Friday, May 18, 2018 [Tweets] [Favorites]

The Developers Union

Brent Simmons, Jake Schumacher, et al.:

We believe that people who create great software should be able to make a living doing it. So we created The Developers Union to advocate for sustainability in the App Store.

Today, we are asking Apple to commit to allowing free trials for all apps in the App Stores by the tenth anniversary of the App Store this July. After that, we’ll start advocating for a more reasonable revenue cut and other community-driven, developer-friendly changes.

See also: AppleInsider, Wired.

Update (2018-05-18): Brent Simmons:

Some of the press coverage about The Developers Union uses words like “angry” and “fed up.” These aren’t accurate characterizations at all. Nobody’s mad here!

But here‘s the deal: Apple controls the App Store and its economics. The system could be set up better to support high-quality apps, by indies, that last for years.

Update (2018-05-19): See also: Hacker News, MacRumors.

Basic Questions About Google Duplex

Dan Primack:

When you call a business, the person picking up the phone almost always identifies the business itself (and sometimes gives their own name as well). But that didn’t happen when the Google assistant called these “real” businesses[…]

John Gruber:

The way the people answered the phone in these recordings was one of the first things that made me suspicious that these examples were either significantly edited or outright fakes. Plus, the salon only asks for a name (and only a first name at that). No phone number, no checking if the client has a request for a certain stylist.

Nick Heer:

Google CEO Sundar Pichai insisted three times that these calls were real, but these discrepancies should be answered. If these calls were edited, even just to remove the business name to limit publicity, Google hasn’t said. Very strange.

Joe Cieplinski:

But if I had to guess: Google made a real phone call, but to someone who had been prepped to follow a very specific script. That way, they were sure to get the responses they wanted. Not so much a complete fake as a contrived circumstance that didn’t demonstrate how this app would behave in the real world.

See also: John Gruber.

Thursday, May 17, 2018 [Tweets] [Favorites]

New Twitter APIs and Pricing

Juli Clover:

Twitter today unveiled new details on its upcoming activity API changes, which will affect how third-party apps are able to access Twitter APIs and provide services to Twitter users who prefer to use apps like Twitterrific and Tweetbot.

Third-party Twitter app developers will be required to purchase a Premium or Enterprise Account Activity API package to access a full set of activities related to a Twitter account[…]


Twitter says it will be delaying the deprecation of its current APIs for three months to give developers time to transition over to the new platform. These APIs will be deprecated on Wednesday, August 16 instead of June 19, the original date Twitter planned to end support for the APIs.

Michael Glenn:

Twitter’s quarterly revenue was $665MM or $222MM a month.

Estimated active users are 267MM.

That’s $0.83 per user per month.

Why would they think $11.60 per user per month makes any sense?

Chuq Von Rospach:

In reality, priced to kill third party apps in a way Twitter hopes we blame the apps for.

Sean Heber:

It’s looking like it won’t be financially possible for us to afford the new account activity API from twitter.

John Gruber:

Twitter management obviously wants to steer people to their first-party mobile app and desktop website. I get that. But they already have that: the overwhelming number of Twitter users use exactly those products to access the service.


Twitter isn’t explicitly saying that they’re shutting down third-party clients, but I don’t know that it’s feasible for them to exist if they don’t have access to these APIs. It’s like breaking up with someone by being a jerk to them rather than telling them you’re breaking up.

Riccardo Mori:

What Twitter is doing to 3rd-party developers, is doing it purely out of spite. In the grand scheme of things, the sheer number of people using 3rd-party clients is too small to impact Twitter’s revenue.

Chuq Von Rospach:

They are pretty clearly moving to a model where brands and big names announce stuff and their fans listen, and those of us who use it to share info and chatter are inconvenient and in the way.

Previously: Twitter Shutting Down APIs, Twitter Abolishes Native Mac Client.

Update (2018-05-18): See also: Manton Reece.

Jan Dawson:

The big risk is that Twitter will focus so much on Twitter 2 that it fails to feed Twitter 1. Twitter 1 is the most vocal Twitter, and essentially all the influencers — whether celebrities, power users, or reporters — are in Twitter 1. Ignoring Twitter 1 as the company focuses on Twitter 2 would be a huge mistake, especially because so much of the content consumed by Twitter 2 is provided by Twitter 1. There’s a symbiotic relationship here, and one that Twitter has to be very careful not to disrupt.

The problem is that Twitter has another goal it’s trying to achieve: monetization. Twitter’s monetization strategy involves serving up ads, which in turn requires that people use Twitter’s own apps or its website to consume those ads. And yet Twitter 1 disproportionately uses third party clients like Tweetbot and Twitterrific. Because of Twitter’s insistence on monetization through advertising, and its general discouragement of clients that replicate the core Twitter experience, it’s started withholding some important features from the API it makes available to third party clients.

Via Nick Lockwood:

This Venn diagram is also equates pretty well with

Mac vs iOS users


Mac/iOS power users vs ordinary users

And similarly explains why Apple continues to grow and rake in profits whilst making decisions that frustrate its most vocal and valuable supporters.

US Cell Carriers Are Selling Access to Real-time Phone Location Data

Zack Whittaker (via Hacker News):

Four of the largest cell giants in the US are selling your real-time location data to a company that you’ve probably never heard about before.

In case you missed it, a senator last week sent a letter demanding the Federal Communications Commission (FCC) investigate why Securus, a prison technology company, can track any phone “within seconds” by using data obtained from the country’s largest cell giants, including AT&T, Verizon, T-Mobile, and Sprint, through an intermediary, LocationSmart.

Update (2018-05-18): Nick Heer:

While I was writing it, I couldn’t help but think that there isn’t much worse it could get, right? Well, what about if a similar location tracking application had no security — at all?

UIs That Amass Memories

Marcin Wichary (via Nick Heer):

Fascinated by UIs that accidentally amass memories. One of them is the wi-fi “preferred networks” pane – unexpected reminders of business trips, vacations, accidental detours, once frequented and now closed cafés.

Another? The alarm page and its history of painful negotiations with early mornings. (One of these, I’m sure, was for a lunar eclipse; another for sending a friend in Europe a “good luck” text.)

Some Thoughts on Google Photos vs. Apple Photos

Om Malik:

In my social circles — admittedly a very tech-centric community — it is hard to find anyone who has told me that they love Apple Photos. Usual refrain tends to be – “That’s a mess.” There are no magical aha moments. Photos are Apple and by extension, iPhone’s currency. And yet the software on iPhone and Macs resembles a two-legged dog dragging itself over the rocky ground. Yes, there is assurance that it is not feeding some giant ads-spewing web monster, but by Jove, it isn’t a fun experience, and not magical.

And that is the exact opposite of how you feel about the actual camera app and how simple and elegant it is compared to its rivals on other platforms. Magic comes from the way the software works on the hardware, and that is where Apple has put most of their photo emphasis lately: on the camera itself. Samsung, OnePlus, Google Pixel and Huawei are some of the Android phone cameras I have tried, and have been underwhelmed by them. Not because of the camera hardware, but by the overall experience.

The Moat Map

Ben Thompson:

This relationship between the differentiation of the supplier base and the degree of externalization of the network effect forms a map of effective moats; to again take these six companies in order:

  • Facebook has completely internalized its network and commoditized its content supplier base, and has no motivation to, for example, share its advertising proceeds. Google similarly has internalized its network effects and commoditized its supplier base; however, given that its supply is from 3rd parties, the company does have more of a motivation to sustain those third parties (this helps explain, for example, why Google’s off-site advertising products have always been far superior to Facebook’s).
  • Netflix and Amazon’s network effects are partially internalized and partially externalized, and similarly, both have differentiated suppliers that remain very much subordinate to the Amazon and Netflix customer relationship.
  • Apple and Microsoft, meanwhile, have the most differentiated suppliers on their platforms, which makes sense given that both depend on largely externalized network effects. “Must-have” apps ultimately accrue to the platform’s benefit.


To be sure, the company has been more than fine: its developer ecosystem is plenty strong enough to allow the company’s product chops to come to the fore. I continue to believe, though, that Apple’s moat could be even deeper had the company considered the above Moat Map: the network effects of a platform like iOS are mostly externalized, which means that highly differentiated suppliers are the best means to deepen the moat; unfortunately Apple for too long didn’t allow for suitable business models.

Tuesday, May 15, 2018 [Tweets] [Favorites]

App Architecture: iOS Application Design Patterns in Swift

Chris Eidhof, Matt Gallagher, and Florian Kugler:

This book explains a range of application design patterns and their implementation techniques using a single example app, fully implemented in five design patterns.

Instead of advocating for any particular pattern, we lay out the problems all architectures are trying to address: constructing the app’s components, communicating between the view and the model, and handling non-model state. We show high-level solutions to these problems and break them down to the level of implementation for five different design patterns — two commonly used and three more experimental.

Tweetbot 3 for Mac

Tapbots (MacRumors, MacStories, The Verge, 9to5Mac):

Tweetbot’s new optional expanded sidebar provides one-click access to all of your subsections like your lists, direct message conversations and saved searches.

Columns have been rebuilt from the ground up to be far more accessible and customizable. Easily add/remove columns, change the content of a column or reorder them.

Automatically playback videos and GIFs in your timeline with a quick mouseover. A click on an image or video opens it up in our lightning fast new media viewer.

Go easy on your eyes in low light situations with the new dark theme, one of the most highly requested features for Tweetbot. See how images and videos pop beautifully.


Topics automatically chain together multiple Tweets to easily create tweetstorms or live blog events.


Ever forget why you followed someone or wanted to jot notes about someone for future reference? Create notes on a user’s profile that only you can see.

$10 is a small price to pay to keep supporting development of a quality native Twitter client, but I see this update as a bit of a design regression. It continues the trend of lowering the information density by adding a row of buttons to each tweet. This consumes a lot of vertical space and fills it with distracting widgets that I will never use—because I use the keyboard shortcuts.

Annoyingly, it did not remember my accounts or preferences from Tweetbot 2. Do I have the Mac App Store to thank for requiring paid updates to have a different bundle identifier and thus a different sandbox container?

Previously: Twitter Abolishes Native Mac Client.

Update (2018-05-19): See also: The Sweet Setup.

When Disappearing Messages Don’t Disappear

Patrick Wardle:

In short, Alec noted that if using the macOS Signal App, disappearing messages may remain in macOS’s Notification Center. Yikes!


While the application deletes the messages (once the ‘disappear’ time is hit) from the app’s UI - the message may still remain in macOS’s Notification Center.

This apparently occurs because:

  1. Signal displays (posts) a message notification (with the content of the message) to the Notification Center (if the app is not in the foreground).
  2. The OS automatically dismisses the notification ‘banner’ … but the notification (which contains the message contents) remain in the Notification Center.
  3. Signal, does not explicitly delete this notification when it deletes messages from the app UI.

Even if it did delete the notifications, the data might still remain in the SQLite database file.

Previously: TextExpander 5 and Notification Center Privacy.

Why Apple Should Copy the Android P Notification Shade

Michael Simon:

Even before the public beta of version 9.0 landed this week, Android’s system of notifications was far superior to Apple’s. As someone who regularly bounces between the two platforms, I actively ignore the iOS Notification Center, but on Android, I use it regularly to catch up on things I might have missed. The Android notification shade isn’t just for messages and alerts; it’s an information center for your entire digital life.

As it stands, I have far fewer complaints about notifications on Android Oreo than I do on iOS 11, but the system has its kinks and annoyances just like it did on previous Android version, Nougat and Marshmallow. But in Android P, notifications are nearly perfect. Google hasn’t overhauled the notification system in Android P, but it has implemented a series of meaningful tweaks that work to make notifications useful, whether you want to interact with them, control what you see, or just keep them at bay.

20 Years of USB

Accidental Tech Podcast had a good segment on the many changes that USB brought and how, amazingly, peripherals for the original iMac can still be used today. I have always seen USB as a mixed bag. For the industry as a whole, it’s certainly a success. But for a Mac user, it represents a lowest common denominator approach and a degradation of the user experience in some ways.

All wired keyboards and mice can now use the same connector, and you can plug the mouse into the keyboard. That’s great—but we had that with ADB, and ADB input devices didn’t periodically stop working and have to be unplugged and replugged.

In theory, hubs are better than daisy chaining, but finding a USB hub that’s reliable is a challenge. Even when directly connected, nearly every USB 3 storage device I’ve used is subject to spontaneous unmounting. (That never happened with SCSI.) And the availability of hubs made Apple comfortable with reducing the number of USB ports, which amongst other reasons is a problem because some USB devices don’t work with hubs.

It took until at least USB 3 before it was as fast as FireWire.

Hot swapping devices worked reliably with FireWire, but doing that with my new USB 3.1 drive dock will sometimes knock other USB devices off the bus.

It sounds convenient that USB-C and Thunderbolt 3 now share the same port, but this has brought USB’s flakiness to the formerly rock solid DisplayPort. Every month or so my iMac stops recognizing my external display until I’ve restarted a few times and plugged and replugged the connector and swapped it back and forth between the different ports. (At least I have two.)

Previously: 20 Years of iMac.

Monday, May 14, 2018 [Tweets] [Favorites]

EFail Vulnerabilities in OpenPGP and S/MIME

Efail (PDF, Hacker News, MacRumors, ArsTechnica):

The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails. In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago.

The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.


The victim’s client decrypts the encrypted second body part and stitches the three body parts together in one HTML email as shown below. Note that the src attribute of the image tag in line 1 is closed in line 4, so the URL spans over all four lines.

The email client then URL encodes all non-printable characters (e.g., %20 is a whitespace) and requests an image from that URL. As the path of the URL contains the plaintext of the encrypted email, the victim’s email client sends the plaintext to the attacker.


Second, we describe the novel CBC/CFB gadget attacks which abuse vulnerabilities in the specification of OpenPGP and S/MIME to exfiltrate the plaintext.

Matthew Green:

PGP has supported proper optional message authentication (which stops this attack) since 2001, but it can’t be made mandatory because “some implementations haven’t kept up.”


So in summary, PGP clients are vulnerable because 17 years after a vulnerability was known, the mitigation was not made a default in GnuPG and defense was instead “left to PGP clients”, which also make a convenient scapegoat when it goes pear-shaped.


Moving on from the question of who is to blame, there are two neat findings in this work. The first is that most mail clients are (were) way too willing to reach out to remote servers, even when set up not to. This is: yikes.

Update (2018-05-14): See also: Bruce Schneier.

Update (2018-05-15): Howard Oakley:

It appears that macOS High Sierra 10.13.4 does address direct exfiltration of S/MIME email, with the following fix now reported in its security release notes[…]

Update (2018-05-18): See also: Matthew Green.

John Carmack’s Steve Jobs Stories

John Carmack (Hacker News, Reddit):

I was brought in to talk about the needs of games in general, but I made it my mission to get Apple to adopt OpenGL as their 3D graphics API.


Steve first talked about application development for iPhone at the same keynote I was demonstrating the new ID Tech 5 rendering engine on Mac, so I was in the front row. When he started going on about “Web Apps”, I was (reasonably quietly) going “Booo!!!”.

After the public cleared out and the rest of us were gathered in front of the stage, I started urgently going on about how web apps are terrible, and wouldn’t show the true potential of the device. We could do so much more with real native access!

Steve responded with a line he had used before: “Bad apps could bring down cell phone towers.” I hated that line. He could have just said “We aren’t ready”, and that would have been fine.


The Steve Jobs “hero / shithead” rollercoaster was real, and after riding high for a long time, I was now on the down side. Someone told me that Steve explicitly instructed them to not give me access to the early iPhone SDK when it finally was ready.

Previously: A Very Sweet Solution.

Update (2018-05-18): Jim Black (via John Carmack, Hacker News):

And what happened next was one of the most impressive things I’ve ever witnessed about Steve or any Silicon Valley exec. Early on in the discussion, the Apple engineer realized that “graphics engineer” in the room was John Carmack. And he realized that he was going to need to defend his technical decision, on the merits, in front of Steve. After extended back and forth, the Apple engineer said, “John, what you’re arguing for is the ideal …”

He never made it to the next word because Steve suddenly stood bolt upright, slamming both palms onto the desk and shouting, “NO!!!!”

“NO!!! What John is saying is NOT the ideal. What John is saying is what we have to do!!! Why are we doing this? Why are we going to all this trouble to build this ship when you’re putting a TORPEDO IN ITS HULL?!!!!”


As a comical aftermath to the story, John next told Steve point blank that the iMac mouse “sucked.” Steve sighed and explained that “iMac was for first-time computer buyers and every study showed that if you put more than one button on the mouse, the users ended up staring at the mouse.” John sat expressionless for 2 seconds, then moved on to another topic without comment.

Google Is Rebranding Storage Plans As “Google One”

Frederic Lardinois (Hacker News):

Google is revamping its consumer storage plans today by adding a new $2.99/month tier for 200 GB of storage and dropping the price of its 2 TB plan from $19.99/month to $9.99/month (and dropping the $9.99/month 1 TB plan). It’s also rebranding these storage plans (but not Google Drive itself) as “Google One.”

Going forward, you’ll also be able to share your storage quota with up to five family members.


That access to live experts — not some barely functional AI chatbot — comes with every Google One plan, including the $1.99/month 100 GB plan.


It’s worth stressing that the existing free quota of 15 GB will remain.


I think this article is missing the bigger picture—this isn’t about storage. This is Google trying to copy the success of Amazon Prime.

They’re going to try to unify lots of different benefits under a single, high-value subscription. The storage plans and priority support are just the first benefit they’ve tied to the subscription.

Previously: The Missing iCloud Storage Bump.

Update (2018-05-15): John Gruber:

So Google is now ahead on the free and $1/month tiers — but not by much — and is only matching Apple at the other tiers. I would think Google would want to kick Apple’s ass here.

Google’s Privacy Policy

Paris Martineau:

Though Google announced that it would stop using consumer Gmail content for ad personalization last July, the language permitting it to do so is still included in its current privacy policy, and it without a doubt still scans users emails for other purposes. Aaron Stein, a Google spokesperson, told NBC that Google also automatically extracts keyword data from users’ Gmail accounts, which is then fed into machine learning programs and other products within the Google family. Stein told NBC that Google also “may analyze [email] content to customize search results, better detect spam and malware,” a practice the company first announced back in 2012.

Via Nick Heer:

It’s bothersome that Google was scooping up users’ emails for ad targeting purposes in the first place, then said that they would stop doing it — after way too long — and has now given itself permission to keep doing so if they want to.

I don’t really understand the issue here. The headline seems misleading:

Remember when Google said it would stop reading your email?

Google only said that it would stop using your e-mail for advertising purposes, and no one is alleging that it didn’t follow through. The privacy policy that’s mentioned says:

When you share information with us, for example by creating a Google Account, we can make those services even better – to show you more relevant search results and ads, to help you connect with people or to make sharing with others quicker and easier.

But this seems to apply to all of Google’s services, so of course it has to say that. Maybe there should be a separate privacy policy for Gmail?

Previously: Google Will Stop Reading Your E-mails for Gmail Ads.

Friday, May 11, 2018 [Tweets] [Favorites]

Chrome OS Is Getting Linux App Support

Emil Protalinski:

As a result, Chromebooks will soon be able to run Linux apps and execute Linux commands. A preview of Linux on the Pixelbook will be released first, with support for more devices coming soon.

One of Google’s goals this year is to make it possible for developers to code on Chromebooks. Want Chrome OS to run the Linux terminal, Android Studio, Git, Sublime, Vim, or Android Studio? All of that will be possible this year.

Via Colin Cornaby:

Google just threw open the doors to Android development becoming a big thing taught in schools. No playgrounds, no restrictions, real Android Studio on Chromebooks.

Apple really needs to get back into the low end macOS notebook segment. Hoping they can build a cheap ARM laptop.

There is a huge gap (in both price and functionality) between an iPad and Apple’s current Macs. I can’t stop thinking about netbooks and the original MacBook Air. In 2008, Apple said it couldn’t make a cheap laptop that was good. So it made the MacBook Air, which was both better and much more expensive. Ten years later, I think this would be possible. Apple just doesn’t seem interested in doing it. The $899 11-inch MacBook Air was a step in the right direction, but instead of iterating and gradually bringing down the price, Apple discontinued it and replaced it with the 12-inch MacBook, which costs $1,299 and may actually be slower. There are PC laptops that cost $200 and run Windows 10. I don’t expect Apple to go that low, but they’re not even in the game.

Update (2018-05-14): See also: Are Chromebooks ready for serious development?.

Visual Studio IntelliCode


IntelliCode generates recommendations by using a machine-learning model that is trained on thousands of public codebases – today it uses over 2000 GitHub repos that each have more than 100 stars to ensure that you’re benefiting from best practices. The model is used in your IDE along with your local code context to provide .NET related APIs that are likely to be the most relevant for you given the line of code you’re writing. We’ll be growing and improving the model over time so the recommendations will get better as we progress.

Legacy FileVault and macOS 10.13

Mike Peterson (via John Gordon):

macOS 10.13 officially kills off support for legacy FileVault. It’s simply not usable with the operating system. If you have High Sierra installed, you won’t see the option to toggle FileVault (see above).

Because of that, users can’t even install macOS 10.13 without first disabling legacy FileVault. But, of course, bugs can happen.


As indicated in a recent Macworld article, if macOS 10.13 is installed on a system, any active legacy FileVault drives or user accounts become unusable.

macOS Monitoring the Open Source Way

Michael George:

Let’s say a machine in your corporate fleet gets infected with malware. How would you detect it? How could you find out what happened on the machine? What did the malware do? Did it steal your browser’s passwords? What network connections did the malware make? Was it looking for crypto currency? By having good telemetry and a good host monitoring solution for your machines you can collect the context necessary to answer these important questions.

Proper host monitoring on macOS can be very difficult for some organizations. It can be hard to find mature tools that proactively detect security incidents. Even when you do find a tool that fits all your needs, you may run into unexpected performance issues that make the machine nearly unusable by your employees. You might also experience issues like having hosts unexpectedly shut down due to a kernel panic. Even if you are able to pinpoint the cause of these issues you may still be unable to configure the tool to prevent the issue from recurring. Due to difficulties like these at Dropbox, we set out to find an alternative solution.

Thursday, May 10, 2018 [Tweets] [Favorites]

The Laws of Core Data

Dave DeLong (tweet):

In my conversations with developers, I’ve heard a pretty common theme from them that “Core Data is hard” or “Core Data is buggy” or “I could never get it to work right and gave up on it”.

I’ve spent a lot of time using Core Data and thought I’d share my “Laws of Core Data”. These are a set of rules I’ve developed over time on how to use Core Data in such a way that it is almost entirely painless. When I follow these rules, I almost never have any problems using it.

Of particular note is that, contra Zarra, he thinks child contexts are usually unnecessary.

Colin Cornaby:

I find that when most people complain that CoreData is not thread safe out of the box, they’re really saying “I’m able to ignore that my existing model code is also not thread safe.”

Core Data has its issues—for example, there is a lot to learn, it is verbose, there are some persistent bugs, and in some cases it’s much slower than using SQLite directly—but overall I think it’s unfairly maligned.

Update (2018-05-11): Marcus Zarra:

All of the internal workings of your Core Data stack, your persistence and data model absolutely should be stored in the persistent container and that container should be injected through your controllers in your application.


An NSManagedObject is an NSObject that has additional functionality added. It should absolutely be treated as if it is an NSObject because it is an NSObject. NSManagedObject instances are your data objects and should be treated as such. Creating Plain Old Objects on top of NSManagedObject instances is asking for pain and data corruption.

The crux of the issue is that NSManagedObject is an NSObject that doesn’t obey that class’s standard contract. So it should not be treated as such. That said, I’m not sure there would be anything to gain by actually making it a separate root class. Creating plain objects on top of NSManagedObject instances can be a useful pattern. It has really simplified some of my code and made it faster and more robust. But I would only do this on a case-by-case basis, not as a regular part of using Core Data.

If your app talks to anything else then you will want to use parent-child contexts.

The parent context should be on the user interface thread (the main thread) and when you need to do asynchronous work with your data objects (importing or exporting) then you want to do that on another thread and that work should be done in a child context.

A child context simplifies the transfer of notifications of data changes and greatly simplifies using Core Data in a multi-threaded environment.

See also: Colin Cornaby and Marcel Weiher.

Update (2018-05-15): See also: Peter Steinberger.

C Is Not a Low-level Language

David Chisnall (Hacker News):

In the wake of the recent Meltdown and Spectre vulnerabilities, it's worth spending some time looking at root causes. Both of these vulnerabilities involved processors speculatively executing instructions past some kind of access check and allowing the attacker to observe the results via a side channel. The features that led to these vulnerabilities, along with several others, were added to let C programmers continue to believe they were programming in a low-level language, when this hasn't been the case for decades.


A modern Intel processor has up to 180 instructions in flight at a time (in stark contrast to a sequential C abstract machine, which expects each operation to complete before the next one begins). A typical heuristic for C code is that there is a branch, on average, every seven instructions. If you wish to keep such a pipeline full from a single thread, then you must guess the targets of the next 25 branches.


Consider another core part of the C abstract machine's memory model: flat memory. This hasn't been true for more than two decades. A modern processor often has three levels of cache in between registers and main memory, which attempt to hide latency.


A processor designed purely for speed, not for a compromise between speed and C support, would likely support large numbers of threads, have wide vector units, and have a much simpler memory model. Running C code on such a system would be problematic, so, given the large amount of legacy C code in the world, it would not likely be a commercial success.

Previously: Intel CPU Design Flaw Necessitates Kernel Page Table Isolation.

“Black Dot” Unicode Bug

Benjamin Mayo:

A new Unicode text bug is being spread around today, popularised by a video by EverythingApplePro. It’s being called the ‘black dot’ bug because of its origins on Android as a bug relating to WhatsApp: it was being spread with the following emoji: <⚫>👈🏻. The iOS version of this bug is a bit different in its mechanics, but neither variants actually rely on the visible black dot character to cause the freezes and crashes.

The secret is that the strings contain thousands of hidden invisible Unicode characters, which churns through CPU cycles as the system attempts to process them. If this specially crafted text is sent through Messages, it will result in repeated crashes when the recipient tries to read it.


I’ve already said it but Apple should revisit the text rendering architecture. Unicode is so complex it cannot be trusted in the same process as the app (or SpringBoard). Rendering should be done off-process just like how the window server on macOS deals with windows, Mission Control, and the mouse cursor (which continue to work even when an app freezes).

Once a particular string hangs or crashes the rendering process, it should be blacklisted and dealt appropriately until an update comes around which fixes the issue. The process could even report the blacklisted string to Apple (with permission from the user) so that it could be fixed early on.

Various Web rendering and font tasks are also handled out-of-process already.

Previously: Another iOS Crash Caused By Sending Unicode Character.

iOS 11’s Streamlined, Yet Extensible File Management

Federico Viticci:

Notably, while some Mac users may scoff at my delight in iOS 11’s document browser and third-party storage locations, I think it’s remarkable how what I described above can be accomplished just by installing apps and extending the system without questionable installers or system modifications. Yes, I could probably save time by performing the same actions with a shell script on macOS, but I prefer having an intuitive GUI and a file manager that can be extended just by downloading new apps from the App Store. While not perfect, the document browser and file provider extensions are some of the most exciting changes in iOS 11 with a lot of untapped potential because they are deeply integrated with the system and consistent with iCloud Drive.

Which is why I’d like Apple to improve some aspects of this workflow: it’d be great, for instance, if Working Copy could show colored indicators for documents that haven’t been committed in the document browser, or perhaps offer a button to refresh the contents of a repository and update its contents inline within the Files view. Similar features are available in the Mac’s Finder; Apple should continue to borrow from it as they work on what’s next for Files.

JPEG Decoding With the Best

Luke Parham (via Indie iOS Focus Weekly):

That’s right, any time you have a UIImage created from a JPEG, assigning it to be displayed by an image view means that an implicit CATransaction will be created and your image will be copied, decompressed, and rendered on the next display pass triggered by the run loop. […] This all happens on the main thread.


Well you can’t make UIImageView do its decoding more quickly, but if you’re so inclined, you are able to preemptively render the jpeg yourself!


First, there is, unfortunately, no API that’s been exposed for you to tell whether a given UIImage has already been decoded or not. This means that if you’re using this trick, you’ll want to make sure to carefully cache and re-use these images when you can since they take up a lot more memory than their compressed counterparts.

Second, this particular method is technically "offscreen rendering" in that it’s no longer hardware accelerated, but it’s the ok-when-it’s-useful kind of offscreen rendering, not the kind that makes your GPU stall.

Tuesday, May 8, 2018 [Tweets] [Favorites]

Discovery - DNS-SD Browser

Discovery 2.0 (via Kevin Ballard):

Discovery is a utility that displays all of the Bonjour services available on the local network or on Wide-Area Bonjour domains. Use it to debug your latest program, detect computers connected to your network, or just keep tabs on what services are available. Perfect for network admins or developers!

This application is the successor to the venerable Bonjour

Previously: Bonjeff 1.0.

What Happened to Apple’s Whimsy?

Peter Cohen:

The iMac debuted 20 years ago this week. It’s not hyperbole to say that it’s the computer that saved Apple and set the stage for Apple’s ascendance to becoming the biggest tech company in the world. All that said, Apple’s lost something in the translation – while the iMac is still a fixture in Apple’s product line, it lacks some essential qualities of that first model. Its personality has changed. The iMac has gotten harder. It’s lost the sense of whimsy, fun, and wonder that made the first iMac such a joy to use.


The original iMac was a mass-market computer designed to appeal to consumers, educators, and others that Apple saw as a ripe market. Today’s iMac is orders of magnitude faster and more capable, but as a design exercise, it’s also infinitely more severe. Severe in both form and function.

Marco Arment:

It tragically passed away in 2011.

We all really miss it.

On the other hand, now we have watch bands, Animoji, and Siri jokes.

Nick Heer:

I think that Apple’s increasingly austere take on industrial design has made them better at shipping products that feel almost invisible. I appreciate that. It reduces the hardware to a tool, but not an appliance, yet I think Apple’s products feel even more approachable than they used to because so much of what they make is entirely straightforward. They don’t need to mask the complexity of the software with a layer of gumdrop plastic; in many ways, the software has become simple enough that the hardware can reflect that.

Is the software on a 2018 iMac really simpler than on a 1998 iMac? I don’t know how you would measure this, but my gut feeling is that it’s more complex now.

Or, to take a specific example, Time Machine’s restoration interface no longer has a star field. Other than some additional colors (more complexity) it works pretty much the same as before, so I don’t see how you can make the case that the star field is no longer “needed.” It just seems like a change in fashion.

Previously: 20 Years of iMac.

A Tricky Feature

Mark Bernstein:

When you copy some text in Tinderbox 7, you copy the text and its styles but not thew text links. Being able to copy and paste text links along with the text seems a simple-enough request, and in fact it will be part of Tinderbox 7.5. One tester recently asked the obvious “what took you so long?” question: why was this difficult.


The whole business was, in short, a classic example of a task that ought to have been easy, that any reasonable customer would assume to be easy. The final implementation is really not very large or complex. Nevertheless, it required an inordinate amount of work. This is usually the mark of bad code, but I really don’t see what would have made this easier.

iOS Design Inconsistencies Across Apple’s Apps

Benjamin Mayo:

My gripe is there is no consistency, no structure or logic to this. Apps introduced later sometimes use rounded icons, sometimes not, sometimes create all-new custom glyphs of their own. Incredulously, you could open flagship apps like Messages, Mail and Safari and have no idea Apple was even playing with bold icons as a conceptual change. These apps adopted the iOS 11 large bold navigation bar title formats, but their icons and glyphs have stagnated for more than four years at this point.

All the icons I’ve showed you here are from Apple’s built-in default apps. I expect them to set the standard for the iOS design language … but the reality is far from a perfect point. It’s scattershot, it’s a mess of competing visions. I couldn’t say what Apple’s human interface team wants the share icon to look like, let alone the structure and experience of iOS apps as a whole. Everything is in disarray.

VI Months With the iPhone X

Nick Heer:

It is still the most beautiful product Apple has ever shipped; it still feels impossibly good, like a prototype, like a fine watch, et cetera, et cetera.


However, the display has not remained blemish-free. There are a few small but noticeable hairline scratches, especially in the area where my right thumb swipes upwards to unlock or scroll. I haven’t treated this iPhone any differently, nor is the skin on my thumb any different than it used to be, as far as I know. However, after comparing the screen of my iPhone X against my old iPhone 6S, it seems to be scratched more obviously.


Yet, no matter how much better the new noise reduction algorithms are, they’re still no match for the detail you can see in a RAW photo. That’s part of the hardware story: both of these cameras are truly sublime.


The home screen still follows a pattern of starting in the upper-left corner. Tapping the back button that appears after one app launches another now requires a warmup of finger callisthenics, and an active AppleCare agreement, just in case. And bringing down Control Centre by dragging from the upper-right “ear” still feels bizarre and unfinished.


The gestural navigation that replaces the home button is, frankly, ingenious. Jumping between apps and the home screen feels fun, and switching between apps by swiping across the home indicator is second nature.

I just wish it felt better in the hand and pocket.

Previously: Scratched iPhone 8 and iPhone X Screens, iPhone 8 and iPhone X Cameras.

Monday, May 7, 2018 [Tweets] [Favorites]

Requesting Your Personal Data From Apple

Jefferson Graham (Hacker News):

I use an iPhone, iPad and two Mac computers, and Apple also offers data downloads in the privacy section of its website. It’s hard to find, and once you do make the connection, you can expect a hefty wait to get the results.


It took eight days for my data to arrive from Apple, from a European office that is handling the privacy requests. After making the request, the iPhone maker first asked for my street address, phone number, the serial number of the iPhone, and other personal information before releasing it. This compares to Google and Facebook’s data dump. They asked no questions, and the results arrived swiftly—Facebook within minutes, and Google within hours.


On the Safari browser on my Macs, my browsing history goes back to July 2017, but Apple says it doesn’t track that information.

That’s curious because Safari sends your full browsing history to iCloud, and the only way to opt out is to turn off all the Safari-related iCloud features.

Previously: Keeping Your Safari Data Private.

Update (2018-05-08): Tom Hagopian:

Isn’t the reason your Safari browsing history isn’t included because Apple doesn’t track it? Would the data dump also include, e.g., my typing shortcuts, also synced by iCloud? Mail signatures/smart mailboxes?

He may well be right, but I don’t understand the distinction. In reading about GDPR, it seems to matter what data you are storing, much more than what you are doing with it, and clearly Apple is storing a lot in iCloud.

My Data Request:

Hundreds of companies store & process information about you. In many cases, you’re entitled to this data, as well as information on how it’s being used & shared. We read these companies’ privacy policies to figure out how you can get this data about you.

Update (2018-05-16): Zack Whittaker (via Tom Hagopian):

Apple says that any data information it collects on you is yours to have if you want it, but as of yet, it doesn’t turn over your content which is largely stored on your slew of Apple devices. That’s set to change later this year when the tech giant will allow customers to download their data archives, largely to comply with new European data protection and privacy rules.


iCloudLogs.xlsx keeps a note on every time one of your devices downloads data from iCloud, including your photo library, contacts, and Safari browsing history -- but doesn’t contain the actual data.

What Do Security Updates Actually Fix?

Howard Oakley:

Apple claimed that all the 12,621 files installed in that security update were required to fix a memory corruption bug in Crash Reporter, and to address a spoofing issue in the handling of URLs in text messages (which Apple associated with “LinkPresentation”). Those were and remain the only fixes which Apple has listed as being included in that security update. Only last year, a typical security update of that size was accompanied by notes on 50 or more bugs which were fixed.


Apple is also in the habit of updating its security release notes after the release of that update. In some circumstances, where details of the vulnerability haven’t yet been released, and with contentious issues such as Meltdown and Spectre, this appears reasonable. But in several recent cases, Apple has later added details of fixes which appear simply to have been omitted from the original release notes. Unless you are in the habit of frequently re-reading release notes at Apple’s security updates listings, this means that you are likely to miss such delayed information.


Sarah did the right thing, and reported the bug to Apple, only to learn that she was not the first to do so. But Apple has still not revealed when the partial fix occurred, nor acknowledged that it delivered a complete fix in 10.13.4.

Previously: High Sierra Stored APFS Volume Passwords in Log Files.

Microsoft App Store Lowers Fees

Microsoft (via Nicole Lee):

Starting later this year, consumer applications (not including games) sold in Microsoft Store will deliver to developers 95% of the revenue earned from the purchase of your application or any in-app products in your application, when a customer uses a deep link to get to and purchase your application. When Microsoft delivers you a customer through any other method, such as in a collection on Microsoft Store or any other owned Microsoft properties, and purchases your application, you will receive 85% of the revenue earned from the purchase of your application or any in-app products in your application.

Previously: That 30% App Store Tax.

Update (2018-05-08): Ryan Jones:

6 months ago, I would have guessed Apple would continually drop the App Store’s 30% fee.

Now? No way- milking “services revenue” is their post iPhone story. See iCloud storage & Apple Music pushiness.

30% is SO high. So high. Anything above 15% feels crazy tbh.

Damien Petrilli:

30% and you have to pay for search ads in hope to be discovered...

Swift LispKit

Swift LispKit:

LispKit is a framework for building Lisp-based extension and scripting languages for macOS applications. LispKit is fully written in the programming language Swift. LispKit implements a core language based on the R7RS (small) Scheme standard. It is extensible, allowing the inclusion of new native libraries written in Swift, of new libraries written in Scheme, as well as custom modifications of the core environment consisting of a compiler, a virtual machine as well as the core libraries.


From an architectural perspective, LispKit consists of:

  1. a compiler translating LispKit expressions into bytecode, and
  2. a virtual machine for interpreting the generated bytecode. The virtual machine is stack-based, handles tail calls and continuations, and provides a garbage collector.

Details can be found in the LispKit Wiki.

Ray Ozzie’s Encryption Backdoor

Bruce Schneier:

I have no idea why anyone is talking as if this were anything new. Several cryptographers have already explained explained why this key escrow scheme is no better than any other key escrow scheme. The short answer is (1) we won’t be able to secure that database of backdoor keys, (2) we don’t know how to build the secure coprocessor the scheme requires, and (3) it solves none of the policy problems around the whole system. This is the typical mistake non-cryptographers make when they approach this problem: they think that the hard part is the cryptography to create the backdoor. That’s actually the easy part. The hard part is ensuring that it’s only used by the good guys, and there’s nothing in Ozzie’s proposal that addresses any of that.

Previously: Microsoft Leaks Its Golden Key, Why Are We Fighting the Crypto Wars Again?, FBI Asks Apple for Secure Golden Key.

iCloud Drive Breaks the macOS Command Line

Howard Oakley:

Apple’s current engineering solution breaks consistency of file names and paths. When a file has been evicted from local storage, and only exists in full in iCloud storage, the local stub file uses the previous name prefixed with a stop/period, and gains the extension of .icloud. When that file is downloaded to local storage – something which can be triggered by all sorts of events – the leading stop/period and the extension are stripped.


Many commands and scripts can safely ignore files which the user has placed in their iCloud Drive. But the moment that a user enables Desktop & Document Folders to be stored in iCloud, with Optimize Mac Storage enabled, file names in ~/Documents are affected, and commands and scripts will fail when run on one of the most important and active directories on most macOS systems.


Apple’s own most robust tool for locating files, the Finder alias, is broken by iCloud.


Inevitably, all hard and symbolic links made to evicted files are also broken by their eviction.

Faced with the problems posed by iCloud, a lot of commands, shell scripts and other scripting becomes inordinately complex, and in some cases impossible. Apple needs to continue to evolve the iCloud interface, making it consistent with the fundamental needs of commands and shell scripts. If it doesn’t, but continues to converge with iOS, it will undermine macOS itself.

Update (2018-05-10): See also: MacInTouch.

Friday, May 4, 2018 [Tweets] [Favorites]

Retrobatch Public Beta

Gus Mueller:

Retrobatch is a node based (not the JS language) batch image processor. A bit like Quartz Composer, and a bit like Audio Hijack. But for images. Lots and lots of images (or maybe a few or even one).


But why node based? Every batch image processor I’ve come across was linear. You put images in one end, and out they came the other side. But that’s so limiting! What if it was possible to take a folder of images and then operate on them twice with the same workflow? What if you could create branches where one would resize images to 50%, and another write out PNG files with the @2x suffix added to the file name? What if you had a workflow that referenced multiple folders which combined into a single output?

And all the possibilities! What if you could read an image from the clipboard, apply a filter to it, and write it to a folder and to the clipboard? What if you had a way to separate out PNG images of a certain size from a folder and only do an operation to those? What if you could script the application in response to new images being added to a shared folder? What about if it could capture all the open windows of your favorite application as images, then apply a filter to those, and then write out a layered PSD of those windows? What if you wanted to apply a machine learning model against your images, to figure out which contains pictures of hotdogs in them, and then perform some action based on that?

This is a really cool idea for an app, and I like the way he’s designed the interface. The beta seems to be pretty mature already.


The App Store requires apps be sandboxed, which would considerably limit Retrobatch’s functionality.

AirPods Switching Limitations

Ryan Jones:

Wasn’t the W1 in AirPods supposed to, and did initially ship with, automatic pairing switching between Mac and iOS?

Ryan Jones:

Consensus is saying W1 AirPods shipped with

1) shared pairing between iCloud devices

2) auto switching between iOS devices

No documented auto switching Mac to iOS.

Consensus was wrong. Auto switching is not between iOS devices, it’s between Watch and iPhone. That’s it.

For the record, the AirPods intro video deviously leads you to thinking they switch, without saying it.


Agree. Whatever it shipped with, right now Mac vs iOS switching doesn’t work automatically.

Ryan Jones:

Bingo. W1...meh for Bluetooth pairing. Actually, worse since they can only pair to 1 device at a time.

Also, press did get a version that auto switched between Mac and iOS...for a few weeks. It never shipped.

I continue to like my AirPods, but it is disappointing that the switching is more limited than we initially thought it would be.

Previously: Tooth Fairy.

Update (2018-05-04): See also: Dan Masters and Evgeny Cherpak.

Tom Hagopian:

Well they just remember which device used them last, right? What’s really annoying to me is 1) using them with iPad; 2) leaving the iPad at home and just bringing my Watch+iPhone; 3) AirPods don’t auto-connect to the “only device” present. (Quotes bc Watch+iPhone auto-switch.)

Twitter Stored Passwords in Log File

Twitter (Hacker News, MacRumors):

Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.

Nick Heer:

The euphemistic and misleading headline upsets me. What’s even more worrying is Agrawal’s reaction in a tweet[…]

CTO Parag Agrawal:

We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do.

Roustem Karimov:

This is weird, @Twitter. Shouldn’t you be hashing the passwords on the client side, BEFORE sending them to the server?

Mark Hughes:

So first, and most importantly, never reuse passwords, no matter how trivial. Eventually any company will screw up or be hacked, and your password exposed, and then someone can try it on every other site.

Rick Fillion:

It took us a while to find what we needed for this layer. (Apparently the marketing department of augmented password-authenticated key agreement protocols is underfunded.) But we eventually found SRP, which ticked all our boxes. SRP is a handshake protocol that makes multiple requests and responses between the client and the server. Now, that may not sound very interesting – and I’m not one to show excitement easily – but SRP is a hell of a layer. With SRP we can:

  • authenticate without ever sending a password over the network.
  • […]

Previously: High Sierra Stored APFS Volume Passwords in Log Files.

Thursday, May 3, 2018 [Tweets] [Favorites]

The 2017 Panic Report

Cabel Sasser (tweet):

How’d it do, then? What’s the business side of macOS productivity software like? I’m happy to say Transmit 5 sold quite well, all directly through our store. And the timing was (accidentally) totally great — just as Firewatch revenue was starting to wane as the game ran its course, Transmit 5 fully picked up the slack. It was comforting to see that people are still willing to pay real money for good Mac software. That’s why we’re here and can continue to do what we do.

One interesting note: We added a ton of new cloud services in Transmit, which is great, but it definitely adds an exponential burden to our QA process (many connection types × many functions = many many tests). Interestingly, to this day, still nothing beats the popularity of plain old SFTP, and, oh my stars, FTP.

Wade Cosgrove:

The first and most obvious change we made to Transmit was how it handled transferring large file hierarchies. In prior versions of Transmit, when you started transferring a group of files and folders, it would transfer the top-level items using individual connections to the server, but the folders and their contents would be processed serially using one connection. This worked well if you were transferring many top-level folders, as they would be transferred concurrently, but transferring a single folder would only ever use one connection. With today’s fast internet connections and multi-core devices we felt it was time to fully multi-thread every possible transfer scenario. In Transmit 5, almost all transfers will use the maximum available connections regardless of their contents. (Some cloud services restrict the amount of API calls you can make to the service over a period of time, so those services are limited to two transfer connections.) This allows multiple connections to work on the contents of a single folder, which results in much faster transfers.


In some cases we found the entire transfer could be completed in the amount of time it was taking Transmit just to compute the overall transfer size! Transmit 5 now computes the overall transfer size dynamically and asynchronously with the transfers themselves, so your transfers start immedately and you still get that sweet double progress bar.

Previously: Panic Discontinues Transmit for iOS, Transmit 5, The 2016 Panic Report.