Month: November 2018

Taylor Telford and Craig Timberg, Washington Post:

Marriott said Friday that hackers have had access to the reservation systems of many of its hotel chains for the past four years, a breach that exposed private details of up to 500 million customers while underscoring the sensitive nature of records showing where and when people travel — and with whom.

The breach of the reservation system for Marriott’s Starwood subsidiaries was one of the largest in history, after two record-setting Yahoo hacks, and was particularly troubling for the nature of the data that apparently was stolen, security experts said. That includes familiar information — such as names, addresses, credit card numbers and phone numbers — and also rarer prizes for hackers, such as passport numbers, travel locations and arrival and departure dates.

The potential value of such information on such a large percentage of the world’s travelers triggered speculation that Marriott may have been the target of nation-state hackers seeking to track the movements of diplomats, spies, military officials and business executives. Yet even if the hackers were mere criminals in search of profit, such data offered the raw material for a range of possible misdeeds, including identity theft.

Brian Krebs:

The hotel chain did not say precisely when in 2014 the breach was thought to have begun, but it’s worth noting that Starwood disclosed its own breach involving more than 50 properties in November 2015, just days after being acquired by Marriott. According to Starwood’s disclosure at the time, that earlier breach stretched back at least one year — to November 2014.

Back in 2015, Starwood said the intrusion involved malicious software installed on cash registers at some of its resort restaurants, gift shops and other payment systems that were not part of the its guest reservations or membership systems.

Dave Pell:

No corporation should have the personal details of 500,000,000 customers. That’s too big. It’s too much market. And, as we now know, it’s too risky.

Kevin Beaumont:

The biggest value from GDPR and the like — I can say this from experience — is you get to challenge businesses to justify if they really need to store data — with a legal requirement to back question. If you ask them to inventory data they usually just say delete it instead.

Think about it: a breach of tens- or hundreds-of-millions of individuals’ extremely private information — including, in this case, passport numbers and hashes of credit card numbers — couldn’t happen if the system were designed to purge this information at the earliest possible chance.

The market doesn’t punish incidents like these.1 Stricter regulation — designed carefully by data security experts — is needed to both reduce the amount of personal details companies are allowed to accumulate, and provide a framework for how information should be stored.

  1. On a related note, Equifax’s stock almost recovered to its pre-breach price in September before it dropped again in October by a similar amount as just after the breach announcement. The reason? A mediocre financial quarter with a poor forecast for the current quarter. Call me crazy, but a company should not be punished similar amounts by shareholders for performing a little below expectations as they are for letting third parties pilfer the sensitive details of about a hundred and fifty million people. ↥︎

Erik Wemple, Washington Post:

According to informed sources, Bloomberg has continued reporting the blockbuster story that it broke on Oct. 4, including a very recent round of inquiries from a Bloomberg News/Bloomberg Businessweek investigative reporter. In emails to employees at Apple, Bloomberg’s Ben Elgin has requested “discreet” input on the alleged hack. “My colleagues’ story from last month (Super Micro) has sparked a lot of pushback,” Elgin wrote on Nov. 19 to one Apple employee. “I’ve been asked to join the research effort here to do more digging on this … and I would value hearing your thoughts (whatever they may be) and guidance, as I get my bearings.”

One person who spoke with Elgin told the Erik Wemple Blog that the Bloomberg reporter made clear that he wasn’t part of the reporting team that produced “The Big Hack.” The goal of this effort, Elgin told the potential source, was to get to “ground truth”; if Elgin heard from 10 or so sources that “The Big Hack” was itself a piece of hackery, he would send that message up his chain of command. The potential source told Elgin that the denials of “The Big Hack” were “100 percent right.”

As a big story with a hundred interviews that, apparently, took a year and a half to put together, it’s not surprising that finding further sourcing to either corroborate or contradict the story could be hampered by internal-to-Bloomberg deliberations. But, even so, the denials received by Bloomberg before publishing the story were so forceful that it should have inspired comprehensive review prior to its publication, given its blockbuster ramifications, if it is true.

Due diligence and fact checking are processes to be done before a story is published. Following up after a story is published can often be necessary to ensure its validity. But, when the very foundation of this story has been stated to be entirely false, it reads less to me as validation and more like panicked doubt.

The first run experience of Safari on a brand new — for 2017 — iMac with a spinning hard drive, as documented by “cocobandicoot” on Reddit, is pretty awful. Judging by Michael Tsai’s post, it is far from the only instance of subpar performance on Macs not equipped with solid state drives. A simple solution for Apple would be to treat these Macs as the baseline for good performance; then, everything with an SSD could be much faster, but a spinning hard drive Mac would not be too slow.

However, as much as I favour holding back on the tendency to maximize newly-expanded technical bandwidth, I can think of some pretty clear instances where the much faster speeds of an SSD could make MacOS more capable than would be possible with a spinning hard drive. The system can build caches in the background so something like the photo picker is always current; a document can be saved with every keystroke; software updates can be downloaded in the background — all of these things can happen at once.

It has been eight years since the introduction of the second-generation MacBook Air, which brought solid state storage to typical Mac users for the first time. Apple has been shipping annual updates to MacOS that presuppose the availability of a SSD — APFS, for example, took a year to come to hard drives. And there are plenty of Mac Minis, iMacs, and tower Mac Pros that are supported by Mojave but will perform poorly because they have hard drives.

So, if these features require an SSD — inasmuch as if the Mac in question were not equipped with one, it would suck to use — I don’t think it’s unreasonable to suggest that Apple should not be selling Macs without solid state drives any longer. They’re most of the way there — the only remaining model available with a spinning drive is the iMac. But, even with a Fusion Drive, it’s clearly still not performing to the standard that it ought to be.

David Barnard:

My critique of Apple’s management of the App Store (which began in 2008) has never been about embarassing Apple or denigrating its employees or motives, I want to see this amazing platform Apple created be the best it can possibly be. The App Store is an incredible marketplace that has generated tens of billions in revenue while empowering billions of people around the world to do amazing things with these magical little computers we carry around in our pockets. But I do think the overall success of the App Store has blinded Apple to the need for various course corrections over the years. And as the financial incentive to build and maintain great niche apps dries up, the beautiful and diverse forest of apps that is the App Store will slowly start to look more like the unkempt Play Store.

So, let’s talk about how developers are gaming the App Store and why it matters to the future of the platform. Any one of these tactics might seem somewhat bland individually, but when tens of thousands of apps deploy multiple tactics across many categories of apps, the impact can be measured in hundreds of millions of users and likely billions of dollars.

For all of the activity in the App Store and Apple’s evidently increased investment in it, tactics like these make even its most popular apps feel like the product of a disreputable marketplace. It is disheartening to see unscrupulous developers with crappy apps succeed — and even be featured by Apple, as Barnard documents.

Shara Tibken, CNet:

Greg Joswiak, Apple vice president of product marketing, told CNET in an interview Wednesday that the device has “been our most popular iPhone each and every day since the day it became available.”


The news comes amid worries about iPhone demand. Apple’s fiscal fourth-quarter results at the beginning of November showed it may be grappling with a case of iPhone fatigue — but it’s still getting people to shell out more money for the phones they do buy. Apple said it didn’t sell as many iPhones as analysts expected in the quarter that ended Sept. 29, and it projected lackluster revenue results for the December quarter. Apple also said it would no longer detail unit sales of its iPhone and other major devices, a reversal from its strategy since first introducing the products.

Apple usually doesn’t announce their sales mix of iPhones but, for two years in a row, they’ve broken with that pattern to quell supply chain rumours. Analysts seem desperate to write off new iPhones as major flops.

Ben Thompson:

To put it another way, Apple profits handsomely from having a monopoly on iOS: if you want the Apple software experience, you have no choice but to buy Apple hardware. That is perfectly legitimate. The company, though, is leveraging that monopoly into an adjacent market — the digital content market — and rent-seeking. Apple does nothing to increase the value of Netflix shows or Spotify music or Amazon books or any number of digital services from any number of app providers; they simply skim off 30% because they can.

This is the best piece I’ve read so far about this legal issue — not just for what he wrote about the issue itself, but for what it says about the services part of Apple’s business today.

Jenny Odell, New York Times

Recently, one of my students at Stanford told me a strange story. His parents, who live in Palo Alto, Calif., had been receiving mysterious packages at their house. The packages were all different shapes and sizes but each was addressed to “Returns Department, Valley Fountain LLC.”

I looked into it and found that a company called Valley Fountain LLC was indeed listed at his parents’ address. But it also appeared to be listed at 235 Montgomery Street, Suite 350, in downtown San Francisco.

So were 140 other LLCs, most of which were registered in 2015.


Trying to map the connections between all these entities opens a gaping wormhole. I couldn’t get over the idea that a church might be behind a network of used business books, hair straighteners, and suspiciously priced compression stockings — sold on Amazon storefronts with names like GiGling EyE, ShopperDooperEU and DAMP store — all while running a once-venerable American news publication into the ground.

See Also: There’s No Such Thing as a Free Watch.

With the release of the Retina MacBook Air earlier this month came questions about how the product fits into the rest of Apple’s laptop lineup — especially since the starting prices of the MacBook and MacBook Pro are just $100 more than the Air. And, if you wanted, you could arguably add the 12.9-inch iPad Pro with a Smart Keyboard Folio to a comparison shopping list, as that’s about the same price as these 12-to-13-inch Mac notebooks. On the surface, then, it seems like there’s a crowded field of comparable products if you want to spend about $1,200-$1,300 on an Apple portable.

But that’s obviously not right for a couple of reasons. First, these products all have their distinct niches: the Air is a well-rounded consumer notebook; the iPad Pro is ideal for ultra-portability; the MacBook is similar, but for those who want MacOS as opposed to iOS; and the Pro is what you buy when performance matters most. It’s also not right because it isn’t, I don’t think, a fair comparison at each of these models’ base price point.

Yes, you can get a MacBook Air for $1,199 in the U.S., but that comes with just 128 GB of storage; it’s a similar case for the base model MacBook Pro at $1,299. The MacBook starts at 256 GB of storage which, if it were my decision, ought to be the bare minimum for a Mac in 2018.

When these Macs are all specced with 256 GB of storage, a different pricing picture begins to emerge:

  • MacBook at $1,299
  • MacBook Air at $1,399
  • MacBook Pro at $1,499

Now, it’s easy to mix in the iPad Pro with 256 GB of storage, the base model Touch Bar version of the MacBook Pro, and the old MacBook Air to complete this picture:

  • Old MacBook Air at $1,199
  • MacBook at $1,299
  • 12.9-inch iPad Pro with Smart Keyboard Folio at $1,348
  • MacBook Air at $1,399
  • MacBook Pro at $1,499
  • MacBook Pro with Touch Bar at $1,799

To me, this pricing is much more reflective of the Mac products’ positioning as far as performance and capability go. Even the iPad makes sense, as far as Apple’s aspirations — if not yet realizations in software — for it go.1 And there’s even a nice ramp to those prices.

Instead, by starting the MacBook Air with a 128 GB drive, Apple has priced it to fit its status as the default consumer Mac portable to buy. A 128 GB drive is probably enough for a bare minimum user who relies upon Apple Music and offloads their iCloud Photo Library. It’s a little dicey, I think — we all know how easily a hard drive can fill up in unexpected ways, like if Mail downloads a decade’s worth of email — but there are ways to manage that. I really do think 256 GB ought to be the baseline, but a good enough argument can be made for 128 in the Air.

The real anomaly is, I think, the MacBook Pro: the 128 GB model feels like a clear price point play, but how many people are really buying that configuration? Apple must have data supporting its continued existence, but it puzzles me. It is a vastly more capable product with, I think, a completely different audience. Even if “Pro” doesn’t strictly mean professional in Apple’s parlance, it is a higher-performing and more serious product.

It comes down to the honesty and integrity of the product. Every so often, I think to myself could I imagine everyone on Apple’s executive team happily using this product? as a proxy for product integrity. For most of the current lineup, I have few reservations; I bet Phil Schiller would be very happy toting an iPhone XR and a base model iPad, for example. But — and perhaps this is projecting — I think they would get frustrated after a year of using any Mac with 128 GB of storage; but, especially, a MacBook Pro. It’s debatable, to me, whether that’s a fair base storage in the Air, but I don’t think it’s honest in the Pro. As far as I’m concerned, the MacBook Pro makes more sense starting at the $1,499 256 GB configuration — from both a pricing perspective, and for its integrity.

  1. The one tech spec that the iPad cannot match against any Mac is RAM. The 2018 iPad Pro models all come with 4 GB of RAM, with the exception of the 1 TB models which sport 6 GB of RAM. You cannot order a Mac with less than 8 GB of RAM today. I think the same minimum should be in the iPad Pro, too. ↥︎

I live in Canada’s Texas, so the following anecdote isn’t necessarily surprising: I was once directed into a security line behind a man with rings on every finger and an enormous belt buckle. There is no possible way he could have not known that he would be passing through a metal detector, which just seems like he was asking for trouble not just for him, but for everyone behind him. The best thing to do is, of course, be very patient; everyone around you is just as irritated at that one person.

Michael Lopp’s routine is the practiced obsessive procedure of someone who travels a lot, particularly for business. I do not fly nearly as often. But I follow similar patterns because it makes everything better not just for me, but also for the people behind me in every inevitable line.

’Tis the season — not the holiday shopping season, but the iPhone Supply Chain Apocalypse/Catastrophe season. If you follow Apple rumours at all, you’re probably familiar with the steady relentless drip of stories about how different parts suppliers have received cuts in orders, all saying that the latest round of iPhones is doing poorly compared to its predecessor. These rumours seem to get more alarming every year, yet the iPhone seems to do just fine — funny how that happens. Despite Apple reporting strong iPhone X sales for every quarter it was available, for example, it took analysts until this September to admit that they were wrong about its success.

This year, there are plenty of such stories, all trumpeting a similar tale and bolstered by Apple’s announcement during their last earnings call that they would begin reporting their financials more similarly to their peers by not releasing unit sales figures.

Take this report, from Takashi Mochizuki at the Wall Street Journal (or bypass the paywall):

Apple suppliers have also recently resumed making the iPhone X, the 2017 model that Apple had stopped selling at its own stores, people familiar with the matter said.

In the past, Apple has produced legacy models for select markets where there is enough demand for those devices, the person familiar with Apple’s sales and production tactics said. The company views it as a way to fuel sales and boost margins, as the components often cost less and manufacturing equipment has depreciated, he said.

People involved in the supply chain said the resumption of the X is due in part to Apple’s contract with Samsung Display, a major provider of iPhone X’s organic-light emitting diode display, or OLED, panels. Apple needs to buy a certain amount of the panels from the South Korean maker, and given the cut in XS and XS Max, Apple is trying to fill the gap with the old device, they said.

To be clear, I don’t know anything more about this than what the Journal wrote. Maybe iPhone XS sales really are falling so far below Apple’s expectations that they need to begin producing a superseded device again for sale in specific markets. The Journal also doesn’t provide more specific sourcing for these claims than “people familiar with the matter”. But, given that it specifically mentions that this relevant to a Samsung Display contract, it’s a safe bet that it’s based on sources working specifically with the display components, and they may not necessarily know whether production of iPhone X devices has resumed.

I mention all of that because, as far as I can tell, there’s a more obvious reason why Apple would suddenly need a bunch of brand new iPhone X display components: they recently launched a repair program for erratically-responding iPhone X displays.

Maybe sales of brand new iPhones really will be much lower this year compared to previous years. I have no financial or personal interest in specific sales figures; there could be loads of reasons for that. But this panic happens every year. You would think that context would be important.

Katie Notopoulos, Buzzfeed:

And yet, somehow Amazon’s website, the place where it sells a gazillion things that make a gazillion dollars… sucks? The experience of shopping on the site itself fails in spectacularly stupid ways.

For a company that is quite arguably the most important at the moment, that touches infinite aspects our daily lives — how we shop, the groceries we eat, the movies and TV shows we watch, how a massive amount of human labor is compensated, how our government’s postal system works — there are simply giant glaring holes in its main product:

This is a terrific explanation of what I was referring to when I wrote that Amazon is a fine enough place to buy a specific product, but an awful place to shop.

Ryan Christoffel, MacStories:

It took nearly 18 months of Apple’s regular Today at Apple promotions through keynote events and press releases, but I finally had my interest in the program piqued. As I wrote earlier this month, whereas every other Apple product is analyzed to death by writers, podcasters, and YouTubers, the company’s retail stores and Today at Apple program are often ignored by tech media. But Apple’s increased trumpeting of its retail initiatives, in the face of a collective shrug from the press, made me wonder what exactly we’re all missing out on here. I mean, if the company is passionate enough about Today at Apple to host over 18,000 sessions per week, then there must be something special about the program.

So I attended my first session.

It might be hard to set aside the cynical view of “Today at Apple” as product tutorials in the company’s retail stores, but I think Christoffel’s experience is reflective of how great this can be for such a broad cross-section of customers. Whenever I’ve passed by my local Apple Store during one of these sessions, I’m struck by how crowded the tables get. I’m not sold on Apple’s — I think — overly-ambitious idea to make their stores feel like town squares; they’re stores, after all, operated by a single company. But there is something unique and truly good about their approach of bringing these custom creative exercises to all of their stores.

Brian Krebs in July:

Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.

Adam Engst, TidBits:

But not this message. The believability of this blackmail hinges on the fact that — in theory — only you know your password. If the blackmailer can know your password, you think, perhaps their other claims are true too. They’re not, but even people whose browsing habits are always G-rated often report a moment of panic. I presume those who still use ancient insecure passwords experience more than a moment of panic, and well they should.

The problem is that old stolen passwords are just the tip of the iceberg when it comes to information about us that’s readily available online. This blackmail spam combines only two bits of information — your email address and password. What happens when similar attacks expand the amount of information they use?

I’ve noticed a steady flow of these emails falling into my junk mail folder. They’re hilarious, but also deeply convincing. It’s trivial to find evidence that they seem to work, too, because you can look up someone’s Bitcoin wallet address in a blockchain explorer. While some of the Bitcoin addresses report an empty balance with no transactions, at least one of the ones I received had amassed over four Bitcoin from nearly forty deposits. That’s tens of thousands of dollars in just one wallet. Even if the wallet receives deposits from other sources, there is still a lot of money being made from this scam.

Maya Kosoff, Vanity Fair:

The episode is revealing in that it suggests Zuckerberg still thinks Facebook’s core issue is a communications problem, rather than a substantive one. He’s seemed contrite in press calls and before lawmakers, professing to understand Facebook’s shortcomings as a product. But internally, his response to criticism is more self-righteous. During a Q&A session with employees last week, for example, Zuckerberg reportedly called recent negative coverage “bullshit.” He also reportedly blamed C.O.O. Sheryl Sandberg and her team for the “hysteria” that accompanied the revelation that millions of users’ personal data had been siphoned by Mercer-backed firm Cambridge Analytica, complaining that Facebook “wasn’t effectively managing the response.” (A person familiar with Zuckerberg’s thinking told the Journal that he does not recall using the word “hysteria.”) And he’s been frustrated at Facebook’s response to criticism over the past year, pressuring senior executives to “make progress faster” on issues like securing Facebook’s platform and reversing slow user growth. (In a statement to the Journal, a Facebook spokesperson said the company has “made massive investments in safety and security. While we know we have more work to do, we believe we’ve made progress.”)

Facebook’s executive team appears to view negative press coverage of the company as an affront — as though the media is the enemy — instead of recognizing these stories as the product of a decade-long series of decisions they have made. If Facebook were a country, it would be by far the most populous on the planet, but also among the least-accountable and most poorly-governed.

The worst part of the press’ coverage of Facebook’s faults is not that it is harsh, unfair, or critical. It is that it took until recently for Facebook and its peers to be seen as having the potential to be catastrophically destructive. It has now proven its power by not being willing to face its consequences.

Jon Brodkin, Ars Technica:

Nearly two years have passed since the Federal Communications Commission reported on whether broadband customers are getting the Internet speeds they pay for.

In 2011, the Obama-era FCC began measuring broadband speeds in nearly 7,000 consumer homes as part of the then-new Measuring Broadband America program. Each year from 2011 to 2016, the FCC released an annual report comparing the actual speeds customers received to the advertised speeds customers were promised by Comcast, Time Warner Cable, Verizon, AT&T, and other large ISPs.

But the FCC hasn’t released any new Measuring Broadband America reports since Republican Ajit Pai became the commission chairman in January 2017. Pai’s first year as chair was the first time the FCC failed to issue a new Measuring Broadband America report since the program started — though the FCC could release a new report before his second year as chair is complete.

Here’s something extra strange about this: if you go to the last-available report and replace “2016” with “2017” in the URL, it says that “public access to this page has been disabled by the content owner”. This isn’t a generic error page; if you change it to “2018” instead, you’ll see a blank page. It’s probably nothing exciting — it’s not like they would upload the entire report and then protect its access in a public setting — but I have, of course, filed a FOIA request.

These reports are critical to understanding the actual performance of internet service providers in the United States, and can help shed light on what effect the FCC’s policies have on broadband users.

Update: According to Marguerite Reardon of CNet, the FCC will release a new report tomorrow.

Update: Wednesday has come and gone without the release of said report. Shocker.

I liked this video by Matthew Cassinelli walking through several gestures on the iPad, but one thing I noticed is how — much like 3D Touch and clipboard gestures — they are difficult to discover. The multitasking ones, in particular, are hard to use from the home screen and Spotlight, and the ability to keep an app in a slide-over view feels awkward.1

I use a Windows PC at work and recently discovered a gesture where, if you select an app’s title bar and wiggle it, it will cause all other apps to minimize. I didn’t know this, so the first time it happened, I thought something had gone wrong. Luckily, I can’t see a way any of the gestures on iOS would necessarily feel destructive by accident, but they are hard to find. Unlike the mouse, there is nothing in the hardware that indicates that this new interaction paradigm is available. They arguably build upon the direct manipulation of iOS — you are literally dragging apps around the screen — but I’m not sure that they are obvious or clear enough. Imagine if multitasking in MacOS were as undiscoverable.

  1. Also, did you know that you can have the same app in slide-over and split view? ↥︎

In an interview with Axios — which, despite being a well-funded website with an HBO television show, apparently cannot afford a tripod or, for that matter, a colourist — Tim Cook explored a few pet topics of the company. Most notably, he explained why Google has remained the default search engine in various places on MacOS and iOS, something that was criticised after his speech last month at the ICDPPC:

One, I think their search engine is the best. … But, two, look at what we’ve done with the controls we’ve built in. We have private web browsing. We have an intelligent tracker prevention. What we’ve tried to do is come up with ways to help our users through their course of the day. It’s not a perfect thing. I’d be the very first person to say that. But it goes a long way to helping.

There is something that will always be a little contradictory about Apple’s privacy stance if you view it from an absolutist perspective. If Google were not the default search engine in Safari but users were still able to select it as an option, would that be in conflict with how it views user privacy? Should they still allow apps from Google and Facebook in the App Store? It begins to feel like a Mister Gotcha strip.

Cook also acknowledged the likelihood of privacy regulations in the United States. It’s a good interview, but the Axios format doesn’t make for a particularly compelling read, though it’s better than watching it.

Kevin Alexander, in Thrillist:

In my office, I have a coffee mug from Stanich’s in Portland, Oregon. Under the restaurant name, it says “Great hamburgers since 1949.” The mug was given to me by Steve Stanich on the day I told him that, after eating 330 burgers during a 30-city search, I was naming Stanich’s cheeseburger the best burger in America. That same day, we filmed a short video to announce my pick. On camera, Stanich cried as he talked about how proud his parents would be. After the shoot, he handed me the mug, visibly moved. “My parents are thanking you from the grave,” he said, shaking my hand vigorously. When I left, I felt light and happy. I’d done a good thing.

Five months later, in a story in The Oregonian, restaurant critic Michael Russell detailed how Stanich’s had been forced to shut down. In the article, Steve Stanich called my burger award a curse, “the worst thing that’s ever happened to us.” He told a story about the country music singer Tim McGraw showing up one day, and not being able to serve him because there was a five hour wait for a burger. On January 2, 2018, Stanich shut down the restaurant for what he called a “two week deep cleaning.” Ten months later, Stanich’s is still closed. Now when I look at the Stanich’s mug in my office, I no longer feel light and happy. I feel like I’ve done a bad thing.

There seems to be no satisfactory or clean answer to the question of what do reviewers leave behind?; the reach of a reviewer with a global audience means that, much like geotagging Instagram photos, it has the ability to share something fantastic to such an extent that it ruins everything that made it good.

Update: It turns out that this story could have a far darker conclusion.

Cabel Sasser of Panic:

But here’s something you might not know: the reasons we never put Transmit 5 in the App Store. They’re simple. We weren’t sure we could provide a good-enough Transmit experience under the stringent sandboxing security the App Store requires. And frankly, we weren’t sure Apple cared that much about the App Store on the Mac.

Since then, a lot has changed. macOS Mojave gave us a significantly improved App Store that caters to professionals like yourself and seems to treat apps with respect. And sandboxing has evolved enough that Transmit can be nearly feature-parity with its non-sandboxed cousin.

So, as we promised at WWDC: it was time to give this another go.

You can now get Transmit 5 on the Mac App Store!

But, there’s a twist…

The twist is that the Mac App Store version of Transmit is an annual subscription of about $25, instead of the $45 flat cost of buying directly from Panic. I have mixed feelings about that; I’m glad a one-time payment option is still available because, if I were still building websites full-time, I wouldn’t want a critical part of my workflow to evaporate if I unsubscribed. However, I can see the benefit from both Panic’s perspective, as well as for a user or agency that can consistently budget for the software.

There’s one more thing about the Mac App Store version that’s unique, and it’s how it encourages some flexibility in MacOS’ sandboxing.

Daniel Jalkut:

I downloaded Transmit even though I own a copy of the direct-purchase version. I wanted an answer to my question, which I got, at least partially, by dumping the application binary’s “entitlements”, which represent the sandboxing exceptions that the app has received.

New to me among the entitlements is “”, which is a boolean value set to true for Transmit. I don’t see any Google results for this key, so I’m assuming it’s something new that was added for Panic (and maybe BBEdit), and which may or may not be documented in the future for use by other developers.

Apple has a form on their developer site to request the privileged file operations entitlement.

I didn’t start this week intending to be kind of a jerk about Amazon nearly every day, but, well, they make it so easy. Take their newest creation: a microwave. Sarah Perez, TechCrunch:

Perhaps some microwaves may not have the most intuitive interfaces, but the learning curve isn’t steep. After the first time you learn to program the power level or enter in how many pounds of meat you’re defrosting, you generally retain that knowledge for later use.

But even if you don’t buy into the premise that microwave controls are a challenge to solve, there’s still the novelty aspect of the voice-activated microwave. If it takes the same or less time, but “feels fun,” some consumers may still buy it, I suppose. (???)

Unfortunately, it wasn’t really all that fun.

In fact, it was often frustrating.

I kind of get the idea behind this product. I don’t know anyone who uses the special function buttons on their microwave. But that’s not because it’s necessarily complicated to use those functions on a conventional microwave; it’s because anything beyond time entry adds unnecessary complication.

Also, this may say more about me than this product idea, but if I started telling friends and family when they came over that they should try talking to the microwave, they would think that I was pulling their leg.

I recently moved into a new apartment that came with a microwave because it’s one of those ones that doubles as a range hood. Every time I want to turn on the light above the stove, I have to actively remember that the button for that is on the microwave keypad. It’s ridiculous. All anyone I know wants from a microwave are buttons for time and a big “start” button — that’s it.