PS2J 275 News – Bushel of Apple

Security alert

  • Google’s October 2019 Android security fix is here for the majority of Android devices and has a fix for a major vulnerability present on a bunch of different phones
    • The bug allows a hacker to remotely root and take complete control of the device if an infected app has been installed or if a Chrome-based loophole is used
    • If you have an Android device you should go into your Settings app and search for System Update to download and install it as soon as possible

Free games

  • Epic Games

    • Surviving Mars

      • 2018
      • City building simulation from the developers of the Tropico series modeled after real Martian data that has you building a colony on Mars by manufacturing resources and constructing buildings to ensure the survival of the colonists

Apple’s under fire this week for their wishy-washy capitulation to the Chinese government during the Hong Kong protests

  • Most of the controversy, involving Apple at least, revolves around an app called HKMap.Live that allows users to flag locations on a map. It’s being used to warn the public about things like concentrations of riot police, tear gas, and zones that are currently being locked down
    • According to people within Hong Kong, tear gas is routinely being deployed without warning in densely populated neighbourhoods just because the cops were being verbally taunted, and the police are firing bean bag rounds without warning at people that, for example, walk out of a subway station in a locked-down area
  • It originally hit headlines because Apple rejected the app, saying that it facilitates, enables, and encourages the evasion of law enforcement. Which is no more true that being able to flag speedtraps on Waze- it’s not like the app has GPS on every cop in the region
  • The app eventually did get approved and released, so people chalked it up to an overzealous App Store reviewer and left it at that
  • Then Apple came under fire in the Chinese state media, being accused of protecting “rioters” and enabling illegal behaviour
    • Interestingly enough, the same story made no mention of the fact that it’s also a web app and available on the Google Play store- it completely targeted Apple
  • In response to those stories, and presumably pressure from Chinese officials, Apple then removed the app from the App Store citing claims that it was used to target and ambush police, threaten public safety, and that criminals have used it to victimize residents in areas where they know there is no law enforcement.
    • They went on to say that the app violates Apple guidlines and local laws, but despite many inquiries neither Apple nor Chinese officials seem to be able to point those laws out
      • The Secretary for Transport and Housing laid the decision solely at Apple’s feet, saying to ask them for the reasons why
      • Tim Cook released a company-wide email talking about the situation, but still didn’t or couldn’t back up the claims that it was used to target individual officers for violence, or to victimize people or property where no police were present. And no one at any point has said what local laws in Hong Kong this app is violating.
  • At this point the app remains available Google Play and its webapp, and anyone that already installed it on their iDevices can still use it, but it’s not available for purchase or download any longer
  • For all Tim Cook’s talk of free speech and human rights, this really seems like a failure to stand up for what’s right. They’re just 100% buckling under the pressure of the Chinese government

In related news, Blizzard is in a similar situation but they’ve 100% embraced their Chinese overlords

  • After a professional Hearthstone player declared his support for the Hong Kong protest movement Blizzard handed him a one year suspension and rescinded his $10,000 tournament prize
  • This has even caught the attention of American senators, with Marco Rubio and Ron Wyden both calling Blizzard out for the censorship
  • This is a really bad look for a company with supposed values like “Think globally” and “Every voice matters”
  • Many are boycotting Blizzard games in protest, to the point where they have basically crashed the account deletion part of the Blizzard site
    • Early reports were suspicious of them trying to prevent a mass exodus by changing the requirements (ie needing photo ID to close the account, instead of the usual authenticator, sms, email, or secret question), but further testing has shown that they’ve either backpedaled on that strategy or, more likely, gotten a little-used part of their website some more resources
      • Interesting part there is that you don’t need to send in your id to make the account in the first place, so what exactly would they be verifying?

The latest iOS may be a bit of a mess, but it at least has a couple of new privacy features to go with it

  • If you’ve already updated you might have noticed a new security prompt when using some apps, asking if you want to allow them to use Bluetooth
  • It mentions that it’s used to connect to Bluetooth accessories, which makes sense, but also says apps can use it to know when you’re nearby
  • Apparently some retailers were using bluetooth beacons to track customers that had their app open, since they previously by default had the ability to see nearby Bluetooth devices without a prompt
  • They could also learn your location if you were near a public WiFi hotspot, but Apple now has things locked down so that’s no longer possible
  • The worst part about that tracking was that it wasn’t limited to apps you might expect like Best Buy, but also things like games, flashlights, or other one-off apps from sketchy developers
  • So now with the additional prompts users can basically deny everything that doesn’t make sense, and then if they notice that actual functions within the app are affected they can look at allowing the needed access
  • The next challenge will be apps from companies like X-Mode, which get permission to collect location data by plugging in to apps that actually do need your location
    • For instance they have an earthquake alert app, which would make sense to let track your location, but buried in the ToS is language that says they can use that location data for other means
  • End of the day it looks like we still need to be conscious of what apps we’re installing, but at least now iOS lets us know if that wallpaper app you downloaded is secretly trying to get your location data

macOS Catalina is here, and because I haven’t learned my lesson from installing iOS 13 on day 1 yet we’ve got the full scoop

  • One thing to note is that they’ve drawn a line in the sand and you can no longer run 32 bit apps. That should be limited to older software, but even some newer 64 bit apps may rely on 32 bit plugins
    • There’s a free download available called Go64 that will flag the applications on your system that won’t work after the update, as well as let you know when they were last used, and it was a handy way to make sure I was ready
      • I actually found you need to delete/reinstall Steam to get the new 64 bit version, even though the Blizzard launcher updated itself smoothly
  • iTunes has been split into three separate apps- Music, TV, and Podcasts. Gone are the days of a single bloated hub for all your media, but it’s shifted iPhone and iPad syncing to an unlikely new home- Finder
    • Once your device is plugged in you should see your phone near the bottom of the navigation bar on the left side of Finder. You can click on that to see the familiar sync and update options that used to live in iTunes
    • You’ll also see an option for “Show this device when on Wi-Fi”, which you’ll need to manually enable to get WiFi sync back the way it’s been for the last few years
    • Apple notes in their support documentation that things set to sync with the cloud, like Apple Music, may not be available through the new Finder sync, possibly in a move to push more people into the iCloud and away from local syncing and backups
    • Also, despite its name, TV is the new home for all the video content including movies
  • They’ve also released Mac Catalyst, allowing developers to port iPad apps directly to macOS with the addition of multiple windows, drag/drop, and keyboard shortcuts
  • Photos has been updated with more sorting/filtering options and some automatic curation similar to Facebook, highlighting important moments like birthdays and vacations
  • Notes and Reminders have also been updated with the new iOS 13 features and finally sync properly across all your updated devices! And there was much rejoicing
  • Apple Arcade is now up on Mac in addition to iOS and AppleTV, meaning you can really take your game subscription anywhere
    • I’ve been itching to give it all a try, so expect my impressions in the coming weeks
  • Sidecar is brand new in Catalina, letting you use your iPad as a second monitor for your Mac. You can even use your Apple Pencil to control things, giving you a solid tablet interface for your computer for things like Adobe Creative Cloud, Maya, ZBrush, and more
  • Screen Time has come to the Mac, giving you insight into how you’re spending your time and allowing you to monitor usage, schedule downtime, and set limits for apps and websites across all your devices for yourself or your family
    • You’ll even be able to set communication limits as of this spring, if you want to limit who your kids can contact at certain times of the day (or night) without blocking their ability to contact you if they need to
  • On top of all that we also got a bunch of new security features, like better encryption, activation lock for lost or stolen hardware so only you can erase and reactivate your Mac, better controls to prevent accidental overwrites of system files (I’m looking at you, Chrome update we discussed in 273), and permissions prompts before apps get access to your files, keyboard activity, or images of your screen.
    • They’ve also set up the new Find My app with a couple tweaks to help locate a missing Mac, even if it’s offline and sleeping, by sending out Bluetooth signals that can be detected by Apple devices in use nearby so they can then relay the location so you can find it. And it’s all encrypted end-to-end so not even Apple knows the identity of the reporting device or the location of your hardware
  • Plus some great new accessibility features that let users control their Mac, iPhone, or iPad entirely with their voice, and tools to let users with low vision adjust magnification or visiblity on the fly
  • All that is available now, free, for most Mac hardware from 2012 or later.

The internet has found a way to get official Google apps back on Huawei phones, and you definitely shouldn’t do it

  • Recently the Trump administration banned US companies from doing business with Huawei as part of the trade war between the US and China
  • This has made their latest phone, the Mate 30 Pro, the first to launch without Google apps even though it uses the Android operating system
    • So it can’t access apps like the Play Store, YouTube, Chrome, Google Assistant, and more
  • Generally this wouldn’t be a big deal- gray market distribution of Google apps is something the modding community has been doing for years, but the Mate 30 has locked down the loopholes that are normally used for devices like the Kindle Fire
  • Instead the new method is to install them through a website called Lzplay.net, which has been promoted by many major Android news sites and is very easily searchable
    • It’s easy to see why it’s so popular too- you just go to the website, install the app, hit ‘next’ a few times, and it installs a batch of Google system apps in the blink of an eye
  • Unfortunately the method it uses to do so is suspect at best and a security nightmare at worst
    • The website plugs in the Android’s Mobile Device Management framework, usually meant to give your IT department full control over a company-issued device. The goal there being that they have as much control remotely as you do physically- they can install/uninstall apps, change passwords, wipe lost or stolen devices, and all kinds of other things
    • These are permissions that should only ever be given to someone you 100% trust- I don’t even like giving that access to my employer, even though they pay my phone bill
  • The big problem here is that no one knows who or what owns Lzplay.net, so you’re essentially giving full ownership of your phone and its data to a random website registered somewhere in mainland China, which historically doesn’t sound like a great idea
  • On top of that, a lot of the write-ups and video guides out there really gloss over how it works and just how many permissions you’re granting. Almost none of them mention the fact that you’re left with this massive backdoor to your phone, and removing the app as your device administrator requires digging through a lot of settings
  • Lzplay might not do anything malicious today, but tomorrow it could fill your phone with bitcoin miners, install ransomware, or brick your phone
  • If you want more details on just how suspicious the site’s background is, like how it uses secret Huawei code and launched three days before the phone even came out, check out ArsTechnica’s article on the whole debacle

Watch out, there’s a new sneaky phone scam making the rounds that looks like one of the most credible phishing attempts out there at the moment

  • Twitter user Pieter Gunst reported that he got a call from someone claiming to be his bank, asking if he’d used his card in another city. When he said no, the caller apparently blocked the transaction and asked for his customer number to verify his identity (red flag number 1)
  • Not realizing things weren’t on the up and up quite yet Gunst gave it, and the person on the phone then said they were sending a verification PIN for him to read back (red flag number 2). He later realized the scammer was resetting his online banking password through the Forgotten Password link, and used that verification number to do so
  • The scammer then read off a few other charges to sound legitimate, now that they’d gotten access to his online statements, and after he’d confirmed he made them the scammer said they then wanted “to block the PIN on your account, so you get a fraud alert when it is used again.”, and asked for his current PIN (at this point dozens of red flags were raining from the heavens and luckily Gunst realized something was up)
  • He hung up on the scammer and called his bank’s actual fraud department, as well as his local police department to file a report on the number that called
  • Based on my experience, as well as common sense if you think about it, if the bank is calling you then they know who you are. When my card was compromised the fraud department called me, verified which charges were legit, and then cancelled/reissued my credit card without ever asking me for passwords, or my PIN
    • If you ever do get a call and they start asking weird questions or you’re at all worried about its legitimacy, let them know you want to call them back and then get the number either from the back of your card or your bank’s website (don’t use any phone numbers they give you). That way you can be sure who you’re talking to, even if you have to jump through a couple extra hoops to do so

The LEGO Group is putting old bricks to use

  • The LEGO Group announced the start of LEGO Replay.
    • This pilot program will accept old bricks, wash them and donate them to children’s non-profit charities
    • its a collaboration with Give Back Box, Teach for America, and Boys & Girls Clubs of Boston
  • They made it easy to donate as well
    • collect any bricks, sets, lego figures you’re not using in a cardboard box
    • Vist Lego.com/replay to get a free UPS shipping label
    • Ship it, Lego takes care of the rest!
  • Your package is sent to the Give Back Box facility
    • They will sort the Lego
    • Inspect for damage
    • And clean it thouroughly
  • Tim Brooks, Vice President of Environmental Responsibility at the Lego Group had this to say:
    • We know people don’t throw away their LEGO bricks
    • The vast majority hand them down to their children or grandchildren.
    • But others have asked us for a safe way to dispose of or to donate their bricks
    • With replay, they have an easy option that’s both sustainable and socially impactful
  • The founder of Give Back Box, Monika Wiela, also said:
    • I am excited to join the LEGO group in this pilot program
    • Growing up in Poland, I didn’t have many toys as a child, so this collaboration is rather personal for me
    • What’s better than giving a child the gift of play?
    • For us, the number of donations we receive is critical to a successful campaign, so we’ve made it as easy as possible for folks at home to send in their idle bricks
  • Among the bricks sent out
    • There is a portion going to Boys & Girls Clubs of Boston for thier after-school programs
    • First shipments in November 2019.
    • Once the pilot is complete in Spring 2020, the LEGO group will evaluate a possible expansion of the program
  • LEGO replay is one of the many sustainable and philanthropic efforts the LEGO group has announced in the past year
    • Recent efforts include bricks made from plants, braille bricks and audio & braille instructions.

Josh wants to get into Streaming

Trying XSplit Gamecaster
They have a camera app that can capture just you with, I dunno, machine learning?
I want to stream Overwatch, HotS, and whatever I play. Like Sims 4, Rollercoaster Tycoon, any whatever free game I get from Alan’s free games list.

Tidbits

  • Bose has discontinued their noise-masking Sleepbuds earbuds due to battery and charging issues, and are offering full refunds as long as you put in your request by the end of the year
    • They also note that if you want to keep using them their newer Sleepbuds are less likely to see problems, and they’ll continue replacing them while supplies last
  • PS4 remote play has gotten amped up on iOS with the ability to connect your Dualshock 4 controller to iPhones and iPads
    • Previously we were stuck with on-screen controls, which aren’t great for the sheer number of buttons involved, but with an actual controller it makes remote place a lot more useful
  • Spotify has been updated on iPhone to include Siri support, and it works almost exactly how I’d hoped- you just ask it to play a song, artist, or playlist followed by “with Spotify” or “on Spotify” and it picks up the command easily
    • One annoying nitpick though, it doesn’t play nice with Siri on my watch so changing music while driving continues to be slightly more awkward than it needs to be
  • Steam has announced their Remote Play Together feature coming near the end of this month, giving a couch-coop experience online
    • The idea is that the host computer runs as if it was a local multiplayer session, split screen and all, then streams the video to your remote friends while they stream their controller inputs back

Recommend The Adventures of Ichabod and Mister Toad from 1949

  • Especially the second half, where it does a full Disney take on The Legend of Sleepy Hollow narrated and voiced by Bing Crosby
  • It’s charming and just a real treat in the fall season to hear more of Bing not limited to Christmas carols, and it’s a solid delivery of the story of Ichabod Crane and the Headless Horseman
  • Plus as a bonus you also get The Wind in the Willows, narrated by Basil Rathbone, which is another excellent example of Disney animation at its finest
  • Each segment is about half an hour, which leaves neither of them feeling padded or cut short. Just the right amount of two great Disney films

Literally Misleading

Last Week:

Movie – A typical cowboy saves the princess tale.  (Shanghai Noon, Movie)

This Week:

Game – Sadistic architect values efficiency over safety.

 

For more content, Patreon supports get access to upcoming ideas and more!

A huge thanks to Dalton, for supporting us for so long.

And thanks to all our ‘fanily’ that support us.
And if you want to support us too, its as easy as clicking this link!
We are a proud member of the Alberta Podcast Network powered by ATB
And talk to us in the comments!
Twitter and Instagram @ps2jshow
A Facebook Page exists as well.

Free games

  • Microsoft

    • Inside

      • 2016
      • The spiritual successor to Limbo, Inside is another deceptively simple platformer where you control a small boy in a big, very dangerous world
    • Big Crown: Showdown

      • 2019
      • Four player action/fighting/party game with one-button combat that has you dodging obstacles and slamming into your friends on an auto-scrolling level
    • Castlevania: Symphony of the Night

      • 2007 re-release of the 1997 title
      • Platform adventure action that introduced non-linear levels and RPG elements to the series, following four years after the events of Rondo of Blood, and featuring Dracula’s son Alucard exploring his father’s castle
    • Meet the Robinsons

      • 2007
      • Video game tie-in to the Disney animated film, it has you helping Wilbur Robinson save the future by travelling to the past and putting things back in order.
  • Epic Games

    • Overcooked

      • 2016
      • A co-op party game where you and up to three friends work together in a kitchen to prepare meals, working around fires, shifting floors, and other obstacles
 

China is forcing tourists to install malware on their phones to enter the country

  • Foreigners crossing some borders into the Xinjiang region are having their phones seized by border guards and being forced to install a piece of Android malware that gives a ton of data to the authorities
    • Analysis of the app shows it gathering all of the phone’s calendar entries, phone contacts, call logs, and text messages, then uploading them to a server
  • The malware also scans the device for a specific set of files, including extremist Islamic content, academic books on Islam by leading researchers, PDFs related to the Dalai Lama and even music from a Japanese metal band Unholy Grave (who have a song called “Taiwan: Another China”)
  • Apple users aren’t safe either- it also appears that there are machines for searching iPhones at the border, since iOS doesn’t give the same access to apps that Android can, but that hasn’t been confirmed
  • This is yet another piece of oppression against populations in the region that are already subject to physical searches and CCTV facial recognition. Be careful out there
 

Samsung is being hit with a lawsuit from Australian consumer watchdogs

  • The Australian Competition and Consumer Commission is suing them for ads showing a swimmer using the device while sitting at the bottom of a pool or while in the ocean
  • According to the lawsuit, the ACCC says they did not know or test the effects of pool or saltwater exposure
    • One thing to note here, if you’ve ever tried to use a wet touchscreen phone you’ll know that it’s inaccurate at best and impossible at worst with that conductivity all over the place
  • Either way, Samsung’s Galaxy phones are marketed as being resistant to water 1.5 meters deep for 30 minutes, but the ACCC contends that does not cover all types of water so they might have a case
 

Researchers have shown a proof-of-concept attack that involves using a drone to project fake street signs on the side of a building

  • In a video posted online they successfully tricked a Mobileye driver assist system into thinking the speed limit jumped from the actual 30km/h to 90
  • Mobileye says they don’t believe this counts as spoofing because a human would not be tricked, but once we get into self-driving cars any time a computer accepts illegitimate input that’s going to be a problem
    • Even if the system relies on other sources like GPS to verify the speed limit, this is one more safeguard removed
  • I could almost see this happening in the next Mission Impossible, where an AI driven vehicle is redirected by fake signs and a spoofed GPS signal projected from a drone tailing it
 

The Google exec in charge of the new Stadia game streaming service says he thinks data caps won’t be a problem, proving that humans can function normally with their head lodged firmly in the sand

  • When pressed he said that he expects data caps would be raised because “ISPs are smart [and] they understand that they’re in the business of keeping customers happy and keeping customers with them for a long time,”
  • With the service taking up to 16GB per hour, using up 1TB within 65 hours of gameplay, the rules might be a little different than he’s expecting even before looking at internet providers’ history of nickel and diming consumers into the ground
 

Good news for Shenmue III backers disappointed at the move from Steam to Epic- you can now get a refund

  • During the 2015 Kickstarter campaign fans were told that it would be coming to Steam (and also that it would arrive December 2017, but that’s Kickstarter for you)
  • Then during this year’s E3 the developer and publisher revealed that the PC version would be exclusive to Epic Games
  • At first all the refund requests were being denied, leading to many angry comments on the campaign’s page, but now apparently they’ve reversed that decision thanks to Epic covering the refunds so that the development funding isn’t affected
  • All in all it’s a classy move from Epic, but highlights the problems with these kind of storefronts locking consumers in. These are the new console wars
 

Tidbits

  • After the revelations about Amazon employees storing and reviewing recordings of Alexa conversations we covered in 246 and 249, it’s come out that Amazon keeps recordings of Alexa commands “until the customer chooses to delete them”
    • You can delete them under the Alexa Privacy section of your Amazon account, but if they’re relying on users to tell them when to delete them then they should really tell us
  • A random new quality of life feature called FaceTime Attention Correction is hitting this fall in iOS 13, which makes on the fly adjustments while using the video chat to make it look like you’re making eye contact
  • Exciting news- After more than a couple false starts trying to hit the big screen, Gaiman’s Sandman graphic novel is officially being adapted into a streaming series on Netflix
  • Everyone needs to go check out the ridiculously unusable website userinyerface.com
    • Made by a design firm, it puts you through a gauntlet that breaks every web form common practice in the worst ways
 

Alan recommends

Shopping at your local farmer’s market

 

Literally Misleading

Game – With little information, and being a little special, the protagonist chases after their son’s captors, after warming up to the world.
 
If you have a Literally Misleading Description, message Josh directly on our Discord, or Twitter @fushigiyami
 

For more content, Patreon supports get access to upcoming ideas and more!

A huge thanks to Karen, for believing in us for so long.
And thanks to all our ‘fanily’ that support us.
And if you want to support us too, its as easy as clicking this link!
 
We are a proud member of the Alberta Podcast Network powered by ATB
 
And talk to us in the comments!
 
 
Twitter and Instagram @ps2jshow
 
A Facebook Page exists as well.