PS2J 275 News – Bushel of Apple

Security alert

  • Google’s October 2019 Android security fix is here for the majority of Android devices and has a fix for a major vulnerability present on a bunch of different phones
    • The bug allows a hacker to remotely root and take complete control of the device if an infected app has been installed or if a Chrome-based loophole is used
    • If you have an Android device you should go into your Settings app and search for System Update to download and install it as soon as possible

Free games

  • Epic Games

    • Surviving Mars

      • 2018
      • City building simulation from the developers of the Tropico series modeled after real Martian data that has you building a colony on Mars by manufacturing resources and constructing buildings to ensure the survival of the colonists

Apple’s under fire this week for their wishy-washy capitulation to the Chinese government during the Hong Kong protests

  • Most of the controversy, involving Apple at least, revolves around an app called HKMap.Live that allows users to flag locations on a map. It’s being used to warn the public about things like concentrations of riot police, tear gas, and zones that are currently being locked down
    • According to people within Hong Kong, tear gas is routinely being deployed without warning in densely populated neighbourhoods just because the cops were being verbally taunted, and the police are firing bean bag rounds without warning at people that, for example, walk out of a subway station in a locked-down area
  • It originally hit headlines because Apple rejected the app, saying that it facilitates, enables, and encourages the evasion of law enforcement. Which is no more true that being able to flag speedtraps on Waze- it’s not like the app has GPS on every cop in the region
  • The app eventually did get approved and released, so people chalked it up to an overzealous App Store reviewer and left it at that
  • Then Apple came under fire in the Chinese state media, being accused of protecting “rioters” and enabling illegal behaviour
    • Interestingly enough, the same story made no mention of the fact that it’s also a web app and available on the Google Play store- it completely targeted Apple
  • In response to those stories, and presumably pressure from Chinese officials, Apple then removed the app from the App Store citing claims that it was used to target and ambush police, threaten public safety, and that criminals have used it to victimize residents in areas where they know there is no law enforcement.
    • They went on to say that the app violates Apple guidlines and local laws, but despite many inquiries neither Apple nor Chinese officials seem to be able to point those laws out
      • The Secretary for Transport and Housing laid the decision solely at Apple’s feet, saying to ask them for the reasons why
      • Tim Cook released a company-wide email talking about the situation, but still didn’t or couldn’t back up the claims that it was used to target individual officers for violence, or to victimize people or property where no police were present. And no one at any point has said what local laws in Hong Kong this app is violating.
  • At this point the app remains available Google Play and its webapp, and anyone that already installed it on their iDevices can still use it, but it’s not available for purchase or download any longer
  • For all Tim Cook’s talk of free speech and human rights, this really seems like a failure to stand up for what’s right. They’re just 100% buckling under the pressure of the Chinese government

In related news, Blizzard is in a similar situation but they’ve 100% embraced their Chinese overlords

  • After a professional Hearthstone player declared his support for the Hong Kong protest movement Blizzard handed him a one year suspension and rescinded his $10,000 tournament prize
  • This has even caught the attention of American senators, with Marco Rubio and Ron Wyden both calling Blizzard out for the censorship
  • This is a really bad look for a company with supposed values like “Think globally” and “Every voice matters”
  • Many are boycotting Blizzard games in protest, to the point where they have basically crashed the account deletion part of the Blizzard site
    • Early reports were suspicious of them trying to prevent a mass exodus by changing the requirements (ie needing photo ID to close the account, instead of the usual authenticator, sms, email, or secret question), but further testing has shown that they’ve either backpedaled on that strategy or, more likely, gotten a little-used part of their website some more resources
      • Interesting part there is that you don’t need to send in your id to make the account in the first place, so what exactly would they be verifying?

The latest iOS may be a bit of a mess, but it at least has a couple of new privacy features to go with it

  • If you’ve already updated you might have noticed a new security prompt when using some apps, asking if you want to allow them to use Bluetooth
  • It mentions that it’s used to connect to Bluetooth accessories, which makes sense, but also says apps can use it to know when you’re nearby
  • Apparently some retailers were using bluetooth beacons to track customers that had their app open, since they previously by default had the ability to see nearby Bluetooth devices without a prompt
  • They could also learn your location if you were near a public WiFi hotspot, but Apple now has things locked down so that’s no longer possible
  • The worst part about that tracking was that it wasn’t limited to apps you might expect like Best Buy, but also things like games, flashlights, or other one-off apps from sketchy developers
  • So now with the additional prompts users can basically deny everything that doesn’t make sense, and then if they notice that actual functions within the app are affected they can look at allowing the needed access
  • The next challenge will be apps from companies like X-Mode, which get permission to collect location data by plugging in to apps that actually do need your location
    • For instance they have an earthquake alert app, which would make sense to let track your location, but buried in the ToS is language that says they can use that location data for other means
  • End of the day it looks like we still need to be conscious of what apps we’re installing, but at least now iOS lets us know if that wallpaper app you downloaded is secretly trying to get your location data

macOS Catalina is here, and because I haven’t learned my lesson from installing iOS 13 on day 1 yet we’ve got the full scoop

  • One thing to note is that they’ve drawn a line in the sand and you can no longer run 32 bit apps. That should be limited to older software, but even some newer 64 bit apps may rely on 32 bit plugins
    • There’s a free download available called Go64 that will flag the applications on your system that won’t work after the update, as well as let you know when they were last used, and it was a handy way to make sure I was ready
      • I actually found you need to delete/reinstall Steam to get the new 64 bit version, even though the Blizzard launcher updated itself smoothly
  • iTunes has been split into three separate apps- Music, TV, and Podcasts. Gone are the days of a single bloated hub for all your media, but it’s shifted iPhone and iPad syncing to an unlikely new home- Finder
    • Once your device is plugged in you should see your phone near the bottom of the navigation bar on the left side of Finder. You can click on that to see the familiar sync and update options that used to live in iTunes
    • You’ll also see an option for “Show this device when on Wi-Fi”, which you’ll need to manually enable to get WiFi sync back the way it’s been for the last few years
    • Apple notes in their support documentation that things set to sync with the cloud, like Apple Music, may not be available through the new Finder sync, possibly in a move to push more people into the iCloud and away from local syncing and backups
    • Also, despite its name, TV is the new home for all the video content including movies
  • They’ve also released Mac Catalyst, allowing developers to port iPad apps directly to macOS with the addition of multiple windows, drag/drop, and keyboard shortcuts
  • Photos has been updated with more sorting/filtering options and some automatic curation similar to Facebook, highlighting important moments like birthdays and vacations
  • Notes and Reminders have also been updated with the new iOS 13 features and finally sync properly across all your updated devices! And there was much rejoicing
  • Apple Arcade is now up on Mac in addition to iOS and AppleTV, meaning you can really take your game subscription anywhere
    • I’ve been itching to give it all a try, so expect my impressions in the coming weeks
  • Sidecar is brand new in Catalina, letting you use your iPad as a second monitor for your Mac. You can even use your Apple Pencil to control things, giving you a solid tablet interface for your computer for things like Adobe Creative Cloud, Maya, ZBrush, and more
  • Screen Time has come to the Mac, giving you insight into how you’re spending your time and allowing you to monitor usage, schedule downtime, and set limits for apps and websites across all your devices for yourself or your family
    • You’ll even be able to set communication limits as of this spring, if you want to limit who your kids can contact at certain times of the day (or night) without blocking their ability to contact you if they need to
  • On top of all that we also got a bunch of new security features, like better encryption, activation lock for lost or stolen hardware so only you can erase and reactivate your Mac, better controls to prevent accidental overwrites of system files (I’m looking at you, Chrome update we discussed in 273), and permissions prompts before apps get access to your files, keyboard activity, or images of your screen.
    • They’ve also set up the new Find My app with a couple tweaks to help locate a missing Mac, even if it’s offline and sleeping, by sending out Bluetooth signals that can be detected by Apple devices in use nearby so they can then relay the location so you can find it. And it’s all encrypted end-to-end so not even Apple knows the identity of the reporting device or the location of your hardware
  • Plus some great new accessibility features that let users control their Mac, iPhone, or iPad entirely with their voice, and tools to let users with low vision adjust magnification or visiblity on the fly
  • All that is available now, free, for most Mac hardware from 2012 or later.

The internet has found a way to get official Google apps back on Huawei phones, and you definitely shouldn’t do it

  • Recently the Trump administration banned US companies from doing business with Huawei as part of the trade war between the US and China
  • This has made their latest phone, the Mate 30 Pro, the first to launch without Google apps even though it uses the Android operating system
    • So it can’t access apps like the Play Store, YouTube, Chrome, Google Assistant, and more
  • Generally this wouldn’t be a big deal- gray market distribution of Google apps is something the modding community has been doing for years, but the Mate 30 has locked down the loopholes that are normally used for devices like the Kindle Fire
  • Instead the new method is to install them through a website called Lzplay.net, which has been promoted by many major Android news sites and is very easily searchable
    • It’s easy to see why it’s so popular too- you just go to the website, install the app, hit ‘next’ a few times, and it installs a batch of Google system apps in the blink of an eye
  • Unfortunately the method it uses to do so is suspect at best and a security nightmare at worst
    • The website plugs in the Android’s Mobile Device Management framework, usually meant to give your IT department full control over a company-issued device. The goal there being that they have as much control remotely as you do physically- they can install/uninstall apps, change passwords, wipe lost or stolen devices, and all kinds of other things
    • These are permissions that should only ever be given to someone you 100% trust- I don’t even like giving that access to my employer, even though they pay my phone bill
  • The big problem here is that no one knows who or what owns Lzplay.net, so you’re essentially giving full ownership of your phone and its data to a random website registered somewhere in mainland China, which historically doesn’t sound like a great idea
  • On top of that, a lot of the write-ups and video guides out there really gloss over how it works and just how many permissions you’re granting. Almost none of them mention the fact that you’re left with this massive backdoor to your phone, and removing the app as your device administrator requires digging through a lot of settings
  • Lzplay might not do anything malicious today, but tomorrow it could fill your phone with bitcoin miners, install ransomware, or brick your phone
  • If you want more details on just how suspicious the site’s background is, like how it uses secret Huawei code and launched three days before the phone even came out, check out ArsTechnica’s article on the whole debacle

Watch out, there’s a new sneaky phone scam making the rounds that looks like one of the most credible phishing attempts out there at the moment

  • Twitter user Pieter Gunst reported that he got a call from someone claiming to be his bank, asking if he’d used his card in another city. When he said no, the caller apparently blocked the transaction and asked for his customer number to verify his identity (red flag number 1)
  • Not realizing things weren’t on the up and up quite yet Gunst gave it, and the person on the phone then said they were sending a verification PIN for him to read back (red flag number 2). He later realized the scammer was resetting his online banking password through the Forgotten Password link, and used that verification number to do so
  • The scammer then read off a few other charges to sound legitimate, now that they’d gotten access to his online statements, and after he’d confirmed he made them the scammer said they then wanted “to block the PIN on your account, so you get a fraud alert when it is used again.”, and asked for his current PIN (at this point dozens of red flags were raining from the heavens and luckily Gunst realized something was up)
  • He hung up on the scammer and called his bank’s actual fraud department, as well as his local police department to file a report on the number that called
  • Based on my experience, as well as common sense if you think about it, if the bank is calling you then they know who you are. When my card was compromised the fraud department called me, verified which charges were legit, and then cancelled/reissued my credit card without ever asking me for passwords, or my PIN
    • If you ever do get a call and they start asking weird questions or you’re at all worried about its legitimacy, let them know you want to call them back and then get the number either from the back of your card or your bank’s website (don’t use any phone numbers they give you). That way you can be sure who you’re talking to, even if you have to jump through a couple extra hoops to do so

The LEGO Group is putting old bricks to use

  • The LEGO Group announced the start of LEGO Replay.
    • This pilot program will accept old bricks, wash them and donate them to children’s non-profit charities
    • its a collaboration with Give Back Box, Teach for America, and Boys & Girls Clubs of Boston
  • They made it easy to donate as well
    • collect any bricks, sets, lego figures you’re not using in a cardboard box
    • Vist Lego.com/replay to get a free UPS shipping label
    • Ship it, Lego takes care of the rest!
  • Your package is sent to the Give Back Box facility
    • They will sort the Lego
    • Inspect for damage
    • And clean it thouroughly
  • Tim Brooks, Vice President of Environmental Responsibility at the Lego Group had this to say:
    • We know people don’t throw away their LEGO bricks
    • The vast majority hand them down to their children or grandchildren.
    • But others have asked us for a safe way to dispose of or to donate their bricks
    • With replay, they have an easy option that’s both sustainable and socially impactful
  • The founder of Give Back Box, Monika Wiela, also said:
    • I am excited to join the LEGO group in this pilot program
    • Growing up in Poland, I didn’t have many toys as a child, so this collaboration is rather personal for me
    • What’s better than giving a child the gift of play?
    • For us, the number of donations we receive is critical to a successful campaign, so we’ve made it as easy as possible for folks at home to send in their idle bricks
  • Among the bricks sent out
    • There is a portion going to Boys & Girls Clubs of Boston for thier after-school programs
    • First shipments in November 2019.
    • Once the pilot is complete in Spring 2020, the LEGO group will evaluate a possible expansion of the program
  • LEGO replay is one of the many sustainable and philanthropic efforts the LEGO group has announced in the past year
    • Recent efforts include bricks made from plants, braille bricks and audio & braille instructions.

Josh wants to get into Streaming

Trying XSplit Gamecaster
They have a camera app that can capture just you with, I dunno, machine learning?
I want to stream Overwatch, HotS, and whatever I play. Like Sims 4, Rollercoaster Tycoon, any whatever free game I get from Alan’s free games list.

Tidbits

  • Bose has discontinued their noise-masking Sleepbuds earbuds due to battery and charging issues, and are offering full refunds as long as you put in your request by the end of the year
    • They also note that if you want to keep using them their newer Sleepbuds are less likely to see problems, and they’ll continue replacing them while supplies last
  • PS4 remote play has gotten amped up on iOS with the ability to connect your Dualshock 4 controller to iPhones and iPads
    • Previously we were stuck with on-screen controls, which aren’t great for the sheer number of buttons involved, but with an actual controller it makes remote place a lot more useful
  • Spotify has been updated on iPhone to include Siri support, and it works almost exactly how I’d hoped- you just ask it to play a song, artist, or playlist followed by “with Spotify” or “on Spotify” and it picks up the command easily
    • One annoying nitpick though, it doesn’t play nice with Siri on my watch so changing music while driving continues to be slightly more awkward than it needs to be
  • Steam has announced their Remote Play Together feature coming near the end of this month, giving a couch-coop experience online
    • The idea is that the host computer runs as if it was a local multiplayer session, split screen and all, then streams the video to your remote friends while they stream their controller inputs back

Recommend The Adventures of Ichabod and Mister Toad from 1949

  • Especially the second half, where it does a full Disney take on The Legend of Sleepy Hollow narrated and voiced by Bing Crosby
  • It’s charming and just a real treat in the fall season to hear more of Bing not limited to Christmas carols, and it’s a solid delivery of the story of Ichabod Crane and the Headless Horseman
  • Plus as a bonus you also get The Wind in the Willows, narrated by Basil Rathbone, which is another excellent example of Disney animation at its finest
  • Each segment is about half an hour, which leaves neither of them feeling padded or cut short. Just the right amount of two great Disney films

Literally Misleading

Last Week:

Movie – A typical cowboy saves the princess tale.  (Shanghai Noon, Movie)

This Week:

Game – Sadistic architect values efficiency over safety.

 

For more content, Patreon supports get access to upcoming ideas and more!

A huge thanks to Dalton, for supporting us for so long.

And thanks to all our ‘fanily’ that support us.
And if you want to support us too, its as easy as clicking this link!
We are a proud member of the Alberta Podcast Network powered by ATB
And talk to us in the comments!
Twitter and Instagram @ps2jshow
A Facebook Page exists as well.

A local video game jazz cover band releases their album. Facebook is giving away information you though was secure. Josh is an old man and talks about his oatmeal while Alan has a young hip webcomic to recommend.

Buy “Try Blowing on the Cartridge” clicking here!

For more info, Patreon supports get access to our show notes!

A huge thanks to Dalton, our favourite fan. And thanks to all our Official Fans that support us.
And if you want to support us too, its as easy as clicking this link!

Also, make sure to check out RIPT Apparel for sweet 24 tee shirt designs. And don’t forget to use the coupon code PS2JSHOW for 10% off!

We are a proud member of the Alberta Podcast Network powered by ATB

And talk to us in the comments!
Or…

Discord Server
Twitter and Instagram @ps2jshow
Facebook