Archive for August 2015

Monday, August 31, 2015 [Tweets] [Favorites]

NSProgress Enhancements

Jaanus Kase:

One important conceptual update is that we can now use and compose NSProgress in two ways. Implicit composition is what was there before, with the notion of the current progress object for a thread. That continues to work as before. In addition, though, there is a new method of explicit composition that Apple recommends using if you control all the pieces of a system.

[…]

The new explicit composition brings along a much clearer way of working with task weights (or child NSProgress weights).

WWDC 2015 Session 232 (video, PDF):

So all of the properties on NSProgress are key value observable, clients can add the KVO observers to update their UI.

For example, a client can update their UI progress views progress with the NSProgress as fractionCompleted property, or update a label with a localizedDescription.

Also be aware, that these KVO callbacks might not necessarily be called on the main thread.

[…]

Don’t use fractionCompleted to determine completion. […] Use completedUnitCount and totalUnitCount instead, unless your progress is indeterminate or the totalUnitCount is 0.

Objective-C to Swift Converters

Swiftify is a Web site and Web API (via Honza Dvorsky).

iSwift is a Mac app, also with a Web API (via Chris Hauk).

6 Only-for-iPad Gestures

Ben Patterson:

All well and good, but there’s another (and arguably easier) way to the multitasking screen for iPad users: just swipe up with four or five fingers.

[…]

If you want to switch apps without dealing with iOS’s multitasking screen, try this: Using four or five fingers, swipe from left to right or right to left.

[…]

If you turn your iPad so it’s in “portrait” orientation, however, the inbox pane will disappear, leaving only your currently open message. To see the inbox again, you’ll have to tap the inbox arrow in the top-left corner of the page…

…or, just do this: Make a short swipe gesture from left to right within the body of a message.

Alas, it looks like swipe selection on the keyboard is going to be another iPad-only gesture.

Details in the iOS App Store App

Dr. Drang:

I understand what’s going on during those 5–10 seconds. The badge on the app’s icon might have been out of date because it isn’t updated continuously, so now the app is communicating with Apple to get the correct number of updates that are available. What I don’t understand is why they can’t just use the same number that was showing on the icon as a placeholder until the new information has been retrieved. It’s disconcerting to launch the App Store because I see that two updates are waiting, only to see—initially, at least—that there are no updates waiting. Apple’s apps should be more polished than that.

More annoying is what happens when I tap the Search button. I get a lot of whitespace, a list of suggestions I have absolutely no interest in, and a search field at the top of the screen that I have to tap on before I can start typing.

Permanently Hide the iCloud Column in iTunes

Jason Sims:

Turns out you now have to also go to the Movies and TV Shows tabs and set the same View menu option for each of those as well — “Only [Movies/TV Shows] Available Offline”). Then (and only then) will the iCloud column actually disappear everywhere. Obviously music playlists have nothing to do with Movies or TV Shows, so this must just be another delightful new bug.

If you actually want to be able to browse and watch Movies and TV Shows you’ve purchased without downloading them all first, well…too bad.

Skylake

Peter Bright:

As has been the case for many years now, reducing power consumption remains Intel’s top priority for Skylake. Not only does reduced power consumption enable the company’s processors to be used more widely—client Skylake processors will span everything from 4.5W tablet and ultralight systems up to 95W desktop devices, a 20-fold difference in power envelope—it also enables greater performance. Reduce the power used by one part of the chip and the extra thermal headroom (and current draw) can be spent on other parts of the chip; this is the underlying principle of Turbo Boost.

[…]

With this new design, the eDRAM is always coherent, since it is privy to all writes made to main memory, regardless of which core makes them. This also means that it can cache any data, even if it’s stored in memory that is marked as “uncacheable” by the operating system. The design also enables both PCIe devices and the display engine to read to and write from the cache.

[…]

Skylake has some “more of the same” aspects to its power conservation—more individual parts of the processor can have their frequency adjusted or powered down to allow finer tuning of power consumption—though these have been extended. For example, most code either never uses the AVX2 instruction set, or uses it extensively; it’s rare for applications to only use AVX2 every now and then. When faced with workloads that never use AVX2, those instruction units are powered down.

[…]

In Skylake, the power management is more cooperative. The operating system still has some control—for example, it can force a low frequency for extending battery life, or more commonly, it can set a range of acceptable frequencies—but the processor itself handles the rest. Rather than just choosing between P0 turbo states, the processor can pick between the full range of P states, from the minimum frequency all the way up to P0. […] This means that the processor is both quicker to react to new work, boosting the frequency as needed, but also much quicker to cut the frequency when idle.

Joe Rossignol:

Last month, a leaked Intel slide deck revealed that “Y” series Skylake processors appropriate for the 12-inch Retina MacBook will have up to 17% faster CPU performance, up to 41% faster Intel HD graphics and up to 1.4 hours longer battery life compared to current-generation Core M architecture.

Update (2015-09-02): Ian Cutress (comments):

All of the Core M processors are launching today, as are the i3/i5/i7 models and two new Xeon mobile processors. From a power perspective this means Intel is releasing everything from the 4.5W ultra-mobile Core M through the large 65W desktop models, along with the previously released 91W desktop SKUs.

nhaehnle:

The most interesting to me is that Intel apparently stopped publishing transistor counts starting with the 14nm node.

This is significant because as structure sizes become smaller, the restrictions on possible layouts (so called DRCs, design rule constraints) become ever stricter. For example, you can't just place wires wherever you want; you have to take into account the relationship to other wires. With stricter rules, the end result may be that the effective scaling achieved is worse than what the structure size suggests, because the rules force a lower density of transistors.

Joe Rossignol:

Intel announced a number of new 45-watt “H-Series” processors, but none with the higher-end Iris Pro graphics Apple uses in the 15" Retina MacBook Pro. Skylake H-Series chips with Iris Pro graphics are not expected to launch until early 2016, and Intel has yet to release detailed specs on these chips.

Friday, August 28, 2015 [Tweets] [Favorites]

Live Help Menu Searching via NSUserInterfaceItemSearching

Gus Mueller (tweet):

When rendering the documentation (542MB of it, 1.22GB pre-render!), FMWrite also creates a SQLite index (1MB) of all the text content, which I then copy into Acorn’s resources folder at build time. Acorn then ships with this SQLite file.

You don’t really need to build your own documentation app. But you do need an index of your documentation to ship with your app. SQLite worked great for us.

Step 2: Let me introduce you to NSUserInterfaceItemSearching, which is a class which shipped in 10.6 but I didn’t notice till about six months ago. It’s a pretty simple protocol—you just register a class which conforms to it, and you’re asked for entries when the user searches for something via the Help menu.

Note that you don’t have to implement your own index and conform to this protocol to get live searching in the Help menu. You get that for free if you’re using Apple Help and have an hiutil index. The protocol is for when you want to search the help locally but host it on your server.

Type Profiling and Code Coverage Profiling for JavaScript

Saam Barati:

Web Inspector now has two great tools designed to make debugging JavaScript programs easier: the Code Coverage Profiler and the Type Profiler. The Code Coverage Profiler visually displays exactly which sections of your JavaScript program have executed. The Type Profiler visually annotates important variables with the collected set of type information for those variables. Both tools make understanding and debugging your JavaScript programs in Web Inspector better than ever.

[…]

The Type Profiler updates in real time. As new information is introduced in your program, the Type Profiler updates its annotations. As you see in the video, when the announceAnimal function is called a second time, the type displayed for the animal parameter updates from Dog to Animal. This happens because the Type Profiler tracks the inheritance chain for values it profiles. The Type Profiler also shows other aggregate types in an intelligent way. As you use the Type Profiler, you’ll see that the types it shows you are both intuitive and helpful.

[…]

Because the type profiling machinery is compiled into JSC’s bytecode, JSC is then able to utilize its multi-tiered compiler infrastructure to optimize the overhead of type profiling. JSC’s DFG JIT is able to successfully optimize JavaScript code in large part due to the tendency that most JavaScript code is written with specific types in mind. Because of this, the DFG JIT can speculatively transform its IR based on gathered profiling information. Then, when executing this speculative code, if it finds that an assumption is broken at runtime, the DFG will OSR exit back into JSC’s baseline JIT. The bytecode operation op_profile_type is a very expensive operation and it appears with high frequency when the Type Profiler is enabled. When we transform this bytecode operation into DFG IR, we’re often able to optimize away the overhead of ProfileType by completely removing it from the executing code. We’re able to do this because by the time we decide to DFG compile the bytecode stream, it is likely that the types which were profiled in the Baseline JIT and the LLInt are the same types that the DFG will speculatively compile against.

AWS Privilege Separation

Michael Wittig (comments):

  1. You have AWS access credentials for your IAM user in the bastion account on your machine (usually in ~/.aws/ or in your environment variables). You make a call to the AWS API to get temporary credentials by providing a MFA token. If the MFA token is valid, you’ve created a temporary session for your IAM user in the bastion account.

  2. You receive temporary credentials to authenticate as your IAM user.

  3. With the temporary credentials, you can assume a role in another account (this wasn’t possible before, because assuming a role is only allowed for this user if the user is authenticated with MFA). To assume a role in another account, the role must explicitly be allowed to be used with your account! The maximum permissions a role should have is PowerUserAccess. Don’t allow the role to interact with IAM!

  4. You receive temporary credentials and can begin working with your AWS account.

Shipping an App With App Transport Security

Tim Ekl (tweet):

This article is aimed at a different purpose: to look at the different speed bumps that can show up while building an app alongside ATS, and to explain how to get around them. There are lots of great little tricks that have only cropped up in OS X release notes or on Stack Overflow, or that can only be discovered by building a sample app.

[…]

With this more extensive ATS dictionary in our app’s Info.plist, we turn the “allows insecure HTTP loads” flag back off for the example.com domain and all its subdomains. When our app makes any connection to a host in that domain, then, we’ll be receiving the full protection of ATS.

This exception mechanism can handle even more complex scenarios. For example, consider what might happen if most servers in example.com were correctly secured with HTTPS, but one server – say, insecure.example.com – wasn’t yet fully ATS-compatible. We can handle this by defining another more specific exception for just that host[…]

[…]

In both of these error cases, we can set the environment variable CFNETWORK_DIAGNOSTICS to 1 in order to get more information on the console about the failure. After turning this variable on in our app’s scheme, you’ll notice a new log line with a path to a diagnostic file; this file, in turn, is filled with information about all the actions the CFNetwork layer is taking on behalf of your app’s networking code.

[…]

If you have access to an OS X machine running 10.11 or later, the command-line utility nscurl provides some basic ATS debugging capabilities.

Tristan Emrich:

While Google remains committed to industry-wide adoption of HTTPS, there isn’t always full compliance on third party ad networks and custom creative code served via our systems. To ensure ads continue to serve on iOS9 devices for developers transitioning to HTTPS, the recommended short term fix is to add an exception that allows HTTP requests to succeed and non-secure content to load successfully.

Note that this allows all HTTP requests to succeed, not just ones pertaining to Google ads.

Nick Heer:

So in a year where malware-laden ads are becoming increasingly frequent, Google’s response is not to convert their ad network to HTTPS, but rather to tell developers to reduce the security of their apps.

Google update:

To be clear, developers should only consider disabling ATS if other approaches to comply with ATS standards are unsuccessful.

Previously: App Transport Security.

Update (2015-09-23): Keith Harrison:

So did Apple change the ATS policy between the public and GM releases? It sure seems like it. Luckily I have the CFNetwork debug logs from the device for both the failing GM test and the successful public release test. I have filed a bug (22763438) with Apple to see if they can explain what is happening. If I learn something that changes how we need to use ATS I will update here.

[…]

A clue to what might be happening is in this Apple Developer forum thread. It seems there is/was a bug where setting NSExceptionRequiresForwardSecrecy had a side effect of relaxing the SHA-256 signature requirement. Maybe Apple has relaxed the requirement so as not to break any Apps that now depend on the undocumented side effect of disabling forward secrecy.

Update (2015-10-13): Tim Ekl:

ATS requirements apply at every step of a redirect. If you have a server rewriting URLs or otherwise redirecting to a different location, both that redirector and the new destination must meet ATS’s requirements.

It’s not possible to add dynamic ATS exceptions. Every exception must be given in your app’s Info.plist up front.

Playgrounds and SFSafariViewController both ignore ATS. The latter can be a great way to show user-generated Web content, such as in a social media app.

The Facebook App’s 18,000 Classes

quellish:

Recently someone on reddit asked “How on earth is the Facebook app size so large ?”. The person asking the question realized that the ~100Mb compressed App Store archive wasn’t all assets - a very large portion was the application binary.

Note that you don’t have to jailbreak your device to see the contents of an app. You can just download the .ipa file to your Mac with iTunes.

And if you ever wonder about JavaScript slowing sites down, just try scrolling the linked blog in Safari.

Thursday, August 27, 2015 [Tweets] [Favorites]

Capturing Swift Error Context

Erica Sadun:

Say you’re working with a type and you want to throw an error that reflects the context of where it originates. You can do that, mostly, using a few built-in compiler keywords. __FUNCTION__, __LINE__, and __FILE__ provide literal interpolation about the details of a calling function[…]

[…]

Use a protocol to automatically pick up on type context. The default implementation in the following Contextualizable extension refers to self.dynamicType in a way that a method signature cannot.

I’ve long been doing this sort of thing in Objective-C with macros. It’s a bug help when debugging or tracking down what happened on a customer’s Mac. Unlike the macros, this won’t build up a stack trace of how the error was propagated, although you could approximate that using -[NSThread callStackSymbols].

Previously: Swift and Cocoa Error Handling, JSErrorStackTrace, NSXReturnThrowError.

A Salute to Solo Programmers

Jean-Louis Gassée (comments):

Parkinson’s Law tells us that “work expands so as to fill the time available for its completion”. Applied to software, this means that applications tend to bloatware, obese programs whose complexity makes them nearly impossible to debug and maintain. Today, we look at happier counterexamples, past and current, of ambitious products created by “hermit programmers”.

[…]

As it turns out, the size and complexity of operating systems and development tools do not pose completely insurmountable obstacles; we still find programs of hefty import authored by one person. One such example is Preview, Mac’s all-in-one file viewing and editing program. While the Wikipedia article is out of date and tepid, the two-part Macworld article titled The many superpowers of Apple’s Preview (here and here) does justice to the app’s power and flexibility. Read it and join me in my appreciation for this labor of love from a solo, unnamed programmer who, I’m told, has been at it since the NeXT days.

[…]

Newer than Preview but no less ambitious, we have Gus Mueller’s Acorn, an “Image Editor for Humans”, now in version 5 at the Mac App Store. To get an idea of the breadth and depth of the app, scan the documentation on the company’s web site.

Facebook App Changes iOS System Share Sheets

Chris Adamson:

In a nutshell, Facebook doesn’t want developers pre-populating posts for users, at all. It’s not good enough to allow the user to edit or delete the post you’ve prepared for them, you can’t offer them post contents at all.

And somehow, they are able to enforce this programmatically.

My boss was gobsmacked when I told him this on Slack and could hardly believe it. Can Facebook seriously hack the iOS frameworks to get this behavior? How is that technically possible, and even if they can, how are they still in the App Store?

Or, does Apple let them do it? One plausible scenario here is that since Facebook and Apple are special friends – enough so to have Facebook deeply integrated into Settings, Contacts, and elsewhere – iOS looks to see if the Facebook app is present, and hands off the compose logic to a controller provided by Facebook if so.

Java Is Magic: the Gathering (or Poker) and Haskell Is Go (the Game)

Michael O. Church:

Of course, all of this that I am slinging at OOP is directed at a culture. Is object-oriented programming innately that way? Not necessarily. In fact, I think that it’s pretty clear Alan Kay’s vision (“IQ is a lead weight”) was the opposite of that. His point was that, when complexity occurs, it should be encapsulated behind a simpler interface. That idea, now uncontroversial and realized within functional programming, was right on. Files and sockets, for example, are complex beasts in implementation, but manageable specifically because they tend to conform to simpler and well-understood interfaces: you can read without having to care whether you’re manipulating a robot arm in physical space (i.e. reading a hard drive) or pulling data out of RAM (memory file) or taking user input from the “file” called “standard input”. Alan Kay was not encouraging the proliferation of complex objects; he was simply looking to build a toolset that enables to people to work with complexity when it occurs. One should note that major object-oriented victories (concepts like “file” and “server”) are no longer considered “object-oriented programming”, just as “alternative medicine” that works is recognized as just “medicine”.

[…]

Where is this whole argument leading? First, there’s a concept in game design of “dryness”. A game that is dry is abstract, subtle, generally avoiding or limiting the role of random chance, and while the game may be strategically deep, it doesn’t have immediate thematic appeal. Go is a great game, and it’s also very dry. It has white stones and black stones and a board, but that’s it. No wizards, no teleportation effects, not even castling. You put a stone on the board and it sits there forever (unless the colony is surrounded and it dies). Go also values control and elegance, as programmers should. We want our programs to be “dry” and boring. We want the problems that we solve to be interesting and complex, but the code itself should be so elegant as to be “obvious”, and elegant/obvious things are (in this way) “boring”.

Swift 2 Beta 6

Russ Bishop:

A new try? keyword has been added. This attempts an operation that may throw (fail). If it succeeds the result is wrapped in an optional. If it fails the error is ignored and nil is returned. This seems like a pragmatic compromise but I have to imagine someone lost a battle somewhere because a lot of programmers are going to slap a try? on it and ignore all errors.

This is a good addition that was suggested last month. I’m not worried about errors being ignored because the compiler warns if the result of try? is unused. It lets you ignore the specific error that you got, but you still have to handle the fact that there was an error.

Variadic parameters can appear anywhere in the parameter list; presumably the compiler disambiguates them by type and/or by consuming values off the right-hand side of argument list until the non-variadic arguments are satisfied.

It looks to me like it’s simpler than that, and you simply use a named parameter to signal the end of the variadic parameter. Perhaps in the future it will be possible to support multiple variadic parameters in this way. For now, the main benefit is that you can more easily use trailing closures.

extend was renamed appendContentsOf and splice was renamed insertContentsOf

It’s good to see Apple keeping some of Foundation’s good ideas.

Most APIs that take closures or @autoclosure parameters use rethrows properly so you can pass throwing methods to map, filter, etc. It also allows short-circuiting operators like &&, ||, or ?? to work with expressions that throw.

This should make error handling easier than before.

There are still some bugs, though:

Declaring multiple globals in a single var or let may cause corruption of their values; the workaround is to declare them with separate var or let statements.

Erica Sadun:

You can combine try? with ?? for fallback values but you must surround the try in parens[…]

Erica Sadun:

Beta 6 introduces a lazy property on sequences.

[…]

This property is implemented in CollectionType, LazyCollectionType, and LazySequenceType extensions. You use it to delay evaluation on things like map and filter that are normally eager.

Erica Sadun:

Join has become joinWithSeparator, which you call after a sequence, interposing a separator between the elements of a sequence.

The Death of Scripting

Graham Lee (comments):

And so it’s sad to see scripting die out as the popular platforms for application development fail to support it. Instead of the personal control of the script – I will take this information from that app, and put this part of it in that app – we have the corporate control of the API. This app maker and that app maker are BFFs, sign in here to let them share everything. After all, they know best.

Ultimately the death of scripting is hubristic. We know how you want to use a computer. If you’re trying to do something that we didn’t sell to you, you must be holding it wrong.

Graham Lee:

There’s bash, and powershell, and ruby, and…even Perl is still popular among sysadmins. There’s never been a better time to be a programmer or other IT professional trying to automate a task.

True, but there’s never been a worse time for someone who doesn’t care about computers to use a computer to automate a task. Apps are in-your-face “experiences” to be “used”, and for the most part can’t be glued together.

Brent Simmons:

There are counter-examples, of course — the apps I work on (Mac versions of OmniFocus and OmniOutliner) are highly scriptable. But the trend toward silos, sandboxing, and highly-controlled experiences is clear.

(First thing I did was look to see if Slack has a scripting dictionary. Of course not. Neither does HipChat. Apps these days.)

Update (2015-08-27): Dr. Drang:

I think Lee’s pessimism is temporally misplaced—at least in the Apple world. While I’d never say that scripting Apple devices is in an ideal state, the situation certainly looks better than it did two or three years ago.

[…]

Things are still more locked down on the iOS side, but we now have app extensions to ease some of the pain and Workflow for more complicated interapp trickery.

Wednesday, August 26, 2015 [Tweets] [Favorites]

Safer Block-based NSNotificationCenter API

Arkadiusz Holko:

I wanted to learn how Clang decides when to show a warning, so I did what any reasonable person would do and dove into its source. Retain cycle checking is performed during the semantic analysis phase. Sema::checkRetainCycles is an overloaded method responsible for these checks.

[…]

In case of a message send, the compiler checks for retain cycles only when a selector looks like a setter, i.e., it starts with the word add or set. This check is rather simplistic. A warning isn’t presented to the user when using NSNotificationCenter, because the compiler doesn’t know the lifecycle of that object.

So he made a MCSNotificationController wrapper so that the compiler can detect the retain cycle. It also makes sure that you don’t register for the same notification more than once and automatically unregisters in -dealloc.

Previously: NSNotificationCenter With Blocks Considered Harmful, How Not to Crash #3: NSNotification.

Common Android Lock Patterns

Dan Goodin (via Jamie Zawinski):

Data breaches over the years have repeatedly shown some of the most common passwords are “1234567”, “password”, and “letmein”. Løge said many ALPs suffer a similar form of weakness. More than 10 percent of the ones she collected were fashioned after an alphabetic letter, which often corresponded to the first initial of the subject or of a spouse, child, or other person close to the subject. The discovery is significant, because it means attackers may have a one-in-ten chance of guessing an ALP with no more than about 100 guesses. The number of guesses could be reduced further if the attacker knows the names of the target or of people close to the target.

How to Survive Working at Home

Daniel Jalkut:

Actually being your own boss is one of the greatest challenges of working from home, and in my experience it’s helpful to be, well, bossy with yourself to the extent you are comfortable. Give yourself strict deliverables; I write a checklist in the morning and get very grumpy with myself if the checklist is not completed or rationalized by the end of the day.

[…]

At home, nobody tells you when to stop working. Establish a rule with yourself, or with your family, for when the workday ends and the “lifeday” begins.

I’ve found that having a rough schedule for each day—both when to work and what type of work to do when—helps a lot.

tpwn Privilege Escalation Vulnerability

Juli Clover (comments):

Just days after Apple patched the DYLD_PRINT_TO_FILE security hole with the release of OS X 10.10.5, a developer has found a similar unpatched exploit that could allow attackers to gain root-level access to a Mac.

Luca Todesco shared information (via AppleInsider) on the “tpwn” exploit on GitHub over the weekend. It affects all versions of OS X Yosemite, including OS X 10.10.5, but does not affect OS X El Capitan.

Luca Todesco:

1) I cannot really discuss specifics, but this particular bug would have been hard to find via a traditional IOKit fuzz, since it requires an invalid ‘task’ port passed over to IOServiceOpen. Most fuzzers use mach_task_self for that, and fuzz method calls/traps/properties/etc.

2) When IOServiceRelease is called, vtable+0x20 is called. the vtable pointer is controlled, at +0x20 I place a stack pivot, which sets RSP = RAX and pops 3 times. At 0x18 I place a POP RAX;RET gadget to let the chain begin after 0x28. Payload then locates the credentials structure, sets UID to 0 by bzero()ing, cleans up the memory corruption, decreases the task count for current user and increases task count for root. It then unlocks locks held by IOAudioEngine to prevent your audio from freezing up, and then returns to the userland context.

Luca Todesco:

There is no weakness in address randomization I relied on for exploitation.

It relies on two distinct bugs, an info-leak to obtain a pointer to an allocation in the kalloc.1024 zone and a memory corruption primitive (deriving from a NULL pointer dfr. in IOKit) allowing me to OR 0x10 anywhere in kernel memory.

To break kASLR I corrupt the size of a vm_map_copy struct, which allows me to read the adjacent allocation to the struct, which is a C++ object. First 8 bytes of said C++ object is a pointer to the vtable, which resides in __TEXT of some kernel extension. Since I can calculate the unslid address from userland without any issue, by subtracting what gets leaked with what gets calculated you get to know the kASLR slide.

Just to clarify: The code execution part has 100% reliability rate. The kASLR leaking part does have some chance in it, however empirical evidence indicates that the failure rate is extremely low.

Jeremy Kirk:

Todesco, who said he does security research in his spare time, said he notified Apple of the problems “a few hours before the exploit was published.”

“This is not due to me having issues with Apple’s patch policies/time frames, as others have incorrectly reported,” he wrote.

He also developed a patch called NULLGuard, which he’s included in the GitHub material. Since he does not have a Mac developer certificate, he wrote that he can’t distribute an easy-to-install version of the patch.

Update (2015-09-02): Luca Todesco:

So, tpwn gains root on any OS X box running a system <= 10.10.5 by gaining knowledge of the kernel address space layout randomisation slide followed by kernel code execution kickstarting a stack pivot which allows me to control the stack pointer of a kernel thread belonging to a controlled task.

How to See Your iPhone’s Precise Signal Strength

Josh Centers:

Dial *3001#12345#* and tap the green call button to put your iPhone into a secret Field Test Mode

[…]

Instead of dots, you should now see a negative number in the upper left, like -102. This is your exact signal strength, measured in decibels, called the Received Signal Strength Indication (or RSSI if you want to impress technical support). The higher the number, the better, but note that these are negative numbers, so -1 would be an outstanding signal, while -1000 would be beyond poor. In the real world, you’ll probably see signal strengths somewhere between -40 (a five-bar signal) and -120 (a one-bar signal).

Sunday, August 23, 2015 [Tweets] [Favorites]

Ways to Think About Cars

Benedict Evans:

Cars are going to change a lot in the next few decades. Electricity on one hand and software on the other change what a car is, how it gets made and who might own one. They might also change the key players. As is often the case when an industry is going to be turned upside-down, there are actually a number of separate things happening, which feed into each other and accelerate the pace of change.

[Objective] C++: What Could Possibly Go Wrong?

Peter Steinberger :

First, Swift interoperates with Objective-C and C, but it doesn’t work with C++ directly. Therefore, if you want to use Swift, being knowledgeable of Objective-C++ might actually help you, because it enables you to write a wrapper that wraps any third party library that might only exist in C++ with Objective-C.

[…]

This is not your grandmother’s C++. We have auto, which is type deduction. We have shared pointers, which is basically ARC. We have weak, which is also something we have in the Objective-C run time. We have lambdas, which is just a fancier name for blocks, and we have move semantics, which is something I’ll explain later because it’s a little crazy.

[…]

There are gotchas! One thing you’ll notice when you play with Objective-C++ is compile time. Depending on how much of it you start using, things will get slower, and they might take twice or three times as long. It’s still much faster than compiling Swift (at the moment), but it is noticeable and you should be mindful of not blindly renaming all your files to .mm because you can, only where it makes sense, and where you should.

[…]

The last thing we can do is write our own smart pointer that wraps CGPathRef and knows how to deal with Core Foundation objects. Don’t think I’m crazy, this is actually what WebKit does internally, they deal with a lot of Core Foundation objects and they want to get it right. We use something that’s CFPointer, and it’s not really much code, maybe 100 lines if you want to have move semantics and all those nice little details.

The Harmful Consequences of Postel’s Maxim

Martin Thomson (via Pieter Hintjens):

Jon Postel’s famous statement in RFC 1122 of “Be liberal in what you accept, and conservative in what you send” - is a principle that has long guided the design of Internet protocols and implementations of those protocols. The posture this statement advocates might promote interoperability in the short term, but that short term advantage is outweighed by negative consequences that affect the long term maintenance of a protocol and its ecosystem.

[…]

An implementation that reacts to variations in the manner advised by Postel sets up a feedback cycle:

  • Over time, implementations progressively add new code to constrain how data is transmitted, or to permit variations what is received.
  • Errors in implementations, or confusion about semantics can thereby be masked.
  • As a result, errors can become entrenched, forcing other implementations to be tolerant of those errors.

Bloom Filters

Jamie Talbot:

“Ok, let me see if I have this right,” says Sarah. “You want to be able to quickly exclude posts that a user has read, so that you don’t suggest those posts again. And a Bloom filter is a good fit for this problem, because it will never let through a post that the user has read, and even though it might exclude a post that they haven’t read, that’s ok because they’ll never know what they don’t see? And it’s very fast?”

Michael Nielsen (comments):

In this post I take an unusual approach to explaining Bloom filters. We won’t begin with a full-blown explanation. Instead, I’ll gradually build up to the full data structure in stages. My goal is to tell a plausible story explaining how one could invent Bloom filters from scratch, with each step along the way more or less “obvious”. Of course, hindsight is 20-20, and such a story shouldn’t be taken too literally. Rather, the benefit of developing Bloom filters in this way is that it will deepen our understanding of why Bloom filters work in just the way they do.

[…]

In actual applications of Bloom filters, we won’t know S in advance, nor |S|. So the way we usually specify a Bloom filter is to specify the maximum size n of set that we’d like to be able to represent, and the maximal probability of error, p, that we’re willing to tolerate.

[…]

Bloom filters have been used to solve many different problems. Here’s just a few examples to give the flavour of how they can be used. An early idea was Manber and Wu’s 1994 proposal to use Bloom filters to store lists of weak passwords. Google’s BigTable storage system uses Bloom filters to speed up queries, by avoiding disk accesses for rows or columns that don’t exist. Google Chrome uses Bloom filters to do safe web browsing – the opening example in this post was quite real!

[…]

Instead, the delete operation is implemented using an idea known as a counting Bloom filter. The basic idea is to take a standard Bloom filter, and replace each bit in the bit array by a bucket containing several bits (usually 3 or 4 bits).

CardDAV at FastMail

FastMail:

After much work and testing – and then some more work and testing – we’re delighted to announce the release of CardDAV support in FastMail. With CardDAV, you can access your FastMail contacts on your mobile phone, tablet or smart watch, with any changes you make on any device kept in sync – just like IMAP works with your email.

Unlike Apple and Google, you cannot restore your contacts to a particular time.

Saturday, August 22, 2015 [Tweets] [Favorites]

Checking for El Capitan

Jeff Johnson:

If you’re running on OS X 10.10.2 or later, the code tells you that you’re running on OS X 10.11. What happened? Let’s look at <AppKit/NSApplication.h> from the 10.11 SDK:

#define NSAppKitVersionNumber10_10 1343

So far, so good.

#define NSAppKitVersionNumber10_10_2 1344
#define NSAppKitVersionNumber10_10_3 1347

WHUT.

So yeah, instead of increasing the fractional part of the constant for 10.10.2 and 10.10.3, they increased the integer part. Sigh.

Update (2015-08-22): My solution is to check whether I’m running Mac OS X 10.10.0 or later, and then use -[NSProcessInfo isOperatingSystemAtLeastVersion:].

Git as a Document Format

Wil Shipley:

Undo and redo was sort of part of Core Data, but they tried to do it at the lowest level, where any time you changed the database, it just registered an undo event. This turned out to be a horrible idea. If you do any kind of housekeeping such as storing the user’s window position in the database, that suddenly becomes undoable. So, it turns out, if you have any auxiliary objects that get created, that also turns undoable. It’s not a good way to do undo.

[…]

In our perfect world of documents, we want fast loads. We don’t want to be forced to load all our data at once. We want fast saves. Fast is going to be one of the themes of our perfect world. Again we don’t want to re-save large blobs, and we’d love to have an editable format. We want autosaves to be instant, but not blow away the previous states of the document like Preview does. Undo and redo also need to be instant and never be corrupted by bad coding. We’d like them to be persistent, because that’s really cool and provides the ability to prune them.

For security reasons, you don’t necessarily want every version of your document in the document; we’ve learned that from the Microsoft Word exploits. The backup of our perfect file format should play nicely with Time Machine, which means that it shouldn’t have one giant monolithic file that changes by one byte and restarts the backup process. And, it should be incredibly easy to implement, because this is our perfect world, so why not?

[…]

As I said, you still need to decide on the file format for the control files; Git isn’t a file format that you would parse and turn into a series of drawing commands, it just gives you the files and their blobs really easily.

Lazy Filters and Maps

David Owens II:

Simply wrapping items in a lazy() call will convert our Sequence into a LazySequence. This gives us the performance benefits of the more iterative-style approach with the benefits of the semantically broken out operations.

Joe Groff:

map and filter produce copies which are likely cause of slowdown. lazy().map and filter should be as fast as loops.

Marcin Krzyzanowski:

I believe you, but I’m looking at map vs for-loop code in the very moment where loop is many times faster than lazy map.

Swift Funtime

Boris Bügling:

This talk will quickly revisit what we loved about the Objective-C runtime and then explore if/how those things are possible in Swift. It will dive into how to do dynamic introspection, changing behaviour and inspecting private API is still possible or why it is not. In addition to that, the audience will also learn a bunch about Swift under the hood and how using pure Swift or Objective-C compatible objects differ in practice.

Making Tab-Switching and Scrolling Faster in OmniFocus for Mac

Brent Simmons:

Setting up and tearing down the KVO observations isn’t a big deal, though. I was wrong about that. Updating the contents of a cell view is a big deal, however, and this is done when cells are recycled — but this is mainly a big deal because it triggers layout, which is slow.

So here’s what Instruments told me: NSStackView is slow (at least in our case).

But it also told me something else that completely surprised me: the app was spending a whole bunch of time setting and tearing down NSTrackingAreas.

He also replaced -enumerateObjectsUsingBlock: with a for loop.

Friday, August 21, 2015 [Tweets] [Favorites]

How Streaming Music Royalties Are Calculated

Sharky Laguana (via Marco Arment):

The reality is only some of your money is paid to the artists you listen to. The rest of your money (and it’s probably most of your money) goes somewhere else. That “somewhere else” is decided by a small group of subscribers who have gained control over your money thanks to a mathematical flaw in how artist royalties are calculated. This flaw cheats real artists with real fans, rewards fake artists with no fans, and perhaps worst of all communicates to most streaming music subscribers a simple, awful, message: Your choices don’t count, and you don’t matter.

[…]

The problem lies in the fact that this “Big Pool method” only cares about one thing, and one thing only: the overall number of streams. It does not care even a tiny little bit about how many subscribers generated those streams.

[…]

Click fraud is rarely discussed in the context of streaming music, but it’s fairly simple for a fraudster to generate more in royalties than they pay in subscription fees.

[…]

It’s worth noting that many (if not most) of these heavy-usage “subscribers” are probably not individuals at all. They are actually offices, restaurants, gyms, hair salons, etc. Businesses like these can stream up to 24 hours a day — far more you as an individual could ever hope to do. And they probably don’t share your taste in music either. But they pay the same $10 you do, so why do they get to decide where your money goes?

Swift Pattern Matching in Detail

Benedikt Terhechte (via Chris Lattner):

The main feature of switch is of course pattern matching, the ability to destructure values and match different switch cases based on correct match of the values to the cases.

[…]

So, how do you best implement this new restriction? You could just have an if / else switch for buy and for sell, but that would lead to nested code which quickly lacks clarity - and who knows maybe these Wall Street guys come up with further complications. So you define it instead as additional requirements on the pattern matches[…]

[…]

By default, and unlike C/C++/Objective-C, switch cases do not fall through into the next case which is why in Swift, you don’t need to write break for every case. You can opt into traditional fallthrough behaviour with the fallthrough keyword.

[…]

The case keyword can be used in for loops just like in switch cases.

case can also be used with guard, although only wildcard and identifier patterns work with for and guard.

Sandboxing Impression

Steven Vandeweghe:

Had to sandbox Impression (Mac) to release an update with 1 tiny bug fix. Result: it now seems to have tons of bugs that I can’t reproduce.

It doesn’t look like the sort of app that would be operating near the edge.

Cross-Platform UI in GitHub Desktop

Rob Rix:

Although the overall flow and architecture are shared, the implementations are often quite different. For example, although both platforms use WebKit, the bridging APIs are very different.

On OS X, the JavaScriptCore APIs allow us to pass arbitrary objects, functions, and arrays between Objective-C/Swift and JavaScript. Native code can call methods on JavaScript objects, and JavaScript code can call methods on native objects, without any special handling. We can also define protocols to specify which properties of our objects should be bridged.

CefSharp, on the other hand, does not bridge arrays or functions. JavaScript objects can call methods on native objects, but not on the properties of native objects. Native objects cannot call methods on JavaScript objects; you ask the ChromiumWebBrowser to evaluate a string of JavaScript source instead. Since the comparison graph is largely asynchronous, requiring both callbacks and arrays, this motivates a set of JavaScript shims baked into the comparison graph at build time.

GitUp 1.0 Is Open Source

GitUp (tweet):

GitUp is a bet to invent a new Git interaction model that lets engineers work quickly, safely, and without headaches. It’s unlike any other Git client out there from the way it’s built (it interacts directly with the Git database on disk), to the way it works (you manipulate the repository graph instead of manipulating commits).

[…]

GitUp is built as a thin layer on top of a reusable generic Git toolkit called “GitUpKit”. This means that you can use that same GitUpKit framework to build your very own Git UI!

Previously: GitUp 0.7.

Thursday, August 20, 2015 [Tweets] [Favorites]

Acorn 5

Big upgrade to my favorite image editor:

Shape Processors are filters for shape layers, which will move and tweak and generate and adjust shapes for you. And best of all, they are non-destructive and stackable (just like Acorn’s filters).

[…]

This is a lot more snapping going on now. Snap to Grid, guides, shapes in layers, other layers, selections, canvas bounds, etc.

[…]

Levels and Curves joins all the other non destructive filters—this is pretty awesome. You can use Levels and Curves on shape layers, even combine in the same filters list, tweaking both at the same time, and add a Curves filter multiple times to the same image.

[…]

We fixed hundreds of minor bugs. Bugs that built up over the years that very few people ever encountered, like “the shortcut key for zooming in doesn’t work when the keyboard layout is set to Dvorak - Qwerty ⌘”. So we fixed pretty much all of those. It took months and months of work, it was super boring and mind numbing and it was really hard to justify, and it made Acorn 5 super late. But we did it anyway, because something in us felt that software quality has been going downhill in general, and we sure as heck weren’t going to let that happen to Acorn. So we took a long break from adding features and just fixed stuff.

And if you reported one of these bugs that was fixed in Acorn 5 and we haven’t already sent you a license—let us know and we’ll make you one. (See, another good reason to report any bugs you find—free stuff!).

Gus Mueller:

But wait - Acorn already has Curves and Levels, right? Yes, but in Acorn 5 they are baked into the existing filter chain. So now you can add Levels to your Curves and then a blur and then why not add Curves again after that and finish with a Drop Shadow filter? Then save the file and open it up again and remove the second Curves because that’s just too much what were you thinking? And then you realize Curves and Levels are now non-destructive and that’s amazing.

I like the way the documentation is done, e.g. Shape Processor, Levels, Curves.

There’s no upgrade pricing, presumably because of the Mac App Store:

For a limited time (until the end of September, 2015) we are offering Acorn at a sweet discount price of $24.99. This discount is available to both new users and previous users of Acorn. When October rolls around Acorn will bump its price up again.

Go 1.5

Andrew Gerrand (comments):

The compiler tool chain was translated from C to Go, removing the last vestiges of C code from the Go code base. The garbage collector was completely redesigned, yielding a dramatic reduction in garbage collection pause times. Related improvements to the scheduler allowed us to change the default GOMAXPROCS value (the number of concurrently executing goroutines) from 1 to the number of logical CPUs. Changes to the linker enable distributing Go packages as shared libraries to link into Go programs, and building Go packages into archives or shared libraries that may be linked into or loaded by C programs (design doc).

[…]

The only language change is very minor, the lifting of a restriction in the map literal syntax to make them more succinct and consistent with slice literals.

The standard library saw many additions and improvements, too.

Tonic: Data Visualizing REPL for Node

Tonic (via Wolf Rentzsch, comments):

Tonic has an entire host of object viewers to help you visualize your data. From high level views like graphs and maps, to low level hexadecimal inspectors, you can pick and choose the best way to look at your data after creating it.

[…]

Time traveling in Tonic allows you to rewind your work to a previous point and pick up where you left off. That's because your work is checkpointed after every execution.

[…]

Tonic has built-in support for ES7 async and await making it incredibly async friendly. Instead of fiddling with chains of callbacks, you can write your asynchronous node.js code in a linear and straight-forward way.

Wednesday, August 19, 2015 [Tweets] [Favorites]

Top 10 Worst C# Features

Eric Lippert (via Chris Lattner, comments):

When I was on the C# design team, several times a year we would have “meet the team” events at conferences, where we would take questions from C# enthusiasts. Probably the most common question we consistently got was “Are there any language design decisions that you now regret?” and my answer is “Good heavens, yes!”

This article presents my “bottom 10” list of features in C# that I wish had been designed differently, with the lessons we can learn about language design from each decision.

WebKit Backdrop Filters

Brent Fulgham:

The User Interface design language for iOS 7 and OS X Yosemite changed to incorporate some beautiful backdrop blur effects. This layering gives a sense of depth, while preventing detail from the content underneath from cluttering the foreground.

The following image shows the WebKit media controls on top of a video. Notice that you can see some of the background content through the frosted glass effect.

[…]

Until recently, there was no standards-compliant method for producing these kinds of effects. Many designers were forced to create the illusion of blurred backdrops using pre-rendered background content and carefully clipping and positioning these assets to achieve the desired effect.

The regular system media controls respect the “Reduce transparency” setting in the Accessibility preferences pane. The WebKit background filters do not.

Generic “Functions” in Objective-C

Arkadiusz Holko:

Since the only way to declare generic parameters and return values is through a class interface, we’ll wrap our map method in a new class[…]

[…]

AHKArrayMapper’s only method takes an array of InputType objects and a block mapping from InputType to OutputType. It returns an array of OutputType objects. The implementation doesn’t really differ from the one without generics, because generics aren’t available in implementation files[…]

Objective-C generics are useful for interfacing with Swift and for documenting APIs. I’m not sure that it really makes sense to code with them this way.

Creating a Kill-Switched VPN With PIA and Little Snitch

Matt Henderson:

PIA provides a kill-switch feature, but just like Cloak, enabling it will affect local-network services. I’ve discovered a solution, however, achieving the same functionality without affecting local-network services, through the use of Little Snitch—a Mac OS X application-level packet filter—and it’s support for automatic profile switching.

[…]

So, in summary, whenever my Mac is not connected to a VPN (with the exeption of mobile tethering as described below), my “Public (Kill Traffic)” Little Snitch profile is automatically selected, preventing all incoming and outgoing connections.

[…]

I have one other Little Snitch profile, unrelated to VPN connectivity, called “Mobile”. This profile is activated whenever my Mac is connected to my iPhone’s or iPad’s “Personal Hotspot”. The purpose of this profile is to minimize my iOS device’s data usage. As you can see from the screenshot, this profile kills traffic from apps like Dropbox and BitTorrent Sync.

Update (2015-08-21): Matt Henderson:

The [iVPN] app seemed to function just fine in terms of establishing a VPN connection, and the data rate was fine. But the UI did behave a bit wonky at times. For example, often when I’d open the app (after being logged in), the main information window continually displayed a spinner, as if it were stuck. The second issue I noticed was that it didn’t offer the feature provided by Cloak and PIA to auto-detect the best server for connection. Finally, I found that it didn’t offer a kill-switch—which, alone, wouldn’t have been a show-stopper, as I found a work around with Little Snitch.

[…]

Having read this article, Sam from iVPN reached out. In a very thoughtful email, he explained how BitPay’s platform currently doesn’t allow for sub-management accounts, and so in fact, only the main administrator (who has access to all the account’s funds) can issue a refund, and he explained that BitPay’s refund process has been very unpredictable. He also sent a few screenshots of their forthcoming update to their Mac client and it looks very good!

Ripping CDs and Backing Up Content Is Illegal in the UK

Ernesto Van der Sar (via Nick Heer):

The High Court recently overturned private copying exceptions introduced last year by the UK Government, once again outlawing the habits of millions of citizens. The Intellectual Property Office today explains that ripping a CD in iTunes is no longer permitted, and neither is backing up your computer if it contains copyrighted content.

[…]

The IPO specifically notes that copying a CD to an MP3 player is not permitted. This means that iTunes’ popular ripping feature, which Apple actively promotes during the software’s installation, is illegal.

Also, under the current law iTunes is actively facilitating copyright infringement by promoting their CD-ripping functionality. This means that the company could face significant claims for damages.

Caitlin McGarry:

But the British government is apparently not thrilled with the High Court’s decision. The IPO office told TorrentFreak that the government is “carefully considering the implications of the ruling and the available options before deciding any future course of action.”

And if you live in the UK and have copies of your music library on your computer like a normal human, don’t fret too much. Apparently the government is pretty sure that no one has been taken to court over CD-ripping for personal use.

Testing Swift’s ErrorType

Marius Rackwitz:

Further investigation via LLDB reveals that the protocol has some hidden requirements.

(lldb) type lookup ErrorType
protocol ErrorType {
  var _domain: Swift.String { get }
  var _code: Swift.Int { get }
}

It becomes clear how NSError fulfills this definition: it has these properties, backed by ivars, which Swift can access without dynamic dispatch. What is still unclear is how Swift’s first class enums can automatically fulfill this protocol. Perhaps there is still some magic involved?

[…]

Sure, you could catch it as any generic error and then manually check the fields _domain and _code, but there are more elegant alternatives.

Tuesday, August 18, 2015 [Tweets] [Favorites]

A Eulogy for Objective-C

Aaron Hillegass (comments: 1, 2):

The wonderful thing about Objective-C is that it’s so dynamic. As we start moving into languages that are a little bit more uptight about such things, it’s nice to take a moment and think about the huge benefits that we get from some of this.

[…]

Loose typing made a lot of things that were difficult in other languages much easier, or possible. It also made bugs that didn’t exist in other languages possible as well. And you embrace that as an Objective-C programmer. You’re like, “This is a language for smart, pedantic, uptight people. I’m going to be very careful and do the right thing when I’m typing in names.”

[…]

One of the things that made the performance of Core Data so great, and made this faulting mechanism so seamless, is the ability to do isa swizzling. Once again, this could be very dangerous, but in the right hands it was a really powerful mechanism.

Another thing that you could do was actually create classes at runtime. It was pretty rare, but this is actually what made key-value observing possible.

[…]

Here’s one that people take for granted at this point, but it’s something that at the time was crazy: categories. The idea that I could take a class that NeXT had sent me, add methods to it, and then use that inside my program - that was really, really weird in object-oriented languages at that time. And it really scared Java people. […] As a result, not everybody had to write their own NSString class. Which is a really common problem for a lot of languages.

The Hamburger Menu Doesn’t Work

James Archer:

Hamburger menus navigation operate under a simple principle. On the surface, it seems self-evident that if the user wants the navigation menu, they can just click on it. However, if you dig deeper, you’ll realize that users often don’t know quite what they want, and they rely on site navigation to nudge them in the right direction by telling them what their options are and what content they should be looking at.

[…]

Most people navigate based on what’s called “information scent.” When faced with a set of options, they’ll choose the option that gives the strongest indication that it’ll bring them closer to what they want, like an animal sniffing around for food. […] You know what never looks anything even close to what the user actually wants? A small three-bar icon tucked in the corner of a website.

[…]

Then, finally (as you can see on the promo at the bottom of the image above), [NBC News] gave up and redesigned the navigation to a more traditional horizontal menu style, which has worked well for them and remains the same basic design they use today.

Previously: Hamburgers and Basements, Ex-Microsoft Designer Explains the Move Away From Metro.

Restoring an Apple TV via iTunes

Apple:

Connect one end of the micro-USB cable to the back of your Apple TV, and the other end to one of your computer’s USB ports.

From the Apple TV summary page in iTunes, click Restore Apple TV. This step might take some time, depending on the speed of your Internet connection.

My Apple TV got stuck at the Apple logo boot screen, and this fixed it. I think it actually took longer to copy the OS over USB than for iTunes to download it over the Internet.

Steve Jobs’s Interview With Red Herring, 1996

Steve Jobs (comments, via Brian Webster):

The old way to look at computing was as a straight line between the desktop and the enterprise, with the primary focus on improving desktop productivity. That world, as we all know, is owned by Microsoft. But the Web is changing all of that. One way to view the Web is as the ultimate direct-to-customer distribution channel.

[…]

Microsoft is busy trying to kill Netscape. And it has a certain track record of being successful at those kind of things. So I wouldn’t write off Microsoft right now. But all I am trying to say is that no one is going to make money by selling browsers. I do think a lot of people are going to make money off the pipes, but that ain’t us.

[…]

But, as we’ve been talking about, the new Web set-up is just like the mainframe computing model, where all the apps will run off the server, and these will mostly be custom apps. […] Now you are constrained with the UI [user interface], but a lot of apps can be written in constrained UI.

[…]

It takes your request, parses it in WebObjects, grabs all the data, and dynamically builds it into a Web page for you to browse. The way we set up the car financing feature is that it actually sends an OLE call to another Windows computer that launches an Excel spreadsheet that does the calculation for you, and then OLE messages the information back and shoves it onto the Web page.

[…]

Well, I love Apple. I hope they make it.

Awful Behavior From QuickBooks Online

Matt Henderson:

I don’t want the “recommended” service, but there’s only two links on this screen, “Back” or “Next”.

Unbelievably, “Next” takes me back to the home screen of QuickBooks Online, giving the impression that nothing has happened, and STILL there is no way to cancel that giant damn “You have a task” block.

But here’s the kicker — An email from Intuit arrives confirming that I’VE JUST SIGNED UP TO QUICKBOOKS PAYROLL for $30 per month, and if I want to cancel I have CALL THEM.

Monday, August 17, 2015 [Tweets] [Favorites]

Thunderstrike 2

Trammel Hudson (comments):

This is the annotated transcript of our DefCon 23 / BlackHat 2015 talk, which presented the full details of Thunderstrike 2, the first firmware worm for Apple’s Macs that can spread via both software or Thunderbolt hardware accessories and writes itself to the boot flash on the system’s motherboard. The original slides are available.

Rich Mogull:

The concept is based on earlier firmware vulnerabilities. According to articles, five new vulnerabilities were reported to Apple after the original Thunderstrike proof of concept. Of those, one has been patched, one has been partially patched, and three more are still being dealt with.

However, Apple also added code to block an attack from a Web page (or other software) from infecting the firmware. It may still be possible to attack the Mac’s firmware if the bad guy can gain physical access, but you don’t have to worry about your firmware becoming infected because you browsed to the wrong Web site.

[…]

[Nearly] everyone can ignore Thunderstrike 2 entirely. The research really is excellent, compelling work that the Wired piece unfortunately turned into a bit of a fright-fest. The Web attack vector, in particular, is blocked in OS X 10.10.4.

Previously: Mac OS X 10.10.2.

Twitter Removes 140-Character Limit From Direct Messages

Juli Clover:

Twitter today announced a major change to the way Direct Messages work on the Twitter platform, removing the 140-character limit that restricted the length of private messages. With the change, Twitter’s Direct Message feature is on par with other chat and messaging apps, allowing for unrestricted conversation.

Except that, presumably, sending URLs is still restricted.

Manton Reece:

It was around this time, nearly 3 years ago, that I posted my last tweet. My bet with Daniel is over whether I will return to Twitter within 5 years. People ask if I’ll come back sooner, and if I did, what it would take. I’ve often struggled to articulate those conditions, because I think we are seeing slow but consistent progress to unwind the developer-hostile decisions made a few years ago. It may be that in a couple years the environment will be much improved, but there won’t be any single decision that “fixed” it, or it may be that Twitter is doomed to have changing leadership and there will never be any guarantees.

There is one thing, though. There is one change that was made while rolling out the version 1.1 Twitter API: they removed support for unauthenticated RSS feeds of user tweets or timelines. If they reversed that one decision, the next day I would be back on Twitter.

Update (2015-08-18): It looks like Twitter has allowed DMs to include URLs since December (via Joe Fabisevich).

Windows 10’s New Licensing Scheme

Nick Heer:

Ed Bott explains how Windows 10’s licensing works. In short, it now ties a Windows 10 license to the hardware and stores it on Microsoft’s servers, so it’s possible to wipe your system and do a reinstall without having to enter the key again.

Microsoft WinObjC

Salmaan Ahmed (via Daniel Jalkut):

Today I’m going to take you a bit deeper on what’s in the Windows Bridge for iOS (previously referred to as ‘Project Islandwood’), how it enables iOS developers to bring their code and skills to Windows, and why we’ve decided to make this particular Windows bridge available as open-source on GitHub.

[…]

Our goal with the iOS bridge has never been simply to run iOS apps on Windows. Rather, our goal is to help you write great Windows apps that use as much of your existing code and knowledge as possible. We will, of course, continue to work to expand our iOS compatibility, but it’s important to note that there is much more you can do with the bridge.

Previously: Microsoft’s New Middleware: Islandwood and Astoria.

Craig Hockenberry:

This work was based on our own Chameleon Project, written by Sean Heber.

Christopher Lloyd:

So far I know of 3 iOS compatibility layers built with Cocotron: Inception Mobile (now MS), Apportable and Stella

Guy English:

Looks like Microsoft played fast and loose with licenses of open source projects they used for WinObjC. They should work hard to fix this.

Peter Steinberger:

WinObjC’s source code is well worth a read. Some parts are super interesting, others just plain scary.

Ari Weinstein:

WinObjC is chock full of crude shortcuts, questionable design decisions, and ridiculously incomplete implementations.

Landon Fuller:

When including an actual copy of arc4random involves borrowing a single .c from the BSDs, there’s really no excuse

Mike Ash:

That’s the cryptographic equivalent of leaving brown liquid high-level nuclear waste sitting around in sealed Coke bottles.

Logan Collins (compare with Apple’s):

Ladies and Gents, WinObjC’s implementation of the (supposedly) thread-safe dispatch_once.

Frank A. Krueger:

Ouch the NSLayoutConstraint solver is pretty weak :-( Single-pass, only 2 levels of priority. Still fun to read.

Rosyna Keller:

This Objective-C bridge Microsoft released the source to is so bizarre. Many things not implemented (CFUUID), strange coding conventions…

Some of it just makes you want to curl into a ball and cry. Also, check UIFont.mm!

Tim Dierks:

WTF code from Microsoft. None of these are correct; some are just crazy.

Brian Webster:

Soooo Microsoft basically reimplemented Objective-C synthesized accessors in C++?

AppHub

AppHub (comments):

Use git push to instantly update your iOS apps. Stop waiting weeks to iterate on your app. Just add our iOS framework and start pushing updates.

[…]

Section 3.3.2 of the iOS Developer Program explicitly permits this “provided that code does not change the primary or advertised purpose of the Application as submitted to the App Store.”

[…]

You can make changes to JavaScript code and assets (images, sounds, etc).

[…]

Yes, AppHub only supports React Native.

edko:

The PhoneGap app (and probably many others) has been pushing JS code without the need of Apple’s approval for a long time now, and Apple hasn’t had any problem with it. If this is not abused, to do things against the ToS, it is a really nice thing to have.

However, the very next guideline, 3.3.3, states:

Without Apple’s prior written approval or as permitted under Section 3.3.25 (In-App Purchase API), an Application may not provide, unlock or enable additional features or functionality through distribution mechanisms other than the App Store or VPP/B2B Program Site.

I wouldn’t plan on Apple continuing to approve applications that do this. However, if you are already using React Native, anyway, I guess you would not be risking very much by giving it a try.

iCloud Can Now Restore Contacts, Calendars, and Reminders

Kirk McElhearn:

This isn’t related to iCloud backups. I don’t back up any of my iOS devices to iCloud, yet I see a number of available backups to restore. for example, for my calendars and reminders, I see this[…]

I’m not sure what triggers a backup on iCloud, but there are clearly gaps there. However, this is better than nothing.

Finally. Unfortunately, it simply says “No archives available” when I try to restore my contacts. For calendars, it offers me 6 backups for the 17 days of August, even though I make many edits per day. And you can’t restore data for third-party apps. So, better than nothing, but there is still a long way to go.

Mac OS X 10.11 Removes /usr/bin/lockfile

Dave Nanian:

Little did we know that there was a shoe preparing to drop (although perhaps the fact that it was in /usr/bin was a hint): in El Capitan B4, Apple decided to stop shipping Procmail, and with it, lockfile. It wasn’t deprecated and then removed… it was unceremoniously sent to the bit bucket. So, as of B4, scheduling in El Capitan broke.

[…]

In the end, we did none of those things. Instead, since Procmail is Open Source, we changed our build process to build lockfile as well, and included that command, unmodified, in our bundle.

[…]

This also meant we had to change the scripts that were looking for lockfile to find our application bundle and call the new, “local” version of lockfile instead. And that means, unfortunately, that users have to delete and recreate their schedules.

Sunday, August 16, 2015 [Tweets] [Favorites]

Xcode Build Setting Transformations

Matt Stevens:

Xcode supports the ability to substitute the value of build settings using the $(BUILD_SETTING_NAME) or ${BUILD_SETTING_NAME} syntax in a number of places including Info.plists, other build setting values, and .xcconfig files. In these substitutions it’s also possible to add operators that transform the value in various ways.

[…]

These transformations can be quite useful but don’t appear to be documented, so here’s the list of available operators and what they do[…]

How Your Phone’s Battery Life Can Be Used to Invade Your Privacy

Alex Hern:

The battery status API is currently supported in the Firefox, Opera and Chrome browsers, and was introduced by the World Wide Web Consortium (W3C, the organisation that oversees the development of the web’s standards) in 2012, with the aim of helping websites conserve users’ energy. Ideally, a website or web-app can notice when the visitor has little battery power left, and switch to a low-power mode by disabling extraneous features to eke out the most usage.

[…]

The researchers point out that the information a website receives is surprisingly specific, containing the estimated time in seconds that the battery will take to fully discharge, as well the remaining battery capacity expressed as a percentage. Those two numbers, taken together, can be in any one of around 14 million combinations, meaning that they operate as a potential ID number. What’s more, those values only update around every 30 seconds, however, meaning that for half a minute, the battery status API can be used to identify users across websites.

Update (2016-11-05): Catalin Cimpanu (via Hacker News):

In an unexpected move, Mozilla has announced last week it was removing support for the Battery Status API, a feature that allows websites to detect the status of the user’s battery level, and use this information to save critical website data to disk before the device shuts down.

Unfortunately, web developers haven’t used the API as Mozilla had hoped. In fact, the most ardent users of the API are advertisers, who used it to track users across websites based on their battery levels and unique device identifiers.

Update (2016-11-07): Lukasz Olejnik:

It’s also interesting to note that Apple is considering to remove support for Battery Status API from WebKit’s (the engine powering Safari browser) source code. Although so far Apple has not enabled Battery Status API, it is implemented in Safari’s engine. At this point, I don’t believe Apple will ever ship this feature.

Update (2016-11-08): Bruce Schneier:

W3C is updating the spec. Here's a battery tracker found in the wild.

Apple Pay to the Rescue

Craig Hockenberry:

At that point, I figured I was just in a lull between the main account closing and the changes propagating to the Apple Pay device account. I had only made the transaction about five minutes after the card was cancelled, after all. Either way, the payment hadn’t been declined and I had my beer.

[…]

The next morning, however, while going through my email, I saw an automated message from Citicard AAdvantage that explained what had happened the previous evening.

I don’t need to do anything further! For any consumer who’s experienced card fraud, this is a huge benefit to Apple Pay.

Fearing an Apple TV Service

Tim Schmitz:

A TV service from Apple is likely to work a lot like Hulu. It might have a greater variety of content or a better UI, but the commercials will be there to stay. Why is it filling me with fear if it’s so similar to existing streaming services? Because an Apple TV service is likely to be far more successful and widely used than Hulu. It’ll turn a niche product into a widespread one, and the ad model will come along for the ride. Once everyone is used to un-skippable ads, they’ll be awfully hard to get rid of. We’ll be back where we started 20 years ago: watching the same ads for Chevrolet pickup trucks for 18 minutes out of every hour. (Oh, and those 18 minutes? That’s 30% of an hour, which just happens to be the same percentage that Apple takes as a cut from sales on the App Store. Certainly a coincidence, but an eerie one.)

How Many Old Apple Devices Can’t Get Security Updates?

Glenn Fleishman:

Google’s statistics about Android devices checking into its Google Play Store show that only about 18 percent are running a version of Android 5; the majority run a 4.x release. When the Stagefright exploit was revealed more than two weeks ago, the estimate was that even though the exploit had been disclosed to Google and patched in its internal code base, over 95 percent of phones were vulnerable to a simple MMS-based attack. Carriers have worked at the network level and with MMS settings they can change remotely to reduce the risk. But from 20 to 50 percent of Android phones will never receive a patch.

[…]

Somewhere from 10 to 20 percent of devices are running iOS 7 or an earlier version. (MixPanel pegs it at 10 percent, while David Smith’s tracking of usage related to his Audiobooks app puts it around 20.) Over a billion iOS devices have been sold since the first iPhone, but it’s impossible to know how many remain in use unless Apple were to provide figures.

[…]

So 70 to 140 million users of systems that predate iOS 8 (and most iOS 8 users have upgraded to 8.4) seems like a large audience to exploit, even though a significant portion are using older devices.

[…]

Apple’s choices do leave a significant number of users of older versions of iOS at risk, but simultaneously make them slim pickings compared to other options.

Saturday, August 15, 2015 [Tweets] [Favorites]

Finding iPad’s Future

Neil Cybart (via John Gruber):

A product that carries so much brand relevancy that it still represents the entire tablet market now finds itself the leader of a category that has lost all momentum as other product categories marginalize the tablet form factor. Although Apple is still selling more than 10 million iPads per quarter, there is something about the iPad that just doesn’t sit right with me. We have gotten to the point that the status quo will likely lead to the iPad and the modern-day tablet becoming irrelevant over time. A new direction for iPad is needed based on a fundamental rethink of tablet computing.

[…]

A quick look at iPad and tablet shipment data would show that things have gotten bad in recent quarters. However, in reality, things are much worse than quarterly shipment data would suggest. The seasonality found in the tablet segment makes it difficult to see these long-term problems. A much better way at understanding what has been taking place is to look at the year-over-year change in shipments on a trailing 12-month (TTM) basis, highlighted in Exhibit 1. This smoothing effect highlights that the iPad and tablet have been on the decline for years and things continue to worsen with the overall tablet market hitting negative territory for the first time. All momentum has been lost.

[…]

Many didn’t see it, but tablets were quickly turning into content consumption devices where price was a leading purchase decision.

We now find ourselves with a tablet market where Apple and Samsung are losing share to "Others," which is represented by dozens of firms selling mostly generic tablets used to consume media, depicted in Exhibit 2.

[…]

The iPad market is in trouble and if there are no changes made to the lineup, Peak iPad is on the table. Peak iPad is a simple concept driven by the belief that underlining structural changes to the tablet market would result in the iPad losing most of its value propositions, leading to a permeant decline in sales. For example, Peak iPod is alive and well as even though Apple is still selling iPods, the product category will never reach record quarterly sales. Meanwhile, while some argued that we had seen Peak Mac, we instead were just in a sales slump that quickly reversed itself with a revamped product line. The Mac’s value propositions were still alive and well. In a world where smartphones are getting larger and laptops are getting smaller, the Peak iPad theory is starting to look more likely as time goes on.

Lukas Mathis:

The PC market relies on upgrade sales. The plastic spoon market relies on upgrade sales. The pants market relies on upgrade sales. But a device as young as the iPad should not be relying on upgrade sales to this degree. If Apple thinks that the iPad’s sales are falling because of a long upgrade cycle, the implication is that the iPad has already reached a large portion of all people it’s ever going to reach.

[…]

Better hardware would help, but I think it’s very important to acknowledge that the thing standing in the way of productive work on the iPad is not its hardware. It’s iOS.

iOS is a cumbersome system for even reasonably complex productive tasks.

[…]

Fixing this problem does not mean «giving access to the file system.» When I say that Apple needs to fix document management, people sometimes assume that I’m saying that they should bring something like the Finder to iOS. I’m not. The Finder approach to file management is broken. It was designed for a time when people had a tiny number of apps, and almost no storage space. That time doesn’t exist anymore, and neither should the Finder.

I think this last part is wrong. When the iPad was released, the jury was still out. After eight years of iOS, we’ve seen that no one has figured out a good alternative to the filesystem. iCloud and iOS seem to be converging on a design that is less capable and possibly more complicated for non-basic uses. Meanwhile, the Mac has gained iCloud Drive, sandboxing, and rootless, which offer many of iOS’s simplicity and safety advantages without (in theory) compromising functionality.

Of course, the Finder does have problems. But something like the Finder—as an icon on the home screen, rather than the home screen itself, like on the Mac—would straightforwardly solve a lot of iOS’s current document management problems. And, tucked away as an icon that many people wouldn’t need, it wouldn’t cause much trouble.

Update (2015-08-20): Jason Snell:

I think we’re all down on the iPad because we got too excited about it to begin with, and the hangover hasn’t faded yet.

[…]

I suspect the iPad’s initial sales were so good that Apple was fooled into thinking it didn’t need to improve the iPad—which is a mistake that the company may be paying for now. But Apple sure seems to be paying attention to it now!

Update (2015-08-31): See also Accidental Tech Podcast #132.

The Developer’s MacBook

Rob Rhyne:

The keyboard is terrible. The keyboard on the MacBook is probably the most divisive hardware decision Apple has made this year. Some love it, others hate it. To be honest, I’m ambivalent after using it for a few months. I recommend you try it in a store before buying it. It’s a subjective decision, but here are a few facts regarding the keyboard:

[…]

As I mentioned earlier, it’s the MacBook’s lack of screen real estate that poses the greatest challenge for development and design work. […] You want to consider a few basic principles when trying to reclaim screen real estate.

[…]

In general the MacBook’s single port is a non-issue. Battery life is so consistently long, it feels foreign when you have to plug it in. However, the new USB-C does pose a dilemma for mobile developers: you need an adaptor to connect your iOS devices. That’s a bummer, having yet another adaptor to carry in your bag. I decided to combine a smaller Lightning cable with the single USB-C to USB adapter for smaller option.

I recently tried the new MacBook at an Apple Store. The Retina display is great, as expected. The keyboard was as bad as I feared. I might be able to get used to it, but I doubt I would ever like it. The trackpad was fine. The computer is thin, but it did not feel like a significant improvement over my 11-inch MacBook Air. So the keyboard seems like a poor tradeoff.

Meanwhile, Tj Luoma:

After three weeks with the new MacBook, I can easily declare it as my favorite Mac, and none of the details that left some of the tech press wailing and gnashing their teeth have actually been a problem.

He links to the Anker USB-C to 3-Port USB 3.0 Hub with Ethernet Adapter for USB Type-C Devices, which looks promising, although there’s no way to charge the Mac when it’s in use, and I wonder how many bus-powered devices it could handle. An alternative to get power and Ethernet at the same time would be Apple’s USB-C Digital AV Multiport Adapter combined with its (non-gigabit) USB Ethernet Adapter. But then you would no longer have a USB port to connect an iOS device or camera.

It seems like what’s needed, short of a second USB-C port, is a USB-C hub that can plug in to both charge the MacBook and power the USB 3 ports. I have seen powered hubs, but none that can charge, too.

Update (2015-08-19): Paul Haddad:

Still no good 3rd party USB-C hubs + charging. Found this, but seems like it pass-through charges at 5V/2.4A, yuck.

Dispatch Async to Main Queue and Modal Windows

Kirby Turner:

Instead of dispatching the completion() to the main queue, I call it directly from the background thread. In the completion block itself, I decide how to get the code should run in the main thread. If my window isn’t modal, then I can use dispatch_async(dispatch_get_main_queue(), ^{}). But if my window is modal, which just happens to be the case for the app I’m working on, then I use -performSelectorOnMainThread:withObject:waitUntilDone:.

Inside Amazon: Wrestling Big Ideas in a Bruising Workplace

Jodi Kantor and David Streitfeld:

However, more than 100 current and former Amazonians — members of the leadership team, human resources executives, marketers, retail specialists and engineers who worked on projects from the Kindle to grocery delivery to the recent mobile phone launch — described how they tried to reconcile the sometimes-punishing aspects of their workplace with what many called its thrilling power to create.

In interviews, some said they thrived at Amazon precisely because it pushed them past what they thought were their limits.

[…]

Of all of his management notions, perhaps the most distinctive is his belief that harmony is often overvalued in the workplace — that it can stifle honest critique and encourage polite praise for flawed ideas. Instead, Amazonians are instructed to “disagree and commit” (No. 13) — to rip into colleagues’ ideas, with feedback that can be blunt to the point of painful, before lining up behind a decision.

“We always want to arrive at the right answer,” said Tony Galbato, vice president for human resources, in an email statement. “It would certainly be much easier and socially cohesive to just compromise and not debate, but that may lead to the wrong decision.”

[…]

Ms. Willet’s co-workers strafed her through the Anytime Feedback Tool, the widget in the company directory that allows employees to send praise or criticism about colleagues to management. […] Because team members are ranked, and those at the bottom eliminated every year, it is in everyone’s interest to outperform everyone else.

Craig Berman, an Amazon spokesman, said the tool was just another way to provide feedback, like sending an email or walking into a manager’s office. Most comments, he said, are positive.

However, many workers called it a river of intrigue and scheming. They described making quiet pacts with colleagues to bury the same person at once, or to praise one another lavishly.

[…]

Resources are sometimes hoarded. That includes promising job candidates, who are especially precious at a company with a high number of open positions. To get new team members, one veteran said, sometimes “you drown someone in the deep end of the pool,” then take his or her subordinates.

[…]

Those departures are not a failure of the system, many current and former employees say, but rather the logical conclusion: mass intake of new workers, who help the Amazon machine spin and then wear out, leaving the most committed Amazonians to survive.

Update (2015-08-16): Discussion on App.net (via John Gordon).

Nick Heer:

Privately snitching on colleagues is childish, and there’s an employee ranking system in place that’s awfully similar to Microsoft’s stack ranking system. But perhaps most shocking is the erosion of a balance between work and life.

[…]

The scariest thing about this article is the number of responses I’ve seen that say something along the lines of “it’s not just Amazon; you’ll probably hear similar stories from employees at other companies”.

Tim Bray:

First: I haven’t seen that stuff Kantor and Streitfeld write about. Not saying that never did happen, or isn’t happening somewhere, just that I haven’t seen it. Second: The similarities between Amazon and Google vastly out weigh the differences.

Update (2015-08-17): Michael O. Church (via David Magda):

Google, Yahoo, and Amazon have one thing in common with, probably, the majority of large, ethically-challenged software companies. They use stack-ranking, also known as top-grading, also known as rank-and-yank. By top-level mandate, some pre-ordained percentage of employees must fail. A much larger contingent of employees face the stigma of being labelled below-average or average, which not only blocks promotion but makes internal mobility difficult. Stack ranking is a nasty game that executives play against their own employees, forcing them to stab each other in the back.

[…]

In general, I think the way to go is to create guilds like Hollywood’s actors’ and writers’ guilds, which avoid interfering with meritocracy with seniority systems or compensation ceilings, but establish minimum terms of work, and provide representation and support in case of unfair treatment by management.

Nick Ciubotariu (comments: 1, 2, 3, 4, 5):

Amazon is a big company, and gets referenced often. I’ve read many articles that describe us. Some are more accurate than others. Sadly, this isn’t one of them. This particular article, has so many inaccuracies (some clearly deliberate), that, as an Amazonian, and a proud one at that, I feel compelled to respond.

[…]

There is no “culling of the staff” annually. That’s just not true.

David Streitfeld and Jodi Kantor:

Over all, The Times interviewed over 100 current and former Amazon employees, including many who spoke on the record and some who requested anonymity because they had signed agreements saying they would not speak to the press.

Mr. Bezos urged his 180,000 employees to give the Times article “a careful read” but said it “doesn’t describe the Amazon I know or the caring Amazonians I work with every day.”

[…]

Like many of the Amazon employees quoted in The Times article, Mr. Ciubotariu describes strengths of the workplace, including focus on customers and innovation. However, some of his assertions were incorrect, including a statement that the company does not cull employees on an annual basis. An Amazon spokesman previously confirmed that the company seeks to manage out a certain percentage of its work force every year; the size of the goal varies from year to year.

Update (2015-08-18): A Former Amazonian (via Jamie Zawinski):

The most horrifying moment of my employment at Amazon was the time I was using the toilet and a coworker began talking from the stall next to me. He asked me why I had not responded to his very pressing email. I closed my eyes and pretended this wasn’t happening. What email could be so important that it could not wait five minutes for me to use the bathroom? He began tapping on the wall between our stalls, asking why I wouldn’t respond, as if inter-stall conversation should be a totally normal, not disgusting means of communication.

He became more specific about what he needed—referencing a project I’d never heard of, nor would I ever have involvement in—and I realized he had misidentified me from my shoes.

David Heinemeier Hansson:

But the bottom line is that culture is what culture does. Culture isn’t what you intend it to be. It’s not what you hope or aspire for it to be. It’s what you do. There’s no way to discredit, deflect, or diffuse that basic truth.

Update (2015-08-20): Dave Winer:

I’m always leery of such obvious appeal to emotion. He made his grandmother cry. He must be a bad person. But he was just a kid. What’s significant is not what the 10-year-old Bezos said and did, he wasn’t running Amazon, rather what the adult Bezos said, which the Times left out of the story.

Update (2015-10-19): Nick Heer:

The “admission of fraud” refers to Bo Olson, who provided the quote that Carney deems “sensationalistic”. The PR team at Amazon decided to discredit his quote today by opening his employee file publicly to a claim that he was accused of fraud while at the company.

[…]

It’s hard to believe Carney, given that he is a PR guy at Amazon, and is therefore inclined to protect the interests of a public company. It’s also hard to believe that the Times would not correct such an egregious error.

Update (2015-10-22): Ben Thompson:

Carney responded to Baquet’s response here.

[…]

What is exciting about the Amazon story is that, at least according to Baquet, it came from embracing the nichification of The New York Times.

Friday, August 14, 2015 [Tweets] [Favorites]

Modern Web Ad Blocking

Charles Arthur:

Certainly as a standard reader, here’s what happened: I accepted an invitation to read an article, but I don’t think that we quite got things straight at the top of the page over the extent to which I’d be tracked, and how multiple ad networks would profile me, and suck up my data allowance, and interfere with the reading experience. Don’t I get any say in the last two, at least?

Jean-Louis Gassée (comments):

We come here to the crux of the matter: Trust.

We feel cheated and rightly so. As users, we understand that we’re not really entitled to free browsing; we pay our bills with our selves: When The Product Is Free, We Are the Product. The problem is that we feel betrayed when we find out we’ve been overpaying. We’re being exploited — and it’s not even done nicely.

Marco Arment (no surprise that he makes more from a popular podcast and blog than a free-to-$5 app, even though it’s best-of-class):

Because of how the web and web browsers work, the involuntary data collection starts if you simply follow a link. There’s no opportunity for disclosure, negotiation, or reconsideration. By following any link, you unwittingly opt into whatever the target site, and any number of embedded scripts from other sites and tracking networks, wants to collect, track, analyze, and sell about you.

[…]

I’ve never been tempted to run ad-blocking software before — I make most of my living from ads, as do many of my friends and colleagues, and I’ve always wanted to support the free media I consume. But in the last few years, possibly due to the dominance of low-quality ad networks and the increased share of mobile browsing (which is far less lucrative for ads, and more sensitive to ad intrusiveness, than PC browsing), web ad quality and tolerability have plummeted, and annoyance, abuse, misdirection, and tracking have skyrocketed.

[…]

I recently started using Ghostery on my computers, and a simple homemade iOS content blocker that I may release for iOS 9’s launch. The web performance improvements with these are staggering, and the reports of quite how much Ghostery is blocking on most pages is shocking and disgusting.

John Gruber:

I don’t want to block “ads”. I want to block garbage JavaScript. I’ve been using Ghostery on my Macs for a few months now, and the results are impressive. I expect the results to be even more significant on the phone with content blockers in iOS 9.

Nick Heer:

Vox Media’s privacy policy is typical of most larger publishers’ policies. It notes that they or third parties can set cookies, use pixel tags, and serve (targeted) advertisements. It’s only deep into the privacy policy that they link to a page where they list some of their third-party providers. However, it is woefully out of date; Vox lists 13 third-party scripts, but Ghostery counts 26, including those from Aggregate Knowledge (cross-device targeting), Criteo (retargeting), and Lotame (cross-platform visitor tracking). Gross.

Some publishers, like Bloomberg, do not list third-party scripts in their privacy policy. Ghostery found 14 third-party scripts on their homepage, of which 12 are for advertising or tracking purposes.

Ole Begemann:

I love how Apple has implemented the content blocking mechanism, maximizing performance and protecting my browsing history from the developer of the ad blocking extension itself.

[…]

Aren’t I actively harming my favorite web sites? To some extent, that’s probably true. Will it lead to a reduction of good content? Maybe, though anecdotally, the number and obtrusiveness of ads on a site doesn’t seem to be positively correlated with the quality of the content.

Nick Heer:

While Apple is adding content blocking to Safari on iOS, it doesn’t impact content shown in apps, meaning Facebook’s revenue seems much safer than Google’s. I anticipate the latter pushing their mobile app much more readily.

I wish there were a way I could directly pay sites like iMore and a few others to not show me their ads. They have some great content, so I always scan their RSS feeds, but I also always hesitate before clicking through because the page design is so reader-hostile. Unfortunately, I’ve read over and over that this idea doesn’t work. I don’t know what the solution is.

Previously: Safari Content Blocker and Web Advertising.

Update (2015-08-17): Wil Shipley reports a JavaScript alert ad at the Washington Post.

Google and Alphabet

Steven Levy:

Yes, we get it. Google is not a conventional company. Larry Page said so in the first letter to shareholders when the company went public in 2004. And in case we missed this, Page repeated the quote today when announcing that Google, as it existed before August 10, 2015, would thereafter be known as Alphabet. Most of the stuff we interact with from Google — search, ads, YouTube, Gmail, and Android — will be part of just one of several companies under the Alphabet umbrella. At least that company will retain the familiar name.

The other companies — including Google X, Fiber, Calico, Nest, Sidewalk, and Google Ventures — will be fully owned, but separate, each with its own CEO and finances.

Ben Thompson:

The same logic applies to all of Alphabet’s non-Google companies: none are likely to be monetized through advertising, or benefit from Google’s shared infrastructure and sales and marketing organization, so why should they be a part of the same company? It makes a great deal of sense to have different companies with different business models — that result in different incentives — as separate entities with clear accountabilities.

[…]

And so we’ve come full circle: Page may be abandoning day-to-day responsibilities at Google, but he has no intention of abandoning Google’s profits. Alphabet’s plan to report Google’s results on a standalone basis will likely reveal that the search-and-advertising company investors have bought stock in is, absent the financial blackhole of Google’s moonshots, doing even better than most suspected. Unfortunately for said investors the additional clarity will only serve to illuminate just how much money is not being returned to shareholders and is instead being spent by Page and Brin on what they think matters. Will investors trust Page to spend it wisely?

Ken Auletta:

The one theory that I think is closest to the truth is that Larry Page suffered from Sergey Brin envy. Page had turned into what he had always admonished Googlers not to become: a bureaucrat.

[…]

Most C.E.O.s who step down are pushed out, and then they prattle about wanting to spend more time with their families. Larry Page, by contrast, really does want to spend more time with Sergey Brin.

Liz Stinson and Margaret Rhodes (via John Gruber):

Given the confusion surrounding the announcement, Alphabet’s visual identity plays a vital role helping people understand the differences between the two companies. Whereas Google’s goofy logo reflected a not-quite-mature web, Alphabet’s rational, bright red wordmark signals a growing-up phase. If Google’s logo reflects a campus with multi-story slides and themed conference rooms, Alphabet’s says, “I have a lobby full of Knoll furniture.”

We asked designers and branding experts to make sense of the new wordmark. Their reactions spanned the congratulatory to the skeptical.

The Mac App Store, Paid Upgrades, and Trials

Dan Counsell (tweet, comments):

Software is the outlier. As I write this, I can’t think of any other business where the customer pays just once and receives free updates and improvements for life. But yet this is how the App Store has been setup for software developers. It’s simply not sustainable.

[…]

If the App Store never offers developers the options for paid upgrades, it will continue to encourage a culture of disposable one time apps. This is not good news for developers, Apple or our mutual customers.

Curtis Herbert:

A sales model based on upgrade pricing relies on convincing your users that the new version of your app is worth more of their money. As a developer you now have to hold features back. You need to create a big enough splash with each major update to convince existing users to hand over more money, and hope the temporarily increased press coverage will attract new users to look at your product.

Over time this is going to become more difficult as your existing versions are going to be become "good enough" for most of your customers. There is a limited quantity of awesome new features that everyone cares enough about to pay for.

[…]

Services and premium features, now those are things users understand.

[…]

Basing your revenue on a service instead of app sales has another benefit specific to the App Store. While the App Store Review Guidelines prohibit timed trials and demos for the app itself, they don’t prohibit timed trials on features that are normally part of and in-app purchase or subscription.

Wil Shipley:

I’ve already bought one Taylor Swift album I don’t understand why I should have to pay her more for her work since then.

kybernetyk:

The MAS actually penalizes you if you update an app which has a bunch of good reviews. Because after you publish a new update the average rating that is shown next to your app in the search results/category lists disappears until you get at least 5 new reviews for the current version.

amber:

My proposal is simple. When a developer creates “My great product 2.0” they do so as a new SKU, but can associate it as an upgrade of “My great product 1.0” in iTunes connect. When “My Great Product 2.0” is released, existing users will get notified of the availability of an upgrade. How? In the App Store app, the user will get a badge under updates. The updates section will include a row at the top labeled “Upgrades” below the "Purchased" item.

Milen Dzhumerov:

Unfortunately, I don’t think paid upgrades will ever happen - IMO, trials are even more important (not happening, either).

Sandro Pennisi:

Trials would solve so much and would make the AppStore more interesting for “pro” software.

Milen Dzhumerov:

Yup but won’t ever happen as total App Store revenue would decline massively - people won’t pay for crappy apps.

Sandro Pennisi:

True. But it would be a healthier App Store. Trials means you can charge more. I know it won’t happen. Sadly.

Milen Dzhumerov:

Agreed. But no exec can pitch declining rev given how much they boast about it each year at WWDC.

Sandro Pennisi:

Honestly, if you think about it it’s a joke to expect people to pay for software without being able to try first.

Milen Dzhumerov:

Yup, it’s an utter joke - like the stone ages. It’s unbelievable… but it’s not a technical problem, it’s policy.

See also: Feeder 3.0, The Lagging Mac App Store, and Accidental Tech Podcast #128.

Peak App Care

Kirby Turner:

Today I’m happy to announce Peak App Care. Peak App Care is a monthly subscription service for maintaining your iOS apps. What do I mean by that? Simply put, I monitor your app for crashes and fix them as quickly as possible. Not only that, I also perform small jobs such as bug fixes and enhancements to your app at your request, and I even manage the App Store for you, from updating screenshots to submitting new builds on your behalf.

What I have found is that many apps available today in the App Store are published by companies with zero iOS developers on staff. Those companies, instead, rely on freelancers and software shops to build their apps for them. The problem, however, is that often times there’s no plans to keep the app up to date after the initial release.

What happens when the app starts crashing or customers start reporting bugs? What happens when Apple releases a new version of iOS or a new device?

This is a serious problem. It will be interesting to see whether his fixed price for “Unlimited Fixes and Small Jobs” works.

Planes, “Planes”, and Automated Fare Pricing

Paul Kafasis:

United Airlines is apparently code-sharing with Amtrak’s passenger railroad service to get you to Philadelphia. They’re also referring to Philadelphia’s 30th Street Rail Station (that’s what ZFV stands for) as an airport. Do you think the conductor announces that train as “United flight 3174”? Man, I hope so.

But the wacky train-instead-of-plane isn’t even the half of it. Take a look at the first half of this itinerary, and compare it to the original search. It’s the exact same flight!

This type of airline pricing nonsense is not entirely uncommon. Opting for the lower fare and then getting off at Newark even has a name, “Hidden city ticketing”. Still, it’s not very often that you can save over $200 just by missing a train.

An Xcode Plug-in for Unsmoothed Text

Mike Ash:

Major trouble started when I got a retina display for my Mac Pro. I use it side by side with a normal non-retina display. Stuff that benefits from font smoothing, like web pages, e-mail, documentation, and cat pictures go on the retina display. Code goes on the regular display. However, the mere presence of the retina display made Xcode insist on font smoothing all over again, and the usual remedies were powerless.

I decided I’d have to get some code into Xcode and hack it from within. I thought about code injection using something like mach_inject or simply abusing lldb, but it turns out that Xcode has a built-in plugin mechanism that works well for this. It’s undocumented and not officially supported, but it’s not too hard to use.

[…]

The final and most annoying required key is DVTPlugInCompatibilityUUIDs. This is set to an array of strings. Each string is the UUID of an Xcode version that the plugin is compatible with. Each Xcode version has its own compatibility UUID. If your plugin doesn’t have the right UUID in its list, Xcode will refuse to load it.

[…]

Put this code in +load and our override now runs every time an NSTextView is drawn in Xcode.

What magic code goes in the override, though? With the surrounding code in place, it provides an excellent environment for experimentation. I tried CoreGraphics calls to disable font smoothing, I messed about with fonts, and various other things. I finally discovered that the magic incantation was to enable the use of screen fonts:

[[self layoutManager] setUsesScreenFonts: YES];

I’ve wanted something like this for a long time. Fortunately, NSTextView is not written in Swift, so it can be swizzled.

Student Loses Facebook Internship After Pointing Out Privacy Flaws

Allison Pohle:

Khanna, who detailed the experience in a case study published Tuesday in Technology Science, a journal published by Harvard University, told Boston.com he created the app to show the consequences of unintentionally sharing data. That way, he said, users could decide for themselves whether or not it was a violation of their privacy.

[…]

Three days after the extension was posted, and two hours before he was supposed to leave to start his internship, Khanna received a call from a Facebook employee telling him that the company was rescinding his summer internship offer. Khanna said he was told that he violated the Facebook user agreement when he scraped the site for data.

However, Khanna told Boston.com that the data was from his own messages, which meant he used information accessible to all Facebook users, not just to employees.

Thursday, August 13, 2015 [Tweets] [Favorites]

Objective-Swift

Brent Simmons:

Now, these aren’t really problems with Swift — they’re problems with pure Swift. […] Given that, I made the pragmatic decision to start using @objc protocols, classes, and collection types where those things make sense, where Swift fought against my design.

And suddenly the language is a joy to use. It’s like Objective-C but with type inference, no .h files, fewer imports, shorter syntax — and I get the things I was missing.

This is my current approach as well. Swift has a lot to offer just as a better Objective-C. I’m not enamored with generics, and protocols seem like a good idea that in practice is currently too much of a pain to use. Likewise, the standard library is still in flux and not fully understood, whereas Foundation is stable and a known quantity. Foundation is great. Why not keep using it?

It’s also my hunch that by staying closer to the Objective-C world you are more likely to avoid bugs and confusing error messages from the Swift compiler. And you can somewhat avoid painting yourself into a corner because any code should be relatively easy to port back to Objective-C, if necessary. It’s not possible to subclass a Swift class from Objective-C, though—even if it inherits from NSObject—so hopefully you won’t run into any problems with a leaf class.

Update (2015-08-14): Joe Groff:

ObjC and the ObjC runtime also aren’t going away. Using @objc for things still we suck at natively is good and encouraged.

Wil Shipley:

My intuition says they’ll naturally wither like Carbon did. And we won’t mind.

But it’s nice to hear there aren’t plans to artificially axe ObjC.

Monday, August 3, 2015 [Tweets] [Favorites]

Swift Protocols, Arrays, and Casting

Brent Simmons (tweet):

But an EmailMessage is a NodeRepresentedObject, so it ought to work just fine.

[…]

The best way I’ve found to deal with this is to map it. […] That seems crazy. I’m using map to create an array whose members are absolutely identical to the original array.

Kevin Ballard:

It’s not a type-check. The in-memory representation is different. It has to allocate a new array with the new values.

Non-@objc protocols use a virtual function table (called a protocol witness table) rather than message-passing.

This means that objects typed as EmailMessage have a different table pointer than those typed as NodeRepresentedObject.

Brent Simmons:

I’d argue that, instead, there shouldn’t be a hidden performance gotcha.

Kevin Ballard:

That would be nice, but the only way to solve this without a new array basically requires all protocols to use message-passing

Message passing is a performance gotcha :P

Brent Simmons:

But barely. We can write fast apps in Objective-C.

Kevin Ballard:

Yeah, but you should be able to write faster ones in Swift.

Brent Simmons:

Except for when I have to make an exact copy of an array to satisfy the type system.

Sunday, August 2, 2015 [Tweets] [Favorites]

Sorting Algorithm Animations

Sorting-Algorithms.com (via Arthur Charpentier):

These pages show 8 different sorting algorithms on 4 different initial conditions. These visualizations are intended to:

  • Show how each algorithm operates.
  • Show that there is no best sorting algorithm.
  • Show the advantages and disadvantages of each algorithm.
  • Show that worse-case asymptotic behavior is not always the deciding factor in choosing an algorithm.
  • Show that the initial condition (input order and key distribution) affects performance as much as the algorithm choice.

@philcrissman (via Seth Dillingham):

QUICKSORT implemented in place in JavaScript, with accompanying visualization performed by RaphaelJS.

Windows 10’s Wi-Fi Sense

Brian Mastenbrook:

First, a brief crash course on how Wi-Fi security works. When you join a regular, password-protected Wi-Fi network, your phone or computer doesn’t directly send your password to the access point. Rather, the password is hashed with the SSID (the name of the network) by applying SHA1 a large number of times iteratively in order to create a cryptographic key, called the Pairwise Master Key (PMK for short). This key is then used to mutually authenticate the client and the access point, so that each side knows the other possesses the same key, and from this process a session key is derived that protects data communication for that client on the network. The end result is that your access to the network is secured without ever actually sending your password or the PMK itself over the air, where it could be intercepted by a third party.

[…]

Suppose an attacker gains access to Microsoft’s database of Wi-Fi network PMKs. These are hashes of the password, stored with the network name, so it takes computational effort to reverse these or find a collision. However, most users’ passwords are utterly terrible, and most people reuse passwords across multiple services. Combined with other hacked databases, an attacker can quickly pick off the weak passwords and then start using them on other services. Using a strong, unique password mitigates this, but generally speaking the users who do so are also the most savvy users who could just as easily buy and install a router capable of providing a separate guest network.

Saturday, August 1, 2015 [Tweets] [Favorites]

Safari vs. Chrome: Power Consumption

John Gruber:

This exemplifies what the “Safari Is the New IE” crowd doesn’t get — Apple’s priorities for Safari/WebKit are very different from Google’s for Chrome/Blink. Innovation and progress aren’t necessarily only about adding new features. 24 percent better battery life is huge.

Safari is not IE because it’s not stagnant. But the original post resonated with me because Safari is no longer bringing me the whole Web. I spend much of my day in FogBugz and Google Docs, and these sites work better in Chrome, or even Firefox, than in Safari. I’ve also had problems with Apple’s own discussion forums in Safari, and there are apparently issues with Apple’s developer site, as well.

I love Safari as an app. Neither Chrome nor Firefox has ever felt very Mac-like to me. Yet I’m increasingly using Chrome because Safari can’t get the job done. I don’t know whose fault it is that these sites don’t work with Safari, but to me as a user it doesn’t really matter. Improving power efficiency is great, but it would probably save even more battery life if Safari were compatible enough that I didn’t have to keep Chrome running.

I’m not writing this as a Web developer who wants to deploy a native app experience via HTML and JavaScript. I’m just a Mac user who prefers Safari and wants to be able to use it.

The Appsmiths

Hansen Hsu (via Wil Shipley):

This dissertation is an ethnographic study, accomplished through semi-structured interviews and participant observation, of the cultural world of third party Apple software developers who use Apple’s Cocoa libraries to create apps. It answers the questions: what motivates Apple developers’ devotion to Cocoa technology, and why do they believe it is a superior programming environment? What does it mean to be a “good” Cocoa programmer, technically and morally, in the Cocoa community of practice, and how do people become one?

A free account is required to download the paper, but it looks like it’s well worth reading—or at least skimming, since it’s over 500 pages.

A Catalog of Functional Refactorings

Simon Thompson and Claus Reinke (PDF) (via Jeremy W. Sherman):

This document is the first draft of a catalogue of refactorings for functional programs. Most are applicable to a variety of modern functional programming languages – with the example code begin written in Haskell – but some relate specifically to Haskell and are marked as such.

Swift Array Performance

Airspeed Velocity:

Your reminder that building arrays with reduce, while fun, is accidentally quadratic.

I would have thought that extending an array would be optimized to not make a copy.

Update (2015-08-01): Joe Groff:

I don’t think + is implemented to check for unique referencing at all.

Update (2015-08-03): Airspeed Velocity (tweet):

I was surprised at how surprising some found this. Quite a few people suggested the reduce version could be changed to not do the array copy (I don’t think it can). Some suggested maybe + could be optimized so it doesn’t perform a copy (I don’t think that it could easily, as we’ll see shortly).

[…]

Assuming combine here is { $0 + [transform($1)] }, you can see that + similarly has no knowledge of the fact that we’re actually going to assign the outcome directly to the result variable. We know, on inspecting the code, that it’ll just be fine to add the right-hand side onto the left-hand side, if that were even possible (in theory it is, since even though the array is passed immutably by value, the buffer is a class and so could be mutated since it has reference semantics). But + can’t know that from where it sits. It definitely knows it’s copy of the left-hand side isn’t the only owner of the buffer. There is another owner too: reduce holds a copy of result – and is about to throw it away and replace it with a new result, but that’s coming after + has run.

Joe Groff:

Swift’s parameter convention is callee-release, so isUniquelyRefd can work inside +. It’d only succeed if + is the last use.

That optimization could lead to optimizer-dependent algorithmic complexity though, sorta like TCO.

“TCO” refers to tail call optimization.