Month: March 2017

MG Siegler on Facebook’s now-pathological need to copy Snapchat in every app they own:

The ‘Story’ format makes sense in Instagram. From the get-go, it was a visual feed of information. While it was definitely aggressive to put the ‘Stories’ feature front-and-center at the top of every users’ feed, it proved to be a smart move. Not only did it spur usage, if people didn’t want to use the funtionality, they just kept scrolling on down the feed, just as they had always done.

The um, story, is completely different in Messenger. Here, people have their list of contacts and/or groups that they chat with. The most recent conversations — likely the most important — are at the top of that feed. But if you’re anything like me, you’re often scrolling down a bit because you have many regular conversations. And so this screen real estate is insanely valuable. And Messenger puked up this new ‘Day’ nonsense all over it.

Yes, people share photos on Messenger. Undoubtedly a ton. That’s maybe how you try to justify this move to yourself if you’re Facebook. But Messenger is fundamentally about chatting; it’s a utility. Photos may be additive, but they’re not core. You could try to pivot your service into making them core, but that doesn’t mean you should.

For whatever reason, Facebook isn’t content to let their text messaging replacement app be good at just sending text-based messages. About a year ago, they added “bots” to the system, which few people seem to use; now, they’ve cluttered it up with this “Day” feature. Perhaps Messenger Day is supposed to be a visual interpretation of a status message, or just a prompt to get people to use Messenger in a different way. But it seems to come at the cost of making the app less good at messaging.

It’s not just Facebook, of course: Apple is facing discovery problems with iMessage apps, and Google’s Allo app — built around the company’s cleverly-named virtual assistant, Assistant — seems to be struggling as well. But both of these features can be easily ignored within the app; you can still use them for basic messaging. Facebook, on the other hand, seems content to muddy its primary messaging app and create something that feels almost like an alternative Facebook experience. To what end?

Lloyd Chambers (via Michael Tsai):

My 2013 Mac Pro was running a bit noisy and hot for some hours yesterday even while idle. It is normally whisper quiet and all but inaudible. I have seen that behavior before, and it is always caused by some runaway process doing something useless in the background.

MacOS Sierra has been filled with new bugs, too numerous to contemplate. But the one discussed here is what I call the “logging spew” bug: a continuous stream of logging visible in the Console application, and steadily growing the size on disk of the numerous logging files, all of which are 100% useless to 99.999% of users.

The volume of logging in Sierra and iOS 10 alike has been mind-boggling to me. I’ve previously mentioned the bloated size of sysdiagnose files I’ve submitted when reporting bugs, for particularly stupid reasons. I see the same iTunes bug as Chambers:

On a Mac Pro no touch user interface exists, but the engineers at Apple don’t bother to test much any more, so the com.apple.nowplayingtouchui apparently is just going to fail forever.

I used to be able to open Console to diagnose minor system and application issues. Now, I just see a load of these error messages and information about my WiFi connection, neither of which is relevant to me.

Avram Piltch of Laptop Magazine summarized their findings for why they ranked Apple first for the third year in a row:

Apple offers the best tech support in the business, year after year. The company’s website and mobile app are loaded with helpful, step-by-step tutorials and, whether you reach them via phone or live chat, support reps are knowledgeable and friendly. Apple also answered Twitter messages quickly and accurately.

Henry T. Casey wrote up the full report card:

While calls did not go perfectly, Apple’s customer support team provided solutions in a speedy and positive manner. The company does not get any points for finally creating a Twitter support account (and is it too good for Facebook?), but we do applaud the team running that account for the timely, helpful replies.

If Apple wants to improve its support, it should ensure support techs learn about all of the new features so that they can give completely accurate answers to questions on topics such as iCloud Documents. Its Twitter account could also improve by providing answers directly, instead of linking to posts where the content is found. Overall, though, Apple offers the best support of any laptop manufacturer, as it has for many years.

It’s good to hear that Laptop continues to find Apple’s support channels the best in the industry, but I worry that it’s seeing a reduced focus within the company. Yesterday, I linked to a report from MacRumors stating that Apple will no longer be training their Genius Bar staff in Cupertino, or even on real devices.

This is a small thing, but I’m a little concerned about the cumulative effect of changes like these. I noticed a degradation in service quality last year when I found it very difficult for me to get an appointment, through the usual means, for an iPhone battery swap. When I did manage to get an appointment for that recall program, my store — predictably — didn’t have any batteries in stock.

When Marco Arment noted on Twitter that he was also finding it hard to get support for his iPhone 7, a bunch of people replied with their tales of Apple Store support woe: lots of waiting around, parts not in stock, and repeat visits to resolve the same issue. I assume people would be less likely to reply if they weren’t having issues, but there was an alarming volume of replies along similar lines.

All told, the combination of long wait times, hard-to-get appointments, a focus on self-service within the Support app, and less robust Genius training seems like bad news for maintaining Apple’s long-excellent support channels. I hope reviving higher calibre service options is on the company’s radar.

Zeynep Tufekci, in an op-ed for the New York Times:

WikiLeaks seems to have a playbook for its disinformation campaigns. The first step is to dump many documents at once — rather than allowing journalists to scrutinize them and absorb their significance before publication. The second step is to sensationalize the material with misleading news releases and tweets. The third step is to sit back and watch as the news media unwittingly promotes the WikiLeaks agenda under the auspices of independent reporting.

The media, to its credit, eventually sorts things out — as it has belatedly started to do with the supposed C.I.A. cache. But by then, the initial burst of misinformation has spread. On social media in particular, the spin and distortion continues unabated. This time around, for example, there are widespread claims on social media that these leaked documents show that it was the C.I.A. that hacked the Democratic National Committee, and that it framed Russia for the hack. (The documents in the cache reveal nothing of the sort.)

WikiLeaks’ tactics put reporters in a tough spot. If they don’t have a story ready after a major information dump like this one, their editors won’t be happy. But those reporters can’t trust WikiLeaks’ accompanying press release, either, because it doesn’t always accurately describe the contents of the leak.

A more accurate angle for reporters might be to write about the leak itself, not the specific claims made in the press release. Not every publication will do that, of course — many of the more conspiracy-oriented “news” websites and Twitter users are already claiming that these documents prove that the CIA was responsible for Buzzfeed reporter Mike Hastings’ death. This is, of course, completely unsubstantiated.

Stephen Nellis, Reuters:

At Apple, the company starts working on a new language by bringing in humans to read passages in a range of accents and dialects, which are then transcribed by hand so the computer has an exact representation of the spoken text to learn from, said Alex Acero, head of the speech team at Apple. Apple also captures a range of sounds in a variety of voices. From there, an acoustic model is built that tries to predict words sequences.

Then Apple deploys “dictation mode,” its text-to-speech translator, in the new language, Acero said. When customers use dictation mode, Apple captures a small percentage of the audio recordings and makes them anonymous. The recordings, complete with background noise and mumbled words, are transcribed by humans, a process that helps cut the speech recognition error rate in half.

After enough data has been gathered and a voice actor has been recorded to play Siri in a new language, Siri is released with answers to what Apple estimates will be the most common questions, Acero said. Once released, Siri learns more about what real-world users ask and is updated every two weeks with more tweaks.

For the past year or two, I’ve noticed that Siri’s record for understanding my speech has been outstanding. The lacklustre part is, increasingly, in the comprehension of my intentions. Just as with a real person, it’s not good enough for Siri to simply be able to hear well; it must do something with the information I’ve provided it, and that something needs to be the right thing more often than not.

If you search Google for “who invented stairs” or ask Google Home, it will tell you something that beggars belief:

Stairs have become such a commonplace fixture in contemporary architecture that it is easy to forget that they were not invented until 1948, by Swiss architect Werner Bösendörfer.

The source for this is the reputable-sounding cghm.org, but if you dig a little deeper, you’ll learn that those initials stand for “Compu-Global Hyper Meganet”. The site is the rightly-proud recipient of the Montgomery Burns Award for Outstanding Achievement in the Field of Excellence. And their source for the inventor of stairs is, of all things, a parodic “virtual White House tour” site hosted on GeoCities:

While most Presidents were quite adept at negotiating the interior ladders, some found the arrangement unworkable. For that reason, President Benjamin Harrison had an elaborate system of winches and pulleys installed on the White House exterior. Evening passers-by on Pennsylvania Avenue often could catch a glimpse of the President being hoisted to the window of his second floor bedroom. Indeed, those nightly episodes were the genesis of the campaign slogan, “Heave Ho for Harrison!” which the President used extensively during his unsuccessful 1893 campaign.

While the interior staircases at the White House were all installed during the Truman administration, the various exterior stairs were installed piecemeal, with the last being completed in February 1963.

The initial Google query isn’t leading or misleading; it’s a reasonable question that someone might ask. By highlighting one specific answer and presenting it above every other result on the page, the implication is that the answer is authoritatively correct. But, as we’ve seen over the past week, it’s frequently wrong in ways that are conspiratorial, scammy, and literally the opposite of the source article. The Rich Snippets feature works very well for data-based queries — finding out what the weather is going to be, or when Thanksgiving is this year. But it’s terrible at providing answers to questions, and shouldn’t be shown for any queries beyond basic data lookups.

Joe Rossignol, MacRumors:

For years, Apple has sent new Genius hires to its Infinite Loop headquarters in Cupertino, or sometimes an auxiliary campus in Austin or Atlanta, to receive hands-on training for up to three weeks. Recently, however, Apple appears to have stopped offering these group-oriented trips, according to people familiar with the matter.

Apple’s off-site Genius Training program has been replaced by an in-store, self-guided experience using company-provided reference materials, according to a source. The training now involves watching web-based seminars through the Apple Technical Learning Administration System, or ATLAS, another source said.

At its Cupertino headquarters, Apple had a small training facility with a mock Genius Bar and Macs set aside specifically for trainees to take apart and perform test repairs on. But with the switch to web-based seminars, Apple is allegedly providing “virtual take aparts” only now, with no physical hardware.

Via former Genius Stephen Hackett:

I went to Cupertino for my training in October 2007. While I am confident that the experience has changed in the intermediate decade, I can say that the two weeks I spent in California were well worth it.

I bet most members of the public aren’t aware that their Apple Store technician was trained at Apple’s headquarters. Hackett posted some of his notes from his training, and it’s seems like taking apart real devices with in-person help was beneficial to his learning experience. Disassembling virtual devices while watching a video doesn’t really seem like an adequate substitute.

Johana Bhuiyan, Recode:

Greyball, first exposed by The New York Times, allows the company to create phantom rides for specific users as a way to both track and evade law enforcement.

The company reportedly used the tool to avoid local regulators in markets such as Boston, Las Vegas and Paris, where Uber could not yet legally operate.

But the company says it will continue to use the technology behind Greyball for other purposes such as testing new features. It will stop using it to circumvent government workers trying to catch Uber drivers.

A charitable reading of the Greyball affair is that Uber was concerned about drivers getting busted in cities where the company wasn’t licensed. Instead of the drivers taking heat from local law enforcement, Uber could make use of Greyball to avoid the police. But that’s clearly the wrong process to get approval for ride sharing companies to operate in cities where it isn’t yet allowed. It isn’t an act of protest by Uber; it’s callous disregard for regulations that make it slightly less convenient for them to expand their operations.

Juli Clover, MacRumors:

The Twitter app for iOS devices was today updated to version 6.73.1, adding a small but important feature that allows users to have more control over the amount of storage space Twitter uses on an iPhone or iPad.

A new storage setting lets users see how much storage space Twitter is using for cached images and web content, and it offers an option for clearing stored data. Users can choose to clear Media storage or Web storage independently. Some Twitter users appear to have a dedicated “Storage” section, while others are seeing the information listed under “Data usage,” so it’s not clear what the final storage UI will look like.

Developers should, of course, be taking care of cache management and cleanup in their apps, but apps with bulky caches are widespread on iOS. Snapchat is currently occupying well over 600 MB on my iPhone, which seems like a lot for an app where stuff is supposed to disappear.1 Tweetbot is using over 100 MB of storage, even though the app is only 7 MB, and Yelp is taking up 52 MB of space with its cache. Instagram occupies over 300 MB on my iPhone.

None of these figures are very large individually but, collectively, I’d conservatively estimate that I have about 1 GB of cached data on my iPhone that could be purged. I wish there were a button in every app’s settings panel to dump old or expired data, but I suspect this is a lot harder than it seems: how can iOS reliably know what’s old and expired? Developers should be more aware of how much data can build up with typical usage, and take steps to minimize it wherever possible.


  1. I’d love to know what’s in Snapchat’s cache. ↥︎

Two related stories. First, Leslie Hook, the Financial Times:

“I have seen quite a few people who have been looking to leave Uber,” said one recruiter, who previously worked at the car-booking service. “One of the main reasons is lack of faith in senior leadership.”

He said the number of unsolicited résumés from Uber employees coming across his desk spiked last week, a time when two former employees published personal accounts alleging harassment and sexism at the company. He received more résumés from Uber in one week than he had the previous month.

For employees at Uber, quitting the company often means walking away from restricted stock units or stock options worth hundreds of thousands, if not millions, of dollars in Silicon Valley’s most highly valued private company. With Uber currently worth about $70bn, a typical middle manager position comes with RSUs worth hundreds of thousands of dollars that vest over a four-year period.

Second, Julia Carrie Wong, the Guardian:

The Uber way – a take-no-prisoners, win-at-any-cost mentality – has helped the company soar to market domination and a $70bn valuation, but not without a cost. Uber’s corporate culture has been blamed for a series of public relations disasters that have tainted its brand with customers, investors and regulators.

Now the fallout from Uber’s terrible month is having an impact on another group: the company’s own former and current employees.

“People are looking to get out because they’re just sick of working for that company,” said a former Uber employee, who asked not to be identified. “A lot of them have told me that they’re having a hard time finding something new.”

At job interviews, the employee said, recruiters seem wary of Uber’s “hustle-oriented” workplace. “They have to defend themselves and say: ‘Oh, I’m not an asshole.’”

Current Uber employees have a lot of hard decisions to make. Are stock options alluring enough to retain employees wary of the company’s horrible culture and reputation? If they walk away, do they risk putting Uber on their resume, knowing its toxic connotations? Do they explain how successful they were at Uber, given that it likely means they’d have to be at least a little bit of an asshole to truly succeed there?

Tom Scocca, Gizmodo:

A little under five years ago, I got angry about a piece of fake information, and I decided to do something about it. I was reading a recipe in the New York Times, and the recipe told me, as many, many recipes had told me before, that it would take about 10 minutes of cooking to caramelize onions.

I knew from personal experience that this was a lie. Recipes always said it took 5 or 10 minutes to caramelize onions, and when you followed the recipes, you either got slightly cooked onions or you ended up 40 minutes behind schedule. So I caramelized some onions and recorded how long it really took — 28 minutes if you cooked them as hot as possible and constantly stirred them, 45 minutes if you were sane about it — and I published those results on Slate, along with a denunciation of the false five-to-10 minute standard.

[…]

Not only does Google, the world’s preeminent index of information, tell its users that caramelizing onions takes “about 5 minutes” — it pulls that information from an article whose entire point was to tell people exactly the opposite. A block of text from the Times that I had published as a quote, to illustrate how it was a lie, had been extracted by the algorithm as the authoritative truth on the subject.

Google has spent nearly two decades building a reputation as a broadly-trustworthy place where the chaos of the web becomes organized. Users who don’t know any better are trusting Google to vet the information they’re presented, and it’s frequently wrong. But, to those who are more alert, Google is throwing the trust they’ve built down the toilet with features like this one.

It was trivial for me to reproduce Stephen Braddy’s bug video, and it’s something I’ve noticed all the time on MacOS for the past couple of major versions of the operating system.

Sierra also introduced a couple of serious bugs with the way keyboards and trackpads are interpreted. I occasionally notice keypresses getting “stuck”, and my cursor sometimes lags when it is moved. Both of these bugs have been destructive for me: I have, more than once, deleted the wrong file, and have selected the wrong action in several applications. Luckily, undo still works.

I seem to have fewer problems with my keyboard and trackpad in the MacOS 10.12.4 beta, but I shouldn’t have to be running beta software or wait for four major versions to have reliable connections for my keyboard and pointing device. That’s fundamental to using a computer; any bugs with that should be addressed before shipping.

Alas, Braddy’s bug is not fixed in the most recent beta.

Alex Hern, the Guardian:

Other zero days described in the dataset, which totals around a gigabyte of publicly released files, include one which allows the agency to turn a popular brand of smart TV into a remote bug, spying on the user. Dubbed “Weeping Angel”, after a villain in BBC TV series Doctor Who, the malware was apparently developed in conjunction with British intelligence service MI5 and could be used to take control of TVs made by Korean firm Samsung and listen to conversations while appearing to be switched off.

The vulnerability with Samsung TVs was not publicly known until the release of the WikiLeaks documents. It is not known if the zero-day attack still works or if the hole has since been fixed by a software update, but the leak suggests that at least one version of the malware was shut down by a patch: the documents warn that “Firmware version 1118 [and higher] eliminated the current USB installation method.”

A reminder that this sort of thing will become far more prevalent as regular “dumb” home devices are replaced with “smart” versions.

Not too long ago, smart device manufacturers were complaining about the security methods required to certify products for Apple’s HomeKit platform. With every breach, that position is looking decreasingly tenable. The quality of a device’s security shouldn’t depend on whether it’s trying to guard against a targeted bugging operation from an intelligence agency or leaky code in a stuffed animal — everything becomes a risk when it contains a microchip.

Update: Robert Graham of Errata Security:

The docs are clear that they can update the software running on the TV using a USB drive. There’s no evidence of them doing so remotely over the Internet. If you aren’t afraid of the CIA breaking in an installing a listening device, then you should’t be afraid of the CIA installing listening software.

WikiLeaks today dumped a huge set of documents that make public some of the digital intrusion techniques and capabilities used by the CIA. As tends to be the case with these sorts of things, the reporting of these leaks is less nuanced than it ought to be.

For instance, take this bullet-point summary that appeared on the New York Times’ homepage today:

They indicate that the agency, by compromising the phones entirely, was able to access the contents of encrypted messaging apps like Signal and WhatsApp.

That certainly sounds like either the encryption or the apps were breached. Clicking through to the story seems like it reinforces that perception:

Among other disclosures that, if confirmed, will rock the tech world, the WikiLeaks release said that the C.I.A. and allied intelligence services had managed to bypass encryption on popular phone and messaging services such as Signal, WhatsApp and Telegram. According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect “audio and message traffic before encryption is applied.”

Shane Harris and Paul Sonne of the Wall Street Journal (paywalled) wrote something similar:

WikiLeaks said the documents show the CIA’s ability to bypass the encryption of popular messenger applications, including WhatsApp, Signal, Telegram and Confide by hacking the smartphones they run on and collecting audio and message traffic before the applications encrypt the user’s texts.

In fact, pretty much every article I could find used some variation of the word “bypass” to describe the way in which the CIA can, apparently, record aspects of conversations in seemingly-secure apps. And that’s because that’s the exact same way that WikiLeaks describes it in their press release:

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.

It turns out that the CIA hasn’t breached the encryption technologies used by these messenger apps, nor have they breached the apps themselves. WikiLeaks’ use — and other publications’ re-purposing — of the unspecific word “bypass” is especially misleading because it neglects the full context of the prior paragraph within the press release:

A similar unit targets Google’s Android which is used to run the majority of the world’s smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. “Year Zero” shows that as of 2016 the CIA had 24 “weaponized” Android “zero days” which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.

The flaw here isn’t with any of the encrypted chat apps, but with Android itself. However, because WikiLeaks has, so far, redacted information on the specific exploits possible for Android, it isn’t clear which zero-day — or, more likely, which combination of zero-days — is responsible for the flaw and what it achieves. Perhaps the CIA has an Android keylogger, in addition to their now-known capability to switch on the microphone. But it doesn’t really matter because a compromised device is a compromised device, period.

The CIA also apparently has a batch of exploits for use with iOS, though none are confirmed in these documents to work with iOS 10. The Android exploits are also entirely outdated, but software updates don’t roll out for Android phones as quickly or as evenly as they do for iOS devices.

The really big story most publications are missing here, though, is twofold. First, these documents are an acknowledgement that the CIA finds serious security holes in major software and buys up others’ exploits without telling the developers, which puts billions of devices at risk.

Mike Masnick, Techdirt:

Over the years, nearly all of the focus on hacking mobile phones has been on the NSA and its capabilities, rather than the CIA. But it’s now clear that the CIA has its own operations, akin to the NSA’s hacking operations (kinda makes you wonder why we need that overlap). Except that the CIA’s hacking team seems almost entirely unconcerned with following the federal government’s rules on letting private companies know about vulnerabilities they’ve discovered.

The other important story is that this leak seems to show that encryption is working. Open Whisper Systems, creators of Signal:

Ubiquitous e2e encryption is pushing intelligence agencies from undetectable mass surveillance to expensive, high-risk, targeted attacks.

This is, strangely enough, somewhat good news. Devices are harder to into and communications are harder to record. While that makes the jobs of intelligence agencies harder, it also means that our private conversations can’t be swept up in bulk and stored at data centres to be archived and combed through for an indeterminate amount of time in the future.

Update: I clarified what I meant by the combination of exploits on Android.

Sarah Perez, TechCrunch:

One of the problems with Facebook’s bots is that it’s often unclear how to get started. The directory of bots in Messenger wasn’t initially available and now only reveals itself when you start a search in the app. And it hasn’t always been obvious how to get a bot talking, once added, or how to navigate back and forth through a bot’s many sections.

The Messenger platform update today tackles this latter problem, by offering an alternative to the more limited – and sometimes confusing – systems that were previously available.

Instead of forcing users to talk with a bot, developers can choose to create a persistent menu that allows for multiple, nested items as a better way of displaying all the bots’ capabilities in a simple interface.

Bringing all the fun and excitement of a customer service telephone tree to a help system few people use. I doubt these bots are having anything like the effect that Facebook thought — or hoped — they might.

Lucy Bourton for It’s Nice That (via Coudal Partners):

Canadian designer Greg Durrell, filmmaker Jessica Edwards and Gary Hustwit director of design trilogy Helvetica, Objectified and Urbanized are collaborating on the first ever feature documentary on Canada’s vast design history, Design Canada. The team have launched a Kickstarter in order to raise funds for the film’s completion and release.

In a typical Canadian fashion, our design history is understated but remarkable in its own right. Back in July, an Ottawa-based designer tried to get permission from the CBC to reprint their brand standards guide, but I don’t think the campaign was successful. I hope this documentary does a little better. If you’d like to back it, you can do so at Kickstarter.

Pico is a really fun new camera app from Louie Mantia and Chase McCoy. Mantia explains:

Before digital photography — to get the color you wanted — you selected film that had the color formula you liked, and you shot with that. No editing required.

[…]

Pico film isn’t a “filter” you attach to your camera lens, nor is it a “filter” you can apply after the fact. When you take a photo with Pico film, the result is the original. We’re just capturing color differently, just like analog film.

Sounds a little like bullshit, but I’ve been playing with Pico for several weeks now and it’s a very cool experience. By capturing a scene with a specific “film” instead of applying a filter afterwards, it forces you to consider the shot differently. It’s a very fun app that reminds me a little bit of Hipstamatic — remember Hipstamatic? — except faster and easier to use. Free to download with one film, and $3.99 (or your local equivalent) to unlock the full set.

Adrianne Jeffries, the Outline:

Peter Shulman, an associate history professor at Case Western Reserve University in Ohio, was lecturing on the reemergence of the Ku Klux Klan in the 1920s when a student asked an odd question: Was President Warren Harding a member of the KKK?

Shulman was taken aback. He confessed that he was not aware of that allegation, but that Harding had been in favor of anti-lynching legislation, so it seemed unlikely. But then a second student pulled out his phone and announced that yes, Harding had been a Klan member, and so had four other presidents. It was right there on Google, clearly emphasized inside a box at the top of the page.

Jeffries found similar answers from crappy sources for questions about whether Barack Obama is planning to declare martial law, why firetrucks are red, and how to get a date, amongst other things. And, earlier this week, I found that it was using Shiva Ayyadurai’s own website to wrongly answer my query, “who invented email”.

It appears that these quick answers are also being used to power Google’s voice assistant, too.