Jess Weatherbed:
Amazon is adding Apple TV Plus to Prime Video, a move that could help bolster the iPhone maker’s languishing streaming service. Apple TV Plus will be available on Prime Video in the US later this month as a $9.99 monthly add-on — the same you’d otherwise pay directly to Apple. The difference now is that Apple TV Plus is being promoted directly to Amazon’s massive video subscriber base.
[…]
For Amazon, Apple TV Plus joins over 100 streaming service add-ons already available through Prime Video Channels. It’s all part of the company’s plan to become a global “first-stop entertainment hub” according to Hopkins, a goal that Apple once had for Apple TV.
Alex Weprin:
“We want to make Apple TV+ and its award-winning library of series and films from the world’s greatest storytellers available to as many viewers as possible,” said Eddy Cue, Apple’s senior VP of services, in a statement.
I wonder whether Apple will allow this within the Prime Video app on Apple TV or whether you’ll still have to use the TV app there.
Benjamin Mayo:
Apple TV+ as a channel inside Amazon Prime Video is perfectly fine and sensible for Apple TV+, but it speaks volumes about how Prime Video is eating the TV app’s lunch as a streaming all-in-one aggregator.
Previously:
Amazon Instant Video Apple TV+ TV.app tvOS tvOS 18 tvOS App Web
Lawrence Abrams (Hacker News):
Internet Archive’s “The Wayback Machine” has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.
[…]
Hunt told BleepingComputer that the threat actor shared the Internet Archive’s authentication database nine days ago and it is a 6.4GB SQL file named “ia_users.sql.” The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.
[…]
While the Internet Archive is facing both a data breach and DDoS attacks at the same, it is not believed that the two attacks are connected.
Springtime:
Just in terms of privacy, it’s worth noting that anyone who has uploaded something on IA already has their email address publicly viewable.
This isn’t something that commonly known (even judging by comments here) but in the publicly viewable metadata of every upload it contains the uploader’s IA account email address. So from a security perspective it’s bad but from a privacy perspective a lot of users probably weren’t aware of this detail if they’ve uploaded anything.
Previously:
Update (2024-10-21): Lawrence Abrams (Hacker News):
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens.
[…]
In the case of the Internet Archive, there was no money to be made by trying to extort the organization. However, as a well-known and extremely popular website, it definitely boosted a person's reputation amongst this community.
We need a fully separate Internet archive as a backup.
Breach Internet Archive Privacy Web
Ricky Mondello (Mastodon):
To make these passwords easier to type on suboptimal keyboard layouts like my colleague’s game controller, where the mode switching might be difficult, these new passwords are actually dominated by lowercase characters. And to make it easier to short-term have in your head little chunks of it to bring over to the other device, the passwords are based on syllables. That’s consonant, vowel, consonant patterns. With these considerations put together, in our experience, these passwords are actually a lot easier to type on a foreign, weird keyboard, in the rare instances where that might be needed for some of our users.
And we weren’t going to make any changes to our password format unless we can guarantee that it was as strong or stronger than our old format. So if you want to talk in terms of Shannon entropy once again, these new passwords have 71 bits of entropy, up from the 69 from the previous format.
[…]
So these new passwords are 20 characters long. They contain the standard stuff, an uppercase character. They’re dominated by lowercase. We chose a symbol to use, which is hyphen. We put two of them in there, and a single [digit]. We picked this length and the mix of characters to be compatible with a good mix of existing websites.
I like the password format that Safari generates, but I wish I could turn off auto-generation of passwords. It’s a really awkward workflow if I prefer to create new accounts and passwords in PasswordWallet. As far as I can tell, I can only opt out for individual text fields. That takes a bunch of extra clicks, and if I forget I end up with the password stored in the wrong place, which I may not realize until much later, when it’s harder to fix. Just let me choose to have an empty text field by default.
Previously:
cachiporra:
I love how Hulu’s password reset input field silently strips out the dashes and compacts the password, while Apple dutifully saves the original.
Update (2024-10-11): Ricky Mondello notes that on Sequoia there’s a setting in the Passwords app to turn off password generation.
Update (2024-10-18): See also: Hacker News.
Apple Password Manager iOS iOS 18 Mac macOS 15 Sequoia Passwords PasswordWallet Safari
Matthias Gansrigler:
If you’re using Yoink on macOS Sequoia, you might have encountered an issue where Yoink would not accept any files anymore.
[…]
Basically any app that handles file URLs and saves them as a security-scoped bookmark for later access can be bitten by this bug, currently occurring on macOS 15.0 and 15.0.1.
DTS Engineer:
What you’re hitting is bug in “ScopedBookmarksAgent” which can cause it hang if it happens to have been launched when the keychain was also locked (for example, late in the screen lock process). That bug is fixed as of macOS 15.1 beta 4.
If you’re hitting it regularly during development, you can resolve the issue by killing ScopedBookmarksAgent (you may also need to kill and relaunch your app, depending on what state it ends up). On the user side, a log out (or reboot) should resolve the issue.
Jeff Johnson:
macOS Sequoia is disproof of the theory that spreading out WWDC-announced features over the course of the year will improve software quality.
Previously:
Bug Mac macOS 15 Sequoia Sandboxing Security Scoped Bookmarks
