Thursday, October 20, 2016 [Tweets]

Dropbox Discontinues HTML Rendering

Adam C. Engst:

Unfortunately, as of 3 October 2016, Dropbox says it will no longer allow HTML files loaded in a Web browser to be rendered. The files themselves remain safe in Dropbox, but Dropbox will presumably give those who click the links the options of downloading the file or adding it to their own Dropbox folder, just as happens with non-Web file types now.


You might think that you could just switch to Google Drive, which also provided this sort of service, but Google Drive also discontinued hosting of Web pages as of 31 August 2016.

Previously: 1PasswordAnywhere No Longer Works With Dropbox.

Disappointing Interaction Design

Matt Henderson:

Trying to enable “Do-not-disturb” in Notification center, I ran into to problems:

  • First, it’s not clear to me which of these tabs are active.
  • Second, it took me a while to figure out that the Do-not-disturb control is only exposed when scrolling down in the notification. There’s no UI cues at all to help with discoverability here.

No scroll bar is shown, even if you’ve set System Preferences to Always. And, to clarify, what he means by “scrolling down” is scrolling beyond the top.

Little Flocker

Jonathan Zdziarski:

Little Flocker is a utility for keeping your personal data safe from spyware, ransomware, misbehaving applications, and other common threats to your computer’s security, by preventing any application from accessing your files without explicit permission.


In short, Little Flocker is like the popular “Little Snitch” program, but for file access instead of network connections.

Sounds like a good way to keep tabs on applications that are not sandboxed.

The official site is here. I read that it was open source, although the GitHub page is not working for me.

Glenn Fleishman:

Zdziarski has been approved for a kext signing certificate from Apple, required to allow users to install kernel-level software without disabling System Integrity Protection (SIP), which was added in El Capitan. (The “flocker” part of the name is a play on “flock,” an ancient Unix characteristic used to note that a file is in use, or “locked.”)

Update (2016-10-21): Jonathan Zdziarski (via dkhamsing):

I’ve made #LittleFlocker a private repo; I’ll push Beta 7 on soon. Sorry, but the OSS community is too disparaging.

Amazon Selling Fake Apple Chargers and Cables

Ben Lovejoy:

There’s no shortage of third-party chargers and cables sold for Apple equipment, some of them claiming to be the genuine article, but Apple has found that even Amazon has been selling counterfeit products labelled as the real thing. The products concerned were sold by Amazon directly, and not by a third-party Marketplace seller.

The items have now been removed from sale, and Apple is suing the company that made them …

Patently Apple reports that Apple has filed a trademark infringement case against Mobile Star LLC, which Amazon named as the primary supplier of the counterfeit products. Apple said that Mobile Star was not only illegally using its trademark, but that the fake chargers had not passed safety tests and posed a risk to consumers.


Apple makes great efforts to combat the distribution and sale of counterfeit Apple products bearing its trademarks. Despite Apple’s efforts, fake Apple products continue to flood Each month, Apple identifies and reports many thousands of listings for counterfeit and infringing Apple products to under its notice and takedown procedures. Over the last nine months, Apple, as part of its ongoing brand protection efforts, has purchased well over 100 iPhone devices, Apple power products, and Lightning cables sold as genuine by sellers on and delivered through Amazon’s “Fulfillment by Amazon” program. Apple’s internal examination and testing for these products revealed almost 90% of these products are counterfeit.

John Gruber:

I can certainly see why Apple is suing Mobile Star (hopefully right out of business), but why not sue Amazon too?

John Gordon:

This has been going on for a long time…

Previously: Amazon’s Chinese Counterfeit Problem Is Getting Worse.

Tuesday, October 18, 2016 [Tweets]

Still With the Mac, Unfashionably

Riccardo Mori:

I still love the Mac. Judging by the tech sites and blogs I usually read, I seem to be in the minority as of late.


Having a mandatory new version of Mac OS X every year is not necessarily the best way to show you’re still caring, Apple. This self-imposed yearly update cycle makes less and less sense as time goes by. Mac OS X is a mature operating system and should be treated as such. The focus should be on making Mac OS X even more robust and reliable, so that Mac users can update to the next version with the same relative peace of mind as when a new iOS version comes out.

Discontinuing Support for Check the Weather

David Smith:

The cost of providing weather data to it has grown too large to sustain. It has been operating at a slight loss for the last 2 years, which I didn’t mind providing as I used the app myself. However, a recent change in the pricing for my radar data provider has made it infeasible to continue providing weather data for the app.

Working Without a Nib

Jeff Johnson:

Four score and minus seventy-two years ago, I brought forth on this internet a new blog post, conceived in levity, and dedicated to the proposition that no nibs are created. Since then, much has changed in the Mac world.


The problem is that you need to call [myWindow setReleasedWhenClosed:NO]. In pre-ARC code, this would not be surprising to old-school Cocoa coders. However, ARC does not even allow you to use the -release and -autorelease methods, so you might think that -setReleasedWhenClosed: would not be allowed either, or would at least be ignored. And you would be very wrong.

My goal is to make all my projects nibless. Nib and xib files have caused me no end of problems. Even files that haven’t been edited in years spontaneously stop working when Xcode is updated and its xib compiler changes. (Most of the problems manifested on previous OS versions, where it was harder to detect them and to test fixes.) And that’s to say nothing of the advantages that doing interfaces with code offers. I’m convinced that with current technology (e.g. Auto Layout, Swift), using Interface Builder is a poor time investment for non-temporary projects. As Johnson writes:

Initial nib UI implementation is faster, but it’ll haunt you forever.

I’m leaning the same way about Core Data models, except that there seem to be places where the frameworks really want to have a model file saved to disk.

Update (2016-10-19): Steven Woolgar:

Especially with ibtool failing randomly all the damned time.

Marco Arment:

I take back everything nice I said about Interface Builder a few weeks ago on Under The Radar.


After introducing NSStackView there is no more excuse to build any UIs in IB.

Previously: How Much, or How Little, I Use Interface Builder These Days, Stopped Using NIBs Thanks to Auto Layout, Decoding Old Nibs: a Sad Tale of Vendor Lock-in and Abandonment.

Update (2016-10-20): John Stricker:

If you were to restrict yourself to using interface builder for this layout, there are many limitations:

  1. you couldn’t as easily preserve two different styles of the view
  2. you wouldn’t be able to use loops, constants and enums to lay out the view
  3. you wouldn’t be able to adjust the content, size and layouts of the buttons all at once.

Update (2016-10-21): Peter N Lewis:

I use xib’s for everything in Keyboard Maestro. And have special Lint code to detect inconsistencies. Coming to the conclusion I'm an idiot.

Amazon Family Vault

Gabe Weatherhead:

Amazon introduced several new photo features for Prime members. The first big one is a new family sharing option. This looks to be a really convenient way for family members to share the unlimited Amazon Drive storage and also keep shared albums.

The semantic search looks great. Similar to Apple and Google, Amazon is attempting to recognize the context of photos and surface the perfect result from a text search. In my very brief testing, it works as described.

Monday, October 17, 2016 [Tweets]


ShareLaTeX looks like a sort of Google Docs for LaTeX (via Harlan Haskins). I would have loved to have this in college.

Undocumented Xcode Sanitizer Settings

Peter Steinberger (tweet):

Here’s what I gobbled together based on Google; mostly thanks to WebKit being open source. (I only tested CLANG_ADDRESS_SANITIZER so far, but based on Google the other flags should work as well).

There are also CLANG_THREAD_SANITIZER and CLANG_MEMORY_SANITIZER. The address sanitizer seems most useful, though:

Since this flag is undocumented it might change without warning, and there are some hints that this might be renamed to ENABLE_ADDRESS_SANITIZER.

Using this flag makes it simpler to dynamically switch this on or off without having to create a separate Xcode configuration that would be much harder to maintain, and you can configure your CI to run tests both with and without ASan to both have a great assurance of memory correctness and testing the binary that you actually ship to customers.

ScanSnap and Sierra Update

Katie Floyd:

Good news, earlier this month Fujitsu issued a fix and an online update for the current model scanners, the iX500, iX100, SV600, S1300i, S1100i. This week, the patch came for older models including the S1500, S1500M, S1300, S1100. You can find more details on Fujitsu’s website. According to Fujitsu, update should allow you to safely use the above scanner models with macOS Sierra.


Unfortunately this fix does not appear to address older PDF content that was modified by macOS Sierra resulting in data loss.

Also, unfortunately, as Ashley Bischoff notes, there is no information listed for the ScanSnap S500M (which I have) or the S510M. Fujitsu’s FAQ says:

ScanSnap S500M does not support macOS Sierra. There are no plans for adding support in the future since the support for ScanSnap S500M has already ended.

It looks like the scanner has been officially unsupported since Mac OS X 10.8, although I’ve been successfully using version 2.2.12 of the software for years. I also successfully installed version 3.2.80 in a Mac OS X 10.11 VMware to use while waiting for Sierra compatibility. This version is listed as supporting the newer S1500M, but it seemed to work fine with my S500M.

ScanSnap Manager 3.2.90 does not seem to be available as a standalone download, but I was able to install 2.3.80 and then install the update. Even though my scanner is not officially supported, it seems to be working with Sierra (albeit more slowly).

Previously: macOS 10.12 Sierra Notes, Automatic Download of macOS Sierra.

Friday, October 14, 2016 [Tweets]

Swifty Delegates

Soroush Khanlou:

These are horrible. Why are both of these methods called messageForm? Also, starting a method with a noun here doesn’t make sense: it usually suggests that you’ll be returning an object of that type (think about data(using:) on NSString, which returns a Data). We’re not returning any message form objects here. That “message form” is actually the name of the first parameter. These are very confusing method names!

Both of these types of delegate methods can be fixed by moving the “sender” to the back of the line, and bringing the verbs forward. For the first one, the event that the sender is informing the delegate about is didTapCancel, instead of messageFormDidTapCancel.


I haven’t found a hard and fast rule for which preposition to use yet. I’ve found “on”, “for”, “with”, and “in” to all be useful in different circumstances.


These rules aren’t endorsed by anyone except for me, but I think they make much more sense than the current rules by which we write delegate methods. Going forward, I’ll probably start writing my Swift delegate methods with this structure.

Well Rounded

Dr. Drang:

The problem with always rounding halves up is that in doing so, you introduce a persistent bias in whatever calculations you do with the rounded number. If you’re adding a list of rounded numbers, for example, the sum will be biased high.

If you round halves to the nearest even number, though, the bias from upward roundings tends to be negated by an equal number of downward roundings.

Declarative API Design in Swift

Benjamin Encz:

It has almost no imperative code. Most code describes network request based on instance variables and previous requests.

It doesn’t call the networking layer, nor does it have any knowledge of the type that actually performs the upload. It just describes the intent of each request. In fact, the code has no observable side effects at all, it only mutates internal state.

There is almost no error handling code here. The responsibility of this type is only to handle errors specific to this request sequence (e.g. missing required data from a previous request). All other errors are generically handled in the networking layer.

With the old version:

Separation of concerns was a lot harder to come by. Instead of simply describing a request sequence, the NSOperations in the NSOperationQueue themselves were responsible for kicking off a network request. This promptly introduced a bunch of other responsibilities such as request cancellation and error handling. While similar code had been implemented in other places that dealt with creating upload requests there was no good way of sharing that implementation. Subclassing wasn’t an option since most upload requests were modeled as a single NSOperation, while this upload request sequence was modeled as an NSOperation that wrapped an NSOperationQueue.

OpenType Variable Fonts

John Hudson (via Avi Drissman):

An OpenType variable font is one in which the equivalent of multiple individual fonts can be compactly packaged within a single font file. This is done by defining variations within the font, which constitute a single- or multi-axis design space within which many font instances can be interpolated. A variable font is a single font file that behaves like multiple fonts.


OpenType Font Variations builds on the model established in Apple’s TrueType GX variations in the mid-1990s, but has fully integrated that model into all aspects of the OpenType format, including OpenType Layout, and is available to both TrueType and Compact Font Format (CFF) flavours of OpenType.


However, unlike master-based interpolation technologies such as Adobe’s earlier multiple master format, an OpenType variable font contains only a single set of glyph outlines, and the other extremes or intermediate shapes are defined as deltas from those outlines.

Git Tower 2.5


Open Quickly dialog is all new: “Open Quickly” (e.g. via CMD+SHIFT+O) is now much faster, more responsive, more clever (and can be closed via ESC).


Custom service accounts are here: In the “Services” view, you can now add an account for your self-managed server. This makes authentication for your own servers as easy as for the supported code hosting platforms like GitHub.


Fetch processes won’t duplicate anymore: If a Fetch process for a remote repository is already running, Tower will not start another Auto-Fetch processes for the same remote.


File tree in historic commits was improved: when navigating through the file tree of an old commit, expanded folders and selections now survive switching to another app and back to Tower.


Commit messages with invalid unicode characters: Until now, invalid characters blocked Tower when trying to load the commit history (and “No commits” was shown). Tower is now smarter and is able to load the history regardless.

A lot has improved since 2.0, but the per-file history feature is still weak, and it still can’t search commit contents or blame. I supplement a lot with BBEdit and the command-line tool.

Thursday, October 13, 2016 [Tweets]

Drawing Hairlines


Or, graphically, for any Y in the shaded area, we need to either round it up to the top dashed line or round it down to the bottom dashed line to draw a perfect non-antialiased line.

How do we choose if we want to draw above or below our given coordinate? It depends on the situation. If we’re trying to draw a line at the very top of a clipping view, we’ll want to draw slightly below the Y we give it. Otherwise it will clip and not be visible. The same goes in reverse for drawing at the bottom of a view.


Sadly, we don’t want to draw perfect single point lines. We want to draw perfect single pixel lines. On non-retina devices, those are the same thing. But on everything else, each point is made up of several pixels.

“Plus” model iPhones, for example, actually have three pixels per point, represented by the yellow lines here.

Update (2016-10-13): Previously: iPhone 6 Pixel Peeping (via Ole Begemann).

Twitter Changes What Counts Toward 140-Character Limit

John Voorhees:

Twitter began to roll out features, first announced earlier this year, that exclude certain things from the 140 character count limit. Users will still be limited to 140-character messages, but, as first reported by The Verge last Friday, media attachments (including images, GIFs, videos, and polls) and quoted tweets will no longer count against the 140-character limit, making more room for text.

Juli Clover:

All @names, such as @MacRumors, will no longer count towards the 140-character count, nor will media attachments, retweets, or quoted tweets, but links will still eat up 23 characters.

Why Does Siri Seem So Dumb?

Walt Mossberg (MacRumors):

Google Now, on the same Apple devices, using the same voice input, answered every one of these questions clearly and correctly. And that isn’t even Google’s latest digital helper, the new Google Assistant.

If you try most of these broken examples right now, they’ll work properly, because Apple fixed them after I tweeted screenshots of most of them in exasperation, and asked the company about them.


For instance, when I asked Siri on my Mac how long it would take me to get to work, it said it didn’t have my work address — even though the “me” contact card contains a work address and the same synced contact card on my iPhone allowed Siri to give me an answer.

Similarly, on my iPad, when I asked what my next appointment was, it said “Sorry, Walt, something’s wrong” — repeatedly, with slightly different wording, in multiple places on multiple days. But, using the same Apple calendar and data, Siri answered correctly on the iPhone.

Ruffin Bailey:

Spend ten million (he said figuratively) and get the best QA staff in the business, and make sure there's no silo making QAing app interactions an issue. If Maps borks like this, the QA team “for Maps” has to be able to hold Siri and Contacts (or whatever else) accountable. No software ships until this blocking bug is fixed.

John Gruber:

Indeed, Siri now knows the date and time of the next U.S. presidential debate, but where Siri fundamentally falls apart is its inability to maintain context and chain together multiple commands.


These sort of glaring inconsistencies are almost as bad as universal failures. The big problem Apple faces with Siri is that when people encounter these problems, they stop trying. It feels like you’re wasting your time, and makes you feel silly or even foolish for having tried. I worry that even if Apple improves Siri significantly, people will never know it because they won’t bother trying because they were burned so many times before. In addition to the engineering hurdles to actually make Siri much better, Apple also has to overcome a “boy who cried wolf” credibility problem.

Nick Heer:

I think the inconsistencies are worse than outright failure. The inability to answer a query implies a limitation which, while not ideal, is understandable. Inconsistency, on the other hand, makes Siri feel untrustworthy. If I can’t reliably expect the same result with basic queries that are almost identical, I’m much less likely to find it dependable.

Kirk McElhearn:

I pointed out similar problems in a Macworld article in August. For me, Siri is a waste of time.

The only thing Siri consistently does correctly for me is set timers. I keep trying to use it to add reminders and am usually frustrated. Either the phone can’t connect to Siri, or it mis-parses what I said. It’s easier to use my finger to create a new action in OmniFocus and then to use the dictation button on the keyboard. iOS is pretty good at transcribing what I say. The problem is that interpreting it is unreliable. And that’s why I rarely even try to ask it more complicated questions.

See also: Daniel Jalkut on Siri logging, David Spark’s Dragon Professional review.

Update (2016-10-14): Stephen Hackett:

Siri should feel like a living, growing platform and it just doesn’t. Even SiriKit, which allows developers to build plugins for the service, doesn’t get Apple far enough down the road. This is a platform vendor problem, and not one a handful of apps can solve.

Update (2016-10-17): David Sparks:

Why does it take an article by a popular journalist to get these things fixed? I feel as if Siri needs more attention. I don’t think the underlying technology is as bad as most people think but it is these little failures that causes everyone to lose faith.

Update (2016-10-20): Nick Heer:

I think it’s important to keep bringing it up because I think Siri is currently fundamentally flawed in its design.


More worrying for me is that the user interface component of Siri — a field where Apple typically excels — simply isn’t good enough.

favicon.ico Is a Privacy Leak

Robin Linus (via Jeff Atwood):

For most web platforms there’s a way to abuse the login mechanism to detect whether a user is logged in to that service.


Well, the [Same Origin Policy] is strict for HTML pages, but it allows to receive images from other origins! So if the resource in the next parameter would be an image we could read it from our website. It can’t be any image though. Facebook checks if the URL in the next parameter starts with So we need to find an image on Should be easy, right? Actually it isn’t, because facebook hosts almost all images on their CDN servers under the domain Though there is one image that you can find on almost every webserver: the good old favicon.ico!

Wednesday, October 12, 2016 [Tweets]

Swift Type-Erased Protocol Property

Russ Bishop:

Because _AnyFancyBoxBase adopts FancyProtocol it automatically gains an abstract type member the same way it gains a property or function. It can’t stay abstract though, we need to bind it to something, either a specific type or a generic type parameter.


Now we can define a subclass of the base box; it inherits the protocol conformance and we provide trampoline functions that forward everything to the instance in var base: Base.


This type’s raison d’être is in the very first line where we link Base.Thing (the associated type we got from the protocol) to AnyFancyBoxBase.T (the generic parameter on our base class).


Now we can create our type erasing wrapper. The type it is erasing is the concrete type that adopted FancyProtocol in the first place.


If we tried to pull this trick with one less type we would end up adding a generic parameter somewhere.


Andrew Gallant (via Hacker News):

In this article I will introduce a new command line search tool, ripgrep, that combines the usability of The Silver Searcher (an ack clone) with the raw performance of GNU grep. ripgrep is fast, cross platform (with binaries available for Linux, Mac and Windows) and written in Rust.


For both searching single files and huge directories of files, no other tool obviously stands above ripgrep in either performance or correctness.

ripgrep is the only tool with proper Unicode support that doesn’t make you pay dearly for it.

Tools that search many files at once are generally slower if they use memory maps, not faster.


ripgrep uses a regex engine based on finite automata, so if you want fancy regex features such as backreferences or look around, ripgrep won’t give them to you.

See also: The Treacherous Optimization.

BinUtils for Swift

Nicolas Seriot reimplemented parts of the handy Python binascii and struct modules in Swift:

let d = pack("<h2I3sf", [1, 2, 3, "asd", 0.5])
assert(d == unhexlify("0100 02000000 03000000 617364 0000003f"))

Yahoo’s FISA E-mail Scan

Charlie Savage and Nicole Perlroth (via MacRumors):

A system intended to scan emails for child pornography and spam helped Yahoo satisfy a secret court order requiring it to search for messages containing a computer “signature” tied to the communications of a state-sponsored terrorist organization, several people familiar with the matter said on Wednesday.

Two government officials who spoke on the condition of anonymity said the Justice Department obtained an individualized order from a judge of the Foreign Intelligence Surveillance Court last year. Yahoo was barred from disclosing the matter.

To comply, Yahoo customized an existing scanning system for all incoming email traffic, which also looks for malware, according to one of the officials and to a third person familiar with Yahoo’s response, who also spoke on the condition of anonymity.

David Kravets:

At its most basic level, this newly surfaced tool exposes another US digital surveillance program. It differs from so-called “upstream” spying in which the authorities tap directly into the Internet backbone and scan for certain search terms—a spying program with diminishing returns as more and more data on the Internet has become encrypted. This Yahoo situation is also different from the Prism program, where the authorities acquire customer data from tech companies matching chosen search selectors.

David Sparks:

Yahoo has responded that Reuter’s original reporting of this was “misleading”, But again how would we really know? All of this is done under the veil of secrecy.

Joseph Menn:

The court-ordered search Yahoo conducted, on the other hand, was done by a module attached to the Linux kernel - in other words, it was deeply buried near the core of the email server operating system, far below where mail sorting was handled, according to three former Yahoo employees.

They said that made it hard to detect and also made it hard to figure out what the program was doing.

Lorenzo Franceschi-Bicchierai (via Slashdot):

The spy tool that the US government ordered Yahoo to install on its systems last year at the behest of the NSA or the FBI was a “poorly designed” and “buggy” piece of malware, according to two sources closely familiar with the matter.


Anonymous sources told The Times that the tool was nothing more than a modified version of Yahoo’s existing scanning system, which searches all email for malware, spam and images of child pornography.

But two sources familiar with the matter told Motherboard that this description is wrong, and that the tool was actually more like a “rootkit,” a powerful type of malware that lives deep inside an infected system and gives hackers essentially unfettered access.

Bruce Schneier:

Other companies have been quick to deny that they did the same thing, but I generally don’t believe those carefully worded statements about what they have and haven’t done.

Previously: Yahoo Says Hackers Stole Data on 500 Million Users in 2014.

What’s New in Safari 10

Apple (Hacker News):

Safari’s IndexedDB implementation now fully supports the recommended standard. You may now use the API to store structured data for web applications that work offline or that require large amounts of client-side data caching.

Use JavaScript commands to programmatically cut and copy text to the clipboard with document.execCommand('cut') and document.execCommand('copy').


Safari 10 brings Picture in Picture to macOS so users can watch video in a separate, resizable window that stays on top of other application windows and remains on-screen when switching desktop spaces.


You can give customers an easy, secure, and private way to pay for physical goods and services—such as groceries, clothing, tickets, reservations, and more. Users can check out with a single touch using Apple Pay with Touch ID on their iPhone, or by double-clicking the side button on Apple Watch.


You can now create macOS-native Safari app extensions to sell and distribute in the App Store.

Ricky Mondello:

And one of my favorite things about Safari 10: ⌘Z will reopen more than one closed tab, and ⇧⌘T will restore closed tabs and windows.

Simone Manganelli:

Safari 10. :epic eyeroll: “On iOS, videos without audio tracks or with disabled audio tracks can play automatically when the webpage loads.”

Rosyna Keller:

Correct, it’s so H.264 can replace animated GIFs. It’s all detailed in a WebKit blog post.

Jeff Johnson:

WebKitMinimumFontSize doesn’t seem to work anymore.

Update (2016-10-12): Jeff Nouwen:

I like the “close tab and go back to the parent tab on Back” feature, implemented with “parent-tab://”.

Jeff Benjamin:

Although YouTube’s player doesn’t make it readily apparent that its videos work with Picture-in-Picture, it’s quite easy to enable the handy feature for all of your favorite YouTube videos on Safari.


Step 1: Right click on the YouTube video that you wish to detach

Step 2: Once the menu appears, right-click once more to reveal a second menu and then click Enter Picture-in-Picture

Tuesday, October 11, 2016 [Tweets]

Optional Non-Escaping Swift Closures

Ole Begemann:

However, it’s impossible to create a reference cycle with a non-escaping closure — the compiler can guarantee that the closure will have released all objects it captured by the time the function returns. For this reason, the compiler only requires explicit references to self for escaping closures. This makes non-escaping closures significantly more pleasant to use.


Beginning in Swift 3, non-escaping closures are now the default. If you want to allow a closure parameter to escape, you need to add the @escaping annotation to the type.


There’s a catch to the non-escaping-by-default rule: it only applies to closures in immediate function parameter position, i.e. any function argument that has a function type. All other closures are escaping.


There’s currently no way to force an optional closure to be non-escaping, but in many situations, you can probably avoid making the argument optional by providing a default value for the closure.

Or you can use overloading.

We Need to Save the Internet From the Internet of Things

Bruce Schneier:

What was new about the Krebs attack was both the massive scale and the particular devices the attackers recruited. Instead of using traditional computers for their botnet, they used CCTV cameras, digital video recorders, home routers, and other embedded computers attached to the internet as part of the Internet of Things.

Much has been written about how the IoT is wildly insecure. In fact, the software used to attack Krebs was simple and amateurish. What this attack demonstrates is that the economics of the IoT mean that it will remain insecure unless government steps in to fix the problem. This is a market failure that can’t get fixed on its own.

A Mac OS 9 Odyssey

Richard Moss (via Rosyna Keller):

But as hard as it may be to believe in light of yet another OS X macOS update, there are some who still use Apple’s long-abandoned system. OS 9 diehards may hold on due to one important task they just can’t replicate on a newer computer, or perhaps they simply prefer it as a daily driver. It only takes a quick trip to the world of subreddits and Facebook groups to verify these users exist.

Certain that they can’t all be maniacs, I went searching for these people. I trawled forums and asked around, and I even spent more time with my own classic Macs. And to my surprise, I found that most of the people who cling staunchly to Mac OS 9 (or earlier) as a key component of their daily—or at least regular—workflow actually have good reason for doing so.

Rachel Simone Weil (tweet):

This hardcover book, published in 1997, tells the history of Apple Computer through one-off and low-run t-shirts made for internal programs, conferences, product teams, or just for fun. These shirts reflect the attitudes and culture within Apple in the 1980s and 1990s, and show off unique unreleased products and demos like SegaMac (!!!).

Monday, October 10, 2016 [Tweets]

Apple and Kapeli Respond About Dash

Jim Dalrymple (Hacker News, MacRumors, 9to5Mac):

“Almost 1,000 fraudulent reviews were detected across two accounts and 25 apps for this developer so we removed their apps and accounts from the App Store,” Apple spokesperson, Tom Neumayr, said in a statement provided to The Loop on Monday. “Warning was given in advance of the termination and attempts were made to resolve the issue with the developer but they were unsuccessful. We will terminate developer accounts for ratings and review fraud, including actions designed to hurt other developers. This is a responsibility that we take very seriously, on behalf of all of our customers and developers.”

Rene Ritchie (tweet):

My understanding is that the reviews included fraudulent positive reviews for their own apps and negative reviews for competing apps. That’s something the App Store simply can’t ignore.


It also seems like developers are given every chance to make things right in these situations: Get clean slates or open new accounts, make sure they’re squeaky-clean, and go on about their business.


This concept — that one bad developer could arrange for false reviews for a competing developer and get them banned from the App Store as a result — has been generating a lot of stress in the community.

My understanding is that the chances of that happening are virtually zero.

It’s not clear to me why this is. It all seems to hinge on Apple being able to tell who is ultimately paying for the fake reviews, and I don’t see how they could do that.

John Gruber:

Apple typically lets accusations like this slide. It’s a no-win situation for Apple, publicity-wise: let an accusation stand unanswered and Apple looks like the App Store is run like a banana republic, but if they dispute it, they face the optics of a hundred-billion-dollar Goliath punching down against a small indie developer. This case with Dash gained enough attention that I think they felt they had to respond. Too many developers believed that Apple acted capriciously, when in fact, according to Apple, this was the culmination of a years-long dispute.

Brent Simmons:

I don’t know what’s true here. It wouldn’t be right for Apple to make all the evidence public, and it wouldn’t be right for Apple to publish their correspondence with him. So it’s likely we won’t ever know more than we do right now.

Bogdan Popescu (tweet, Hacker News):

What I’ve done: 3-4 years ago I helped a relative get started by paying for her Apple’s Developer Program Membership using my credit card. I also handed her test hardware that I no longer needed. From then on those accounts were linked in the eyes of Apple. Once that account was involved with review manipulation, my account was closed.

I was not aware my account was linked to another until Apple contacted me Friday, 2 days after closing my account. I was never notified of any kind of wrongdoing before my account was terminated.


Apple insisted that all communication was through phone calls. Luckily, I recorded my last phone call with them[…]


Just to make it clear, I have complied with Apple’s request and have sent a blog post draft approximately 30 minutes after this phone call ended. I have since not received any contact from Apple in any way, and they did not respond to my calls. Their recent statements come as a shock as I thought we were working together to resolve this issue.

Rene Ritchie:

The call, absent context, can be read in a number of ways. Ass covering, or bending over backwards to help dev help himself.

Marco Arment (tweet):

I’m glad our community assumed the best of another developer and pressured Apple to justify this severe action. We should now accept that they have.


We don’t know what happened between that call and Apple’s statements tonight. I’m guessing Popescu and Apple couldn’t reach an agreement over the wording of the public story, but I think what Apple asked for in that phone call was extremely reasonable.

It’s also notable that Apple investigated this and tried to resolve it as well as they did. If it were any other company — say, Google for a suspended AdSense or YouTube account — I suspect the amount of effort devoted to it would be much lower.

Matt Drance:

Apple developers: the only thing you know right now is that you don’t know everything. That is the only lesson from this Dash mess.

From the call, we learn that Apple is fixated on the idea that the two developer accounts were linked because they used the same credit card and devices. This could be for either innocent or nefarious reasons. Apple doesn’t want to admit to any wrongdoing, and neither does Popescu. We don’t, and likely will never, know whether the second account was actually operated by Bogdan or by his relative. I’m inclined to believe him because, as Gruber says, “it would explain the extreme discrepancy in quality.”

The mystery, to me, is Apple’s statement to the press. First, why send it out without getting back to the developer about the requested blog post draft? Second, in light of the call, Apple’s public statement seems deliberately misleading. The developer relations person seemed to acknowledge (1) that Bogdan says the problem account was operated by someone else, and (2) that Apple never contacted him on his Dash account. Yet Apple’s statement says that they warned him in advance and implies that both accounts had fraudulent behavior.

The fact that the Dash account was terminated seems to support Popescu’s contention that that account was never warned. Otherwise, surely this conversation would have happened sooner, and it would have remained a private matter. Why would Apple go to the trouble of closing the account, apparently not telling him it was because of the linked bad account, then helping him to restore it, after telling him that the decision couldn’t be appealed?

My guess is that Apple found the bad account, and warned it, but did not initially realize that the linked account was “good.” When they shut down the bad account they just shut down all the linked ones, too. In many cases, that’s probably the right thing to do. But this time they didn’t check, and that turned out to be a mistake. When Apple learned that Popescu planned to tell the full story, without admitting wrongdoing, they decided to get their version, sliming him, out first.

So it seems like Apple made two mistakes: closing the good account without warning and trying to cover that up. However, it’s entirely possible that more information will come to light. Given the finality of Apple’s initial communication, it sounds like the Dash account would have remained closed were it not for all the press attention. (And it’s not re-opened yet.)

See also: Colin Cornaby, Nick Lockwood, Jeff Johnson, David Owens II, Paul Haddad, John Daniel, Russell Ivanovic, David Owens II, istumbler, Jeff Johnson, Colin Cornaby, Steve Streza, Steve Troughton-Smith.

Previously: Apple Removed Dash From the Mac App Store.

Update (2016-10-11): Peter Maurer:

As a side note, some of the Kapeli apps mentioned in coverage on this, such as [DockView], were actual Bogdan apps. So I’d be curious what…

…apps exactly triggered Apple’s fraud thing, but that’s basically a character flaw of mine and really none of my business.


Wayback Machine & Google Cache seem to show all older @kapeli apps xferred to alleged fraudulent account. Not just association through CC :(

That account was selling all his old apps. His story never mentions that insignificant bit.

I guess that would explain the common bundle identifier prefix.

Bogdan Popescu (tweet):

It does not look like Dash can return to the App Store anytime soon. Due to Dash’s removal from the App Store, please note that you can no longer download the apps you paid for.


Dash for iOS can’t be distributed outside of the App Store. My preferred solution would be for a fellow developer to get it back on the App Store, as a free app.

Nick Heer:

A public fight isn’t ideal from a PR perspective, but it seems like that it’s what it can take to get an adequate answer. In his first post on the subject, Popescu said that he asked developer relations why Dash was removed and didn’t receive an answer initially.

Manton Reece:

That’s the damage Apple has done in going to the press and smearing him. They’ve destroyed the goodwill he had in the community from his well-respected app. I always want to give people the benefit of the doubt, yet I hesitated.

Rene Ritchie:

At this point, though, it’s time to forget working it out. Mistakes were clearly made on both sides, and there may be no way for the real truth to ever be known, or for everyone to win. But there’s a way to stop anyone else from losing further: Fix it, unilaterally, because you’re Apple, and you can.

Update (2016-10-12): Manton Reece:

It’s easy to defend someone who is obviously innocent. It’s harder when they make mistakes, but in areas unrelated to the crime. In that way, this App Store “rejection” is unique. It may be the most important test we’ve seen of Apple’s power in the store.

Michael Göbel:

Getting your account suspended, canceled, terminated by Apple is nothing unusual - but usually no one hears or cares about it because it happens to developers with smaller apps, or scammers.

Nick Lockwood:

I’m not sure I agree with the idea of Apple trying to identify “linked” accounts and apply collective punishment at all to be honest.

Update (2016-10-13): Bogdan Popescu via Rene Ritchie (tweet):

In 2014 I realised that there was no possible way for me to support and develop all of my apps anymore and decided to focus on Dash exclusively. I told my family about this and they thought I wasn’t rational, because my old apps were still making some money. My mother proposed I move some of my apps to her account and that she would handle the support and maintenance for those apps. I transferred the following apps: moveAddict, iGuard, iSecure, iClap and Stay Awake.


When Apple said that the 2 developer accounts used the same bank account, what they meant was that the bank accounts used the same owner name [his mother’s] until 2015. The 2 developer accounts never sent money to the exact same bank account (different IBAN). I have never received any money resulting from the actions of the other account.


Once Apple told me what happened, I collaborated with them and did not talk to the press during that time. I also complied with their request to make a blog post telling the truth, which I sent a draft of, but never received a response. I thought I could leave my family out of this, but following Apple’s statement the Internet kept digging, so I had to come forward and tell the whole story.

One could quibble with the wording in the draft blog post, but it seems like he basically did what Apple asked. So, unless there is more to the story, it sounds like Apple reneged on the agreement and went to the press instead. And then he posted the recording of the call to try to defend himself, but at the same time burned his bridge with Apple.

Update (2016-10-15): See also: Accidental Tech Podcast and Core Intuition.

Update (2016-10-17): See also: The Talk Show.

Friday, October 7, 2016 [Tweets]


Peter Steinberger measured the new os_unfair_lock against OSSpinLock, pthread_mutex, NSLock, dispatch queues, and @synchronized.

Pierre Habouzit (via David Smith):

Apple’s libplatform is now OSS too with user-land os_unfair_lock (os/lock.c) in all its strict glory.

Stephan Tolksdorf:

If you use it from Swift, you have to be careful, because it’s a struct and Swift doesn’t prevent you from copying or moving it around, which normally would be an error.

Previously: OSSpinLock Is Unsafe, Mutexes and Closure Capture in Swift.

Hopper 4 Announced

Vincent Bénony:

Starting with Hopper v4, there is no floating windows anymore: now there is this Display Mode concept, which allows you to look at the content of the file using different kind of representation.


Hopper now features a complete Swift name demangler. No more cryptic names in files written in Swift.


In order to make ASM easier to read, Hopper gives different colors to the objects in the disassembly view, according to its analysis. For instance, stack variables have a different color from numbers, or registers.


Hopper v4 analyses procedures, and collect all the methods called. He is also capable of detecting some indirect calls, like Objective-C messages.


At the moment, there is no precise ETA, but Hopper v4 will be released before the end of the year, hopefully before the end of November.

And now, the big news: Hopper v4 will be a free update for the owners of a v3 license.

This looks great. Meanwhile, there are scripts for Swift demangling.

Apple’s Lightning to Headphone Adapter

Jeff Suovanen:

There’s actually a lot going on in there. As expected, one end is a simple female 3.5 mm headphone jack, and the other end is a male Lightning connector. But what’s all that silicon around the Lightning connector end? Most of the retail space near the connector is taken up by a single mystery IC.


In past iPhones like the 6s, both DAC and ADC functions were handled internally. The analog inputs and outputs from the headphone jack (and other components) were wrangled by a single chip on the logic board, a custom Apple/Cirrus Logic IC labeled 338S00105. (In the iPhone 7 and 7 Plus, that same exact chip still exists—because even without a headphone jack, the phone still has to shake hands with the built-in loudspeakers and microphones, all of which use analog signals.)

Martin Steiger:

Various issues with the new Apple headphone adapter: (increased noise, less quality, not compatible with all headphones etc.)

Previously: Lightning to 3.5 mm Headphone Jack Adapter.

Real World Swift Performance

Danielle Tomlinson:

Let’s talk about generics. You’re going to say, but you just showed us that protocols could be really slow, why would we want to use generics? The answer comes from what generics allow us to do.

Say we have this stack struct that is generic of a T, which is constrained by some type, which would be a protocol. What the compiler will do is replace that T with the protocol or the concrete class that you’re passing to it. Do that all of the way down the function chain and it will create specialized versions of that code that operate directly on the type.

You no longer need to go through the value witness table, or the protocol witness table, and you eradicate the existential container, which could be a really nice way to still write really fast generic code and have the really nice polymorphism that Swift gives us. That’s called static polymorphism.

Touch ID Is Only More Convenient

Alex Hern (in 2014, via Alexis Gallagher):

A speaker at the Chaos Communication Congress, an annual meeting of hackers in Germany, demonstrated his method for faking fingerprints using only a few high-definition photographs of his target, German defence minister Ursula von der Leyen.

Jan Krissler, known in hacker circles as Starbug, used commercial software called VeriFinger and several close-range photos of von der Leyen, including one gleaned from a press release issued by her own office and another he took himself from three meters away, to reverse-engineer the fingerprint.

Update (2016-10-07): See this Twitter conversation.

Thursday, October 6, 2016 [Tweets]

Reducing Swift Compile Time

Ayaka Nonaka:

Spent the morning cutting our Swift compile time by ~3 min. Thanks @irace for the helpful blogpost!

Basically had to go back & change most of our NSLayoutConstraint.activate to isActive = true. Uglier, but it really added up over time…

Unfortunate thing is that isActive = true is slower at runtime, so we’re trading off compile time with run time :/

Nick Lockwood:

I just tried it. Turns out

{ $0 == "e" || $0== "E" }

takes 100ms more than

{ (c: Character) in c == "e" || c == "E" }

Previously: Speeding Up Slow Swift Build Times.

Experimenting With App Store Search Ads


I am very excited about Search Ads, and I plan to invest into them heavily (both in terms of money and time). I will keep this post updated, and will do my best to collect all the news about it to make this a one-stop place for all the relevant resources.

James Thomson:

The App Store search ads keyword config suggests the trademarks of other companies by default… I declined, @tapbot_paul.

There are no search ads in the Mac App Store, due to neglect.

Previously: Early App Store Search Ads Fail.

Update (2016-10-07): Joe Cieplinski:

Is it or is it not ethical to bid on keywords that are your competitor’s app name?

Why is this a question? Of course it’s ethical.


Now, if Apple’s ads allowed us to spread lies about our competitor’s apps, that would be a different story. If I named my app something confusingly similar to my competition in order to fool someone into thinking they were buying the other product, that’s completely unethical. But these ads are simply giving customers more information. Customers deserve to make the most informed decision possible. They deserve to know your app exists, and that it might actually be better for them.

Advanced Swift, Second Edition

Ole Begemann:

The new edition has been thoroughly updated for Swift 3, but we didn’t stop there. We revised the entire book, rewrote sections that needed clarifying and came up with better examples. We also added a bunch of new content, primarily in the chapters on collections, functions, and generics.

It’s a free update if you already have the digital version of the first edition, which was excellent.

Applets and App Transport Security

Shane Stanley:

The next day things got more complicated when Steve posted some more information: he had just tried the same exercise from Script Editor, and this time the applet worked fine. Was Script Editor really enabling NSAllowsArbitraryLoads in its applets? We repeated Steve’s tests and looked at the Info.plist files. Not only was Script Editor not enabling NSAllowsArbitraryLoads in the saved applet, but neither was Script Editor itself. To make things even more confusing, when a working applet created in Script Editor and then edited and saved in Script Debugger still worked.


And it turns out that having a Bundle ID beginning with seems to be giving applets a free pass through App Transport Security. Oooh…

The other interesting point to me is that it also works the other way. The domain is whitelisted, so you should never use it for testing your networking code.

Previously: App Transport Security.

Wednesday, October 5, 2016 [Tweets]

Apple Removed Dash From the Mac App Store

Bogdan Popescu (tweet, Hacker News):

A while later my iTunes Connect account started showing as “CLOSED” and my apps were removed from sale. I thought this was normal and part of the migration.

Today I called them and they confirmed my account migration went through and that everything is okay as far as they can tell. A few hours ago I received a “Notice of Termination” email, saying that my account was terminated due to fraudulent conduct. I called them again and they said they can’t provide more information.

Keith Smiley:

The scariest part of App Store distribution

Brian Webster:

This is almost certainly a mistake, but even so, it’s a hell of a situation when another company can just mistakenly delete your business.

See also: other Dashes in the Mac App Store.

Update (2016-10-06): Chuq Von Rospach:

Apple really needs ways to communicate in these situations, a process for developers to appeal and work it out. FYI I’m available.

I had expected the Kapeli/Dash situation to be resolved in short order, but I was not expecting it to be resolved in this way (tweet, Hacker News):

Apple contacted me and told me they found evidence of App Store review manipulation. This is something I’ve never done.

Apple’s decision is final and can’t be appealed.

So it doesn’t matter that they offer no proof.

Rudy Richter:

Makes you wonder, if your competition could get you nuked by gaming your reviews?

Jeff Johnson:

I’m sure review manipulation happens for games and such, but it sounds pretty far-fetched for a well-known developer tool.

I should have mentioned this before, but Dash is an absolutely fantastic app. There’s a license migrator for Mac App Store purchasers, however I plan to buy it again to support the developer.

Tim Burks:

That’s what’s so galling about this. This has been done for millions of apps that have undercut legitimate developers.

Brent Simmons:

Required reading for understand the MAS.

Marco Arment:

Scary stuff over at the @AppStore. Makes it hard to trust any of our businesses there.

Mike Rundle:

1000s of apps pay for downloads and 5-star reviews. Apple pulls one down that never did.

Craig Hockenberry:

All that good things happening on the App Store lately are being overshadowed by this.

Christopher Sardegna:

I’ve had Apple claim that I was not allowed to appeal but I did anyway and ended up winning.


One of the best Mac and iOS apps I use. This also removed the program from purchases, so it can’t be downloaded again :-(

Phil Schiller (via Benjamin Mayo):

I did look into this situation when I read about it today. I am told this app was removed due to repeated fraudulent activity.

We often terminate developer accounts for ratings and review fraud, including actions designed to hurt other developers. This is a responsibility that we take very seriously, on behalf of all of our customers and developers.

Benjamin Mayo:

“If you run to the press and trash us, it never helps.”

To be fair, that line was removed from App Store guidelines on 13 June. So I guess running to the press is implicitly advised now?

David Owens II raises the issue that if the developer account is terminated, eventually the non–Mac App Store version of Dash will not be able to work with Developer ID.

Brent Simmons:

While this is legal, and within Apple’s rights, it’s not what we’ve come to expect from a moral judicial system. No matter what the context, we expect that the accused see the evidence against them, we expect avenues for appeal to be made available, and we expect proportional penalties.


In the meantime, it’s our job to presume innocence in the absence of evidence. This is also a moral issue, and it’s true even if you’ve never heard of the developer.

Paul Haddad:

1. Why do review manipulation on a niche app with no competition?

2. What are the odds its a mistake by the time a SVP responds?

Manton Reece:

Imagine instead if the App Store worked more like the web. Google dominates search, but they can’t shut down your web site. If you try to game the system, Google can remove you from search and limit your exposure. Likewise, developers should be able to distribute iOS apps with minimal involvement from Apple, yet apps that haven’t passed formal review won’t be searchable without a direct link, won’t ever be featured, and won’t show up in the top 100 lists.


Apple should focus on highlighting the best apps within a system that lets the app review team make occasional mistakes. There shouldn’t be such an easy toggle that wipes out an indie developer’s business.

Update (2016-10-07): Jeff Johnson:

It is said that distributing apps outside the Mac App Store is safe from meddling by Apple, because they cannot impose arbitrary rules on you or remove your apps from sale. That is true, to an extent. However, the potential still exists for Apple to put you out of business, for all practical purposes. The power to do this resides in Gatekeeper.

Dave Verwer:

I do believe Bogdan when he says that he did not do what they have accused him of, not because I know him (although I did meet him in person once, just for full disclosure) but because there was no need for the reviews to be manipulated. The app is great, in a niche market with little competition, so why risk it for more good reviews? It doesn’t make any sense.


It’s a disappointing and messy situation whichever way you look at it.

Swift 3.0 Unsafe World

Roberto Perez (via Hacker News):

But, what if we want to take a pointer to a Swift managed memory without having to create a function? To do it we will use withUnsafeMutablePointer, that will take a reference to a Swift type and a block with the pointer as it’s parameter.


When dealing with C API you need sometimes to cast pointers to struct to a different struct. This is very easy to do en C (and very dangerous and error prone too), as you have seen in Swift, all pointers are typed, that means that an UnsafePointer<Int> cannot be used where an UnsafePointer<UInt8> is required, that’s good in terms of producing a safer code, but at the same time that makes not possible to interact with C APIs that requires this types of casts, like for example socket bind() function. For theses cases, we will use withMemoryRebound which is a function that will convert a pointer from a type to a different one.


Before Swift 3.0, you could do it with UnsafePointer<Void> however, in 3.0 a new type has been added to handle these types of pointers: UnsafeRawPointer. This struct is not generic, so it means that it won’t hold information tied to any specific type and that will simplifly our code.


If we construct a UnsafeBufferPointer from an UnsafePointer we will be able to use most of the array functions of native Swift type given that UnsafeBufferPointer implements Collection, Indexable and RandomAccessCollection swift protocols.


Swift has an utility to take pointers to objects retaining its reference or not depending on our needs. Those are static functions of Unmanaged struct. With passRetained() we will create a retained reference to an object, so we can be sure that when using it from C world, it will be still there. If the object is already retained for the life of the callback we can also use passUnretained(). Both methods produces a instance of Unmanaged that will be converted to a UnsafeRawPointer by calling toOpaque()