Tokyo Olympics Apple Maps: Death by Point of Interest by Joel Breckinridge Bassett:

Apple tells Engadget Japan reporter Masaichi Honda that Apple Maps Japan will be ready for the Tokyo Olympics in the summer of 2020. Apple Maps will have robust indoor maps for tall buildings and underground station malls in Tokyo, and Real-time transit for better transit route searching and transit updates. That is exactly one year from now, far into the iOS 13 life cycle. Honda san also reports that Apple is not ready to show Japanese reporters a demo yet, not an encouraging sign.
In addition to the Apple Maps image collection vans combing Japan right now, WWDC19 unveiled the Indoor Maps Program for registered developers and building owners to map indoor areas and encode the data using (Apple’s ?) Indoor Mapping Data Format (IMDF). Once the data is encoded in IMDF, surveyed and validated, developers and building owners can use the data in their apps and designate indoor areas to share on Apple Maps.
That’s great for building owners to indoor map their own building. What about shared public places like Shinjuku Station which is spread out and shared by 8 different owners? There is also the localization problem. It’s one thing to indoor map for Japanese users, but who’s going to localize all those Point of Interest (POI) icons and information sheets in English, Chinese, Spanish, etc. That costs serious time and money.
Let’s take a comparison look at indoor maps of the primary entrance gate for inbound visitors coming to the Tokyo Olympics next year: Tokyo Station, and compare Yahoo Japan Maps, Apple Maps and Google Maps.
Yahoo Japan Maps
Yahoo Japan Maps only offers Japanese language but it has best cartography and attention to small details that matter, like yellow station exit signage colors that match what you find on the ground. Apple and Google don’t.
Yahoo Japan Maps Tokyo Station indoor mappingGet Link to VideoSharePlay Video Yahoo Japan Maps Tokyo Station Indoor mapping
Apple Maps Japan
Apple Maps does not offer indoor station mapping in Japan. It does offer multilingual support but judging from the English Point of Interest information, it’s not robust. As usual Apple Maps Japan overwhelms users with Point of Interest icons. It’s map death by Point of Interest. There’s a lot of fixing Apple needs to do if they want to present a good map product in time for the Olympics.
Apple Maps Tokyo Station (no indoor mapping)Get Link to VideoSharePlay Video Apple Maps Japan Tokyo Station (as yet no indoor station mapping)
Google Maps Japan
Google Maps offers indoor mapping for Tokyo Station in multiple languages. For all the detail Google offers here, it’s much less helpful than Yahoo Japan Maps. For high density areas like Tokyo, good cartography and smart editing makes all the difference between a good map and lousy one.
Google Maps Tokyo Station indoor mappingGet Link to VideoSharePlay Video Google Maps Japan Tokyo Station

A solid breakdown by Joel yet again. He harps on the same topics around this. I hope someday someone from Apple Japan will listen.

There is an Western fellow in the pub. He moved seats (without asking), moved furniture (blocking the narrow walkway), and has his shoe-clad feet propped up on another seat – all so he can monopolize the one power outlet in the place.

Oh, and he left trash where he was sitting before.

I thought he was an American. I felt some misplaced responsibility for correcting him. How to do so? I was formulating a narrative where neither the pub nor the dude would get embarrassed.

And then the dude opened his mouth. He’s European. And thus, I am not his keeper.

Emacs! In the New York Times!:

Paul Ford, co-founder and chief executive of Postlight, has a delightful paean to open source in The New York Times Magazine. In the article, Letter of Recommendation: Bug Fixes, Fords talks about the joys of open source and the pleasures of browsing through a program’s history with a version control system like Git. He says he likes to read commits like a newspaper. It tells him what he can do today that he couldn’t do yesterday. One of the main examples he gives of an important open source project is Emacs.

He talks about Emacs going back 40 years and how much one can learn by examining how the code evolved. Over 600 people made almost 140,000 commits to make Emacs what it is today. It is, he says, the Ship of Theseus in code form. Ford remarks, “I read the change logs, and I think: Humans can do things.

None of this is news to Irreal readers, of course, but it is significant that it’s appearing in a general purpose publication like the New York Times. Most often, what we do appears to be mysterious and arcane to the general public. Ford does a good job of capturing the flavor of some of it.

(Via Irreal)

Sweet! It’s a bit Utopia-ish, but I like the shout out for Emacs (naturally).

Stack:

Gotta feel kind of bad for nation-state hackers who spend years implanting and cultivating some hardware exploit, only to discover the entire target database is already exposed to anyone with a web browser.

(Via xkcd)

‘bout right.

From the Mozilla Bugzilla entry:

This patch adds the platform agnostic media selector and changes the way our themes behave as follows: If the default Firefox theme is selected, Firefox will match the system appearance (current default theme in light mode, dark theme in dark mode). Note that about:addons will continue to show “default” as the selected theme, even when it is technically using the dark theme under the hood to match the system’s dark mode. If any Firefox theme other than “default” is selected in about:addons, Firefox will not change themes when the system appearance changes.

This is missed in the release notes. I think this is true for macOS and Windows. I am not sure about other platforms.

Granted, this is not the most egregious lapse CPB and it’s ecosystem have wrought. But it might be the one that gets traction.

US Customs Contractor Hack Breaches Traveller Images:

US Customs Contractor Hack Breaches Traveller Images

US Customs and Border Protection (CBP) has admitted a data breach at a sub-contractor has compromised images of individuals and vehicles entering and leaving the country.

The controversial agency first learned of the “malicious cyber-attack” on May 31.

And we know this was a “malicious cyber-attack” exactly how? 

“CBP learned that a subcontractor, in violation of CBP policies and without CBP’s authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network,” it said in a statement.

“Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract.”

“Security by contract” isn’t a thing. And the data was breached … how?

 

(Via Infosecurity) also here here here here here here and many other places I’m sure.

CBP and the Transportation Security Administration (TSA) both fall under the Department of Homeland Security (DHS). Their collective track record on privacy, cybersecurity, and basic physical security leaves much to be desired.

Which leaves me scratching my head about why Delta asks their customers to risk their unchangeable data in a breach for convenience. And, to be clear, the convenience of the boarding gate scanners at some US airports is not for the passengers – it’s for Delta.

I always opt out. Not a U.S. citizen? Or you are but maybe your name (or one like yours) is on a watchlist? I have nothing for you, I’m afraid.

Back to the breach! Thank goodness the CPB is now on the case. Per the Atlantic,

CBP claims they’ve already conducted a search, but haven’t found any of the stolen images on the dark web, where hackers sometimes trade post stolen information for sale. In its statement to The Atlantic, CBP said it’s working with law enforcement to continue the search and survey the full extent of the damage. It hasn’t yet commented on the scope of the breach or offered specifics on the data that was stolen. Perceptics did not immediately respond to a request for comment.

And how do we know what third party vendor left this data vulnerable? The CPB told us by way of the Washington Post:

CBP would not say which subcontractor was involved. But a Microsoft Word document of CBP’s public statement, sent Monday to Washington Post reporters, included the name “Perceptics” in the title: “CBP Perceptics Public Statement.”

Perceptics representatives did not immediately respond to requests for comment.

CBP spokeswoman Jackie Wren said she was “unable to confirm” if Perceptics was the source of the breach.

This whole thing – from prevention to protection to monitoring to response to recovery – was manageable. Yet another takeaway is that CPB has no Incident Response Plan (IRP) at its most basic level. How do we know? They would not have sent the press a Word document titled with the name of the vendor that is the source of the leak.

It also throws into question the whole idea of a “malicious cyber-attack”. It seems more likely Perceptics, the alleged source of the data leak, failed to safeguard the data their contract said they shouldn’t have access to yet somehow acquired from CPB without their knowledge.

Hanlon’s Razor says to never attribute to malice that which is adequately explained by stupidity. Maybe the corollary in this case is never attribute to “malicious cyber-attack” that which is adequately explained by opportunism met by trivial, if any, security? I merely speculate … 

Why do I feel a bunch of SSSS branded boarding passes in my future?

Apple Pay Suica Service Mode by Joel Breckinridge Bassett:

Apple Pay Suica Service Mode is a weird function that doesn’t have a counterpart on the Android Suica side. The JR East Apple Pay Suica help page mentions this. The iPhone Service Mode explanation says, “Service Mode will allow station agents and kiosks to help with any issues with your card.” The street reality is that station agents don’t need you to put the device in Service Mode, just fork it over and they can fix any Suica issue for you.
This difference exists because Osaifu Keitai smartphones (and the candy wrapper Google Pay Suica) have a dedicated FeliCa chip. Apple created it’s own custom FeliCa implementation hosted on the iPhone A Series and Apple Watch S Series SOC. But the Apple implementation did not really mature until A12 Bionic and the Express Card (Student ID)/Express Transit cards with power reserve feature. The A12 Bionic Secure Enclave supports limited NFC transactions that bypass iOS. It’s the same way a dedicated FeliCa chip works on Android.
This means that Apple Pay Suica on non-A12 devices requires iOS/watchOS to be up and running for Suica to work. Unfortunately this also means that different iOS versions sometimes have performance issues on non-A12 devices and that iOS occasionally drops the ball. Fortunately iOS 12.3 fixes all issues and has great Apple Pay Suica Express Transit performance. iOS 12.3 is a highly recommended update.
The Dead Suica Notifications/No Suica Balance Update problem happened occasionally and the way to fix it is to turn on Service Mode and leave it until it turns off automatically in 60 seconds or the screen goes dark, whichever comes first.
In this case Service Mode syncs and reconciles iOS with the Suica Stored Fare (SF) balance information from the FeliCa embedded Secure Element implemented inside the A Series/S Series Secure Enclave.
Service Mode seems pretty useless on A12 Bionic devices. I imagine it’s there more for show than actual functionality, although Service Mode is useful for cash recharge on 7-Eleven ATM machines where you have to put the device upside down to capture the ATM NFC antenna hit area.

It’s been odd the last few times I’ve needed assistance that I didn’t need to put my watch or iPhone in service mode. Which is good, because I can never remember how to do it.

The service mode tip could have fixed my last snafu, and I had no idea about 7-11 ATMs!

Joel, keep up the great work!

From bash to zsh on macOS:

In anticipation of macOS 10.15 Catalina, I have changed my shell from bash to zsh. macOS 10.15 will use zsh as the new default, and I was pretty sure that things will break immediately unless I prepare – so I did prepare, and I found the transition very simple.

(Via Worklog of Christian Tietze)

No. Just wrong.

It is correct that the default shell for new accounts in the next major macOS release is zsh. However, it does not mean current users need to switch. Apple is not forcing existing users to zsh. Unless you’re installing from scratch and are not planning to use MacPorts or Homebrew to install the latest bash for your shell (the built-in bash is dangerously out of date and insecure), then …

This

Does

Not

Impact

You

Please don’t confuse the issue for others.

Switch if you want to switch. Follow your joy. I’m not going to tell you otherwise, though it is not a path I expect to walk in the near term. zsh is fine. I played with it several times. There is no compelling reason for me to switch.

Here endeth the rant.

As expected, more good information from ATADistance:

JR East Suica System Downtime Notice by Joel Breckinridge Bassett:

Mobile Suica maintenance is a regular nightly occurrence from 1am~4am with longer once a month sessions. The July 6~7 and July 20~21 Suica system maintenance work is very unusual for both the time, 9pm~5am on each night, and the reach: both Mobile Suica and JR East station Suica ticket machine services are going offline.
During the offline period you can still use plastic Suica and Apple Pay Suica for transit and purchases as usual, but Apple Pay Suica Recharge will be limited to cash only from 1am~4am. Remember that you can always cash recharge Apple Pay Suica at any convenience store cash register or 7-Eleven ATM machine.
All other operations such as adding Suica to Wallet and all Suica App functions, and corresponding services at JR East station Suica ticket machines, will be offline for the entire maintenance window.
This is heavy system work that JR East is doing in preparation for the new eTicketing system due next April. JR East already had one system meltdown last month. Let’s hope they don’t have another.

Be forewarned.

I’m using this odd weather day in Tokyo to do some maintenance on this site. I’m afraid I’m going to post some light weight stories and ephemera and whatnots while I work to improve things.