Friday, January 24, 2025

Edits and Clips

Wes Davis (via John Gruber, Mastodon):

Instagram head Adam Mosseri just announced a video editing app called Edits. Mosseri said the app is meant to rival CapCut, a video editing app that went offline along with TikTok. Edits is available for preorder on the iOS App Store.

Wesley Hilliard (MacRumors):

The Edits app announcement was likely planned to take advantage of the TikTok ban and entice people to move to Instagram Reels right away. Videos posted from Edits to Reels will get performance metrics provided in the app.

[…]

Apple has worked at the edges of social media for years without diving all the way in. The company is still clearly bruised after the failure of Ping.

Despite that, many apps and features on iPhone toe the line between fun tool and social platform. One of those tools was Clips, which arrived in 2017 to little fanfare and has been forgotten since.

Baz:

I don’t know about CapCut or Edits, but Clips was a half-arsed copy of the editor built in to TikTok (although I’ve not used that for a few years either).

The best thing about Clips was it made your videos stand out from TikTok-made ones as it had different effects. UI-wise, it was just a clone.

John Gruber:

Apple makes a lot of apps, and they could easily afford to assign a team to make Clips truly great. It’s no different than 20–25 years ago, when Apple dedicated itself to making iMovie and Final Cut both great apps. It’s no different than the motivation to create GarageBand.

[…]

There are actually a lot of interesting UI ideas in Clips. But if Apple isn’t interested in making Clips truly great for people who actually love editing videos using their phones, they should just abandon it. Make it great or give up. Keeping it around as an also-ran that no one uses is a bad look. This is the sort of thing Apple should pride itself on: best-of-breed creative tools.

John Gruber:

Clips is alarming, a dead canary.

Greg Pierce:

Mark my words, Apple’s Journal app is the next Clips. Clever, well executed. Then abandoned. Also like Clips, and in a more glaringly limiting way, iPhone only. Could be amazing, but no reason to invest in it as a user.

Previously:

Debug Descriptions on the Wrong Thread

Douglas Hill (Bluesky):

Is there a best practice for implementing description and debugDescription for main actor classes with Swift strict concurrency?

Currently, he’s checking the current thread and not trying to read the object if it’s the wrong one.

I’ve run into a similar issue with Core Data. Managed objects are supposed to be confined to a single queue, but it’s easy for them to leak, as they get included in the user info dictionaries of notifications and errors. If you try to log an error you’ll get undefined behavior or a crash if com.apple.CoreData.ConcurrencyDebug is enabled.

Maybe it’s OK to override description and dispatch it to the correct queue. The object knows its own context, after all, and the context knows the queue. But I’ve always had the suspicion that performing within description could cause a deadlock or something. So, instead, I sometimes try to catch Core Data errors and generate/store the description before they cross the thread boundary.

Phishing Texts Trick Users Into Disabling Protection

Lawrence Abrams (via Ric Ford):

As you can see below, a fake USPS shipping issue and a fake unpaid road toll text were sent from unknown senders, and iMessage automatically disabled the links.

While neither of these phishing lures is new, we noticed that these smishing texts, and others seen recently, ask users to reply with “Y” to enable the link.

Bruce Schneier:

But because they came from unknown phone numbers, the links did not work. So—this is the new bit—the messages said something like: “Please reply Y, then exit the text message, reopen the text message activation link, or copy the link to Safari browser to open it.”

I saw it once, and now I am seeing it again and again. Everyone has now adopted this new trick.

Google Search Now Requires JavaScript

Kyle Wiggers (Hacker News):

Google says it has begun requiring users to turn on JavaScript, the widely used programming language to make web pages interactive, in order to use Google Search.

In an email to TechCrunch, a company spokesperson claimed that the change is intended to “better protect” Google Search against malicious activity, such as bots and spam, and to improve the overall Google Search experience for users.

[…]

One of Google’s motivations here may be inhibiting third-party tools that give insights into Google Search trends and traffic. According to a post on Search Engine Roundtable on Friday, a number of “rank-checking” tools — tools that indicate how websites are performing in search engines — began experiencing issues with Google Search around the time Google’s JavaScript requirement came into force.

John Gruber:

But the bottom line is that with this change, Google Search is more of an app than it is a website.

[…]

Whether it’s a justifiable decision or not, I don’t buy for a second that it’s a necessary decision on Google’s part. Thus I find this decision sad, but given the course Google has been on for the last 15 years or so, I’m also unsurprised. Old original Google was a company of and for the open web. Post 2010-or-so Google is a company that sees the web as a de facto proprietary platform that it owns and controls. Those who experience the web through Google Chrome and Google Search are on that proprietary not-closed-per-se-but-not-really-open web.

[…]

Here’s a good thread on Hacker News discussing the change, with some interesting commentary on the state of the no-JavaScript web. Also worth pointing out that Kagi, the best search engine in the world, works fine without JavaScript.

Previously:

Thursday, January 23, 2025

Stargate Project

Kyle Wiggers (OpenAI, Hacker News):

OpenAI says that it will team up with Japanese conglomerate SoftBank and with Oracle, among others, to build multiple data centers for AI in the U.S.

The joint venture, called the Stargate Project, will begin with a large data center project in Texas and eventually expand to other states. The companies expect to commit $100 billion to Stargate initially and pour up to $500 billion into the venture over the next four years.

They promise it will create “hundreds of thousands” of jobs and “secure American leadership in AI.”

[…]

Microsoft is also involved in Stargate as a tech partner. So are Arm and Nvidia.

Previously:

iOS and iCloud Keychain Are Hostile to Backups

Jeff Johnson (Mastodon):

In my view, a useful backup system must be (1) chronological, (2) granular, and (3) redundant.

It seems like iOS iCloud backups provide none of these. I thought iCloud Backup used to store multiple backups for each device, and that I could delete older ones to free up space, but now when I go into the settings I don’t see a list of backups, just the date of the “Last Backup.”

The backups are not granular. There’s no way to restore the data for a single app.

Maybe the underlying AWS or Azure storage is geographically redundant, but the most important data like photos and messages aren’t even stored by the backup system. There’s just a single copy of the current data. For most people, the data doesn’t all fit on device so there’s no redundancy that way, either.

iCloud Keychain stores only one version of your passwords, the latest version, so it’s not chronological. You can’t extract a single password from iCloud Keychain without restoring—that is, overwriting—every password, so it’s not granular. And the only way you can restore your iCloud Keychain passwords is via Apple’s online iCloud service, so it’s not redundant. If you lose access to iCloud for some reason, such as an internet outage or an account lockout, or if your iCloud Keychain data becomes corrupted in some way—which happens!—then you’re left with no alternative backup.

I think the fairest way to characterize iCloud Keychain is not as a backup system but rather as a sync system.

[…]

Contrast iCloud Keychain to the login keychain on your Mac. The login keychain is relatively friendly to backup systems. It consists of a single file on disk that can be copied to other disks and read by the Keychain Access app on any Mac, as long as you know the login password. And you can copy individual keychain entries—a password, secure note, key, or certificate—from one keychain to another keychain, using standard copy and paste.

I use iCloud Keychain with Safari AutoFill because it’s so convenient. But, because I have so little control over it, I don’t use it as the primary storage for any of my passwords. It is the only storage for my passkeys, since PasswordWallet doesn’t support them. Hopefully, there will be more tools for this as credential exchange gets implemented.

You can still view your old secure notes in your keychain, but you can’t create new secure notes. Apple wants you to use the Notes app instead. This is extremely inconvenient, for several reasons. I want to manage all of my passwords and secure notes in one place. I need proper backups, but Notes app appears to suffer from the same hostility to backups as Passwords app. And for some reason, unlike the login keychain, locked Notes can’t be locked with your login password unless you enable iCloud Keychain.

Previously:

Swift Concurrency: Waiting for Async Work

David Smith:

A common point of confusion in Swift Concurrency turns out to actually not be unique to Swift at all: “why can’t you synchronously wait for future async work?”

If you block a thread in your thread pool waiting, a core goes idle, but another one runs the work and unblocks it; not too awful.

What happens if you block all of them? Where does the work they’re waiting for run?

[…]

libdispatch picked “cap at ~64 threads”, which allows misdesigned code to “get away with it” sometimes, at a cost in memory and CPU overhead.

Swift follows the philosophy of “fail fast”: rather than let people write inefficient code that occasionally deadlocks in edge cases, it tries to make people aware of the problem up front.

Rob Napier:

SwiftUI gives us very few affordances for dealing with async state, while actors create lots of it.

So we are now aware of the problem up front, but that “painful rearchitecting” is mostly about dealing with Apple frameworks with little guidance on how to do it.

To solve a problem we never see. (I’m certain Apple sees it regularly at scale, but we don’t.)

[…]

I keep having the situation where I make an actor just to eventually find all of its state wrapped into a single Mutex<State> so that outside things can access it atomically. And I find myself wondering what the actor was supposed to be doing for me and I make it a class again.

Heath Borders:

It’s so easy to say that one should design their systems to be async, but then you run into APIs that require sync answers that you don’t control 🤷🏻‍♂️

Helge Heß:

I think “indeterminate” would be a better description than “long running”. As long as the locked code makes forward progress and doesn’t wait itself, it should be fine?

David Smith:

So the difficulty we run into is that trying to do it statically (by not providing any APIs to do so), we can’t distinguish between “it’s probably ok” and “not that one”.

But beyond that, I’ve personally been wrong about this. I broke booting iOS with a single spinlock (no priority donation) around three calls to look up the username for a uid, which happened once ever and then were cached. Should have been fine, I thought!

Brendon Justin:

My answer to how I read this question is: blocking a thread on sync IO is safe, even if that’s the last available thread in the thread pool, because the IO has a thread to run on (the current one, since it is a sync call). Whereas blocking on async IO may require another thread be available for said async IO to run on.

Timothy Wood:

NSFileCoordination was … interesting … but one of my favorite bits of using it to write our file syncing thing was the zen of realizing there is no observable current filesystem state, only changes floating in the wind and how you respond as they drift past you.

Marcin Krzyzanowski:

I had 0 bugs

  • added async
  • added debounce
  • I have undefined number of nondeterministic bugs now

Previously:

App Store Profit Margin

Juli Clover (March 2024):

With the App Store and app ecosystem undergoing major changes in the European Union, The Wall Street Journal today shared a profile on App Store chief Phil Schiller, who is responsible for the App Store.

Though Schiller transitioned from marketing chief to “Apple Fellow” in 2020 to take a step back from Apple and spend more time on personal projects and friends, he is reportedly working close to 80 hours a week.

Ben Lovejoy (April 2024):

Phil Schiller has told a court in an antitrust case that he doesn’t know for sure whether the App Store is profitable, and never considered the return on investment when launching it.

He’s also explained the reason that there are very few written records of decisions made around the launch of the store is because Apple co-founder Steve Jobs felt that meeting notes were unnecessary – and the company still doesn’t record minutes for meetings between senior execs …

[…]

“Are you telling His Honour you made the decision without any investigation into what stream of revenue would be produced by imposing a commission of 30 per cent?” Mr Young asked.

“Correct.”

I thought I had already discussed this at the time, but I can’t seem to find the post. I believe Schiller that he doesn’t get a specific report on the App Store’s profitability. What would be the benefit of having an official record? At the same time, surely the numbers are obvious enough that he could say with certainty that it’s profitable.

Ben Lovejoy (Hacker News, Mastodon):

Apple’s incoming CFO didn’t get much time to settle in before he found himself in court defending the company against a class action lawsuit. Kevan Parekh yesterday claimed that the company that it has no clue about its App Store profit margin.

[…]

Apple is facing two lawsuits in the UK, each alleging that the company abuses its monopolistic control over the sale of iPhone apps to charge excessive commissions.

[…]

It’s been independently estimated that Apple’s profit margin on the App Store is in the 75% to 78% range.

An expert witness in the Epic Games lawsuit back in 2019 estimated that the figure was 78%. A British expert in the current case calculated a figure of “more than 75%.”

Parekh told the court that these estimates are not accurate but then pleaded ignorance about what the correct number was.

Tim Sweeney:

Apple and Google make more profit from iOS and Android games than the creators who make the games.

Previously:

Wednesday, January 22, 2025

Swift Proposal: Opt-in Strict Memory Safety Checking

SE-0458:

For example, Swift solves null references with optional types. Statically, Swift prevents you from using an optional reference without checking it first. If you’re sure it’s non-null, you can use the ! operator, which is safe because Swift will dynamically check for nil. If you really can’t afford that dynamic check, you can use unsafelyUnwrapped. This can still be correct if you can prove that the reference is definitely non-null for some reason that Swift doesn’t know. But it is an unsafe feature because it admits violations if you’re wrong.

[…]

A compiler flag -strict-memory-safety that enables warnings for all uses of unsafe constructs within a given module. All warnings will be in the diagnostic group Unsafe, enabling precise control over memory-safety-related warnings per SE-0443. When strict memory safety is enabled, the StrictMemorySafety feature will be set: #if hasFeature(StrictMemorySafety) can be used to detect when Swift code is being compiled in this mode.

[…]

Because UnsafeBufferPointer and UnsafePointer are @unsafe types, this code will get a warning regardless of whether the declarations were marked @unsafe, because having unsafe types in the signature of a declaration implies that they are @unsafe. This helps us identify more unsafe code even when the libraries we depend on haven’t enabled strict safety checking themselves.

To suppress these warnings, the expressions involving unsafe code must be marked with unsafe in the same manner as one would mark a throwing expression with try or an asynchronous expression with async.

Previously:

Opting Out of Visual Look Up and iCloud Photos

Bogdan:

This is much worse [than Photos.app’s Enhanced Visual Search]: open an image containing a “landmark” in the Preview app, then open the Inspector. An icon will appear which, when clicked, will popup information about the landmark. Verified with a JPEG with no GPS metadata. Take a screenshot of the opened image, the same works in the screenshot. This is system level and turning it off in the Photos app has no effect.

I found that Preview will identify landmarks—i.e. it is sending a neural hash of my photo to Apple’s servers—even without my having the inspector open and even though I have Enhanced Visual Search unchecked in Photos.app’s settings. I think this is due to the Visual Look Up feature introduced in macOS 12.3. The way to turn this off is unintuitive. It’s not in the settings for Photos or Preview or even Privacy. Instead, you go to System Settings ‣ Spotlight and uncheck Siri Suggestions.

Jeff Johnson:

Why does photoanalysisd want to phone home?

I don’t have iCloud Photos enabled. I don’t have Enhanced Visual Search enabled. And I wasn’t doing anything with photos. This just happened randomly in the background.

I don’t know what this is or how to turn it off. Maybe it’s downloading place names based on geotags? I assume it’s not related to Visual Look Up, which uses mediaanalysisd.

Jeff Johnson:

Before I enabled iCloud on the new Mac, I installed a configuration profile created with Apple Configurator app. The purpose of the configuration profile was to prevent iCloud from silently enabling features that I don't want. I discussed this technique last year in a blog post about how to stop iCloud Keychain with a profile. My configuration profile disables not only iCloud Keychain but also iCloud Photos, Siri, Diagnostic Submission, and Apple Personalized Advertising.

But there was a bug where it instead enabled iCloud Photos and locked the setting so that he couldn’t disable it.

Previously:

App Store Trader Status Deadline

Apple:

Starting February 17, 2025: Due to the European Union’s Digital Services Act, apps without trader status will be removed from the App Store in the European Union until trader status is provided and verified, if necessary.

Apple:

To determine if you’re a trader, you should consider a range of non-exhaustive and non-exclusive factors (see those listed on page 2 in the EC’s Guidance), which may include:

Whether you make revenue as a result of your app, for example if your app includes in-app purchases, or if it’s a paid or ad-sponsored app — especially if you’re transacting in large volumes

[…]

Whether you develop your app in connection with your trade, business, craft, or profession—meaning that you’re acting in a professional/business capacity. You’re unlikely to be a trader for EU law purposes if you’re acting “for purposes which are outside your trade, business, craft, or profession.” For example, if you’re a hobbyist and you developed your app with no intention of commercializing it, you may not be considered a trader.

When I looked at this last year, it seemed like anyone selling apps would be considered a trader. This guidance from Apple adds confusion: what is a large volume? What does it mean to offer an app for sale with no intention of commercializing it?

Luc Vandal:

Still receiving this (again) despite confirmation that the status for my account is fine. This doesn’t inspire much confidence. Anyone else?

Drew McCormack:

Apple’s trader registration for the new EU rules is a complete shambles. I sent them the documents last March. They didn’t process them in time, and they expired. So, I get in contact and get assigned an issue number and person assigned to the issue, pay for up-to-date docs, and send them again. Silence. And the threats of cutting off my apps continue to flow in.

Previously:

ViewSonic VP2788-5K

Efosa Udinmwen:

ViewSonic’s VP2788-5K is a compact device with a 99% DCI-P3 color gamut and robust connectivity options, including Thunderbolt 4, HDMI 2.1, USB-C and A, and DisplayPort.

[…]

The monitor is expected to be available in the first quarter of 2025, possibly before the end of March.

DisplaySpecifications:

ViewSonic VP2788-5K was unveiled at Pepcom Digital Experience earlier this month and now the company is ready with the full list of specifications for this monitor. This professional monitor from the ViewSonic ColorPro series boasts a 27-inch IPS display with a 5K resolution (5120 x 2880 px) and a 219 ppi pixel density. […] The display delivers 500 nits of brightness and a 2000:1 static contrast ratio. It has an AGLR coating with 48% haze.

Via Paul Haddad:

This one’s claim to fame is 75Hz refresh rate. Honestly having a hard time keeping track of all the new retina monitors.

Previously:

Tuesday, January 21, 2025

TikTok Takedown

Thomas Claburn (MacRumors):

A US federal appeals court has rejected a challenge to the law that prevents popular apps that collect data on Americans from being controlled by a foreign adversary.

The decision puts the ongoing operation of social media network TikTok, a subsidiary of China-based ByteDance, at risk.

[…]

The law at issue, initially known as the Protecting Americans from Foreign Adversary Controlled Applications Act (PFACAA), became part of the foreign assistance package passed in April, after which it was approved by President Biden. It limits foreign adversaries from collecting data through adversary-controlled software applications. It also identifies ByteDance and TikTok by name, while potentially applying to code controlled by other foreign entities.

Nick Heer:

The court’s opinion (PDF) is not particularly long. As this is framed as a question of national security, the court gives substantial deference to the government’s assessment of TikTok’s threat. It also views the legislation passed earlier this year to limit data brokers as a complementary component of this TikTok divest-or-ban law.

I still do not find this argument particularly compelling. There is still too much dependence on classified information and too little public evidence. A generous interpretation of this is the court knows something I do not, and perhaps this is completely justified. But who knows?

David Shepardson (Hacker News):

The chair and top Democrat on a U.S. House of Representatives committee on China told the CEOs of Google-parent Alphabet and Apple on Friday they must be ready to remove TikTok from their U.S. app stores on Jan. 19.

David Shepardson and Krystal Hu (Hacker News):

TikTok plans to shut U.S. operations of its social media app used by 170 million Americans on Sunday, when a federal ban is set to take effect, barring a last-minute reprieve, people familiar with the matter said on Wednesday.

ACLU (Hacker News):

As explained in the friend-of-the-court brief the ACLU and its partners filed with the Supreme Court, under the First Amendment the government must meet an extraordinarily high bar to ban an entire communications platform. To ban TikTok, the government must show that the ban is the only way to prevent serious, imminent harm to national security and that the ban limits no more speech than necessary to accomplish that purpose. The government has not come close to meeting that standard.

Jonathan Vanian (PDF, Hacker News, MacRumors, Nick Heer):

The Supreme Court on Friday upheld the law requiring China-based ByteDance to divest its ownership of TikTok by Sunday or face an effective ban of the popular social video app in the U.S.

[…]

In a unanimous decision, the Supreme Court sided with the Biden administration, upholding the Protecting Americans from Foreign Adversary Controlled Applications Act, which President Joe Biden signed in April.

Nick Heer:

The opinion (PDF) is predicated solely on data collection concerns. The justices did not even consider questions about TikTok’s recommendations system, finding that national security alone is worth a change in TikTok’s ownership.

[…]

These are two ideologically divergent justices similarly compelled by arguments for TikTok to moderate and recommend as it sees fit. Perhaps the court would have ultimately come down differently on these questions if the justices had spent more time considering them, but all this produced is understandable concern over user data. Requiring TikTok to be sold off or banning it is not very useful for correcting that misbehaviour, but that was not the question before the court.

Eric Schwarz:

However, other than claims by Forbes that ByteDance spied on journalists, our government didn’t provide a list of why TikTok was such a threat—if we had a “here’s what they’re collecting in shady ways and how it will be used against you” list, I’d be satisfied.

Instead, we get a vague “trust us” message from the gerontocracy that would probably fall for your run-of-the-mill phishing scam and be delighted by AI images on Facebook. If TikTok is so bad, why not hold others accountable for similar actions?

Kyle Wiggers and Anthony Ha (Hacker News):

TikTok users began receiving a message about the ban around 10:30 p.m. Eastern on Saturday evening, and the app also disappeared from the Apple and Google Play app stores. As of Sunday morning, some users in the U.S. could still access TikTok via the web.

“Sorry, TikTok isn’t available right now,” the company’s message reads. “A law banning TikTok has been enacted in the U.S. Unfortunately, that means you can’t use TikTok for now.”

Kevin Collier et al. (Hacker News, MacRumors, John Gruber, Nick Heer):

TikTok said Sunday that it would be restoring service to U.S. users after blocking it the evening before.

In a statement, TikTok said its video platform was coming back online after President-elect Donald Trump provided the necessary assurances to the company’s service providers.

[…]

The law banning TikTok, which was scheduled to go into effect Sunday, allows the president to grant a 90-day extension before the ban is enforced, provided certain criteria are met.

[…]

Prior to the ban’s implementation, both Biden and the incoming Trump administration appeared to reverse their earlier positions on TikTok.

Alan Z. Rozenshtein:

Second, the order’s 75-day enforcement suspension deliberately bypasses PAFACAA’s built-in mechanism for 90-day extensions, which requires certification to Congress that a legally binding divestment process is underway.

Apple (MacRumors, 2):

TikTok and ByteDance Ltd. apps are no longer available in the United States, and visitors to the United States might have limited access to features.

Apple is obligated to follow the laws in the jurisdictions where it operates. Pursuant to the Protecting Americans from Foreign Adversary Controlled Applications Act, apps developed by ByteDance Ltd. and its subsidiaries — including TikTok, CapCut, Lemon8, and others — will no longer be available for download or updates on the App Store for users in the United States starting January 19, 2025.

[…]

Users visiting from outside the United States with their Apple Account set to a country or region that is not the United States are unable to download, update, or make in-app purchases and new subscriptions inside ByteDance Ltd. apps while within the land or maritime borders of the United States.

Joe Rossignol:

Apple tonight updated its beta testing app TestFlight, seemingly to block U.S. users from accessing the TikTok beta on the iPhone and other devices.

Rui Carmo:

[The] notion of a U.S. government stake in a social media platform feels like a plot twist straight out of a dystopian novel, and the idea that a government would want to own (or guide the disposal of) half of a private company is not just bizarre; it raises serious questions about the implications for privacy and control over digital spaces.

Meanwhile, companies like Apple and Google are playing it safe, adhering to the law while TikTok’s back-end providers seem to be banking on a promise from a not-yet-president either that or Oracle must be really confident in their legal team (which is the true core of their business, so I guess that makes sense).

Previously:

TikTok In-App Purchases

John Koetsier:

TikTok might be under assault by the U.S. government, banned in India and not even available in China, but in February it had the highest in-app earnings in the world. And it wasn’t even close: TikTok’s $189 million from in-app revenue almost doubled the next-most-profitable app, YouTube, which only reached $111 million.

[…]

In what is starting to be a bit of a broken record, TikTok was also the highest earning app in January and December of 2023, according to mobile analytics vendors AppFigures. And November and September, too. In fact, it’s been the top-earning global app for at least 15 months running.

TikTok has pretty much two sources of revenue. One is advertising, which isn’t covered in this report (but is very lucrative as well). The second is in-app purchases: people buy coins for about $0.02 each (the minimum buy is 65 coins at a time). Those coins can then be given to creators during live-streams, as tips in comments, or used for yourself to boost a personal post and make it more visible to other people.

Sarah Perez:

TikTok may be routing around the App Store to save money on commissions. According to new findings, the ByteDance-owned social video app is presenting some of its users with a link to a website for purchasing the coins used for tipping digital creators. Typically, these coins are bought via in-app purchase, which requires a 30% commission paid to Apple.

The feature may be hidden from most users, either by design or because it’s only shown to users in a specific group, like testers or high spenders. In any event, those who do have access to the new option are seeing a screen that encourages them to “recharge” — that is, buy more coins — via tiktok.com.

[…]

In some cases, users are shown a screen that includes a message such as “Try recharging on tiktok.com to avoid in-app service fees” followed by a “Try now” link.

As she notes, this does not seem to comply with Apple’s guidelines for external purchase links.

Previously:

Friday, January 17, 2025

How to Obtain View Dimensions in SwiftUI

Fatbobman:

Use GeometryReader, onGeometryChange, visualEffect, or containerRelativeFrame to dynamically retrieve and respond to view dimensions in SwiftUI. Each method caters to specific use cases and levels of customization.

Trouble Updating the Wisdom of Quinn

Josh Wisenbaker:

With the most recent update to the Apple Developer Forums, it’s become pretty much impossible to update this collected wisdom in any regular way. This is why there hasn’t been an update to the archive in a while.

The main issues are:

  • Apple staff no longer have individual accounts.
  • The collective “Apple” accounts are not searchable.

[…]

If you try to search for that username, it doesn’t really do what you expect either. It just searches for that string in posts, not for posts by that user.

Searching for “user: DTS Engineer Quinn” does a fairly decent job of finding results, but they are all over the place now. You can only see 15 of them at a time on the new forums as well.

It’s doubly disappointing that this goldmine is relegated to the forums and that it’s now so hard to find there.

Previously:

Apple’s DMA Compliance Criticized

Thomas Claburn (Hacker News):

Digital rights advocacy organizations contend that Apple has failed to comply with its interoperability obligations under the EU’s Digital Markets Act (DMA).

The groups made their case in a letter [PDF] asking competition watchdogs to do more to ensure Apple’s compliance with the Article 6(7) of the DMA.

The letter is the work of four groups - the Free Software Foundation Europe, freedom of expression advocates ARTICLE 19, European Digital Rights, and Data Rights - plus three independent researchers.

[…]

The letter’s signatories argue that the commission’s approach so far, “as laid out in Apple’s compliance report and as observed in practice so far, is clearly deficient and structurally incapable of delivering effective interoperability, as required by the DMA.”

See also this long thread started by John Gruber.

Previously:

Opting Out of Microsoft 365’s Copilot AI

Nick Gelling (via Hacker News, Reddit):

If you have a Microsoft 365 subscription, you might’ve been told your fees are going up by $5 a month or $50 a year. But the fees aren’t actually changing – you’re just being upsold.

[…]

On face value, a price hike of around 30–40% for a half-hearted implementation of an AI tool seems like a bad deal – at least for some of the tens of thousands of 365 subscribers in Aotearoa.

[…]

Log into your Microsoft account at account.microsoft.com. Find your 365 subscription and select “Manage”. Then select “Cancel subscription”.

If you have the right kind of subscription, a new option will miraculously appear – Microsoft 365 Classic, which has no price increase or Copilot AI.

Just like with Adobe, this did not work for me. After I cancelled my $69.99 subscription, the only alternatives were more expensive plans. After over an hour of chat support, I was told that you cannot switch to the Classic plan until it’s time to renew the current plan, even though Microsoft’s own forum had recommended the same thing as Gelling. Maybe too many people were downgrading—the support person seemed prepared to argue with me that I really do want Copilot AI.

The other dark pattern I noticed is that the new plan is $99.99/year or $9.99/month, and it claims that the former is a savings of 41%.

Previously:

Thursday, January 16, 2025

Let the User Help Solve Their Own Problem

Peter Hosey (Mastodon):

I wish we had a maps app like Apple Maps or Google Maps that let you order up a travel itinerary using public transit between two points, and explicitly pick the transit routes involved. Or, ideally, multiple sets of routes, for comparison.

[…]

Sometimes all the app’s recommendations are reasonable, but sometimes there’s one or more options that might be preferable—and I don’t know how preferable if the app isn’t showing me when the next 49 arrives, so I can compare to the 7 minutes for a 14R or 9 minutes (including a short walk) for BART.

[…]

This is one instance of a general problem, which is products having only algorithmic solutions to the user’s needs, with no opportunity for the user to contribute to the solution.

The algorithmic-only model admits only one remedy: Improve the algorithm. But because no algorithm will ever be perfect, you’ll be playing this game of whac-a-mole forever.

Previously:

M4 Mac mini USB-C Issues

Malcolm Owen (Reddit, 2):

However, it seems that in a small number of cases, USB-C connections on the M4 Mac mini are problematic.

Various Internet posts uncovered by AppleInsider reveal that users are undergoing similar problems. They generally consist of hardware connected using USB-C suddenly disconnecting and becoming unusable, or not connecting in the first place.

[…]

The issue has also appeared on the Apple Support Forum. One November 23 post explained that the front USB-C ports worked fine, but the rear ports wouldn’t work reliably with connected devices, effectively making the rear ports useless.

[…]

Elsewhere, the same problem appeared on the MacResource forum, with a user reporting a similar issue. They discovered that the Apple Extended Keyboard didn’t work around the back when plugged in via an adapter, but a Logitech mouse plugged in directly worked.

Previously:

Update (2025-01-24): Isle of the Kakapo:

Same here... 🙁

Putnam-AXIOM Variation

Aryan Gulati et al. (PDF, via Hacker News):

As large language models (LLMs) continue to advance, many existing benchmarks designed to evaluate their reasoning capabilities are becoming saturated. Therefore, we present the Putnam-AXIOM Original benchmark consisting of 236 mathematical problems from the William Lowell Putnam Mathematical Competition, along with detailed step-by-step solutions. To preserve the Putnam-AXIOM benchmark’s validity and mitigate potential data contamination, we created the Putnam-AXIOM Variation benchmark with functional variations of 52 problems. By programmatically altering problem elements like variables and constants, we can generate unlimited novel, equally challenging problems not found online. We see that almost all models have significantly lower accuracy in the variations than the original problems. Our results reveal that OpenAI’s o1-preview, the best performing model, achieves merely 41.95% accuracy on the Putnam-AXIOM Original but experiences around a 30% reduction in accuracy on the variations’ dataset when compared to corresponding original problems.

So it didn’t “understand” the original problems as well as had been thought.

Previously:

macOS 15.2 Changes XProtect Update Mechanism

Howard Oakley:

In the latest release of Sequoia, the traditional method of updating XProtect is no longer used. If softwareupdate were to download and install an update, then it will only end up in the traditional location, and xprotect update can’t use that to update the new location.

In normal use, this means that the user can’t update XProtect until that new version is made available from iCloud. This ensures that the only versions provided to Macs running 15.2 and later are those intended to be used in Sequoia, but it also means that any delay in providing those via iCloud will leave Macs without the latest update.

Apple has modified the xprotect command to provide one let-out, though: use sudo xprotect update --prerelease and it “will attempt to use a prerelease update, if available.”

Ric Ford:

Also confusing is that Apple never shows these updates in System Preferences > Software Update nor on the Apple Security Releases webpage (although they should be listed after installation in System Report > Software > Installations if you can locate that report on your Mac).

Howard Oakley:

Apple provides so many services for different parts of macOS that it’s hard to keep track of them. If you want to see a short summary, this article lists all service connections for enterprise network administrators, although it doesn’t detail which services use which servers, for example referring to “macOS updates” in many entries.

Many of you seem surprised to learn that Sequoia’s new XProtect updates come from iCloud, although Apple has been using iCloud for similar purposes for at least the last five years.

Previously:

Wednesday, January 15, 2025

AirPods Pro 2 and AirPods 4 Pushed Into Transparency Mode

Spencer Dailey (via Hacker News):

A couple of weeks ago I noticed my pair of AirPods Pro 2 aggressively switching me into Transparency mode. It seemed like a bug. Again and again I would have to manually switch back out of Transparency mode. Annoying.

Then a few days later, Apple removed the ability for me switch out of Transparency mode altogether!

There are ways to reverse each of these changes (the force switching and the Off removal), but the whole process was a major pain as a user to figure out, it wasn’t simple to reverse even once I knew how to, and there wasn’t any heads up that I remember getting from Apple explaining the changes. This led to me and a lot of people being confused.

Well over 100M people own AirPods. Here are some reddit posts (1, 2, 3, 4, 5) made by users frustrated over these AirPods changes. Notably, none of these reddit posts contain in their comments all of the steps needed to revert the changes.

iOS 18 and macOS 15 have a new Off Listening Mode setting:

For AirPods Pro 2 paired with compatible devices, enable the setting called Off Listening Mode, which allows you to turn off all noise control technology.

If you don’t enable the Off mode, the AirPods will only show the Transparency, Adaptive, and Noise Cancellation modes. The regular mode, without extra processing, is gone.

In frustration, I eventually Googled myself down a rabbit hole where I learned: all of this is likely tied to a relatively new feature called Loud Sound Reduction that only works if AirPods are in an active “Noise Control” mode. So Apple perhaps recently decided that everyone needed this feature enabled, and that’s why they made all these annoying changes to Noise Control? I can only speculate.

This is odd because I find that unwanted sounds are much louder in Transparency mode. I’ve always found this mode off-putting and rarely use it.

He also points out that the Loud Sound Reduction setting looks like it can’t be turned off. You have to find the toggle in elsewhere in Settings ‣ Accessibility.

But you know what? tvOS still did not show an “Off” mode for my AirPods 2! I ended up needing to hard reset my AirPods, change all the settings mentioned above on iOS for a second time, and then let tvOS rediscover them before “Off” would appear there.

Previously:

AirPods Pro Case Chime Sound

Juli Clover:

If you’ve been hearing a chiming sound from your AirPods Pro 2 case when the AirPods are charging, it’s a feature that Apple added with the launch of Hearing Health last year.

[…]

Apple says that the AirPods Pro may play a sound every so often while in the case to ensure the microphones and speakers are working as intended.

[…]

Information on the mysterious chime was highlighted on Mastodon after Apple’s unclear AirPods sounds were discussed on today’s ATP podcast.

John Gruber (Mastodon):

Years ago, Apple was a successful company and documented how their products work. These days, Apple is struggling financially, and alas can no longer afford to produce something even as simple as an interactive web page with examples of the sounds that AirPods make and explanations of what those sounds mean.

Previously:

Tony Fadell Wanted Apple to Buy Sonos

John Gruber:

I asked Tony Fadell and he confirmed to me it was him, saying it was back in the very earliest days of Sonos, when Sonos was set to debut with a device featuring an obviously iPod-like scroll wheel for input. Jobs wanted to sue (of course). But Fadell, after meeting with the founders, wanted to buy them, and made his case to Jobs, to no avail, several times circa 2003. Fadell said his pitch was basically “Seriously, we are all about music. Customers want this. I want this.” And Jobs’s response was, according to Fadell, “No one wants what they are selling.”

Needless to say, Apple is no longer all about music.

Previously:

PyObjC 11

Ronald Oussoren:

This release has two major features:

  1. Support for the macOS 15.2 SDK, including new bindings for the frameworks MediaExtension and DeviceDiscoveryExtension

  2. Experimental support for GIL-less operation in the free-threaded build of Python 3.13

The latter feature is an important reason for the delay: Supporting GIL-less operation required reworking parts of the internals of PyObjC, both to rely on other locks than the GIL and to avoid CPython APIs that are known to be problematic when the GIL isn’t present (“borrowed references” for anyone familiar with the CPython API).

Previously:

Tuesday, January 14, 2025

Bezel 2.5.1

MacStories:

Bezel [Web site] is one of those simple, easy-to-use apps that feels like it should have been made years ago. The one-line summary of Bezel is that it mirrors your iPhone screen to your Mac. But it actually does much more than that, elevating the app from a basic tool to a fully functioning utility with genuine, everyday use cases.

In addition to mirroring, Bezel offers many different ways to capture the screen of the mirrored device. You can place the screenshot in the frame of your iPhone and add padding around the frame with any pattern or color you want, or make the padding transparent. All of this together yields unique results, enabling many real-world applications. You can layer your phone’s screen onto other videos, show what you are doing on your screen during a big presentation, take screenshots with a frame for a how-to guide, and much more. Bezel also includes excellent keyboard shortcuts for almost every action within the app, as well as the ability to resize its window to a custom size or even to the device’s actual pixel size.

Niléane Dorffer:

I initially remembered that it is already possible to natively mirror an iPhone’s display on a Mac using QuickTime Player[…] Unfortunately, QuickTime Player’s video capture often produces artifacts and has a latency of up to one second. This is far from ideal for screen recording or showcasing the iPhone’s display during a presentation. In contrast, I found Bezel’s video to be smoother and nearly instant.

Previously:

Gravy Analytics Hacked

Joseph Cox:

Hackers claim to have compromised Gravy Analytics, the parent company of Venntel which has sold masses of smartphone location data to the U.S. government. The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples’ precise movements, and they are threatening to publish the data publicly.

[…]

The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem —not code developed by the app creators themselves— this data collection is likely happening both without users’ and even app developers’ knowledge.

Nick Heer:

You remember Gravy Analytics, right? It is the one from the stories and the FTC settlements, though it should not be confused with all the other ones.

Juli Clover:

Gravy Analytics’ parent company Unacast disclosed the data breach earlier this month [PDF], and said that its AWS cloud storage environment had been accessed by an unauthorized person using a “misappropriated access key.”

[…]

The order required Gravy Analytics to delete all historic location data and any data products developed using data collected from consumers, but it was apparently too late because the company’s systems had likely already been breached at the time.

Gravy Analytics collects location data through a real-time ad bidding process that allows companies competing to buy an ad to see customer IP address and more precise location data if enabled.

[…]

Baptiste Robert, CEO of security firm Predicta Lab, told TechCrunch that iPhone users that had app tracking disabled did not have their data shared.

See also: Bruce Schneier:

Previously:

Brazil Fines Apple Over FaceApp

Filipe Espósito (AppleInsider):

Apple and Google have been fined R$19 million (about US$3.1 million) in Brazil after a judge ruled that the companies contributed to allowing the controversial photo editor FaceApp to improperly collect data from its users. The app has a long history of questionable privacy policies.

[…]

The judge believes that the photo editor app violates the Brazilian Civil Rights Framework for the Internet, a law that regulates the use of the internet and digital platforms in the country.

Under Brazilian law, platforms are prohibited from “massive and improper collection of personal data” without users’ consent.

Previously:

Treasury Department Hacked

Lawrence Abrams (Slashdot):

Chinese state-sponsored threat actors hacked the U.S. Treasury Department after breaching a remote support platform used by the federal agency.

[…]

“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” reads the letter seen by the New York Times.

[…]

The threat actors utilized this access to target the text messages, voicemails, and phone calls of targeted individuals, and to access wiretap information of those under investigation by law enforcement.

Emma Roth:

The threat actor stole a key used by BeyondTrust “to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.” With the key, they overrode the security to remotely access those users’ workstations and “some unclassified documents” they maintained.

Richard Speed:

Writing on Mastodon, cyber security researcher Kevin Beaumont had a warning for Software-as-a-Service users: “One thing every org needs to start to plan for: SaaS provider breaches. What’s your playbook for when your SaaS provider gets breached?

Bruce Schneier quotes the Washington Post:

The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the United States, Taiwan, Europe and elsewhere.

Previously:

Monday, January 13, 2025

This Remote Has Me Questioning Everything

Matt Birchler:

I recently lost my Apple TV remote (the latest model) and despite apparently being somewhere in the couch according to Find My, my wife and I can not find it. We were using our phones as remotes for a couple days, which was annoying, but got the job done. But then I was doing something random with the TVs standard remote and for whatever reason I had the Apple TV on screen and used my Hisense remote to arrow around. To my surprise, it totally worked.

I’m sure this is a well-known thing, but I just hadn’t thought about my TV remote being able to control the UI of my Apple TV. I assume this is something to do with ARC over HDMI or something, but whatever the reason it works!

Now, I expected for this to feel like a stopgap until we found the actual Apple TV remote, but I actually really like using this compared to the Apple TV’s real remote. It feels better in the hand, the buttons are more satisfying to press, the buttons are less prone to accidental presses, there’s no trackpad I can accidentally brush and select the wrong thing, and the button layout is more logical to me. Seriously, I’ve been using the redesigned Apple TV remote since 2021 and I still have to look at it to remember where the mute and play buttons are because they’re not where I’d expect. 4 years of use and it’s still not muscle memory!

I stand by my original assessment that even the revised Siri Remote is just not very good.

Previously:

Mac Toolbar Guidelines

Mario Guzmán (Mastodon, Bluesky):

The following sections are general guidelines that describe fundamental Toolbar layout and design principles for Mac applications. Following these guidelines will help you create functional and aesthetically pleasing toolbars that are easy for Mac users to understand and use.

This document will reference a hypothetical Email application to illustrate key points in designing a Toolbar. It will heavily reference classes, structs, and properties in NSToolbar and NSTitlebarAccessoryViewController.

Mario Guzmán:

Have you noticed how some Apple apps just highlight w/ a darker translucency rather than a solid color?

You can see this darker translucency row highlight in apps like Finder & Apple Music sidebars.

Well, if you want to achieve this look for YOUR app, this is how you’d do it:

Subclass NSTableRowView and override isEmphasized so that the getter returns false.

Mario Guzmán:

When designing your sidebars and toolbars, don’t make the Sidebar toggle button a moving target. Don’t make your users chase it back and forth to toggle it. Keep it left-aligned, “pinned” to the window control buttons.

See the video of Disk Utility vs Passwords apps from macOS. Passwords app is how you want to do it.

Safari and Calendar also work like Passwords, though Calendar doesn’t use a standard toolbar. And why doesn’t Contacts have such a button?

It’s definitely bad to make the user chase the button back and forth. On the other hand, for most apps, putting it to the left might give it undue prominence. I thought the convention used to be to pin it to the right. That kind of solved both problems but had the disadvantage of making the button maximally far away from the area that it applied to. And in a Big Sur world of toolbar items that don’t fit, the implicit lowest priority from being the rightmost item would need to be boosted in order to avoid the instability of having it appear and disappear as the window resizes.

Previously:

Update (2025-01-24): Dave Dribin (2009):

Bottom bars have been an important user interface element for a while now on Mac OS X. They’re that gray status bar you see at the bottom of many of Apple’s applications including iTunes, Finder, iChat, iCal, Address Book, and iPhoto. The Human Interface Guidelines even has a whole section on bottom bars [Apple broke the link] describing what they are and when to use them.

[…]

In Mac OS X 10.5, Apple added a new API to NSWindow to add bottom bars, somewhat cryptically named setContentBorderThickness:forEdge:.

Via Mario Guzmán:

Given how overloaded NSToolbars became with macOS Big Sur, Bottom Bars are needed now more than ever.

What Happened to APFS Fast Directory Sizing?

John Siracusa:

Has anyone successfully enabled Fast Directory Sizing on a directory on an APFS volume in macOS and then confirmed that it works using dirstat_np?

Jim Luther:

That’s one of those promised features I was referring to that never really was hooked up or implemented right. IIRC, the problems with it are:

  • You have to create the directory and set an attribute on it before putting anything in it. It’s not available on already existing directories.
  • The size returned only includes the files data fork space. Extended attributes (including the resource fork) are not included.
  • The API is synchronous with no progress callbacks.

Those reasons keep the Finder from using it, and the Finder team asked for that APFS feature.

James Atkinson:

Is it a limitation of APFS that this feature couldn’t be created in a way that was useful to the Finder team, or is it just not a priority perhaps? I do find APFS fascinating. Also curious why the delta snapshot sending that was demoed never amounted to anything?

And Radar 32794924 apparently says that, if even you’re OK with those limitations, the DIRSTAT_FAST_ONLY path currently doesn’t work, so the API can only do the DIRSTAT_FORCE_FALLBACK path of recursively calculating all the sizes.

Previously:

Update (2025-01-16): Kory Heard:

Apple strongly hinted that APFS would be open sourced when first announced but that never came.

See also: Hacker News.

Accessibility That Fits

Soroush Khanlou:

Building a design that’s responsive to both its contents and its environment is a one of the primary challenges of robust user interface programming. There are some false gods out there and some legitimate best practices. However, I’ve found a new strategy that really helps, especially for text that has been scaled up for accessibility reasons.

[…]

So it’s not going to work to just shorten the string a little bit to get the text to fit. It is an interesting idea, though, that you can make the date take up less space by configuring it slightly differently. How do you get it to show the narrower string only if it needs to? You could try to key it off the dynamicTypeSize, which you can pull out of the environment:

@Environment(\.dynamicTypeSize) var dynamicTypeSize

But, this would ultimately be vague guesswork, and might break based on other factors, like screen size.

Fortunately, SwiftUI comes with a tool that helps us pick the best fitting option out of a series of compatible views, and it’s called ViewThatFits.

I’ve usually seen ViewThatFits discussed as a way to make a responsive layout that changes shape based on the available space. But it also seems to be an elegant solution for more mundane situations of figuring out how much text can fit—in this case choosing which date format to use.

I was going to say that Apple has used auto-changing date formats for decades, e.g. in Mail’s table view, but upon checking it looks like Apple removed that when it removed the Mail table view in Catalina and didn’t restore it when bringing back the table view a few years later. The column no longer separately aligns the days and times, either.

Finder does still adjust date formats based on the table column width, and it was not uncommon for apps to implement this themselves when I was initially developing EagleFiler, but Apple never added it as a standard framework feature, and it seems less common these days.

Friday, January 10, 2025

SteamOS Expands Past the Steam Deck

Michael Crider (Hacker News):

The big story in PC gaming for the last three years has been the Steam Deck. This low-power, portable, relatively inexpensive machine is clearly something the market has been waiting for, exciting gamers and energizing PC makers to pump out imitators, like the Asus ROG Ally and the Lenovo Legion Go.

But all of these machines lack a crucial component, despite copying the Steam Deck’s hardware to a greater or lesser degree. They rely on Windows, as do almost all consumer PCs not made by Apple. And Windows just isn’t a good experience in this form factor.

Kyle Orland (Hacker News):

Almost exactly a year ago, we were publicly yearning for the day when more portable gaming PC makers could ditch Windows in favor of SteamOS (without having to resort to touchy unofficial workarounds). Now, that day has finally come, with Lenovo announcing the upcoming Legion Go S as the first non-Valve handheld to come with an officially licensed copy of SteamOS preinstalled. And Valve promises that it will soon ship a beta version of SteamOS for users to “download and test themselves.”

[…]

The lack of a Windows license seems to contribute to a lower starting cost for the “Powered by SteamOS” edition of the Legion Go S, which will start at $500 when it’s made available in May. Lenovo says the Windows edition of the device—available starting this month—will start at $730, with “additional configurations” available in May starting as low as $600.

Previously:

Luigi Mangione’s Account Renamed on Stack Overflow

Evan Carroll (via Hacker News):

On Stack Exchange, all of the contributions on the site are contributed under a license maintained by a third party called Creative Commons; Creative Commons provides a license which states that licensed content must be perpetually shareable for any purpose including modification and by anyone including for-profit ventures, so long as the work remains properly attributed. This incentivizes content creation because every contributor is working on a corpus of work which is free from royalties and modification restrictions: everyone is bettering and growing the commons by using the site.

[…]

Alas, this minimal obligation of attribution is too much for some companies which have sought to erode this right. Right now, on Stack Overflow, Luigi Magione’s account has been renamed. Despite having fruitfully contributed to the network he is stripped of his name and his account is now known as “user4616250“. As reported by one of the moderators, Zoe, on Stack Overflow.

Mangione has not actually been convicted of anything yet. Reddit, Facebook, and Instagram have deleted his accounts, but “the only one that chose to both erase him and keep the content, is Stack Exchange.” It’s not clear whether that’s legal.

The Ross Ulbricht case is even more egregious because he was convicted and his old pseudonym remains with his attribution as Ulbricht desired.

Previously:

Passkey Usability

Dan Goodin (Hacker News):

Passkeys—the much-talked-about password alternative to passwords that have been widely available for almost two years—was supposed to fix all that. When I wrote about passkeys two years ago, I was a big believer. I remain convinced that passkeys mount the steepest hurdle yet for phishers, SIM swappers, database plunderers, and other adversaries trying to hijack accounts.

[…]

The FIDO2 specification and the overlapping WebAuthn predecessor that underpin passkeys are nothing short of pure elegance. Unfortunately, as support has become ubiquitous in browsers, operating systems, password managers, and other third-party offerings, the ease and simplicity envisioned have been undone—so much so that they can’t be considered usable security, a term I define as a security measure that’s as easy, or only incrementally harder, to use as less-secure alternatives.

[…]

Rather than help users understand the dizzying number of options and choose the right one, each implementation strong-arms the user into choosing the vendor’s preferred choice.

[…]

At this point, I don’t know if it’s Google or Firefox that’s presenting me with this non-intuitive response. I just want to open LinkedIn using the passkey that’s being synced by 1Password to all my devices. Somehow, the mysterious entity responsible for this message (it’s Google in this case) has hijacked the process in an attempt to convince me to use its platform.

Rui Carmo:

As someone who logs in to my corporate environment daily (sometimes more than once) using passkeys, I can certainly say that they are borderline usable in very specific contexts, but a complete mess where it regards interoperability.

Dan Moren:

The fundamental problem is that while the idea of passkeys is excellent, the implementation of it has been a mess. Every platform and site seems to have its own different way of handling the process, and what should be simple has instead become extremely confusing.

[…]

And I’m not even restricting that to non-tech-savvy users. I’ve run into multiples sites where I have set up a passkey and it doesn’t work correctly. Just last night I was trying to log into iTunes Connect on my iPhone: iOS showed I had a passkey and offered to use it, but for some reason, the site kept throwing an error. Maddening.

Shriram Krishnamurthi (via Venkatesh-Prasad Ranganath):

One of my great fears of passkeys — that I have not seen anyone talk about from a usability perspective […] is helping parents with their accounts. Right now I have access to their passwords. If they switch to passkeys, it becomes a lot harder for me to impersonate.

Rick Mondello:

Yes, I’ve seen the Ars piece about passkeys, and to be honest with y’all, I’m genuinely confused by it and can use help making the feedback actionable.

I do agree that it’s a problem that websites that have adopted passkeys aren’t using them to replace passwords and one-time codes.

I acknowledge that different platforms and operating systems have different user interfaces and experiences, in general, and regarding passkeys. I’m having a hard time quantifying whether that’s even a problem.

Adam Shostack:

I think the biggest thing is to (a) ensure dialogs are clear about what software is presenting them (b) where it plans to store the key and (c) letting people configure what their preference is for passkey management.

[…]

I learned recently that this is a 1password dialog*, despite having a different icon than the 1password icon. Also there’s no icon at all in the expando version.

*Or maybe it’s a firefox dialog that’s being integrated or hijacked in some way?

Ricky Mondello:

I vibe with this. Does anyone have any examples of where and how any vendor’s dialogs around passkeys might lead people astray?

Ricky Mondello:

I think it’s been a profound mistake on 1Password’s part that 1Password on desktop intentionally ignores the platform-native way to plug passkey data into web browsers and instead implements passkeys by hijacking the web API via their browser extension. (On iOS, however, they properly integrate as a data source.)

Ricky Mondello (Mastodon, tweet):

Obviously, authenticating to websites isn’t an either-or binary between passwords and magic links. Passkeys — the next-generation authentication standard defined by the FIDO Alliance and W3C, with backing from all of the major platforms, browsers, and credential managers — can be layered nicely into a magic link-based system to give users a secure and fast sign-in experience without the frustrations that come with switching apps to refresh one’s email. They’re complementary technologies, because passkeys can do this in a way that seamlessly coexists with, and is in fact supported by, email magic links for people who don’t yet have a passkey, don’t want a passkey, don’t have the device stability to use passkeys, or would prefer to sign in with a magic link this one time.

[…]

My local grocery store, one of the many Albertsons companies, has taken to preferring an email magic link over my easily-AutoFilled password, and it frustrates me every single time I try to sign in. Once you’ve experienced a world where signing in to websites and apps is so seamless it requires next to no thought, while still being secure, you never want to go back.

But I also kind of love magic links, because they acknowledge — no, radically accept — some fundamental truths. […] almost all online accounts can eventually be signed into by proving possession of an email address; this is usually phrased as “forgot password?”

[…]

On iOS and Android, in notable contrast to magic links, passkeys are directly usable across web browser apps and system web view experiences.

Leon Cowle:

Color me skeptical about passkeys (sorry Ricky!). I love the idea of them. I even use them myself (where possible, which isn’t a lot). But I’ve yet to find a non-techie that’s even heard of them. But more importantly, with passwords, password managers, one-time login links via email, SMS 2FA (yuck), email 2FA, hardware 2FA (for security nerds), I can’t help but wonder if the ol’ XKCD won’t end up applying here too?

[…]

I HOPE I’M DEAD WRONG AND PASSKEYS TAKE OVER THE (auth) WORLD!

Previously:

Network Neutrality Not Reinstated

Bruce Crumley (via Hacker News):

The increasing challenge to government agencies’ authority to regulate businesses gained momentum this week, after an appeals court suspended application of the Federal Communications Commission‘s (FCC) ruling restoring net neutrality. That stay effectively delays the court’s decision in the case until after November’s elections. No matter the results of those, however, its final fate may well be decided by the Supreme Court–whose previous rulings facilitated attacks on federal agencies in the first place.

[…]

The prohibition on ISPs offering faster services to corporate customers and individuals willing to pay more for the privilege was first imposed by the Obama Administration, revoked under Donald Trump’s presidency, then reauthorized by the FCC in April on the orders of President Joe Biden.

Brandon Vigliarolo:

The decision from the 6th Circuit Court of Appeals, filed today, formally killed the FCC’s April order that once again classified internet service providers as common carriers required to be impartial in the offering of their services regardless of what a customer was doing online.

David Shepardson:

The court cited the Supreme Court’s June decision in a case known as Loper Bright to overturn a 1984 precedent that had given deference to government agencies in interpreting laws they administer, in the latest decision to curb the authority of federal agencies.

Ben Lovejoy:

The FCC had acted in response to calls from Apple and more than 40 other tech companies to safeguard equal treatment for all.

Meg James (via Slashdot):

Despite the dismantling of the Federal Communications Commission’s efforts to regulate broadband internet service, state laws in California, New York and elsewhere remain intact.

[…]

In fact, some suggested that the Cincinnati-based 6th Circuit’s decision — along with other rulings and the U.S. Supreme Court’s posture on a separate New York case — has effectively fortified state regulators’ efforts to fill the gap.

Previously:

Thursday, January 9, 2025

Making Apple S9 and A16 in Arizona

Tim Culpan:

TSMC Arizona has picked up a second Apple product. In addition to the A16 processor for iPhones, which I shared with you in September, the fab is now producing SiPs (Systems-in-Package) for the Apple Watch, according to my sources. This product is believed to be the S9 SiP (I’ll be honest, I am a little unclear on this, but I’m 99% sure it’s the S9). Recall that TSMC Arizona is manufacturing at N4 (part of the N5-family of process nodes) while the S9 is made in Taiwan at N4 and is a derivation of the A16, so this would make sense.

Note that both of these are previous-generation chips.

Via Ryan Christoffel (MacRumors):

Trump’s administration is expected to impose strict tariffs on products being brought into the US from overseas, but Apple hopes to largely be exempt from any such financial burdens.

Mike Piatek-Jimenez:

The news that Apple is going to start manufacturing the S9 SIP in the U.S. is also likely an attempt to dodge the ITC import ban for the O2 monitoring feature.

Previously:

Bing Tricking People Into Thinking They’re on Google

Tom Warren (tweet, Hacker News):

Microsoft is pulling yet another trick to get people to use its Bing search engine. If you use Bing right now without signing into a Microsoft account and search for Google, you’ll get a page that looks an awful lot like… Google.

It’s a clear attempt from Microsoft to make Bing look like Google for this specific search query, and other searches just list the usual Bing search results without this special interface. The Google result includes a search bar, an image that looks a lot like a Google Doodle, and even some small text under the search bar just like Google does.

[…]

We’ve been cataloging every trick Microsoft has used to convince people to switch to Bing or Edge instead of Google and Chrome over the past few years. Microsoft has modified Chrome download sites, added pop-up ads into Google Chrome on Windows, injected polls into Chrome download pages, and even used malware-like popups to get people to ditch Google.

John Gruber (Hacker News):

The autoscrolling moves the page down just far enough to move Bing’s own page header out of the viewable page content. But because they just autoscroll down from the Bing page header, as opposed to hiding it completely (say, using display: none in CSS) you can see it by just scrolling back up. But who thinks to scroll up immediately after typing a search term and hitting Return? (No one.) They even actually have the word “Google” and Google’s actual logo on the results page, in an “info box” for Google, the “American tech company”. See for yourself.

It’s an exquisite dirty trick, and I’ll bet it actually works remarkably well. Google itself has long claimed that “google” is the most-searched-for term on Bing. I’ll bet that presenting the results for that search this way greatly increases the number of users who, thinking they’re actually now on Google, perform the search they intended to do on Google right there on Bing.

Mayank Parmar:

Microsoft is rolling out a new server-side update that could trick some people into using Bing as a default search engine in Google Chrome.

While using Google Chrome, I encountered a Bing pop-up on the right side of the browser. For a moment, I thought Chrome was infected with malware, but it turned out to be a new Microsoft campaign.

Via Nick Heer:

Speaking of things first-party platform vendors can do, this is an ad delivered by Windows within Chrome. Many things have changed since that antitrust trial, but something that remains the same is the contempt for users shown by corporate attempts to grab market share.

John Gruber:

Following up on yesterday’s item regarding Bing masquerading as Google to trick Edge users into searching with it, this Mastodon post from Timo Tijhof lists a few other such subterfuge tactics they’ve pulled recently. My favorite was this one from last year: when users opened a tab for “bard.google.com”, Edge inserted an ad in the tab bar encouraging the user to “Compare answers with the AI-powered new Bing”. Ads in the tab bar, jeebus.

Previously:

Update (2025-01-24): John Gruber:

OK it’s not so much that Microsoft has stopped the trickery, but more like they’ve just turned the dial down a little bit. The Google-Doodle-style illustration is still there, but on desktop browsers, at least, they’ve stopped the autoscrolling that hides the Bing branding and site navigation at the top of the page. But if you have Mobile Safari set to use Bing as its default search and search for “Google” from the location field, you get the Google-lookalike layout with the Bing branding scrolled out of view.

Microsoft Edge Slurps Tabs From Chrome Without Permission

Brandon Vigliarolo (via Hacker News):

Buried within Edge’s browser settings on Windows PCs is code that goes well beyond a one-time import of favorites and stored passwords, and has been present in some form as far back as mid-2022 at least. It gives gives Edge the ability to import practically all browser data from Chrome each time Redmond’s browser is launched.

Ostensibly a way for Microsoft to simplify the process of getting Windows users to switch to Edge, the feature has a classic Microsoft problem: it’s right now doing so without full permission, according to users. As the Windows maker is wont to do, it’ll also sync that data to the cloud too, provided users are signed into a Microsoft account - not great if you had intended to keep your Chrome and Edge environments separated.

Tom Warren:

I never imported my data into Microsoft Edge, nor did I confirm whether I wanted to import my tabs. But here was Edge automatically opening after a Windows update with all the Chrome tabs I’d been working on. I didn’t even realize I was using Edge at first, and I was confused why all my tabs were suddenly logged out.

[…]

“Always have access to your recent browsing data each time you browse on Microsoft Edge,” reads Microsoft’s description of the feature in Edge. This setting was disabled, and I had never been asked to turn it on.

[…]

Microsoft displays a big blue accept button to encourage Windows users to enable the feature, with a darker “not now” button if you want to opt out.

The button to opt in simply says Accept, but at least the Now now button is of the same size and looks like a button, unlike on iOS.

Thomas Claburn:

In a report [PDF] titled, “Over the Edge: How Microsoft’s Design Tactics Compromise Free Browser Choice”, the public benefit browser org argues that Windows users are encouraged to use Microsoft Edge and deterred from other options.

“Over the Edge” focuses specifically on Microsoft Edge and alleges manipulative design patterns – sometimes referred to as “dark patterns” or “deceptive patterns” – that push people towards a preferred outcome when presented with a choice in a visual interface.

Previously:

Xerox to Acquire Lexmark

Lexmark (via Hacker News):

Xerox Holdings Corporation (NASDAQ: XRX) today announced it has agreed to acquire Lexmark International, Inc., from Ninestar Corporation, PAG Asia Capital, and Shanghai Shouda Investment Centre in a deal valued at $1.5 billion, inclusive of assumed liabilities. This acquisition will strengthen the Xerox core print portfolio and build a broader global print and managed print services business better suited to meet the evolving needs of clients in the hybrid workplace.

Previously:

Wednesday, January 8, 2025

Opting Out of “Help Apple Improve Search”

Norbert Heger:

Apple has recently shown a noticeable tendency to collect, gather, transmit, and sometimes even store privacy-sensitive data – despite repeatedly emphasizing the importance of protecting such data and ensuring it remains solely on the user’s device.

[…]

macOS Sequoia introduces another new feature labelled Help Apple Improve Search, which sends and stores various search queries from Safari, Spotlight, and other sources to improve search results.

This feature, too, is enabled by default and is well hidden at the very bottom of System Settings > Spotlight.

[…]

Even if the data sent is not directly linked to me as a person, the data itself may contain information I might not want to share with third parties.

[…]

It’s worth noting that the new option in System Settings only governs the storage of this data, not its transmission to Apple. If Include Safari Suggestions is enabled in Safari Settings > Search, inputs into the search field are still sent to Apple for providing suggestions. To prevent this, Include Safari Suggestions must also be disabled.

As with Siri Suggestions, the UI is not exactly clear, and though both System Settings and Safari’s settings window have Privacy tabs, that’s not where these options appear.

As Fazal Majid reminds me, another recent example is that Firefox was criticized for opting users into Private Click Measurement, which Apple had also done with Safari.

I find that I’m often accidentally typing or pasting into the new Type to Siri window because I’ve accidentally triggered it by double-tapping the Command key.

Previously:

RSS Cache Control

Brent Simmons reported to me that my blog’s RSS feed wasn’t updating in recent versions of NetNewsWire. They’ve added support for the Cache-Control response header, and, for reasons unknown, my site was returning an interval of 2 days:

$ curl --head https://mjtsai.com/blog/feed/
HTTP/2 200 
date: Wed, 08 Jan 2025 14:28:24 GMT
server: Apache
vary: Accept-Encoding,Cookie,User-Agent
link: <https://mjtsai.com/blog/wp-json/>; rel="https://api.w.org/"
etag: "9efc6f6ed8885592fcee58bc1685dcaf"
cache-control: max-age=172800
expires: Fri, 10 Jan 2025 14:28:24 GMT
content-type: application/rss+xml; charset=UTF-8

even though plain HTML content was only cached for 10 minutes:

$ curl --head https://mjtsai.com/blog/
HTTP/2 200 
date: Wed, 08 Jan 2025 14:34:20 GMT
server: Apache
vary: Accept-Encoding,Cookie,User-Agent
cache-control: max-age=3, must-revalidate
content-length: 307509
last-modified: Wed, 08 Jan 2025 14:30:02 GMT
cache-control: max-age=600
expires: Wed, 08 Jan 2025 14:44:20 GMT
content-type: text/html; charset=UTF-8

I spent a while trying to figure out why WordPress would do that, but it turns out to be a default set by my server provider, DreamHost. RSS feeds fall under the default file type even though they are more likely to change frequently.

There are various ways to override this using Apache’s .htaccess file. Simmons is using this for his feed:

<Files "rss.xml">
  <IfModule mod_headers.c>
      Header set Cache-Control "max-age=300"
  </IfModule>
</Files>

But I don’t want to list each file separately because this blog has many feeds, e.g. one for the comments on each post. What seems to work is setting the expiration by MIME type:

<IfModule mod_expires.c>  
  ExpiresActive on
  ExpiresByType application/rss+xml "access plus 300 seconds"
  ExpiresByType application/atom+xml "access plus 300 seconds"
</IfModule>  

Please let me know if you run into any problems with this.

Previously:

SysBumps Attack

Guru Baran (via Ric Ford, PDF):

The research team from Korea University, led by Hyerean Jang, Taehun Kim, and Youngjoo Shin, presented their findings in a paper titled “SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR in macOS for Apple Silicon.”

Their work represents the first successful KASLR break attack on macOS systems powered by Apple’s custom ARM-based chips.

[…]

By exploiting Spectre-type vulnerabilities in certain macOS system calls, the researchers demonstrated that an unprivileged attacker could cause transient memory accesses to kernel addresses, even with kernel isolation enabled.

A key component of the attack involves using the Translation Lookaside Buffer (TLB) as a side channel to infer information about the kernel’s memory layout. The research team reverse-engineered the TLB structure of various M-series processors, uncovering previously unknown details about its architecture.

Previously:

LG UltraFine 6K

Malcolm Owen:

The LG UltraFine 6K Monitor, model 32U990A, surfaced on Monday as part of the 2025 CES Innovation Awards, as an honoree in imaging. The monitor is described as the first in the world to have a 6K resolution display that also uses Thunderbolt 5.

[…]

LG’s newest screen has a Nano IPS Black panel, delivering high color accuracy and contrast. Its color gamut coverage includes 99.5% of Adobe RGB and 98% of DCI-P3.

[…]

Add in that Dell’s monitor is available now for the relatively reasonable $2,479.99, and it seems like a good buy for the moment.

That may change if LG is particularly aggressive on the pricing of its screen and its availability. Sadly we won’t know that until LG releases more details for the display, as well as more specifications in general.

Previously:

Tuesday, January 7, 2025

Apple Intelligence News Notification Summaries

Graham Fraser:

Apple Intelligence, launched in the UK earlier this week, uses artificial intelligence (AI) to summarise and group together notifications.

This week, the AI-powered summary falsely made it appear BBC News had published an article claiming Luigi Mangione, the man arrested following the murder of healthcare insurance CEO Brian Thompson in New York, had shot himself. He has not.

Imran Rahman-Jones:

A news summary from Apple falsely claimed darts player Luke Littler had won the PDC World Championship - before he even played in the final.

The incorrect summary was written by artificial intelligence (AI) and is based on a BBC story about Littler winning the tournament semi-final on Thursday night.

Within hours on Friday, another AI notification summary falsely told some BBC Sport app users that Tennis great Rafael Nadal had come out as gay.

Nick Heer:

The ads for Apple Intelligence have mostly been noted for what they show, but there is also something missing: in the fine print and in its operating systems, Apple still calls it a “beta” release, but not in its ads. Given the exuberance with which Apple is marketing these features, that label seems less like a way to inform users the software is unpolished, and more like an excuse for why it does not work as well as one might expect of a headlining feature from the world’s most valuable company.

[…]

Apple has also, rarely, applied the “beta” label to features in regular releases which are distributed to all users, not just those who signed up. This type of “beta” seems less honest. Instead of communicating this feature is a work in progress, it seems to say we are releasing this before it is done. Maybe that is a subtle distinction, but it is there. One type of beta is testing; the other type asks users to disregard their expectations of polish, quality, and functionality so that a feature can be pushed out earlier than it should.

[…]

This all seems like a convoluted way to evade full responsibility of the Apple Intelligence experience which, so far, has been middling for me. Genmoji is kind of fun, but Notification Summaries are routinely wrong. Priority messages in Mail is helpful when it correctly surfaces an important email, and annoying when it highlights spam. My favourite feature — in theory — is the Reduce Interruptions Focus mode, which is supposed to only show notifications when they are urgent or important. It is the kind of thing I have been begging for to deal with the overburdened notifications system. But, while it works pretty well sometimes, it is not dependable enough to rely on.

Kirk McElhearn:

I don’t think that the vast majority of people know what beta means. Apple has been promoting the shit out of these features, and putting beta in a footnote.

Xe Iaso (via Hacker News):

This phrases a literal scam message in ways that make me think immediate action is required. You can see how this doesn’t scale, right?

[…]

Even more, if you have Apple Intelligence enabled for some of the other features but disable notification summaries because you find them worthless, you can get your notifications delayed up to five seconds. It’s kind of depressing that telling your computer to do less work makes the result take longer than doing more work.

Additionally, none of the summarization features work on my iPhone and I can’t be bothered to figure out why and fix it. I personally don’t find them useful. I just leave them enabled on my MacBook so that notification delivery is not impacted.

Eric Schwarz:

[The] whole vibe of Apple Intelligence is off-putting and feels like a not-ready-for-primetime suite of features that make the user experience worse.

Juli Clover:

Apple is working on an update for Apple Intelligence that will cut down on confusion caused by inaccurate summaries of news headlines, Apple told BBC News. In a statement, Apple said software coming soon will clarify when notifications have been summarized by Apple Intelligence.

[…]

There have been several prior events where Apple Intelligence provided incorrect details from incoming news app notifications. In November, Apple Intelligence suggested Israeli Prime Minister Benjamin Netanyahu had been arrested, incorrectly interpreting a story from The New York Times.

[…]

Apple Intelligence notification summaries are an opt-in feature and they can be disabled.

My understanding is that they are opt-out in that once you opt into Apple Intelligence in general, you have to opt out of the notification summaries if you don’t want them. And, crucially, this is at the user level. There is no way for an app developer such as the BBC to prevent its app’s notifications from being summarized.

John Gruber (Mastodon):

Apple is promoting the hell out of Apple Intelligence to consumers, and its advertisements hide, rather than emphasize, its “beta” quality.

The promotion of a feature is an implicit encouragement to, you know, actually use it.

[…]

Apple Intelligence notification summaries are marked with an icon/glyph, sort of like the “↪︎” Unicode glyph with a few horizontal lines to suggest text encapsulated by the arrow — a clever icon to convey an abstract concept, to be sure.

The meaning of that icon/glyph is not at all obvious unless you know to look for it, and most users — even those who opted in to Apple Intelligence understanding that it was “beta” and might produce erroneous results — don’t know to look for that particular glyph.

[…]

I can also see why Apple doesn’t want to offer such an option to developers. To whom do notifications belong — the developer of the app that generates them, or the user who is receiving them?

Jason Snell:

The statement uses the beta tag it has placed on Apple Intelligence features as a shield, while promising to add a warning label to AI-generated summaries in the future. It’s hard to accept “it’s in beta” as an excuse when the features have shipped in non-beta software releases that are heavily marketed to the public as selling points of Apple’s latest hardware. Adding a warning label also does not change the fact that Apple has released a feature that at its core consumes information and replaces it with misinformation at a troubling rate.

Apple is shipping these AI-based features rapidly, and marketing them heavily, because it fears that its competitors so far out in front that it’s a potentially existential issue. But several of these features simply aren’t up to Apple’s quality standards, and I worry that we’ve all become so inured to AI hallucinations and screw-ups that we’re willing to accept them.

[…]

So what can Apple do now? A non-apology and the promise of a warning label isn’t enough. The company should either give all apps the option of opting out of AI summaries, or offer an opt-out to the developers of specific classes of apps (like news apps). Next, it should probably build separate pathways for notifications of related content (a bunch of emails or chat messages in a thread) versus unrelated content (BBC headlines, podcast episode descriptions) and change how the unrelated content is summarized.

John Gruber:

I side with Apple in not giving developers the option to opt out of notification summaries, and (b) that I’m a bit more of the mind that Apple can address this by somehow making it more clear which notifications are AI-generated summaries. Like, perhaps instead of their “↪︎” glyph, they could use the 🤪 emoji.

Guy English:

If Apple Intelligence summarizes your notifications then Apple should badge it with their Apple logo. Not some weird cog or brain or some other such icon. Put your name on it! Apple is the one presenting this information to you and they should be held accountable for the veracity of it. Put your highly regarded Apple logo on your AI work or get outta here. It’s either an Apple product or it’s not.

Jason Snell:

The problem with Apple’s approach is that it’s summarizing a headline, which is itself a summary of an article written by a human being. As someone who has written and rewritten thousands of headlines, I can reveal that human headline writers are flawed, some headlines are just not very good, and that external forces can lead to very bad headlines becoming the standard.

Specifically, clickbait headlines are very bad, and an entire generation of headline writers has been trained to generate teaser headlines that purposefully withhold information in order to get that click.

[…]

Summarizing summaries isn’t working out for Apple, but more broadly I think there’s something to the idea of presenting AI-written headlines and summaries in order to provide utility to the user. As having an LLM running all the time on our devices becomes commonplace, I would love to see RSS readers (for example) that are capable of rewriting bad headlines and creating solid summaries. The key—as Artifact learned—is to build guardrails and always make it clear that the content is being generated by an LLM, not a human.

Craig Grannell:

Starting to think Apple might regret sticking its name in front of ‘Intelligence’ for all its AI stuff. Notifications are a disaster. Image Email categories are a disaster. And so on. Then again, the ad campaign is somehow even worse than all of that.

The sad thing is, there are good elements to Apple AI/ML. Prompt-based memories in the Photos app. Auto-tagging. Accessibility features like Personal Voice. But so much attention has been grabbed by flashy stuff that did not – and in some cases could not – work.

Steve Troughton-Smith:

The Apple Intelligence vs BBC story is a microcosm of the developer story for the feature. We’re soon expected to vend up all the actions and intents in our apps to Siri, with no knowledge of the context (or accuracy) in which it will be presented to the user. Apple gets to launder the features and content of your apps and wrap it up in their UI as ‘Siri’ — that’s the developer proposition Apple has presented us. They get to market it as Apple Intelligence, you get the blame if it goes awry.

Tim Hardwick:

Apple plans to scale up its News app by adding new countries to the platform beyond the US, Canada, the UK, and Australia, according to the Financial Times.

The plans reportedly include building its locally focused news coverage in the UK, as well as bringing its puzzles section to the country which is currently limited to the US and Canada.

With Apple News, Apple does have access to the full article text. Maybe it will use this to dogfood a way of making this available for notification summaries.

Previously:

Update (2025-01-10): Nick Heer:

Apple should not be putting its name or logo on something it does not stand behind, and it should stand behind everything it ships. It supposedly cannot “ship junk”, but it is obviously not yet proud of the way these notifications were summarized — it is making changes, after all. But will it be courageous enough to attach its valuable brand to the output of its own large language model? I would bet against it, but it should.

See also: John Gruber.

Cam Wilson (via Hacker News):

Screenshots from iPhone users show this new suite of AI-powered features appears unable to distinguish between messages sent by real individuals and organisations and fake requests made by scammers imitating others. In fact, the AI-powered features may even make it harder for users to initially distinguish between real and fake messages.

Steve, a pseudonym granted as his work has not authorised him to speak to the media, was surprised to see that his recently updated iPhone had prioritised and summarised an email saying that he had to lodge a income statement to the Australian Tax Office.

Update (2025-01-13): Chris Pepper:

The bad scenario is users not noticing “an unexpected notification summary” — in which case people will be misinformed, and will misattribute any misinformation to the BBC. Users who don’t notice the discrepancy won’t report anything to Apple. So Apple is describing the wrong problem with an inapplicable solution.

[…]

The expectation that someone will read an (incorrect) AI summary, tap/click to read the original news piece, and of course notice the discrepancy, devalues AI completely. If news notifications are just links to articles, there’s no need to summarize them at all. The points of a notification are a. to give you the essential information, and b. to provide more detail if interested.

[…]

This is not about unexpected summaries. It’s about incorrect notifications. Every news summary is expected, except when you already know something big just happened, and wait for your phone to catch up and tell you about it. ‘Unexpected’ is a weasel word from a PR person or lawyer who says Apple cannot admit that this is all about falsehood/misinformation/incorrect notifications.

Apple is solving their problem—of being liable for misattributing misinformation. But this does nothing for the customer’s problem—that the notification is incorrect—except insomuch as it hints that this is a feature that could be turned off.

Adam Engst:

Because I read quickly, I see no reason to ask Apple Intelligence to generate a summary of a Web page or a conversation in Mail. The downside of losing detail and nuance—and of possible errors—outweighs the upside of saving a few minutes of reading time. Notification summaries are even worse; for me, they save seconds at most and often introduce confusion by summarizing unrelated news articles or information that has changed multiple times within the summary period. The main utility I see for notification summaries is to reduce the irritation of too many notifications from chatty conversations or overactive apps, but Apple has already addressed that by grouping notifications.

While AI-generated summaries raise valid concerns, it’s essential to recognize that human-created summaries permeate nearly everything we read. For instance, every email message and discussion forum post has a subject line that’s supposed to summarize the message’s intent. People often write poor subject lines, but they remain an essential form of summary—one that AI could actually help improve.

[…]

To summarize—I had to!—summaries offer a different value proposition for everyone. Reading speed, language fluency, topical understanding, display space, and other factors play into how valuable a summary of a particular length will be in any given situation. You should ask for AI-generated summaries only when they will provide actual value and you can verify their accuracy when it matters. Finally, remember that just because something can be summarized doesn’t mean it should be.

What gets me about the Mail summaries, besides having to scroll and click to see them, is that they are so slow to generate. By the time the summary is ready I could have already skimmed the e-mail myself. Am I supposed to start doing this while waiting? Then I would be essentially reading the e-mail twice. Or zone out for a bit? I certainly don’t want to context switch while I wait. I don’t understand why the summaries aren’t pre-generated for new messages or ones that are next in the list for me to read.

Update (2025-01-16): Geoffrey A. Fowler:

This is my periodic rant that Apple Intelligence is so bad that today it got every fact wrong its AI a summary of @washingtonpost.com news alerts.

It’s wildly irresponsible that Apple doesn’t turn off summaries for news apps until it gets a bit better at this AI thing.

Update (2025-01-17): Chance Millernotes that, in the iOS 18.3 beta, notification summaries have been disabled for all news apps (via Joe Rosensteel):

  • When you enable notification summaries, iOS 18.3 will make it clearer that the feature – like all Apple Intelligence features – is a beta.
  • You can now disable notification summaries for an app directly from the Lock Screen or Notification Center by swiping, tapping “Options,” then choosing the “Turn Off Summaries” option.
  • On the Lock Screen, notification summaries now use italicized text to better distinguish them from normal notifications.
  • In the Settings app, Apple now warns users that notification summaries “may contain errors.”

Nick Heer:

This is the first time I can remember where Apple uses an app’s App Store category to change its system behaviour. The closest equivalent I can think of is background downloads in Newsstand publications.

Joe Rosensteel (Mastodon):

In my opinion this doesn’t go far enough in addressing the problems that will persist with this headline feature of iOS.

[…]

The 18.3 changes don’t really address the root issue which is not, “how can we use this LLM that summarizes things to reduce notifications?” But rather, “How can we reduce unnecessary and disruptive notifications?” Remember that the software features allegedly exist to solve problems, so we should take a step back and look at the problem before we keep picking apart the solution they shipped.

The actual root issue was that Apple wanted to prove it could do AI stuff.

See also: MacRumors.

Update (2025-01-24): Stephen Hackett (Hacker News):

Joanna Stern has written about this before, but in her email newsletter this week, she addresses the fact that Apple Intelligence continues to misgender her spouse[…]

Nick Heer:

An Apple spokesperson told Stern the company’s A.I. services “were built with responsible AI principles to avoid perpetuating stereotypes and systemic biases”, but here we are.

John Gruber:

Using italics for summarized notifications is a really clever design. It feels literary. Italics sounds like a different voice to me, which is exactly what these Apple-generated summaries are.

[…]

The mistakes were embarrassing, no question, but overall the summaries were useful for me.

Coding Font Selection Tournament

Jason Snell:

Leo Laporte pointed me to the very clever site Coding Font, which lets you step through a tournament-style bracket of monospace fonts to find the one you like the best. Unfortunately it’s lacking a bunch of the options mentioned above, but if you’ve ever been curious about switching up your terminal font, it’s worth a go.

John Gruber (Mastodon):

I highly recommend you disable showing the font names while you play, to avoid any bias toward fonts you already think you have an opinion about. But no matter how many times I play, I always get the same winner: Adobe’s Source Code Pro. My second favorite in this tournament is IBM Plex Mono. The most conspicuous omission: Intel One Mono.

This was fun, but it doesn’t have any of the Apple fonts. Currently, I’m using SF Mono in Xcode and Menlo in BBEdit, Tower, Mail, EagleFiler, and MarsEdit. I don’t think I’ll be changing, but I was surprised to find that, in the tournament at least, I liked Noto Sans Mono. It kind of reminds me of Monaco, but with more square serifs.

Previously:

Monday, January 6, 2025

iOS 18.2.1 and iPadOS 18.2.1

Juli Clover (no iOS/iPadOS release notes, no security, no enterprise, no developer):

According to Apple’s release notes, iOS 18.2.1 addresses important bugs, and it is recommended for all users.

Apple is also testing iOS 18.3 and iPadOS 18.3, updates that we expect to see launch sometime in late January.

Adam Engst:

Without release notes or the threat of security vulnerabilities, it’s impossible to generate urgency around these new versions. However, the rapid release after the holiday break suggests that the bugs fixed were significant enough to warrant interrupting the engineers’ holiday vacations.

Previously:

Swift Parameterized Testing

Keith Harrison:

Swift Testing calls the test function once for each value in the arguments collection. […] If you pass a second argument, Swift Testing generates test cases for all combinations of the two arguments. […] You’re limited to at most two arguments. If you don’t need every combination you can zip the arguments to pair them.

Why use a parameterized test instead of just writing a for loop?

Each call of the test function with a different argument is an independent test case than can run in parallel. It’s much clearer when a test case fails. You can also rerun just the failing argument from the test navigator by clicking on the red failure icon[…]

Previously:

Sonuby 1.7.1

Michael Burkhardt:

Sonuby is a different kind of weather app, designed for users who often partake in outdoor activities. For example, if you often snowboard, you can have a weather forecast that places snow conditions front and center. Weather needs can be very individualistic, which is why Sonuby allows you to tailor the app to what you care about.

I like that Sonuby lets you customize the display to choose which data to emphasize. My favorite feature is that you can make collections of locations and then easily switch between locations within one of these subsets. Most other apps offer a flat list that becomes unwieldy or has a limit, so that I have to keep deleting and re-adding locations depending on which are most important at any time.

The data is from a combination of sources provided by meteoblue, which I don’t think I’ve used before, so I don’t know how accurate it is.

The app’s overall design is not really my cup of tea, and I ran into some problems adding locations. Some names that I searched for were not available, and others did show up but were lower in the list of matches—the app prioritized similar names that were thousands of miles away from me.

None of the weather apps I’ve tried, including Sonuby, really offers the kind of workflow I’d like for planning an outdoor activity. It’s not just that I want to know the forecast for a certain location on a certain day. I also want to compare several potential mountains to decide where to go based on the weather. Bonus points if it can also compare multiple weather data providers.

Weathergraph is my preferred app for home, and it lets me switch data providers without having to dig into the settings, but it’s useless for this purpose since it only supports one location. Apple Weather and Mercury Weather require a bunch of taps to switch locations and then get back to the right screen. I wish I could navigate to the display I want—say, precipitation next Saturday—and then swipe to see that exact data but for different locations and data providers. (Or, wild idea, how about showing the same data for multiple locations on the same screen at the same time?)

Previously:

25 Years of the Dock and Aqua

James Thomson (Mastodon, Hacker News):

On the 5th of January 2000, Steve Jobs unveiled the new Aqua user interface of Mac OS X to the world at Macworld Expo.

[…]

The version he showed was quite different to what actually ended up shipping, with square boxes around the icons, and an actual “Dock” folder in your user’s home folder that contained aliases to the items stored.

I should know – I had spent the previous 18 months or so as the main engineer working away on it.

[…]

I didn’t design the dock – that was Bas Ording, a talented young UI designer that Steve had personally recruited. But it was my job to take his prototypes built in Macromind Director and turn them into working code, as part of the Finder team.

[…]

I figured if anybody was finally going to kill off DragThing, it might as well be me.

After DP3, he resigned because Apple wanted him to move to Cupertino. Apple fired all the software engineers in Cork, and then they rewrote all his code before shipping Mac OS X 10.0. It’s remarkable how little the Dock has outwardly changed in the years since.

Jason Snell:

The timeline is interesting. James wrote his classic Mac utility DragThing before working at Apple, then was hired by Apple, then ended up working on the Dock, and then left Apple… to resume working on DragThing.

Also: James’s story about Apple trying to hide James’s location from Steve Jobs is an all-time classic.

Jason Snell:

When I watch the video back, it’s almost surreal how Steve Jobs keeps doing utterly normal, boring things in Mac OS X while the crowd completely loses its collective mind. Viewed by someone without any historical context, it would seem like a cult being whipped into a frenzy by its leader.

But I was there, and I can tell you that it wasn’t that. This was the moment, after 16 years of classic Mac OS–and let’s face it, the last five of those were pretty rough–when all the failings of the Mac were swept away and replaced with something modern, ready for the challenge of the 21st century.

[…]

It’s a bit of a head trip to watch Jobs explain how windows now have three buttons in the top left corner, colored “like a stoplight,” with symbols that appear when you roll the mouse pointer over them. Those buttons have become as much symbols of the Mac as the menu bar itself, but this was the first time anyone saw them.

Joe Groff:

In honor of the 25th anniversary of Mac OS X DP3 and the first public reveal of Aqua, this year’s MacBooks will feature an Apple-logo-shaped notch in the center of the menu bar.

Mario Guzmán:

Full height sidebars and inspectors also contribute to unnecessary waste of space in the toolbar. Also dividing toolbars to match column widths (like Mail and Notes) further makes unnecessary waste of toolbar space.

I’m ready for a Mac OS UI redesign that raises the bar for Desktop OS design. The way Aqua did.

Even going back to the old Aqua toolbar design would be fine. The new Big Sur way—where there’s lots of empty space, yet the window title gets truncated and important buttons, and sometimes even the search field, get stuffed into the overflow menu—is a regression.

See also: John Siracusa (in 2000), Stephen Hackett, Nick Heer.

Previously:

Update (2025-01-09): Basic Apple Guy:

Twenty-five years ago, Apple unveiled Aqua, a graphical user interface that has influenced the design of Apple software for over two decades! 🔴🟡🟢

Colin Cornaby:

I’m gonna be “that guy”, but as someone who used OS X since DP3 (and daily drove it at PB) I feel like I can be “that guy”…

Aqua wasn’t very good.

At 10.0 was mostly a show piece, but it wasn’t all that useful as a day to day UI. They did things like deliberately making all the animations slow to show off, but it made it painful to use. (Which was fixed in 10.2.)

I didn’t recommend it for average users until 10.2 (for reasons including Aqua). The UX didn’t feel mature to me until 10.6.

Mr. Macintosh:

This is what the OS X Snow Leopard 10.6.6 update looked like in Software Update.

Dan Counsell:

Can we please have the macOS X Lion UI back? 😍

Mario Guzmán:

The barber pole style indeterminate progress bar has been a part of the Mac since even before Mac OS X.

Removing it was a tragedy. It would be at the same level of getting rid of the Finder happy face or the startup chime.

The current style I think was ripped off from Android… which is quite the choice.

Louie Mantia:

There’s a refined clarity to this version of Aqua. It evolved gracefully to this point, where every element was distinctly different and yet cohesive. Consider the search field alone. Now, search fields have the same appearance of every other field: squared. The pill shape distinguished itself. Removing that characteristic introduced a level of ambiguity that is unnecessary. The same can be said for so much in modern visual design (or lack thereof).

[…]

It’s very unfortunate that the baby was thrown out with the bathwater. I distinctly remember when Apple claimed one value in the new design language was "deference," but after 12 years, this approach is clearly not as thoughtful as it was advertised. It is not as accessible as they have wished. We still have thin red text on gray buttons that lack significant contrast. We still have translucent elements and blurred backgrounds that confound reason and rationale. We traded away that refined clarity for over a decade of ambiguity.

Eric Schwarz:

While it makes sense that Apple would move the Mac to look/act more like iOS, I think there was a way to keep familiarity without making things worse—similar terminology or imagery, but they don’t have to be identical—System Settings on macOS still feels like a step back from the old System Preferences, even if it’s more like iOS.

Pierre Igot:

It’s only been, oh, (checks calendar) OVER SIX YEARS since Apple introduced Dark Mode in macOS, and still no one in charge has gotten around to checking to make sure that, in QuickTime Player, all the dialogs honour the system-wide setting chosen by the user when he/she prefers to use Light Mode (aka INeverAskedForThisShit Mode).

Update (2025-01-13): Jeff Johnson:

Lion is a truly bizarre version to be nostalgic for. It's the only Mac OS X version that I skipped entirely.

The tab view selection UI in the screenshot was utterly confusing and backwards.

Nick Heer:

When Mac OS X Lion was released, John Siracusa wrote imagined “three dials labeled ‘color,’ ‘contrast,’ and ‘contour,’” saying “Apple has been turning them down slowly for years. Lion accelerates that process”. At the time, we had no idea how much closer to zero Apple would take those dials. Now, we know — and for the same apparent reason.

[…]

The thing about [Alan Dye’s] explanation that frustrates most is that while we are sometimes merely viewing something, we are very often doing something with it. The reason there is a visual interface with controls and structure is because the computer is a tool.

Friday, January 3, 2025

OpenAI Failed to Deliver Opt-out Tool

Kyle Wiggers (Hacker News):

Back in May, OpenAI said it was developing a tool to let creators specify how they want their works to be included in — or excluded from — its AI training data. But seven months later, this feature has yet to see the light of day.

Called Media Manager, the tool would “identify copyrighted text, images, audio, and video,” OpenAI said at the time, to reflect creators’ preferences “across multiple sources.” It was intended to stave off some of the company’s fiercestcritics, and potentially shield OpenAI from IP-related legal challenges.

But people familiar tell TechCrunch that the tool was rarely viewed as an important launch internally. “I don’t think it was a priority,” one former OpenAI employee said. “To be honest, I don’t remember anyone working on it.”

This was promised by 2025. I’m not holding my breath, but I’m guessing that it happens before Apple’s OCSP preference because there’s a decent chance a court will order it.

Previously:

Apple Settles Siri Spying Lawsuit

Adi Robertson (Hacker News):

Apple has agreed to a $95 million settlement with users whose conversations were inadvertently captured by its Siri voice assistant and potentially overheard by human employees. The proposed settlement, reported by Bloomberg, could pay many US-based Apple product owners up to $20 per device for up to five Siri-enabled devices. It still requires approval by a judge.

If approved, the settlement would apply to a subset of US-based people who owned or bought a Siri-enabled iPhone, iPad, Apple Watch, MacBook, iMac, HomePod, iPod touch, or Apple TV between September 17th, 2014 and December 31st, 2024. A user would also need to meet one other major criteria: they must swear under oath that they accidentally activated Siri during a conversation intended to be confidential or private.

Juli Clover:

The lawsuit alleges that Apple recorded conversations captured with accidental Siri activations, and then shared information from those conversations with third-party advertisers.

Two plaintiffs claimed that after speaking about products like Air Jordan shoes and Olive Garden, their devices showed ads for those products, while another said he received ads for a surgical treatment after discussing it privately with his doctor.

[…]

While the lawsuit initially focused on Apple’s lack of disclosure, the first filing was dismissed in February 2021 because it did not include enough concrete data about the recordings that Apple allegedly collected. An amended complaint that focused on Siri recordings used for “targeted advertising” was refiled in September 2021, and that was allowed to move forward.

[…]

Apple says that it “continues to deny any and all alleged wrongdoing and liability, specifically denies each of the Plaintiffs’ contentions and claims, and continues to deny that the Plaintiffs’ claims and allegations would be suitable for class action status.” Apple is settling to avoid further costs of litigation.

I had thought this controversy was about contractors hearing the audio. The advertising angle is new to me. If Apple actually did that, it would be one of the biggest Apple news stories ever. I think it’s much more likely that a third-party app was listening to the microphone or that the ads were not based on audio at all. That said, given that privacy is so important to Apple’s brand, and that it seems so unlikely that Apple’s actually guilty of this, it’s a bit of a mystery why it would want to settle. I would think that proving its innocence would be well worth the legal fees, unless it fears the exposure of other information that would become public in discovery.

Ashley Belanger (Hacker News):

While the settlement appears to be a victory for Apple users after months of mediation, it potentially lets Apple off the hook pretty cheaply. If the court had certified the class action and Apple users had won, Apple could’ve been fined more than $1.5 billion under the Wiretap Act alone, court filings showed.

[…]

It was also possible that the class size could be significantly narrowed through ongoing litigation, if the court determined that Apple users had to prove their calls had been recorded through an incidental Siri activation—potentially reducing recoverable damages for everyone.

Or, maybe they fear a combination of the class being enlarged—almost every iOS user probably had some accidental activations—and a court deciding that the users don’t have to prove anything. Then the damages could really multiply.

Apple probably figures correctly that the advertising allegation will be quickly forgotten. But it’s not a very satisfying resolution. We don’t get to learn the details of what went on, and the compensation is ridiculously low for the people who were actually harmed.

Previously:

Update (2025-01-07): See also: Slashdot.

Iain Thomson:

After being questioned about privacy in a letter from Congress, Cook stated unequivocally that Apple doesn’t collect audio recordings of users without consent.

“Far from requiring a ‘clear, unambiguous trigger’ as Apple claimed in its response to Congress, Siri can be activated by nearly anything, including ‘[t]he sound of a zip’ or an individual raising their arms and speaking,” the complaint reads. “Once activated, Siri records everything within range of the Siri Devices’ microphone and sends it to Apple’s servers.”

[…]

Google is also facing a similar lawsuit after Belgian journalists reportedly found that the Chocolate Factory’s Assistant was also listening in without authorization. That case is still unresolved, and a German investigation into the matter is also ongoing.

Damien Petrilli:

IMHO people should stop giving a pass to Apple and just assume the worst, like for Meta and Google.

Years after years we are told the koolaid that Apple “cares” about privacy. And every year there is a controversy like this, privacy issues, “bugs”.

Nick Heer:

The original complaint (PDF), filed just a couple of weeks after Hern’s story broke, does not once mention advertising. A revised complaint (PDF), filed a few months later, mentions it once and only in passing (emphasis mine)[…] This is the sole mention in the entire complaint, and there is no citation or evidence for it. However, a further revision (PDF), filed in 2021, contains plenty of anecdotes[…]

[…]

I am filing this in the needs supporting evidence column alongside other claims of microphones being used to target advertising. I sympathize with the plaintiffs in this case, but nothing about their anecdotes — more detail on pages 8 and 10 of the complaint — is compelling, as alternative explanations are possible.

[…]

Yet, because Apple settled this lawsuit, it looks like it is not interested in fighting these claims. It creates another piece of pseudo-evidence for people who believe microphone-equipped devices are transforming idle conversations into perfectly targeted ads.

None of these stories have so far been proven, and there is not a shred of direct evidence it is occurring — but I can understand why people are paranoid.

John Gruber:

Apple doesn’t serve well-targeted ads based on text you type, describing exactly what you’re looking for, in the search box in the App Store, but a million gullible idiots believe they’re serving uncannily accurate ads based on snippets of random conversations secretly recorded from across the room.

Juli Clover:

No Siri data has ever been used for marketing purposes or sold to a third-party company for any reason, Apple said today in response to accusations that conversations Siri has captured were used for advertising.

Update (2025-01-09): Apple (MacRumors):

Apple has never used Siri data to build marketing profiles, never made it available for advertising, and never sold it to anyone for any purpose.

[…]

Siri searches and requests are not associated with your Apple Account. A random identifier — a long string of letters and numbers associated with a single device — is used to keep track of data while it’s being processed, rather than tying it to a user’s identity through their Apple Account or phone number — a process that we believe is unique among digital assistants in use today.

Apple does not retain audio recordings of Siri interactions unless users explicitly opt in to help improve Siri, and even then, the recordings are used solely for that purpose.

They are pretty aggressive about getting you to opt in, showing a full screen prompt during setup with a giant Share Audio Recordings button and some blue text, which doesn’t look like a button, that says Not Now.

Previously:

Autodesk Deletes Old Forum Posts

Autodesk (via Hacker News):

To keep our community efficient and up to date, we’ll be archiving content older than 10 years. We built a policy around document retention to stay relevant to our users and customers.

[…]

 The archiving process will start in December and is planned to be completed before the end of [2024].

[…]

Archiving is based on the creation date of the idea or forum thread. The latest activity does not affect the archiving process. All replies and comments within a topic being archived will also be archived.

kerry_w_brown:

The title says archiving but the posts indicate Unfortunately, we cannot keep the content, which in my book is DELETING.

[…]

Deleting everything that was originated prior to 10 years ago will destroy a wealth of information that is still viable. This information has not been transferred to the “Help” files and will no longer be searchable, the bookmarked links (published and personal) will no longer be available and the peers who provided this information probably won’t be available ( or not inclined ) to reproduce the information when it is required.

These groups are peer to peer and the answers to peoples questions and solutions to problems is typically provided by users of the products, not by the builders of the products. I consider this action to be an insult to the efforts of the people who have, at their own expense, graciously helped other users over the years.

Previously:

M4 Mac Issues With Ultrawide Monitors

Filipe Espósito:

As noted by many users on the Apple Community forums, Reddit and even corroborated by a 9to5Mac reader, the M4 Macs seem to break support for some ultrawide monitors. More specifically, those with 5K2K (5120 x 2160) resolution.

According to these reports, M4 Macs don’t display the proper resolution options for these monitors, which makes the interface and text look blurry. The same monitors work just fine with older Macs, whether Intel or Apple Silicon. But when connected to an M4 Mac, they no longer work in HiDPI mode – which upscales the interface to make it sharper.

[…]

Some users have managed to enable HiDPI using third-party tools such as BetterDisplay, but this causes other drawbacks such as the refresh rate dropping from 75Hz to 60Hz.

Previously:

Thursday, January 2, 2025

op run

Mattt Thompson (tweet):

This core insight — that configuration should be separate from code — led to the widespread adoption of .env files.

[…]

You add this file to .gitignore to keep it out of version control, and load these variables into your environment at runtime with a tool or library.

[…]

op lets you manage 1Password from the command-line. You can do all the CRUD operations you’d expect for items in your vault. But its killer features is the op run subcommand, which can dynamically inject secrets from your 1Password vault into your application’s environment.

Instead of storing sensitive values directly in your .env file, you reference them using special op:// URLs[…]

It’s great to see NSHipster back after a five-year hiatus.

The HFS Pixel

Encyclopedia Macintosh (p. 65, via Alex Rosenberg, rezmason):

HFS and MFS disks can be distinguished by the presence or absence of the HFS pixel. You can tell if a drive or disk is formatted as HFS or MFS by looking for the “HFS pixel” in the upper-left corner of any window from the drive or disk. If this pixel is on, the drive or volume uses the HFS; if it is off, the drive or volume uses the MFS.

[…]

The HFS pixel can be seen in the left window between the two horizontal lines just above the folder icon. In the center window it is not present. An enlargement of the pixel is presented at right.

This reminds me of Norton Disk Light, which used a single flashing pixel in the top-left corner of the display (back when the menu bar was rounded) to indicate disk activity.

Mihai Parparita:

Looks it went away in System 7, even with the B&W window frame.

Alex Rosenberg:

Seems equally likely they didn’t carry over the feature when rewriting the Finder in C++ for System 7.

Jim Luther:

MFS was so ignored in the Finder’s System 7 rewrite that the Finder crashed if you mounted a MFS volume with a long volume name. I found and reported that bug when learning about the File Manager when I switched from Apple II to Macintosh Developer Technical Support.

Update (2025-01-06): Josh Justice:

Who remembers positioning the cursor in System 7 so that it showed 1 pixel between it and the progress bar, so you could tell if it had progressed?

Who remembers trying this in Mac OS 8+ and being frustrated that the beautiful gradient made it harder to tell if there was progress? 😄

Update (2025-01-07): HACKTRIX (via Josh Hrach):

The XYZZY code is a simple cheat code for Minesweeper that helps you find the mines without clicking on the cells. To use this code, open Minesweeper, then type the letters xyzzy and hold the shift button for three seconds. Then minimize all open programs and look closely in the top left corner of your monitor screen. You will see a single pixel turned white.

Two Foreground Windows

Pierre Igot:

1) In the Finder, select an item and make its name editable.

2) WHILE THE NAME IS EDITABLE, click on the window of ANY ANOTHER APP to leave the Finder in the background.

3) Click on ANOTHER Finder window to bring the Finder back to the foreground.

Result: TWO FOREGROUND WINDOWS!

This is a really old bug.

Previously:

Update (2025-01-14): Jeff Johnson:

  1. Select some text in a web page in Safari
  2. Click in Finder to activate
  3. Right-click on the text in Safari to bring up the contextual menu
  4. Left-click in Safari to dismiss the contextual menu
  5. Left-click again in Safari to “activate” the window

The window appears to be active, but it mostly doesn’t work: hover effects, link clicks, command-w, etc.

This happens for me, too.

Bench Shut Down, Then Acquired

Charles Rollet (Hacker News):

Bench, a Canada-based accounting startup that offered software-as-a-service for small and medium-sized businesses, has abruptly shut down, according to a notice posted on its website.

[…]

The company’s entire website is currently offline except for the notice, leaving thousands of businesses in the lurch. Bench touted having more than 35,000 U.S. customers just hours before it was shut down, according to a snapshot saved by the Internet Archive.

Bench, which had raised $113 million from high-profile backers such as Shopify and Bain Capital Ventures, developed a software platform to help customers store and manage their bookkeeping and tax reporting documents.

[…]

Bench’s notice says its customers should file a six-month extension with the IRS to “find the right bookkeeping partner.” It also says customers will be able to download their data by December 30 and will have until March 2025 to do so.

Ian Crosby:

I’ve avoided speaking publicly about Bench since just over 3 years ago when I was fired from the company I co-founded.

[…]

In November 2021 I went out for what I thought would be a regular lunch with one of my board members. We had just raised a Series C and turned down a highly lucrative acquisition offer. We had budding partnerships with companies like Shopify that were interested in the technology we were developing. We were winning.

The board member thanked me for bringing the company to this point, but that they would be hiring a new professional CEO to “take the company to the next level.”

Charles Rollet (Hacker News):

The San Francisco-based HR tech company Employer.com focuses on payroll and onboarding, in contrast to Bench, which specializes in accounting and tax. Employer.com’s chief marketing officer Matt Charney told TechCrunch the company will revive Bench’s platform and provide instructions for customers to log in and obtain their data.

Dare Obasanjo:

12,000 small businesses who were left in a lurch just before tax time may have been saved.

This reminds me of the Synapse whose customers lost money when it failed but wasn’t FDIC insured. This is the risk of betting on startups for your financial needs.

Bench (Hacker News):

This acquisition ensures that Bench customers can continue relying on the same high-quality service they’ve always received, while also opening the door to future enhancements and capabilities powered by Employer.com’s extensive resources. Employer.com is committed to empowering small businesses with the tools and support they need to thrive, and Bench’s expertise in financial management aligns perfectly with that mission.

wdaher:

For Bench customers that want to look elsewhere, Pilot is doing free migrations from Bench to QBO, even if you don’t want to use Pilot. (So you can even take advantage of it if you want to instead DIY or work with some local firm.)

Previously:

Update (2025-01-08): Nicholas C. Zakas (via Ruffin Bailey):

Here’s @bench clarifying that no one is getting refunds.