74 stories
·
1 follower

How Meltdown and Spectre Were Independently Discovered by Four Research Teams at Once

1 Comment

Great piece by Andy Greenberg for Wired:

Yet when Intel responded to the trio’s warning — after a long week of silence — the company gave them a surprising response. Though Intel was indeed working on a fix, the Graz team wasn’t the first to tell the chip giant about the vulnerability. In fact, two other research teams had beaten them to it. Counting another, related technique that would come to be known as Spectre, Intel told the researchers they were actually the fourth to report the new class of attack, all within a period of just months.

“As far as I can tell it’s a crazy coincidence,” says Paul Kocher, a well-known security researcher and one of the two people who independently reported the distinct but related Spectre attack to chipmakers. “The two threads have no commonality,” he adds. “There’s no reason someone couldn’t have found this years ago instead of today.”

Read the whole story
martinbaum
14 days ago
reply
It's interesting when this happens. We came to call it Bell Telephone but Alexander Graham wasn't the only one to figure it out at roughly at the same time.
Share this story
Delete

★ Pressing the Side Button to Confirm Payments on iPhone X

3 Comments

Occasionally I notice a burst of traffic to Daring Fireball from Hacker News. It’s always short-lived, because for reasons I’ve never seen explained, Daring Fireball articles always get blacklisted from Hacker News once they hit their front page. It’s apparent that a lot of HN readers do not like my work on the basis that they see me as a shameless Apple shill, but it’s a shame the articles get deleted because I like reading the comments. I feel like it keeps me on my toes to read the comments from people who don’t like Daring Fireball.

Even after being blacklisted from the Hacker News homepage, though, the comment threads still exist. I went through the Hacker News comments on my iPhone X review today, a few comments about how Apple Pay works on the iPhone X caught my attention:

arielm:

Apple made some interactions so unintuitive that even I was confused. One example is purchasing an app. Pre-X, you’d tap the “get” button and place your finger on the home button or enter your password. With the X you have to tap the button, look at your device, and then follow the most unintuitive animation to actually press the physical side button.

nkristoffersen:

I’ve had the X for a few days now. The animation to press the physical button totally had me stumped the first few times! Overall I’m a fan (such as great camera and great screen) but some of the new interactions are taking some getting used to.

breatheoften:

Yeah the explanation for the side button tap should be considered a straight up bug — I had to google what to do.

These remarks caught my attention because a technically-savvy family member was confused by the same thing the first time they tried to buy an app on their new iPhone X. They showed me the phone with the “Double Click to Pay” animation1 and asked me, “What am I supposed to double click here? It doesn’t work.” What they had tried was double tapping on the “Double Click to Pay” label on screen. When I explained that the animation was pointing to the physical side button, the proverbial light bulb went off.

This is an interesting design dilemma. The reason why Apple requires you to press the physical side button to confirm a purchase with Apple Pay or in the App Store is because pressing the side button can’t be faked by an app. If it was an on-screen button, a nefarious app could present a fake Apple Pay button. With any normal app, clicking the side button once will always lock the screen, and double-clicking will put you in Apple Pay mode. Only Apple’s own software can override the side button like this. Double clicking the side button to confirm a purchase effectively guarantees that it was a legitimate payment experience.

But: people naturally expect everything they do on an iPhone to be done on screen. The screen is the phone — and that’s even more true with the iPhone X. Even with an animation pointing to the side button on screen, it doesn’t occur to people that they need to do something off-screen to authorize the transaction.

I’m not sure what the solution here is, but I think Apple needs to come up with a better indication — perhaps something more explicit, the first time you encounter it — that you need to click the hardware button, not tap something on screen.


  1. The thing to keep in mind if you watch this animation is that the “Double Click to Pay” animation is aligned perfectly with the hardware side button. ↩︎

Read the whole story
martinbaum
24 days ago
reply
This totally confused me, too, to the point where I disabled Face ID for the App Store so it would revert to manual Apple ID password entry. Not good UX design.
Share this story
Delete
1 public comment
satadru
24 days ago
reply
Every device needs a privileged out of band input device or sequence. The Power Button is the CTRL-ALT-DEL of mobile devices.
New York, NY

★ Apple Addresses Why Some iPhones With Older Batteries Are Benchmarking Slower

2 Comments

Matthew Panzarino, writing for TechCrunch:

Here’s a statement that Apple provided when I inquired about the power profile that people were seeing when testing iPhones with older batteries:

“Our goal is to deliver the best experience for customers, which includes overall performance and prolonging the life of their devices. Lithium-ion batteries become less capable of supplying peak current demands when in cold conditions, have a low battery charge or as they age over time, which can result in the device unexpectedly shutting down to protect its electronic components.

Last year we released a feature for iPhone 6, iPhone 6s and iPhone SE to smooth out the instantaneous peaks only when needed to prevent the device from unexpectedly shutting down during these conditions. We’ve now extended that feature to iPhone 7 with iOS 11.2, and plan to add support for other products in the future.”

Panzarino’s piece is (unsurprisingly) a good, sober look at the story. Basically, Apple is being painted in a damned if they do, damned if they don’t corner. Prior to adding this feature to iOS last year, iPhones with older declining batteries were shutting down unexpectedly when taxed at peak performance. That’s obviously not good. So now, iPhones with older declining batteries are throttled, when necessary, to keep them running. But now Apple faces accusations that they’re deliberately slowing these devices down to convince people to buy new iPhones. The thing to keep in mind is that there is nothing Apple can do about the fact that lithium-ion batteries decline over time. One way or another, older much-used iPhones are going to suffer in some way. I think what Apple is doing here is a reasonable balance between trade-offs.

I agree with Panzarino, though, that Apple should do a better job communicating about this:

Apple should examine whether the gap between when the algorithm starts smoothing out the peaks of performance and when they’re notified that their performance is taking a hit due to battery age is too large. If a person is noticing (and it seems they are given the discussion threads and social activity on this) that their phone is running slower then they need to know why.

The point at which iOS will tell you that your battery has gone to hell is currently very, very conservative. Perhaps this can be set to be more aggressive. Then, of course, users will complain that Apple is cash grabbing on battery replacements but humans will remain humans.

James Thomson put it well:

I get the whole “it’s better to clock your phone slower rather than have it randomly crash” aspect to this story. It’s more the fact that Apple wasn’t upfront about it, and thus we’ve all been telling people “no, your phone isn’t getting any slower”. Turns out, it was.

An official battery replacement from Apple is only $79, and free under AppleCare. If more users with older iPhones knew that replacing the battery could restore the original performance, they might happily opt for that.


I’ve said the following before, but I’ll say it again: Apple does not purposefully cripple older devices to encourage users to buy new devices. Nor would it be in their long-term interest to do so. As I wrote in 2013:

If older iPhones suffer upon being updated to iOS 7 — getting slower, or worse battery life, or losing Wi-Fi — to such a degree that the users conclude they now need to buy a new phone, would not the most likely and logical result be that it would inspire many of them to switch to Android (or Windows Phone, or anything) rather than to buy another iPhone?

If your car breaks down after just a few years, are you not more likely to replace it with a different brand? To posit that Apple customers are somehow different, that when they feel screwed by Apple their response is to go back for more, is “Cult of Mac” logic — the supposition that most Apple customers are irrational zealots or trend followers who just mindlessly buy anything with an Apple logo on it. The truth is the opposite: Apple’s business is making customers happy, and keeping them happy. They make products for discriminating people who have higher standards and less tolerance for design flaws or problems.

Apple products — including iPhones in particular — hold their resale value far better than those of any competitor. Apple products are designed to last longer than the industry standard, not less. When they fall short in this regard, it’s the result of a software bug or inadvertent component failure. I know for a fact that the widely-held belief that Apple booby-traps two-year-old iPhones drives Apple employees — ranging from engineers to senior executives — nuts, because the truth is the opposite. They really do knock themselves out trying to build and maintain products with lasting value.

And at the engineering level, I’ve heard from multiple Apple sources over the years that even if such a dictate were issued from on high, it would result in a revolt. If some shortsighted senior executive demanded that an iOS software update render older iPhone hardware artificially slow, the engineers tasked with the job would almost certainly object. Even if some unscrupulous engineer were willing to implement such a booby trap, how would they keep other engineers on the team from noticing it, fixing it, and figuring out who was responsible? Something along the lines of “if (deviceAgeInYears > 2) { [self _runFuckingSlow]; }” is going to stick out in code review after being checked into the iOS source code.

Would they resign in protest if their objections were ignored? Yes, actually, they would. Really. It’s not like software engineers with Apple experience on their resumes have a hard time getting job offers at other companies. Apple attracts people who are looking to do great work, period.

This is why the seemingly endless stream of stories about malfeasance at Uber is so pernicious for the entire industry. Obviously, some tech companies have executives who engage in underhanded, malicious, user-hostile (if not downright illegal) strategies, and they have low-level employees willing to implement the plans. Given that Uber found engineers willing to create a “god view” monitoring system that allowed employees to spy on celebrities, politicians, and ex-boyfriends and girlfriends, it’s not hard to believe Apple could find engineers willing to make apps run slower on two-year-old iPhones. Such cynicism is understandable, but Apple is not Uber.

Read the whole story
martinbaum
33 days ago
reply
Didn’t see that Uber corner turn in the last paragraph coming, but Grubes will be Grubes. Lol.
Share this story
Delete
1 public comment
sirshannon
33 days ago
reply
“They don’t cripple devices just because they old! They only cripple devices just because the battery is old!” :/ This is a tremendous amount of mental gymnastics to excuse the fact that they’re doing this tremendous amount of power-usage gymnastics to avoid having a phone thick enough to avoid having a camera bump.
leonick
33 days ago
Making the battery and in turn the devices thicker would give you more battery capacity (and I wish they'd do this) but it wouldn't help in this case. Running the CPU at higher speeds requires a higher current. An aged battery can't maintain as high a current and if the devices draws too much you get a sudden shut down.
sirshannon
32 days ago
so they released a device with a battery that can't run the device at full speed a year after it was released, causing the device to shut down under load? That's defective and would be helped by a higher power battery (which would need to be larger). So yeah, like I said.

NewsBlur for iPhone X

2 Comments and 3 Shares

I’m proud to announce the launch of version 7.0 of the NewsBlur iOS app, complete with iPhone X support. There’s a lot that’s new and improved in this release.

Also new to the release is that addition of in-app payments for a NewsBlur premium subscription. This was a long time coming. This upgrades the iOS app to match the experience on the web. And because in-app subscriptions are now live, the iOS app will now match the free account restrictions you’ll find on the web. As a reminder, NewsBlur is a paid service with free accounts that act as indefinite trials.

Here’s a complete list of what’s new:

  • Built for iOS 11 and iPhone X
  • In app purchases allow you to upgrade to a premium subscription from inside the app
  • Drag-and-drop on iPad to share stories and images from NewsBlur
  • New view: Infrequent Site Stories shows stories from feeds that update less than once a day (premium only)
  • Theme manager in every view for quick color changes
  • Adding San Francisco font choice
  • Adding feed list and story list font size controls so you can change size directly from each view
  • Adding in-app Safari with Reader mode option
  • Scroll position is now saved, so when you return to a story you maintain your place
  • New mark as read button on iPad when in landscape or with story titles on bottom
  • Fixing image sizing on all iPhones and iPads
  • Updated many layouts for better future compatibility
  • Fixing unread count badge for users without notifications turned on
  • Fixing duplicate title/URL in Messages sharing (thanks Nicholas R!)
  • Fixing compatibility with Firefox (thanks Joe G!)

I hope you enjoy the updated iOS app. I have plans to build new features on top of the app next year, when some huge features will make their debut.

Read the whole story
martinbaum
42 days ago
reply
Thanks for this. It looks perfect.
Share this story
Delete
1 public comment
chrisrosa
42 days ago
reply
yasss!! @NewsBlur on the #iPhoneX is sexy!
San Francisco, CA

Why Didn’t Twitter Delete the Anti-Muslim Tweets Promoted by Trump?

3 Comments and 4 Shares

Ivana Kottasová, reporting for CNN:

The anti-Muslim videos were first posted by Jayda Fransen, deputy leader of the far-right party Britain First. They depict violent assaults and the destruction of a statue of the Virgin Mary.

They also appear to violate the terms of use published by Twitter. It warns users: “You may not promote violence against, threaten, or harass other people on the basis of race, ethnicity, national origin, sexual orientation, gender, gender identity, religious affiliation, age, disability, or serious disease.”

Asked why the original tweets have not been deleted, a Twitter spokesperson said:

“To help ensure people have an opportunity to see every side of an issue, there may be the rare occasion when we allow controversial content or behavior which may otherwise violate our rules to remain on our service because we believe there is a legitimate public interest in its availability.”

Translation from PR Weasel-ese to English: Twitter is afraid of pissing off Trump.

Read the whole story
martinbaum
53 days ago
reply
Maybe, but more like Twitter is still relevant because Trump's the best traffic driver their platform has ever had.
Share this story
Delete
2 public comments
rtreborb
47 days ago
reply
Translation: it drives revenue
petrilli
50 days ago
reply
I wish Twitter would be more honest about the fact that what keeps it from deleting Trump's account is the (very real) fear that the sociipathic narcissistc in chief would use his cadre of incompetent criminals and hangers-on to persecute Twitter constantly and likely would bankrupt the company.

Be honest.
Arlington, VA

How Facebook Figures Out Everyone You’ve Ever Met

2 Comments

Excellent investigation by Kashmir Hill, writing for Gizmodo, on Facebook’s creepy “People You May Know” system:

In the months I’ve been writing about PYMK, as Facebook calls it, I’ve heard more than a hundred bewildering anecdotes:

  • A man who years ago donated sperm to a couple, secretly, so they could have a child — only to have Facebook recommend the child as a person he should know. He still knows the couple but is not friends with them on Facebook.
  • A social worker whose client called her by her nickname on their second visit, because she’d shown up in his People You May Know, despite their not having exchanged contact information.
  • A woman whose father left her family when she was six years old — and saw his then-mistress suggested to her as a Facebook friend 40 years later.
  • An attorney who wrote: “I deleted Facebook after it recommended as PYMK a man who was defense counsel on one of my cases. We had only communicated through my work email, which is not connected to my Facebook, which convinced me Facebook was scanning my work email.”

Even if, like me, you’ve never even signed up for Facebook, they almost certainly have a detailed profile of you.

Read the whole story
martinbaum
69 days ago
reply
Uh... the main method these days is that they pay Google, Yahoo, and Microsoft for their email account linkages. That's so obvious (based on my experience) I'm surprised more people don't know that.
Share this story
Delete
1 public comment
lelandpaul
69 days ago
reply
I briefly had a work account that knew nothing but my name and birthday; I started seen PYMK recs for folks I went to high school with (when I used a different first name!).
San Francisco, CA
Next Page of Stories