I purchase music outright because I'm old. I often buy from what at least used to be called the iTunes Music Store. The biggest advantage for me for doing so over, say, buying from Amazon or directly from the artist's site (which I often do, or buy from Bandcamp if available), is that Apple Music will stream those songs for me even if I didn't download them locally, so they're accessible any time I have an Apple device (or Windows!) and a network connection.

Well, almost. It doesn't work from my HomePod, you know, the device I spent a few hundred bucks on TO PLAY MUSIC.

All these phrases except maybe one used to work at some point. It used to be I could use the magic phrase "from my library" and get things to work, or say the name of a specific album. No longer!

And "shuffle my library" used to always work even when nothing else did. I'd sometimes get shuffle even when asking for something specific -- and Siri would tell me so before ignoring what I'd really requested ("Now playing your music library shuffled"). That shuffling the full library worked always drove me crazy because it'd tell me the music was there, Siri just wasn't going to play the way I wanted it.

Anyhow, the main course (Warning: this may say "Hey Siri" several times and light up as many Apple devices as you have within listening range):

Transcript:

Me: Hey Siri, play The Warning from my library.

Siri: The Warning Now Playing.

Also Siri: Sorry, there was a problem with Apple Music.

Me: Hey Siri, play Keep Me Fed.

Siri: Now playing Escapism by The Warning.

Me, silently: [Escapism? Isn't that the sixth song on the...]

Also Siri: Sorry, there was a problem with Apple Music.

Me: Hey Siri, play The Rolling Stones.

Siri: Here's The Rolling Stones.

Also Siri: Sorry, there was a problem with Apple Music.

Me: Hey Siri, shuffle songs from my... library.

Siri: Playing all songs, shuffled.

LONG PAUSE

Siri: Sorry, there was a problem with Apple Music.

I think that's a clear QA fail. Shouldn't these be well-established "user stories" by now? If they worked before, someone made it work. Did they do that on their own time or were they asked to? What happened to those tests? Why aren't those scenarios tested any more?

Like, I get it. I'm a dinosaur in a way that hasn't become cool again. I'm reminded of this Twitter ad I saw from the RIAA (boo! hiss!) last week (Oct 23rd):

I AM the 2%! There's are dozens of us...

Still, I think back to that picture of Jobs with the Tiffany lamp and hifi. Today's Apple seems to have completely lost the thread of Steve Jobs' "Thoughts on Music".

It continues. On Apple's HomePod feedback page, the most recent HomePod OS version you can select is 16.5. Mine, after searching the Home app for a while, is apparently on 17.6 and is downloading 18 now. How much money does this company have again?

Labels: apple, apple fail, Apple Music, homepod, siri

I recently had a process called XProtectRemediatorRedPine eating 95% of one CPU core on my MacBook Air when it wasn't plugged in. That name seemed... strange, and I wondered if it was legit.

Turns out it's probably Apple looking for malware.

The Secrets of XProtectRemediator

Found a blog post called "The Secrets of XProtectRemediator" that has a section called "Reverse Engineering the RedPine Remediator. They apparently picked the Red Pine remediator at random...

With all that background out the way, let’s open up one of the XPR scanners in Binary Ninja and actually see what this looks like. There’s no particular reason for choosing RedPine, they all look pretty much the same.

...

Since there are 24 remediators, I won’t cover them all in detail.

In a results section, they give the "notable results" on Red Pine (and a few others):

Now this one I’m not totally confident about, but it’s givinggg TriangleDB from Operation Triangulation5. I wonder where Red Pines grow? 🦅🇺🇸

What is TriangleDB?

And there's a link included with more on TriangleDB, which is probably the most interesting link in this blog post. Here's a snippet:

The implant, which we dubbed TriangleDB, is deployed after the attackers obtain root privileges on the target iOS device by exploiting a kernel vulnerability. It is deployed in memory, meaning that all traces of the implant are lost when the device gets rebooted. Therefore, if the victim reboots their device, the attackers have to reinfect it by sending an iMessage with a malicious attachment, thus launching the whole exploitation chain again. In case no reboot occurs, the implant uninstalls itself after 30 days, unless this period is extended by the attackers.

...

Once the implant launches, it starts communicating with the C2 server, using the Protobuf library for exchanging data. The configuration of the implant contains two servers: the primary and the fallback (contained in the lS and lSf configuration fields).

...

The C2 server responds to heartbeat messages with commands. Commands are transferred as Protobuf messages that have type names starting with CRX. The meaning of these names is obscure: for example, the command listing directories is called CRXShowTables, and changing C2 server addresses is handled by the command CRXConfigureDBServer. In total, the implant we analyzed has 24 commands designed for:

• Interacting with the filesystem (creation, modification, exfiltration and removal of files);
• Interacting with processes (listing and terminating them);
• Dumping the victim’s keychain items, which can be useful for harvesting victim credentials;
• Monitoring the victim’s geolocation;
• Running additional modules, which are Mach-O executables loaded by the implant. These executables are reflectively loaded, with their binaries stored only in memory.

[emphais mine -mfn]

Overview/quick history of XProtect

The relationship of Red Pines to TriangleDB is supported by another source titled "The Three XProtects of Christmas". It also gives us a good, quick overview of the XProtect system as a whole.

By 2021, Apple had decided to replace MRT with something more modern and capable. The first version of XProtect Remediator was installed in macOS Monterey 12.3 on 14 March 2022, and over the following summer it grew to replace MRT, which was last updated on 29 April 2022, and is now no longer installed with macOS although it may still be obtained as an update.

XProtect Remediator (XPR) is installed and updated outside macOS updates, in the XProtect.app bundle in /Library/Apple/System/Library/CoreServices, in macOS 10.15 Catalina and later. It contains individual executable scanning modules, one of which covers old malware that MRT dealt with. Its first standalone update on 17 June 2022 brought the total of its named malware scanners to eight, and it has grown steadily ever since to a total of 22 in its current version 122.

...

RedPine, added in 114 on 12 October 2023, believed to cover TriangleDB malware;

I'm not going to suggest that I've given you an exhaustive breakdown on what's happening such that you could elevator speech the important parts to someone else (usually my goal), but I think that's enough of a lead for us to figure it out if we wanted to.

In any event, I think this...

1. Says the process is likely legit.
   • ("likely" because you could always name your malware after something legit)
2. Makes me think the "efficiency cores" are very efficient, because otherwise this would've killed my battery.
   • Though weird that a process looking for in-memory malware would use so much CPU for so long. 🤔

Eh, kinda interesting. I guess this sort of topic helps explain why my blog makes the big bucks.

Labels: apple, security

John Carmack, a brilliant, gifted developer, recently said this about V/AR, and it continues to bother me:

I remain unconvinced that mixed reality applications are any kind of an engine for increasing headset sales. High quality pass through is great, but I just don’t see applications built around integrating rendering with your real world environment as any kind of a killer app. I consider it interesting and challenging technology looking for a justification.

But we already have mixed reality applications. AirPods in transparency mode are one, but even transitor radios at baseball games in the late 50s. Telephones? They don't render sight, but they do render augmented soundscapes. Ask the blind if a sightless world counts as a reality.

And what are our phones? They aren't VR. They do interact. Take the blue dot on a map -- or the location-based notifications we get walking into an Apple store.

Do I just not understand what Mixed Reality is? Apparently not precisely.

Tom's hardware tries to explain:

Virtual reality (VR) is a fully immersive world that is created by hardware that does not bring in elements of the real world.

...

Augmented reality, meanwhile, is the other end of the spectrum — which Microsoft refers to as the mixed reality spectrum. Augmented reality (AR) basically adds digital overlays to the existing real world.

...

Mixed reality (MR) lies somewhere in between the two. It adds overlays and real-world objects into a virtually rendered world. Intel actually describes it really well. “You can play a virtual video game, grab your real-world water bottle, and smack an imaginary character from the game with the bottle.” In proper mixed reality, the lines completely blur.

If you say so. I mean, our location is already "mixed" into the virtual world of Pokemon Go. And as much as you try, if the imaginary character tries to let you drink out of their imaginary water bottle, you'll stay thirsty, my friends.

MR seems to be another way of saying "AR, but, like, really augmented" -- as in there's a blurring of the lines between virtual and real, not simply a small or passive overlay. That is, to me, it sounds a little like marketing for AR. Again, the "mixed" water bottle will not satisfy "real" thirst. It remains an augmentation onto, not a physical replacement.

Let's say a rational take is this: VR is as dissociated from the "real"/traditional/legacy world experience as possible. Your actual surroundings are [idealistically] of zero value. In a sense, you're in a perfect, valueless heterotopion so that you can create and experience something completely ungrounded.

AR foregrounds the now, the legacy, and adds to it. Again, think transistor radio while you're at the ballpark so Vin Scully can tell you what you need to know about the game you're watching on the field. But also the silly HUD dossiers' that appear when someone pops into view in spy or Terminator movies (apparently called Termovision!).

MR seems to have lost any meaning. It's not VR, so it's a [marketing?] spin on AR. Maybe it has a very real C-3PO in your visual field and you can speak to them like it's real or they move out of the way of "real" oncoming cars. I don't know. I can't think of a phenomenon where there's a meaningful space between "not VR" (where VR equals "completely dissociated from the real") and "AR" (where something is overlayed on/augementing the "real") for mixed reality to live. MR is AR. Any "R" that's not "VR" is "AR".

So I'm back to wondering what Carmack is talking about when he's down on "mixed reality".

Maybe it's the immersion. There, I'd tell him to lower his bar. You don't have to have Apple Vision to have mixed reality. Again, any interface that puts the digital (okay, okay, "sensory"; doesn't have to be digital) into the "real" works. The McDonald's app that lets you order food. Your EZ Pass transponder.

Does Mixed Reality require glassses? Then why doesn't it require earphones? How about gloves and sleeves and suits that remediate touch? Is his argument that AR glasses aren't MR enough and are, therefore, doomed to fail?

If so, the critique reduces to the absurd: "There is no MR killer app until the digital IS REAL!!1!"

I think his metric for MR success is literally what he says -- "headset sales". He'd say, sure, MR sells phones, radios, EZ Pass accounts, but not glasses. It'll never sell glasses.

I'm wearing glasses typing on a laptop right now. If I could get my phone and computer into that same shape without a concern for weight or power (or eyesight), I would. The potential isn't just there, it's at least as big as the market for glasses.

I don't know about Carmack, but I'm glad Apple has started looking for a way to make those glasses happen.

Labels: apple, apple vision, AR, business, johnc, VR

Apple ran a promo recently about the top 10 "must-play" games on macOS.

Let's take a look!

• Resident Evil Village -- 2021, but still has some cache.
• Civilization VI -- 2016
• Asphalt 8 and Asphalt 9 -- 8 is 2013
• Psychonauts 2 -- 2021
• Inscryption -- 2021
• Myst -- Seriously? We're still doing this? Do I need DOSBox? 1993
• Disco Elysium -- 2019
• Gris -- 2018
• Divinity: Original Sin 2 -- 2017
• Life Is Strange and Life Is Strange 2 -- 2015

I'm all for retro games, but this is like a time capsule of gaming.

Labels: apple, apple fail, gaming

 Only Apple brings you amazingly architected solutions like this.

This is precisely that "happy path or no path" mentality that I've complained about before. If you were green fielding a new OS, there's no way you say, "I know where we'll put the setting for the default mail app! In OUR email app!"

I mean, it makes sense if Mail.app is the only mail handler on your box. I'm guessing I can't delete it even though I don't use it, because if I could I wouldn't be able to select another client to replace it! I also bet the percentage of people using 3rd party email apps for their company email inside of the infinite loops is really low.

This is precisely why I wouldn't hate seeing Apple get split into a hardware-and-bios company and a separate software company or, better yet, companies. I don't hold out any hope for that... I think independent competition with OSes only happens if Linux ever finally commoditizes the desktop OS. Which is could do; I use Ubuntu regularly now. Which is also why it probably never will -- it's good enough for its user base, but still obviously not competitive enough for the typical end user.

In any event, Apple does a great job defining one clean-room use case for its products and, I assume, efficiently implementing that mvp. But it's not very creative at the next step: Coming up with potential real-world fail conditions once the mvp is running.

Labels: apple, apple fail, email, happy-path-or-no-path, macOS

From MacRumors on Apple tracking you with first-party apps:

For example, according to the researchers, the App Store app continually harvested a wealth of usage data in real time, including user taps, apps searched for, viewed ads, and how long a user looks at any given app. Along with these details, Apple is also allegedly able to gather details typical of device fingerprinting methods, including ID numbers, device model, screen resolution, installed keyboard languages, and internet connection type.

In another example, the Mysk researchers said the Stocks app sent Apple a user's list of watched stocks, stocks viewed or searched for (including timestamps), as well as a record of news articles viewed in the app. This information was said to be sent to a web address via a transmission separate from the iCloud communication necessary to sync user data across devices.

I was of two distinct minds when I read this:

1. Doesn't Apple need to know 80% of this stuff (what version OS, what phone, etc) when you're on the app store? And if you want to read an article, don't you need to request it? etc etc
2. Boy, Apple really doesn't dogfood, do they?

Re: 1. -- here's a screencapture from a related YouTube video:

That at first seems mostly like fair game info, doesn't it? But if you say "I don't want anyone tracking me," I can understand why you don't want and, what's more, wouldn't expect all of that pushed up into the pipe. As a developer, it'd be nice if Apple had to ask for that info the same as anyone else.

I wonder how much of Apple not truly dogfooding is so they can claim they can't split the software and hardware sides of the house. Because otherwise they really, really should dogfood as if they were any other app maker. Leveling the app-building playfield would improve every user's experience, because Apple could no longer take shortcuts when determining iOS' priorities.

"Oh, we can just grab that data from the OS," would no longer be a strategy, and, "Hey, we lose 90% of our conversion with this modal asking for full hardware info," would be enough for iOS to make those decisions move more smoothly, however that might be.

Oh, in other news, I finally got a Framework laptop. They had the 11th gen i5 refurb come back in stock for $600, and that's about what I'd pay to play around in this world. If there's a 13th gen CPU update next year that I can use, I might "really" shell out then, depending on how quickly and completely I take to Ubuntu. So far, versus my last foray into Linux on the desktop (admittedly over 10 years ago, I believe), it's nice and fast.

Labels: app dev, app store, apple, dogfooding, privacy

Labels: AirPods, apple, hats o' money

During a FaceTime video call, Apple has updated the UI in ‌iOS 16‌ to be fully transparent, with buttons for camera, microphone, message, speaker, and SharePlay now larger and easier to tap.

Handoff Lets You Swap FaceTime Calls Between Devices in iOS 16, iPadOS 16 and macOS Ventura

If you get a ‌FaceTime‌ call on your iPhone while you're out of the house, you can answer it on the go and then swap over to the larger screen of a Mac when you return home. Or you can answer a call on your Mac and transfer over to an ‌iPhone‌ or iPad for a more portable ‌FaceTime‌ experience.

iOS 16 Lets You Isolate, Copy, and Share Subjects in Photos

Using advanced machine learning, iOS 16 will let users extract a subject from a photo...

Even the CarPlay UI seems like it might soon be coming to some goggles near you.  

We knew it was coming -- AR walking directions (picture from Apple) the most obvious evidence. But you can see Apple creeping closer to AR from all sides. It's almost exciting. 😉

Labels: apple, AR

Labels: apple, mvp, safari, testing, web

From "The 5G iPhone SE will be for carriers, not customers " at theverge.com:

Now, just two years later, Apple is preparing to release its third-generation iPhone SE, one that’s rumored to offer broadly the same design as the 2020 SE, but with an upgraded processor and camera from the 2020 model, along with 5G.

And it’s that final detail — the addition of 5G — that seems to reveal why Apple is upgrading the iPhone SE this early: it’s an upgrade for the carriers, not the customers.

This is 100% accurate.

This is not.

Even if Apple sticks in an A14 (iPhone 12-equivalent) or A15 (iPhone 13) chipset, it’s only helping to future proof the 2022 SE by another year or two — hardly a reason to introduce a whole new model. 

If the prices are the same, just updating to an A15 makes the SE an amazing bargain once again.

This phone should be current as long as the iPhone 13 is.

And, as I've mentioned before, I hate Face ID. This could be the last iPhone with a Touch ID on the home button. If the rumored "SE BIG" based on the Xr has the same Touch ID as the iPad mini, count me out.

(And the SE 3 is rumored to have a 256 gig version available.)

I've seen MacRumors say that the SE 3 camera is going to be updated. I hope so, and that was one of the coolest parts of the first iPhone SE, which stole the 6S' rear (but not front) camera, but I don't think that's likely here.

I think I recall the SE 2 didn't bother upgrading the 8's camera other than the "sensor". And I bet the only additions we should expect are things that would be harder to remove than to keep. If it's easier to supply a new sensor, it'll use it, otherwise not. If it's easier to add night mode or whatever in software than remove it, it'll use it. Otherwise not.

But if they wanted to update the camera, I wouldn't fight them. I've been using the SE 1 since I gave away my SE 2, trying to use the iPad mini 6 as "my iPhone" while working at home, and, well, let's just say it's time for a new phone when I do go out.

If they really have the rumored 256 gig model for under $650, yes, please.

Labels: apple, iphone

If you don't want someone to open a project in a list, don't grey it out or anything to indicate visually that something unsupported wont' work.

Just drop a quick window.alert equivalent in there and walk away, hands washed, job well done.

 

Good heavens that's weak. Guess I'm done learning Swift on my Mac today.

Labels: apple, apple fail, devLife

From The Verge: "Google says Apple ‘should not benefit from bullying’ created by iMessage lock-in."

“iMessage should not benefit from bullying. Texting should bring us together, and the solution exists. Let’s fix this as one industry,” tweeted the official Android account.

"Wow, that's rich." -Firefox

Labels: apple, Google, open

I mean, no. Thats not a choice. That’s like saying if you want four wheel drive on your Jeep, go buy a Bronco. 

Speaking at The New York Times "DealBook" summit, Cook said that customers currently already have a choice between wanting a secure and protected platform or an ecosystem that allows for sideloading. "I think that people have that choice today, Andrew. If you want to sideload, you can buy an Android phone." 

Look, they don’t want sideloading b/c then those apps could mess with their stuff (the OS, payments, other apps).

What is the state of the art in iPhone jailbreaking now anyhow?

I’m not sure why Apple doesn’t allow sideloading past that, though. You have to go waaaay out of your way to turn it on and you should be able to tell you’re not doing what’s suggested. Even Android is clear about that. Are they worried about support when phones are bricked, or are they not thinking past, “That’s really not ideal for us” (which does sound like an Apple thing to do)?

Or is it an antitrust bargaining chip they don’t want to play for anything less than last-minute, showdown at the O.K. Corral value?

Labels: apple, apple fail, lies

Before you consider buying new AirPods, some quick advice...

If you have an older version of AirPods that you enjoyed, just replace their batteries. I replaced my first generation AirPods by sending them to PodSwap back in February for $60, and I've been meaning to say they work every bit as well as new for a while now.

Look, there's one place Apple gives you more battery than you need, just one: The AirPods case. Even when my AirPods were down to just one functional pod keeping maybe a 30 min charge, my case was still ready to go. PodSwap trades out your existing pods with refreshed ones, and they even send them ahead of time so you're never out of headphones. You keep your case -- mine is very nearly as good as new, charge wise, it appears -- and you're only out $60 for your "new" 'phones.

I don't see much about the new ones that'd have me buying. I mean, I wish my 1st gen AirPods did "Hey, Siri" like 2nd gen, and Spatial Audio has me interested (though see the Verge's "Apple Music’s Spatial Audio is sometimes amazing but mostly inconsistent", including the hint that all headphones can play Spatial Audio?), but I never miss either when listening. (Again, my AirPod "taps" are mapped to 1. fast forward and 2. rewind, which is much more useful than "tap to Siri". Take one out to pause & put it in the play.)

I tried Beats Solo and found myself going back to the AirPods even when they still had dying batteries. There's something about that handy lighter-sized case and top snapping (foreshadowing intended) that's wonderfully portable and enjoyable to use.

The longer you can push back your Apple hardware upgrades the better for your pocketbook. Refreshing your AirPods is one of the easiest ways to save some dough.

Labels: AirPods, apple, PodSwap

Remember in April when I complained about how hard Apple is selling me services, and how it made it sound like I would lose email?

Guess who else is selling me services? You got it. Google. Well, specifically Gmail.

 

 

Let's give that a shot.

Wait, okay, that's actually kind of helpful! has:attachment larger:10M is a neat search suggestion to get rid of some oversized emails.

Unfortunately I only have 125 that match. That's not nothing -- 125 at even just 10 megs each is well over a gigabyte, giving me nearly 8% of my 15 gigs of free space back and hopefully silencing this message for a while.

But what really hits me is the coincidence that Apple and Google are both yelling at me to pay something [or pay more in Apple's case] at the same time. 

Interestingly, Outlook seems to hard cap at 50 gigs even when you're paying $70 a year (includes 1 tb OneDrive). Google offers 100 gigs in gmail for $20 a year. Apple lets you lump email in with your iCloud, so potentially 2 terabytes (!??!), but that's shared with your iCloud backups, messages, and pictures, and runs $10 a month, so... Fastmail charges $5 a month for 30 gigs and $9 for 100, which seems to be obviously too much until you recall they aren't profiting on what's in your emails.

Regardless, what getting caught on both ends with "upgrade now!!1!" adverts tells me is that companies aren't scaling storage over time, as it becomes cheaper for them. And storage isn't being updated year over year because having people run out of storage is a profit center.

Not crazy, but not coincidental either. This is a decided, "let's all charge for services" play by all the companies. There's money in them thar hills.

Labels: apple, cloud, gmail, Google, hats o' money, icloud, outlook

From daringfireball.net:

I haven’t seen this issue, but I sympathize with those of you who’ve been hit by it. “Unlock With Apple Watch” almost completely mitigates the annoyance of using an iPhone with Face ID while wearing a mask.

I realize Grubes isn't quite committing the sin of assuming Apple lock-in, but it's close. "Hey, your iPhone works great with your watch!" is verrrrry close to, "Your iPhone doesn't work as intended without one, so of course you have one."

And, let's be clear, the iPhone assemblage expects a watch at this point.

I recall reading a review for the original AirPods by someone who didn't have a watch. She complained that it was too difficult to control volume with the AirPods she was reviewing, and she was 100% right.

The volume button on the AirPods is on your watch. It's the "digital crown". If you don't have a watch, you can't adequately control volume; a crucial part of your Apple AirPods is missing. It can even be a Series 2 watch like mine. Works perfectly. Not only sound, which is slick, but the pause, fast-forward, and rewind are also all there on the watch interface waiting on you.

You could argue that she should have been aware of how the watch would complete the AirPods, Jerry McGuire style, but the review was absolutely spot on saying the AirPods' design stinks out of the box.

Ostensibly, Siri would solve all your extra control problems, and the always-on "Hey Siri" of AirPods Pro and AirPods v2+ likely helps mitigate this a bit. Currently, though it's an adequate solution in theory, it's a huge fail in practice. I map my AirPods' double-tap away from Siri and to forward (left ear) and back (right) to get back some measure of control. Removing one pauses, of course.

(That said, when we finally figure out how to integrate Siri culturally and socially, it's going to be amazing. I think I've mentioned how once, in a crowed and extremely loud Apple Store, I was able to nearly whisper a text reply into my watch and have the perfectly transcribed text sent without so much as removing my phone from my pocket. That's how Siri should work, and, at some point, I bet it does -- a nearly subvocal interface that allows rich interactions.)

If you're wearing a watch, AirPods work great -- better than reaching for some dumb volume wart on a wire hanging down from your ears.

But if you're not, AirPods are a bad idea. You're almost precisely up the proverbial Sonic Creek without a paddle.

And, apparently, you're stuck up Face ID Creek too.

To be clear, this Face ID pain is not something I've felt since I quickly gave away my XR. I still prefer a phone with Touch ID so I don't have to have a clear line of sight to my full visage to use my phone. I've been on the SE train for a while now -- and am currently, unexpectedly, using an SE v1 again. What a beautifully sized phone. And I'm now the iPad mini train again too, a perfect balance of easy to carry away from the house (iPhone SE1) and maximized interactions when I'm at home and pockets no longer matter (iPad mini 6). Both are sooooo much nicer with Touch ID. No watch required.

I do, however, love using my AirPods. I've even PodSwapped them and feel good about that so far.

Labels: AirPods, apple, apple fail, apple watch, Face ID, iphone

There's been a lot of pixels spilt regarding Apple's plans to sniff out pictures of child exploitation on personal devices and, if I understand correctly, silently report someone to the National Center for Missing and Exploited Children if they think their algorithms have found it.

A couple of quick reactions:

First, the rhetorical power of child exploitation as a cover discourse for something else entirely in the last decade or so would be unbelievable to someone from the 1980s. What the absolute heck is going on? Stopping someone accused of exploitation has become akin to a theoretical rhetorical get out of jail free card to justify doing whatever someone wants to be doing. And, in some cases thankfully, like the fellow with the assault rifle at the pizza store, it also still appears to be a practical get into jail quick card if you actually act on that coopted rhetoric. Still, it's a bizarre, collective neurosis.

Second, let's talk about what Apple's doing. It seems antithesis to their "privacy is in or DNA" claim, even though some Pizzagates are tragically real. Why are they taking an anti-privacy stand now?

Let's be frank: Apple has not been doing great looking privacy-minded this year, as they gave up the privacy high ground when they announced just last month that they plan to literally start selling AAA privacy in iOS once iOS 15 ships. You don't pay, you don't get to be fully private on iOS.

I don’t understand why @jsnell is the only voice I’ve heard so far highlighting that privacy isn’t “part of our dna” if people have to pay to play.

Our privacy shouldn’t be a business opportunity.

Sincere appreciation that Jason does mention it. Everyone should follow his lead. pic.twitter.com/hcJEggGLkt

— Ruffin (@r_ffin) July 9, 2021

Let's also admit that Apple's not going to be able to create a successful system for sniffing evil images for years. If you've been reading this blog for a while, you know I believe Apple can't QA software to save their life (QA is "Quality Assurance", here meaning the ability to test software to make sure it works well even in unanticipated situations). Here's one example:

Ha, turns out that was me.https://t.co/Tk4dTTQT0dhttps://t.co/FSGFR6PP2C

I'm pretty sure I did the search based on reading it somewhere else - maybe heard on this podcast; will relisten:https://t.co/1AhQcFwaJS

And it continued on iOS in 2017:https://t.co/5Sp9Zt2YaH pic.twitter.com/EbyN1PcYDy

— Ruffin (@r_ffin) August 6, 2021

Things will go wrong. Someone will be suing Apple for a false positive. And one or two of those people may honestly have their lives ruined.

How hashing an image works

To know why someone's going to get charged who shouldn't, I want to describe how hashing and fingerprinting works, though I really don't want to get into the weeds.

So let's grossly oversimplify and say it works like this:

1. Take a seven digit number. This represents the content of a picture. (try 1234567)
2. Remember the third, fifth, and seventh digits. That's your "hash" or "fingerprint" (357)
3. Now any time you get a number, you can compare. If you have XX3X5X7, you know you might have 1234567.

In our case, matching our hash or fingerprint of 357 means there's a 1 in 9,999 chance of actually having 1234567. That's a horribly large chance of a false positive. You could also have 0030507. Or 3335577. Or 2136567. We don't know for sure. Each of those 9,999 matches that aren't 1234567 are collisions. Even so, that's only 10,000 values out of ten million we need to check behind those three hashed digits. Huge potential time savings.

Now when "cyber-fingerprinting" large files like images, the numbers are VERY large (lots over seven digits) and the hashing algorithm, though it will have some collisions, is MUCH more exact. The chances of false positives with a true fingerprinting is, let's guess, about the same or worse than winning the lottery. In any event, false positives are very rare. And you should appreciate that.

But eventually people do win the actual lottery, and, given enough people, someone will have a photo fingerprint collision. Someone will have a picture that, once hashed, matches the fingerprint of a known evil [no hyperbole intended at all] image. And their life could be ruined in a way that will make some identity thefts feel quaint.

Worse, with Apple's software record, there's going to be some bug that says the equivalent of "Any number with a single 3, 5, or 7 in it matches," the National Center is going to receive thousands on thousands of false reports, and we're going to bring down, at least briefly, the very system we're trying to support.

And if someone games the system, well, all bets are off. Someone is going to match a fuzzy fingerprint with a meme image specifically spoofed to match a database image, it's going to get popular, and suddenly there are Pizzagates everywhere! No, really, no joke. It's going to happen.

Apple's true (and legitimate) motivation

Perhaps false positives are worth it to expose those who do exploit children. Certainly in theory I think a few ruined lives is worth the good that can come out of this if there's any meaningful reduction of exploitative imagery.

And Apple has a clear motivation for doing this, an angle nobody's mentioned yet (that I've heard):

Apple is hosting child pornography on their servers right now.

Not maybe. They are. I can't say that with 100% certainty, but theoretically, given a billion active devices, you know they are. There are too many sickos out there, sickos have phones, they have evil on those phones, and some of those phones are backed up to iCloud. That's a huge issue for Apple.

That has to be Apple's motivation. My guess is that the people with serious problems know other ways to maintain their privacy that Apple won't catch. Apple sniffing Photos (the app) will get some less deliberate criminals. But even at 100% foolproof iCloud sniffing, Apple won't stop exploitation. Should Apple delete apps like those from the App Store too? Maybe! Tough question, but cut from the same cloth.

I mean, what a freaking mess. I can't imagine all the smut people likely have on their phone. Heck, Brett Favre allegedly (almost certainly did, right?) sent pics of, well, you know, to a female reporter while he was with the Jets. Very few have signed him off as a habitual recidivist, and I bet most NFL fans still have a mostly positive view of Favre in spite of having ­and sharing NSFW pics and being a sexual harasser. (Could iOS stop these sorts of pics from being shared? Would that be bad? What if I wasn't a Puritan at heart, would I still think it's bad -- that is, consenting adults can exchange NSFW pictures, right? Right? Ewww.)

It's just that this passive, "We're looking through your phone and taking actions based off of its contents without your involvement" that's scariest to the layperson, I think. To jump all the way from absolute, objective evil, let's go right to the end of the grey area where it's almost harmless:

Wait. Before I venture much further, let me stop completely to say something: If someone has 1000 matches with a database of child exploitation imagery, even at 95% accuracy (insanely low accuracy, I'd think), statistics say that they've definitely got non-trivial amounts of illegal imagery. If they have 100, they have illegal images. If they have 10? I've got to think probably they do.

I have some practical privacy and 5th amendment itches somewhere, but here, they're unimportant. You're using a private company to store illegal goods. Apple sniffed those illegal images just like a storage company could catch a cocaine stash with a drug sniffing dog. You should get turned in with no warning and let the judicial system (at least in the US) figure out where the chips should fall.

Back to the grey area discussion...

What if you have too many pictures of jaywalking?

Movies taken from cars that were speeding?

Should you get fines in the mail as if you'd been caught by a red-light camera?

How many jaywalking pictures before something must be done? It's more than 2. Is it less than 1000?

In all of these cases, what we're talking about is the practical loss of privacy, at least compared to the situation that came before it. This practical, day-to-day loss is starkly different from losing the theoretical right to privacy, which Apple hasn't changed at all without some serious mental gymnastics -- you could argue that today's First World requires a cell phone, and if Android starts doing this photo sniffing too you're trapped in a duopoly, but you also have other options for taking and storing pictures.

Again, this is an argument because Apple is hosting your images on their hardware.

But wow, it feels like a slippery slope, and a dangerous rhetoric of absolute evil attached to not tripping down it.

Labels: apple, Other Stuff, privacy

From The Verge on the Epic vs. Apple suit:

[Cook] was also, however, a little blunter about Apple’s own interests. “IAP helps Apple efficiently collect a commission” — for payment processing, but also customer service and the use of Apple’s intellectual property. Without in-app purchases, “we would have to come up with another system to invoice developers, which I think would be a mess.” If Apple let developers tell users about other payment methods, Cook said later, “we would in essence give up our total return on our IP.”

That's... interesting. It suggests free app authors are freeloaders, and that high revenue apps are paying a disproportionate amount of the "total return on our IP" -- which, again, includes "customer service and the use of [iOS]". That without the largesse of Clash of Clans, freeware apps would need to pay more than their annual $100 developer fee to keep iOS, well, if not afloat, then profitable.

Though you can't sell the hardware without iOS either, can you? Is the IP all of iOS or just the App Store? Do you have iOS without the Store? Do you have the same success selling your phones with these apps? Of course not. It cuts both ways, doesn't it? Whose IP is driving revenue for whom?

Is the insinuation, then, that Apple Hardware, Inc needs Apple Software, Inc's^* IAP to be profitable? I doubt it. iPhone would be profitable without the IAP revenue. Cook's statement is within the specific context of growing services revenue to, in turn, grow the stock price. That is, losing the revenue from IAP doesn't make Apple unprofitable. They'd still get a return on their IP. It's reduced growth, aka missed growth targets, a relative loss, not an absolute one, that keeps Cook working at night -- and preparing like mad (as he should) for his court appearences.

Which makes this another example of how Apple is no longer leaving the money on the table to allow it to concentrate on its strengths. It is now primarily motivated by company growth, not producing the "best" products. Sure, it's long-term, sustained growth, which is a much more mature approach than, to hyperbolize, Enron's, but its motivation is still growth. That's a change from "the Jobs years" (or at least Steve managed to fool me into thinking so).

^* I've got a drafted post somewhere about the distinction between Apple Software, Inc and Apple Hardware, Inc. In a nutshell, I'm worried Apple Software, Inc needs to split off from Hardware, Inc if we don't want to keep seeing complaints like Epic's.

Because Epic's complaint should have some weight with Apple Arcade competing with it. Spotify has an even better case. Netflix too, thanks to Apple TV. Amazon has several, not least the Kindle vs. Apple Books' store arena.

In all four, Apple's own options for games and music and TV shows and books have the obvious benefit that they get to avoid the 15-30% surcharge everyone else has to pay. Apple's products can be that much worse than the competition and still "win" simply because they avoid their own "IP" tax.

It's not wholly unlike Amazon Basics Limp Bizkiting a number of products others sell on the site.

A store abuses its power when it also becomes the seller. These are not simple generic brands; these are competitors, equals.

If Hardware Inc. kept the payment processing and IAP profits, but Music, TV, Arcade, and Books had to compete as Software Inc., a favorite third party, but a third party nonetheless, what would the market look like?

Labels: app store econ, apple, hats o' money

Labels: apple, fail, privacy

I liked it when Apple was a hardware company. Sure, as a stockholder, the services income is great. That's where the growth is. As a user, I hate Apple's services push.

Here's one small example: I have the 200 gig iCloud service that runs $3 a month. I have members of my Apple Family using it too. For some reason, two members have used craploads of iCloud space in the last month. We're nearly out.

Do I get a warning that "A & B's use of iCloud has jumped 400% in the last month [bonus if it says "mostly edited video"]. You might request that they check if the usage is required"?

No, no I get this:

macOS

That's a notification on my Mac. Apparently iCloud is going to go away. This implies I can't even use it, though of course all the stuff I have in iCloud continues to work now. I'm just headed to the state where I can't add anything new until something is deleted. But why be measured when you can yell the sky is falling?

Update: Had a reason to open System Preferences later on today. Was greeted with this screen.

Mail

This is from iOS' Mail app. Nevermind that I don't even really use my iCloud email account. This little red warning stares at me every time I open Mail. The clear implication is that all of my email is about to go kaput. 

Spoiler: With the exception of the @me.com or whatever account I have, my email is not under attack. Gmail, Outlook, personal webservers, whatever, they're all still good, and good in iOS Mail, regardless of my iCloud storage space situation. I'd say 50+% of iPhone users wouldn't be savvy enough to understand that right off.

That "Learn More..." link leads you to this overlay. Dark pattern alert: Note how the auto-renew warning is partially obscured by default on my SE2 screen. (I've scrolled in the second.) You can say that's minor, but so would making the "Add more storage..." font a bit smaller. Priorities.

The message is clear. Pay to play or your email goes away.

iCloud online/through a browser

The least offensive by a mile is the one from iCloud online.

That's a nice, measured, informative description. You haven't run out of space yet. If you do, you'll still have photos, video, and docs; they just can't be updated. Add a, "You might want to clean up your existing files or purchase more space; here's how" and it's perfect.

The best part is that its "Learn More" link goes here, which is a website that includes an entire section on "Make more space available in iCloud". But guess what's above that nice, reasoned section of true information?

That's right: Buy More Services!!1!!!?!?!

It's subtle, but subtle pushes make millions at Apple's scale. 

Aside: Though probably not at macOS scale. This page is a place where they could afford to leave the services money on the table. 

And that's probably what drives me crazy. Apple used to be the "leave money on the table company". Remember "We don't think you need a larger phone"? The slightly larger 5 size was "good enough" for a while. They could've made a larger phone sooner, but didn't until they were ready, not when the market was ready.

It's a horrible trope, but let's use it. Can you see Jobs saying, "And if you want to keep using your email, you just need to pay us an extra $7 a month above the $3 you're already paying us." This, the guy who wanted to sell you albums of music without DRM. He's going to hold your email hostage?

As a whole, these seem like horribly unpolished, crass, rushed, used-car lot sales techniques. If you haven't seen it, you should take a look at the YouTube video that's made the rounds recently (though it's from October), embedded below, about the embarrassing state of the macOS Music app. The dude narrating obviously plays dumb several times to expose poor design choices that might not actually stymie him, but someone is hitting them without the expertise and savviness to get out.

The poor, half-arsed design choices he points out in Music reminds me of the ham-handed services advertisements, above. Lots of verbiage that isn't perfectly clear. UI is not deliberately designed. Each, with the possible exception of iCloud online, refuse to do a respectful job thinking through all the likely use cases at each step. 

Each Apple UI in these cases has a single goal, a happy-path-or-no-path mentality. In Music, it seems it's a very junior programmer fulfilling some acceptance criteria to the letter, and nothing more.

Above, with iCloud, that single use case is, clearly, PUSH SERVICES REVENUE, and do it under the guise of serving the customer.

NOTE: Language in the video is VERY NSFW.

Labels: apple, apple fail, happy-path-or-no-path, hats o' money, UI