Archive for April 2011

Thursday, April 28, 2011 [Tweets] [Favorites]

Why Instapaper Free Is Taking an Extended Vacation

Marco Arment:

If you have a free version of your app, that will be the only version many people will ever see. So, for the Free users, that app — that extremely limited app that lacks almost all of Instapaper’s best features — is what they think Instapaper is.

I was giving them a choice: Stick with this limited app, or upgrade to the paid version with all of these great features. But since they had never used those features, they didn’t know how much they wanted them.

Of course, this is another reason that the App Store should support fully-featured trials.

Sidenote: I would much rather pay (say) $10 for an app that I’ve tried and know that I like, than buy a bunch of similar apps for $1-5 each and then “throw away” the ones that turn out not to be as good. Paying for what you use, rather that what you can be induced to buy-to-try, sends better signals to developers about what’s good—and also would lead to more meaningful top-10 charts in the store for users.

Wednesday, April 27, 2011 [Tweets] [Favorites]

iAds and Location Data

Apple’s response to the consolidated.db controversy seems to explain what people wanted to know about its crowd-sourced location database and put that issue to rest. However, commenter Chucky notes that Apple has left itself an “escape clause” for iAds. The press release says:

Our iAds advertising system can use location as a factor in targeting ads. Location is not shared with any third party or ad unless the user explicitly approves giving the current location to the current ad (for example, to request the ad locate the Target store nearest them).

Apple’s privacy policy says:

We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.

And the Wall Street Journal, referring to the letter Apple sent last year to congressmen Markey and Barton, writes:

Apple, meanwhile, says it “intermittently” collects location data, including GPS coordinates, of many iPhone users and nearby Wi-Fi networks and transmits that data to itself every 12 hours…

[…]

Apple said the data it transmits about location aren’t associated with a unique device identifier, except for data related to its mobile advertising network.

In other words, even though “Apple is not tracking the location of your iPhone,” Apple’s servers do store location data tied to your iPhone device ID. Otherwise, Apple would not be able to target iAds based on your location history. Apple’s response today does not explain the extent of the information transmitted from your phone to Apple for iAds or how long Apple keeps the information. You can opt out of interest-targeted iAds, but this does not apply to the location tracking. It’s not clear whether your location data is still sent to iAds if you aren’t running any apps that use iAds. Additionally, though Apple emphasizes that it has “no plans to ever” track the location of your phone, it will only say that sharing iAds location data with third parties “currently” requires explicit approval from the user.

Monday, April 25, 2011 [Tweets] [Favorites]

E-Book Piracy

David Flanagan:

When my Ruby book came out in 2008 I was sad to discover that pirated copies were available within a week or so of the book’s release. When my jQuery pocket reference came out earlier this year, I was shocked to discover that Google was giving the ebook download sites higher placement than reviews of the book. And now JavaScript: The Definitive Guide is out. I don’t have a copy of it yet, but illegal copies are free for anyone who wants one. And Google will suggest those illegal downloads to anyone who tries to research the book (see the screenshot). I’ve worked really hard on this book, and I’ve got to say that this just feels like a kick in the gut.

He’s the author of some great programming books, but declining royalties are forcing him to seek a new job.

Friday, April 22, 2011 [Tweets] [Favorites]

Amazon EC2 Outage

Justin Santa Barbara:

I used the word “contract” above, but I meant it in the technical sense, not the legal sense. The legal contract is the SLA, which I consider relatively worthless. Engineers designed to the AWS technical ‘guarantees’, but a multi-AZ failure shouldn’t happen if AWS is upholding their end of the ‘bargain’.

Update (2011-04-25): Rich Wolski:

Thus, in the extreme, the best solution to the problem of tolerating failure reduces to the End-to-End argument: the application itself must include logic for managing failures, no matter how well engineered the system is that they are using, when continuous operation is a requirement. Admittedly, this statement is extreme but clouds like AWS are also extreme in the scale they can support making such reductionist logic potentially useful. AWS is an extraordinarily well-designed and engineered system, as its availability characteristics indicate. There is just no getting around the Law of Large Numbers and for AWS, one has to believe the numbers are large.

High Scalability:

So many great articles have been written on the Amazon Outage. Some aim at being helpful, some chastise developers for being so stupid, some chastise Amazon for being so incompetent, some talk about the pain they and their companies have experienced, and some even predict the downfall of the cloud. Still others say we have seen a sea change in future of the cloud, a prediction that’s hard to disagree with, though the shape of the change remains…cloudy.

Amazon:

There are three things we will do to prevent a single Availability Zone from impacting the EBS control plane across multiple Availability Zones. The first is that we will immediately improve our timeout logic to prevent thread exhaustion when a single Availability Zone cluster is taking too long to process requests. This would have prevented the API impact from 12:50 AM PDT to 2:40 AM PDT on April 21st. To address the cause of the second API impact, we will also add the ability for our EBS control plane to be more Availability Zone aware and shed load intelligently when it is over capacity. This is similar to other throttles that we already have in our systems. Additionally, we also see an opportunity to push more of our EBS control plane into per-EBS cluster services. By moving more functionality out of the EBS control plane and creating per-EBS cluster deployments of these services (which run in the same Availability Zone as the EBS cluster they are supporting), we can provide even better Availability Zone isolation for the EBS control plane.

Thursday, April 21, 2011 [Tweets] [Favorites]

consolidated.db

John Gruber:

The key question for Apple: Given that this file was widely known among iOS forensics experts back in September, why does it still contain historical (as opposed to just recent) location history today?

Andy Ihnatko:

It’s also, frankly, another reason why I value my iPhone’s “remote nuke” feature and wish it were possible to nuke all data directly from the handset. I can’t think of any circumstance under which my location data would possibly be damaging, incriminating, or even just embarrassing. That’s not the point: if I can’t control the data that my phone is collecting, I should at least have the power to destroy it utterly.

Update (2011-04-22): Guy English:

That said and done, no one has yet asked the really interesting question — if this had happened once Apple was shipping an iOS device that backed up automatically to an Apple server how much more of a shit storm would this have been? A very shittier shit storm is the answer. I’ll bet there’s more than a few managers who’re thinking very carefully about how to make damn sure they don’t have to spend an Easter weekend working to prove to Stuart Smalley that they’re good enough, and smart enough, doggone it.

Update (2011-04-23): F-Secure (via Alex Levinson):

And the real question is: How did Apple create their own location database? They did not have cars driving around the world. They didn’t need to. They had existing iPhone owners around the world do the work for them.

If you run a modern iPhone, it will send your location history to Apple twice a day. This is the default operation of the device.

Update (2011-04-27): Apple:

The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.

Your location data is being transmitted to Apple, although if you trust that there aren’t bugs in the anonymization and encryption this shouldn’t be of concern. Apple is trying to downplay the accuracy of the data, but it’s certainly accurate enough to track you for some purposes. They will be fixing the OS to cache less data, not back it up, and (in iOS 5) encrypt it on the device.

Wednesday, April 20, 2011 [Tweets] [Favorites]

Ask Joel Spolsky Anything

Joel Spolsky is answering questions on Reddit. Fog Creek is now his 20% project, but FogBugz seems to be doing just fine. He also links to the High Scalability article on Stack Overflow, which I had missed.

Dropbox’s Lack of Security

Miguel de Icaza (via Ben Brooks):

There really are no more details on what procedures Dropbox has in place or how they implement the crypto to prevent unauthorized access to your files. We all had to just take them at their word.

This wishy-washy statement always made me felt uneasy.

But this announcement that they are able to decrypt the files on behalf of the government contradicts their prior public statements. They claim that Dropbox employees aren’t able to access user files.

The way their security works is pretty unsurprising given the sharing and deduplication features, and the fact that you can still access your data after resetting your password. However, this is another instance of Dropbox not communicating well, with the result being that most people think it works better than it actually does. I still think it’s better than the alternatives—and still wouldn’t use it to store sensitive files that aren’t already encrypted.

Of note, 1Password keychains are only partially encrypted. Your passwords and account numbers are theoretically secure, but anyone viewing the file can see which banks, credit cards, and Web site you have accounts with, which software products you’ve bought, etc.

Update (2011-04-21): Co-founders Drew Houston and Arash Ferdowsi respond:

Some concerns have been raised about our Help Center article and other statements that discuss employee access to user data. We agree that we could have provided more details and we will be updating these to make them more clear. Like most major online services, we have a small number of employees who must be able to access user data when legally required to do so. But that’s the exception, not the rule. We have strict policy and technical access controls that prohibit employee access except in these rare circumstances. In addition, we employ a number of physical and electronic security measures to protect user information from unauthorized access.

In my view, the problem is not so much the policy as that the help page categorically says “Dropbox employees aren’t able to access user files,” and yet they very clearly can—under certain circumstances. It’s not that the help page was unclear but that it was untrue, in the same way that the FAQ used to specifically say that metadata was transferred over SSL—when it wasn’t.

Kindle Lending Library

Lex Friedman:

Once the feature launches, customers will be able to borrow Kindle e-books from their local libraries and start reading them instantly. If you check out a Kindle book a second time, or later purchase your own copy from Amazon, you don’t lose any notes and bookmarks you’ve added; they remain linked to your Amazon account.

This is pretty cool.

NetNewsNostalgia

Justin Williams quotes Brent Simmons:

In those days, Mail.app still used a drawer for the accounts/mailboxes list. One of the most common feature requests I got was to put the feeds in a drawer, like Mail, so the app would be more standard. I’m glad I didn’t listen!

NetNewsWire Lite was released in 2002. I’ve been using it and the non-Lite version ever since. The only other applications that have been continuously in my Dock since then (not counting ones I developed) are Finder, BBEdit, Terminal, LaunchBar, OmniOutliner, and iTunes. No Apple developer tools make the cut because Xcode didn’t exist then, and Interface Builder was discontinued with Xcode 4.

Monday, April 18, 2011 [Tweets] [Favorites]

So Long, Google Video

Christopher Bowns quotes Google as saying that it won’t be removing any content that had been uploaded, but as of May 13 you won’t be able to play or download any of it.

Friday, April 15, 2011 [Tweets] [Favorites]

Compile-Time Tips and Tricks

Mike Ash:

With a bit of trickery, it’s possible to build a check which happens at compile time, late enough so that types are known, but before your program actually runs. There are actually a few different ways to do this, but my preferred way is to declare an array whose size depends on the expression to test. If it passes, set the size to 1, which compiles. If it fails, set the size to -1, which is illegal and causes an error. The error message cannot be fully customized, but by giving the array a descriptive name, the message can still be conveyed.

Cutting That Cord

John Gruber:

You buy books on your device, you read them on your device, and your history, bookmarks and other metadata all get synced to your iTunes account in the cloud. And it works great. But a lot more apps should work like this. Should wireless Safari bookmark syncing cost $99 a year? Shouldn’t it be easy for iOS game developers to sync progress for the same game across multiple devices using the same iTunes account? App Store developers shouldn’t have to rely on another third-party — Dropbox — for this sort of functionality.

The Proper Care and Feeding of NSImage

Paul Kim:

You could try turning off image interpolation in the destination graphics context but this isn’t always possible or desirable. The better solution is just like before: use a custom image rep to do the drawing (select “Drawn (custom image rep)” from the pop-up). Since the drawing occurs at drawing time, instead of image creation time, it knows about the context it is drawing into and therefore can provide your drawing code with a context at the correct resolution. The crisp square on the right speaks for itself.

Fortunately, blocks make it easy to use custom image reps rather than -lockFocus.

Subclassing NSInputStream

BJ Homer (via Dave DeLong):

-[NSInputStream _scheduleInCFRunLoop:forMode:] is the equivalent of CFReadStreamScheduleWithRunLoop for your stream. Do whatever you need to do so that you can give proper kCFStreamEventHasBytesAvailable notifications (and any other notifications requested) at the proper time. That may involve scheduling a timer on the run loop, or if your subclass is just wrapping a vanilla NSInputStream, simply scheduling that stream on the run loop. Implement this method as if you were implementing CFReadStreamScheduleWithRunLoop for your stream.

Thursday, April 14, 2011 [Tweets] [Favorites]

The Tragic Death of the Flip

David Pogue:

The masses still have regular cellphones that don’t capture video, let alone hi-def video. They’re the people who buy Flip camcorders. It’s wayyyyyy too soon for app phones to have killed off the camcorder.

He has some other theories about what happened.

Don’t Mimic Real-World Interfaces

Ben Brooks (via Marco Arment):

How many teenagers today are likely to have ever owned or used a DayRunner? Mimicking these interfaces is not about creating a more usable interface, or about giving the consumer what they know — it is about creating eye candy, while the usability and productivity of the app suffers. Eye candy can aid a design and the usability — as it did with the first computer applications — more often though is forces the app to look and behave in a manner that is not very helpful to the user.

Implementing imp_implementationWithBlock()

Landon Fuller explains Apple’s implementation of imp_implementationWithBlock() and posted his own PLBlockIMP, which works on Mac OS X 10.6:

On Darwin, vm_remap() provides support for mapping an existing code page at new address, while retaining the existing page protections; using vm_remap(), we can create multiple copies of existing, executable code, placed at arbitrary addresses. If we generate a template page filled with trampolines at build time, we can create arbitrary duplicates of that page at runtime. This allows us to allocate an arbitrary number of trampolines using that template without requiring writable code…

Wednesday, April 13, 2011 [Tweets] [Favorites]

CoffeeScript

CoffeeScript (via David Heinemeier Hansson):

CoffeeScript is a little language that compiles into JavaScript. Underneath all of those embarrassing braces and semicolons, JavaScript has always had a gorgeous object model at its heart. CoffeeScript is an attempt to expose the good parts of JavaScript in a simple way.

It’s actually been around since 2009, but I just heard about it because it’s now included in Rails. It looks great. JavaScript is the new Assembly.

Xcode 4: Open Quickly in Assistant Editor

A consequence of Xcode 4’s single-window interface is that opening a file shows it in an existing pane rather than in a new window. Xcode normally picks the main editor pane, which can be annoying. Often, I’m looking at a source file and want to open its unit test file next to it. When I choose “Open Quickly” from the File menu, Xcode opens the test file on top of the source file. I expected that holding down the Option key would change the menu item to something like “Open Quickly in Assistant Editor,” but it doesn’t. However, Kevin Ballard has a great tip: when you’re in the “Open Quickly” window, you can hold down the Option key when clicking the Open button to open the file in the assistant editor. You can also hold down Option-Shift to choose which editor, tab, or window to open it in.

Friday, April 8, 2011 [Tweets] [Favorites]

QuickPick Rejected From the Mac App Store

Jonathan Rentzsch:

QuickPick is Seth’s application and document launcher. Apple has apparently decided to remove/retroactively-reject QuickPick as being too similar to 10.7’s Launchpad.

Update (2011-04-13): Developer Seth Willits told me that QuickPick was created in early 2007 for Mac OS X 10.4. He says that although the screenshots make it look similar to Lion’s Launchpad, it’s actually much more like the desktop.

Wednesday, April 6, 2011 [Tweets] [Favorites]

Average App Store Review Times

Dave Verwer’s Average App Store Review Times searches for the #iosreviewtime or #macreviewtime hash tags on Twitter to crowdsource how long it’s currently taking Apple to review apps (via Jeff LaMarche).

appCode

JetBrains appCode is a new Objective-C IDE for Mac and iOS development. It can read Xcode projects and has an advanced source editor and debugger but relies on Interface Builder 3 to edit nib files. It’s great to see some ambitious competition for Xcode, although the interface doesn’t really appeal to me. It does clearly best Xcode 4 in one area, though: it can sort the file list alphabetically.

iPad Subscriber Data

Ian Betteridge:

And the value you get from your subscription list largely doesn’t lie in selling that data directly to third parties. […] The more you know about your readers, the more valuable your ads. The problem with the Apple model, which the FT is correct in highlighting, is that it effectively breaks the relationship you have with subscribers, which lets you increase the cost of your ads.

More relevant ads are better for everyone. It’s not clear to me why Apple doesn’t want generic demographic data used, either for third-party publishers or for its own iAds.

Tuesday, April 5, 2011 [Tweets] [Favorites]

Cong 0.8

Stéphane Sudre’s Cong is a developer utility for checking a Mac application’s resource files (via Dan Wood). It reminds me of Bare Bones Software’s old SoftPolish utility.

Sunday, April 3, 2011 [Tweets] [Favorites]

ATPM 17.04

The April issue of ATPM is out:

Friday, April 1, 2011 [Tweets] [Favorites]

Signal Handling

Mike Ash:

Using the low level sigaction to handle signals makes life unbelievably hard, as the signal handler is called in such a way as to place extreme restrictions on the code it contains. This makes it almost impossible to do anything useful in such a signal handler.

The best way to handle a signal in almost every case is to use GCD. Signal handling with GCD is easy and safe. On the rare occasions where you need to handle signals, GCD lets you do it with just a few lines of code.