After announcing new MacBook Pro models today, Apple has removed the 2015 MacBook Pro from the Mac section of its website. Ars Technica reports: Beloved by many, the 2015 MacBook Pro had a number of features that have since been changed or have disappeared entirely from new MacBook Pro models. Arguably the most polarizing among these tweaks is the butterfly keyboard -- the 2015 MacBook Pro predates that mechanism, making its traditional keyboard a preferred alternative for many users. The 2015 MacBook Pro also contained legacy ports that Apple has since abandoned in the newest models: USB-A, HDMI, and Thunderbolt 2 ports, and an SD card slot. All of the newest MacBook Pros exclusively feature Thunderbolt 3 ports, which some will appreciate but all will scowl at when they're forced to buy multiple dongles to connect legacy accessories. Currently, Apple has a few 2015 MacBook Pro models listed in its online clearance section, but it's likely that Apple will not have more to sell after those are gone.

Google has quietly enabled a security feature called Site Isolation for 99% of its desktop users on Windows, Mac, Linux, and Chrome OS. This happened in Chrome 67, released at the end of May. From a report: Site Isolation isn't a new feature per-se, being first added in Chrome 63, in December 2017. Back then, it was only available if users changed a Chrome flag and manually enabled it in each of their browsers. The feature is an architectural shift in Chrome's modus operandi because when Site Isolation is enabled, Chrome runs a different browser process for each Internet domain. Initially, Google described Site Isolation as an "additional security boundary between websites," and as a way to prevent malicious sites from messing with the code of legitimate sites.

According to a note shared by reliable Apple analyst Ming-Chi Kuo, Apple is planning to refresh a number of its computing product lineups later this year. Via MacRumors: iPhone: There are three iPhones in the works, two OLED models in 5.8 and 6.5-inch sizes and one LED model that will be available in a 6.1-inch size.
iPad: Apple is working on two new 11 and 12.9-inch models that are equipped with a full-screen design and no Home button, with Apple to replace Touch ID with Face ID.
Mac mini: Processor upgrades expected.
MacBook Pro: Processor upgrades expected.
MacBook: Processor upgrades expected.
New Low-Priced Notebook: Kuo believes Apple is designing a new low-priced notebook. He originally said that this would be in the MacBook Air family, but now has changed his mind. Previous rumors have suggested this machine could be a 12-inch MacBook.
iMac: Significant display performance upgrade alongside a processor upgrade.
Apple Watch: Two new models in sizes that include 1.57 inches (39.9mm) and 1.78 inches (45.2mm) with an enhanced heart rate detection feature.

On Tuesday, Mozilla released Firefox 61, the newest version of its web browser for Windows, Mac, Linux, and Android platforms. The release builds on Firefox Quantum, which the company calls "by far the biggest update since Firefox 1.0 in 2004." VentureBeat: Version 61 brings TLS 1.3, the ability to add custom search engines to the location bar, tab warming, retained display lists, WebExtension tab management, and the Accessibility Tools Inspector. Mozilla doesn't break out the exact numbers for Firefox, though the company does say "half a billion people around the world" use the browser. In other words, it's a major platform that web developers have to consider.

Last week, cybersecurity company PenTest Partners managed to unlock TappLock's smart padlock within two seconds. They "found that the actual code and digital authentication methods for the lock were basically nonexistent," reports The Verge. "All someone would need to unlock the lock is its Bluetooth Low Energy MAC address, which the lock itself broadcasts." The company also managed to snap the lock with a pair of 12-inch bolt cutters.

Today, Naked Security reports that it gets much worse: "Tapplock's cloud-based administration tools were as vulnerable as the lock, as Greek security researcher Vangelis Stykas found out very rapidly." From the report: Stykas found that once you'd logged into one Tapplock account, you were effectively authenticated to access anyone else's Tapplock account, as long as you knew their account ID. You could easily sniff out account IDs because Tapplock was too lazy to use HTTPS (secure web connections) for connections back to home base -- but you didn't really need to bother, because account IDs were apparently just incremental IDs anyway, like house numbers on most streets. As a result, Stykas could not only add himself as an authorized user to anyone else's lock, but also read out personal information from that person's account, including the last location (if known) where the Tapplock was opened.

Incredibly, Tapplock's back-end system would not only let him open other people's locks using the official app, but also tell him where to find the locks he could now open! Of course, this gave him an unlocking speed advantage over Pen Test Partners -- by using the official app Stykas needed just 0.8 seconds to open a lock, instead of the sluggish two seconds needed by the lock-cracking app.

Apple's macOS surreptitiously creates and caches thumbnails for images and other file types stored on password-protected / encrypted containers (hard drives, partitions), according to macOS security experts Wojciech Regula and Patrick Wardle. From a report: The problem is that these cached thumbnails are stored on non-encrypted hard drives, in a known location and can be easily retrieved by malware or forensics tools, revealing some of the content stored on encrypted containers. On macOS, these thumbnails are created by Finder and QuickLook. Finder is the default macOS file explorer app, similar to Windows Explorer. Whenever a user navigates to a new folder, Finder automatically loads icons for the files located in those folders. For images, these icons are gradually replaced by thumbnails that show a preview of the image at a small scale.

Quentin Carnicelli, the chief technology officer at Rogue Amoeba, a widely-reputed firm that produces several audio software for Apple's desktop operating system: With Apple recently releasing their first developer beta of MacOS 10.14 (Mojave), we've been installing it on various test machines to test our apps. The inevitable march of technology means Mojave won't install on all of our older hardware. There's no shock there, but the situation is rather distressing when it comes to spending money to purchase new equipment. Here is the situation, as reported by the wonderful MacRumor's Buyers Guide: At the time of the writing, with the exception of the $5,000 iMac Pro, no Macintosh has been updated at all in the past year. Here are the last updates to the entire line of Macs: iMac Pro: 182 days ago, iMac: 374 days ago, MacBook: 374 days ago, MacBook Air: 374 days ago, MacBook Pro: 374 days ago, Mac Pro: 436 days ago, and Mac Mini: 1337 days ago.

Worse, most of these counts are misleading, with the machines not seeing a true update in quite a bit longer. The Mac Mini hasn't seen an update of any kind in almost 4 years (nor, for that matter, a price drop). The once-solid Mac Pro was replaced by the dead-end cylindrical version all the way back in 2012, which was then left to stagnate. I don't even want to get started on the MacBook Pro's questionable keyboard, or the MacBook's sole port (USB-C which must also be used to provide power). It's very difficult to recommend much from the current crop of Macs to customers, and that's deeply worrisome to us, as a Mac-based software company.

Earlier today, Nintendo announced during its E3 press conference that Epic Games' Fortnite would be coming to the Switch console. Unfortunately, when Epic Games PR representative Nick Chester confirmed cross-play compatibility, the PS4 wasn't on the list. The Switch version of Fortnite will only support cross-play with Xbox One, PC, Mac, and mobile. The Verge reports: That aligns with past cross-play implementations between Xbox One, PS4, PC, and mobile, with Sony blocking other console platforms from playing with its own. You can cross-play between PS4, mobile, and PC. Unfortunately, this also suggests that PS4 players of Fortnite won't be able to log in to their Epic accounts on the Switch, meaning you won't be able to have any weekly progress carry over or gain access to any of your skins or emotes. This is because your Epic account is tied up with your PSN username in most cases. For instance, you can't log in to an Epic account tied to PSN on the Xbox One version of Fortnite, and it sounds like the same will be true for the Switch.

An anonymous reader shares a report: For years, hackers could hide malware alongside legitimate Apple code and sneak it past several popular third-party security products for Mac computers, according to new research. This is not a flaw in MacOS but an issue in how third-party security tools implemented Apple's APIs. A researcher from security firm Okta found that several security products for Mac -- including Little Snitch, xFence, and Facebook's OSquery -- could be tricked into believing malware was Apple code, and let it past their defenses. "I can take malicious code and make it look like it's signed by Apple," Josh Pitts, the security researcher at Okta who discovered these bugs, told Motherboard. In a blog post published Tuesday, Pitts explained that the issue lies with how the third-party security tools implemented Apple's code-signing APIs when dealing with Mac's executable files known as Universal or Fat files.

Apple has updated the App Store's Review Guidelines to explicitly ban on-device mining across any type of app, and all of Apple's platforms. The new section 3.1.5 (b), titled Cryptocurrencies, provides five clear rules for what will and won't be allowed in macOS, iOS, tvOS, and watchOS apps going forward. VentureBeat reports: The upshot of the new rules is that while Apple will permit cryptocurrencies to exist on its platforms, it's adding requirements to stop scammers and individuals from exploiting App Store customers, while making explicit that it's blocking developers from eating Apple device processing power for mining activities. As AppleInsider notes, the Review Guidelines were previously less concerned with cryptocurrencies, allowing an app to facilitate crypto and ICO transactions if it complied with the laws in the app's distributed territories.

Since the App Store is virtually the only place to acquire software for iPhones, iPads, iPod touches, Apple TVs, and Apple Watches, Apple's decision will effectively end crypto mining on those devices. On macOS, however, users will continue to be able to acquire apps outside of the Mac App Store, enabling mining and other activities to continue without Apple's seal of approval.

To celebrate its 14th birthday, Phoronix.com used a 15-inch MacBook Pro to run system benchmarking tests on the following operating systems:

- Windows 10 Pro

- The latest macOS 10.13 High Sierra

- Windows 10 Windows Subsystem for Linux (WSL) using Ubuntu 18.04

- Ubuntu 18.04 LTS with the Linux 4.15 kernel, GCC 7.3.0, and an EXT4 file-system.

- Clear Linux 22780 with the Linux 4.16 kernel, GCC 8.1.1, and EXT4.

- Fedora Workstation 28 with updates is the Linux 4.16 kernel, GCC 8.1.1, and EXT4.

- OpenSUSE Tumbleweed with the Linux 4.16 kernel, GCC 7.3.1, and default file-system configuration of Btrfs root file-system with XFS home partition.

The results? When it came to outright wins and losses, Clear Linux 22780 was the front-runner 59% of the time followed by macOS 10.13.4 finishing first 21% of the time and then Fedora Workstation 28 with winning 10% of the time.

For losses, to little surprise considering the I/O overhead, Windows 10 was in last place 38% of the time followed by Ubuntu 18.04 being surprisingly the slowest Linux distribution 30% of the time on this 2016 MacBook Pro.
The article also reminds readers that "For those looking for a Linux laptop, there are plenty of better options..."

In 2010, Steve Jobs first introduced FaceTime and promised it would become an open industry standard that could be used by Apple's competitors -- not just Apple. Well, eight years later and that still hasn't happened. CNET's Sean Hollister provides a theory as to why that is: There's also an ongoing lawsuit to consider -- as Ars Technica documented in 2013, Apple was forced to majorly change how FaceTime works to avoid infringing on the patents of a company called VirnetX. Instead of letting phones communicate directly with each other, Apple added "relay servers" to help the phones connect. Presumably, someone would have to pay for those servers, and/or figure out a way for them to talk to Google or Microsoft or other third-party servers if FaceTime were going to be truly open. But that doesn't make a broken promise less frustrating. Particularly now that Apple could potentially fix annoying business video calls as well. A Skype-killing video chat service that worked on Mac, iOS *and* Windows, Android and the open web? That's something I bet companies would be happy to pay for, too.

In macOS 10.14 Mojave, which Apple unveiled on Monday, the company is deprecating OpenGL and OpenCL technologies in its desktop operating system. In an announcement post to developers, the company wrote: Apps built using OpenGL and OpenCL will continue to run in macOS 10.14, but these legacy technologies are deprecated in macOS 10.14. Games and graphics-intensive apps that use OpenGL should now adopt Metal. Similarly, apps that use OpenCL for computational tasks should now adopt Metal and Metal Performance Shaders. PCGamer reports that several developers have expressed disappointment over the decision. AnandTech reports that the company is doing away with OpenGL and OpenCL in iOS and its other operating systems as well.

The next version of iOS and macOS "will frustrate tools used by Facebook to automatically track web users," reports BBC. At the company's developer conference, Apple's software chief Craig Federighi said, "We're shutting that down," adding that Safari would ask owners' permission before allowing the social network to monitor their activity. BBC reports: At the WWDC conference - held in San Jose, California - Mr Federighi said that Facebook keeps watch over people in ways they might not be aware of. "We've all seen these - these like buttons, and share buttons and these comment fields. "Well it turns out these can be used to track you, whether you click on them or not." He then pointed to an onscreen alert that asked: "Do you want to allow Facebook.com to use cookies and available data while browsing?" "You can decide to keep your information private."

Apple also said that MacOS Mojave would combat a technique called "fingerprinting", in which advertisers try to track users who delete their cookies. The method involves identifying computers by the fonts and plug-ins installed among other configuration details. To counter this, Apple will present web pages with less details about the computer. "As a result your Mac will look more like everyone else's Mac, and it will be dramatically more difficult for data companies to uniquely identify your device," Mr Federighi explained.

Stephen Shankland, writing for CNET: With its next-generation MacOS Mojave software, Macs will be able to run some apps written for iPhones and iPads, a big new step in bringing the two technology platforms closer together. Craig Federighi, Apple's senior vice president of software engineering, announced the change Monday at Apple's Worldwide Developer Conference in San Jose. And he said Mojave will include four apps Apple itself brought from its iOS mobile software to MacOS: Home, Stocks, News and Voice Memo. "There are millions of iOS apps out there, and we think some of them would look great on the Mac," Federighi said. For now, it's only Apple that has the ability to move iOS apps to MacOS. But that'll change in 2019.

Alongside iOS 12, at its developer conference WWDC on Monday, Apple also unveiled macOS 10.14 -- named "Mojave" -- the upcoming software update for the company's laptop and desktops lineups. The headline feature of macOS 10.14 is dark mode, a feature that people who work during late hours might appreciate. VentureBeat: A new Mojave feature called Dynamic Desktop can subtly change the desktop throughout the day, morning, afternoon, and evening. There's also Desktop Stacks, which can automatically clean up a messy desktop by arranging desktop contents into stacks based on content, date, or tag. Gallery View in the Finder lets you see content in a Photos-like display, including full metadata from cameras that can appear in an optional second sidebar; you can rotate photos and do basic automation of Actions within the Finder. The macOS screenshot creation tool has been expanded, as well, to enable instant creation of screengrabbed videos from current screen content.

Continuity has been expanded with Continuity Camera, leveraging your phone's camera to instantly add photos and scans to programs that request them. It also includes a Mac version of the Apple News aggregation app that debuted on iOS two years ago, including the Stocks feature and new sidebar that were shown off for the updated iPad version of News earlier in the Keynote. Voice Memos is also being brought to the Mac, as is Home, the HomeKit app from iOS. Apple also announced a collection of heightened security features for macOS, including protection by default of camera access, microphone access, your mail database, message history, and other private data. Apple has also redesigned the App Store, and is bringing favicons to Safari tabs.

The creators of popular encrypted email service ProtonMail have released a free version of their ProtonVPN software for macOS. From a report: Even though the free version does not contain the full features that you would come to expect from a paid VPN service it is more than capable of obfuscating IP addresses and your location. While ProtonVPN has already released Windows and Android versions, according to Dr. Andy Yen, CEO of ProtonMail, their reason for releasing the free macOS version "is to make the world a safer place by ensuring that citizens around the world have access to an Internet free of spying and censorship. Releasing a free VPN service for macOS is another important step in that direction."

An anonymous reader shares a report: Google released earlier today Chrome 67, the latest stable release of its web browser. According to changelogs released with Chrome 67, this version adds support for a Generic Sensors API, improves AR and VR experiences, and deprecates the HTTP-Based Public Key Pinning (HPKP) security feature. Probably the biggest change in Chrome 67 is the addition of the Generic Sensors API. As the name implies, this is an API that exposes data from device sensors to public websites. The new API is based on the Generic Sensor W3C standard. This API is meant primarily for mobile use, and in its current version, websites can use Chrome's Generic Sensors API to access data from a device's accelerometer, gyroscope, orientation and motion sensors. Another API that shipped with Chrome is the WebXR Device API. Developers can use this API to build virtual and augmented reality experiences on Chrome for mobile-based VR headsets like Google Daydream View and Samsung Gear VR, as well as desktop-hosted headsets like Oculus Rift, HTC Vive, and Windows Mixed Reality Headsets.

The Russian government is asking Apple to help it block Telegram by removing it from the country's App Store. Mac Rumors reports: A Russian court in April ordered carriers and internet providers in the country to block Telegram back in April, after Telegram refused to provide Russia with backdoor access to user messages. Despite issuing the block order back in April, Russia has only been able to disrupt Telegram's operations in the country by 15 to 30 percent. Given the government's inability to block the app, Roskomnadzor, the division of the government that controls media and telecommunications, has demanded that Apple remove the Telegram app from the Russian App Store. The group first asked Apple to remove the app in April, but is appealing to Apple again.

"In order to avoid possible action by Roskomnadzor for violations of the functioning of the above-mentioned Apple Inc. service, we ask you to inform us as soon as possible about your company's further actions to resolve the problematic issue," the regulator wrote. Roskomnadzor has given Apple one month to remove the Telegram app from the App Store. Roskomnadzor's director Alexander Zharov said he did not want to "forecast further actions" should Apple not comply with the request following the 30 day period.

It has been nearly two weeks since researchers unveiled "EFAIL," a set of critical software vulnerabilities that allow encrypted email messages to be stolen from within the inbox. The Intercept reports that developers of email clients and encryption plugins are still scrambling to come up with a permanent fix. From the report: Apple Mail is the email client that comes free with every Mac computer, and an open source project called GPGTools allows Apple Mail to smoothly encrypt and decrypt messages using the 23-year-old PGP standard. The day the EFAIL paper was published, GPGTools instructed users to workaround EFAIL by changing a setting in Apple Mail to disable loading remote content. Similarly, the creator of PGP, Phil Zimmermann, co-signed a blog post Thursday stating that EFAIL was "easy to mitigate" by disabling the loading of remote content in GPGTools. But even if you follow this advice and disable remote content, Apple Mail and GPGTools are still vulnerable to EFAIL.

I developed a proof-of-concept exploit that works against Apple Mail and GPGTools even when remote content loading is disabled (German security researcher Hanno Bock also deserves much of the credit for this exploit, more on that below). I have reported the vulnerability to the GPGTools developers, and they are actively working on an update that they plan on releasing soon.