IOS

Popular Weather App AccuWeather Caught Sending User Location Data, Even When Location Sharing is Off (zdnet.com) 62

Zack Whittaker, reporting for ZDNet: Popular weather app AccuWeather has been caught sending geolocation data to a third-party data monetization firm, even when the user has switched off location sharing. AccuWeather is one of the most popular weather apps in Apple's app store, with a near perfect four-star rating and millions of downloads to its name. But what the app doesn't say is that it sends sensitive data to a firm designed to monetize user locations without users' explicit permission. Security researcher Will Strafach intercepted the traffic from an iPhone running the latest version of AccuWeather and its servers and found that even when the app didn't have permission to access the device's precise location, the app would send the Wi-Fi router name and its unique MAC address to the servers of data monetization firm Reveal Mobile every few hours. That data can be correlated with public data to reveal an approximate location of a user's device. We independently verified the findings, and were able to geolocate an AccuWeather-running iPhone in our New York office within just a few meters, using nothing more than the Wi-Fi router's MAC address and public data.
IOS

iOS 11 Has a Feature To Temporarily Disable Touch ID (cultofmac.com) 138

A new feature baked into iOS 11 lets you quickly disable Touch ID, which could come in handy if you're ever in a situation where someone (a cop) might force you to unlock your device. Cult of Mac reports: To temporarily disable Touch ID, you simply press the power button quickly five times. This presents you with the "Emergency SOS" option, which you can swipe to call the emergency services. It also prevents your iPhone from being unlocked without the passcode. Until now, there were other ways to temporarily disable Touch ID, but they weren't quick and simply. You either had to restart your iPhone, let it sit idle for a few days until Touch ID was temporarily disabled by itself, or scan the wrong finger several times. The police, or any government agency, cannot force you to hand over your iPhone's passcode. However, they can force you to unlock your device with your fingerprint. That doesn't work if your fingerprint scanner has been disabled.
Desktops (Apple)

In Defense of the Popular Framework Electron (dev.to) 137

Electron, a popular framework that allows developers to write code once and seamlessly deploy it across multiple platforms, has been a topic of conversation lately among developers and users alike. Many have criticised Electron-powered apps to be "too memory intensive." A developer, who admittedly uses a high-end computer, shares his perspective: I can speak for myself when I say Electron runs like a dream. On a typical day, I'll have about three Atom windows open, a multi-team Slack up and running, as well as actively using and debugging my own Electron-based app Standard Notes. [...] So, how does it feel to run this bloat train of death every day? Well, it feels like nothing. I don't notice it. My laptop doesn't get hot. I don't hear the fan. I experience no lags in any application. [...] But aside from how it makes end-users feel, there is an arguably more important perspective to be had: how it makes software companies feel. For context, the project I work in is an open-source cross-platform notes app that's available on most platforms, including web, Mac, Windows, Linux, iOS, and Android. All the desktop applications are based off the main web codebase, and are bundled using Electron, while the iOS and Android app use their own native codebases respectively, one in Swift and the other in Kotlin. And as a new company without a lot of resources, this setup has just barely allowed us to enter the marketplace. Three codebases is two too many codebases to maintain. Every time we make a change, we have to make it in three different places, violating the most sacred tenet of computer science of keeping it DRY. As a one-person team deploying on all these platforms, even the most minor change will take at minimum three development days, one for each codebase. This includes debugging, fixing, testing, bundling, deploying, and distributing every single codebase. This is by no means an easy task.
Safari

Safari Should Display Favicons in Its Tabs (daringfireball.net) 189

Favicon -- or its lack thereof, to be precise -- has remained one of the longest running issues Safari users have complained about. For those of you who don't use Safari, just have a look at this mess I had earlier today when I was using Safari on a MacBook. There's no way I can just have a look at the tabs and make any sense of them. John Gruber, writing for DaringFireball: The gist of it is two-fold: (1) there are some people who strongly prefer to see favicons in tabs even when they don't have a ton of tabs open, simply because they prefer identifying tabs graphically rather than by the text of the page title; and (2) for people who do have a ton of tabs open, favicons are the only way to identify tabs. With many tabs open, there's really nothing subjective about it: Chrome's tabs are more usable because they show favicons. [...] Once Safari gets to a dozen or so tabs in a window, the left-most tabs are literally unidentifiable because they don't even show a single character of the tab title. They're just blank. I, as a decade-plus-long dedicated Safari user, am jealous of the usability and visual clarity of Chrome with a dozen or more tabs open. And I can see why dedicated Chrome users would consider Safari's tab design a non-starter to switching. I don't know what the argument is against showing favicons in Safari's tabs, but I can only presume that it's because some contingent within Apple thinks it would spoil the monochromatic aesthetic of Safari's toolbar area. [...] And it's highly debatable whether Safari's existing no-favicon tabs actually do look better. The feedback I've heard from Chrome users who won't even try Safari because it doesn't show favicons isn't just from developers -- it's from designers too. To me, the argument that Safari's tab bar should remain text-only is like arguing that MacOS should change its Command-Tab switcher and Dock from showing icons to showing only the names of applications. The Mac has been famous ever since 1984 for placing more visual significance on icons than on names. The Mac attracts visual thinkers and its design encourages visual thinking. So I think Safari's text-only tab bar isn't just wrong in general, it's particularly wrong on the Mac.
AI

Blizzard and DeepMind Turn StarCraft II Into An AI Research Lab (techcrunch.com) 52

Last year, Google's AI subsidiary DeepMind said it was going to work with Starcraft creator Blizzard to turn the strategy game into a proper research environment for AI engineers. Today, they're opening the doors to that environment, with new tools including a machine learning API, a large game replay dataset, an open source DeepMind toolset and more. TechCrunch reports: The new release of the StarCraft II API on the Blizzard side includes a Linux package made to be able to run in the cloud, as well as support for Windows and Mac. It also has support for offline AI vs. AI matches, and those anonymized game replays from actual human players for training up agents, which is starting out at 65,000 complete matches, and will grow to over 500,000 over the course of the next few weeks. StarCraft II is such a useful environment for AI research basically because of how complex and varied the games can be, with multiple open routes to victory for each individual match. Players also have to do many different things simultaneously, including managing and generating resources, as well as commanding military units and deploying defensive structures. Plus, not all information about the game board is available at once, meaning players have to make assumptions and predictions about what the opposition is up to.

It's such a big task, in fact, that DeepMind and Blizzard are including "mini-games" in the release, which break down different subtasks into "manageable chunks," including teaching agents to master tasks like building specific units, gathering resources, or moving around the map. The hope is that compartmentalizing these areas of play will allow testing and comparison of techniques from different researchers on each, along with refinement, before their eventual combination in complex agents that attempt to master the whole game.

GNOME

GNOME's Text Editor gedit 'No Longer Maintained', Needs New Developers (gnome.org) 239

AmiMoJo brings news about gedit, the default text editor for GNOME: In a post to the gedit mailing list, Sébastien Wilmet states that gedit is no longer maintained and asks "any developer interested to take over the maintenance of gedit?" Just in case you were considering it, he warns "BTW while the gedit core is written in C (with a bit of Objective-C for Mac OS X support), some plugins are written in Vala or Python. If you take over gedit maintenance, you'll need to deal with four programming languages (without counting the build system). The Python code is not compiled, so when doing refactorings in gedit core, good luck to port all the plugins (the Python code is also less "greppable" than C). At least with Vala there is a compiler, even if I would not recommend Vala."
Sébastien's comments were surrounded by a <rant-on-languages> tag, but they're still crying out for some serious discussion. Any Slashdot readers want to share their own insights on Python, some fond thoughts on gedit, or suggestions for maintaining a great piece of open source software?
Businesses

Where's All My CPU and Memory Gone? The Answer: $5B Worth Slack App (medium.com) 190

Slack, valued at $5 billion, has received buyout pitches from several companies including Amazon and Microsoft. But the team collaborations service, which has over 5 million active users, continues to offer one of the most resource intensive apps you could find on Mac and iOS. From an article: TLDR; If you care about battery life or availability of your finite CPU and memory on your computer, then you probably won't want to use Slack desktop with more than one or two accounts. Slack resource usage increases linearly as you add more accounts, and it quickly adds up. [...] I noticed that my machine has been sluggish and its battery life has become poor. Whilst investigating this, it turns out that Slack desktop fails badly when used with multiple accounts. This is because CPU and memory usage increases linearly as you add more accounts to your Slack desktop client. As a result, I believe the growing trend to use Slack to be part of multiple communities is seriously flawed until Slack resolve this problem. The author, Matthew O'Riordan, has shared screenshots of Activity Monitor which shows that Slack application on his Mac was consuming more than 1.5GB of memory, and as much as 70 percent of the energy. The company's iOS app instills several more issues.
Data Storage

Upcoming USB 3.2 Specification Will Double Data Rates Using Existing Cables (macrumors.com) 159

A new USB specification has been introduced today by the USB 3.0 Promoter Group, which is comprised of Apple, HP, Intel, Microsoft, and other companies. The new USB 3.2 specification will replace the existing 3.1 specification and will double data rates to 20Gbps using new wires available if your device embraces the newest USB hardware. Mac Rumors reports: An incremental update, USB 3.2 is designed to define multi-lane operation for USB 3.2 hosts and devices. USB Type-C cables already support multi-lane operation, and with USB 3.2, hosts and devices can be created as multi-lane solutions, allowing for either two lanes of 5Gb/s or two lanes of 10Gb/s operation. With support for two lanes of 10Gb/s transfer speeds, performance is essentially doubled over existing USB-C cables. As an example, the USB Promoter Group says a USB 3.2 host connected to a USB 3.2 storage device will be capable of 2GB/sec data transfer performance over a USB-C cable certified for USB SuperSpeed 10Gb/s USB 3.1, while also remaining backwards compatible with earlier USB devices. Along with two-lane operation, USB 3.2 continues to use SuperSpeed USB layer data rates and encoding techniques and will introduce a minor update to hub specifications for seamless transitions between single and two-lane operation.
IT

Adobe Announces that in 2020, Flash Player Will Reach Its 'End-of-Life' in Light of Newer Technologies (webkit.org) 154

Adobe said on Tuesday it will stop distributing and updating Flash Player at the end of 2020 and is encouraging web developers to migrate any existing Flash content to open standards. Apple is working with Adobe, industry partners, and developers to complete this transition. From a blog post: Apple users have been experiencing the web without Flash for some time. iPhone, iPad, and iPod touch never supported Flash. For the Mac, the transition from Flash began in 2010 when Flash was no longer pre-installed. Today, if users install Flash, it remains off by default. Safari requires explicit approval on each website before running the Flash plugin.
Security

Mysterious Mac Malware Has Infected Hundreds of Victims For Years (vice.com) 128

An anonymous reader shares a report: A mysterious piece of malware has been infecting hundreds of Mac computers for years -- and no one noticed until a few months ago. The malware is called "FruitFly," and one of its variants, "FruitFly 2" has infected at least 400 victims over the years. FruitFly 2 is intriguing and mysterious: its goals, who's behind it, and how it infects victims, are all unknown. Earlier this year, an ex-NSA hacker started looking into a piece of malware he described to me as "unique" and "intriguing." It was a slightly different strain of a malware discovered on four computers earlier this year by security firm Malwarebytes, known as "FruitFly." This first strain had researchers scratching their heads. On the surface, the malware seemed "simplistic." It was programmed mainly to surreptitiously monitor victims through their webcams, capture their screens, and log keystrokes. But, strangely, it went undetected since at least 2015. There was no indication of who could be behind it, and it contained "ancient" functions and "rudimentary" remote control capabilities, Malwarebytes's Thomas Reed wrote at the time.
Desktops (Apple)

Apple Releases First Public Beta Of iOS 11 for iPhone and iPad 56

Zac Hall, writing for 9to5Mac: Apple has released the first macOS High Sierra public beta for Mac. This allows users who are not registered developers to test pre-release versions of macOS with new features for free. Prior to the public beta availability, macOS High Sierra has only been available to test with a $99/year developer account. You can register for the free public beta program here. [Note: some outlets report that the update is still "coming soon." [...] Apple has released the first iOS 11 public beta for iPhone and iPad. This allows users who are not registered developers to test pre-release versions of iOS with new features for free. You can register for the free public beta program here..
Security

Cisco Subdomain Private Key Found in Embedded Executable (google.com) 53

Earlier this month, a developer accidentally discovered the private key of a Cisco subdomain. An anonymous reader shares the post: Last weekend, in an attempt to get Sky's NOW TV video player (for Mac) to work on my machine, I noticed that one of the Cisco executables contains a private key that is associated with the public key in a trusted certificate for a cisco.com sub domain. This certificate is used in a local WebSocket server, presumably to allow secure Sky/NOW TV origins to communicate with the video player on the users' local machines. I read the Baseline Requirements document (version 1.4.5, section 4.9.1.1), but I wasn't entirely sure whether this is considered a key compromise. I asked Hanno Bock on Twitter, and he advised me to post the matter to this mailing list. The executable containing the private key is named 'CiscoVideoGuardMonitor', and is shipped as part of the NOW TV video player. In case you are interested, the installer can be found here (SHA-256: 56feeef4c3d141562900f9f0339b120d4db07ae2777cc73a31e3b830022241e6). I would recommend to run this installer in a virtual machine, because it drops files all over the place, and installs a few launch items (agents/daemons). The executable 'CiscoVideoGuardMonitor' can be found at '$HOME/Library/Cisco/VideoGuardPlayer/VideoGuardMonitor/ VideoGuardMonitor.bundle/Contents/MacOS/CiscoVideoGuardMonitor'. Certificate details: Serial number: 66170CE2EC8B7D88B4E2EB732E738FE3A67CF672, DNS names: drmlocal.cisco.com, Issued by: HydrantID SSL ICA G2. The issuer HydrantID has since communicated with the certificate holder Cisco, and the certificate has been revoked.
OS X

The Behind-the-Scenes Changes Found In MacOS High Sierra (arstechnica.com) 205

Apple officially announced macOS High Sierra at WWDC 2017 earlier this month. While the new OS doesn't feature a ton of user-visible improvements and is ultimately shaping up to be a low-key release, it does feature several behind-the-scenes changes that could help make it the most stable macOS update in years. Andrew Cunningham from Ars Technica has "browsed the dev docs and talked with Apple to get some more details of the update's foundational changes." Here are some excerpts from three key areas of the report: APFS
Like iOS 10.3, High Sierra will convert your boot drive to APFS when you first install it -- this will be true for all Macs that run High Sierra, regardless of whether they're equipped with an SSD, a spinning HDD, or a Fusion Drive setup. In the current beta installer, you're given an option to uncheck the APFS box (checked by default) before you start the install process, though that doesn't necessarily guarantee that it will survive in the final version. It's also not clear at this point if there are edge cases -- third-party SSDs, for instance -- that won't automatically be converted. But assuming that most people stick with the defaults and that most people don't crack their Macs open, most Mac users who do the upgrade are going to get the new filesystem.

HEVC and HEIF
All High Sierra Macs will pick up support for HEVC, but only very recent models will support any kind of hardware acceleration. This is important because playing HEVC streams, especially at high resolutions and bitrates, is a pretty hardware-intensive operation. HEVC playback can consume most of a CPU's processor cycles, and especially on slower dual-core laptop processors, smooth playback may be impossible altogether. Dedicated HEVC encode and decode blocks in CPUs and GPUs can handle the heavy lifting more efficiently, freeing up your CPU and greatly reducing power consumption, but HEVC's newness means that dedicated hardware isn't especially prevalent yet.

Metal 2
While both macOS and iOS still nominally support open, third-party APIs like OpenGL and OpenCL, it's clear that the company sees Metal as the way forward for graphics and GPU compute on its platforms. Apple's OpenGL support in macOS and iOS hasn't changed at all in years, and there are absolutely no signs that Apple plans to support Vulkan. But the API will enable some improvements for end users, too. People with newer GPUs should expect to benefit from some performance improvements, not just in games but in macOS itself; Apple says the entire WindowServer is now using Metal, which should improve the fluidity and consistency of transitions and animations within macOS; this can be a problem on Macs when you're pushing multiple monitors or using higher Retina scaling modes on, especially if you're using integrated graphics. Metal 2 is also the go-to API for supporting VR on macOS, something Apple is pushing in a big way with its newer iMacs and its native support for external Thunderbolt 3 GPU enclosures. Apple says that every device that supports Metal should support at least some of Metal 2's new features, but the implication there is that some older GPUs won't be able to do everything the newer ones can do.

Apple

The Right To Repair Movement Is Forcing Apple To Change (vice.com) 165

The executive director of Repair.org says Apple has "decided to be nicer to consumers in order to stop them from demanding their right to repair," according to Motherboard. Slashdot reader Jason Koebler shared this article: It's increasingly looking like Apple can no longer ignore the repair insurgency that's been brewing: The right to repair movement is winning, and Apple's behavior is changing. In the last few months, Apple has made political, design, and customer service decisions that suggest the right to repair movement is having a real impact on the company's operations...

Apple has repeatedly made small concessions to its customers on the issues that Repair.org and the larger repair community have decided to highlight. The question is whether these concessions are going to be enough to satiate customers who want their devices to be easily repairable and upgradable, and whether the right to repair movement can convince those people to continue demanding fair treatment.

The article notes that at least 12 U.S. states are still considering "fair repair" laws, which would force Apple to sell replacement parts to both independent repair shops and the general public.
Music

Spotify Continues To Grow Faster Than Apple Music Thanks To Free Tier (macrumors.com) 25

Joe Rossignol reports via Mac Rumors: Spotify today announced it now has over 140 million subscribers worldwide, including users that only listen to the free ad-supported tier. Spotify last said it had over 100 million subscribers in June 2016, so it has gained around 40 million listeners in one year to remain the world's largest streaming music service. Spotify didn't update its number of paying subscribers, which stood at over 50 million worldwide as of March 2017. By comparison, Apple at its Worldwide Developers Conference last week announced that Apple Music now has 27 million paying subscribers, just weeks before the streaming music service turns two years old. Apple Music doesn't have a free tier, and Apple doesn't regularly disclose how many users are using the free trial.
Desktops (Apple)

Apple Mac Computers Are Being Targeted By Ransomware, Spyware (bbc.com) 54

If you are a Mac user, you should be aware of new variants of malware that have been created specifically to target Apple computers; one is ransomware and the other is spyware. "The two programs were uncovered by the security firms Fortinet and AlienVault, which found a portal on the Tor 'dark web' network that acted as a shopfront for both," reports BBC. "In a blog post, Fortinet said the site claimed that the creators behind it were professional software engineers with 'extensive experience' of creating working code." From the report: Those wishing to use either of the programs had been urged to get in touch and provide details of how they wanted the malware to be set up. The malware's creators had said that payments made by ransomware victims would be split between themselves and their customers. Researchers at Fortinet contacted the ransomware writers pretending they were interested in using the product and, soon afterwards, were sent a sample of the malware. Analysis revealed that it used much less sophisticated encryption than the many variants seen targeting Windows machines, said the firm. However, they added, any files scrambled with the ransomware would be completely lost because it did a very poor job of handling the decryption keys needed to restore data. The free Macspy spyware, offered via the same site, can log which keys are pressed, take screenshots and tap into a machine's microphone. In its analysis, AlienVault researcher Peter Ewane said the malicious code in the spyware tried hard to evade many of the standard ways security programs spot and stop such programs.
Mozilla

Firefox 54 Arrives With Multi-Process Support For All Users (venturebeat.com) 102

An anonymous reader writes: Mozilla today launched Firefox 54 for Windows, Mac, Linux, and Android. The new version includes the next major phase of multi-process support, which streamlines memory use, improving responsiveness and speed. The Electrolysis project, which is the largest change to Firefox code ever, is live. Firefox now uses up to four processes to run webpage content across all open tabs. This means that complex webpages in one tab have a much lower impact on responsiveness and speed in other tabs, and Firefox finally makes better use of your computer's hardware.
Operating Systems

Skype Retires Older Apps for Windows, Linux (techcrunch.com) 121

An anonymous reader writes: The newest version of the Skype app takes a big hat-tip from social media platforms like Snapchat and Facebook's Messenger with its newest features, adding a Stories-like feature called Highlights, a big selection of bots to add into chats and a longer plan to upgrade group conversations with more features. Now, as part of the effort to get people to use the new Skype more, the company is also doubling down on something else: Skype is trying to get users off of older versions of Skype. As part of that push, the Microsoft-owned company has sent out messages to users this week noting that it will be retiring a host of older iterations on July 1. Those who are still using them after that day will likely no longer be able to sign on. Skype app won't work on the follow OS versions: Android 4.0.2 and lower, BlackBerry OS 7.1 and lower, iOS 7 and lower, Linux (Linux users must upgrade to Skype for Linux Beta), Mac OS X 10.8 and lower, Symbian OS, Skype mobile for Verizon, Skype on 3, Skype on TV, Windows 10 task-based app, Windows Phone 8.1 and lower, and Windows RT.
Desktops (Apple)

Teardown of New iMac Reveals Upgradable Processors, RAM (macrumors.com) 205

According to an iFixit teardown, Apple's new 4K 21.5-inch iMac has both removable RAM and a Kaby Lake processor that's not soldered onto the logic board. Whereas the previous models had soldered memory modules, the new iMac's memory sit in two removable SO-DIMM slots. MacRumors reports: iFixit made the discovery by disassembling Apple's $1,299 mid-range 3.0GHz stock option, which includes 8GB of 2400MHz DDR4 memory, a Radeon Pro 555 graphics card with 2GB of VRAM, and a 1TB 5400-RPM hard drive. After slicing through the adhesive that secures the 4K display to the iMac's housing and removing the power supply, hard drive, and fan, iFixit discovered that the memory modules aren't soldered onto the logic board like previous models, but instead sit in two removable SO-DIMM slots. Similarly, after detaching the heatsink and removing the warranty voiding stickers on the backside of the logic board, iFixit found that the Intel SR32W Core i5-7400 Kaby Lake processor sits in a standard LGA 1151 CPU socket, making it possible to replace or upgrade the CPU without a reflow station.
Encryption

Apple To Force Users To 2FA On iOS 11, macOS High Sierra (onthewire.io) 119

Trailrunner7 quotes a report from On the Wire: With the upcoming releases of iOS 11 and macOS High Sierra later this year, Apple is planning to force many users to adopt two-factor authentication for their accounts. The company this week sent an email to customers who have the existing two-step verification enabled for their Apple IDs, informing them that once they install the public betas of the new operating systems they will be migrated to two-factor authentication automatically. Two-step verification is an older method of account security that Apple rolled out before full two-factor authentication was available. Apple is phasing that out and will be upgrading people with eligible devices automatically. "Once updated, you'll get the same extra layer of security you enjoy with two-step verification today, but with an even better user experience. Verification codes will be displayed on your trusted devices automatically whenever you sign in, and you will no longer need to keep a printed recovery key to make sure you can reset a forgotten password," the email from Apple says.

Slashdot Top Deals