Friday, August 12, 2022 [Tweets] [Favorites]

Swift Pitch: “borrow” and “take” Parameter Ownership Modifiers

Joe Groff:

We propose new borrow and take parameter modifiers to allow developers to explicitly choose the ownership convention that a function uses to receive immutable parameters. This allows for fine-tuning of performance by reducing the number of ARC calls or copies needed to call a function, and provides a necessary prerequisite feature for move-only types to specify whether a function consumes a move-only value or not.


Looking to the future, as part of our ongoing project to add ownership to Swift, we will eventually have move-only values and types. Since move-only types do not have the ability to be copied, the distinction between the two conventions becomes an important part of the API contract: functions that borrow move-only values make temporary use of the value and leave it valid for further use, like reading from a file handle, whereas functions that take a move-only value consume it and prevent its further use, like closing a file handle. Relying on implicit selection of the parameter convention will not suffice for these types.


iOS 16 Battery Icon and Text Out of Sync

Tim Hardwick:

In iOS 15 and earlier, battery percent has not been present on iPhones that have Face ID because of the lack of space on either side of the notch that houses the TrueDepth camera hardware. The new design adds the specific battery level to the battery icon, providing a better idea of battery status at a glance.

In Apple’s latest design, the white battery icon remains completely filled in as the battery level gradually depletes. When the semi-transparent percentage reaches 20% or lower, a fifth of the battery icon turns red and the rest of the icon becomes semi-transparent, while the percentage inverts to white.

Mikael Johansson:

Nothing wrong with what Apple released but I think I might’ve preferred something like Alternative A for the battery indicator

I like the iOS 15 indicator that only shows the percentage in Control Center. I don’t want to see the number all the time, just like I don’t set Mail or NetNewsWire to show the unread count in the Dock. It’s distracting.

Meta Apps Inject Tracking Code

Felix Krause (Hacker News):

Meta injects tracking code into all websites displayed inside their app without the user’s consent, nor the website operator’s permission

This is done by the iOS and Android apps of Instagram, Facebook and FB Messenger

This introduces a range of big security and privacy implications for the end-user, with Instagram being able to steal usernames, passwords and addresses, as well as monitoring screenshots you take, hiding website encryption status from the user and more


Apple has built “App-Bound Domains”, which could help avoid this kind of platform abuse, however it’s not mandatory yet.

Unfortunately, even the iOS Lockdown Mode doesn’t prevent Instagram fetching user data from third party websites.

Here’s the post.

Kate Cheney:

Once the WKAppBoundDomains key is added to the Info.plist, all WKWebView instances in the application default to a mode where JavaScript injection, custom style sheets, cookie manipulation, and message handler use is denied. To gain back access to these APIs, a WKWebView can set the limitsNavigationsToAppBoundDomains flag in their WKWebView configuration[…]


Apple Is Building a Demand-side Platform

Ronan Shields (Hacker News):

Apple may have blown up the digital ads business but it left enough fertile ground to build its own, more focused play for media dollars. The company is building a demand-side platform if recent job listings are to be believed.


It remains unclear if the intended DSP is geared toward serving ads solely on Apple’s owned and operated properties, such as the App Store itself or on the millions of iOS apps, or even on third-party properties such as the mobile web.

Apple would not confirm its plans to build a DSP or provide additional context as to how this would fit into the overall company’s strategy for its ad business. But the job posting is a clear signal of intent for the business that has left the impression (at least publicly) that building ad tech is the last thing it wanted to do.


Thursday, August 11, 2022 [Tweets] [Favorites]

Telegram Stuck in App Review

Sami Fathi:

In his Telegram channel, Durov says that an update to Telegram for iOS that will change how people communicate has been stuck in Apple’s App Store review process for over two weeks, with no communication from the company over why or when it will be approved. Durov points out that if an app as popular as Telegram receives this treatment, one can “imagine the difficulties experienced by smaller app developers.”


Kaleidoscope 3.6

Leitmotif (tweet):

The changeset window now sports a modern macOS look with a sidebar that can be hidden. The filter on the bottom now allows filtering files by type, in addition to the file name filter and the buttons that hide or show files that have been modified, added, deleted, or moved. Power user hint: try option-clicking items.


Beginning with the first update after Kaleidoscope 3.6, you should no longer need to update the ksdiff command line tool when we make changes[…] instead of installing the ksdiff tool by copying it to /usr/local/bin, we just create a link to ksdiff inside the app in /usr/local/bin.

To get the new changeset sidebar when using Tower, you need to uncheck Perform directory diff so that Kaleidoscope receives a list of file changes rather than the before and after folders.

It’s great to see Kaleidoscope getting regular updates. Unfortunately, it’s been stuck in Mac App Store review for 6 days.


Facebook Ads Manager Scam Removed From App Store

Sami Fathi:

Apple has removed an app that it was unknowingly hosting on the App Store that scammed Facebook advertisers and led hackers to use advertisers’ ad budgets to run possibly malicious ads on Facebook’s platforms, Business Insider reports.

The app previously ranked highly on the App Store when searching for “Facebook ads manager,” the app used by advertisers to control their presence and ads they’re running on the Facebook platform. The app presented itself as the legitimate ads manager for Facebook but was actually a backdoor that let hackers gain access to an account.


Apple said that the app was originally submitted to the App Store as a simple document manager with no ties or functionality to the Facebook platform.

It’s crazy how genuine bug fix updates keep getting held up in review, yet apps like this are able to completely change their functionality and become highly ranked, yet nothing happens to them until there’s a big news story. The App Store makes it easier for scams like this to gain traction because it’s easier to get discovery through App Store keyword SEO and fake reviews than it would be organically, and people assume that Apple must have vetted it or it wouldn’t be in the store.


French Publishers Make App Store Antitrust Complaint

Florian Mueller:

Well-hidden in a new 90-page U.S. antitrust complaint against Apple (even 251 pages with the exhibits (PDF)), filed on Monday in the Northern District of California, is a challenge to one of the most devious and ruthless schemes Cupertino has ever devised: App Tracking Transparency (ATT).


At first sight, Société du Figaro et al. v. Apple is just an extension of other U.S. class actions that app developers have previously brought against Apple in the Northern District of California over the 30% app tax. One might be led to think that the only difference is that previous cases--which merely led to a sham settlement the only major beneficiaries of which were Apple and both sides’ lawyers--pursued claims on behalf of U.S.-based app developers, and the Figaro case is now seeking redress on behalf of French legal entities under U.S. federal and California state law because the App Store is a global operation.


The term I just emphasized--“other policies”--does, however, include ATT. The prayers for relief include a request for “injunctive relief requiring that Apple cease the abusive, unlawful, and anticompetitive practices described [t]herein.”

Ben Thompson:

Apple doesn’t particularly care about or claim ownership of the content of an app on the iPhone, but:

  • Apple insists that every app on the iPhone use its payment system for digital content
  • Apple treats all transactions made through its payment system as Apple data
  • Ergo, all transactions for digital content on the iPhone are Apple data

The end result looks something like this — i.e. strikingly similar to Facebook, but with App Store payments attached[…]

Here’s the key point: when it comes to digital advertising, particularly for the games that make up the vast majority of the app advertising industry, transaction data is all that matters. All of the data that any platform collects, whether that be Meta, Snap, Google, etc. is insignificant compared to whether or not a specific ad led to a specific purchase, not just in direct response to said ad, but also over the lifetime of the consumer’s usage of said app. That is the data that Apple cut off with ATT (by barring developers from linking it to their ad spend), and it is the same data that Apple has declared is their own first party data, and thus not subject to its ban on “tracking.”

Nick Heer:

The actual figures tell a much murkier story. I do not think it is fair to suggest ATT does nothing, but its effect does not seem as pronounced as either its biggest supporters or its biggest naysayers suggest.


If ATT were so significantly kneecapping revenue, I would think we would see a pronounced skew against North America compared to elsewhere. But that is not the case.


Perhaps the most favourable evidence for ATT’s effects lies in the earnings reports from Publicis Groupe, which has acquired dozens of name-brand agencies — like Leo Burnett and Saatchi & Saatchi — and also runs a digital ad platform.


In theory, ATT is a very good option for users. Its biggest problem is that the company which makes it also has an advertising division, and it appears to have engaged in some quiet self-preferencing behaviours. Legal questions aside, it is disappointing to see such an obvious user benefit so easily undermined. These App Store ads give ATT’s critics a clear conflict of interest to point to, look tacky, and create an unpleasant experience. ATT’s reliance on a very specific definition of “tracking” that allows Apple to segment users based on what they read in News and what they buy in third-party apps is far more permissive than I think it ought to be for a company that so loudly trumpets its privacy bonafides.

Nick Heer:

Meta said, quarter after quarter following ATT’s release, that its ability to make money from iPhone users would be crushed, even as it raked in higher ad sales. Finally, earlier this year, it posted some disappointing figures more reflective of inflation and a strong U.S. dollar. But it still blamed Apple for some of that loss.


Update (2022-08-12): John Gruber:

In my spitball theory here — which I think Heer shares — App Tracking Transparency is not the cause of Facebook’s troubles, but just an extra kick in the pants as they stumble downhill toward legacy media irrelevance — a decline that was in the making years before “Ask App Not to Track” was in our vernacular.

Patrick McGee:

Basic answer: the apparent lag was one of perception.

When Apple introduced sweeping ‘do not track’ changes 16 months ago, the economy was booming. Covid had caused spending habits to experience a once-in-a-century shift away from services and towards goods.

Nick Heer:

This is the most convincing argument I have seen for the discrepancy between the booming financials of ad tech firms in the face of App Tracking Transparency which should, some analysts say, have destroyed much of their business. What it does not necessarily explain is the often better performance some of these companies saw in areas where the iPhone has a stronger market presence.

Proposed Political BIAS Emails Act

SuretyMail (via Hacker News):

Named the Political BIAS Emails Act of 2022 (BIAS is short for “Bias In Algorithm Sorting”), a/k/a HR 8160 and SB 4409, the new law would require that email receiving systems such as Gmail, Outlook, Yahoo, and all the others, deliver political campaign email directly to your inbox, and they would be expressly forbidden to run it through their spam filters at all. We also include the full text of the proposed law at the end of this article.


Even though the intro heading says it applies only to email that people have elected to receive, the law would actually require [email providers] to deliver political campaign email directly to your inbox unless, and only unless, you personally mark it as spam. And we all know how effective marking something as spam can be; you can mark some email as spam until you’re blue in the face and it will still end up in your inbox.

Now, this might not be so bad if political campaigns actually followed best email practices, and only put someone on their mailing list if the person asked to be, or at least gave consent to be, put on the mailing list. But everyone in our industries knows that political campaigns are the worst violators of best practices.

I don’t understand how this would be implemented. Presumably it would only apply to US-based mail providers. If the e-mails have to be signed by one of a list of approved private keys, maybe this would actually make it easier to get rid of unwanted political e-mails.

Nick Heer:

In a way, there is consistency in the FEC’s draft position: U.S. politicians are already exempt from most rules governing unsolicited phone calls and texts. They do not have to respect the Do Not Call list. It is sort of fitting for them to be excluded from spam filters, too, though it is maddening.

Makena Kelly:

While Google did not need the FEC to approve the plan before rolling it out, it sought a vote earlier this summer to ensure the program wasn’t at risk of breaking current election regulations. In its Thursday ruling, the FEC confirmed that Google’s plan was legal.

Wednesday, August 10, 2022 [Tweets] [Favorites]

Time for Apple to Fix Texting

Android (MacRumors, Hacker News):

It’s not about the color of the bubbles. It’s the blurry videos, broken group chats, missing read receipts and typing indicators, no texting over Wi-Fi, and more. These problems exist because Apple refuses to adopt modern texting standards when people with iPhones and Android phones text each other.

John Gruber:

RCS messages are only end-to-end encrypted sometimes, if both the sender and recipient are using Google’s Messenger app — and never for group chats, even with Google’s Messenger app.

So, practically speaking, neither RCS nor iMessage is actually private for most users. Right now, the experience of communicating with Android users from Messages is not very good. And it happens via SMS, which is even less secure. Whether or not you consider RCS to be a real open standard, it seems like it would be better than what we have now, and I don’t see Apple proposing a better alternative. It’s unclear whether this is a case of perfect being the enemy of good, RCS having genuine problems, Apple deliberately making things worse for their customers for strategic reasons, or simply not caring.

Regardless, they should also make Messages work better with SMS.

Ron Amadeo (via Jack Wellborn):

Google has been pushing this strategy since the beginning of the year, but coming from the company with the world’s most dysfunctional messaging strategy, it just comes across as a company tired of reaping what it has been sowing.


RCS has hung around so long and is still so poorly implemented because it was created by the carriers (through the GSMA) as a carrier-centric messaging standard. Carriers did this in the heyday of pay-per-message SMS, when carrier messaging was a real revenue stream. Now that carrier messaging is commoditized though, the carriers in control of RCS don’t have an incentive to care about RCS. RCS is a zombie spec.

Dave Mark:

What is the down side to RCS?

I get why Apple doesn’t want RCS (walled garden, green vs blue bubbles differentiator, etc), but is there a technical downside to switching to RCS?

Matt Birchler:

The thing for me is that everyone who is railing against Apple adding support for RCS are saying it’s because it’s not as good as iMessage, but that’s not what it’s replacing…it’s better for everyone than SMS, which I think is the better comparison.


Update (2022-08-11): Dieter Bohn:

SMS/MMS are bad for texting on any platform, so Google worked with carriers to fix it. Yes, it’s been messy - it’s a hard problem. But sunsetting SMS/MMS and replacing it with something better is what’s right for users.

Russell Ivanovic:

SMS sucks bad. RCS sucks way less. Yes a dedicated end to end encrypted messaging app is better, but RCS is a good step forward.

The world would be a better place if Apple implemented it, period.

Why the macOS Ventura Share Menu Is Bad

What’s new in AppKit:

The most prominent update to the sharing experience is the new sharing popover. This replaces the existing share menu with a rich interface that includes more information about the document you’re sharing and familiar features like suggested people. It supports all of the same APIs and delegate methods as the previous picker, so you can still do things like filter the list of sharing services, or insert your own custom services into the picker.


The new sharing picker is great for kicking off sharing from somewhere like a toolbar button, but sometimes you want to start sharing from a menu, like the main menu bar or the context menu for a selected view inside your app. Previously, you might’ve constructed your own menu to handle this, by enumerating sharing services and then building menu items for each one. Although that does work, it bypasses the standard picker, so now you’re missing out on all of those new features. In macOS Ventura, NSSharingServicePicker can create a standardShareMenuItem for you. You can add the standard item to any menu to easily kick off sharing. Once selected, the menu item summons the sharing popover, and for context menus, it’ll even anchor the popover to the same view that produced the menu.

I love the idea of an API to create the standard Share menu item, but I think it should create a submenu rather than a popover. The popover just doesn’t work very well.

Jeff Johnson:

  1. It takes one click to get the Share menu on Monterey, two on Ventura.
  2. The contextual menu and its Share menu item disappear when I open the Share menu.
  3. Nonetheless, the Share menu is anchored at the now empty space previously occupied by the Share menu item.
  4. The Share menu refers to the Support link on the web page, which is nowhere near where the Share menu is visually anchored.


I can no longer navigate the menu at all with the keyboard!

The arrow keys and type-selecting by name no longer work.

To me, the worst part is the location of the popover. Say that you are trying to share a file from Finder. With a submenu, the sharing choices always appear just to the right of the cursor. With the new design, if you choose Share… from the menu bar, the popover appears, not near the menu, but potentially way on the other side of the screen, i.e. near the icon that was selected. Even if you choose Share… from the contextual menu, the popover does not originate from the where you initiated the command but from the icon. So it’s not just a matter of needing an extra click—which, as with Control Center, feels slower than the menu it replaced—but you also need to first move the cursor to a different area of the screen.


Update (2022-08-11): Peter Böttges:

Keyboard support was also removed from Menubar controls like Sound/Vol. and Wi-Fi with the overhaul in Big Sur.

And most of the new UI has zero support for Apple Script automation, making it inaccessible to those having to rely on it.

That’s the wrong direction to take macOS to.

Seth Willits:

My theory is that NSMenu is a little too limited in its customization capabilities. I’ve run into it now and then.

Ex: As soon as a menu item has a view, it’s no longer a clickable/selectable item like the others. Sometimes want it to be.

Customizing the style and size of individual items is not clear. (Attributed titles get you there with text attachments for images, but … awwwkward)


But all in all, yes… a popover masquerading as a menu is a terrible thing. Crazy that they did it.

The Top PDF Reader in the Mac App Store

Stephen Warwick (via Kosta Eleftheriou):

An investigation into seven different apps on the Mac App Store, including the number one PDF reader in the U.S., has found that all of them are orchestrated by the same Chinese developer using fake reviews and command-and-control exploits to try and target users.


For example, an app could determine whether it was in Apple’s review process, changing its UI so as not to fall foul of any App Store guidelines before unleashing popups asking for money on unsuspecting users. […] Finally, multiple spammy versions of the same app with slight variations were uploaded “in order to gain as much market-share as possible in some niches.”


[These] apps would push users to make purchases using deceptive windows offering purchases of trials or subscriptions with no close or cancel button in sight, leaving the user no option but to click okay and possibly making a purchase.

Alex Kleber:

The developer is well known of abusing the Appstore review system under the account of Polarnet Limited were previously reported by other Mac Appstore vigilantes few months ago. At that time, Apple took action and removed many reviews of this developer.

Alex Kleber:

Apple removed all 7 developers’ accounts mentioned in the article.

Jeff Johnson:

I’ve found proof that the apps SmartPlay for Safari by Best App Limited and StreamPlay for Safari by Xiaobo Wang are actually from the same developer.

Needless to say, these are among the top apps in the store.

Rafael (via Kosta Eleftheriou):

two apps of mine almost only get 5-star reviews. However, recently a competitor of mine started writing fake reviews in the review sections of these apps to lower the score of my apps and even uses these reviews to tell people that there were better apps out there, with features that match exactly the features of his apps.

I contacted Apple about this issue and they deleted one review, that was obviously fake and contained bad language. However, they said they could not do anything about the other fake reviews, because these reviews did not violate their guidelines about App Store reviews.

Marcos Tanaka (via Federico Viticci):

Had to request an appeal to the App Review Board. I asked three times for a screenshot or concrete evidence of this supposed hidden functionality in my app, but the reviewer only answered with vague sentences such as “money gambling functionality”.


Twitter Breach of 5.4M Accounts

Lawrence Abrams (Hacker News):

Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users’ accounts, allowing a threat actor to compile a list of 5.4 million user account profiles.


This vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the associated account ID. The threat actor then used this ID to scrape the public information for the account.


While no passwords were exposed in this breach, Twitter is encouraging users to enable 2-factor authentication on their accounts to prevent unauthorized logins as a security measure.

For those using a pseudonymous Twitter account, the social media company suggests you keep your identity as anonymous as possible by not using a publicly known phone number or email address on your Twitter account.

Giving Twitter your phone number was supposed to provide more security, but in this case it seems like it made it easier to look up accounts and link them to other public information.


Update (2022-08-12): See also: Bruce Schneier.

Tuesday, August 9, 2022 [Tweets] [Favorites]

Implementing Parts of the Swift Compiler in Swift

Douglas Gregor:

Here’s a proposed build process for the Swift compiler with Swift code in it:

  1. Build C++ bits with the host C++ compiler
  2. Build mandatory Swift bits with the host Swift compiler
  3. Link a “minimal stage 1" Swift compiler
  4. Build optional Swift bits with the minimal stage 1 compiler. Note that these bits may not be fully optimized because the stage 1 compiler may lack some optimizer passes.
  5. Link a “full stage 2” Swift compiler
  6. Rebuild optional Swift bits with the stage 2 compiler.
  7. Link a “final stage 3” Swift compiler


Personally, I’m excited to open the door to having more Swift code in the compiler, but I want to make sure we’re doing so in a way that doesn’t make it unduly complicated to develop the Swift compiler or port to other host architectures.


Update (2022-08-10): See also: Hacker News.

Which iOS 15 and macOS 12 Monterey Features Do You Actually Use?

Adam Engst:

The most notable finding is that most of them don’t use most of the features listed. Only four features—Live Text, Shortcuts, Hide My Email, and Memories in Photos—received more votes saying they were Occasionally or Frequently used than Never used. (A fifth feature, App Privacy Report, was close, with only 57 more people on the Never side.) It seems probable that those responding to the survey were more likely than the average Apple user to use these features, suggesting that a broader survey would have shown even lower usage levels.


One could conclude that Apple is putting too much focus on adding features and too little on fixing bugs, improving performance, and polishing existing features.


Another conclusion is that both Apple and the tech media need to do a better job of introducing new features to users. A common refrain among the comments was that many people—including many regular TidBITS Talk participants, who are probably even more involved than average TidBITS readers—didn’t even know about many of the features.

I use Live Text frequently and Shortcuts and translation occasionally. Often, translation doesn’t support support the language that I need so I end up going to Google Translate.


Update (2022-08-11): Nick Heer:

I mentioned “discovering” features. One reason for this, I think, is because Apple often mentions features without explaining or demonstrating them. Maybe I am just busier now or my brain is getting mushier with age, but I find I often have to look through Apple’s marketing pages to try to make sense of anything that has been announced. Minor software versions also quietly carry unannounced new features, too. When Visual Lookup was released in Canada with a software update earlier this year, it was not mentioned in the release notes.

Neither the marketing pages nor the release notes have links to the help pages that explain what the features do and how to use them.

South Korea Investigates App Store

Hartley Charlton:

In a statement (via Reuters), the Korea Communications Commissions (KCC) said that it conducted an inspection of Apple, Google, and One Store since May 17 to determine if they have violated in-app payment laws, and concluded that all three companies may have done so. Such contraventions could include unfairly delaying the review of mobile content, or refusing, delaying, restricting, deleting, or blocking the registration, renewal, or inspection of mobile content that uses third-party payment methods.


Update (2022-08-10): Florian Mueller:

I predicted this after Google rejected updates to KakaoTalk (commonly referred to as KaTalk), a messenger app used by about 93% of Korean smartphone users, the reason for those rejections being KaTalk’s use of external payment methods (via its website).


The Yonhap report doesn’t specifically indicate that the KCC may consider the 26% app tax rate a violation of the country’s IAP rules. Maybe the KCC is going to focus on behavioral rather than numerical issues, at least for now--they’ve got to start someplace.

Labeling Apple Shipments From Taiwan

Cheng Ting-Fang and Lauly Li:

Apple told suppliers on Friday that China has started strictly enforcing a long-standing rule that Taiwanese-made parts and components must be labeled as being made either in “Taiwan, China” or “Chinese Taipei,” sources familiar with the matter told Nikkei Asia, language that indicates the island is part of China.


Using the phrase “Made in Taiwan” on any import declaration forms, documents or cartons could cause shipments to be held and checked by Chinese customs, the sources added. Penalties for violating such a rule is a fine of up to 4,000 yuan ($592) or, in the worst-case scenario, the shipment being rejected, one of the sources said.

Via John Gruber:

Apple’s reliance on China has put the company in a spot where it must insist its suppliers print a falsehood on components to comply with communist propaganda.


Monday, August 8, 2022 [Tweets] [Favorites]

Weathergraph 1.0.110

Tomas Kafka:

Be the first to try the hourly forecast from a beta version of Apple’s own new weather service. Hit the Preferences button and switch the forecast source. Nowcast isn’t available yet, so it will be provided by the good & trusty Foreca.

And dew point comfort scale. Enable humidity or dew point in the chart to see the feel for a given hour on a dew point comfort scale. From dry through pleasant, comfortable and humid up to miserable or extreme, Weathergraph will inform you both in the details section and chart tooltip.

I love Weathergraph’s design, but the weather data from Foreca has not proved quite as accurate in my area as I’d hoped. I prefer the data from AccuWeather (as seen in Snowflake) and The Weather Channel (as see in Apple Weather on iOS 15 and earlier).

I don’t know yet how well Apple’s own weather service compares, but it’s good to have another option in Weathergraph.

Note that Weathergraph is using the REST API for Apple Weather, so it’s able to get Apple Weather data, sans tuples, without requiring iOS 16.


Reimplementation of Apple Code Signing and Notarization

Gregory Szorc:

I’m very excited to announce that we now have a pure Rust implementation of a client for Apple’s Notary API in the apple-codesign crate. This means we can now notarize Apple software from any machine where you can get the Rust crate to compile. This means we no longer have a dependency on the 3rd party Apple Transporter application. Notarization, like code signing, is 100% open source Rust code.


There are probably thousands of companies and individuals who have wanted to release Apple software from non-macOS operating systems. (The existence and popularity of tools like fastlane seems to confirm this.) The historical lack of an Apple code signing and notarization solution that worked outside macOS has prevented this. Well, that barrier has officially fallen.

It’s available here.

Update (2022-08-08): See also: Hacker News.


Apple’s code signing tool is open source, but heavily dependent on Cocoa/OSX libraries like CoreFoundation.

Testing Continuity Camera

Julio Ojeda-Zapata:

The mounts are not yet available to the public, but some lucky tech writers have been sent pre-release versions. Apple chose not to favor me with early access, but I found something similar while rummaging through my tech gear: PopSocket’s PopGrip for MagSafe. It’s an oval slab that clamps magnetically to the back of an iPhone and incorporates that classic telescoping two-finger circular grip.


Here are image comparisons with the FaceTime HD cameras in the 2020 M1 MacBook Air, the recently released M2 MacBook Air, and the Studio Display, which was released earlier this year. Continuity Camera imagery is superior across the board. The M2 MacBook Air improves on the M1 MacBook Air, but not dramatically so. The Studio Display’s imagery is muddled and a bit dark.


Now [Portrait Mode is] present in Continuity Camera as an option to toggle background blurriness on and off (iPhone 11 or later).


Unfortunately, the quality of the desk imagery isn’t great.


Netflix Homes and Games

Emma Roth, Jay Peters, and Richard Lawler (Hacker News):

Netflix is testing a new way to tackle password sharing in Argentina, El Salvador, Guatemala, Honduras, and the Dominican Republic (as reported first by Bloomberg). A support page for Netflix in Honduras clearly states the test will prompt users to pay an additional fee if they use an account on a TV or TV-connected device at a location outside their primary household for over two weeks. Each additional home will cost an extra 219 pesos per month, per home in Argentina ($1.17 US), and $2.99 everywhere else.

It sounds like this isn’t going to work very well for people who regularly travel to the same location.

The company also started experimenting with a profile transfer tool that’s supposed to make it easier for someone to transfer their recommendations, watch history, and My List. This is a way for the platform to passively nudge password sharers toward opening a new account or getting on a subaccount.

Tim Hardwick:

Netflix’s mobile gaming platform has been engaging less than 1 percent of Netflix subscribers since its launch last November, according to new data from app analytics company Apptopia (via CNBC).

It’s too bad this doesn’t work on tvOS.

Friday, August 5, 2022 [Tweets] [Favorites]

Dropbox Branding and App Store SEO Shenanigans

John Gruber:

I quickly determined that this was just the regular Dropbox app. Dropbox has simply renamed it to include “Cloud Photo Storage” in the name for SEO purposes. This apparently works so well, at the moment, that some apps are putting these descriptions before the actual name of the app in their App Store listings. App Store entrepreneur Jake Mor explicitly recommends this in a long Twitter thread delineating his current recommendations for App Store success[…]


The App Store should discourage SEO nonsense like keyword spamming, not reward it.

See also: Appfigures.

Update (2022-08-08): Greg Hurrell:

What is the point of living trapped in a walled garden if it is full of weeds?

DuckDuckGo Increases Protection From Microsoft Trackers

José Adorno:

Starting next week, DuckDuckGo will expand the third-party tracking scripts it blocks from loading on websites to include scripts from Microsoft. This update applies to the iOS and Android apps and browser extensions with beta apps to follow in the coming month.


DuckDuckGo will also offer a new help page that offers a “comprehensive explanation of all the web tracking protections” the browser provides across platforms.


Apple’s People Team

Matt Drange:

In responding to a shareholder proposal for Apple to assess potential risk associated with using NDAs “in the context of harassment, discrimination, and other unlawful acts,” Apple told the SEC that its “policy is to not use such clauses.” As a result, attorneys for Apple argued the company had already addressed the concerns of activist shareholders.

Citing her own experience receiving NDAs from Apple, Scarlett filed a whistleblower complaint with the SEC on October 25. The complaint, which Insider has reviewed, details what Scarlett says are “false statements or misleading statements” by Apple to the agency.

Scarlett included a copy of the settlement agreement Apple offered her in her SEC complaint, describing how the company included a “statement I was allowed to say about my leaving the company being a personal decision, rather than fleeing a hostile work environment[…]

Patrick McGee:

Mohr previously had a bad experience with human resources—known internally as Apple’s People group—when another colleague had broken into her accounts and harassed her, leading her to file a police report. HR didn’t listen well or help in any way, she says, so this time she didn’t bother.


In interviews with 15 female Apple employees, both current and former, the Financial Times has found that Mohr’s frustrating experience with the People group has echoes across at least seven Apple departments spanning six US states.


The accounts collected by the FT paint a portrait of a People team that acts less like a safe place for employees to go with complaints and more like a risk mitigation unit that protects bad managers.


Insiders say it’s a matter of priorities. Apple “is so singularly obsessed about making the best products, that there are blinders to everything else,” says Chris Deaver, an HR business partner at Apple from 2015 to 2019.

That familiar line is going to have a different ring the next time Tim Cook says it.

Dan Luu:

Every time I’ve taken a job because I let someone convince me that some horrible thing has gotten much better, I’ve regretted it, even though things had really improved a lot.

The problem is, they generally had no external frame of reference, so much better was still quite bad.


AMD vs. Intel

Dan Luu:

Looks like AMD passed Intel in market cap last Friday, after being fairly close for quite a while.

The majority of comments I’ve seen are betting on AMD, but I’d bet, at even odds, ten years from today, the 1-month trailing average market cap of Intel is higher than AMD’s.


I think Intel will be ok if it can recover to 2010-levels of dysfunction while it’s much larger than AMD in revenue/scale.

Ben Thompson:

While there are a host of reasons why TSMC took the performance crown from Intel over the last five years, a major factor is scale: TSMC was making so many chips that it had the money and motivation to invest in Moore’s Law.

The most important decision was shifting to extreme ultraviolet lithography at a time when Intel thought it was much too expensive and difficult to implement; TSMC, backed by Apple’s commitment to buy the best chips it could make, committed to EUV in 2014, and delivered the first EUV-derived chips in 2019 for the iPhone.


Time will tell if the CHIPS Act achieves its intended goals; the final version did, as I hoped, explicitly limit investment by recipients in China, which is already leading chip makers to rethink their investments. That this is warping the chip market is, in fact, the point: the structure of technology drives inexorably towards the most economically efficient outcomes, but the ultimate end state will increasingly be a matter of politics.

See also: Dithering.

Thursday, August 4, 2022 [Tweets] [Favorites]

GitLab to Delete Dormant Projects From Free Accounts

Simon Sharwood:

GitLab plans to automatically delete projects if they’ve been inactive for a year and are owned by users of its free tier.

The Register has learned that such projects account for up to a quarter of GitLab’s hosting costs, and that the auto-deletion of projects could save the cloudy coding collaboration service up to $1 million a year.


Geoff Huntley, an open-source advocate, and participant in the open .Net community, described the policy as “absolutely wild.”

“Source code does not take up much disk space,” he told The Register. “For someone to delete all that code is destruction of the community. They are going to destroy their brand and goodwill."

It seems like something is missing from this story. Are these users storing something other than source code? Are there repos that have not been updated recently but that get large numbers of downloads?

Update (2022-08-05): Simon Sharwood:

GitLab has reversed its decision to automatically delete projects that are inactive for more than a year and belong to its free-tier users.

See also: Hacker News.

iMessage and the Secret Service

Tom Bridge:

The Secret Service has lately been in some hot water because they failed to backup the text message (and iMessage?) history of the devices issued to their staff during an MDM transition. I talked some with Jason Snell from Six Colors in a recent piece about what happened[…]

I wish there were a supported way to back up/export my entire message history from iCloud. Not having access to my own data is way worse than the potential privacy implications of my having an unencrypted copy of the data.


How Apple Limits VMs


Learn how you can use the Virtualization framework to quickly create virtual machines on your Mac. We’ll show you how to create a virtual Mac and quickly test changes to your app in an isolated environment. We’ll also explore how you can install and run full Linux distributions on Apple silicon, and share how you can take advantage of Rosetta 2 to run x86-64 Linux binaries.

Howard Oakley:

As your licence from Apple explicitly limits you to running no more that two copies of macOS as guests, it’s up to you to observe that licence condition, and up to Apple to enforce it on you. So, in the past, you may well have run more than two copies of macOS in VMs, although that’s in breach of Apple’s licence. What’s different with lightweight virtualisation using the Virtualization framework in macOS is that it’s Apple’s code which creates and runs each VM, thus Apple can enforce its restrictive licence terms by limiting the number of macOS VMs that can be run at any one time, and that’s what it does, and why I think Apple needs to change that.


Studio Display Firmware Update 15.5 (19F80)

Apple (via Howard Oakley, MacRumors):

Resolves an audio issue with Studio Display

Are they not able to give it a new version number because there’s no iOS 15.5.1 for phones?


Update (2022-08-05): John Gruber:

I spent $40 on a HomeKit power outlet to work around the Studio Display’s lack of a power button.

Markus Müller-Simhofer:

I “almost” bricked my Apple Studio Display with yesterdays update. I think my mistake was running it from macOS Ventura b3. Apple Support was able to help me restore it by keeping it plug-in for ~15min on a Mac with Monterey.

Update (2022-08-08): Seth Willits:

So far it appears that the recent Studio Display Firmware Update 15.5 (19F80) did fix the audio issues for me. Great!

Now, am I the only one who is getting windows resized to 1920x1080 whenever the display sleeps? Can we get a fix for that too?

Wednesday, August 3, 2022 [Tweets] [Favorites]

Examining Slack’s New Free Plan Restrictions and Motivations

Adam Engst:

As it stands now, free teams are restricted to being able to see the last 10,000 messages chronologically and access the most recent 5 GB of files. (Compare that to the Pro plan’s unlimited messages and 10 GB of files per user.) A free plan can connect up to 10 apps (against unlimited integrations in the Pro plan) and engage in one-to-one voice and video calls (compared to the Pro plan’s group calls with up to 15 people). Come September, free plan restrictions will change to provide access to only the past 90 days of message and file history, regardless of number or size.


However, when I examined my assumptions—that the change would affect my use of Slack and that Slack was trying to push more free teams to convert to paid teams—I found that my initial irritation didn’t hold up under scrutiny.


I honestly can’t remember the last time I searched in Slack, in any of my teams or other public teams.

Some teams are switching to Discord, which is essentially free.


iMessage Editing and Un-Sending

John Gruber:

The edit-a-message-you-just-sent feature, intended for fixing typos or mistakes, has been tweaked. The time limit for editing is now 15 minutes, sent messages can be edited up to five times, and the recipient of an edited message now has the ability to see the edit history by tapping the small “Edited” label under an edited message.

Undoing sent messages is now implemented too, with a two-minute time limit. […] On the recipient’s device, if they’re using MacOS 13 or iOS 16, the unsent message just disappears, but it’s replaced by a small-print status message that says “Sender Name unsent a message”.

Recipients do not get notifications for edits or unsends.

Update (2022-08-10): John Gruber:

This makes me wonder whether fears about unsending with iMessage are overblown. WhatsApp is the most popular messaging service in the world, and they’re expanding the grace period for unsending. Perhaps Apple will loosen this period over time, too?

SwiftSafeURL: Compile-Time-Checked URLs

Jhonatan Avalos (tweet):

Tool for avoiding using the URL(string:) initializer with optional result, instead introducing a compile time URL validity check. Note, this does not check for website availability, but if the URL is formatted correctly.


If a file contains the comment // safeurl:warn, invalid URLs in this file will be compiled and will show a warning instead of an error.

It’s cool how straightforward it is these days to write little plug-ins that leverage and extend the compiler.

See also: JP Simard.


Instagram Walks Back Feed Design Changes

John Gruber:

If you haven’t been paying attention to Instagram lately, they’ve been steadily dialing up the algorithmic content users see in their feeds, especially video. More stuff in your feed from accounts you don’t follow, selected by machine learning algorithms, at the expense of stuff from people and brands you have chosen to follow. To top it off, they recently rolled out a limited test to a small — but not that small — number of users that turned those users’ timelines into something basically like TikTok: full-screen videos (and some images) that you go through one at a time.

Casey Newton:

Instagram will walk back some recent changes to the product following a week of mounting criticism, the company said today. A test version of the app that opened to full-screen photos and videos will be phased out over the next one to two weeks, and Instagram will also reduce the number of recommended posts in the app as it works to improve its algorithms.


The changes come amid growing user frustration over a series of changes to Instagram designed to help it better compete with TikTok and navigate the broader shift in user behavior away from posting static photos toward watching more video.


Mosseri made clear that the retreat Instagram announced today is not permanent. Threats to the company’s dominance continue to mount: TikTok is the most downloaded app in the world, the most popular website, and the most watched video company.

Nick Heer:

My own Instagram use went to near-zero after I received these changes. I am surely not representative of the wider Instagram user base, but it does not surprise me that enough people found it revolting to affect the company’s metrics.


I would not bet on seeing fewer posts in your feed over the long term from accounts you do not follow; these changes are still coming, just later.


Tuesday, August 2, 2022 [Tweets] [Favorites]

Dogfooding Linux 5.19 on Apple Silicon

Linus Torvalds (via Hacker News):

On a personal note, the most interesting part here is that I did the release (and am writing this) on an arm64 laptop. It’s something I’ve been waiting for for a loong time, and it’s finally reality, thanks to the Asahi team. We’ve had arm64 hardware around running Linux for a long time, but none of it has really been usable as a development platform until now.

It’s the third time I’m using Apple hardware for Linux development - I did it many years ago for powerpc development on a ppc970 machine. And then a decade+ ago when the Macbook Air was the only real thin-and-lite around. And now as an arm64 platform.

Not that I’ve used it for any real work, I literally have only been doing test builds and boots and now the actual release tagging. But I’m trying to make sure that the next time I travel, I can travel with this as a laptop and finally dogfooding the arm64 side too.

Andrew Cunningham:

In November 2020, Torvalds wrote that the then-new M1 version of the Air “would be almost perfect” as an Arm Linux laptop but said, “I don’t have the time to tinker with it, or the inclination to fight companies that don’t want to help.”

At a certain level, this news is just mildly interesting trivia—it doesn’t matter to most Linux users what computer Torvalds is currently using, and Asahi Linux is still in a rough, early state where lots of things are half-functional or non-functional. But as Asahi contributor Hector Martin notes, having “real people… using Linux on a real, modern ARM64 platform” with a modern version of the Arm instruction set and a “near-upstream kernel” has knock-on effects that benefit the rest of the ecosystem.


Update (2022-08-04): Hector Martin:

I have heard from several Apple employees that:

  1. The boot method we use is for 3rd-party OSes, and Apple only use it to test that it works, because
  2. It is policy that it works.

Apple didn’t “leave the door open” for 3rd party OSes. Apple explicitly engineered 3rd party OS support in, and it is a hard policy requirement that it continue to work.

They aren’t going to help us port anything but they absolutely will not shut Asahi down either.

Apple’s Q3 2022 Results

Apple (transcript, Hacker News):

The Company posted a June quarter revenue record of $83.0 billion, up 2 percent year over year, and quarterly earnings per diluted share of $1.20.


“Our June quarter results continued to demonstrate our ability to manage our business effectively despite the challenging operating environment. We set a June quarter revenue record and our installed base of active devices reached an all-time high in every geographic segment and product category,” said Luca Maestri, Apple’s CFO. “During the quarter, we generated nearly $23 billion in operating cash flow, returned over $28 billion to our shareholders, and continued to invest in our long-term growth plans.”

Jason Snell:

Compared to the year-ago quarter, Mac sales were down 10%, iPad sales down 2%, iPhone up 3%, Services up 13%, and Wearables down 8%.

John Gruber:

M2 MacBook Airs didn’t go on sale until July, which is Q4, but I don’t think that’s relevant to this dip. […] The dip is because so many businesses and consumers bought new laptops during the pandemic because they needed them for work-from-home and school-from-home. The big tell on that for Apple is the monster quarter the Mac had back in the July–September quarter in 2020. That was the quarter before Apple unveiled the first M1 Macs (including the bestselling MacBook Air), but after Apple told the world that they’d be shifting the entire Mac platform to its own silicon by the end of the year.

Sami Fathi:

Maestri said Apple has over 860 million subscriptions, which is an increase of 160 million over just the last 12 months. Apple does not provide a breakdown of subscriber counts per service, but Maestri said growth was strong in offerings like Apple TV+ and Apple Arcade.

Steve Troughton-Smith:

You can tell Apple financial call analyst ‘questions’ are just PR talking points by how nobody has asked about the potential hit to services revenue and platform in general by antitrust regulation around the world, likely Apple’s biggest existential crisis in decades 🤷‍♂️


watchOS 8.7

Juli Clover:

According to Apple's release notes, there are no new prominent features in watchOS 8.7. Instead, the software focuses on under-the-hood "improvements," along with bug fixes and important security updates.

Fingers crossed, but this seems to fix the bug introduced in watchOS 8.5 where complications wouldn’t update.


Yet More App Store Search Ads

Sami Fathi:

Until now, Apple has offered developers two ad opportunities on the App Store: in the Search tab and within the Search results page.

Chance Miller:

First and foremost, there is a new advertising slot coming to the “Today” homepage of the App Store.


The second new advertising placement is coming directly to product pages themselves. This means that developers will now be able to place ads on the product pages for other apps. This spot is located at the very bottom of the product page, beneath the banner section that shows other apps by that developer.

Nick Heer:

This coverage sounds a little too fluffy to me — too much like it came directly from Apple. It is hard to know for sure because, while this news was reported by several Apple-focused publications including 9to5Mac and Apple Insider, not one of them acknowledged its sourcing. As of writing, this news has not landed on Apple’s Newsroom, or in the news feeds of its Developer or Search Ads sections, nor does it appear on the App Store advertising info page. All three Apple-focused publications also cite in their coverage a corporate presentation to advertisers each says it “obtained” in May claiming 78% of App Store search volume came from devices with ad personalization disabled. Curious.

Paul Haddad:

Coming next year “Download Ads” instead of downloading the app you want, the App Store will randomly download the highest bidding app.

Tim Sweeney:

You worked hard to build a great app. You registered a trademark. You signed up to Apple demands for 30% of your revenue as the sole way to reach iOS users. How does Apple reward you?

They front-run searches for your trademarked app name, and place ad results above the result for your app.

But now, there’s more: Apple will litter your own app page with ads for competing apps. And keep all the ad money for themselves.

Sebastiaan de With:

Apple shouldn’t get into the ad business. Pushing ads in their platform opposes to their goals and core values, and will only erode user trust.

Are the relatively minor profits worth the price of bad experiences and lost goodwill?

Your core values are what you do on an ongoing basis, not the talking points that you broadcast or what you did 20 years ago under different leadership.

Florian Mueller:

Yesterday it became public in Colombia that Apple is--I kid you not--claiming a human rights violation and invoking Article 8 of the Universal Declaration of Human Rights because of Ericsson’s preliminary injunction in Colombia over a 5G patent. Nowhere on the 48 pages of the motion did I find a human rights violation in the sense in which most reasonable people would understand it. All I found was a bunch of run-of-the-mill appellate arguments. […]

Interestingly, Apple has just been warned against being sanctioned by the United States District Court for the Eastern District of Texas over a “misuse” of court rules. They brought an emergency motion instead of a regular motion.


Update (2022-08-04): Nick Heer:

iAd felt like a typical ad network that, at first, only had high-end buyers; App Store ads feel more like key money.

Friday, July 29, 2022 [Tweets] [Favorites]

Scrubbing Through iOS 16’s Music App

Jason Snell:

The real advance, though, is in how you control volume or scrub through a track. Previously, you needed to put your finger down on the dot itself, and then slide the dot back and forth. If you missed the dot, you failed. In iOS 16, the entire area of the bar is swipeable. You just put your finger down, anywhere, and slide it back and forth.

Picking a Portable Power Station

Adam Engst:

The big name in the field appears to be Jackery, and its Explorer 160 costs only $139.99 for 167 watt-hours of energy storage with an AC outlet, USB-C port, two USB-A ports, and a DC 12V port. It’s reasonably light at 3.97 pounds (1.8 kg), which is important given the amount of gear I have to pack. The only downside is that its USB-C port puts out just 15 watts, not enough to charge the MacBook Pro while in use. I could plug the MacBook Pro into the AC outlet, but that seems limiting when there’s a USB-C port. The Explorer 300 puts out 60 watts over USB-C, but its 293 watt-hour capacity jacks its weight up to 7.1 pounds (3.22 kg) and price to $299.99.


After several hours of research, I finally unearthed the $89.99 TECKNET Portable Power Station, a 155-watt-hour, water bottle-sized device with a carrying handle that weighs 3.75 pounds (1.7 kg) and features a three-prong AC outlet, a 45-watt USB-C port, and three 18-watt USB-A ports.


If you can imagine needing to jump-start your car or charge digital devices while on the road, I highly recommend something like the Tacklife jump starter. Just make sure you have the appropriate cables—I’ve added a Lightning cable to the USB-C and micro-USB cables that came with mine.

It claims to offer 12 months of standby time.

Deep Codable

Mike Lewis (via Dave Verwer):

I recently built DeepCodable, a package to encode and decode arbitrarily-nested data into flat Swift structs, by defining the coding paths with a result builder. I personally have been wanting something like this for a long time when interacting with third-party APIs, so I decided to build it.

Update (2022-08-02): Jsum:

Jsum is a JSON object-mapping framework that aims to replace Codable for JSON object mapping. It takes a lot of inspiration from Mantle, if you’ve ever used it back in Objective-C land.


Codable is often thought of as not being flexible enough. Many common problems with it are outlined in the replies to this Swift Forums post. In my opinion, Codable requires you to give up its most valuable feature—synthesized initializers—too often, and this is why it feels so cumbersome to use.

Codable and JSONDecoder don’t offer a lot of up-front decoding customization, and miss a lot of common use cases. All of these missed use cases mean you have to implement init(decoder:) and manually decode every single property for that type, even if you only needed to adjust a single property’s behavior.