daring-rss

Brian Krebs:

In a written statement shared with KrebsOnSecurity, the FBI
confirmed that it asked AT&T to delay notifying affected
customers.

“Shortly after identifying a potential breach to customer data and
before making its materiality decision, AT&T contacted the FBI to
report the incident,” the FBI statement reads. “In assessing the
nature of the breach, all parties discussed a potential delay to
public reporting under Item 1.05(c) of the SEC Rule, due to
potential risks to national security and/or public safety. AT&T,
FBI, and DOJ worked collaboratively through the first and second
delay process, all while sharing key threat intelligence to
bolster FBI investigative equities and to assist AT&T’s incident
response work.”

Techcrunch quoted an AT&T spokesperson saying the customer data
was stolen as a result of a still-unfolding data breach involving
more than 160 customers of the cloud data provider Snowflake.

Mark Burnett is an application security architect, consultant and
author. Burnett said the only real use for the data stolen in the
most recent AT&T breach is to know who is contacting whom and how
many times.

“The most concerning thing to me about this AT&T breach of ALL
customer call and text records is that this isn’t one of their
main databases; it is metadata on who is contacting who,” Burnett
wrote on Mastodon. “Which makes me wonder what would call logs
without timestamps or names have been used for.”

It remains unclear why so many major corporations persist in the
belief that it is somehow acceptable to store so much sensitive
customer data with so few security protections. For example,
Advance Auto Parts said the data exposed included full names,
Social Security numbers, drivers licenses and government issued ID
numbers on 2.3 million people who were former employees or job
applicants.

 ★ 

Brian Krebs:

In a written statement shared with KrebsOnSecurity, the FBI
confirmed that it asked AT&T to delay notifying affected
customers.

“Shortly after identifying a potential breach to customer data and
before making its materiality decision, AT&T contacted the FBI to
report the incident,” the FBI statement reads. “In assessing the
nature of the breach, all parties discussed a potential delay to
public reporting under Item 1.05(c) of the SEC Rule, due to
potential risks to national security and/or public safety. AT&T,
FBI, and DOJ worked collaboratively through the first and second
delay process, all while sharing key threat intelligence to
bolster FBI investigative equities and to assist AT&T’s incident
response work.”

Techcrunch quoted an AT&T spokesperson saying the customer data
was stolen as a result of a still-unfolding data breach involving
more than 160 customers of the cloud data provider Snowflake.

Mark Burnett is an application security architect, consultant and
author. Burnett said the only real use for the data stolen in the
most recent AT&T breach is to know who is contacting whom and how
many times.

“The most concerning thing to me about this AT&T breach of ALL
customer call and text records is that this isn’t one of their
main databases; it is metadata on who is contacting who,” Burnett
wrote on Mastodon. “Which makes me wonder what would call logs
without timestamps or names have been used for.”

It remains unclear why so many major corporations persist in the
belief that it is somehow acceptable to store so much sensitive
customer data with so few security protections. For example,
Advance Auto Parts said the data exposed included full names,
Social Security numbers, drivers licenses and government issued ID
numbers on 2.3 million people who were former employees or job
applicants.

Read More 

Luca Casonato:

So, Google Chrome gives all *.google.com sites full access to
system / tab CPU usage, GPU usage, and memory usage. It also gives
access to detailed processor information, and provides a logging
backchannel.

This API is not exposed to other sites – only to *.google.com.

This is interesting because it is a clear violation of the idea
that browser vendors should not give preference to their websites
over anyone else’s.

The DMA codifies this idea into law: browser vendors, as
gatekeepers of the internet, must give the same capabilities to
everyone. Depending on how you interpret the DMA, this additional
exposure of information only to Google properties may be
considered a violation of the DMA. Take for example Zoom – they
are now at a disadvantage because they can not provide the same
CPU debugging feature as Google Meet.

I frequently bemoan the DMA’s ambiguity but here I’d say it’s crystal clear. Chrome is a designated gatekeeping platform, and granting system-monitoring privileges only to Google’s own websites is clearly in violation. Here’s a Hacker News comment from a purported Google employee who calls the feature “mundane” while admitting that Google Meet uses it as a tool to debug bad connections, even though no other web-based meeting app has access to it. I can think of no better example proving that Google views the open web as a platform that it owns.

But put the DMA aside. This is just creepy. It’s clearly a privacy violation. I don’t want Google to know what kind of CPU I have, how many cores, and how busy they are. And the makers of other Chromium-based browsers are so lazy that their browsers — Microsoft Edge and Brave at least — include this same “feature”. I don’t mean that Edge grants system-monitoring privileges to Microsoft’s websites. Edge grants these privileges to Google’s websites, and Google’s alone.

But speaking of the DMA, Chromium is, far and away, the most popular browser engine that the DMA compels Apple to allow on iOS. There are legitimate reasons to wish that Apple allowed third-party browser engines on iOS. But there are also legitimate reasons why Apple doesn’t allow them. Chrome really is bad. Better to let the market decide than let clueless regulator decide.

(Via Simon Willison.)

 ★ 

Luca Casonato:

So, Google Chrome gives all *.google.com sites full access to
system / tab CPU usage, GPU usage, and memory usage. It also gives
access to detailed processor information, and provides a logging
backchannel.

This API is not exposed to other sites – only to *.google.com.

This is interesting because it is a clear violation of the idea
that browser vendors should not give preference to their websites
over anyone else’s.

The DMA codifies this idea into law: browser vendors, as
gatekeepers of the internet, must give the same capabilities to
everyone. Depending on how you interpret the DMA, this additional
exposure of information only to Google properties may be
considered a violation of the DMA. Take for example Zoom – they
are now at a disadvantage because they can not provide the same
CPU debugging feature as Google Meet.

I frequently bemoan the DMA’s ambiguity but here I’d say it’s crystal clear. Chrome is a designated gatekeeping platform, and granting system-monitoring privileges only to Google’s own websites is clearly in violation. Here’s a Hacker News comment from a purported Google employee who calls the feature “mundane” while admitting that Google Meet uses it as a tool to debug bad connections, even though no other web-based meeting app has access to it. I can think of no better example proving that Google views the open web as a platform that it owns.

But put the DMA aside. This is just creepy. It’s clearly a privacy violation. I don’t want Google to know what kind of CPU I have, how many cores, and how busy they are. And the makers of other Chromium-based browsers are so lazy that their browsers — Microsoft Edge and Brave at least — include this same “feature”. I don’t mean that Edge grants system-monitoring privileges to Microsoft’s websites. Edge grants these privileges to Google’s websites, and Google’s alone.

But speaking of the DMA, Chromium is, far and away, the most popular browser engine that the DMA compels Apple to allow on iOS. There are legitimate reasons to wish that Apple allowed third-party browser engines on iOS. But there are also legitimate reasons why Apple doesn’t allow them. Chrome really is bad. Better to let the market decide than let clueless regulator decide.

(Via Simon Willison.)

Read More 

Matt Egan and Sean Lyngaas, reporting for CNN:

The call and text message records from mid-to-late 2022 of tens of
millions of AT&T cellphone customers and many non-AT&T customers
were exposed in a massive data breach, the telecom company
revealed Friday. AT&T said the compromised data includes the
telephone numbers of “nearly all” of its cellular customers and
the customers of wireless providers that use its network between
May 1, 2022 and October 31, 2022.

The stolen logs also contain a record of every number AT&T
customers called or texted — including customers of other
wireless networks — the number of times they interacted, and the
call duration.

Importantly, AT&T said the stolen data did not include the
contents of calls and text messages nor the time of those
communications.

Of course the breach didn’t contain the content of phone calls and text messages, because carriers don’t record phone calls and, thankfully, don’t log the contents of text messages. This isn’t an important distinction at all. This is a devastating breach.

 ★ 

Matt Egan and Sean Lyngaas, reporting for CNN:

The call and text message records from mid-to-late 2022 of tens of
millions of AT&T cellphone customers and many non-AT&T customers
were exposed in a massive data breach, the telecom company
revealed Friday. AT&T said the compromised data includes the
telephone numbers of “nearly all” of its cellular customers and
the customers of wireless providers that use its network between
May 1, 2022 and October 31, 2022.

The stolen logs also contain a record of every number AT&T
customers called or texted — including customers of other
wireless networks — the number of times they interacted, and the
call duration.

Importantly, AT&T said the stolen data did not include the
contents of calls and text messages nor the time of those
communications.

Of course the breach didn’t contain the content of phone calls and text messages, because carriers don’t record phone calls and, thankfully, don’t log the contents of text messages. This isn’t an important distinction at all. This is a devastating breach.

Read More 

I’ve seen a few people arguing that Samsung’s Galaxy Watch Ultra, though clearly inspired by Apple Watch Ultra, isn’t a rip-off, per se, because it’s not an exact clone. Ben Thompson even tried to argue such with me on Dithering this week.

Here, for example, is a literal clone of Apple Watch Ultra that I bought on Temu last year for $16. (I’m linking to the user manual because the watch itself is no longer available, but here’s a thumbnail photo from Temu.) But of course Samsung wasn’t going to go that far and literally clone Apple Watch Ultra. That’s absurd. What they did was rip off as much as they thought they could get away with.

What I neglected to point out, but have since updated the post to mention, is that whatever elements of the Galaxy Watch Ultra weren’t copied from Apple Watch Ultra were clearly ripped off from Hermès’s H08 watch:

That’s a handsome watch in and of itself, but it should be noted that Hermès is a longstanding partner of a smartwatch maker named — checks notes… — Apple.

 ★ 

I’ve seen a few people arguing that Samsung’s Galaxy Watch Ultra, though clearly inspired by Apple Watch Ultra, isn’t a rip-off, per se, because it’s not an exact clone. Ben Thompson even tried to argue such with me on Dithering this week.

Here, for example, is a literal clone of Apple Watch Ultra that I bought on Temu last year for $16. (I’m linking to the user manual because the watch itself is no longer available, but here’s a thumbnail photo from Temu.) But of course Samsung wasn’t going to go that far and literally clone Apple Watch Ultra. That’s absurd. What they did was rip off as much as they thought they could get away with.

What I neglected to point out, but have since updated the post to mention, is that whatever elements of the Galaxy Watch Ultra weren’t copied from Apple Watch Ultra were clearly ripped off from Hermès’s H08 watch:

That’s a handsome watch in and of itself, but it should be noted that Hermès is a longstanding partner of a smartwatch maker named — checks notes… — Apple.

Read More 

I guess the European Commission hasn’t taken off for their months-long summer vacation quite yet:

[T]he Commission has issued preliminary findings of non-compliance
on three grievances:

First, X designs and operates its interface for the “verified
accounts” with the “Blue checkmark” in a way that does not
correspond to industry practice and deceives users. Since
anyone can subscribe to obtain such a “verified” status, it
negatively affects users’ ability to make free and informed
decisions about the authenticity of the accounts and the content
they interact with. There is evidence of motivated malicious
actors abusing the “verified account” to deceive users.
Second, X does not comply with the required transparency on
advertising, as it does not provide a searchable and reliable
advertisement repository, but instead put in place design
features and access barriers that make the repository unfit for
its transparency purpose towards users. In particular, the
design does not allow for the required supervision and research
into emerging risks brought about by the distribution of
advertising online.
Third, X fails to provide access to its public data to
researchers in line with the conditions set out in the DSA. In
particular, X prohibits eligible researchers from independently
accessing its public data, such as by scraping, as stated in
its terms of service. In addition, X’s process to grant
eligible researchers access to its application programming
interface (API) appears to dissuade researchers from carrying
out their research projects or leave them with no other choice
than to pay disproportionally high fees.

I don’t really have an opinion on the second and third points, but the first one seems daft to me. Here’s how commissioner Thierry Breton is quoted in the EC’s press release:

“Back in the day, BlueChecks used to mean trustworthy sources of
information. Now with X, our preliminary view is that they deceive
users and infringe the DSA. We also consider that X’s ads
repository and conditions for data access by researchers are not
in line with the DSA transparency requirements. X has now the
right of defence — but if our view is confirmed we will impose
fines and require significant changes.”

Blue checkmarks were indeed used, “back in the day”, to indicate “verified” accounts. But upon purchasing Twitter, Elon Musk eliminated that program. They don’t advertise it as “Verified” any more; they just call it “Twitter Premium” and make it very clear that blue checkmarks indicate premium account status. That’s illegal under the DSA?

Anyway, here’s Elon Musk, replying to Breton’s announcement of this investigation:

How we know you’re real? 🧐

And:

We look forward to a very public battle in court, so that the
people of Europe can know the truth.

And, more intriguingly, replying to Margrethe Vestager:

The European Commission offered X an illegal secret deal: if we
quietly censored speech without telling anyone, they would not
fine us.

The other platforms accepted that deal.

X did not.

The weapon the EC wields is their ability to fine companies 10–20 percent of global revenue. Musk is in a unique position to tell them to fuck off. Twitter’s revenue peaked at $5 billion in 2021 — when the company was still publicly-held — and has surely declined since then. A $500 million fine is figuratively nothing to Musk. He’d gladly pay that just for the attention a public fight over this will bring to him personally and X as a platform.

 ★ 

I guess the European Commission hasn’t taken off for their months-long summer vacation quite yet:

[T]he Commission has issued preliminary findings of non-compliance
on three grievances:

First, X designs and operates its interface for the “verified
accounts” with the “Blue checkmark” in a way that does not
correspond to industry practice and deceives users. Since
anyone can subscribe to obtain such a “verified” status, it
negatively affects users’ ability to make free and informed
decisions about the authenticity of the accounts and the content
they interact with. There is evidence of motivated malicious
actors abusing the “verified account” to deceive users.

Second, X does not comply with the required transparency on
advertising, as it does not provide a searchable and reliable
advertisement repository, but instead put in place design
features and access barriers that make the repository unfit for
its transparency purpose towards users. In particular, the
design does not allow for the required supervision and research
into emerging risks brought about by the distribution of
advertising online.

Third, X fails to provide access to its public data to
researchers in line with the conditions set out in the DSA. In
particular, X prohibits eligible researchers from independently
accessing its public data, such as by scraping, as stated in
its terms of service. In addition, X’s process to grant
eligible researchers access to its application programming
interface (API) appears to dissuade researchers from carrying
out their research projects or leave them with no other choice
than to pay disproportionally high fees.

I don’t really have an opinion on the second and third points, but the first one seems daft to me. Here’s how commissioner Thierry Breton is quoted in the EC’s press release:

“Back in the day, BlueChecks used to mean trustworthy sources of
information. Now with X, our preliminary view is that they deceive
users and infringe the DSA. We also consider that X’s ads
repository and conditions for data access by researchers are not
in line with the DSA transparency requirements. X has now the
right of defence — but if our view is confirmed we will impose
fines and require significant changes.”

Blue checkmarks were indeed used, “back in the day”, to indicate “verified” accounts. But upon purchasing Twitter, Elon Musk eliminated that program. They don’t advertise it as “Verified” any more; they just call it “Twitter Premium” and make it very clear that blue checkmarks indicate premium account status. That’s illegal under the DSA?

Anyway, here’s Elon Musk, replying to Breton’s announcement of this investigation:

How we know you’re real? 🧐

And:

We look forward to a very public battle in court, so that the
people of Europe can know the truth.

And, more intriguingly, replying to Margrethe Vestager:

The European Commission offered X an illegal secret deal: if we
quietly censored speech without telling anyone, they would not
fine us.

The other platforms accepted that deal.

X did not.

The weapon the EC wields is their ability to fine companies 10–20 percent of global revenue. Musk is in a unique position to tell them to fuck off. Twitter’s revenue peaked at $5 billion in 2021 — when the company was still publicly-held — and has surely declined since then. A $500 million fine is figuratively nothing to Musk. He’d gladly pay that just for the attention a public fight over this will bring to him personally and X as a platform.

Read More 

Camilla Hodgson and George Hammond, reporting for The Financial Times:

Microsoft has given up its seat as an observer on the board of
OpenAI while Apple will not take up a similar position, amid
growing scrutiny by global regulators of Big Tech’s investments in
AI start-ups.

Microsoft, which has invested $13bn in the maker of the generative
AI chatbot ChatGPT, said in a letter to OpenAI that its withdrawal
from its board role would be “effective immediately”.

Apple had also been expected to take an observer role on
OpenAI’s board as part of a deal to integrate ChatGPT into the
iPhone maker’s devices, but would not do so, according to a person
with direct knowledge of the matter. Apple declined to comment.

OpenAI would instead host regular meetings with partners such as
Microsoft and Apple and investors Thrive Capital and Khosla
Ventures.

Apple’s board observer seat, set to be taken by Phil Schiller, was never officially announced. But after Mark Gurman broke the story at Bloomberg, it was confirmed by the Financial Times. So it really does seem like a fast reversal. Or as Emily Litella would say, “Never mind”. But I suspect these “regular meetings” will serve the same purpose, and I bet Schiller will be in those meetings representing Apple.

See also Reporting for Axios, Ina Fried has excerpts from Microsoft’s letter to OpenAI.

 ★ 

Camilla Hodgson and George Hammond, reporting for The Financial Times:

Microsoft has given up its seat as an observer on the board of
OpenAI while Apple will not take up a similar position, amid
growing scrutiny by global regulators of Big Tech’s investments in
AI start-ups.

Microsoft, which has invested $13bn in the maker of the generative
AI chatbot ChatGPT, said in a letter to OpenAI that its withdrawal
from its board role would be “effective immediately”.

Apple had also been expected to take an observer role on
OpenAI’s board as part of a deal to integrate ChatGPT into the
iPhone maker’s devices, but would not do so, according to a person
with direct knowledge of the matter. Apple declined to comment.

OpenAI would instead host regular meetings with partners such as
Microsoft and Apple and investors Thrive Capital and Khosla
Ventures.

Apple’s board observer seat, set to be taken by Phil Schiller, was never officially announced. But after Mark Gurman broke the story at Bloomberg, it was confirmed by the Financial Times. So it really does seem like a fast reversal. Or as Emily Litella would say, “Never mind”. But I suspect these “regular meetings” will serve the same purpose, and I bet Schiller will be in those meetings representing Apple.

See also Reporting for Axios, Ina Fried has excerpts from Microsoft’s letter to OpenAI.

Read More 

I’ve been a big fan of Pennsylvania governor Josh Shapiro since his term as our attorney general. He was absolutely fantastic in the aftermath of the 2020 election, when Trump attempted to steal Pennsylvania.

But as of this week he might be my favorite politician in the entire country. He accomplished what I had long ago given up hope of ever seeing: replacing PA’s fugly-as-sin license plates with a new design that’s among the best I’ve ever seen. Good typography, great colors, and a new slogan and icon that best represents Pennsylvania’s role as the birthplace of longest-standing democracy the world has ever seen: the Liberty Bell.

Bravo.

 ★ 

I’ve been a big fan of Pennsylvania governor Josh Shapiro since his term as our attorney general. He was absolutely fantastic in the aftermath of the 2020 election, when Trump attempted to steal Pennsylvania.

But as of this week he might be my favorite politician in the entire country. He accomplished what I had long ago given up hope of ever seeing: replacing PA’s fugly-as-sin license plates with a new design that’s among the best I’ve ever seen. Good typography, great colors, and a new slogan and icon that best represents Pennsylvania’s role as the birthplace of longest-standing democracy the world has ever seen: the Liberty Bell.

Bravo.

Read More 

Quinn Nelson on X:

Watch Ultra is the most shameless copy of an Apple product in
ages — and it’s hideous
Wait, it gets more shameless — Buds3 and Buds3 Pro are clones
of AirPods

It’s sad to see Samsung — who once was a leader in design and
innovation — start knocking off popular products like some
third-rate OEM. Do better.

I agree that the new Buds are AirPod rip-offs, and the new Galaxy Watch Ultra is such a blatant rip-off — the name, the orange accents, the comically slavish copy of Apple’s Ocean Band — that it defies parody. It’s an outright disgrace. Theft, pure and simple. (Victoria Song at The Verge calls it “not exactly hiding where it got its inspiration from” and “That’s not necessarily a bad thing!”; I doubt she’d consider it “inspiration” and “not necessarily a bad thing” if someone were to rip off her articles to the degree Samsung rips off Apple’s designs. There is no reason to defend this. Call it what it is: theft.)

I disagree that Samsung was ever “a leader in design”. I don’t recall a time when their strategy was anything other than just outright stealing the designs of whoever the current market leader is and undercutting them on price just enough to take the Pepsi position (happy to be in second place, happy to have no shame). Before they started ripping off the iPhone, they ripped off BlackBerry, and called their rip-off lineup of phones “BlackJack”. Really. These new blatant shameful rip-offs aren’t an aberration; they define exactly the sort of company Samsung is.

 ★ 

Quinn Nelson on X:

Watch Ultra is the most shameless copy of an Apple product in
ages — and it’s hideous
Wait, it gets more shameless — Buds3 and Buds3 Pro are clones
of AirPods

It’s sad to see Samsung — who once was a leader in design and
innovation — start knocking off popular products like some
third-rate OEM. Do better.

I agree that the new Buds are AirPod rip-offs, and the new Galaxy Watch Ultra is such a blatant rip-off — the name, the orange accents, the comically slavish copy of Apple’s Ocean Band — that it defies parody. It’s an outright disgrace. Theft, pure and simple. (Victoria Song at The Verge calls it “not exactly hiding where it got its inspiration from” and “That’s not necessarily a bad thing!”; I doubt she’d consider it “inspiration” and “not necessarily a bad thing” if someone were to rip off her articles to the degree Samsung rips off Apple’s designs. There is no reason to defend this. Call it what it is: theft.)

I disagree that Samsung was ever “a leader in design”. I don’t recall a time when their strategy was anything other than just outright stealing the designs of whoever the current market leader is and undercutting them on price just enough to take the Pepsi position (happy to be in second place, happy to have no shame). Before they started ripping off the iPhone, they ripped off BlackBerry, and called their rip-off lineup of phones “BlackJack”. Really. These new blatant shameful rip-offs aren’t an aberration; they define exactly the sort of company Samsung is.

Read More 

Nelson Aguilar and Blake Stimac, writing for CNet:

That’s right. There’s a hidden flight tracker built right into
iMessage that you probably would have never noticed unless you
threw in the right combination of details within a message. […]

Although the airline name/flight number format highlighted above
is the best way to go, there are other texting options that will
lead you to the same result. So let’s say we stick with American
Airlines 9707, other options that may bring up the flight tracker
include:

AmericanAirlines9707 (no spaces)
AmericanAirlines 9707 (only one space)
AA9707 (airline name is abbreviated and no space)
AA 9707 (abbreviated and space)

This is a cool feature, but don’t cancel your Flighty subscription. It’s maddeningly inconsistent. Even some of CNet’s own suggestions don’t work — neither AmericanAirlines1776 nor AmericanAirlines 1776 works, but American Airlines 9707 does.

The abbreviated names work for the major U.S. airlines — AA123 (American), DL123 (Delta), and UA123 (United) are all recognized. But neither B6123 nor JBU123 (JetBlue) work, nor F9123 or FFT123 (Frontier).

JetBlue 123, JetBlue Airways 123, and JetBlue Airlines 123 work (and even Jet Blue 123 works, with the erroneous space), but you need to include “Airlines” for most carriers. None of these work: American 123, Delta 123, United 123, Frontier 123. All of those do work if you include “Airlines” in the name.

CNet attributes this feature to iMessage, going so far as to claim that it doesn’t work for messages sent using SMS, but that’s wrong. It works just fine for SMS messages. In fact, it’s not even a feature specific to the Messages app. It’s a feature from Apple’s DataDetection framework — the same system-wide feature that recognizes calendar events, postal addresses, URLs, shipment tracking numbers, and more. So you can use this same flight-code trick with, say, Apple Mail. It even works with text recognized in screenshots.

 ★ 

Nelson Aguilar and Blake Stimac, writing for CNet:

That’s right. There’s a hidden flight tracker built right into
iMessage that you probably would have never noticed unless you
threw in the right combination of details within a message. […]

Although the airline name/flight number format highlighted above
is the best way to go, there are other texting options that will
lead you to the same result. So let’s say we stick with American
Airlines 9707, other options that may bring up the flight tracker
include:

AmericanAirlines9707 (no spaces)
AmericanAirlines 9707 (only one space)
AA9707 (airline name is abbreviated and no space)
AA 9707 (abbreviated and space)

This is a cool feature, but don’t cancel your Flighty subscription. It’s maddeningly inconsistent. Even some of CNet’s own suggestions don’t work — neither AmericanAirlines1776 nor AmericanAirlines 1776 works, but American Airlines 9707 does.

The abbreviated names work for the major U.S. airlines — AA123 (American), DL123 (Delta), and UA123 (United) are all recognized. But neither B6123 nor JBU123 (JetBlue) work, nor F9123 or FFT123 (Frontier).

JetBlue 123, JetBlue Airways 123, and JetBlue Airlines 123 work (and even Jet Blue 123 works, with the erroneous space), but you need to include “Airlines” for most carriers. None of these work: American 123, Delta 123, United 123, Frontier 123. All of those do work if you include “Airlines” in the name.

CNet attributes this feature to iMessage, going so far as to claim that it doesn’t work for messages sent using SMS, but that’s wrong. It works just fine for SMS messages. In fact, it’s not even a feature specific to the Messages app. It’s a feature from Apple’s DataDetection framework — the same system-wide feature that recognizes calendar events, postal addresses, URLs, shipment tracking numbers, and more. So you can use this same flight-code trick with, say, Apple Mail. It even works with text recognized in screenshots.

Read More 

Dave Grochocki, writing for Microsoft’s Windows Insider Blog:

With this update, Notepad will now highlight misspelled words and
provide suggestions so that you can easily identify and correct
mistakes. We are also introducing autocorrect which seamlessly
fixes common typing mistakes as you type.

Getting started with spellcheck in Notepad is easy as misspelled
words are automatically underlined in red. To fix a spelling
mistake, click, tap, or use the keyboard shortcut Shift + F10 on
the misspelled word to see suggested spellings. Selecting a
suggestion immediately updates the word. You can also choose to
ignore words in a single document or add them to the dictionary,
so they are not flagged as a mistake again. Spellcheck in Notepad
supports multiple languages.

Better late than never, but it’s kind of wild that Notepad is 41 years old and only getting these features now. I haven’t used a single Mac app that doesn’t offer the system’s built-in spellchecking for over 20 years.

 ★ 

Dave Grochocki, writing for Microsoft’s Windows Insider Blog:

With this update, Notepad will now highlight misspelled words and
provide suggestions so that you can easily identify and correct
mistakes. We are also introducing autocorrect which seamlessly
fixes common typing mistakes as you type.

Getting started with spellcheck in Notepad is easy as misspelled
words are automatically underlined in red. To fix a spelling
mistake, click, tap, or use the keyboard shortcut Shift + F10 on
the misspelled word to see suggested spellings. Selecting a
suggestion immediately updates the word. You can also choose to
ignore words in a single document or add them to the dictionary,
so they are not flagged as a mistake again. Spellcheck in Notepad
supports multiple languages.

Better late than never, but it’s kind of wild that Notepad is 41 years old and only getting these features now. I haven’t used a single Mac app that doesn’t offer the system’s built-in spellchecking for over 20 years.

Read More