Stuart Breckenridge

SG Transit v1.1

Today I released v1.1 of SG Transit. It’s quite an extensive set of release notes:

New Features:

  • Deleting all favourite bus stops has been moved from Settings to Favourites. Before deleting all favourites, the app will (now) very kindly give you the opportunity to change your mind.
  • You can provide feedback via email on the Settings screen.
  • You can pull-to-refresh on the bus arrivals screen (in addition to the existing auto refresh every 30 seconds).
  • Enhanced the auto-refresh-countdown indicator with a NUMBER!
  • Added visual indicators to show whether the next arrival for a particular service has wheelchair access.
  • Added visual indicators to show if a bus is a double-decker.
  • Added visual indicator to the tab bar when there is an MRT disruption.
  • The Start/End markers of bus routes are now colour coded. (A loop route uses the ∞ mark.)
  • Sorting by arrival time is now the default, although you can configure this in Settings.
  • The distance a bus is from your chosen bus stop is now displayed.
  • If you think ads suck and want to get rid of them, you can remove them via a small, one-time, in-app purchase.
  • iPad support. All iPads. 9.7inch, 10.5inch, and 12.9inch. (New screenshots included.)

New Privacy Features:

  • EU USERS: If, for some reason you use this app in the EU, you will be prompted to provide consent to see personalised adverts.
  • The Privacy Policy is now available in the app, via the Settings screen.


  • The auto-refresh continues its countdown when the user is scrolling.

Data Updates:

  • The latest bus route and bus stop data has been added.

You can download the app here.

Twitter Prices Third Party Developers Off of Platform

Juli Clover, for Macrumors:

Third-party Twitter app developers will be required to purchase a Premium or Enterprise Account Activity API package to access a full set of activities related to a Twitter account including Tweets, @mentions, Replies, Retweets, Quote Tweets, Retweets of Quoted Tweets, Likes, Direct Messages Sent, Direct Messages Received, Follows, Blocks, Mutes, typing indicators, and read receipts.

Premium API access, which provides access to up to 250 accounts, is priced at $2,899 per month, while enterprise access is more expensive, with pricing quotes available from Twitter following an application for an enterprise account.

$2,899 per month is an insane amount of money for third party developers like Tapbots or The Iconfactory to be paying each month. As pointed out on Apps of a Feather, this will equate to over $16 per month for each user. It’s unaffordable and it would therefore appear that August 16th, 2018 will be the end of the road for third party clients.

What I don’t understand is why there is no middle ground for Twitter and third party clients? For example, make the Activity API available to third party client developers for free on the proviso that they include Twitter ads in the stream1? (My assumption is that this is mostly about monetisation.)

  1. And just live without streaming and push notifications. ↩︎

Critical Vulnerabilities Discovered in PGP and S/MIME

A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.

The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific). In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication.

Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.

Excel Gains JavaScript User Defined Functions

Frederic Lardinois, writing for TechCrunch:

Microsoft is launching a couple of features to Excel today that make the ubiquitous spreadsheet software a bit more powerful. Among the new features is support for Azure Machine Learning and custom JavaScript functions to Excel to extend its capabilities.


Developers could already write their own complex scripts with Visual Basic for Applications (VBA). There are some advantages to using JavaScript, though, not in the least its popularity and ability to easily connect to third-party services, but also the simple fact that these functions can run on any platform. Microsoft first tested custom functions through the Office Insider Program, and it’s now ready to roll it out to a wider audience.

The instructions seem a little convoluted at this stage 1, but I’m keen to try this out.

  1. It is early access. ↩︎

Github, Twitter Stored Passwords in Clear Text


During the course of regular auditing, GitHub discovered that a recently introduced bug exposed a small number of users’ passwords to our internal logging system […]


Due to a bug, passwords were written to an internal log before completing the hashing process.

It seems that Github and Twitter are using the same underlying technology. Regardless, you should change your password.