Friday, November 1, 2024
Pixelmator (Hacker News):
Today we have some important news to share: the Pixelmator Team plans to join Apple.
[…]
Pixelmator has signed an agreement to be acquired by Apple, subject to regulatory approval. There will be no material changes to the Pixelmator Pro, Pixelmator for iOS, and Photomator apps at this time. Stay tuned for exciting updates to come.
Tim Hardwick (tweet):
Based in Vilnius, Lithuania, Pixelmator has developed a suite of well-regarded creative tools that compete with Adobe’s offerings while maintaining a focus on ease of use and performance. The company’s apps have been exclusively available on Apple’s platforms, including Mac, iPad, and iPhone.
[…]
Financial terms of the acquisition were not disclosed. The deal marks Apple’s latest investment in professional creative tools, following previous acquisitions in the space such as Logic Pro and Final Cut Pro.
My initial assumption is that this is an acqui-hire. It doesn’t seem like their stuff really fits into Photos.app. But I suppose it’s possible that Apple wants to add a new iWork/Pro app.
Jason Snell:
I don’t know what this means for the future of Apple’s apps—though I hope it means Photos is going to get a serious infusion of new talent and functionality!
If you’re a Pixelmator Pro or Photomator user, this has to be a bit of a bummer, but there’s some good news: It will probably take a few years for Apple to fully integrate the team into whatever is happening next, and the existing apps will probably still be around until then.
John Gruber (Mastodon):
Pixelmator and Photomator already look like Apple’s own “pro” apps. From the get-go, the Pixelmator team hasn’t just followed Apple’s own trends and guidelines for UI design, they’ve helped define those trends.
Does Apple want to fold these advanced features into Photos? Or do they once again see the need for separate consumer/professional first-party apps? Logic, for example, was an acquisition — but that was all the way back in 2002. If Apple keeps Photomator as an actively developed product, it would be a return to the same genre they walked away from when they discontinued Aperture in 2014. And if Apple keeps Pixelmator going, it would be the first time they go head-to-head against Photoshop itself.
Steve Troughton-Smith:
The calls for Apple to have its own Photoshop competitor date back to the early days of Mac OS X, and the heyday of the Final Cut Suite, when Apple had an entire lineup of pro software for various niches.
Today, this Pixelmator acquisition could have far-reaching implications for iPad and Vision Pro, who have not been as well-supported by third parties making pro apps like the Mac has.
I would very much welcome an Apple that cares as much about, and fights for, pro apps as it used to.
On the flip side, Apple has a graveyard of pro apps it acquired, extracted all the value from, and left to rot along with their legacy userbases 😅
Nick Lockwood:
I’m sorry if that seems cynical, but Apple’s track record with software acquisitions is abysmal. My guess is either they’ll kill it completely or replace it with something unrecognisable in a year or two.
Mario Guzmán:
Pixelmator Team could AppKit harder than Apple and I now feel like Apple is going to ruin this marvelous app. Damn it. Damn iiittttttt. Pixelmator Team makes Mac-ier apps than even Apple. Apple just ships even-more-stretched out iPad apps
Federico Viticci:
Welp.
Nick Heer:
I am also a touch worried. The first thing I thought of was Apple’s purchase of Workflow, now Shortcuts. In the past seven years, the capability of Shortcuts has been expanded tremendously, but it has also been routinely broken in iOS updates. There are frequent errors with syncing, actions stop working without warning, and compatibility does not always feel like a priority in new first-party software releases.
So, good for Pixelmator for attracting Apple’s attention and delivering quality software for years — software which can go toe-to-toe with offerings from companies far larger and richer. I hope this acquisition is great news for users, too, but I think it is fair to be apprehensive.
Eric Schwarz:
As someone who does all the graphics work on this site and others with Pixelmator, I’m a little nervous what the future will bring. The last big Apple acquisition of a beloved app was Dark Sky and that was eventually killed off and rolled into the Weather app. There may be some good news—Apple also acquired Workflow, improved it and renamed it Shortcuts. Looking back even further, Logic Pro was actually an acquisition, too.
Ryan Jones:
Ballpark Pixelmator acquisition math.
Chris Adamson:
Apropos of nothing surely, Acorn remains a great Core Image-based Mac app for working with images.
See also: Mac Power Users Talk, TidBITS Talk.
Previously:
Acquisition Apple Business iOS 18 iOS App Mac Mac App macOS 15 Sequoia Pixelmator Pixelmator Photo
Flexibits (MacRumors):
We’ve spent the last 4 years making Fantastical better than ever across Apple devices, and with version 4.0 we decided to go even bigger by finally bringing the world’s best calendar app to a Windows PC near you.
For the Mac and iOS versions, it adds a Control Center widget and support for Miro conference calls, but otherwise the release notes show bug fixes. The price has increased from $40/year to $57/year. They are still honoring old, non-subscription purchases with the old feature set.
Flexibits:
The short version is all of the core sync and business logic is shared with Mac (we reuse our Objective-C) and we leverage AppSDK + WinUI for the UI. Currently we don’t make use of Swift on Windows and don’t have plans at the moment to.
Nicholas Riley:
So far Fantastical for Windows is resource-hungry and unstable, despite its feature completeness. First time I tried to edit an event, it hung. Not sure if this resource usage is typical (memory usage is still climbing, up to about 1.2 GB now) but it’s more than I afford on my work machine, and way more than on the Mac; will try again in a bit I think!
They’re not using Electron, and it doesn’t seem like there would inherently be a lot of extra overhead from using Objective-C, so hopefully they can get the resource usage down.
Previously:
App Subscriptions Fantastical iOS iOS 18 iOS App Mac Mac App macOS 15 Sequoia Windows Windows 11 Windows App
Apple (transcript, MacRumors, MacStories):
The Company posted quarterly revenue of $94.9 billion, up 6 percent year over year, and quarterly diluted earnings per share of $0.97. Diluted earnings per share was $1.64, up 12 percent year over year when excluding the one-time charge recognized during the fourth quarter of 2024 related to the impact of the reversal of the European General Court’s State Aid decision.
“Today Apple is reporting a new September quarter revenue record of $94.9 billion, up 6 percent from a year ago,” said Tim Cook, Apple’s CEO.
Jason Snell:
All in all, Apple’s business was relatively flat. iPhone sales were up 6% but flat for the fiscal year; Mac sales were up 2%, which is about how they’ve been all year; Services continues to have reliable double-digit growth, but the rate of growth slowed to 12% year-over-year.
Jordan Golson:
Gross margin for the quarter was 46.2 percent, compared to 45.2 percent in the year-ago quarter.
Juli Clover:
This is Apple’s final earnings call with Maestri, who is stepping down from his role on January 1, 2025 to lead the Corporate Services teams.
Previously:
Apple Apple Quarterly Results Apple Services Business iOS iPad Mac
Sophia Teutschler (Reddit):
Hello, it’s me again! 👋 Did you hear? CoverSutra 4.0.1 is now available on the Mac App Store!
Sophia Teutschler:
It is a free upgrade for Version 3 customers.
Previously:
CoverSutra Mac Mac App macOS 15 Sequoia Music
Thursday, October 31, 2024
Frederic Lardinois (MacRumors, Hacker News):
Microsoft-owned GitHub is bringing Copilot to Apple’s Xcode environment for the first time. Now in public preview, this will allow developers who build apps in Apple’s IDE with the assistance of Copilot. For now, the focus here is on code completion, but Copilot Chat and its other features will likely make their way into Xcode over time.
Copilot already supports Apple’s preferred languages Swift and Objective-C, so there’s no surprise there. Copilot, like on other platforms, will offer multi-line suggestions when it can and users will be able to block suggestions that match public code.
[…]
All paying Copilot users on individual, business, and enterprise plans will have access to this public beta now. All they have to do to get started is install the Copilot extension for Xcode.
GitHub Copilot for Xcode:
GitHub Copilot is an AI pair programmer tool that helps you write code faster and smarter. Copilot for Xcode is an Xcode extension that provides inline coding suggestions as you type.
Matt Pfeiffer:
No way! I thought source editor extensions were too limited for an ai tool to be all that useful/efficient inside of the Xcode box.
Javi:
It also uses accessibility APIs
Which is why:
The installation instructions on this page make me sad for the state of macOS.
Mo Rajabi:
Github Copilot for Xcode overlays a window on top of the editor for completions as Xcode extensions can’t do it.
It’s like how SpamSieve officially has a Mail extension, but the most important stuff is all done via other APIs because extension support is so limited and buggy.
Thomas Ricouard:
I’ve tried it a bit on some sample code, and it’s better than Xcode’s new (local) predictive model. It’s faster, more accurate, and can generate more lines of code.
[…]
It seems to fall slightly short of the Copilot extension within VSCode and Cursor tab. I guess that it doesn’t index and embed your entire project, only the current file.
Jesse Squires:
Was the original author involved with the GH copy?
Marcin Krzyzanowski:
They made a deal with the original author (and paid for that).
See also: Alex Sidebar.
Samuel Axon:
The large language model-based coding assistant GitHub Copilot will switch from exclusively using OpenAI’s GPT models to a multi-model approach over the coming weeks, GitHub CEO Thomas Dohmke announced in a post on GitHub’s blog.
First, Anthropic’s Claude 3.5 Sonnet will roll out to Copilot Chat’s web and VS Code interfaces over the next few weeks. Google’s Gemini 1.5 Pro will come a bit later.
Hugh Langley (via Hacker News):
More than a quarter of new code created at Google is generated by AI, said CEO Sundar Pichai on Tuesday during the company’s Q3 earnings call.
Previously:
Alex Sidebar Artificial Intelligence Claude Developer Tool Extensions GitHub Copilot Google Gemini/Bard Mac macOS 15 Sequoia OpenAI Programming SpamSieve Xcode
Apple (downloads):
Xcode 16.1 includes SDKs for iOS 18.1, iPadOS 18.1, tvOS 18.1, watchOS 11.1, macOS Sequoia 15.1, and visionOS 2.1. The Xcode 16.1 release supports on-device debugging in iOS 15 and later, tvOS 15 and later, watchOS 7 and later, and visionOS. Xcode 16.1 requires a Mac running macOS Sonoma 14.5 or later.
I’m not sure why it’s reported in the macOS 15.1 release notes instead of in the Xcode release notes, but an important bug seems to be fixed:
Fixed: Back-deploying apps that link QuickLookUI to macOS 11 or earlier might crash. (133213738) (FB14667312)
Unfortunately, FB13820420, where Swift apps that use the Network framework crash at launch on macOS Ventura and earlier, was introduced in Xcode 15 and is still not fixed.
When I enabled Apple Intelligence and launched Xcode 16.1 on macOS 15.1, it offered to download an AI model, and I see that there’s an Editor ‣ Show Swift Assist menu command. However, Swift Assist does not seem to be available yet, only the predictive code completion feature.
Previously:
Apple Intelligence Mac macOS 11.0 Big Sur macOS 15 Sequoia Programming Quick Look Xcode
Romain Dillet (Hacker News, MacRumors):
Remember when Apple blamed EU tech rules — and more specifically the Digital Markets Act — to justify the fact that Apple Intelligence wouldn’t be available in the European Union? Maybe that was just an attempt to turn EU users against their regulators as Apple Intelligence is coming to the EU in April 2025 along with local language support.
[…]
While Apple Intelligence is technically out of beta, you have to set your iPhone or Mac to U.S. English. On the iPhone, Apple also checks if your Apple account is associated with a European address. If that’s the case, you can’t enable Apple Intelligence on your iPhone at all, even if you set your iPhone to U.S. English.
On the Mac, it’s a different story, as European users can try out Apple Intelligence features starting Monday.
I don’t think this is quite accurate: Apple Intelligence no longer requires a beta version of the OS, but the feature itself is still marked as in beta.
Max von Thun:
So in the end, Europeans only need to wait five extra months for Apple’s new AI features, while presumably getting a better and safer experience due to compliance with EU laws on privacy and fair competition. So much for all the hysteria about Europe being “left behind”.
So far I have not heard any specifics about what will be “better and safer.” It just seems like a combination of Apple not being ready with other languages and not having had the time to report to EU regulators what it’s doing.
Previously:
Update (2024-10-31): Holger Eilhard:
This is also incorrect: “On the iPhone, Apple also checks if your Apple account is associated with a European address.” I have a European address on my iPhone (along with my german credit cards). I happen to be in the US and can use Apple Intelligence just fine – with the device set to US English and all that.
Apple Intelligence Digital Markets Act (DMA) European Union iOS iOS 18
Wednesday, October 30, 2024
Apple (Hacker News, MacRumors):
With M4, MacBook Pro is up to 1.8x faster than the 13-inch MacBook Pro with M1 for tasks like editing gigapixel photos, and even more demanding workloads like rendering complex scenes in Blender are up to 3.4x faster. With a Neural Engine that’s over 3x more powerful than in M1, it’s great for features in Apple Intelligence and other AI workloads. The M4 model also supports two high-resolution external displays in addition to the built-in display, and now features three Thunderbolt 4 ports so users can connect all their peripherals.
[…]
The new MacBook Pro with M4 Pro is up to 3x faster than models with M1 Pro, speeding up workflows like geo mapping, structural engineering, and data modeling.
[…]
With M4 Max, MacBook Pro delivers up to 3.5x the performance of M1 Max, ripping through heavy creative workloads like visual effects, 3D animation, and film scoring.
[…]
The new MacBook Pro introduces an all-new nano-texture display option that dramatically reduces glare and distractions from reflections.
[…]
MacBook Pro includes a new 12MP Center Stage camera that delivers enhanced video quality in challenging lighting conditions.
[…]
MacBook Pro with M4 Pro and M4 Max features Thunderbolt 5 ports that more than double transfer speeds up to 120 Gb/s, enabling faster external storage, expansion chassis, and powerful docking and hub solutions.
The nano-texture display and its non-crazy price are my favorite news here. There are still only 3 Thunderbolt ports, whereas the Intel MacBook Pros had 4. If more Thunderbolt 5 ports are not possible, I wish they would add some USB-C ports, like with the Mac mini. I’d also still like to see a smaller trackpad.
I’m still quite happy with my M1 Pro MacBook Pro, except for when a Lightroom import destroys it. However, this is a tempting upgrade; I’m mainly put off by the RAM and SSD prices. I would probably get it if I used the internal display more.
Jason Snell:
Unlike last year, where only more expensive configurations gained access to the Space Black shade, this year all MacBook Pro models come in just Silver and Space Black, even the base M4 model.
[…]
All three chip levels get a major webcam upgrade to the 12MP Center stage camera, which is the first Mac laptop webcam upgrade in quite a while. And Apple is claiming that all models can get up to 24 hours of battery life, which seems like a bit of a major milestone, even though (as always) battery life is not a simple thing to measure, and can vary widely based on how you use the computer in question.
Jonathan Deutsch:
The battery characteristics on the M4 vs M4 Pro vs M4 Max are interesting.
If you were hoping for a battery life upgrade like me from the M1 Pro, going for the M4 Max would not do very much.
Previously:
Update (2024-10-31): Joe Rossignol:
The new MacBook Pro models unveiled today feature display brightness enhancements in both bright outdoor lighting and low lighting.
Joe Rossignol:
Center Stage is available in video calling apps like FaceTime and Zoom. The feature was previously limited to newer iPad models and Macs connected to Apple's external Studio Display. The new MacBook Pro and iMac models are the first Macs to support Center Stage without needing to rely on a Studio Display.
I hope the video quality is better than on the Studio Display. The fact that the camera is 12MP doesn’t mean much if it’s only using part of the image.
Shadowfacts:
The RAM ceiling for the Pro chip has technically increased to 64GB, but unfortunately it’s almost moot because, on the laptop, “64GB or 128GB available with M4 Max with 40-core GPU.” It’s an artificial limitation, the Mac mini doesn’t have the same constraint.
I would probably go for 64 GB instead of 48 GB if I could get it with the M4 Pro, but I don’t need or want the M4 Max.
Adam Engst:
Apple’s storage prices are sky-high: you can buy an external 8 TB SSD for $500–$600, compared with Apple’s $2200, and it’s easy to find SSDs under $75 per terabyte.
[…]
Personally, I’m most intrigued by the 14-inch MacBook Pro with the base-level M4 chip because it can drive a pair of external displays. I rely on two 27-inch displays, but until now, that would have required either an expensive MX Pro-level machine or closing the lid on an M3 MacBook Pro or M3 MacBook Air.
Mitchel Broussard:
Best Buy is already providing early pre-order discounts exclusively to My Best Buy Plus and Total members at up to $150 off.
Adam Chandler:
So $50-$150 off a brand new computer and members get AppleCare ($279-$399 value) included.
I’m still so curious how BestBuy can just advertise these prices as an Apple Premium Reseller.
Adam Chandler:
Here’s an article from 2012 (LOL) talking about Apple’s advertised price rules retailers have to follow.
Clearly something changed.
Previously:
Apple Hardware Announcement Apple M4 Apple M4 Max Apple M4 Pro Hardware Mac MacBook Pro macOS 15 Sequoia
Apple (Hacker News, MacRumors):
All three chips are built using industry-leading, second-generation 3-nanometer technology, which improves performance and power efficiency. The CPUs across the M4 family feature the world’s fastest CPU core, delivering the industry’s best single-threaded performance, and dramatically faster multithreaded performance. The GPUs build on the breakthrough graphics architecture introduced in the previous generation, with faster cores and a 2x faster ray-tracing engine. M4 Pro and M4 Max enable Thunderbolt 5 for the Mac for the first time, and unified memory bandwidth is greatly increased — up to 75 percent. Combined with a Neural Engine that’s up to 2x faster than the previous generation and enhanced machine learning (ML) accelerators in the CPUs, the M4 family of chips brings incredible performance for pro and AI workloads.
[…]
M4 Pro features an up to 14-core CPU consisting of up to 10 performance cores and four efficiency cores. It’s up to 1.9x faster than the CPU of M1 Pro, and up to 2.1x faster than the latest AI PC chip. The GPU features up to 20 cores for graphics performance that is 2x that of M4, and up to 2.4x faster than the latest AI PC chip. […] M4 Pro supports up to 64GB of fast unified memory and 273GB/s of memory bandwidth, which is a massive 75 percent increase over M3 Pro and 2x the bandwidth of any AI PC chip.
[…]
M4 Max is the ultimate choice for data scientists, 3D artists, and composers who push pro workflows to the limit. It has an up to 16-core CPU, with up to 12 performance cores and four efficiency cores. It’s up to 2.2x faster than the CPU in M1 Max and up to 2.5x faster than the latest AI PC chip. The GPU has up to 40 cores for performance that is up to 1.9x faster than M1 Max and up to an astounding 4x faster than the latest AI PC chip. […] M4 Max supports up to 128GB of fast unified memory and up to 546GB/s of memory bandwidth, which is 4x the bandwidth of the latest AI PC chip.
The RAM ceiling for the Pro chip has increased from 36 GB to 64 GB, but for the Max it’s unchanged at 128 GB.
Here’s a summary of the cores situation:
| Regular | Pro | Max |
M1 | 4p/4e | 8p/2e | 8p/2e |
M2 | 4p/4e | 8p/4e | 8p/4e |
M3 | 4p/4e | 6p/6e | 12p/4e |
M4 | 4p/6e | 10p/4e | 12p/4e |
So this seems like a bit of a return to form, where the Pro is closer to the Max, and the Max is mostly attractive for GPU performance and RAM capacity, rather than the CPU. (And you need a $900 BTO option to get those extra 2 cores on the M4 Max.)
Previously:
Update (2024-10-31): Andrew Cunningham:
Because Apple staggered its product and chip announcements, we’ve gathered some basic specs from all versions of the M4, M4 Pro, and M4 Max to help compare them to the outgoing M2 and M3 chip families, including the slightly cut-down versions that Apple sells in the cheaper new Macs. We’ve also rounded up some of Apple’s performance claims, so people with older Macs can see exactly what they’re getting if they upgrade (Apple still likes to use the M1 as a baseline, acknowledging that the year-over-year gains are sometimes minor and that many people are still getting by just fine with some version of the M1 chip).
Hartley Charlton:
So how do the three latest-generation Apple silicon chips compare and which should you choose?
Apple Hardware Announcement Apple M4 Max Apple M4 Pro Mac Processors
Jason Snell:
I got up and running in no time because I keep a USB drive permanently attached to my Mac Studio, and make sure it’s a complete clone of my drive. When I reinstalled macOS Sequoia, I was able to use Migration Assistant to restore from my cloned backup drive, and it returned me to more or less the same state I had been in when the computer died.
[…]
Yes, I also do a Time Machine backup—because it’s nice to have redundancy and it can be helpful in grabbing a file that’s changed in the past. It used to be that Time Machine was a must-have because your cloned disk wasn’t really a backup, since it only contained the most recent view of your disk, and if a file was deleted a few days earlier, it would not be retrievable.
But with the advent of Apple’s APFS filesystem, tools like Carbon Copy Cloner use the APFS snapshot feature to fill up all the excess space on your backup drive—remember, I bought a 2TB drive for a 1TB disk—with previous versions of your disk. So there are some extra layers of protection, though I’m still running Time Machine and Backblaze too. You can never have enough data protection.
It’s nice that Migration Assistant makes it so easy to restore. The downside is that it can be slow, even if the clone is on an SSD. Back in the day you could just boot directly from the clone and be up and running almost immediately. It helps to keep the bulk of your data files on separate drives or partition so that restoring the home folder doesn’t take as long.
Howard Oakley:
Over the last few weeks I’ve had several questions from those trying to use TM in more demanding circumstances. This article explains how you can design volume layout and backup exclusions for the most efficient backups in such cases.
Previously:
Update (2024-11-01): Howard Oakley:
By archiving, I mean putting precious files somewhere they can be retrieved in at least ten years time. They may include financial, business, employment and personal records, as well as all finished work that you want to record for posterity. For most, they’ll also include a careful selection of still images, movies, and the more important documents you might create, such as books, theses and papers. They’re what you and the law want you to keep in perpetuity, and to be able to retrieve even after you’re gone.
To see how this can be achieved, I consider: the storage medium to be used, file formats that will be retrievable, how to index them for access, physical storage conditions, and the checks of their integrity that are needed.
[…]
If you’re serious about maintaining your archives, some form of integrity checking, such as that provided by my free utilities Dintch, Fintch and cintch, is essential. Check a sample on each disk once a year, to ensure that none has started to deteriorate. If you do detect errors, that’s the time to burn a replacement before the original is lost to decay.
I use USB sticks and hard drives for my archives and DropDMG and EagleFiler for integrity checking.
Apple File System (APFS) Backup Carbon Copy Cloner DropDMG EagleFiler Mac macOS 15 Sequoia Migration Assistant SuperDuper Time Machine
Tuesday, October 29, 2024
Apple (Hacker News, MacRumors):
Apple today unveiled the all-new Mac mini powered by the M4 and new M4 Pro chips, and redesigned around Apple silicon to pack an incredible amount of performance into an even smaller form of just 5 by 5 inches.
[…]
For more convenient connectivity, it features front and back ports, and for the first time includes Thunderbolt 5 for faster data transfer speeds on the M4 Pro model.
[…]
Mac mini with M4 features a 10-core CPU, 10-core GPU, and now starts with 16GB of unified memory.
[…]
For users who want pro-level performance, Mac mini with M4 Pro features the world’s fastest CPU core with lightning-fast single-threaded performance. With up to 14 cores, including 10 performance cores and four efficiency cores, M4 Pro also provides phenomenal multithreaded performance. With up to 20 cores, the M4 Pro GPU is up to twice as powerful as the GPU in M4, and both chips bring hardware-accelerated ray tracing to the Mac mini for the first time. The Neural Engine in M4 Pro is also over 3x faster than in Mac mini with M1, so on-device Apple Intelligence models run at blazing speed. M4 Pro supports up to 64GB of unified memory and 273GB/s of memory bandwidth — twice as much bandwidth as any AI PC chip — for accelerating AI workloads.
They kept HDMI but dropped a Thunderbolt port. The version with the Pro processor starts at $1,399 instead of $1,299 with the previous model, but it includes 24 GB of RAM, up from 16 GB.
Dan Moren (post):
Apparently you cannot spec the new M4 Pro Mac mini with 32GB of RAM—it’s the standard 24GB or you have to pay $400 to double that to 48GB? (I have 32GB on my M2 Pro Mac mini…so I’d have to downgrade or pay wayyyy more.)
Steve Troughton-Smith:
Since people always ask this: a base model Mac mini is a perfectly fine computer for developing iPhone, iPad, Mac and Vision Pro apps comfortably. I’ve never had to worry about performance or RAM usage on my M1 — it’s fast, stable, and reliable.
(But I also do not use Slack or Chrome, or any of the other worst offenders, so weigh that appropriately)
Jason Snell:
And keep in mind, the Mac mini was never updated to the M3—its last update was to the M2 in early 2023. So if you’re just looking at the Mac mini, the model-to-model speed boosts will be even more impressive than the gains between this chip generation and the last.
Mr. Macintosh:
A lot of people are talking about the new M4 Mac mini power button location.
Apple decided to put it on the bottom. While the bottom vent raises the height, you will still have to tip it up to reach the power button.
Miguel Arroz:
The new Mac Mini internal architecture is reminiscent of the Apple TVs. Fan on the bottom (some Apple TVs have it), logic board in the middle, power supply on top. This way, heat generated from the power supply doesn’t go up to the SoC. Quite cool (no pun intended)!
Christian Selig:
Damn, new Mac mini is (I believe?) the first Mac with DisplayPort 2.1 support. That means a theoretical maximum monitor support of 8K at 240Hz (!!) with HDR and DSC.
Previously:
Update (2024-10-30): John Gruber:
The new Mini form factor sports a dramatically smaller footprint, but because it’s taller (which ought to be better for thermals), the difference isn’t as great by volume[…]
[…]
No cheating either: the power supply remains inside the Mac Mini case. (But as shown above, the Mac Mini remains quite a bit larger than an Apple TV 4K.)
Hartley Charlton:
There are now two desktop Macs and four Apple silicon chip options for users who do not need the expandability of the Mac Pro. The Mac Studio starts at $1,999, overshadowing the $599 starting price of the M4 Mac mini and even the $1,399 starting price of the M4 Pro Mac mini, so do you need the performance of the Mac Studio , or is the humble Mac mini sufficient for your needs? Our guide helps to answer the question of how to decide which of these two desktop Macs is best for you.
John Voorhees:
The new Mac mini is exactly the Mac I wanted when I got the Mac Studio. It doesn’t support as much memory or storage as a Studio, but you can build a real beast of a Mac around this tiny computer including with Thunderbolt 5.
Juli Clover:
The Mac mini is Apple’s first carbon neutral Mac to date, and it joins the carbon neutral Series 10 Apple Watch models.
However, this was possible through “high-quality carbon credits.”
Adam Tow:
In this article, I’m going to talk about my experience with Mac mini over the years, and how I see myself potentially using the new M4-powered Mac mini in the future.
Ezekiel Elin:
I’ve just ordered a new base model to replace my M2 base model. Double the RAM and M2->M4 for just $240 after trade-in made this an easy swap.
See also: TidBITS, MacStories.
Update (2024-10-31): Joe Rossignol:
The Verge attended the gathering, and it has now shared hands-on photos of the dramatically smaller Mac mini, the refreshed color options for the iMac, the updated Magic accessories with USB-C ports, and more. We have highlighted a few of these photos below, and we encourage you to check out their article for a complete gallery.
Apple Hardware Announcement Apple M4 Apple M4 Pro Environment Hardware Mac Mac mini macOS 15 Sequoia
Apple (Hacker News, Slashdot):
With M4, iMac is up to 1.7x faster for daily productivity, and up to 2.1x faster for demanding workflows like photo editing and gaming, compared to iMac with M1. With the Neural Engine in M4, iMac is the world’s best all-in-one for AI and is built for Apple Intelligence, the personal intelligence system that transforms how users work, communicate, and express themselves, while protecting their privacy. The new iMac is available in an array of beautiful new colors, and the 24-inch 4.5K Retina display offers a new nano-texture glass option. iMac features a new 12MP Center Stage camera with Desk View, up to four Thunderbolt 4 ports, and color-matched accessories that include USB-C. Starting at just $1,299, now with 16GB of unified memory, the new iMac is available to pre-order today, with availability beginning Friday, November 8.
This seems good as far as it goes, but there are no models with Pro processors or larger displays. It still has a lower RAM ceiling and fewer ports than the Intel-based iMacs. The SD Card slot is back on the MacBook Pros, but not here.
Christina Warren:
Apple might finally be forced to ship computers with 16GB of RAM as default (2016 called and it’s laughing) but glad to see the dedication to charging truly obscene amounts of money for storage is still alive and well. $600 upcharge for 2TB is a war crime.
My bad — it’s actually worse! The upcharge from 256GB on the base model iMac to 2TB is $800. That’s 2/3 the price of the computer.
Samsung, a top brand, is currently selling external 2 TB SSDs for $150.
Benjamin Mayo:
now they need to do a studio display update featuring the new iMac’s upgraded camera
I don’t know—the Studio Display’s camera is also described as 12MP. So I wonder whether they actually made the iMac’s camera worse by using better hardware but coupling it with Center Stage.
Juli Clover:
For the M4 iMac models with 10-core CPU and 10-core GPU, all four of the USB-C ports support Thunderbolt 4 transfer speeds of up to 40Gb/s. The prior-generation M3 iMac with four ports had two Thunderbolt 3 ports and two USB-3 ports.
The 8-core CPU and 8-core GPU models only have two ports, but both of those are Thunderbolt 4.
Hartley Charlton:
First introduced with the Pro Display XDR in 2019, nano-texture glass is etched at a nanometer scale, which is meant to preserve image quality while scattering ambient light to cut down on glare. It is the most matte display type that Apple makes, and Apple claims that it is useful for high-end, color-managed workflows or demanding ambient lighting environments.
The 2020 27-inch Intel-based iMac was available with a nano-texture display option prior to its discontinuation, so the new iMac marks the first time that the feature has been available with the Apple silicon version of the device. The new iMac ‘s nano-texture glass is a build-to-order option that costs $200, configurable at the point of purchase.
Scott:
No Target Display Mode… when do we start holding
@Apple
to account on their PR narratives, in this case e-waste and environmental sustainability?
Hartley Charlton:
The M4 chip debuted in the iPad Pro earlier this year, promising around 20% faster performance than the M3 chip in both single and multi-core tasks. All of the key differences between the two chip generations are listed below[…]
Dan Moren:
While the colors remain the same—blue, purple, pink, orange, yellow, green, and silver—Apple has tweaked the backs of the computer with more vibrant versions of most of the colors.
John Gruber:
The new colors don’t seem all that different from the old ones, except for green, which seems much more just-plain-green green. The old iMac green was more like teal? It also seems like maybe the new colors are a bit less saturated on the back?
Previously:
Update (2024-10-30): Rob Mathers:
It used to be that the egregious SSD prices at least got you better performance. Nowadays they’re well behind the best NVMe speeds and even more out of whack with pricing.
Hartley Charlton:
Apple’s third Apple silicon iMac gains the M4 chip alongside a range of other small but notable improvements, so how does the new machine compare to its two predecessors?
John Gruber:
One difference: the entry-priced $1,300 2-port model, which has an 8-core CPU (rather than 10-core), ships with a Magic Keyboard that doesn’t have a Touch ID button; all of the 4-port/10-core configurations ship with a Touch-ID–equipped keyboard.
Apple Hardware Announcement Apple M4 iMac Mac macOS 15 Sequoia RAM Solid-State Drive (SSD)
Joe Rossignol:
Alongside the new iMac, Apple announced updated versions of the Magic Mouse, Magic Keyboard, and Magic Trackpad. The accessories are now equipped with USB-C charging ports, whereas the previous models used Lightning. Apple includes the Magic Mouse and Magic Keyboard in the box with the iMac, and the Magic Trackpad is an optional upgrade.
Unfortunately, unlike the first-generation Magic peripherals, these are still only able to pair with one Mac at a time. So you cannot switch them between Macs in software.
Jay Peters:
Apple’s new USB-C-equipped Magic Mouse somehow still has the charging port on the bottom. While Apple could have used the launch as an opportunity to move the charging port from the underside of the device — where the port has remained for nearly a decade, despite other updates to the mouse and being mocked for the decision — the port is still there, as shown in the “view in your space” augmented reality rendering from Apple’s website.
Steve Troughton-Smith:
I really hope nobody is surprised that the USB-C Magic Mouse charging point is in the same location.
Mike Piatek-Jimenez:
Wait, so Apple updated the port on the Magic Mouse, but didn’t fix the biggest bug related to the port of the Magic Mouse?!? 🤦♂️
John Gruber:
Yes, with the charging port on the mouse’s belly, you cannot use it while it charges. There are obvious downsides to that. But those positing the Magic Mouse as absurd act as though Apple doesn’t know this. Of course Apple knows this. Apple obviously just sees this as a trade-off worth making. Apple wants the mouse to be visually symmetric, and they want the top surface to slope all the way down to the desk or table top it rests upon. You can’t achieve that with an exposed port.
My other hunch is that the Magic Mouse’s designers actually see the inability to use it while plugged in as a feature, not a bug. They want you to use it wirelessly, so you have to use it wirelessly.
[…]
With this design, the mouse looks better 100 percent of the time it’s in use, and it looks a bit silly every few months when you need to charge it.
I’ll grant that it looks better, but I thought Apple design was supposed to be about how it works. I guess my question is, why are they optimizing for the minority of people who don’t know it’s wireless? In order to prevent some people from using it non-optimally, they’re consigning others to having mice that sometimes, at the worst possible time, don’t work at all. Could they not put an instruction card in the box or show a bezel notification when you plug it in to remind people that it can be used wirelessly?
Also, I’m seeing a lot of commentary about how you only have to charge it a few times a year or every few months, but I think for me it’s more like once or twice a month. I like the way the Magic Mouse works as a mouse, but it’s way more annoying than when I had a Logitech mouse that ran on a single AA battery for a whole year.
The low-battery notifications are also a problem. In my experience, they show up way too late (when the mouse is so close to dying that you have to interrupt what you’re doing) or not at all. Lately I’ve been using ToothFairy to show the current battery level in the menu bar so that I get earlier notice that the battery is getting low. One of the top feature requests I get is for it to support customizable low-battery notifications because the built-in macOS ones aren’t fit for purpose.
Another use case: I have a test Mac that I mostly access via screen sharing. It would be simpler if I could just leave the Magic Mouse plugged in so that, on the rare occasion when I do physically use that Mac, I can be sure that the battery won’t be dead. Since that’s not possible, I have to leave the mouse belly up, then unplug it for use, and I sometimes forget to plug it back in when I’m done using it.
None of this is the end of the world, but there’s a reason it’s a meme. One upon a time, all the Mac notebooks had upside down Apple logos, and I’m sure the designers had a reason for that, but eventually they had the courage to change it, to great applause.
Zac Alan Cichy:
What’s less fine than the charging port location is just the lack of fundamental iteration. We’re going on 16 years of not altering this mouse in any serious way.
I just grew up with an Apple that would KEEP PUSHING. I don’t think they found the end of the mouse with the Magic Mouse. It’s damn good, but not the end. Haptics. So much could be done.
One idea would be to support Qi charging so that you could just leave it on the pad now and then. I’m sure there’s more that could be done in other areas—I miss the side buttons that the Mighty Mouse had.
Jesper:
These properties of the Magic Mouse are reasonably understood within minutes, if not intellectually then at least vividly. It’s possible I’m underestimating the proportion of people whose anatomy allow them complete comfort with a Magic Mouse — that proportion, even if small, is likely at least hundreds of thousands of people at Apple’s scale — or the probably decidely bigger proportion who just don’t care and consider it a worthwhile trade-off.
It’s comfortable for me, but then I also like those small Logitech mice that you hold with your finger tips instead of putting your palm on top.
New needs friends, and progress is often downstream of a few blind alleys. But at this point I'm more than interested what a Magic Mouse 2, that tries to take the learnings of how Magic Mouse has played out in real life and how people's bodies actually work and do something different, would look like.
To just ship the same thing after nine years, with all the flaws that its trade-offs have lead to would be... well, pants-on-head stupid.
Sebastiaan de With:
OK but the most exciting news today is that you can now get a really nice woven black USB-C cable from Apple with a Magic Keyboard, Trackpad or Keyboard.
Nicholas Riley:
Seems the new Magic Keyboards without keypad are only available with an iMac for now? That was the one thing I planned on buying this week, but I guess it’ll be a while…
The USB-C Magic Keyboard is available, but not in any colors.
Joe Rossignol:
For the time being, Apple is continuing to sell a Lightning version of the Magic Keyboard with a numeric keypad, but it lacks a Touch ID button. Apple has yet to release a USB-C version of this particular Magic Keyboard.
The list of Apple devices and accessories that are still sold with either a Lightning port or a Lightning connector is now quite small[…]
Previously:
Update (2024-10-30): I don’t care about Touch ID, but unfortunately the non–Touch ID Magic Keyboard still has the globe key on the right side, where it’s nearly impossible to use as a modifier for the new window management keyboard shortcuts.
Update (2024-11-01): Juli Clover:
The new USB-C accessories require macOS Sequoia 15.1 to work properly, and as noted on the MacRumors forums, earlier versions of macOS do not work. There are reports from users running macOS Sonoma and Ventura who are having issues with the new devices. With the keyboard, Touch ID and function keys don’t work, and with the Magic Mouse, the scrolling doesn’t function. In some cases, the accessories are recognized as older devices, inhibiting proper functionality.
This isn’t a problem limited to just people running older versions of macOS, because there are also reports from developers who have installed the first macOS Sequoia 15.2 beta. It appears that the macOS Sequoia 15.2 beta was released before Apple could add in support for the new Magic Mouse, Magic Keyboard, and Magic Trackpad.
Touch ID, I guess I can understand, but why don’t the basic features work? Are they not using standard Bluetooth? Did Apple make more extensive changes beyond just the port?
See also: The Talk Show.
Battery Life Bluetooth Mac macOS 15 Sequoia Magic Keyboard Magic Mouse Magic Trackpad Mouse Qi Charging ToothFairy USB-C
Monday, October 28, 2024
Juli Clover (release notes, security, enterprise, developer, full installer, IPSW):
macOS Sequoia 15.1 introduces the first Apple Intelligence features for Macs that are equipped with an M-series chip. Not all Apple Intelligence features are available, but the update includes support for Writing Tools, a new Siri design, AI-powered Focus modes, smart replies, and summaries.
[…]
Siri has been updated with a new design that includes a subtle glow around the display, and Type to Siri means you don’t have to speak to Siri to get answers. Siri can follow along if you stumble over your words, and can maintain context between requests. Safari can summarize articles, and there’s a new Reduce Interruptions Focus Mode that intelligently highlights only important notifications.
Smart replies are available in Messages and Mail, plus the Mail app surfaces priority time sensitive messages and puts them at the top of your inbox. Photos has a Memory Movie feature for creating slideshows based on text descriptions, and there is a Clean Up tool for unwanted objects in your photos.
See also: Mr. Macintosh and Howard Oakley.
Rich Trouton:
While not all of these Apple Intelligence features may be available as of macOS 15.1 in all areas of the world, use of these new features may not be acceptable for security reasons in all Mac environments. Having these management options available now allows Mac admins to get management of these features in place before Apple makes them available.
Marcin Krzyzanowski:
new SwiftUI [toolbar items] crash just shipped
workaround:
a) DispatchQueue.main.async { }
b) apply random modifiers to random places hoping it help
Apple reports this as a known issue in 15.1, but it was apparently introduced in 15.0.
Previously:
Update (2024-10-29): Patrick Wardle:
macOS 15.1 appears to have (finally!) fully resolved the slew of networking issues that plagued the initial macOS 15 release! 🩹🍎
Previously:
Update (2024-10-30): Paul Kafasis:
MacOS 15.1 includes important audio-related bug fixes.
I just updated, and my first impression is that it feels faster than macOS 14. The same old bugs are still present.
Apple Intelligence Mac macOS 15 Sequoia macOS Release SwiftUI
Apple (release notes, full installer):
This document describes the security content of macOS Sonoma 14.7.1.
Apple (release notes, full installer):
This document describes the security content of macOS Ventura 13.7.1.
See also: Howard Oakley.
Previously:
Mac macOS 13 Ventura macOS 14 Sonoma macOS Release
Juli Clover (iOS/iPadOS release notes, security, enterprise, developer):
Apple Intelligence is the main draw in iOS 18.1 and iPadOS 18.1, and some of the first Apple Intelligence features are available on the iPhone 15 Pro, iPhone 15 Pro Max, any iPhone 16 model, or any iPad with an M-series or A17 Pro chip. Note that Apple Intelligence is launching in a beta capacity, and there will be a short waitlist initially.
Previously:
Apple Intelligence iOS iOS 18 iOS Release
Juli Clover (release notes, security, developer):
According to Apple’s release notes, watchOS 11.1 adds improvements and bug fixes, including a fix for an issue with writing breathing disturbances data to HealthKit for some users.
Previously:
watchOS watchOS 11 watchOS Release
Juli Clover (no release notes, security, developer):
tvOS updates are often minor in scale, and tvOS 18.1 doesn’t seem to be an exception.
Apple still hasn’t added the 21:9 aspect ratio for projectors or the new Snoopy screensavers that it promised at WWDC, but those features were not in tvOS 18.1 during the beta testing process, and we don’t know what’s new.
Previously:
tvOS tvOS 18 tvOS Release
Juli Clover (release notes, developer, security, no enterprise):
According to Apple’s release notes, visionOS 2.1 includes bug fixes and security updates, and the software is recommended for all users.
Previously:
visionOS visionOS 2 visionOS Release
My HomePod is reporting this update as available with the following amazing release notes:
This update includes performance and stability improvements.
It’s not yet listed on Apple’s page, and I haven’t seen any press coverage yet.
Here’s a Reddit thread about the 18.1 release candidate.
Previously:
audioOS audioOS 18 audioOS Release
Friday, October 25, 2024
Apple (tweet, Hacker News, MacRumors):
In the weeks after we announced Apple Intelligence and PCC, we provided third-party auditors and select security researchers early access to the resources we created to enable this inspection, including the PCC Virtual Research Environment (VRE).
Today we’re making these resources publicly available to invite all security and privacy researchers — or anyone with interest and a technical curiosity — to learn more about PCC and perform their own independent verification of our claims. And we’re excited to announce that we’re expanding Apple Security Bounty to include PCC, with significant rewards for reports of issues with our security or privacy claims.
To help you understand how we designed PCC’s architecture to accomplish each of our core requirements, we’ve published the Private Cloud Compute Security Guide. The guide includes comprehensive technical details about the components of PCC and how they work together to deliver a groundbreaking level of privacy for AI processing in the cloud. The guide covers topics such as: how PCC attestations build on an immutable foundation of features implemented in hardware; how PCC requests are authenticated and routed to provide non-targetability; how we technically ensure that you can inspect the software running in Apple’s data centers; and how PCC’s privacy and security properties hold up in various attack scenarios.
[…]
We’re also making available the source code for certain key components of PCC that help to implement its security and privacy requirements. We provide this source under a limited-use license agreement to allow you to perform deeper analysis of PCC.
Saagar Jha:
It’s interesting to note that Apple’s PCC code is not open source but only available under a limited 90-day license for use as described here. However, posting code on GitHub requires the code to be viewable and forkable. IANAL, but this seems sketch.
mike_hearn:
All remote attestation technology is rooted by a PKI (the DCA certificate authority in this case). There’s some data somewhere that simply asserts that a particular key was generated inside a CPU, and everything is chained off that. There’s currently no good way to prove this step so you just have to take it on faith. Forge such an assertion and you can sign statements that device X is actually a Y and it’s game over, it’s not detectable remotely.
Therefore, you must take on faith the organization providing the root of trust i.e. the CPU. No way around it. Apple does the best it can within this constraint by trying to have numerous employees be involved, and there’s this third party auditor they hired, but that auditor is ultimately engaging in a process controlled by Apple. It’s a good start but the whole thing assumes either that Apple employees will become whistleblowers if given a sufficiently powerful order, or that the third party auditor will be willing and able to shut down Apple Intelligence if they aren’t satisfied with the audit. Given Apple’s legal resources and famously leak-proof operation, is this a convincing proposition?
Conventional confidential computing conceptually works, because the people designing and selling the CPUs are different to the people deploying them to run confidential workloads. The deployers can’t forge an attestation (assuming absence of bugs) because they don’t have access to the root signing keys. The CPU makers could, theoretically, but they have no reason to because they aren’t running any confidential workloads so there’s no data to steal. And they are in practice constrained by basic problems like not knowing what CPU the deployers actually have, not being able to force changes to other people’s hardware, not being able to intercept the network connections and so on.
[…]
In this case, Apple is doing everything right except that the root of trust for everything is Apple itself. They can publish in their log an entry that claims to be an Apple CPU but for which the key was generated outside of the manufacturing process, and that’s all it takes to dismantle the entire architecture.
It’s good that Apple is building in these safeguards because there are many scenarios where they would help. We just need to realize that there are limits to the marketing claims.
Jeff Johnson:
The Apple Security Research blog now has an RSS feed, though it’s not properly advertised.
Previously:
Apple Intelligence Apple Security Bounty Artificial Intelligence iOS iOS 18 Mac macOS 15 Sequoia Open Source Privacy Private Cloud Compute Security
Apple:
As previewed earlier this year, changes to the browser choice screen, default apps, and app deletion for EU users, as well as support in Safari for exporting user data and for web browsers to import that data, are now available in the beta versions of iOS 18.2 and iPadOS 18.2.
[…]
Following feedback from the European Commission and from developers, in these releases developers can develop and test EU-specific features, such as alternative browser engines, contactless apps, marketplace installations from web browsers, and marketplace apps, from anywhere in the world. Developers of apps that use alternative browser engines can now use WebKit in those same apps.
John Gruber:
I just spent a few minutes trying to figure out how this works, but haven’t found it. If anyone can point me to the answer, let me know. It’s kind of bananas that EU-specific features couldn’t even be tested outside the EU until now.
Riley Testut:
If you’re on 18.2 you can test installing alternative marketplaces from websites (e.g https://altstore.io/download), which means they’ll download but you still can’t launch them
I’m also assuming it means I’ll be able to actually test installing apps with AltStore PAL without having to fly back to Europe, but need to wait ~72 hours for Apple to process my UDID to confirm.
Juli Clover (Hacker News):
With iOS 18.2, iPhone users in the European Union can fully delete a number of core apps, including the App Store, Safari, Messages, Camera, and Photos.
John Gruber:
Clearly this wouldn’t be in iOS 18.2 anywhere in the world if the European Commission weren’t demanding it for DMA compliance, but given that Apple had to do it for the EU, why not make it worldwide?
Previously:
App Marketplaces Digital Markets Act (DMA) European Union iOS iOS 18 Near-Field Communication (NFC) Testing
Juli Clover:
The change was noted on Reddit over the weekend, and there are details on the Disney+ and Hulu websites. Both the Disney+ and Hulu websites say that new and returning subscribers cannot sign up for and pay through Apple, but existing Apple-billed subscribers are not affected.
[…]
Eliminating the in-app purchase fees paid to Apple seems to be part of an effort to boost streaming revenue, paired with price hikes and also a recent crackdown on password sharing.
Disney+ and Hulu will no longer be eligible for Apple’s Video Partner Program going forward, and subscribers may notice a change in tvOS and the Apple TV app. The Video Partner Program provides integration with Apple technologies like AirPlay, Universal Search, zero sign-on, and more for streaming video apps that support in-app purchase.
Peter Kafka (Slashdot):
Disney’s rationale is clear here: When customers sign up for Disney subscription services via Apple, Apple takes up to 15% of the monthly fees those services generate. And Disney CEO Bob Iger has made it clear that he doesn’t want to pay that anymore.
Dare Obasanjo:
As Disney focuses on getting its streaming services to profitability, avoiding the Apple tax is a no brainer.
It’s telling that even the largest companies in the world find the Apple tax to business impairing. The more you tighten your grip, the more companies will slip through your fingers.
Damien Petrilli:
Disney, one of the biggest Apple ally doesn’t want to pay the Apple tax anymore?
I don’t understand, it’s bringing them so much value, don’t they get it?
Even with all the special treatment they got.
Tim Sweeney:
But Apple only allows video, audio, and e-book apps to do this[…]
Joe Rosensteel (post):
Sure, it sucks if you prefer to manage your subscriptions through Apple, just like when Netflix bailed, but Apple charges a lot for that convenience and it does limit what these platforms can do in terms of moving people to bundle pricing, which Disney is very interested in. Apple fails to justify their cut, or offer options that are more appealing than handling this themselves, so even BFF Disney is leaving.
Nick Heer:
As of writing a day after Disney made this change, Disney Plus is still listed as a member on Apple’s Video Partner Program page. I wrote about that program four years ago in the context of Apple seemingly retconning it into being a longstanding and “established” option available to developers of media applications.
[…]
It is hard to feel anything at all, really, about the business decisions of one massive conglomerate compared to another. But Apple’s subscription management is — in a vacuum and distinct from anything else — one of the nicest around, and it ultimately hurts users that it is so unattractive to some developers when given other options.
Previously:
App Store Business Disney Hulu In-App Purchase iOS iOS 18
Thursday, October 24, 2024
Six Colors:
On Wednesday, Apple rolled out developer betas of iOS 18.2, iPadOS 18.2, and macOS 15.2, which run Apple Intelligence features previously seen only in Apple’s own marketing materials and product announcements: Three different kinds of image generation, ChatGPT support, Visual Intelligence, expanded English language support, and Writing Tools prompts.
[…]
It’s still English-only for now, but English speakers in Canada, the United Kingdom, Australia, New Zealand, and South Africa will be able to use Apple Intelligence in their versions of English.
Juli Clover:
Apple introduced an updated version of the Mail app with built-in categorization.
I still don’t see the categories feature in the Mac version of Mail, although there are some invisible menu commands that show up when searching with the Help menu.
From a SpamSieve perspective, I note that Mail’s data store is still at version 10 but that the schema has changed from both macOS 14 and from macOS 15.0 (in seemingly backwards compatible ways).
John Gruber:
These developer betas also contain new APIs for third-party apps: the Writing Tools API (which will allow any text app to support the features only Apple’s first-party apps have access to in iOS 18.1 and MacOS 15.1), Genmoji API (so third-party messaging apps can support them like Messages will), and Image Playground API.
Howard Oakley:
Apple reassured us that “if you’re using any of the standard UI frameworks to render text fields, your app will automatically get the ability to use Writing Tools.” But that appears to make the assumption that the text view is already using TextKit 2, and the only documentation that I can find about that states that NSTextViews need to be opted into that with additional code. However, the class documentation for NSTextView doesn’t even mention TextKit 2, although it does now include some information about support for Writing Tools.
See also: Marcin Krzyzanowski.
M.G. Siegler:
One more thing: also baked into iOS 18.2 is the ability to set default apps for Mail, Browser, Messages, etc. This isn't just for EU users, but for everyone.
Previously:
Update (2024-10-29): John Gruber:
The image generation features (Image Playground, Genmoji, Image Wand) in the next round of Apple Intelligence, in the beta releases of iOS 18.2 and MacOS 15.2 that dropped last week, require a separate waiting list. I signed up for that a few hours after the betas were released last Wednesday, October 23, and I’m still waiting as I type this. The only people I know who have access to the image generation features are those who signed up for it within the first hour — maybe less — of the betas appearing.
Apple Intelligence Apple Mail Artificial Intelligence ChatGPT Genmoji Image Playground iOS iOS 18 Mac macOS 15 Sequoia Writing Tools
Joanna Stern:
Apple will launch iOS 18.1 next week, bringing its much anticipated generative-AI tools to the iPhone 15 Pro models and the new iPhone 16 lineup. It will be available for most newer iPads and Macs, too.
If you’re expecting AI fireworks, prepare for AI…sparklers. Back in June, at the company’s annual developers conference, executives showed off do-it-yourself emojis, ChatGPT integration and a Siri that can recall the name of a person you met months ago. Apple has even been running ads for some features. None are in this release.
[…]
I’ve been testing Apple Intelligence on my iPhone and iPad. Apple’s ability to build tools right into the operating systems is undeniably powerful and convenient. But many are half-baked. I asked Federighi to explain the features—and Apple’s broader AI strategy.
John Gruber:
It’s a very good interview, and also available on YouTube.
[…]
But as Stern herself points out in the article, the features that are shipping are genuinely useful. Notification summaries are good — the occasional mistakes can be funny, but overall it’s solid, and especially helpful for batches of notification from the same app or group text. The Clean Up unwanted-object-remover in Photos is great.
M.G. Siegler:
The first version of Apple Intelligence, which has been in beta testing for a few months now and is rolling out broadly next week, is pretty underwhelming. There’s just not much there. Not a lot beyond perhaps notification summaries that you’re going to be using all the time.
Tim Hardwick:
The most significant Siri enhancements are scheduled for iOS 18.4 around March 2025. These include onscreen awareness for contextual commands, personal context for better understanding of user data, and expanded app control capabilities. Initially, Apple Intelligence will only support U.S. English, with additional languages planned for next year.
Om Malik:
If my memory serves me correctly, it’s roughly the same number Apple shared during the WWDC keynote. So, essentially flat. While 1.5 billion might appear big, when it comes to internet scale, it isn’t such a large number for a company the size of Apple. I looked up the number of active Apple devices. That number is estimated to be 2.2 billion devices — I assume this includes phones, computers, watches, headphones, TV-streaming devices, and speakers. So 1.5 billion requests a day is actually far less than one daily request per active device.
Howard Oakley:
Writing Tools don’t themselves generate new content in text, but use the original text to produce derivatives. I’m particularly looking forward to using its proofreading feature, which can suggest improvements that I can choose to ignore, or adapt to my own style, as I wish.
Adam Engst:
I’ve relied on Grammarly for years for proofreading. It catches typos, doubled words, and extra spaces, and its newer AI-powered features sometimes make helpful suggestions for recasting awkward sentences. I’m slightly annoyed that Grammarly’s proofreading tools are so helpful, but it’s challenging to edit your own text to a professional level, and Grammarly can identify errors much faster than I can. Don’t assume that tools like Apple Intelligence’s proofreading capabilities for helping with grammar, word choice, and sentence structure are necessarily a crutch. They may be for some people, but even people who care about their writing can still benefit from some suggestions while ignoring unhelpful ones.
Ben Lovejoy:
AI suggested a total of six changes to my piece, of which three were duplicates – adding periods to bullet-point text.
[…]
Overall, though, a really excellent job.
John Gruber:
I am very likely underselling how valuable the new writing tools might prove to people trying to write in a second language, or who simply aren’t capable of expressing themselves well in their first language.
Juli Clover:
This guide goes over everything you can do with Writing Tools, where you can use them, and what you need to access the feature.
Previously:
Update (2024-10-28): Apple (Hacker News):
Apple today announced the first set of Apple Intelligence features for iPhone, iPad, and Mac users is now available through a free software update with the release of iOS 18.1, iPadOS 18.1, and macOS Sequoia 15.1. Apple Intelligence is the personal intelligence system that harnesses the power of Apple silicon to understand and create language and images, take action across apps, and draw from personal context to simplify and accelerate everyday tasks while taking an extraordinary step forward for privacy in AI. Today marks the availability of the first set of features, with many more rolling out in the coming months.
Six Colors:
It’s unquestionable that Apple is putting its weight behind these efforts, but what’s been less clear is just how effective and useful these tools will be. Perhaps unsurprisingly, for anybody who has used similar generative AI tools, the answer is a definite maybe.
[…]
Despite Apple’s marketing of a new and improved Siri, the voice assistant hasn’t changed that much with this first set of Apple Intelligence capabilities. The most obvious “new feature” is actually a new look: on iOS and iPadOS, instead of the little glowing orb that used to indicate Siri had been activated, you’ll now see a colorful wash over the entire screen, accompanied by a “ripple” effect.
Previously:
Update (2024-10-30): Kirk McElhearn:
These writing tools could be useful for non-native speakers or people with limited writing skills. But for any serious writing, they are limited and problematic. Someone in a hurry may accept rewrites without checking and later discover that their text has been corrupted, their style flattened, and their message obfuscated.
iA:
Apple’s Intelligence misses a crucial step in the process. Writing Tools will simply replace your original text. If you can’t see the edits. The more you use it, the more you risk losing control over what you wrote.
Update (2024-10-31): Joe Rosensteel:
- Clean Up (YIKES)
- Pixelmator (yuck)
- Retouch (ok, and what I used originally)
- Lightroom (many removal options that all seem viable)
Apple Intelligence Artificial Intelligence iOS iOS 18 Mac macOS 15 Sequoia Notification Center Photos.app Siri Writing Tools
Adam Engst (Hacker News, MacRumors Forum):
Sad news. The longstanding email client Postbox has been acquired and shut down by eM Client, described by the announcement as “a leading email platform for Windows and macOS that combines email, calendars, tasks, contacts, notes, and chat into a single, easy-to-use application.”
[…]
On the other side of the equation, I’ve never heard of any Mac users relying on eM Client, despite its cross-platform status. I was going to say that I’d never heard of it at all, but searching my email reveals that I tested it briefly in February 2022. I suspect it’s a Windows app that has been clumsily ported to macOS. (Ironically, I was just encouraged by a PR person to look at Mailbird, another Windows email client that just released a version that runs on the Mac but bears little resemblance to a true Mac app.) eM Client gained iOS and Android clients only this year.
There’s a migration guide. I know that eM Client has some dedicated fans, and I’ve received requests over the years for SpamSieve to work with it. Unfortunately, eM Client does not support plug-ins or have any meaningful AppleScript support. Some customers are running Apple Mail in the background to filter their mail with SpamSieve. They can correct any mistakes from within eM Client by moving messages to special TrainSpam and TrainGood mailboxes. I’m open to working with eM Client if they would like to add direct integration.
Ric Ford:
Postbox was based on Mozilla’s cross-platform, open-source code Thunderbird email app, which does provide native Apple Silicon code, along with timely development and updates, security fixes, and additional features, including calendars.
Acquisition E-mail Client eM Client Mac Mac App macOS 15 Sequoia Postbox SpamSieve Sunset
Wednesday, October 23, 2024
Jared Nelson (Hacker News):
Many of you who have followed TouchArcade for a long time are well aware that we’ve had financial troubles for many years now, and to be frank I think it’s a miracle that we’ve been able to last as long as we have. The truth of the matter is that a website like ours just doesn’t make money anymore. To our own detriment we’ve resisted things like obnoxious in-your-face advertising, egregious clickbait headlines, or ethically questionable sponsorships, which sadly are the types of things that actually still make money in the internet of today.
There are a number of other reasons that have contributed to us reaching this point, but I’d rather not get into all that right now. TouchArcade was an institution for many millions of people over the past 16 years, and it was my full-time job for the last 14+ years.
[…]
The job market is not great anywhere, and finding new work is tough, especially in the games industry. If you are reading this and you have a need for very capable game industry veterans such as ourselves, please reach out.
[…]
If there is some sort of silver lining to all of this, it’s that for the foreseeable future all of the content that has ever been posted to TouchArcade will remain online and accessible to all. More than 33,000 published articles, including more than 4,000 game reviews, not to mention all of our yearly Best Of content and Game of the Year picks. These should hopefully all continue living on into the future for reference purposes and just to look back and see how drastically the mobile gaming landscape changed over the last decade and a half.
Michael Love:
Just saw this - pretty sad reflection on the state of iOS gaming that the marquee iOS game review site couldn’t afford to keep the lights on.
Previously:
Advertising App Store Business Game iOS Sunset The Media Web
AppleScript support with popular Mac calendar apps is surprisingly limited. With Apple Mail, it’s easy to write a script that operates on the selected e-mail messages, and I’ve written many such scripts. I’d like to do this same with calendar events. For example, sometimes I want to make the same change to one of the fields of all the selected events (since there’s no bulk edit inspector). Other times I want to reschedule by shifting all the events by the same amount of time. Sometimes I have a group of past events (e.g. for cooking a Thanksgiving dinner or traveling to a familiar location) and I want to start planning the next iteration by duplicating and shifting them to the future. When traveling east-west, I would like to check that the time zone information is entered consistently.
But this just doesn’t seem to be possible to script. With Apple Calendar and BusyCal, the scripting dictionary does not even let you access the selected calendar events. Readdle Calendars, which recently switched to a subscription, is not scriptable at all. With Fantastical, the dictionary looks promising but mostly doesn’t work:
You can get the selected events, but key properties such as the containing calendar and the repetition and alarm info are missing. So I can’t just copy by making a new event based on the selected one.
I usually want the copied event to keep the same calendar, so how about just letting Fantastical copy an existing event and then edit it with the script? There’s a duplicate
command, but it doesn’t work.
OK, how about if I have the script pick the calendar and create a new event using the properties of the selected one? It turns out that creating new events via AppleScript doesn’t work, either.
How about if I duplicate the events using the menu command and then use AppleScript to edit them? The properties are shown as editable, and you can set their values, but this seems to just mutate a temporary object. The changes are never reflected in the user interface or saved to disk.
I contacted support, who said that, despite what the dictionary shows, none of this is supported. All you can do is read (some) of the properties of the selected events and create new events using the parse sentence
command. They suggested exporting to ICS, processing the file, and re-importing the ICS. The Export… command exports an entire calendar and so isn’t very useful for this purpose, unless you first copy the events to a temporary calendar. However, you can export individual events via drag and drop.
Some other partial solutions that I found:
You can click here to set a hidden Fantastical preference to make the event editor popover always open in expanded form. This saves a lot of clicks when editing a sequence of events.
You can Option-drag a selection of events to copy them to a particular day. I mostly don’t find this useful because the source and destination days don’t usually fit on screen at the same time (and it doesn’t let me open multiple windows).
Similarly, if you can manage to view and select a bunch of events in the week or day view, you can drag and drop to reschedule them all at once. This is in general rather awkward, but it can work if you’re doing something basic like shifting them all an hour later.
Although there is no command to Duplicate the selected events to a particular day, you can Copy them, then click on the desired start day, and Paste, and it will preserve the relative times between the events. (This also works in Apple Calendar.)
Previously:
Update (2024-10-28): A reader notes that, although Calendar does not provide AppleScript access to the selected events, if an event is in edit mode you can use GUI scripting to extract its information:
tell application "System Events"
tell application process "Calendar"
set parametersOfEvent to description of every button of pop over 1 of window 1
--eg...{"Oct 25, 2024 9 AM to 5 PM", "Alert when I need to leave Alert 15 minutes before start (default)", "Edit Attendees", "add", "Add Notes or URL"}
set nameOfEvent to value of every text field of pop over 1 of window 1
set repeatsHow to value of every static text of pop over 1 of window 1
--eg..{"Busy", "Repeats every week on Monday, Tuesday, and Thursday"}
--item 1 is the title, item 2 is how it repeats
end tell
end tell
And Shane Stanley’s CalendarLib EC is an AppleScript wrapper for accessing EventKit using AppleScriptObjC.
AppleScript BusyCal Calendar Esoteric Preferences Fantastical Mac Mac App macOS 15 Sequoia Readdle Calendars
A reader shared a story about the confusing and unfortunate situation with Qbix’s calendar apps on the Mac App Store. There are two separate apps: Calendars (which used to be called Calendar 2, previously discussed) and Calendar Plus.
Calendar Plus hasn’t been updated in 10 years but is still for sale as a $9.99 up-front purchase. The reader first purchased this one, but then he found that it doesn’t work on macOS 10.13 and got a refund.
He then purchased Calendars, which is free with In-App Purchase. He purchased the $17.99 IAP called “Unlock All Features Permanently,” rather than subscribing for $1.99/month or $15.99/year. Unfortunately, the IAP “expired” after exactly one month. Reviews say that support is only available via Facebook and that the developer is unresponsive to questions. He tried to get a refund from Apple but was told:
After reviewing your account details Apple decides no.
So the Mac App Store, which is supposed to protect customers, failed twice: the purchase didn’t work as advertised, and Apple didn’t make the customer whole. Nor did it do anything to protect future customers: nearly a year later, the app hasn’t been updated, and the broken permanent unlock IAP is still available.
Previously:
Update (2024-10-24): sundevil671 (via Jeff Johnson):
I purchased [a different] app that doesn’t work how I need it to. After exhaustive troubleshooting attempts with their helpful support staff, it became clear I wasn’t going to be able to use the software as intended. When I requested a pro-rated refund for the annual subscription I’d purchased, I was told the request had to be made through Apple’s process since the purchase was made through the App Store. Apple denied the request so quickly it almost had to be automated, and the appeal of that decision denied almost as fast. I’m not sure how much weight such an appeal could even be given since they provide a tiny field for an explanation and no way to include supporting documentation of any kind. I was prepared to include transcripts of my interactions with the software’s support staff that acknowledged the malfunction & suggested I submit the request through Apple. The last resort was to try and dispute the charge through my credit card company, which I’ve discovered to be a fool’s errand with Chase for many years now. On that front it was denied immediately as well.
So my question is - is there any recourse whatsoever if you purchase an application that ends up not working in an essential way? Now I have a $100 application I can’t use, and am going to have to purchase another one for the same purpose.
As far as I know, there is no solution, even if the developer wants to help. Disputing the credit card charge—which, incidentally, was harder with an Apple Card—can work in other contexts but is not a good idea with Apple because it can endanger your entire Apple Account.
App Store Scams Apple Card Calendar 2 In-App Purchase Mac Mac App Mac App Store macOS 10.13 High Sierra macOS 14 Sonoma
Tuesday, October 22, 2024
Jeremy Gray (Hacker News, Reddit):
Apple and its various software iterations have supported JPEG XL for at least a year, including in Finder, Preview, Final Cut Pro, Pages, Photos, Mail, Safari, and more. Adobe has also supported the format for a while, including in Adobe Camera Raw and Lightroom Classic.
Despite JPEG XL supporting reversible JPEG transcoding and being superior to JPEG in terms of quality and efficiency, the format has yet to be widely adopted. Neither Chrome nor Firefox, two very popular web browsers, support the format natively, for example. Extensions are available to support JPEG XL files, but they’re not installed by default.
The JPEG XL community website cites the format’s ability to reduce file size while delivering “unmatched quality-per-byte.” Compared to a standard JPEG, a JPEG XL file is up to 55% smaller while providing a cleaner image that is visually lossless. Gone are typical JPEG artifacts.
[…]
As Apple explains on the new iPhone models, JPEG XL files are supported on iOS 17 and later and macOS 14 and later. However, as mentioned, these .jxl files are wrapped in a DNG container, so you can’t just fire off .jxl files from the iPhone 16 Pro.
Juli Clover (Reddit):
Compared to the HEIC format that Apple introduced several years ago, JPEG-XL supports both lossy and lossless compression. HEIC is a lossy format, and while it retains better quality than JPG images, pros will likely prefer JPEG-XL for zero image degradation. HEIC has never gained wide support, which has hindered its usefulness.
It sounds like Apple has only enabled Camera support for JPEG XL with the iPhone 16 family, not with iOS 18 generally. Is this because it depends on hardware acceleration that’s only available with the A18? However, iOS 17 and macOS 14 can read the files.
Also, although JPEG XL seems to be superior to HEIC, Apple is not offering it as a general choice alongside JPEG and HEIC. It’s only available when using ProRAW. This is all rather confusing.
Ryan Jones:
Photo settings have gone too far. WTF is happening.
Collin Donnell:
So JPEG XL seems flat out better than HEIC for images? I’m going to start saving all my film scans as 16 bit JPEG XL.
praseodym:
JPEG XL also supports re-encoding existing JPEG files to decrease file size while keeping the original file quality. That really seems like useful feature but so far I haven’t seen any tooling (in macOS) to re-encode my existing photo library.
Previously:
Update (2024-10-23): Florian Pircher:
A lot of confusion, as you mentioned, since the new iPhones don’t use JXL for storing regular images, just for raw images. It used to be that regular images are either JPEG or HEIF and raw images are DNG with the pixel data stored as lossless JPEG. Now, regular images are the same as before, but for raw images you can choose how the pixel data inside the DNG should be stored: lossless JPEG (as before), lossless JXL, or lossy JXL.
Most people who have heard of JPEG XL have only seen it used for regular (non-raw) images. And few people know about the lossless JPEG format that was used before for DNG pixel data.
Update (2024-10-28): Jon Sneyers (2020, via Hacker News):
This section highlights the important features that distinguish JPEG XL from other state-of-the-art image codecs like HEIC and AVIF.
morpheuskafka:
I found this interesting note in the article:
HEIC and AVIF can handle larger [than 35MP, 8MP respectively] images but not directly in a single code stream. You must decompose the image into a grid of independently encoded tiles, which could cause discontinuities at the grid boundaries. [demo image follows].
[…]
The newest Fujifilm X cameras have HEIC support but also added 40MP sensors--does this mean they are having to split their HEIC outputs into two encoding grids?
It seems like the iPhone avoided this, as 48MP output is only available as a “ProRAW” i.e. RAW+JPEG, which previously used regular JPEG and now JPEG-XL, but never HEIC.
Adobe Lightroom Apple A18 Apple A18 Pro Camera Firefox Google Chrome HEIF iOS 18 iPhone 16 iPhone 16 Plus iPhone 16 Pro iPhone 16 Pro Max JPEG JPEG XL Photography Photos.app Safari
Agen Schmitz (release notes):
Adobe has issued Lightroom Classic 14.0, a big update with several new features. The release enhances the Generative Remove feature with improved selection and object detection for easier removal of unwanted objects and distractions; introduces Content Credentials to help secure digital assets by attaching credentials like digital signature, editing information, and more; adds denoise support for Linear Raw Digital Negatives (DNGs) to help reduce noise in high-resolution raw files, provides optimized tethering support with Nikon cameras (without Rosetta emulation); helps you to save disk space by setting the preview cache size limit; improves navigation and responsiveness in the Develop module[…]
Adobe:
Remove with Generative AI is now available with improved selection and object detection. Generative Remove lets you easily select and remove objects on complex backgrounds without any hassle.
Detect Objects lets you detect an object within the roughly brushed area to help you make a precise selection when you want to preserve as many details as possible from the scene.
I wish they would add better support for getting rid of Live Photos.
Previously:
Adobe Lightroom Artificial Intelligence Live Photos Mac Mac App macOS 15 Sequoia Photography
Der Teilweise:
Backing up to a NAS currently says 3 days (!) left, after having backed up ~160GB.
Was using WiFi with TX rate 133MBit.
Now I connected using Gigabit Ethernet, does not seem to be faster.
Plus: CPU usage is ridiculously high, fans spinning up to medium/max speed several times per hour.
[…]
I did not change all files on my disk …
Maybe they removed the alert that was shown when the backup got corrupted? Seems to be the case because I did not get that alert and all my old backups (on the NAS) seem to be gone.
[…]
So it seems like Apple indeed removed the confirmation dialog that they showed when they delete corrupted backups, taking away the chance to manually repair it.
I wonder whether this happened pre-Sequoia? Even on Sonoma, I would regularly have Time Machine backups where I would imagine that less than 50 GB changed, but it took all day to back up to a local hard drive. (Yet it wasn’t so slow that it seemed to be starting from scratch.) I wish Time Machine were better at showing which files are being copied and how the space is being used. (I guess some of this can be figured out using BackupLoupe.)
Miguel Arroz:
There’s some annoying bug in Sequoia that makes a Time Machine backup fail with an error “The backup failed because some files were not available”.
How on earth can files “not be available” on something running locally? And whatever it is, why isn’t Time Machine dealing with it properly? It’s all made by the same company. And it had all night to do whatever it has to.
I needed to have a current backup fresh in the morning, and now I’m sitting here waiting.
Der Teilweise:
I wouldn’t be surprised if the opendir
bug described by @cdfinder is a race condition that also happens (more rarely) for local filesystems.
Previously:
Update (2024-10-23): Adam Chandler:
I recently had Time Machine issues on Developer beta where I wasn’t getting successful backups. I tried everything and finally disabling the MacOS Firewall fixed it for me.
MBP wired Ethernet to Synology using SMB on x.1 developer beta.
Kurt:
I don’t use my MacBook Pro (M1 Max running Sequoia) daily, but last night I went to use it and it was warm to the touch and the fans were at full blast. The process “diskimagesiod” was using 800% CPU. I also get the “files were not available” all the time with Time Machine. Super annoying.
Howard Oakley:
You can see files and progress in the log, easily accessible from T2M2’s Speed button during a backup.
Previously:
Backup BackupLoupe Bug Datacide Mac macOS 14 Sonoma macOS 15 Sequoia TheTimeMachineMechanic (T2M2) Time Machine
Monday, October 21, 2024
Mullvad VPN (Hacker News):
We have found that you could be leaking traffic on macOS after system updates. To our current knowledge a reboot resolves it. We are currently investigating this and will follow up with more information.
In this scenario the macOS firewall does not seem to function correctly and is disregarding firewall rules. Most traffic will still go inside the VPN tunnel since the routing table specifies that it should. Unfortunately apps are not required to respect the routing table and can send traffic outside the tunnel if they try to. Some examples of apps that do this are Apple’s own apps and services since macOS 14.6, up until a recent 15.1 beta.
Previously:
Bug Firewall Mac macOS 15 Sequoia Networking Privacy Software Update Virtual Private Network (VPN)
Wojciech Reguła (September 2021, tweet):
I was looking for code injection opportunities that may allow reaching TCC bypasses. My simple shell script discovered a potential victim - /System/Library/CoreServices/Applications/Directory Utility.app
. It had (and has) the following private TCC entitlement[…] This entitlement allows the Directory Utility to modify the user’s records stored in the /var/db/dslocal/nodes
directory.
[…]
After some time I stumbled across the above-mentioned Matt Shockley’s article on how he was able to bypass TCC only by changing the $HOME
directory via launchctl
. I was really curious about how Apple fixed that vulnerability so I started reversing the TCC. Turns out that now TCC takes the information about the user’s home directory from the getpwuid
function.
[…]
I was really shocked that Apple decided that this vulnerability is not eligible for the bounty. [They later changed their mind.]
Wojciech Reguła (March 2022):
This post shows how to bypass the macOS privacy framework (TCC) using old app versions.
[…]
Summing it up - there is no version information. It is exactly the same architectonical problem as the macOS Keychain has. In most cases it is possible to get an older version of the “donor” application (without the hardened runtime flag), inject to it, and thus abuse its TCC permissions.
Phil Stokes (March 2023):
The scourge of ransomware attacks that has plagued Windows endpoints over the past half decade or so has, thankfully, not been replicated on Mac devices. With a few unsuccessful exceptions, the notion of locking a Mac device and holding its owner to ransom in return for access to the machine and its data has not yet proven an attractive proposition for attackers.
However, the idea of stealing valuable data and then monetizing it in nefarious ways is a tactic that is now common across platforms. On macOS, threat actors will quietly exfiltrate session cookies, keychains, SSH keys and more as malicious processes from adware to spyware look to harvest data that can be recycled and sold on various underground forums and marketplaces, or used directly in espionage campaigns and supply chain attacks.
[…]
Session cookies can be stored anywhere, but typically they are in locations which can be accessed by the user or a process running as the user. Some locations, such as the User’s Library Cookies folder, may be restricted by TCC unless the parent process has Full Disk Access or uses one of the many known TCC bypasses. Real world attacks (e.g., XCSSET) and researchers have consistently shown that TCC, while often a nuisance to users, does not present a significant obstacle to attackers.
Mickey Jin (January 2024):
Last year, I discovered a full user TCC bypass issue in the macOS Sonoma beta version. There was a CVE number assigned at the beginning, but removed by Apple in the release of macOS 14.0. Instead, I got the credit in their Additional Recognitions.
According to the Apple Security Bounty program, this report should have been rewarded with an additional 50%. Unfortunately, the truth is that I was cut off 50%.
Wojciech Reguła:
This vulnerability was disclosed at Black Hat Europe 2022 in the talk Knockout Win Against TCC - 20+ NEW Ways to Bypass Your MacOS Privacy Mechanisms. The technique used an old Launch Services function LSSetDefaultRoleHandlerForContentType that allowed (without any restrictions) to register arbitrary applications for handling specified UTI handlers. After the UTI handling app registration, the exploit simply opens juicy files (like AddressBook or iMessages database) and TCC happily grants access to them. At that time TCC couldn’t recognize correctly if a file was opened by launch services or double-clicked by a user.
Wojciech Reguła:
The technique relied on an SQLite environment variable respected by libsqlite3.dylib
which made apps using the standard SQLite system API log all the SQL queries. As such queries may contain sensitive user data normally protected by the TCC - I started researching all the problematic occurrences.
Unit 42:
Apple states that user-installed unarchiving tools preserve quarantine. As we can see in the following examples, there are some third-party archive tools that do not enforce that, which means that Gatekeeper won’t scan the extracted files.
[…]
In VMware Fusion, when copying a file from a host machine to a guest macOS virtual machine (VM) using VMware tools, the quarantine extended attribute will be dropped from the copied file as shown in Figure 4. This means Gatekeeper won’t scan any files copied into the virtual machine.
Microsoft Threat Intelligence:
The vulnerability, which we refer to as “HM Surf”, involves removing the TCC protection for the Safari browser directory and modifying a configuration file in the said directory to gain access to the user’s data, including browsed pages, the device’s camera, microphone, and location, without the user’s consent.
[…]
Our exploit involves the following steps:
- Change the home directory of the current user with the dscl utility, which does not require TCC access in Sonoma (At this point, the ~/Library/Safari directory is no longer TCC protected).
- Modify the sensitive files under the user’s real home directory (such as /Users/$USER/Library/Safari/PerSitePreferences.db).
- Change the home directory again so Safari uses the now modified files.
- Run Safari to open a webpage that takes a camera snapshot and trace device location.
Osama Alhour (PDF, tweet):
This paper seeks to provide a comprehensive technical analysis of how TCC works internally, how it interacts with other system components, and it’s impact on both how developers shape their applications as well as user control granting sensitive data to applications.
Previously:
Apple Security Bounty Bug Exploit Extended Attributes Gatekeeper Launch Services Mac macOS 12 Monterey macOS 14 Sonoma macOS 15 Sequoia Safari Security SQLite Transparency Consent and Control (TCC) Virtualization ZIP Archive
Cory Doctorow (July 2023, Hacker News):
Forget F1: the only car race that matters now is the race to turn your car into a digital extraction machine, a high-speed inkjet printer on wheels, stealing your private data as it picks your pocket.
[…]
The car manufacturers got so desperate for chips that they started buying up washing machines for the microchips in them, extracting the chips and discarding the washing machines like some absurdo-dystopian cyberpunk walnut-shelling machine[…]
[…]
These digital systems are a huge problem for the car companies. They are the underlying cause of a precipitous decline in car quality. From touch-based digital door-locks to networked sensors and cameras, every digital system in your car is a source of endless repair nightmares, costly recalls and cybersecurity vulnerabilities[…]
Cory Doctorow (September 2023):
It doesn’t have to be this way. Enshittification occurs when companies gobble each other up in an orgy of mergers and acquisitions, reducing the internet to “five giant websites filled with screenshots of text from the other four” (credit to Tom Eastman!), which lets them endlessly tweak their back-ends to continue to shift value from users and business-customers to themselves. The government gets in on the act by banning tweaking by users - reverse-engineering, scraping, bots and other user-side self-help measures - leaving users helpless before the march of enshittification. We don’t have to accept this! Disenshittifying the internet will require antitrust, limits on corporate tweaking - through privacy laws and other protections - and aggressive self-help measures from alternative app stores to ad blockers and beyond!
Cory Doctorow (November 2023, Hacker News):
For example, when Google contemplates raising the price of a Youtube subscription, the dissent might say, “Well, this will reduce viewership and might shift viewers to rivals like Tiktok” (competition). But the price-hiking side can counter, “No, because we have a giant archive, we control 90% of searches, we are embedded in the workflow of vloggers and other creators who automatically stream and archive to Youtube, and Youtube comes pre-installed on every Android device.” Even if the company leaks a few viewers to Tiktok, it will still make more money in aggregate. Prices go up.
When Google contemplates increasing the number of ads shown to nonsubscribers, the dissent might say, “This will incentivize more users to install ad-blockers, and then we’ll see no ad-revenue from them.” The pro-ad side can counter, “No, because most Youtube viewing is in-app, and reverse-engineering the Youtube app to add an ad-blocker is a felony under Section 1201 of the Digital Millennium Copyright Act. As to non-app viewers: we control the majority of browser installations and have Chrome progressively less hospitable to ad-blocking.”
When Google contemplates adding anti-adblock to its web viewers, the dissent might say, “Processing users’ data in order to ad-block them will violate Europe’s GDPR.” The anti-adblock side can counter, “But we maintain the fiction that our EU corporate headquarters is in the corporate crime-haven of Ireland, where the privacy regulator systematically underenforces the GDPR. We can expect a very long tenure of anti-adblock before we are investigated, and we might win the investigation. Even if we are punished, the expected fine is less than the additional ad-revenue we stand to make.”
When Google contemplates stealing performers’ wages through opaque reshufflings of its revenue-sharing system, the dissent might say, “Our best performers have options, they can go to Twitch or Tiktok.” To which the pro-wage-theft side can counter, “But they have no way of taking their viewers with them. There’s no way for them to offer their viewers on Youtube a tool that alerts them whenever they post a new video to a rival platform. Their archives are on Youtube, and if they move them to another platform, there’s no way to redirect users searching for those videos to their new homes. What’s more, any attempt to unilaterally extract their users’ contact info, or redirect searchers or create a multiplatform client, violates some mix of our terms of service, our rights under DMCA 1201, etc.”
Cory Doctorow (August 2024, transcript):
The enshittification of the internet wasn’t inevitable. The old, good internet gave way to the enshitternet because we let our bosses enshittify it. We took away the constraints of competition, regulation, interop and tech worker power, and so when our bosses yanked on the big enshittification lever in the c-suite, it started to budge further and further, toward total enshittification. A new, good internet is possible - and necessary - and it needs you.
Previously:
Update (2024-10-22): Cory Doctorow (via Hacker News):
In 2020, 75% of Massachusetts voters voted in favor of an automotive right-to-repair ballot initiative, which would force auto manufacturers to share access to diagnostic information with car owners and independent mechanics, so any mechanic could fix your car. You wouldn’t be locked into taking it to the manufacturer.
The people of Massachusetts were pretty adamant: They wanted to choose their own mechanics. They had voted even more forcefully for a very similar right-to-repair initiative in 2012.
The problem is that right to repair only came into effect in August. The carmakers had so much ready cash (much of it accumulated by gouging drivers on maintenance) that they were able to pay an army of lawyers to challenge the law in court. In the decade since Massachusetts voters affirmed their overwhelming support for automotive right to repair, the actual state of it in Massachusetts went into freefall, with an ever-growing proportion of the cars on the road becoming inaccessible to independent mechanics. And it’s still on shaky ground, not fully enforced, and carmakers are deactivating some of the features in cars so they don’t have to share the specifics of how to repair them.
[…]
Governments can — and should — have rules about interoperability in their procurement policies. They should require companies hoping to receive public money to supply the schematics, error codes, keys and other technical matter needed to maintain and improve the things they sell and provide to our public institutions.
Antitrust Business Car Digital Millennium Copyright Act (DMCA) DRM Google Google Chrome Privacy Processors TikTok Unauthorized Repair Web YouTube
Friday, October 18, 2024
Jeff Johnson (Mastodon):
[If] you compile your app with the macOS 15 SDK in Xcode 16, and your app exits with the status 173—the traditional way to handle Mac App Store receipt validation failure—then macOS 15 Sequoia will show the user an alert[…]
The alert is terrible for at least two reasons. First, the text is total nonsense to end users and meaningful only to app developers. Second, the text is inaccurate. Exiting with status 173, for example returning 173 from the main()
function, still works! A new, valid Mac App Store receipt will be fetched, if possible. In this respect, the only difference between Sonoma and Sequoia is that Sequoia shows the annoying, confusing, inaccurate alert to the user.
As far as I’m aware, the new macOS 15 behavior has not been documented by Apple anywhere.
The WWDC session only says:
If your app still uses the Original API for In-App Purchases, I have an important update to share with you. Beginning with iOS 18 and aligned OS releases, the Original API for In-App Purchase is deprecated, including the unified receipt. Your existing apps will continue to work, but the legacy API won’t receive any enhancements or new features in future operating system releases.
But this doesn’t mention the scary alert, and it’s not obvious that exit(173)
is part of the IAP API because it was introduced for up-front purchases before IAP even existed.
Johnson has investigated the documentation history. Apple no longer mentions exit(173)
at all, never saying that it was deprecated, and the current documentation recommends using StoreKit 1, which is is deprecated.
According to the WWDC session, Apple wants apps to switch to StoreKit 2, which is a Swift-only API. Apps targeting older versions of macOS would need to bundle the entire Swift runtime just to download the Mac App Store receipt.
It’s not yet clear to me whether Sequoia shows the alert for apps (linking with the macOS 15 SDK) downloaded from the App Store or only when testing such apps. I presume it’s only the latter because I have not seen a huge outpouring of users mentioning the alerts. However, it’s also possible that few apps have been shipped using Xcode 16 so far, e.g. because doing so will make apps that use Quick Look crash.
Previously:
Update (2024-10-21): Alexander Blach:
Mona (@MonaApp) seems to be a Mac App Store app compiled with the macOS 15 SDK (DTSDKName is “macosx15.0") that does call exit(173)
on launch when the receipt is not present in its app bundle.
It does not show the deprecation alert for me and successfully refreshes the receipt.
So it looks like calling exit(173)
in the production environment still works as before.
App Store Receipt Validation iOS iOS 18 Mac Mac App Store macOS 15 Sequoia Programming Swift Programming Language
Thomas Claburn (MacRumors):
The US Federal Trade Commission on Wednesday announced a final “click-to-cancel” rule that aims to simplify the process of ending unwanted subscriptions to products and services.
[…]
“Too often, businesses make people jump through endless hoops just to cancel a subscription,” said FTC Chair Lina Khan in a statement. “The FTC’s rule will end these tricks and traps, saving Americans time and money. Nobody should be stuck paying for a service they no longer want.”
FTC (Hacker News):
The final rule will provide a consistent legal framework by prohibiting sellers from:
- misrepresenting any material fact made while marketing goods or services with a negative option feature;
- failing to clearly and conspicuously disclose material terms prior to obtaining a consumer’s billing information in connection with a negative option feature;
- failing to obtain a consumer’s express informed consent to the negative option feature before charging the consumer; and
- failing to provide a simple mechanism to cancel the negative option feature and immediately halt charges.
While it was good that in some cases customers could get easier cancellation by paying for an additional layer such as the App Store, I think it makes sense to just make these bad practices illegal.
Karl Bode:
Cemented by AOL in its heyday, and perfected by everybody from the Wall Street Journal to your broadband and wireless phone provider, corporate America loves to make it as annoying as possible to simply cancel services, often actively hiding any way to do so.
[…]
Most of the FTC’s new guidelines will go into effect in 180 days, with some in effect within 60 days after publication in the Federal Register. The rulemaking updates started way back in 2019. There’s a fact sheet here that explains the proposal in more detail.
[…]
Trade groups representing everything from media companies and telecoms to car wash operations called the rules “burdensome and unnecessary.” Publishers and Advertisers like the News/Media Alliance also complained about the rules, insisting they would “confuse customers“ (one alliance group member, the WSJ, worked for years to make subscription cancellation as annoying as humanly possible, and didn’t seem too upset about consumer confusion at the time).
Previously:
App Store Business Federal Trade Commission (FTC) iOS Legal The New York Times Web
Jamie Zawinski:
According to my notes, it went live shortly after midnight on Oct 13, 1994. We sat in the conference room in the dark and listened to different sound effects fired for each different platform that was downloaded. At some point late that night I wandered off and wrote the first version of the page that loaded when you pressed the “What’s Cool” button in the toolbar.
[…]
This beta release was an unannounced surprise. Prior to this, everyone assumed that what we were doing was going to be a standard for-sale product where you sent off your $35 and then some time later got a disc in the mail with a license key.
[…]
These anniversaries keep piling up, so I don’t really have a lot to add, but check my NSCP tag or the Previouslies for more, particularly the links in this one.
John Gruber:
The thing that confuses people sometimes about new platforms is that while the platform and its clients are different things, you usually need both to be great for the whole thing to succeed.
a16z:
In this special episode, Marc and Ben dive deep into the REAL story behind the creation of Netscape—a web browser co-created by Marc that revolutionized the internet and changed the world. As Ben notes at the top, until today, this story has never been fully told either in its entirety or accurately.
In this one-on-one conversation, Marc and Ben discuss Marc’s early life and how it shaped his journey into technology, the pivotal moments at the University of Illinois that led to the development of Mosaic (a renegade browser that Marc developed as an undergrad), and the fierce competition and legal battles that ensued as Netscape rose to prominence.
Previously:
Update (2024-10-22): Adam:
Don’t forget the documentary!
Anniversary History Mac Mac App Netscape System 7 Web
Thursday, October 17, 2024
ToothFairy 2.8.5 is a maintenance update of my Bluetooth menu bar utility. It fixes a bug where sometimes ToothFairy wouldn’t auto-launch at login.
An interesting bug was:
-
ToothFairy uses SMLoginItemSetEnabled()
, which, instead of launching the app directly, launches a helper app that can launch the main app. Originally, it did this using NSWorkspace.launchApplication(_:)
, but then Xcode reported this as deprecated, so I updated it to the new API, openApplication(at:configuration:completionHandler:)
. There seemed to be no need to report errors in this case, so I just passed nil
for the completion handler. The documentation says that the method “Launches the app at the specified URL and asynchronously reports back on the app’s status.” What I didn’t realize, and seems contrary to the documentation, is that it doesn’t just report the success or failure asynchronously, but it seems to also do the launching asynchronously. Sometimes the API would return, the helper app would quit, and this would derail the launching. The fix is to keep the helper running until the completion handler has been called.
Cocoa Mac Mac App macOS 15 Sequoia Programming ToothFairy
Amazon (Hacker News, MacRumors):
The all-new Kindle Colorsoft brings color to Kindle without compromise. It has everything customers love about Kindle today—high contrast, fast page turns, an auto-adjusting front light, and weeks of battery life. It adds color that is vibrant yet easy on the eyes. Now, you can browse covers in color in your Kindle Library or Store; see book photos and images in color; or add color highlights that you can easily search later.
It’s $279.99 with a 7-inch display (wireless charging dock extra). Color is 150 ppi vs. 300 ppi for monochrome.
The all-new Kindle Scribe combines all the benefits of Kindle with a powerful notetaking device. The display has new white borders, and the screen has a smooth, paper-like texture that makes it look and feel like you’re writing on a sheet of paper. Plus, at 300 ppi, text looks crisp and clear when you’re writing or reading. The Premium Pen is finely crafted to deliver just the right heft and balance, so it feels like holding an actual pen, and the new soft-tipped eraser feels like a pencil—you’ll think you have to brush the screen clean after erasing.
[…]
The new Kindle Scribe offers a first-of-its-kind in-book writing experience and a more powerful notetaking experience. With Active Canvas, you can write your thoughts directly in the book when inspiration strikes. Your note becomes part of the page, and the book text dynamically flows around it—if you increase the font size, change the font style, or the book layout changes, the note remains visible exactly where you want it so you never lose any meaning or context. Coming soon, you’ll also be able to write your notes in the side panel and easily hide them when you are done.
It’s $399.99 with 10.2-inch display. I guess it doesn’t work with the wireless charging dock.
Since its debut in 2012, customers have made Kindle Paperwhite our best-selling Kindle—and the all-new Kindle Paperwhite is our fastest yet. Scrolling through your Kindle Library or Store is snappy and responsive with 25% faster page turns. The display uses an oxide thin-film transistor, which gives it the highest contrast ratio of any Kindle, so text and images pop off the screen. A larger, 7-inch display is a first for Kindle Paperwhite—and yet, it is also the thinnest Kindle Paperwhite ever with up to three months of battery life.
The regular edition is $159.99, and the signature edition (double the storage, wireless charging, front light sensor) is $199.99.
Weighing in at just 158g, the new entry-level Kindle is small enough to fit in your hand or carry in your back pocket—and it’s packed with premium Kindle features. It has a 300 ppi, glare-free display, now with faster page turns, higher contrast ratio, and a front light that is 25% brighter at max setting—as bright as Kindle Paperwhite.
This is $109.99 for a 6-inch display.
Sadly, the Kindle Oasis was not updated and is, in fact, discontinued. This was my favorite design, as it had physical page-turn buttons, a more comfortable shape to hold, and the lightest weight (131g without the cover).
Jason Snell:
The writing was on the wall, but it’s still sad. Amazon has apparently decided that there’s no place in the Kindle line-up for an e-reader that still has physical page-turn buttons.
Regular readers of this site will know that I am an ardent supporter of physical page-turn buttons on e-readers, because they allow you to rest a finger on the button and turn the page with a simple squeeze, while touch-only readers require you to constantly reposition a finger, tap, and the move the finger away. Not exactly torturous, but decidedly less optimal.
See also: M.G. Siegler and Andrew Liszewski.
Previously:
Update (2024-10-21): Riccardo Mori:
Now that the new iPad mini and the new Kindles are out, I can tell you that they both have one thing in common: they have sold me on the previous generation of their respective models or product lines.
[…]
I imagine that, from a manufacturing standpoint, devices with physical buttons may be annoying because they have parts and components that are subject to stress and wear. But physical buttons in ebook readers — especially when well placed — are crucial and make for a much more pleasant experience; they’re exactly where your thumbs rest while holding the device, and turning pages becomes a frictionless action; you click the button instinctively, without having to constantly move your hand away from holding the device to tap on the screen (hopefully in the right place). Amazon should have kept at least one Kindle with physical buttons instead of going touch-only across the whole lineup. Last week, at the local second-hand electronics shop I frequently visit, I’ve seen a Kindle Oasis at a good price, so I guess I’ll go with that.
Kirk McElhearn:
In my experience with Kindles and other devices, automatically adjustable brightness never works. When using it on Kindles, they suddenly darken or brighten, and I’ve always turned this feature off.
[…]
One note about brightness. Amazon says that all these devices have 94 nits maximum brightness. I compared my Kindle Oasis – 2019 model – to my iPad Pro, which maxes out at 1,000 nits. The brightest setting on the Oasis matched about 60% of the highest brightness on the iPad Pro. So I’m not sure what 94 nits actually means. It’s true that Kindles don’t need to be bright, because their e-ink displays are reflective, so when reading outdoors you can generally turn the brightness all the way down, saving on battery.
[…]
Many Kindle users hold onto their devices for a long time, if Internet forum comments are any indication, so getting people to upgrade isn’t easy. Amazon does offer a 20% discount on trade-ins for these new Kindles, along with whatever they offer for the trade-in devices, and runs this offer from time to time. […] Note that you’ll get 20% off regardless of how much your old Kindle is worth, so if you have a very old one, trade that in to get the discount.
Color E Ink Hardware Kindle
Thomas Claburn (Hacker News):
Digital River has not paid numerous merchants since midsummer for software and digital products they sold through its MyCommerce platform.
[…]
“Astonishingly, Digital River continued to take sales from our loyal customers until we removed them from the order system. It now appears they have no intention of making payments and may be entering a liquidation process under a new CEO who has been involved in similar situations before.”
[…]
The privately-owned, Minnesota-based business appears to have laid off a significant number of employees, presumably the result of what its UK subsidiary describes as cost reduction initiatives implemented in late 2022.
[…]
In a post to LinkedIn three weeks ago, Lorant Barla, CEO of Romania-based Softland, said, “Digital River is automatically ‘pre-signing’ contracts in your MyCommerce account without your approval. The new MSAs [Master Services Agreements] stipulate additional platform fees and payments delayed for up to 60 days (we are still waiting for the payment from July).”
It’s so sad to see them fall apart. eSellerate was great back in the day.
Previously:
Update (2024-10-18): See also: Hacker News.
Business Layoffs MyCommerce Payments Sunset Web
Wednesday, October 16, 2024
Fatbobman:
However, the release of iOS 18 cast a shadow over this beautiful vision. A year after its first appearance, SwiftData underwent a major underlying refactoring. Although this adjustment was aimed at shifting from a strong coupling with Core Data to supporting more flexible multi-persistence solutions—a direction undoubtedly correct—it seems that the significant changes led to considerable impact on the new version’s stability.
Disappointingly, a large amount of SwiftData code that ran well on iOS 17 encountered various problems in the new version. For a data persistence framework that shoulders heavy responsibilities, these issues are undoubtedly fatal. What’s more worrying is that the complexity of these problems means they may not be thoroughly resolved in the short term. It is foreseeable that throughout the iOS 18 cycle, developers choosing to use SwiftData will have to continuously grapple with these challenges.
[…]
SwiftData’s performance on iOS 18 put me in a dilemma. For an application centered on data management, stability and reliability are non-negotiable. After repeated deliberation, I had to make a tough decision: abandon the thousands of lines of SwiftData code I had completed and return to Core Data.
[…]
When rebuilding the Core Data project, I decided to integrate the modern thinking I learned from SwiftData, using a more innovative approach to harness this time-tested framework.
Personally, I think the sweet spot is using mature frameworks like Core Data and Cocoa from Swift. Apple hasn’t done as much as I’d hoped to make this ergonomic, but there’s a lot you can do yourself. I actually go further than the example here and make all managed object initializers take the required attributes plus the context
as arguments.
Previously:
Update (2024-10-17): See also: Hacker News.
Update (2024-10-18): Peter Steinberger:
So a year in, SwiftData is now worse than it was in the initial release?
Honestly, don’t trust Apple there, use something open source that is properly maintained and has tests, like GRDB.
Core Data iOS iOS 18 Mac macOS 15 Sequoia Programming Swift Concurrency Swift Programming Language SwiftData
Azad Balabanian (via Federico Viticci):
The Vision Pro has quickly become an essential item that I take onto every flight.
It’s a fantastic device to travel with—Be it by train or by plane, it offers an unparalleled opportunity to selectively tune out your environment and sink into an engaging activity like watching a movie or just working on your laptop.
In this blog post, I’ll outline what I’ve learned about the Vision Pro while traveling, explain some of the functionality, shine light onto its drawbacks, as well as assess how it fares against solutions like a phone or a laptop.
[…]
The problem is that for meals that require eyesight to coordinate (aka using a fork to pick up food from a plate), as soon as you look down at your food, the tracking often gets lost. This causes the movie to stop playing and for you to have to look forward for the tracking to re-initialize.
[…]
Here, it doesn’t matter what my front seat neighbor does, I can just tilt my screen down, place the laptop on my lap or tray, pull up a virtual monitor, and get to work.
He uses a generic lens protector instead of the bulky Apple case, adds an Anker battery bank, and uses an extra third-party strap to make it more comfortable.
Airplane Apple Vision Pro Mac macOS 15 Sequoia Travel visionOS visionOS 2
Filipe Espósito (Hacker News, MacRumors, Dan Moren):
As just announced by the FIDO Alliance, the new specifications aim to promote user choice by offering a way to import and export passkeys. The draft of the new specifications establishes the Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) formats for transferring not only passkeys, but other types of credentials will also be supported.
[…]
1Password, which worked with the FIDO Alliance on the new specifications, has already committed to supporting the new passkey import and export formats as soon as they become available. Other companies such as Dashlane, Bitwarden, NordPass, and Google also worked on the draft of the new specifications.
Although nothing has been said about Apple, the company is also part of the FIDO Alliance and was one of the first to introduce support for passkeys in 2022 with iOS 16.
I don’t love this framing because, to me, “export” means that it generates a standalone file that I can do with what I please. I can edit it. Or back it up and import it later—possibly into a different app. As far as I can tell, this is not that. It’s more of a way to transfer passkeys between password managers. It’s specifically designed to “export” an encrypted blob that can only be read by the password manager that requested the export. There’s no use even storing the exported file because, unless you have a way to back up the receiving private key, you won’t even be able to import it again. Maybe a third-party developer will make an app that requests/receives an export and lets you access your own data.
Jeff Johnson:
Export and import should have been extremely simple. Instead, they took years to come up with some convoluted system where the only possibility is to transfer from one vendor lock-in to another vendor lock-in.
The FIDO Alliance would probably say that not allowing true exporting makes it more secure, but I think that’s only true in a kind of security-through-obscurity way. If you make an encrypted happy path for transferring credentials, people will use it because it’s easier. Credential exchange does open the way for people to get at the decrypted data—it just makes it a pain and requires trusting an additional helper app. (Or are they going to somehow prevent non-big-players from participating?) If someone has direct access to my Mac and unlocked password manager, it’s game over, anyway. So I fail to see what this is really protecting against. Do they think people will export CSV files and leave them on unencrypted storage?
Jay Peters:
“It is critical that users can choose the credential management platform they prefer, and switch credential providers securely and without burden,” the FIDO Alliance wrote in its press release.
It’s about platforms, not giving you control of your data.
Martin Pilkington:
This is a big improvement, but I’m still very wary of any authentication system whose secret I can’t easily write down on a piece of paper.
Yes that may seem insecure, but I would also consider having a system that pretty much only major vendors can support to also be insecure in other ways. Loss of access is just as bad as being hacked as an authentication failure point.
I really want to like Passkeys given they’re technically much better, but their flaw is they require you to trust Big Tech (and do so in a far more important way than with passwords). Unfortunately Big Tech has used up pretty much all its remaining trust budget 🤷♂️
Phil Dennis-Jordan:
I particularly resent how they’re treating their proprietary, heavily networked implementations in always-connected devices as superior to a mostly-airgapped FIDO2 device. Those USB key like devices don’t have great UX, but I’d rather see some iteration on that idea than allowing Big Tech to silently sync (i.e. delete, copy, insert, etc.) those secrets in my phone.
Micah R Ledbetter (via Hacker News):
Passkeys are a technically interesting idea with many upsides, but I am concerned about the power they take away from users.
[…]
The passkey spec is designed intentionally such that:
- Sites that use passkeys, like your bank, can tell what app you keep your passkeys in
- Site that use passkeys can choose to support some apps and not others
This is not a hypothetical concern –
it’s being discussed today with regard to the open source KeePassXC app.
[…]
The second ticket linked above makes it clear that sites are prepared to block passkey apps not just for their default settings, but for allowing certain actions to happen at all. In that ticket, the concern is that passkeys can be exported without being encrypted.
tadfisher:
There are FIDO Alliance folks posting Github issues requesting to remove features such as plaintext exporting of credentials, with the explicit threat that the Alliance might block such “open” passkey providers in the future. A local database is not enough, it needs to be locked in a secure element or protected with some TPM-like scheme.
The spec allows for hardware attestation as well, to ensure passkeys are being provided from blessed computing environments. Hopefully implementers continue to ignore this anti-feature, because it’s entirely stupid to lock out users who want to control their own security; at the same time, letting anyone with an Android phone restore passkeys from the cloud with one of their device PINs.
Terr_:
I would also be concerned about whether you can recover when a provider becomes unusable or hostile, and there is no cooperative migration path.
That might be the company going bankrupt, a physical or digital disaster, geopolitical firewalls, or simply a Kafka-esque bureaucracy where your entire account has been deleted without appeal because the company decided it was easier than figuring out the truth behind some moderation issue.
David Heinemeier Hansson (Lobsters):
We had originally planned to go all-in on passkeys for ONCE/Campfire, and we built the early authentication system entirely around that. It was not a simple setup! Handling passkeys properly is surprisingly complicated on the backend, but we got it done. Unfortunately, the user experience kinda sucked, so we ended up ripping it all out again.
The problem with passkeys is that they’re essentially a halfway house to a password manager, but tied to a specific platform in ways that aren’t obvious to a user at all, and liable to easily leave them unable to access of their accounts. Much the same way that two-factor authentication can do, but worse, since you’re not even aware of it.
Vincent:
With this blog post, I want to share with you the learnings on my way when working on a passkey-first auth solution and passkey intelligence with Corbado. All the hard truths, the unknown unknowns (factors that were not anticipated prior to my experience, essentially things we did not know we did not know), and the misconceptions should be uncovered, so that you know what to consider when implementing your own passkey-based authentication.
[…]
Implementing passkeys in a real-life project is 100x harder than you might initially think (trust us – we’ve gone through it).
Jeff Johnson (Mastodon, Hacker News):
I don’t want to place my credentials database under someone else’s control and because I don’t trust the availability and reliability of cloud sync. I prefer to manage credentials myself. Thus, I was surprised to find two passkeys in the “Passkeys Information.csv” file. I don’t recall ever creating a passkey.
[…]
What I didn’t realize until now is that enabling iCloud Keychain also automatically generated apple.com
passkeys. I must have missed it at the time or forgot, but Apple automatically assigned passkeys to users of iOS 17, iPadOS 17, and macOS 14 Sonoma. Since passkeys require iCloud Keychain, it makes sense that this happened the exact same time that iCloud Keychain was (forcibly) enabled on my iPad. However, I seem to have lost the passkeys when I manually disabled iCloud Keychain, because the new Passwords app in iPadOS 18 shows zero passkeys. I have no idea how to revoke the lost credentials on Apple’s systems.
My question is, why does Apple have all of this personal, private information, stored in plain text?
Previously:
Update (2024-10-17): Dimitri Bouniol:
For what its worth, exporting passkeys is non-trivial, because authenticators are sometimes expected to count how many times they’ve signed a challenge, specifically so the server can ensure it hasn’t been copied and used on the side by a non-trusted 3rd party 😔
Update (2024-10-18): Lawrence Abrams:
Amazon has seen massive adoption of passkeys since the company quietly rolled them out a year ago, announcing today that over 175 million customers use the security feature.
I would not call it quiet since when users log in it prompts them to add a passkey. If you don’t store cookies it will ask you every time.
Kyle Howells:
This is a worrying decree of platform lock-in.
I expect a lot of issues when people lose access to their devices or try to login from a new computer.
Currently, this is not an issue because Amazon allows both password and passkey access to the same account (thus negating some of the benefits of passkeys). But the goal is for passkeys to replace passwords, and some sites already prevent you from using both. So backup and transfer of passkeys are very important.
Apple’s Ricky Mondello has been entertaining my questions about this. My conclusion is that the current situation (pre-CXF and CXP) is not good. You have very little control over your passkeys and can easily get into trouble if something goes wrong. There is always the option of using recovery, e.g. sending a special link to your e-mail, to generate a new passkey. Some people do this as a matter of course whenever they need to log in because they don’t remember their passwords. This horrifies me, as I think of passwords more as irreplaceable secrets to be carefully guarded. Recovery via e-mail (or postal mail) does not easily scale to large numbers of logins, and I don’t think it’s very secure, as people often leave their mail open on an unlocked device. And, as passkeys replace passwords, it may be difficult to access your e-mail without a passkey, creating a circular problem.
When Credential Exchange becomes available, I think it will help a lot, though I still have some concerns.
The Passwords app seems unlikely to support backups directly, so you would need to periodically export manually to maintain control of your data. Will this be limited?
As I suggested in the initial post, it will be possible to write an app that lets users truly export their data, not just transfer it. I was worried that, because sites can block certain authenticators, such an app might only be useful as a utility and could not be used as an actual password manager. It seemed that this was being used to pressure KeePassXC into not allowing exports. However, Mondello says that the identification is “extremely intentionally, an optional unattested hint string.” In other words, like a Web browser’s “User-Agent,” the password manager could identify itself however it wants.
I still don’t like that sites get to see which password manager I’m using. This is a privacy violation, as I doubt the big players are going to let me use a custom user agent. But if this is at least possible (in future versions or with indie password managers) it would prevent users from being locked out due to sites not liking a particular authenticator or big players going to war with each other.
At this point, I would say that I’m cautiously optimistic. However, the whole passkeys system is so complex that I’m sure there are important questions that I don’t even know to ask and failure modes I haven’t considered.
Jeff Johnson:
The credential exchange protocol introduces phishing to passkeys.
What stops an attacker from tricking a victim into approving a transfer of passkeys to a credential provider under the control of the attacker? I’ve read the working drafts, and they’re appalling terse on the subject of security considerations.
John Gruber (Mastodon):
I don’t have strong feelings about passkeys, but I am vaguely unsettled by them. There’s no way to use passkeys without using a proper password manager, like Apple Passwords with iCloud Keychain, or 1Password. But if you’re using a proper password manager, your passwords should all be unique and random, and you should have convenient access to 2FA codes. So what’s the point of passkeys if they can only be used by people who are already using a good password manager? Perhaps the thinking is that too many users just can’t be budged from the risky habit of using passwords they have memorized, and passkeys are a way to break that habit because they can’t be memorized.
The main benefits vs. a password manager seem to be that users can be phished and convinced to bypass the safe auto-fill and that incompetent sites store unsalted passwords, which can then be leaked.
John Gruber (Mastodon):
A friend texted me with another argument for passkeys: it’s somewhat common for websites to break password autofill. Maybe it’s deliberate, in the name of fighting bots? But whether deliberate or not, with passkeys, they have to work with your browser’s connected password manager. So maybe passkeys are a net win for convenience, even for technically-knowledgeable users who are unlikely to fall for phishing scams.
They are also more convenient than 2FA.
Alex R:
I think a lot of the passkey discourse(™) comes about because we’re a cohort of highly technical early adopters who already have password managers set up with sync, autofill, and two-factor auth. For those users, passkeys might lack some features (although I think the gaps are being filled rapidly there), but they aren’t really the people for whom passkeys are a big improvement.
opoto:
From the other side of this correct consideration, the point is to explain to the non tech users that from now they will need to use a password/passkey manager. This introduces complexity for them.
Miguel Arroz:
A bit of feedback: the main problem to me is not the security factor (passkeys are more secure than passwords, period) but the apparent lack of control and ownership of my credentials.
[…]
Why is an Apple platform, macOS, seemingly intentionally hiding my own credential to my Apple account, at least in the Passwords app?
Update (2024-10-23): See also: Dithering.
1Password Apple Password Manager iCloud Keychain iOS KeePass Mac Passkeys Passwords Phishing Privacy Security Top Posts Two-Factor Authentication (2FA) Web
Howard Oakley:
When you create the disk image, macOS creates and attaches its container, and creates and mounts the file system within that. This is then saved to disk as a regular file occupying the full size of the disk image, plus the overhead incurred by the disk image container itself. No sparse files are involved at this stage.
When that disk image is mounted next, its container is attached through diskarbitrationd
, then its file system is mounted. If that’s APFS (or HFS+), it undergoes Trimming, as with other mounts. That coalesces free storage blocks within the image to form one contiguous free space. The disk image is then saved in APFS sparse file format, skipping that contiguous free space. When the file system has been unmounted and the container detached, the space used to store the disk image has shrunk to the space actually used within the disk image, plus the container overhead. Unless the disk image is almost full, the amount of space required to store it on disk will be smaller than the full size of the disk image.
[…]
The size of read-write disk images is therefore variable depending on the contents, the effectiveness of Trimming in coalescing free space, and the efficiency of APFS sparse file format.
[…]
Although read-write disk images stored as sparse files are efficient in their use of disk space, they’re still not as compact as sparse bundles.
Howard Oakley:
Read speeds for sparse bundles and read-write disk images were high, whether the container was encrypted or not. On the internal SSD, encryption resulted in read speeds about 1 GB/s lower than those for unencrypted tests, but differences for the external SSD were small and not consistent.
Write speeds were only high for sparse bundles, where they showed similar effects with encryption. Read-write disk images showed write speeds consistently about 1 GB/s, whether on the internal or external SSD, and regardless of encryption.
When unencrypted, read and write speeds for sparse (disk) images were also slower. Although faster than read-write disk images when writing to the internal SSD, read speed was around 2.2 GB/s for both. Results for encrypted sparse images were by far the worst of all the tests performed, and ranged between 0.08 to 0.5 GB/s.
Surprisingly good results were obtained from a new-style virtual machine with FileVault enabled in its disk image. Although previous tests had found read and write speeds of 4.4 and 0.7 GB/s respectively, the Sequoia VM achieved 5.9 and 4.5 GB/s.
Sparse bundles generally have the best performance, though plain read-write images can be faster for reading. Single-file sparse disk images are slow.
Howard Oakley:
If you’re going to use disk images of any type, then getting the right tool for the job is essential. This article considers the leading candidates:
- Disk Utility, bundled with macOS
- DropDMG, $24.99 from C-Command, or from the App Store
- Spundle, free from its Product Page here
hdiutil
, the command tool bundled with macOS.
Previously:
Update (2024-10-18): Howard Oakley:
While this remarkable bug is present in macOS Sequoia 15.0 and 15.0.1, I’m afraid its days are numbered. If you want to experience the TARDIS sparse bundle, you’ve only got another week or two, as it appears to be fixed in the current beta of 15.1.
Update (2024-10-21): Howard Oakley:
- Sparse bundles are more complicated than read-write disk images (UDRW), with band size to be set, and compaction to be performed.
- Default band size appears to work well, and manually setting band size should seldom be necessary.
- Both types appear highly efficient in their use of disk space, with only small differences between them.
- Although it might be important to compact sparse bundles in some cases, the amount of free space returned by compaction is unlikely to be significant in many circumstances.
Perhaps this is because we don’t have tools to defragment the free space on APFS volumes.
Previously:
Apple File System (APFS) Disk Image DropDMG Mac macOS 12 Monterey macOS 15 Sequoia Virtualization
Tuesday, October 15, 2024
Apple (MacRumors, Hacker News):
With a beloved ultraportable design, the new iPad mini is available in four gorgeous finishes, including a new blue and purple, and features the brilliant 8.3-inch Liquid Retina display. A17 Pro delivers a huge performance boost for even the most demanding tasks, with a faster CPU and GPU, a 2x faster Neural Engine than the previous-generation iPad mini, and support for Apple Intelligence. The versatility and advanced capabilities of the new iPad mini are taken to a whole new level with support for Apple Pencil Pro, opening up entirely new ways to be even more productive and creative. The 12MP wide back camera supports Smart HDR 4 for natural-looking photos with increased dynamic range, and uses machine learning to detect and scan documents right in the Camera app.
The new iPad mini features all-day battery life and brand-new experiences with iPadOS 18. Starting at just $499 with 128GB — double the storage of the previous generation — the new iPad mini delivers incredible value and the full iPad experience in an ultraportable design.
John Gruber:
A17 Pro is the chip from last year’s iPhone 15 Pro models, and, notably, there was no non-“Pro” variant. Still, though: an interesting chip to use for iPad Mini.
I thought the rumor was that was to be a temporary chip because it was much more expensive to manufacture.
Ryan Christoffel:
For Wi-Fi, the previous mini offered Wi-Fi 6 compatibility, but the new mini takes it further by supporting Wi-Fi 6E.
The previous mini supported Bluetooth 5, but the new mini adds the more modern Bluetooth 5.3 spec.
[…]
Both models support USB 3. However, the old mini only offered speeds up to 5 GB/s, whereas the new model doubles that and goes up to 10 GB/s.
M.G. Siegler:
Overall, the update to the iPad mini would seem to be a good one – as tends to be the case when you wait three years between product refreshes.
Federico Viticci:
I’m not even sure that “disappointing” would properly describe this iPad mini update.
Three years for a chip bump and Apple Intelligence, and this thing will likely be replaced in 2027? Cool.
Rui Carmo:
[No] matter how they sugarcoat the A17 Pro, it’s not the upgrade I wanted for my mini 5 in either CPU, display, camera or anything else short of the USB-C port and TouchID (yes, I prefer TouchID).
Given the PR-only prerelease and outrageously spaced out refreshes it’s obvious the mini isn’t a priority for Apple, so I have to figure out if I want to address the fact that the 256GB cellular model is closer to €1000 than I would like or wait another two years to upgrade.
René Fouquet:
Still no Pro Motion display. I tried the last iPad Mini and had to send it back because I couldn’t get used to the low refresh rate.
Steve Troughton-Smith:
iPad mini battery life is pretty miserable as-is, without Stage Manager or ProMotion or Face ID. While I would love to see an M-series iPad mini Pro, with all the bells and whistles, I’m not convinced it can be done to that level with current battery technology.
Adam Overholtzer:
The big problem for me remains the price. The iPad mini isn’t worth $500–600 and I don’t want to pay $500+ for an iPad.
Steve Troughton-Smith:
I would honestly fully support Apple splitting the iPad mini into two separate lines — remove some stuff to make the mini even cheaper than it is today, but have an iPad Pro 8.3-inch (M4) with everything the bigger models have. Give it that 5.1mm OLED design to make it the ultimate notepad/sketchpad
Previously:
Update (2024-10-16): Steve Troughton-Smith:
Well this is dumb — today’s new iPad mini is compatible with the previous generation folio cases, and vice versa. Except those options aren’t provided to you during the purchase process, even though you can still buy them on Apple’s site. So if you preordered with a case color combo you’re not super fond of, now’s your chance to change your order!
Update (2024-10-21): Jason Snell:
Based on various reports, it seems like Apple’s goal is to turn over its entire Mac product line to the M4, so they can leave the old process (used on the M3 as well as the A17 Pro) behind. And yet… here’s a new product that uses a chip on the old process that everyone is trying to drop like a hot rock? What?
That’s why my guess is that the new iPad mini is using this chip for non-technical reasons. Here are the possible explanations[…]
Second, while it’s certainly possible that Apple has stockpiled enough five-GPU A17 Pro chips to make three years’ worth of iPad minis, this model feels more like a holding action that gets the iPad mini onto Apple Intelligence… while also using up some amount of chip excess. If I had to predict when we’ll see a next-next-generation iPad mini, I think I’d guess that it will probably be sooner than three years from now.
Juli Clover:
One of the main complaints about the prior-generation iPad mini 6 was “jelly scrolling” or screen tearing, and it sounds like it’s a problem that Apple may have addressed with hardware updates to the iPad mini 7 display.
Update (2024-10-22): Joe Rossignol:
The first iPad mini 7 reviews were published today, and many of them said that “jelly scrolling” display behavior is either less noticeable or fully unnoticeable on the device. However, one prominent technology website disagrees.
See also: Jason Snell and Federico Viticci.
Update (2024-10-24): Sebastiaan de With:
Brutal but honest paragraph from David Pierce in the
@verge
iPad mini review, and I can’t help but agree. They couldn’t even put a new wallpaper on the screen?
Filipe Espósito:
As we reported last month, all iPhone 16 models feature a new system that lets users restore the device’s firmware wirelessly from another iPhone or iPad. Now we’ve learned that Apple is also expanding this system to the recently announced iPad mini 7 with the A17 Pro chip.
Meek Geek:
The jelly effect is less pronounced that it’s negligible.
What’s terrible is the extreme bluriness when scrolling, especially when there’s text. Gives me a headache. Scrolling on a MacBook Air’s 60Hz display is so much better.
Apple A17 Pro Apple Hardware Announcement Apple Intelligence iOS iOS 18 iPad mini Touch ID
Benj Edwards (Hacker News):
Ward Christensen, co-inventor of the computer bulletin board system (BBS), has died at age 78 in Rolling Meadows, Illinois. He was found deceased at his home on Friday after friends requested a wellness check. Christensen, along with Randy Suess, created the first BBS in Chicago in 1978, leading to an important cultural era of digital community-building that presaged much of our online world today.
[…]
Despite creating one of the foundational technologies of the digital age, Christensen maintained a low profile throughout his life, content with his long-standing career at IBM and showing no bitterness or sense of missed opportunity as the Internet age dawned.
[…]
Prior to creating the first BBS, Christensen invented XMODEM, a 1977 file transfer protocol that made much of the later BBS world possible by breaking binary files into packets and ensuring that each packet was safely delivered over sometimes unstable and noisy analog telephone lines. It inspired other file transfer protocols that allowed ad-hoc online file sharing to flourish.
Matt Keeter (Hacker News):
How did I find myself writing a new implementation of a 45-year old protocol?
Previously:
IBM Networking Rest in Peace
Joe Rossignol:
Apple sells two external displays, including the Pro Display XDR and the Studio Display, but neither has received hardware upgrades in years. In fact, the Pro Display XDR is nearly five years old, having been released all the way back in December 2019.
[…]
In December 2022, Bloomberg’s Mark Gurman said Apple was working on an updated version of the Pro Display XDR with an Apple silicon chip, something the current model lacks. In the Studio Display, an A13 Bionic chip powers features such as Center Stage camera framing, spatial audio, and Siri voice commands. However, there have not been any recent rumors about a new Pro Display XDR, so it’s unclear what Apple’s current plans are.
[…]
There have been on-again, off-again rumors about Apple planning a new 27-inch external display with mini-LED backlighting, which would allow for increased brightness and higher contrast ratio. In April 2023, Apple supply chain analyst Ming-Chi Kuo said the display was slated for mass production in 2024 or early 2025.
This is not surprising, since Apple has historically taken a long time to update its displays. I don’t think the panels necessarily need to be updated. But it’s disappointing because the Studio Display has well documented camera problems and power issues. I had high hopes that, coming from Apple, it would be reliable as a USB hub, but I end up directly connecting as many storage devices as possible to the meager ports on my MacBook Pro.
Also, it would be nice to have a mid-range display in the lineup. You can get an M3 iMac with a built-in 4.5K display for $1,299, yet the Studio Display by itself starts at $1,599. It’s still hard to find good third-party Retina displays. Why can’t Apple sell an iMac-less panel for a reasonable price?
Previously:
Update (2024-10-16): Adam Chandler:
I guess it’s correct to report Apple’s prices but aside from BTO/CTO Macs, I haven’t paid MSRP on an Apple Device in a while. Channel Partners have gotten brazen about prices that undercut Apple’s the point that I buy everything from BestBuy which has price match guarantee for 45 days after purchase and includes 2 years of AppleCare through BestBuy Total for no charge.
Case in point, $1599 was actually $1294 last week on Amazon.
That still seems like a lot for what you get. It’s not clear to me why Apple seems to have stopped caring about retailers charging consistent prices.
Nick Her:
Apple’s software quality has been insufficiently great for years and, so, it does not surprise me that a display running iOS is not as reliable as a display that does not use an entire mobile operating system.
See also: Christina Warren on the Studio Display.
Update (2024-10-21): Kuba Suder:
I asked people recently about this, and from what I could find, for more compact displays (<= 24″) it’s not just that they’re hard to find, there are no good Retina-DPI monitors, unless you manage to find a used LG on Ebay…
Display Hardware Mac Pro Display XDR Retina Rumor Studio Display USB
Hartley Charlton (Hacker News):
The study, published on arXiv, outlines Apple’s evaluation of a range of leading language models, including those from OpenAI, Meta, and other prominent developers, to determine how well these models could handle mathematical reasoning tasks. The findings reveal that even slight changes in the phrasing of questions can cause major discrepancies in model performance that can undermine their reliability in scenarios requiring logical consistency.
Apple draws attention to a persistent problem in language models: their reliance on pattern matching rather than genuine logical reasoning. In several tests, the researchers demonstrated that adding irrelevant information to a question—details that should not affect the mathematical outcome—can lead to vastly different answers from the models.
Gary Marcus:
Everyone actively working with AI should read it, or at least this terrific X thread by senior author, Mehrdad Farajtabar, that summarizes what they observed.
[…]
Another manifestation of the lack of sufficiently abstract, formal reasoning in LLMs is the way in which performance often fall apart as problems are made bigger.
[…]
What I argued in 2001, in The Algebraic Mind, still holds: symbol manipulation, in which some knowledge is represented truly abstractly in terms of variables and operations over those variables, much as we see in algebra and traditional computer programming, must be part of the mix. Neurosymbolic AI — combining such machinery with neural networks – is likely a necessary condition for going forward.
Dare Obasanjo:
This is a problem for anyone who belueves they can build autonomous AI agents on this foundation since it means anytime the “agent” sees a pattern it doesn’t recognize, it will fail hilariously or even catastrophically.
Nick Lockwood:
The most surprising part of the news that Apple researchers have discovered that LLMs can’t reason is that anybody who had even a layman’s understanding of LLMs thought they could in the first place.
Pierre Habouzit:
I think that what [LLMs] do is similar to our human so called “intuition”: they recognize “patterns they’ve seen before and intuitively go to the answer that worked then.”
This is an important aspect of how Inthink and a lot of the creative process I have at work is a back and forth between “intuition” and verifying that it sustains a more rigorous model.
[…]
LLMs have a role into an actual form of AI. It just can’t be on its own.
Dave Rahardja:
LLMs can’t do math because they don’t actually understand concepts; they are just really fancy autocomplete engines.
We knew that already, but this paper quantifies it. The math performance is really pretty dismal even with training that tries to optimize for math. The best performance was by OpenAI’s GPT-4o, which scored around 95% for the most basic of grade-school word problems, which means it got 1 in 20 questions wrong, which means it’s not usable for anything in production.
[…]
IMO the biggest problem with LLMs is not that performance is poor, but that there is no way to tell when they get it wrong. The models may make one mistake in a million, but *which output is the wrong one*?
Jason Koebler:
In December, NARA plans to launch a public-facing AI-powered chatbot called “Archie AI,” 404 Media has learned. “The National Archives has big plans for AI,” a NARA spokesperson told 404 Media. It’s going to be essential to how we conduct our work, how we scale our services for Americans who want to be able to access our records from anywhere, anytime, and how we ensure that we are ready to care for the records being created today and in the future.”
Employee chat logs given during the presentation show that National Archives employees are concerned about the idea that AI tools will be used in archiving, a practice that is inherently concerned with accurately recording history.
Previously:
Artificial Intelligence LLaMA Math OpenAI
Monday, October 14, 2024
App ahead (Reddit):
PolyCapture for Mac lets you to record webcams, microphones, screens, and apps — individually or simultaneously.
[…]
Filter apps from your recordings on the fly, ensuring nothing gets in your way.
[…]
Capture voiceovers, podcasts, interviews, music, or commentary. If a microphone can pick it up, PolyCapture can record it.
[…]
Use macOS’s Voice Isolation to enhance speech quality and reduce background noise. Apply video effects like Portrait Mode, Studio Light, and Center Stage to level-up your recordings.
This looks well done, and it’s only $3.99.
Previously:
Update (2024-10-15): Marc Edwards:
Screenflick has been my screen recording app of choice for a very long time, but PolyCapture looks extremely nice.
Audio Camera Mac Mac App macOS 15 Sequoia PolyCapture Screen Recording
Joshua Long:
For nearly six years, Apple has neglected to fix a bug that enables anyone to effectively create false or misleading news headlines that appear to come from credible sources.
[…]
Apple’s Safari browser includes a feature related to link sharing. If you select (highlight) text within a Web page and then tap on the Share button, you can “quote” the selected portion of the page for the recipient when you share the link via Apple’s Messages app. The feature is intended to allow users to include a direct quote from an article, embedded within the iMessage link preview.
However, Apple does not limit the preview text selection to the contents of the page as received from the Web server—and therein lies the flaw.
Users can type something into a page’s search bar (or any other text field), select the text they just typed, tap Safari’s Share button, and then tap the green-and-white Messages icon to send it to any iMessage recipient—either an individual or a group.
Bug Exploit iMessage iOS iOS 12 iOS 18 Mac macOS 15 Sequoia Safari
Ben Cohen:
The keynote from Tony [Parker] and me at ServerSideSwift2024 is up. Hear about how Swift interoperability allowed Foundation to make the switch to Swift, and about the latest direction for interoperability: from Swift to Java.
Apple has rewritten Foundation in Swift, and the Objective-C Foundation and Core Foundation now call into the Swift implementation. This improves performance from Swift, as there are fewer conversions, and also generally, as the Swift code has in some cases been optimized to reduce allocations.
The actual Foundation running on Apple’s platforms is now open source! They are working on a simpler review process for minor API proposals and encouraging more proposals from new contributors.
Quinn:
This seems to be a good time to remind folks that…
Those who live by the swizzle will die by the swizzle!
When I was getting started with Cocoa, Apple had just written an Objective-C to Java bridge. Apple emphasized that you could write native apps in Java This was seemingly rarely done, and I opted to use Objective-C even though I had been a Java programmer. I did use the Java bridge to call into a Java library that didn’t have an Objective-C equivalent. It worked well.
Anyway, there’s now a prototype bridge between Swift and Java. There are code generation tools to make it easier to call in both directions.
See also: The Success Story of Server-Side Swift at Cultured Code.
Previously:
Update (2024-10-28): Tina Liu:
I’d like to share the first-ever yearly update from Swift-Foundation workgroup.
Cocoa Code Generation Core Foundation iOS iOS 18 Java Linux Mac macOS 13 Ventura macOS 14 Sonoma macOS 15 Sequoia Memory Management Objective-C Runtime Open Source Open-source Software Optimization Programming Software Rewrite Swift Programming Language Things
Moriz Büsing (via Hacker News):
It turns out that splitting up, or dynamically constructing identifiers is a bad idea.
[…]
Don’t rename fields at application boundaries to match naming schemes. An obvious example is then importing postgres-style snake_case identifiers into javascript, then converting them to camelCase.
[…]
Taking inspiration from the Zen of Python,
when dealing with namespaces, flattening your folders/object structures is mostly better
than nesting.
Sarah Reichelt:
I applauded Swift’s plan to eliminate all the NS
prefixes but searching for Data
or String
is impossible. NSData
& NSString
were much more searchable.
No matter how smart the IDE is, there will be times when you need to search the raw source. And, of course, Google and Stack Overflow and your issue tracker don’t understand what the symbols refer to.
Cocoa Craft grep iOS iOS 18 Mac macOS 15 Sequoia Objective-C Programming Swift Programming Language
Friday, October 11, 2024
Howard Oakley:
All storage media, including memory, SSDs and rotating hard disks, can develop fragmentation, but most serious attention has been paid to the problem on hard disks. This is because of their electro-mechanical mechanism for seeking to locations on the spinning platter they use for storage. To read a fragmented file sequentially, the read-write head has to keep physically moving to new positions, which takes time and contributes to ageing of the mechanism and eventual failure. Although solid-state media can have slight overhead accessing disparate storage blocks sequentially, this isn’t thought significant and attempts to address that invariably have greater disadvantages.
Fragmentation on hard disks comes in three quite distinct forms: file data across most of the storage, file system metadata, and free space. Different strategies and products have been used to tackle each of those, with varying degrees of success.
[…]
Manually defragging HFS+ hard disks was always a questionable activity, as Apple added background defragmentation to Mac OS X 10.2, released two years before Coriolis was even founded. By El Capitan and Sierra that built-in defragging was highly effective, and the need for manual defragging had almost certainly become a popular myth.
I would agree that defragging became much less useful since the days when I was using the Speed Disk component of Norton Utilities on System 7. But my recollection is that HFS+’s automatic defragmentation didn’t fully solve the problem because it wasn’t able to work on all files (notably skipping large ones, which could have hundreds or even thousands of fragments for a single file) and didn’t consolidate the free space. iDefrag remained useful for spinning disks until the advent of APFS.
APFS also has built-in defragmentation, which in some cases I enabled myself and in other cases seemed to have been automatically enabled. I haven’t noticed any improvement from enabling it, which is unsurprising since Oakley and Mike Bombich say that it doesn’t defragment the file system metadata. APFS performance remains really bad on spinning disks, in my opinion.
Previously:
Apple File System (APFS) DiskWarrior Drive Genius HFS+ History iDefrag Mac macOS 15 Sequoia Storage TechTool Pro
Mario Guzmán (Mastodon):
Customizing an application’s Dock tile when the application itself is not running requires that you write a plug-in. The plug-in’s principal class must implement the NSDockTilePlugIn
protocol.
The name of the plugin is indicated by a NSDockTilePlugIn
key in the application’s Info.plist file.
The plugin is loaded in a system process at login time or when the application tile is added to the Dock. When the plugin is loaded, the principal class’ implementation of setDockTile(_:)
is invoked, passing an NSDockTile
for the plug-in to customize. If the principal class implements dockMenu()
it is invoked whenever the user causes the application’s dock menu to be shown.
[…]
It is rare to see apps use NSDockTilePlugIn
because apps that contain one are not allowed on the Mac App Store.
Previously:
Cocoa Dock Mac Mac App Store Mac OS X 10.5 Leopard macOS 15 Sequoia Open Source Programming Swift Programming Language
Kevin Yank:
When I import a large batch of shots from my camera into Photos, I usually want them in an album, sorted in the order I shot them. The Keep Sorted By Oldest First option would seem to be what I want, but unfortunately its sorting is only based on the capture time of each photo in seconds.
[…]
In order to get the photos into the order I want them, I just need to sort them in the order of their filenames. PA020007.ORF comes after PA020006.ORF, and so on. But Apple Photos can only sort by title, not by filename.
So, to get the sort order I want, I must first assign every photo in the album a title based on its original filename. Of course, typing all these titles in by hand would be impossibly tedious. Thankfully, there’s an open-source tool for that!
Mac macOS 15 Sequoia Photography Photos.app Time
Nick Botticelli (via Hacker News):
Now, to get started, a strategy for approaching the daunting task of running iOS on vma2 is needed. I found the most success with reusing a fully macOS 12.0.1 bootchain and simply replacing the system (OS) image, along with its associated mtree
, root_hash
, and trustcache
files, with that of the iOS 15.0.2’s (iPhone XR build). This would largely bypass the need for (almost) any modifications before iOS initializes, such as to the bootchain and ramdisk (restore process). The XR build was chosen for its arm64e capability and lower-resolution (if that mattered). You should see success with other arm64e device configurations, but do note that the vma2 kernel is hardcoded to return “iPad8,6"
for some sysctl key. arm64 versions experienced additional issues and binary incompatibilities, so there is no point in trying these builds.
I used my own fork of tart (a third-party application for managing Apple silicon virtual machines), super-tart for running the iOS VM, which allows for using the required undocumented features provided by Virtualization.framework. I have not yet pushed all of my changes, such as for setting _setProductionModeEnabled(false)
. Do note that such Virtualization.framework tools that use private APIs require SIP to be turned off, and maybe AMFI as well. I also use my own fork of idevicerestore.
[…]
Getting past the system keybag issues requires many more patches and an understanding of the system as it exists in the iOS system and kernel that I currently lack. This project has already taken at least a few hundred hours of exploration, and I’d be curious to see if anyone can take it further than just booting to PreBoard.app
.
Previously:
iOS iOS 15 Mac macOS 12 Monterey Programming Virtualization
Thursday, October 10, 2024
Jess Weatherbed:
Amazon is adding Apple TV Plus to Prime Video, a move that could help bolster the iPhone maker’s languishing streaming service. Apple TV Plus will be available on Prime Video in the US later this month as a $9.99 monthly add-on — the same you’d otherwise pay directly to Apple. The difference now is that Apple TV Plus is being promoted directly to Amazon’s massive video subscriber base.
[…]
For Amazon, Apple TV Plus joins over 100 streaming service add-ons already available through Prime Video Channels. It’s all part of the company’s plan to become a global “first-stop entertainment hub” according to Hopkins, a goal that Apple once had for Apple TV.
Alex Weprin:
“We want to make Apple TV+ and its award-winning library of series and films from the world’s greatest storytellers available to as many viewers as possible,” said Eddy Cue, Apple’s senior VP of services, in a statement.
I wonder whether Apple will allow this within the Prime Video app on Apple TV or whether you’ll still have to use the TV app there.
Benjamin Mayo:
Apple TV+ as a channel inside Amazon Prime Video is perfectly fine and sensible for Apple TV+, but it speaks volumes about how Prime Video is eating the TV app’s lunch as a streaming all-in-one aggregator.
Previously:
Amazon Instant Video Apple TV+ TV.app tvOS tvOS 18 tvOS App Web
Lawrence Abrams (Hacker News):
Internet Archive’s “The Wayback Machine” has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.
[…]
Hunt told BleepingComputer that the threat actor shared the Internet Archive’s authentication database nine days ago and it is a 6.4GB SQL file named “ia_users.sql.” The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.
[…]
While the Internet Archive is facing both a data breach and DDoS attacks at the same, it is not believed that the two attacks are connected.
Springtime:
Just in terms of privacy, it’s worth noting that anyone who has uploaded something on IA already has their email address publicly viewable.
This isn’t something that commonly known (even judging by comments here) but in the publicly viewable metadata of every upload it contains the uploader’s IA account email address. So from a security perspective it’s bad but from a privacy perspective a lot of users probably weren’t aware of this detail if they’ve uploaded anything.
Previously:
Update (2024-10-21): Lawrence Abrams (Hacker News):
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens.
[…]
In the case of the Internet Archive, there was no money to be made by trying to extort the organization. However, as a well-known and extremely popular website, it definitely boosted a person's reputation amongst this community.
We need a fully separate Internet archive as a backup.
Breach Internet Archive Privacy Web
Ricky Mondello (Mastodon):
To make these passwords easier to type on suboptimal keyboard layouts like my colleague’s game controller, where the mode switching might be difficult, these new passwords are actually dominated by lowercase characters. And to make it easier to short-term have in your head little chunks of it to bring over to the other device, the passwords are based on syllables. That’s consonant, vowel, consonant patterns. With these considerations put together, in our experience, these passwords are actually a lot easier to type on a foreign, weird keyboard, in the rare instances where that might be needed for some of our users.
And we weren’t going to make any changes to our password format unless we can guarantee that it was as strong or stronger than our old format. So if you want to talk in terms of Shannon entropy once again, these new passwords have 71 bits of entropy, up from the 69 from the previous format.
[…]
So these new passwords are 20 characters long. They contain the standard stuff, an uppercase character. They’re dominated by lowercase. We chose a symbol to use, which is hyphen. We put two of them in there, and a single [digit]. We picked this length and the mix of characters to be compatible with a good mix of existing websites.
I like the password format that Safari generates, but I wish I could turn off auto-generation of passwords. It’s a really awkward workflow if I prefer to create new accounts and passwords in PasswordWallet. As far as I can tell, I can only opt out for individual text fields. That takes a bunch of extra clicks, and if I forget I end up with the password stored in the wrong place, which I may not realize until much later, when it’s harder to fix. Just let me choose to have an empty text field by default.
Previously:
cachiporra:
I love how Hulu’s password reset input field silently strips out the dashes and compacts the password, while Apple dutifully saves the original.
Update (2024-10-11): Ricky Mondello notes that on Sequoia there’s a setting in the Passwords app to turn off password generation.
Update (2024-10-18): See also: Hacker News.
Apple Password Manager iOS iOS 18 Mac macOS 15 Sequoia Passwords PasswordWallet Safari