macOS Sierra & High Sierra — Apps Can Dump Passwords From Keychain

September 26, 2017 · 09:21

This applies to older versions of macOS too, as well as signed apps.

Patrick submitted everything needed for a fix to Apple. I wonder if they’ll also patch older versions of macOS. Hope they do, since I’m not planning on updating to High Sierra anytime soon.


Anatomy of a Moral Panic →

September 25, 2017 · 09:25

Maciej Cegłowski:

On September 18, the British Channel 4 ran a news segment with the headline, ‘Potentially deadly bomb ingredients are ‘frequently bought together’ on Amazon.’

The piece claims that “users searching for a common chemical compound used in food production are offered the ingredients to produce explosive black powder” on Amazon’s website, and that “steel ball bearings often used as shrapnel” are also promoted on the page, in some cases as items that other customers also bought.

The ‘common chemical compound’ in Channel 4’s report is potassium nitrate, an ingredient used in curing meat. If you go to Amazon’s page to order a half-kilo bag of the stuff, you’ll see the suggested items include sulfur and charcoal, the other two ingredients of gunpowder. (Unlike Channel 4, I am comfortable revealing the secrets of this 1000-year-old technology.)

Quality journalism is rapidly becoming a niche, and US TV news stations are one example — they’re basically unwatchable. I recently turned on CNN for a few minutes and it was a circus — a far cry from the professionalism I remember from their first few years of broadcasting.

I assume things will get better in the future, but I believe only a handful of publications will retain quality, and it will get a lot worse before that happens.


Designing Websites for iPhone X →

September 23, 2017 · 10:53

Timothy Horton details how to design websites around the notch, to take full advantage of the iPhone X’s display:

Out of the box, Safari displays your existing websites beautifully on the edge-to-edge display of the new iPhone X. Content is automatically inset within the display’s safe area so it is not obscured by the rounded corners, or the device’s sensor housing.

I’m curious to see how websites will creatively use the notch to their benefit. I have a few ideas myself, but nothing solid yet.


Austin Mann Takes the iPhone 8 Plus to India →

September 23, 2017 · 07:39

Austin Mann:

I’m writing to you from a small hotel room in India having just experienced a magical adventure in western India orchestrated by friends at Ker & Downey. I’ve shot thousands of images and countless portraits with the iPhone 8 Plus and I’m excited to share what I’ve learned.

While the iPhone 8 Plus looks essentially the same as the phone we’ve had since the 6 Plus, there are some new features in the 8 Plus which really impact creative pros across the board — most notably Portrait Lighting, along with a few other hidden gems.

I know what I can achieve with my iPhone. While I’m sure the 8 and 8 Plus have great cameras, Austin is the one that can use them to create art, instead of just simple snapshots. Amazing work, as usual — make sure to go to his site to see all of his shots.

Photo credit: Austin Mann


It’s Fossil That Apple Is Threatening →

September 23, 2017 · 07:33

Joe Thompson:

“I haven’t met with anybody [in Switzerland] yet who sees this [downturn] as anything other than a slump,” he told me in March. “They don’t see the threat from the smartwatch.” Apple will continue to perfect the smartwatch, he says. “By version 3 or 4, everyone will be thinking this is a good thing to have. Forty to 80 million people will want this.”

I got used to having my most important notifications on my wrist rather quickly, so much so, that when I take off my Apple Watch to wear my mechanical one, I forget to check my phone.

The problem with the Apple Watch is that it’s not special — visually or otherwise — which is the exact opposite of wearing a mechanical watch that you love. That doesn’t mean the latter has to be expensive either — I’m currently wearing a €400 Xicorr FSO M20 which I simple adore and love to pause throughout the day just to look at. Despite having a Space Black Series 0, those feelings passed very quickly.

And that’s the problem with the Apple Watch for people such as me — I love its functionality, but it still competes for my left wrist with a classical piece of precise machinery. But I also wear a Fitbit Alta on my right wrist. If Apple chose to fight for that with a sport-band-type device, which offered Siri, Messages, and LTE, it could easily win the fray.


Craig Federighi Says 3D Touch App Switcher Gesture Will Return in Future Update to iOS 11 →

September 23, 2017 · 07:17

Joe Rossignol:

Apple software engineering chief Craig Federighi has revealed that a popular 3D Touch gesture for accessing the App Switcher will apparently return in a future update to iOS 11.

Federighi, replying to an email from MacRumors reader Adam Zahn, said Apple had to “temporarily drop support” for the gesture due to an unidentified “technical constraint.”

I was getting ready to voice my disappointment — I use this gesture multiple times a day — but now I’m just happy it’ll be back soon!


iPhone 8 Is World’s Fastest Phone (It’s Not Even Close) →

September 22, 2017 · 20:29

Mark Spoonauer:

If you’re wondering how all this translates to real-world performance, we have more good news for iPhone 8 shoppers — and bad news for everyone else. To really put the A11 Bionic chip through its paces, we put the same 2-minute video, shot in 4K by a drone, on the iPhone 8, Galaxy Note 8 and Galaxy S8+, and then added the same transitions and effects before exporting and saving the video.

The iPhone 8 finished this strenuous task in just 42 seconds, while the Note 8 took more than 3 minutes. The Galaxy S8+ took more than 4 minutes.

While I don’t much care for synthetic benchmarks, which are being posted all over Twitter today, I do like to have performance at my disposal, when needed. The real-world test above is one of those examples, where the differences are hard to comprehend without seeing them with your own eyes. I just wish they’d added an iPhone 7 to the mix, just to see how quickly the A-series of chips is evolving.

Having said all that, I prefer to have all that power in my iPad, which I use much more often than my iPhone. And I do — the A10X Fusion is still amazing.


iPhone 8 Plus Is The Best Smartphone Camera Ever Tested By DxOMark →

September 22, 2017 · 18:27

David Cardinal, writing for DxOMark:

The Apple iPhone 8 Plus has a main camera system truly worthy of a flagship phone. Similar to the iPhone 7 Plus, it features two cameras — a wide-angle 12MP main camera, and a 12MP telephoto camera with a slower lens for zooming in on subjects and for special effects such as Portrait mode. Comparing the camera datasheets of the older iPhone 7 Plus and the new iPhone 8 Plus make the two look almost identical; however, under-the-hood upgrades have given the 8 Plus an image quality and camera performance boost in almost every one of our tested categories.

I’m still curious as to the exact physical changes in the camera system — Phil Schiller said that the sensors are now larger, but what are their sizes? While the latter certainly helps, it appears that the greatest advances in the near future will be made on the software side.


Report Repeats Rumors of Larger 6.5-Inch iPhone for Next Year →

September 17, 2017 · 14:12

Ben Lovejoy:

Hinting at a source within Samsung Display, the report suggests that next year’s iPhone will be offered in two sizes: a 5.85-inch one with the same screen size as the iPhone 8, and a larger 6.46-inch ‘Plus’ model …

I strongly believe that Apple will at one point finally retire the current iPhone 6/6S/7/8 design and focus on the “edge-to-edge” design of the iPhone X. While they could simplify their lineup drastically, offering only an iPhone X in two sizes, they currently sell eight (8!) different iPhones — the 6S and 6S Plus, 7 and 7 Plus, 8 and 8 Plus, SE, and X1. Ideally, they would reduce that to three — an iPhone X with ~5”, 5.8″, and ~6.5“ displays — like they did with the iPads.

It will be interesting to watch how they handle the whole transition over the next few years.

  1. Elon Musk must be furious.

Why I Owned a Macbook Pro for a Day And What It Says to Me About the Future of Apple →

September 7, 2017 · 12:14

John Risby:

The short version of this story is if you have a late 2016 15″ touch bar model and you have problems with noises or the screen, go to Apple and, unless you know you’ve done something stupid like dropped it or put a hammer through the screen, demand they fix it or replace it.

The full version below is much longer and quite boring. But it’s here for public record and to get it off my chest more than anything else.

I had two 13“ MacBook Pro Touch Bar devices1 and returned them both, but not because there was something wrong with them — I just didn’t like the Touch Bar and short battery life. John’s story is a completely different experience though — having gone through something similar in regard to my iPhone 7 Plus, I believe every word he wrote.

Sadly Apple seem to have stopped trying to be the Porsche or Ferrari of computers, while keeping the same prices — or, in the case of this Macbook range, actually putting the prices up — but decided to adopt the customer services policies of a dodgy used car lot.

Sadly, they do seem to be going downhill, and I write this from personal experience.

  1. Pun intended.

A Simple Design Flaw Makes It Astoundingly Easy to Hack Siri and Alexa →

September 7, 2017 · 12:06

Mark Wilson:

Chinese researchers have discovered a terrifying vulnerability in voice assistants from Apple, Google, Amazon, Microsoft, Samsung, and Huawei. It affects every iPhone and Macbook running Siri, any Galaxy phone, any PC running Windows 10, and even Amazon’s Alexa assistant.

Using a technique called the DolphinAttack, a team from Zhejiang University translated typical vocal commands into ultrasonic frequencies that are too high for the human ear to hear, but perfectly decipherable by the microphones and software powering our always-on voice assistants. This relatively simple translation process lets them take control of gadgets with just a few words uttered in frequencies none of us can hear.

The researchers didn’t just activate basic commands like “Hey Siri” or “Okay Google,” though. They could also tell an iPhone to “call 1234567890” or tell an iPad to FaceTime the number. They could force a Macbook or a Nexus 7 to open a malicious website. They could order an Amazon Echo to “open the backdoor.” Even an Audi Q3 could have its navigation system redirected to a new location. “Inaudible voice commands question the common design assumption that adversaries may at most try to manipulate a [voice assistant] vocally and can be detected by an alert user,” the research team writes in a paper just accepted to the ACM Conference on Computer and Communications Security.


Apple, Amazon Join Race for James Bond Film Rights →

September 7, 2017 · 12:04

Tatiana Siegel:

The James Bond sweepstakes has taken an unexpected turn. While Warner Bros. remains in the lead to land film distribution rights to the megafranchise — whose deal with Sony expired after 2015’s Spectre — a couple of unlikely suitors have emerged that also are in hot pursuit: Apple and Amazon.

The tech giants are willing to spend in the same ballpark as Warners, if not much more, for the rights, sources tell The Hollywood Reporter. MGM has been looking for a deal for more than two years, and Sony, Universal and Fox also had been pursuing the property, with Warners and Sony the most aggressive.

But the emergence of Apple — which is considered such a viable competitor that Warners is now pressing MGM hard to close a deal — and Amazon shows that the digital giants consider Bond one of the last untapped brands (like a Marvel, Pixar or Lucasfilm) that could act as a game-changer in the content space. Apple’s and Amazon’s inclusion in the chase would indicate that more is on the table than film rights, including the future of the franchise if MGM will sell or license out for the right price.

The Star Wars franchise has shown that refreshing the format is a potentially viable strategy. I really loved The Force Awakens and Rogue One wasn’t far off — it’s not perfect, but it is a chance to spend more time in the Star Wars universe. The James Bond series of movies is my other favourite — I’ve been watching them all my life — and there is a potential here to expand upon it, perhaps even venturing into TV show territory. James has worked with other 00 agents in his movies before and I’d happily watch their adventures too.

Oh! Apple still hasn’t proven itself trustworthy in this sector (Tim Cook and Bono, Planet of the Apps), so I hope they don’t screw this up, if they get the rights.


Apple to Reveal Steve Jobs Theatre on September 12, 2017 →

September 7, 2017 · 11:55

Alex Webb:

The entrance to the venue sits underneath a silver disc, whose supporting glass panels make it seem to float 20 feet above the surrounding clearing. The auditorium itself occupies four underground stories, and to get there, journalists will descend a staircase spiraling down alongside the walls.

It also boasts two custom-made rotating elevators, which turn as they ascend and descend so that passengers enter and exit by the same door even as they go in and out from different directions. So far, so Apple—the more elegant single door, with its complex engineering, preferred to the more obvious double-door solution.

Once CEO Tim Cook and his cohorts finish showing off the new iPhones, Apple Watch and TV onstage, a surprise will await the departing attendees. An inside wall, which obscures a hollow space below the floating saucer, will retract to reveal the product demonstration room, according to someone with knowledge of the design. For fellow Brits: think the Thunderbird 3 launchpad underneath Tracy Island’s circular pool house.

I’m sure the new iPhone will be great, but this new building has me more excited at the moment.


1Password Command-Line Tool Public Beta →

September 7, 2017 · 11:54

Connor Hicks:

Here at AgileBits, we’ve been working hard over the last few months to bring power users, developers, and administrators more powerful ways to interact with 1Password. We’re proud to announce that we have something that fits the bill. It’s called the 1Password command-line tool, and we can’t wait to see what you build with it. Let me take this opportunity to walk you through the exciting potential […]

You can download op for macOS, Linux, FreeBSD, OpenBSD, and NetBSD on i386, ARM, and AMD64 architectures. Oh, and our Windows friends can play too!


Pixelmator Pro for Mac teased →

September 6, 2017 · 11:29

Between Pixelmator and Affinity Photo/Designer, Adobe will soon have a big problem on their hands — not only do I prefer the UI of these new „indie” apps, but they appear to be much more modern, with simpler, more effective tools.

Lightroom and InDesign have yet to be dethroned though.


Apple Axes Annual Apple Music Festival in London After 10 Years →

September 5, 2017 · 09:20

Tim Ingham:

Apple has confirmed to MBW that it will no longer be hosting the annual Apple Music Festival at London’s Roundhouse.

The UK event officially became the Apple Music Festival in 2015 as part of a rebranding away from its original name of the iTunes Festival.

The annual show was first held in 2007 – typically running for a month at a time with concerts every night, and tickets going to competition winners.

This was one event I looked forward to every year. Sad to see it go. I still distinctly remember a cozy evening spent with my wife, listening and watching Ludovico Einaudi perform.


Google Flipped Out →

September 2, 2017 · 10:35

Kashmir Hill:

I was working for Forbes at the time, and was new to my job. In addition to writing and reporting, I helped run social media there, so I got pulled into a meeting with Google salespeople about Google’s then-new social network, Plus.

The Google salespeople were encouraging Forbes to add Plus’s “+1″ social buttons to articles on the site, alongside the Facebook Like button and the Reddit share button. They said it was important to do because the Plus recommendations would be a factor in search results—a crucial source of traffic to publishers.

This sounded like a news story to me. Google’s dominance in search and news give it tremendous power over publishers. By tying search results to the use of Plus, Google was using that muscle to force people to promote its social network.

I asked the Google people if I understood correctly: If a publisher didn’t put a +1 button on the page, its search results would suffer? The answer was yes.

After the meeting, I approached Google’s public relations team as a reporter, told them I’d been in the meeting, and asked if I understood correctly. The press office confirmed it, though they preferred to say the Plus button “influences the ranking.” They didn’t deny what their sales people told me: If you don’t feature the +1 button, your stories will be harder to find with Google.

With that, I published a story headlined, “Stick Google Plus Buttons On Your Pages, Or Your Search Traffic Suffers,” that included bits of conversation from the meeting […]

Google promptly flipped out.

This borders on blackmail, NDA or not.


How Apple Could Change the Way You Use the Next iPhone →

August 30, 2017 · 14:08

Mark Gurman, writing for Bloomberg:

[…] Apple has tested the complete removal of the home button—even a digital one—in favor of new gesture controls for tasks like going to the main app grid and opening multitasking, according to the people and the images.

The paragraph above doesn’t seem to indicate that this is how Apple solved (or will solve) the problem. Mark just says that this is something that has been tested.

Across the bottom of the screen there’s a thin, software bar in lieu of the home button. A user can drag it up to the middle of the screen to open the phone. When inside an app, a similar gesture starts multitasking. From here, users can continue to flick upwards to close the app and go back to the home screen. An animation in testing sucks the app back into its icon. The multitasking interface has been redesigned to appear like a series of standalone cards that can be swiped through, versus the stack of cards on current iPhones, the images show.

This solution, heavily relying on gestures, could potentially be much more time-consuming than just hitting the home button. Again, this could or could not make it to iOS 11 on the ‘iPhone 8’.


There seems to be no other new information from Mark in his latest piece and the original headline is a bit misleading, so I rewrote it.


Uber to End Post-Trip Tracking of Riders as Part of Privacy Push →

August 30, 2017 · 10:30

Dustin Volz, writing for Reuters:

“We’ve been building through the turmoil and challenges because we already had our mandate,” said Sullivan, who is a member of the executive leadership team that has been co-running Uber since Kalanick left in June.

An update to the app made last November eliminated the option for users to limit data gathering to only when the app is in use, instead forcing them to choose between letting Uber always collect location data or never collect it.

Uber said it needed permission to always gather data in order to track riders for five minutes after a trip was completed, which the company believed could help in ensuring customers’ physical safety. The option to never track required riders to manually enter pickup and drop-off addresses.

I’m pretty sure their backtracking on the issue is the result of #DeleteUber and other protests — they miscalculated.


APFS on SSDs Mandatory in macOS High Sierra →

August 30, 2017 · 09:58

Apple Support:

Apple File System (APFS), is the default file system in macOS High Sierra for Mac computers with all flash storage. APFS features strong encryption, space sharing, snapshots, fast directory sizing, and improved file system fundamentals.

When you upgrade to macOS High Sierra, systems with all flash storage configurations are converted automatically. Systems with hard disk drives (HDD) and Fusion drives won’t be converted to APFS. You can’t opt-out of the transition to APFS.

Please make sure to create a good backup (or three!) before upgrading to High Sierra, because Shit Happens™ when you don’t have one (or three!).


One Giant Screen Keyboard →

August 29, 2017 · 14:39

Benjamin Mayo:

In fact, the Touch Bar has a clear path of iteration ahead of it. Make it cheaper, roll out to lower-end Macs, add haptic response, and ultimately take over the whole keyboard with one giant screen.

I sure as hell hope that won’t happen, but perhaps it really is inevitable? Looking at the computer keyboards used in The Fate of the Furious, this could be sooner than we imagine.


Google Removes 300 Apps Used to Launch DDoS Attacks From Play Store →

August 29, 2017 · 14:32

Kate Conger, writing for Gizmodo:

Google has removed roughly 300 apps from its Play Store after security researchers from several internet infrastructure companies discovered that the seemingly harmless apps—offering video players and ringtones, among other features—were secretly hijacking Android devices to provide traffic for large-scale distributed denial of service (DDoS) attacks.

How many more have yet to be discovered?


The Future of the Touch Bar and Touch ID →

August 29, 2017 · 08:54

Chuq Von Rospach, writing down his thoughts about facial recognition replacing Touch ID:

With the iPhone 8, it looks like that new technology is here. And if this is true, that explains at least in part why the Touch ID sensor was downplayed in last fall’s announcements (don’t want to oversell something they know is going away) and why we don’t have a Touch Bar keyboard. It made no sense to build that product since a year later it would be replaced.

If I’m right, future Macs will use the infrared facial recognition, and they can embed those sensors in the bezel of the monitor on both the iMac and the laptops. This simplifies the problem of needing to secure the communication between the sensor and the Secure Enclave; by moving those sensors into the device and off the keyboard, everything gets a lot cleaner. And they can build a much less expensive keyboard with a Touch Bar on it that doesn’t require the level of communication security that would be required if it also had the Touch ID sensor.

There were also rumours about Apple being surprised about the number of older MacBook Pro (2015) orders when the late 2016 models came out. When added to the fact that the Touch Bar wasn’t universally well received, perhaps they re-evaluated their stance on the future of keyboards and will either scrap the Touch Bar entirely1 or make it optional. Either way, the Touch Bar is neither the future of keyboards, nor is it a sensible stop-gap to on-screen keyboards. In my use case, where I can’t even see it without moving my hands off the keyboard, it’s just an annoyance and I consider it to be bad design.

In retrospect, I believe had Apple just added Touch ID to every MacBook and keyboard2, skipping the Touch Bar entirely, they would have garnered much more praise, instead of the mixed reviews, which mostly focused on the Touch Bar itself, often mentioning Touch ID only in passing.

  1. Which is my hope.
  2. Perhaps making it optional, so as not to freak people out with higher prices.

DJI Removes JPush Plugin From Their App for Collecting User Data Without Approval →

August 29, 2017 · 08:04

This is yet another example of third-party libraries, plugins, or add-ons, which do things they aren’t supposed to:

DJI has removed a third-party plugin called JPush, which was introduced in March 2016 for iOS and May 2017 for Android. We implemented the plugin as a way to push notifications when video files are successfully uploaded to DJI’s SkyPixel video sharing platform. JPush assigns a unique JPush ID to each user and informs SkyPixel of this ID when the user chooses to upload a video. After uploading is complete, SkyPixel sends the user’s unique JPush ID back to the JPush server, triggering an “Upload Complete” notification on the user’s DJI GO or DJI GO 4 apps. By using JPush’s third-party plugin, DJI has allowed users to multitask while uploading large video files to SkyPixel occurs in the background of their app.

As a third-party company, JPush only needs to send and receive a minimal, narrowly-defined amount of data in order for this function to work properly. Recent work by DJI’s software security team and external researchers has discovered that JPush also collects extraneous packets of data, which include a list of apps installed on the user’s Android device, and sends them to JPush’s server. DJI did not authorize or condone either the collection or transmission of this data, and DJI never accessed this data. JPush has been removed from our apps, and DJI will develop new methods for providing app status updates that better protect our customers’ data.

I still don’t quite understand how and why developers and companies would choose to go down this route without a detailed check of what the used third-party code does precisely. Laziness, I guess.


Touch Bar: Optional →

August 28, 2017 · 18:51

Chuq Von Rospach:

The current laptop line forces users to pay for the Touch Bar on the higher end devices whether they want it or not, and that’s a cost users shouldn’t need to pay for a niche technology without a future. So Apple needs to either roll the Touch Bar out to the entire line and convince us we want it, or roll it back and offer more laptop options without it. I’m going to be curious what they do if/when they announce updated Laptops this fall.

I still believe the Touch Bar should be optional and customers should be able to specify every model with or without it, depending on their needs and preferences. At the same time, Touch ID should be integrated into the models with ‘real’ keyboards, although having it as another option would be preferable.

I wrote my ‘quick review’ of the 13“ Escape in January and I still stand by my words:

Not having the Touch Bar is such as relief. I was actually surprised, when I realised it, about 5 minutes into configuring this Mac. I felt complete, having the function row back. The Touch Bar is most definitely not for me. Don’t get me wrong, I get why some people like it, but I try to keep my hands on the keyboard at all times, using shortcuts to get what I need done. This allows me not to take my eyes off of the screen. Unfortunately, I could not get used to shifting my eyesight down at the Touch Bar from the display, which was made worse by the fact that when using the MacBook Pro on my lap, my hands would block it.

I truly hope that the Touch Bar will become an option in the future — I’m a diehard keyboard fan and I do not want to change my habits for what I consider a gimmick. I want to be able to buy any MacBook Pro and specify whether I want a Touch Bar or not, like RAM or the CPU.


Apple ‘Aiming To Use’ Steve Jobs Theatre for iPhone 8 Launch →

August 28, 2017 · 16:36

Benjamin Mayo:

The Wall Street Journal is reporting that Apple has indeed scheduled an event on September 12. On that date, Apple is set to announce the new iPhone models, as well as cellular Apple Watch and a 4K Apple TV set-top box. We are still waiting for Apple to send out invites to press to make the event official, although it is all but confirmed at this point.

In terms of event location, the report says that the company is ‘aiming to use’ the Steve Jobs Theater in Apple Park for the first time …

I’m pretty sure Apple Park is amazing to behold for the first time, from an architectural point of view especially, but I would love to be able to see the inside of the Steve Jobs Theatre at least once in my lifetime.