The Deeply-Disappointed Edition Thursday, October 4, 2018

Chinese Spy Chips Are Said To Be Found In Hardware Used By Apple, Amazon; Apple Denies The Bloomberg Report, by Kate Fazzini, CNBC

Apple, AWS and Super Micro have disputed the report, with Apple saying it did not find the chips as asserted by BusinessWeek — which cites several anonymous government and corporate sources. Super Micro reportedly said it did not introduce the chips during the manufacturing process, as alleged. Apple pointed to denials already published by Bloomberg, and AWS did not immediately respond to follow-up requests for comment by CNBC.

Apple has issued strong denials of the report, stating: "We are deeply disappointed that in their dealings with us, Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple."

The Big Hack: How China Used A Tiny Chip To Infiltrate U.S. Companies, by Jordan Robertson, Michael Riley, Bloomberg

One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world’s most valuable company, Apple Inc. Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons.


The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim.

In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information. One government official says China’s goal was long-term access to high-value corporate secrets and sensitive government networks. No consumer data is known to have been stolen.

Problems with Latest Generations

Bluetooth In iPhone XS, iPhone XS Max Reportedly Causing Audio Connectivity Issues, by Malcolm Owens, AppleInsider

Posts on the Apple support forums reveal problems with pairing Bluetooth devices to the latest generation of iPhones. According to the posts, the issues largely relate to connecting their iPhone XS or iPhone XS Max to their vehicle's infotainment unit, but it also apparently affects some other Bluetooth-equipped devices.

The majority of cases also appear to indicate only the new models are affected by the issue, with the iPhone X, iPhone 8, and older devices apparently working normally in the situations. It is also not limited to a specific car manufacturer, as vehicles by Kia, Audi, Subaru, and Mercedes all appear in references to the head unit connectivity failures.

Why Are Apple Watch Faces Such A Mess?, by Jason Snell, Macworld

Since the day the Apple Watch was announced, developers have clamored for the opportunity to design custom watch faces. That may never happen—there are plenty of reasons for Apple to consider the face designs sacred and something the company must control itself. But if Apple insists on having a monopoly on face design, it’s incumbent on the company to be a better steward of those faces.

Every face needs to be modernized and support the new complication styles, at least on Series 4. Key system apps and features like Messages and cellular status should be available on all faces. Every face design should be more flexible.


Apple Drops BeatsX Pricing, Cuts Several Color Options, by Roger Fingas, AppleInsider

The headphones are now available in just two colors from Apple, silver and black. Blue, gold, space gray, and even white have been eliminated, as has the black and red "Defiant" option.

iTunes That Can Manage Apps Updated, But Incompatible With macOS Mojave, by Roger Fingas, AppleInsider

Apple warns that users —mostly enterprise customers —who download this edition of iTunes will have to update manually, and won't get technical support. The company also specifically notes that this update is incompatible with the new operating system, shedding doubt that it will ever be updated for macOS Mojave.

Examining Dark Mode Implementations Of Mac Productivity Apps, by John Voorhees, MacStories

In my Mojave review, I collected some representative examples of apps that were ready with Dark Mode implementations when the OS update shipped. Since then, many other apps have been updated. I’ve spent time with many of them and have begun to see some design and implementation patterns among the early adopters that are interesting to compare to similar system apps by Apple. It’s also useful to consider how these variations will impact the experiences users have with these apps.

In the sea of dark gray floating before my eyes, I’ve identified a handful of app categories that illustrate some of the subtle differences between the apps I’ve tried. There are many other good examples, but email clients, task managers, text editors, and note-taking apps are categories that best illustrate how Dark Mode is being used by the first wave of developers to put the feature into practice.

Adobe Releases Photoshop And Premiere Elements 2019 With Emphasis On Automation, by AppleInsider

Along with the usual slate of new features, this year's updates focus on automating what would otherwise be complex workflows with the help of Adobe Sensei artificial intelligence. Like past Elements releases, Adobe is putting an emphasis on ease-of-use by wrapping powerful software features in an approachable user interface.

Philips Hue App Adds Siri Shortcuts Support, by John Voorhees, MacStories

Users can pick from pre-built scenes created by designers to evoke a particular mood or create their own using photos or a color picker to control the color and brightness of a group of Hue bulbs.

With the new Siri Shortcut support, those scenes can be triggered using Siri and incorporated as actions in custom shortcuts using Apple’s Shortcuts app.

Review: Civilization VI On The iPhone Is The Full Experience, by Samuel Axon, Ars Technica

If you're willing to spend, you'll get the full, real, desktop Civilization VI experience in your pocket.


Malware Has A New Way To Hide On Your Mac, by Lily Hay Newman, Wired

These code signature checks are a vital security step. But Reed, who is the director of Mac and mobile platforms at the security firm Malwarebytes, has noticed that once a program passes a code signature check and gets installed, macOS never rechecks its signature. This means that attackers who buy a legitimate certificate from Apple—or steal one—can potentially trick Mac users into installing their malware. And if it manages to infect other legitimate programs after being downloaded, it could evade detection indefinitely.

Apple’s Tim Cook Is Sending A Privacy Bat-signal To US Lawmakers, by Natasha Lomas, TechCrunch

In a few weeks’ time Cook will literally stand alongside the architects of Europe’s GDPR, talking up privacy and ethics at the center of a Union whose founding charter grants its citizens data protection as a fundamental right.

The signalling is clear.

While Apple might so far have fallen just shy of calling for a full copypaste of GDPR-level data protections into US law, there’s perhaps an element of strategic caution at play that’s moderating its plain-text political messaging.

Bottom of the Page

I am being forced to change passwords at work every three months. I do change my passwords every time I see that pop-up reminder immediately. And I choose my new passwords mostly based on how I am feeling on that exact moment I see that pop-up. Which means that, given I have to key in that password multiple times per day at work, my mood is affected for the next three months based on how I was feeling on that particular password-changing day.

I haven't had a happy password for a while.


Thanks for reading.