I’m not sure if this link works outside the US, but Apple TV’s MLS Wrap-Up show has highlight from the LA Galaxy vs. Houston Dynamo FC match they shot exclusively using iPhone 17 Pros. Follow the link, choose “English”, and then choose “Full Replay” — then skip to 40m:15s or so.

They show one of the professional camera rigs they used, with a long lens attached. I’d say the match footage looks good, but also definitely does not look as good as usual. Impressive for a phone camera, but I’d be a tad annoyed if I were a Galaxy or Dynamo fan and one of my team’s matches was used for a stunt like this.

Dan Goodin, reporting for Ars Technica:

The technique, laid out in a research paper, exploits a side channel, a form of leak resulting from physical manifestations such as electromagnetic emanations, data caches, or the time required to complete a task. By measuring the manifestations, attackers can decrypt encrypted traffic and infer other confidential data. [...]

“Web browsers have evolved from simple document viewers into complex platforms capable of running sophisticated applications,” the paper authors wrote. “Companies like Google, Microsoft, and Adobe have developed full-fledged office suites, photo- and video editors, or even integrated development environments (IDEs) that run entirely within the browser.” The authors went on to note: “While these features enhance the capabilities of web applications and allow completely novel use cases, they also increase the browser’s attack surface, and some have already been shown to introduce new vulnerabilities.”

Unlike previous contention side-channel attacks on SSDs, FROST runs exclusively in the browser. It uses JavaScript that interacts with the OPFS (origin private file system), an allocated storage space that’s reserved for a specific site to run code needed to complete a given task. Websites can create one with no interaction required by the visitor.

JavaScript, as I have suggested many times, was a terrible mistake for the web. It’s absurd that a web page can access local storage space.

A cloud for the agent era. Use exe.dev to get a pool of VMs with SSH, root, and web auth by default. Secrets injected at the network edge stay out of the LLM’s hands. Persistent servers, internal tools, vibe coding, disposable devboxes, whatever. It’s just a computer.

Here’s a fun one. Back in 2014 I linked to a post by Jay Haynes in which he projected that with a very reasonable level of annual growth, Apple ought to reach a $3 trillion market cap within 10 years. At the time of his writing, Apple’s market cap was “just” $450 billion, and no company had hit the $1 trillion market. So projecting a $3 trillion valuation in 10 years was a bold prediction.

Apple hit $3 trillion in just 8 years.

Haynes’s original blog went belly-up, alas, but he republished the piece on Medium, with a bit of additional commentary up front, in 2016. Re-reading Haynes’s piece today, it holds up extremely well, including his case that the iPhone and iPad are almost textbook examples of Clayton Christensen’s disruption theory (yet Christensen himself got it wrong).

(Thanks to Nathan Peretic, longtime DF reader and owner of a perfect personal homepage, for prompting me to revisit this and award Haynes his well-earned Being Right Points.)

Lizzie Dearden and Amelia Nierenberg, reporting for The New York Times (gift link):

The crime Alex Pikula reported to the police was one they had heard before: An e-bike rider had zoomed past as Mr. Pikula left a theater in London’s West End, ripping his phone from his hands. It was frustrating, Mr. Pikula thought, but that was that.

He was wrong.

His mother soon started receiving strange texts, claiming to have her son’s emails and bank information. Then she received a video of a man brandishing a gun. Then came threats of sexual assault and death.

“I know who you are and where you live,” read one, full of obscenities and typos. “I’ve killed or [sic] far less than a phone before,” it went on. “We will see if you value your life over this phone.”

All of the messages wanted her to do one thing: unlink her son’s Apple ID from his stolen phone.

The story only mentions the word iPhone twice, but phone appears over 30 times. “Apple ID” appears four times. There’s zero mention of Android or Google. It’s just implicitly assumed that the only phones worth stealing or threatening victims about are iPhones. The story makes no mention of Apple’s Stolen Device Protection, which Apple recently began turning on by default when users install iOS 26.4.

Dearden and Nierenberg filed a previous report in October about organized iPhone crime rings in London. And in November I linked to a story where a thief, after stealing an Android phone, turned around and handed it back, explaining to the victim, “Don’t want no Samsung.”