A few bits from Apple’s Face ID Security white paper:

When Face ID detects and matches your face, iPhone X unlocks without asking for the device passcode. Face ID makes using a longer, more complex passcode far more practical because you don’t need to enter it as frequently.

If Face ID was able to eliminate the passcode completely, users could use long, impossible to memorize strings, just as they would with strong passwords combined with a password manager. But the fact that you have to memorize the passcode (you won’t have to use it much, but you’ll still encounter situations where you’ll need it) limits the complexity. Not a complaint, just an observation.

Here’s when a passcode is still required:

• You can always use your passcode instead of Face ID, and it’s still required under the following circumstances:
• The device has just been turned on or restarted.
• The device hasn’t been unlocked for more than 48 hours.
• The passcode hasn’t been used to unlock the device in the last 156 hours (six and a half days) and Face ID has not unlocked the device in the last 4 hours.
• The device has received a remote lock command.
• After five unsuccessful attempts to match a face.
• After initiating power off/Emergency SOS by pressing and holding either volume button and the side button simultaneously for 2 seconds.

And:

The TrueDepth camera automatically looks for your face when you wake iPhone X by raising it or tapping the screen, as well as when iPhone X attempts to authenticate you to display an incoming notification or when a supported app requests Face ID authentication. When a face is detected, Face ID confirms attention and intent to unlock by detecting that your eyes are open and directed at your device; for accessibility, this is disabled when VoiceOver is activated or can be disabled separately, if required.

This is what’s encrypted and saved in the iPhone X Secure Enclave:

• The infrared images of your face captured during enrollment.
• The mathematical representations of your face calculated during enrollment.
• The mathematical representations of your face calculated during some unlock attempts if Face ID deems them useful to augment future matching.

There’s a lot more in the white paper, including some detail on Apple Pay, and third party access to Face ID.

Fast Company:

“Companies often claim to have ‘anonymized’ your location history by taking your name off it,” says Peter Eckersley, the chief computer scientist of the Electronic Frontier Foundation. “But that is totally inadequate because you’re probably the only person who lives in your house and who works in your office, and it’s easy for any researcher or data scientist to look at a location trace and figure out who it belonged to.”

If you gave someone my location data, completely scrubbed of any identifying info other than geo-coordinates, it would be simple for them to turn that into my name, address, phone number and, with a bit of work, even more personalized information.

If my location data includes a stop at a house, especially if I only stop at one house, chances are good that’s my house. A simple lookup in a public tax database and they’ve got me, and a wealth of info about me.

Great article.

Apple has always emphasized their belief in privacy. This update of their site makes that much clearer, with a focus on tentpole issues. There’s a lot of detail on this subsite. Apple’s commitment to privacy is strong and well laid out.

Take a look.

Jan Dawson, Tech Narratives:

Amazon announced last night that Google had pulled its YouTube app from the former’s Echo Show device, the company’s first screen-based voice speaker. YouTube was one of very few video options available on the Echo Show, with Amazon’s own Prime Video being the main alternative.

Amazon has something Apple wants and seeks to emulate in Prime Video. Amazon wants to protect Prime Video, is using its storefront power to horsetrade with Apple, swapping Apple TV presence on Amazon.com for a Prime Video app on Apple TV.

Google and Amazon are fighting a different battle. At the very least, there’s Google Home vs Amazon Echo. But there’s a subtle shopping competitiveness as well, with both trying to work into the first place consumers go when they want to make a purchase.

All of this might have nothing to do with why Google pulled YouTube (the claim is that Amazon’s implementation broke YouTube’s terms of service). It might have more to do with ads and tracking than anything else. But make no mistake, each pairing is its own chess match.

I’ve been using Edovia’s screen sharing app for some time now and love it. If you need such an app, give this a try, you won’t be disappointed.

Apple has released macOS 10.13 High Sierra, the newest operating system for Mac. To improve High Sierra security when installing system software (such as UAD drivers), the software must be explicitly allowed to load in the Security & Privacy pane within macOS System Preferences.

These are my most used audio plug-ins, so compatibility is a must for my music machine.

Roman Cheplyaka:

Many websites and applications these days are designed to trick you into doing things that their creators want. If you ever used Booking.com, you probably noticed (and hopefully resisted!) some ways it nudges you to book whatever property you are looking at.

You’ve undoubtedly seen these kinds of tricks on many other websites. Be aware of how they try to convince you to “BUY NOW”.

Ars Technica:

For a host of issues, like vaccine safety, climate change, and GMO foods, public opinion is a poor match for our scientific standing. That dissonance has led a lot of people to ask how we could do better at getting scientific information out to the public. But the Pew Research Center decided to ask a related question that’s just as important: where’s the public getting its scientific information now?

The answer, disappointingly, is that most people in the US aren’t getting any scientific information at all.

While this study is on Americans, there’s no reason to believe other countries would do any better. Many of us seek out more information about our favorite sports team than we do science news.

Twitter is experimenting with a change to the character limit, moving the limit from 140 to 280 characters. They are slowly rolling this out to selected accounts, with no clear commitment, yet, to rolling this out to the universe.

From the official Twitter blog post:

Trying to cram your thoughts into a Tweet – we’ve all been there, and it’s a pain.

Interestingly, this isn’t a problem everywhere people Tweet. For example, when I (Aliza) Tweet in English, I quickly run into the 140 character limit and have to edit my Tweet down so it fits. Sometimes, I have to remove a word that conveys an important meaning or emotion, or I don’t send my Tweet at all. But when Iku Tweets in Japanese, he doesn’t have the same problem. He finishes sharing his thought and still has room to spare. This is because in languages like Japanese, Korean, and Chinese you can convey about double the amount of information in one character as you can in many other languages, like English, Spanish, Portuguese, or French.

We want every person around the world to easily express themselves on Twitter, so we’re doing something new: we’re going to try out a longer limit, 280 characters, in languages impacted by cramming (which is all except Japanese, Chinese, and Korean).

And:

Although we feel confident about our data and the positive impact this change will have, we want to try it out with a small group of people before we make a decision to launch to everyone.

Read on for the logic behind this change. But the change is in the wild, so you will likely see 280 char tweets in your stream.

This BBC article covers the change and includes some cheeky tweets in response to the change. My favorite is this one.

Want to try your hand at a 280 character tweet? It’ll take a bit of work, but I’ve jumped through the hoops myself (here’s my test tweet) and it works. No guarantees Twitter won’t close this loophole.

Here’s a link to The Next Web post [H/T Ben Lovejoy – Nice find, Ben!] that lays out the technique. In a nutshell, you fire up Chrome, open up the TweetDeck web client, open the Snippets editor, paste in some code and bam, you’ve now got 280 characters to play with.

Have fun, and feel free to tweet at me in all your 280 character glory.

UPDATE: Shawn King found an even easier way to up your limit, via TamperMonkey. Here’s a link to a how-to post.

First things first, take a look at the video embedded below, a Fox News interview with Bill Gates. Jump to about 11:28 in, where Bill is asked about his “famously tempestuous” relationship with Steve Jobs and the new iPhone.

With that in mind, this is John Gruber, from the linked Daring Fireball post:

I say this with no snark intended: who would have guessed 10 years ago that Bill Gates would be using a personal computing device running a non-Microsoft OS? Or really, an OS that didn’t have “Windows” in the name?

And:

While I’m at it, it occurs to me that Apple is the only company left where all its employees are using only systems made by their own company.

Read the whole post, including the update. Fascinating.

Luke Filipowicz, Lory Gil, iMore:

Downloading and installing a new OS gives you the opportunity to do some major house cleaning if you so desire. If you feel like you’d like a fresh start with macOS High Sierra, you can always opt to do a clean install: Just follow the steps below, even if you’ve already installed macOS High Sierra.

A clean install does give you a chance to shake out the leftover cruft from legacy installs. Me, I always keep several copies of backups, untouched, so I can go back and retrieve old apps/data I was sure I’d never need again.

Good post.

Sarah Perez, TechCrunch:

The Apple TV is back for sale on Amazon after a two-year hiatus – a move that was expected following Apple CEO Tim Cook’s announcement in June that Amazon’s Prime Video app would arrive on Apple TV later this year. The two companies had clearly come to an agreement that benefitted their mutual interests – for Amazon, that meant getting its streaming video app onto Apple TV devices; and for Apple, it meant getting its streaming media player on Amazon.com’s retail site again.

Except, as of this writing, the Apple TV is no longer on Amazon. I just did a search for “Apple TV” in quotes and without quotes, and got no love.

The Apple TV clearly had popped into stock over the past few days, but now it is not showing up at all. Not clear if this is related to negotiations related to the Amazon Prime Video app for Apple TV, or perhaps having something to do with pricing on 4K movies on Amazon.

Longreads:

For many of us, they are the last thing we look at before sleep each night, and the first thing we reach for upon waking. We use them to meet people, to communicate, to entertain ourselves, and to find our way around. We buy and sell things with them. We rely on them to document the places we go, the things we do and the company we keep; we count on them to fill the dead spaces, the still moments and silences that used to occupy so much of our lives.

For all its ubiquity, though, the smartphone is not a simple thing. We use it so often that we don’t see it clearly; it appeared in our lives so suddenly and totally that the scale and force of the changes it has occasioned have largely receded from conscious awareness. In order to truly take the measure of these changes, we need to take a step or two back, to the very last historical moment in which we negotiated the world without smartphone in hand.

The smartphone is arguably the single most important “gadget” in the history of the world. For many of us, it affects and informs almost every aspect of our lives.

Macworld:

Autoplay video: The bane of the web. You either hate them, or are completely disgusted by them. Fortunately, with Safari 11 in macOS High Sierra (Safari 11 is also available for macOS Sierra), you can easily disable autoplay video and surf the web in relative peace.

Here’s how to stop autoplay videos in Safari 11.

I hope Macworld sees the irony in posting this tidbit.

Macstories:

Just ahead of the macOS High Sierra update, Bjango released iStats Menus 6, an update to its comprehensive suite of tools that sit in your Mac’s menu bar and monitor its systems and now, even the weather. With highly customizable notifications, iStat Menus is an excellent way to know what’s going on with your Mac and to be alerted if a problem is on the horizon.

There was a time when I needed/loved the level of detail iStat provided. If you do, the new version looks pretty cool.

PetaPixel:

After updating your iPhone to iOS 11, you may have noticed that your photos are all .heic files instead of the ubiquitous .jpeg. If you’d rather go back to shooting JPEG for now until you feel more ready to make the switch, it’s actually extremely easy to do.

The new .heic format seems great but without widespread adoption, many users might want to switch back to the more common/compatible JPEG format.

This is a detailed review, definitely a solid place to start learning about macOS High Sierra.

Before you update, you might want to read the section on APFS, the Apple File System called A one-way ticket to APFS-ville (if you have an SSD).

The High Sierra installer does do one major thing that the Sierra installer didn’t do. Behind the scenes, it converts your boot partition from the longstanding HFS+ filesystem to the new APFS.

Well, it does that for most Macs, anyway.

Though most people will never even know what’s happening, there are plenty of caveats and details to know about how the APFS conversion happens, the cases when it doesn’t happen, and why it doesn’t happen when it doesn’t happen.

Read this section, consider your Mac’s particular configuration. Do you have a spinning hard drive? Do you have an SSD that you installed yourself? Do you have a Fusion drive setup? None of these are dealbreakers, but it’s worth spending the time to read about these cases before you do the upgrade.

The Eclectic Light Company:

Upgrading to High Sierra brings a new and significant security feature: your Mac will automatically check its EFI firmware. In a series of tweets, Xeno Kovah, one of the three engineers responsible for the new tool, has outlined how this works.

The new utility eficheck, located in /usr/libexec/firmwarecheckers/eficheck, runs automatically once a week. It checks that Mac’s firmware against Apple’s database of what is known to be good. If it passes, you will see nothing of this, but if there are discrepancies, you will be invited to send a report to Apple.

And:

eficheck depends on a small local library of ‘known good’ data, which will be automatically and silently updated if you have security updates turned on in the App Store pane.

That checkbox is in the App Store pane in System Preferences and should be checked by default.

Juli Clover, MacRumors:

macOS High Sierra, released to the public today, could be impacted by a major security flaw that could allow a hacker to steal the usernames and passwords of accounts stored in Keychain.

Here’s the tweet that brought this to light:

on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext passwords)??? vid: https://t.co/36M2TcLUAn #smh pic.twitter.com/pqtpjZsSnq

— patrick wardle (@patrickwardle) September 25, 2017

The timing of this reveal is terrible, as it coincides with the release of macOS High Sierra. I know a number of people who have held off updating for just this reason.

Don’t let this story stop you from updating:

1. This exploit is said to effect earlier versions of macOS as well. If you are on Sierra and considering updating, you are already as vulnerable as you would be if you updated.

2. Apple is said to be working on a fix and Patrick Wardle has said he will not release details of the exploit until the fix patch is available.

Add to that:

For this vulnerability to work, a user needs to download malicious third-party code from an unknown source, something Apple actively discourages with warnings about apps downloaded outside of the Mac App Store or from non-trusted developers.

To be clear, do your research and a full backup before you update. I’ve done my homework and, once I finish this morning’s Loop posts, will hit the return key and start my update. I will definitely update on Twitter as I go. Hopefully, the update will be trouble-free. Fingers are crossed.

Nice job highlighting the major features in macOS High Sierra. Don’t miss the section towards the bottom called “Additional app refinements”.

My favorite is the very last one:

Spotlight provides flight status information, including departure and arrival times, delays, gates, terminals and even a map of the flight path

Interesting.

Nice image. Wish Rene had shot this on a less scratchy surface. Makes me uncomfortable just looking at it. But a great shot.

The missing iPhone? The iPhone X, understandably.

The Verge:

According to BMW, the 9.4kWh battery in the 530e can be charged in about 3.5 hours at 3.2kW of power, or close to the level you’d get if you just plugged the car in with a cord.

A BMW North America spokesperson told The Verge in an email that the technology depicted in the video is still in the testing and evaluation phase for the US and Canada. It still needs UL approval, too.

In other countries, BMW plans to launch the wireless charging system early next year, but only on the 530e iPerformance plug-in hybrid sedan.

I wonder if this technology will make its way through other car manufacturers and, eventually, be a standard feature in the garage of all new homes.

TechCrunch:

Apple is switching the default provider of its web searches from Siri, Search inside iOS (formerly called Spotlight) and Spotlight on the Mac. So, for instance, if Siri falls back to a web search on iOS when you ask it a question, you’re now going to get Google results instead of Bing.

“Switching to Google as the web search provider for Siri, Search within iOS and Spotlight on Mac will allow these services to have a consistent web search experience with the default in Safari,” reads an Apple statement sent this morning. “We have strong relationships with Google and Microsoft and remain committed to delivering the best user experience possible.”

This will change on iOS for the ‘I don’t know what you’re asking but here are web results’ Siri behavior as well as intentional ‘hey, Siri, search the web for…’ queries.

I don’t know if average users even notice what service is providing them with search results. Where I can, I’ve switched to DuckDuckGo for my searches.

Thanks to Twocanoes Software for sponsoring The Loop this week. If you are upgrading to High Sierra and have a Boot Camp partition, check out Winclone 6. Winclone 6 is the ideal Mac App for backing up your Boot Camp partition. You spent a ton of time getting your Windows setup just right, and Winclone makes sure that you can always get back to that same setup. Winclone creates a exact clone of your Boot Camp partition, including all Windows system files, applications, and data. If you have a failed update, bad drive, or ransomware attack in Windows, you just restore your Winclone backup and you are back up and running.

Get 50% off Winclone 6 with code WCLOOPHS through Sept 30th.