The Roundup for May 21-June 22, 2019 Edition

(Tap! by Christopher Parsons)

Welcome to this edition of The Roundup! Enjoy the collection of interesting, informative, and entertaining links. Brew a fresh cup of coffee or grab yourself a drink, find a comfortable place, and relax.


So Apple has announced all the big changes forthcoming in iOS 13. While lots are great and exciting, the update still won’t bring baseline feature parity between MacOS and iOS core applications. The result is that serious users of consumer MacOS applications can’t fully transition to iOS or iPadOS. What’re just two baseline things that are missing, from my self-interested perspective?

1. Smart lists in Apple Music & Apple Photos

I get that smart lists may not be everyone’s deal, but self updating lists are pretty important in how I manage and organize data. To give an example, I use smart lists in Photos to determine what camera I used to take which photo. Does this matter for lots of people? Probably not, now that smartphones have colonized the photography business. But for someone like me who wants to know such metadata, the absence of it is noticeable.

2. Detailed information about photographs in Apple Photos

I don’t know why, it you can’t check aperture, shutter speeds ISO, or other basic camera features in Apple Photos, in iOS 12 or 13. Nor can you create a title for a photograph. Again, as someone who takes tens of thousands of photos a year, and reviews them all to select a rarified thousand or two ‘keepers’ each year and titles many of those kept, I really want to record titles.1 And it drives me nuts that I can’t.

I get that there are a lot of pretty amazing things coming in iOS 13. But can’t these pretty table-stakes things come along? These aren’t ‘Pro’ features: there’re the baseline features that have been available on consumer apps in MacOS for years. You shouldn’t need to own and use a Mac to enjoy these capabilities.


Inspiring Quotation

“Society is not some grand abstraction, my friends. It’s just us. It’s the words we use, which are the thoughts we have, which determine the actions we take.”

– Umair Haque

Great Photography Shots

I really appreciate some of the great shadows that come out in these shots over at Mobiography.

(‘lines and shadows‘ by @arpixa)
(‘Shadow casting‘ by @poetry fish)
(‘Untitled‘ by @lasina)
(‘On the dark side‘ by @jawdoc2)
(‘ RED ‘ by @dviviano)
(‘high light reverie‘ by @chasread)

Music I’m Digging

Having figured out the problem of songs not being added to my ‘Songs I Love’ lists, my monthly lists are going to be a lot more expansive than those in the past. My May 2019 list clocks in at around 5 ½ hours, with a mix of hip-hop, rap, pop, and a bit of alternative and rock.

Neat Podcast Episodes

  • Lawfare – Avril Haines, Eric Rosenbach, and David Sanger on U.S. Offensive Cyber Operations // This is an insightful, and nuanced, consideration of the equities which are taken into account when the United States engages in different classes of cyber operations. While the title of the podcast is focused on offensive cyber activities, the same logics can clearly be applied to defensive activities such as those linked with vulnerabilities equities processes or development of activities intended to mitigate harms emitted from foreign adversaries.
  • Lawfare – Jim Scuitto on ‘The Shadow War’ // While Scuitto doesn’t necessarily talk about anything excitingly novel in the summary of his book, he does an absolutely terrific job in summarizing the high-level threats to American (and, by extension, Canadian and Western) national security. From submarine threats, to space threats, to cyber, the threat landscape is remarkably different today as compared to twenty years ago. In terms of responses or solutions, key to the American approach is reconsidering and re-engineering the responses to aggressive actions. Clearly American responses have failed to dissuade actors such as Russia and China in certain spheres, such as aggressive military engagement and cyber espionage and propaganda, and so more directed cyber-based activities meant to expose the corruption of foreign leaders might represent the next logical step for the U.S. military establishment.

Good Reads

  • When the Hard Rains Fall // Welsh has done a terrific job in both outlining the policy and financial and scientific causes that lead to serious, and dangerous, flooding in Toronto while marrying it with superb storytelling. Not only does the article provide a huge amount of information in an impeccably understandable format, but the graphics that accompany the piece in certain sections are almost certain to elicit an emotional reaction. Stories like this demonstrate why it’s important to pay for investigative reporting, while also showcasing how contemporary technologies can improve narratives for clarity and impact.
  • ‘Botanical Sexism’ Could Be Behind Your Seasonal Allergies // In an ironic turn, when trees were routinely planted in urban environments in the 1960s, males of the various species were chosen on the basis that they wouldn’t promote litter by dropping seeds. However, these trees expel significant amounts of pollen which has had the effect of creating ‘pollenpocalypse’ events that both severely aggravate seasonal allergies and leave vast swathes of pollen coating the city.
  • Female Spies and Their Secrets // As in so many fields, women’s contributions to the intelligence and security services were largely erased from history as men replaced them. However, newly recovered and disclosed histories are showcasing the role(s) that women played throughout the second world war to lead underground resistances and otherwise facilitate Allied intelligence efforts.
  • Your threat model is wrong // Robert Graham’s abrasive and direct writing is refreshing, especially when he writes about phishing: “Yes, it’s amazing how easily stupid employees are tricked by the most obvious of phishing messages, and you want to point and laugh at them. But frankly, you want the idiot employees doing this. The more obvious phishing attempts are the least harmful and a good test of the rest of your security — which should be based on the assumption that users will frequently fall for phishing.”
  • After the Retail Apocalypse, Prepare for the Property Tax Meltdown // In the United States, some big box stores are attempting to (and succeeding in) reduce their property tax bills by arguing their stores should be valued at millions of dollars less than their current valuation. The result is that small towns, many of which invested in significant infrastructure projects to lure these stores, are at risk of having to reduce their services or defer additional investments that are less-focused on the company in question. Activities like this, combined with the general massive reduction in corporate taxes following the US government’s taxation changes under President Trump, threaten the very ability of small and large towns and cities to invest in infrastructure for the betterment of their residents.
  • The Secret to This Brazilian Coffee? Ants Harvest the Beans // In another instance of how weird and amazing the ecosystems of the earth are, ants that have inhabited an organic coffee farm in Brasil are affecting the taste of the beans in the process of removing the fruit around the beans to feed to their young. Apparently, this has effects on the acidity and taste of certain stronefruits, while also showcasing the interdependence of organic beings in the same ecosystem.
  • How To Make A Relationship Last // The guidance in this piece spoke to me, and reflect how I personally view long- term relationships and choice. Cage nicely summarizes that challenges of continuously choosing to stay in love, and in doing so provides a good set of instructions for others to follow and innovate upon.
  • How To Be A Leader — For Someone Who Hasn’t Been A Leader Before// This is really, really good and quick advice for someone who holds a leadership role, or is about to assume one. They key bits that stuck out include: put others before yourself, act as a role model instead of a boss, and be transparent about where you have weaknesses and work with your team to make sure they’re covered off. In effect, leadership under this model involves being humble, supportive, and aware of the need to improve the life and lots of your team.

Cool Things

  1. Ok, what I really want is to be able to add a title to a photo in Apple Photos on iOS, and then when I export the photo to, say, Instagram for the title to be automatically updated. But I realize I shouldn’t dream of such ‘exceptional’ capabilities and so will settle for adding titles manually in iOS and Instagram. Like an animal.
Aside

2018.3.29

The only thing I want in today’s iOS release is for Apple Notes to not hang and freeze constantly. It was only with iOS 11.2 that I started running into issues so I’m hopeful they’ll have fixed whatever went wrong last update.

Link

Cellebrite can unlock any iPhone (for some values of “any”)

An update by Ars Technica on Cellebrite’s ability to access the content on otherwise secured iOS devices:

Cellebrite is not revealing the nature of the Advanced Unlocking Services’ approach. However, it is likely software based, according to Dan Guido, CEO of the security firm Trail of Bits. Guido told Ars that he had heard Cellebrite’s attack method may be blocked by an upcoming iOS update, 11.3.

“That leads me to believe [Cellebrite] have a power/timing attack that lets them bypass arbitrary delays and avoid device lockouts,” Guido wrote in a message to Ars. “That method would rely on specific characteristics of the software, which explains how Apple could patch what appears to be a hardware issue.”

Regardless of the approach, Cellebrite’s method almost certainly is dependent on a brute-force attack to discover the PIN. And the easiest way to protect against that is to use a longer, alphanumeric password—something Apple has been attempting to encourage with TouchID and FaceID, since the biometric security methods reduce the number of times an iPhone owner has to enter a password.

This once again confirms the importance of establishing strong, long, passwords for iOS devices. Sure they’re less convenient but they provide measurably better security.

Link

Serious Vulnerabilities (Probably) Found in All iOS Devices

From Forbes:

The Israeli firm, a subsidiary of Japan’s Sun Corporation, hasn’t made any major public announcement about its new iOS capabilities. But Forbes was told by sources (who asked to remain anonymous as they weren’t authorized to talk on the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe. Indeed, the company’s literature for its Advanced Unlocking and Extraction Services offering now notes the company can break the security of “Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11.” Separately, a source in the police forensics community told Forbes he’d been told by Cellebrite it could unlock the iPhone 8. He believed the same was most probably true for the iPhone X, as security across both of Apple’s newest devices worked in much the same way.

If Cellebrite has, indeed, found a way of compromising all iOS devices then they’ve accomplished a pretty impressive task. I have to wonder whether the vulnerabilities emerged from studying the iBoot leak or their own software or hardware research. Assuming Cellebrite’s claims are legitimate they serve to underscore the position that government’s shouldn’t introduce backdoors or vulnerabilities into devices given that doing so will only exacerbate the existing problems associated with securing devices. Security is designed to add friction, not totally prevent an unauthorized party’s actions, and deliberately reducing such friction will put all users at greater jeopardy.

Aside

2018.1.27

iOS is still incredibly janky. Since updating to iOS 11 I’ve had to periodically do full device resets in order to stop podcasts from trying (and failing) to download in perpetuity; there’s no other was I’ve found to stop the process and, if I don’t, the battery drain rate is approximately 10-15% per hour, when the device is just sitting idle. And on a device that only has wireless service (no mobile data connection) I have to turn the wireless radios on and off about once per week to get Siri to actually take requests. Without a doubt this version of iOS is the worst I’ve ever had to muddle through…

Aside

Watching someone switch from Android and to iOS for the first time is a really interesting experience. The ease of wirelessly transferring data between operating systems (and devices!) and automatic installation/configuration of apps like they’re set up on their iPad is pretty magical. The near-automatic warning that they’re out of iCloud space and thus need to pony up a monthly payment to Apple is the only jarring part of the experience so far; Apple really needs to increase the default amount of storage provided to at least 10GB or so.

Aside

A Fix for Bad iPhone Battery Life

stewie.jpgFor the past weeks I’ve had outrageously bad battery life on my iPhone 7, running iOS 11. A lot of the battery drain was from the Podcasts app (approx. 24-33%) but I couldn’t figure out why the drain rate was so high: even when I only streamed over Bluetooth or Airplay I’d had the same power drain percentages, so it didn’t seem to be linked to powering the speaker on the phone (which can impact battery life significantly).

Then I realized that the application was searching for new podcasts every hour and downloading any that were available. My battery life has drastically improved after changing the setting so that the app only looks for new podcasts every 6 hours: I can now use the phone normally for a day and end up at about 20-30% battery remaining when it gets set down to charge for the night. Victory is mine!