Archive for December 28, 2016

Wednesday, December 28, 2016

Amazon Echo Privacy

John Gruber:

There’s an argument that we’re still in the very early stages of voice-driven personal computing. That, for example, Apple is not too late in putting out an Echo-like dedicated appliance. But Amazon is running full steam ahead here. 5,000 hotel rooms here, 5,000 hotel rooms there, and all of a sudden Echo is the entrenched market leader.

Elizabeth Weise (via Hacker News):

Police in Bentonville, Ark., asked Amazon for audio and other records from an Echo digital assistant in the home of James Andrew Bates after Victor Collins was found dead in Bates’ hot tub last year, The Information reported Tuesday.


Amazon refused both times. In a statement to USA TODAY, Amazon said will not release customer information without a valid and binding legal demand properly served on it.


It’s important to note that “always listening” doesn’t mean “always recording.” The Echo is actually only always listening for its “wake word,” which by default is the name of its voice recognition program Alexa.

The Echo only keeps fewer than 60 seconds of recorded sound in its storage buffer. As new sound is recorded, the old is erased. So there’s no audio record made of what went on in a room where an Echo sits.

MacBook Pro Ethernet Adapter Benchmark

Paul Haddad notes that Apple’s Thunderbolt to Ethernet adapter is slightly faster than Belkin’s USB-C to Ethernet adapter and uses much less CPU. Unfortunately, the former must be chained with the Thunderbolt 3 to Thunderbolt 2 adapter. I wonder how the various docking stations compare.

Update (2017-02-09): Marc Liyanage:

Unscientific quick test of 4 USB-C-to-Ethernet adapters. Top is connected to MacBook Pro directly, bottom though LG 5K, all in Mbps.

Christmas Card Mail Merge

Casey Liss:

If you’re willing to make precisely zero edits to the address labels that are created from the Contacts app, it’s actually quite easy to print labels. […] For me, I wanted to address couples as, say, “Stephen and Merri Hackett”, even if my contact card had only Stephen’s name in it. This got very complex very quickly, but I was able to figure it out.

He exports to CSV, edits the file in Numbers, and uploads it to the Avery Web site to get it formatted (I guess as a PDF).

I had thought that Address Book’s (now Contacts’) support for custom fields would eventually solve this problem. Make a field for how you like the name printed and make a group with all the contacts you want to print. Then just keep the addresses up-to-date throughout the year. But, in practice, one ends up making the same manual name changes each year. And there’s no good way to sync contacts between different users. We end up maintaining several parallel address lists in Google Docs and then copying/pasting individual addresses into the DYMO software.

Amazon Could Be More International

Dave Winer:

I bought a gift card for a friend who lives in the UK, but I bought it on, thinking that would be great because they’re so international. But it turns out you can’t use an card on


I got on the phone with Amazon, probably talking with someone in China (even more international) and we figured out the only thing to do was to cancel the gift card, and I’ll now have to become a member of so I can give my friend a gift card she can actually use in the country she lives in.


So I went ahead and logged on to with my American account and it worked. So the rep was wrong, I didn’t need to create a new account.

Update (2016-12-29): Damien Petrilli:

Apple is far worst with their appleID. Switching country makes you lose purchase history / cloud capabilities.

PHPMailer Security Bug

Tom Spring:

A critical PHPMailer bug tied to the way websites handle email and feedback forms is leaving millions of websites hosted on popular web-publishing platforms such as WordPress, Drupal and Joomla open to attack.


Golunski says the Sendemail validation is done using the RFC 3696 specification that in some circumstances allows hackers to add quotes and characters within an email address. When unverified, those quotes and characters can be interpreted as command line arguments that create the remote code execution vulnerability in PHPMailer.

As soon as I read about this, I started seeing 404s for PHPMailer in my Apache logs. So it seems that hackers are already probing to find sites that have it installed.

Update (2017-01-04): Kenn White:

Oh this will be particularly nasty, particularly since the majority of (tens of millions of?) site owners don’t know they’re running it.