Archive for March 2015

Tuesday, March 31, 2015 [Tweets] [Favorites]

Exploding Software-Engineering Myths

Janie Chang (in 2009, via Ilja A. Iwas):

The study and its results were published in a paper entitled Realizing quality improvement through test driven development: results and experiences of four industrial teams, by Nagappan and research colleagues E. Michael Maximilien of the IBM Almaden Research Center; Thirumalesh Bhat, principal software-development lead at Microsoft; and Laurie Williams of North Carolina State University. What the research team found was that the TDD teams produced code that was 60 to 90 percent better in terms of defect density than non-TDD teams. They also discovered that TDD teams took longer to complete their projects—15 to 35 percent longer.

“Over a development cycle of 12 months, 35 percent is another four months, which is huge,” Nagappan says. “However, the tradeoff is that you reduce post-release maintenance costs significantly, since code quality is so much better.

It would be nice if there were a way to measure how long it would take the non-TDD teams to reach the same defect density. Even then, it is not an apples-to-apples comparison because the final code differs. Presumably, code with tests is easier to maintain and extend going forward.

Monday, March 30, 2015 [Tweets] [Favorites]

Fantastical and Multiple Events

Dr. Drang:

So I’ve tried to come up with ways to make entering several similar calendar entries as painless as possible. Back when I was using TextMate, I had a system in which I entered one event per line with pipe characters (|) separating the description, date, time, duration, and location fields. These would then be converted into an .ics file and imported into iCal. That worked fairly well, but errors were sometimes hard to catch because the pipe separators made the lines noisy and difficult to read.

Enter Fantastical and its natural language parsing. Even better, enter Fantastical’s small but powerful AppleScript dictionary that allows you to write programs that use its NLP.

[…]

Is writing a file with a bunch of lines like this really easier than just typing them directly into Fantastical’s entry field? That depends on the power of your text editor and how good you are at exploiting that power. The lines have a lot of repeated text, and if you’re good at using things like copy-and-paste, search-and-replace, column editing, and multiple cursors, you’ll probably find that entering 15–20 lines in a file is distinctly faster.

It’s kind of like using a BBEdit shell worksheet. There’s a point—in between entering the commands manually and writing a script to generate them all—where it makes sense to construct them in an interactive editor and then execute all the lines.

Apple Pay Exposes Insecure Bank Policies

Rich Mogull:

This is a fascinating issue for two seemingly contradictory reasons. Apple Pay is one of the most secure payment methods in the United States, if not the most secure method, yet its very existence highlights massive weaknesses in the payment system. Let’s explore why and how some lesser known features of Apple Pay could dramatically reduce fraud, if more banks enabled them.

[…]

This is the exact opposite of most other countries where the cardholder is responsible for the fraud. Few other countries have guaranteed zero liability, although many banks do offer fraud protection as an enticement to use their cards. This is one of the main reasons most other countries use more advanced credit card security technologies, including card-based Chip and PIN systems and mobile payments. Meanwhile, the United States continues to rely on simple magnetic-stripe signature cards, which are incredibly easy to counterfeit. When consumers carry greater liability, security becomes an essential selling point.

[…]

The weak link, it turns out, is the process of registering your card with Apple Pay (“onboarding” in industry terms). Apple built a framework, not a new payment system, and Apple only mediates the connection between your iPhone and your bank. Your bank is supposed to validate that you are who you say you are, based on the Apple Pay registration process.

MacBook Pro Screen Staingate

Topher Kessler:

However, owners of some Retina MacBook Pros sold since mid-2012 are reporting that the coatings on their displays are peeling progressively under normal use. When this occurs, the systems show what appears to be light-colored stains on the display. Since the coating is translucent, the separation can’t always be seen easily in dark conditions with the display on, but it’s more apparent when the display is turned off in a bright environment.

The true extent of this issue is unknown, but it’s sufficiently widespread for disgruntled users to have created a dedicated “Staingate” Web site. Plus, a thread on Apple Support Communities has over 500 posts and nearly 90,000 views, and there’s even a Facebook group with over 800 members.

[…]

Apple’s support has often been customer-friendly and responsive, and the company has a great reputation for being personable with customers. However, Apple’s reputation is often sullied by oddly inconsistent behavior like this. Most recently, before starting an official repair program, Apple was similarly random about fixing graphics issues in certain MacBook Pro models (see “Apple’s Baffling Response to 2011 MacBook Pro Graphics Issues,” 13 February 2015).

Staingate.org (comments):

The stains can start as early as 7 months after the purchase. There is no clear pattern as to how it starts: some experience it in small spots around the edge, on other screens it appears in the middle as large patches.

Apple hasn’t responded accordingly to this problem and have told us that this is a “cosmetic damage and it is not covered by the warranty”.

Repair costs are around 800 USD/EUR with a 3 month warranty, so probably in 12 months the Macbook would start showing stains again.

JavaJosh:

Early last year I bought a top-of-the-line MacBook Pro Retina 15”. It cost about $3500. (I am a professional programmer, and use ever last ounce of this capacity.)

A few months ago, I noticed that the screen coating was starting to come off around the edges. About a week ago, I noticed a spot of missing coating in the middle of the display.

My 2012 Retina MacBook Pro is so far fine, but clearly this is affecting a lot of people, many of whom did not use any damaging screen cleaners. I don’t understand why Apple will invest in initiatives that are not about the bloody ROI—in other words, do what it thinks is right at a potential short-term financial cost—yet it seems to take a class-action suit to get it to stand behind its own products. And when you factor in the costs to its reputation, this might well make sense in terms of ROI.

Update (2015-07-20): Ben Lovejoy:

A possible class action suit is in preparation over multiple reports of what appears to be anti-reflective coatings flaking off the screens of Retina MacBook Pros, resulting in a stained appearance. Most of the machines affected seem to be 2013 models.

A group calling itself Staingate says that it has a database of more than 2500 people affected by the issue. More than 1800 of them have joined a Facebook group, a petition has been created, and lawyers Whitfield Bryson & Mason are collecting details of owners for “potential legal action against Apple related to staingate” …

Update (2015-10-19): Joe Rossignol:

Apple will replace Retina displays on affected MacBook or MacBook Pro models for free within three years from the date of original purchase, or one year from October 16, 2015, whichever is longer. Affected customers that have already incurred out-of-warranty costs may be eligible for a refund through AppleCare support.

Andrew Cunningham:

Apple won’t be launching its typical repair program for this fix—there’s no page where you can go and check your serial number to see if you’re eligible, and no concrete process laid out for obtaining service or reimbursement for previous service.

Nick Heer:

However, if you have an early-adopter Retina MacBook Pro that’s affected and you’ve been holding out for a proper out-of-warranty replacement program, this sucks. I stand by what I wrote back when this story broke: Apple should suck up the cost of replacing these displays regardless of when the product was purchased.

Update (2015-10-21): Benjamin Mayo :

In general, though, it seems Apple is trying to keep news of the problem quiet. There is no public acknowledgement of such a program existing on Apple’s website. Apple is contacting people who have reported the problem earlier in the year and were turned away, however.

Zarra’s Core Data Stack

Marcus Zarra creates a private queue context for writing to disk and a main queue (child) context for all user interaction:

To protect our main thread, we call -addPersistentStoreWithType: configuration: URL: options: error: in a dispatched background block. This will allow our -initializeCoreData method to return immediately, even if the persistent store needs to do some additional work. However, the user interface needs to know when it is safe to access the persistence layer. Therefore we need to use the callback block that was given to us.

[…]

The proper way to get access to the persistence controller is to inject it into each view controller as they are built and accessed.

[…]

The occasions where I don’t use this stack usually involve large data manipulation. When I need to process a tremendous amount of data into the Core Data stack and that data can be isolated away from the User Interface.

Paste Without Style

Craig Hockenberry:

I agree with Buzz Anderson: “Paste-with-styling is one of the worst software inventions of all time.”

[…]

Another reason for the confusion is that “and Match Style” really means “Without Style”.

I nearly always use “Paste and Match Style,” and most people should use it but probably don’t know about it. On the other hand, I think it usually makes sense to have the standard operation preserve as much data as possible. Apple made the opposite choice with the Finder’s Paste Exactly, although in that case you could argue that the information discarded by default is only metadata.

Pasting with or without styles is a thorny problem because, as Hockenberry notes, one typically wants different behavior in different applications. I think the problem of matching styles is one reason why many people prefer writing in plain text editors. Everything just looks right automatically.

User-Hostile iWork Experiences

Paul Kafasis:

Suggesting that users upgrade, when their current OS doesn’t support the new version, is just irksome. Wait until they’re on the new operating system, then pitch the upgrade.

[…]

These dialogs both pretend that an OS upgrade is no big deal. That’s a grave disservice to users whose workflows are very likely to be disrupted in some fashion with the OS upgrade. To top it off, they fail to offer a “Don’t Show Again” checkbox. They never stop appearing, until you finally do upgrade your OS.

[…]

This option is not available on the initial save, so you need to first save, then change the file type and re-save. It’s also tremendously well-hidden. In my case, finding it required the indirect help of an actual iWork engineer. Hopefully, future users who run into issues opening an iWork file from 10.10 on 10.9 will find this post and the workaround.

Saturday, March 28, 2015 [Tweets] [Favorites]

BusyContacts 1.0

BusyMac:

BusyContacts is a contact manager for OS X that makes creating, finding, and managing contacts faster and more efficient.

BusyContacts brings to contact management the same power, flexibility, and sharing capabilities that BusyCal users have enjoyed with their calendars. What’s more, BusyContacts integrates seamlessly with BusyCal forming a flexible, easy to use CRM solution that works the way you do.

BusyContacts syncs with the built-in Contacts app on OS X and iOS and supports all leading cloud services, including iCloud, Google, Exchange, Facebook, Twitter and LinkedIn.

Dan Moren:

You may not need everything BusyContacts can do, because it’s a lot. But if you’ve felt limited by Apple’s Contacts (or just hate its interface, as TidBITS publisher Adam Engst does), BusyContacts might fill some of the gaps you’ve encountered. In particular, if you need to share contacts among a group of people, say, in a small business, or if you need to log and manage your interactions with people, then BusyContacts is likely what you’re looking for.

[…]

That’s one place where BusyContacts’ useful filtering and tagging tools come in. Tags work essentially like groups in Apple’s Contacts, whereas filters are the equivalent of Smart Groups, letting you specify a set of criteria and then quickly view just the contacts that match them. But BusyContacts’ filters are far more powerful: for one thing, Apple only lets you create Smart Groups where a card matches a single criterion. BusyContacts supports multiple conditions, and you can see cards that match any, all, or none of them. It also lets you match on factors that Contacts doesn’t, so, for example, I can filter to see just those contacts that don’t have an associated picture.

I’ve been anticipating this for a while now because, like Engst, I’ve never been a fan of Apple’s Contacts application (or the former Address Book). My initial impression (after being put off by the installer) is that it has more features and a CRM focus that are interesting but not really what I’m looking for. I just want something basic with an interface that doesn’t get in my way, a sort of Fantastacts. As Moren points out, it doesn’t fix one of the most frustrating parts of Contacts:

I also wish I could easily rearrange the information in BusyContacts’ contact records. Reordering phone numbers requires a frustrating copy-and-paste dance; it’d be great if, in that aforementioned example with the area codes, I could simply drag my friend’s home phone number to the top of the list.

Update (2015-06-04): Gabe Weatherhead:

After using BusyContacts on my Mac for the past 6 months, I can declare it’s the most I will ever enjoy managing contacts.

ifo Apple Store Shuts Down

Gary Allen (via Peter Cohen):

After following Apple retail for 14 years, I’ve reached a happy ending, and am gracefully backing away from the crazy world of following the company and its stores. No more stories or analysis, or flying out to far-flung locations to join overnight crowds,waiting for the excitement of new store opening (NSO). I began this Web site as simply a way of celebrating the fun of grand openings and the close friendship of the people I met when I arrived in a new country or city.

Update (2015-10-15): Stephen Hackett:

Gary died on Sunday after a battle with brain cancer. I’ll miss Gary and his writing, and wish his wife, son and family all the best.

Michael S. Rosenwald:

Allen, a retired EMS dispatcher, traveled around the world — obsessively and expensively — to be among the first in line at the company’s new stores. He attended more than 140 openings, collecting all sorts of trivia. He could even tell you where Apple store tables are made (Utah; he stopped by the factory once to say thanks).

The history of Apple’s global conquest is stamped in Allen’s passport.

MailMate 1.9

Benny Kjær Nielsen:

As explained in the previous blog post I’ve been working on making MailMate a 64 bit application. This change is now complete and it involved numerous optimizations making MailMate faster while also making it use much less memory.

The migration to 64 bit is far from the only thing I’ve been working on. As always, the release notes are ridiculously long. Note that some of the listed features were also available in earlier releases as experimental 2.0 features enabled in the General preferences pane.

One of the new features is a bundle for importing the selected messages into EagleFiler. (It has long had built-in support for SpamSieve.)

ResearchKit and Open Source

Russell Ivanovic (tweet):

I’ve talked to a lot of people since the launch, and the problem is no one seems to know exactly what parts of it are open source, or even what it does. Are the 5 iOS apps built to date open source? Is the data in an open format? Is it the server part that’s open source?

[…]

So, currently at least, there’s no open source server components, no open format for exchanging data and an iOS only open source framework that Apple want developers to build modules for.

Instant Cocoa

Instant Cocoa (via Soroush Khanlou, tweet):

Instant Cocoa is an Objective-C framework for making iOS apps. It makes intelligent guesses about how your system is set up using introspection, and provides convenient points to override those guesses when you need to.

[…]

When push notifications and x-callback-urls come in, having a dedicated way to handle your URL schemas is a life-saver. Instant Router lets you register routes and automatically handles view controller allocation and presentation, so you can get back to making the stuff in your app that you care about.

Instant Cocoa provides a rich model framework for representing your domain in memory. It can flexibly map JSON objects from an API, and perform API actions on each of your domain objects. Features such as Serializers and Value Objects let you write less code and more effectively model your business logic.

[…]

The Data Source module helps you manage all your index path logic with ease. Remote data sources can download and map objects from your API. Multi Data Sources can keep track of several data sources and marshall all their objects for you, putting each data source into one section, or preserving the sections of each child data source.

Swift Protocols and Generics

Airspeed Velocity:

So it looks like Printable is some kind of fixed-sized box that holds any kind of value that is printable. This kind of boxing is quite a common feature in other languages like Java and C#. But here even references to classes are put inside this 40-byte box, which might surprise you if you’re used to thinking of protocols as like refereces to pure virtual base classes. This Swift box is geared up to hold both value and reference types.

[…]

OK, so protocols used like this seem to add some level of indirection. Does that cost us anything compared to using the generic placeholder approach? To test this out, we can construct some trivial structs that perform a basic operation, and then attempt to run that operation multiple times via both a protocol and a generic placeholder.

[…]

Speaking of dynamic behaviour – that might be one occasion when you might prefer to use protocols rather than generics. […] A contrived example obviously, but it shows how even structs in Swift can get dynamic behaviour at runtime via protocols, that you might find a use-case for.

Scenery 1.0

Scenery:

Scenery is an application for the Mac that creates product mockups. Want to present your latest design work to your client or get a killer visual for your app’s marketing website? Scenery has got you covered.

Download our free Mac application and create an account. Browse our store of template packs, and check out the Free Starter Pack. Simply drop your screenshot or design, and you’ll instantly see it mocked up in all device photos. Once you’ve found the right style and scene you can purchase a pack—or simply use the free, watermarked previews.

We sell royalty-free licences for images, sold in packs. That means that you can use the image as often as you want, without having to make further payments to the photographer.

I’m not really a fan of these type of product images, but it seems to be what people are doing these days.

It’s written completely in Swift:

In the beginning, we spent a lot of time waiting for the compiler, but the stability and speed of the tooling has improved a lot in recent releases, so we hardly ever have issues anymore. Even when you take the time spent waiting on the compiler into account, I think we were still writing better code at a higher speed than with Objective-C.

The code base we ended up with makes me much happier than most Objective-C code bases I’ve seen. Having Swift’s type-safety greatly improves my trust in refactorings: I feel free to change a function’s type, add parameters or change parameter types. I know that the compiler will help me catch any type-related errors. We use a lot of functional patterns: tiny networking, typed observers, configuration values, wrapper types, and the list goes on.

Wednesday, March 25, 2015 [Tweets] [Favorites]

Commoditized Complements and Fear of Apple

Michael Burford:

So for iPhone Productivity apps, any app that is out of the top 200 is selling single digit copies a day at best. So of the thousands and thousands of productivity apps, most are making virtually nothing. With a very large percent making absolutely nothing.

But the lucky 10 or so at the top are likely selling hundreds or thousands of copies a day.

Eli Schiff (Hacker News, Slashdot):

Arment understood then why the session went this way, and why still to this day close to nothing has been done to make the App Store more hospitable to developers—Apple has not perceived any incentive make it so: “Apple thinks this is good enough. And that’s the scariest part of all.”

[…]

According to reporting, “1.6 percent of developers earn more than the other 98.4 percent combined. And the bottom 47 percent of engineers earn less than $100 per month.” Yet somehow, independent app development has often been described as a ‘gold rush’ despite it being quietly understood by developers, even as early as 2009, that this was hardly the case.

[…]

It is clear that the recent influx of independent app developers into larger organizations and venture-backed startups coincides with independent development for the App Store being ever more exposed as an unprofitable venture. Developers who would otherwise be quite comfortable coding apps on their own now feel compelled to turn to large organizations in order to find gainful work.

[…]

The reason for the obscurity of most independent apps is that Apple’s rejections and consistent featuring of free and cheap apps have incentivized a race to the bottom that makes developing for the App Store an unsustainable venture. It is not only indie developers feeling this squeeze, large companies also feel they have to appease Apple. They recognize that if they do not get featured by Apple, they will get buried.

[…]

For developers today, there is actually disincentive to providing support for their apps in order to make them dependable. Every time a developer release bug fixes in an app update, prior reviews are wiped and the reviews are left blank for the new version. Instead the best option for developers is to create ‘free’ viral apps with casino-like in-app purchases.

[…]

Things went south In 2012, when Ivanovic launched a new version of the Pocket Casts app on the Android Play Store first, rather than Apple’s App Store. The launch was a real success, and he publicly shared the good news. Before he knew it, his Apple Developer Relations representative stopped all contact. The representative would not even answer his emails. Ivanovic had been completely shut out.

makeofpalk:

We recently had our iOS Developer Program terminated, for what I can only assume was a gross misunderstanding on Apple’s behalf. And I can only assume because Apple won’t actually tell us why they terminated our account. We just got a standard form reply with zero detail. Whenever we call Developer Support, they can’t/won’t tell us anything. We have absolutely zero information on why they permanently expelled us from the App Store.

Update (2015-03-25): Responses from Marco Arment, Russell Ivanovic, Matthew Drayton, and Daniel Jalkut.

Update (2015-03-28): Follow-up from Eli Schiff and a response from Nick Heer.

Update (2015-04-03): Allen Pike (via iOS Dev Weekly):

A critical article about some Apple technology or policy is like a kind of thought virus. If you make a compelling argument, you can seed it on the open internet, and by its nature the article will spread among people who care about Apple and its success or failure. Naturally, this includes Apple employees. While it may be impossible from the outside to discern who is responsible for a particular iOS 8 usability issue, a thoughtful critique of the problem has a decent chance of making its way to that team and driving change for the better.

Fantastical 2 for Mac

Fantastical 2 (App Store) is a big update, though the change list doesn’t seem to be documented yet.

Update (2015-03-25): It looks like Fantastical 2 uses YapDatabase and SQLite’s FTS module for searching. I expect this means it will be immune to the many searching problems that I experienced with Apple Calendar, which I think relied on Spotlight. It also now supports axis searches, e.g. “title:foo location:bar notes:baz”.

Update (2015-03-28): Joe Cieplinski:

I always watch Michael Simmons very closely when he’s launching a new product. The guy never fails to get great press coverage. And it’s not by chance.

[…]

It’s brilliant. And it obviously works. But only because it’s genuine. And only because he’s willing to put in that time. That incredible amount of time. Not coding. Not designing. (That’s all getting done, too.) But good old-fashioned marketing.

Saturday, March 21, 2015 [Tweets] [Favorites]

A Friction-Free World

Casey Liss:

Wired has an excellent write-up about the process and thinking behind creating Disney’s Magic Band. Eschewing credit-card style admission passes and room keys, MagicBands are bracelets that double as RFID tags. They’re used to open your hotel room, enter the park, buy food, get Fast Passes, and more.

Cliff Kuang:

In fact, it’s called the paradox of choice: You make people happier not by giving them more options but by stripping away as many as you can. The redesigned Disney World experience constrains choices by dispersing them, beginning long before the trip is under way. “There are missions in a vacation,” Staggs says. In other words, Disney knows that parents arrive to its parks thinking: We have to have tea with Cinderella, and where the hell is that Buzz Lightyear thing, anyway? In that way, the park isn’t a playground so much as a videogame, with bosses to be conquered at every level. The MagicBands let you simply set an agenda and let everything else flow around what you’ve selected. “It lets people’s vacations unfold naturally,” Staggs says. “The ability to plan and personalize has given way to spontaneity.” And that feeling of ease, and whatever flows from it, just might make you more apt to come back.

Friday, March 20, 2015 [Tweets] [Favorites]

FTC Report Shows How Google Skewed Search Results

Rolfe Winkler and Brody Mullins (via John Gruber):

Instead, Google would “automatically boost” its own sites for certain specialized searches that otherwise would favor rivals, the FTC found. If a comparison-shopping site was supposed to rank highly, Google Product Search was placed above it. When Yelp was deemed relevant to a user’s search query, Google Local would pop up on top of the results page, the staff wrote.

Other regulators have found similar practices. European antitrust authorities in 2013 said Google had a different, “specialized” search algorithm for ranking its own content.

To bolster its own listings, Google sometimes copied, or “scraped,” information from rival sites. According to the FTC report, Google copied Amazon’s rankings of how well products were selling, then used that information to rank its results for product searches. Amazon declined to comment.

But it sounds like the FTC is not recommending any action.

Update (2015-03-25): Rolfe Winkler and Brody Mullins (via John Gruber):

In discussing one of the issues the FTC staff wanted to sue over, the report said the company illegally took content from rival websites such as Yelp, TripAdvisor Inc. and Amazon to improve its own websites. It cited one instance when Google copied Amazon’s sales rankings to rank its own items. It also copied Amazon’s reviews and ratings, the report found. A TripAdvisor spokesman declined to comment.

When competitors asked Google to stop taking their content, Google threatened to remove them from its search engine.

Update (2015-03-25): Danny Sullivan:

To get needed local reviews, Google made “policy decision” that if not provided, local sites dropped from web search

Update (2015-03-28): Danny Sullivan (via Nick Heer):

We’re still going through the report ourselves for follow-up stories. But the live tweet of the highlights I did earlier are rounded-up below[…]

Brody Mullins:

One way Google favored its own results was to change its ranking criteria. Google typically ranks sites based on measures like the number of links that point to a site, or how often users click on the site in search results.

But Marissa Mayer, who was then a Google vice president, said Google didn’t use click-through rates to determine the ranking for its own specialized-search sites, because they would rank too low, according to the staff report.

Via Nick Heer:

So why did this case — which, by the way, recommended a lawsuit against Google — result in no charges and no suit?

Launcher Returns to the App Store

Federico Viticci (tweet):

And yet, after months of not being available on the App Store despite being originally approved in September 2014, Launcher is about to be covered (and used as an example) by the press again. Launcher has been re-approved by Apple, and it’s coming back to the App Store today with the same feature set from six months ago.

[…]

And while in Launcher’s case the developer was told the app could never come back to the App Store, other developers had more luck after receiving press coverage and seeing a rejection reversed over the course of a few days. “You may recall that I wrote a blog post back in December where I begged Apple to publicly release the guidelines they have for widgets”, Gardner told me over email this week.

[…]

Over the past six months, Gardner has gone through a series of back and forth with Apple’s App Review (which he covers in episode 30 of the Inquisitive podcast), and he was eventually told to resubmit Launcher because, in the months since the first rejection, the company had decided to accept that kind of app-launching functionality. It’s not unusual for Apple to loosen App Store restrictions over time, even if no clear guidelines were ever provided in the first place. “I’m wondering if they never did that because maybe they knew that they were going to revisit this decision at a later time and may reverse it”, Gardner said.

Apple’s guidelines still make no mention of Notification Center widgets. See also my post from when Launcher was rejected.

IP Box Unlocks iPhone By Brute Force

MDSec (via John Gruber):

Although we’re still analyzing the device it appears to be relatively simple in that it simulates the PIN entry over the USB connection and sequentially bruteforces every possible PIN combination. That in itself is not unsurprising and has been known for some time. What is surprising however is that this still works even with the “Erase data after 10 attempts” configuration setting enabled. Our initial analysis indicates that the IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory. As such, each PIN entry takes approximately 40 seconds, meaning that it would take up to ~111 hours to bruteforce a 4 digit PIN.

Another reason not to use a 4-digit PIN. I’m trying to figure out the implications for 1Password. It stores your master password in the iOS keychain but tries to remove it from the keychain when you reboot your device. However, it sounds like the latter is enforced by the application itself rather than the system. So if you could arrange for 1Password to quit or crash before the device restarts, the (obfuscated) master password would still be in the keychain. After unlocking the device, you could jailbreak it, which would then allow 1Password’s section of the keychain to be accessed by a nefarious app.

Update (2015-03-28): Hacker News comments.

USB Type-C Power Adapter Possibilities

Thomas Brand:

By not including more capabilities in the power adapter, Apple missed the opportunity to make their new MacBook more functional both out on the road, and back at the desk. Now that power is no longer a proprietary connection on the new MacBook, I hope other companies will take this opportunity after Apple did not.

Third-party power adapters that are also desktop laptop docks. Projectors that provide power as well as video, audio, and USB. A new kind of computer monitor that provides all of the external capabilities of an iMac when plug your new MacBook to charge. The options are endless, and sound a lot more exciting than a $79 piece of plastic.

Login Screen Shows “[Update Needed]”

I recently ran into this issue where the Mac’s login screen shows, in the place of a user account icon, a generic question mark icon with name “[Update Needed]”. Despite the scary icon, I was able to select the “account,” enter my password, and log in as normal. There was no OS update available.

This seems to be related to having FileVault enabled and having multiple user accounts, not all of which have the FileVault credentials. I was able to fix it by decrypting and then encrypting the hard drive. After reading some more, perhaps it would have been possible to go into the FileVault tab of the Security & Privacy preferences pane and make sure that each user account has access to decrypt the disk.

kvdb and sfts

kvdb is an “embeddable Key-Value Database and Full Text Search” (via Hoà V. DINH). kvdbo is built on top of kvdb and uses a special key to keep track of the order in which key-value pairs were inserted. The sfts text searcher (built on kvdbo) uses 64-bit integer document IDs and supports prefix, substring, and suffix searches for individual tokens (not phrases). There does not seem to be any documentation about thread safety (looks like build-your-own) or transactions (doesn’t seem to use journal files).

Tuesday, March 17, 2015 [Tweets] [Favorites]

Replacing Photoshop With NSString

Charles Parnot:

This “drawing” described very nicely what I wanted to do, better than any comment I could ever write for any kind of code, in fact. That ASCII art was a great way to show directly in my code what image would be used in that part of the UI, without having to dig into the resources folder. The actual drawing code suddenly seemed superfluous. What if I could just pass the ASCII art into NSImage directly?

[…]

Xcode does not compile ASCII art, so I decided I would write the necessary ‘ASCII art compiler’ myself. OK, I did not write a compiler, but a small fun project called ‘ASCIImage’! It works on iOS and Mac as a simple UIImage / NSImage category with a couple of factory methods. It is open-source and released under the MIT license on GitHub.

So cool, and it looks like a good excuse to play with Monodraw. It also takes care of the fiddly drawing stuff:

Without anti-aliasing, it is tricky to get the correct pixels to turn black. For this, I found that one should use a thicker line width for 45-degree lines, equal to the diagonal of a 1-pt square: the square root of 2. This width works fine for other angles, including horizontal and vertical lines, thus drawing of the lines is done using this width for aliased rendering, instead of the 1-pt width for anti-aliased rendering.

Update (2015-03-25): Charles Parnot:

The response has been overwhelmingly positive, with lots of excitement, oohs, wows and aaahs. That’s an incredibly fun experience for me.

Here are a few related items to follow-up on all this[…]

There are comments on Hacker News and Reddit.

Using Core Data With Swift

Tom Harrington:

Both Core Data and Swift include the concept of an optional value. But when Xcode generates subclasses, it doesn’t consider whether Core Data thinks the value is optional when generating the Swift file. It generates non-optional properties every time. This conflict means that you end up a Swift non-optional property that could reasonably have a nil value. The compiler sees that the property is not optional, so it doesn’t mind that you aren’t checking this (in fact, Swift rules mean it’s not possible to check, because the property is not optional). This is exactly the kind of problem Swift’s compiler is supposed to catch for you, but here it can’t.

This can lead to crashes.

If you’re using mogenerator, you’re covered for Core Data optionals. It makes sure Core Data optionals become Swift optionals. I’d take it a step farther and make all properties optional in Swift even if they’re required by Core Data. Core Data doesn’t enforce the “required” rule until you save changes, so even non-optional attributes can legally be nil at almost any time.

[…]

Although the documentation could be read as meaning that @NSManaged is required, it actually isn’t. It’s only needed if you’ll be letting Core Data handle the accessors. If you’re providing your own, drop it. Core Data’s accessor magic is not documented but it seems you can’t just override it like you’d override other methods.

Force Touch Trackpad

Thomas Brand:

This weekend I had the opportunity to try out the new Force Touch trackpad on the new 13-inch MacBook Pro with Retina display. The sensation of a physical click is so good I had to turn the computer off, disabling the haptic engine, just to make sure I was using the new trackpad. With the MacBook Pro turned off the trackpad doesn’t move. (Clicking on it gives you the same sensation as pressing on the palmrest.) But after turning the MacBook back on, clicking the trackpad gives you the same sensation as the old trackpad where the surface is depressed. Dr. Drang calls this sensation tactile illusion, and it is caused by electromagnets in the haptic engine rapidly shaking the trackpad in a lateral motion. I call it another reason to buy a Mac.

Apple didn’t design the new Force Touch Trackpad just so that it could fit into a thinner Mac. Using the built-in software you can adjust the force of the new trackpad’s click without turning a screw.

Apple:

Here are some examples what you can do with a Force click.

Dr. Drang:

The trackpad uses four force gauges, one at each corner, to measure the force you exert when pressing down on it. It’s remarkably similar to the way my bathroom scale works. The force gauges are themselves very simple: short cantilever beams with strain gauges on one side. The strain gauges change resistance according to the curvature of the beams, the curvature of the beams changes according to the forces acting on them, and the four forces on the beams add up to the total force of your touch. By putting a gauge at each corner, the force is measured accurately regardless of where you touch.

[…]

More interesting to me is the feedback the trackpad gives you. A set of electromagnets along one edge of the pad shake it laterally according to criteria that are a complete mystery to me. Somehow, though, buzzing the pad laterally gives the user the impression of downward motion. Everyone who’s tried it out says the feeling is uncannily like pushing down on a regular trackpad.

Update (2015-03-20): Apple:

Apps can have any button, control, or region on the screen respond to a press of stronger pressure. A Force click can provide a shortcut to additional functionality within the app.

[…]

Pressure sensitivity in the trackpad enables apps to give users greater control. For instance, fast-forward in media playback can speed up as pressure increases.

[…]

Let users react to a Force click gesture while in the middle of performing a drag, for instance, to immediately open a new target for the drop.

[…]

Download the latest release of Xcode 6, which includes OS X 10.10.3 SDK, and use the development resources below to learn more about creating apps that support the Force Touch trackpad.

Here is a summary of what’s new:

Buttons and segmented controls can also now be set as spring loaded. When enabled, the receiver may be activated by dragging something over it and force clicking—pressing harder. When spring loading is enabled and a user drags something over the receiver, the receiver highlights to indicate that it responds to force clicking. In this situation, if the user presses harder, additional highlighting occurs to indicate that the receiver was activated.

Update (2015-03-22): Julio Ojeda-Zapata:

Execution is everything, and the Force Touch trackpad has been implemented impeccably based on what I’ve seen so far. It just works, and is a welcome addition to the MacBook line. I hope Apple makes it possible for desktop Mac users to join the Force Touch party too, with an updated Magic Trackpad.

Excellent though it is, I’m still a mouse guy.

Update (2015-03-30): Thomas Aquino:

The part that struck me about using Force Touch was how useful it was in alerting me that I clicked something. Clicking a word did two things: (1) it showed me the definition; but (2) more importantly, I felt the click at the same time. Feeling my action was key because it let me know that I’m clicking without me having to rely solely on my vision to know that I clicked. And that’s the accessible part – the Force Touch trackpad gives me yet another cue (beyond the popover animation and sound of the click) that something happened.

Saturday, March 14, 2015 [Tweets] [Favorites]

Jony Ive and the Newton MessagePad 110

Leander Kahney (via Thomas Brand):

Jony designed a clever, spring-loaded latch mechanism; when you pressed the lid, it popped open. The mechanism depended on a tiny copper spring carefully calibrated to give just the right amount of pop. To allow the lid to clear any expansion cards in the slot on top, Jony created a double hinge to allow the lid to clear any obstructions. When the lid was open, it flipped up and over the back to be stored out of the way. That conveyed something to the user too. “Pushing the lid up and around the back was important because the action is not culturally specific,” Jony noted at the time.

The original Newton MessagePad had no cover/lid. The thinner pen attached to the right side and didn’t telescope.

Simple Reflection in Swift

Angelo Di Paolo (via Aaron Brager):

Swift offers metatype type to refer to the type of any Swift type such as enumerations, structures, and protocols. To access the value of the metatype type use the postfix self expression. […] Now the value of objectType can be used to create a new SomeClass instance just like how a Class value would be used in Objective-C.

[…]

If you examine Swift in Xcode you may have noticed the Reflectable and MirrorType protocols. […] This mirror-based reflection API is not yet officially documented anywhere (at least that I know of) and it seems that for now it is mostly used by the REPL. However, this limited API does give us the capability to inspect some basic information about our values.

[…]

The Swift standard library defines a reflect method that takes a value of any type and returns a mirror (MirrorType) object which provides information about the value such as its type and properties.

[…]

You may have noticed that our Brew struct does not conform to Reflectable and despite the lack of a getMirror() implementation we are still able to produce a mirror when calling reflect(brew). This works because the runtime provides a fall back MirrorType implementation that works for any type when a mirror is not directly provided for a type.

Simple Proof of the Tetris Lamp

Jack Morris (via Hacker News):

The lamp itself is composed of 7 individual pieces, containing a total of 28 squares. Therefore, assuming we can indeed form it into a rectangle, it would have to be 7x4 or 14x2 squares in size. I’m using the former case here simply because it’s a more natural shape, however this proof applies equally as well to the latter. Now imagine that we label each of these squares with a colour - either black or white - such that they form a checkerboard pattern as shown above. Notice that the number of black squares must be equal to the number of white, a property we’ll exploit.

So that’s 14 black squares, and 14 white. Looking at each of the pieces individually, the issue with our assumption quickly appears.

Arq Adds Archiving and Google Cloud Storage Nearline

Stefan Reitshamer:

Lots of people have emailed me asking for a way to put their stuff on Glacier and then delete it from their hard drives, because they’re running out of disk space. I used to think that disk space was becoming so plentiful that this would never be a problem, but the disk-space growth graph started over with the advent of SSDs, so I guess we’re not there yet!

Arq is our backup app that reliably backs up your files to your own Amazon Glacier account. It has always expected the files to remain on your disk. But now we’ve changed that! You can pick a folder and mark it as an archive.

Avtandil Garakanidze:

Today, we're excited to introduce Google Cloud Storage Nearline, a simple, low-cost, fast-response storage service with quick data backup, retrieval and access. Many of you operate a tiered data storage and archival process, in which data moves from expensive online storage to offline cold storage. We know the value of having access to all of your data on demand, so Nearline enables you to easily backup and store limitless amounts of data at a very low cost and access it at any time in a matter of seconds.

The response time is about 3 seconds, rather than about 3 hours for Amazon Glacier. The current price for storage is 1 cent per GB per month, the same as Glacier. Unlike Glacier, uploading is free.

Stefan Reitshamer:

Arq 4.10 is now available, and it includes support for backing up to Google’s just-announced “nearline” storage!

Bidding Farewell to Google Code

Chris DiBona:

As developers migrated away from Google Code, a growing share of the remaining projects were spam or abuse. Lately, the administrative load has consisted almost exclusively of abuse management. After profiling non-abusive activity on Google Code, it has become clear to us that the service simply isn’t needed anymore.

Beginning today, we have disabled new project creation on Google Code. We will be shutting down the service about 10 months from now on January 25th, 2016. Below, we provide links to migration tools designed to help you move your projects off of Google Code.

[…]

January 25, 2016 - The project hosting service is closed. You will be able to download a tarball of project source, issues, and wikis. These tarballs will be available throughout the rest of 2016.

Friday, March 13, 2015 [Tweets] [Favorites]

flatMap and Swift 1.2 Betas 2 and 3

Airspeed Velocity:

And at this point, hopefully it’s clear that flatMap and optional chaining do very similar things. Optional chaining essentially is a compact version of flatMap that only works on methods. When you want the same functionality as optional chaining, but instead with a function you need to pass the optional value into (like with find) instead of calling a method on that value, you need flatMap.

That’s not all flatMap does – it’s also a method on arrays (think of a mapping function that turns elements into arrays of elements), and there’s a generic free function version that works on sequences and collections.

Thursday, March 12, 2015 [Tweets] [Favorites]

iMessage’s Send Read Receipts

Garrett Murray:

Why did I enable it begin with? I’ve complained in the past on numerous occasions that I’d really like my wife to know when I’ve read a message. It’s annoying to be at the grocery store and receive a “don’t forget eggs!” message only to receive a followup “please let me know you saw this” message a few minutes later. I always want my wife to know when I read her messages—they’re generally action items or requests and she wants confirmation (this same requirement goes the other way, obviously). Ideally, iMessage would allow for per-contact or per-group settings for sending read receipts, but it doesn’t. It should! But it doesn’t. So if I want Stacey to know when I’ve read her messages, I have to let everyone know. Boy oh boy does that complicate things.

Wrapping libxml2 for Swift

Janie Clayton:

I have included the profiler in my sample code for this project, but in case you don’t feel like running it yourself, my benchmarking showed that using libxml2 was four times faster than tree-based NSXMLDocument parsing and three times faster than event-based NSXMLDocument parsing.

[…]

I was becoming incredibly confused and frustrated when Brad had me add a println() in LibXMLDoc between when we initialize the document and when we initialize the root node. It turns out that ARC was deleting the LibXMLDoc immediately after it was being initialized because it wasn’t being held on to or referenced anywhere. D’oh!

[…]

The solution utilized here was to replace the strongly referenced LibXMLNode root node with a private, internal weak root node and a computed property checking to see if this internal root node has been set yet. If it has, it is returned. If it hans’t, we extract the root node, set it to the internal root node, and return it.

[…]

And this, kids, is why you still need to think about memory management and ARC even if you started coding after iOS 5, like I did.

Touch Input During Animations

John Gruber:

William Van Hecke made an interesting video showing a difference in iOS 7 and 8 from all prior versions of iOS — touch gestures are now ignored during system animations.

[…]

I think it’s more like the old animations ended abruptly, whereas starting in iOS 7 they ease out slowly. The difference isn’t between being interruptible or not, but rather between ending quickly and ending slowly. The result, though, is what matters, and the result is that it feels slower.

Try

Neven Mrgan:

OneShot tried, and shaved off some work from this task, and that’s helpful enough. If it got it wrong, oh well, no harm done. My instinct says Apple wouldn’t ship a feature like this—they’d want it to work 100% of the time, or not at all.

I’d like to see more software try to do a good job of a fuzzy task, let you help it with the last mile, and give you a fallback option. That kind of magic can be more delightful than behind-the-scenes, guess-and-stick-with-it magic we’re often promised.

The Minus Sign

Ole Begemann:

The default behavior of NSNumberFormatter is to use the hyphen-minus to format negative numbers. Considering that the class can be used not just for output formatting but also for parsing strings, this default makes sense. Almost every data interchange format (think JSON) uses the hyphen-minus to represent a minus sign.

But if you need to format negative numbers for display in your app, your text will look much more professional if you use the real minus sign. Fortunately, this is easy. All you need to do is create a string with the correct minus sign character and assign it to your number formatter’s minusSign property.

How to Proof EPUBs on the iPad With iBooks

Michael E. Cohen:

The unexpected demise of Book Proofer caused many book developers (a small but proud community of which I am a member) more than a little consternation. Without Book Proofer one has to go through the arduous process of editing an EPUB’s files, packaging them all up inside an EPUB file, loading that EPUB into iBooks, reviewing the results, and then, if the results aren’t as desired, deleting the book from iBooks, and engaging in another round of editing, packaging, and loading.

[…]

As if to add insult to injury, the iBooks app that ships with Yosemite ostensibly offers a way out with its Advanced > Add ePub to Library as Proof command. (You must first enable the Advanced menu in iBooks > Preferences > Advanced.) Frustratingly, though, that command doesn’t seem to work. Choose it, and you see a standard Mac file dialog in which EPUBs show up as unselectable!

However, it turns out that the command does work, just not with a normal EPUB file. Here’s the trick — in four-part harmony — for making it work.

Wednesday, March 11, 2015 [Tweets] [Favorites]

Tech Is Dead

Oluseyi Sonaiya (comments):

Software developers, entrepreneurs, technophiles—we are suffering through this transition right now. Derisive comments are made about purchasing decisions “driven by fashion,” and products deemed to insufficiently “push the envelope” are panned. Yet we can no longer anticipate healthy response to products and services offered on the strength of being superior technology; consumers don’t care. We also can not overreact to the large “tech” companies’ product offerings becoming poorer and poorer fits for us; we are no longer their core customers. Technology is now a competency, a competitive edge, but not a core value proposition.

We’re all in the consumer products and services business now.

Photo Grabbr 1.5b

Vince Tagle:

I keep track of a lot of Flickr accounts and every so often, I come across a photoset that’s just so brilliant, I want to keep a local copy for myself. Unfortunately, it’s rather cumbersome to open each photo individually, save the size that I want, and then rename the file to match the title of the photo. Even more unfortunate is that as far as I could tell, there wasn’t anything for Mac OSX that would help simplify this job. So the only thing left to do was to write Photo Grabbr so that I could use it for myself.

It’s a handy utility that I’ve been using for years, at least until Flickr blocked API access over HTTP. With this update, Photo Grabbr now works over SSL.

After installing version 1.5b, I was getting “Invalid auth token” errors whenever I tried to search. The developer suggested removing the preferences and re-authorizing my account. I didn’t want to reset all the preferences, since I wanted to preserve my list of recent users. Issuing these commands:

defaults delete com.malarkeysoft.PhotoGrabbr "Authenticated User ID"
defaults delete com.malarkeysoft.PhotoGrabbr "Authentication token"

deleted just the necessary preferences.

Promoting Games With No In-App Purchases

Federico Viticci:

Apple has started promoting games that don’t have any In-App Purchases on the front page of the App Store. Currently featured in the UK App Store and likely expanding to the U.S. store later today as part of the App Store’s weekly refresh, the section is called ‘Pay Once & Play’ and it showcases “great games” that don’t require users to pay for extra content through IAPs.

Bravo.

iOS 8.2’s Mandatory Apple Watch App

Sam Machkovech:

During Monday’s Apple press conference in San Francisco, Tim Cook announced that iOS 8.2 would immediately begin rolling out to compatible iDevices—as in, any device that could already run the original version of iOS 8. Along with expected bug fixes, the update’s biggest addition was support for the upcoming Apple Watch. It’s a fact that users are now being bonked over the head with thanks to the creation of a dedicated, mandatory app.

[…]

Apple faces two major rivals who produce both smartwatches and smartphones, but both Google and Samsung have elected to ask owners of Android Wear and Samsung Gear (respectively) to log into their exclusive app shops and download a free, optional app to support their wearables.

This totally unsurprising after the U2 promotion.

Ilja A. Iwas:

How is Apple putting the “Apple Watch” app permanently on my iPhone different from Lenovo crippling their laptops with pre-installed adware?

You can delete the adware.

Watching the Watches

Nathaniel Irons:

If I’m going to start wearing a watch again soon, it’ll happen because of notifications, even though I don’t remotely believe what Tim Cook’s asserting. I was at a lunch a couple of months ago with a guy wearing an Android Wear watch, and by an order of magnitude, he spent more time glancing, poking, and swiping at his watch than I’ve ever seen someone do with their phone in a social setting over a similar period of time.

Let’s Build @synchronized

Mike Ash:

Apple’s implementation of @synchronized is available as part of the Objective-C runtime source distribution. This specific bit is available here.

It’s build for speed rather than simplicity as the above toy implementation is. It’s interesting to see what it does the same and what it does differently.

The basic concept is the same. There’s a global table that maps object pointers to locks, and the lock is then locked and unlocked around the @synchronized block.

I love reading about Apple’s runtime optimization techniques.

Tuesday, March 10, 2015 [Tweets] [Favorites]

Switching to Smaller iPhones

Kirk McElhearn (iPhone 6 to iPhone 5s):

I used the iPhone 6 for a week; I went back to the iPhone 5s on Friday, to see if I really liked it better. And I did. This may be because of its familiarity; it’s a comfortable size. I can hold it comfortably in one hand, and do most of what I need with just one hand. The iPhone 6, however, felt alien, as though it was just not the right size for my hand. Granted, iPhones have always been smaller (I don’t consider the taller display of the iPhone 5 and 5s to be that different from previous models), so the iPhone 6 was very new. But it just wasn’t right for me.

I’ve always bought unlocked iPhones, and I’ve bought them from Apple, so I have the option of returning them within 14 days. I appreciate Apple’s return policy that allows me to try out a new device. I’ve never returned any Apple products for this reason before; I’ve exchanged defective Macs, but never sent back something I simply didn’t like.

Chris Mills (iPhone 6 to iPhone 5s)

For the first two months, everything seemed perfect. Texting from my desktop seemed magical, HealthKit was kinda handy, and it hadn’t even bent. But heading abroad, I needed an unlocked phone, so grabbed my poor, forgotten 5S out of a drawer and took it adventuring. Over the course of a couple days, I realized something: in every different way that matters to me, the iPhone 5S is a better phone.

[…]

As it turns out, the thing that most clearly sets the two devices apart—the size and design—is what I find to be the most annoying on the 6. I have small (but not ridiculously tiny) hands, and I basically live in perpetual fear of dropping it. That prompted me to spend even more money on Apple’s own leather case, and that improved things a little, but it’s still nowhere near as comfortable to hold as the 5S. The idea that big phones are ergonomically worse is far from new—heck, Apple made ads to that effect back when they launched the 5—but it bears repeating just how annoying it can be.

Fred McCann (iPhone 6 to iPhone 5s):

After my reluctance and experience moving to the larger sized iPhone 5, I was much less apprehensive about the 6. Certainly Apple knew what they were doing. I knew there would be an adjustment period, but I was so confident that this would not be an issue that I gave away my iPhone 5 a few days after getting the 6.

I was wrong.

Seth Clifford (iPhone 6 Plus to iPhone 6):

In addition to its unique physical characteristics, based on my personal findings and the feedback of other Plus users, I’ve come to believe that the device is severely affected by its RAM allocation. My theory is that while it has the same amount of memory that the iPhone 6 has, the extra large screen and constant scaling the device does to manage the display put it at a serious disadvantage. I noticed apps constantly relaunching, Safari tabs being flushed extremely quickly, and states across actions and apps not being preserved the way I’d expect. In day-to-day use it gets annoying, but it’s not crippling. That said, for a device I use dozens of times a day, it becomes a pretty glaring negative. The few OS updates that have arrived since it launched have helped a little it seems, but not enough to be unnoticeable. Additionally, this impacts other aspects of use, as an app like Pebble will get flushed from memory more frequently, preventing the watch from working correctly. Any external hardware that requires an app connection to be held in memory for consistent functionality passed between devices is probably eligible for this kind of problem.

Manton Reece:

I’m still using the iPhone 5C and think the design is nearly perfect. I wish I had the iPhone 6’s camera, but I’m not upgrading phones until Apple ships a “6C” next year with a 4-inch screen.

I’m still liking my iPhone 5s and hoping there will be a new 4-inch model this fall. If there is, I’ll upgrade in a heartbeat. If not, I’ll probably keep using the 5s.

Update (2015-03-10): Anthony C:

I love my 6, but still think my 5s is the best phone ever.

Andrew Abernathy:

See, I’m not the only one who prefers the iPhone 5 over the 6. I’ll keep hoping for a smaller iPhone in the future.

(I flat out prefer the iPhone 5 design, too, in addition to preferring the smaller size. Beautiful and comfortable.)

Gus Mueller:

You can add me to the list.

Jim Correia:

I really miss the 5 form factor for most use cases, but I can type much better on a 6.

Matthew Drayton:

I prefer the 6 Plus over previous models but I’m sure I’m in the minority. I’ve got large hands and can use it one-handed.

Update (2015-03-11): I have medium sized hands. I use the iPhone 5s without a case and have never come close to dropping it. I find the 5s and 4S much less slippery than the 6 and the 3GS. My wife got her first iPhone in December and reluctantly chose the 5s because she found it easier to hold than the 6.

Jeff Hunsberger, from February (iPhone 6 to iPhone 5s):

The iPhone 6 screen always felt a bit like it wasn’t made for my hands like the iPhone 5S was. The iPhone 4 and 4S were tiny and I could easily reach any area of the screen. My resistance to the iPhone 5 gave way to the fact that I could still reach the top left corner while holding my phone in the right hand. The iPhone 6 requires you to shift the phone in your hand, balance it on your fingertips and then stretch across to hit the top left of the screen one-handed. The whole time you are courting disaster.

Using cp to Copy a Lot of Files

Rasmus Borup Hansen (via Hacker News):

Having almost used up the capacity we decided to order another storage enclosure, copy the files from the old one to the new one, and then get the old one into a trustworthy state and use it to extend the total capacity. Normally I’d have copied/moved the files at block-level (eg. using dd or pvmove), but suspecting bad blocks, I went for a file-level copy because then I’d know which files contained the bad blocks. I browsed the net for other peoples’ experience with copying many files and quickly decided that cp would do the job nicely. Knowing that preserving the hardlinks would require bookkeeping of which files have already been copied I also ordered 8 GB more RAM for the server and configured more swap space.

[…]

After some days of copying the first real surprise came: I noticed that the copying had stopped, and cp did not make any system calls at all according to strace. Reading the source code revealed that cp keeps track of which files have been copied in a hash table that now and then has to be resized to avoid too many collisions. When the RAM has been used up, this becomes a slow operation.

Trusting that resizing the hash table would eventually finish, the cp command was allowed to continue, and after a while it started copying again. It stopped again and resized the hash table a couple of times, each taking more and more time. Finally, after 10 days of copying and hash table resizing, the new file system used as many blocks and inodes as the old one according to df, but to my surprise the cp command didn’t exit. Looking at the source again, I found that cp disassembles its hash table data structures nicely after copying (the forget_all call). Since the virtual size of the cp process was now more than 17 GB and the server only had 10 GB of RAM, it did a lot of swapping.

As far as I know, the Mac version of cp does not preserve hard links.

Mac Java’s New Ask.com Toolbar

Jared Newman:

Java’s shady bundled adware is no longer a Windows exclusive, as Oracle has started sneaking the Ask.com toolbar into the Mac version.

Similar to the Windows version, Java for OS X now attempts to install the Ask toolbar during the setup process, and also tries to set Ask.com as the default browser homepage. ZDNet’s Ed Bott first reported on the adware, noting that Oracle added it to Mac installations sometime over the last month.

To avoid the adware entirely, users must hit “Cancel” when the “Install the Search App by Ask” prompt appears. This is counter-intuitive, because all other steps of the setup process require users to click “Next” to advance. In this case, clicking “Next” installs the toolbar, even when the “Set Ask.com as my browser homepage” box is unchecked.

Rich Trouton:

However, Oracle apparently anticipated that MacJREInstaller may need to be run on a logged-out Mac, as they added a -silent function flag to MacJREInstaller. To invoke this installation method, run the following command with root privileges:

/path/to/Java_install_application.app/Contents/MacOS/MacJREInstaller --silent

This installation mode does not attempt to download the Sponsors.framework.tar file and does not install the Ask.com browser settings and toolbar.

The Java runtime is needed for popular applications like Minecraft and Photoshop. I use CrashPlan, which includes its own Java runtime, as well as Apple’s Java-based tools for submitting to the Mac App Store.

Update (2015-03-11): At reader Bill Cheeseman’s suggestion, I tried running Oracle’s Java installer, with different results than Newman’s:

So the situation doesn’t seem as bad as I first thought.

The Disconnect Between Publishers and Consumers

Matt Henderson:

As a consumer, I want to read quality content and I want to do it conveniently. Feed readers like Reeder aggregate all the content I’m interested in into a single place, and presents that content uniformly, making my consumption experience efficient and consistent.

But I can sympathize with Seth. Owning one myself, I know that businesses have to earn revenue to sustain themselves, and with online publications, it’s obviously a huge challenge. But in my opinion, trying to kill through technical means the convenience users have become accustomed to is comparable to the music industry’s attempts to stop downloading.

OmniFocus 2.1

OmniFocus 2.1 makes essentially no progress on the data density regressions from version 1.x. Everything still takes up a lot more space. The window can now be slightly narrower, but the minimum sidebar width is still about twice the width of my longest context name. The font is still fixed, fuzzy, and (often) gray. Other regressions from 1.x—such as unreliable date-tabbing and not being able to drag and drop onto contexts in the main part of the window—remain in 2.1 as well.

Update (2015-03-20): Ken Case:

On February 19, 2015, we shipped OmniFocus 2.1—the first of several planned OmniFocus releases in 2015. It features a new look and new features for OS X Yosemite, as well as a few bug fixes. The file format and syncing remain compatible with all previous versions of OmniFocus, on Mac and iOS.

[…]

As I noted in January, we’re still planning on adding features to OmniFocus that will make it sync more responsively, to be easier to scan visually, and to be more efficient to use. This release is an important first step on that path!

FREAK

Microsoft Security Bulletin MS15-031:

This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems. The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the key length of an RSA key to EXPORT-grade length in a TLS connection. Any Windows system using Schannel to connect to a remote TLS server with an insecure cipher suite is affected.

Apple Security Update 2015-002:

Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys.

Reader François Joseph notes that Apple has not made this fix available to users of the pre-release Mac OS X 10.10.3. However, he successfully applied the 10.10.2 package using Pacifist with seemingly no ill effects.

Update (2015-03-10): Lee Hutchinson:

First publicized a week ago, the “FREAK” vulnerability can be used by an attacker to force someone’s SSL/TLS connection to a Web server to use a weak 512-bit key, which the attacker can then factor with a relatively trivial amount of work and thereby decrypt and/or modify the supposedly secure connection. The vulnerability affects OS X, iOS, Android, and Windows devices. The acronym “FREAK” stands for “Factoring attack on RSA-EXPORT Keys,” which references the fact that the 512-bit weak keys are so-called legacy “export-grade” keys mandated for use in the 1990s with cryptographic hardware and software built in the US but intended for sale outside of the country.

The CIA’s Xcode

Jeremy Scahill and Josh Begley (via Asem H.):

The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool.

[…]

The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.

Recall Ken Thompson’s Reflections on Trusting Trust.

Researchers also claimed they had successfully modified the OS X updater, a program used to deliver updates to laptop and desktop computers, to install a “keylogger.”

Nat! was wondering about this possibility last year.

Eamon Javers:

A U.S. intelligence official told CNBC Tuesday that American spies need to develop ways to get covert access to mobile devices.

“That’s what we do,” the official said. “CIA collects information overseas, and this is focused on our adversaries, whether they be terrorists or other adversaries.”

Xcode project manager Tim Triemstra is not happy (via Frederic Jacobs).

John Gruber:

To be clear, there is no indication in this report that this hacked version of Xcode has been used in the wild. To be useful, they’d somehow have to get developers to use their modified Xcode toolset instead of Apple’s, or, to somehow infect Apple’s Xcode code base with their modifications. (Imagine a CIA or NSA agent, a trained computer scientist, who joins Apple’s Xcode compiler team under false pretenses.)

Craig Hockenberry:

The article refers to “Xcode” generically, but as we all know, there are a lot of pieces to this puzzle: I’m going to examine a few of them below. It’s your job to think about how these things might affect your own products.

Update (2015-03-10): K.M. Gallagher notes that the Mac App Store downloads Xcode using plain, insecure HTTP. Presumably it verifies that the installer package is signed by Apple, though. If you download Xcode manually, Apple’s site uses HTTPS. You then end up with a disk image containing a Gatekeeper-signed application. However, Gatekeeper only checks that the application is signed by a registered Mac developer; it doesn’t check that it was signed by Apple.

Brent Simmons:

But today I heard: “It’s not NSApplication — it’s NSA-pplication!”

Wednesday, March 4, 2015 [Tweets] [Favorites]

Sustainable Software

John Gruber:

Put another way, we’re going to charge something sane or die trying. We tried following the iOS App Store trend by pricing Vesper at just $2.99 for months. It didn’t work. Prices like that are not sane, and not sustainable, at least for well-crafted productivity apps. So Q Branch is drawing a line in the sand, and we hope other iOS developers will follow.

John Gruber:

In most categories, and “notes apps” is certainly one, it’s not hard to find a “good enough” solution among the free choices, so most casual users never even consider a paid app. So I think it was a waste to try to entice them at $2.99.

Instead, we want to embrace the users who are looking for the best app, and who are willing to pay a fair price for it if they think Vesper might be it. Going low didn’t work; we lose nothing by trying to go high.

Craig Hockenberry (in 2008):

We have a lot of great ideas for iPhone applications. Unfortunately, we’re not working on the cooler (and more complex) ideas. Instead, we’re working on 99¢ titles that have a limited lifespan and broad appeal. Market conditions make ringtone apps most appealing.

Milen Dzhumerov:

Looking squarely at the price, the $5 app will always win because on the surface, the two are not very much different. That’s certainly the case for consumable software that you only use a few times and does not provide repeat value to the consumer. But for software that people get a lot of value out of and which they depend on, the $30 app represents much better value.

[…]

At the end of the day, it’s in the best interest of both consumers and developers to price software sustainably. Consumers get an app that provides them value while developers get to make a living, it’s a win-win. Pricing software cheaply means that your software is doomed and has no future, guaranteed. Put a sustainable price on it and let the market decide whether it’s worth it, do not pre-emptively make the decision on behalf of your customers.

Alex King:

When striving to create sustainable software, the most important building block is happy customers. This necessarily includes the ability to provide support. Not matter how “easy” it is to use, providing support enables more people to successfully and happily use your product.

I’m saying that most WordPress plugins and themes are not sustainable. I’m saying that most iOS apps are not sustainable. And I’m saying that most VC-backed/freemium services are not sustainable.

This situation isn’t good for customers or software developers.

Update (2015-03-05): Brent Simmons:

Features are economic decisions.

Update (2015-03-06): Kevin Walzer:

When Brent Simmons has to take a full-time gig, what does that mean for the rest of us?

Update (2015-03-13): Mark Bernstein writes about the pricing of his application, Tinderbox.