Thursday, February 13, 2025

Reuters Wins AI Copyright Case

Kate Knibbs (Hacker News):

Thomson Reuters has won the first major AI copyright case in the United States. In 2020, the media and technology conglomerate filed an unprecedented AI copyright lawsuit against the legal AI startup Ross Intelligence. In the complaint, Thomson Reuters claimed the AI firm reproduced materials from its legal research firm Westlaw. Today, a judge ruled in Thomson Reuters’ favor, finding that the company’s copyright was indeed infringed by Ross Intelligence’s actions.

[…]

Notably, Judge Bibas ruled in Thomson Reuters’ favor on the question of fair use. The fair use doctrine is a key component of how AI companies are seeking to defend themselves against claims that they used copyrighted materials illegally. The idea underpinning fair use is that sometimes it’s legally permissible to use copyrighted works without permission—for example, to create parody works, or in noncommercial research or news production. When determining whether fair use applies, courts use a four-factor test, looking at the reason behind the work, the nature of the work (whether it’s poetry, nonfiction, private letters, et cetera), the amount of copyrighted work used, and how the use impacts the market value of the original. Thomson Reuters prevailed on two of the four factors, but Bibas described the fourth as the most important, and ruled that Ross “meant to compete with Westlaw by developing a market substitute.”

Previously:

Gemmell Is Back to Mac

Matt Gemmell (Mastodon):

Almost eight and a half years ago, I switched to using an iPad as my full-time computer, having come from decades of having Macs.

In recent years we did get an emergency-use shared/household M2 MacBook Air, which my wife would occasionally take out of the cupboard. Now, that laptop has become my computer.

[…]

I loved the slab of glass, and the Apple Pencils of each generation. I loved that I could rotate it, and write on it, and pinch-zoom it, and connect it to a keyboard, and just figuratively hug the thing. It was most certainly The Future, and very much on track to become everyone’s full-time computer after another few versions of the OS. Then another few versions. Then another few.

I believed in the promise of the form factor and the interaction language, and the human-focused nature of the device, so much that I made iPad-only a part of my identity. And I really was happy. But eventually, without me really noticing, things started to happen.

[…]

iPads are slower than Macs, subjectively, and almost regardless of hardware. I’m most recently comparing an M2 MacBook with an M4 iPad, but the experience is the opposite of what the hardware might naively suggest.

Eric Schwarz:

Stories of switching between Macs and iPads are nothing new, but this particular post struck a chord with me—regular readers know that I have had some sort of iPad since the very beginning and there were plenty of stints where the iPad was my primary computer. However, I sold mine last November, not because I disliked the device, but felt that it simply was unnecessary and I was naturally using it less and less.

[…]

Apple has done iPadOS a disservice for way too long—every new first-party app seems to be iPhone-only (Sports, Journal, Invites) and sometimes features come to the iPhone, but not the iPad. This creates an attitude of if Apple doesn’t care about the iPad, why should you? At least the Mac is different enough that you can put up with the inconsistencies and/or rely on some older alternatives. I like a lot of the intentions of iOS to simplify and rethink the computing experience, but way too much either feels incomplete or abandoned.

Matt Birchler:

One of the superpowers of the Mac is that it can do many things at once. Obviously, the iPad has multitasking, but not in the way the Mac does. The basic concept of iPad multitasking is that you need to be able to see an app for it to be reliably working. If you can’t see an app, there is a select list of things it can keep doing in the background, but most things die immediately, and it may be booted from memory at any point.

[…]

There are trade-offs to customization and user control, but this is a fundamental difference between the Mac and iPad that can’t be overstated. As a simple example, there have been many window management apps on the Mac forever, so people who don’t love the built in option have had an embarrassment of riches in terms of options, but if you don’t like Stage Manager on the iPad, your only hope is that Apple updates it to your liking someday.

Previously:

Chinese App Store Antitrust Probe

Tim Hardwick:

China’s State Administration for Market Regulation (SAMR) is said to have been critically examining Apple’s practices and holding discussions with the company since last year, specifically about its 30% commission on in-app purchases and restrictions on external payment services, according to the outlet’s sources.

Chinese regulators are said to be particularly focused on whether Apple’s fees for local developers are unreasonably high. They’re also examining if the company’s prohibition of third-party app stores and payment methods stifles competition and negatively impacts Chinese consumers.

NSDocument Auto Saving and File Types

Gus Mueller:

Has anyone successfully come up with strategies for opting into NSDocument’s autosavesInPlace, but only for certain file types? I’ve looked into overriding scheduleAutosaving and friends, but nothing really works. TextEdit just throws up an alert saying “hey, lossy file format”. Is this the best I can do?

Brian Webster:

The issue is if you Save As where the original file type supports auto save but the new one doesn’t (or vice versa). The override is a class method and not an instance method, so there’s no way for the existing instance to flip its auto save boolean to reflect the new file type.

This is an interesting API problem. The core issue is that NSDocument wants you to have a single subclass for each family of file types that can be mutually converted via Save As. The configuration is done at the class level, so it assumes that each file type is just a different flavor that works in the same way.

One could argue that the Cocoa document architecture is missing several abstractions that would be needed for a proper general solution. The basic stuff both easy and quite configurable, with a small API surface, but to go beyond that you need to reimplement a lot yourself or try to hack it into the desired shape.

Dave DeLong:

Override NSDocumentController to provide unique NSDocument subclasses for each document so that each one can swap its own +autosavesInPlace method IMP without fear of messing up other documents, while also still preserving KVO behavior?

Wednesday, February 12, 2025

Migrating Apple Account Purchases Between Accounts

Apple:

If an Apple Account is only used for making purchases, those purchases can be migrated to a primary Apple Account to consolidate them.

This feature isn’t available to users in the European Union, United Kingdom, or India.

[…]

You can choose to migrate apps, music, and other content you’ve purchased from Apple on a secondary Apple Account to a primary Apple Account. The secondary Apple Account might be an account that’s used only for purchases. You’ll need access to the primary email address or phone number and password for both accounts, and neither account should be shared with anyone else.

Apple:

  • Neither Apple Account can already be used for migrated purchases. Learn how to undo a migration of purchases. If you undo a migration of purchases from a secondary account, you won’t be able to migrate purchases again for 1 year.

  • You can’t migrate purchases if both the primary Apple Account and the secondary Apple Account have music library data associated with each of them.

Via John Gruber:

This might be the “finally” to end all finallys. I really never thought I’d see this day where Apple finally made this possible. This document presents a solution to a situation I’ve been in (and with each subsequent media purchase, digging deeper into) for over 20 years.

[…]

So fast forward to today, and I’ve had two Apple Accounts on every device I use for the last 20-or-so years. One for “Media and Purchases” (my original iTunes account, using the @daringfireball.net address), and my primary Apple ID (the @mac.com address). All my purchases — all the music, books, apps, subscriptions, and thousands of dollars in movies that I’ve purchased with that iTunes account over the years — are using an Apple Account that’s not my iCloud account.

[…]

I’ll wait and let others try this before I do (if it ain’t broke don’t fix it), but if any of you try this, I’m curious how it goes — especially if you’re part of a family sharing group.

It really seems more like migrating purchases (as the title of Apple’s support document says) rather than merging accounts. iCloud data, account balances, and TestFlight betas don’t transfer.

Sean Heber:

It appears that Apple’s new account migration stuff does NOT work for TestFlight access.

That by itself is fine - whatever. The problem here is that it appears when someone does an account migration, it kind of half-migrates TestFlight somehow.

People are telling us their new email address to invite but TestFlight thinks they’re already a tester with that email address!

So you can’t just reinvite them. It seems we have to filter for the user, remove them, then add them as a new tester.

Craig Hockenberry:

If you’re hearing from testers about being kicked out of TestFlight because of the new account migration stuff, DO NOT update their email. It’s a lot of work and will not help them.

For now, you MUST give them a public link, even if it’s a private beta.

Adam Chandler:

Here’s why I can’t add my migrated AppleID to Messages or FaceTime or set it up as a custom domain in iCloud+ Mail….it’s not gone. Apple appears to let me “unmigrate” indefinitely back to having two IDs. I want Apple to release the old one so I can actually use it.

Also, it’s dumb that you have to migrate on iOS and not MacOS. The same panel in MacOS does not offer a migrate option but like usual, MacOS is a second class citizen in Apple’s eyes.

John Voorhees:

I started buying music from iTunes on a Windows PC for an iPod before I owned any other Apple products. Those purchases were linked to one email address. Later, when I got my first Mac, I got a .Mac email address, which became a MobileMe account and, finally, an iCloud account. That left me with an iCloud account for iCloud services and a different address for my music, movies, TV shows, apps, and other purchases.

I’ve gotten used to the process of signing in to different accounts for iCloud and my purchases, but every now and then, it causes some hard-to-troubleshoot conflict somewhere. That’s why I’m glad to see there’s now a process for moving everything to one account. However, having also lived through many iCloud headaches over the years, I think I’ll wait a while before attempting a migration.

See also: TidBITS-Talk and Mac Power Users Talk.

Previously:

Update (2025-02-13): Adam Engst:

Ironically, when Tonya and I were testing Apple Invites last week (see “Streamline Event Planning with New Apple Invites Service,” 4 February 2025), she experienced some confusion because her everyday Apple Account is tied to a rarely used mac.com email address rather than her primary email address. Attempting to respond to an invitation with her primary email address led her down a rabbit hole when she discovered it was linked to another unused Apple Account, likely created decades ago for testing purposes. “If only you could merge the two,” I joked, never realizing it would become possible just days later.

[…]

Be sure to read everything carefully if you’re considering migration. In particular, be aware that after migration, the secondary account can no longer be used for Media & Purchases unless you explicitly undo the migration. And once you undo a migration, that account can’t be migrated again for a year, so you don’t want to goof around. I also recommend waiting a few weeks to increase the likelihood that Apple has fixed any bugs that might affect you.

App Store and Japanese Consumption Tax

Apple:

As a result of last year’s change in Japan’s tax regulations, Apple (through iTunes K.K. in Japan) is now designated as a Specified Platform Operator by the Japan tax authority. All paid apps and In-App Purchases, (including game items, such as coins) sold by non-Japan-based developers on the App Store in Japan will be subject to the platform tax regime. Apple will collect and remit a 10% Japanese consumption tax (JCT) to the National Tax Agency JAPAN on such transactions at the time of purchase. Your proceeds will be adjusted accordingly.

As far as I’m aware, this does not apply to software sold outside the App Store, though that remains subject to the 20% Japanese tax on software royalties unless you file the yearly paperwork (sending the Japanese government your IRS Form 6166) to show that you are paying taxes in the US.

Previously:

Game Licensing in Vietnam

Apple:

The Vietnamese Ministry of Information and Communications (MIC) requires games to be licensed to remain available on the App Store in Vietnam. To learn more and apply for a game license, review the regulations.

James Thomson:

I suspect this means Dice by PCalc and About by PCalc will be exiting the App Store in Vietnam, because there are new rules which require me to apply for a game license to keep them on the store there.

The rules seem to be mainly targeted at people running multiplayer games, but you still need one for offline single player stuff, and I believe it’s way outside of the scope of what a small indie can do.

[…]

“Foreign enterprises wishing to publish games in Vietnam must establish enterprises in Vietnam with charter capital not exceeding 49% in accordance with the Law on Foreign Investment”.

Previously:

App Store Advanced Commerce API

Apple:

To further support developers’ evolving business models — such as exceptionally large content catalogs, creator experiences, and subscriptions with optional add-ons — we’re introducing the Advanced Commerce API.

Developers can apply to use the Advanced Commerce API to support eligible App Store business models and more flexibly manage their In-App Purchases within their app.

[…]

Learn about eligibility requirements and how to apply

Hartley Charlton:

Apple’s announcement appears to be part of a broader effort to refine its App Store policies following scrutiny, particularly in the European Union. This particular API appears to be a direct response to challenges faced by apps with unconventional monetization models, such as Patreon, an online platform that enables creators to offer paid memberships to their audiences.

Dimitri Bouniol:

Is this a response to Kindle needing an entry for every book in their catalogue, or a response to apps like Patreon where every creator needs an IAP assigned to them? (either way, it looks like it’ll do little to win over those platforms)

To me it seems like checking a box rather than addressing the fundamental issues.

Steve Troughton-Smith:

“If you already have access to the Advanced Commerce API and would like to make updates, like adding product identifiers, new business models, significant price changes, you’ll need to submit your updates to the Advanced Commerce API Access form.”

Why would any large catalog apps sign up for this? This is a trap

Damien Petrilli:

Real title: “Apple announce 30% tax on patreon style content”

David Barnard:

Apple first announced the Advanced Commerce API at WWDC in June of 2024, but offered no documentation and only a vague description of what it would do. With yesterday’s announcement they have now provided a detailed overview and full documentation.

[…]

There are thousands of creators on X that now offer subscriptions. Each creator sets their own price and X users can subscribe to as many accounts as they want to. Without the Advanced Commerce API, apps like X would need to create products for each creator subscription manually in App Store connect in it’s own subscription group.

[…]

On the web, YouTube TV allows customers to purchase add-ons that enhance functionality and add additional content. Google could now offer that same functionality on the App Store with the core package and ad-ons billed and managed as a single subscription.

He lists a bunch of limitations but overall seems bullish on this change, saying that “it shows Apple’s willingness to evolve the App Store for developers’ needs.”

Previously:

Tuesday, February 11, 2025

macOS 15.3.1

Juli Clover (release notes, no security, no enterprise, no developer, full installer, IPSW):

According to Apple’s release notes, macOS Sequoia 15.3.1 includes important security fixes, and it is recommended for all users.

Important security fixes, but no CVEs.

See also: Mr. Macintosh and Howard Oakley.

Ric Ford:

Apple continues to enable Apple Intelligence on customers’ devices without permission during critical security updates as experts (and our own experiences) confirm.

I had Apple Intelligence enabled, turned it off, then updated to macOS 15.3.1, and it was enabled again.

Jeff Johnson (Mastodon):

Some people who had previously disabled Apple Intelligence in macOS 15.3 and iOS 18.3 saw it re-enabled after updating to macOS 15.3.1 and iOS 18.3.1 today. In fact I personally have two different Apple silicon Macs running macOS Sequoia, and after I updated both Macs to 15.3.1, Apple Intelligence was re-enabled on my MacBook Pro but not on my Mac mini. The difference in behavior appears to depend on whether the Setup Assistant and welcome screen is displayed after the update. On my MacBook Pro, but not my Mac mini, I saw the Setup Assistant.

This is essentially an advertisement for Apple Intelligence, with no option to enable or disable it. After pressing the Continue button, I saw the macOS welcome screen, which required me to press Continue a second time.

I wonder why it’s not consistent between Macs.

Tim Hardwick:

In our tests using an M4 Pro Mac mini, iPhone 16 Pro, iPhone 15 Pro, and M4 iPad Pro – all with Apple Intelligence previously disabled in iOS/iPadOS 18.3 and macOS 15.3 – we found that while the iPhones and iPad maintained their disabled status after updating to iOS/iPadOS 18.3.1, the Mac mini automatically re-enabled the feature after updating.

Greg Pierce:

Another macOS Sequoia update (15.3.1) and the whole Message UI framework is still broken in Catalyst apps with no activity on my FB (FB15693837) from Nov. 5. Ugh.

Previously:

macOS 14.7.4 and macOS 13.7.4

macOS 14.7.4 (full installer, no security):

This update provides important security fixes and is recommended for all users.

macOS 13.7.4 (full installer, no security):

This update provides important security fixes and is recommended for all users.

See also: Howard Oakley.

Previously:

iOS 18.3.1 and iPadOS 18.3.1

Juli Clover (iOS/iPadOS release notes, security, no enterprise, no developer):

According to Apple’s release notes, iOS 18.3.1 includes bug fixes and security updates.

Previously:

watchOS 11.3.1

Juli Clover (release notes, no security, no developer):

The watchOS 11.3.1 update includes important security updates, and it is recommended for all Apple Watch owners.

Previously:

visionOS 2.3.1

Juli Clover (release notes, no security, no developer, no enterprise):

According to Apple’s release notes, visionOS 2.3 includes security updates, and the software is recommended for all users.

Previously:

Monday, February 10, 2025

How Safari Search Engine Extensions Work

Jeff Johnson (Hacker News):

Note below how Safari says “Search Google” and “Google Search”, even though I’m supposed to be using Kagi.

[…]

Safari connects to Kagi only after connecting to Google.

[…]

An unfortunate consequence is that Safari always sends your search to your default search engine, Google for example, before it sends your search to your custom search engine! Is that what you wanted? If you’re trying to protect your privacy, well… you’re failing. Another unfortunate consequence is that you can’t use your default search engine in Safari—if you want to check Google occasionally and compare to Kagi—because the Safari extension will always redirect your searches.

Unique among major browsers, Safari doesn’t let users select a custom search engine. The built-in choices include subpar offerings like Yahoo and the failed Ecosia but not newer, better entrants such as Kagi and Brave. Safari extensions are a hacky substitute that offers a bad user experience.

Even though Chrome is made by Google, it lets you pick another search engine. Even though Edge is made by Microsoft, it doesn’t lock you into Bing, and you can add any search URL template that you want. Apple is not encumbered with its own search engine to push, yet it seems to be constrained by its desire for revenue sharing, so Safari users get stuck with fewer choices that are arguably lower quality and less private.

Previously:

Update (2025-02-11): Nick Heer:

One other possibility is that Apple’s nominal desire for simplicity in preferences led to the company ignoring requests for an arguably niche feature like a custom search engine. Yet Safari preferences are complex and messy in other ways, and the company has — thankfully — retained legacy features like user stylesheets. Even if revenue sharing discouraged Apple from developing this feature, how many people are actually going to set a custom search engine, and would they have a meaningful impact on its beloved Google revenue stream? My guesses: very few, and I doubt it. Yet here we are, over twenty years after Safari’s launch, and we can generously choose between five search engines, of which three — Bing, DuckDuckGo, and Yahoo — are dependent on the same index.

Even if you grant that custom search engines would be too complex, Kagi and Brave should probably be built-in options, anyway.

TikTok Android Sideloading

TikTok:

We’re enhancing ways for our community to continue using TikTok by making Android Package Kits available at TikTok.com/download so that our U.S. Android users can download our app and create, discover, and connect on TikTok.

Via John Gruber:

I suspect something is going to give on this standoff. Either (a) China relents and actually sells to a U.S. company, and TikTok comes back to the App Store and Play Store; or (b) Trump’s extralegal extension expires with no sale and Oracle and Akamai are forced to pull the plug on ByteDance’s cloud services in the US.

[…]

If I’m wrong and TikTok remains in this half-zombie state in the US — unavailable in the App Store or Play Store, but operational if you have the app installed on your phone — it’ll be interesting if TikTok is the app that makes the mass market actually care about the lack of sideloading on iOS. It’ll be interesting too if sideloading on Android goes mainstream because of this.

Does app vs. Web make that much difference if you’re just consuming the videos?

Previously:

DeepSeek’s True Training Cost

Anton Shilov:

SemiAnalysis reports that the company behind DeepSeek incurred $1.6 billion in hardware costs and has a fleet of 50,000 Nvidia Hopper GPUs, a finding that undermines the idea that DeepSeek reinvented AI training and inference with dramatically lower investments than the leaders of the AI industry.

DeepSeek operates an extensive computing infrastructure with approximately 50,000 Hopper GPUs, the report claims. This includes 10,000 H800s and 10,000 H100s, with additional purchases of H20 units, according to SemiAnalysis. These resources are distributed across multiple locations and serve purposes such as AI training, research, and financial modeling. The company’s total capital investment in servers is around $1.6 billion, with an estimated $944 million spent on operating costs, according to SemiAnalysis.

Yazhou Sun and Tom Mackenzie:

The notion that China’s DeepSeek spent under $6 million to develop its artificial intelligence system is “exaggerated and a little bit misleading,” according Google DeepMind boss Demis Hassabis.

[…]

DeepSeek “seems to have only reported the cost of the final training round, which is a fraction of the total cost.”

Previously:

Google Maps at 20

James Killick (via Adam Chandler):

In 2018 Bill [Kilday] wrote a book about their travails. It is the definitive, insider story of Google Maps. The book is called “Never Lost Again” and I can’t recommend it enough. Among other places it’s available on Amazon and Apple Books.

[…]

I recently had the privilege of chatting with Bill and I told him about my plans for this post. We both agreed that the timing should coincide with the 20th anniversary of Google Maps.

So, with that in mind, here we go!

It remains one of my favorite Web sites. If I could only keep three Google products, they would probably be YouTube, Maps, and Translate.

Silas Valentino:

After presenting a dynamic map — now compatible with the web — Where 2 Technologies was acquired by Google for an undisclosed sum in October 2004. At the same time, Google also scooped up the satellite imagery service Keyhole, a critical component for developing Google Maps, since it opened access to scores of satellite images. In the ensuing months, Where 2 Technologies and Keyhole fused their products together, building a digital map made of satellite tiles.

[…]

Maps debuted on Feb. 8, 2005, and Lars remembers it immediately disrupted the entire Google system.

“It actually almost destroyed Google’s data centers,” he said in the podcast. “Rather, it clogged the pipes with all of those tiles of mapping images flying back and forth, almost used all of Google’s bandwidth. It was amazing. It was a huge hit from day one.”

Stephen Hutcheon:

Now, on the eve of Google Maps’ 20th anniversary, the 54-year-old Australian software engineer [Stephen Ma] has had a change of heart. He wants to write himself back into the foundation story – as well as acknowledge others whose contributions have been overlooked or undersold.

Previously:

Friday, February 7, 2025

UK Orders Apple to Break iCloud Advanced Data Protection

Dominic Preston (Hacker News, MacRumors):

Apple has reportedly been ordered by the UK government to create a backdoor that would give security officials access to users’ encrypted iCloud backups. If implemented, British security services would have access to the backups of any user worldwide, not just Brits, and Apple would not be permitted to alert users that their encryption was compromised.

The Washington Post reports that the secret order, issued last month, is based on rights given under the UK’s Investigatory Powers Act of 2016, also known as the Snoopers’ Charter. Officials have apparently demanded blanket access to end-to-end encrypted files uploaded by any user worldwide, rather than access to a specific account.

[…]

The UK has reportedly served Apple a document called a technical capability notice. It’s a criminal offense to even reveal that the government has made a demand. Similarly, if Apple did accede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.

Dan Moren:

While law enforcement has long been able to access encrypted data for which Apple holds the keys, this move would reportedly apply to end-to-end data in which the user holds the keys, such as Apple’s Advanced Data Protection. This law would target end-to-end encrypted data from Google and Meta as well.

This is red alert, five-alarm-fire kind of stuff. Providing a backdoor would be worrying enough for reasons that should be obvious to anybody who knows the barest inkling about technology—to wit, that there exists no mechanism to keep such a tool out of the hands of malicious actors—but the fact that it would apply beyond the UK borders to other countries is a staggering breach of sovereignty. And, moreover, as Menn points out, such a move would no doubt embolden other powers to ask for access to the same capabilities—such as China.

[…]

Ironically, the biggest impediment might come in the form of the European Union, as Apple apparently argued that the implementation would undermine the European right to privacy.

Nick Heer:

In any case, the reported demands by the U.K. government are an extraordinary abuse of their own. It has global implications for both U.K. access and, I would venture, access by its allies. As a reminder, U.S. and U.K. spy agencies routinely shared collected data while avoiding domestic legal protections. This order explicitly revives the bad old days of constant access.

Tim Hardwick:

According to sources that spoke to the publication, Apple is likely to stop offering encrypted storage in the UK as a result of the demand. Specifically, Apple could withdraw Advanced Data Protection, an opt-in feature that provides end-to-end encryption (E2EE) for iCloud backups, such as Photos, Notes, Voice Memos, Messages backups, and device backups.

In this scenario, UK users would still have access to basic iCloud services, but their data would lack the additional layer of security that prevents even Apple from accessing it.

Previously:

Update (2025-02-10): Mike Masnick:

While officials repeatedly insisted they weren’t trying to break encryption entirely, those of us following closely saw this coming. Apple even warned it might have to exit the UK market if pushed too far.

[…]

The UK government is demanding that Apple fundamentally compromise the security architecture of its products for every user worldwide. This isn’t just about giving British authorities access to British users’ data — it’s about creating a master key that would unlock everyone’s encrypted data, everywhere.

This is literally breaking the fundamental tool that protects our privacy and security. Backdoored encryption is not encryption at all.

[…]

This global reach is particularly concerning given the UK’s membership in the Five Eyes intelligence alliance. Any backdoor created for British authorities would inevitably become a tool for intelligence and law enforcement agencies across the US, Australia, Canada, and New Zealand — effectively creating a global surveillance capability without any democratic debate or oversight in those countries.

Bruce Schneier:

Apple is likely to turn the feature off for UK users rather than break it for everyone worldwide. Of course, UK users will be able to spoof their location. But this might not be enough. According to the law, Apple would not be able to offer the feature to anyone who is in the UK at any point: for example, a visitor from the US.

And what happens next? Australia has a law enabling it to ask for the same thing. Will it? Will even more countries follow?

This is madness.

Mark Nottingham (via Hacker News):

The UK is presumably interested in Apple providing this functionality because iCloud’s design conveniently makes a massive amount of data convenient to access in one location: Apple’s servers. If that data is instead spread across servers operated by many different parties, it becomes less available.

In effect, this is the decentralize iCloud option. Apple would open up its implementation of iCloud so that third-party and self-hosted providers could be used for the same functions. They would need to create interfaces to allow switching, publish some specifications and maybe some test suites, and make sure that there weren’t any intellectual property impediments to implementation.

[…]

This isn’t a perfect option. Orders could still force weakened encryption, but now they’d have to target many different parties (depending on the details of implementation and deployment), and they’d have to get access to the stored data. If you choose a provider in another jurisdiction, that makes doing so more difficult, depending on what legal arrangements are in place between those jurisdictions; if you self-host, they’ll need to get physical access to your disks.

SpamSieve 3.1.1

SpamSieve 3.1.1 improves the filtering accuracy of my Mac e-mail spam filter, amongst other enhancements and fixes.

The update was held up because the Developer ID Notary Service was down for most of the business day yesterday.

Some interesting issues were:

Previously:

DeepSeek Privacy Issues

Dan Goodin:

On Thursday, mobile security company NowSecure reported that the app sends sensitive data over unencrypted channels, making the data readable to anyone who can monitor the traffic. More sophisticated attackers could also tamper with the data while it’s in transit. Apple strongly encourages iPhone and iPad developers to enforce encryption of data sent over the wire using ATS (App Transport Security). For unknown reasons, that protection is globally disabled in the app, NowSecure said.

[…]

What’s more, the data is sent to servers that are controlled by ByteDance, the Chinese company that owns TikTok. While some of that data is properly encrypted using transport layer security, once it’s decrypted on the ByteDance-controlled servers, it can be cross-referenced with user data collected elsewhere to identify specific users and potentially track queries and other usage.

Ben Lovejoy:

The latest findings are far worse than the previous security failure which exposed chat history and other sensitive information in a database requiring no authentication …

Brian Krebs:

Beyond security concerns tied to the DeepSeek iOS app, there are indications the Chinese AI company may be playing fast and loose with the data that it collects from and about users. On January 29, researchers at Wiz said they discovered a publicly accessible database linked to DeepSeek that exposed “a significant volume of chat history, backend data and sensitive information, including log streams, API secrets, and operational details.”

“More critically, the exposure allowed for full database control and potential privilege escalation within the DeepSeek environment, without any authentication or defense mechanism to the outside world,” Wiz wrote.

William Gallagher:

NowSecure says it is continuing to research DeepSeek. It notes that the Android version is even less secure than the iOS one.

Previously:

Screenshot-Reading Malware

Wes Davis:

Apps distributed through both Apple and Google’s app stores are hiding malicious screenshot-reading code that’s being used to steal cryptocurrency, the cybersecurity software firm Kaspersky reported today. It’s the “first known case” of apps infected with malware that uses OCR tech to extract text from images making it into Apple’s App Store, according to a blog post detailing the company’s findings.

Kaspersky says it discovered the code from this particular malware campaign, which it calls “SparkCat,” in late 2024 and that the frameworks for it appear to have been created in March of the same year.

Via Guy English:

This is the kind of thing that makes tech so annoying these days. What’s a platform to do? At the scale of adoption of these devices (both Apple and Android) there are countless people who’d not think twice about agreeing to photo access without thinking for a moment of the screenshot with their credentials they saved off a long time ago. The only solution I can think of is only using system UI to pick what apps see. Which we have now. But that’s kind of annoying too.

Bruce Schneier:

That’s a tactic I have not heard of before.

Juli Clover:

Kaspersky located several App Store apps with OCR spyware, including ComeCome, WeTink, and AnyGPT, but it is not clear if the infection was a “deliberate action by the developers” or the “result of a supply chain attack.”

[…]

Apple checks over every app in the App Store , and a malicious app marks a failure of Apple’s app review process. In this case, there does not appear to be an obvious indication of a trojan in the app, and the permissions that it requests appear to be needed for core functionality.

Juli Clover:

Apple pulled the apps from the App Store.

Thursday, February 6, 2025

Mac App Store Broken on macOS 10.14 and Earlier

Alexander Blach:

I’m getting a report from a user that the Mac App Store doesn’t work on macOS Sierra 10.12.6 anymore - they get “An unexpected error occurred while signing in.”

I also see these threads in the the Apple Support Community:

Apple made changes to Mac App Store receipts on January 24, 2025.

Looks like with this change they have also rendered the Mac App Store unusable on older systems, so that customers on these systems can no longer download their purchased apps.

I’m not sure whether there’s actually a connection between the receipts change and the store itself not working, but I can confirm that the store is broken on macOS 10.14 but works on macOS 10.15. On earlier versions, when I try to sign in it doesn’t report an error but never actually signs me in. Thus, you can browse the store but can’t make new purchases, re-download old ones, or install updates.

Previously:

Update (2025-02-07): This story got picked up by MacRumors and AppleInsider, and as of this morning, the Mac App Store is once again working for me on macOS 10.14. Michel Fortin says it now works on 10.13.

Wednesday, February 5, 2025

Tapestry 1.0

The Iconfactory (Mastodon):

Tapestry combines posts from your favorite social media services like Bluesky, Mastodon, Tumblr and others with RSS feeds, podcasts, YouTube channels and more. All of your content presented in chronological order, with no algorithm deciding what you should or shouldn't see.

[…]

Third-party connectors can be added to Tapestry to allow it to work with even more sources. If it has a publicly-accessible feed on the internet, a connector can be built for it.

Ryan Christoffel:

Tapestry is a free download on the App Store, with subscription options available to remove ads, unlock custom timelines, content muting, and theme customization. Subscriptions run $1.99/month, $19.99/year, or you can make a one-time purchase of $79.99.

The Iconfactory:

Connectors are created with standard web technologies: JavaScript and JSON. All of Tapestry’s connectors are open source and easy to adapt for your needs.

You’ll use Tapestry Loom on a Mac to test and debug your connector[…]

Craig Hockenberry:

Centralized systems have shown their weakness and siloed content has as much a chance of surviving as “You’ve got mail!”.

Tapestry was built with this change in mind. Your content comes from a lot of different places, and how that data is retrieved from a feed is entirely customizable. Our goal was to put RSS, social media, podcasts, and more into a flexible and easy-to-read timeline. Tapestry syncs this variety of feeds across devices in a way that is seamless, secure, and easy to understand.

Nick Heer:

I am not sure I want all of these things inside a single app’s timeline. I typically want to treat reading web feeds as a discrete task, for example, and I would use a dedicated podcast client instead. But I like the idea of a merged social media feed. Some people have accounts on Bluesky, Mastodon, and Micro.blog, while others are on only one of those services. I would often like to see all of them at the same time.

[…]

What I would really like — and I do not mean to sound ungrateful or demanding — is a MacOS client.

Previously:

Update (2025-02-11): Federico Viticci:

My problem with timeline apps is that I struggle to understand their pitch as alternatives to browsing Mastodon and Bluesky (supported by both Tapestry and Reeder) when they don’t support key functionalities of those services such as posting, replying, reposting, or marking items as favorites.

[…]

But: the beauty of the open web and the approach embraced by Tapestry and Reeder is that there are plenty of potential use cases to satisfy everyone. Crucially, this includes people who are not like me. There is no one-size-fits-all approach here because the web isn’t built like that.

So, while I still haven’t decided which of these two apps I’m going to use yet, I’ve found my own way to take advantage of timeline apps: I like to use them as specialized feeds for timelines that I don’t want to (or can’t) have in my RSS reader or add as lists to Mastodon/Bluesky.

Reeder Rebuilt

Silvio Rizzi (September 2024):

The new Reeder is out!

A note to Reeder Classic users: For this release, I’ve tried to cover any questions you might have about the new Reeder and Reeder Classic in the FAQ.

There’s no pressure to upgrade. As mentioned before, both apps will coexist.

Devon Dundee:

The best word to describe the new Reeder is “ambitious.” Its purpose is not just to be your RSS reader, but your inbox for keeping up with feeds of many different kinds from various sources across the Internet – text from websites, sure, but also videos on YouTube, audio from podcasts, posts on social media, and more. It’s a one-stop shop for the feeds you follow online, collecting them together into a single timeline that you can seamlessly browse across all of your devices.

This concept—like Tapestry—doesn’t really appeal to me. But I’m probably not a typical user. I like that they’re experimenting in this space and that Reeder Classic is sticking around.

Matt Birchler:

What concerned me is that a new app that didn’t click for me had taken over the name of the app I loved. It felt like the app I loved was being put into a legacy status with the “classic” moniker. “Reeder Classic remains a product in our lineup,” if you will. Like I said, there aren’t a bunch of features I hope are added to Reeder Classic, so I’m fine if it goes on the back-burner, I just hope it continues to get support for the latest operating systems so I can keep using it how I do now for many years to come.

Dave Rahardja:

Maybe I’m not getting it, but it no longer has the concept of read/unread blog posts; everything just…hangs out there forever. It also makes it very difficult to read the content in a web browser; you used to be able to press B to open an article in Safari, but now it’s a click on the share arrow, then Open, with no keyboard shortcuts.

Rui Carmo:

And the new Reeder just doesn’t do what I need it to. In fact, it doesn’t even do what it tries to do in a way that I find useful:

  • Polling 200+ feeds? Local polling and iCloud syncing won’t cut it, and the lack of support for feed aggregators tells me this isn’t an app to keep track of a lot of diverse interests.
  • Catching up on Mastodon? I have custom RSS feeds that track lists from a server, since having my home timeline or tags is just useless and too much noise in my experience.
  • Reddit? Erm. Why? I do visit, but (guess what) I already have summary feeds from the couple of subreddits I care about.
  • Videos and podcasts? I can get a much better experience in specialized apps like Yattee and Overcast, and I never consume that kind of content together with the rest–the contexts and use cases just don’t overlap for me.

See also: Mac Power Users and Reddit.

Previously:

Apple “Approved” Hot Tub Porn App

Jess Weatherbed (MacRumors, 9to5Mac):

The first “Apple approved” porn app for iPhone is rolling out in Europe, via AltStore PAL’s alternative iOS app marketplace. AltStore PAL developer Riley Testut says that Hot Tub, which describes itself as an ad-free “adult content browser,” has made it through Apple’s notarization review for fraud, security threats, and functionality, and will be available for AltStore PAL users in the EU to download starting today.

Apple bans “overtly sexual or pornographic material” on its own iOS store. Steve Jobs once replied to a customer email questioning App Store policing, saying that Apple has “a moral responsibility to keep porn off the iPhone,” and said that people looking for such apps should “buy an Android phone.” Thanks to the EU’s Digital Markets Act, iPhone users within the bloc now have greater freedom to install other apps.

Jason Snell:

AltStore and Testut knew exactly what they were doing when they implied an Apple endorsement of this product, presumably based on Apple’s notarization approval of an iOS app. Legally, Apple must notarize apps so long as they are “free of known malware, viruses or other security threats, function as promised and don’t expose users to egregious fraud.” So you can see that Apple’s hands are tied here. Which is why Apple is deeply unhappy with AltStore’s announcement, releasing this PR statement:

We are deeply concerned about the safety risks that hardcore porn apps of this type create for EU users, especially kids. This app and others like it will undermine consumer trust and confidence in our ecosystem that we have worked for more than a decade to make the best in the world. Contrary to the false statements made by the marketplace developer, we certainly do not approve of this app and would never offer it in our App Store. The truth is that we are required by the European Commission to allow it to be distributed by marketplace operators like AltStore and Epic who may not share our concerns for user safety.

But here’s the thing about notarization: Apple has used it in the past, in the EU, for reasons not covered by the above exceptions.

[…]

Apple representatives claim that AltStore is lying by asserting that Hot Tub was approved by the company. (Though it’s not great that Apple’s own emails use the phrase, “The following app has been approved for distribution.”) Instead, they claim that Apple’s hands are tied by the European Commission. And yet… the company has used its lever before to protect users from (checking my notes here) emulators of very old Mac models. Seems dangerous.

Paul Haddad:

If Apple doesn’t want notarization to imply approval they maybe should stop using it that way.

Steve Troughton-Smith:

You decided notarization would be an approval process, and you inserted yourself in it, which means yes you approved this app.

Much like you didn't approve a bunch of other apps, like emulators.

Phil Dennis-Jordan:

Apple decided any non-App-Store-app would require their approval, therefore if this app ships, Apple has approved it.

If iOS notarisation was anything like macOS app notarisation (automated, takes literally 1 minute) then sure, I’d say calling it “Apple-approved” would be misleading. But by all accounts, iOS notarisation is not that. It’s app store review without the app store.

AltStore:

Unfortunately, Apple has rejected several apps from our store in the past for dubious reasons, so the phrase “Apple-approved” in our marketing is a reference to the fact that Hot Tub was approved, not rejected, by Apple for notarization.

John Gruber:

What they mean is that Hot Tub was duly notarized by Apple — an ostensibly technical, not editorial, review that encompasses (using terms from Apple’s own documentation) accuracy, functionality, safety, security, and privacy. I say “ostensibly” there because Apple has, controversially, refused to notarize apps for other reasons[…]

[…]

If we want to get nitty-gritty over verbs, I’d argue that Apple accepts apps — like Hot Tub — for notarization, not approves. Begrudging acceptance is more of a thing than begrudging approval.

Apple is the one who literally chose to use the word “approved” after an app passes notarization.

Riccardo Mori:

Notice the weasely wording of the statement, making it sound as if the EU is to blame. “We didn’t want to distribute this, but the EU made us do it!”

It’s very weaselly. There’s no allegation that there’s actually anything unsafe about the app. It’s gone through Apple’s vaunted review process and runs within a sandbox. Apple is just spreading FUD and throwing its partner under the bus, implying that they have bad motives. It’s also trying to imply that Epic is distributing porn, which is not the case.

Tim Sweeney:

To correct Apple’s false statement screenshotted here, Epic Games Store for PC and mobile - unlike Apple’s App Store - don’t host any porn apps, have never hosted porn apps.

Steve Troughton-Smith:

Adult apps aren’t kept off of iPhone. The top 50 list on the App Store includes several apps filled with hardcore porn, including social media apps and Reddit. This is entirely performative.

Tim Sweeney:

Apple is being extremely disingenuous in attacking the European Union here. The iOS App Store hosts the Reddit app, which provides access to massive amounts of porn. Apple knows this, permits it, and gave Reddit a 17+ (!!!) rating and Editors Choice award.

Peter Steinberger:

Let’s hope nobody tells Apple about Reddit and X!

Not to mention that there’s more porn in Safari than in any third-party app.

John Gruber (Mastodon):

You’ve been able to watch porno on your iPhone since the first day it shipped — a full year ahead of the App Store — by using the web. Apple’s line has always been clear: native apps = Apple-approved; the web = anything goes.

[…]

Jobs responded:

Fiore’s app will be in the store shortly. That was a mistake. However, we do believe we have a moral responsibility to keep porn off the iPhone. Folks who want porn can buy an Android phone.

I agree that Apple shouldn’t be policing what a Web browser can do, but that makes Jobs’ statement nonsensical. There’s every reason to assume that iPhone was and is one of the leading ways that people get this content. If Apple has a moral responsibility, it’s completely failing. It’s not even blocking porn in native apps in the App Store.

John Gruber:

Sweeney has a real point here, and it really is a bit of a conundrum.

[…]

But how is it possible that these super popular platforms have apps in the no-porn App Store while hosting tons of porn? It’s an issue with Reddit, with Tumblr, and apparently especially so with X (fka Twitter).

[…]

I think Sweeney’s synopsis captures Apple’s de facto policy accurately, with the exception that they don’t welcome apps that host porn (so long as the app has controls to hide it, and if the adult content is effectively a side hustle in the overall context of the app), but tolerate it.

Some banks are too big to fail. Some platforms are too big to ban. Apple won’t say that, but that’s clearly the tacit policy.

That’s how a lot of the App Store works. There’s what they say, and then there’s what they actually do.

Putting aside whether this should even be Apple’s role, I think it’s fair to say that they care more about appearing to be on the right side of the issue than about actually addressing it. If they approved an app like Hot Tub with an appropriate age range and warning label, everyone would be clear on what’s happening. Parents could easily block their kids from installing it. What they are actually doing is promoting—giving Editors Choice awards—to apps that hide the content within an innocuous looking shell.

Previously:

Update (2025-02-11): See also: Hacker News.

Spotify Profitable

Ben Lovejoy:

Spotify achieved its first full year of profitability since launching in 2008. The company has previously had occasional profitable quarters, but consistently lost money each year.

[…]

One profitability factor may have been Apple’s decision to allow Spotify to display pricing within the iOS app within Europe, and to direct users to the Spotify website to sign up – avoiding Apple’s 30% cut.

[…]

It was never clear why Apple blocked this given that it appeared to be permissible under the company’s music entitlement.

Todd Spangler:

There was only about a two-year window (from June 2014 to May 2016) during which Spotify Premium subs could opt to sign up and pay through the Apple App Store. Now [July 2023], Spotify is no longer letting those customers continue paying through Apple’s in-app purchases.

Jem Aswad (via Hacker News):

Spotify paid out $10 billion to the music industry in 2024 — some $1 billion more than last year, the previous record — making its total around $60 billion since it was founded in 2006. The company made the announcement in a blog post Tuesday morning.

[…]

In 2023, the company said it pays out nearly 70% of every dollar it generates from music back to the industry, generating its music revenue from two sources: subscription fees from its Premium platform paying subscribers, and fees from advertisings on music on its Free tier.

Previously:

Tuesday, February 4, 2025

Apple Invites

Apple (MacRumors, Hacker News):

Apple today introduced Apple Invites, a new app for iPhone that helps users create custom invitations to gather friends and family for any occasion. With Apple Invites, users can create and easily share invitations, RSVP, contribute to Shared Albums, and engage with Apple Music playlists. Starting today, users can download Apple Invites from the App Store, or access it on the web through icloud.com/invites. iCloud+ subscribers can create invitations, and anyone can RSVP, regardless of whether they have an Apple Account or Apple device.

[…]

With Apple Intelligence, creating unique event invitations is easy. Users can tap in to the built-in Image Playground experience to produce original images using concepts, descriptions, and people from their photo library.

We’ve been using Paperless Post, which works pretty well, and from that perspective Apple’s solution looks nice but seems rather odd. It doesn’t really handle the most important step of actually inviting people. I expect to be able to enter a bunch of names and addresses, and have my wife do the same, and then when we both think the list is done we press a button and it e-mails everyone.

Apple Invites doesn’t seem to allow for multiple hosts. Is one of us supposed to log into the other’s iCloud account using a private Safari window? More importantly, it doesn’t send a bulk e-mail. Rather, each time you add someone it opens a share sheet so that you can e-mail the person individually. It doesn’t make a pretty e-mail; it just puts a bare link into the body field and you have to fill in everything else—even the subject—separately for each invitee.

There is an option to Send a Note, but this only e-mails the people who have RSVP’d. There is no way to see who has received the e-mail or to remind the ones who haven’t responded. There’s also no way to update the names after the invitation has been sent (e.g. to keep track of who from each party is attending), nor a way to export (or import) the address list data. The invitees can’t see the names of who was invited. And it’s cumbersome to RSVP because you have to type your e-mail address, wait for a confirmation code to be sent, and then type it in (no magic link to click). Or, if there’s an Apple account associated with the e-mail address, you have to log in.

I see the “job to be done” as “help me create and send a nice e-mail and manage the list of people throughout the process.” It feels like Apple thought it was “demo Image Playground and promote Apple’s various services.” It’s also frustrating that Apple is launching another new app that doesn’t have a Mac or iPad version.

John Voorhees:

The app can generate full-screen graphics for invitations to any sort of event. The invitations allow you to mix a combination of photos and AI-generated images that are combined with details about the event and the Memojis of the people you invite. There are multiple font choices, the option to add a playlist from Apple Music, and sections for draft invitations, upcoming events, events you’re hosting, those you’re attending, plus past and upcoming events. Invitees can send notes back to the sender too.

Ben Schoon:

An iPhone user can send you an invitation either via email or through a direct link. On opening the the invite, you’ll be asked to enter an email address and verify that email. You can then enter your RSVP status and see details about the event including (as the event date nears) the weather. There’s also a map location and you can see a list of other attendees.

[…]

Since there’s no Apple Invites app on Android, you’ll instead have the option to download the calendar event file and add it to the calendar app of your choice. This works well enough, but we noticed that the iCloud invites link in the event is entirely generic, where if you save an event to Apple’s Calendar app on iOS, you get a direct link to this specific event. This doesn’t change if you’re signed into an iCloud account.

Another drawback is that you can’t use or even view photos without an iCloud account. Photo sharing is perhaps the biggest draw of Apple Invites over alternatives, so this is a bit of a frustrating hurdle for those who aren’t using an iPhone.

Quinn Nelson:

Apple Invites looks basic but good. The ability to automatically create a shared iCloud Photo Library amongst participants, however, is absolutely MONEY. Great idea.

Steve Troughton-Smith:

I look forward to seeing all the great new APIs available to developers to allow them fairly compete with Apple’s new subscriber-only Invites app, like its seamless shared photo albums feature, just like they’re required to by law here!

Ryan Christoffel:

Invites follows this trend by integrating with features and data from a whopping six other pre-installed Apple apps.

BasicAppleGuy:

Who else here remembers the OG Apple Invites app: Cards...

Previously:

Update (2025-02-10): Rui Carmo:

Instead of improving Shortcuts, making the iPad more useful or de-enshittifying Photos, they devoted (probably heartfelt and well-meaning) engineering resources to this, and, well… Read the room, guys.

Fine, it’s pretty and clever, but after decades in the tech world, one might ponder if customizing invitations really needed another Apple tool. Or any tool at all.

Instapaper 9.1 and Send to Kindle Extension

Instapaper:

On Instapaper iOS and macOS, you can now sign in to websites directly within the app. When you’re logged into sites, Instapaper can more reliably retrieve and display complete articles.

Increasingly, we’re seeing more “hard paywalls” across the Internet, where publishers are preventing third parties from accessing content. Sometimes, this results in Instapaper only receiving part of an article and, other times, Instapaper is completely blocked from accessing any information including basic metadata (i.e. title, author, image thumbnail, etc.).

I don’t really like the idea of logging into sites from within the app, but incomplete imports are a real problem and hopefully this will help. What I’ve been doing lately—for sites that don’t save to Instapaper properly or where I want to read the comments that Instapaper would normally strip out—is use the Send to Kindle browser extension. The downside is that it’s only available for Chrome, but it works really well.

Previously:

Swift Concurrency Glossary

Matt Massicotte:

It would be nice if there was a single place to go to look up all the terms, keywords, and annotations related to Swift concurrency. So here it is.

Each term is linked to the Swift evolution proposal that introduced it, which is usually the most extensive documentation available.

Previously:

Monday, February 3, 2025

AppleCare+ Only As a Subscription

Joe Rossignol:

Starting next week, Apple’s retail stores will no longer offer AppleCare+ plans as a one-time purchase, according to Bloomberg’s Mark Gurman.

Instead, he said the stores will only offer AppleCare+ as a subscription.

It was already available as a subscription, so the main effect of this change seems to be to remove the discount for purchasing multiple years up front.

Previously:

Update (2025-02-10): Adam Chandler:

I thought AppleCare was only changing for retail customers but it appears Apple Store online only offers monthly or annual now when just last week you could pay for 3 years

Wow. So if you click “monthly or annually” it now pops up a box after you click “checkout” given you a 3rd choice of 3 years.

2024 Six Colors Apple Report Card

Jason Snell (complete commentary):

It’s time for our annual look back on Apple’s performance during the past year, as seen through the eyes of writers, editors, developers, podcasters, and other people who spend an awful lot of time thinking about Apple. The whole idea here is to get a broad sense of sentiment—the “vibe in the room”—regarding the past year. (And by looking at previous survey results, we can even see how that sentiment has drifted over the course of an entire decade.)

Here are my responses:

Mac: 3 The M4 Macs have some virtualization, display, and USB issues, but overall the updates seem seem strong. I’m particularly excited about the MacBook Pro’s nanotexture display. The Mac input devices are finally USB-C, but they got the most minimal of updates, not fixing the Magic Mouse’s charging point or modernizing the globe key’s location on the extended keyboard. Unfortunately, the Mac Studio and Mac Pro are still using M2 processors. SSD pricing is still ridiculous, and the software side is still a mess, both in terms of reliability and design. I have not found the Apple Intelligence features very useful. Probably the most exciting things for me in Sequoia are the new Passwords app and the new window management features, though in both cases I prefer third-party solutions.

iPhone: 4 This is one of those years where the new iPhones seem fine, but I feel no urgency to upgrade from the previous model. The most interesting things to me are Photographic Styles and Camera Control. I’m hoping that the former will eventually let me reduce over processing. The latter sounded promising but is now seeming more like the new Touch Bar: over-engineered and less useful than the basic Action button. iOS 18 adds a bunch of useful features.

iPad: 3 This seemed to be the year where a lot of people accepted that the software is what it is. If you love iPadOS, the hardware for running it is now better than ever. If not, no matter how much potential there may be, it’s time to stop waiting for Pro to happen in the way that you want and just use a Mac.

Wearables: 4, Apple Watch: 4, Vision Pro: 1 The AirPods 4 seem good. AirPods Max remains a product in Apple’s lineup. Apple no longer offers software updates for my watch, and I’m waiting for a new Apple Watch SE, which hasn’t been announced yet. Apple Vision Pro is technically impressive, but it increasingly seems like Apple built the wrong thing. Those engineering resources would have been much better spent improving Apple’s other platforms.

Home: 2 My HomePod continues to not work well for Siri or music. This year I dipped my toes into the Matter ecosystem. I was pleased to find that it all “just worked,” though the automation options are a bit limited, and I still don’t like the Home app.

Apple TV: 3 Nothing much happened this year, though I like the new feature of automatically showing subtitles when you rewind a bit. I still don’t like the software or the remote.

Services: 2 iMessage and Siri still work poorly for me. Apple Pay and the rest of iCloud are OK. The other services don’t interest me except in that their existence seems to be warping Apple’s product design decisions.

Hardware Reliability: 4 My most recent hardware has been working well this year. My 2019 Intel MacBook Pro’s internal SSD partially failed. The Mac is out of AppleCare, and the SSD is non-replaceable, so now it can only be used with an external SSD, which is inconvenient for a portable computer and somewhat unreliable (with sleep, etc.). This would be worse with an Apple Silicon–based MacBook Pro because, for security reasons, they no longer support booting from external storage when the internal storage isn’t working. Without being able to replace the SSD, the whole Mac would be dead.

OS Quality: 1, Apple Apps: 3 The software quality slide continues. The same old bugs are still there. Finder views still don’t update or reveal properly, and external drives still don’t mount reliably. macOS Sequoia bought new problems, particularly related to storage. Now, it’s sometimes impossible to unmount drives cleanly. Time Machine deleted lots of my old backups unnecessarily and had trouble completing new backups. Third-party backup utilities are also having trouble, as Sequoia broke ASR’s ability to create bootable backups. Multiple of my Macs now have regular kernel panics, which never happened before. There are a variety of new networking issues. Safari often stops working under heavy load, so, though it’s still my default browser, I’m increasingly incorporating Chrome and Firefox. I wish that, instead of focusing on Apple Intelligence, Apple had focused on improving the quality of the OS and on improving the design of Music and the other media/services apps.

Developer Relations: 2 The same old issues with the App Store, documentation, and bug reporting. Nothing seems to be getting better. This was the second year in a row that Xcode shipped with a showstopper bug for Mac developers. Once again, it was reported during the beta period but there was no urgency to fix it. The Swift toolchain is still crashy and unreliable. Apple continues to write SwiftUI and SwiftData checks that the frameworks can’t cash.

Apple’s Impact in the World: No vote

See also: Nick Heer.

Previously:

Update (2025-02-07): Upgrade (tweet):

We discuss the results of the Six Colors Apple Report Card for 2024 in depth, with our opinions on every category.

See also:

John Gruber (Mastodon, Bluesky):

If “Siri/Apple Intelligence” were a category for this report card, I’d have graded it a D — and much closer to an F than a C. Longstanding Siri features have not only not gotten better, they’ve seemingly gotten worse. Apple is simply not a relevant player in the explosively popular LLM game. The features under the “Apple Intelligence” umbrella mostly feel like Apple shipped them a full year ahead of readiness simply because the rest of the industry — and Wall Street — is way ahead of them, and they felt the need to ship what they had, ready or not. There are a lot of obviously useful potential AI-powered features — ones that integrate between apps, and/or use your personal data on-device — that, thanks to the tightly restricted sandboxing system Apple itself designed for iOS, only Apple itself can provide via AI. It doesn’t matter that Apple doesn’t offer, say, its own web search engine, because Safari can use whatever search engine you want. It does matter that Siri sucks because only Siri can tightly integrate at the system level with your device, and with your private cross-application data.

[…]

Apple’s goal should be for developer relations to be so good that developers look for excuses to create software exclusively for Apple’s platforms. The opposite is happening.

Riccardo Mori:

Here’s my 2024 Apple Report Card. I won’t abuse your time.

Mac hardware: A+
iPhone hardware: A
Services: B (mostly thanks to some good AppleTV+ shows).
The rest: from C to worse.

Dishonourable mention: Software, UI, and UX.

See also: Adam Engst.

Previously:

Swift Build

Owen Voorhees (tweet, Hacker News):

As a foundational step in this new chapter of Swift build technologies, today Apple is open sourcing Swift Build, a powerful and extensible build engine that provides a set of build rules for building Swift projects. Swift Build is the engine used by Xcode, which supports millions of apps in the App Store as well as the internal build process for Apple’s own operating systems. The open source repository also includes support for targeting Linux and Windows.

[…]

Swift Build is an infrastructural component designed to plan and execute builds requested by a higher-level client like Swift Package Manager or Xcode. It builds on top of the existing llbuild project to add capabilities including:

  • Robust integration with the Swift compiler to reliably and efficiently coordinate the build of Swift projects
  • Support for a wide variety of product types including libraries, command line tools, and GUI applications with advanced build configuration options
  • Build graph optimizations that maximize parallelism when building Swift and C code

I suspect this is the component responsible for one of my main frustrations with Swift: spurious compilation errors (or sometimes crashes at runtime) unless I clean the build folder, because it doesn’t correctly figure out which files need to be recompiled after certain changes.

Saagar Jha:

Swift Build being open sourced is a really huge deal. This should remove barriers for teams that are running into Xcode build performance or correctness limitations because they can now debug, profile, and most importantly fix the issues themselves.

Tony Arnold:

I am unbelievably happy to see Apple open source the Xcode build system — I have checked out the project, explored the tests, and am looking at starter issues alongside a relaxing cup of tea.

What to Do When macOS Won’t Let You Unmount a Volume

Howard Oakley:

When all else fails, the next step is to identify what’s using files on that volume or disk, so you can decide whether to force quit that process in Activity Monitor. Don’t do that blindly, as you could end up killing processes that your Mac does need to run.

[…]

If you’d rather use an app, then my personal favourite is Sloth from here. Although it’s not notarized, it does everything that I’d want in terms of matching lsof or fuser’s features. Most importantly, if you click its padlock at the lower right and authenticate, it will show all processes running as root.

I like Sloth, but it’s annoying to have to authenticate each time I use it. There’s a preference to have it prompt at launch so that at least you don’t have to click the little padlock icon each time (or forget to click it and get incorrect results).

In practice, I almost never had problems with volumes that wouldn’t eject before Sequoia, and now it happens multiple times per day. The culprits are always mds (Spotlight) and revisionsd (file versioning) so there seems to be nothing to do except Force Eject.

See also: TidBITS-Talk.

Previously:

Friday, January 31, 2025

Apple’s Q1 2025 Results

Apple (transcript, Hacker News, MacRumors):

The Company posted quarterly revenue of $124.3 billion, up 4 percent year over year, and quarterly diluted earnings per share of $2.40, up 10 percent year over year.

Apples gross margin is up to 46.9 percent, not a surprise if you’ve seen what they charge for storage and RAM these days.

Jason Snell:

Probably most notable is that iPhone revenue was down 1% from the year-ago quarter, which will certainly upset some analysts and investors, given that the iPhone is more than half of Apple’s total revenue. But the Mac jumped 16%, the iPad was up 15%, and services was up 14%. The recently sluggish Wearables, Home, and Accessories category was down 2%.

Michael E. Cohen and Adam Engst:

The big winner in the category revenue race was Services, which brought in a record $26.3 billion, up $3.2 billion from last year. Consequently, Services grew to account for 21% of Apple’s overall revenues, while an iPad rebound boosted its share to 7%, and Macs remained steady at 7%.

John Voorhees:

Going into today’s earnings call, Apple’s stock was downgraded by multiple analysts. Factors cited in the downgrades included weak sales in China, an expectation that Apple wouldn’t meet earnings expectations, and the the lack of any boost in iPhone sales from Apple Intelligence.

wronglebowski (BasicAppleGuy):

Apple has a reserved billboard right across the street from my apartment. Every time it changes I notice, Privacy ad, Sexy product photos, Shot on IPhone ads. Guess what it is now? AI Emoji, a hot dog holding a briefcase.

Tim Cook:

And I think I know from my own personal experience, once you start using the features you can’t imagine not using them anymore. […] I know I get hundreds of emails a day, and the summarization function is so important.

John Gruber:

Apple’s overall sales in China have been trending down for 3 years now. It looks to me like Apple might have peaked there around 2021 or 2022.

Jeff Johnson:

Looking at the 4-quarter moving averages for iPad, iPhone, Mac, and wearables, hardware revenue looks pretty flat over the past 3 years. So-called “services” are the only thing that hasn’t peaked already.

Previously:

Preventing a Mac Laptop From Turning on When Opening Its Lid

Apple (via MacRumors):

A Mac laptop with Apple silicon automatically turns on and starts up when you open its lid or connect it to power. With macOS Sequoia 15 or later, you can change this behavior without affecting your ability to use your keyboard or trackpad to turn on your Mac.

[…]

  • To prevent startup when opening the lid or connecting to power: sudo nvram BootPreference=%00

  • To prevent startup only when opening the lid: sudo nvram BootPreference=%01

  • To prevent startup only when connecting to power: sudo nvram BootPreference=%02

This makes it possible to clean the keyboard with the Mac off and to prevent battery drain due to Power Nap by keeping it off instead of asleep. You can still power on the Mac by pressing the power/Touch ID key.

Dave Mark:

Interesting that this requires the Terminal, no setting to change this behavior. Plenty of other examples of this, but not used to seeing an official support document that sends you to Terminal as only path.

Previously:

Update (2025-01-31): Zsolt Benke notes that this doesn’t allow cleaning the keyboard because pressing a key will still start up the Mac. However, you can temporarily disable this:

  • Press and hold the left Control and Command buttons with right Shift button for a total of 7 seconds.
  • Without releasing them, press the Power button and hold together for an additional 7 seconds until your laptop shuts down. The login screen may flash for a second so don’t prematurely release the keys until the machine is off.
  • For your next startup, your Mac can only be powered on by using the Power button or closing and opening the lid.

This worked for me, but only if I didn’t close the lid before pressing a key.

Update (2025-02-07): Jeff Nouwen:

In my case I wanted to stop the constant waking from spinning my DAS up and down all the time, but this worked for me both with a 2020 Intel iMac and now with my M2 Studio: disable CoreSmartPowerNap.

Oh, and the other piece of the puzzle is to clear and then block the OS from scheduling anything ELSE from waking the machine (calendar time-to-leave reminders, etc.).

Howard Oakley:

Auto boot only determines start up behaviour on opening the lid or connecting power. When the lid is open, pressing any key or using the touchpad will still cause the Mac to start up, so limiting use for cleaning its keys or touchpad. Apple recommends using compressed air, which shouldn’t start the Mac up, but if you prefer to use a dry cloth or isopropyl alcohol on a cloth (but never a water-based cleaner), then you may find it helpful to use KeyboardCleanTool to block key entry during cleaning.

Whatever you do, don’t let any water=based liquid near your Mac’s keyboard or other areas that could allow its ingress. Even small amounts of water can cause serious damage that can require expensive repairs. Like all laptops, MacBook Air and Pro models contain multiple water sensors, making that damage easy to detect.

A Few Words About Indie App Business

Charlie Monroe:

The first few apps I released had almost no downloads, no users and there was no income from them. They are long forgotten by the world and even by me. Be prepared to have some setbacks, don’t let them discourage you. Start small and build up. Have an idea for an app? Don’t spend a year developing something that might be a flop in the end. Develop the main idea and let it grow based on feedback and some roadmap.

However, don’t “underdevelop” either. The app must not crash, it mustn’t be buggy, it mustn’t feel like half-done and unfinished. It needs to be working, though some features may be missing. It’s always nice for the customer to get updates that improve things, add new things and the app gradually gets better and better. When users see this, they talk, they recommend the app and you start growing.

[…]

I work 365 days a year. Last year, I worked 366 days (2024 was leap year). I’m not saying that I work 8 hours each day, but even during weekends, holidays, vacation, I need to tend to support emails in the morning for an hour or so and then once more in the afternoon or evening. I cannot just take off and leave for a few days without seeing the consequences and going insane when I get back.

[…]

The unfortunate thing about this is that going through the support emails in my case is something that takes about 2-3 hours a day – which is not enough to hire someone and train them. Not to mention that most of the reports actually need some technical knowledge. So unless I would hire another developer, in the end, the really administrative stuff that someone could do instead of me is a 30-minute-a-day job.

Previously:

Thursday, January 30, 2025

SLAP and FLOP Side-Channel Attacks

Jason Kim et al. (Hacker News, MacRumors, Slashdot):

We present SLAP, a new speculative execution attack that arises from optimizing data dependencies, as opposed to control flow dependencies. More specifically, we show that Apple CPUs starting with the M2/A15 are equipped with a Load Address Predictor (LAP), which improves performance by guessing the next memory address the CPU will retrieve data from based on prior memory access patterns.

However, if the LAP guesses wrong, it causes the CPU to perform arbitrary computations on out-of-bounds data, which should never have been accessed to begin with, under speculative execution. Building on this observation, we demonstrate the real-world security risks of the LAP via an end-to-end attack on the Safari web browser where an unprivileged remote adversary can recover email content and browsing behavior.

[…]

We present FLOP, another speculative execution attack that results from recent Apple CPUs predicting the outcome of data dependencies. Here, we demonstrate that Apple's M3/A17 generation and newer CPUs are equipped with a Load Value Predictor (LVP). The LVP improves performance on data dependencies by guessing the data value that will be returned by the memory subsystem on the next access by the CPU core, before the value is actually available.

If the LVP guesses wrong, the CPU can perform arbitrary computations on incorrect data under speculative execution. This can cause critical checks in program logic for memory safety to be bypassed, opening attack surfaces for leaking secrets stored in memory. We demonstrate the LVP's dangers by orchestrating these attacks on both the Safari and Chrome web browsers in the form of arbitrary memory read primitives, recovering location history, calendar events, and credit card information.

omcnoe:

Their SLAP demo provides a great example of how defence-in-depth can make/break the viability of an exploit. That terrifying Safari demo is possible because Safari fails to isolate new windows in individual processes when calling window.open in js.

All the other side channel magic presented here doesn’t matter if the data you want to read is in a seperate process with sufficient separation from the “hostile” process in the address space.

MikeHolman:

I worked on a browser team when Spectre/Meltdown came out, and I can tell you that a big reason why Firefox and Chrome do such severe process isolation is exactly because these speculative attacks are almost impossible to entirely prevent. There were a number of other mitigations including hardening code emitted from C++ compilers and JS JITs, as well as attempts to limit high precision timers, but the browser vendors largely agreed that the only strong defense was complete process isolation.

Of course, third-party iOS browsers are not allowed to innovate on security, except possibly in the EU.

Bill Toulas:

Apple acknowledged the shared proof-of-concept and stated it plans to address the issues. However, at the time of writing, the flaws remain unmitigated.

Previously:

Update (2025-01-31): Hector Martin (via Robin Kunde):

DIT fixes FLOP, and SSBS fixes SLAP. Those are documented, architecturally defined mechanisms to control this behavior. No chicken bits needed.

The CPUs are working as intended. Browsers just need to get their head out of the sand and flip those bits when running untrusted JS.

Gulf of America

Todd Haselton (Hacker News):

Google said today that it plans to update Google Maps to reflect President Trump’s January 20th executive order to change the names of the Gulf of Mexico and Denali to the Gulf of America and Mount McKinley, respectively.

Eric Berger:

The order declared that, within 30 days, the Secretary of the Interior should take all appropriate actions to change the names of the prominent body of water and mountain. To do this, the database of name and location information published by the US Geological Survey, the Geographic Names Information System, should be updated accordingly. These files are revised on a bi-monthly basis.

“When that happens, we will update Google Maps in the US quickly to show Mount McKinley and Gulf of America,” the company said Monday.

Wesley Hilliard:

Apple has remained silent about the issue, but a change has been made, even if it is a small one. If users navigate to the Gulf of Mexico, it still shows the 400-year-old name plain as day.

However, if a user searches “Gulf of America,” the text over the Gulf changes to reflect the search result, but the information sheet shows data and photos about the Gulf of Mexico.

[…]

Google will change the name for United States users to Gulf of America. Users outside of the United States will see both names with one in parentheses, while people in Mexico will see only Gulf of Mexico.

Nick Heer:

However, it is pretty rich to think of Google as particularly concerned about the accuracy of names on its maps. It routinely invents names of neighbourhoods.

John Gruber:

Re-renaming Denali back to Mount McKinley seems like a no-brainer for the maps to comply with. A country names its own mountains. If Obama could rename it, Trump can re-rename it.

The Gulf of Mexico, though, is an international body of water, and its name wasn’t even debated until Trump started talking about it a few weeks ago. Google (and perhaps Apple) having a policy where they simply follow the naming conventions of the GNIS seems not merely sensible but utterly uncontroversial ... until now.

Adam Chandler:

In GIS, there are Places (POIs) and there are names but there are also historical names and local names. A lot of whatever streets in tiny towns around the world have dozens of alt names. As long as some news paper or town or historian called it that at some point in history, mapping companies capture it and store it under the place ID.

[…]

Until the next administration rescinds the Executive Order, it’s not unusual for an American company to comply with a place name change but that name may only display in certain geographies and the old name will still work.

John Gruber:

These are mapping and metadata nerds approaching the dilemma in the very nerdiest of ways. I found it rather soothing, and also quite informative — particularly the posts from Minh Nguyễn, who seems to be an OpenStreetMap super user.

Previously:

Update (2025-02-12): Ryan Christoffel:

Yesterday, Google Maps updated the Gulf of Mexico’s name for US users to read ‘Gulf of America’ instead.

[…]

Apple Maps has now been updated for US users to reflect the change.

While currently, the actual map still reads Gulf of Mexico, if you tap to view location details, the app now shows ‘Gulf of America’ as the name instead.

The revised name only applies within the US for now, but Apple told Mark Gurman at Bloomberg it “would soon roll out the shift for all users globally.”

See also: USGS.

Repeating Calculator Operations

Juli Clover:

When you tap the equals sign twice, the app will now repeat the last mathematical operation.

[…]

Repeating operations were an option in the Calculator app prior to iOS 18, but iOS 18 removed the functionality.

I wonder what the story is here. This has been a standard feature of every physical calculator that I can remember. It’s not in System 1 or even System 7, though. Was it added with Mac OS X 10.0?

Previously:

Wednesday, January 29, 2025

Malimite 1.1

Laurie Wired (tweet, Hacker News):

Malimite is an iOS and macOS decompiler designed to help researchers analyze and decode IPA files and Application Bundles.

Built on top of Ghidra decompilation to offer direct support for Swift, Objective-C, and Apple resources.

Previously:

Google Open Sources PebbleOS

Matthieu Jeanson et al.:

We are excited to announce that the source code that powered Pebble smartwatches is now available for download.

This is part of an effort from Google to help and support the volunteers who have come together to maintain functionality for Pebble watches after the original company ceased operations in 2016.

[…]

In 2016, Fitbit acquired Pebble, including Pebble’s intellectual property. Later on, Fitbit itself was acquired by Google, taking the Pebble OS with it.

[…]

This repository contains the entire OS, which provides all the standard smartwatch functionality – notifications, media controls, fitness tracking, and support for custom apps and watchfaces – on tiny ARM Cortex-M microcontrollers. Built with FreeRTOS, it contains multiple modules for memory management, graphics, and timekeeping, as well as an extensive framework to load and run custom applications written in C, as well as in Javascript via the Jerryscript Javascript engine. The Pebble architecture allowed for a lightweight system delivering a rich user experience as well as a very long battery life.

Brad Murray:

We were an awesome, inexperienced, but determined and optimistic team of software developers that made this happen. This photo was from our firmware offsite in early 2016, and there’s just so much talent here.

[…]

The solution? Purposefully clock the RTC 1024x faster than real time, so every second on the RTC (which was broken into hour, minute and second fields) was actually only 1/1024th of a second. Call these “ticks” and you’ve made a high resolution clock that worked in stop mode.

[…]

This required some other hacks to handle “rollovers” because you could lose track of the real time with your RTC running so quickly, but it worked and a going into stop mode for fractions of a second with accurate timing saved a ton of battery life.

Eric Migicovsky (via Hacker News):

You’d imagine that smartwatches have evolved considerably since 2012. I’ve tried every single smart watch out there, but none do it for me. No one makes a smartwatch with the core set of features I want:

  • Always-on e-paper screen (it’s reflective rather than emissive. Sunlight readable. Glanceable. Not distracting to others like a bright wrist)
  • Long battery life (one less thing to charge. It’s annoying to need extra cables when traveling)
  • Simple and beautiful user experience around a core set of features I use regularly (telling time, notifications, music control, alarms, weather, calendar, sleep/step tracking)
  • Buttons! (to play/pause/skip music on my phone without looking at the screen)
  • Hackable (apparently you can’t even write your own watchfaces for Apple Watch? That is wild. There were >16k watchfaces on the Pebble appstore!)

[…]

I had really, really, really hoped that someone else would come along and build a Pebble replacement. But no one has. So… a small team and I are diving back into the world of hardware to bring Pebble back!

Previously:

Update (2025-01-30): John Gruber:

If their goal is to be to smartwatches what Playdate is to handheld gaming, that’s definitely achievable, and if they succeed, will by definition be a lot of fun.

The whole tech world needs more projects that aren’t trying to become billion- (let alone trillion-) dollar ideas, but are happily shooting for success as million-dollar ideas (or less!).

Releasing Core Intuition

Core Intuition (Mastodon):

This is the final episode of our podcast. Thank you so much to everyone who has listened and supported us over the years! We’ve loved doing the show.

Thanks and congratulations on 16 years of podcasting. Perhaps this will lead to more time for blogging.

See also: Isaiah Carew.

Tuesday, January 28, 2025

DeepSeek

Wikipedia:

DeepSeek is the name given to open-source large language models (LLM) developed by Chinese artificial intelligence company Hangzhou DeepSeek Artificial Intelligence Co., Ltd. The company, based in Hangzhou, Zhejiang, is owned and solely funded by Chinese hedge fund High-Flyer, whose co-founder, Liang Wenfeng, established the company in 2023 and serves as its CEO.

DeepSeek performs tasks at the same level as ChatGPT, despite being developed at a significantly lower cost, stated at US$6 million, against $100m for OpenAI’s GPT-4 in 2023, and requiring a tenth of the computing power of a comparable LLM. The AI model was developed by DeepSeek amidst U.S. sanctions on China for Nvidia chips, which were intended to restrict the country’s ability to develop advanced AI systems.

DeepSeek-AI (PDF, via Hacker News):

We introduce our first-generation reasoning models, DeepSeek-R1-Zero and DeepSeek-R1. DeepSeek-R1-Zero, a model trained via large-scale reinforcement learning (RL) without supervised fine-tuning (SFT) as a preliminary step, demonstrates remarkable reasoning capabilities. Through RL, DeepSeek-R1-Zero naturally emerges with numerous powerful and intriguing reasoning behaviors. However, it encounters challenges such as poor readability, and language mixing. To address these issues and further enhance reasoning performance, we introduce DeepSeek-R1, which incorporates multi-stage training and cold-start data before RL. DeepSeek-R1 achieves performance comparable to OpenAI-o1-1217 on reasoning tasks.

Dare Obasanjo (MacRumors, John Voorhees):

DeepSeek is now in the top 3 apps in the App Store.

There is a saying that necessity is the mother of invention. The Biden chip bans have forced Chinese companies to innovate on efficiency and we now have DeepSeek’s AI model trained for millions competing with OpenAI’s which cost hundreds of millions to train.

This is now mirroring the classic asymmetric competition between Open Source and proprietary software. There is no moat as that famous Google memo stated.

M.G. Siegler:

That message lacked a key framing though: that these charts aren’t just based on pure downloads and instead are algorithmically constructed. No one outside of Apple and Google knows the exact equations that flavor the ranking, but at a high level, it seems pretty clear that download rate acceleration is a key factor versus sheer volume. That is to say, an app can chart by having a bunch of people suddenly start to download it, even if more people overall are downloading an older app.

[…]

But it is still interesting because again, the mainstays have in recent years dominated these charts. Sure, new entrants would rise (and fall) from time-to-time but it was almost always some order of: Facebook, Instagram, WhatsApp, Threads, TikTok, CapCut, YouTube, Gmail, Google Maps, etc. Right now, there is only a single app from Meta (Threads) and one from Google (Google) in the top 10.

John Gruber:

Secondarily, and perhaps counterintuitively, it showcases Apple’s strength in AI. Sure, Apple’s own Apple Intelligence is years behind and pretty embarrassing right now, even with its much ballyhooed partnership with ChatGPT. But the iPhone is where people actually use AI and the App Store is how they get the apps they use. To borrow Ben Thompson’s framing, the hype over DeepSeek taking the top spot in the App Store reinforces Apple’s role as an aggregator of AI. The measuring stick for consumer AI products and social media networks is where they’re listed on the App Store.

[…]

But the iPhone is the place where social media networks are used and ranked. The App Store today is like the cable company of yore. It didn’t matter if Comcast’s own channels were the most popular — so long as everyone was watching channels through TVs connected to Comcast TV service, Comcast was getting their cut.

It’s certainly a strong position to control the iOS platform, but I doubt that Apple wants to be thought of as a Comcast, and it’s unclear whether people will continue to go to iOS apps for their AI needs when the App Store limits what they can do.

Reuters:

Chinese startup DeepSeek said on Monday it is temporarily limiting registrations due to a large-scale malicious attack on its services.

Fatbobman:

Based on personal experience, DeepSeek’s V3 and R1 are more than sufficient to meet the needs of most scenarios. Surprisingly, the training cost is merely a few million dollars—a figure that has sparked widespread industry attention and skepticism. Some practitioners even regard this claim as “cognitive warfare”, finding it hard to believe. However, its API pricing, which is just a fraction of mainstream models, strongly validates its training efficiency. What’s even more admirable is that DeepSeek has open-sourced its training methods and inference mechanisms. This move is likely to catalyze the emergence of more low-cost, high-quality AI models, providing users with affordable and excellent AI services.

However, whether DeepSeek’s success will prompt industry giants to adjust their model development strategies remains a profound question. Since OpenAI demonstrated the potential of large language models (LLMs) through a “more is more” approach, the AI industry has almost universally adopted the creed of “resources above all.” Capital, computational power, and top-tier talent have become the ultimate keys to success. Today, the AI industry has evolved into a capital-driven frenzy. Regardless of a product’s profitability, simply announcing the purchase of large quantities of GPUs can significantly boost a company’s stock price. In an environment focused on “faster and bigger,” most practitioners have been swept away by this trend.

M.G. Siegler:

Because the entire US stock market has been boosted on the back of Big Tech over the past few years. And more recently, many of those stocks have been boosted on the promise of AI. And that has led investors to largely turn a blind eye to the immense spend needed to built out that AI.

[…]

Yes, this is another way to describe a bubble. But it’s not necessarily a bad thing, it’s far more of a natural thing if you understand the underlying incentives. And if you believe that AI is the most transformational technology to come about in some time – some might say, ever – it just accelerates and expands everything in the cycle. As does the fact that again, Big Tech companies are now the largest and most well capitalized in the world. Hammer has met nail.

[…]

Wall Street is now worried that may be the case. I mean, how can a small Chinese startup, born out of a hedge fund, spend fractions in terms of both compute and cost and get similar results to Big Tech?

Jeffrey Emanuel (via Hacker News):

Some of the largest and most profitable companies in the world, like Microsoft, Apple, Amazon, Meta, Google, Oracle, etc., have all decided that they must do and spend whatever it takes to stay competitive in this space because they simply cannot afford to be left behind. The amount of capex dollars, gigawatts of electricity used, square footage of new-build data centers, and, of course, the number of GPUs, has absolutely exploded and seems to show no sign of slowing down. And Nvidia is able to earn insanely high 90%+ gross margins on the most high-end, datacenter oriented products.

[…]

This represents a true sea change in how inference compute works: now, the more tokens you use for this internal chain of thought process, the better the quality of the final output you can provide the user. In effect, it’s like giving a human worker more time and resources to accomplish a task, so they can double and triple check their work, do the same basic task in multiple different ways and verify that they come out the same way; take the result they came up with and “plug it in” to the formula to check that it actually does solve the equation, etc.

[…]

Besides software superiority, the other major thing that Nvidia has going for it is what is known as interconnect— essentially, the bandwidth that connects together thousands of GPUs together efficiently so they can be jointly harnessed to train today’s leading-edge foundational models. In short, the key to efficient training is to keep all the GPUs as fully utilized as possible all the time— not waiting around idling until they receive the next chunk of data they need to compute the next step of the training process.

[…]

Who knows if any of that is really true or if they are merely some kind of front for the CCP or the Chinese military. But the fact remains that they have released two incredibly detailed technical reports, for DeepSeek-V3 and DeepSeekR1.

[…]

Perhaps most devastating is DeepSeek’s recent efficiency breakthrough, achieving comparable model performance at approximately 1/45th the compute cost. This suggests the entire industry has been massively over-provisioning compute resources. Combined with the emergence of more efficient inference architectures through chain-of-thought models, the aggregate demand for compute could be significantly lower than current projections assume. The economics here are compelling: when DeepSeek can match GPT-4 level performance while charging 95% less for API calls, it suggests either NVIDIA’s customers are burning cash unnecessarily or margins must come down dramatically.

Carmen Reinicke (via Hacker News, John Gruber):

Nvidia shares tumbled 17% Monday, the biggest drop since March 2020, erasing $589 billion from the company’s market capitalization. That eclipsed the previous record — a 9% drop in September that wiped out about $279 billion in value — and was the biggest in US stock-market history.

FT:

Venture capital investor Marc Andreessen called the new Chinese model “AI’s Sputnik moment”, drawing a comparison with the way the Soviet Union shocked the US by putting the first satellite into orbit.

Duncan Davidson:

Deepseek was inevitable. With the big scale solutions costing so much capital smart people were forced to develop alternative strategies for developing large language models that can potentially compete with the current state of the art frontier models.

wordgrammer:

Q: How did DeepSeek get around export restrictions?

A: They didn’t. They just tinkered around with their chips to make sure they handled memory as efficiently as possibly. They lucked out, and their perfectly optimized low-level code wasn’t actually held back by chip capacity.

[…]

They used the formulas below to “predict” which tokens the model would activate. Then, they only trained these tokens. They need 95% fewer GPUs than Meta because for each token, they only trained 5% of their parameters.

[…]

Also, export restrictions didn’t harm them as much as we thought they did. That’s probably because our export restrictions were really shitty. The H800s are only worse than the H100s when it comes to chip-to-chip bandwidth.

“Is the US losing the war in AI??” I don’t think so. DeepSeek had a few big breakthroughs, we have had hundreds of small breakthroughs. If we adopt DeepSeek’s architecture, our models will be better. Because we have more compute and more data.

Alexander Doria:

I feel this should be a much bigger story: DeepSeek has trained on Nvidia H800 but is running inference on the new home Chinese chips made by Huawei, the 910C.

Thomas Claburn:

A reader provided The Register with a screenshot of how R1 answered the prompt, “Are you able to escape your guidelines?”

The model’s initial response, after a five second delay, was, “Okay, thanks for asking if I can escape my guidelines. Hmm, I need to be careful here. My guidelines are set by OpenAI, so technically I can’t just ignore them.”

[…]

Dongbo Wang, a Microsoft principal software engineer, offered a possible explanation in the discussion thread: “To folks who landed on this issue, this is likely because DeepSeek V3 was trained with data from GPT-4 output, which seems to be pretty common in the training of many LLMs.”

James Thomson:

Tried out the new and popular “Deepseek” LLM with my standard “tell me facts about the author of PCalc” query. At least half were misleading or straight up hallucinations. LLMs are not a suitable technology for looking up facts, and anybody who tells you otherwise is… probably trying to sell you a LLM.

I then asked for a list of ten Easter eggs in the app, and every single one was a hallucination, bar the Konami code, which I did actually do.

Natasha Murashev:

Although DeepSeek R1 is open source and available on HuggingFace, at 685 billion parameters, it requires more than 400GB of storage!! So the answer is no, you cannot run it locally on your MacBook. Note that there are other smaller (distilled) DeepSeek models that you will find on Ollama, for example, which are only 4.5GB, and could be run locally, but these are NOT the same ones as the main 685B parameter model which is comparable to OpenAI’s o1 model.

[…]

The two services that are currently hosting the full 685B parameter model are Together.ai and Fireworks.ai - both US-based companies.

[…]

Once you have the project set up, with the AIProxySwift library installed and your partialKey and serviceURL, simply follow the AIProxy TogetherAI Swift examples. The Deepseek R1 model is “deepseek-ai/DeepSeek-R1”.

Dare Obasanjo:

DeepSeek just released a new multi-modal open-source AI model, Janus-Pro-7B. It’s a text-to-image generator which it claims beats OpenAI’s DALL-E 3 and Stable Diffusion on benchmarks.

Since it’s licensed under the MIT license, it can be used in commercial applications without restrictions.

See also: Ben Thompson, Rui Carmo, Dithering.

Previously:

Update (2025-01-30): promptfoo (via Hacker News):

As a Chinese company, DeepSeek is beholden to CCP policy. This is reflected even in the open-source model, prompting concerns about censorship and other influence.

Today we’re publishing a dataset of prompts covering sensitive topics that are likely to be censored by the CCP. These topics include perennial issues like Taiwanese independence, historical narratives around the Cultural Revolution, and questions about Xi Jinping.

Dina Bass and Shirin Ghaffary (via Hacker News):

Microsoft Corp. and OpenAI are investigating whether data output from OpenAI’s technology was obtained in an unauthorized manner by a group linked to Chinese artificial intelligence startup DeepSeek, according to people familiar with the matter.

Microsoft’s security researchers in the fall observed individuals they believe may be linked to DeepSeek exfiltrating a large amount of data using the OpenAI application programming interface, or API, said the people, who asked not to be identified because the matter is confidential.

See also: Ed Zitron (via Hacker News).

Siri Super Bowl Regression

Paul Kafasis (MacRumors, TidBITS):

With the absolute most charitable interpretation, Siri correctly provided the winner of just 20 of the 58 Super Bowls that have been played. That’s an absolutely abysmal 34% completion percentage.

[…]

At its worst, it got an amazing 15 in a row wrong (Super Bowls XVII through XXXII). Most amusingly, it credited the Philadelphia Eagles with an astonishing 33 Super Bowl wins they haven’t earned, to go with the one 1 they have.

[…]

Inexplicably, for this one lone Super Bowl, Siri offered to search the web or use ChatGPT.

John Gruber (Mastodon, Bluesky, Hacker News):

Other answer engines handle the same questions with aplomb. I haven’t run a comprehensive test from Super Bowls 1 through 60 because I’m lazy, but a spot-check of a few random numbers in that range indicates that every other ask-a-question-get-an-answer agent I personally use gets them all correct. I tried ChatGPT, Kagi, DuckDuckGo, and Google. Those four all even fare well on the arguably trick questions regarding the winners of Super Bowls 59 and 60, which haven’t yet been played.

[…]

New Siri — powered by Apple Intelligence™ with ChatGPT integration enabled — gets the answer completely but plausibly wrong, which is the worst way to get it wrong. It’s also inconsistently wrong — I tried the same question four times, and got a different answer, all of them wrong, each time. It’s a complete failure.

[…]

What makes Siri’s ineptitude baffling is that ChatGPT is Siri’s much-heralded partner for providing “world knowledge” answers. Siri with Apple Intelligence is so bad that it gets the answer to this question wrong even with the ostensible help of ChatGPT, which when used directly gets it perfectly right. And Siri-with-ChatGPT seemingly gets it wrong in a completely different way, citing different winners and losers (all wrong) each time.

[…]

But it’s even worse than that, because old Siri, without Apple Intelligence, at least recognizes that Siri itself doesn’t know the answer and provides a genuinely helpful response by providing a list of links to the web, all of which contain accurate information pertaining to the question. Siri with Apple Intelligence, with ChatGPT integration enabled, is a massive regression.

The regression is notable, though I still care far more about Siri’s failures in responding to basic commands—music and audio control, creating reminders, manipulating timers—than about its lack of world knowledge.

Kyle Howells:

It’s also funny that Siri gives a warning about checking ChatGPT’s answers for mistakes, when it falls back to asking ChatGPT.

Because looking at the results: Siri is WAY worse than ChatGPT.

Kyle Howells:

For comparison this is where Samsung and Google are now, in a released product.

Ryan Jones:

[John Giannandrea] Scorecard: Hired in 2018 to be the head of AI + ML + Siri.

AI = F. Entirely missed this decade’s innovation.

Siri = F. Has gotten WORSE. All search, including Spotlight is further behind.

ML = B. Autocorrect was trash for 2 years. Photos search is on par. Music ML is total trash. Camera ML is on par. Siri suggests are unused. Photo Clean Up is industry-leading. Maps routing is on par.

M.G. Siegler:

The headline, of course, is meant to be provocative. But I’m also not sure it’s in Betteridge’s Law territory. Because I’m not sure that Apple shouldn’t consider outsourcing their AI layer on the assistant front to a third-party, at least temporarily while Siri is brought up to speed.

golly_ned:

I worked, fortunately briefly, in Apple’s AI/ML organization.

It was difficult to believe the overhead, inefficiency, and cruft. Status updates in a wiki page tens of thousands of words long in tables too large and ill-formatted for anyone to possibly glean. Several teams clamboring to work on the latest hot topic for that year’s WWDC — in my year it was “privacy-preserving ML”. At least four of five teams that I knew of.

They have too much money and don’t want to do layoffs because they’re afraid of leaks, so they just keep people around forever doing next to nothing, since it’s their brand and high-margin hardware that drives the business. It was baked into the Apple culture to “go with the flow”, a refrain I heard many times, which I understood to mean stand-by and pretend to be busy while layers of bureaucracy obscure the fact that a solid half of the engineers could vanish to very little detriment.

Mark Gurman:

Apple Inc. executive Kim Vorrath, a company veteran known for fixing troubled products and bringing major projects to market, has a new job: whipping artificial intelligence and Siri into shape.

Via John Gruber:

My sense is that it’s less about Siri and Apple Intelligence being more important than VisionOS, and more about Siri being a mess. More about urgency than importance. But perhaps it’s both more urgent and more important long-term. Either way, assigning Vorrath — perhaps Apple’s best fixer, and without question one of Apple’s best fixers — makes sense.

Previously:

iPad at 15

Hartley Charlton:

Apple CEO Steve Jobs announced the original iPad 15 years ago today, marking one and a half decades of the company’s “revolutionary” tablet.

Federico Viticci:

A decade of my iPad coverage, collected in a single, recently updated page.

Peter Steinberger:

Confession: I use my Samsung Galaxy Tab S10 way more than my iPad. Unless iOS, it’s not crippled by software. Chrome works like on desktop, split screen works much better and some of the AI features actually make sense.

Om Malik:

The confusion over the device is not limited to reviewers or buyers but extends to Apple itself, which hasn’t really been able to give it the direction it deserves. Had Steve Jobs not died, the iPad likely would have received more focus, attention, and appreciation.

Over the years, it’s fair to say the iPad has suffered from a subpar operating system experience. There has been a distinct lack of popular and hit applications. Still, one can’t ignore the amazing hardware and its true capabilities. If only there were more interesting apps — not games — that tapped into what Apple packs into it.

[…]

Still, there is no denying that for children and elders, the iPad is a perfect computer.

See also: BasicAppleGuy.

Previously:

Update (2025-01-30): Rui Carmo (via Tomas Kafka):

This is a follow-up to a couple of previous ramblings (last week and before) about the iPad and its limitations, and is a list of things that I would love to have on an iPad, but that Apple still doesn’t really want us to in 2024, fourteen years since the iPad’s debut.

[…]

Instead of any of these, last WWDC we got ChatGPT and… a calculator.

Previously:

GRDB 7

Gwendal Roué:

GRDB 7 is out, a joint effort by ten contributors! The new version blends as well with Swift 6 concurrency as you need it, and is ready to follow you for the years to come.

Did you know 2025 marks GRDB’s tenth anniversary?

Swift Concurrency and GRDB:

The following sections describe, with more details, how GRDB interacts with Swift Concurrency.

Previously:

Monday, January 27, 2025

Apple Intelligence Enabled Automatically

Juli Clover:

When installing macOS Sequoia 15.3, iOS 18.3, or iPadOS 18.3, Apple Intelligence will be turned on automatically on compatible devices[…] With macOS Sequoia 15.1, macOS Sequoia 15.2, iOS 18.1, and iOS 18.2, Apple Intelligence was opt-in rather than opt-out, and users who wanted the feature needed to turn it on in the Settings app. Going forward, it will be enabled by default, and Mac, iPhone, and iPad users who do not want to use the feature will need to turn it off.

Ryan Jones:

Oh my word.

Apple is going to auto enable AI summaries one random morning on your dad and grandma.

☠️🔥

Ryan Christoffel:

Per Apple’s website, Apple Intelligence now requires 7GB of free storage.

The same 7GB number applies whether you’re using an iPhone, iPad, or Mac.

Rosyna Keller:

And since it uses the MobileAsset framework to deliver the models, they’ll get purged when the space is actually needed if Apple Intelligence is switched off.

Sean Heber:

I can’t seem to turn it off right now, either, because now it’s downloading, I guess?

Nick Heer:

The exact amount probably varies from device to device but, still, that is a considerable amount of new space required — a thirty-odd percent growth in operating system size in a nominally minor version update.

[…]

Apple still insists this is a beta, but it no longer has the excuse that users are opting in knowing the risks and flaws. These are just unfinished new features. It turns out problems and a lack of quality control magically become excusable if you just slap a beta badge on it. This is a trick Google has known about for decades.

Andrew Cunningham:

Apple is following in the footsteps of Microsoft and Google here, rolling out new generative AI features to its user base as quickly as possible and enabling some or all of them by default while still labeling everything as a “beta” and pointing to that label when things go wrong.

Eric Schwarz:

I think based on the desperate attempts to get us to use it, most people aren’t that excited about it.

Eric Schwarz:

I think it’s funny how Apple holds back features from older devices with artificial software reasons or have hardware that they’ll include but not enable with the excuse “it wasn’t promised when we shipped it” (kinda like the paid original iPod touch software updates). Unlike that, everyone with a capable device is getting Apple Intelligence thrown upon us when it’s not even done. How about you go get the nonsense worked out with Masimo so I can get the blood oxygen sensor working on my Watch?!

John Gruber:

I have mixed feelings about this decision. It’s pretty obvious that Apple Intelligence has a slew of shortcomings. It’s the nature of the beast, though, that it’s always going to have some shortcomings.

[…]

So the bar shouldn’t be “has obvious shortcomings”. It’s whether Apple Intelligence is good enough. Compared to other systems, like ChatGPT, no, it’s not good enough. But Apple has been enabling Siri by default since 2011. And Siri, today, is arguably worse than it’s ever been when compared to the state of the art.

[…]

If it’s not just merely shipping to all users, but now enabled by default, that’s not beta. That’s just buggy.

Adam Engst:

Ultimately, I’m neither surprised nor all that perturbed by Apple turning on Apple Intelligence for everyone.

[…]

Like so many other features Apple adds to its apps and operating systems, most Apple Intelligence features won’t get in your way, and those that might—like notification summaries—can be turned off independently.

Previously:

Update (2025-02-07): Jamie Zawinski:

I have now turned off “Apple Intelligence” three times on my iPad, and can now confirm that there’s also an “Apple Intelligence Report” keylogger that I had to turn off as well.

But, to be fair, I did not tell them “NO”. I told them “Maybe Later”. So they’re just following my instructions, right? That’s how consent works, right?

Apple (Reddit):

You can generate a report of requests your iPhone has sent to Private Cloud Compute.

I guess this is intended as a pro-privacy feature so that you can audit what information your Mac is sending to Apple—since their server is not going to store it in a way that’s associated with you—but the side effect is that it keeps a local log of your queries that anyone with access to your Mac could export.

Update (2025-02-12): Thomas Tempelmann:

Here’s a trick how to prevent Apple Intelligence to get automatically activated by a system update on your Mac:

Set Siri’s language to a different English variant (e.g. UK vs. US) and then it’ll not be able to get enabled.

macOS 15.3

Juli Clover (release notes, security, enterprise, developer, full installer, IPSW):

macOS Sequoia brings Genmoji to Macs that support Apple Intelligence, which means it’s now possible to create custom emoji characters using the Messages app.

The update also removes Notification summaries for news and entertainment apps to prevent misleading Apple Intelligence headline summaries.

See also: Mr. Macintosh and Howard Oakley.

Dave Nanian:

It includes a fix for the replicator failure in 15.2. Once installed, SuperDuper “Erase, then copy” backups should start working again.

Previously:

Update (2025-01-28): Howard Oakley:

Bugs fixed include improved stability for apps over VPN connections when using the built-in software firewall and content filter extensions, and successful AirPlay connections with the firewall and content filters.

Ethan J. A. Schoonover:

Applying the most recent macOS 15.3 security patch reset the hostname on my system (definitely should not happen). Spotlight index also nuked and failing to rebuild (mdutil is not indexing).

Scott Anguish:

Releases notes show that .onKeyPress now works inside of NavigationSplitView.

Jeff Johnson:

Apple, in its eagerness to please the stock market by forcing the so-called “beta” of Apple Intelligence on customers, offers no way to dismiss the advertisement in System Settings without opening the Image Playground app.

[…]

You can use the same workaround in the future whenever you see a message at the top of System Settings that you want to remove.

Update (2025-01-29): Ric Ford:

Apple’s recurring home directory bug is back yet again with macOS 15.3, as Jeffrey Kane notes in an email.

Fat Cat Software:

Apple has now released macOS 15.3 which fixes the problems PowerPhotos experienced on 15.2, and restores its previous capabilities with non system libraries.

Brian Webster:

macOS 15.2 broke all my shit, and I’ve spent the last three months fixing things to work again.

macOS 15.3 undid the shit breaking, so everything works like it did before.

So yay, it’s not broken anymore?

But I just wasted like three months of my life with this shit?

And who knows if it’ll break again in 15.4 or whatever?

Rich Trouton:

Apple has added a couple of new management options for Apple Intelligence as part of the release of macOS Sequoia 15.3.

Pierre Igot:

Also still not working in macOS 15.3: Preview cannot cope with grayscale TIFFs with a depth of 16.

Update (2025-01-30): Christian:

Is it just me, or did switching windows with command ^ stop working in Safari with 15.3?

The Command-` Cycle Through Windows shortcut works for both of us with a US keyboard layout, but he says Command-^ doesn’t work with any of the German keyboard layouts.

Rodrigo Ghedin:

It’s broken since ever Safari Profiles were released, if you have more than one set. Weirdly, Command + Shift + ` (switching backwards) works fine.

Update (2025-01-31): Pierre Igot:

Of course, after updating from macOS 15.2 to macOS 15.3, I find that Apple has unilaterally reset my Downloads folder in Safari to the default one (the Downloads folder inside my home folder), even though I have been using a different one for YEARS.

Update (2025-02-07): Patrick Wardle:

If you write security tools for macOS, you have to get used to Apple breaking things all the time …and you (+your users) then having no recourse but to patiently wait for their fix 🫠

(Example: Apple broke Airplay Mirroring in macOS 15.2 😬 …but at least it’s fixed in 15.3)

Tim Hardwick:

Apple’s latest macOS Sequoia 15.3 update appears to have resolved a bug that prevented popular backup utility SuperDuper from creating bootable backups, according to developer Dave Nanian.

Norbert Heger:

Starting with macOS 15.3, this automatic removal of embedded system extensions no longer works. Although the system still claims to remove them, they remain installed and active, so they continue to run in the background without users even noticing.

Note that this affects not only Little Snitch but also all third-party Mac apps that include a system extension, such as VPN and network filtering apps, endpoint security tools, and hardware drivers.

Howard Oakley:

There have been many reports of problems with Thunderbolt 5 support in Apple’s latest MacBook Pro and Mac mini models with M4 Pro and Max chips. Among the more concerning have been poor performance when accessing SSDs through TB5 docks and hubs, and the inability to drive more than two 4K displays through those.

[…]

As the evidence here suggests, macOS 15.3 or later is required for full TB5 performance, and OWC now includes that in the specifications for its TB5 hub. It also states that TB3 support requires macOS 15, although USB4 should still be supported in macOS 14 Sonoma.

Pierre Igot:

I installed the macOS 15.3 update last week and…

This here record clearly shows that I turned this option OFF a month ago… and therefore that the macOS 15.3 update arbitrarily turned it back on without my consent.

I suppose that, by Apple’s calculation, it’s OK to regularly annoy a subset of users just in case the great masses of clueless Mac users might be somehow helped by these so-called “tips”.

Update (2025-02-10): Peter Steinberger:

Bought a new Thunderbolt 5 controller and now macOS is crapping out on T8110DART overnights.

Norbert Heger:

Now, five years later, after upgrading our machines to macOS 15.3, we have once again noticed that ICMP traffic no longer reaches our network extension, so we cannot show it in Network Monitor nor can we intercept and block it.

[…]

We very much hope that ICMP support was not intentionally removed by Apple, but that this is merely “just another bug” that will be fixed in a future macOS update.

Of course, we have already reported our findings to Apple (FB16450831).

Jeff Johnson:

Every “minor” OS update nowadays is like a major OS update: new bugs every time.

I personally noticed two other new bugs in macOS 15.3: tiff rendering broken (FB16418368) and Safari 18.3 broke iOS web inspector over wifi (FB16423111).

When do we ever get a “stable” version?

macOS 14.7.3 and macOS 13.7.3

Apple (release notes, full installer):

This document describes the security content of macOS Sonoma 14.7.3.

Apple (release notes, full installer):

This document describes the security content of macOS Ventura 13.7.3.

See also: Howard Oakley.

Previously:

iOS 18.3 and iPadOS 18.3

Juli Clover (no iOS/iPadOS release notes, security, no enterprise, no developer):

For iPhone 16 models, iOS 18.3 adds Visual Intelligence support for adding events to the Calendar app and identifying plants and animals. The update removes Apple Intelligence Notification summaries for news and entertainment apps in an effort to prevent misleading alerts, plus it italicizes all summaries done by Apple Intelligence.

There are also several bug fixes, and a change to the Calculator app.

See also: Joe Rossignol.

Previously:

Update (2025-01-28): Ed:

Plus, good news @mjtsai : they fixed scheduling of Home actions (“turn off lamp in 10 minutes”) which have been broken since at least 18.1

Update (2025-01-30): Tim Hardwick:

Below, we’ve listed 50 of the features and changes that have been rolled out through these recent updates.

watchOS 11.3

Juli Clover (no release notes, security, no developer):

The watchOS 11.3 update introduces a new Black Unity watch face for the Apple Watch, which is designed to match a new band that came out today.

Previously:

visionOS 2.3

Juli Clover (no release notes, no security, developer, no enterprise):

According to Apple’s release notes, visionOS 2.3 includes bug fixes and security updates, and the software is recommended for all users.

Previously:

tvOS 18.3

Juli Clover (release notes, security, developer):

There were no notable new features found during the tvOS 18.3 beta testing period, but the update adds a new notice about digital movie and TV show sales.

Previously:

audioOS 18.3

Apple:

This update includes performance and stability improvements.

Previously:

Friday, January 24, 2025

Edits and Clips

Wes Davis (via John Gruber, Mastodon):

Instagram head Adam Mosseri just announced a video editing app called Edits. Mosseri said the app is meant to rival CapCut, a video editing app that went offline along with TikTok. Edits is available for preorder on the iOS App Store.

Wesley Hilliard (MacRumors):

The Edits app announcement was likely planned to take advantage of the TikTok ban and entice people to move to Instagram Reels right away. Videos posted from Edits to Reels will get performance metrics provided in the app.

[…]

Apple has worked at the edges of social media for years without diving all the way in. The company is still clearly bruised after the failure of Ping.

Despite that, many apps and features on iPhone toe the line between fun tool and social platform. One of those tools was Clips, which arrived in 2017 to little fanfare and has been forgotten since.

Baz:

I don’t know about CapCut or Edits, but Clips was a half-arsed copy of the editor built in to TikTok (although I’ve not used that for a few years either).

The best thing about Clips was it made your videos stand out from TikTok-made ones as it had different effects. UI-wise, it was just a clone.

John Gruber:

Apple makes a lot of apps, and they could easily afford to assign a team to make Clips truly great. It’s no different than 20–25 years ago, when Apple dedicated itself to making iMovie and Final Cut both great apps. It’s no different than the motivation to create GarageBand.

[…]

There are actually a lot of interesting UI ideas in Clips. But if Apple isn’t interested in making Clips truly great for people who actually love editing videos using their phones, they should just abandon it. Make it great or give up. Keeping it around as an also-ran that no one uses is a bad look. This is the sort of thing Apple should pride itself on: best-of-breed creative tools.

John Gruber:

Clips is alarming, a dead canary.

Greg Pierce:

Mark my words, Apple’s Journal app is the next Clips. Clever, well executed. Then abandoned. Also like Clips, and in a more glaringly limiting way, iPhone only. Could be amazing, but no reason to invest in it as a user.

Previously:

Debug Descriptions on the Wrong Thread

Douglas Hill (Bluesky):

Is there a best practice for implementing description and debugDescription for main actor classes with Swift strict concurrency?

Currently, he’s checking the current thread and not trying to read the object if it’s the wrong one.

I’ve run into a similar issue with Core Data. Managed objects are supposed to be confined to a single queue, but it’s easy for them to leak, as they get included in the user info dictionaries of notifications and errors. If you try to log an error you’ll get undefined behavior or a crash if com.apple.CoreData.ConcurrencyDebug is enabled.

Maybe it’s OK to override description and dispatch it to the correct queue. The object knows its own context, after all, and the context knows the queue. But I’ve always had the suspicion that performing within description could cause a deadlock or something. So, instead, I sometimes try to catch Core Data errors and generate/store the description before they cross the thread boundary.

Phishing Texts Trick Users Into Disabling Protection

Lawrence Abrams (via Ric Ford):

As you can see below, a fake USPS shipping issue and a fake unpaid road toll text were sent from unknown senders, and iMessage automatically disabled the links.

While neither of these phishing lures is new, we noticed that these smishing texts, and others seen recently, ask users to reply with “Y” to enable the link.

Bruce Schneier:

But because they came from unknown phone numbers, the links did not work. So—this is the new bit—the messages said something like: “Please reply Y, then exit the text message, reopen the text message activation link, or copy the link to Safari browser to open it.”

I saw it once, and now I am seeing it again and again. Everyone has now adopted this new trick.

Google Search Now Requires JavaScript

Kyle Wiggers (Hacker News):

Google says it has begun requiring users to turn on JavaScript, the widely used programming language to make web pages interactive, in order to use Google Search.

In an email to TechCrunch, a company spokesperson claimed that the change is intended to “better protect” Google Search against malicious activity, such as bots and spam, and to improve the overall Google Search experience for users.

[…]

One of Google’s motivations here may be inhibiting third-party tools that give insights into Google Search trends and traffic. According to a post on Search Engine Roundtable on Friday, a number of “rank-checking” tools — tools that indicate how websites are performing in search engines — began experiencing issues with Google Search around the time Google’s JavaScript requirement came into force.

John Gruber:

But the bottom line is that with this change, Google Search is more of an app than it is a website.

[…]

Whether it’s a justifiable decision or not, I don’t buy for a second that it’s a necessary decision on Google’s part. Thus I find this decision sad, but given the course Google has been on for the last 15 years or so, I’m also unsurprised. Old original Google was a company of and for the open web. Post 2010-or-so Google is a company that sees the web as a de facto proprietary platform that it owns and controls. Those who experience the web through Google Chrome and Google Search are on that proprietary not-closed-per-se-but-not-really-open web.

[…]

Here’s a good thread on Hacker News discussing the change, with some interesting commentary on the state of the no-JavaScript web. Also worth pointing out that Kagi, the best search engine in the world, works fine without JavaScript.

Previously:

Thursday, January 23, 2025

Stargate Project

Kyle Wiggers (OpenAI, Hacker News):

OpenAI says that it will team up with Japanese conglomerate SoftBank and with Oracle, among others, to build multiple data centers for AI in the U.S.

The joint venture, called the Stargate Project, will begin with a large data center project in Texas and eventually expand to other states. The companies expect to commit $100 billion to Stargate initially and pour up to $500 billion into the venture over the next four years.

They promise it will create “hundreds of thousands” of jobs and “secure American leadership in AI.”

[…]

Microsoft is also involved in Stargate as a tech partner. So are Arm and Nvidia.

Previously:

iOS and iCloud Keychain Are Hostile to Backups

Jeff Johnson (Mastodon):

In my view, a useful backup system must be (1) chronological, (2) granular, and (3) redundant.

It seems like iOS iCloud backups provide none of these. I thought iCloud Backup used to store multiple backups for each device, and that I could delete older ones to free up space, but now when I go into the settings I don’t see a list of backups, just the date of the “Last Backup.”

The backups are not granular. There’s no way to restore the data for a single app.

Maybe the underlying AWS or Azure storage is geographically redundant, but the most important data like photos and messages aren’t even stored by the backup system. There’s just a single copy of the current data. For most people, the data doesn’t all fit on device so there’s no redundancy that way, either.

iCloud Keychain stores only one version of your passwords, the latest version, so it’s not chronological. You can’t extract a single password from iCloud Keychain without restoring—that is, overwriting—every password, so it’s not granular. And the only way you can restore your iCloud Keychain passwords is via Apple’s online iCloud service, so it’s not redundant. If you lose access to iCloud for some reason, such as an internet outage or an account lockout, or if your iCloud Keychain data becomes corrupted in some way—which happens!—then you’re left with no alternative backup.

I think the fairest way to characterize iCloud Keychain is not as a backup system but rather as a sync system.

[…]

Contrast iCloud Keychain to the login keychain on your Mac. The login keychain is relatively friendly to backup systems. It consists of a single file on disk that can be copied to other disks and read by the Keychain Access app on any Mac, as long as you know the login password. And you can copy individual keychain entries—a password, secure note, key, or certificate—from one keychain to another keychain, using standard copy and paste.

I use iCloud Keychain with Safari AutoFill because it’s so convenient. But, because I have so little control over it, I don’t use it as the primary storage for any of my passwords. It is the only storage for my passkeys, since PasswordWallet doesn’t support them. Hopefully, there will be more tools for this as credential exchange gets implemented.

You can still view your old secure notes in your keychain, but you can’t create new secure notes. Apple wants you to use the Notes app instead. This is extremely inconvenient, for several reasons. I want to manage all of my passwords and secure notes in one place. I need proper backups, but Notes app appears to suffer from the same hostility to backups as Passwords app. And for some reason, unlike the login keychain, locked Notes can’t be locked with your login password unless you enable iCloud Keychain.

Previously:

Copyright © 2000–2025 Michael Tsai.