Monday, July 28, 2014

A Candid Look at Unread’s First Year

Jared Sinclair:

After a huge spike in sales the first day, sales dropped in what is (to my knowledge) a typical launch week curve for iPhone apps. The week after launch, Unread was featured on the main page of the App Store. This feature did not lead to a spike in sales. Rather, it kept sales from dropping any further for that week, then tapered off. I conclude from this that an App Store feature may not be as helpful as positive, prominent reviews from influential writers.


Half of the lifetime sales of Unread were generated in the first five days1. It would take another 170 days (24 weeks) to generate that same amount again.


Despite all of these circumstances, Unread still only earned $42K in sales ($21K after taxes and expenses) and is on a course that doesn’t promise much growth. I conclude from all this that anyone who wants to make a satisfying living as an independent app developer should seriously consider only building apps based on sustainable revenue models. I suspect this means through consumable in-app purchases, like those in Candy Crush Saga or Clash of Clans, or through recurring subscription charges, like those in WhatsApp.

My iPhone and iPad are great places to read articles that I’ve saved, but I prefer to process the RSS feeds from the Mac.

Update (2014-07-28): Tyler Hall:

And that leads me to another difference between developing for iOS and Mac. On the App Store, the price for apps has bottomed out. There are countless stories of developers, Jared included, failing to gain traction by setting an upfront paid price. Apps can require thousands of hours of work and yet can’t command a price of even $0.99. The only apps making money that I’m aware of are littered with scummy in-app purchases. For developers who take pride in what they build and don’t want to lower themselves to that level, there doesn’t seem to be a route to profitability.

With VirtualHostX [a Mac app], the opposite is true. In 2007, I priced the app at $7. Over time I raised the price to $9, $12, $14, $19, $24, $29, $34, $39, and, now, $49. With each price increase my total sales and revenue have only gone up. And, as an extra bonus, the quality of my customers has increased as well. I never received as many angry emails from customers as I did when the app was priced cheaply. Now that VirtualHostX costs “real money”, I weed out those users who aren’t willing to make a financial commitment to the app and my company.

Update (2014-07-28): Brent Simmons:

But with how prices have fallen — how people are now accustomed to not paying anything until they’re hopelessly addicted and need the $4.99 packet of imaginary things that will get them to the next level — I can’t recommend to anybody that they quit their job to just write their own iOS apps.

Update (2014-07-29): Gus Mueller:

My basic strategy is to make a useful quality product, and sell it at a fair and sustainable price. If your app is quality, it will find customers. And then those customers will tell their friends, and the news sites will notice it. And since you’re charging a fair price a virtuous circle will form.

If you are just starting out, this might take years (maybe even exactly 1,068 days). It’s a long road of hard work, pain, joy, and just showing up every day. Eventually you will get lucky and gain some traction—but it’s not luck alone that is the key to success. You need to recognize opportunities as they come along and grab them. And just as equally important—you need to recognize time sinks and stupid ideas that come along as well. There will be more of the latter.

Sunday, July 27, 2014

Canvas Fingerprinting Instead of Cookies

Julia Angwin (via John Gordon):

The type of tracking, called canvas fingerprinting, works by instructing the visitor’s web browser to draw a hidden image, and was first documented in a upcoming paper by researchers at Princeton University and KU Leuven University in Belgium. Because each computer draws the image slightly differently, the images can be used to assign each user’s device a number that uniquely identifies it.

Why You Only Have to Wipe a Disk Once

Chris Hoffman (via Uli Kusterer):

To understand why the Gutmann method isn’t necessary for all drives, it’s important to note that the paper and method were designed in 1996, when older hard drive technology was in use. The 35-pass Gutmann method was designed to wipe data from any type of drive, no matter what type of drive it was – everything from current hard disk technology in 1996 to ancient hard disk technology.

As Gutmann himself explained in an epilogue written later, for a modern drive, one wipe (or maybe two, if you like – but certainly not 35) will do just fine[…]

I had not heard that before. However, these days most of my drives are encrypted with FileVault 2, so there’s probably little reason to wipe them, anyway.

Saturday, July 26, 2014

Who at the Table is an Indie iOS Developer?

Brent Simmons:

There are a ton of Mac and iOS developers in the Seattle area — and almost all the iOS developers are making money either via a paycheck (they have a job) or through contracting.

The only local indie iOS-only developer I could think of was me — and even that won’t be true for much longer, as we’re working on Vesper for Mac.


[…] indie developers — people who make all or most of their money via products they create and sell — are fairly rare these days. Most of the local developers I know work at Omni, Black Pixel, or Apple or do contracting.

See also the responses from Rich Siegel, Ole Begemann, James Thomson, David Barnard, and Daniel Jalkut.

Update (2014-07-28): Brent Simmons:

But with how prices have fallen — how people are now accustomed to not paying anything until they’re hopelessly addicted and need the $4.99 packet of imaginary things that will get them to the next level — I can’t recommend to anybody that they quit their job to just write their own iOS apps.

Update (2014-07-29): Marco Arment:

The app market is becoming a mature, developed industry, with vastly increased commoditization compared to its early days. Competition is ubiquitous, relentless, and often shameless, even in categories that were previously under-the-radar niches. Standing out requires more effort than ever, yet profits are harder to come by than ever.

Full-time iOS indie developers — people who make the majority of their income from sales of their apps, rather than consulting or other related work — are increasingly rare. I thought Brent Simmons would get flooded with counterexamples when he proposed that there are very few, but he didn’t.

iTunes 12 and the Case of the Missing Sidebar

Kirk McElhearn:

I’ll miss the sidebar, and I wonder why Apple is removing it. For those who use it, it’s a convenient way to access much of your iTunes library. According to screenshots published on a variety of websites, there is no longer even a drop-down menu at the top-left of the iTunes window when the sidebar is hidden; you access the various libraries and devices by clicking icons in the navigation bar.

Jim Tanous:

It’s clear that Apple is trying to steer users away from the sidebar, and the company’s default album view is visually impressive. But longtime iTunes users who prefer the “traditional” iTunes layout may be fighting a losing battle with Apple. It’s great that the company preserves some forms of sidebar and list views in iTunes 12, even if they’re harder to find and lack some functionality, but how much longer will Apple continue quietly relegating these layouts before they’re gone completely?

The sidebar’s gone, but the modal preferences window remains. I’m not really attached to the old sidebar, but I found it essential to turn it back on in iTunes 11, and the new design does not seem to be a clear improvement. It seems even less friendly to those of us who like to navigate by menus or keyboard shortcuts, rather than by clicking tiny, unlabeled buttons.

Sidebar Translucency in Yosemite

Neven Mrgan:

Translucency in 10.10 is gross with fullscreen apps (which I dig). What does that blotchy, blurry sidebar “show” me?

This seems like an endless cycle with Apple. Introduce a new appearance that values form over function, one that in many cases it doesn’t even look good, unconvincingly try to justify it as useful, gradually tone it down over the releases, and eventually add a new horror. We’ve seen this movie before. Can’t we just skip the first several steps?

Flipboard Explorer


FLEX (Flipboard Explorer) is a set of in-app debugging and exploration tools for iOS development. When presented, FLEX shows a toolbar that lives in a window above your application. From this toolbar, you can view and modify nearly every piece of state in your running application.

List All Unprefixed Objective-C Classes for a Given SDK

Cédric Luthi has written a useful script that uses nm to inspect compiled frameworks.

How To Make Tilt Scrolling That Doesn’t Suck

Marco Arment:

My solution is to have tilt scrolling always default to off, make the user toggle it on every time they want it, and use the phone’s current orientation as the zero point when they tap the button. Critically, this means they can toggle the button off and on again to reset the zero point whenever they want, like if they change positions while sitting or in bed.

Amazon has apparently chosen instead to set this when the article is first loaded, but that will never work well enough in practice. I assumed my method was common sense, but apparently not.

Apple “Frustrated” That “People Don’t Want to Pay Anything”

Jared Nelson:

The second really interesting thing to come out of this interview is that, according to Watson, Apple is also sick of the race to the bottom mentality and rampancy of free to play games. “Apple is frustrated, along with everybody else, about the mentality that’s gone rampant in mobile app markets, where people don’t want to pay anything,” says Watson. “They think that four dollars is an exorbitant amount to pay for a game, which is very illogical considering most people’s lifestyles. They’ll spend $600 on an iPad, and $4 on a coffee, drop $20 on lunch, but when it comes to spending four or five dollars on a game, it’s this life-altering decision. I’m frustrated with that too.”

I don’t see any evidence in the article that Apple is frustrated. Apple literally encouraged the race to the bottom with its initial App Store pricing guidance (99 cents or free). And it continues to encourage it through the lack of trials, the types of in-app purchases it allows, and the types of apps that it features.

Friday, July 25, 2014

Nil-coalescing Operator in Swift

Josh Smith:

As seen in the last example above, I created a custom operator function, dubbed the nil-coalescing operator. That operator function evaluates to an optional’s value unless it is nil, in which case it evaluates to a fallback/default value. This is based on the null-coalescing operator in C#, which is formed by two adjacent question marks (??). Since Swift does not allow custom operator functions to include a question mark, I instead opted for two adjacent exclamation marks (!!). I think of it as “If the optional cannot be unwrapped (because it’s nil), then use this value instead.”

Thursday, July 24, 2014

The Magic Question That Turns Transactions Into Relationships

Heidi Roizen:

In short, the problem with people asking for what they need, is they used only their brain to figure out what they need. It is far more powerful to also use the brain of the person on the other side of the table.

So, next time you are in a negotiation, instead of stating what you (think you) need, or even asking the other party what they (think they) need, instead ask this:

“What problem are you trying to solve?”

Yosemite Beta Program


Please note that since pre-release software or beta software has not yet been commercially-released by Apple, it may contain errors or inaccuracies and may not function as well as commercially-released software. Be sure to back up your computer using Time Machine before installing this pre-release software and install it only on non-production or machines that are not business critical.


Yes, the pre-release software is Apple confidential information. For example, don’t install the pre-release Apple software on any systems you don’t directly control or that you share with others, don’t blog, post screen shots, tweet or publicly post information about the pre-release Apple software, and don’t discuss the pre-release Apple software with or demonstrate it to others who are not in the OS X Beta Program. For clarity, if Apple has publicly disclosed technical information about the pre-release software then it is no longer considered confidential.

Jason Snell:

The first public build of Yosemite is the same one received by registered Mac developers earlier this week. Developers who are testing Yosemite are on a different track than regular users, however, and both groups may receive different updates at different times as testing continues.

Apple developers know to use the company’s Radar bug tracker to file bugs, but regular users won’t need to. Instead, Apple will ask users to send feedback and communicate bugs via the Feedback Assistant app, which will be installed along with Yosemite on all beta-test systems.

Update (2014-07-26): Dan Frakes:

As with previous versions of OS X, it’s not difficult to create a bootable installer drive from the Yosemite beta installer, though the processes have changed slightly since Mavericks. I show you how, below.

Kirk McElhearn:

It’s neat to get a first glimpse at a new operating system. But most users don’t really need this, so think carefully whether you do. If you decide to install it, make sure to do it safely.

Kirk McElhearn:

Sorry, you’re wrong. Your app may be compatible with the latest beta of Yosemite, but claiming that it’s compatible with Yosemite is misleading. Until the GM – the golden master, the final release version – is released, no one can be sure that their apps are compatible with an operating system.

Wednesday, July 23, 2014

Verizon Made an Enemy Tonight

Colin Nederkoorn (via Landon Fuller):

This Netflix video streams at 375 kbps (or 0.375 mbps – 0.5% of the speed I pay for) at the fastest. I was shocked. Then I decided to try connecting to a VPN service to compare.


It seems absurd to me that adding another hop via a VPN actually improves streaming speed.

Clearly it’s not Netflix that doesn’t have the capacity. It seems that Verizon are deliberately dragging their feet and failing to provide service that people have paid for.

Tuesday, July 22, 2014

Scrollbar History

Jack Wellborn (John Gruber):

In Xerox’s demo, the scroll bar of one particular application has multiple scrolling operations depending on which mouse button is pressed that only get invoked when that same button is released. Even today’s users with decades old scroll bar experience would struggle to understand this implementation. I can’t imagine it being intuitive in 1982 when most computer users had no concept of a mouse driven user interface, let alone scrolls bars.

StackOverflow Scalability

Todd Hoff:

Stack Overflow still uses Microsoft products. Microsoft infrastructure works and is cheap enough, so there’s no compelling reason to change. Yet SO is pragmatic. They use Linux where it makes sense. There’s no purity push to make everything Linux or keep everything Microsoft. That wouldn’t be efficient.

Stack Overflow still uses a scale-up strategy. No clouds in site. With their SQL Servers loaded with 384 GB of RAM and 2TB of SSD, AWS would cost a fortune. The cloud would also slow them down, making it harder to optimize and troubleshoot system issues. Plus, SO doesn’t need a horizontal scaling strategy. Large peak loads, where scaling out makes sense, hasn’t been a problem because they’ve been quite successful at sizing their system correctly.


Is 20 Gb massive overkill? You bet your ass it is, the active SQL servers average around 100-200 Mb out of that 20 Gb pipe. However, things like backups, rebuilds, etc. can completely saturate it due to how much memory and SSD storage is present, so it does serve a purpose.


Go into the IL (assembly language of .Net). Some coding is in IL, not C#. Look at SQL query plans. Take memory dumps of the web servers to see what is actually going on. Discovered, for example, a split call generated 2GB of garbage.


SO goes to great lengths to reduce garbage collection costs, skipping practices like TDD, avoiding layers of abstraction, and using static methods. While extreme, the result is highly performing code.

There are also some comments on Hacker News.

XCTest​Case / XCTest​Expectation / measure​Block()

Mattt Thompson:

With Xcode 6, we’ve finally arrived: the built-in testing tools are now good enough to use on their own. That is to say, there are no particularly compelling reasons to use any additional abstractions in order to provide acceptable test coverage for the vast majority apps and libraries. Except in extreme cases that require extensive stubbing, mocking, or other exotic test constructs, XCTest assertions, expectations, and performance measurements should be sufficient.

I do find it helpful to use additional macros to make the assertions more concise. For example, I use EQ() instead of XCTAssertEqualObjects(). This was also nice because I didn’t have to change all my code when Apple renamed its macros. I also have macros like EQARRAY() that make it easier to see how the failing object differs from the expected one. And I have ones for structs like NSPoint because Apple removed support for those with XCTAssertEqual() and never added it back.

Tower 2.0

Tower 2 is now available. I like some of the new features, such as support for multiple windows, the new Open Quickly feature, changing the tabs to a sidebar, sending folder diffs to BBEdit or Kaleidoscope, and the removal of the popovers.

Previous versions would hang forever when there were a large number of changes in the working copy. I think this is fixed—at least I never saw that happen during beta testing.

There are some problems, though:

Why Smartphone Screens Are Getting Bigger

Ben Taylor:

As smartphones become our primary devices, doing the jobs once held by computers and even televisions, we need a product that can change, like a chameleon, to serve all of these functions.

Before 2010, the extra real estate was unnecessary. After all, we were using phones mostly for making calls, listening to music, or doing a bit of light web-browsing on bad mobile interfaces, making mental notes to do our real work when we got back to our computers.

Today, the web—from site interfaces to television to native apps—is often designed primarily for the mobile format. The smartphone is no longer just a phone, but a hybrid of devices—and increasingly, the most common way to interact with the world. A bigger screen allows a mobile device to play all of these roles at once.

I’m still annoyed at having to hand-shimmy, but it seems hard to imagine going back to a 3.5-inch screen after using a 4-inch iPhone 5s. I’m not sure yet whether a phone that’s between the size of a 5s and an iPad mini would be perfect or too large for my pockets and hands.

Changes to Swift in Beta 4

Airspeed Velocity:

Other than access control, no big changes to the language with Beta 4, unlike with Beta 3. But still plenty of changes to the standard library.

Erika Sadun:

RIP CString. It’s now all ConstUnSafePointer<Int8> all the time. I still can’t get most of my straight C stuff ported but it looks like things are getting closer.

Brent Simmons:

So if internal access is the default, and I don’t want to use it (or want to use it exceedingly sparingly), what do I do?

Update (2014-07-24): Apple:

In Xcode 6 beta 4, Swift adds support for access control. This gives you complete control over what part of the code is accessible within a single file, available across your project, or made public as API for anyone that imports your framework.

The Right Dictionary

James Somers (via Gabe Weatherhead):

I could go on forever listing examples. I could say, “Look up example, magic, sport. Look up arduous, huge, chauvinistic, venal, pell-mell, raiment, sue, smarting, stereotype. Look up the word word, and look, and up. Look up every word you used today.” Indeed that’s what motivated this post: I’d been using Webster’s dictionary for about a year; I kept looking words up, first there, then in whatever modern dictionary was closest to hand, and seeing this awful difference, evidence of a crime that kept piling up in my mind, the guilt building: so many people were getting this wrong impression about words, every day, so many times a day.

There’s an amazing thing that happens when you start using the right dictionary. Knowing that it’s there for you, you start looking up more words, including words you already know. And you develop an affection for even those, the plainest most everyday words, because you see them treated with the same respect awarded to the rare ones, the high-sounding ones.


Note that the modern Merriam-Webster, even though it does derive directly from Webster’s original, has been revised so much that it’s actually less similar, content-wise, than some of the impostors. It, too, is one of the “wrong” dictionaries.

He has a tip for how to get the Mac OS X dictionary app to use Webster’s 1913 dictionary instead of Oxford.

Update (2014-07-23): Brent Simmons:

(Byron. Wow. I like a metaphor like that because you learn something about both sides, about the Almighty and tempests both.)

This is after two minutes of clicking around. There’s an entire language of rewards in there.

New New Yorker Web Site

The New Yorker (via Jason Kottke):

Beginning this week, absolutely everything new that we publish—the work in the print magazine and the work published online only—will be unlocked. All of it, for everyone. Call it a summer-long free-for-all. Non-subscribers will get a chance to explore The New Yorker fully and freely, just as subscribers always have. Then, in the fall, we move to a second phase, implementing an easier-to-use, logical, metered paywall. Subscribers will continue to have access to everything; non-subscribers will be able to read a limited number of pieces—and then it’s up to them to subscribe. You’ve likely seen this system elsewhere—at the Times, for instance—and we will do all we can to make it work seamlessly.


Beginning this week, every story we’ve published since 2007 will be available on, in the same easy-to-read format as the new work we’re publishing.

It’s not entirely clear, but it sounds like the articles will all be available in a Web-friendly format. Previously, I had no interest in paying for the digital edition because the only fully accessible articles were the free ones; the ones with the blue padlocks were only readable via a different Web site that essentially looked like giant screenshots of the printed pages.

Carbon and Cocoa as a Metaphor for Objective-C and Swift

Michael Buckley:

But even the Cocoa version of InDesign is not a great platform citizen. OS X reports that it always uses significant energy, even when idle. Its dialog boxes are just an NSWindow with an NSView. Adobe draws text and buttons in the NSView, and tracks mouse clicks in the view manually. Since there are no NSTextFields or NSButtons, these dialogs are completely invisible to screen readers.

This is in stark contrast to Lightroom, which was written with Cocoa in mind from the beginning. It's still a cross-platform app, but all of its UI elements are subclasses of Cocoa classes. The app is accessible, and it doesn't use significant energy while idle. More importantly, it can quickly adopt new features of the OS.


There are many features of Swift that make it a great language for Apple to write its future frameworks in. It probably won't be long until some of these frameworks start to use Swift-only features like generics. Taking full advantage of platform improvements requires adopting new frameworks, and any Objective-C programs that wants to use these frameworks will need to write adapter code in Swift.

But Swift and Objective-C have different design philosophies. As time goes on, it will be harder to reconcile Objective-C's design philosophy with native Swift frameworks. In order to simply get their apps to work, developers will spend a lot of time figuring out how to refactor their existing Objective-C codebases to fit within the constraints imposed by Swift, leaving them with less time for other improvements.

Update (2014-07-23): Chris Lattner:

Swift is a new option for developing on the platform. We have no plans to drop C, C++ or Objective-C. If you’re happy with them, please feel free to keep using them.

Of course, that’s what Apple said about Carbon as well.

The Majority Of Today’s App Businesses Are Not Sustainable

Sarah Perez:

Though the app stores continue to fill up with ever more mobile applications, the reality is that most of these are not sustainable businesses. According to a new report out this morning, half (50%) of iOS developers and even more (64%) Android developers are operating below the “app poverty line” of $500 per app per month.


The report’s authors detail the specifics around the trend where a tiny fraction of developers – actually, it’s 1.6% to be exact – generate most of the app store revenue.


Accounting for 47% of app developers, the “have nothings” include the 24% of app developers – who are interested in making money, it should be noted - who make nothing at all.

Meanwhile, 23% make something, but it’s under $100 per month. These developers are sometimes unable to cover the basic costs of development PCs, test devices, and an account to publish apps, the report states. However, in case you’re wondering why so many developers still go iOS first, it’s because those who prioritize iOS app development are less likely to find themselves in this group, with 35% earning $0-$100 per month, versus the 49% of Android developers.

Saturday, July 19, 2014

iOS Backdoors, Attack Points, and Surveillance Mechanisms

Jonathan Zdziarski (PDF):

Overall, the otherwise great security of iOS has been compromised…by Apple…by design.

Via Michael Yacavone.

Update (2014-07-22): Jonathan Zdziarski:

I have NOT accused Apple of working with NSA, however I suspect (based on released documents) that some of these services MAY have been used by NSA to collect data on potential targets. I am not suggesting some grand conspiracy; there are, however, some services running in iOS that shouldn’t be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer. I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices. At the same time, this is NOT a zero day and NOT some widespread security emergency. My paranoia level is tweaked, but not going crazy. My hope is that Apple will correct the problem. Nothing less, nothing more. I want these services off my phone. They don’t belong there.

Dan Goodin:

Zdziarski said the service that raises the most concern is known as It dishes out a staggering amount of data—including account data for e-mail, Twitter, iCloud, and other services, a full copy of the address book including deleted entries, the user cache folder, logs of geographic positions, and a complete dump of the user photo album—all without requiring a backup password to be entered. He said two other services dubbed and may have legitimate uses for app developers or support people but can also be used to spy on users by government agencies or even jilted ex-lovers. The Pcapd service, for instance, allows people to wirelessly monitor all network traffic traveling into and out of the device, even when it’s not running in a special developer or support mode. House_arrest, meanwhile, allows the copying of sensitive files and documents from Twitter, Facebook, and many other applications.


Zdziarski said the services aren’t easy for anyone to abuse, making it unlikely that hackers could exploit them on a wide scale. Still, he said the functions are within easy reach of technically knowledgeable people who have access to a computer, electric charger, or other device that has ever been modified to digitally pair with a targeted iPhone or iPad. During the pairing process, iDevices create a file containing a set of digital keys. Anyone with access to such files can make almost unfettered use of the services, often wirelessly, until the iPhone or iPad undergoes a factory reset.

Dan Moren:

The company also reiterated its stance that it doesn’t compromise its systems for the purpose of providing those access points to the authorities: “As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services.”

While such statements may be intended to assuage fears over the privacy implications of these systems, they’re hard to classify as categorical denials in this case. For one thing, Apple hasn’t yet explained why anybody needs the breadth of information that these tools seem to provide access to, nor why these services, if indeed for diagnostic use, are not presented for users to opt into. In the case of enterprise environments where devices are provided by a company, users are generally made aware of the access that IT departments have to their devices. But when we’re talking about the general public, no such warning is given—nor should it be needed.


Apple has taken a firm stand on privacy, and it’s disappointing to see the company not fully and transparently explaining why these systems have the range of access that they do, why they circumvent security processes the company itself put into place, and why there’s no way for a user to easily disable them. That’s the kind of attitude that we’ve grown to expect from the company, and we’d like to see them live up to it.

Update (2014-07-23): Jonathan Zdziarski:

In a response from Apple PR to journalists about my HOPE/X talk, it looks like Apple might have inadvertently admitted that, in the classic sense of the word, they do indeed have back doors in iOS, however claim that the purpose is for “diagnostics” and “enterprise”.


The problem with this is that these services dish out data (and bypass backup encryption) regardless of whether or not “Send Diagnostic Data to Apple” is turned on or off, and whether or not the device is managed by an enterprise policy of any kind. So if these services were intended for such purposes, you’d think they’d only work if the device was managed/supervised or if the user had enabled diagnostic mode. Unfortunately this isn’t the case and there is no way to disable these mechanisms. As a result, every single device has these features enabled and there’s no way to turn them off, nor are users prompted for consent to send this kind of personal data off the device.


Obviously, Apple realized that pairing in and of itself offered very little security, as they added backup encryption to all backups as a feature – something that also requires pairing to perform. So Apple doesn’t trust pairing as a “security” solution either. And for good reason: it wasn’t designed to be secure. It is not two factor; it is not encrypted with a user paraphrase; it is simply “something you have” that gives you complete unfettered access to the phone. And it can be had as easily as copying one file, or created on the fly via USB. It can be used if law enforcement seizes your computer; it can be stolen by someone hacking in; it is by all means insecure. But even with the pairing record, I would have expected the data that comes off my device to be encrypted with the backup password, right? These services completely bypass this.

Apple responds on its site, but doesn’t really address what people are concerned about (via Cabel Sasser).

Update (2014-07-24): Dan Goodin:

The episode is a good example of the way Apple’s trademark secrecy can come back to bite the company. Apple may have legitimate reasons for folding these services into iOS, even when it isn’t running in special diagnostic or support modes. But the company never took the time to disclose these services or to respond to Zdziarski’s private entreaties to executives until the undocumented functions became an international news story. Zdziarski’s larger point seems to be that the services he brought to light represent vectors that ex-lovers, housemates, co-workers and, yes, spy agencies can exploit to bypass cryptographic protections designed to prevent sensitive data from being accessed by unauthorized parties. Until last weekend, that point was only implicit. It has now been made explicit.


Example: You’re dating someone who uses your laptop when she visits. Unbeknownst to you, she emails herself the keys from your laptop.

You break up. She visits the same Starbucks as you. While you’re reading emails, whatever she uses the wifi to turn on File relay and copies everything off your phone. There’s no alert, there’s no dialog box. Your phone just starts dumping information.

All an adversary needs is temporary access to a single trusted device once and they have the keys to the kingdom forever.


What’s really disappointing is that there seems to be an all-or-nothing security model here. If I pair my phone with a computer, then suddenly it has complete access to spy on me, install monitoring tools that can continue to run, etc. Why can’t there be a way where I can transfer music/photos to/from my phone without providing this full device access?

You’d be pretty annoyed if the front door to your house, when you opened it, also opened up your document safe, emptied your wallet onto the floor and invited visitors to leave bugging devices to spy on you later.

Also, the defence of “just don’t agree to pair your phone with an unknown USB device” can actually be tricky. On a flight, I plugged my phone into the USB port on the seatback to charge it. The phone repeatedly kept asking if I wanted to pair it with something (who knows what it was? the entertainment system, maybe?). If I had accidentally hit the wrong button only once (on a prompt that randomly appeared), my phone could have been owned, and there’s no easy way to un-pair.

Update (2014-07-28): Jonathan Zdziarski:

In iOS, pcapd is available on every iOS device out there, and can be activated on any device without the user’s knowledge. You also don’t have to be enrolled in an enterprise policy, and you don’t have to be in developer mode. What makes this service dangerous is that it can be activated wirelessly, and does not ask the user for permission to activate it… so it can be employed for snooping by third parties in a privileged position.


Apple is being completely misleading by claiming that file relay is only for copying diagnostic data. If, by diagnostic data, you mean the user’s complete photo album, their SMS, Notes, Address Book, GeoLocation data, screenshots of the last thing they were looking at, and a ton of other personal data – then sure… but this data is far too personal in nature to ever be needed for diagnostics.


Additionally, this claim that your data is respected with data-protection encryption. The pairing record that is used to access all of this data is sent an escrow bag, which contains a backup copy of your key bag keys for unlocking data protection encryption. So again, we’re back to the fact that with any valid pairing, you have access to all of this personal data – whether it was Apple’s intention or not.

Now I hear the argument pop up from a few people who don’t understand how all of this works that, “of course you can dump personal info after you’ve paired, it’s supposed to sync your data”. Well, no. The trust dialog (the only pairing security there is) was only an afterthought that got added last year after another researcher showed how easily you could hijack iOS 6 by simply plugging it into a malicious charger. In fact, Apple added backup encryption to iOS specifically because they realized people’s devices were pairing with a bunch of hardware that the user didn’t trust. If pairing were meant to be a means to security, there would be no need for backup encryption at all.


In addition to downplaying the services themselves, Apple has stated that the user must “explicitly grant consent” for these services to be used. This is not the case. The user has had no idea these services even exist at all on the device until recently. There is no dialog asking the user to allow the packet sniffer to run, or to access your photos/contacts/sms/etc to provide to AppleCare (the dialogs you’re used to seeing third party apps present are not presented when these services are accessed). This consent simply doesn’t exist. The only consent is pushing that “trust” button, which (unbeknownst to the user) gives complete carte blanche access to the mobile device, wirelessly, indefinitely, and bypassing the backup encryption that the user believes is protecting their data from unwanted eyes.

Jonathan Zdziarski:

In spite of my warnings to the media (via email and telephone inquiries) not to pitch this as a conspiracy theory, they have still managed to completely derail the original intention of this research, and so I think a quick proof-of-concept video will help to clear up any misunderstandings about what this technique can and can’t do. I’ve also outlined the threat models that will and won’t work for this attack.

A Modest Proposal: C++ Resyntaxed

Ben Werther & Damian Conway (2002):

We describe an alternative syntactic binding for C++. This new binding includes a completely redesigned declaration/definition syntax for types, functions and objects, a simplified template syntax, and changes to several problematic operators and control structures. The resulting syntax is LALR(1) parsable and provides better consistency in the specification of similar constructs, better syntactic differentiation of dissimilar constructs, and greater overall readability of code.

Google, Roboto and Design PR

Khoi Vinh:

I don’t point this out to mock or criticize the author’s errors or misconceptions about what goes into designing typefaces, but rather in fact to marvel at how well Google is selling the story of its design efforts.

There’s essentially no news in this article other than, “Google has revised Roboto using some recent best practices of type design.” And yet the Mountain View company has been able to spin that non-story into a story that claims that the company is fundamentally reinventing typography.

Building assert() in Swift


When designing Swift we made a key decision to do away with the C preprocessor, eliminating bugs and making code much easier to understand. This is a big win for developers, but it also means Swift needs to implement some old features in new ways. Most of these features are obvious (importing modules, conditional compilation), but perhaps the most interesting one is how Swift supports macros like assert().

@auto_closure is great, but I still wish for the power of actual macros.

Exploring Swift Memory Layout

Mike Ash:

It looks similar to an Objective-C object, but there's 16 bytes of metadata instead of just 8 as is the case for Objective-C. It turns out that it is an Objective-C object that can be inspected using the APIs in objc/runtime.h.


The other 32-bit value in the reference count is the unowned reference count, which is incremented by unowned references. The object is destroyed when its strong reference count hits zero (which also decrements the unowned reference count), and deallocated when its unowned reference count hits zero. This allows the runtime to verify that unowned references don't dangle, while avoiding the full cost of a nil-ing weak reference.

Still, it seems like lot of memory used in each instance for reference counting, when most objects won’t have very high reference counts.

Thursday, July 17, 2014

Guess What This Perl Does

Mark Dominus (author of an advanced Perl book):

A few weeks ago I asked people to predict, without trying it first, what this would print:

perl -le 'print(two + two == five ? "true" : "false")'

(If you haven’t seen this yet, I recommend that you guess, and then test your guess, before reading the rest of this article.)

People familiar with Perl guess that it will print true; that is what I guessed. The reasoning is as follows: Perl is willing to treat the unquoted strings two and five as strings, as if they had been quoted, and is also happy to use the + and == operators on them, converting the strings to numbers in its usual way. If the strings had looked like "2" and "5" Perl would have treated them as 2 and 5, but as they don’t look like decimal numerals, Perl interprets them as zeroes. (Perl wants to issue a warning about this, but the warning is not enabled by default. Since the two and five are treated as zeroes, the result of the == comparison are true, and the string "true" should be selected and printed.

Of course, that’s not what it does.


Jazzy (from the developers of Realm):

jazzy is a command-line utility that generates documentation for your Swift or Objective-C projects.

Instead of parsing your source files, jazzy hooks into clang and uses the AST representation of your code and its comments for more accurate results.

jazzy’s output matches the look & feel of Apple’s official reference documentation, post WWDC 2014.

Asynchronous Unit Testing in Swift

Chris Adamson:

Fortunately, this is where Xcode 6′s asynchronous testing comes in. It allows us to create XCTestExpectation objects, which are not tests but timers. We create expectations with XCTestCase’s expectationWithDescription(), which just takes a string to describe what we’re waiting for. Then, prior to the end of the test… method, we call waitForExpectationsWithTimeout(), passing in a timeout period and a completion handler closure. This prevents the test method from exiting until either the timeout expires, or some asynchronous test code calls fulfill() on the expectation object, which unblocks it.

Update (2014-07-22): Mattt Thompson:

Perhaps the most exciting feature added in Xcode 6 is built-in support for asynchronous testing, with the XCTestExpectation class. Now, tests can wait for a specified length of time for certain conditions to be satisfied, without resorting to complicated GCD incantations.

Why Your Comcast Rep Is Yelling at You

Adrianne Jeffries:

The man who spoke to Block is a “retention specialist,” a position Comcast describes as “equal parts detective, ally, troubleshooter, and negotiator” in job listings. Comcast’s retention reps are paid a low hourly wage supplemented by a monthly commission that depends on how many customers they are able to drag back into the fold.


In other words, the incentive structure is really about punishment. Reps start out the month with a full commission, but every canceled product deducts from that amount. Once reps fall below a certain threshold, they get no commission at all. That means a rep could get all the way to the second-to-last day of the pay period only to have a customer cancel four products. Suddenly the rep is below her goal, losing $800 to $1,000 off her paycheck.

This reminded me of Joel Spolsky’s Measurement article from 2002. (Spolsky cites a book about Amazon customer service by Mike Daisey—yes, that one—and parts of the book have since been shown to be exaggerated.)

Update (2014-07-23): Chris Morran (via John Gruber):

A week after the posting of the neediest customer-retention call in Comcast history, the fallout continues, with the company’s Chief Operating Officer telling Comcast employees in a memo leaked to Consumerist that the incident was “painful to listen to,” but that the rep “did a lot of what we trained him…to do.”

Update (2014-07-29): Adrianne Jeffries:

Dozens of current and former Comcast employees told The Verge they had to constantly push products, even if they worked in tech support, billing, and general customer service.

Wednesday, July 16, 2014

Compacting VMware Disks and Avoiding Snapshots

I use VMware Fusion to test my products on different versions of Mac OS X. This has worked very well over the years. Every time I installed a new version of the OS, I would make a snapshot, and I ended up with a tree of them. At first, snapshots were relatively space-efficient. If space got tight, I would delete all but the leaf snapshots, i.e. Mac OS X 10.7.5, 10.8.5, and the current stable and pre-release versions of 10.9 and 10.10.

I thought this was the smart way of doing things, using snapshots to let VMware efficiently manage the storage and share the bits that hadn’t changed among multiple OS versions. Unfortunately, I got to the point where VMware was using 108 GB of disk space to store only 27 GB of data. My MacBook Pro’s SSD was almost full. I thought it would be a simple matter to compact the virtual disk and reclaim the unused space. However, after some research, it looks to me like there is no good way to do this.

The General tab in the VMware settings showed that none of the disk space in my virtual machine was reclaimable. I found a post in the VMware forums that describes how to compact a virtual machine, but the first step is to delete all of your snapshots. If I were going to do that, I might as well start a new virtual machine!

Surprisingly, there does not seem to be any way to export a snapshot as a new virtual machine. I think the best I could do is to boot from each snapshot and clone the disk to a drive or disk image outside of VMware. Unfortunately, there also does not seem to be a way to create a new virtual machine from an existing drive (except that of a Windows PC). There are some command-line tools for creating a new virtual disk from a mounted volume, but I kept getting errors like “Failed to convert disk: You do not have access rights to this file (0xd).” Since the virtual machines are just clean OS installations, I decided it would be easier to just built new virtual machines by reinstalling each OS version.

Because snapshots don’t work with compaction, I decided to create wholly separate virtual machines for each major OS version. If necessary, I can copy the .vmwarevm packages in the Finder to manage my own heavyweight snapshots.

It is then possible to compact the virtual disks:

  1. From the Virtual Machine menu, choose Install VMware Tools.

  2. A disk will mount in the virtual machine. Run the installer that’s on it.

  3. In Terminal (in the virtual machine) enter the command:

    sudo /Library/Application\ Support/VMware\ Tools/vmware-tools-cli disk shrink /
  4. This will take a while, and the OS will complain about running out of disk space, but eventually it will finish and reboot.

After installing Mac OS X 10.7 and using the Mac App Store to update to 10.7.5, my virtual machine was using 18.2 GB. After the above procedure, it shrunk to 9.8 GB.

For another virtual machine, I installed Mac OS X 10.8 and updated to 10.8.5 with the combo updater. This brought it to 15.4 GB, which shrunk to 7.1 GB.

I have not yet built my 10.9 and 10.10 virtual machines, but it seems clear that the total of four independent ones will not be much more than the 27 GB with snapshots for each major version. Duplicating a virtual machine package in the Finder is actually not much slower than saving a snapshot. And I should no longer have problems with virtual machine bloat, since virtual machines without snapshots can be compacted. So I now believe that there is no compelling reason to use snapshots the way I had been using them. Using separate virtual machines also means that I can run multiple instances simultaneously.

Overcast 1.0

Marco Arment:

It’s been a long road, but 1.0 is finally done. I’m proud of what I’m shipping today.

Overcast FAQ:

The servers do the heavy lifting of constantly checking for updates so your device doesn’t need to download each show’s entire feed every few minutes to make sure you get new episodes quickly. The servers send only what’s new to the app, and it only takes a few seconds. This saves substantial battery power and data usage over time.

Jason Snell:

Overcast is free, though feature-limited. “I want to offer a better alternative for the mass market, so it must be free,” Arment says in a statement on the Overcast website. For a $5 in-app purchase, however, users can unlock numerous additional features, including: support for downloads over cellular, features that modify or improve sound output (more on those below), and unlimited playlists and episodes in playlists (there’s only one playlist, with 5 episodes, by default).


Overcast does the best job of speed-alteration I’ve heard, and now I listen to many podcasts on slightly higher than 1x speed.

Separately, Overcast offers a Smart Speed feature that intelligently removes silence from podcasts, shortening episodes even if you don’t choose to listen at a higher speed. (You can also use the two features simultaneously for even more time saving).

It sounds good to me, but I doubt there’s a good way to import my current podcast state: which episodes I’ve listened to, deleted, partially played, imported separate from loose files, etc.

Update (2014-07-17): See also these reviews from Federico Viticci, Rene Ritchie, and Josh Centers.

Update (2014-07-22): Kirk McElhearn:

Below, two screenshots show what you see when playing an episode. To the left, I’ve scrolled up on the podcast’s icon; it shrinks and displays show notes, with clickable links. To the right, you can see the Effects screen, which is the feature that has won me over. This lets you speed up podcasts, without the sort of Alvin and the Chipmunks sound that most podcast apps give you. The Smart Speed setting cuts out bits of silence, helping you save a bit more time when listening to podcasts, and Voice Boost equalizes the podcasts for vocal frequencies, making them clearer. Altogether, I find this the best playback of any podcast app I’ve used.

Introducing Realm

Realm (via Tim Burks):

Today we are very proud to introduce Realm, the first database built from the ground-up to run directly inside phones, tablets and wearables, and the fruit of several years of labor since we came out of YCombinator. Realm uses very little resources, is incredibly easy to use, and lets you interact with your data faster than any current alternative.


Realm’s designed to give you amazing ease-of-use: data is directly exposed as objects and queryable by code, removing the need for ORM’s riddled with performance & maintenance issues. Plus, we’ve worked hard to keep our API down to just 3 common classes (Object, Arrays and Realms) and 1 utility class (Migrations): most of our users pick it up intuitively, getting simple apps up & running in minutes.


Realm also offers a full set of checks and guarantees to make it easier for you to build apps without shooting yourselves in the foot, including full ACID transactions by default and an object schema that is enforced directly through your object definitions. Finally, a lot of you will be happy to hear that Realm databases are safe across threads so you can easily asynchronize tasks without any cognitive overhead whatsoever, and finally explore all the concurrency potential of multi-core handsets.


We’ve seen many libraries try to offer a similar level of features on top of SQLite, at the expense of speed. In contrast, Realm is faster than even raw SQLite on common operations, while maintaining an extremely rich feature set.


Realm’s efficiency comes from years of work on a custom C++ core designed to fit the needs of much more primitive devices, that leverages bit-packing, caching, vectorization and a zero-copy architecture to realize truly amazing gains in memory usage and speed. Since Realm internals allow for easy concurrency and measurement of deltas and follows an MVCC model, we are also working on adding sync capabilities to Realm.

Here’s the GitHub project.

Achieving Zen With Auto Layout

Justin Williams:

Achieving Zen With Auto Layout is the eBook companion to my talk of the same name, but with the goal of being much more expanded than what I am able to do in a 45-60 minute on-stage presentation.

This is a beta book right now. There are no screenshots (iOS 8 does still have a tiny bit of NDA that prevents those), copy editing hasn’t been done, and I still need to hire an illustrator to do a cover and some other things in the book for me. Content-wise though, I’m proud of what is there so far, and I’m excited to finish the rest of the book in time for the iOS 8 launch later this fall.

How to Flawlessly Predict Anything on the Internet

Andy Baio:

This is a modern update to a classic confidence game—find a risky scenario with limited possibilities, bet on every single combination, and then hide your failures. The result is that you look like you’re either psychic or a goddamned genius.

Sunday, July 13, 2014

Swift and Cocoa Error Handling

I’ve not see much written about how to do real-world Cocoa error handling in Swift. That is, you’re calling Objective-C methods with NSError ** parameters and need to return an NSError back to your caller. This is very common with Cocoa.

NSError is unwieldy, especially when you must consider that the output parameter could be NULL. The way I handle this in Objective-C is to use a macro to reduce the amount of error handling code that’s visible:

NSError *e = nil;
NSString *string = [NSString stringWithContentsOfURL:url encoding:NSUTF8StringEncoding error:&e];
MJT_REQUIRE(string, e, error);
[string doSomething];

This leaves straight-line code, with no indentation, for the normal case. The macro, inspired by Apple’s AssertMacros.h, does nothing if its first parameter indicates success. Otherwise, it propagates the second parameter (the local error object) to the third parameter (the passed-in error pointer), but only if the latter isn’t NULL. It can also add some contextual information to error object, to track the source of the error. Lastly, it returns nil to indicate failure to the caller.

(I also have MJT_BOOL_REQUIRE(), which returns NO instead of nil, and MJT_REQUIRE_PARAMETER(param, error), for when a parameter can’t be nil. This is sometimes preferable to raising an exception with NSParameterAssert(), and it is otherwise very verbose to construct an appropriate NSError to return.)

Swift doesn’t have macros, so it’s not clear to me how this sort of pattern can be encapsulated. It looks like the code would be something like this:

var e : NSError?
let possibleString = NSString(contentsOfURL:url, encoding:NSUTF8StringEncoding, error:&e)
if possibleString == nil {
    if error {
        error.memory = addErrorContext(e, context)
    return nil
let string = possibleString as NSString

I don’t like the way this code looks. I could probably write a helper function to make it something like:

var e : NSError?
let possibleString = NSString(contentsOfURL:url, encoding:NSUTF8StringEncoding, error:&e)
if failed(possibleString, e, error) {
    return nil
let string = possibleString as NSString

But I don’t see how to hide that if and return. And then there is the matter of having to create a second variable for the non-optional string if you don’t want to add ! after each use. I hope I’m missing something here, because it looks like Swift is making basic code more tedious without providing any real benefit.

Saturday, July 12, 2014

New Apple TV Flickr App


Beautiful photos deserve beautiful displays and if you’ve ever shown off your photos on a TV, you know how stunning they look on a large high definition screen! For the first time with Apple TV, sign into Flickr and view all your photos, videos, Favorites, Albums, and Groups. In one click, make any album into a slideshow or screensaver ready to share with friends, or customize in real-time with over fifteen different slideshow and screensaver modes.


On the new AppleTV client, you can connect to your friends more easily, (you basically couldn’t do this at all previously), but again, the pictures are presented to you in cropped, heavily compressed versions that you have no control over at all. It also has new browse and search options, but once you find a picture, there is no way to go to the account of that person, or see other related pictures etc.

It’s nice to be able to view my non-public photos now. I’m not sure whether it’s the compression or a problem with the app, but my photos still don’t look very good on the TV. I get better quality with Apple TV video content or even a USB stick of the same photos via my Blu-ray player.

Update (2014-07-12): Flickr developer Phil Dokas:

In the Flickr AppleTV app you can long-select on any photo to go to the photographers profile.

And the photos aren’t compressed, they’re exactly the same as used on the site and apps.

Yep, since day 1! There is some cropping (e.g. square thumbnails) but only in lists, and that’s because of OS requirements.

I no longer have the photos USB stick handy, so I can’t do an A/B comparison right now. Perhaps it doesn’t look as good as I remember.