department. Everything about this bill sounds promising; that it was killed in such an underhanded way is deeply concerning.

Someone With Tiny Hands gizmodo.com

Matt Novak of Gizmodo, quoting a spectacular Wired correction notice:

Correction at 9:58 a.m. on 3/09/2016: Due to an oversight involving a haphazardly-installed Chrome extension during the editing process, the name Donald Trump was erroneously replaced with the phrase “Someone With Tiny Hands” when this story originally published.

Wired hasn’t yet noticed that a story from Monday, titled “Poor Ted Cruz Doesn’t Even Get a Funko Election Figurine” also has every mention of Trump replaced with the phrase “Someone With Tiny Hands.”

The second story has, sadly, also been corrected.

Apple Approves, Then Pulls FlexBright Display Adjustment App macrumors.com

Juli Clover, MacRumors:

FlexBright, an app that allows the user to manually adjust the display temperature of an iOS device, was recently approved by Apple, marking one of the first third-party apps that’s able to function in a manner similar to the company’s own Night Shift mode, set to be released in iOS 9.3. The only catch is it must be triggered somewhat manually in response to a notification, rather than continuously, like Night Shift or f.lux.

Currently available for download in the App Store, FlexBright was created by Intelligent Apps, who worked with Apple to find a way to implement blue light reduction capabilities. […]

According to one of the developers behind FlexBright, using this notification system was the only way Apple would allow the app to change brightness or blue light while running in the background. The app does not use private APIs to change the screen temperature, instead utilizing a “native objective-c library that filters the blue light from the iOS screen.”

I was surprised that this app was approved in the first place; I was even more surprised that the developers apparently sought advice from Apple. Of course, it was likely one person in app review who advised them, and they were apparently wrong.

This inconsistency must be very frustrating for both Intelligent Apps and f.lux. They should anticipate similar features being treated similarly, but that didn’t happen here — at least, not initially. That’s something that needs to be fixed.

The Verge Reviews the New Samsung Galaxy Models theverge.com

Name aside, I think Samsung has done a terrific job with the Galaxy S7 Edge. By stepping away from the assumption that the top of a phone is distinct from the sides, they’ve made the edges part of the display in a fairly clever way. Dan Seifert, the Verge:

Samsung’s using them here to make the phone much narrower than it would be if it had a flat display. It makes the whole device smaller and easier to use. That becomes readily apparent when you put the S7 Edge next to other devices with 5.5-inch or similar screens. It’s significantly narrower than all of them, including Apple’s iPhone 6S Plus (5.5-inch), the LG G4 (5.5-inch), Google’s Nexus 6P (5.7-inch), and Samsung’s own Note 5 (5.7-inch). When it comes to ease of use in your hand, a narrower phone is much easier to manage.

The iPhones 6 all use cover glass with a slight curve at the edges, which helps reduce the size of the display bezel and disguise the width of the phone in the hand. But imagine how much easier an iPhone would be to hold if just a couple of millimetres could be trimmed from either side.

This, though, remains disheartening:

Samsung says it worked with Google to reduce the number of redundant apps it adds to Google’s own suite, and the Verizon S7 I tested comes with only one browser (Chrome) out of the box (other carrier models will have both Chrome and Samsung’s browser). But it still has two email apps, two photos apps, three music players, two voice control systems, two app stores, and two text messaging apps. On top of that, Verizon adds thirteen more apps, including three from Amazon, another text messaging app, another streaming music app, and a navigation app that competes directly with Google Maps. These apps can be “disabled”, but cannot be removed entirely.

These phones are among the flagships of the Android world, but this unnecessary duplication is a mess. A brand-new Verizon S7 will have three text messaging apps and four different music players. Gross.

Federighi: The FBI Wants to Roll Back Security washingtonpost.com

Craig Federighi, in an op-ed for the Washington Post:

Security is an endless race — one that you can lead but never decisively win. Yesterday’s best defenses cannot fend off the attacks of today or tomorrow. Software innovations of the future will depend on the foundation of strong device security. We cannot afford to fall behind those who would exploit technology in order to cause chaos. To slow our pace, or reverse our progress, puts everyone at risk.

If the FBI wants to crack this phone on their own, more power to them.1 But conscripting Apple and requiring them to develop new technology to create flaws in their existing security safeguards is wrong. This would have been unfathomable twenty years ago.

  1. I suspect Apple would treat whatever methods they use as a bug report and fix them, for the same reason they fix the root method of a jailbreak: they’re security vulnerabilities, full stop. ↥︎

Verizon Fined for ‘Supercookie’ Privacy Violation reuters.com

David Shepardson, Reuters:

Verizon Communications Inc will pay a $1.35 million fine and agreed to a three-year consent decree after the Federal Communications Commission said on Monday it found the company’s wireless unit violated the privacy of its users.

Verizon Wireless agreed to get consumer consent before sending data about “supercookies” from its more than 100 million users, under a settlement. The largest U.S. mobile company inserted unique tracking codes in its users traffic for advertising purposes.

Supercookies are unique, undeletable identifiers inserted into web traffic to identify customers in order to deliver targeted ads from Verizon and others.

Based on their last quarter results, it will take Verizon approximately half an hour to recoup enough profits to cover this fine. That’ll learn ’em.

New OS X Ransomware KeRanger Infected Transmission BitTorrent Client researchcenter.paloaltonetworks.com

Claud Xiao and Jin Chen of Palo Alto Networks:

On March 4, we detected that the Transmission BitTorrent [client] installer for OS X was infected with ransomware, just a few hours after installers were initially posted. We have named this Ransomware “KeRanger.” The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform. […]

The KeRanger application was signed with a valid Mac app development certificate; therefore, it was able to bypass Apple’s Gatekeeper protection. If a user installs the infected apps, an embedded executable file is run on the system. KeRanger then waits for for three days before connecting with command and control (C2) servers over the Tor anonymizer network. The malware then begins encrypting certain types of document and data files on the system. After completing the encryption process, KeRanger demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files. Additionally, KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data.

Ransomware is especially frustrating because it doesn’t mess up your data so much as hold it ransom. I can’t imagine trying to understand the situation for as a regular user with a single computer infected by it, let alone an entire hospital. It’s affected scores of Windows users for a long time and, while I haven’t heard of KeRanger causing major damage in the wild — so to speak — it’s still cause for concern.

If you use Transmission, be sure to upgrade to version 2.92 which is not infected with the malware and will remove it from the package. Palo Alto Networks also has instructions for users to figure out if they are infected, and to remove KeRanger if they are.

Ray Tomlinson Dies techrepublic.com

Few people have made such an extraordinary contribution to modern society. Tomlinson invented email. He certainly made his dent in the universe.

11 Across: “Crib” fivethirtyeight.com

Oliver Roeder, FiveThirtyEight:

A group of eagle-eyed puzzlers, using digital tools, has uncovered a pattern of copying in the professional crossword-puzzle world that has led to accusations of plagiarism and false identity.

Since 1999, Timothy Parker, editor of one of the nation’s most widely syndicated crosswords, has edited more than 60 individual puzzles that copy elements from New York Times puzzles, often with pseudonyms for bylines, a new database has helped reveal. The puzzles in question repeated themes, answers, grids and clues from Times puzzles published years earlier. Hundreds more of the puzzles edited by Parker are nearly verbatim copies of previous puzzles that Parker also edited. Most of those have been republished under fake author names.

Test Case, Please Ignore barelylegally.com

Dominic Mauro (via G. Keenan Schneider), who is an honest-to-goodness real-life lawyer:

And look, the FBI’s job is to investigate crimes and keep us safe. It’s natural for them to want better tools. Heck, I want them to have better tools. They catch criminals, which is A Good Thing. But there’s simply no arguing that if the FBI compels Apple to circumvent iPhone security today, they will be resist the temptation to use Apple’s tool on another phone tomorrow. They’ll use it like any other tool.

You don’t even have to imagine, just look at the Patriot Act. It was passed to give law enforcement new powers to fight terrorism. The full name of the law is the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, which spells USA PATRIOT Act because the country kind of lost its mind after September 11. And do you know what the FBI does today with the Appropriate Tools that help them Intercept and Obstruct Terrorism? Bust drug dealers.

Slippery slope arguments are inherently weak, but the FBI has demonstrated that they will use whatever precedent they can to establish the legality of whatever new intelligence gathering program they choose. This is a shitty test case; it cannot be allowed to be the cornerstone of legislation that would allow for further intrusion.