China Reportedly Snuck Spy Chips Onto Apple, Amazon Servers

· · Link

iMac with spy watching through screen

Bloomberg says spies in China managed to add a chip to servers Apple, Amazon, government agencies, and other companies were using. The chips were found on Supermicro server and were no bigger than a grain of rice. They let the People’s Liberation Army, and presumably other government agencies capture data and even remotely control compromised servers. From Bloomberg’s report:

The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.

Apple vehemently denies the report and calls out what it says are factual errors. The other companies deny the report, too. Apple stopped buying Supermicro servers in 2016 after discovering an unrelated security issue. Amazon bought Elemental Technologies, the company that wrote the software running on Supermicro servers, to run on its own custom designed hardware. Either China pulled off the most amazing hack ever: altering server hardware during manufacture for espionage, or Bloomberg and its sources got the story completely wrong.

A Terrific Review: Apple Watch Series 4

· · Link

Apple Watch Series 4

Jason Snell, at Six Colors, has written up a very nice review of the Apple Watch Series 4.  Notable is the assessment of which previous generation owners should upgrade to Series 4. And he doesn’t forget to note: “Apple also won’t let you buy a Stainless Steel model unless you buy the cellular edition. That double penalty means you can’t get a stainless Series 4 for less than $699.” Check it out.

Silicon Valley is Suddenly Pushing Privacy Laws. Don't Believe It.

· · Link

Neema Singh Guliani points out that just because Silicon Valley companies are suddenly pushing for privacy laws after all of these years, that doesn’t mean they have our best interests in mind.

After years of claiming they could self-regulate, the tech industry is suddenly receptive to the idea of federal privacy legislation. But don’t let this post-Cambridge Analytica “mea culpa” fool you into believing these companies have consumers’ best interests in mind. Far from it.

This seeming willingness to subject themselves to federal regulation is, in fact, an effort to enlist the Trump administration and Congress in companies’ efforts to weaken state-level consumer privacy protections.

More Streaming Services Mean More Piracy

· · Link

A Global Internet Phenomena report shows that piracy is increasing thanks to a deluge of streaming services. They all have compete with Netflix and it ends up being the exact same situation we had with television providers.

“More sources than ever are producing “exclusive” content available on a single streaming or broadcast service—think Game of Thrones for HBO, House of Cards for Netflix, The Handmaid’s Tale for Hulu, or Jack Ryanfor Amazon,” Sandvine’s Cam Cullen said in a blog post.

“To get access to all of these services, it gets very expensive for a consumer, so they subscribe to one or two and pirate the rest.” Cullen said.

The Facebook Hack Betrays Trust in Single Sign On Services

· · Link

The recent Facebook hack means that we probably shouldn’t rely on single sign-on services like Facebook and Google anymore.

If they had taken more care with their implementation of Facebook’s Single Sign-On feature—which lets you use your Facebook account to access other sites and services, rather than creating a unique password for every site—the impact could have largely been limited to Facebook. Instead, hackers could potentially have accessed everything from people’s private messages on Tinder to their passport information on Expedia, all without leaving a trace.

The Feds Will Have a Tough Time Blocking California's Net Neutrality Law

· · Link

Net Neutrality

As soon as Governor Jerry Brown signed California’s tough net neutrality bill, the U.S. Justice Department filed suit to stop it, claiming the state doesn’t have the legal authority, but this Verge article points out: “… telecom industry legal experts say that when the FCC dismantled its own authority over broadband ISPs (by rolling back their classification of ISPs as Title II common carriers under the Telecom Act), it ironically killed any authority it might have had to tell states what to do.” Oh, the delicious irony.

How to Play Free Classic Arcade Games Online

· · Link

The Internet Archive has built the Internet Arcade, and it lets you play over a thousand free classic arcade games online.

The majority of these newly-available games date to the 1990s and early 2000s, as arcade machines both became significantly more complicated and graphically rich, while also suffering from the ever-present and home-based video game consoles that would come to dominate gaming to the present day. Even fervent gamers might have missed some of these arcade machines when they were in the physical world, due to lower distribution numbers and shorter times on the floor.

iPhone XS Tests Far Better Than iPhone X in LTE Speeds

· · Link

Apple iPhone Xs and iPhone Xs Max

At PC MagazineSascha Segan has compared LTE speeds of the iPhone X to XS, and the latter is substantially faster. “The new iPhone XS and XS Max use an LTE modem that we’ve never seen used anywhere else: the Intel XMM7560. The 7560 is Intel’s first modem to support all four US wireless carriers, letting Apple drop Qualcomm, the world’s dominant high-end modem supplier.” However, ” … it still doesn’t quite match the Qualcomm X20 modem used in the Samsung Galaxy Note 9.” This is good stuff.

California Just Passed an Internet of Things Law

· · Link

California Governor Jerry Brown has signed an Internet of Things law covering cybersecurity. California is the first state with a law like this.

Starting on January 1st, 2020, any manufacturer of a device that connects “directly or indirectly” to the internet must equip it with “reasonable” security features, designed to prevent unauthorized access, modification, or information disclosure. If it can be accessed outside a local area network with a password, it needs to either come with a unique password for each device, or force users to set their own password the first time they connect. That means no more generic default credentials for a hacker to guess.

If only it affected all IoT devices, instead of ones created two years into the future.

In This Cafe Students Pay With Their Personal Data

· · Link

Shiru Cafe’s customers are all college students (as a requirement) and instead of cash students pay with personal data.

To get the free coffee, university students must give away their names, phone numbers, email addresses and majors, or in Brown’s lingo, concentrations. Students also provide dates of birth and professional interests, entering all of the information in an online form. By doing so, the students also open themselves up to receiving information from corporate sponsors…

I know it sounds horrifying, but think of it this way. First, it’s voluntary. If you don’t want to give them your information, you can go to another shop and pay with cash (free market capitalism right there). Second, students will realize how valuable their data is, and maybe rethink giving it away for free in the future to the likes of Google and Facebook. It’s fine if you do, but understanding the tradeoff is important.

Laptop and Monitor Stand with Built-in USB-C Hub: $154.99

· · TMO Deals

ProBASE HD USB-C Laptop & Monitor Stand

We have a deal on a very cool device called the ProBASE HD USB-C laptop and monitor stand—with a built-in USB-C hub. That hub has one USB-C input, as well as output ports for 4K HDMI, USB 3.0 (x3), and USB-C DATA. That makes this device pretty close to a docking station with a built-in stand, and it will even look good with your Apple gear. It’s $154.99 through our deal. Check out the promo video.

Comparison of iPhone X and iPhone XS Video

· · Link

Apple iPhone Xs and iPhone Xs Max

It takes a lot of work to photograph or video identical scenes when comparing iPhone cameras, so I appreciated this very nice article comparing iPhone X to XS video. Also, here’s a snippet that has been widely overlooked: “Both the XS and XS Max can now record audio in stereo, which adds another layer of depth to recordings. By contrast, all iPhone models up to 2018, including the iPhone X, recorded sound in mono.” Have a look.

UK Approval for Apple Watch ECG Could Take Years

· · Link

U.K. regulatory approval for Apple Watch ECG feature could take years. Ben Lovejoy reached out to the Medicines and Healthcare products Regulatory Agency.

You may need to carry out a clinical investigation as part of the process to obtain a CE marking for your medical device. You must inform MHRA if you are planning to do this at least 60 days before starting your investigation [providing] some basic details about the investigational device, the intended population, the type of study, and estimated application date.

It turns out that Apple only got FDA approval one day before the keynote. It’s probable that Apple has been working with UK regulatory bodies all along, and that process just takes longer than here in the U.S.

Clearing Up Misinformation About That Facebook Phone Number Ad Thing

· · Link

What I call the “Facebook phone number ad thing” has been in the news a lot. Facebook confirmed it uses your two-factor authentication phone number for advertising purposes. But let’s cut through the clickbait headlines.

One of the many ways that ads get in front of your eyeballs on Facebook and Instagram is that the social networking giant lets an advertiser upload a list of phone numbers or email addresses it has on file; it will then put an ad in front of accounts associated with that contact information.

Facebook is not handing out your phone number to advertisers. What is happening is if an advertiser already has a phone number, they can go to Facebook and say: “Please show an ad to the profile with this phone number.” The only difference now is that Facebook uses your two-factor authentication number for this, even if you haven’t put your phone number in your profile elsewhere. Still sh*tty though.

The Guy Who Named the iMac Says iPhone Naming Sucks

· · Link

Confused woman with iPhone

Ken Segall, the guy who came up with the iMac name, says Apple has totally blown it with the iPhone naming convention—or lack of convention. He says it’s confusing, and mixing Roman numerals with letters, and making those letters seem arbitrary at best. He says in a blog post,

Last year’s models set new standards for complexity. We had an 8, 8 Plus, X and SE. That’s two numbers, one Roman numeral, one paring of letters, plus an odd numerical gap between 8 and 10. Or, in Apple lingo, between 8 and X.

Now we have Roman numerals and letters, and odds are it’ll get worse next year with the iPhone X2. He adds, “Then, one year later, the Holy Grail of bad product naming will be within Apple’s grasp. An iPhone X2S will feature a Roman numeral, a number and a letter, all in one name.” Yep. Good luck with that one, Apple.