Month: November 2020

MagSafe Duo Charger Reviewed techcrunch.com

Matthew Panzarino of TechCrunch does not seem to be impressed with Apple’s new MagSafe Duo Charger:

For context, you have to understand that this thing is $129 but feels like it should be $70. When you realize that it is a charger that doesn’t come with a power adapter, I would not be shocked if you mentally downgraded it to $40. The charger does come with a Lighting to USB-C cable in the box. That cable assumes, which I don’t think is at all universally true yet, that you have a USB-C power brick. But the Lightning port on the charger itself does ensure that you can use this with any existing Lightning charging cables.

I still think — perhaps irrationally — that it is totally fine to remove the power adapter and headphones from iPhone boxes this year. You can still use your existing Lightning cables and, if you have a recent Mac, it will work with the cable in the box.

But I do not understand why this product, regardless of price, does not include an adapter. Someone buying this is almost certainly going to either throw it in their maybe I can travel again bag or set it up on their night stand. Either way, they are going to need a thing to get electricity out of the wall and into the wire. And, sure, you can use any old Lightning cable and adapter you have kicking around, but it’s going to charge slowly, which rather spoils the point.

Also, per Panzarino’s review, the press molded rubber looks pretty bad at the edges even out of the box, and it shows creases strongly in the middle. Because the MagSafe connector is so strongly magnetic, Panzarino says that the Duo sometimes lifts when you try to take the phone off. Perhaps most baffling is that the embargo dropped on this product but it still isn’t available and there is no forecasted date for when it will be. I am not sure I understand this product at all which, in Canada and paired with a 20W adapter, comes to just shy of $200.

Biden–Harris

The anxiety of living in a country one-tenth the size of its louder, more boisterous, more outspoken neighbour was perhaps best expressed by Prime Minister Pierre Trudeau in 1969:

“Living next to you is in some ways like sleeping with an elephant. No matter how friendly and even-tempered is the beast, if I can call it that, one is affected by every twitch and grunt,” said the late Pierre Trudeau.

I have thought a lot about this expression over the past four years, through every international micro-crisis caused by an off-the-cuff remark in a speech or an early-morning barrage of tweets.

This surely does not compare to the lived experience of every American who was worried that their relatives would be unable to visit because of an executive order targeting their religious beliefs. It cannot compare to the experiences of every American who was worried that their marriage would be invalidated, or those who found themselves on the receiving end of epithets and discrimination by assholes who had newfound public champions for their hateful views. I cannot imagine the pain of living under an administration that celebrates cruelty and wilful stupidity — especially not this year, when those views have caused the deaths of hundreds of thousands and have altered the lives of million.

I know that this era does not turn on a dime; that the problems of yesterday remain the problems of today. But this was not a symmetric decision of two slightly differing views. There will be countless benefits to leaving this administration behind, even as there will undoubtably be plenty of reasons to criticize the new one. But as a next door neighbour, it will be reassuring that, come January, I will not be worried that an errant tweet will trigger catastrophe.

Apple Music’s ‘New Music Mix’ Is Confusing Today for Some People reddit.com

My listening habits on Apple Music this week have largely been a blend of shoegaze, post rock, folk, and punk — much like last week; maybe this is a zeitgeist thing — so you can imagine my surprise as I opened my New Music Mix this morning to find the following:

  • a beat poem by Soundwalk Collective,

  • a collaboration between the Black Eyed Peas and an Israeli dance pop duo,

  • an Indian pop song,

  • and then twenty-two psy-trance tracks in a row.

I am used to a solid New Music Mix and the occasional oddball selection, but this is so far off from what I listen to that it seems some machine learning variable used the wrong operation and gave me the least-relevant playlist possible.

This is not something only I am seeing. There are a few discussions on Reddit and the MacRumors forums with complaints of inexplicable music choices. I asked on Twitter and in Slack and a few others reported the same thing.

I would wager that this is not happening to most people. There is clearly self-selection bias, too. But there seem to be some patterns in what some people are seeing in their New Music Mix this week: lots of classical music, lots of dance music, and some Indian and Spanish pop songs.

As a writer of a tech-focused website, I would love to know how something like this happens from a machine learning standpoint.1 But, as a user, I just want a button stronger than “dislike” — some option that lets me mark a generated playlist as entirely backwards and wrong for me.

  1. Maybe it has something to do with ampersands↥︎

New Restrictions on CNAME Cloaking Practices in Safari and Brave cunderwood.dev

Last year, Romain Cointepas of NextDNS explained a new technique used by web tracking providers to work around increased privacy protections in browsers:

A suitable name for this method would be CNAME Cloaking, and it is used to disguise a third-party tracker as first-party tracker. In this case, they are also purposely obfuscating this behind a random subdomain, with a CNAME to a generic and unbranded domain.

Some tracking companies, like AT Internet (formerly XiTi), are even going to great lengths to completely distance themselves from the domain used as CNAME destination. Try figuring out which company at-o.net belongs to (hidden WHOIS information and AWS IPs). This is live right now on lemonde.fr, one of the top news websites in the world, and on many other websites.

Using obfuscated identifiers seems to be the latest hotness in tracking, advertising, and ad block blockers. When Admiral, a popular anti-ad blocking service, is implemented on a website, it randomly chooses one of over a thousand domains to load its script. It is also a side effect of some website generators, like plugins for Facebook’s React framework, that create apparently random strings for classes and IDs which may be different whenever a page or site is rebuilt.

CNAME cloaking is a similar practice of masking the origin of third-party cookies through domain records and obfuscated URLs.

Cory Underwood today:

Browsers are mobilizing to combat the use of DNS CNAME records to bypass anti-tracking tech they have built in to their browsers. November is looking to be a triple whammy of developments in this area.

[…]

From the business point of view, any service using CNAMEs for cookie setting will either see that traffic disappear entirely (Brave) or have sizable reductions in lookback windows (iOS/iPadOS/Safari Big Sur).

This includes (but is not limited to) 7 days of lookback window for campaign measurement, possible increase in new users, possible loss of retention identification, and possible resegmentation of A/B testing cell assignments in scenarios where CNAME was used to set cookies.

Underwood points out that Apple itself uses CNAME cloaking on its website for Adobe Analytics. Perhaps it is unfair, but it does not look great for Apple’s technology side to ship a browser that encourages its analytics provider to find workarounds for tracking prevention at the same time its marketing side is using those same workarounds. At least Apple does not appear to be any cross-site tracking mechanisms.

Update: I corrected the description of how React and other generators work in the paragraph below the first excerpt. Thanks Ben.

Apple Releases iOS 14.2, Patching Vulnerabilities Being Actively Exploited in ‘Targeted’ Circumstances arstechnica.com

Juli Clover, MacRumors:

Apple today released iOS 14.2 and iPadOS 14.2, the second major updates to the iOS and iPadOS 14 operating system updates that were released in September. iOS 14.2 and iPadOS 14.2 come two weeks after the launch of iOS 14.1.

[…]

Apple traditionally updates iOS with new emojis each fall, and iOS 14.2 is the emoji update. iOS and iPadOS 14.2 include new Emoji 13 characters with options that include smiling face with tear, ninja, pinched fingers, anatomical heart, black cat, mammoth, polar bear, dodo, fly, bell pepper, tamale, bubble tea, potted plant, piñata, plunger, wand, feather, hut, and more, with a full list available here.

[…]

There’s a redesigned Now Playing widget in the Control Center that lists recently played albums that you might want to listen to when no music is playing. There’s also a redesigned interface for AirPlay, which makes it easier to play music across multiple AirPlay 2-compatible devices at the same time.

This redesigned Now Playing widget is fantastic if you use the default Music app: you can just put your headphones in your ears and the lock screen widget will suggest a handful of recently-listened albums. I do not know if this works with Spotify — if you know, please get in touch — but, in my use, it has often meant that something I want to listen to is right there waiting for me when I need it.

iOS 14.2 also includes a bunch of new wallpapers that, sadly, push out the classic blue marble image and the selection of flowers with bright gradients. Speaking of wallpapers, I have a correction to make: when I noted the new wallpapers in this update a couple of weeks ago, I wrote that “Apple has not added new Live and Dynamic wallpapers in years”. That is not true. Every new iPhone model has a device-specific Live wallpaper, all of which you can find in a massive wallpaper archive. It is true that Apple has not added a new Dynamic wallpaper in years, but because the same Live wallpaper library is not available to all devices, I missed the device-specific ones.

Dan Goodin, Ars Technica:

Apple has patched iOS against three zero-day vulnerabilities that attackers were actively exploiting in the wild. The attacks were discovered by Google’s Project Zero vulnerability research group, which over the past few weeks has detected four other zero-day exploits—three against Chrome and a third against Windows.

The security flaws affect iPhone 6s and later, seventh-generation iPod touches, iPad Air 2s and later, and iPad mini 4s and later. […]

[Shane Huntley][sh] of Google’s Project Zero team:

Targeted exploitation in the wild similar to the other recently reported 0days. Not related to any election targeting.

These vulnerabilities were patched in iOS 12.4.9, also released today for older devices, and in OS updates across Apple’s entire product line. If you were running the iOS 14.2 beta, you should know that today’s public version has a slightly newer build number than the release candidate version, so you should update.

No word yet on the specific target or suspected threat actor — in infosec parlance — but using fonts as a vector seems relatively uncommon, though it is not new. NIST’s search engine returns less than 700 CVE results for “font”, compared to around 3,000 for each “WordPress” and “JavaScript, and nearly 5,000 for “PDF”.

Hands-On With the iPhone 12 Mini and Pro Max engadget.com

With orders for the iPhone 12 Mini and iPhone 12 Pro Max beginning early tomorrow morning, Pacific time, journalists were invited to Apple’s Manhattan penthouse today to get a hands-on impression of the new phones. Since the review embargo doesn’t drop until early next week, none of the pieces released today have much more information than you can find on Apple’s marketing webpages.

But what is new in these videos and articles is the clearer impression of just how small the Mini is compared to everything else in the lineup. It is still bigger than the 5-series hardware, but appears to be noticeably smaller than the 4.7-inch form factor that was introduced with the iPhone 6. That seems to be pretty close to a sweet spot.

If the iPhone 12 Mini sells especially well, I have to wonder if Apple would consider making a more compact Pro variant in the future.1 Of the people buying the Mini, how many are buying it because it is the lowest-cost iPhone, and how many are buying it because it is the smallest? And, of the latter, how many are compromising their desire for Pro-level features because the size is so desirable to them?

This year, the differences between the iPhone 12 and 12 Pro — excluding the Max — are so subtle that I think the two middle-sized models are for niche buyers and, in a way, the extreme ends of the model spectrum might actually be the easiest sell. On paper, if you just want an iPhone, you should just buy the Mini and get a little more storage. If you really care about camera features, you should probably buy the Pro Max, even though it is the size of an aircraft carrier. The 6.1-inch models seem to only be for people who wanted to get an iPhone 12 earlier, want a little more battery life than the Mini, or really care about the telephoto lens. Again, this is all on paper; we will find out early next week how this year’s deceptively simple lineup works in day-to-day use.

Update: Dan Ackerman of CNet also has a good size comparison video featuring a few shots of accessories announced earlier this year without a release date, namely the leather sleeve case and MagSafe Duo charger. While Apple’s leather case will be available tomorrow, there is no word yet on when those other accessories will be available. Also, I wanted to use this opportunity to point out that the MagSafe wallet is exactly as wide as the iPhone 12 Mini and follows the same corner radius.

  1. I suppose it is also worth speculating about a non-Pro version of the Max, but I think that is less likely. If you’re going to get the big phone, why not get all of the extra features its form factor allows? Also, it must be said, it encourages buyers committed to the bigger screen to spend at least $1,099 instead of the presumed $929 it might cost for a hypothetical iPhone 12 Max, and I am sure Apple is not unhappy about that. ↥︎

Privacy Labels Required for App Store Apps No Later Than December 8 developer.apple.com

Apple Developer:

Later this year, the App Store will help users understand an app’s privacy practices before they download the app on any Apple platform. On each app’s product page, users can learn about some of the data types the app may collect, and whether that data is linked to them or used to track them. You can now enter your app’s privacy information in App Store Connect. This information will be required to submit new apps and app updates to the App Store starting December 8, 2020.

Apple says that, in most cases, disclosure is mandatory, with a narrow window for when it is optional. There is a broad list of data types that are considered possible vectors for tracking, and it is ideally a good move to require that developers explain their use of this personal information in more explicit terms.

I suppose the biggest questions are around whether Apple will be diligent in how it monitors the accuracy and completeness of these disclosures. That is:

  1. Can these privacy labels be trusted?

  2. Will developers face new difficulties with app review?

I hope this initiative is successful because people do not know what information apps collect and use. I worry that inconsistent oversight will make it troublesome and unreliable.

An Oral History of ‘Marge vs. the Monorail’ vice.com

Sean Cole of Vice interviewed a handful of people responsible for bringing to life one of my all-time favourite pieces of media, but one voice is missing: Conan O’Brien’s. O’Brien wrote the episode and, according to Cole’s reporting, no adjustments to his draft of the monorail song were made. It was that good. And, apparently, it “haunts [O’Brien] to this day”.

There are worse things to be haunted by than one of the single greatest episodes of American television.

Ride Sharing and Delivery Drivers in California Will Not Be Classified as Employees qz.com

Michelle Cheng, Quartz:

California voters on Nov. 3 approved Proposition 22, a statewide ballot initiative attempting to redefine the employment status of gig workers in the app-based economy.

The yes vote on Prop 22, the costliest ballot initiative in California history, means that app-based ride-hailing and delivery companies won’t need to classify workers as employees instead of contractors, or pay into benefits like workers compensation and health insurance in California.

Uber has long campaigned for a “third way” of classifying workers, with drivers receiving limited benefits while still being classified as contractors. Prop 22 guarantees gig workers new, limited healthcare subsidies and accident insurance, some reimbursement to account for gas and other vehicle costs, and a “minimum earnings guarantee” equal to 120% of the minimum wage applied to the drivers’ “engaged” time (defined as the time between accepting a ride request and completing the trip).

Those concessions were offered in exchange for an exemption from a new state labor law, known as AB5, which makes more difficult for businesses to classify California workers as contractors.

Uber, Lyft, DoorDash, and other companies exploit independent contractor classification as a core component of their business model, and AB-5 was explicitly painted as a remedy. But gig economy companies spent over two hundred million dollars to pass an initiative that exempts them from these terms, so now AB-5 only applies to a handful of freelancers who are still feeling the effects of the poorly-defined legislation. It was and remains, in principle, a worthwhile effort to protect independent contractor classification from abuse through legislation. But AB-5 failed to achieve those goals and has punished people who clearly ought to be considered freelancers.

In Praise of Copying matthewstrom.com

Matthew Ström:

Some people have been frustrated by copying, refused to accept it, and struggled with every ounce of their strength against it. Other people have used copying to their advantage, whether to improve themselves, build a community, or subvert authority.

I’ve only been able to have a career in design because I copied.

I hope that by the time you’ve finished reading, you’ll see how important copying is. Right or wrong, virtue or vice, copying is the way design works.

This essay — Ström refers to it as a “short book” — struck me as thoughtful and perhaps an attempt at being provocative. However, it makes many of the same arguments as many other works about the value of copying and the restrictive qualities of intellectual property protection. As I worked my way through it, I landed on this paragraph that crystallizes the essay’s argument and what I find misleading about it:

I don’t fancy myself to be the van Gogh of design, to be anywhere on the level of Stallman or Carmack in my approach to copying, possessing even one-one-hundredth of Steve Jobs’ ability to steal artfully, or to be in any way comparable to Charles or Ray Eames. But I can certainly copy all of their work. I can copy their mindset, their process, and their designs.

I fully buy the argument that copying prior art is a fundamental step in learning a craft. But I do not think copying a finished work inherently results in duplicating the process or mindset of creating the original. That requires thoughtful copying — a more deliberate action than simply re-creating something made by someone else.

I wish that is what this essay explored in more detail, because it feels like Ström got so close and then stopped writing. There are several paragraphs before the one I quoted above and only a few more after, and none of them truly explore copying and critical thinking together.

iPhone 12 Camera Module Replacement Now Requires a Proprietary Configuration Tool ifixit.com

Kevin Purdy of iFixit:

We scored the iPhone 12 a 6 out of 10 for repairability when we tore it down last week. Like most iPhones, it is a device designed, generally, to be opened and serviced, even if Apple prefers that only its technicians do so. Most parts can be replaced, the design prioritizes screws instead of glue, and critical components like the display and battery are some of the easiest repairs.

But after seeing some extremely odd results in our standard camera repair tests — spurred further by YouTuber Hugh Jeffreys, whose results matched our own — we felt compelled to dig deeper. The iPhone 12 camera, when transferred to another iPhone 12, appears to work on launch, but fails miserably in actual use. It refuses to switch to the ultrawide camera, responds only to certain camera modes, and occasionally hangs and becomes completely unresponsive.

Until this point, cameras have generally been easy to swap between iPhones of the same model. Even our iPhone 12 Pro tests had no issues: every function worked fine.

If Apple were nefariously attempting to prevent independent smartphone repair, it seems to me it would have made sure to lock down both the iPhone 12 and the 12 Pro. I do not think that is the case. Like the other problems with part swaps cited by iFixit, I think it is more likely that Apple simply does not consider independent shops when figuring out how to repair the devices it makes. It has its own repair program and I bet it believes that is sufficient. I do not think iFixit’s usual cynical assumptions are meaningful.

I do, however, agree that common part replacements should not require proprietary tools or technology. It would be very stupid if you were required to bring your car into a dealership for an oil change or to put your snow tires on. I am not entirely convinced by every right to repair argument. But, as I think more about the knock-on effects of increasingly proprietary repairs, it seems unwise to trust device and equipment makers to do the right thing. The camera module is clearly more product specific than something like engine oil for a car, but surely it should be possible to swap parts from the same model.

As an editorial aside, I think iFixit’s articles would be more persuasive if they focused more on the reality of what is actually happening and less on a cause that is somehow pure evil and highly speculative.

Canada’s News Media Lobby Is Promoting Its Ill-Advised Digital Link Licensing Plan on Facebook michaelgeist.ca

Michael Geist:

Last week, News Media Canada, the lobby group representing the major Canadian news media publishers, released a report calling for the creation of a government digital media regulatory agency that would have the power to establish mandated payments for linking to news articles on social media site, establish what content is prioritized on those sites, and potentially issue fines in the hundreds of millions of dollars. As I noted in my review of the report, it inaccurately describes the proposed Australian approach upon which it is modelled, avoids acknowledging that payments would be for links, and would open the door to hundreds of millions on tariff retaliation by the US under the USMCA.

Like the linking schemes in Australia and France, this appears to be terribly ill-advised. I might understand rules structured for special formats like AMP, or perhaps compensation for answers scraped by features like Google’s snippets. But just linking — the practice of encouraging someone to visit the source? Ridiculous.

The U.S. Department of Homeland Security Is Buying Cellphone Geolocation Data to Track People buzzfeednews.com

Hamed Aleaziz and Caroline Haskins, Buzzfeed News:

In an internal memo obtained by BuzzFeed News, the DHS’s top attorney, Chad Mizelle, outlined how ICE officials can look up locations and track cellphone data activity to make decisions on enforcement.

[…]

The document says that ICE and CBP purchased people’s mobile data from a data broker, although the document does not identify which one. All of the data is stored in an indexed, searchable database accessible through a “web portal.”

ICE and CBP buy advertising identifier data, or “AdID,” which typically includes information about where a person is located, what device they’re using, what language they use, which websites they’re visiting, and which websites they buy things from. All of this information isn’t linked to a person’s name, but to a randomly generated string of characters.

[…]

The document states that the DHS purchased AdID data that is anonymized and only shows “timestamped signal location(s) within a specific time period” — or where one device has been, and when. This in and of itself doesn’t tell ICE and CBP who a person is. But the document notes that it’s possible to “combine” the data “with other information and analysis to identify an individual user.”

The idea that bulk data collection can be anonymized is a lie, as is the notion that it is complex to de-anonymize it. This has long been known in industries able to exploit it, to everyone’s detriment. Now, it is powering a vast public-private partnership of surveillance by an organization that claims jurisdiction over a generous amount of U.S. territory with increasingly invasive capabilities and little accountability.