Saturday, August 1, 2015 [Tweets]

Safari vs. Chrome: Power Consumption

John Gruber:

This exemplifies what the “Safari Is the New IE” crowd doesn’t get — Apple’s priorities for Safari/WebKit are very different from Google’s for Chrome/Blink. Innovation and progress aren’t necessarily only about adding new features. 24 percent better battery life is huge.

Safari is not IE because it’s not stagnant. But the original post resonated with me because Safari is no longer bringing me the whole Web. I spend much of my day in FogBugz and Google Docs, and these sites work better in Chrome, or even Firefox, than in Safari. I’ve also had problems with Apple’s own discussion forums in Safari, and there are apparently issues with Apple’s developer site, as well.

I love Safari as an app. Neither Chrome nor Firefox has ever felt very Mac-like to me. Yet I’m increasingly using Chrome because Safari can’t get the job done. I don’t know whose fault it is that these sites don’t work with Safari, but to me as a user it doesn’t really matter. Improving power efficiency is great, but it would probably save even more battery life if Safari were compatible enough that I didn’t have to keep Chrome running.

I’m not writing this as a Web developer who wants to deploy a native app experience via HTML and JavaScript. I’m just a Mac user who prefers Safari and wants to be able to use it.

The Appsmiths

Hansen Hsu (via Wil Shipley):

This dissertation is an ethnographic study, accomplished through semi-structured interviews and participant observation, of the cultural world of third party Apple software developers who use Apple’s Cocoa libraries to create apps. It answers the questions: what motivates Apple developers’ devotion to Cocoa technology, and why do they believe it is a superior programming environment? What does it mean to be a “good” Cocoa programmer, technically and morally, in the Cocoa community of practice, and how do people become one?

A free account is required to download the paper, but it looks like it’s well worth reading—or at least skimming, since it’s over 500 pages.

A Catalog of Functional Refactorings

Simon Thompson and Claus Reinke (PDF) (via Jeremy W. Sherman):

This document is the first draft of a catalogue of refactorings for functional programs. Most are applicable to a variety of modern functional programming languages – with the example code begin written in Haskell – but some relate specifically to Haskell and are marked as such.

Swift Array Performance

Airspeed Velocity:

Your reminder that building arrays with reduce, while fun, is accidentally quadratic.

I would have thought that extending an array would be optimized to not make a copy.

Update (2015-08-01): Joe Groff:

I don’t think + is implemented to check for unique referencing at all.

Friday, July 31, 2015 [Tweets]

NSTaggedPointerString

Mike Ash:

Thus we can see that the structure of the tagged pointer strings is:

  1. If the length is between 0 and 7, store the string as raw eight-bit characters.
  2. If the length is 8 or 9, store the string in a six-bit encoding, using the alphabet "eilotrm.apdnsIc ufkMShjTRxgC4013bDNvwyUL2O856P-B79AFKEWV_zGJ/HYX".
  3. If the length is 10 or 11, store the string in a five-bit encoding, using the alphabet "eilotrm.apdnsIc ufkMShjTRxgC4013"

[…]

The five-bit alphabet is extremely limited, and doesn’t include the letter b! That letter must not be common enough to warrant a place in the 32 hallowed characters of the five-bit alphabet.

[…]

Because this table is used for both six-bit and five-bit encodings, it makes sense that it wouldn’t be entirely in alphabetical order. Characters that are used most frequently should be in the first half, while characters that are used less frequently should go in the second half. This ensures that the maximum number of longer strings can use the five-bit encoding.

Address Sanitizer

WWDC 2015 Session 413 (video, PDF):

Address Sanitizer is an LLVM tool for C-based languages, that serves the same purpose as Guard Malloc, as it finds memory errors at runtime, however, it has a lot of benefits over the other tools.

It has much less runtime overhead and it also produces comprehensive, detailed diagnostics that are integrated directly into the Xcode UI.

What’s also very important is that it is the only such tool that works on iOS devices.

Nigel Timothy Barber:

The Xcode 7 Address Sanitizer is a revelation. Essential tool.

Mike Ash:

Address Sanitizer uses a simple but brilliant approach. It reserves a fixed section within the process’s address space called the shadow memory. In Address Sanitizer terms, a byte that is marked as forbidden is “poisoned,” and the shadow memory tracks which bytes are poisoned. A simple formula translates each address within the process’s address space into a spot in the shadow memory. Each eight-byte chunk of regular memory maps to a byte of shadow memory, which tracks the poison state of those eight bytes.

[…]

With this table structure in place, Address Sanitizer generates extra code in the program to check every read and write through a pointer, and throw an error if the memory in question is poisoned. This is the advantage of being integrated into the compiler and not merely existing as an external library or runtime environment: every pointer access can be reliably identified and the appropriate checks added into the machine code.

Compiler integration also allows neat tricks like the ability to poison and guard local and global variables, not just heap allocations. Locals and globals are allocated with a bit of extra padding in between them, and the padding is poisoned to catch any overflows. This is something that Guard Malloc can’t do, and that Valgrind has difficulty with.

Keith Harrison:

It is important to understand that the Address Sanitizer is a run-time tool so you need to exercise your code for it to find problems. This makes it a good candidate to enable when running unit and UI tests. Whilst Apple claims it has low overhead (2x-5x CPU and 2x-3x memory) it is not performance free so you may want to experiment if you have large test suites before leaving it enabled.

Objective-C Improvements and Swift Interoperability

WWDC 2015 Session 401 (video, PDF):

Go to any Objective-C header and choose the ‘show related items’ button in the top-left corner. This will bring down a menu of related items, one of which is ‘generated interface.’ And this will show you the Swift mapping for that header. This is the exact same view that you got in Xcode 6 using the ‘jump to definition’ feature, but now you can get it easily from any header in your target.

[…]

Now, on both of these examples, I have shown that these methods in Objective-C have multiple parameters, only one of which is the error parameter, but there are also cases where methods only have one parameter and you will get something like ‘check resource is researchable and return error.’ As you can see in Swift, since we already know that the method can return an error from that ‘throws’ keyword, we will chop off those last three words for you, just for you!

I guess that answers my question.

Jordan Morgan:

The first step to making this better is one of my favorite new Objective-C features, nullability annotations.

[…]

Though it took about thirty-two years, generics is now a thing in Objective-C.

[…]

Essentially, we’ve informed the compiler that the property and its collection will have some kind of a UIView. This allows for more information in the type contract that we’ve not had before.

The real treat? Implicit downcasting.

drekka:

There’s a couple of this going on here. Firstly you will notice that we are not using ObjectType anywhere. It appears that the name of a Generic reference is only usable in the header of a class. I’ve tried all sorts of syntaxes to see if there was a way to declare and use it in the implementation, but I’ve been unsuccessful. So I’ve concluded that Objective-C Generics simply don’t make the placeholders available to implementations. Unfortunately I cannot confirm against Apples code.

What I have concluded is that when a Generic is resolved by the compiler, it resolves to the top most class that can replace it. Normally this is id, however bounded Generics can make this more specific. See Restricting Generics below.

Joe Groff:

ObjC generics also can’t be part of the canonical type system without breaking C++ templates

Bitcode

drfuchs:

I managed to ask Chris Lattner this very question at WWDC (during a moment when he wasn’t surrounded by adoring crowds). “So, you’re signaling a new CPU architecture?” But, “No; think more along the lines of ‘adding a new multiply instruction’. By the time you’re in Bitcode, you’re already fairly architecture-specific” says he.

Wolf Rentzsch:

surprised most dev gripes about bitcode is unpredictable optimization effects. Folks, we’ve been living in emulated ISAs since the 90s

I think bitcode is a huge win. About only thing I’ll miss is cool ISA-specific instructions. Now reliant on OS vendor providing access.

Landon Fuller:

I’m a lot less worried about emulated ISAs given that the chances I have to debug one are pretty much nil.

Bitcode: non-reproducible Apple-internal toolchain bugs, emergent bugs from undefined behavior that previously worked, etc ...

dshirley:

When it becomes a requirement to submit apps in bitcode format, how will this impact architecture specific code (ie. assembly, or anything that is ifdef’d for that matter). It makes sense that assembly isn’t converted to bitcode, but doesn’t everything need to be in bitcode in order for an archive to be fully encoded in bitcode? I have an app that’s hitting a compile warning when archiving complaining that a specific 3rd party library doesn’t contain bitcode so the app cannot be archived with bitcode. That 3rd party library won’t emit bitcode ostensibly because it contains assembly (I could be wong about the cause, though).

Rainer Brockerhoff:

I suppose this would also allow Swift ABIs to change at any time, without dylibs in the app.

See also Accidental Tech Podcast episodes 122, 123, and 124.

Falsehoods Programmers Believe

A bunch of links via Jeff Atwood:

Apple Music Matches Files With Metadata Only

Kirk McElhearn:

If you’ve used iTunes Match in the past, you may know that it matches music using acoustic fingerprinting, which means that iTunes scans the music, and matches it to the same music. It doesn’t matter what tags files have: you could have, say, a Grateful Dead song labeled as a song by 50 Cent, and iTunes Match will match the Grateful Dead song correctly. (Here’s how Wikipedia defines acoustic fingerprinting.)

Apple Music, however, works differently. It does not use the more onerous (in time and processing power) acoustic fingerprinting technique, but simply uses the tags your files contain. And it can lead to errors. Here’s an example of how this can be a bit surprising.

Update (2015-07-31): Marco Arment:

This is embarrassing. No wonder people have had so many problems and so much data loss with Apple Music’s cloud-library features.

It’s as if nobody who made this implementation decision had ever encountered remasters, re-recordings, clean versions, live performances, or the many other extremely common reasons why two very different audio recordings might have the same artist and title.

[…]

Don’t let these cloud-matching “features” anywhere near your music collection.

Update (2015-08-01): Kirk McElhearn:

I’ve been unable to reproduce this issue, and my guess is that there was a glitch with Apple’s servers that has since been corrected. If you only subscribe to Apple Music, or are using it on a free trial, then your songs are matched using metadata only. If you subscribe to both iTunes Match and Apple Music, then iTunes matches your songs using digital fingerprinting.

Marco Arment:

That this happened at all (and I got reports from many other people who were affected) means that iTunes Match is less trustworthy as primary storage, and it never really was trustworthy as primary storage because it has always been buggy and inconsistent, so my recommendations remain to avoid letting these features integrate with your music collection.

Serenity Caldwell:

Apple’s been doing Match (as have other companies) for four years now and none of them have it anywhere near perfect.

Marco Arment:

I wonder if matching is still the right choice. I bet most people’s music libraries are smaller than their photo libraries.

SQLite FTS5

SQLite Release Notes:

Added the experimental FTS5 extension. Note that this extension is experimental and subject to change in incompatible ways.

SQLite FTS5 Extension:

The principle difference between FTS3/4 and FTS5 is that in FTS3/4, each instance-list is stored as a single large database record, whereas in FTS5 large instance-lists are divided between multiple database records. This has the following implications for dealing with large databases that contain large lists:

  • FTS5 is able to load instance-lists into memory incrementally in order to reduce memory usage and peak allocation size. FTS3/4 very often loads entire instance-lists into memory.

  • When processing queries that feature more than one token, FTS5 is sometimes able to determine that the query can be answered by inspecting a subset of a large instance-list. FTS3/4 almost always has to traverse entire instance-lists.

  • If an instance-list grows so large that it exceeds the SQLITE_MAX_LENGTH limit, FTS3/4 is unable to handle it. FTS5 does not have this problem.

[…]

FTS5 has no matchinfo() or offsets() function, and the snippet() function is not as fully-featured as in FTS3/4. However, since FTS5 does provide an API allowing applications to create custom auxiliary functions, any required functionality may be implemented within the application code.

The set of built-in auxiliary functions provided by FTS5 may be improved upon in the future.

Thursday, July 30, 2015 [Tweets]

Disabling Versions and Reclaiming Space

I have been having problems with the system Versions feature. On one volume, nearly half the total space is consumed by the versions database. I think it’s supposed to automatically prune old versions if more space is needed, but it doesn’t, so I instead get errors from MoneyWell that it can’t save its database.

The versions database is managed by revisiond, but as far as I can tell there are no built-in tools for controlling it. The only way to manually reclaim space seems to be to delete the .DocumentRevisions-V100 folder, which will delete all the versions.

I would like to selectively disable the Versions feature for certain volumes, but there doesn’t seem to be a way to do that. As far as I can tell, there isn’t even an official switch to disable it entirely. This answer suggests checking “Ask to keep changes when closing documents,” but that doesn’t work. This answer says that you can set the ApplePersistence default in Terminal. At least that works on a per-app basis, because it can also make some apps like TextEdit not function properly.

But the bottom line is that I wouldn’t have a problem with Versions if it would automatically compact its database.

Update (2015-07-30): Here is John Siracusa’s discussion of the versions (a.k.a. document revisions) feature.

Dixie

Skyscanner:

Dixie is an open source Objective-C testing framework for altering object behaviours. Test your app through creating chaos in the inner systems. The primary goal of Dixie is to provide a set of tools, which the developers can test their code with. Behind the goal is the ideology of “do not always expect the best”. You can read more about this here.

Via iOS Dev Weekly:

I found that the best way to think about Dixie was to see it as like a mocking framework that you enable globally inside your app rather than only in your test target. This allows various parts of your app to be replaced for integration tests, amongst other things.

How GameplayKit AI Works

Paul Hudson:

Amongst the many features introduced in GameplayKit, one of the most immediately useful is its ability to provide artificial intelligence that can evaluate a situation and make smart choices. We’re going to be using it in our Four in a Row game to provide a meaningful opponent, but first it’s essential that you understand how GameplayKit tackles the AI problem because it directly affects the code we’ll write.

[…]

GameplayKit’s artificial intelligence works through brute force: it tries every possible move, then tries every possible follow-on move, then every possible follow-on follow-on move, etc. This runs up combinations extremely quickly, particularly when you consider that there are 4,531,985,219,092 unique positions for all the pieces on the board! So, you will inevitably limit the depth of the search to provide just enough intelligence to be interesting.

UIKonf 2015 Videos

Apple’s Plan for More Connected Apps

Federico Viticci:

At WWDC 2015, Apple announced app search, a new feature of iOS 9 that will help users find content inside apps. Beyond the user-facing aspects of a new search page on iOS and proactive suggestions from Siri, however, lies a commitment to fundamentally rethink iOS’ relationship with apps and the web, with deep implications for the future.

[…]

With local app search, iOS 9 can build an index of content, app features, and activities that users may want to get back to with a search query. Built like a database and already in use by Apple apps such as Mail and Reminders, CoreSpotlight will provide low level access to the index of an iOS device, making it easy to organize and retrieve content users have previously seen, created, or curated.

[…]

The way Apple has designed local app search is reminiscent of viewing history in web browsers: users want to be able to find things they’ve seen in the past; from this standpoint, local app search will be more akin to a local app history, enabling users to find apps, but also files, pages, profiles, likes, comments, and other types of previously seen content.

[…]

Apple is building a cloud index of user activities and web content. As the company describes it, the cloud index will “inform any searches by any user of your app on any device”, and it’s broadly aimed at creating a public and anonymous index of what users look for and engage with. Part web crawling and part a crowdsourced search database, Apple’s cloud index will be closely tied to apps and results from it will be displayed in the search page of iOS 9.

[…]

Developers have choice when it comes to the cloud index. In an iOS app, they can tag user activities as public, and public activities get sent to Apple's cloud index as anonymous hashes.

It’s interesting that CoreSpotlight does not seem to require creating lots of stub files like Spotlight on the Mac.

Wednesday, July 29, 2015 [Tweets]

App Store Invoice JavaScript Injection

Darren Pauli (via Ole Begemann):

“After we received no serious reply, we released the data,” Mejri told El Reg in an email. Apple did not respond to a request for comment, and it’s not clear if the vulnerability has been addressed.

In a nuthsell, the bug works like this: you change the name of your iThing to include JavaScript code, then download or purchase an app from either the Mac or iTunes stores. Apple's systems generate an invoice, and email it to you and make a copy available online from your store account.

That JavaScript code stashed in your device name will be embedded in the invoice, so opening it in a browser will execute it, allowing it to attempt to do bad things like hijack your Apple account. Sellers and Apple staff viewing a copy of the invoice will also get attacked.

Google Cloud Storage Nearline Graduates to General Availability

Avtandil Garakanidze (via @arqbackup):

We’re introducing on-demand I/O to allow you to increase I/O in situations where you need to retrieve data from a Google Cloud Storage Nearline bucket faster than the provisioned 4 MB/s read throughput per TB of data stored. On-demand I/O delivers improved throughput when you need it and you only get charged for what you use. You now can access your data in seconds, while relying on predictable data recovery.

NSValue and Boxed Expressions

Alex Denisov (via iOS Dev Weekly):

Few hours ago I finally finished with my patch to Clang. It took a lot of time, but for me it is the most interesting and challenging OSS contribution so far.

I’m not going to dive deep into the details, but will give an overview of the new feature it brings to Objective-C.

Another approach is to use macros. Scott Morrison uses the ternary operator to swallow the @ so that you can write code like @point(1,2).

The Force Touch Trackpad

Fraser Speirs:

This thing is seriously, seriously brilliant and, in my opinion, a subtle but significant step forward in the Mac experience.

[…]

My big insight into the Force Touch trackpad is that you never need to use your thumb for clicking - ever. The reason we used the thumb was because the click was only effective in the lower quarter of the trackpad due to the hinge. As long as your tracking speed is set high enough that you can go from one side of the screen to the other in one movement, you can just use your pointing finger.

If you think about it, this really takes the Mac another step closer to more direct manipulation of objects on screen.

Coping With iTunes Features That Have Disappeared

Kirk McElhearn:

Whenever a new version of iTunes rears its head, new features are added, but also some features get cut. In this week’s column, I look at several of these features that are missing in action. In some cases—such as shuffling all music by an artist in the iOS Music app, or streaming Beats 1 radio over AirPlay—I offer a workaround. For another, I can only lament that certain useful features have been axed.

Phasing Out Google+

Bradley Horowitz:

People have told us that accessing all of their Google stuff with one account makes life a whole lot easier. But we’ve also heard that it doesn’t make sense for your Google+ profile to be your identity in all the other Google products you use.

So in the coming months, a Google Account will be all you’ll need to share content, communicate with contacts, create a YouTube channel and more, all across Google. […] As always, your underlying Google Account won’t be searchable or followable, unlike public Google+ profiles.

Tuesday, July 28, 2015 [Tweets]

Why JSON Doesn’t Have Comments

Douglas Crockford (via Dave Dribin):

First, comments turned out to not be very useful.

Second, comments were the most difficult feature to support in JSON parsers. By removing comments, support for JSON in other languages became much easier.

Third, removing comments aligns JSON more closely with YAML, allowing YAML to become a JSON superset. Generally, standards tend to splinter. It is interesting to see these two merging.

Fourth, I saw examples of comments used to carry information, with an expectation that applications would have to have custom comment parsers and generators. That was not a pattern that I wanted to encourage.

Douglas Crockford (via Dave Dribin):

I removed comments from JSON because I saw people were using them to hold parsing directives, a practice which would have destroyed interoperability. I know that the lack of comments makes some people sad, but it shouldn’t.

Update (2015-08-01): Hacker News comments.

Flickr Pro Is Back

Flickr:

Today, we’re excited to unveil the new Flickr Pro for both existing and new members of our community, a subscription that offers improved stats, brings back our Pro badge, offers a discount on Adobe software and more.

[…]

Flickr members who don’t currently have Flickr Pro can purchase it today for $5.99/month or $49.99/year.

First, there was regular (free) and Pro ($25/year for no ads, unlimited storage, and extra features). Then there was Free, Ad Free ($50/year for no ads), and Doublr ($499/year for 2 TB instead of 1 TB). Now, Ad Free is called Pro again and adds the statistics features, free shipping, and a 20% discount on the Adobe Creative Cloud plan for Photoshop and Lightroom. The other difference is that the old Ad Free account only removed ads when you were logged in, whereas with the new Pro account:

Your photos, whether viewed by you or a fan, will never be shown next to an advertisement.

Which is a good thing because the ads seem to have gotten a lot more intrusive lately. And I often view my photostream when logged out to make sure that the privacy settings are correct.

Intel Compute Stick

David Pogue:

It’s called the Intel Compute Stick, and it’s really small (4 x 1.5 x 0.5 inches) — so small, you might mistake it for a USB flash drive. It’s the first Windows PC you might lose in your bag. If you were a movie character being chased by techno-terrorists, you could slip the whole thing into your sock.

Better yet: It’s not only the smallest Windows PC type in the world; it’s also the least expensive: just $150 (with 2GB of memory, 32GB of storage, and Windows 8.1).

[…]

That’s right. Instead of plugging a monitor into your PC, you now plug your PC into the monitor.

Checking If Mission Control Is Active

Tim Schröder:

Unfortunately, Apple has never provided a public API to programmatically check if Mission Control is active.

[…]

It turns out that there is nevertheless an easy way to check if Mission Control is active (code snippet below): We just ask which windows are present on the screen. If there is a specific window present owned by the dock process and with a vertical origin of -1.0, this will be a “Dock Window” as shown by Mission Control only […] Of course this is slightly hackish and might break in the future […]

Swift Whole Module Optimization

Keith Harrison:

For the None or Fast optimization levels the compiler is working with a single source file at a time. When the definition of the generic function is in the same source file as the calling code the compiler knows we are calling the function with integers and optimizes away unnecessary object handling code. This optimization known as Generic Specialization will only work when the compiler has visibility of the function definition meaning that the external definition runs more slowly.

It makes compilation slower, though.

Monday, July 27, 2015 [Tweets]

Safari 9’s Responsive Web Design Mode

What’s New in Safari (via Daniel Jalkut):

The Responsive Design Mode provides a fast-switching layout preview of your webpage across a spectrum of viewport sizes. This viewport quick-look tool helps you quickly spot layout issues on a webpage across many screen sizes. It includes several preset sizes for Apple devices, shown in Figure 3, and allows custom viewport sizes to be defined.

Cool.

Apple at Its Most Pompous

Apple:

Also amazing? The fact that there are over a million and a half capable, beautiful, inspiring apps on the App Store. And each and every one was reviewed and approved by a team of real live humans. With great taste. And great suggestions. And great ideas.

John Gruber:

What irks here, fundamentally, is that Apple is taking credit for the great apps in the App Store, rather than giving credit to the third-party developers who make them.

Nick Heer:

Apple has gotten really, really good at making ads that show the products, rather than talking about them — remember the “Every Dayseries? They’re still doing ads like that series, but for the Watch. And, while I know they have to change things up every so often, these feel like a miss to me. They’re too smug, and too pompous for my tastes. I prefer the softer sell.

Ember Leaves the Mac App Store

Nik Fletcher:

One of the biggest problems we want to fix is sync. Formal sync in Ember right now, given the typical size of an Ember library, hasn’t performed as well as it should have - and we know that you also want to use other services besides iCloud and Dropbox. So, instead of just the two sync options we’ll be giving you the option to both relocate the library, as well as have multiple Ember libraries! For those of you wanting to use Google Drive or some other service you can - just place your Ember library in the chosen location.

[…]

It will be a paid upgrade, and we’ll be making sure that upgrade pricing (for Mac App Store and direct customers) is a no-brainer once the public beta concludes.

We will only offer Ember 2 directly, so every Ember customer can receive upgrade pricing. No MAS-ing about ;)

Previously: Ember and iCloud Core Data.

Linked Lists, Enums, Value Types and Identity

Airspeed Velocity (tweet):

So, with our nodes being references, we essentially got a free globally-unique identifier for each one, which we could then use to implement node equality. But now that we have switched away from box, we can’t use === any more. So what can we do?

[…]

Finally, a third option: tag our list elements with a number, and use that to compare them.

I hope there’s a better way.

Friday, July 24, 2015 [Tweets]

Security and Privacy Changes in iOS 9

Alban Diquet:

To further prevent user tracking, Apple has extended MAC address randomization to additional services, and seems to now include location services scans.

[…]

Keychain items can now be encrypted using both the device’s passcode and an “Application password”; both values are then needed to decrypt and retrieve the item. This allows Apps to control when the data is accessible/decrypted, instead of having the data decrypted as soon as the device is unlocked.

[…]

iOS 9 brings several new extension points geared toward network filtering and VPNs:

  • The Packet Tunnel Provider extension point, to implement the client-side of a custom VPN tunneling protocol.
  • The App Proxy Provider extension point, to implement the client-side of a custom transparent network proxy protocol.
  • The Filter Data Provider and the Filter Control Provider extension points, to implement dynamic, on-device network content filtering.

These extension points can only be used with a special entitlement, thereby requiring Apple to approve the extension first.

Maybe someday Little Snitch for iOS will be possible.

Weak and Unowned References in Swift

Hector Matos:

At this point we have a retain cycle. You see, closures in Swift behave exactly like blocks in Objective-C. If any variable is declared outside of the closure’s scope, referencing that variable inside the closure’s scope creates another strong reference to that object. The only exceptions to this are variables that use value semantics such as Ints, Strings, Arrays, and Dictionaries in Swift.

Here, NSNotificationCenter retains a closure that captures self strongly when you call eatHuman(). Best practice says that you clear out notification observers in the deinit function. The problem here is that we don’t clear out the block until deinit, but deinit won’t ever be called by ARC because the closure has a strong reference to the Kraken instance!

Other gotchas where this could happen is in places like NSTimers and NSThread.

The fix is to use a weak reference to self in the closure’s capture list. This breaks the strong reference cycle.

[…]

Weak and unowned references are essentially the same. It does not increase the retain count of the object being referred. However, in Swift, an unowned reference has the added benefit of not being an Optional.

Code Signing in El Capitan

Craig Hockenberry:

Gatekeeper rejected the app because I’m using Sparkle 1.5b6. The framework has symlinks to paths on a Mac that I doubt Andy Matuschak uses anymore. That’s completely reasonable: those symlinks could just as easily point to something a lot more damaging that a non-existent directory.

The --strict option currently checks the validity of symlinks. You can point a symlink at a path in your own application package, /System or /Library, but nowhere else. The code signing rules also allow language translations to be removed, but if they are present they must be unmodified.

[…]

Many of your customers will be downloading and running your app on the El Capitan public beta: you should do the codesign --deep --strict check on any new releases to avoid customer support issues. It’s also likely that a similar check will be performed for you when the Mac App Store eventually allows submissions for 10.11.

Don’t Use GUIDs As Passwords

Raymond Chen:

This is a really bad idea. GUIDs are designed for uniqueness, not for security.

For example, we saw that substrings of GUIDs are not unique. For example, in the classic v1 algorithm, the first part of the GUID is a timestamp. Timestamps are a great technique for helping to build uniqueness, but they are horrifically insecure because, well, duh, the current time is hardly a secret!

DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability

Stefan Esser (via Rene Ritchie, comments):

When this variable was added the usual safeguards that are required when adding support for new environment variables to the dynamic linker have not been used. Therefore it is possible to use this new feature even with SUID root binaries. This is dangerous, because it allows to open or create arbitrary files owned by the root user anywhere in the file system. Furthermore the opened log file is never closed and therefore its file descriptor is leaked into processes spawned by SUID binaries. This means child processes of SUID root processes can write to arbitrary files owned by the root user anywhere in the filesystem. This allows for easy privilege escalation in OS X 10.10.x.

At the moment it is unclear if Apple knows about this security problem or not, because while it is already fixed in the first betas of OS X 10.11, it is left unpatched in the current release of OS X 10.10.4 or in the current beta of OS X 10.10.5.

[…]

The problem with this code is that it does not come with any safeguards that are required when adding new environment variables to the dynamic linker. Normally for security reasons the dynamic linker should reject all environvent variables passed to it in case of restricted files. This is automatically handled when new environment variables are added to the processDyldEnvironmentVariable() function. However in the DYLD_PRINT_TO_FILE case the code was directly added to the _main function of dyld.

Strings in Swift 2

Apple (tweet):

In Swift 2, the String type no longer conforms to the CollectionType protocol, where String was previously a collection of Character values, similar to an array. Now, String provides a characters property that exposes a character collection view.

[…]

When you add an element to a collection, you expect that the collection will contain that element. That is, when you append a value to an array, the array then contains that value. The same applies to a dictionary or a set. However, when you append a combining mark character to a string, the contents of the string itself change.

[…]

However, String determines equality based on being canonically equivalent. Characters are canonically equivalent if they have the same linguistic meaning and appearance, even if they are composed from different Unicode scalars behind the scenes. […] In Swift, strings are considered equal regardless of whether they are constructed from decomposed or precomposed character sequences.

Update (2015-07-25): Pierre Lebeaupin:

If Apple can’t get its “Characters”, UTF-16 scalars, and bytes of a seemingly simple string such as “café” straight in a blog post designed to show these very views of that string, what hope could you possibly have of getting “character”-wise text processing right?

Indeed, Apple has corrected its blog post (silently).

marcelolr:

Baking in a canonicalization policy into a basic type is … interesting. I’m sure somewhere someone will be unhappy their password no longer hashes to the same value.

Thursday, July 23, 2015 [Tweets]

Dynamic Swift

Lee Morgan:

We’ll go ahead and extend our KVC protocol and add our default implementation.

extension KVC {
    
    func valueForKey(key : String) -> Any? {
    
        let mirror = reflect(self)
        
        for index in 0 ..< mirror.count {
            let (childKey, childMirror) = mirror[index]
            if childKey == key {
                return childMirror.value
            }
        }
        return nil
    }
}

David Owens II has a different implementation that also handles setting values:

As you might be gathering, the basic premise is to use a backing store to maintain our values and type information. The implementation can then verify that the data coming in is correct.

David Owens II:

But wait… if we can shadow the functions and replace them with our own implementations, then this means that method swizzling is back on the table!

There are several caveats, though.

Adrian Kashivskyy:

Remember that reflection in Swift is currently read-only and there’s no way to modify your program at runtime (with Objective-C-derived classes being an exception as you can still class_addMethod() in Swift).

Brent Simmons asks how to instantiate an arbitrary class at runtime.

David Owens II:

The same way as C++, an ugly switch statement!

Wil Shipley:

On the latest Swift you have to add the word “init” to make this more explicit. Then it works. e.g:

let a:P = clsA.init(i:1)

Brent Simmons:

Jim takes this one step further: what if all you have is the class name as a string?

Alas, that’s currently only possible using Objective-C classes. There is no NSClassFromString() for Swift. [Update (2015-07-23): Actually, there is. See the comments below.]

David Owens II:

Xcode 7 Beta 4 is out and it is a doozy! One of the changes is that performSelector is now available from Swift. Now, this isn’t going to make your Swift types dynamic all of a sudden. However, what it does open the door for, is writing both your ObjC-style code and your Swift code all in the same language: Swift.

Brent Simmons:

Here’s the deal I’m willing to make: to make my code more elegant (read: smaller, easier to maintain, reusable), I’m willing to let it crash if I’ve configured things incorrectly.

[…]

So my case is that Swift itself needs things like this. If not a clone of KVC, then something very much like it.

Rob Rhyne:

When Apple announced the Swift programming language in 2014, there were questions about the future of frameworks that depended heavily on the dynamic nature of Objective-C. Frameworks such as Core Data marshall objects with type dependencies determined at runtime. The strict type checks required by the Swift compiler appeared in conflict with Core Data.

[…]

It turns out the answer to one question begat the solution to the other. By turning this class extension into a protocol and with a clever use of typealias, I resolved the insidious casting problem while maintaining type safety. Protocols to the rescue!

In other words, there are ways to use Core Data from Swift in a type-safe way. But it would still be impossible to write Core Data itself in pure Swift.

init? vs. init throws

David Owens II:

What I’ve come to realize is, my problem is really about the callsite, I actually always want to use throws. The simple fact is that I can return more information about the failure and let the caller decide if they care about it or not.

But if the caller doesn’t care about it, this makes the callsite ugly.

Ok, so let’s make it better:

func trythrow<T>(@autoclosure fn: () throws -> T?) -> T? {
    do { return try fn() }
    catch { return nil }
}

func example3() {
    guard let tt = trythrow(try Foo(throwable: 0)) else {
        print("error")
        return
    }
    
    print("Foo(throwable:) creation passed")
    
}

This gets us into a happy place again. We can turn failures where we do not care about the specific reasons into a code path that is more natural. If this becomes a pattern, it begs the question why this wouldn’t be just built into the language.

This thread suggests doing that by adding try?, which looks like a good idea.

Perl 6 Due This Year

Larry Wall (via Hacker News, Slashdot):

So natural language is very flexible this way because you have a very intelligent listener – or at least, compared with a computer – who you can rely on to figure out what you must have meant, in case of ambiguity. Of course, in a computer language you have to manage the ambiguity much more closely.

Arguably in Perl 1 through to 5 we didn’t manage it quite adequately enough. Sometimes the computer was confused when it really shouldn’t be. With Perl 6, we discovered some ways to make the computer more sure about what the user is talking about, even if the user is confused about whether something is really a string or a number. The computer knows the exact type of it. We figured out ways of having stronger typing internally but still have the allomorphic “you can use this as that” idea.

[…]

Part of the reason the Perl 6 has taken so long is that we have around 50 different principles we try to stick to, and in language design you’re end up juggling everything and saying “what’s really the most important principle here”? There has been a lot of discussion about a lot of different things. Sometimes we commit to a decision, work with it for a while, and then realise it wasn’t quite the right decision.

We didn’t design or specify pretty much anything about concurrent programming until someone came along who was smart enough about it and knew what the different trade-offs were, and that’s Jonathan Worthington. He has blended together ideas from other languages like Go and C#, with concurrent primitives that compose well. Composability is important in the rest of the language.