The Type-Confusion Edition Thursday, March 16, 2017

Researchers Uncover macOS And Safari Exploits At Pwn2Own 2017, by Tim Hardwick, MacRumors

Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar. [...]

Later in the day, Chaitin Security Research Lab also targeted Safari with an escalation to root on macOS, finding success using a total of six bugs in their exploit chain, including "an info disclosure in Safari, four type confusion bugs in the browser, and a UAF in WindowServer". The combined efforts earned the team $35,000.

This Is Apple’s Mysterious ‘iPhone Calibration Machine’, by Jason Koebler, Motherboard

"It was a big clunky machine that honestly looked like someone built it in their backyard," a former Apple Genius told me. "There were different 'moulds' that different iPhone models would go into before going in the machine, and it would take around 30 minutes … there was some weird liquid that needed to be placed in the machine that we would have to wear gloves with to fix it. Lots of gas type valves and whatnot. It literally looked like some backyard home job. Not very Apple-like at all."

What's Apple Doing

An Update On What Apple Is Doing With 3,600 Acres In Eastern North Carolina, by Lauren K. Ohnesorge, Triangle Business Journal

Jena Thompson Meredith, vice president of business partnerships at The Conservation Fund, says that through Apple’s forest purchases in North Carolina and Maine, the organization has been able to protect 36,000 acres of sustainable forest. In 2016, the group harvested more than 13,000 metric tons of wood between the two forests, she says, though she did not break that number down by state. [...]

She says the collective annual production from the forests in North Carolina and Maine was equivalent to about 30 percent of the virgin fiber used in Apple’s product packaging for 2015.

Apple Music Threw An Awkward Rap Party At SXSW, And We Were There For The Weirdness, by Kerry Flynn, Mashable

The most jaw-dropping moment was finding my friendly neighborhood bartender, and learning that I needed to dig out cash. Yes, the most valuable company in the world was running a cash bar. And yes, iPhones offer a fancy way to pay called Apple Pay, but at Apple Music that didn't fly.

The Curious State Of Apple Product Pricing, by Neil Cybart, Above Avalon

Apple's pricing strategy is ultimately about bringing new users into the Apple ecosystem. While the iPhone remains the most effective tool for accomplishing this, Apple wearables will increasingly represent another new user tool at management's disposal. It may be difficult to believe, but AirPods likely represent the first Apple product for more than a few people. Additional value will flow to companies selling multiple wearables products to the same user. As it currently stands, the average Apple user owns more than one Apple product. This trend will only intensify as time goes on when considering Apple Watch and AirPods.

The trickiest aspect of Apple's pricing strategy is running with lower prices while at the same time, becoming more of a luxury brand. In essence, Apple is redefining luxury. While other luxury brands have utilized lower-priced items to serve as brand entry points, Apple is taking the practice to an entirely new level by pricing products below the competition. Apple is making luxury much more accessible with the idea that low-priced gadgets can create an experience just as luxurious as that of premium gadgets. It's going to be difficult for other consumer tech companies to play in this game.

What's Apple's Next Chapter In Podcasting?, by Jason Snell, Six Colors

Apple could potentially build a paid podcast subscription system, using Apple’s payment infrastructure and its podcast-playing apps, and open it to all podcast publishers. Listeners would still need to download a specific app—Apple’s app—but they could mix the free podcasts in Apple’s catalog with the ones they’re paying for.

This one feels a whole lot more likely to me. Yes, it means that Apple’s podcast directory would shift from its current emphasis on the open standards of RSS to a hybrid model that also features limited-access content. But if Apple wanted to encourage the commercial growth of the podcast world, it would be entirely within its powers to make it happen.

Apple Maps Updated With Proper Apple Park Details And Satellite Imagery, by Chance Miller, 9to5Mac

Apple’s new Apple Park campus is officially set to open next month, and ahead of that, the company has recently updated Apple Maps with satellite imagery of the new campus and a proper description.


McDonald's, Late To Mobile Ordering, Seeks To Avoid Pitfalls, by Lisa Baertlein, Reuters

Unlike many others, McDonald's app will track a customer's location to ensure that orders are sent to the right restaurant and timed so that food is not left to wilt under heat lamps.

When the customer arrives at the restaurant, the app asks for confirmation and payment before sending orders to the kitchen. "If they don't start your order until you pull in the lot, are you really gaining that much time?" investor Sampson asked. The final version of the app will also ask customers to choose table service, counter or drive-through pickup, or curbside delivery.


Working With Email URLs On macOS, by Mike Schmitz, The Sweet Setup

When you use a link to a specific email message, it allows you to go straight to that message and bypass the rest of your email. That means you won’t get distracted by what might have appeared in your inbox since you last looked, and you are free to focus on the thing that you need to take action on. It also means you don’t need to search through your archive or dig through project folders to find the exact message.

Chrome 57 Restricts Background Tabs To 1% CPU, Prolonging Battery Life, by Sebastian Anthony, Ars Technica

In September last year the Chromium team said changes were coming to Chrome's handling of background tabs, but they've landed in the stable branch of Chrome a little sooner than expected. Basically, from now on, background tabs will be limited to an average CPU load of just 1 percent on a single core.

Spark For macOS Adds Email Management Features, by John Voorhees, MacStories

With version 1.2 for macOS, Readdle has begun to tackle email organization, which should make Spark a more attractive option for people who like Spark’s approach to email but want a little more control over how their messages are managed.


CoderDojos Get Kids Psyched About Programming By Turning Them Loose, by Chris Berdik, Slate

On a recent Saturday, a squad of Lego robots fitted with markers limped, hopped, and spun dizzily across the table. Some flipped over or trailed broken Lego limbs as they covered butcher paper with ragged squiggles. But the kids who were building and programming these bots weren’t deterred. They made repairs and tweaked their code. A similar persistence was on display at nearby tables where groups of young people created computer games and websites.

The freedom to mess up, repeatedly, is a core appeal of this club known as CoderDojo, a loosely connected global network of coding workshops for kids ages 6 to 18, including this Boston outpost that meets in the borrowed offices of the tech company LogMeIn.


Siri Sends Users Who Ask For Prostitutes To A Toronto Bar, by Peter Goffin, Toronto Star

Meltdown is a so-called “eSports” bar, a place where patrons play and watch video games and compete in tournaments.

Acyapan said he and the other owners guessed the mix-up may have been caused by the similarity of the words “eSports” and “escorts.”

“It’s only one letter difference,” he said.

Apple Rumors: What's So Great About A Curved iPhone Screen?, by Edd Gent, Scientific American

But Samsung said the main goal was to tackle "FoMo," or fear of missing out, reported The Daily Telegraph. The phone allows users to assign a color for up to five contacts, and the screen lights up in that color if they call. When the screen is face down, users can still see the curved edges, so it's possible to tell if a friend is calling even if users are in a situation where it would be rude to check their phone.

FBI Can't Release iPhone Hacking Tool Because It Might Still Be Useful, Says Court Filing, by Zack Whittaker, ZDNet

It's long been believed that the hack targeted a weakness in iPhone 5c devices, namely that it didn't come with a secure enclave processor, a key part in the phone's full-disk encryption that even Apple wasn't supposed to be able to break.

Apple previously said that the hack would be "short lived." Months later, Apple retired the iPhone 5c in favor of newer iPhones, all of which now come with the secure enclave.

But the Justice Dept. says that the hacking tool may still have some shelf life left.

It Took A Court To Settle The English-speaking World's Debate Over The Oxford Comma, by Thu-Huong Ha, Quartz

The serial comma, also known as the Oxford comma for its endorsement by the Oxford University Press style rulebook, is a comma used just before the coordinating conjunction (“and,” or “or,” for example) when three or more terms are listed. You’ll see it in the first sentence of this story—it’s the comma after “milk”—but you won’t find it in the Maine overtime rule at issue in the Oakhurst Dairy case.

Bottom of the Page

I am in the pro-Oxford-comma camp.


There are many times when I couldn’t figure out how an article ended up in my Instapaper queue.


Thanks for reading.