Skip to content
Thoughtful, detailed coverage of everything Apple for 33 years
and the TidBITS Content Network for Apple professionals
Show excerpts

#1669: OS security updates, ambiguity of emoji, small business payments with Melio, Twitter now X

It’s time for another round of security updates for Apple’s active operating systems. Two of the fixed vulnerabilities have been exploited in the wild, so install soon. Also this week, Adam Engst explores the cautionary tale of a Canadian contract dispute that hinged on the interpretation of the thumbs-up emoji. He also looks at the small business payment service Melio, which has simplified the process of paying TidBITS writers. Finally, we have brief bits about Elon Musk renaming Twitter to X and what we did with in-between time before smartphones. Notable Mac app releases this week include GrandPerspective 3.4.1, CleanMyMac X 4.14, Lunar 6.2.1, and Final Cut Pro 10.6.7, Compressor 4.6.5, and Motion 5.6.5.

Adam Engst 6 comments

Apple Releases 24-Jul-2023 Security Updates for All Active Operating Systems

Apple has once again updated all its active operating systems to address numerous security vulnerabilities, two of which have been exploited in the wild. One of those is the WebKit vulnerability previously discussed in “Rapid Security Responses for iOS/iPadOS 16.5.1 (c) and macOS Ventura 13.4.1 (c)” (13 July 2023), and the other is a kernel vulnerability that Apple says may have been exploited against versions of iOS before iOS 15.7.1. Consider that if you’re still using an iOS device that can’t update to iOS 15.

The number of vulnerabilities ranges from 8 (tvOS) to 29 (macOS), and most are shared by all the operating systems. The details linked below don’t matter much; we advise installing these updates soon so you’re protected.

The affected operating systems include:

The only functional change Apple mentions is the addition of Siri support for Hebrew in Israel to tvOS 16.6.

Adam Engst 11 comments

The Unbearable Ambiguity of Emoji

A picture is said to be worth a thousand words, implying you’d need a thousand words to describe a single image. Emoji are much simpler—maybe just ten words would suffice. But there’s still plenty of room for interpretation within the picture/text exchange rate, as a recent Canadian court case shows.

A grain buyer in Saskatchewan, Canada, texted farmers asking to buy flax at $17 per bushel, and one farmer indicated he could deliver on that. The buyer texted a photo of the contract, as it had done numerous times before, and asked, “Please confirm flax contract.” The farmer replied with a thumbs-up 👍 emoji. But when prices for flax jumped to $41 per bushel and the farmer failed to deliver on the less-lucrative contract, the buyer sued for breach.

The facts of the case aren’t in question; the nut of the issue is whether the farmer’s 👍 response had the legal meaning of “I accept the contract that you just texted me” or merely implied “I’m acknowledging receipt of the contract.” Judge Timothy Keene ruled that the farmer’s 👍 counted as a signature and the farmer had thus breached the contract:

This court readily acknowledges that a 👍 emoji is a non-traditional means to “sign” a document but nevertheless under these circumstances this was a valid way to convey the two purposes of a “signature” – to identify the signator (Chris using his unique cell phone number) and as I have found above – to convey Achter’s acceptance of the flax contract.

This emoji-driven ruling didn’t come out of thin air. The grain buyer’s attorney said in documents filed in the case that the farmer had previously agreed to contract at least four other times in text by replying “looks good”, “ok”, or “yup”.

More generally, the farmer’s lawyer argued that:

…allowing a simple 👍 emoji to signify identity and acceptance would open up the flood gates to allow all sorts of cases coming forward asking for interpretations as to what various different emojis mean – for example what does a 👊 emoji mean or a 🤝 emoji mean, etc.

The judge wasn’t swayed, responding:

This appears to be a sort of public policy argument. I agree that this case is novel (at least in Saskatchewan) but nevertheless this Court cannot (nor should it) attempt to stem the tide of technology and common usage – this appears to be the new reality in Canadian society and courts will have to be ready to meet the new challenges that may arise from the use of emojis and the like.

This story has been making the rounds based primarily on its humor value, often missing the fact that the farmer had laconically agreed to contracts before. But I’ve long been perturbed about the use of emoji in text communications when there’s room for interpretation. It’s one thing to toss in a smiley or frowning face to add emotional color to text, but entirely another to rely on an image to convey something significant. Sometimes a cigar is just a cigar, but an 🍆 isn’t always just an eggplant.

It was in this context that I read about the draft Emoji 15.1 list that contains recommendations for new emoji that will likely become final in September 2023, alongside the release of Unicode 15.1. (Apple would likely integrate them into its operating systems in early 2024.) This batch of emoji is very particular—most are new sequences that combine existing characters. Of the 118 candidates, 108 merely change directionality, so a slew of emoji that currently only face left will now be available facing right as well. That seems uncontroversial, but meaning still rears its ugly head with the proposed Head Shaking Horizontally and Head Shaking Vertically emoji. Emojipedia says:

Designs for the 🙂‍↔️ Head Shaking Horizontally and 🙂‍↕️ Head Shaking Vertically may pose some semantic difficulties for emoji designers, given that they can have inverted meanings in different cultures. For example, while a nodding head such as intended to be depicted in the 🙂‍↕️ Head Shaking Vertically emoji is a positive “yes” in the United States, in Bulgaria it conveys a negative “no” meaning.

There’s no stuffing emoji back into the bottle, though I suspect relatively few TidBITS readers use emoji heavily to stand in for true textual communications, rather than as simple reactions or emotional color. Even if you know what you intend an emoji to mean, there’s no telling how someone else will interpret it. And the next time you’re selling flax, perhaps stick with saying what you mean in actual words until the powers that be develop a Signature emoji.

Adam Engst 13 comments

Melio Makes Payments for Small Businesses Easy

TidBITS has long paid our writers. That’s easy to say, but when you have to send money to a number of people in varying amounts each month, the mechanics of how the payments actually happen matter.

In the early days, we wrote checks. Or, rather, Tonya did, as part of her CFO duties. Between TidBITS writing and Take Control royalties, we were paying up to 25 people per month. At the time, we relied on MYOB AccountEdge for our accounting, and it made sense for Tonya to handle everything within the app, which could also print checks on our blanks. I still remember her sitting down with the stack of envelopes and a little tube she could use to moisten the glue strips because she hated licking 25 envelopes.

After we sold Take Control to Joe Kissell, the number of people we had to pay each month dropped to just TidBITS writers. Tonya kept writing checks for a while but eventually discovered that the CFCU credit union where we bank allowed her to do direct deposit payments via ACH (Automated Clearing House, a system banks use to transfer funds electronically) using a free service called Popmoney. Its interface was old and ugly, but it did what it promised, and direct deposits made life easier for our writers, who didn’t need to handle physical checks. Plus, before Tonya moved to direct deposits, a check would occasionally go missing or be ignored for a while, and resolving such issues generated even more work for her.

Throughout all this, I was largely and blissfully ignorant of the payment mechanics. However, once Tonya got a job at Cornell and we moved our financial books to Xero (see “Switching to Xero from AccountEdge,” 10 May 2021), she delegated all the regular payroll work to me. That’s when I discovered that Popmoney had an odd limitation of $1000 per day. If we had multiple payments that exceeded $1000, we had to schedule some of them for the future. It wasn’t just the next day—Popmoney wouldn’t let us schedule the additional payments until the first ones had time to clear, usually 3 business days.

I realize this sounds like a first-world problem, but for a while, the Popmoney interface made me guess which date would be open for payments. That was annoying and forced me to pick who would get paid later and alert them separately as to when the money would arrive. The limitation made no sense—these were ACH transfers we were initiating from our account to known people, so it seemed unnecessary for CFCU or Popmoney to protect us from spending too much. I tried to get the limit raised, but CFCU’s support referred me to Popmoney, and then Popmoney said it was a CFCU setting, and I eventually gave up.

My problem was eventually “solved” by CFCU dropping Popmoney entirely, with a vague claim that it would be replaced in the future. (That hasn’t happened yet.) We considered moving to another bank that offered such a service, but that’s more easily said than done, given how many auto-deposits and auto-withdrawals we have.

Instead, we started looking for a third-party service that would allow us to send ACH payments to our writers. They tended to be expensive, such as the case-challenged Bill (compare its lowercase logo to its uppercase text branding), which charges $45 per month. I’m not opposed to paying for such a service, but it wasn’t worth much to prevent me from having to write four or five checks per month.

Then we found Melio, which promises ACH payments for free and has no transaction limits (banks may have their own). Melio makes its money by charging for rush payments, credit card payments, paper checks, and what are essentially payment loans. While those upsell opportunities are always visible in the interface, there’s no problem with using it purely with ACH for free. Note that Melio doesn’t do wire transfers.

Melio splash screen

Using Melio to pay people is simple after a one-time account setup and configuration step to connect your bank account. First, you create a vendor for each person, which requires a company name and optional contact name, email address, and phone number. The email address may be optional, but it’s necessary if you want Melio to send them email requesting their bank information to set up the ACH connection. You can also import vendors using a simple CSV file that collects the same information.

Everyone I pay regularly said entering the necessary routing and account numbers to receive payments was easy, although they were all in the US. When I looked into paying Kirk McElhearn, who lives in the UK, I found that Melio supports international payments, but that requires getting the recipient’s SWIFT or IBAN number and costs $20 per transaction. (I resorted to PayPal to pay Kirk for a recent article.)

Once you have your vendors set up, you create bills to pay. Because I’m paying only a handful of people a variable amount once per month, that’s most easily done by hand. Melio also lets you upload a PDF invoice or image, then parses it to create a bill, which is quite slick, or you can sync with QuickBooks. A quick search revealed that there’s also a Melio Payments integration with Xero, but reviews suggest it has synchronization problems. I don’t need more integration with Xero than seeing the payment come out of my CFCU checking account, so I haven’t looked into that more.

Creating a manual payment is easy, if a little chatty, with a six-step process that collects small amounts of information at each step.

  1. Enter the vendor name, amount, payment frequency, and due date. I always choose the next day as the due date, even though I know that won’t be the date the money actually transfers, as you’ll see.
  2. Specify how you want to fund the payment. Again, funding the payment from your bank account is free; the other options trigger a charge.
  3. Set when you want the payment to be deducted. Regardless of when you said it should be due, Melio gives you the upsell option of deducting right away for a fee. I always go for the free 3 business days option.
  4. Enter an optional memo. I’m a sucker for metadata, even though I haven’t noticed any benefit to entering information here.
  5. Confirm the details of everything you’ve entered so far to ensure you haven’t made a mistake.
  6. Acknowledge that you’re done.

Melio payment flow

Melio’s chattiness extends to email, too. Immediately after you schedule a payment, you receive an email confirming it, and once the funds transfer, Melio sends you another message telling you that the payment has been processed successfully. You can turn off different types of notifications.

Melio notification options

However, Melio’s notifications and other options would likely be welcome for larger companies. You can add collaborators with admin, accountant, or contributor permissions. Payment approval workflows let organizations decide who needs to approve payments and can even separate them by payment size, so, for instance, the CEO would approve payments over $1000 and the office manager everything smaller.

I’m ignoring the other half of Melio’s feature set, which offers a similarly simple approach to getting paid. You can create customers and invoices, and when you link your bank account, your customers’ payments flow in directly. On this side, too, Melio provides the option for you to get paid earlier in exchange for a 1% transaction fee. I’ve long used Stripe when I’ve needed to generate invoices for occasional consulting or other work, but I might try Melio next time to see if its promise of free ACH transactions pans out or if people prefer to pay using credit cards.

Finally, I’ve focused on the Melio website here, but the free Melio iPhone app appears to provide the same capabilities for creating vendors and making payments (but not getting paid), with the advantage of letting you use the iPhone camera to scan invoices. The app also lets you track what you’ve done, so it might be worth downloading even if you plan to set up most of your payments on a computer.

Other payment services may also offer ACH payments for free, but I have no complaints about Melio that would encourage me to switch. My only slight concern is that I would prefer Melio to offer two-factor authentication for its website in addition to the two-step verification that it employs at account setup. (The iPhone app does allow biometric login using Face ID or Touch ID.) Otherwise, the company’s security stance sounds good.

If you need to make regular payments to contractors, freelancers, or other small businesses, I encourage you to try Melio.


GrandPerspective 3.4.1 Agen Schmitz No comments

GrandPerspective 3.4.1

Erwin Bonsma recently released GrandPerspective 3.4 with a revamped toolbar for the graphical disk usage utility, replacing 2008 icons with more modern system symbols and making all toolbar functionality available in the main menu. Shortly afterward, Bonsma issued version 3.4.1 to improve the recently added display focus functionality, improve default settings for various preferences, and change sorting for palettes in the Display panel. It’s a free download from SourceForge, and the update will soon appear on the Mac App Store, where it can be purchased for $2.99 to support further development. (Free, 2.5 MB, macOS 11+)

CleanMyMac X 4.14 Agen Schmitz 13 comments

CleanMyMac X 4.14

MacPaw has released CleanMyMac X 4.14 with an improved and rebranded security component named Moonlock (no, it’s not a Moonage Daydream) for the Mac maintenance utility. CleanMyMac’s Moonlock Engine scans for malware and viruses faster; provides more robust inspection covering mail attachments, DMG and ZIP archives, USB drives, browser extensions, and launchers; and enables you to configure the speed and intensity of your scans. The update also adds low battery alerts for Bluetooth devices (not available in the App Store version) and improves application update notifications. ($89.95 one-time fee, $34.95 annual subscription, in Setapp, free update, 120 MB, release notes, macOS 10.13+)

Lunar 6.2.1 Agen Schmitz No comments

Lunar 6.2.1

Alin Panaitiu has issued version 6.2 of Lunar with various improvements for the display brightness control utility, including quashing the beep sound when making fine volume adjustments. The release adds specific inputs for LG monitors where input switching blinks the monitor but doesn’t actually switch the input, fixes VCP code for LG-specific inputs, addresses zero coordinates in the interface even when location is available, and shows when Location Mode lacks permissions to request actual coordinates. Version 6.2.1 was subsequently released to fix auto-learning logic for contrast and ensure brightness and contrast values don’t overshoot the min/max values. ($23 new, free update, 21.4 MB, release notes, macOS 11+)

Final Cut Pro 10.6.7, Compressor 4.6.5, and Motion 5.6.5 Agen Schmitz No comments

Final Cut Pro 10.6.7, Compressor 4.6.5, and Motion 5.6.5

Apple has released updates for its three professional video apps—Final Cut Pro 10.6.7, Compressor 4.6.5, and Motion 5.6.5—with a relatively short list of enhancements and bug fixes. Final Cut Pro addresses an issue where audio effects would not be reset during playback, fixes a bug that could cause an Audio Units effect to have incorrect values when importing using FCPXML, improves waveform redrawing on expanded audio components when adjusting volume with the Touch Bar, and improves reliability when retiming a clip with the Scene Removal Mask applied.

Compressor changes the Settings and Locations sidebar to be resizable when the Inspector is open, improves reliability when processing 4:2:2-based H.264 media on M-based Macs, and resolves an issue where an exported IMF supplemental package was one frame shorter than the original package. Motion improves stability with FxPlug 4 plug-ins and improves performance when using the Sequence Text behavior with Anchor Point set to Line. (Free updates. Final Cut Pro, $299.99 new, 4.7 GB, release notes, macOS 12.6+; Compressor, $49.99 new, 348.9 MB, release notes, macOS 12.6+; Motion, $49.99 new, 2.3 GB, release notes, macOS 12.6+)


Adam Engst 41 comments

How Did We Fill Our In-Between Time Before Smartphones?

At The Atlantic, Ian Bogost asks (and answers) the question, “How did we occupy ourselves during bits of extra time before we had smartphones?”

Before smartphones, people didn’t invest their in-between time into forging social bonds or doing self-improvement. They mostly suffered through constant, endless boredom. So let us not lament or malign the time we waste on smartphones, at least not so much. It is bad to be seduced into argument or conspiracism, to shop or lust or doomscroll, to bring one’s job into the dentist’s chair or the living-room recliner. But it was also bad to suffer the terror of monotony. Now there is too much happening, but before, ugh, nothing ever happened.

There’s no question that smartphones outcompete nearly everything else around for our attention, sometimes problematically. But I don’t disagree with Bogost’s claim that we used to squander much of our in-between time on pointless activity. I’m constitutionally incapable of ignoring text within my sight, so I remember reading cereal boxes at breakfast, magazine covers in checkout lines, display ads on public transit, out-of-date magazines in doctors’ offices, in-flight Skymall catalogs, and posted signs (however irrelevant) of all types. And no, I didn’t generally strike up conversations with strangers, practice mindfulness, or draft articles in my head. How about you?

Adam Engst 30 comments

Elon Musk Rebrands Twitter to X

At The New York Times, Ryan Mac and Tiffany Hsu write:

The tech billionaire, who bought Twitter last year, renamed the social platform on its website and started replacing the bird logo with a stylized version of the 24th letter of the Latin alphabet. Inside Twitter’s headquarters in San Francisco, X logos were projected in the cafeteria, while conference rooms were renamed to words with X in them, including “eXposure,” “eXult” and “s3Xy,” according to photos seen by The New York Times.

I’m adding this senseless and inexplicable rebranding to my increasingly long list of reasons to ignore Twitter as much as possible. Is the company X but the service Twitter, like Meta and Facebook? Or is it all X? What word replaces “tweet”?

New X login page

To my mind, the most apropos combination of the letter X and a bird comes from Monty Python.

It’s not pining, it’s passed on. This parrot is no more. It has ceased to be. It’s expired and gone to meet its maker. This is a late parrot. It’s a stiff. Bereft of life, it rests in peace. If you hadn’t nailed it to the perch, it would be pushing up the daisies. It’s rung down the curtain and joined the choir invisible. This is an ex-parrot.

At least Apple renamed the Mac’s operating system to macOS a few years back, so we don’t have to worry about leakage surrounding Mac OS X. But it’s amusing that Meta owns a stylized X trademark for social networking (among much else), having acquired it from Microsoft in 2020.