Archive for March 31, 2020

Tuesday, March 31, 2020

Apple Buys Dark Sky

Adam Grossman (MacRumors, tweet, Hacker News):

Dark Sky has joined Apple.

[…]

There will be no changes to Dark Sky for iOS at this time. It will continue to be available for purchase in the App Store.

[…]

The [Android] app will no longer be available for download. Service to existing users and subscribers will continue until July 1, 2020, at which point the app will be shut down.

[…]

Our API service for existing customers is not changing today, but we will no longer accept new signups. The API will continue to function through the end of 2021.

Ryan Jones:

Bottom line: Dark Sky is the right purchase for Apple.

They win in one area that matters a lot: rain, now. They have compete coverage. They are built in a modern, improvable way.

Just don’t use it for any future weather forecasts! (>48 hours away)

Update (2020-04-10): John Gruber:

I’m hoping that Apple has acquired Dark Sky not merely to beef up the built-in iPhone Weather app (Apple has no first-party Weather app for iPad or Mac, curiously), but to add hyperlocal weather forecasting APIs to its OSes. This would add a competitive advantage for iOS and MacOS both in terms of weather and privacy. Third-party weather apps are notorious for abusing location privileges.

Nate Gorby:

CARROT Weather’s forecast for today

Update (2021-06-13): David Smith:

Looks like Dark Sky will keep their API active for a year longer than that originally announced.

Nick Heer:

There is a WeatherKit private framework lurking in iOS 15 that does not exist in iOS 14. It currently only contains strings of different weather conditions, but perhaps it will be more substantial and not private in the future.

Zoom Meetings Aren’t End-to-End Encrypted

Micah Lee and Yael Grauer (Hacker News):

Zoom, the video conferencing service whose use has spiked amid the Covid-19 pandemic, claims to implement end-to-end encryption, widely understood as the most private form of internet communication, protecting conversations from all outside parties. In fact, Zoom is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio from meetings.

[…]

Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, points out that group video conferencing is difficult to encrypt end to end. That’s because the service provider needs to detect who is talking to act like a switchboard, which allows it to only send a high-resolution videostream from the person who is talking at the moment, or who a user selects to the rest of the group, and to send low-resolution videostreams of other participants. This type of optimization is much easier if the service provider can see everything because it’s unencrypted.

“If it’s all end-to-end encrypted, you need to add some extra mechanisms to make sure you can do that kind of ‘who’s talking’ switch, and you can do it in a way that doesn’t leak a lot of information. You have to push that logic out to the endpoints,” he told The Intercept. This isn’t impossible, though, Green said, as demonstrated by Apple’s FaceTime, which allows group video conferencing that’s end-to-end encrypted. “It’s doable. It’s just not easy.”

See also: Dan Moren, John Gruber.

Previously:

Update (2020-04-10): Nick Heer:

Lacking end-to-end encryption for video chat is not uncommon. What is unique to Zoom is that they’re lying about it in marketing materials by redefining “end-to-end encryption” to fit their needs.

Matthew Green (Hacker News):

Unfortunately, Citizenlab just put out a few of their own results which are based on reverse-engineering the Zoom software. These raise further concerns that Zoom isn’t being 100% clear about how much end-to-end security their service really offers.

This situation leaves Zoom users with a bit of a conundrum: now that everyone in the world is relying on this software for so many critical purposes, should we trust it? In this mostly non-technical post I’m going to talk about what we know, what we don’t know, and why it matters.

See also: MacRumors, Hacker News.

Oded Gal (Hacker News):

In light of recent interest in our encryption practices, we want to start by apologizing for the confusion we have caused by incorrectly suggesting that Zoom meetings were capable of using end-to-end encryption. Zoom has always strived to use encryption to protect content in as many scenarios as possible, and in that spirit, we used the term end-to-end encryption. While we never intended to deceive any of our customers, we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it.

[…]

To be clear, in a meeting where all of the participants are using Zoom clients, and the meeting is not being recorded, we encrypt all video, audio, screen sharing, and chat content at the sending client, and do not decrypt it at any point before it reaches the receiving clients.

That’s not what end-to-end encryption means.

Update (2020-11-27): Zack Whittaker (tweet, Hacker News):

The Federal Trade Commission has announced a settlement with Zoom, after it accused the video calling giant of engaging in “a series of deceptive and unfair practices that undermined the security of its users,” in part by claiming the encryption was stronger than it actually was.

See also: Jon Brodkin.

Omni Group Layoffs

Brent Simmons (tweet):

Omni’s been around for almost 30 years, and I hope it’s around for another 30. It’s one of the great Mac and iOS shops — they will sing songs about Omni, at maximum volume, in the great halls.

But businesses go up and down, and Omni’s had a bit of a down period. Normally that would be fine, but the current economic circumstances turn “a bit of a down period” into something more serious — and, in order to get things going the right way again, the company had to lay off some people. Including me.

For anyone who’s able to hire now, this is a rare opportunity to scoop up some top talent that’s usually off the market.

Mark Boszko (tweet):

People probably know me best for my video production work — please see the output of my last seven years in The Omni Group’s video archives — but I have also done a lot of related development work, and would love to push my career in that direction.

Joel Page:

In short, I designed applications for macOS and iOS. If you look at any of Omni’s applications, you’re looking at my work. Icons, UX, UI, but mostly the icons. I joke that being a UI designer is 95% being a production artist, and that holds pretty true.

All sorts of businesses are affected. Marcin Krzyzanowski was recently laid off from his startup:

I’m looking for new opportunity (yay!) I’ve been doing remote (EU and US) for many years. I’m seasoned iOS Developer, some Mac dev (I’m open to other tech). Interested in contract and/or fulltime.

John Sundell is helping indie developers, many of whom are seeing lower sales:

Normally, this site (and all of my other work) is funded by sponsorships — through non-tracking, privacy-focused (and JavaScript-free) ads that I run on a weekly basis. But for the next two weeks there will be no ads on this site. Instead, each day, I’ll promote a new indie app whose developer has been financially impacted by the current pandemic. For free, with no strings attached.

I hope that, with your support, these indie developers will regain some of that lost revenue through this effort, and that we will all get to discover a few great new apps as well.

[…]

Also, I’d love to see you share your own favorite indie apps on Twitter and other social networks — and if you do, feel free to use the hashtag #IndieSupportWeeks to make those tweets and posts easier to find for everyone who’s following this effort.

Update (2020-04-08): See also: Hacker News.

John Gruber (tweet):

All of this — as Brent says, gestures at everything — aside, it is hard to shake the feeling that the market for independent professional software is coming apart at the seams, fraying irreparably.

Paying for good software is in our own best interest.

Frank Reiff:

OMG. OmniGroup, the IBM of Apple indie development, has laid off a whole bunch of people. If that’s not an indictment of where indies are at, I don’t know what is. Still Apple is getting 30% of all sales and is about to increase busy work for everybody at WWDC again.

Kristina Sontag:

That said, if you need great people in test, design, marketing, support, and engineering let me know and I can connect you!

James Rowland:

Like others, I was laid off from the Omni Group. If you need a PM who knows privacy law and copyright or a Tester who can navigate iOS and Mac app review, give me a shout.

macOS 10.15.4 Broke SSH

Tyler Hall (tweet, Hacker News):

The user in the Apple forums was right. At least in my case, my one server that happened to be running on a non-standard ssh port above 8192 will not connect from Catalina 10.15.4 when using the hostname instead of the IP address.

He’s not the only one:

/usr/bin/ssh in macos 10.15.4 hangs if used with the -p flag to specify an alternate port and used with a hostname. This was not present in macos 10.15.3

[…]

Using maximum verbosity doesn’t give any clues, and max debugging on the sshd target host shows no connection is ever initiated[…]

vgene:

I had the same problem on a MacBook after upgrading to 10.15.4. However, I wasn’t using a port number higher than 8192, the socket was 75 with a hostname. The problem was solved when I replaced the hostname with its IP or plugged in an Ethernet Cable. I tried to restart mDNSResponder and flush the dns cache and switch to a different DNS server. Nothing works so far.

Previously:

The Internet Archive’s National Emergency Library

The Internet Archive (Hacker News):

On March 17, the American Library Association Executive Board took the extraordinary step to recommend that the nation’s libraries close in response to the COVID-19 outbreak. In doing so, for the first time in history, the entirety of the nation’s print collection housed in libraries is now unavailable, locked away indefinitely behind closed doors.

And so, to meet this unprecedented need at a scale never before seen, we suspended waitlists on our lending collection. As we anticipated, critics including the Authors Guild and the Association of American Publishers have released statements (here and here) condemning the National Emergency Library and the Internet Archive. Both statements contain falsehoods that are being spread widely online. To counter the misinformation, we are addressing the most egregious points here and have also updated our FAQs.

I don’t see anything about the legal basis for suspending waitlists, i.e. allowing unlimited simultaneous checkouts. I suspect there is none.

On the one hand, with libraries closed, there are lots of library copies that should be in circulation but aren’t. Internet Archive is solving a real problem. On the other hand, what’s the principle here? Can any site claim to be acting on behalf of libraries, distribute whatever content they want, and force the copyright holders to opt out rather than opt in?

Previously:

Update (2020-06-02): TorrentFreak:

Today, major publishers Hachette Book Group, Inc., HarperCollins Publishers LLC, John Wiley & Sons, Inc., and Penguin Random House LLC went to war with the project by filing a copyright infringement lawsuit against the Internet Archive and five ‘Doe’ defendants in a New York court.

[…]

Claiming that IA is hiding behind “an invented theory” simply labeled Controlled Digital Lending, the publishers maintain there is nothing in copyright law that allows anyone to systematically copy and distribute digital book files simply because they claim to own an original physical copy.

Furthermore, IA’s loosening of its own CDL rules at the time of the pandemic only made matters worse, as it came precisely when book market players were also under pressure to survive.

Update (2020-06-11): Brewster Kahle (via Hacker News):

Today we are announcing the National Emergency Library will close on June 16th, rather than June 30th, returning to traditional controlled digital lending. We have learned that the vast majority of people use digitized books on the Internet Archive for a very short time. Even with the closure of the NEL, we will be able to serve most patrons through controlled digital lending, in part because of the good work of the non-profit HathiTrust Digital Library. HathiTrust’s new Emergency Temporary Access Service features a short-term access model that we plan to follow.

We moved up our schedule because, last Monday, four commercial publishers chose to sue Internet Archive during a global pandemic.

Unmasking Twitter

Twitter:

Broadening our definition of harm to address content that goes directly against guidance from authoritative sources of global and local public health information. Rather than reports, we will enforce this in close coordination with trusted partners, including public health authorities and governments, and continue to use and consult with information from those sources when reviewing content. Under this new guidance, we will require people to remove tweets that include[…]

[…]

Description of harmful treatments or protection measures which are known to be ineffective, do not apply to COVID-19, or are being shared out of context to mislead people, even if made in jest, such as “drinking bleach and ingesting colloidal silver will cure COVID-19.”

This is quite a statement and a difficult situation for Twitter to be in. Obviously, there is a lot of misinformation out there, and they don’t want Twitter to be overrun with it. But some information from health and government sources has turned out to be incorrect, and different authoritative sources don’t always agree with one another. Some potential treatments are approved in certain jurisdictions but banned in others. Knowledge is evolving by the day, but nothing is going to be truly verified scientifically until after this is all over.

Ben Thompson:

Everyone is taking their guidance from the WHO, and that’s a problem. […] It seems likely this paragraph about the lack of asymptomatic transmission was strongly argued for by China.

[…]

And yet, Director General Tedros Adhanom Ghebreyesus argued — on Twitter! — that asymptomatic carriers were not a concern[…]

Again, an increasing amount of evidence is that this just isn’t true: asymptomatic carriers are a major problem.

[…]

It sure seems like multiple health authorities — the experts Twitter is going to rely on — have told us that masks “are known to be ineffective”: is Twitter going to delete the many, many, many tweets — some of which informed this article — arguing the opposite?

The answer, obviously, is that Twitter won’t, because this is another example of where Twitter has been a welcome antidote to “experts”; what is striking, though, is how explicitly this shows that Twitter’s policy is a bad idea, not just because it allows countries like China to indirectly influence its editorial decisions, but also because it limits the search for truth.

Previously:

Update (2020-04-08): Mike Rockwell:

Unfortunately, this is the path that we have to take. If only because advertisers will demand it — they don’t want to see their brand promoted next to anything they consider to be misleading, incorrect, dangerous, or objectionable. But hopefully we’ll all eventually move away from these platforms, before things get too bad, toward a more open web where each of us share our ideas on our own domains.

Update (2020-04-23): Donie O’Sullivan (via Hacker News):

Facebook says it has removed promotion of anti-quarantine events in California, New Jersey, and Nebraska after consultation with state governments

See also: Slashdot.