Month: September 2018

At Least Fifty to Ninety Million Facebook User Accounts’ Access Tokens Compromised theguardian.com

Julia Carrie Wong, the Guardian:

Nearly 50m Facebook accounts were compromised by an attack that gave hackers the ability to take over users’ accounts, Facebook revealed on Friday.

The breach was discovered by Facebook engineers on Tuesday 25 September, the company said, and patched on Thursday. Users whose accounts were affected will be notified by Facebook. Those users will be logged out of their accounts and required to log back in.

[…]

The security breach is believed to be the largest in Facebook’s history and is particularly severe because the attackers stole “access tokens”, a kind of security key that allows users to stay logged into Facebook over multiple browsing sessions without entering their password every time. Possessing a token allows an attacker to take full control of the victim’s account, including logging into third-party applications that use Facebook Login.

Lorenzo Franceschi-Bicchierai and Jason Koebler, Vice:

“Parts of our site use a mechanism called single sign-on that creates a new access token,” Guy Rosen, Facebook’s vice president of product management, told reporters on a press call. “The way this works is: let’s say I’m logged into the Facebook mobile app and it wants to open another part of Facebook inside a browser, what it will do is use that single sign-on functionality to generate an access token for that browser, so that means you don’t have to login again on that window.”

The hackers took advantage of three distinct vulnerabilities chained together in order to steal the tokens, Rosen said.

The vulnerabilities have existed since at least July 2017 and were related to Facebook’s “View As” tool, which allows you to view your own profile as if you were someone else (this is a privacy feature—it allows, for example, you to check whether your ex, or grandma, or anyone who you want to hide things from can see certain posts on your page.)

Brian Krebs:

Facebook said it was removing the insecure “View As” feature, and resetting the access tokens of 50 million accounts that the company said it knows were affected, as well as the tokens for another 40 million users that may have been impacted over the past year.

Who thought it was a good idea to allow basically one company, for which the most infamous slogan is “move fast and break things”, to grow to unprecedented scale with the personal information of billions of users and non-users with little to no regulation or oversight?

Silly Selfie Surreptitious Skin Smoothing Scandal businessinsider.com

I guess that’s what the “S” in “iPhone XS” stands for.

Kif Leswing of Business Insider dedicated the vast majority of an article to an apparent controversy surrounding the images coming off the iPhone XS’ front-facing camera:

According to Apple, the selfie camera system on the iPhone X uses faster sensors, improved chips, and “advanced algorithms” to make your photos look better with a feature called “Smart HDR.”

But some people who have received the new iPhone XS say that the new selfie camera makes them look too good — so good that they think Apple must have added a “beauty mode” filter to the camera’s algorithms to smooth the subject’s skin.

Beauty mode is a feature on a lot of phones and apps that are popular in Asia, like Samsung devices or apps like Meitu or FaceTune. It smooths out and brightens your skin so you look a little more polished on social media.

Several quotes from Lewis Hilsenteger — the Unbox Therapy guy — and Twitter embeds presented without skepticism later, Leswing gets to a more rational reason:

Apple declined to comment on the record when reached by Business Insider, but some people on the Reddit and MacRumors threads say the effect people are seeing isn’t a beauty filter, but is instead part of the new iPhone noise reduction capabilities.

[…]

This suggests that perhaps if a photo is taken with more light, the smoothing would appear less prominent. A test run on Thursday in natural daylight did show a less pronounced smoothing effect.

So, despite several uncritically-presented social media posts and giving a –gate-suffixed name to this whole thing, it’s nothing? I am, of course, shocked by Business Insider’s apparent lack of journalistic scruples.

Oh, but Leswing couldn’t just leave it at that:

Apple is unlikely to force a so-called “beauty mode” on iPhone camera users — after all, if people really want to apply filters like that to a photo, they can download any number of apps that do it, like FaceTune, which is one of the best-selling paid apps in the App Store.

Still, beauty filter features are popular in Asia, a region where Apple needs to excel to justify its $1 trillion valuation, even if the effects from apps like Meitu are far more pronounced than what online observers say is happening on iPhones.

Why must there be a storyline and a contrived justification for Apple’s overly-aggressive noise reduction? People generally like smoother pictures because they give the impression of clarity, and will tolerate a lack of detail at typical viewing sizes more than they will a grainy photo. That’s basically it. I wouldn’t be surprised if Apple dials that back if they receive enough complaints that it’s too aggressive, but the idea that this is Apple’s big new controversy over this year’s iPhones is patently ridiculous.

Reading the Tea Leaves

In contrast to most WWDCs I can remember, the mood surrounding this year’s conference seemed more anxious, with developers’ excitement for learning the future of Apple’s platforms muted by a blockbuster Mark Gurman report late last year:

Starting as early as next year, software developers will be able to design a single application that works with a touchscreen or mouse and trackpad depending on whether it’s running on the iPhone and iPad operating system or on Mac hardware, according to people familiar with the matter.

What that meant nobody seemed to know. I think Gus Mueller reflected on it well:

What about the crux of the article, that Apple is working on a shared UI framework between iOS and MacOS? I wouldn’t find it surprising. I could also see it being written completely in Swift (though personally I’d rather it be in Obj-C for maximum interop with existing frameworks).

But history is filled with cross platform UIs and write once run anywhere dreams. None of them turned out insanely great.

John Gruber corrected the latter sentence:

My only quibble with Mueller’s piece is that “None of them turned out insanely great” is way too generous a description of write-once/run-anywhere application frameworks. Most of them are terrible; none of them are good. Or at least none of them are good from the perspective of what makes truly native Mac and iOS apps good — which isn’t everyone’s perspective, but is certainly Apple’s.

Then, in a discussion on Rene Ritchie’s Vector podcast, Gruber said:

We don’t know if it’s good news or bad news. Bad news would be literally just like being able to run the equivalent of what you see in the iOS simulator. Just have a little rectangle shape of an iPhone or an iPad that runs in a window. Every click is like a simulated touch, and that’s it.

Anybody who’s ever tried running an app, like an iPhone app, in the Xcode simulator, it’s a great feature for debugging, but it’s horrible for using. It’s because it just doesn’t mesh with the mouse-and-keyboard paradigm of the Mac. It never feels right to do that.

In a gradient of garbage-to-great, that’s at the rotten end of the scale: a Mac app that’s a simulated iOS app — one that feels like it’s simply running on the wrong platform.

The best possible iteration of shared code between iOS and Mac apps is something that would be invisible to users. It would feel entirely native when running on either platform: an NSButton becomes a UIButton on iOS, for example; perhaps a UISplitViewController turns into a NSSplitView on MacOS. Save and open commands trigger the iOS equivalents instead of MacOS sheets. Stuff like that. It should be something that makes life easier for developers building cross-platform apps, and which users simply do not see any more than whether an app is built with Objective-C or Swift.

On the Mac side, especially, that means building software that adheres to well-established platform expectations. Becky Hansmeyer published a terrific and lengthy list, and I’ve excerpted a few items from it here:

  • Touch Bar support

  • Contextual menus

  • Tooltips

  • Multiple windows

  • File system access

  • Scroll bar elasticity

  • Drag and drop support

These — and many others — are the ingredients that make a true Mac app. But there’s something not on Hansmeyer’s list that I think is just as important, which is the feel of an app. That is: an app could, theoretically, support all of the ingredients on Hansmeyer’s list and still not feel like a Mac app — though I can’t think of an app off the top of my head like that. It is likely that you may find an app that somehow doesn’t feel right on MacOS and only then discover that it’s missing one or more of the features on this list.

The inverse can also be true and, I think, is more likely: an app may be missing a few of the things on Hansmeyer’s list, but it may still have that feeling of a good Mac app. Cultured Code’s Things, for example, doesn’t really allow user interaction with the file system, but it has long felt like the most polished todo app for the Mac. Aperture still feels like more of a Mac app than Lightroom ever will. All of Panic’s Mac apps feel like the best possible iteration of an app for the genres in which they reside.

A cross-platform framework must somehow preserve this Mac-specific quality for MacOS apps, even if the underlying code is shared with an iOS version. Each version of an app should be completely correct on each platform, even if they have shared code. To make an odd comparison, it’s sort of like tea. Now, I’m not a big tea drinker but, as best as I understand it, white, green, and black tea all come from the exact same plant. The differences in colour and flavour are based on when the tea is picked and how long it is aged, but it’s still the same leaf. Ideally, that’s what cross-platform apps are: individual, but with shared origins.

The first four apps that Apple has brought to end users based on their UIKit-for-Mac framework are nothing like this ideal. At their absolute best, they are passably lazy ports of their iOS equivalents; at their worst, as with Home, they sit comfortably near the ass-end of that garbage-to-great scale.

Actually, that’s a little unfair of me. Home, on my Mac, shows exactly the same inescapable error as it does on iOS. I cannot fully judge it. However, screenshots of the app in Andrew Cunningham’s review of Mojave clearly display an iOS app in a MacOS window frame, right down to the spinning “tumbler”-style picker controls. Its full screen view is completely hilarious.

The other three apps Apple has ported from iOS so far — Stocks, News, and Voice Memos — are slightly better, but not by much. They are, quite literally, scaled up and then scaled back down iOS apps, with a handful of MacOS-converted controls. The scaling is noticeable, particularly in text and fine-lined graphics like sharing icons; it looks cut-rate and sloppy. Touch Bar support is reportedly non-existent. These apps do not look or feel at all like real Mac apps. Recall that Notes and Reminders were brought to the Mac in Mountain Lion after being on iOS for years: both look like their iOS counterparts, but fit reasonably well in the MacOS environment — Notes far more than Reminders. Or look at Photos for a more robust and capable app that started life on iOS.1

But that’s not what was shipped in the public version of Mojave. I didn’t want to complain about the state of these apps prior to release because I didn’t think that was fair — plenty of bugs were fixed as the release date drew nearer. Unfortunately, they didn’t become any more Mac-like. That would be fine if these were one-offs, but Apple is planning on releasing this framework to developers just next year, and the initial results are not promising. They remind me of the janky apps you’ll find at the top of the free chart in the Games section of the Mac App Store. I worry that this will be increasingly common now that directly porting an app from iOS is something that is seemingly officially sanctioned, and I’m not the only one. These apps are not ready.

Or, here’s an even worse situation: maybe Apple does consider these apps ready. Surely they figured they were good enough to bundle preinstalled in the latest public update to MacOS. Are these the model apps for third-party developers to aspire to when they get to start porting their apps next year? I certainly hope not.

To be completely fair to the engineers who clearly worked hard on this framework, cross-platform porting probably does represent the future of a segment of Mac apps, unfortunately, and these particular examples are absolutely functional. But they’re still pretty much just tech demos — proofs of concept. Maybe these apps were shipped to an impossible deadline. I’ll tell you who I absolutely feel bad for, though: all of the hardware engineers who worked tirelessly to cram bright, high-resolution, and battery-friendly displays into Apple’s notebook lineup, only to see them draw a bunch of blurry text and horribly-scaled graphics.

Whatever the case, the fact is that these apps have now shipped, and they’re awful examples for the rest of the developer community to follow next year. Maybe — hopefully — this framework will become far more robust and closer to the ideal or, perhaps, start something new. I dread the possibility of a day a few years from now where we must navigate Mac apps this poor the way we do for Electron apps today and Java apps a decade ago. This piece is not about that future, though; it’s about today and the four apps brand new to the Mac. They are no good.

  1. Photos even implemented something like a rudimentary version of this cross-platform framework by way of UXKit. Whether that was part of the same development track or parts of it made their way into the framework that will be released to developers, I don’t know. ↥︎

Facebook Is Allowing Ad Targeting Based on Contact Information You Have No Control Over gizmodo.com

Kashmir Hill of Gizmodo, reporting on a new paper (PDF) by Giridhari Venkatadri, Piotr Sapiezynski, and Alan Mislove:

You might assume that you could go to your Facebook profile and look at your “contact and basic info” page to see what email addresses and phone numbers are associated with your account, and thus what advertisers can use to target you. But as is so often the case with this highly efficient data-miner posing as a way to keep in contact with your friends, it’s going about it in a less transparent and more invasive way.

Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn’t hand over at all, but that was collected from other people’s contact books, a hidden layer of details Facebook has about you that I’ve come to call “shadow contact information.” I managed to place an ad in front of Alan Mislove by targeting his shadow profile. This means that the junk email address that you hand over for discounts or for shady online shopping is likely associated with your account and being used to target you with ads.

Facebook denied to Hill last year that they allowed targeting based on this information; after this paper was published, they admitted to doing so.

Even for Facebook’s low standards, this is exceptionally unethical: you haven’t given them permission to use this information; someone you know or someone you purchased products from has done that for you, probably with consent buried in an opaque privacy policy. There’s no way to opt out. And there are few-to-no regulations governing this.

Safari’s “Siri Suggested” Search Results Highlighted Conspiracy Sites buzzfeednews.com

Charlie Warzel, Buzzfeed:

Apple’s Safari, one of the internet’s most popular web browsers, has been surfacing debunked conspiracies, shock videos, and false information via its “Siri Suggested Websites” feature. Such results raise questions about the company’s ability to monitor for low-quality information, and provide another example of the problems platforms run into when relying on algorithms to police the internet.

This isn’t a case where Google-suggested autocompletions are finding their way into Safari; I see the same results as Warzel and I have DuckDuckGo as my Safari search engine. This is just as toxic as Google suggesting the wrong voter registration dates or stating a bunk answer for who invented email — something they’re still doing, by the way.

Unfortunately, while Google provides a small “feedback” button for users to report problematic results, Apple’s procedure is, well, much worse:

“Siri Suggested Websites come from content on the web and we provide curation to help avoid inappropriate sites. We also remove any inappropriate suggestions whenever we become aware of them, as we have with these. We will continue to work to provide high-quality results and users can email results they feel are inappropriate to applebot@apple.com.”

It’s pretty quaint that a trillion-dollar company suggests you report problems to them by sending a direct email — to an address that, for what it’s worth, I did not know existed. As of writing, DuckDuckGo returns no results for it, while Google’s results almost entirely consist of answers that contain “applebot.apple.com”. There is one mention of that address on Apple’s website in this sole knowledgebase article.1

  1. By the way, I’m disappointed with the search results from both search engines. DuckDuckGo failed to find an Apple knowledgebase article containing my exact query on freakin’ Apple dot com, while Google flat-out disobeyed my use of quotation marks and suggested a bunch of stuff that is explicitly not what I was looking for. ↥︎

Instagram’s Co-Founders Are Leaving Amid Frustrations With Facebook recode.net

Mike Isaac of the New York Times got the scoop:

Kevin Systrom and Mike Krieger, the co-founders of the photo-sharing app Instagram, have resigned and plan to leave the company in the coming weeks, adding to the challenges facing Instagram’s parent company, Facebook.

Mr. Systrom, Instagram’s chief executive, and Mr. Krieger, the chief technical officer, notified Instagram’s leadership team and Facebook on Monday of their decision to leave, said people with direct knowledge of the matter, who spoke on condition of anonymity because they were not authorized to discuss the matter publicly.

Mr. Systrom and Mr. Krieger did not give a reason for stepping down, according to the people, but said they planned to take time off after leaving Instagram. Mr. Systrom, 34, and Mr. Krieger, 32, have known each other since 2010, when they met and transformed a software project built by Mr. Systrom into what eventually became Instagram, which now has more than one billion users.

Kurt Wagner, Recode:

Instagram co-founders Kevin Systrom and Mike Krieger are resigning from the company they built amid frustration and agitation with Facebook CEO Mark Zuckerberg’s increased meddling and control over Instagram, according to sources.

[…]

It’s not uncommon for founders to leave after selling their company. But Systrom and Krieger stayed longer than many would have guessed, and remained influential throughout their tenure. Systrom was the product visionary and was hands-on even after bringing in other product execs to do more of the day-to-day execution.

Krieger, meanwhile, was actively running Instagram’s engineering team, and was seen by many internally as the company’s “heart and soul.”

Instagram has been one of the few apps you could hold up as an example that being acquired by a massive and deeply unethical company might not necessarily be ruinous. Under Facebook, Instagram launched a reasonably complete website version, underwent a major rebrand, bookmarking, a better “Explore” tab that is a genuine improvement over the old search function, more tasteful filters, way better editing tools, and lots more. It has resisted a Facebook-ization; at its core, it still feels like Instagram.

But, now, I’m worried. The kinds of — ugh — growth hacking techniques that Facebook likes in its own apps are surely just around the corner. I don’t think that the Instagram many of us have stuck with and generally like is here for much longer.

Ars Technica’s Review of MacOS 10.14 Mojave arstechnica.com

Andrew Cunningham continues John Siracusa’s tradition of publishing the best reviews of MacOS updates. This year’s is well worth reading because, in addition to obvious visual changes in MacOS Mojave, there are plenty of non-obvious but more consequential updates below the surface:

Mac OS X began life as a 32-bit operating system, but a slow, steady transition to 64-bit hardware and software has been happening for over 15 years. Today’s Macs — and any Mac running Mojave or any version of the operating system going all the way back to Mountain Lion — have been all-64-bit, barring a handful of first-party apps and background services and a steadily shrinking list of third-party apps. Still, 32-bit apps run just as well as they did when Snow Leopard shipped on 32-bit Intel Macs back in 2006.

That doesn’t change in Mojave, but this is the last version of macOS that will run those 32-bit apps at all.

There are also plenty of updates to the security and privacy features introduced in MacOS over the past few years:

[…] In High Sierra, Gatekeeper controls access to Location Services, Contacts, Calendars, Reminders, and Photos — any app that wants access to any of that data needs to ask for it and be granted permission first, and the app should fail over gracefully (i.e. not crash) when that permission is denied.

In Mojave, that access control extends to several other areas: access to Mail, Messages, Safari browsing data, HTTP cookies, call history, iTunes device backups, and Time Machine backups all require permission now. And like in iOS, macOS apps now need to ask permission to use any webcam or microphone attached to the system (Apple says this includes the built-in hardware plus any device that uses macOS’ default drivers, which covered both my Logitech C920 webcam and Scarlett Solo USB audio interface).

These changes have not been easy in certain specialized cases; but, for average users — and bugs aside — ought to be worthwhile protection.

I’ve been using MacOS Mojave about 50% of the time since July, and full-time for over a week. Generally speaking, it’s an excellent update: the new Desktop Stacks feature is brilliant and everything Stacks should have been in the first place; the enhanced iPad-inspired Dock is terrific; and the entire system feels rock solid and even a little faster. I’m not necessarily saying you should upgrade right away, but I, personally, did not have the same feeling of trepidation as the past couple of MacOS updates.

Update: One thing I forgot to mention is in regards to the new autofilling two-factor authentication code behaviour, similar to that which is in iOS 12. Here’s how Cunningham describes it:

When you receive two-factor authentication codes via SMS (and when you’ve got your iPhone configured to forward SMS messages to your Mac), Mojave will offer to insert those codes for you in Safari or any other app updated to target Mojave.

Unfortunately, Apple’s own two-factor authentication codes do not autofill because they are not sent over SMS.

Matt Birchler’s Review of WatchOS 5 birchtree.me

I don’t think anyone does WatchOS reviews as well as Matt Birchler, and this year’s is no exception. I’ve been running the beta all summer, because I am a demonstrably stupid person, and I learned a few of the more hidden updates to WatchOS in Birchler’s review. For example, the Siri watch face now supports automatic sports alerts:

This is kind of a weird one, but I’m happy to see cards about my favorite sports teams appear on the Siri watch face. It’s weird because your favorite teams are set up in the…TV app. You’d think this might be in the main settings app or something, but yeah, any teams you have set as favorites in the TV app will show on your Siri watch face when they have games going on.

So, to recap: Apple’s house-brand TV shows are available in Apple Music, and Apple Watch alerts for sports are set up in the TV app on your iPhone.

My favourite new feature in WatchOS 5 is probably automatic workout detection. Birchler:

Usually it just takes a few minutes of working out for it to notice that you’re doing something and present the notification. The good news is that it gives you credit for the entire workout, not just from when you confirm you are indeed working out. So when it asks you 5 minutes into a run if you are indeed in a workout, you get credit for the time, distance, and calories burned for those 5 minutes. It’s pretty slick.

The sensitivity of workout detection has been fine-tuned throughout different builds and I think Apple hit a sweet spot by the time WatchOS 5 shipped. Every so often, it doesn’t detect my twenty minute walk to or from work until I’m about halfway, but it doesn’t matter because it typically gives me credit for most of that journey. However, I’ve found it’s not always terrifically accurate at figuring out what kind of workout I’m doing: instead of an outdoor walk, it often thinks I’m running and, a couple of days ago, it thought I was using an elliptical machine.

Updating an Apple Watch is still a gigantic pain in the ass — though the overnight update mechanism, new in WatchOS 5, does help with that — but it’s totally worth it for this version of the software. If you haven’t updated yet, I strongly suggest you do. Apple is honing in on what the Watch is good at, and making it truly excel in those areas.

A Look at How the New Fire, Water, and Vapour Apple Watch Faces Were Made youtube.com

There aren’t many companies that would construct enormous scaled-up shells of a product to create custom videos specifically for it. Also, consider that each of these effects had to be created a second time with a different model, because these faces behave completely differently on pre-Series 4 watches. It looks like there’s an older-model Apple Watch rig at about twenty-five seconds into this video.

Joint CBC and Toronto Star Investigation Finds Ticketmaster Complicit in Ticket Scalping cbc.ca

Dave Seglins, Rachel Houlihan, and Laura Clementson, CBC News:

In July, the news outlets sent a pair of reporters undercover to Ticket Summit 2018, a ticketing and live entertainment convention at Caesars Palace in Las Vegas.

Posing as scalpers and equipped with hidden cameras, the journalists were pitched on Ticketmaster’s professional reseller program.

Company representatives told them Ticketmaster’s resale division turns a blind eye to scalpers who use ticket-buying bots and fake identities to snatch up tickets and then resell them on the site for inflated prices. Those pricey resale tickets include extra fees for Ticketmaster.

“I have brokers that have literally a couple of hundred accounts,” one sales representative said. “It’s not something that we look at or report.”

Not only does Ticketmaster ignore scalpers’ tactics, this report reveals that the company effectively encourages them to exploit potential buyers with its TradeDesk software. The software’s description in the App Store indicates that it’s built for high-volume resellers, with features like bulk price adjustments and large-scale inventory management.

This is why Ticketmaster does such a terrible job at stopping automated purchases: the fee that they get from direct sales is large, but the commission they get from the reseller platforms that they own is extraordinary. Meanwhile, artists get none of the markup, their fans get bilked into paying obscene ticket prices, and Live Nation — Ticketmaster’s parent company — has a near-monopoly on large-scale tours, events, and venues. That’s not right.

Alternative Influence datasociety.net

Here’s a fascinating new report (PDF) by Rebecca Lewis. From its executive summary:

This report presents data from approximately 65 political influencers across 81 channels. This network is connected through a dense system of guest appearances, mixing content from a variety of ideologies. This cross-promotion of ideas forms a broader “reactionary” position: a general opposition to feminism, social justice, or left-wing politics.

[…]

When viewers engage with this content, it is framed as lighthearted, entertaining, rebellious, and fun. This fundamentally obscures the impact that issues have on vulnerable and underrepresented populations — the LGBTQ community, women, immigrants, and people of color. And in many ways, YouTube is built to incentivize this behavior. The platform needs to not only assess what channels say in their content, but also who they host and what their guests say. In a media environment consisting of networked influencers, YouTube must respond with policies that account for influence and amplification, as well as social networks.

When I was in elementary and junior high during the early days of the World Wide Web, I was reminded regularly not to trust poorly-sourced or single-sourced information I found on the web. The situation now is completely different: these videos feature ostensibly intelligent and well-sourced individuals interviewed in a slick style aping that of legitimate news shows.

Similarly, earlier this month, Chris Hayes started a short thread on Twitter about how a simple query about the Federal Reserve quickly leads YouTube viewers down a conspiratorial tunnel.

John Gruber’s Review of the iPhones XS daringfireball.net

Many of the iPhone XS reviews I’ve read today have repeated effectively the same thing: it’s an “S” year; this is an incremental update; the big one is really big. Well, yeah.

But John Gruber has, as usual, the best review of the new iPhones — largely because of his explanation of why the new camera system is so different despite seemingly-identical tech specs. And, as a bonus, it includes new information:

[…] I checked, and Apple confirmed that the iPhone XS wide-angle sensor is in fact 32 percent larger. That the pixels on the sensor are deeper, too, is what allows this sensor to gather 50 percent more light. This exemplifies why more “megapixels” are not necessarily better. One way to make a sensor bigger is to add more pixels. But what Apple’s done here is use the same number — 12 megapixels — and make the pixels themselves bigger. 12 megapixels are plenty — what phone cameras need are bigger pixels.

I think what makes this 32 percent increase in sensor size hard to believe, especially combined with a slightly longer lens, is that by necessity, this combination means the sensor must be further away from the lens. This basic necessity of moving the lens further from the sensor (or film) is why DSLRs are so big compared to a phone. But the iPhone XS is exactly the same thickness as the iPhone X, including the camera bump. (Apple doesn’t publish the bump thickness but I measured with precision calipers.) So somehow Apple managed not only to put a 32 percent larger sensor in the iPhone XS wide-angle camera, but also moved the sensor deeper into the body of the phone, further from the lens.

You can see the results of the bigger sensor and better HDR performance in Rafael Zeier’s comparison between the iPhone X and iPhone XS. Judging by the reviews I’ve seen so far, it looks like the result of that is, in part, more detail in images, though I’m not sure how much of that can be attributed solely to the larger sensor and not it in combination with adjusted noise reduction. I bet you’ll get some killer RAW photos on this thing.

Many reviewers are advising readers to wait for the iPhone XR, coming next month. I totally get that — in part, because it’s much less expensive, but also because you’ll get nearly everything that the iPhone XS has. But one thing you won’t get is the telephoto camera. I’ve used that camera for probably half of the pictures I’ve taken on my iPhone X since I got it, and I don’t think I could go back to a single-camera phone. If I were upgrading this year, I’d go for the XS in a heartbeat — just because it has a telephoto camera. In fact, I’d be comfortable with a single-camera iPhone that only had an approximately 56mm-equivalent camera. But that’s just me.

Also, it looks like most, if not all, writers received gold review units. I’m not sure the saturated colour of the steel frame fits my taste, but the cream-coloured back is gorgeous.

A History of Infinite Loop Told in Anecdotes wired.com

With the move of Apple’s headquarters from the Infinite Loop campus to Apple Park, Steven Levy interviewed several current and former Apple employees — including high-ranking individuals like Tim Cook, Phil Schiller, Eddy Cue, and Scott Forstall — about their memories of Infinite Loop. This one’s pretty good:

[Tony Fadell]: When I arrived in 2001 [to lead the iPod project], it still felt like a campus that wasn’t filled. There were all these empty offices everywhere in every building. All of the furnishings and everything had not been updated since it opened.

Cook: It was an awful time. The stock crashed, it goes down by 60 to 70 percent. We get a call from Ted Waitt, founder of Gateway. He wants to talk about acquiring Apple. Steve and I went to a meeting with Waitt and their CEO, and it’s a different Steve. Very calm, listening to the comments they made, how they’d probably keep the Apple brand. I was sitting there feeling like my organs were being cut out. Then they said maybe they could come up with a role for Steve, and I’m thinking—he’s going to blow! He’s going to blow any minute! Then they start talking about price. And Steve looks at them—he could look at you with eyes that just penetrated your soul—and says, “Who do you think is worth more, Apple or Gateway?” The meeting lasted only two or three minutes more. And in a few weeks they had some accounting scandal, and their stock crashed.

It’s odd to reflect that many of the products that have defined Apple’s renaissance and Steve Jobs’ legacy were created at a campus that he had no part in designing and, according to this profile, he disliked. Now, Apple is based out of a campus that was his dream; yet, he’s not around to take advantage of it, or be a physical part of this chapter in the company’s legacy.

The MacStories Review of iOS 12 macstories.net

As has become a bit of a tradition around here, I have a review of iOS 12 coming; however, it won’t be out today. Turns out trying to find an apartment in Calgary right now is difficult and time consuming.

In the interim, please read Federico Viticci’s excellent deep dive into iOS 12. It’s far more detailed than mine will ever be and, as the iOS automation expert, he’s uniquely gifted in explaining this update’s improvements to Siri and the new Shortcuts app.

Google China Prototype Links Searches to Phone Numbers theintercept.com

Ryan Gallagher, the Intercept:

Sources familiar with the project said that prototypes of the search engine linked the search app on a user’s Android smartphone with their phone number. This means individual people’s searches could be easily tracked – and any user seeking out information banned by the government could potentially be at risk of interrogation or detention if security agencies were to obtain the search records from Google.

[…]

Sources familiar with Dragonfly said the search platform also appeared to have been tailored to replace weather and air pollution data with information provided directly by an unnamed source in Beijing. The Chinese government has a record of manipulating details about pollution in the country’s cities. One Google source said the company had built a system, integrated as part of Dragonfly, that was “essentially hardcoded to force their [Chinese-provided] data.” The source raised concerns that the Dragonfly search system would be providing false pollution data that downplayed the amount of toxins in the air.

If this reporting is correct, there’s simply no other way to cut this: Google is exploring a deeper entry into the Chinese market by agreeing to assist in that government’s oppression and misinformation. I wonder how Google will respond the first time a report is released that implicates them in the imprisonment of an activist or a journalist in China, especially as it’s completely incongruous with their publicly-stated positions. It’s not a perfect comparison, but do you remember how “outraged” they were after reporting in the Washington Post implied that the NSA had a backdoor into their infrastructure? They responded by increasing their use of encryption within their own network over time.

Instead of fighting government surveillance, Google is apparently trying to be of assistance, and they’re dragging their employees into this mess. How many Google employees want to have such a toxic product on their resume? Apparently, several staffers, including senior engineers, have decided that this is too much to bear, and have consequently quit.

China is, of course, an enormous potential market for Google. By not being there, they’re leaving potentially billions of dollars of revenue on the table. However, they would also not be complicit in human rights abuses. How much is that worth? For a company with strict values and some semblance of ethics and morals, it should be a no-brainer.

Amassed Memories in Keychain Access pxlnv.com

Earlier this year, I linked to a Twitter discussion started by Marcin Wichary about UIs that amass memories — consider, for example, your WiFi network connection history, or the “Open Recent” menu in applications you don’t use very often.

Anyway, I’m cleaning out my Keychain right now and it reminded me of this idea. I came across login items for websites I don’t visit any more, and accounts I created for a specific purpose long ago. But I also found my login details for websites that were a huge part of my online life for a long time and no longer exist, like dznr and FFFFOUND. I have real memories tied to many of these accounts — even tangible products, in some cases: I created a Club Monaco account to buy a pair of boots that I still wear, but I haven’t used the account since.

It’s striking how something as simple as a list of websites and user names can trigger a similar level of nostalgia as, for example, a photograph.

Goodbye, iPhone SE eggfreckles.net

Thomas Brand:

As someone who doesn’t value his cell phone as much as the next Apple nerd, the iPhone SE has been an important product for me because of its price. The iPhone SE kept me invested in the iOS ecosystem, and enabled me to purchase a Apple Watch without approaching the ~$700 iPhone ASP I normally attribute to laptop computers. Now that an updated iPhone SE is no longer an option, I am evaluating alternative cell phone platforms. I am sure I am not alone.

The smallest and cheapest iPhone that Apple now sells is the iPhone 7, which is a 4.7-inch device that fills out a typical pants pocket and starts at $449. But, as a two-year-old iPhone, it’s likely that it will support three more years’ worth of software updates (iOS 12 supports up to the five-year-old iPhone 5S). To be clear, that’s more than you can expect of practically any Android phone, but it’s also less than you might expect of an iPhone purchased today.

I’ve seen a lot of people on Twitter and across the web unhappy with the discontinuation of the iPhone SE. For a lot of people, it was a perfectly-sized device — the last one that many people could comfortably reach with their thumbs across the entire display without doing a little shimmy with their hand, and the last one with flattened sides that made it easier to hold for photos. The SE was a really good product, and it’s unfortunate that Apple has chosen to stop making it instead of releasing a successor. It’s one of the few bum notes from yesterday’s event, but it is perhaps the loudest.

Initial Thoughts on the iPhone XS, iPhone XR, and Apple Watch Series 4 Event mjtsai.com

If you were paying attention to rumour blogs prior to today’s event, you knew the names of the products announced today as well as what the iPhone XS and new Watch looked like. Those were not surprises; yet, even so, today’s event managed to pack in a lot of big news.

First up, the Apple Watch Series 4, with a bigger display, richer faces, and — amazingly — an FDA-certified electrocardiogram on the sapphire and ceramic back, which now appears on all models.

There are also a bunch of new faces that they say “react uniquely with the curved edges of the case”. This is curious to me because the Apple Watch HIG and the overall design of WatchOS has generally created the impression that there is no boundary around the display. For instance, the “honeycomb” home screen treats app icons almost like bubbles that float against a black backdrop and aren’t cut off. Or, recall the way Jony Ive described, in its introductory video, that “you can’t determine a boundary between the physical object and the software”. Much like the notch on the iPhone, it appears that they’re embracing the limitations of the hardware, which feels more honest to me.

I remember having an initially negative reaction to the Apple Watch when it was introduced. Now that I have owned the product for a few years and Apple has made radical improvements to the software, though, it’s one of my favourite personal technology things that I own, but neither the Series 2 nor the Series 3 compelled me to upgrade. Based on what I’ve seen so far, I’m sold on this new one. It is to the Apple Watch what the iPhone 4 is to the history of that product: a culmination of several years of learning, and leaving everything else in the dust.

My only concern is with the electrocardiogram feature. It’s only going to be available in the United States — presumably for certification and regulation reasons — and Apple says that it won’t be enabled until later this year.

Then there’s the iPhone XS and XS Max. Both are a substantial upgrade from the iPhone X, but — more importantly, as most people probably don’t upgrade every year — a huge leap from the iPhone 7 and 7 Plus: a faster processor, better Face ID, better displays, dual SIM capabilities, better battery life, and better camera processing. The Max model should satisfy those who are aching for an even bigger variant with features specific to it, like split views in some apps.

Finally, they launched the iPhone XR, which is a fascinating product once you get past Apple’s naming foibles. Apart from Apple employees, nobody is actually going to pronounce it “ten-arr”; likewise, most people are probably going to say “excess” rather than “ten-ess”. Also, it turns out that the “R” — and “S”, for that matter, in “iPhone XS” — is neither uppercase nor lowercase but, rather, small caps, because Apple’s marketing team apparently hates everyone who writes about their products. They will be “XS” and “XR” here.

The XR sits at the bottom end of Apple’s pricing range; but, at 6.1 inches diagonally, it’s in the middle of the 5.8-inch iPhone XS and 6.5-inch iPhone XS Max. Its display is an LCD at 326 pixels per inch — exactly the same pixel density as the iPhone 8, and with very similar technical specifications.1 However, its introduction means that Apple’s new iPhone lineup entirely follows the modern gesture-driven design language started by the iPhone X. Unlike the iPhone X and XS, it has some of the same software capabilities as iPhones with Plus- or, now, Max-sized displays, such as split screen in supported apps.

The iPhone XR also marks the first iPhone launched since the SE without 3D Touch. Instead, it has something they’re calling “Haptic Touch”, which appears to simply be haptic feedback triggered by long presses in certain 3D Touch-like contexts.2

I have complaints about that.

For a start, it’s confusing: there are maybe eight people on Earth who can adequately articulate the differences between Haptic Touch, 3D Touch, and Force Touch, which is still what Apple calls the display on the Apple Watch. In the keynote presentation, Phil Schiller compared it to the trackpad in the MacBook Pro, but that’s marketed as a Force Touch thing. I might be an idiot, but this is unfathomable.3

Second, it’s conceptually muddy. There seemed to be specific rules Apple was adhering to with their use of 3D Touch on past iPhones — it opens app menus on the home screen, for instance, or allows you to preview something in a list before opening it. But this indicates that there’s either no difference between a long press and a Force/3D/Haptic Touch press, or there’s no consistency in Apple’s application of it. If Apple doesn’t know what the standards should be, users can’t even begin to understand what they should be doing. I like 3D Touch a lot, but if Apple continues to be confused by their own technology after it has been on the market for three years, I don’t think they should keep it around.

Inside, it features the same A12 SoC as the iPhone XS and XS Max and has a similar wide angle camera, but it does not have a telephoto camera. Even so, it can apparently do the same Portrait Mode and three of the five Portrait Lighting effects.

Its body is made of aluminum, and it’s offered in six gorgeous colours. I’m looking forward to seeing these in person — the vibrant peach-like “Coral” colour, in particular, looks beautiful. I bet these will be hot sellers: they’re colourful, they have the gesture-driven design, and they start at $250 less than the XS. They don’t go on sale until next month, however.

There’s always a catch — in this case, there are three. This iPhone lineup no longer includes the headphone jack adaptor; all iPhones still come with a five-watt charger; and all iPhones still ship with only a USB-A cable instead of a USB-C cable. I don’t get it.

Apple also announced today that they will be updating the HomePod on Monday with multi-timer support, the ability to make phone calls, and the ability to use Siri Shortcuts.

While many of the announcements today were revealed early, one surprise is that there was absolutely no mention of the AirPower. There’s nothing about it on the new iPhone marketing pages, and John Gruber tweeted that nobody at Apple is talking about it. Something clearly went deeply wrong in its development and Apple seems to have no idea when — or if — it will be launched.

  1. Apple bills this display as a “Liquid Retina” display but, even after watching the keynote and reading all about it, I still have no idea what this means or what sets it apart. The only reason to give it a cool marketing name, that I can think of, is if it’s going to be used repeatedly. So, I expect to see references to a “Liquid Retina” display in upcoming iPad marketing materials as well. ↥︎

  2. I also think we’ll see this “Haptic Touch” language used in new iPad marketing materials. ↥︎

  3. Also, they call it “Haptic Touch” but it’s powered by the “Taptic Engine”. Gah↥︎

European Parliament Gives Approval to Over-Broad Copyright Reform Bills techcrunch.com

Natasha Lomas, TechCrunch:

The European Parliament has just voted to back controversial proposals to reform online copyright — including supporting an extension to cover snippets of publishers content (Article 11), and to make platforms that hold significant amounts of content liable for copyright violations by their users (Article 13).

[…]

BEUC, the European Consumer Organisation, also denounced the result of the plenary vote, warning that if the plans MEPs backed today become EU law the “benefits of the Internet for consumers will be at risk”.

“It is beyond comprehension that time and again EU policy makers refuse to bring copyright law into the 21st century. Consumers nowadays express themselves by sampling, creating and mixing music, videos and pictures, then sharing their creations online. MEPs have decided to thwart this freedom of expression which is dangerous for creativity and innovation,” said Monique Goyens, director general of BEUC, in a statement.

I understand the impetus for stricter adherence to copyright law by forcing platforms to be responsible for users’ uploads, but it’s hard to see how rights-holders will actually benefit from these new laws. A smarter way to update copyright law for the internet wouldn’t look like a giant filter between users and platforms, nor would it charge a fee for merely linking to or citing news stories.

However, this legislation isn’t the law yet:

While the parliament has now agreed its position on the reform the process is not yet over. There will be trilogue negotiations with Member State representatives, via the European Council, and a final vote — likely early next year.

If you live in the E.U., please call or write your local representative and urge them to find a way to make these reforms — since they are likely to pass — less stupid.

Release Types Now Organized Differently in Apple Music macstories.net

A promising update on an issue surfaced earlier this year. Federico Viticci, MacStories:

While the old artist page design of Apple Music mixed albums, singles, EPs, live albums, and more under the same ‘Albums’ section, the new Apple Music features separate sections for different types of music releases. The new sections include singles and EPs, live albums, essential albums recommended by Apple Music editors, compilations, and appearances by an artist on other albums. As pictured above, Apple Music now also highlights an artist’s latest or upcoming release at the top of the page.

Separation between albums and other releases isn’t a new idea. Beats Music, the streaming service Apple acquired in 2014 and subsequently relaunched as Apple Music in 2015, featured separate views for albums, EPs, and compilations. Three years after its relaunch, it appears Apple has implemented most of Beats Music’s organization of artist releases, which was arguably one of the original service’s most useful and innovative functionalities.

There’s an interesting little side story regarding this news and the last three Nine Inch Nails releases. All three are about half an hour long but, while the first two are classified as EPs — as you might expect for five-track sets — the most recent, released in June, is listed as an LP. The reason for that, according to NIN frontman Trent Reznor, is because streaming services treat EPs as “lesser” albums. Beats Music, which Reznor was heavily involved in the design of, used to do that, but Apple Music didn’t until just recently.

And, strangely, all three recent NIN releases are classified as “Albums” in Apple Music; in Spotify, the two EPs are buried as “Singles”.

EPs are often just as important to an artist’s repertoire as LPs. While I think separating them can be beneficial from a categorization perspective, I would hate to see an artist’s recent release buried just because it’s listed as an EP.

Viticci:

I’d still like to see better grouping options for different editions of the same album: while Beats Music used to group explicit, remastered, and re-issued albums under a single sub-section, these versions aren’t grouped by Apple Music yet.

While we’re at it, I would love to be able to hide clean releases across Apple Music, and have Siri default to the explicit — read: canonical — version of any request.