Macs differ drastically from Windows in terms of the types of threats seen. Where we found several different categories and families in our top detections of Windows threats that classify as traditional malware, especially those aimed at businesses, most Mac threats, and certainly the most prevalent ones of 2019, are families of adware and potentially unwanted programs (PUPs). The most common Mac malware family, OSX.Generic.Suspicious, fell well down the list at 30th place in Mac-specific detections, and hundreds of spots down on a cross-platform threat list.
Of all the [Mac] threats seen this year, only one incident involved anything other than tricking the user into downloading and opening something they shouldn’t. That is the incident in which Coinbase, and several other cryptocurrency companies, were targeted with malware that infected systems through a Firefox zero-day vulnerability.
So the chance of experiencing malware — not adware or what Malwarebytes calls “potentially unwanted programs”, but malware — on a Mac actually fell in 2019, according to this report. Meanwhile, as Ben Lovejoy points out, the primary reason adware became more prevalent on the Mac in 2019 is down to a single app.
When Target bought the company for $550 million in 2017, Shipt rapidly expanded its same-day delivery to half of its stores. Today, Shipt has more than 100,000 gig workers, according to the company. The company has tripled its geographic reach since 2017.
Shipt workers told Motherboard that customers who order from Target often seem surprised when independent contractors in plain clothes driving their personal cars show up at their homes with massive deliveries from Target. Because Shipt classifies its workers as contractors, not employees, workers pay for all of their expenses — including gas, wear and tear on their cars, and accidents — out of pocket. They say the tips on large orders from Target, sometimes with hundreds of items, can be meager.
Workers say Shipt customers often live in gated and upscale communities and that the app encourages workers to tack on gifts like thank you cards, hot cocoa, flowers, and balloons onto orders (paid for out of their own pocket) and to offer to walk customer’s dogs and take out their trash, as a courtesy. Shipt calls this kind of service “Bringing the Magic,” which can improve workers’ ratings from customers that factor into the algorithm that determines who gets offered the most lucrative orders.
If this “gig economy” nonsense is to have a quality of employment greater than that of a freelance servant, workers need rights, reasonable expectations, benefits, and real income. This nonsense of paying people according to a black box algorithm should not be legal.
I worked at an Apple Authorized Service Center and had been doing service on the iMacs with slot loading optical drives (like the one pictured above). Whenever I would need to erase a hard drive and restore the operating system I noticed that the desktop wallpaper color matched the color of the case. So a Ruby iMac would get a Ruby colored desktop, and same with Sage green, Indigo blue, and so on. How did they pull this off?
Most iPhones since the 5S and 5C have used colour-matched wallpapers by default, too, but those are highly-integrated devices. Sorge says that virtually every interior component of the iMac G3 could be swapped and it would still know which colour to use for the wallpaper. I love details like these.
We popped by one of San Francisco’s most prominent ghost kitchen facilities, and Jesus is this place dirty and depressing. Though Business Insider gave 60 Morris a glowing write-up, we found the place looks like a combination of 850 Bryant and the kind of SRO lobby where the check-in counter has bulletproof glass. It is operated by disgraced Uber CEO Travis Kalanick’s new venture CloudKitchens, but their $400 million in VC funding from dirty Saudi Arabian money is not evident in the facility’s hand-written signs, bare bones interior, and general below-minimum-wage dystopian chic.
Surely some of the negative impression of this place comes down to the poorly-exposed nighttime cellphone photography in this article. There are no photos of the kitchen; it could be spotless, for all we know.
Yet it is hard to imagine that this is the future of food, where this is a derelict industrial building masquerading as two dozen different restaurants where, inside, workers create meals to be stashed in a locker for an underpaid delivery driver to ferry, at great expense, to its destination. After decades of lame jokes in stand-up comedy routines about the quality of airline food, it sure seems like that shouldn’t be what we aspire toward.
In addition, the Antitrust Division has in recent months raised eyebrows about politicization of competition law. During the trial of a multistate challenge to the proposed T-Mobile/Sprint merger, which federal regulators approved, text messages emerged that showed Delrahim laboring behind the scenes during the government’s review last summer to save a deal that would shrink competitors in the wireless arena, helping to arrange the sale of the two companies’ mobile spectrum to a third party, Dish Network, and offering its chairman, Charlie Ergen, advice on how to lobby the FCC and lawmakers. “Why Is the Justice Department Treating T-Mobile Like a Client?” asked a New York Times editorial in December. (On Tuesday, a judge rejected the states’ antitrust challenge and approved T-Mobile’s Sprint acquisition.)
Delrahim is notable for leading the antitrust investigations of large tech companies, disputing the AT&T and Time Warner merger, and his opposition to the Paramount Consent Decree. He has a bizarre view of antitrust law: big tech companies are scary to him, but ISPs and entertainment conglomerates — which are increasingly the same thing — are not. Oh, except for AT&T and Time Warner, which he disputed for ostensibly good reasons, only to lose that case and find that the newly-merged AT&T and Time Warner conglomerate is doing exactly what it said it wouldn’t.
T-Mobile is closer to taking over Sprint after a federal judge rejected arguments by several states that the merger would stifle competition and lead to higher prices for consumers.
The deal would combine the country’s third- and fourth-largest wireless carriers. The new company, to be called T-Mobile, would still be the third-largest, after AT&T and Verizon.
U.S. District Court Judge Victor Marrero concluded that the proposed merger “is not reasonably likely to substantially lessen competition” in the wireless market.
Nilay Patel of the Verge read the decision and put together a terrific explanation of how Judge Marrero arrived at that conclusion:
And… it turns out that Judge Marrero thinks CEO John Legere and the rest of T-Mobile’s executives are extremely cool and smart and that Dish Network is definitely trustworthy and that everything is going to work out great.
Also, the judge thinks that Sprint sucks. Really, if there’s one major takeaway here, it’s that Victor Marrero, a federal judge selected by Bill Clinton for a lifetime appointment on the federal judiciary, thinks that Sprint is a bad company with a crap network run by dummies. This is the law now.
In Canada, our three major carriers operate in near lockstep. The United States is now down to three major carriers. Should be fine, right?
The history of Essential is blessedly short, yet dramatic and inherently entwined with the personal life of its founder and CEO Andy Rubin. Its first product, announced in May 2017, was supposed to be out in June of the same year, and missed that deadline for a week before journalists realized that it hadn’t started shipping yet. It ultimately wasn’t available until August, then received a price cut in October.
In November — this is all in 2017 — Rubin took a leave of absence after the Information reported that he had what they deemed an “inappropriate relationship” with a subordinate at Google. It took until the following year for the New York Times to report that Rubin was asked to resign from Google after being credibly accused of sexually assaulting the employee. He was given $90 million to leave, leading employees to walk off the job in protest of the way Google has protected men accused of sexual assault. Oh, and Rubin was also accused, in court papers, of running a sex ring.
In October, we introduced Project GEM, a new mobile experience that our hardware, software and cloud teams have been building and testing for the past few years. Our vision was to invent a mobile computing paradigm that more seamlessly integrated with people’s lifestyle needs. Despite our best efforts, we’ve now taken Gem as far as we can and regrettably have no clear path to deliver it to customers. Given this, we have made the difficult decision to cease operations and shutdown Essential.
The email app is also shutting down, effective April 30. I feel bad for the employees who were understandably excited to work for a unique company, only to find it subject to the distractions of its CEO’s wrongdoing and the company not publicly communicating a clear path to relevance.
The manufacturing and storage facility for Apollo Masters Corp. — a Banning, Calif.-based manufacturing plant that supplies the lacquer used for making master discs, which are then used to create vinyl records — has burned down in a massive fire, the company confirmed in a statement posted to its official website.
The fire, which was first reported around 8 a.m. PT Friday morning (Feb. 7), broke out while employees were inside the building, though all escaped safely, according to The Desert Sun, which first reported the blaze. But the loss of the plant — which, along with MDC in Japan, is one of only two worldwide that produces the lacquers needed to create vinyl records — comes as a difficult blow to the booming vinyl record industry. Billboard reported just last month that 26% of all physical albums sold in the U.S. in 2019 were vinyl.
You will be able to buy new vinyl titles in 2020 — or most of 2020, anyway. Ironically, the long waiting time to get a respective record pressed after cutting its master may be critical in delaying the consequences of low supply of vinyl offerings. That waiting time to press can take several months — and that’s assuming all money needed for the pressing is gathered and ready to spend. (Incidentally, before the mid 2000s, the waiting time used to be dramatically shorter.) Many new albums coming out in 2020 already had their respective masters cut in 2019.
However, from the end of 2020 onward will be the big question mark regarding vinyl supply in retail.
And it wouldn’t be surprising if labels began to start a more conservative release schedule effective ASAP. If any label does have a stash of lacquers, they will likely be reserved for releases that the label would consider low-risk in sales — such as legacy artists or hot new acts.
I listen to music in two formats: for convenience, a large local library of digital files mixed with streaming; and, for a more relaxed, immersive experience, vinyl. I love spending a couple of hours in a decent record store, walking my fingers along the shelves until I find something I like. This fire has the possibility to make all of that a rare occasion. It is going to be tough to recover from, but not impossible — it sounds like direct metal mastering is a good way out.
Mostly, you’ll notice gloves from brands that, unless you’ve spent a lot of time searching for gloves on Amazon, you’ve never heard of. Brands that evoke nothing in particular, but which do so in capital letters. Brands that are neither translated nor Romanized nor transliterated from another language, and which may contain words, or names, that do not seem to refer to the products they sell. Brands like Pvendor, RIVMOUNT, FRETREE and MAJCF. Gloves emblazoned with names like Nertpow, SHSTFD, Joyoldelf, VBIGER and Bizzliz. Gloves with hundreds or even thousands of apparently positive reviews, available for very low prices, shipped quickly, for free, with Amazon Prime.
Gloves are just one example — there are at least hundreds of popular searches that will return similar results. White socks: JourNow, Formeu, COOVAN. iPhone cables: HOVAMP, Binecsies, BSTOEM. Sleep masks: MZOO, ZGGCD, PeNeede.
These “pseudo-brands,” as some Amazon sellers call them, represent a large and growing portion of the company’s business. These thousands of new product lines, launched onto Amazon by third party sellers with minimal conventional marketing, stocking the site with disparate categories of goods, many evaporating as quickly as they appeared, are challenging what it means to be a brand.
They’ve also helped overwhelm the United States Patent and Trademark Office, which, not unlike an Amazon shopper, has for years found itself mystified by pseudo-brands as it continues to approve them. Maybe they’re the future of shopping. They’re certainly part of the now.
This is a fascinating exploration of how the combination of a handful of Amazon’s seller policies and fewer barriers between customers and manufacturers has changed the nature of what a brand is, at least in terms of household consumer goods.
The rise of counterfeit goods and other phony products sold on the Internet has been swift — and it has largely gone unnoticed by many shoppers. But make no mistake: The problem is extensive. Most people don’t realize this, but the majority of listings on Amazon aren’t actually for items sold by Amazon — they’re run by third-party sellers. And even though many, many third-party sellers are upstanding merchants, an awful lot of them are peddling fakes.
A major Wall Street Journal investigation recently revealed that Amazon has listed “thousands of banned, unsafe, or mislabeled products,” from dangerous children’s products to electronics with fake certifications. The Verge reported that even Amazon’s listings for its own line of goods are “getting hijacked by impostor sellers.” CNBC found that Amazon has shipped expired foods — including baby formula — to customers, pointing to an inability to monitor something as basic as an expiration date. Because of the proliferation of counterfeits and what Birkenstock describes as Amazon’s unwillingness to help it fight them, Birkenstock won’t sell on Amazon anymore. Nike announced that it is also pulling out of Amazon. “Many consumers are … unaware of the significant probabilities they face of being defrauded by counterfeiters when they shop on e-commerce platforms,” reads a January 2020 Department of Homeland Security report (PDF) recommending measures that would force e-retailers to take counterfeits even more seriously. “These probabilities are unacceptably high and appear to be rising.”
Here’s a true and dumb story about your silly writer: last Wednesday, as I was trying to put my MacBook Air on the coffee table, I missed and instead allowed gravity to place it directly onto my foot. My laptop is fine. One of my toes, however, is broken. I got it checked out on Thursday just to be safe — universal health care is a very good thing — and was told that I could keep buddy taping it; it’s not a serious break. They recommended I pick up a cohesive bandage, which they said could best be found on Amazon. So I tried finding it, and spent a solid hour poking around the Amazon storefront. It’s not that there’s a shortage of choice; it’s quite the opposite problem. I just wanted to find a small quantity of the narrowest bandage available. I ended up frustrated and buying a six-pack with multiple sizes made by a company I’ve never heard of. It was, oddly enough, the best choice, but not even close to the correct one.
When telecom-equipment makers build and sell hardware such as switching gear, base stations and antennae to carriers — who assemble the networks that enable mobile communication and computing — they are required by law to build into their hardware ways for authorities to access the networks for lawful purposes.
They are also required to build equipment in such a way that the manufacturer can’t get access without the consent of the network operator.
Only law-enforcement officials or authorized officials at each carrier are allowed into these “lawful interception interfaces,” generally with the carrier’s permission. Such access is governed by laws and protocols specific to each country.
U.S. officials say Huawei has built equipment that secretly preserves the manufacturer’s ability to access networks through these interfaces without the carriers’ knowledge. The officials didn’t provide details of where they believe Huawei is able access networks. Other manufacturers don’t have the same ability, they said.
The only attribution that Pancevski uses for the claims throughout this article is “U.S. officials”, aside from a single time when he quotes Robert O’Brien. There is no more specific attribution for the overall thrust of the article — not even whether they entirely represent the U.S. intelligence apparatus, nor how many officials described this vulnerability.
Nevertheless, I note that these “U.S. officials”, now worried about the abuse of law enforcement backdoors, somewhat undercut the arguments made by their colleagues in the Department of Justice, who are adamant that every cellphone, tablet, and computer needs a law enforcement backdoor that they promise will not be abused.
See Also: Last year’s still-questionable report from Bloomberg Businessweek about Telnet being left on in Huawei equipment used in Vodafone’s Italian network.
A lack of any meaningful US privacy law for the internet era means there’s repeatedly no real punishment for companies that fail to secure the vast troves of data they’re now collecting on your every waking moment. Nor is there any real compensation for consumers who may not have wanted this data collected, stored, and sold to every nitwit with a nickel. There are so many points of failure here — from corporations that treat privacy and security as an afterthought to captured regulators too feckless to do anything about it — that focusing too extensively on national security risks us learning absolutely nothing from the experience.
The key thing to be learned from this saga is not that spies are seeking extremely high-profile targets, nor that U.S. companies’ security policies are ill-equipped to keep them out. It is that there is no reason that this cannot happen again because Equifax has no incentive or obligation to change, but neither does any other company operating in a oligopoly, or any of the thousands of companies that few people have heard of despite them vacuuming up every detail of our electronic lives.
The popular Edison email app, which is in the top 100 productivity apps on the Apple app store, scrapes users’ email inboxes and sells products based off that information to clients in the finance, travel, and e-Commerce sectors. The contents of Edison users’ inboxes are of particular interest to companies who can buy the data to make better investment decisions, according to a J.P. Morgan document obtained by Motherboard.
On its website Edison says that it does “process” users’ emails, but some users did not know that when using the Edison app the company scrapes their inbox for profit. Motherboard has also obtained documentation that provides more specifics about how two other popular apps — Cleanfox and Slice — sell products based on users’ emails to corporate clients.
Slice is owned by Rakuten, a Japanese e-commerce conglomerate that also owns Unroll.me. A few years ago, the latter company was at the centre of a similar controversy over the appropriateness of scraping users’ inboxes for marketing data that can be sold.
At the time, Karissa Bell wrote a particularly good piece for Mashable about Unroll.me’s shady policies:
While Unroll.me’s website was updated to include information about the company’s invasive practices so users can make a more informed choice, Slice’s website is not as forthcoming, but the app was described in a 2012 story as “creepy”.
Edison and Cleanfox are not owned by Rakuten and do not appear to have any relationship with that company. The website for the former was updated some time between September last year and today to include a disclosure; the website for Cleanfox contains no clear explanation.
People used to be worried about Google’s since discontinued policy of scraping Gmail inboxes for targeted ads. How times have changed.
As I read this today, I couldn’t help but think of it as related to the audiophile argument that analogue processes are inherently superior to digital.
My main takeaway is that we have decades of knowledge about how different kinds of film stock and developing processes transform footage, but we have comparatively limited knowledge of equivalent digital processes. Yedlin has figured out how to convincingly simulate film with an entirely digital workflow, but there’s no reason that a 35mm lookalike should be the only goal. That’s his argument, too.
For years, the question has not been “is this a state-sponsored attack?”; instead, it has increasingly been “which state sponsored this attack?”. Now we know. A preliminary investigation noted that the attack had ties to Chinese methods and tools, but no confirmation could be made at the time.
Speaking with journalists after winning his first Oscar for Best Adapted Screenplay, Jojo Rabbit and Thor: Ragnarok director Taika Waititi had other things on his mind. When asked what he thought writers should be demanding in the next round of discussions with producers, Waititi put Apple’s controversial laptop keyboards on blast.
“Apple needs to fix those keyboards,” he said. “They are impossible to write on — they’ve gotten worse. It makes me want to go back to PCs. Because PC keyboards, the bounce-back for your fingers is way better. Hands up who still uses a PC? You know what I’m talking about. It’s a way better keyboard. Those Apple keyboards are horrendous.”
It’s only because Apple allowed the MacBook Pro keyboard problem to go on SO LONG that it could possibly have become a talking point in an Oscar awards interview. I hope some lessons have been learned.
Apple may now be shipping a laptop with a good keyboard, but its two most popular Macs — the MacBook Air and the 13-inch MacBook Pro — still include the painful butterfly keyboard. People keep laptops for years, too. This is going to be a decade-long reputation problem.
Now, none of this was much of a security concern back in the day when it was impractical for employees to lug their bulky desktop computers and monitors outside of the corporate network. But what happens when an employee working at a company with an Active Directory network path called “corp” takes a company laptop to the local Starbucks?
Chances are good that at least some resources on the employee’s laptop will still try to access that internal “corp” domain. And because of the way DNS name devolution works on Windows, that company laptop online via the Starbucks wireless connection is likely to then seek those same resources at “corp.com.”
In practical terms, this means that whoever controls corp.com can passively intercept private communications from hundreds of thousands of computers that end up being taken outside of a corporate environment which uses this “corp” designation for its Active Directory domain.
One of the things we are slowly learning is that our ten-, twenty-, and thirty-year-old bad security decisions are biting us hard. Consider, for example, how infrequently anyone but the most security-conscious people gave even a passing thought to password re-use just a few years ago. Dozens of high-profile breaches involving billions of accounts later, it’s something we’re only beginning to take seriously.
In December 2017, Apple acknowledged that an iOS update introduced a feature which prevented iPhones with degraded batteries from stability problems caused by CPU spikes. The peak performance of CPUs was reduced in iPhones with poor battery capacity.
Apple failed to communicate any of this to users; it only issued statements to the press after they reported on a Reddit post explaining that a fresh battery improved an iPhone’s performance. At the time, I wrote that this was a needless betrayal of trust which made a reasonable engineering decision look nefarious, and gave credence to conspiracy theories that the company intentionally slows down older devices to encourage users to purchase new devices.
This can be seen in the way the French government responded, according to an un-bylined BBC report from January 2018:
French prosecutors have launched a probe over allegations of “planned obsolescence” in Apple’s iPhone.
Under French law it is a crime to intentionally shorten lifespan of a product with the aim of making customers replace it.
It follows a legal complaint filed in December by pro-consumer group Stop Planned Obsolescence (Hop).
Hop said France was the third country to investigate Apple after Israel and the US, but the only one in which the alleged offence was a crime. Penalties could include up to 5% of annual turnover or even a jail term.
France’s competition watchdog DGCCRF announced earlier today that Apple will pay a $27.4 million (€25 million) fine due to an iOS update that capped performance of aging devices. The company will also have to display a statement on its website for a month.
I don’t know — or, frankly, care — if €25 million is a fine that is too small, too big, or not worth issuing at all. What I do know is that it is ridiculous to defend Apple’s decision not to explain this to users at the time.
But do you really think that people would have been understanding if Apple had been forthcoming about its plans? This is Apple after all. And people love to hate Apple. Can you imagine the headlines? ‘Apple announces it will intentionally slow down older iPhones‘ – ‘Apple forces customers to upgrade by ruining their old devices‘. Or worse, imagine if Apple had taken no action, and left us to our own highly unstable devices – ‘Negligent Apple lets older phones randomly shut off‘ – ‘Why hasn’t Apple issued an update to patch iPhone shutdowns?‘.
Of course it would not have been easy for Apple to explain why this decision made sense — Warwick alone spent about a thousand words retelling this saga. But it would have been right, and avoided accusations that the company was being underhanded and sneaky.
Yes, perhaps Apple could have taken the decision to be more forthcoming about its plans to enable performance management in iOS. It could have told the world that it was about to intentionally slow down its older iPhones. But would the world have been understanding about it? I think not.
That is the level of understanding the world had because Apple did not tell users that they should replace their battery to improve their iPhone’s performance. Instead of a difficult week for its PR team, trying to explain an engineering decision, they reinforced a dumb conspiracy theory. Was all that worth it?
To be clear, there’s no indication that this wasn’t publicized at the time to avoid poor PR; that’s something Warwick implied. If anything, this seems like an example of stupidity, not malice. But this was an indefensible mistake by Apple. There’s no reason to pretend otherwise.
Apple did, in fact, accept my news sources, and for the past several years these articles have been available through the service.
I guess I’ve dropped the ball a bit as a blogger, though, because this week I received a terse email from Apple:
Dear Daniel Jalkut,
We noticed that you have not published to your Bitsplitting channel in three months or more. Your channel will be removed in one week.
The Apple News Team
Regards, indeed. Apple will drop me in one week if I don’t publish something, or maybe even if I do; the wording is ambiguous. I’m a little annoyed at this, but I’m also a little annoyed at myself for not blogging more frequently, so I guess I’ll just say: “thanks, Apple News!”
If you hadn’t heard, Apple News dropped RSS support for new blogs, and it sounds like they rarely approve personal blogs anymore. Weeding out inactive blogs could be the first step to removing them altogether.
I haven’t found another public copy of this email posted by anyone else, and I wonder if this is something new that Apple is doing. I also couldn’t find a requirement to publish at least every three months within Apple’s News Publisher support section; I’m not saying it’s not there, just that I could not see where it might be.
Nevertheless, it seems like it’s still possible — according to that News Publisher site — to create a new channel based on RSS. Existing RSS-based channels also appear to be functional still; this one is, at least. However, it is no longer possible to subscribe to an RSS feed as a user with Apple News. iOS still declares that News is the handler for feed:// URLs, but it no longer supports them. A month ago, I asked a couple of people at Apple for clarity on this and neither has gotten back to me. I assumed it could be a bug at the time, but if it’s a policy change, it’s sloppy and poor.
Update:Reece confirms that it’s still possible to create a Apple News channel based on an RSS feed, but that it is discouraged during setup.