By John Gruber
Atoms are the world’s first shoes to come in quarter sizes. Experience them today at Atoms.com.
“We wanted this thing to come out of nowhere, fully formed, and just blow everybody’s minds.” That’s Panic co-founder Cabel Sasser, in the cover story of the new issue of Edge magazine.
The story is about Playdate, the most amazing and exciting product announcement, for me, since the original iPhone.
Everything racing through your mind right now as “but that’s impossible” is, in fact, not impossible. It’s true. Panic is making a handheld game player. It is adorable and exciting and fun and technically impressive. Go read all about it at Panic’s (also adorable, exciting, fun, and technically impressive) Playdate website, which even has a great domain name.
They’re making their own hardware (in conjunction with Swedish device makers Teenage Engineering). They wrote their own OS (there’s no Linux). It has a high resolution 400 × 240 black and white display with no backlighting. It has a crank.
It’s going to cost only $149 — $149! — and that includes a “season” of 12 games from an amazing roster of beloved video game creators, delivered every Monday for 12 weeks.
The idea of a new upstart, a company the size of Panic — with only software experience at that — jumping into the hardware game with a brand new platform harkens back to the ’80s and ’90s. But even back then, a company like, say, General Magic or Palm, was VC-backed and aspired to be a titan. To be the next Atari or Commodore or Apple.
In today’s world all the new computing devices and platforms come from huge companies. Apple of course. All the well-known Android handset makers building off an OS provided by Google. Sony. Nintendo.
Panic is almost cheating in a way because they’re tiny. The Playdate platform isn’t competing with the state of the art. It’s not a retro platform, per se, but while it has an obviously nostalgic charm it is competing only on its own terms. Its only goal is to be fun. And aspects of Playdate are utterly modern: Wi-Fi, Bluetooth, apps and software updates delivered over-the-air.
They’re taking advantage of an aspect of today’s world that is brand new – the Asian supply chain, the cheapness of Asian manufacturing, the cheapness of CPU and GPU cycles that allows things like Raspberry Pi to cost just $35.
And then there’s the issue of freedom. Last night Steven Frank, Panic’s other co-founder, tease-tweeted a link to Steve Jobs quoting Alan Kay during the introduction of the original iPhone: “People who are really serious about software should make their own hardware.”
You know that scene in GoodFellas where Tommy is about to be made, and Jimmy and Henry can’t contain their excitement because it’s as close as they themselves will ever get to being made? That’s a bit how I feel about Playdate — I have so many friends at Panic, and this feels as close as I’ll ever get to the makers of a hardware platform. (Let’s please ignore the fact that everything goes to shit in GoodFellas at that point.)
Cabel Sasser let me in on this about two weeks ago, and I don’t think I’ve spent a waking hour since when I haven’t thought about Playdate at least once. I am so excited to get one of these in my hands — and so proud of and happy for my friends at Panic.
This is fucking amazing. ★
Apple updated MacBook Pro with faster 8th- and 9th-generation Intel Core processors, bringing eight cores to MacBook Pro for the first time. MacBook Pro now delivers two times faster performance than a quad-core MacBook Pro and 40 percent more performance than a 6-core MacBook Pro, making it the fastest Mac notebook ever. […]
MacBook Pro is more powerful than ever for compiling code, processing high-resolution images, rendering 3D graphics, editing multiple streams of 4K video and more. The 15-inch MacBook Pro now features faster 6- and 8-core Intel Core processors, delivering Turbo Boost speeds up to 5.0 GHz, while the 13-inch MacBook Pro with Touch Bar features faster quad-core processors with Turbo Boost speeds up to 4.7 GHz.
Long story short, nice year-over-year CPU speed bumps for the entire MacBook Pro lineup, except for the 13-inch MacBook Pro without Touch Bar, which remains unchanged.1
The updates to the 13-inch models are relatively minor. The base model goes from a 2.3 GHz quad-core Core i5 with Turbo Boost up to 3.8 GHz, to a 2.4 GHz quad-core Core i5 with Turbo Boost up to 4.1 GHz. The fastest build-to-order option goes from a 2.7 GHz quad-core Core i7 with Turbo Boost up to 4.5 GHz, to a 2.8 GHz quad-core Intel Core i7 with Turbo Boost up to 4.7 GHz. Nothing truly major there, but I think it’s great that they speed-bumped them anyway — and the move from 7th-generation Intel CPUs to 8th-generation is apparently a bigger deal, performance-wise, than the clock speeds suggest.
The updates to the 15-inch models are more significant. And if you’re a pro user whose work is genuinely CPU-constrained, the 15-inch is the model you’re buying. The $2,400 base model goes from a 2.2 GHz 6-core Intel Core i7 with Turbo Boost up to 4.1 GHz, to a 2.6 GHz 6-core Intel Core i7 with Turbo Boost up to 4.5 GHz. That’s a nice year-over-year bump right there. The fastest configuration goes from a 2.9 GHz 6-core Intel Core i9 with Turbo Boost up to 4.8 GHz, to a 2.4 GHz 8-core Intel Core i9, Turbo Boost up to 5.0 GHz. This is the first time any Apple portable has reached 8 cores or 5 GHz.
The very best model you can configure — the high-end 8-core CPU, with 32 GB of RAM, 4 TB of SSD storage, and the Radeon Pro Vega 20 video card — costs a very professional $6,549.
One word that doesn’t appear in today’s announcement is “keyboard”. Seriously, when the announcement went live at 1pm ET, the first thing I did was search for “keyboard”: “Not found”. But Apple spoke on background to a bunch of folks in the media this morning, including yours truly, and they do have keyboard-related news.
First, these new MacBook Pros still have the third-generation butterfly-switch keyboard that debuted with last July’s updated MacBook Pros. But Apple has changed the mechanism under the hood, using a new material for at least one of the components in these switches. The purpose of this change is specifically to increase the reliability of the keyboards. Apple emphasized to me their usual line that the “vast majority” of users have no problem with these keyboards, but they acknowledge that some users do and say they take it very seriously.
The change to the mechanism is intended to address both problems people are seeing with frequently-used keys: getting stuck, and generating two characters with a single keypress. These updated keyboards look identical — there’s no change to the layout or to the amount of key travel. And according to Apple, the updated keyboards should feel the same when typing — although Apple acknowledged that keyboard feel is highly subjective, and some of us, like the princess and the pea, can detect minor differences and form strong opinions about those differences.
Second, all MacBooks with butterfly keyboards, including the new MacBook Pros released today, are now covered by Apple’s keyboard service program. If a key gets stuck or stops working or starts duplicating characters, you can get it repaired free of charge. No need to guess whether a brand-new model will be added to the program later — if it has a butterfly keyboard, it’s in the program. Also, for existing models with the third-generation keyboard — last year’s new MacBook Pros and the new MacBook Air — if they require a keyboard replacement, they’ll get the new tweaked keyboard with the purportedly more durable mechanism.2
Third, Apple stated that repair times for keyboard service have been greatly improved. How much improved, they wouldn’t say, but they realize it’s a great inconvenience to be without your MacBook for any time at all. Keyboard replacements are now performed in-store, so a process that used to take 4-5 days (or more) might now take just a day or two.
This is all good news. Sure, what many of us would like to see is a truly new keyboard design — something that re-establishes the MacBook lineup as having the best keyboard in the industry. Personally, I’d like to see them add more travel to the keys, go back to the upside-down T arrow key layout, and include a hardware Esc key on Touch Bar models (in that order).3 Apple is always working on new keyboards, of course. It’s just a question of when they’ll ship. Major keyboard redesigns coincide with major redesigns of the entire form factor, and those projects are on years-long time frames.
But of course the biggest issue with these keyboards is reliability. Will this updated mechanism fix or at least greatly reduce the number of reliability problems? Only time will tell, but I’m cautiously optimistic. Apple didn’t have to say anything at all about this mechanical tweak. I mean, if they hadn’t said anything at all about the keyboards, we’d all be asking about it, but Apple often ignores questions it doesn’t want to answer. The folks I spoke to today seem confident these updated keyboards will prove significantly more reliable.
You can also see why Apple decided to announce these updates today, not on stage at WWDC in two weeks. First, they are just speed bumps. Second, there’s simply no way they want to talk about keyboard reliability on stage. As I observed above, they didn’t even mention the word “keyboard” in their Newsroom announcement. Best to get this out of the way ahead of WWDC.
So on the keyboard front, these new models can’t be worse and are likely better. That’s good. The best that we could hope for while waiting for a true next-generation keyboard design — which for all we know might be a year or more out — is a mid-generation tweak. At the very least, talking about this material tweak and including all butterfly keyboard models in the service program is an acknowledgement that last year’s keyboards were not good enough. That was the worst case scenario — that Apple didn’t see a problem.
But what pleases me more is that Apple is updating Mac hardware on an aggressive schedule. I wrote “just speed bumps” a few paragraphs ago, but speed bumps are important in the pro market. Apple shipped new MacBook Pros last July, added new high-end graphics card options to those models in October, and now has updated the whole lineup with new CPUs. They also just updated the non-Pro iMac lineup in March. This seems like an odd thing to praise the company for — updating hardware with speed bumps is something a computer maker should just do, right? The lack of speed bumps in recent years naturally led some to conclude that Apple, institutionally, was losing interest in the Mac.
Last year, a source at Apple admitted to me that they had “taken their eye off the ball on Mac”. Regular speed bumps are a very strong sign that their eye is back on the ball, especially in the pro market, where artists, video pros, developers, and scientists really can use every CPU and GPU cycle they can get.
One Mac Apple hasn’t spoken about in a while — over a year in fact — is the upcoming new Mac Pro. In 2013, Apple previewed the current Mac Pro at WWDC (“Can’t innovate anymore, my ass”), even though it didn’t go on sale until later in the year. I expect Apple to do something similar this year, and I know a lot of other people do too.
In broad strokes, the new Mac Pro is in one of three states:
Apple is good at setting expectations in the lead-up to keynotes. Most people waiting for the new Mac Pro think it’s in state #1 or #2, and thus, we’ll get some sort of look at it at WWDC. If it’s #3, though, and it’s still not yet ready even to be previewed, I strongly suspect Apple would get word out in advance so that no one leaves the keynote thinking about something that wasn’t announced instead of all the various things that were announced. That’s Apple’s expectation-setting playbook.
One way to get word out would have been to say something today, on background, along the lines of, “We’re announcing these updated MacBook Pro models today because our WWDC keynote is going to be all about software, not hardware.”
They didn’t say that. Maybe a “no hardware at WWDC” leak is still coming. We still have almost two full weeks until WWDC, and perhaps Apple didn’t want to mix good news on the MacBook Pro front with disappointing news on the Mac Pro front. But they didn’t say anything today. ★
What’s the deal with the no-Touch-Bar 13-inch MacBook Pro? It hasn’t been updated in well over a year, and occupies a very similar position to the new MacBook Air in the current lineup. For the base 128 GB models, the MacBook Air costs $1,200 and includes Touch ID, while the MacBook Pro costs $1,300, is a little faster, but lacks Touch ID. That’s the most confusing buying decision in the MacBook lineup today. My guess is that Apple has plans to update the 13-inch no-Touch Bar MacBook Pro, and when they do, it’ll be more clearly differentiated from the MacBook Air by performance. Pay a little more, carry a little more weight in your backpack, but get noticeably faster performance. But until it gets updated, this old model holds the spot in the lineup. ↩︎
MacBooks with the first- and second-generation keyboard will not get the new keyboard, because it just doesn’t work that way. Apple can’t replace one generation of keyboard with another — they’re not swappable like that. And that’s why they’re calling today’s tweaked keyboard an update to the third-generation keyboard, not a new generation. ↩︎︎
Reliability is objective — your keyboard either works properly or it doesn’t. That’s the essential problem Apple must fix. But on the subjective front, the things I dislike about these keyboards — low-travel keys, the full-size left and right arrow keys, and the lack of a hardware Esc key — all share one thing in common. These things all make the keyboards look better but work worse. That, of course, is in direct contradiction to the well-known Steve Jobs axiom: “It’s not just what it looks like and feels like. Design is how it works.”
Again, these factors are all subjective. In particular, I know some people truly prefer the feel of these low-travel keys. But I don’t know of anyone who prefers the full-size left and right arrow keys in place of the old upside-down T, and while most Mac users never even use their Esc keys, among those who do, particularly developers, I honestly don’t know if there’s a single one of them on the planet who doesn’t miss the hardware Esc key on the Touch Bar-equipped keyboards. A small minority of Mac users use their Esc keys all the time, and for them, having it as a soft key on the Touch Bar is downright terrible.
I admit the full-size left and right arrow keys look better — the gaps in the old upside-down T layout are a little ungainly. And a lone hardware Esc key up in the corner next to the Touch Bar might look a little lonely. But if design is still how it works, Apple should bring these back in its next-generation keyboards. ↩︎︎
If we want to cover all our bases, there’s a fourth possible state for the new Mac Pro: scrapped. Off to a grave next to AirPower in the “Announced but Never Shipped” cemetery. I know some people are worried about that — ”How could it take Apple so long just to make a goddamn modular tower?“ — but if that were the case, I think Apple would have broken the bad news today. ↩︎︎
First things first: earlier this week WhatsApp announced that they had closed a remote code execution vulnerability, affecting all platforms, that attackers could exploit simply by calling a user’s WhatsApp account — whether the call was answered or not. (A buffer overflow, no surprise.) They revealed to The Financial Times that this vulnerability had been exploited, targeting an unknown but presumably small number of users, by software from NSO Group, an Israeli company that sells expensive, exclusive, world-class hacking tools to governments (or at least NSO claims only to sell their software to legitimate governments). The FT story is locked behind their paywall (which makes me wonder why WhatsApp went to them with the story), but TechCrunch has a good summary.
Long story short, this was a bad bug that was apparently exploited in the wild. A reasonable point to be taken from this story is that end-to-end encryption is not a panacea. If an attacker manages to install malware on your device, whether via remote exploit or physical access to the device, it’s game over, because they’re now inside one of the ends.
It’s like if you have a secure communication line between two rooms, but an attacker gains entry into one of the rooms. The problem is not with the communication line.
“End-to-end encryption is not a panacea” was not the lesson taken by Bloomberg columnist Leonid Bershidsky. His take currently runs under the headline “End-to-End Encryption Isn’t as Safe as You Think”. When I first saw the story two days ago, though, the headline was “WhatsApp’s End-to-End Encryption Is a Gimmick”.
I point this out from time to time, but the way most websites’ CMSes work is that an article’s URL slug — like the “juiced_headline_of_the_week” segment in this very post’s URL — are derived from the article’s original headline. But when a headline changes, the URL shouldn’t change unless you have a way to redirect traffic going to the old URL to the new one. Most websites don’t do that. So when they change a headline, you can still tell what the original headline was by looking at the URL slug. For some reason, with a lot of news websites, they don’t bother updating the headline in the HTML
<title>element either, so you can read the original headline in your browser tab.
The URL slug from Bershidsky’s column: “whatsapp-hack-shows-end-to-end-encryption-is-pointless”.
<title> tag: “WhatsApp Hack Shows End-to-End Encryption Has a Vulnerability”.
These various evolutions on the headline range from bad (“End-to-End Encryption Isn’t as Safe as You Think”) to criminally bad (“WhatsApp Hack Shows End-to-End Encryption Has a Vulnerability / Is Pointless / Is a Gimmick”).
Bloomberg, of all publications, should be on its tip-toes to make sure it gets anything related to cybersecurity exactly right — every i dotted, every t crossed. Their reputation is in tatters in the wake of last year’s “The Big Hack” debacle — a story which they still haven’t retracted (or shown to be true with any actual evidence).1
Instead, they’re publishing this nonsense from Bershidsky:
The tug of war between tech firms touting end-to-end encryption as a way to avoid government snooping and state agencies protesting its use is a smokescreen. Government and private hackers are working feverishly on new methods to deploy malware with operating system-wide privileges.
It’s no smokescreen. Bershidsky’s profound mistake is his apparent belief that security is binary — totally secure or totally insecure. And so in his mind, this week’s WhatsApp exploit means WhatsApp is insecure, and since other such exploitable bugs almost surely exist in other apps and in OSes, no messaging system is secure.
Security is not binary, though — which is obvious if you give it even a moment’s thought. A locked door is more secure than an unlocked one. A door with two locks is more secure than one with a single lock. A locked door with a locked gate in front of it is more secure than one without a gate.
Security exists on a continuum. The definition of continuum is instructive: “a continuous sequence in which adjacent elements are not perceptibly different from each other, although the extremes are quite distinct”. It’s not secure or insecure; it’s more secure or less secure. Just like faster vs. slower or heavier vs. lighter. There are first grade primers that cover these concepts.
In the same way a door is more secure locked than unlocked, messaging of any sort is more secure encrypted than unencrypted. End-to-end encrypted messaging is more secure than encryption that is not end-to-end — it truly is an essential distinction.2 Just because the government or a criminal might be able to exploit software on your device even if the communications were E2E encrypted doesn’t make E2E encryption a “smokescreen”. Especially in the case of law enforcement — it is orders of magnitude easier to issue a subpoena to, say, your email provider than it is to attack your devices with malware to obtain the information they seek.
This week’s WhatsApp exploit was the work of some of the most talented hackers in the world. Calling them geniuses is no hyperbole. Finding vulnerabilities that allow remote code execution is (usually) extremely difficult. Actually writing the code to take advantage of them — turning a theoretical vulnerability into a working and deployable exploit — requires some of the best programming talent in the world. And on the other side, the security teams at goliath companies3 like Microsoft, Amazon, Apple, Google, and Facebook employ equally talented programmers trying to close all possible vulnerabilities.4 It’s a cat-and-mouse game at the very highest level of programming and mathematical talent.
Obtaining a subpoena requires nothing of the sort — simply the regular mechanics of law enforcement, judicial oversight, and compliance with the law. Snooping on unencrypted network traffic is similarly trivial. Obtaining email via subpoena requires you to be able to make a free throw; doing what this week’s WhatsApp exploit seemingly accomplished requires you to be Steph Curry and hit 9 three-pointers in a single game against a playoff-caliber NBA defense.
Here’s Bershidsky’s closing:
The hard truth for activists and journalists in need of secure messaging is that the more tech-savvy they are, the safer they can make their digital communications. One can, for example, encrypt messages on a non-networked device before sending them out through one’s phone. But even that wouldn’t guarantee complete security since responses could be screen-captured.
Truly secure communication is really only possible in the analog world — and then all the old-school spycraft applies.
In other words, digital communication can never be completely secure, only analog can, except when that’s compromised by “old-school spycraft”. Complete guaranteed security with well-known exceptions. It boggles the mind that this was written and edited by sentient humans, and that they’ve spent two days slowly decreasing the asininity of the headline instead of just doing what obviously ought to be done and retracting the whole piece. ★
Since “The Big Hack” was published in early October last year, Robertson’s byline has appeared at Bloomberg zero times, and Riley’s only once, which might lead one to believe that despite Bloomberg’s public defense of the piece, internally they suspect something is amiss with the duo’s work. But Bloomberg not only still stands by the story, according to Washington Post media critic Erik Wemple, Bloomberg had the chutzpah to submit “The Big Hack” to the 2019 National Magazine Awards. ↩︎
I think the whole point of Bershidsky’s tirade is not that encryption of any kind is pointless (but some clearly took it that way), but rather that he thinks companies are emphasizing end-to-end encryption in particular as a sort of snake oil, a fool-proof impregnable security solution. It’s hard to make sense from nonsense. Anyway, the distinction between E2E and non-E2E encryption is worth a footnote.
With E2E encryption, a message is encrypted on the sender’s device and is not decrypted until it reaches the recipient’s device. WhatsApp, Signal, and iMessage work this way. With non-E2E encryption, the message is encrypted on the sender’s device, decrypted by a server in the middle, then re-encrypted on the server and sent to the recipient. So with non-E2E encryption, an attacker still can’t get the unencrypted message by simply snooping on the network traffic, but they can get it by attacking — or in the case of law enforcement, simply issuing a subpoena to — the service provider. Email and Twitter DMs work this way — your email provider stores the plain text of all your email, and Twitter stores the plain text of your DMs — even though your devices communicate to your email provider (almost certainly) and Twitter (definitely) over encrypted connections. Removing that middleman as a target of attack or subpoena is what makes E2E encryption important.
But it’s also the reason why you can read email and Twitter DMs on the web, and can’t read your WhatsApp/Signal/iMessage messages on the web. E2E necessitates a trade-off in convenience for additional security. And it’s undeniably convenient to be able to access email and Twitter via the web — essential, even, for millions of users. Trade-offs are always difficult. ↩︎︎
Listed here by order of market capitalization today. ↩︎︎
No slight intended to upstart Signal, which also has world-class talent (and serious funding — from the co-founder of WhatsApp) securing it against exploits. ↩︎︎