Friday, January 17, 2025

How to Obtain View Dimensions in SwiftUI

Fatbobman:

Use GeometryReader, onGeometryChange, visualEffect, or containerRelativeFrame to dynamically retrieve and respond to view dimensions in SwiftUI. Each method caters to specific use cases and levels of customization.

Trouble Updating the Wisdom of Quinn

Josh Wisenbaker:

With the most recent update to the Apple Developer Forums, it’s become pretty much impossible to update this collected wisdom in any regular way. This is why there hasn’t been an update to the archive in a while.

The main issues are:

  • Apple staff no longer have individual accounts.
  • The collective “Apple” accounts are not searchable.

[…]

If you try to search for that username, it doesn’t really do what you expect either. It just searches for that string in posts, not for posts by that user.

Searching for “user: DTS Engineer Quinn” does a fairly decent job of finding results, but they are all over the place now. You can only see 15 of them at a time on the new forums as well.

It’s doubly disappointing that this goldmine is relegated to the forums and that it’s now so hard to find there.

Previously:

Apple’s DMA Compliance Criticized

Thomas Claburn (Hacker News):

Digital rights advocacy organizations contend that Apple has failed to comply with its interoperability obligations under the EU’s Digital Markets Act (DMA).

The groups made their case in a letter [PDF] asking competition watchdogs to do more to ensure Apple’s compliance with the Article 6(7) of the DMA.

The letter is the work of four groups - the Free Software Foundation Europe, freedom of expression advocates ARTICLE 19, European Digital Rights, and Data Rights - plus three independent researchers.

[…]

The letter’s signatories argue that the commission’s approach so far, “as laid out in Apple’s compliance report and as observed in practice so far, is clearly deficient and structurally incapable of delivering effective interoperability, as required by the DMA.”

See also this long thread started by John Gruber.

Previously:

Opting Out of Microsoft 365’s Copilot AI

Nick Gelling (via Hacker News, Reddit):

If you have a Microsoft 365 subscription, you might’ve been told your fees are going up by $5 a month or $50 a year. But the fees aren’t actually changing – you’re just being upsold.

[…]

On face value, a price hike of around 30–40% for a half-hearted implementation of an AI tool seems like a bad deal – at least for some of the tens of thousands of 365 subscribers in Aotearoa.

[…]

Log into your Microsoft account at account.microsoft.com. Find your 365 subscription and select “Manage”. Then select “Cancel subscription”.

If you have the right kind of subscription, a new option will miraculously appear – Microsoft 365 Classic, which has no price increase or Copilot AI.

Just like with Adobe, this did not work for me. After I cancelled my $69.99 subscription, the only alternatives were more expensive plans. After over an hour of chat support, I was told that you cannot switch to the Classic plan until it’s time to renew the current plan, even though Microsoft’s own forum had recommended the same thing as Gelling. Maybe too many people were downgrading—the support person seemed prepared to argue with me that I really do want Copilot AI.

The other dark pattern I noticed is that the new plan is $99.99/year or $9.99/month, and it claims that the former is a savings of 41%.

Previously:

Thursday, January 16, 2025

Let the User Help Solve Their Own Problem

Peter Hosey (Mastodon):

I wish we had a maps app like Apple Maps or Google Maps that let you order up a travel itinerary using public transit between two points, and explicitly pick the transit routes involved. Or, ideally, multiple sets of routes, for comparison.

[…]

Sometimes all the app’s recommendations are reasonable, but sometimes there’s one or more options that might be preferable—and I don’t know how preferable if the app isn’t showing me when the next 49 arrives, so I can compare to the 7 minutes for a 14R or 9 minutes (including a short walk) for BART.

[…]

This is one instance of a general problem, which is products having only algorithmic solutions to the user’s needs, with no opportunity for the user to contribute to the solution.

The algorithmic-only model admits only one remedy: Improve the algorithm. But because no algorithm will ever be perfect, you’ll be playing this game of whac-a-mole forever.

Previously:

M4 Mac mini USB-C Issues

Malcolm Owen (Reddit, 2):

However, it seems that in a small number of cases, USB-C connections on the M4 Mac mini are problematic.

Various Internet posts uncovered by AppleInsider reveal that users are undergoing similar problems. They generally consist of hardware connected using USB-C suddenly disconnecting and becoming unusable, or not connecting in the first place.

[…]

The issue has also appeared on the Apple Support Forum. One November 23 post explained that the front USB-C ports worked fine, but the rear ports wouldn’t work reliably with connected devices, effectively making the rear ports useless.

[…]

Elsewhere, the same problem appeared on the MacResource forum, with a user reporting a similar issue. They discovered that the Apple Extended Keyboard didn’t work around the back when plugged in via an adapter, but a Logitech mouse plugged in directly worked.

Previously:

Putnam-AXIOM Variation

Aryan Gulati et al. (PDF, via Hacker News):

As large language models (LLMs) continue to advance, many existing benchmarks designed to evaluate their reasoning capabilities are becoming saturated. Therefore, we present the Putnam-AXIOM Original benchmark consisting of 236 mathematical problems from the William Lowell Putnam Mathematical Competition, along with detailed step-by-step solutions. To preserve the Putnam-AXIOM benchmark’s validity and mitigate potential data contamination, we created the Putnam-AXIOM Variation benchmark with functional variations of 52 problems. By programmatically altering problem elements like variables and constants, we can generate unlimited novel, equally challenging problems not found online. We see that almost all models have significantly lower accuracy in the variations than the original problems. Our results reveal that OpenAI’s o1-preview, the best performing model, achieves merely 41.95% accuracy on the Putnam-AXIOM Original but experiences around a 30% reduction in accuracy on the variations’ dataset when compared to corresponding original problems.

So it didn’t “understand” the original problems as well as had been thought.

Previously:

macOS 15.2 Changes XProtect Update Mechanism

Howard Oakley:

In the latest release of Sequoia, the traditional method of updating XProtect is no longer used. If softwareupdate were to download and install an update, then it will only end up in the traditional location, and xprotect update can’t use that to update the new location.

In normal use, this means that the user can’t update XProtect until that new version is made available from iCloud. This ensures that the only versions provided to Macs running 15.2 and later are those intended to be used in Sequoia, but it also means that any delay in providing those via iCloud will leave Macs without the latest update.

Apple has modified the xprotect command to provide one let-out, though: use sudo xprotect update --prerelease and it “will attempt to use a prerelease update, if available.”

Ric Ford:

Also confusing is that Apple never shows these updates in System Preferences > Software Update nor on the Apple Security Releases webpage (although they should be listed after installation in System Report > Software > Installations if you can locate that report on your Mac).

Howard Oakley:

Apple provides so many services for different parts of macOS that it’s hard to keep track of them. If you want to see a short summary, this article lists all service connections for enterprise network administrators, although it doesn’t detail which services use which servers, for example referring to “macOS updates” in many entries.

Many of you seem surprised to learn that Sequoia’s new XProtect updates come from iCloud, although Apple has been using iCloud for similar purposes for at least the last five years.

Previously:

Wednesday, January 15, 2025

AirPods Pro 2 and AirPods 4 Pushed Into Transparency Mode

Spencer Dailey (via Hacker News):

A couple of weeks ago I noticed my pair of AirPods Pro 2 aggressively switching me into Transparency mode. It seemed like a bug. Again and again I would have to manually switch back out of Transparency mode. Annoying.

Then a few days later, Apple removed the ability for me switch out of Transparency mode altogether!

There are ways to reverse each of these changes (the force switching and the Off removal), but the whole process was a major pain as a user to figure out, it wasn’t simple to reverse even once I knew how to, and there wasn’t any heads up that I remember getting from Apple explaining the changes. This led to me and a lot of people being confused.

Well over 100M people own AirPods. Here are some reddit posts (1, 2, 3, 4, 5) made by users frustrated over these AirPods changes. Notably, none of these reddit posts contain in their comments all of the steps needed to revert the changes.

iOS 18 and macOS 15 have a new Off Listening Mode setting:

For AirPods Pro 2 paired with compatible devices, enable the setting called Off Listening Mode, which allows you to turn off all noise control technology.

If you don’t enable the Off mode, the AirPods will only show the Transparency, Adaptive, and Noise Cancellation modes. The regular mode, without extra processing, is gone.

In frustration, I eventually Googled myself down a rabbit hole where I learned: all of this is likely tied to a relatively new feature called Loud Sound Reduction that only works if AirPods are in an active “Noise Control” mode. So Apple perhaps recently decided that everyone needed this feature enabled, and that’s why they made all these annoying changes to Noise Control? I can only speculate.

This is odd because I find that unwanted sounds are much louder in Transparency mode. I’ve always found this mode off-putting and rarely use it.

He also points out that the Loud Sound Reduction setting looks like it can’t be turned off. You have to find the toggle in elsewhere in Settings ‣ Accessibility.

But you know what? tvOS still did not show an “Off” mode for my AirPods 2! I ended up needing to hard reset my AirPods, change all the settings mentioned above on iOS for a second time, and then let tvOS rediscover them before “Off” would appear there.

Previously:

AirPods Pro Case Chime Sound

Juli Clover:

If you’ve been hearing a chiming sound from your AirPods Pro 2 case when the AirPods are charging, it’s a feature that Apple added with the launch of Hearing Health last year.

[…]

Apple says that the AirPods Pro may play a sound every so often while in the case to ensure the microphones and speakers are working as intended.

[…]

Information on the mysterious chime was highlighted on Mastodon after Apple’s unclear AirPods sounds were discussed on today’s ATP podcast.

John Gruber (Mastodon):

Years ago, Apple was a successful company and documented how their products work. These days, Apple is struggling financially, and alas can no longer afford to produce something even as simple as an interactive web page with examples of the sounds that AirPods make and explanations of what those sounds mean.

Previously:

Tony Fadell Wanted Apple to Buy Sonos

John Gruber:

I asked Tony Fadell and he confirmed to me it was him, saying it was back in the very earliest days of Sonos, when Sonos was set to debut with a device featuring an obviously iPod-like scroll wheel for input. Jobs wanted to sue (of course). But Fadell, after meeting with the founders, wanted to buy them, and made his case to Jobs, to no avail, several times circa 2003. Fadell said his pitch was basically “Seriously, we are all about music. Customers want this. I want this.” And Jobs’s response was, according to Fadell, “No one wants what they are selling.”

Needless to say, Apple is no longer all about music.

Previously:

PyObjC 11

Ronald Oussoren:

This release has two major features:

  1. Support for the macOS 15.2 SDK, including new bindings for the frameworks MediaExtension and DeviceDiscoveryExtension

  2. Experimental support for GIL-less operation in the free-threaded build of Python 3.13

The latter feature is an important reason for the delay: Supporting GIL-less operation required reworking parts of the internals of PyObjC, both to rely on other locks than the GIL and to avoid CPython APIs that are known to be problematic when the GIL isn’t present (“borrowed references” for anyone familiar with the CPython API).

Previously:

Tuesday, January 14, 2025

Bezel 2.5.1

MacStories:

Bezel [Web site] is one of those simple, easy-to-use apps that feels like it should have been made years ago. The one-line summary of Bezel is that it mirrors your iPhone screen to your Mac. But it actually does much more than that, elevating the app from a basic tool to a fully functioning utility with genuine, everyday use cases.

In addition to mirroring, Bezel offers many different ways to capture the screen of the mirrored device. You can place the screenshot in the frame of your iPhone and add padding around the frame with any pattern or color you want, or make the padding transparent. All of this together yields unique results, enabling many real-world applications. You can layer your phone’s screen onto other videos, show what you are doing on your screen during a big presentation, take screenshots with a frame for a how-to guide, and much more. Bezel also includes excellent keyboard shortcuts for almost every action within the app, as well as the ability to resize its window to a custom size or even to the device’s actual pixel size.

Niléane Dorffer:

I initially remembered that it is already possible to natively mirror an iPhone’s display on a Mac using QuickTime Player[…] Unfortunately, QuickTime Player’s video capture often produces artifacts and has a latency of up to one second. This is far from ideal for screen recording or showcasing the iPhone’s display during a presentation. In contrast, I found Bezel’s video to be smoother and nearly instant.

Previously:

Gravy Analytics Hacked

Joseph Cox:

Hackers claim to have compromised Gravy Analytics, the parent company of Venntel which has sold masses of smartphone location data to the U.S. government. The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples’ precise movements, and they are threatening to publish the data publicly.

[…]

The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem —not code developed by the app creators themselves— this data collection is likely happening both without users’ and even app developers’ knowledge.

Nick Heer:

You remember Gravy Analytics, right? It is the one from the stories and the FTC settlements, though it should not be confused with all the other ones.

Juli Clover:

Gravy Analytics’ parent company Unacast disclosed the data breach earlier this month [PDF], and said that its AWS cloud storage environment had been accessed by an unauthorized person using a “misappropriated access key.”

[…]

The order required Gravy Analytics to delete all historic location data and any data products developed using data collected from consumers, but it was apparently too late because the company’s systems had likely already been breached at the time.

Gravy Analytics collects location data through a real-time ad bidding process that allows companies competing to buy an ad to see customer IP address and more precise location data if enabled.

[…]

Baptiste Robert, CEO of security firm Predicta Lab, told TechCrunch that iPhone users that had app tracking disabled did not have their data shared.

See also: Bruce Schneier:

Previously:

Brazil Fines Apple Over FaceApp

Filipe Espósito (AppleInsider):

Apple and Google have been fined R$19 million (about US$3.1 million) in Brazil after a judge ruled that the companies contributed to allowing the controversial photo editor FaceApp to improperly collect data from its users. The app has a long history of questionable privacy policies.

[…]

The judge believes that the photo editor app violates the Brazilian Civil Rights Framework for the Internet, a law that regulates the use of the internet and digital platforms in the country.

Under Brazilian law, platforms are prohibited from “massive and improper collection of personal data” without users’ consent.

Previously:

Treasury Department Hacked

Lawrence Abrams (Slashdot):

Chinese state-sponsored threat actors hacked the U.S. Treasury Department after breaching a remote support platform used by the federal agency.

[…]

“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” reads the letter seen by the New York Times.

[…]

The threat actors utilized this access to target the text messages, voicemails, and phone calls of targeted individuals, and to access wiretap information of those under investigation by law enforcement.

Emma Roth:

The threat actor stole a key used by BeyondTrust “to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.” With the key, they overrode the security to remotely access those users’ workstations and “some unclassified documents” they maintained.

Richard Speed:

Writing on Mastodon, cyber security researcher Kevin Beaumont had a warning for Software-as-a-Service users: “One thing every org needs to start to plan for: SaaS provider breaches. What’s your playbook for when your SaaS provider gets breached?

Bruce Schneier quotes the Washington Post:

The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the United States, Taiwan, Europe and elsewhere.

Previously:

Monday, January 13, 2025

This Remote Has Me Questioning Everything

Matt Birchler:

I recently lost my Apple TV remote (the latest model) and despite apparently being somewhere in the couch according to Find My, my wife and I can not find it. We were using our phones as remotes for a couple days, which was annoying, but got the job done. But then I was doing something random with the TVs standard remote and for whatever reason I had the Apple TV on screen and used my Hisense remote to arrow around. To my surprise, it totally worked.

I’m sure this is a well-known thing, but I just hadn’t thought about my TV remote being able to control the UI of my Apple TV. I assume this is something to do with ARC over HDMI or something, but whatever the reason it works!

Now, I expected for this to feel like a stopgap until we found the actual Apple TV remote, but I actually really like using this compared to the Apple TV’s real remote. It feels better in the hand, the buttons are more satisfying to press, the buttons are less prone to accidental presses, there’s no trackpad I can accidentally brush and select the wrong thing, and the button layout is more logical to me. Seriously, I’ve been using the redesigned Apple TV remote since 2021 and I still have to look at it to remember where the mute and play buttons are because they’re not where I’d expect. 4 years of use and it’s still not muscle memory!

I stand by my original assessment that even the revised Siri Remote is just not very good.

Previously:

Mac Toolbar Guidelines

Mario Guzmán (Mastodon, Bluesky):

The following sections are general guidelines that describe fundamental Toolbar layout and design principles for Mac applications. Following these guidelines will help you create functional and aesthetically pleasing toolbars that are easy for Mac users to understand and use.

This document will reference a hypothetical Email application to illustrate key points in designing a Toolbar. It will heavily reference classes, structs, and properties in NSToolbar and NSTitlebarAccessoryViewController.

Mario Guzmán:

Have you noticed how some Apple apps just highlight w/ a darker translucency rather than a solid color?

You can see this darker translucency row highlight in apps like Finder & Apple Music sidebars.

Well, if you want to achieve this look for YOUR app, this is how you’d do it:

Subclass NSTableRowView and override isEmphasized so that the getter returns false.

Mario Guzmán:

When designing your sidebars and toolbars, don’t make the Sidebar toggle button a moving target. Don’t make your users chase it back and forth to toggle it. Keep it left-aligned, “pinned” to the window control buttons.

See the video of Disk Utility vs Passwords apps from macOS. Passwords app is how you want to do it.

Safari and Calendar also work like Passwords, though Calendar doesn’t use a standard toolbar. And why doesn’t Contacts have such a button?

It’s definitely bad to make the user chase the button back and forth. On the other hand, for most apps, putting it to the left might give it undue prominence. I thought the convention used to be to pin it to the right. That kind of solved both problems but had the disadvantage of making the button maximally far away from the area that it applied to. And in a Big Sur world of toolbar items that don’t fit, the implicit lowest priority from being the rightmost item would need to be boosted in order to avoid the instability of having it appear and disappear as the window resizes.

Previously:

What Happened to APFS Fast Directory Sizing?

John Siracusa:

Has anyone successfully enabled Fast Directory Sizing on a directory on an APFS volume in macOS and then confirmed that it works using dirstat_np?

Jim Luther:

That’s one of those promised features I was referring to that never really was hooked up or implemented right. IIRC, the problems with it are:

  • You have to create the directory and set an attribute on it before putting anything in it. It’s not available on already existing directories.
  • The size returned only includes the files data fork space. Extended attributes (including the resource fork) are not included.
  • The API is synchronous with no progress callbacks.

Those reasons keep the Finder from using it, and the Finder team asked for that APFS feature.

James Atkinson:

Is it a limitation of APFS that this feature couldn’t be created in a way that was useful to the Finder team, or is it just not a priority perhaps? I do find APFS fascinating. Also curious why the delta snapshot sending that was demoed never amounted to anything?

And Radar 32794924 apparently says that, if even you’re OK with those limitations, the DIRSTAT_FAST_ONLY path currently doesn’t work, so the API can only do the DIRSTAT_FORCE_FALLBACK path of recursively calculating all the sizes.

Previously:

Update (2025-01-16): Kory Heard:

Apple strongly hinted that APFS would be open sourced when first announced but that never came.

See also: Hacker News.

Accessibility That Fits

Soroush Khanlou:

Building a design that’s responsive to both its contents and its environment is a one of the primary challenges of robust user interface programming. There are some false gods out there and some legitimate best practices. However, I’ve found a new strategy that really helps, especially for text that has been scaled up for accessibility reasons.

[…]

So it’s not going to work to just shorten the string a little bit to get the text to fit. It is an interesting idea, though, that you can make the date take up less space by configuring it slightly differently. How do you get it to show the narrower string only if it needs to? You could try to key it off the dynamicTypeSize, which you can pull out of the environment:

@Environment(\.dynamicTypeSize) var dynamicTypeSize

But, this would ultimately be vague guesswork, and might break based on other factors, like screen size.

Fortunately, SwiftUI comes with a tool that helps us pick the best fitting option out of a series of compatible views, and it’s called ViewThatFits.

I’ve usually seen ViewThatFits discussed as a way to make a responsive layout that changes shape based on the available space. But it also seems to be an elegant solution for more mundane situations of figuring out how much text can fit—in this case choosing which date format to use.

I was going to say that Apple has used auto-changing date formats for decades, e.g. in Mail’s table view, but upon checking it looks like Apple removed that when it removed the Mail table view in Catalina and didn’t restore it when bringing back the table view a few years later. The column no longer separately aligns the days and times, either.

Finder does still adjust date formats based on the table column width, and it was not uncommon for apps to implement this themselves when I was initially developing EagleFiler, but Apple never added it as a standard framework feature, and it seems less common these days.

Friday, January 10, 2025

SteamOS Expands Past the Steam Deck

Michael Crider (Hacker News):

The big story in PC gaming for the last three years has been the Steam Deck. This low-power, portable, relatively inexpensive machine is clearly something the market has been waiting for, exciting gamers and energizing PC makers to pump out imitators, like the Asus ROG Ally and the Lenovo Legion Go.

But all of these machines lack a crucial component, despite copying the Steam Deck’s hardware to a greater or lesser degree. They rely on Windows, as do almost all consumer PCs not made by Apple. And Windows just isn’t a good experience in this form factor.

Kyle Orland (Hacker News):

Almost exactly a year ago, we were publicly yearning for the day when more portable gaming PC makers could ditch Windows in favor of SteamOS (without having to resort to touchy unofficial workarounds). Now, that day has finally come, with Lenovo announcing the upcoming Legion Go S as the first non-Valve handheld to come with an officially licensed copy of SteamOS preinstalled. And Valve promises that it will soon ship a beta version of SteamOS for users to “download and test themselves.”

[…]

The lack of a Windows license seems to contribute to a lower starting cost for the “Powered by SteamOS” edition of the Legion Go S, which will start at $500 when it’s made available in May. Lenovo says the Windows edition of the device—available starting this month—will start at $730, with “additional configurations” available in May starting as low as $600.

Previously:

Luigi Mangione’s Account Renamed on Stack Overflow

Evan Carroll (via Hacker News):

On Stack Exchange, all of the contributions on the site are contributed under a license maintained by a third party called Creative Commons; Creative Commons provides a license which states that licensed content must be perpetually shareable for any purpose including modification and by anyone including for-profit ventures, so long as the work remains properly attributed. This incentivizes content creation because every contributor is working on a corpus of work which is free from royalties and modification restrictions: everyone is bettering and growing the commons by using the site.

[…]

Alas, this minimal obligation of attribution is too much for some companies which have sought to erode this right. Right now, on Stack Overflow, Luigi Magione’s account has been renamed. Despite having fruitfully contributed to the network he is stripped of his name and his account is now known as “user4616250“. As reported by one of the moderators, Zoe, on Stack Overflow.

Mangione has not actually been convicted of anything yet. Reddit, Facebook, and Instagram have deleted his accounts, but “the only one that chose to both erase him and keep the content, is Stack Exchange.” It’s not clear whether that’s legal.

The Ross Ulbricht case is even more egregious because he was convicted and his old pseudonym remains with his attribution as Ulbricht desired.

Previously:

Passkey Usability

Dan Goodin (Hacker News):

Passkeys—the much-talked-about password alternative to passwords that have been widely available for almost two years—was supposed to fix all that. When I wrote about passkeys two years ago, I was a big believer. I remain convinced that passkeys mount the steepest hurdle yet for phishers, SIM swappers, database plunderers, and other adversaries trying to hijack accounts.

[…]

The FIDO2 specification and the overlapping WebAuthn predecessor that underpin passkeys are nothing short of pure elegance. Unfortunately, as support has become ubiquitous in browsers, operating systems, password managers, and other third-party offerings, the ease and simplicity envisioned have been undone—so much so that they can’t be considered usable security, a term I define as a security measure that’s as easy, or only incrementally harder, to use as less-secure alternatives.

[…]

Rather than help users understand the dizzying number of options and choose the right one, each implementation strong-arms the user into choosing the vendor’s preferred choice.

[…]

At this point, I don’t know if it’s Google or Firefox that’s presenting me with this non-intuitive response. I just want to open LinkedIn using the passkey that’s being synced by 1Password to all my devices. Somehow, the mysterious entity responsible for this message (it’s Google in this case) has hijacked the process in an attempt to convince me to use its platform.

Rui Carmo:

As someone who logs in to my corporate environment daily (sometimes more than once) using passkeys, I can certainly say that they are borderline usable in very specific contexts, but a complete mess where it regards interoperability.

Dan Moren:

The fundamental problem is that while the idea of passkeys is excellent, the implementation of it has been a mess. Every platform and site seems to have its own different way of handling the process, and what should be simple has instead become extremely confusing.

[…]

And I’m not even restricting that to non-tech-savvy users. I’ve run into multiples sites where I have set up a passkey and it doesn’t work correctly. Just last night I was trying to log into iTunes Connect on my iPhone: iOS showed I had a passkey and offered to use it, but for some reason, the site kept throwing an error. Maddening.

Shriram Krishnamurthi (via Venkatesh-Prasad Ranganath):

One of my great fears of passkeys — that I have not seen anyone talk about from a usability perspective […] is helping parents with their accounts. Right now I have access to their passwords. If they switch to passkeys, it becomes a lot harder for me to impersonate.

Rick Mondello:

Yes, I’ve seen the Ars piece about passkeys, and to be honest with y’all, I’m genuinely confused by it and can use help making the feedback actionable.

I do agree that it’s a problem that websites that have adopted passkeys aren’t using them to replace passwords and one-time codes.

I acknowledge that different platforms and operating systems have different user interfaces and experiences, in general, and regarding passkeys. I’m having a hard time quantifying whether that’s even a problem.

Adam Shostack:

I think the biggest thing is to (a) ensure dialogs are clear about what software is presenting them (b) where it plans to store the key and (c) letting people configure what their preference is for passkey management.

[…]

I learned recently that this is a 1password dialog*, despite having a different icon than the 1password icon. Also there’s no icon at all in the expando version.

*Or maybe it’s a firefox dialog that’s being integrated or hijacked in some way?

Ricky Mondello:

I vibe with this. Does anyone have any examples of where and how any vendor’s dialogs around passkeys might lead people astray?

Ricky Mondello:

I think it’s been a profound mistake on 1Password’s part that 1Password on desktop intentionally ignores the platform-native way to plug passkey data into web browsers and instead implements passkeys by hijacking the web API via their browser extension. (On iOS, however, they properly integrate as a data source.)

Ricky Mondello (Mastodon, tweet):

Obviously, authenticating to websites isn’t an either-or binary between passwords and magic links. Passkeys — the next-generation authentication standard defined by the FIDO Alliance and W3C, with backing from all of the major platforms, browsers, and credential managers — can be layered nicely into a magic link-based system to give users a secure and fast sign-in experience without the frustrations that come with switching apps to refresh one’s email. They’re complementary technologies, because passkeys can do this in a way that seamlessly coexists with, and is in fact supported by, email magic links for people who don’t yet have a passkey, don’t want a passkey, don’t have the device stability to use passkeys, or would prefer to sign in with a magic link this one time.

[…]

My local grocery store, one of the many Albertsons companies, has taken to preferring an email magic link over my easily-AutoFilled password, and it frustrates me every single time I try to sign in. Once you’ve experienced a world where signing in to websites and apps is so seamless it requires next to no thought, while still being secure, you never want to go back.

But I also kind of love magic links, because they acknowledge — no, radically accept — some fundamental truths. […] almost all online accounts can eventually be signed into by proving possession of an email address; this is usually phrased as “forgot password?”

[…]

On iOS and Android, in notable contrast to magic links, passkeys are directly usable across web browser apps and system web view experiences.

Leon Cowle:

Color me skeptical about passkeys (sorry Ricky!). I love the idea of them. I even use them myself (where possible, which isn’t a lot). But I’ve yet to find a non-techie that’s even heard of them. But more importantly, with passwords, password managers, one-time login links via email, SMS 2FA (yuck), email 2FA, hardware 2FA (for security nerds), I can’t help but wonder if the ol’ XKCD won’t end up applying here too?

[…]

I HOPE I’M DEAD WRONG AND PASSKEYS TAKE OVER THE (auth) WORLD!

Previously:

Network Neutrality Not Reinstated

Bruce Crumley (via Hacker News):

The increasing challenge to government agencies’ authority to regulate businesses gained momentum this week, after an appeals court suspended application of the Federal Communications Commission‘s (FCC) ruling restoring net neutrality. That stay effectively delays the court’s decision in the case until after November’s elections. No matter the results of those, however, its final fate may well be decided by the Supreme Court–whose previous rulings facilitated attacks on federal agencies in the first place.

[…]

The prohibition on ISPs offering faster services to corporate customers and individuals willing to pay more for the privilege was first imposed by the Obama Administration, revoked under Donald Trump’s presidency, then reauthorized by the FCC in April on the orders of President Joe Biden.

Brandon Vigliarolo:

The decision from the 6th Circuit Court of Appeals, filed today, formally killed the FCC’s April order that once again classified internet service providers as common carriers required to be impartial in the offering of their services regardless of what a customer was doing online.

David Shepardson:

The court cited the Supreme Court’s June decision in a case known as Loper Bright to overturn a 1984 precedent that had given deference to government agencies in interpreting laws they administer, in the latest decision to curb the authority of federal agencies.

Ben Lovejoy:

The FCC had acted in response to calls from Apple and more than 40 other tech companies to safeguard equal treatment for all.

Meg James (via Slashdot):

Despite the dismantling of the Federal Communications Commission’s efforts to regulate broadband internet service, state laws in California, New York and elsewhere remain intact.

[…]

In fact, some suggested that the Cincinnati-based 6th Circuit’s decision — along with other rulings and the U.S. Supreme Court’s posture on a separate New York case — has effectively fortified state regulators’ efforts to fill the gap.

Previously:

Thursday, January 9, 2025

Making Apple S9 and A16 in Arizona

Tim Culpan:

TSMC Arizona has picked up a second Apple product. In addition to the A16 processor for iPhones, which I shared with you in September, the fab is now producing SiPs (Systems-in-Package) for the Apple Watch, according to my sources. This product is believed to be the S9 SiP (I’ll be honest, I am a little unclear on this, but I’m 99% sure it’s the S9). Recall that TSMC Arizona is manufacturing at N4 (part of the N5-family of process nodes) while the S9 is made in Taiwan at N4 and is a derivation of the A16, so this would make sense.

Note that both of these are previous-generation chips.

Via Ryan Christoffel (MacRumors):

Trump’s administration is expected to impose strict tariffs on products being brought into the US from overseas, but Apple hopes to largely be exempt from any such financial burdens.

Mike Piatek-Jimenez:

The news that Apple is going to start manufacturing the S9 SIP in the U.S. is also likely an attempt to dodge the ITC import ban for the O2 monitoring feature.

Previously:

Bing Tricking People Into Thinking They’re on Google

Tom Warren (tweet, Hacker News):

Microsoft is pulling yet another trick to get people to use its Bing search engine. If you use Bing right now without signing into a Microsoft account and search for Google, you’ll get a page that looks an awful lot like… Google.

It’s a clear attempt from Microsoft to make Bing look like Google for this specific search query, and other searches just list the usual Bing search results without this special interface. The Google result includes a search bar, an image that looks a lot like a Google Doodle, and even some small text under the search bar just like Google does.

[…]

We’ve been cataloging every trick Microsoft has used to convince people to switch to Bing or Edge instead of Google and Chrome over the past few years. Microsoft has modified Chrome download sites, added pop-up ads into Google Chrome on Windows, injected polls into Chrome download pages, and even used malware-like popups to get people to ditch Google.

John Gruber (Hacker News):

The autoscrolling moves the page down just far enough to move Bing’s own page header out of the viewable page content. But because they just autoscroll down from the Bing page header, as opposed to hiding it completely (say, using display: none in CSS) you can see it by just scrolling back up. But who thinks to scroll up immediately after typing a search term and hitting Return? (No one.) They even actually have the word “Google” and Google’s actual logo on the results page, in an “info box” for Google, the “American tech company”. See for yourself.

It’s an exquisite dirty trick, and I’ll bet it actually works remarkably well. Google itself has long claimed that “google” is the most-searched-for term on Bing. I’ll bet that presenting the results for that search this way greatly increases the number of users who, thinking they’re actually now on Google, perform the search they intended to do on Google right there on Bing.

Mayank Parmar:

Microsoft is rolling out a new server-side update that could trick some people into using Bing as a default search engine in Google Chrome.

While using Google Chrome, I encountered a Bing pop-up on the right side of the browser. For a moment, I thought Chrome was infected with malware, but it turned out to be a new Microsoft campaign.

Via Nick Heer:

Speaking of things first-party platform vendors can do, this is an ad delivered by Windows within Chrome. Many things have changed since that antitrust trial, but something that remains the same is the contempt for users shown by corporate attempts to grab market share.

John Gruber:

Following up on yesterday’s item regarding Bing masquerading as Google to trick Edge users into searching with it, this Mastodon post from Timo Tijhof lists a few other such subterfuge tactics they’ve pulled recently. My favorite was this one from last year: when users opened a tab for “bard.google.com”, Edge inserted an ad in the tab bar encouraging the user to “Compare answers with the AI-powered new Bing”. Ads in the tab bar, jeebus.

Previously:

Microsoft Edge Slurps Tabs From Chrome Without Permission

Brandon Vigliarolo (via Hacker News):

Buried within Edge’s browser settings on Windows PCs is code that goes well beyond a one-time import of favorites and stored passwords, and has been present in some form as far back as mid-2022 at least. It gives gives Edge the ability to import practically all browser data from Chrome each time Redmond’s browser is launched.

Ostensibly a way for Microsoft to simplify the process of getting Windows users to switch to Edge, the feature has a classic Microsoft problem: it’s right now doing so without full permission, according to users. As the Windows maker is wont to do, it’ll also sync that data to the cloud too, provided users are signed into a Microsoft account - not great if you had intended to keep your Chrome and Edge environments separated.

Tom Warren:

I never imported my data into Microsoft Edge, nor did I confirm whether I wanted to import my tabs. But here was Edge automatically opening after a Windows update with all the Chrome tabs I’d been working on. I didn’t even realize I was using Edge at first, and I was confused why all my tabs were suddenly logged out.

[…]

“Always have access to your recent browsing data each time you browse on Microsoft Edge,” reads Microsoft’s description of the feature in Edge. This setting was disabled, and I had never been asked to turn it on.

[…]

Microsoft displays a big blue accept button to encourage Windows users to enable the feature, with a darker “not now” button if you want to opt out.

The button to opt in simply says Accept, but at least the Now now button is of the same size and looks like a button, unlike on iOS.

Thomas Claburn:

In a report [PDF] titled, “Over the Edge: How Microsoft’s Design Tactics Compromise Free Browser Choice”, the public benefit browser org argues that Windows users are encouraged to use Microsoft Edge and deterred from other options.

“Over the Edge” focuses specifically on Microsoft Edge and alleges manipulative design patterns – sometimes referred to as “dark patterns” or “deceptive patterns” – that push people towards a preferred outcome when presented with a choice in a visual interface.

Previously:

Xerox to Acquire Lexmark

Lexmark (via Hacker News):

Xerox Holdings Corporation (NASDAQ: XRX) today announced it has agreed to acquire Lexmark International, Inc., from Ninestar Corporation, PAG Asia Capital, and Shanghai Shouda Investment Centre in a deal valued at $1.5 billion, inclusive of assumed liabilities. This acquisition will strengthen the Xerox core print portfolio and build a broader global print and managed print services business better suited to meet the evolving needs of clients in the hybrid workplace.

Previously:

Wednesday, January 8, 2025

Opting Out of “Help Apple Improve Search”

Norbert Heger:

Apple has recently shown a noticeable tendency to collect, gather, transmit, and sometimes even store privacy-sensitive data – despite repeatedly emphasizing the importance of protecting such data and ensuring it remains solely on the user’s device.

[…]

macOS Sequoia introduces another new feature labelled Help Apple Improve Search, which sends and stores various search queries from Safari, Spotlight, and other sources to improve search results.

This feature, too, is enabled by default and is well hidden at the very bottom of System Settings > Spotlight.

[…]

Even if the data sent is not directly linked to me as a person, the data itself may contain information I might not want to share with third parties.

[…]

It’s worth noting that the new option in System Settings only governs the storage of this data, not its transmission to Apple. If Include Safari Suggestions is enabled in Safari Settings > Search, inputs into the search field are still sent to Apple for providing suggestions. To prevent this, Include Safari Suggestions must also be disabled.

As with Siri Suggestions, the UI is not exactly clear, and though both System Settings and Safari’s settings window have Privacy tabs, that’s not where these options appear.

As Fazal Majid reminds me, another recent example is that Firefox was criticized for opting users into Private Click Measurement, which Apple had also done with Safari.

I find that I’m often accidentally typing or pasting into the new Type to Siri window because I’ve accidentally triggered it by double-tapping the Command key.

Previously:

RSS Cache Control

Brent Simmons reported to me that my blog’s RSS feed wasn’t updating in recent versions of NetNewsWire. They’ve added support for the Cache-Control response header, and, for reasons unknown, my site was returning an interval of 2 days:

$ curl --head https://mjtsai.com/blog/feed/
HTTP/2 200 
date: Wed, 08 Jan 2025 14:28:24 GMT
server: Apache
vary: Accept-Encoding,Cookie,User-Agent
link: <https://mjtsai.com/blog/wp-json/>; rel="https://api.w.org/"
etag: "9efc6f6ed8885592fcee58bc1685dcaf"
cache-control: max-age=172800
expires: Fri, 10 Jan 2025 14:28:24 GMT
content-type: application/rss+xml; charset=UTF-8

even though plain HTML content was only cached for 10 minutes:

$ curl --head https://mjtsai.com/blog/
HTTP/2 200 
date: Wed, 08 Jan 2025 14:34:20 GMT
server: Apache
vary: Accept-Encoding,Cookie,User-Agent
cache-control: max-age=3, must-revalidate
content-length: 307509
last-modified: Wed, 08 Jan 2025 14:30:02 GMT
cache-control: max-age=600
expires: Wed, 08 Jan 2025 14:44:20 GMT
content-type: text/html; charset=UTF-8

I spent a while trying to figure out why WordPress would do that, but it turns out to be a default set by my server provider, DreamHost. RSS feeds fall under the default file type even though they are more likely to change frequently.

There are various ways to override this using Apache’s .htaccess file. Simmons is using this for his feed:

<Files "rss.xml">
  <IfModule mod_headers.c>
      Header set Cache-Control "max-age=300"
  </IfModule>
</Files>

But I don’t want to list each file separately because this blog has many feeds, e.g. one for the comments on each post. What seems to work is setting the expiration by MIME type:

<IfModule mod_expires.c>  
  ExpiresActive on
  ExpiresByType application/rss+xml "access plus 300 seconds"
  ExpiresByType application/atom+xml "access plus 300 seconds"
</IfModule>  

Please let me know if you run into any problems with this.

Previously:

SysBumps Attack

Guru Baran (via Ric Ford, PDF):

The research team from Korea University, led by Hyerean Jang, Taehun Kim, and Youngjoo Shin, presented their findings in a paper titled “SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR in macOS for Apple Silicon.”

Their work represents the first successful KASLR break attack on macOS systems powered by Apple’s custom ARM-based chips.

[…]

By exploiting Spectre-type vulnerabilities in certain macOS system calls, the researchers demonstrated that an unprivileged attacker could cause transient memory accesses to kernel addresses, even with kernel isolation enabled.

A key component of the attack involves using the Translation Lookaside Buffer (TLB) as a side channel to infer information about the kernel’s memory layout. The research team reverse-engineered the TLB structure of various M-series processors, uncovering previously unknown details about its architecture.

Previously:

LG UltraFine 6K

Malcolm Owen:

The LG UltraFine 6K Monitor, model 32U990A, surfaced on Monday as part of the 2025 CES Innovation Awards, as an honoree in imaging. The monitor is described as the first in the world to have a 6K resolution display that also uses Thunderbolt 5.

[…]

LG’s newest screen has a Nano IPS Black panel, delivering high color accuracy and contrast. Its color gamut coverage includes 99.5% of Adobe RGB and 98% of DCI-P3.

[…]

Add in that Dell’s monitor is available now for the relatively reasonable $2,479.99, and it seems like a good buy for the moment.

That may change if LG is particularly aggressive on the pricing of its screen and its availability. Sadly we won’t know that until LG releases more details for the display, as well as more specifications in general.

Previously:

Tuesday, January 7, 2025

Apple Intelligence News Notification Summaries

Graham Fraser:

Apple Intelligence, launched in the UK earlier this week, uses artificial intelligence (AI) to summarise and group together notifications.

This week, the AI-powered summary falsely made it appear BBC News had published an article claiming Luigi Mangione, the man arrested following the murder of healthcare insurance CEO Brian Thompson in New York, had shot himself. He has not.

Imran Rahman-Jones:

A news summary from Apple falsely claimed darts player Luke Littler had won the PDC World Championship - before he even played in the final.

The incorrect summary was written by artificial intelligence (AI) and is based on a BBC story about Littler winning the tournament semi-final on Thursday night.

Within hours on Friday, another AI notification summary falsely told some BBC Sport app users that Tennis great Rafael Nadal had come out as gay.

Nick Heer:

The ads for Apple Intelligence have mostly been noted for what they show, but there is also something missing: in the fine print and in its operating systems, Apple still calls it a “beta” release, but not in its ads. Given the exuberance with which Apple is marketing these features, that label seems less like a way to inform users the software is unpolished, and more like an excuse for why it does not work as well as one might expect of a headlining feature from the world’s most valuable company.

[…]

Apple has also, rarely, applied the “beta” label to features in regular releases which are distributed to all users, not just those who signed up. This type of “beta” seems less honest. Instead of communicating this feature is a work in progress, it seems to say we are releasing this before it is done. Maybe that is a subtle distinction, but it is there. One type of beta is testing; the other type asks users to disregard their expectations of polish, quality, and functionality so that a feature can be pushed out earlier than it should.

[…]

This all seems like a convoluted way to evade full responsibility of the Apple Intelligence experience which, so far, has been middling for me. Genmoji is kind of fun, but Notification Summaries are routinely wrong. Priority messages in Mail is helpful when it correctly surfaces an important email, and annoying when it highlights spam. My favourite feature — in theory — is the Reduce Interruptions Focus mode, which is supposed to only show notifications when they are urgent or important. It is the kind of thing I have been begging for to deal with the overburdened notifications system. But, while it works pretty well sometimes, it is not dependable enough to rely on.

Kirk McElhearn:

I don’t think that the vast majority of people know what beta means. Apple has been promoting the shit out of these features, and putting beta in a footnote.

Xe Iaso (via Hacker News):

This phrases a literal scam message in ways that make me think immediate action is required. You can see how this doesn’t scale, right?

[…]

Even more, if you have Apple Intelligence enabled for some of the other features but disable notification summaries because you find them worthless, you can get your notifications delayed up to five seconds. It’s kind of depressing that telling your computer to do less work makes the result take longer than doing more work.

Additionally, none of the summarization features work on my iPhone and I can’t be bothered to figure out why and fix it. I personally don’t find them useful. I just leave them enabled on my MacBook so that notification delivery is not impacted.

Eric Schwarz:

[The] whole vibe of Apple Intelligence is off-putting and feels like a not-ready-for-primetime suite of features that make the user experience worse.

Juli Clover:

Apple is working on an update for Apple Intelligence that will cut down on confusion caused by inaccurate summaries of news headlines, Apple told BBC News. In a statement, Apple said software coming soon will clarify when notifications have been summarized by Apple Intelligence.

[…]

There have been several prior events where Apple Intelligence provided incorrect details from incoming news app notifications. In November, Apple Intelligence suggested Israeli Prime Minister Benjamin Netanyahu had been arrested, incorrectly interpreting a story from The New York Times.

[…]

Apple Intelligence notification summaries are an opt-in feature and they can be disabled.

My understanding is that they are opt-out in that once you opt into Apple Intelligence in general, you have to opt out of the notification summaries if you don’t want them. And, crucially, this is at the user level. There is no way for an app developer such as the BBC to prevent its app’s notifications from being summarized.

John Gruber (Mastodon):

Apple is promoting the hell out of Apple Intelligence to consumers, and its advertisements hide, rather than emphasize, its “beta” quality.

The promotion of a feature is an implicit encouragement to, you know, actually use it.

[…]

Apple Intelligence notification summaries are marked with an icon/glyph, sort of like the “↪︎” Unicode glyph with a few horizontal lines to suggest text encapsulated by the arrow — a clever icon to convey an abstract concept, to be sure.

The meaning of that icon/glyph is not at all obvious unless you know to look for it, and most users — even those who opted in to Apple Intelligence understanding that it was “beta” and might produce erroneous results — don’t know to look for that particular glyph.

[…]

I can also see why Apple doesn’t want to offer such an option to developers. To whom do notifications belong — the developer of the app that generates them, or the user who is receiving them?

Jason Snell:

The statement uses the beta tag it has placed on Apple Intelligence features as a shield, while promising to add a warning label to AI-generated summaries in the future. It’s hard to accept “it’s in beta” as an excuse when the features have shipped in non-beta software releases that are heavily marketed to the public as selling points of Apple’s latest hardware. Adding a warning label also does not change the fact that Apple has released a feature that at its core consumes information and replaces it with misinformation at a troubling rate.

Apple is shipping these AI-based features rapidly, and marketing them heavily, because it fears that its competitors so far out in front that it’s a potentially existential issue. But several of these features simply aren’t up to Apple’s quality standards, and I worry that we’ve all become so inured to AI hallucinations and screw-ups that we’re willing to accept them.

[…]

So what can Apple do now? A non-apology and the promise of a warning label isn’t enough. The company should either give all apps the option of opting out of AI summaries, or offer an opt-out to the developers of specific classes of apps (like news apps). Next, it should probably build separate pathways for notifications of related content (a bunch of emails or chat messages in a thread) versus unrelated content (BBC headlines, podcast episode descriptions) and change how the unrelated content is summarized.

John Gruber:

I side with Apple in not giving developers the option to opt out of notification summaries, and (b) that I’m a bit more of the mind that Apple can address this by somehow making it more clear which notifications are AI-generated summaries. Like, perhaps instead of their “↪︎” glyph, they could use the 🤪 emoji.

Guy English:

If Apple Intelligence summarizes your notifications then Apple should badge it with their Apple logo. Not some weird cog or brain or some other such icon. Put your name on it! Apple is the one presenting this information to you and they should be held accountable for the veracity of it. Put your highly regarded Apple logo on your AI work or get outta here. It’s either an Apple product or it’s not.

Jason Snell:

The problem with Apple’s approach is that it’s summarizing a headline, which is itself a summary of an article written by a human being. As someone who has written and rewritten thousands of headlines, I can reveal that human headline writers are flawed, some headlines are just not very good, and that external forces can lead to very bad headlines becoming the standard.

Specifically, clickbait headlines are very bad, and an entire generation of headline writers has been trained to generate teaser headlines that purposefully withhold information in order to get that click.

[…]

Summarizing summaries isn’t working out for Apple, but more broadly I think there’s something to the idea of presenting AI-written headlines and summaries in order to provide utility to the user. As having an LLM running all the time on our devices becomes commonplace, I would love to see RSS readers (for example) that are capable of rewriting bad headlines and creating solid summaries. The key—as Artifact learned—is to build guardrails and always make it clear that the content is being generated by an LLM, not a human.

Craig Grannell:

Starting to think Apple might regret sticking its name in front of ‘Intelligence’ for all its AI stuff. Notifications are a disaster. Image Email categories are a disaster. And so on. Then again, the ad campaign is somehow even worse than all of that.

The sad thing is, there are good elements to Apple AI/ML. Prompt-based memories in the Photos app. Auto-tagging. Accessibility features like Personal Voice. But so much attention has been grabbed by flashy stuff that did not – and in some cases could not – work.

Steve Troughton-Smith:

The Apple Intelligence vs BBC story is a microcosm of the developer story for the feature. We’re soon expected to vend up all the actions and intents in our apps to Siri, with no knowledge of the context (or accuracy) in which it will be presented to the user. Apple gets to launder the features and content of your apps and wrap it up in their UI as ‘Siri’ — that’s the developer proposition Apple has presented us. They get to market it as Apple Intelligence, you get the blame if it goes awry.

Tim Hardwick:

Apple plans to scale up its News app by adding new countries to the platform beyond the US, Canada, the UK, and Australia, according to the Financial Times.

The plans reportedly include building its locally focused news coverage in the UK, as well as bringing its puzzles section to the country which is currently limited to the US and Canada.

With Apple News, Apple does have access to the full article text. Maybe it will use this to dogfood a way of making this available for notification summaries.

Previously:

Update (2025-01-10): Nick Heer:

Apple should not be putting its name or logo on something it does not stand behind, and it should stand behind everything it ships. It supposedly cannot “ship junk”, but it is obviously not yet proud of the way these notifications were summarized — it is making changes, after all. But will it be courageous enough to attach its valuable brand to the output of its own large language model? I would bet against it, but it should.

See also: John Gruber.

Cam Wilson (via Hacker News):

Screenshots from iPhone users show this new suite of AI-powered features appears unable to distinguish between messages sent by real individuals and organisations and fake requests made by scammers imitating others. In fact, the AI-powered features may even make it harder for users to initially distinguish between real and fake messages.

Steve, a pseudonym granted as his work has not authorised him to speak to the media, was surprised to see that his recently updated iPhone had prioritised and summarised an email saying that he had to lodge a income statement to the Australian Tax Office.

Update (2025-01-13): Chris Pepper:

The bad scenario is users not noticing “an unexpected notification summary” — in which case people will be misinformed, and will misattribute any misinformation to the BBC. Users who don’t notice the discrepancy won’t report anything to Apple. So Apple is describing the wrong problem with an inapplicable solution.

[…]

The expectation that someone will read an (incorrect) AI summary, tap/click to read the original news piece, and of course notice the discrepancy, devalues AI completely. If news notifications are just links to articles, there’s no need to summarize them at all. The points of a notification are a. to give you the essential information, and b. to provide more detail if interested.

[…]

This is not about unexpected summaries. It’s about incorrect notifications. Every news summary is expected, except when you already know something big just happened, and wait for your phone to catch up and tell you about it. ‘Unexpected’ is a weasel word from a PR person or lawyer who says Apple cannot admit that this is all about falsehood/misinformation/incorrect notifications.

Apple is solving their problem—of being liable for misattributing misinformation. But this does nothing for the customer’s problem—that the notification is incorrect—except insomuch as it hints that this is a feature that could be turned off.

Adam Engst:

Because I read quickly, I see no reason to ask Apple Intelligence to generate a summary of a Web page or a conversation in Mail. The downside of losing detail and nuance—and of possible errors—outweighs the upside of saving a few minutes of reading time. Notification summaries are even worse; for me, they save seconds at most and often introduce confusion by summarizing unrelated news articles or information that has changed multiple times within the summary period. The main utility I see for notification summaries is to reduce the irritation of too many notifications from chatty conversations or overactive apps, but Apple has already addressed that by grouping notifications.

While AI-generated summaries raise valid concerns, it’s essential to recognize that human-created summaries permeate nearly everything we read. For instance, every email message and discussion forum post has a subject line that’s supposed to summarize the message’s intent. People often write poor subject lines, but they remain an essential form of summary—one that AI could actually help improve.

[…]

To summarize—I had to!—summaries offer a different value proposition for everyone. Reading speed, language fluency, topical understanding, display space, and other factors play into how valuable a summary of a particular length will be in any given situation. You should ask for AI-generated summaries only when they will provide actual value and you can verify their accuracy when it matters. Finally, remember that just because something can be summarized doesn’t mean it should be.

What gets me about the Mail summaries, besides having to scroll and click to see them, is that they are so slow to generate. By the time the summary is ready I could have already skimmed the e-mail myself. Am I supposed to start doing this while waiting? Then I would be essentially reading the e-mail twice. Or zone out for a bit? I certainly don’t want to context switch while I wait. I don’t understand why the summaries aren’t pre-generated for new messages or ones that are next in the list for me to read.

Update (2025-01-16): Geoffrey A. Fowler:

This is my periodic rant that Apple Intelligence is so bad that today it got every fact wrong its AI a summary of @washingtonpost.com news alerts.

It’s wildly irresponsible that Apple doesn’t turn off summaries for news apps until it gets a bit better at this AI thing.

Update (2025-01-17): Chance Miller notes that, in the iOS 18.3 beta, notification summaries have been disabled for all news apps:

  • When you enable notification summaries, iOS 18.3 will make it clearer that the feature – like all Apple Intelligence features – is a beta.
  • You can now disable notification summaries for an app directly from the Lock Screen or Notification Center by swiping, tapping “Options,” then choosing the “Turn Off Summaries” option.
  • On the Lock Screen, notification summaries now use italicized text to better distinguish them from normal notifications.
  • In the Settings app, Apple now warns users that notification summaries “may contain errors.”

Nick Heer:

This is the first time I can remember where Apple uses an app’s App Store category to change its system behaviour. The closest equivalent I can think of is background downloads in Newsstand publications.

Joe Rosensteel:

In my opinion this doesn’t go far enough in addressing the problems that will persist with this headline feature of iOS.

[…]

The 18.3 changes don’t really address the root issue which is not, “how can we use this LLM that summarizes things to reduce notifications?” But rather, “How can we reduce unnecessary and disruptive notifications?” Remember that the software features allegedly exist to solve problems, so we should take a step back and look at the problem before we keep picking apart the solution they shipped.

The actual root issue was that Apple wanted to prove it could do AI stuff.

See also: MacRumors.

Coding Font Selection Tournament

Jason Snell:

Leo Laporte pointed me to the very clever site Coding Font, which lets you step through a tournament-style bracket of monospace fonts to find the one you like the best. Unfortunately it’s lacking a bunch of the options mentioned above, but if you’ve ever been curious about switching up your terminal font, it’s worth a go.

John Gruber (Mastodon):

I highly recommend you disable showing the font names while you play, to avoid any bias toward fonts you already think you have an opinion about. But no matter how many times I play, I always get the same winner: Adobe’s Source Code Pro. My second favorite in this tournament is IBM Plex Mono. The most conspicuous omission: Intel One Mono.

This was fun, but it doesn’t have any of the Apple fonts. Currently, I’m using SF Mono in Xcode and Menlo in BBEdit, Tower, Mail, EagleFiler, and MarsEdit. I don’t think I’ll be changing, but I was surprised to find that, in the tournament at least, I liked Noto Sans Mono. It kind of reminds me of Monaco, but with more square serifs.

Previously:

Monday, January 6, 2025

iOS 18.2.1 and iPadOS 18.2.1

Juli Clover (no iOS/iPadOS release notes, no security, no enterprise, no developer):

According to Apple’s release notes, iOS 18.2.1 addresses important bugs, and it is recommended for all users.

Apple is also testing iOS 18.3 and iPadOS 18.3, updates that we expect to see launch sometime in late January.

Adam Engst:

Without release notes or the threat of security vulnerabilities, it’s impossible to generate urgency around these new versions. However, the rapid release after the holiday break suggests that the bugs fixed were significant enough to warrant interrupting the engineers’ holiday vacations.

Previously:

Swift Parameterized Testing

Keith Harrison:

Swift Testing calls the test function once for each value in the arguments collection. […] If you pass a second argument, Swift Testing generates test cases for all combinations of the two arguments. […] You’re limited to at most two arguments. If you don’t need every combination you can zip the arguments to pair them.

Why use a parameterized test instead of just writing a for loop?

Each call of the test function with a different argument is an independent test case than can run in parallel. It’s much clearer when a test case fails. You can also rerun just the failing argument from the test navigator by clicking on the red failure icon[…]

Previously:

Sonuby 1.7.1

Michael Burkhardt:

Sonuby is a different kind of weather app, designed for users who often partake in outdoor activities. For example, if you often snowboard, you can have a weather forecast that places snow conditions front and center. Weather needs can be very individualistic, which is why Sonuby allows you to tailor the app to what you care about.

I like that Sonuby lets you customize the display to choose which data to emphasize. My favorite feature is that you can make collections of locations and then easily switch between locations within one of these subsets. Most other apps offer a flat list that becomes unwieldy or has a limit, so that I have to keep deleting and re-adding locations depending on which are most important at any time.

The data is from a combination of sources provided by meteoblue, which I don’t think I’ve used before, so I don’t know how accurate it is.

The app’s overall design is not really my cup of tea, and I ran into some problems adding locations. Some names that I searched for were not available, and others did show up but were lower in the list of matches—the app prioritized similar names that were thousands of miles away from me.

None of the weather apps I’ve tried, including Sonuby, really offers the kind of workflow I’d like for planning an outdoor activity. It’s not just that I want to know the forecast for a certain location on a certain day. I also want to compare several potential mountains to decide where to go based on the weather. Bonus points if it can also compare multiple weather data providers.

Weathergraph is my preferred app for home, and it lets me switch data providers without having to dig into the settings, but it’s useless for this purpose since it only supports one location. Apple Weather and Mercury Weather require a bunch of taps to switch locations and then get back to the right screen. I wish I could navigate to the display I want—say, precipitation next Saturday—and then swipe to see that exact data but for different locations and data providers. (Or, wild idea, how about showing the same data for multiple locations on the same screen at the same time?)

Previously:

25 Years of the Dock and Aqua

James Thomson (Mastodon, Hacker News):

On the 5th of January 2000, Steve Jobs unveiled the new Aqua user interface of Mac OS X to the world at Macworld Expo.

[…]

The version he showed was quite different to what actually ended up shipping, with square boxes around the icons, and an actual “Dock” folder in your user’s home folder that contained aliases to the items stored.

I should know – I had spent the previous 18 months or so as the main engineer working away on it.

[…]

I didn’t design the dock – that was Bas Ording, a talented young UI designer that Steve had personally recruited. But it was my job to take his prototypes built in Macromind Director and turn them into working code, as part of the Finder team.

[…]

I figured if anybody was finally going to kill off DragThing, it might as well be me.

After DP3, he resigned because Apple wanted him to move to Cupertino. Apple fired all the software engineers in Cork, and then they rewrote all his code before shipping Mac OS X 10.0. It’s remarkable how little the Dock has outwardly changed in the years since.

Jason Snell:

The timeline is interesting. James wrote his classic Mac utility DragThing before working at Apple, then was hired by Apple, then ended up working on the Dock, and then left Apple… to resume working on DragThing.

Also: James’s story about Apple trying to hide James’s location from Steve Jobs is an all-time classic.

Jason Snell:

When I watch the video back, it’s almost surreal how Steve Jobs keeps doing utterly normal, boring things in Mac OS X while the crowd completely loses its collective mind. Viewed by someone without any historical context, it would seem like a cult being whipped into a frenzy by its leader.

But I was there, and I can tell you that it wasn’t that. This was the moment, after 16 years of classic Mac OS–and let’s face it, the last five of those were pretty rough–when all the failings of the Mac were swept away and replaced with something modern, ready for the challenge of the 21st century.

[…]

It’s a bit of a head trip to watch Jobs explain how windows now have three buttons in the top left corner, colored “like a stoplight,” with symbols that appear when you roll the mouse pointer over them. Those buttons have become as much symbols of the Mac as the menu bar itself, but this was the first time anyone saw them.

Joe Groff:

In honor of the 25th anniversary of Mac OS X DP3 and the first public reveal of Aqua, this year’s MacBooks will feature an Apple-logo-shaped notch in the center of the menu bar.

Mario Guzmán:

Full height sidebars and inspectors also contribute to unnecessary waste of space in the toolbar. Also dividing toolbars to match column widths (like Mail and Notes) further makes unnecessary waste of toolbar space.

I’m ready for a Mac OS UI redesign that raises the bar for Desktop OS design. The way Aqua did.

Even going back to the old Aqua toolbar design would be fine. The new Big Sur way—where there’s lots of empty space, yet the window title gets truncated and important buttons, and sometimes even the search field, get stuffed into the overflow menu—is a regression.

See also: John Siracusa (in 2000), Stephen Hackett, Nick Heer.

Previously:

Update (2025-01-09): Basic Apple Guy:

Twenty-five years ago, Apple unveiled Aqua, a graphical user interface that has influenced the design of Apple software for over two decades! 🔴🟡🟢

Colin Cornaby:

I’m gonna be “that guy”, but as someone who used OS X since DP3 (and daily drove it at PB) I feel like I can be “that guy”…

Aqua wasn’t very good.

At 10.0 was mostly a show piece, but it wasn’t all that useful as a day to day UI. They did things like deliberately making all the animations slow to show off, but it made it painful to use. (Which was fixed in 10.2.)

I didn’t recommend it for average users until 10.2 (for reasons including Aqua). The UX didn’t feel mature to me until 10.6.

Mr. Macintosh:

This is what the OS X Snow Leopard 10.6.6 update looked like in Software Update.

Dan Counsell:

Can we please have the macOS X Lion UI back? 😍

Mario Guzmán:

The barber pole style indeterminate progress bar has been a part of the Mac since even before Mac OS X.

Removing it was a tragedy. It would be at the same level of getting rid of the Finder happy face or the startup chime.

The current style I think was ripped off from Android… which is quite the choice.

Louie Mantia:

There’s a refined clarity to this version of Aqua. It evolved gracefully to this point, where every element was distinctly different and yet cohesive. Consider the search field alone. Now, search fields have the same appearance of every other field: squared. The pill shape distinguished itself. Removing that characteristic introduced a level of ambiguity that is unnecessary. The same can be said for so much in modern visual design (or lack thereof).

[…]

It’s very unfortunate that the baby was thrown out with the bathwater. I distinctly remember when Apple claimed one value in the new design language was "deference," but after 12 years, this approach is clearly not as thoughtful as it was advertised. It is not as accessible as they have wished. We still have thin red text on gray buttons that lack significant contrast. We still have translucent elements and blurred backgrounds that confound reason and rationale. We traded away that refined clarity for over a decade of ambiguity.

Eric Schwarz:

While it makes sense that Apple would move the Mac to look/act more like iOS, I think there was a way to keep familiarity without making things worse—similar terminology or imagery, but they don’t have to be identical—System Settings on macOS still feels like a step back from the old System Preferences, even if it’s more like iOS.

Pierre Igot:

It’s only been, oh, (checks calendar) OVER SIX YEARS since Apple introduced Dark Mode in macOS, and still no one in charge has gotten around to checking to make sure that, in QuickTime Player, all the dialogs honour the system-wide setting chosen by the user when he/she prefers to use Light Mode (aka INeverAskedForThisShit Mode).

Update (2025-01-13): Jeff Johnson:

Lion is a truly bizarre version to be nostalgic for. It's the only Mac OS X version that I skipped entirely.

The tab view selection UI in the screenshot was utterly confusing and backwards.

Nick Heer:

When Mac OS X Lion was released, John Siracusa wrote imagined “three dials labeled ‘color,’ ‘contrast,’ and ‘contour,’” saying “Apple has been turning them down slowly for years. Lion accelerates that process”. At the time, we had no idea how much closer to zero Apple would take those dials. Now, we know — and for the same apparent reason.

[…]

The thing about [Alan Dye’s] explanation that frustrates most is that while we are sometimes merely viewing something, we are very often doing something with it. The reason there is a visual interface with controls and structure is because the computer is a tool.

Friday, January 3, 2025

OpenAI Failed to Deliver Opt-out Tool

Kyle Wiggers (Hacker News):

Back in May, OpenAI said it was developing a tool to let creators specify how they want their works to be included in — or excluded from — its AI training data. But seven months later, this feature has yet to see the light of day.

Called Media Manager, the tool would “identify copyrighted text, images, audio, and video,” OpenAI said at the time, to reflect creators’ preferences “across multiple sources.” It was intended to stave off some of the company’s fiercestcritics, and potentially shield OpenAI from IP-related legal challenges.

But people familiar tell TechCrunch that the tool was rarely viewed as an important launch internally. “I don’t think it was a priority,” one former OpenAI employee said. “To be honest, I don’t remember anyone working on it.”

This was promised by 2025. I’m not holding my breath, but I’m guessing that it happens before Apple’s OCSP preference because there’s a decent chance a court will order it.

Previously:

Apple Settles Siri Spying Lawsuit

Adi Robertson (Hacker News):

Apple has agreed to a $95 million settlement with users whose conversations were inadvertently captured by its Siri voice assistant and potentially overheard by human employees. The proposed settlement, reported by Bloomberg, could pay many US-based Apple product owners up to $20 per device for up to five Siri-enabled devices. It still requires approval by a judge.

If approved, the settlement would apply to a subset of US-based people who owned or bought a Siri-enabled iPhone, iPad, Apple Watch, MacBook, iMac, HomePod, iPod touch, or Apple TV between September 17th, 2014 and December 31st, 2024. A user would also need to meet one other major criteria: they must swear under oath that they accidentally activated Siri during a conversation intended to be confidential or private.

Juli Clover:

The lawsuit alleges that Apple recorded conversations captured with accidental Siri activations, and then shared information from those conversations with third-party advertisers.

Two plaintiffs claimed that after speaking about products like Air Jordan shoes and Olive Garden, their devices showed ads for those products, while another said he received ads for a surgical treatment after discussing it privately with his doctor.

[…]

While the lawsuit initially focused on Apple’s lack of disclosure, the first filing was dismissed in February 2021 because it did not include enough concrete data about the recordings that Apple allegedly collected. An amended complaint that focused on Siri recordings used for “targeted advertising” was refiled in September 2021, and that was allowed to move forward.

[…]

Apple says that it “continues to deny any and all alleged wrongdoing and liability, specifically denies each of the Plaintiffs’ contentions and claims, and continues to deny that the Plaintiffs’ claims and allegations would be suitable for class action status.” Apple is settling to avoid further costs of litigation.

I had thought this controversy was about contractors hearing the audio. The advertising angle is new to me. If Apple actually did that, it would be one of the biggest Apple news stories ever. I think it’s much more likely that a third-party app was listening to the microphone or that the ads were not based on audio at all. That said, given that privacy is so important to Apple’s brand, and that it seems so unlikely that Apple’s actually guilty of this, it’s a bit of a mystery why it would want to settle. I would think that proving its innocence would be well worth the legal fees, unless it fears the exposure of other information that would become public in discovery.

Ashley Belanger (Hacker News):

While the settlement appears to be a victory for Apple users after months of mediation, it potentially lets Apple off the hook pretty cheaply. If the court had certified the class action and Apple users had won, Apple could’ve been fined more than $1.5 billion under the Wiretap Act alone, court filings showed.

[…]

It was also possible that the class size could be significantly narrowed through ongoing litigation, if the court determined that Apple users had to prove their calls had been recorded through an incidental Siri activation—potentially reducing recoverable damages for everyone.

Or, maybe they fear a combination of the class being enlarged—almost every iOS user probably had some accidental activations—and a court deciding that the users don’t have to prove anything. Then the damages could really multiply.

Apple probably figures correctly that the advertising allegation will be quickly forgotten. But it’s not a very satisfying resolution. We don’t get to learn the details of what went on, and the compensation is ridiculously low for the people who were actually harmed.

Previously:

Update (2025-01-07): See also: Slashdot.

Iain Thomson:

After being questioned about privacy in a letter from Congress, Cook stated unequivocally that Apple doesn’t collect audio recordings of users without consent.

“Far from requiring a ‘clear, unambiguous trigger’ as Apple claimed in its response to Congress, Siri can be activated by nearly anything, including ‘[t]he sound of a zip’ or an individual raising their arms and speaking,” the complaint reads. “Once activated, Siri records everything within range of the Siri Devices’ microphone and sends it to Apple’s servers.”

[…]

Google is also facing a similar lawsuit after Belgian journalists reportedly found that the Chocolate Factory’s Assistant was also listening in without authorization. That case is still unresolved, and a German investigation into the matter is also ongoing.

Damien Petrilli:

IMHO people should stop giving a pass to Apple and just assume the worst, like for Meta and Google.

Years after years we are told the koolaid that Apple “cares” about privacy. And every year there is a controversy like this, privacy issues, “bugs”.

Nick Heer:

The original complaint (PDF), filed just a couple of weeks after Hern’s story broke, does not once mention advertising. A revised complaint (PDF), filed a few months later, mentions it once and only in passing (emphasis mine)[…] This is the sole mention in the entire complaint, and there is no citation or evidence for it. However, a further revision (PDF), filed in 2021, contains plenty of anecdotes[…]

[…]

I am filing this in the needs supporting evidence column alongside other claims of microphones being used to target advertising. I sympathize with the plaintiffs in this case, but nothing about their anecdotes — more detail on pages 8 and 10 of the complaint — is compelling, as alternative explanations are possible.

[…]

Yet, because Apple settled this lawsuit, it looks like it is not interested in fighting these claims. It creates another piece of pseudo-evidence for people who believe microphone-equipped devices are transforming idle conversations into perfectly targeted ads.

None of these stories have so far been proven, and there is not a shred of direct evidence it is occurring — but I can understand why people are paranoid.

John Gruber:

Apple doesn’t serve well-targeted ads based on text you type, describing exactly what you’re looking for, in the search box in the App Store, but a million gullible idiots believe they’re serving uncannily accurate ads based on snippets of random conversations secretly recorded from across the room.

Juli Clover:

No Siri data has ever been used for marketing purposes or sold to a third-party company for any reason, Apple said today in response to accusations that conversations Siri has captured were used for advertising.

Update (2025-01-09): Apple (MacRumors):

Apple has never used Siri data to build marketing profiles, never made it available for advertising, and never sold it to anyone for any purpose.

[…]

Siri searches and requests are not associated with your Apple Account. A random identifier — a long string of letters and numbers associated with a single device — is used to keep track of data while it’s being processed, rather than tying it to a user’s identity through their Apple Account or phone number — a process that we believe is unique among digital assistants in use today.

Apple does not retain audio recordings of Siri interactions unless users explicitly opt in to help improve Siri, and even then, the recordings are used solely for that purpose.

They are pretty aggressive about getting you to opt in, showing a full screen prompt during setup with a giant Share Audio Recordings button and some blue text, which doesn’t look like a button, that says Not Now.

Previously:

Autodesk Deletes Old Forum Posts

Autodesk (via Hacker News):

To keep our community efficient and up to date, we’ll be archiving content older than 10 years. We built a policy around document retention to stay relevant to our users and customers.

[…]

 The archiving process will start in December and is planned to be completed before the end of [2024].

[…]

Archiving is based on the creation date of the idea or forum thread. The latest activity does not affect the archiving process. All replies and comments within a topic being archived will also be archived.

kerry_w_brown:

The title says archiving but the posts indicate Unfortunately, we cannot keep the content, which in my book is DELETING.

[…]

Deleting everything that was originated prior to 10 years ago will destroy a wealth of information that is still viable. This information has not been transferred to the “Help” files and will no longer be searchable, the bookmarked links (published and personal) will no longer be available and the peers who provided this information probably won’t be available ( or not inclined ) to reproduce the information when it is required.

These groups are peer to peer and the answers to peoples questions and solutions to problems is typically provided by users of the products, not by the builders of the products. I consider this action to be an insult to the efforts of the people who have, at their own expense, graciously helped other users over the years.

Previously:

M4 Mac Issues With Ultrawide Monitors

Filipe Espósito:

As noted by many users on the Apple Community forums, Reddit and even corroborated by a 9to5Mac reader, the M4 Macs seem to break support for some ultrawide monitors. More specifically, those with 5K2K (5120 x 2160) resolution.

According to these reports, M4 Macs don’t display the proper resolution options for these monitors, which makes the interface and text look blurry. The same monitors work just fine with older Macs, whether Intel or Apple Silicon. But when connected to an M4 Mac, they no longer work in HiDPI mode – which upscales the interface to make it sharper.

[…]

Some users have managed to enable HiDPI using third-party tools such as BetterDisplay, but this causes other drawbacks such as the refresh rate dropping from 75Hz to 60Hz.

Previously:

Thursday, January 2, 2025

op run

Mattt Thompson (tweet):

This core insight — that configuration should be separate from code — led to the widespread adoption of .env files.

[…]

You add this file to .gitignore to keep it out of version control, and load these variables into your environment at runtime with a tool or library.

[…]

op lets you manage 1Password from the command-line. You can do all the CRUD operations you’d expect for items in your vault. But its killer features is the op run subcommand, which can dynamically inject secrets from your 1Password vault into your application’s environment.

Instead of storing sensitive values directly in your .env file, you reference them using special op:// URLs[…]

It’s great to see NSHipster back after a five-year hiatus.

The HFS Pixel

Encyclopedia Macintosh (p. 65, via Alex Rosenberg, rezmason):

HFS and MFS disks can be distinguished by the presence or absence of the HFS pixel. You can tell if a drive or disk is formatted as HFS or MFS by looking for the “HFS pixel” in the upper-left corner of any window from the drive or disk. If this pixel is on, the drive or volume uses the HFS; if it is off, the drive or volume uses the MFS.

[…]

The HFS pixel can be seen in the left window between the two horizontal lines just above the folder icon. In the center window it is not present. An enlargement of the pixel is presented at right.

This reminds me of Norton Disk Light, which used a single flashing pixel in the top-left corner of the display (back when the menu bar was rounded) to indicate disk activity.

Mihai Parparita:

Looks it went away in System 7, even with the B&W window frame.

Alex Rosenberg:

Seems equally likely they didn’t carry over the feature when rewriting the Finder in C++ for System 7.

Jim Luther:

MFS was so ignored in the Finder’s System 7 rewrite that the Finder crashed if you mounted a MFS volume with a long volume name. I found and reported that bug when learning about the File Manager when I switched from Apple II to Macintosh Developer Technical Support.

Update (2025-01-06): Josh Justice:

Who remembers positioning the cursor in System 7 so that it showed 1 pixel between it and the progress bar, so you could tell if it had progressed?

Who remembers trying this in Mac OS 8+ and being frustrated that the beautiful gradient made it harder to tell if there was progress? 😄

Update (2025-01-07): HACKTRIX (via Josh Hrach):

The XYZZY code is a simple cheat code for Minesweeper that helps you find the mines without clicking on the cells. To use this code, open Minesweeper, then type the letters xyzzy and hold the shift button for three seconds. Then minimize all open programs and look closely in the top left corner of your monitor screen. You will see a single pixel turned white.

Two Foreground Windows

Pierre Igot:

1) In the Finder, select an item and make its name editable.

2) WHILE THE NAME IS EDITABLE, click on the window of ANY ANOTHER APP to leave the Finder in the background.

3) Click on ANOTHER Finder window to bring the Finder back to the foreground.

Result: TWO FOREGROUND WINDOWS!

This is a really old bug.

Previously:

Update (2025-01-14): Jeff Johnson:

  1. Select some text in a web page in Safari
  2. Click in Finder to activate
  3. Right-click on the text in Safari to bring up the contextual menu
  4. Left-click in Safari to dismiss the contextual menu
  5. Left-click again in Safari to “activate” the window

The window appears to be active, but it mostly doesn’t work: hover effects, link clicks, command-w, etc.

This happens for me, too.

Bench Shut Down, Then Acquired

Charles Rollet (Hacker News):

Bench, a Canada-based accounting startup that offered software-as-a-service for small and medium-sized businesses, has abruptly shut down, according to a notice posted on its website.

[…]

The company’s entire website is currently offline except for the notice, leaving thousands of businesses in the lurch. Bench touted having more than 35,000 U.S. customers just hours before it was shut down, according to a snapshot saved by the Internet Archive.

Bench, which had raised $113 million from high-profile backers such as Shopify and Bain Capital Ventures, developed a software platform to help customers store and manage their bookkeeping and tax reporting documents.

[…]

Bench’s notice says its customers should file a six-month extension with the IRS to “find the right bookkeeping partner.” It also says customers will be able to download their data by December 30 and will have until March 2025 to do so.

Ian Crosby:

I’ve avoided speaking publicly about Bench since just over 3 years ago when I was fired from the company I co-founded.

[…]

In November 2021 I went out for what I thought would be a regular lunch with one of my board members. We had just raised a Series C and turned down a highly lucrative acquisition offer. We had budding partnerships with companies like Shopify that were interested in the technology we were developing. We were winning.

The board member thanked me for bringing the company to this point, but that they would be hiring a new professional CEO to “take the company to the next level.”

Charles Rollet (Hacker News):

The San Francisco-based HR tech company Employer.com focuses on payroll and onboarding, in contrast to Bench, which specializes in accounting and tax. Employer.com’s chief marketing officer Matt Charney told TechCrunch the company will revive Bench’s platform and provide instructions for customers to log in and obtain their data.

Dare Obasanjo:

12,000 small businesses who were left in a lurch just before tax time may have been saved.

This reminds me of the Synapse whose customers lost money when it failed but wasn’t FDIC insured. This is the risk of betting on startups for your financial needs.

Bench (Hacker News):

This acquisition ensures that Bench customers can continue relying on the same high-quality service they’ve always received, while also opening the door to future enhancements and capabilities powered by Employer.com’s extensive resources. Employer.com is committed to empowering small businesses with the tools and support they need to thrive, and Bench’s expertise in financial management aligns perfectly with that mission.

wdaher:

For Bench customers that want to look elsewhere, Pilot is doing free migrations from Bench to QBO, even if you don’t want to use Pilot. (So you can even take advantage of it if you want to instead DIY or work with some local firm.)

Previously:

Update (2025-01-08): Nicholas C. Zakas (via Ruffin Bailey):

Here’s @bench clarifying that no one is getting refunds.

Wednesday, January 1, 2025

Retiring Script Debugger

Mark Alldritt and Shane Stanley (Mastodon):

January 2025 marks Script Debugger’s 30th anniversary. It’s been a very long run for a two-person effort. Script Debugger began as a Classic MacOS product, survived Apple’s near-death experience, transitioned to macOS X and migrated across 4 CPU processor types. We are so grateful for the support we’ve received over these years. This support allowed us to keep working on Script Debugger much longer than we ever imagined.

Shane and I are retiring and the effort and costs associated with continuing Script Debugger’s development are too great for us to bear any longer.

[…]

In June 2025, Script Debugger will no longer be offered for sale and all support and maintenance will cease.

At this time, Script Debugger will become a free download.

This is really sad news. Script Debugger is an excellent app that I use nearly every day, and there’s nothing else like it. Alldritt had hinted at retirement before, but I had hoped that they would sell the app or that, with AppleScript not changing very quickly these days, it wouldn’t be too much of a burden to maintain. But with a constant stream of new OS bugs, new privacy and security requirements, and deprecated APIs, it’s impossible for an app to stand still. You have to keep updating it or it will break over time.

In any case, I thank them for spending decades developing an app that belongs in the Mac hall of fame.

Previously:

Update (2025-01-06): Uli Kusterer:

Pretty sure I used Script Debugger to do some extensive reworks of EyeTV’s AppleScript support, and it was so much more helpful than just waiting for Script Editor to abort with an error.

Brian Webster:

Sad to see Script Debugger going away, though I totally understand the decision. This tool has saved me sooooo many hours of time over the years, I very much do not look forward to whatever future macOS update that ultimately ends up breaking it. 😩

Update (2025-01-08): Jason Snell:

There are many great independent Mac apps out there that have been developed for decades by a single developer or a small team; I admit that I’ve been worried about the fate of those apps for a while now. Developers deserve to retire just like anyone else, but as happy as that moment can be for the people involve, I also selfishly dread the loss of another indie Mac app I’ve relied on for years.

Scott Knaster Occasionally Misses Expectations

Scott Knaster:

I worked in Silicon Valley for many years with brilliant people at amazing companies that changed the world. A lot of my stories are about those people and places. But some of them are about something unexpected I saw on a walk around my neighborhood. Stuff like that.

I tell stories face to face, over a meal, in online posts, and on stage. And now I’m trying this new way! Here I’ve written a bunch of stories in this Google Doc, like a little book. I’ve told some of them before and refreshed them a bit for this book. Others are brand new and I’m telling them here for the first time.

[…]

Steve entered the little interview room and sat down 3 feet away from me across a tiny round table. He leaned forward and said: “Are you the best technical writer in the world?”

I was stunned into silence for a few seconds, as I tried to figure what to say. And then, like an idiot, I gave a direct, thoughtful answer. “No. The best technical writer in the world is my friend Caroline Rose, and she already works here at NeXT.”

Via Dave Mark:

I’ve known my buddy Scott Knaster for a VERY long time. He and I wrote some of the earliest Apple developer books, became fast friends in that surprisingly small universe.

Scott just released a Google doc with a draft of his memoirs. Scott is a very entertaining writer, and the doc is chock full of pictures and wonderful anecdotes.

If you are a techie of any stripe, this is worth your time.

Some of his excellent books are How to Write Macintosh Software (PDF) and Macintosh Programming Secrets (PDF).

Previously:

Privacy of Photos.app’s Enhanced Visual Search

Jeff Johnson (Mastodon, Hacker News, Reddit, 2, The Verge, Yahoo):

This morning while perusing the settings of a bunch of apps on my iPhone, I discovered a new setting for Photos that was enabled by default: Enhanced Visual Search.

[…]

There appear to be only two relevant documents on Apple's website, the first of which is a legal notice about Photos & Privacy:

Enhanced Visual Search in Photos allows you to search for photos using landmarks or points of interest. Your device privately matches places in your photos to a global index Apple maintains on our servers. We apply homomorphic encryption and differential privacy, and use an OHTTP relay that hides IP address. This prevents Apple from learning about the information in your photos. You can turn off Enhanced Visual Search at any time on your iOS or iPadOS device by going to Settings > Apps > Photos. On Mac, open Photos and go to Settings > General.

The second online Apple document is a blog post by Machine Learning Research titled Combining Machine Learning and Homomorphic Encryption in the Apple Ecosystem and published on October 24, 2024. (Note that iOS 18 and macOS 15 were released to the public on September 16.)

As far as I can tell, this was added in macOS 15.1 and iOS 18.1, not in the initial releases, but it’s hard to know for sure since none of Apple’s release notes mention the name of the feature.

It ought to be up to the individual user to decide their own tolerance for the risk of privacy violations. In this specific case, I have no tolerance for risk, because I simply have no interest in the Enhanced Visual Search feature, even if it happened to work flawlessly. There’s no benefit to outweigh the risk. By enabling the “feature” without asking, Apple disrespects users and their preferences. I never wanted my iPhone to phone home to Apple.

Remember this advertisement? “What happens on your iPhone, stays on your iPhone.”

Apple is being thoughtful about doing this in a (theoretically) privacy-preserving way, but I don’t think the company is living up to its ideals here. Not only is it not opt-in, but you can’t effectively opt out if it starts uploading metadata about your photos before you even use the search feature. It does this even if you’ve already opted out of uploading your photos to iCloud. And “privately matches” is kind of a euphemism. There remains no plain English text saying that it uploads information about your photos and specifically what information that is. You might assume that it’s just sharing GPS coordinates, but apparently it’s actually the content of the photos that’s used for searching.

Ben Lovejoy:

One piece of data which isn’t shared is location. This is clear as several of my London skyline photos were incorrectly identified as a variety of other cities, including San Francisco, Montreal, and Shanghai.

Nick Heer:

What I am confused about is what this feature actually does. It sounds like it compares landmarks identified locally against a database too vast to store locally, thus enabling more accurate lookups. It also sounds like matching is done with entirely visual data, and it does not rely on photo metadata. But because Apple did not announce this feature and poorly documents it, we simply do not know. One document says trust us to analyze your photos remotely; another says here are all the technical reasons you can trust us. Nowhere does Apple plainly say what is going on.

[…]

I see this feature implemented with responsibility and privacy in nearly every way, but, because it is poorly explained and enabled by default, it is difficult to trust. Photo libraries are inherently sensitive. It is completely fair for users to be suspicious of this feature.

In a way, this is even less private than the CSAM scanning that Apple abandoned, because it applies to non-iCloud photos and uploads information about all photos, not just ones with suspicious neural hashes. On the other hand, your data supposedly—if their are no design flaws or bugs—remains encrypted and is not linked to your account or IP address.

jchw:

What I want is very simple: I want software that doesn’t send anything to the Internet without some explicit intent first. All of that work to try to make this feature plausibly private is cool engineering work, and there’s absolutely nothing wrong with implementing a feature like this, but it should absolutely be opt-in.

Trust in software will continue to erode until software stops treating end users and their data and resources (e.g. network connections) as the vendor’s own playground. Local on-device data shouldn’t be leaking out of radio interfaces unexpectedly, period. There should be a user intent tied to any feature where local data is sent out to the network.

Apple just crowed about how, if Meta’s interoperability requests were granted, apps the user installed on a device and granted permission to would be able to “scan all of their photos” and that “this is data that Apple itself has chosen not to access.” Yet here we find out that in an October OS update Apple auto-enabled a new feature that sends unspecified information about all your photos to Apple.

I’m seeing a lot of reactions like this:

I’m tired with so much privacy concerns from everyone without any reason… Yes it sends photo data anonymously to make a feature work or improve it. So what? Apple and iOS are the most private company/software out there.

But I’m tired of the double standard where Apple and its fans start from the premise of believing Apple’s marketing. So if you’re silently opted in, and a document somewhere uses buzzwords like “homomorphic encryption” and “differential privacy” without saying which data this even applies to, that’s good enough. You’re supposed to assume that your privacy is being protected because Apple is a good company who means well and doesn’t ship bugs.

You see, another company might “scan” your photos, but Apple is only “privately matching” them. The truth is that, though they are relatively better, they also have a history of sketchy behavior and misleading users about privacy. They define “tracking” so that it doesn’t count when the company running the App Store does it, then send information to data brokers even though they claim not to.

Eric Schwarz:

With Apple making privacy a big part of its brand, it is a little surprising this was on by default and/or that Apple hasn’t made a custom prompt for the “not photo library, not contact list, not location, etc.” permissions access. Some small changes to the way software works and interacts with the user can go a long way of building and keeping trust.

Matthew Green:

I love that Apple is trying to do privacy-related services, but this just appeared at the bottom of my Settings screen over the holiday break when I wasn’t paying attention. It sends data about my private photos to Apple.

I would have loved the chance to read about the architecture, think hard about how much leakage there is in this scheme, but I only learned about it in time to see that it had already been activated on my device. Coincidentally on a vacation where I’ve just taken about 400 photos of recognizable locations.

This is not how you launch a privacy-preserving product if your intentions are good, this is how you slip something under the radar while everyone is distracted.

Jeff Johnson:

The issues mentioned in Apple’s blog post are so complex that Apple had to make reference to two of their scientific papers, Scalable Private Search with Wally and Learning with Privacy at Scale, which are even more complex and opaque than the blog post. How many among my critics have read and understood those papers? I’d guess approximately zero.

[…]

In effect, my critics are demanding silence from nearly everyone. According to their criticism, an iPhone user is not entitled to question an iPhone feature. Whatever Apple says must be trusted implicitly. These random internet commenters become self-appointed experts simply by parroting Apple’s words and nodding along as if everything were obvious, despite the fact that it’s not obvious to an actual expert, a famous cryptographer.

Previously:

Update (2025-01-02): See also: Hacker News.

Franklin Delano Stallone:

If it were off by default that would be a good opportunity for the relatively new TipKit to shine.

Jeff Johnson:

The release notes seem to associate Enhanced Visual Search with Apple Intelligence, even though the OS Settings don’t associate it with Apple Intelligence (and I don’t use AI myself).

The relevant note is that in 15.1 the Apple Intelligence section says “Photos search lets you find photos and videos simply by describing what you’re looking for.” I’ve seen reports that the setting was not in 15.0, though its release notes did include: “Natural language photo and video search Search now supports natural language queries and expanded understanding, so you can search for just what you mean, like ‘Shani dancing in a red dress.’”

Eric deRuiter:

There are so many questions. Does disabling it on all devices remove the uploaded data? Is it only actually active if you have AI on? Does it work differently depending on if you have AI enabled?

My understanding is that there is nothing to remove because nothing is stored (unless in a log somewhere) and that there is no relation to Apple Intelligence.

Rui Carmo:

I fully get it that Photos isn’t really “calling home” with any personal info. It’s trying to match points of interest, which is actually something most people want to have in travel photos–and it’s doing it with proper masking and anonymization, apparently via pure image hashing.

But it does feel a tad too intrusive, especially considering that matching image hashes is, well, the same thing they’d need to do for CSAM detection, which is a whole other can of worms. But the cynic in me cannot help pointing out that it’s almost as if someone had the feature implemented and then decided to use it for something else “that people would like”. Which has never happened before, right?

thisislife2:

I was going through all the privacy settings again today on my mom’s iPhone 13, and noticed that Apple / ios had re-enabled this feature silently (enhanced visual search in Photos app), even though I had explicitly disabled it after reading about it here on HN, the last time.

This isn’t the first time something like this has happened - her phone is not signed into iMessage, and to ensure Apple doesn’t have access to her SMS / RCS, I’ve also disabled “Filter messages from unknown senders”. Two times, over a period of roughly a year, I find that this feature has silently been enabled again.

These settings that turn themselves back on or that say they will opt you out of analytics but don’t actually do so really burn trust.

Update (2025-01-07): Thomas Claburn:

Put more simply: You take a photo; your Mac or iThing locally outlines what it thinks is a landmark or place of interest in the snap; it homomorphically encrypts a representation of that portion of the image in a way that can be analyzed without being decrypted; it sends the encrypted data to a remote server to do that analysis, so that the landmark can be identified from a big database of places; and it receives the suggested location again in encrypted form that it alone can decipher.

If it all works as claimed, and there are no side-channels or other leaks, Apple can’t see what’s in your photos, neither the image data nor the looked-up label.

Fazal Majid:

There are two issues with this, even before considering possible bugs in Apple’s implementation, or side-channels leaking information:

1) as with the CSAM scanning case, they are creating a precedent that will allow authoritarian governments to require other scanning

2) uploading the hash/fingerprint reveals to someone surveilling the network that someone has taken a photo.

[…]

In a previous breach of trust and consent, they also turned on without consent in Safari the Topics API (Orwellianly called “privacy-preserving analytics/attribution” when it is nothing but an infringement of privacy by tracking your interests in the browser itself). Even Google, the most voyeuristic company on the planet, actually asked for permission to do this (albeit with deliberately misleading wording in the request, because Google).

Fred McCann:

Even if the results are encrypted you don’t control the keys - best case scenario is Photos is generating without telling you and placing it somewhere(?). And the server side could store encrypted results for which they or some other party could have a backdoor or just store them until advances render the enc scheme defeatable. Who gets to audit this?

Roland:

It is quite easy to see how governments will order Apple to abuse this feature in future, without any need to sabotage or compromise any Apple-supplied homomorphic-encryption / private-query / differential-privacy / ip-address-anonymizing security features[…]

[…]

That government instructs Apple to match “landmark” searches against (non-landmark) images (archetypes) which the government cares about.

[…]

When a match is found, Apple sets a “call the secret police” flag in the search response to the client device (iPhone, Mac, whatever).

[…]

Everyone can analyze the heck out of the Apple anonymous search scheme-- but it doesn’t matter whether it is secure or not. No government will care. Governments will be quite satisfied when Apple just quietly decorates responses to fully-anonymous searches with “call the secret police” flags-- and Apple will “truthfully” boast that it never rats out any users, because the users’ own iPhones or Macs will handle that part of it.

Jeff Johnson:

With Enhanced Visual Search, Apple appears to focus solely on the understanding of privacy as secrecy, ignoring the understanding of privacy as ownership, because Enhanced Visual Search was enabled by default, without asking users for permission first. The justification for enabling Enhanced Visual Search by default is presumably that Apple’s privacy protections are so good that secrecy is always maintained, and thus consent is unnecessary.

My argument is that consent is always necessary, and technology, no matter how (allegedly) good, is never a substitute for consent, because user privacy entails user ownership of their data.

[…]

The following is not a sound argument: “Apple keeps your data and metadata perfectly secret, impossible for Apple to read, and therefore Apple has a right to upload your data or metadata to Apple’s servers without your knowledge or agreement.” There’s more to privacy than just secrecy; privacy also means ownership. It means personal choice and consent.

[…]

The oversimplification is that the data from your photos—or metadata, however you want to characterize it—is encrypted, and thus there are no privacy issues. Not even Apple believes this, as is clear from their technical papers. We’re not dealing simply with data at rest but rather data in motion, which raises a whole host of other issues. […] Thus, the question is not only whether Apple’s implementation of Homomorphic Encryption (and Private Information Retrieval and Private Nearest Neighbor Search) is perfect but whether Apple’s entire apparatus of multiple moving parts, involving third parties, anonymization networks, etc., is perfect.

See also: Bruce Schneier.

Honey Extension Scam

David Nield:

Honey, which is owned by PayPal, is a popular browser extension—with 19 million users on Chrome alone—but the shopping tool is being accused of some seriously shady practices, including keeping users away from the lowest online prices and blocking creator affiliate links to deprive them of revenue. The scandal surfaced through a comprehensive video posted by MegaLag, who calls it “the biggest influencer scam of all time” based on an investigation that’s apparently been ongoing for several years. MegaLag claims to have reviewed masses of documents, emails, and online ads in the course of the investigation, as well as having spoken to victims and personally falling foul of Honey’s methods.

Wes Davis:

Honey works by popping up an offer to find coupon codes for you while you’re checking out in an online shop. But as MegaLag notes, it frequently fails to find a code, or offers a Honey-branded one, even if a simple internet search will cover something better. The Honey website’s pitch is that it will “find every working promo code on the internet.” But according to MegaLag’s video, ignoring better deals is a feature of Honey’s partnerships with its retail clients.

MegaLag also says Honey will hijack affiliate revenue from influencers. According to MegaLag, if you click on an affiliate link from an influencer, Honey will then swap in its own tracking link when you interact with its deal pop-up at check-out. That’s regardless of whether Honey found you a coupon or not, and it results in Honey getting the credit for the sale, rather than the YouTuber or website whose link led you there.

The official response denies nothing:

Honey is free to use and provides millions of shoppers with additional savings on their purchases whenever possible. Honey helps merchants reduce cart abandonment and comparison shopping while increasing sales conversion.

Update (2025-01-02): See also: Wladimir Palant and Marques Brownlee.

Preetham Narayanareddy:

Honey sponsored Mr. Beast in 3 videos, gaining a total of 140M views after spending approximately $120,000.

Update (2025-01-06): Elliot Shank:

Lawyer YouTuber is starting a class-action lawsuit against PayPal/Honey.

Friday, December 27, 2024

Apple to Defend Google Revenue Sharing Agreement

Jody Godoy (Hacker News, Reddit):

Apple has asked to participate in Google’s upcoming U.S. antitrust trial over online search, saying it cannot rely on Google to defend revenue-sharing agreements that send the iPhone maker billions of dollars each year for making Google the default search engine on its Safari browser.

[…]

Apple received an estimated $20 billion from its agreement with Google in 2022 alone.

Joe Rossignol:

In a declaration filed with a U.S. federal court in Washington, D.C. last week, Cue said Apple is against the idea for the following reasons[…]

[…]

Earlier this year, as part of the U.S. Department of Justice’s antitrust trial against Google, the court declared that the deal that sees Google set as the default search engine in Apple’s web browser Safari is illegal. In his declaration, Cue asked the court to allow Apple to defend the deal by having its own witnesses testify during the trial.

“Only Apple can speak to what kinds of future collaborations can best serve its users,” wrote Cue. “Apple is relentlessly focused on creating the best user experience possible and explores potential partnerships and arrangements with other companies to make that happen.”

[…]

If the agreement can no longer continue, Cue said “it would hamstring Apple’s ability to continue delivering products that best serve its users’ needs.”

If Apple thinks Google Search is the best for users, it could still offer it as the default. It just wouldn’t get the TAC.

Previously:

Update (2025-01-06): M.G. Siegler:

The real reason Apple is unlikely to go down a web search path is because they believe – as many now do – that web search is yesterday’s technology. Today is all about AI.

[…]

Said another way, if this were ten to fifteen years ago, Apple may indeed be compelled to go after web search on their own with such a remedy. But in 2025, it makes basically no sense and it would be an expensive distraction at best from what Apple needs to be working on.

[…]

But it’s not like Apple can just rip out Google, or any other web search product, from the iPhone. As Cue notes, that would make Apple’s product experience worse. And so they won’t. Which again leads to the notion that little would likely change if the judge were to accept this remedy in the case – except, again, for those $20B+ yearly payments. Money so large that it even matters to Apple.

[…]

It’s a weird position for the government to be in. They want these deals to be over, but killing these deals completely will probably only hurt Google’s search share marginally, if at all. But it will help Google’s bottom line! Money that Google can then plow back into making their search engine better, continuing the cycle.

And it will hurt Chrome’s competitors.

Google:

Today, we filed our own proposal, based on the actual findings in the Court’s decision. This was a decision about our search distribution contracts, so our proposed remedies are directed to that.

Dare Obasanjo:

The DOJ requested that Google to sell Chrome, end default search deals, share its index with rivals, and potentially sell Android to remedy its search monopoly.

Google’s counter-proposed that its search deals with Apple and others don’t need to be exclusive, allowing Apple to partner with Bing. 🙃

Vlad Prelovac on Kagi Search and Orion

The Talk Show (transcript):

Kagi founder and CEO Vlad Prelovac joins the show to talk about the business of web search, the thinking behind Kagi’s own amazing search engine, and their upstart WebKit-based browser Orion.

Here are some highlights from what I thought was a very interesting conversation:

Microsoft tried that with Bing and they spent 20 years, I think 100 billion is what I read and had thousands of the smartest people working on it and we all know what Bing results are like[…] So it’s really impossible for a small startup to compete with that nor I think we should. I think we should instead focus on providing the different business model.

The search index is one of those things that the DOJ suggested in their proposal to be open basically and just to prevent what I just described and also help proliferate startups that will offer different experiences.

[…]

We use five or six major search engines so everything that exists in the world and another advantage of doing that although it costs more money is basically we ensure that if it doesn’t surface on Kagi it probably doesn’t exist anywhere which is what you describe.

[…]

So Google has an offer that is basically a franchise and you have ability to get Google searches out but you also have to get Google ads so it’s one package and we have been trying for years to sort of license Google results in a way that we don’t get the ads so what we currently do is there are services out there that basically resell Google results that we use because we cannot directly retry but Google is not ready to do that and this is what the DOJ trial I think is very important for.

[…]

Safari to me, as far as I know, stands alone amongst popular browsers for not allowing the user to easily add their own, default search engine choices.

[…]

But all of those companies have traffic acquisition cost arrangements with Google. That’s how they get on that list in Safari.

Neither of them thinks that divesting Google of Chrome would solve anything.

Previously:

Update (2025-01-08): Vlad Prelovac:

Somebody posted this on reddit. Night and day difference between Google and Kagi results. Incentives matter.

Adobe Raises Monthly Photography Plan Prices

Adobe (Reddit, 2):

For more than a decade, we’ve brought photographers hundreds of innovative features in Lightroom and Photoshop without changing the price of our photography plans. Today we’re announcing an update to these plans to better reflect the value that the apps deliver. These plan updates come into effect for new subscribers on January 15, 2025, and will become effective for existing members only when your plan next renews.

[…]

Photography Plan (20GB) — The pre-paid annual plan remains unchanged at $119.88/year (equivalent to $9.99/month). Monthly billing remains an option for existing members with an updated price of $14.99/month, with an annual commitment, effective at your next renewal. Existing members who pay monthly can switch to the pre-paid annual plan to maintain the $9.99/month price. We will continue to support this plan for existing customers, however this plan will no longer be available to new customers.

[…]

Lightroom (1TB) — The pre-paid annual plan remains unchanged at $119.88/year (equivalent to $9.99/month). Additionally, this plan is expanding to now include Lightroom Classic. The monthly plan is updating to $11.99/month, with an annual commitment, effective at your next renewal. Existing members who pay monthly can switch to the pre-paid annual plan to maintain the $9.99/month price.

Emphasis added. So there are a few weeks left if you want to sign up for the plan with both Lightroom and Photoshop.

Adobe:

If your Photography plan (20GB) is currently on an annual plan, paid monthly, you can switch your billing to annual plan, prepaid, by visiting your Adobe Account page and following these steps: Select the Manage Plan button, then the Update Subscription button.

That’s the plan I’m on, but there’s no Update Subscription button. I chatted with Adobe’s AI assistant, and then with a person who initially told me that I had to cancel my current plan and that the price would change. After 24 minutes, and re-entering my credit card information even though it was already current, I think they switched me over.

See also: The Lightroom Queen.

Previously:

Update (2025-01-02): Peter N Lewis:

Bloody hell, you would think a multibillion dollar company like Adobe could handle a cancelation without screwing up the dates. I canceled the plan yesterday (Dec 30) which is already paid until Jan 30, which they are very clear about, right up until they email saying my services will end Dec 29 before I canceled it.

Also, because my change in payment frequency had to be implemented as a cancellation and a new sign-up, I got all these e-mails saying that they were sorry to see me go and then welcoming me to using the product, as if I hadn’t already been a customer for 10+ years. None of this is the end of the world, but this whole process wasted my time and showed a lack of care. The one-off Acorn upgrade was so much easier.

Monday, December 23, 2024

Deleting Unused Photos From Apple Photos

I’ve been trying to reduce the storage that the Photos app uses, both on my Mac and in iCloud. I use Lightroom for my photo library, so I would like to delete all the photos that are not referenced by projects (calendars and photo books).

Unfortunately, Photos is unable to display any of my projects from before December 2018, so I guess those are lost causes. (Maybe in theory I could restore from a really old backup with older versions of macOS and Photos and prevent it from syncing with iCloud Photos?)

Focusing on the newer ones, my first thought was to create a smart album of photos that are not referenced by any projects/albums. Photos does have a referenced condition, but I think that refers to files that have not been copied into the library.

This TidBITS-Talk thread recommends adding keywords to photos that are referenced, but that doesn’t seem to be possible with projects and the current version of Photos. If I select photos in a project, there are no relevant menu commands enabled, and the Info window doesn’t show anything about keywords.

What ended up working was creating a new album called In Projects. Photos does let you add to an album from within a project. So I did this for each project, adding the photos that were placed to the album. Then I created a smart album for photos that were not in the In Projects album.

Meta’s iOS Interoperability Requests

Juli Clover:

Apple today said that Meta has made 15 interoperability requests under the Digital Markets Act (DMA) in the European Union, which is more than any other company.

In a statement provided to Reuters, Apple said that Meta is asking for changes that could compromise user security and privacy.

[…]

In response to Apple’s comments on Meta’s requests, Meta said the following: “What Apple is actually saying is they don’t believe in interoperability. Every time Apple is called out for its anticompetitive behavior, they defend themselves on privacy grounds that have no basis in reality.”

John Gruber (Mastodon, Dithering):

Apple says Meta is seeking low-level access that would break both user privacy and device security.

Meta says Apple is using “privacy” as a bullshit excuse to avoid even reasonable interoperability.

But without reading the requests, there’s no way to say which side is more right than the other.

Apple:

It’s getting personal. How abuse of the DMA’s interoperability mandate could expose your private information.

[…]

If Apple were to have to grant all of these requests, Facebook, Instagram, and WhatsApp could enable Meta to read on a user’s device all of their messages and emails, see every phone call they make or receive, track every app that they use, scan all of their photos, look at their files and calendar events, log all of their passwords, and more. This is data that Apple itself has chosen not to access in order to provide the strongest possible protection to users.

Except that with the OCSP preference that Apple reneged on, Apple does get to track the apps that you use.

It’s not clear to me which request would enable Meta to “log all of [the user’s] passwords.” I doubt that’s actually what they want to do.

Separately Meta also wants to access their message history. Access to private communications needs to remain fully under the control of users.

I would love for apps to be able to access my message history because right now Apple doesn’t let me back up or search my own messages.

For instance, if a user asks Siri to read out loud the latest message received via WhatsApp, Meta or other third parties could indirectly gain access to the contents of the message. No one is in a position to understand the full risks of that.

This is one of the scariest examples they could come up with?

Nick Heer:

These are, so far as I can tell, similar to the things the Commission is requiring here.

Nick Heer (via Hacker News):

The EC preliminary findings under the DMA indicate that Apple must take steps to enable the operability of devices from other brands with its iPhones. The EC has launched public consultations with interested companies to gather feedback on compliance.

Steve Troughton-Smith:

The European Commission is going through Apple’s OSes feature by feature, with the help of interested parties and industry collaboration, and deciding where the API lines should be drawn. It’s absolutely fascinating.

[…]

“If Apple presents end users of [3rd-party apps] with a choice regarding the level of background execution capabilities or background connection to a connected physical device, it must present the same choice in the same manner, including regarding time, place, and cadence, to end users of Apple’s connected physical devices. Apple may only present end users with a specific choice […] if Apple implements and offers this choice for its own connected physical device.”

[…]

This proposal effectively states that Apple should provide private headers to internal frameworks on request, and developers should subsequently decide whether they need to submit an interoperability request to make the frameworks or APIs public.

[…]

Also, just to acknowledge the spin Apple is taking on this, which I have no interest in linking to: they just threw Meta under the bus for interoperability requests, something that is forbidden under the EC’s proposal, triple-underlining why the EC needs to legislate all of this in writing in the first place.

Previously:

Update (2025-01-09): See also: Natasha Lomas (Hacker News).

Update (2025-01-10): Andrew Bosworth:

If you paid for an iPhone you should be annoyed that Apple won’t give you the power to decide what accessories you use with it! You paid a lot of money for that computer and it could be doing so much more for you but they handicap it to preference their own accessories (which are not always the best!). All we are asking for is the opportunity for consumers to choose how best to use their own devices.

[…]

Many iPhone users don’t realize the experience with (for example) Ray-Ban Meta glasses is better on Android today because of limitations Apple has put in place on their system that do not apply to their own first party accessories.

Via David Barnard:

Apple’s built-in advantage in AR can’t be overstated. It’s mostly the US-based, iPhone-toting early adopters that are going to help fund and publicly beta test the first few waves of AR glasses. Without being able to integrate deeply into iOS, Meta will be severely hamstrung.

That said, it’s easier than ever to imagine a world in which visionOS plays second fiddle to Android XR and/or Horizon OS.

So many of the use-cases that will be unlocked with AR will benefit from, if not be completely dependent on, AI. Both Google and Meta already have multimodal foundation models publicly deployed, getting more and more capable by the month. Meanwhile Apple shipped Apple Intelligence with the same dumb Siri we’ve all built a love/hate (but mostly hate) relationship with. And partnered with OpenAI.

[…]

While Apple’s privacy protections do matter to a certain extent to many consumers, billions of people using Google and Meta product daily demonstrates that a better experience is often worth some amount of tradeoff in privacy.

Ian Betteridge:

Apple’s statements about what Meta is demanding through its DMA interoperability requests need to be taken with a giant pinch of salt.

Previously:

WhatsApp v. NSO Group

Reuters (via Hacker News, Court Listener):

U.S. judge ruled on Friday in favor of Meta Platforms’, WhatsApp in a lawsuit accusing Israel’s NSO Group of exploiting a bug in the messaging app to install spy software allowing unauthorized surveillance.

[…]

WhatsApp in 2019 sued NSO seeking an injunction and damages, accusing it of accessing WhatsApp servers without permission six months earlier to install the Pegasus software on victims’ mobile devices. The lawsuit alleged the intrusion allowed the surveillance of 1,400 people, including journalists, human rights activists and dissidents.

kdbg:

I’m not a lawyer so maybe I’m misunderstanding something but the plaintiff is Whatsapp, not the journalists. This isn’t really about holding NSO Group accountable for hacking journalists at all The fact journalists were compromised seems only incidental, the ruling is about weather or not NGO Group “exceeded authorization” on WhatsApp by sending the Pegasus installation vector through WhatsApp to the victims and not weather they were unauthorized in accessing the victims.

[…]

Adding a little more detail that comes from the prior dockets and isn’t in the judgement directly but basically NSO Group scripted up a fake Whatsapp client that could send messages that the original application wouldn’t be able to send. They use this fake client to send some messages that the original application wouldn’t be able to send which provide information about the target users’ device. In that the fake client is doing something the real client cannot do (and fake clients are prohibited by the terms) they exceeded authorization.

Think about that for a moment and what that can mean. I doubt I’m the only person here who has ever made an alternative client for something before.

Whatapp (that I recall) does not claim that the fake client abused any vulnerabilities to get information just that it was a fake client and that was sufficient.

I guess the vulnerabilities they exploited were in the operating systems, not in WhatsApp, but Apple withdrew its suit against NSO Group.

See also: Nick Heer.

In other news about old lawsuits, I just received my small settlement checks from Peters v. Apple and Equifax.

Previously:

Update (2025-01-09): Tim Cushing (Slashdot):

The win here is limited. And while it does seem to expand the definition of unauthorized access that has so often been a problem in CFAA cases, it only does so because NSO refused to make the source code available to WhatsApp, which means the court has to assume Whatsapp’s allegations are true because NSO is unwilling to prove them false.

Donald Bitzer, RIP

Dag Spicer (via Hacker News):

Bitzer studied electrical engineering at the University of Illinois at Urbana-Champaign (UIUC), obtaining a PhD in 1960. Following graduation, he joined the UIUC faculty, where he learned of efforts to bring lessons to students over a closed-circuit television network. While a committee of engineers, psychologists, and educators were unable to agree on a single solution at the time, Bitzer wrote up a proposal within a week, got it approved, and immediately started developing his PLATO system for the university’s groundbreaking ILLIAC I computer—the first electronic digital stored program computer built by a university. (PLATO stands for Programmed Logic for Automated Teaching Operations).

[…]

To make things easier on the eyes for students sitting in front of computer terminals for many hours at a time, in 1964 Bitzer, with colleague Gene Slottow and graduate student Robert Wilson, invented the flat panel display: plasma screens do not flicker and their clever design also saved memory in the computer by having the display itself store data.

Friday, December 20, 2024

Why Disney Stopped Subscriptions on the App Store

Ariel Michaeli (October 2024):

I see Disney’s choice of leaving the App Store as a long-term mistake that would cost them even more than the 30% they were giving Apple.

Ariel Michaeli:

Now that we have enough MRR data I think the reason is a bit clearer - and it isn’t just about fees.

[…]

In November, the first full month of no subscriptions, Disney+’s net revenue dropped by about $16M and Hulu’s by 28% - that’s double-digit millions in both cases - which means paying users are abandoning Disney at an alarming rate.

I think the reason Disney pulled out of subscriptions in the App Store is because they couldn’t figure out how to fight the churn which in turn necessitated getting fresh subscribers which isn’t easy.

Maybe I’m missing something, but this doesn’t make sense to me. First, the revenue reported is from both the App Store and Google Play; it would be helpful to see the Apple portion broken out. Second, why would leaving the App Store help with churn? I could maybe see that there’s more churn with App Store customers because Apple makes it easier to cancel. If you can get the same person to subscribe on the Web they might be more sticky. But, on the other hand, maybe it’s easier to sign them up with IAP. Easy come, easy go.

Without knowing the overall revenue picture, including direct-to-Disney revenue, I think it’s hard to conclude much. Of course, the App Store numbers are going down because every month there will be some cancellations with no new sign-ups. But we don’t know how many new and return subscribers there are or whether that would have been higher or lower with the App Store. Presumably, in the past there was a good stream of new App Store subscribers since the total was up over the year.

To me, the only thing this shows for sure is that the churn is very high, which suggests that lots of App Store subscribers were not staying long enough for Disney to go down from paying 30% to 15% in fees to Apple.

Previously:

Update (2024-12-20): Joe Rosensteel:

I have no data for this, but I continue to believe this is mostly about bundling in two ways: Bundles combat churn because people don’t want to start/stop parts of a bundle. Bundlers can also charge more for a bundle, which means higher fees. I think part of this will be explained when we see how much the “flagship” ESPN product will eventually cost.

The non-bundle DTC angle is that Disney can directly appeal to customers to rejoin for “relevant” shows. Can’t do that through Apple.

Provenance Rejected From the App Store

leazhito:

Around 4 hours ago developer posted that the app was once again rejected by Apple for weird reasons regarding adding games during testing.

They later posted that they submitted another appeal.

And shortly after this (see image) thread of two tweets mentions they have seemingly ran out of money due to Apple’s decision making and that unless the appeal works out, this “may be the end of Provenance for a while”.

Via Craig Grannell:

App review, as ever, is inconsistent. It still feels like Apple has it in for emulators, even if Consoles got approved (well, on one platform – last I saw, all non-iOS versions weren’t out despite the iOS one being live). What a mess.

Previously:

Update (2025-01-08): Mike Rockwell:

I used Provenance extensively back when I first started tinkering with sideloading. It would be great to have it available in the App Store — I’d put it alongside RetroArch as one of the best emulators on the platform.

Craig Grannell:

The Provenance emulator finally made its way through app review. (The IAP is entirely optional, note. Almost all features are free.)

As far as I'm aware, Mini vMac remains banned and MAME4iOS is still in limbo, despite a name change to ArcadeMania.

Craig Grannell:

Turns out Apple’s latest rejection of MAME4iOS/ArcadeMania was because the app should “only run ROMs owned by the developer”. I don’t even. This must be so frustrating for the creator. App review, as ever is either broken or working as intended. Neither of those is good.

Apple Sued for Not Searching iCloud for CSAM

Ashley Belanger:

Thousands of victims have sued Apple over its alleged failure to detect and report illegal child pornography, also known as child sex abuse materials (CSAM).

The proposed class action comes after Apple scrapped a controversial CSAM-scanning tool last fall that was supposed to significantly reduce CSAM spreading in its products. Apple defended its decision to kill the tool after dozens of digital rights groups raised concerns that the government could seek to use the functionality to illegally surveil Apple users for other reasons. Apple also was concerned that bad actors could use the functionality to exploit its users and sought to protect innocent users from false content flags.

Child sex abuse survivors suing have accused Apple of using the cybersecurity defense to ignore the tech giant’s mandatory CSAM reporting duties. If they win over a jury, Apple could face more than $1.2 billion in penalties. And perhaps most notably for privacy advocates, Apple could also be forced to “identify, remove, and report CSAM on iCloud and implement policies, practices, and procedures to prevent continued dissemination of CSAM or child sex trafficking on Apple devices and services.” That could mean a court order to implement the controversial tool or an alternative that meets industry standards for mass-detecting CSAM.

[…]

To build the case, survivors’ lawyers dug through 80 cases where law enforcement found CSAM on Apple products, identifying a group of 2,680 survivors as potential class members.

Previously: