About / Blog

Suggested Reading
Air Lookout 1.4: All The Complications, Hello freelance!, My Favorite Podcasts, Kawasaki KLR 650 Rebuild Compilation

Wednesday, July 10th 2019

The UX of Zoom’s Local Web Server Security Hole #

The Verge:

Video conferencing provider Zoom has pushed out an emergency patch to address the zero-day vulnerability for Mac users that could potentially expose a live webcam feed to an attacker, launching you into a Zoom video chat you’d never intended to launch. The move is a surprise reversal of Zoom’s previous stance, in which the company treated the vulnerability as “low risk” and defended its use of a local web server that incidentally exposed Zoom users to potential attacks.

...

Zoom says it used the local web server to make its service faster and easier to use — in other words, saving you a few mouse clicks. But the server also creates the rare but present possibility that a malicious website could activate your webcam by using an iframe, getting around Safari’s built-in protections.

Zoom:

Second, when Zoom is installed on a Mac device by the user, a limited-functionality web server that can only respond to requests from the local machine is also installed on the device to help launch Zoom meetings. This is a workaround to a change introduced in Safari 12 that requires a user to confirm that they want to start the Zoom client prior to joining every meeting. The local web server enables users to avoid this extra click before joining every meeting. We feel that this is a legitimate solution to a poor user experience problem, enabling our users to have faster, one-click-to-join meetings. We are not alone among video conferencing providers in implementing this solution.

Jason Snell:

My hope is that someone at Zoom got a call from someone at Apple today, indicating that the click-to-confirm Safari feature is intended to be used and that bypassing it is not cool.

Dieter Bohn:

Part of Zoom's response below. Basically: an update to Safari (probably for security?) added an extra click to joining a meeting. So Zoom added a whole damn, undisclosed, running webserver to your computer to Save You A Click. And it isn't sorry.

Really.

It's weird to me that Zoom is using UX as a scapegoat for a “feature” that turned into a large security vulnerability. Especially when Apple has been pretty clear about how the UX for this interaction should work through Safari's click-to-confirm.

I would further argue that good UX includes clarification of intent and system status especially when it even remotely concerns anything with video or audio functionality.

Update

Macrumors:

Apple has now taken things one step further and pushed out a silent macOS update that removes the web server, reports TechCrunch. The update is deployed automatically, so users don't have to manually apply it in order for it to take effect.

Zoom told TechCrunch it was "happy to have worked with Apple on testing this update" …

I bet.

Tuesday, July 9th 2019

Firefox Accessibility Tools Gain Contrast Checker #

Asa Dotzler (via Zach Wood):

Today we released Firefox 68 with a color contrast audit feature in the dev tools. Before, you could inspect individual elements for color contrast. Firefox now offers a full page color contrast audit that identifies all elements on a page that fail color contrast checks. #a11y

With the addition of the color contrast audit feature in Firefox's dev tools, this will speed up accessibility audits of implemented designs. I'm excited to see more and more tools being updated to improve the process when designing and developing for accessibility. I'd love to see improved plugins or feature support for this stuff in Sketch/Figma/Photoshop.

Also: Tools For Accessibility, The WebAIM Million

Monday, July 1st 2019

Justin Searls: Cramming a gaming GPU into your MacBook Pro #

eGPU setup

So, it's thanks to the trash can Mac Pro that in 2019, it can truthfully be said: instead of putting a beefy graphics card inside your computer, you are now able to take a top-of-the-line gaming GPU, seat it inside an external box, plug that box into your computer, and—using a single high-bandwidth cable—push the necessary instructions to render 4K games at 60 frames per second on the card before (over the very same cable!) pushing those frames back to your notebook's built-in monitor without introducing any perceptible latency. I've seen daily evidence of this for the last month and I gotta say: it's pretty freakin' cool.

With more and more design apps slowly taking advantage of GPUs, this is something I would seriously consider if my 2015 iMac had TB3 ports.

Monday, June 24th 2019

David Smith: The Popularity of the 4.7″ iPhone #

When I look at the iPhone distribution for Pedometer++ the four most popular devices are all that size. Together they account for nearly 50% of all devices I see in use.

Also worth noting, iOS 13 drops support for the iPhone 5S, 6 and 6+. These iPhones currently account for 17% of my userbase.

Tuesday, June 18th 2019

Mac Pro Design #

2019 Mac Pro

On the Mac Pro, the G4 Cube and Their Shared Vent Design (512pixels):

As I have a G4 Cube in my collection, I decided to do have a closer look. I pulled the core out of mine and removed the video card to take a closer look at this area from the back:

Cube Vent Detail

I really like how the Mac Pro looks. The combination of stainless and brushed steel looks great. The machining is very impressive. I hope this design language will trickle down to other products in their lineup.

It's interesting to also compare the industrial design between the lauded (plastic) G4 Cube and the (stainless steel) Mac Pro. Apple has come a long way.

older home newer