So Zoom runs a web server on your Mac (even after you uninstall the app), and that web server can launch Zoom calls via URLs, and those Zoom calls can default to having your camera open. Which apparently makes it very easy to embed something into a web page (or an ad) in an attempt to trick people into unwittingly opening a video chat.
Remote video exploits are one of the worst case scenarios of security vulnerability, and this is it. It looks like Zoom took over two months to start responding to it from the timeline, and if that’s true, it’s irresponsible security practice.
If you have Zoom installed on your Mac, check the “Patch Yourself” section of the article to block the functionality that allows this.
The New York Times has written a great dive into mobile apps that harvest data off your device, such as location data. Many of these companies feel entitled to harvest and store your data for things like location when you give consent for location access, and are in the business of selling that data to advertisers.
The book ‘1984,’ we’re kind of living it in a lot of ways.
Bill Kakis, a managing partner at Tell All
I’ve been removing a lot of the native apps I’ve relied on recently in favor of mobile web apps. I won’t let Facebook run code natively on any device I own, precisely because I know they go out of their way to capture every scrap of data they can. Running Instagram in a mobile web browser provides a much stronger sandbox, limiting the amount of data they can steal dramatically.
Apple and Google have largely destroyed any real marketplace for paid apps that don’t need to rely on selling data, and app review mechanisms have been unwilling or unable to protect customers from it. They deserve a huge share of blame for the status quo being what it is.
Microsoft, it seems, has removed all of the barriers to remaining in your ‘flow.’ Surface is designed to adapt to the mode you want to be in, and just let you do it well. Getting shit done doesn’t require switching device or changing mode, you can just pull off the keyboard, or grab your pen and the very same machine adapts to you.
It took years to get here, but Microsoft has nailed it. By comparison, the competition is flailing around arguing about whether or not touchscreens have a place on laptops. The answer? Just let people choose.
This coherency is what I had come to expect from Apple, but iPad and MacBook look messier than ever. Sure, you can get an iPad Pro and Apple Pencil, but you can’t use either of them in a meaningful way in tandem with your desktop workflow. It requires switching modes entirely, to a completely different operating system and interaction model, then back again.
The Surface lineup is super compelling now, and Windows continues to get better and better through minor feature updates every few months. Microsoft under its new CEO is cleaning up its act and actually conveying and executing a vision for how the personal computer fits into a modern lifestyle in 2018. At a time when Apple is struggling to remember that it’s creator audience exists, Microsoft is capitalizing on it and giving people what they want.
That said, it’s really silly that the Surface Studio 2, their iMac equivalent, is using a 7th generation CPU when Intel’s 8th generation has been out for months, and some of these are missing USB-C and Thunderbolt 3. There is definitely more work to do to bring these machines to peak performance.
I really wanted to like this show. I loved 24, and this seemed like it would embrace lots of the political intrigue elements that made 24 as captivating as it was. Ultimately, it failed to capture much of that.
Here’s hoping Netflix works some magic on it to give it a new shot at life.
Firefox is going to start being more aggressive about blocking slow and invasive trackers by default. This is a great move to speed up the web and make things more secure and private by default. And there’s a way to enable it today.
Long page load times are detrimental to every user’s experience on the web. For that reason, we’ve added a new feature in Firefox Nightly that blocks trackers that slow down page loads. We will be testing this feature using a shield study in September. If we find that our approach performs well, we will start blocking slow-loading trackers by default in Firefox 63.
In the physical world, users wouldn’t expect hundreds of vendors to follow them from store to store, spying on the products they look at or purchase. Users have the same expectations of privacy on the web, and yet in reality, they are tracked wherever they go. Most web browsers fail to help users get the level of privacy they expect and deserve.
In order to help give users the private web browsing experience they expect and deserve, Firefox will strip cookies and block storage access from third-party tracking content. We’ve already made this available for our Firefox Nightly users to try out, and will be running a shield study to test the experience with some of our beta users in September. We aim to bring this protection to all users in Firefox 65, and will continue to refine our approach to provide the strongest possible protection while preserving a smooth user experience.
Deceptive practices that invisibly collect identifiable user information or degrade user experience are becoming more common. For example, some trackers fingerprint users — a technique that allows them to invisibly identify users by their device properties, and which users are unable to control. Other sites have deployed cryptomining scripts that silently mine cryptocurrencies on the user’s device. Practices like these make the web a more hostile place to be. Future versions of Firefox will block these practices by default.
Firefox got really good last year and you should be using it.
This New York Times interview with Elon Musk is something. When Musk is spinning off companies like The Boring Company and selling crappy flamethrowers rather than salvaging Tesla’s Model 3 production woes, it says to me that he’s burnt out running these companies, and this interview pretty much confirms that.
I created an account on Mastodon.social, you can find me on @email@example.com. If you’re into that sort of thing, you can follow me over there.
Eventually I hope to create an ActivityPub setup that can publish directly to my own site and the Mastodon network. But until then, this is good enough. Between Twitter’s ongoing moral cowardice and their ongoing hostility towards the developers that made them what they are, I can’t continue siloing my data there.
But Mastodon is so far revealing itself to be much more pleasant than Twitter, and it has some interesting forward-thinking decisions that I’ll talk more about later. In the meantime, go find me on there. You can sign up on the instance I use, Mastodon.social, or you can sign up at any number of other instances, such as those found on instances.social or joinmastodon.org. Even if you sign up on a different instance, just search for my handle @firstname.lastname@example.org and it should work just fine.
Apple’s App Review has made another sweeping change that is disrupting the lives of developers yesterday, kicking out a bunch of apps without warning that are for gambling. Many of the apps involved have either nothing resembling gambling mechanics in them. And many of these are from small developers who effectively have no recourse.
It appears that this was a massive overreach that is actively getting walked back by Apple, but it still highlights the fact that Apple can and will terminate your business on a whim, without warning, based on whatever reason they like. And since you can’t bypass the App Store like you can on Android, if your business depends on this, you’re toast. Decisions like this are why I don’t make my own iOS apps anymore.
Apple’s official line:
In order to reduce fraudulent activity on the App Store and comply with government requests to address illegal online gambling activity, we are no longer allowing gambling apps submitted by individual developers. This includes both real money gambling apps as well as apps that simulate a gambling experience.
As a result, this app has been removed from the App Store. While you can no longer distribute gambling apps from this account, you may continue to submit and distribute other types of apps to the App Store.
They’ve pulled magazine app (since restored), a GIF search app (since restored), a YouTube search app (since restored), a YouTube player, a photography app, a Reddit client (since restored), and many others. It’s unclear if these were all automated, though in at least one case it appeared to involve a call to Apple developer support. There’s also an 11 year old blackjack game and a poker chips calculator app, which possibly could fall under some definition of “simulated gambling”, which is now apparently against the rules for some reason.
Since there is no oversight of App Review or the rulings it makes, there is no way to know the full extent of the bans, how many apps were affected, or what percentage of them are being reinstated. Still, it sounds like this was an error at least some of the apps are returning. I’m sure the developers could’ve done without the panic attack from an email suddenly stating that their apps were kicked off, though.
Meanwhile, Apple continues to allow and profit heavily from apps with actual gambling mechanics like loot boxes and gacha games that encourage people, including minors, to gamble.
AMD’s Threadripper CPU platform snuck up on everyone last year and revealed itself to be an incredible platform for high-end computing with chips going from 8 cores to 16 cores. Just one year later, they’re taking that platform all the way up to a mind-bending 32 CPU cores. It fits nicely between their mainstream Ryzen CPUs and their Epyc CPUs to take a prominent place for workstations used by professionals.
The new chips come in 12, 16, 24, and 32 core varieties, each with AMD’s take on hyperthreading that effectively doubles the thread count. And these chips are priced at $649, $899, $1299, and $1799 respectively. This puts each chip at roughly $54-$57 per core. Intel, by comparison, can’t come close to hitting those prices. Intel’s workstation CPU flagship, the 18-core i9-7980XE, costs $1879 while having 14 fewer cores. At every rung of the ladder, Skylake X costs significantly more per core. On the server side, it’s even worse. Xeons often cost several thousand dollars.
AMD is singlehandedly responsible for revitalizing the desktop CPU market, leaving Intel scrambling, and I’m really excited about the future. I’m strongly considering stepping up to the 2920X and its 12 cores and 64 PCIe lanes, and finally building Hackintosh support into my machine.
Apple’s quarterly results showed the Mac down 13% year-over-year. Everything was out of date; the new MacBook Pros didn’t ship until Q3 in July, so that certainly didn’t help. John Voorhees also has some handy charts over at MacStories.
I really hope Apple starts to get the Mac back in shape soon. They showed a relatively strong offering of Mac software at WWDC, probably the most exciting since the reveal of the trash can Mac Pro in 2013.
Also, it’s getting really popular.
I got a time of 26 minutes 21 seconds, with 73 deaths. I kicked a couple bucks to the developer. Check it out.
Of all the companies to acquire GitHub, Microsoft is probably the best. What was a critical piece of internet infrastructure held up under a venture capital model will now at least be sustained by one of the biggest tentpole companies in the software industry. They will presumably be able to bring some organizational support and work to shore up the sites notoriously rocky reliability. And a company like Microsoft will hopefully not be able to shrug off a sexual harassment claim the way GitHub did.
I don’t see this alleviating a major problem with software engineering culture, the over-reliance on GitHub as a centralized home of code. Git is distributed by nature and most of the value added by GitHub (PRs, issues, wikis, etc.) are found on competitive platforms like GitLab and Bitbucket. But many companies rely exclusively on GitHub, and many tools like Travis CI support GitHub exclusively. Competition makes everyone better, and Microsoft will probably use its existing platforms to further lock in developers and companies and reduce competition.
I personally use a self-hosted instance of GitLab on my VPS server (which is quite easy to install nowadays), which provides me with all the features I would want and an unlimited capacity of private repositories. I use it for continuous integration and continuous deployment with its built-in Docker image registry, and those images get deployed automatically to servers. I’m hoping to do a tutorial on setting that up.
Interesting timing with WWDC kicking off tomorrow, though.
I wrote a guest post for MacStories, covering the history of patent law surrounding patent trolls. While recent lawsuits from Lodsys and Kootol are causing panic and alarm from indie developers, it’s not like this threat is suddenly new. Patent lawsuits have always been on the table, but they were ignored by the majority of small companies. Now it’s clear that patent holders will pursue people who violate their patent. Whether ethical or not, they are legally required to defend their patents, and that means we will see more patent lawsuits pursued by trolls. Meanwhile, none of these small developers can afford to fight, so they settle, perpetuating the cycle.
Twitter recently introduced a feature on its website called “Who To Follow”. This feature presents you with a list of people you aren’t following already, but who are active in your social graph. However, I happen to be very proactive in finding new people to follow through a variety of means, and have no need for Twitter to point it out to me. I thought it was a bit obnoxious to see, especially considering both of my first recommendations were people I had blocked.
This Safari extension removes that box from the Twitter homepage, whether you have it turned on for you or not. It’s a simple CSS stylesheet that sets display:none on that box. You’ll never have to see it again.
You can download it here. I’m still a bit new at Safari extensions, but it should auto-update in the future if I ever release an update.
Update 9/18/2010: Follow Freely 1.1 has been released, with support for the new Twitter web client. It also fixes the issue where Safari would constantly say there was an update available.
Caboose is an app that loads notifications from the Boxcar service. It provides a reusable class for interacting with the Boxcar service for receiving push notifications. Currently it loads notifications for one account and dumps them to a Growl feed, but a full UI is planned.
This is hilariously effective. It scrapes a few online lyrics databases and does some analysis to determine the quality of a rhyme. Be sure to check the bottom of the whitepaper for some sample output.
For a little less than a year, I’ve been writing code built atop Twitter, specifically Matt Gemmell’s MGTwitterEngine. I’ve got a few things running on this code, which I’ve not talked about publicly (other than minor hints on Twitter), but have been well-received by the few people who have seen it. Still, these projects have needed to extend both MGTwitterEngine and related libraries to add functionality or fix bugs. I’ll spend this blog post documenting some of those changes across the different projects.
Technical details of the upcoming Flash Player for Mac, wherein the Adobe team is switching to using Core Animation to do faster rendering of non-video Flash files. It’s worth noting that the performance will only initially be seen in Safari on Mac OS X 10.6, as the plugin is fully Cocoa-ized now.
Also interesting to note is that Flash is still using the ancient QuickDraw APIs which have been deprecated for years.