United States

Instagram Displayed Negative Related Hashtags For Biden, But Hid Them For Trump (buzzfeednews.com) 242

An anonymous reader shares a report: For at least the last two months, a key Instagram feature, which algorithmically pushes users toward supposedly related content, has been treating hashtags associated with President Donald Trump and presumptive Democratic presidential nominee Joe Biden in very different ways. Searches for Biden also return a variety of pro-Trump messages, while searches for Trump-related topics only returned the specific hashtags, like #MAGA or #Trump -- which means searches for Biden-related hashtags also return counter-messaging, while those for Trump do not. Earlier this week, a search on Instagram for #JoeBiden would have surfaced nearly 390,000 posts tagged with the former vice president's name along with related hashtags selected by the platform's algorithm. Users searching Instagram for #JoeBiden might also see results for #joebiden2020, as well as pro-Trump hashtags like #trump2020landslide and #democratsdestroyamerica.

A similar search for #DonaldTrump on the platform, however, provided a totally different experience. Besides showing 7 million posts tagged with the president's name, Instagram did not present any related hashtags that would have pushed users toward different content or promoted alternative viewpoints. The difference between these two results, which an Instagram spokesperson told BuzzFeed News was a "bug," prevented hashtags including #Trump and #MAGA from being associated with potentially negative content. Meanwhile, Instagram hashtags associated with the Democratic presidential candidate -- #JoeBiden and #Biden, for example -- were presented alongside content that included overtly pro-Trump content and attacks on the former vice president.

Twitter

Twitter Says Android Security Bug Gave Access To Direct Messages (techcrunch.com) 4

Twitter says a security bug may have exposed the private direct messages of its Android app users, but said that there was no evidence that the vulnerability was ever exploited. From a report: The bug could have allowed a malicious Android app running on the same device to siphon off a user's direct messages stored in the Twitter app by bypassing Android's in-built data permissions. But, Twitter said that the bug only worked on Android 8 (Oreo) and Android 9 (Pie), and has since been fixed. A Twitter spokesperson told TechCrunch that the bug was reported by a security researcher "a few weeks ago" through HackerOne, which Twitter uses for its bug bounty program. "Since then, we have been working to keep accounts secure," said the spokesperson. "Now that the issue has been fixed, we're letting people know." Twitter said it waited to let its users know in order to prevent someone from learning about the issue and taking advantage of it before it was fixed.
Microsoft

Microsoft Goes Big in Security Bug Bounties: Its $13.7m is Double Google's 2019 Payouts (zdnet.com) 17

Microsoft has revealed it has awarded security researchers $13.7m for reporting bugs in Microsoft software since July last year. From a report: Microsoft's bug bounties are one of the largest source of financial awards for researchers probing software for flaws and, importantly, reporting them to the relevant vendor rather than selling them to cybercriminals via underground markets or exploit brokers who distribute them to government agencies. The Redmond company has 15 bug-bounty programs through which researchers netted $13.7m between July 1, 2019 and June 30, 2020. That figure is triple the $4.4m it awarded in the same period the previous year. [...] Microsoft's total annual bug-bounty payouts are now much larger than Google's awards for security flaws in its software, which totaled $6.5m in calendar year 2019. That figure was double the previous year's payouts from the ad and search giant, which called it a "record-breaking year."
Microsoft

Microsoft Fixes Edge Bug That Made It Crash When Searching With Google (theverge.com) 52

"Microsoft's new Edge browser started randomly crashing when users typed into the address bar," reported the Verge on Thursday.

"The issues appear to have affected Edge users who had selected Google as the default search engine." Microsoft investigated the problem and now says it's believed to have been resolved. The Microsoft Edge crashes started at around 7PM ET, and were affecting macOS and Windows users. Microsoft resolved the problems after around four hours of crashes, but it's not clear why they were only limited to Google search users in Edge.

If users switched to Microsoft's Bing search engine within Edge, the crashes never occured.

Red Hat Software

Red Hat Security Update Renders Systems Unbootable (redhat.com) 88

PAjamian writes: A recently released Red Hat update for the BootHole Vulnerability (firehose link) is causing systems to become unbootable. It is widely reported that updates to the shim, grub2 and kernel packages in RHEL and CentOS 7 and 8 are leaving various systems that use secure boot unbootable. Current recommendations are to avoid updating your system until the issue is resolved, or at least avoid updating the shim, grub2 and kernel packages. Update, shared by PAjamian: Red Hat is now recommending that users do not apply grub2, fwupd, fwupdate or shim updates until new packages are available.
Firefox

Firefox Working on Fixing a One-Year-Old Bug in Its Android App That Keeps Camera Active After Users Have Minimized the App or Locked Their Phone (zdnet.com) 18

Mozilla says it's working on fixing a bug in Firefox for Android that keeps the smartphone camera active even after users have moved the browser in the background or the phone screen was locked. From a report: A Mozilla spokesperson told ZDNet in an email this week that a fix is expected for later this year in October. The bug was first spotted and reported to Mozilla a year ago, in July 2019, by an employee of video delivery platform Appear TV. The bug manifests when users chose to video stream from a website loaded in Firefox instead of a native app. Mobile users often choose to stream from a mobile browser for privacy reasons, such as not wanting to install an intrusive app and grant it unfettered access to their smartphone's data. Mobile browsers are better because they prevent websites from accessing smartphone data, keeping their data collection to a minimum. The Appear TV developer noticed that Firefox video streams kept going, even in situations when they should have normally stopped.
Security

Microsoft Warns of a 17-Year-Old 'Wormable' Bug (wired.com) 9

Since WannaCry and NotPetya struck the internet just over three years ago, the security industry has scrutinized every new Windows bug that could be used to create a similar world-shaking worm. Now one potentially "wormable" vulnerability -- meaning an attack can spread from one machine to another with no human interaction -- has appeared in Microsoft's implementation of the domain name system protocol, one of the fundamental building blocks of the internet. From a report: As part of its Patch Tuesday batch of software updates, Microsoft today released a fix for a bug discovered by Israeli security firm Check Point, which the company's researchers have named SigRed. The SigRed bug exploits Windows DNS, one of the most popular kinds of DNS software that translates domain names into IP addresses. Windows DNS runs on the DNS servers of practically every small and medium-sized organization around the world. The bug, Check Point says, has existed in that software for a remarkable 17 years. Check Point and Microsoft warn that the flaw is critical, a 10 out of 10 on the common vulnerability scoring system, an industry standard severity rating. Not only is the bug wormable, Windows DNS software often runs on the powerful servers known as domain controllers that set the rules for networks. Many of those machines are particularly sensitive; a foothold in one would allow further penetration into other devices inside an organization.

On top of all of that, says Check Point's head of vulnerability research Omri Herscovici, the Windows DNS bug can in some cases be exploited with no action on the part of the target user, creating a seamless and powerful attack. "It requires no interaction. And not only that, once you're inside the domain controller that runs the Windows DNS server, expanding your control to the rest of the network is really easy," says Omri Herscovici. "It's basically game over." Check Point found the SigRed vulnerability in the part of Windows DNS that handles a certain piece of data that's part of the key exchange used in the more secure version of DNS known as DNSSEC. That one piece of data can be maliciously crafted such that Windows DNS allows a hacker to overwrite chunks of memory they're not meant to have access to, ultimately gaining full remote code execution on the target server. (Check Point says Microsoft asked the company not to publicize too many details of other elements of the technique, including how it bypasses certain security features on Windows servers.)

Microsoft

iPhone User Sues Microsoft's LinkedIn For Spying Through Apple's 'Clipboard' (reuters.com) 39

"Microsoft's LinkedIn was sued by a New York-based iPhone user on Friday for allegedly reading and diverting users' sensitive content from Apple Inc's Universal Clipboard application," reports Reuters. According to Apple's website, Universal Clipboard allows users to copy text, images, photos, and videos on one Apple device and then paste the content onto another Apple device. According to the lawsuit filed in San Francisco federal court by Adam Bauer, LinkedIn reads the Clipboard information without notifying the user. LinkedIn did not immediately respond to Reuters request for comment.

According to media reports from last week, 53 apps including TikTok and LinkedIn were reported to be reading users' Universal Clipboard content, after Apple's latest privacy feature started alerting users whenever the clipboard was accessed with a banner saying "pasted from Messages..."

A LinkedIn executive had said on Twitter last week that the company released a new version of its app to end this practice... According to the complaint, LinkedIn has not only been spying on its users, it has been spying on their nearby computers and other devices, and it has been circumventing Apple's Universal Clipboard timeout.

Bug

AI Researchers Create Testing Tool To Find Bugs in NLP From Amazon, Google, and Microsoft (venturebeat.com) 10

AI researchers have created a language-model testing tool that discovers major bugs in commercially available cloud AI offerings from Amazon, Google, and Microsoft. Yesterday, a paper detailing the CheckList tool received the Best Paper award from organizers of the Association for Computational Linguistics (ACL) conference. From a report: NLP models today are often evaluated based on how they perform on a series of individual tasks, such as answering questions using benchmark data sets with leaderboards like GLUE. CheckList instead takes a task-agnostic approach, allowing people to create tests that fill in cells in a spreadsheet-like matrix with capabilities (in rows) and test types (in columns), along with visualizations and other resources. Analysis with CheckList found that about one in four sentiment analysis predictions by Amazon's Comprehend change when a random shortened URL or Twitter handle is placed in text, and Google Cloud's Natural Language and Amazon's Comprehend makes mistakes when the names of people or locations are changed in text. "The [sentiment analysis] failure rate is near 100% for all commercial models when the negation comes at the end of the sentence (e.g. 'I thought the plane would be awful, but it wasn't'), or with neutral content between the negation and the sentiment-laden word," the paper reads.
Businesses

Hackers Are Exploiting a 5-Alarm Bug In Networking Equipment (wired.com) 32

Andy Greenberg writes via Wired: Late last week, government agencies, including the United States Computer Emergency Readiness Team and Cyber Command, sounded the alarm about a particularly nasty vulnerability in a line of BIG-IP products sold by F5. The agencies recommended security professionals immediately implement a patch to protect the devices from hacking techniques that could fully take control of the networking equipment, offering access to all the traffic they touch and a foothold for deeper exploitation of any corporate network that uses them. Now some security companies say they're already seeing the F5 vulnerability being exploited in the wildâ"and they caution that any organization that didn't patch its F5 equipment over the weekend is already too late.

The F5 vulnerability, first discovered and disclosed to F5 by cybersecurity firm Positive Technologies, affects a series of so-called BIG-IP devices that act as load balancers within large enterprise networks, distributing traffic to different servers that host applications or websites. Positive Technologies found a so-called directory traversal bug in the web-based management interface for those BIG-IP devices, allowing anyone who can connect to them to access information they're not intended to. That vulnerability was exacerbated by another bug that allows an attacker to run a "shell" on the devices that essentially lets a hacker run any code on them that they choose. The result is that anyone who can find an internet-exposed, unpatched BIG-IP device can intercept and mess with any of the traffic it touches. Hackers could, for instance, intercept and redirect transactions made through a bank's website, or steal users' credentials. They could also use the hacked device as a hop point to try to compromise other devices on the network. Since BIG-IP devices have the ability to decrypt traffic bound for web servers, an attacker could even use the bug to steal the encryption keys that guarantee the security of an organization's HTTPS traffic with users, warns Kevin Gennuso, a cybersecurity practitioner for a major American retailer.
While only a small minority of F5 BIG-IP devices are directly exploitable, Positive Technologies says that still includes 8,000 devices worldwide. "About 40 percent of those are in the U.S., along with 16 percent in China and single-digit percentages in other countries around the globe," reports Wired.

"Owners of those devices have had since June 30, when F5 first revealed the bug along with its patch, to update," adds Wired. "But many may not have immediately realized the seriousness of the vulnerability. Others may have been hesitant to take their load balancing equipment offline to implement an untested patch, points out Gennuso, for fear that critical services might go down, which would further delay a fix."
Privacy

LinkedIn Says iOS Clipboard Snooping After Every Key Press is a Bug, Will Fix (zdnet.com) 38

A LinkedIn spokesperson told ZDNet this week that a bug in the company's iOS app was responsible for a seemingly privacy-intrusive behavior spotted by one of its users on Thursday. From a report: The issue was discovered using the new beta version of iOS 14. For iOS 14, set to be officially released in the fall, Apple has added a new privacy feature that shows a quick popup that lets users know when an app has read content from their clipboard. Using this new mechanism, users spotted last week how Chinese mobile app TikTok was reading content from their clipboard at regular short intervals. TikTok said the feature was part of a fraud detection mechanism and that the company never stole the clipboard content, but promised to remove the behavior anyway, to put users' minds at ease. This week, users continued experimenting with this new iOS 14 clipboard access detection system. Yesterday, a developer from the portfolio-building portal Urspace.io discovered a similar mechanism in the LinkedIn iOS app. In a video shared on Twitter, the Urspace developer showed how LinkedIn's app was reading the clipboard content after every user key press, even accessing the shared clipboard feature that allows iOS apps to read content from a user's macOS clipboard.
Microsoft

Microsoft Removes Manual Deferrals From Windows Update By IT Pros 'To Prevent Confusion' (zdnet.com) 115

Microsoft is removing the ability for business users to defer manually Windows 10 feature updates using Windows Update settings starting with the Windows 10 2004/May Update. Microsoft seemingly made this change public with a change in its Windows 10 2004 for IT Pros documentation on June 23. From a report: Microsoft officials say this change is happening in the name of reducing confusion. Here's the explanation from the Microsoft page (which I saw thanks to WindowsTimes.com), and which I had heard about from a reader last week. (Last week, I assumed this was a bug, but now it seems like it's actually a "feature.") "Last year, we changed update installation policies for Windows 10 to only target devices running a feature update version that is nearing the end of service. As a result, many devices are only updating once a year. To enable all devices to make the most of this policy change, and to prevent confusion, we have removed deferrals from the Windows Update settings Advanced Options page starting on Windows 10, version 2004."
The Almighty Buck

Hey Email App Open To All After Apple 'Definitively' Approves It (engadget.com) 30

Basecamp's Hey email app is now open to everyone after Apple "definitively approved" it for the App Store. No invite code is required for users to sign up. Engadget reports: Basecamp CTO and co-founder David Heinemeier Hansson tweeted the news today. Hey will not include any in-app purchases (IAP), so Apple will not get its standard 30 percent commission. At first, Apple objected to the fact that users would download the app from the App Store but have to sign up via the web. Apple's policies require that developers use IAP to unlock paid features or functionality in an app. Hey managed to skirt around those rules by offering a free trial option.

Hey is now open to everyone, and it does not require an invite code. The app promises a more organized approach to email, for $99 per year. But perhaps more importantly, Hey is an example of how developers can avoid paying Apple 30 percent of IAP and subscription fees. "Hopefully this paves an illuminated path for approval for other multi-platform SAAS applications as well. There are still a litany of antitrust questions to answer, but things legitimately got a little better. New policies, new precedence. Apple took a great step forward," Hansson tweeted.

Intel

Former Intel Engineer Claims Skylake QA Drove Apple Away (pcgamer.com) 252

UnknowingFool writes: A former Intel engineer has put forth information that the QA process around Skylake was so terrible that it may have finally driven Apple to use their own processors in upcoming Macs. Not to say that Apple would not have eventually made this move, but Francois Piednoel says Skylake was abnormally bad with Apple finding the largest amount of bugs inside the architecture rivaling Intel itself. That led Apple to reconsider staying on the architecture and hastening their plans to migrate to their own chips. "The quality assurance of Skylake was more than a problem," says Piednoel. "It was abnormally bad. We were getting way too much citing for little things inside Skylake. Basically our buddies at Apple became the number one filer of problems in the architecture. And that went really, really bad. When your customer starts finding almost as much bugs as you found yourself, you're not leading into the right place."

"For me this is the inflection point," added Piednoel. "This is where the Apple guys who were always contemplating to switch, they went and looked at it and said: 'Well, we've probably got to do it.' Basically the bad quality assurance of Skylake is responsible for them to actually go away from the platform."

Apple made the switch official at its developer conference on Monday, announcing that it will introduce Macs featuring Apple-designed, ARM-based processors later this year.
Bug

Stuck At Home, Scientists Discover 9 New Insect Species (wired.com) 35

An anonymous reader quotes a report from Wired: When the Natural History Museum of Los Angeles County shut down due to the pandemic in mid-March, Lisa Gonzalez headed home with the expectation that she would be back in a few weeks. But once it became clear that she wouldn't get back anytime soon, Gonzalez, the museum's assistant entomology collection manager, converted her home's craft room into a makeshift lab. Then she began sifting through thousands of insects the museum had previously collected via a citizen science project. [...] Using just her own microscope, Gonzalez identified dozens of insect species by looking at features like tiny hairs or the shape of a fly's wings. She also found some unusual insects that she turned over to her colleague, Brian Brown, the museum's curator of entomology. Using a larger Leica stereoscope that he hauled in from the office, as well as a smaller compound microscope he found on craigslist, Brown discovered nine species of small flies, all new to science. "It's always cool to find new things, and it is one of the great joys of this job," says Brown. "It's not just finding slightly different new things -- we find extravagantly different things all the time."

The insects, mostly small flies, wasps, and wasplike flies, had been collected through the BioSCAN project, which began in 2012 with insect traps set at 30 sites throughout Los Angeles, mostly in backyards or public spaces. The pair recruited volunteers who were then trained in how to use the "Malaise traps," which resemble two-person pup tents that force bugs to fly upward into collecting nets before the volunteers can put them into vials. The BioSCAN project started when Brown bet a museum trustee that he could find a new species of insect in her backyard in West LA. He did, and the project took off. In its first three years, Brown and the backyard collector discovered 30 new species of insects and published their results. The museum team found an additional 13 new species in the past two years, plus he and the staff have discovered nine more since the pandemic shutdown.
"The nine new species include phorid flies, some of which are known for their ability to run across surfaces and or enter coffins to consume dead bodies," the report adds. "Brown and Gonzalez have also found botflies, parasites of rats and wasplike flies that have never been seen before in Southern California. They likely arrived from Central America, perhaps hitching a ride on a flowering plant or piece of food."

"With the help of tens of thousands of insects collected through the BioSCAN project, over the years Brown and Gonzalez have expanded the count of known insect species in the Los Angeles basin from 3,500 during the last census in 1993 to around 20,000 today."
Businesses

After Outcry, Apple Will Let Developers Challenge App Store Guidelines (theverge.com) 27

Apple today announced two major changes to how it handles App Store disputes with third-party developers. The first is that Apple will now allow developers to appeal a specific violation of an App Store guideline, and that there will also be a separate process for challenging the guideline itself. Additionally, Apple says it will no longer delay app updates intended to fix bugs and other core functions over App Store disputes. The Verge reports: The changes come in the wake of Apple's high-profile showdown with Hey, a new email service from software developer Basecamp. The service launched last week as an invite-only website and a companion iOS app, with a full launch slated for July. But after initially approving the app, Apple later rejected Basecamp's subsequent updates and kicked off what became a very public feud between the company and Basecamp's co-founders, CEO Jason Fried and CTO David Heinemeier Hansson, over whether Hey could exist in the App Store in its current form at all. The feud, inconveniently for Apple, coincided with the announcement of two antitrust probes from the European Union last week that were spurred in part from complaints from longtime Apple rivals like Spotify.

The central dispute in this case was whether Hey qualified for an exemption to rules around in-app purchases, which Basecamp decided not to include because the company does not want to give Apple its standard App Store revenue cut. Apple said Hey did not and claimed Basecamp's iOS app violated three App Store guidelines by not allowing you to sign up or purchase access to Hey from mobile. Fried and Heinemeier Hansson claimed that the decision was evidence of inconsistency and greed on Apple's part given the numerous apps, like Netflix and business software, that do qualify for such exemptions and have existed in the App Store without in-app purchase options for years. Apple last week tried to head off any future escalation of the feud by outlining its reasoning in a letter signed from the App Review Board, which it disseminated to Basecamp and media organizations. Apple marketing chief Phil Schiller also conducted interviews with members of the press. [...] On Monday, ahead of the keynote, Apple capitulated, allowing Hey's updates to go through only after a compromise from Basecamp in which the company now lets you sign up for a burner account that expires after two weeks.

Businesses

Apple Approves Hey Email App, But the Fight's Not Over (theverge.com) 14

After rejecting an update last week, Apple has approved a new version of the subscription email app Hey. From a report: The approval, which came last week, ahead of today's Apple Worldwide Developer Conference, is meant to lower the temperature after Apple's initial app rejection drew widespread condemnation from lawmakers and other developers. But the approval is also only temporary in spirit, meant to give Hey developer Basecamp time to develop a version of the app more in line with Apple's policies -- and Basecamp's approach to that challenge is very aggressive, as a letter posted to its website today details.
Businesses

Apple's App Store Policies Are Bad, But Its Interpretation and Enforcement Are Worse (daringfireball.net) 39

Earlier this week, Apple told Basecamp, the company that makes the brand new email app called Hey, that it cannot distribute its app on the iPhone unless it makes it possible for users to sign up via Apple's own prescribed methods -- which gives Apple a 30 percent cut. Apple told Basecamp that by avoiding giving an option in its iOS app to sign up and support in-app purchases, it was violating Apple's App Store policy, 3.1.1, which says: If you want to unlock features or functionality within your app, (by way of example: subscriptions, in-game currencies, game levels, access to premium content, or unlocking a full version), you must use in-app purchase. Apps may not use their own mechanisms to unlock content or functionality, such as license keys, augmented reality markers, QR codes, etc. Apps and their metadata may not include buttons, external links, or other calls to action that direct customers to purchasing mechanisms other than in-app purchase. Dieter Bohn, writing for The Verge: The key thing to know is that the text of this policy is not actually the policy. Or rather, as with any law, the text is only one of the things you need to understand. You also need to know how it is enforced and how the enforcers interpret that text. It should not surprise you to know that Apple's interpretation of its text often seems capricious at best and at worst seems like it's motivated by self-dealing. And the enforcement consequently often seems unfair.

The rule states that if you want to sell digital goods, you have to use Apple's payment system. Except that's not how 3.1.1 has been interpreted to date. It has been interpreted as allowing people to access services they paid for elsewhere on their iOS devices, but not allowing those apps to try to get around the Apple payment rules when people sign up on those devices. That's convoluted, but that interpretation is what keeps Netflix from having an account sign-up in its app. It's the policy that has enraged Spotify and keeps you from buying Kindle books on your iPhone without jumping through a million weird Safari hoops. That was already a very bad rule, if you ask me. Now, with this email app, Apple is apparently changing its interpretation to be more strict.
David Pierce, in an update to his news report about Hey-Apple debacle: Apple told me that its actual mistake was approving the app in the first place, when it didn't conform to its guidelines. Apple allows these kinds of client apps -- where you can't sign up, only sign in -- for business services but not consumer products. That's why Basecamp, which companies typically pay for, is allowed on the App Store when Hey, which users pay for, isn't. One other distinction: Apple allows "Reader" apps -- things like Netflix and Kindle and Dropbox, where you're using the app to access existing subscriptions -- as long as they don't offer a way to sign up. But email, messaging, etc. don't count as Reader apps. John Gruber, writing at DaringFireball: The lone instance of "consumer" refers to the "Consumer Health Records API". The price that Basecamp pays for not supporting in-app purchase in their iOS app is that they lose whatever number of users would have signed up in-app but won't sign up out-of-app. That's competition. Again, putting aside arguments that Apple should allow apps to use their own payment systems in apps, or be able to link to a website for sign up, or at the very least just tell users how to sign up -- the makers of an app should be able to say "OK, we won't even tell users how to sign up within our app; our app is only for existing customers and we'll obtain all of them outside the app." [...]

Second, how could such a distinction be made in writing? There are some apps that are definitely "business services" and some that are definitely "consumer products" (games for example), but to say that the area in between encompasses many shades of gray is an understatement. The entire mobile era of computing -- an era which Apple itself has inarguably largely defined -- is about the obliteration of distinct lines between business and consumer products. [...] At some level there's a clear distinction here -- Netflix and Kindle are clearly consumption services. But Dropbox? Dropbox is a lot closer to an email or messaging service like Hey than it is to Netflix or Kindle. The stuff in my Dropbox account is every bit as personal as the stuff in my email account. When you put Dropbox in the same bucket with Netflix and Amazon Kindle, it seems to me like the distinction is not so much between what is and isn't a "reader" app or what is or isn't a "business" app, but between companies which are too big for Apple to push around and those they can.

Businesses

Basecamp's Hey, a New Email Product, Claims Apple is Rejecting Bug Fixes to the iPhone App Unless the Firm Agrees To Pay 15-30% Commission (twitter.com) 121

Basecamp launched its email product Hey earlier this week. David Heinemeier Hansson, the co-founder of Basecamp, tweeted on Tuesday that Apple is already creating challenges for the firm. In a series of tweets, he said: Apple just doubled down on their rejection of HEY's ability to provide bug fixes and new features, unless we submit to their outrageous demand of 15-30% of our revenue. Even worse: We're told that unless we comply, they'll remove the app. On the day the EU announced their investigation into Apple's abusive App Store practices, HEY is subject to those very same capricious, exploitive, and inconsistent policies of shakedown. It's clear they feel embolden to tighten the screws with no fear of regulatory consequences. He adds: Apple has been capriciously, inconsistently, and in a few cases, cruelly, enforcing their App Store policies for years. But most of the abuses were suffered by smaller developers without a platform and without recurse. Apple saw that it worked, and that it paid. Now moving up. This is exactly the issue I gave testimony in front of congress earlier this year! We hadn't yet launched HEY, but I said it worried me, what Apple might do, if you're in direct competition with them. And now we know what they'd do. Attempt to crush us. But while I'm sure Apple's attempt to cut off the air supply to the likes of Spotify is board-room stuff, I think what we're facing is simply the banality of bureaucracy. Apple has publicly pivoted to services for growth, so KPIs and quarterly targets trickle down. And frankly, it's hard to see what they have to fear. Who cares if Apple shakes down individual software developers for 30% of their revenue, by threatening to destroy their business? There has been zero consequences so far! Most such companies quietly cave or fail. We won't. There is no chance in bloody hell that we're going to pay Apple's ransom. I will burn this house down myself, before I let gangsters like that spin it for spoils. This is profoundly, perversely abusive and unfair.

We did everything we were supposed to with the iOS app. Try downloading it (while you can?). You can't sign up, because Apple says no. We don't mention subscriptions. You can't upgrade. You can't access billing. We did all of it! Wasn't enough. We've been in the App Store with Basecamp for years. We know the game. It was always rigged. It was always customer-hostile, deeply confusing, but the unstated lines were reasonably clear. Now Apple has altered the deal, and all we can do is pray they don't alter it further.

Desktops (Apple)

Ahead of WWDC, Apple's Developer App Adds Mac Support, New Features, iMessage Stickers (techcrunch.com) 15

Ahead of Apple's Worldwide Developer Conference starting next week, the company has today launched a new version of its Apple Developer App to better support its plans for the virtual event. TechCrunch reports: Notably, the app has been made available for Mac for the first time, in addition to a redesign and other minor feature updates. With the needs of an entirely virtual audience in mind, Apple has redesigned the app's Discover section to make it easier for developers to catch up on the latest stories, news, videos and more, the company says. This section will be regularly updated with "actionable" content, Apple notes, including the latest news, recommendations on implementing new features, and information about inspiring engineers and designers, alongside new videos.

It has also updated its Browse tab where users search for existing sessions, videos, articles and news, including the over 100 technical and design-focused videos found in the WWDC tab. The WWDC tab has also been updated in preparation for the live event starting on Monday, June 22. The redesign has added a way to favorite individual articles, in addition to session content and videos. Plus it includes new iMessage stickers along with other enhancements and bug fixes. The app, which was previously available on iPhone, iPad and Apple TV, is also now offered on Mac.

Slashdot Top Deals