The Build-Something-Better Edition Saturday, October 6, 2018

The Untold Story Of Stripe, The Secretive $20bn Startup Driving Apple, Amazon And Facebook, by Stephen Armstrong, Wired

For years, the growth in e-commerce outpaced the underlying payments technology: companies wanting to set up shop had to go to a bank, which processes payments, and setup a gateway to connect the two. This takes weeks, lots of people, and fee after fee. Much of the software in place was decades old and written by banks, credit-card companies and financial middlemen.

Paypal – designed to simplify payments – actually made this worse. The company infuriated startups with its restrictions – once turnover hit a certain level, Paypal automatically put the business on a 21 to 60 day rolling reserve, meaning that up to 30 per cent of a company’s revenue could be locked up for up to two months. Developers had to choose between this and complex legacy systems built by banks.

“For us it was quite visceral: these products are not serving the needs of the customers, so let’s build something better,” John Collison argues. “In old-fashioned legacy companies it’s the CFO choosing the payments system. They think all systems are alike, so they just sort the bids from suppliers. But if you’re a developer building the next Kickstarter, or the next Lyft, and you have a two-person team, both of you writing relatively complex code and solving complex infrastructural problem, you need a simple payments API that – once installed – doesn’t keep changing.”

Google Calls Apple Out For Sneaky iOS And Safari Security Advisories, by Jeremy Horwitz, VentureBeat

Between security-compromised OS releases and a fair number of Safari issues, bugs and omissions aren’t hard to spot in Apple’s codebases, and some oddly seem to pop up again in later releases after being “fixed.” Better pre-release debugging and greater transparency would go a long way towards addressing issues that have clouded the company this year.

The HomePod’s Growing Pains, by Dan Moren, Macworld

Apple struggled to define the Watch in its first few iterations. “What can it do? What can’t it do?” seemed to be the party line, but in recent years the company’s focused on limited areas—fitness, health, and notifications—as the primary uses of its smartwatch.

Seemingly intending not to make the same mistake twice, Apple came out of the gate with a relatively narrow feature set for the HomePod, focusing on music playback and, to a lesser degree, smart home integration. If you’re not an Apple Music user and haven’t delved into smart home tech, there’s seemingly not much for you in the HomePod. (Not to mention a focus on features that require multiple HomePods—multiroom audio and stereo pairing—is an even harder sell when when your product command a premium.)

Done Deal

Decoding The Chinese Super Micro Super Spy-chip Super-scandal: What Do We Know – And Who Is Telling The Truth?, by Kieren McCarthy, The Register

Plus of course the impact has already been felt.

Infosec companies are already advising companies what to do, talking about the situation as if it is already a done deal. "First of all, you are unlikely going to spot the additional component on your own. Amazon apparently was able to do so after comparing drawings of a motherboard to what was actually built," notes one post matter-of-factly, adding: "Should you stop buying Supermicro motherboards? The real question is: What are the alternatives?"


Of course the bigger question is not really about tiny secret spy chips but overall security. There is no reason why a similar ability to hack into motherboards couldn't be included in chips expected to be on the circuit boards – and so be physically undetectable. And, of course, the majority of the world's chips are manufactured, you guessed it, in China and Taiwan. You know: the country that makes everyone's iPhones.

Apple Insiders Say Nobody Internally Knows What’s Going On With Bloomberg’s China Hack Story, by Charlie Warzel and John Paczkowski, BuzzFeed

Reached by BuzzFeed News multiple Apple sources — three of them very senior executives who work on the security and legal teams — said that they are at a loss as to how to explain the allegations. These people described a massive, granular, and siloed investigation into not just the claims made in the story, but into unrelated incidents that might have inspired them.

“We tried to figure out if there was anything, anything, that transpired that's even remotely close to this,” a senior Apple security executive told BuzzFeed News. “We found nothing.”

Facebook, Apple Confirm They Were Targets Of Supermicro Malware Attack, by Rachel Kraus, Mashable

Apple says it discovered malware on a single server in 2016. This does not conflict with its denial of hardware attack; in fact, it bolsters it, because Apple cites the malware as the reason it dropped Supermicro as a vendor in its official statement — not the presence of malicious microchips in servers.


Daily Dictionary’s New Watch App Showcases The Latest watchOS Capabilities, by Ryan Christoffel, MacStories

Daily Dictionary's Watch app is noteworthy for employing two capabilities recently added to the Watch: complications for the Series 4's Infograph faces, and a custom UI for notifications.


The Very Definition Of Overwhelm, by Shawn Blanc

When you’re feeling buried under a mass of so much stuff, it can feel as if you’re responsible for everything in the whole world.

But it can be liberating when you step back and get clarity about the things that ONLY YOU can do.

Terminal Security Profiles, by Daniel Jalkut, Bitsplitting

I don’t completely understand the limitations there, but I suspect that because commands in the Terminal are running as subprocesses of Terminal, there is some technical challenge to making the permissions apply at such a fine-grained level.

As an alternative, I wonder if Apple could introduce some kind of “Security Profiles” feature for Terminal so that individual windows within the app could be run when different permissions? This could build on Terminal’s existing support for “Profiles” which already support varying Terminal settings dramatically on a per-window basis.


Bottom of the Page

I can't wait to see what else from Apple will be updated in October.

Personally, I am hoping for cheaper AirPods. (There will be higher-end AirPods, probably.) Afterall, all signs point to an Apple moving to a wireless future, and Apple will want to replace the cheap EarPods bundled with iPhones with a cheap set of wireless AirPods, right? Gotta start learning how to make cheap wireless AirPods first.


Thanks for reading.