Wednesday, December 11, 2019 [Tweets] [Favorites]

Linea 3 to Switch to Subscriptions

The Iconfactory (tweet):

We tried hard to avoid a subscription, but the costs to maintain the app are much higher than the income from new sales. This is obviously not a sustainable situation!

[…]

A majority of that time was not even spent adding new features, instead it was spent making sure that everything looked right with the operating system’s new Dark Mode!

[…]

All of this comes at a low price: 99¢ per month or $9.99 per year (a 20% savings.) Additionally, if you purchased Linea at any time in 2019, you’ll also get a free one year subscription.

It sounds like they are going to replace the old app with the new one, like with Twitterrific 6.

It’s going from $10 one-time to $10/year. On the one hand, that’s a hefty increase, but on the other hand $10/year is not a lot for an app that you regularly use. I haven’t seen many other developers choosing subscriptions this cheap. It seems like it could become a sweet spot between steady recurring revenue and a price that customers are willing to pay.

Previously:

The Success of Intelligent Tracking Prevention

Michael Potuck:

Executives in the online publishing industry speaking with The Information say that Apple has been “stunningly effective” with its goal of Intelligent Tracking Prevention stopping websites from knowing what users are doing on the web. One of the results of this over the last two years is that costs for advertisers have dropped significantly for Safari users while they’ve gone up for Chrome.

[…]

While that might sound like a positive thing for advertisers, the reason the price for Safari ads has gone down is that they’re less desirable. Because of Intelligent Tracking Prevention (ITP), marketers can’t focus on specific demographics, for example like those in higher-income brackets.

This sounds great, but I would also like to see a report on how many sites don’t work in Safari because of ITP.

John Wilander:

Any kind of tracking prevention or content blocking that treats web content differently based on its origin or URL risks being abused itself for tracking purposes if the set of origins or URLs provide some uniqueness to the browser and webpages can detect the differing treatment.

To combat this, tracking prevention features must make it hard or impossible to detect which web content and website data is treated as capable of tracking. We have devised three ITP enhancements that not only fight detection of differing treatment but also improve tracking prevention in general.

Previously:

SuperDuper 3.3 for Catalina

Dave Nanian:

In order to replicate this new volume setup, system backups of APFS volumes must be to APFS formatted volumes. SuperDuper automatically converts any HFS+ destinations to APFS volumes for you (after prompting), so you won’t have to do anything manually in most cases.

That’s too bad given APFS’s poor performance on spinning disks, which is what I mostly use for backups.

Those two volumes are further linked together with “firmlinks”, which tunnel folders from one volume to the other in a way that should be transparent to the user. But they can’t be transparent to us, so we had to figure out how to recreate them on the copy, even though there’s no documented API.

[…]

You can’t turn an already encrypted APFS volume into a volume group. As such, you’ll have to decrypt any existing bootable volumes.

Dave Nanian:

On some user systems, Full Disk Access doesn’t take after install, and they have to restart after installing the new version. This is because our bundle ID has changed due to notarization and the OS doesn’t handle it well.

[…]

In some circumstances, ownership wouldn’t be properly enabled for the system volume of an external Catalina volume group, which made the backup not boot. […] I could go into detail on the latter problem, but rather than bore you, I’ll refer you instead to this old post from 2005[…]

Dave Nanian:

We’ve got a few users whose systems are in a bizarre state where the loader is outputting […] when we run certain system command-line tools.

[…]

We also added a diagnostic that detects a rare situation where a user’s system has broken scripting tools (like a bad Perl install), which can cause problems.

Dave Nanian:

The unexpected part is that just before the beta, we made a change to the installer to try to improve our workaround for systems that required rebooting post-install to make Full Disk Access work. After we made the change, we didn’t re-run the full suite of tests because we (incorrectly) thought the change was isolated to the install process.

However, it was made in a runtime element that was shared with the way we executed bless.

Dave Nanian:

With volume groups, though, there are two potential volumes to mount...but keychain passwords might be under either the Data volume or the System volume, depending on what the user does.

Dave Nanian:

Eject would sometimes not eject both volumes of a volume group.

[…]

Some people were impatient and didn’t realize HFS+ to APFS conversion might take a while! We now tell them to get a tasty beverage!

Dave Nanian:

I’m happy to announce the release of v3.3 of SuperDuper, our fully Catalina-compatible version: happier, perhaps, then even you are in reading the news. It’s available via the normal update mechanism, or by downloading it from the web site.

[…]

The whole idea of the new version is, if we did our job right (and I think we did), things should just work the way you expect them to. […] But despite that, SuperDuper is doing a lot more things.

Dave Nanian:

There’s one remaining issue for 10.10 and 10.11 users: Erase, then copy backups are failing due to some unexpected “volume transformation” events that are occurring. When we validate the result, we’re being quite cautious, and we’re not seeing what we expect, so we fail the copy.

Previously:

Tuesday, December 10, 2019 [Tweets] [Favorites]

macOS 10.15.2

Apple:

Restores the column browser view for managing the music library

[…]

Addresses an issue that may cause Mail preferences to open with a blank window

I’ve heard a lot about both of these. From what I’m hearing, 10.15.2 doesn’t fix the Mail data loss bugs.

Previously:

Update (2019-12-12): The combo update is available.

Mac Pro Available to Order

Juli Clover (Hacker News):

More than two years after Apple promised a new modular high-end desktop machine for its professional users, the new Mac Pro is now available for purchase, as is its companion display, the Pro Display XDR.

Apple is accepting orders for the Mac Pro and the Pro Display XDR, with Mac Pro delivery estimates at one to two weeks after an order is placed.

So it looks like some people may receive them just before the end of the year. I’m happy that the new Mac Pro exists, but for my purposes it feels like they built the wrong product, too late. Apple has a great history of making modular desktop Macs, at sane prices, and this is not that. It’s also not the developer Mac that you might have expected given Apple’s 2017 statements about that pro market. It seems like there’s still a hole in the lineup. People will make do with iMacs and MacBook Pros, or buy the Mac Pro if they really need it, but that’s not the same as being able to buy the computer that you want. External Thunderbolt peripherals could in theory address a lot of needs, but that market just doesn’t seem to have developed very well, and Macs don’t have enough Thunderbolt ports. Meanwhile, the iMac Pro hasn’t been updated since 2017 and is likely slower than the regular iMac.

Juli Clover:

Below, we’ve listed the available upgrade options from the base machine, which is equipped with a 3.5GHz 8-core Intel Xeon W processor, 32GB RAM, Radeon Pro 580X, 256GB SSD, no Apple Afterburner, and no wheeled frame.

The base model’s SSD is half the size of the minimum SSD on the 16-inch MacBook Pro, and it can only be upgraded to 4 TB of storage (vs. 8 TB for the MacBook Pro). I wonder how the base model’s CPU will compare with the iMac and MacBook Pro, given that it only Turbo Boosts to 4 GHz.

Paul Haddad:

Just a reminder before it goes live, the Mac Pro $6k base model has equivalent performance of a < $1500 commodity system. Apple hardware/software deserves a premium, just not 4x.

Martin Pilkington:

I ended up going for a 27” i9 iMac after first seeing the price and it's faster than the base Pro will be at half the price 🤷‍♂️

Josh Centers:

If you’re an audio professional considering a new Mac Pro, be aware of how its T2 chip can mess with audio recording.

See also: High-end users on “Why I'm buying the new Mac Pro”.

Previously:

Apple Suing Former A-series Chip Lead

Shaun Nichols (Hacker News):

In a complaint filed in the Santa Clara Superior Court, in California, USA, and seen by The Register, the Cupertino goliath claimed Gerard Williams, CEO of semiconductor upstart Nuvia, broke his Apple employment agreement while setting up his new enterprise.

Williams – who oversaw the design of Apple’s custom high-performance mobile Arm-compatible processors for nearly a decade – quit the iGiant in February to head up the newly founded Nuvia.

Apple’s lawsuit alleged Williams hid the fact he was preparing to leave Apple to start his own business while still working at Apple, and drew on his work in steering iPhone processor design to create his new company. Crucially, Tim Cook & Co’s lawyers claimed he tried to lure away staff from his former employer. All of this was, allegedly, in breach of his contract.

Ben Lovejoy:

Williams is fighting the lawsuit, arguing that the alleged ‘breach of contract’ claim is unenforceable and that Apple illegally monitored his text messages.

Presumably it wouldn’t be illegal if the recipients of his messages gave them to Apple. So it sounds like he’s alleging that Apple directly accessed them somehow.

Previously:

Third-Party Apple TV Remote

Chaim Gartenberg (tweet):

The remote that comes bundled with the Apple TV is infamous for its difficult-to-use design and controversial touchpad for navigation. It’s so bad, in fact, that Swiss TV and internet provider Salt — which provides Apple TVs as the set-top boxes for its internet TV service — has developed a more traditional remote to replace Apple’s model, via MacRumors.

The optional remote (which costs 19.95 francs, or roughly $20.16) was reportedly developed in collaboration with Apple due to complaints from users who were confused by Apple’s touchpad controls. Salt’s remote natively supports the Apple TV right out of the box, with no pairing or setup required — just like Apple’s remote.

This sounds great, although now that Apple’s content is available on Amazon and Samsung devices, I’m not sure there’s much reason to buy an actual Apple TV. The Fire TV Stick 4K is only $50 and comes with what looks like a decent remote.

Previously:

Monday, December 9, 2019 [Tweets] [Favorites]

The Information’s App Store Ordeal

Jessica Lessin (tweet):

The last two weeks have been a crash course in Apple’s gatekeeper status over consumers’ digital lives. Apple rejected our app four times. Some of the pushback we received was so specific—such as not being allowed to underline the words “free trial”—I was stunned. Other requirements seemed arbitrary, such as the rule that we couldn’t require users to enter their email (while Disney and the New York Times could).

[…]

The copy we submitted read “Annual + 7 day free trial, $29.99.” The reviewer told us it wasn’t clear that you would be billed after 7 days.

[…]

If we wanted to launch, we had to disable a part of the app that allowed Tech Top 10 users to preview The Information articles and subscribe to read them.

[…]

Next, our app reviewer had also determined that some of the news briefs in the app were available for free on our website, which wasn’t allowed.

[…]

This time their objections related to our About Page, among other things. It couldn’t mention our website because our website is a link and that link might eventually take someone to a page where they could subscribe to The Information (similar to the article issue).

[…]

Our Android app launched Wednesday as well. All that took was a push of the button and a short waiting period. But so far, 86% of our usage is coming from iPhones.

Ryan Jones:

You didn’t hit on the fact that they revealed rejection issues 1-by-1, wasting days and days, instead of listing multiple issues at once.

The issue you’ll see - all their rules exist for a defensible reason, but in aggregate, it’s maddening. Rock and a hard place.

Previously:

Fetch 5.8

Jim Matthews:

Fetch 5.8, the 64-bit version of Fetch, is now available for download. The primary feature of this release is compatibility with macOS 10.15 Catalina. Fetch 5.7 users should only upgrade to Fetch 5.8 if they have moved, or will soon move, to Catalina.

A number of features of previous Fetch versions — AppleScript and Automator support, non-English localizations, Kerberos and Bonjour support — are not present in Fetch 5.8. We hope to restore some of these features in future updates.

Previously:

CGImageSource Memory Leak

Gus Mueller (tweet):

This sample shows how CGImageSourceCreateThumbnailAtIndex leaks something akin to the memory behind a CGImageRef when asked to create a thumbnail for a 16bpc TIFF image if one isn’t present.

I wonder whether ImageIO got rewritten in Catalina. I’ve found multiple bugs where basic stuff like setting an image’s metadata doesn’t work reliably (FB7435415).

Sam Rowlands:

I’ve confirmed with other devs that 16-Bit imaging is funky on 10.14 and above. The most common issue I’ve seen is 16-Bit images end up with rainbow colors when drawn into a 16-Bit context.

iPhone 11 Location Data Puzzler

Brian Krebs (tweet):

One of the more curious behaviors of Apple’s new iPhone 11 Pro is that it intermittently seeks the user’s location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at odds with the company’s own privacy policy.

The privacy policy available from the iPhone’s Location Services screen says, “If Location Services is on, your iPhone will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations.”

Brian Krebs:

Today, Apple disclosed that this behavior is tied to the inclusion of a short-range technology that lets iPhone 11 users share files locally with other nearby phones that support this feature, and that a future version of its mobile operating system will allow users to disable it.

[…]

What prompted my initial inquiry to Apple about this on Nov. 13 was that the location services icon on the iPhone 11 would reappear every few minutes even though all of the device’s individual location services had been disabled.

“It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled,” Apple stated in their initial response. “The icon appears for system services that do not have a switch in Settings”.

[…]

It is never my intention to create alarm where none should exist; there are far too many real threats to security and privacy that deserve greater public attention and scrutiny from the news media. However, Apple does itself and its users no favors when it takes weeks to respond (or not, as my colleague Zack Whittaker at TechCrunch discovered) to legitimate privacy concerns, and then does so in a way that only generates more questions.

Nick Heer:

This makes complete sense to me and appears to be nothing more than a mistake in not providing a toggle specifically for UWB. It seems that a risk of marketing a company as uniquely privacy-friendly is that any slip-up is magnified a hundredfold and treated as evidence that every tech company is basically the same.

Jeff Johnson:

I never want any data sent to Apple unless I’m directly, intentionally using an Apple service such as browsing an online store, or manually checking for software updates.

Previously:

Friday, December 6, 2019 [Tweets] [Favorites]

NativeConnect 1.0

Vadim Shpakovski (via Daniel Jalkut):

NativeConnect is a desktop client for App Store Connect. It allows you to edit metadata, generate promo codes, and work with customer reviews in the native and modern 100% AppKit interface.

If you are tired of signing in to App Store Connect, digging through its slow navigation or configuring multiple filters for sales and trends, you should greatly benefit from our app.

Basic features are free; uploading changes, generating promo codes, and replying to reviews are $100/year.

Unfortunately, the public App Store Connect API is too limited to provide all this functionality. Hopefully the API isn’t as slow as the site itself.

Hopefully someday they’ll find a way to send you a notification when an uploaded build has finished processing and can be added to an app version.

Previously:

1 TB microSD Card

Western Digital (via Peter Hosey):

Get extreme speeds for fast transfer, app performance, and 4K UHD. Ideal for your Android™ smartphone, action cameras or drones, this high-performance microSD card does 4K UHD video recording, Full HD video, and high-resolution photos. The super-fast SanDisk Extreme® microSDXC™ memory card reads up to 160MB/s* and writes up to 90MB/s.

Amazing that these tiny cards can how hold 1 TB. It would be great to have a microSD slot on the MacBook Pro.

The 1 TB version costs $250, whereas Apple charges $400 to upgrade from 1 TB to 2 TB of storage on the 16-inch MacBook Pro. You’re getting very different things, though. The MacBook Pro’s internal SSD is much faster, but it can’t be expanded later, and you have to pay for it all up front. SD Cards keep your data separate, so you can use them for backups and transfer them between Macs. You can keep adding more to store more files.

Previously:

Dash 5

Kapeli:

New Search and Navigation Interface – The search and navigation interface was completely redesigned to be more intuitive and fast

New Search Result Sorting and Nesting – Search result sorting and nesting were completely rethought and redone.

[…]

Dash 5 uses WKWebView, the latest browser engine from Apple. Supporting WKWebView required rewriting a huge part of Dash, some of which to JavaScript, so please make sure to report any bugs you might encounter, no matter how small

$20 upgrade to an essential app for developers. I like how the search is now in the middle rather than on the side. It feels more like LaunchBar, with more width to see the search results.

Before, you could type a class name and a space and then a keyword to scope the search to that class. Now, there’s a separate field that both searches within the current page and filters the list of methods at the left.

Previously:

Apple’s Technology Transitions

Martin Pilkington:

While this saving of disk space and RAM usage certainly benefits the Mac, there are arguably more important reasons to Apple for dropping 32 bit on the Mac. They don’t actually have much to do with 32 bit itself, but more with decisions that were made in 2007 when 64 bit was finalised.

[…]

When Apple introduced 64 bit with Mac OS X 10.5, they also introduced Objective-C 2.0. Part of this was a new and improved runtime, designed to fix problems with the old runtime. Unfortunately, these fixes were not compatible with existing apps, so they made the decision to only make this runtime available in 64 bit. However, this meant the (now) legacy runtime would have to stick around as long as 32 bit apps existed.

[…]

The behaviour of the legacy runtime effectively means that Apple can never update their existing objects with new ivars without breaking existing apps.

PDFKit accidentally did just that in Sierra, causing crashes in 32-bit apps that displayed PDFs, as the framework tried to access variables that didn’t exist.

ARC has been off-limits, too. Apple’s framework developers have been working with one hand tied behind their backs.

Previously:

Tuesday, December 3, 2019 [Tweets] [Favorites]

VirtualHostX Pro Subscriptions

Tyler Hall:

VirtualHostX is now a subscription. You can pay $49 USD / year or $5 USD / month.

The annual price is the same as the old one-time cost. And I’ll note that I typically release a paid upgrade every 12 - 18 months. So, if you are like many of my amazing customers who do update to each new release, the cost of doing that vs a subscription are more or less the same.

[…]

If you sign up for an annual subscription, you can cancel it at any time. In fact, you can subscribe, get the confirmation email, and then immediately cancel. Your license for the app will continue to work through the entire year.

Even better. Your license will remain valid and working forever.

This sounds like the Sketch model, which I think is reasonable. Sketch’s file format issue likely won’t apply here.

Previously:

Reading the Resource Fork Too Often

Mark Alldritt:

This problem happens after a document has been opened in Script Debugger and changes have been saved a number of times. If the saves are done in fairly quick succession, Script Debugger will begin reporting that it cannot save document changes. In some instances, errors -54 (permErr) or -43 (fnfErr) are reported. Additionally, once this situation arises and you close the document, it is no longer possible to open the effected document in Script Debugger.

[…]

At a technical level, the problem is triggered when applications attempt to read the resource fork of a document repeatedly within a given period of time. This behaviour by an application seems to trigger a security mechanism within Catalina that prevents further access to the document’s resource fork (the resource fork is used to retain meta-data in text and compiled AppleScript documents).

You’d think that old deprecated stuff like resource forks would just keep working in its frozen state. But both Mojave and Catalina introduced resource bugs that have hit my apps. There are more modern replacements for many uses of the resource fork, but they don’t always work. And, as with the AppleScript example, sometimes the resource fork is unavoidable, and the problems even hit Apple’s own apps.

Previously:

Disk Drill Guaranteed Recovery

Dave Wood:

I received feedback from my report I’d sent to Apple (Yay, they do work!). They pointed out that the issue was due to a third party app I have installed called Disk Drill by CleverFiles (which I have as part of my Setapp subscription). The app has a “feature” called Guaranteed Recovery that is supposed to help recover files later if you accidentally delete them. It “works” by creating thousands of hard links to what appears to be every file on your system in a hidden directory (/System/Volumes/Data/.cleverfiles/). This means when you delete a file, it’s not really deleted because there’s a hard link effectively creating a duplicate in the hidden folder.

[…]

Over the last month or so, I’ve been trying to free up space on my main SSD because the OS is constantly complaining that my drive is full. Because I kept getting alerts that I needed more free space, I kept moving/deleting files. Eventually I’d cleared/off-loaded over 500G of data and was still scraping by with about 30G of free space. Now that I’m aware of the issue, I’ve taken a look into the .cleverfiles hidden folder on my iMac and I see it has over 450G in it. Wow.

Wow indeed. First, the hidden folder should be excluded from Time Machine. And second, it seems like there’s a bug where it isn’t being pruned automatically.

Ordering the Typefaces in a Font

Gus Mueller:

The docs for -[NSFontManager availableMembersOfFontFamily:] say:

“The members of the family are arranged in the font panel order (narrowest to widest, lightest to boldest, plain to italic)”

Unfortunately, it looks like this is broken on MacOS 10.15.1. Running Acorn on 10.14 produces the order as described (and as seen below with Helvetica Neue).

Jiang Jiang:

As a workaround, calling CTFontDescriptorCreateMatchingFontDescriptors() with a font descriptor created from @{ kCTFontFamilyNameAttribute: familyName } should give you descriptors in the right order. Then you can get localized style names out of the descriptors.

Drinking the SK8 Kool-Aid

Cameron Esfahani (thread, via Daniel Jalkut):

One day my boss asked me to fly down to LA for the day. Apparently there was a developer there working on an app showcasing QuickDraw GX.

[…]

And right away I could tell something was weird. Structurally, most Mac apps look very similar. But this app was like nothing I’d ever seen before: heap and code were off.

[…]

“Oh, we’re writing it in SK8.”

[…]

SK8 was a weird Lisp-like multimedia authoring environment that Apple ATG was developing.

Needless to say, it wasn’t ready for production use.

Monday, December 2, 2019 [Tweets] [Favorites]

VueScan and ScanSnap

Dave Kitabjian:

But the real secret sauce of ScanSnap was the accompanying software that was centered around what you were trying to do rather than making you constantly fiddle with scanning parameters. Finally, a developer was thinking like a customer instead of a scanner! The combination of a simple user interface, intelligent defaults, seamless integration with external apps, and automation of the entire workflow created a user experience that was hard to beat.

[…]

Some months ago, Fujitsu sent users of older ScanSnap models email informing them that their ScanSnap software would not be updated to 64-bit and would therefore not run under macOS 10.15 Catalina.

[…]

If you want to do simple scanning, you may have a painless experience, writing JPEG or multi-page PDF files to disk, or using some of VueScan’s many sophisticated advanced features. And as such, VueScan may well rescue your aging ScanSnap from the trash heap.

But I ran into a number of issues that you should be aware of.

It seems harder to use and has problems with deskewing, color, streaks, and profiles.

Ron Risley:

Something not mentioned in the article is that Fujitsu states that their new (64-bit) scanning software will absolutely require an always-on internet connection in order to do any scanning. This is concerning on a number of levels. Usability and availability is one issue, but in both my work as a physician and as an IT security consultant, I regularly scan documents that absolutely must not be published. (If you think there’s a functional difference between “sent to the cloud” and “published,” then you haven’t been paying attention.)

[…]

I originally licensed VueScan because I owned an expensive flatbed scanner whose manufacturer abandoned the Mac. I feel rescued by VueScan again, and will be buying more licenses for other machines at my office.

A help page says that ScanSnap does work without an Internet connection, so perhaps the connection is only needed for the “active” version of the installer.

Previously:

Fake AirPods Pro

Juli Clover:

We picked up the $95 i500 Pro TWS Earbuds, a set of AirPods Pro replicas that are remarkably similar in design to Apple’s real AirPods Pro and that even advertise some of the same features, like Apple’s proprietary H1 chip.

[…]

Wireless charging works, “Hey Siri” is functional, music playback pauses when an earbud is taken out of the ear, and battery life seems to be similar to real AirPods Pro, but the similarities end there. The i500 Pro TWS has no force sensor and does not support squeeze gestures, and the key AirPods Pro feature - active noise cancellation - is not included.

I wonder how they’re doing this.

Previously:

Web Notifications CAPTCHA

Arthur Stolyar:

Next level of Web Notifications scam.

- Allow Notifications to confirm that you’re not a robot 🙈

Ricky Mondello:

Abuse like this is why some people get uncomfortable when folks go around saying that adding new, more powerful features to the web platform is some kind of moral imperative. That kind of framing makes it hard to reason about tradeoffs and add features thoughtfully.

This is one that Safari got right, and I have “Allow websites to ask for permission to send notifications” unchecked. (Yes, Apple’s style guide says that “websites” is one word.)

Previously:

Lepow Portable Monitor

Paul Haddad links to this display that’s currently available for only $129.99 ($109.99 at the time of his tweet). It’s a 15.6-inch IPS display that supports 1,920×1,080. That’s a much better resolution than the AOC display I wrote about a few years ago, and it works over HDMI (plus USB power) or USB-C without needing a kernel extension.

It’s great to have extra screen space on the go, and these displays easily fit next to a MacBook Pro in a backpack. On the other hand, for shorter work sessions it would be more convenient to simply have a 17-inch internal display (again).

Previously:

Tuesday, November 26, 2019 [Tweets] [Favorites]

Ink: Markdown Parser in Swift

John Sundell (tweet):

Welcome to Ink, a fast and flexible Markdown parser written in Swift. It can be used to convert Markdown-formatted strings into HTML, and also supports metadata parsing, as well as powerful customization options for fine-grained post-processing. It was built with a focus on Swift-based web development and other HTML-centered workflows.

It doesn’t depend on Foundation or even regular expressions.

Gatekeeper Override for Indirect Launching

Chuq Von Rospach:

The first time I tried to publish new images to Flickr, Lightroom aborted and the OS put up a dialog warning me that the app “magick” isn’t signed and so it might be dangerous, so the OS wouldn’t let it launch. “magick” is part of the ImageMagick graphics tool suite, a commonly used set of image manipulation tools; as of today the developers haven’t signed it with a developer certificate from Apple, so Apple’s Gatekeeper will reject it.

You can tell the OS to let the app run, but it’s not obvious where to do that. Here’s how:

Try to export some images and get the warning dialog. Then open up the System Preferences app and navigate to the “Security and Privacy” section and the “General” tab. At the bottom of that tab, you should see some text similar to the warning you got in the dialog. There’s an “Allow” button there. If you click it, you’re approving that app as something that’s okay to be launched.

When launching an app directly, the workaround is easier: you can Control-click and choose Open from the contextual menu.

In both cases, why doesn’t the alert tell you how to resolve the problem (if you do, in fact, trust the software)? In my view, this is poor design and essentially security through obscurity. Apple decided that they don’t want you to run unsigned software, but they don’t want to (or realistically can’t) completely forbid it, so they provide an escape hatch but keep it hidden. macOS doesn’t trust the user to make the right decision, so it acts as though there’s no choice.

It could have explained the situation, from Apple’s point of view, and perhaps required a few extra clicks to confirm. But instead it makes it look like an unsolvable problem. Most customers will probably give up. Some will enter the text into Google and find who-knows-what. In other words, Apple is delegating the explanation to an unknown third party.

Walt Mossberg:

Today I upgraded both of my fairly new Macs to the Catalina OS. Then I tried to run Skype. On my MacBook Pro, it wouldn’t load. On my MacBook Air, it launched fine, but wouldn’t work. Had to use an iPad. Is this Apple’s way of forcing a switch to the iPad from the Mac? WTF?

Note: Skype was up to date. Even so, on one of the Macs, I tried downloading it again from the Web and was told my Mac couldn’t run it because Apple couldn’t check it for malware. I saw no opt out from this warning box. Again, WTF?

Again, the alert presents it as if something is broken. The app certainly could be checked for malware. It’s just that Apple has decided to only do the check in a particular way. The app certainly could be launched without the check, but Apple has decided not to tell you that.

Previously:

Update (2019-11-27): Rosyna Keller:

There’s no need to google or anything. The dialog that comes up has a help button that can be clicked and discusses the options…

I should have mentioned that, but I don’t think it’s a good solution:

Mike Hay:

I mean, I understand Apple building the UX for the 90% of consumers who buy a mac, but I would prefer a different user type in the Users & Groups to having to constantly affirm that I want to go against recommended practice.

Slow Xcode 11 Objective-C Builds

Chris Liscio:

When I build my app, Xcode 11 appears to stall out completely (dropping from full core usage down to 10-20% CPU) during the Objective-C build phases.

[…]

The bug manifested for me like this:

  1. Starting with a clean DerivedData folder, I can build my app, Capo in about 60 seconds, flat.
  2. Once I clean the build folder using command-shift-K, all subsequent builds will take anywhere from 180s to 500s (in the very worst case, which I’ve not seen for a while now.)

After some back & forth with Apple’s engineers, I learned to turn on clang’s -Rmodule-build flag to see what’s going on behind the scenes. It turns out that—for every Objective-C file that is built—framework modules are being re-built unnecessarily.

Trademarked Colors

Paul Kafasis:

Recently, I spotted a story about T-Mobile successfully forcing a company called Lemonade to change the color of their marketing materials in Germany. T-Mobile was able to do this because they own a trademark on the color magenta. I first learned of the rather ridiculous idea of trademarking a color many years ago, and since that time, I’ve kept a not-at-all comprehensive list of stories about this practice. Today, let’s take a look at just a few colors that companies have attempted to trademark, with varying degrees of success.

[…]

Worse, it seems T-Mobile isn’t even using the color they actually have trademarked, as evidenced by this graphic from the story[…]

Black Friday 2019

My apps are on sale for Black Friday and Cyber Monday, and here are some other good deals that I found:

Lists of deals:

Monday, November 25, 2019 [Tweets] [Favorites]

.org Top-Level Domain Sold

Kieren McCarthy (via Quincy Larson):

At the end of last week, the Internet Society (ISOC) announced that it has sold the rights to the .org registry for an undisclosed sum to a private equity company called Ethos Capital. The deal is set to complete in the first quarter of next year.

The decision shocked the internet industry, not least because the .org registry has always been operated on a non-profit basis and has actively marketed itself as such. The suffix “org” on an internet address – and there are over 10 million of them – has become synonymous with non-profit organizations.

[…]

No one, including, we understand, the board of ICANN, expected the Internet Society to sell the registry. But it is also worth noting that the contract negotiation failed to add, or even ask for, protections or commitments to .org’s long-standing non-profit status despite the significant contractual changes and an extension of the contract by 10 years, far longer than previous extensions.

Save .ORG (via Hacker News):

Decisions affecting .ORG must be made with the consultation of the NGO community, overseen by a trusted community leader. If the Internet Society (ISOC) can no longer be that leader, it should work with the NGO community and the Internet Corporation for Assigned Names and Numbers (ICANN) to find an appropriate replacement.

The 2019 .ORG Registry Agreement represents a significant departure from .ORG’s 34-year history. It gives the registry the power to make several policy decisions that would be detrimental to the .ORG community[…]

Previously:

CNAME Cloaking

Romain Cointepas (Hacker News):

A suitable name for this method would be CNAME Cloaking, and it is used to disguise a third-party tracker as first-party tracker. In this case, they are also purposely obfuscating this behind a random subdomain, with a CNAME to a generic and unbranded domain.

With CNAME Cloaking, many problems arise that makes it realistically impossible to block this:

  1. Browser extensions are not allowed access to the DNS layer of the request — i.e., they can’t see the CNAMEs.
  2. When each website loads third party trackers by calling something like a3ksbl.website.com, privacy-protection tools now have to figure out which subdomain is a front for CNAME Cloaking, for tens of thousands of websites. […]
  3. With each website now having its own subdomain cloaking the third-party tracker, those tools need to include as many rules as there are websites using this CNAME Cloaking method. Blocking a third-party tracker went from one rule to thousands.

And newer browsers have relatively low limits for the number of allowed rules.

See also: Wolfie Christl.

Update (2019-11-26): Jeff Johnson:

The endgame has to be disabling JavaScript.

As long as sites can execute arbitrary code in your browser, you’re doomed. Web programmers will continue to find more clever and evil hacks.

Howard Oakley:

I continue to be frustrated that, while most others things in Safari can be controlled by site, JavaScript is just a single control - on or off for everything.

Would it be too much to have finer control?

NVIDIA Drops CUDA Support for macOS

Alex Cranz (Hacker News):

The last vestiges of Nvidia and Apple’s long-term relationship are ending shortly. On Monday Nvidia published the release notes for the next update of its CUDA platform and noted that “CUDA 10.2 (Toolkit and NVIDIA driver) is the last release to support macOS for developing and running CUDA applications.” That means all future versions of CUDA will lack support for Apple devices, which could leave a decent share of the pro community, as well as the hackintosh community, without support for the most popular discrete GPUs being made at the moment.

[…]

But despite the reliance on AMD hardware Apple continued to support Nvidia GPUs. If you wanted to cram a Nvidia card into your older Mac Pro or rely on it for you hackintosh than Apple and Nvidia had you covered. Until last year when Apple quietly stopped support CUDA with the release of macOS 10.14 Mojave. That forced apps that relied on CUDA for hardware acceleration, like Adobe’s suite of software, to issue warnings and reminders to customers.

Previously:

Apple Store Removes Customer Reviews

Amber Neely (Slashdot):

AppleInsider received a tip from a reader who had noted the buyer review section was missing on Apple’s online retail store page. The user also pointed out that the pages have been removed from U.S., U.K., and Australian Apple online stores, which suggests this is not simply a mistake, but rather an intentional move on Apple’s behalf.

The reviews were pulled over the weekend, though it’s not clear as to why this has happened. Apple had been known for leaving up even especially negative reviews, which demonstrated both transparency and integrity to their customers.

Chance Miller:

The Verge points out that it was not uncommon for Apple products and accessories to have unfavorable customer reviews through Apple’s online store. For example, Apple’s Lightning to 3.5mm headphone jack adapter had over 700 one-star reviews.

Presumably this was because customers were mad that newer iPhones need such an adapter, not because the adapter itself didn’t work. On the other hand, the Lightning video adapters have been widely reported to not be reliable. And the extended Magic Keyboard is well regarded but had lots of critical reviews because of its bending problem.

Previously:

Friday, November 22, 2019 [Tweets] [Favorites]

OmniOutliner 5.5.1

OmniGroup:

Data Corruption — Changed how LinkBack data is stored to avoid corruption on save when running macOS Catalina. This does not fix files already corrupted by the bug, which presents itself with error details that start with “Error Domain=NSCocoaErrorDomain Code=3840 “Unexpected character…”.

This sounds like it was caused by the Catalina NSData.description change that I wrote out.

Attachments — Attachments added using the Edit menu option immediately appear.

Attachments — Dragging in a folder and selecting the Alias option correctly creates a link instead of embedding.

[…]

Interface — The saved filter rule editor resizes to fit the contents.

I’m really happy to see these fixed.

Now the main thing I’m looking for from OmniOutliner is for it to be faster with large outlines. Opening documents and typing, especially, can be really slow when lots of rows are visible.

Detecting Screen Recording Permission on Catalina

Craig Hockenberry (tweet):

All of the solutions presented here have a flaw in one way or another. The root of the problem is that there’s no correlation between your permission to know about a window (via the name in the window list), your permission to know about the process owner of the window (such as WindowServer and Dock). Your permission to view the pixels on screen is a combination of two sparse sets of information.

Here is a heuristic that covers all the cases as of macOS 10.15.1[…]

Most of the new privacy settings in Mojave and Catalina don’t have APIs to query whether permission has been granted. And many don’t even have APIs to request permission. This leads to extra work for developers to maintain changing heuristics and ultimately a more error-prone and complicated process for customers.

Nicholas Ptacek:

It’s such a mess, and so dumb that we have to do crazy workarounds to get what should be built-in functionality. Apple seems to be under the impression that if they make it excruciatingly hard for developers to query permissions, they’ll just give up.

As do some customers when the system privacy database gets corrupted and the only way to fix it is to reboot in single user mode to temporarily turn off System Integrity Protection.

Previously:

Update (2019-11-25): Neil Sardesai:

Latest update to Step Two got rejected from the Mac App Store cause my QR code scanner technically needs screen recording permissions

It doesn’t help that the Screen Recording permission alert doesn’t let you supply a usage description string. And there’s no simple way to check if your app has screen recording permission, making it hard to put up your own explanatory UI

After explaining to the reviewer why screen recording is needed, they’ve asked me to completely change how the feature works, which is nuts. Other Mac App Store apps like 1Password do literally the exact same thing.

Thursday, November 21, 2019 [Tweets] [Favorites]

Full Steam Ahead, But With Feature Flags

Mark Gurman (tweet, Hacker News):

Apple Inc. is overhauling how it tests software after a swarm of bugs marred the latest iPhone and iPad operating systems, according to people familiar with the shift.

Software chief Craig Federighi and lieutenants including Stacey Lysol announced the changes at a recent internal “kickoff” meeting with the company’s software developers. The new approach calls for Apple’s development teams to ensure that test versions, known as “daily builds,” of future software updates disable unfinished or buggy features by default. Testers will then have the option to selectively enable those features, via a new internal process and settings menu dubbed Flags, allowing them to isolate the impact of each individual addition on the system.

When the company’s iOS 13 was released alongside the iPhone 11 in September, iPhone owners and app developers were confronted with a litany of software glitches. […] This amounted to one of the most troubled and unpolished operating system updates in Apple’s history.

[…]

Test software got so crammed with changes at different stages of development that the devices often became difficult to use. Because of this, some “testers would go days without a livable build, so they wouldn’t really have a handle on what’s working and not working,” the person said.

[…]

Still, iOS 14 is expected to rival iOS 13 in the breadth of its new capabilities, the people familiar with Apple’s plans said.

It sounds like they are still in the denial. Feature flags may be a useful tool to help with testing, but much more drastic changes are needed. They don’t seem to have much interest in reducing the scope of major releases, so I would like to see them drop the annual release schedule. And, above all, make an internal commitment to quality.

The testing shift will apply to all of Apple’s operating systems, including iPadOS, watchOS, macOS and tvOS. The latest Mac computer operating system, macOS Catalina, has also manifested bugs such as incompatibility with many apps and missing messages in Mail.

The missing Mail messages bug remains unfixed in macOS 10.15.2 betas. This is the buggiest Mail release I can recall. I’m still busy working around Catalina bugs throughout the system.

Apple privately considered iOS 13.1 the “actual public release” with a quality level matching iOS 12. The company expected only die-hard Apple fans to load iOS 13.0 onto their phones.

And yet customers were automatically prompted to update to 13.0, and even 13.2 introduced major problems.

Peter Steinberger:

Feature flags in teat releases are Apple’s answer to the software quality issue? What about automated testing? And opening up hiring outside of Cupertino, to deal with the amount of radars and missing documentation.

ssɐquʞunɹp:

I can tell you from experience that these “feature flags” carry a lot of tech debt that these managers don’t seem to understand. This may be the canary in the coal mine.

Michael Dupuis:

How about slowing things DOWN? It’s very much a feeling that they are just throwing things over the fence as fast as they can, and it shows in the horrible quality we’ve been seeing...

Kyle Howells:

Adding feature flags to betas isn’t the answer. It’ll just add more work.

Keeping the same process but adding extra steps doesn’t generally work.

They need to slow down, only release software when it’s ready, and prioritise quality, documentation and fixing bugs.

Jeff Johnson:

Annual OS releases are also destroying third-party software quality. We can’t keep up with the constant churn, and the tools are never stable. We waste so much time every year just dealing with Apple’s shit.

Jeff Johnson:

Apple’s software quality problems can’t be solved in iOS 14. They’ve accumulated at least 5 years of technical debt, if not more, from annual releases.

They’re deep down in a hole. Desperately in need of years without a major update.

Previously:

Update (2019-11-26): Mark Gurman:

iOS 13 has had 8 updates in its first two months, the most in that same period since Craig Federighi took over development with iOS 7. See chart.

Scott Anguish:

It’s a myth that Apple doesn’t have remote writers. They have an entire department in Seattle.

Thomas Clement:

And this only works if Apple can detect before shipping that a feature is broken enough that it needs to be turned off.

Dr. Drang:

An old saying from the making of physical products seems apropos: you can’t inspect quality into a product.

Norbert M. Doerner:

They need a massive OS release moratorium, and look at what they have done, and why that failed. Then start fixing the bugs, and change the crazy yearly release cycle, it is utter madness #Apple #StartFixingTheBugs

Jeff Johnson:

Months since previous Mac .0 release:

10.1.0 6
10.2.0 11
10.3.0 14
10.4.0 18
10.5.0 18
10.6.0 22
10.7.0 23
10.8.0 12
10.9.0 15
10.10.0 12
10.11.0 11
10.12.0 12
10.13.0 12
10.14.0 12
10.15.0 12

A sensible progression... until 10.8

(Note that Steve died after 10.7)

Griffin Caprio:

Anyone who’s built even a moderately complex app knows you can’t just pepper in if/else statements and iOS is more than moderately complex.

Patrick McCarron:

The amount of technical debt those flags carry are no joke. Not always a clean removal either.

Catalina’s Log Can’t Be Unprivatised

Howard Oakley:

If you’ve ever accessed the unified log in macOS Sierra or later, you’ll have seen the many log entries whose crucial information is censored with <private>. Apple introduced this to prevent leakage of protected information into the log, which is an admirable aim, but unfortunately it makes many entries farcical. If you’re really unlucky, the key information for which you’re accessing the log in the first place appears there as <private>.

Apps like Cirrus have relied on an undocumented setting which can be changed by the command log config --mode 'private_data:off' run with root privileges.

But this no longer works with Catalina.

Previously:

Update (2019-11-27): Howard Oakley:

Hardly any log entries made by diskarbitrationd contain usable information in their message field. Trying to diagnose disk, iCloud and OpenDirectory problems from the unified log is almost impossible as a result. For those, we have generally relied on being able to disable log censorship.

In Catalina, Apple has removed that option to disable censorship. Saagar Jha has discovered that the only way to disable censorship now is to put macOS into a special diagnostic mode intended for use exclusively by Apple engineers. George Garside has packaged Saagar Jha’s code into a command tool which can be used to remove censorship in Catalina’s log.

[…]

With the spate of iCloud problems reported from those who have upgraded to Catalina, this is particularly ill-timed. It’s not as if Apple provides any alternative: iCloud is one service for which it appears to have completely forgotten to provide any diagnostics or utilities.

[…]

The unified log is not Apple’s <private> playground. It’s a shared space, with users diagnosing problems, developers hunting bugs, support staff fixing glitches, and system administrators managing their networks. For us all to get benefit from our logs, Apple needs to provide a supported means of temporarily disabling this censorship in the unified log. If it won’t, then it’s time for Apple to admit openly that it doesn’t really want anyone else using the unified log.

Google Shakes Up Its “TGIF”

Steven Levy (Hacker News):

With that, Pichai not only ended an era at Google, he symbolically closed the shutters on a dream held widely in the tech world—that one can scale a company to global ubiquity while maintaining the camaraderie of an idealistic clan.

[…]

Though Google didn’t invent the phenomenon of a weekly all-hands, the success of TGIF made it a much-emulated practice. Facebook held its meeting from the start; Zuckerberg would end by shouting “Domination!” Twitter had a version called Tea Time. You’d probably be hard pressed to find a successful startup or unicorn that didn’t have such a session. What made the weekly all-hands so attractive was its power to bind a workforce to a shared mission. The fact that such meetings could continue when the head count reached five figures and more reflected a crazy optimism that, with the right kind of culture, the physics of corporate alienation could be defied.

Now we’ve learned—no surprise—that physics wins. The big problems of these big companies have led employees to more aggressively question their bosses, and in some cases even sabotage them by leaking the secrets shared in these meetings.[…] In earlier times, employees tended to express their gripes with the expectation that leaders and workers were colleagues, too evolved to get hung up on power disparities. Now, with giant corporations worrying more about market dominance and regulators than about feel-good missions, that kumbaya sensibility is gone.

See also: Three Years of Misery Inside Google, the Happiest Company in Tech.

Schiller on Chromebooks in Education

Phil Schiller (9to5Mac):

You don’t envision a future where [Mac and iPad] merge?

No, that’s not our view. Because then you get this in-between thing, and in-between things are never as good as the individual things themselves. We believe the best personal computer is a Mac, and we want to keep going down that path. And we think the best tablet computing device is an iPad, and we’ll go down that path.

iPad benefits because we assume that you need to be able to do most everything with touch, and we don’t have to trade off on that experience. Mac assumes you want to do most everything with a keyboard and mouse input. We don’t have to trade off on that path. You can look at some of the other products that will try to go halfway between the two. They end up just compromising experiences. That’s not good.

scott:

This is completely at odds with the Catalyst initiative.

Phil Schiller:

College students’ [use] is dominated by Macs. In the majority of creative fields -- writers, video editors, music creators and programmers -- I think that’s an area that’s super strong.

[…]

We have this incredible responsibility to make sure the hardware and software is designed seamlessly together, works the way you want, and those things all ultimately make it so that as a customer, you have ease of use. That’s what we strive to do with the Mac.

[…]

You talked about MacBook as popular with college students. But Chromebooks have grown in the education market. What’s your perspective on that?

In the K-12 market, particularly for the lower grades -- K through six to nine -- iPad is doing really well. We think it is the ultimate tool for a child to learn on.

We’re really investing a lot into continuing to grow, both from the enterprise side with manageability and tools to helping schools from a learning experience. Everything from our Everyone Can Code curriculum that has our Swift Playgrounds app to help children at a very young age learn how to understand software and create opportunities for kids to become developers, all the way to augmented reality.

[…]

Kids who are really into learning and want to learn will have better success. It’s not hard to understand why kids aren’t engaged in a classroom without applying technology in a way that inspires them. You need to have these cutting-edge learning tools to help kids really achieve their best results.

Yet Chromebooks don’t do that. Chromebooks have gotten to the classroom because, frankly, they’re cheap testing tools for required testing. If all you want to do is test kids, well, maybe a cheap notebook will do that. But they’re not going to succeed.

James Vincent:

Schiller later tried to clarify the comment on Twitter, saying that Apple also provides “content, curriculum and tools” for kids, framing his remarks more as a comment on Google and Chromebook manufacturers than the children using them.

Steven J. Vaughan-Nichols (Hacker News):

I guess Apple is in the first stage of grief over the state of its education market share: denial. As my colleague Mike Elgan noted recently, “Google schooled Apple and Microsoft in the education market by growing market share from zero to 60 in eight years.”

[…]

And, no, it’s not all about price. Chromebooks are great machines, and vendors are adding features to push them into the enterprise.

Benjamin Mayo:

IMO iPads offer a better experience but are easier to break and not as affordable … so schools pick Chromebooks.

Daniel Bader:

The implication here is that Chromebooks can’t, or make it hard to, facilitate kids’ creative learning and growth. That’s grossly false, but it also misses that most teachers and school boards are cash-strapped and any tool, even a shitty Chromebook, is better than nothing.

Quinn Nelson:

Privacy aside, Schiller couldn’t be more wrong. Chromebook fills all the needs for schools and iPad leaves much to be desired.

[…]

And if I’m being frank, I agree with Schiller. They suck. But they’re perfect for schools and they’ve already succeeded. Google won. Better tools, better integration with schools, lower cost, cheaper hardware. Apple will never be able to compete. It’s over.

Eric Young:

When you hear Schiller & Apple press folk talk about iPad price as being the reason Apple lost

That should be eye opening

And it explains why Apple to this day is flat footed without any viable strategy in so many areas they compete in. And why Apple press folks are too

I’ll say it again. It really has nothing to do with price

Apple could give iPads away for free - and they do! They still lose and don’t know why

Google, Facebook, Amazon own the Apple users. Apple just doesn’t know it yet

Previously:

Update (2019-11-26): Kyle Howells:

An iPad is nicer but is more limited.

If I had to pick a device I’d pick a Chromebook. It has a real desktop web browser and a trackpad. It’s a computer(ish) & can do computer things. An iPad is still too limited.

Chromebook vs MacBook Apple wins
Chromebook vs iPad Google wins

And that’s from a users point of view.

From school’s the Chromebook keeping everything in the cloud and the device being throw away interchangeable terminals is fantastic and exactly what they need.

SF Viewer Removed From the App Store

SFViewer:

Are you a designer or developer who wants to view, compare or export SF Symbols on your iPhone or iPad? Check out SF Viewer here.

Aaron Pearce:

Just received a phone call from Apple regarding SF Viewer. They have made the decision to remove it from sale as its concept is not acceptable under their guidelines/license.

I may look to tidy up the code base and open source it in the near future.

It was rejected due to allowing users to export symbols to various formats and view the additional internal metadata of the fonts.

Honestly I was somewhat surprised that it even passed review once so this was an outcome I was expecting eventually. It was a very grey area of the rules.

It seems like without the export feature it would still be useful and hopefully non-controversial.

Previously:

Update (2019-11-26): Geoff Hackworth:

I was sad to see SF Viewer go, but there’s another solution! Browsing system images is one (of many) features of my Adaptivity app. Supports multiple windows on iPadOS 13. I’m working on a grid view for the next release.