Tuesday, August 3, 2021 [Tweets] [Favorites]

Brief Reviews of (Nearly) Every Mac Keyboard

Griffin Jones (via John Gruber):

The Apple Desktop Bus Keyboard is first to include a power button, the Snow White design and the ADB port, three welcome additions. The lower key travel makes sustained typing a little easier. The mechanism has a very cleanly defined click, although it feels more brittle than premium. I rate it 4⁄5 stars.

This was a terrific keyboard that I first used with an Apple IIGS. It arguably feels better than the Apple Extended Keyboard II, but it’s missing the page navigation keys and function keys, and it had the arrow keys arranged in a line. So I ended up using the latter with my Macs, even into the USB era.

The AppleDesign Keyboard is a cheap cost-cutting imitation of the Extended Keyboard. It doesn’t even have an embedded Apple logo, just its silhouette punched into the mold of plastic. The symbolism that Apple was only a shadow of its former self in the mid-90s could not be any clearer. I rate it 2⁄5 stars.

This one just felt bad. The keys sprung up slowly like it was sticky inside, and they didn’t click enough when pressed down.

From 2007 to 2016, this [Aluminum Keyboard] keyboard design reigned supreme across all Macs. The flat black keycaps are more attractive and higher contrast, for sure, but at the expense of usability. I rate it 4⁄5 stars.

This is what I’ve been using since encountering Bluetooth flakiness with the wireless version and macOS 10.12, along with missed keystrokes when logging in even on later releases. (These problems seem to affect all Bluetooth keyboards, not just Apple’s.) I’m not sure why he says it has black keycaps. I still like this keyboard. The only flaw has been that the letters completely wear off.

For notebook keyboards, I still think the generation before the butterfly (e.g. on the 2012 Retina MacBook Pro) was better than the post-butterfly scissor design (e.g. on the 2019 MacBook Pro).


iOS 15 Find My

Juli Clover:

When you track a friend or a family member using the Find My app, it now shows continuous streaming updates on their location rather than updating with a new location every few minutes.


Devices that have been turned off can still be tracked by the Find My network in iOS 15.


If someone steals your iPhone and then erases it, in iOS 15, it’s still going to show up in the Find My app, and it will be trackable even after it’s been wiped.


With Separation Alerts, the Find My app can let you know if an iPhone or iPad is left behind by alerting you on one of the other devices with you.


AirPods have always shown up in the Find My app, but until now, functionality has been limited.


There’s now a Find My widget that you can add to the Home screen or the Today View to track items at a glance without having to open up the Find My app.

I’ve missed having the widget on my Mac since it was removed a few versions ago.


Automating Test Retries

Akshat Patel:

Once we had a list of the flaky tests, we tried to go through each one and determine why they were failing. We found that some UI elements such as menus and popovers were particularly prone to flakiness — they would sometimes be dismissed by the system for no discernable reason!


Since we already had the JUnit parsing code, we decided to build on top of that and rerun only the failed tests. By using the xcodebuild command’s -only-testing flag, we ran only the failed tests again. Another optimization we made was to build the project only once, even when testing multiple times. We accomplished that by using the xcodebuild build-for-testing and xcodebuild test-without-building commands.


Flaky tests still exist, but they no longer slow down the workflow of our developers. CI automatically retries any failing tests, and almost all flaky tests pass when run again. If a test actually fails three times in a row, only then it is considered an actual failure and the build is marked as failed.

Xcode 13 has a built-in option to do this. But why are these tests flaky?

Monday, August 2, 2021 [Tweets] [Favorites]

Older Kindles Will Lose Cellular Access

Ian Carlos Campbell (via Hacker News):

Amazon’s Kindle e-readers with built-in 3G will begin to lose the ability to connect to the internet on their own in the US in December, according to an email sent to customers on Wednesday. The change is due to mobile carriers transitioning from older 2G and 3G networking technology to newer 4G and 5G networks. For older Kindles without Wi-Fi, this change could mean not connecting to the internet at all.

MuseScore Requests Downloader Takedown

Jim Salter (via Hacker News):

The MuseScore app itself is licensed GPLv3, which gives developers the right to fork its source and modify it. One such developer, Wenzheng Tang (“Xmader” on GitHub) went considerably further than modifying the app—he also created separate apps designed to bypass MuseScore Pro subscription fees.


It’s important to note that the application itself and the sheet music to which it provides access are not the same thing, and they are not provided under the same license. The application itself is GPLv3, but the musical works it enables access to via musescore.com have a wide variety of licenses, including public domain, Creative Commons, and fully commercial.

In the case of commercial all-rights-reserved scores, Muse Group is not generally the rightsholder for the copyrighted work—Muse Group is an intermediary that has secured the rights to distribute that work via the MuseScore app.


Bypassing those controls leaves Muse Group on the hook either for costs it has no way to monetize (e.g., by ads for free users) or for violating its own distribution agreements with rightsholders (by failing to properly track downloads).


[While] musescore-downloader facilitates unlicensed downloads of DMCA-protected works, it does not itself contain those works, which means GitHub itself can ignore DMCA takedown requests.


Suspicious Package Power User Features

Armin Briegel:

In my defense, you really cannot tell normal packages from distribution packages in the default configuration of Suspicious Package, but if I had bothered to read the manual and/or explore the Preferences window, I would have found this option[…]

This will show the Distribution xml file at the top of the list of the ‘All Scripts’ pane for distribution packages. When you see no Distribution file there, the package is a component package.

The second checkmark in that preference window is also very useful. With “Component package and bundle info” enabled you can see which component contains the selected file in the info pane[…]


App Tracking Transparency’s Honor System

Lockdown Privacy (tweet):

Despite activating Apple’s App Tracking Transparency feature (launched in 2021 with iOS 14.5), along with our review explicitly asking Yelp to “Do Not Track”, the app still attempted to reach out to multiple known third-party trackers. From our experiments, we found that Apple’s App Tracking Transparency neither stops tracking, nor provides any real transparency, and instead gives users a false sense of privacy.


Friday, July 30, 2021 [Tweets] [Favorites]

Playdate Pre-Orders

Panic (Hacker News, Slashdot):

The Playdate store is now open.

Juli Clover:

Priced at $179, the Playdate is a pocket-sized gaming system that has a unique design. It features a black and white display, bright yellow chassis, a d-pad, A+B buttons, and a crank on the side that serves as a flip-out rotational controller.


There will be several games available at launch, and an additional game will be delivered each week for a few months.


Safari Extension Rejected Because Developer Not “Reputable”

Thomas Reed:

We had a free Safari app extension rejected by an App Store reviewer last night, because such software is only allowed from “reputable companies.”


We are reputable enough to have the kext signing entitlement and the EndpointSecurity entitlement. We constantly hear about Apple support reps recommending us. But the reviewer knows none of that. What are the qualifications of an App Store reviewer, exactly?


The irony there is that there are a bunch of shady antivirus apps on the App Store from developers nobody’s ever heard of. How are they “reputable” when Malwarebytes is not?

First, Reed and his company very much are reputable, and their products have even been recommended by Apple itself. Second, Apple claims to treat developers the same. Third, how can a new developer ever get started if being reputable is a prerequisite? (Note that Safari App Extensions can only be distributed through the Mac App Store.)


Update (2021-08-02): See also: Hacker News.

Thomas Reed:

Hey, great news! The appeals process worked much faster than it did last time I had to use it, and Browser Guard is live on the store!


My last experience with a rejection that required appeal didn’t go so nicely. We ended up having to spend a couple months ripping a feature out and replacing it with something lesser… when other apps were already doing the thing we wanted to do. This was a few years ago, tho.

Stephane Philipakis:

And the “ptsd” lingers a long time after experiencing that type of rejection from the app review. It’s definitely something tough as a business or even a dev to feel that powerlessness. You tend to self limit yourself which is not good for the product or the users in the end.

Avalanche Can Import Google Photos Libraries

Claudia Zimmer:

Many users who used to enjoy free and unlimited high quality photo storage have found themselves having to pay or migrate their images to another service.


Starting with version 1.4, Avalanche adds the ability to transfer Google Photos libraries to Adobe Lightroom, Luminar 4 or AI, and Capture One.


Google Photo libraries have very limited metadata (much less than what the online experience suggests), so the migration is therefore more limited in functionality.


Implementing a Focusable Text Field in SwiftUI

Gabriel Theodoropoulos (via Dave Verwer):

What I mentioned above is definitely good news, but it regards evolvements that are going to be working in macOS Monterey and above. That’s nice, but what about backward compatibility? What if we wanted to make apps that support macOS versions prior to Monterey, such as Big Sur or Catalina?

The answer to these questions is what this post is all about. In the following parts, I will take you step by step through the implementation of a custom text field capable of:

  1. Getting the focus automatically when a view appears; that means that the text field will be ready to start typing into without clicking on it first.
  2. Moving the focus on subsequent text fields by pressing the Tab key.

I still find it surprising—or maybe not, since it was designed for a device with neither a mouse nor a keyboard—that it took three releases for SwiftUI to get the equivalent of firstResponder, one of the most basic Cocoa concepts. Maybe in a few more years it will support setting the nextKeyView.

Jonathan Wight:

< 400 lines of SwiftUI

That said I can’t figure out how to layout a resizable username/password login dialog without hardcoding widths or breaking causality.

Rob Napier:

The paradox of SwiftUI.

I find it utterly infuriating and incredibly promising.


Compelled to Unlock With Face

Zack Whittaker (via Hacker News):

His Windows laptop was one of several devices seized by the FBI, which investigators said was protected with a password but could be unlocked using Reffitt’s face.


Reffitt’s lawyer told the court that his client could “not remember” the password, but the court sided with the government and granted the motion to compel his biometrics. Reffitt’s lawyer told CNN, which first reported the court order, that the laptop is now unlocked.


Courts across the U.S. are still divided on the reading of the Fifth Amendment and whether it applies to the compelled use of a person’s biometrics.


Token Authentication Requirements for Git Operations

Matthew Langlois:

In July 2020, we announced our intent to require the use of token-based authentication (for example, a personal access, OAuth, or GitHub App installation token) for all authenticated Git operations. Beginning August 13, 2021, we will no longer accept account passwords when authenticating Git operations on GitHub.com.

Biden and FTC on Right to Repair

Clare Duffy:

President Joe Biden on Friday signed a sweeping executive order aimed at promoting competition in the US economy. It includes a provision directing the Federal Trade Commission to issue rules preventing manufacturers from imposing restrictions on independent device repair shops and DIY repairs. While cellphone makers aren’t the only ones facing criticism for obstructing repairs, the order specifically calls them out for practices that make repairs “more costly and time consuming.”

Lauren Goode (via Hacker News):

[The] Federal Trade Commission voted unanimously to enforce laws around the Right to Repair, thereby ensuring that US consumers will be able to repair their own electronic and automotive devices.


See the section titled “What the Magnuson-Moss Act Does Not Require” of the FTC’s “Businessperson’s Guide to Federal Warranty Law” to understand why this is not even close to “enforcing right to repair”. Aside from the fact that the FTC can’t enforce a right to repair law that doesn’t exist, the promise to enforce the Magnuson-Moss Act doesn’t even scratch the surface of what right to repair aims to accomplish. For example, farmers who have famously campaigned for right to repair for years (decades?) aren’t covered by the Act because their equipment is for commercial, not consumer, use.


Apple Subpoenas Coalition for App Fairness

Juli Clover:

Members of the Coalition for App Fairness earlier this month filed a lawsuit (via Apple Insider) attempting to prevent Apple’s subpoenas from being approved. The Coalition for App Fairness is afraid that Apple will use those private communications to retaliate against coalition members.

The Coalition for App Fairness says that it is not involved in Apple’s antitrust matters, which were filed before the coalition was formed.


Apple is seeking a “host of documents and communications,” such as formation documents, activities, meeting minutes, recruitment efforts, membership lists, financing, communications between coalition members and potential members, and communications between coalition members and any foreign or domestic governmental entity or official relating to Apple.

I guess what’s good for the goose is good for the gander. Epic was a founding member, after all. But something to be aware of before getting involved with an organization like this.


Wednesday, July 28, 2021 [Tweets] [Favorites]

1Password Takes Second Round of Venture Capital

Jeff Shiner (tweet):

Today we’re announcing a new investment round in 1Password. Our current investor Accel led this round and a number of incredible folks including Ashton Kutcher’s Sound Ventures and top executives from Shopify, Slack, Squarespace, Google, Eventbrite, MessageBird and Atlassian also came on board.


We’ve grown from 177 people to 473 awesome folks. This has allowed us to greatly expand what 1Password can do to help consumers and businesses alike including[…]


Initially I wasn’t open to the idea as we’re profitable and did not need the money. But investment rounds have some real benefits. They help spread the word that we are an enduring and successful company which attracts both customers and talent. So we gave it further thought and went back to what we valued most from the first round – having smart folks invested in our success who can help and guide us. That, and ensuring we could retain full control of our destiny. If we could accomplish the same here then it would truly make sense for us to proceed.

Mary Ann Azevedo:

[The] company announced that it raised $100 million in a Series B round of funding that doubles the company’s valuation to $2 billion.

You may recall that the previously bootstrapped 1Password only raised its first round of external capital in 2019 – a $200 million Series A led by Accel that represented the venture firm’s largest single investment in its 35-year history.


Profitable since day one, 1Password recently crossed the $120 million in ARR (annual recurring revenue) mark, according to CEO Jeff Shiner. Over 90,000 businesses use its SaaS platform[…]


Apple’s Q3 2021 Results

Apple (Hacker News):

The Company posted a June quarter record revenue of $81.4 billion, up 36 percent year over year, and quarterly earnings per diluted share of $1.30.


“Our record June quarter operating performance included new revenue records in each of our geographic segments, double-digit growth in each of our product categories, and a new all-time high for our installed base of active devices,” said Luca Maestri, Apple’s CFO. “We generated $21 billion of operating cash flow, returned nearly $29 billion to our shareholders during the quarter, and continued to make significant investments across our business to support our long-term growth plans.”

Jason Snell (transcript):

There will be a lot more to say about it momentarily, but here are the charts….

John Voorhees:

After the break, we’ve compiled a graphical visualization of Apple’s Q3 2021 financial results.

Michael E. Cohen and Josh Centers:

Q3 iPhone revenues shot up an impressive 49.8% year over year, from $26.4 billion in Q3 2020 to $39.6 billion this quarter.


The iPad brought in $7.4 billion in revenue, handily beating the $6.6 billion it brought in one year ago, an increase of 11.9%. You would have to go back to 2012 to find a June quarter in which iPads brought in more revenue than this year.


Apple’s Mac products also exhibited strong growth, with a year-over-year increase of about 16%, from $7.1 billion in revenue in Q3 2020 to $8.2 billion this quarter. Cook said this was a new Q3 record for the Mac, thanks to the new M1-based iMac.


In plain English, the chip shortage that’s affecting the entire supply chain is looming over Apple. While Apple said it was able to mitigate those issues in Q3, it’s looking less likely in Q4.

Eric Slivka:

Gross margin for the quarter was 43.3 percent, compared to 38.0 percent in the year-ago quarter.

Juli Clover:

Apple now has more than 700 million paid subscriptions, which is up 150 million from last year, and is four times the number of subscriptions that Apple had four years ago.

David Sparks:

However, the most interesting number for me was services, which represent 21% of Apple’s revenue. That’s right. Apple makes more now on services than it does on the Mac and [iPad] combined.

This causes me a slight pause because historically, Apple has always been a product company. They made gizmos and we gave them money for the gizmos. Being in the gizmo business lead Apple to a particular set of priorities and serious commitment to customer experience.

Edward Snowden:

Apple today: “In 3 months, we spent $10 billion on dividends and $66b on stock buybacks.”

Sure sounds like a good time to commit $10b to improving iOS security, since companies are selling iPhone hacks for less than your lunch money to actual murderers[…]


XLoader Malware

Ben Lovejoy:

XLoader malware has now migrated from Windows machines to attack Macs too. An evolution of the malware known as Formbook, it lets an attacker log keystrokes, take screenshots, and access other private information.

Worryingly, the malware is sold on the dark web for $49, enabling anyone to deploy it against both Windows and Mac users …

The good news is that it does require user action to trigger it. Attackers typically send an email that contains the malware embedded into Microsoft Office documents.

Alexey Bukhteyev and Raman Ladutska (via Objective-See):

The malware now features a more lucrative economic model for the authors as compared to Formbook. Customers may only buy the malware for a limited time and are only able to use a server provided by the seller; no panel sources codes are sold anymore. Thus, a “Malware-as-a-Service” scheme is used. Centralized C&C infrastructure allows the authors to control how the malware is used by the customers.


Hydromac Malware

Bill Toulas:

The infection begins with dropping a legit copy of Adobe Flash Player, which is also very common among macOS malware strains. Still, MapperState’s features, encryption scheme, debug symbols, and strings were all hidden, encrypted, or stripped. By digging deeper, the researchers were able to confirm that the malware had the capability to fetch more payloads and also check for installed AV tools, but not much else was discerned.

This is where the flashcard app leaks come into play, as the researchers recently used what decrypted strings they held to search on the internet, and the gods (Google) answered. Someone based in San Diego had created a flashcards app account with content matching what was found in MapperState’s code. In the published flashcards, the researchers found another macOS malware named “Hydromac,” which appears to have the same commands as in their sample.

Taha Karim (copy, Hacker News):

The chain of different stages has become very complex nowadays and the analysis phase takes more time, due to the malware authors’ understanding of how reverse engineering is being done, but also countering the tools we wrote to decrypt their malware.


To close this chapter, it is worth noting that this is not the first time critical information is leaked via Flashcards apps, interestingly this week Bellingcat has reported that US Soldiers exposed Nuclear Weapons Secrets via Flashcard Apps, as they were using them for learning purposes.


Tuesday, July 27, 2021 [Tweets] [Favorites]

Inside Apple’s CSAT Solutions Repair Depot

Chance Miller:

While some Apple products are repaired directly in Apple Stores, Apple contracts many of its Mac repairs to third-party providers, including CSAT Solutions based in Houston, Texas. A new report today from Insider today sheds light on what workers describe as a “sweatshop”-like conditions inside the Houston facility, with 13-hour days, broken air conditioning, and unrealistic expectations.


Technicians are said to be tasked with completing every repair in less than an hour, something that employees said is “impossible to sustain.”


Employees who spoke to Insider corroborated that Apple auditors do indeed visit CSAT Solutions, but that employees are instructed to “do certain tasks differently” when auditors are around to avoid any potential trouble.


Safari Frustrations

Perry Sun (via Hacker News):

With IE now out of the way, the distinction of ‘most-hated browser’ goes to Apple’s Safari – which all along had been a close second to IE.

In a similar vein, Safari has consistently lagged behind competing browsers in supporting modern web APIs and features, presenting considerable challenges for developers wanting to create products that work consistently across all the major browsers (Chrome, Edge, Firefox, and Safari).

However, the annoyance with Safari gets deeper and more nuanced, which I’ll explain further below.

I guess it was about time for another one of these posts to gain traction. I don’t think the Internet Explorer analogy is entirely fair, but the frustrations for developers and users are real.

Not being a Web developer, I don’t have much of an opinion about which specific APIs or Web standards Safari should be supporting better. But my experience as a user is that its compatibility continues to decline. In the last month, I encountered problems using the American Express, Discover, and Subway sites. The same actions worked fine in both Chrome and Firefox. I’m also still seeing GPU-related crashes each day, though I’m told this may be fixed in Monterey. Apple is busy trying to reinvent tabs and toolbars, but I just want a browser that works.

Apple dragged their feet in adding support for PWAs in Safari, and when they finally did, limited the capabilities of a PWA so that native-like app functionality wouldn’t be possible, like notifications or a home screen icon shortcut – to name just a few of the many restrictions imposed by Apple.

I think iOS has supported home screen icons for Web pages since day one, so I guess this is referring to customizing the menu that you get when you long-press on an app icon.

The reason for Apple’s self-imposed limitations on PWA-related web APIs? They’ll tell you they’re for user privacy reasons, which may be valid in certain cases.

But most of us know the dominant reason is because fully-capable PWAs would compete against the iOS App Store – robbing Apple of 30% cut in revenue it rakes in when an app is purchased, or an in-app purchase is executed.

It’s not clear to me that the stuff that doesn’t work is primarily related to privacy. But, either way, I would like users to be able to opt into running fully-capable PWAs, especially since that’s the only release valve for all the apps that Apple won’t allow in the App Store.


Update (2021-07-28): Jen Simmons:

If you make websites, what do you need browser engineers to add to WebKit (Safari’s rendering engine)? What HTML, CSS, JS, Web APIs are missing — impacting your ability to get your job done. What do we most need to add / change / fix / invent to help you?

Dave Rupert:

When I think about Safari, it has a reputation as a little bit of a prima donna to the Pixar characters in my brain. From the humble -webkit-appearance: none to make buttons not look like trash on iOS to even more sophisticated tricks polyfilling scroll-behavior: smooth, every project has “one-offs” written inside it to appease Safari. It adds up to a non-zero amount of cognitive load that I maintain as a developer to support Safari.

Tim Perry (via Hacker News):

Most features that Safari hasn’t implemented have no hint of security, privacy or performance concerns, and they’ve been implemented in every other browser already.


The “they’re only ignoring bad features” argument is made weaker by Safari’s previous behaviour with such missing features, where many have eventually been implemented without objection, but years behind other browsers. If there was a good argument against these features, they should clearly never have been implemented.


These APIs are already part of the fabric of the web.


So, outright ignoring popular features will not stop them happening, and risks either giving all market share to Google, or all browsers being forced to follow Google’s standards. What the hell do we do instead?

Safari, Firefox and others need to make better proposals for these use cases.

Update (2021-07-30): See also: Hacker News.

Safari 15 Changes in Beta 4

Juli Clover:

Apple today seeded the fourth betas of iOS and iPadOS 15 to developers for testing purposes, with the updates coming two weeks after Apple released the third betas.

Juli Clover:

The fourth beta of iPadOS 15 that was released today introduces tweaks to Safari, with the [iPadOS] Safari layout now mirroring the updated layout that was introduced in macOS Monterey Beta 3.


While the separate tab bar is enabled automatically when updating, in the Safari section of Settings, there is an option to toggle on the original compact tab bar that merged everything together.

Federico Viticci:

There are more changes to Safari for iPhone in iOS 15 beta 4:

  • The share button is back in the tab bar
  • Reload button is back, next to domain name
  • Quicker access to bookmarks
  • One-tap Reader button appears on articles


  • The tab bar now automatically minimizes when interacting with buttons on websites.
  • There’s a new ‘docking’ behavior for the tab bar above the keyboard when you tap into search boxes on websites.

Overall, seems like Apple is adapting to websites after all.

Federico Viticci:

There’s a total of six different touch targets in the iOS 15 beta 4 tab bar in Safari.

These exclude the ability to long-press the tab bar, swipe across it to change tabs, and swipe it up to open the Tabs view.

I’m…starting to think a single, small toolbar just won’t do. 😬

Michael Love:

They’re already desperately trying to make this UI work and it’s a brand new UI; imagine if a year or two from now they want to add some new option to it.

Curtis Herbert:

I really do appreciate the experimentation, but the new Safari feels like something I’d take to the UI Design Labs at WWDC and they’d push me to use native controls that users expect and already know, have better tap targets, & stop cramming too many things in a small space.

Josh Centers:

I find the new Safari design in iPadOS 15 b4 to be every bit as confusing as before, but without the space-saving cleverness of the previous design.

Tyler Hall:

If Safari on macOS Monterey is heading in a similar direction where web page titles are going to be even more truncated, that’s going to make me sad. I guess we should do something about it.

Here’s TheTitle.app

It’s a silly Mac app that is just a window title bar. It floats above all the other windows on your Mac and keeps an eye on your web browsers. As you move from browser to browser and web page to web page, TheTitle shows you the full page title - unobscured. Problem solved.


Update (2021-07-28): John Gruber:

I think it’s fair to say there are [9] touch targets, because the left and right sides are effectively previous/next tab buttons.

Nick Heer:

There is some good news: the “⋯” Button of Mystery has been scrapped and replaced with the standard share button. There’s also a reload button in the address bar right beside the URL — but it is grey, while every other tappable control in Safari is blue.


In this context, reconfiguring Safari so that the entire user interaction happens in the lower half of the screen is a win for usability, but a loss for muscle memory. I think this once-in-a-lifetime update could make sense in the long term. But when coupled with some of the space constraints created by this specific iteration and how cramped the controls are, it is hard to argue in favour of this interpretation of Safari.

John Gruber:

How is a normal person going to get into Reader Mode come fall, when they upgrade from iOS 14?

John Gruber:

Mobile Safari versions 1–14: no one ever had to explain anything.

Mobile Safari 15: “See, you don’t get the genius of this design, let me explain…”

Riccardo Mori:

That reload icon beside the site name is so tiny one needs a fine-point stylus to tap it. Pull to Refresh on the other hand is a 10-plus-year-old tried-and-true gesture which I think fits best in this otherwise tragic Safari redesign.

Peter Novak:

The reload button placement is disastrous. Every. Single. Time. I want to type an address, I reload the page I’m currently on.

Ezekiel Elin:

My complaint with todays address bar is that the reload button moves and seems to find itself in the dead middle of the “address bar” a lot

Federico Viticci:

I wish I was kidding at this point, but the Safari tab bar in iOS 15 beta 4 can get busier.

Here’s what happens if you do a Google search, have an extension active, and have just downloaded a file.

(Magnifying glass, text label, dot on share.)

Michael Love:

The internal politics behind this stupid address bar are probably quite terrifying.

John Gruber (tweet):

But there’s an awful lot of non-sharing stuff crammed into the Share menu — the ᴀA menu items from the current version of Safari (text size, Reader mode, disabling content blockers temporarily, etc.) are all in “Share” now. It’s better than the “···” menu in betas 1–3, but really, this is more like changing the “···” glyph to the Share glyph. It’s still two menus’ worth of features stuffed into one monolithic menu.

John Gruber:

But my big problem with this tab bar — both on Mac and now iPad — is that it’s very hard to see which tab is the current (selected) tab. The visual indication for “selected” is just a very slightly different background tint — whether you’ve got “Show color in tab bar” enabled or not. You can even scroll the current tab out of view. Why is that possible? I don’t see how this is better than the Safari 14 tab bar in any way, and I see a lot of ways that it’s worse.


It get’s worse, and worse. On the latest macOS beta, they added a stroke around the traffic lights so that they look better when the titlebar has a background color. The address bar is now outlined to make it different from the tabs that look otherwise the same. Yikes.

Safari uses a darker stroke then the rest of the system and it looks really bad.

Update (2021-07-30): Benjamin Mayo:

I sure am hitting the reload button a lot when I mean to tap the URL bar to enter a new address.

The main cause for this I think is because the button sits at the end of the displayed domain, it is never in quite the same place because domains are variable lengths. Hence, the safe zone changes on each page you visit.

Josh Pigford:

The URL bar in Mobile Safari just gets more ridiculous with iOS 15 Beta 4.

Developer Account Terminated After Reporting Security Issue

Khaos Tian:

lol apparently reporting security issue to Apple product security can lead to termination from Apple Developer Program? Got a notice of termination from the personal account that has no activity recently today 🙃

Looks like I’m getting ghosted by WWDR & Product Security forks

That’s one way to make sure I don’t waste my time on sending security issues to them in the future I guess ¯\_(ツ)_/

Also it’s kinda annoying that macOS still shows the misleading alert when the signing certificate is revoked…

Saagar Jha:

Reminder that developing software for macOS means that Apple will turn around and call it malware if they terminate your developer account, because people who report security issues in good faith obviously write apps that will damage your computer.


Update (2021-07-28): See also: Hacker News:

Nika Kirkitadze (via Hacker News, tweet):

A few weeks ago, I received an email from Apple, where says that my developer membership has terminated. This is a massive blow to me.

The letter says that I have fraudulent conduct, but I believe that’s not true.

Apple just sent a warning message to me and, after 14 days, removed all my apps at the same time.

I am disappointed, of course. But a more critical issue is that I don’t know what went wrong and how to fix it. I tried to communicate with them but always was getting exact generic words and texts but nothing concrete.

Apple is super confident about its judgment. They applied the most severe punishment to me, without mentioning any details.

Monday, July 26, 2021 [Tweets] [Favorites]

macOS 11.5.1

Juli Clover:

According to Apple, macOS Big Sur 11.5.1 brings important security updates and is recommended for all users.


Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved memory handling.

I encountered some problems applying this update (on top of 11.5). Software Update repeatedly stopped the download midway. After the download had completed, clicking the button to install it would try to download it again instead of restarting the Mac to begin installation.

See also: Mr. Macintosh (tweet, standalone download link), Howard Oakley.


Update (2021-07-26): See also: Pierre Igot.

Rumors About the Next Pro Macs

Tim Hardwick:

On Twitter, Dylandkt claimed that Apple’s “high end iMac” is not expected to release in the fourth quarter of 2021 alongside Apple’s “M1X Macs” – a reference to Apple’s redesigned MacBook Pro models – because “Apple simply does not want their devices to compete for attention and delays in product releases have led to this timetable.”

In previous claims, Dylandkt has remained adamant that an “M1X” Apple silicon processor is destined for high-end “Pro” Macs, which could include the upcoming MacBook Pro models and a larger, more powerful iMac model. Apple is expected to release 14-inch and 16-inch MacBook Pro models at some point between September and November.

I’ve been waiting for the new iMac (27-inch or Pro) to use my DTK coupon that expires at the end of this year, though I might be persuaded to get a 16-inch MacBook Pro (which hasn’t been updated since its release in 2019) if there’s an external display available.

Juli Clover:

A new Mac Pro that’s coming in 2022 is set to use Intel’s Ice Lake Xeon W-3300 workstation chips, according to an Intel leaker that WCCFtech says has offered reliable information on Intel Xeon chips in the past.

I’ve not heard anything about timing for the Apple Silicon Mac Pro, except that Apple announced in June 2020 that the full product line would transition within two years.


Apple Business Model: A Naive Nostalgic Look

Jean-Louis Gassée:

At first, the App Store looked like another product in charge of propping up sales volume and profit margin for the main act, the iPhone. That didn’t last. The App Store became more than an iPhone support function, it became a gigantic business in itself. One that Apple doesn’t disclose but bundles into the Services category. The Services number includes much more than the undisclosed App Store revenue, it encompasses services such as iCloud and Music revenue, Apple Care, and the more visible Apple TV activities.

In the company’s latest SEC filing for the quarter ended in March 2021, Apple’s Services reached $16.9B, exactly as much as the $16.9B number for the combined Mac and iPad revenue, although still far form the $48B iPhone revenue for that quarter.


What happens to priorities, to company culture? What will be sacrificed and what will be preserved? For example, if budgetary restrictions are needed, what will be prioritized: the next Ted Lasso or the next Apple Silicon processor?


I don’t have immediate worries for Apple’s culture. But I’m old enough to have seen strong companies lose their way as their priorities changed and they lost sight of their strengths.

I think we’ve been seeing tradeoffs favoring services over customer interests for a while now. Today, I was trying to play a song in Monterey’s Music app. It was stored locally, but I couldn’t get to the Library section of the app. The main part of the window was entirely devoted to an ad for Apple Music, and there seemed to be no way to dismiss it except to subscribe. There was no “x” or “Later” button, even on hover. Clicking outside of the border or in the sidebar didn’t close it. Eventually, I figured out that it would go away if I pressed Esc.


Update (2021-07-27): Nick Heer:

But this new focus on recurring services revenue — predictable monthly payments from as many buyers as possible — has created plenty of opportunities for Apple to degrade its existing product offerings. As the iTunes Store gave way to the Apple Music streaming model, iTunes was replaced with the much worse Music app, which feels like an old <frame>-based website given the façade of a desktop application. Applications across MacOS and iOS now interrupt users with advertisements in a nagging reminder that your multi-thousand-dollar purchase of a hardware product is merely the beginning of your financial relationship with Apple.


One thing not mentioned by either Gassée or Apple is that about one-fifth to one-quarter of Apple’s services revenue is from Google for making it the default search engine across Apple’s ecosystem. I mentally subtract $3 billion from this category in the quarterly earnings report to create a truer estimation of how Apple’s own-brand services are performing.

Smaller Preferences Tab Icons in Big Sur

Marc Edwards:

I believe macOS Big Sur changed the prefs tab icon size, and because of that, most Mac apps now have blurry icons. I was unable to find a size in the macOS Human Interface Guidelines, but dropping a solid image into your Xcode project reveals the full image area for the asset. In this case, it’s 54×54 pixels on a Retina display, which means prefs tab icon assets need to be exactly 27×27pt to render sharply. Please note that the icons themselves are only around 22×22pt, with the additional space just being padding.

I found it tricky to make a custom icon look right next to an SF Symbol. Vectors help it look sharp at different resolutions, but they don’t help with scaling. It really has to be drawn at the desired size or the stroke widths will be off. And this applies recursively: you can’t just draw a sub-element and then scale it to the right size, or its strokes won’t match the rest of the icon. Naive scaling of a vector icon actually looks worse than scaling down a bitmap.


Friday, July 23, 2021 [Tweets] [Favorites]

iDOS Emulator to Be Removed From the App Store

Juli Clover (Hacker News):

iDOS 2 has been available in the App Store since 2014, and its predecessor, iDOS, was first released in 2010. iDOS has had issues with Apple before, and in 2010, Apple pulled the original emulator app from the App Store. Changes were made, and the app was allowed back in the App Store in 2011, but there have still been ongoing troubles with Apple.

iDOS 2 went four years without an update because of Apple’s restrictions on iTunes file sharing and bundling game files without ownership, but in 2020, Li implemented document storage and was able to once again update the app.

Since 2020, iDOS has been able to run games and programs accessed through file sharing, which Apple now says is not allowed.

This is frustrating for several reasons:

Chaoji Li (Hacker News):

Long time iDOS users are aware that we have been able to update iDOS meaningfully since last year, because we have enabled file sharing access which gives iDOS the ability to run custom games or programs.

We didn’t play any trick to fool the reviewers, on the contrary, for any submission, we always provide the following note up front to them:

This version enables Document Browser mode, but it

  • doesn’t download code from internet,
  • doesn’t provide store front,
  • only runs emulation in a small portion of screen.

We are perfectly aware of AppStore policy on interpreted code. The reason of this submission is that there are similar apps on AppStore, running js or python code. In principle, iDOS is no different. No security risk since the user code is running inside emulator within the app sandbox.

App Review:

During review, your app installed or launched executable code, which is not permitted on the App Store.

Specifically, your app executes iDOS package and image files and allows iTunes File Sharing and Files support for importing games. Executing code can introduce or changes features or functionality of the app and allows for downloading of content without licensing.

Please note that while educational apps designed to teach, develop, or allow students to test executable code may, in limited circumstances, download code, such code may not be used for other purposes and such apps must make the source code completely viewable and editable by the user.

Well, there’s no reason the x86 assembly code couldn’t be made viewable and editable…

Dan Moren:

Over the last few years, Apple has been advancing the narrative that the iPad is just as good as a traditional computer, but if Apple is going to continue to dictate the boundaries of its capabilities by arbitrarily deciding what software can and can’t do on the platform, the truth is simple: this platform, good as it is, will never be as good as a computer. And Apple will have no one to blame but itself.

Craig Grannell:

It’s been back on the store with this exact same functionality for a while now, and received several updates. I’d hoped this was a sign Apple was changing its tone on retro gaming and emulation, but feared it was not. And Apple’s seeming distaste for emulated classic games feels further cemented by it not approving entirely legal retro-gaming streaming service Antstream Arcade for the App Store.


Update (2021-07-26): Drew Crawford:

Policies against Real Apps are implicitly a vote for Facebook. So developers make Facebook.

Update (2021-07-30): Harry McCracken:

I’m not sure if Apple let this App Store review of IDOS 2 go up on purpose or not, but I’m glad it’s there.

macOS 11.5

Juli Clover:

macOS Big Sur is a minor update focusing on small changes and bug fixes. According to Apple’s release notes, the update improves the Podcasts app by allowing the Podcasts Library tab to be adjusted to show all shows or only followed shows.

It also addresses an issue that could cause Apple Music not to update play count or the last played date in the library, and it fixes a bug that caused smart cards not to work when logging into M1 Macs.

I first saw this update on Wednesday, but then it disappeared and I wasn’t able to download it until yesterday. Now it’s available via Software Update and direct download.


iOS 14.7

Juli Clover:

According to Apple’s release notes for the update, iPadOS 14.7 introduces an option for two Apple Card members in the same family to combine their cards, plus it adds new Podcasts options and fixes a bug that could cause audio to skip when using USB-C to 3.5mm headphone jack adapters. Apple’s full release notes are below[…]

Lisa Vaas:

The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware.


Through the Blast Door

Nick Heer:

This weekend’s first batch of stories from the “Pegasus Project” — a collaboration between seventeen different outlets invited by French investigative publication Forbidden Stories and Amnesty International — offers a rare glimpse into the infrastructure of modern espionage. This is a spaghetti junction of narratives: device security, privatized intelligence and spycraft, appropriate targeting, corporate responsibility, and assassination. It is as tantalizing a story as it is disturbing.

“Pegasus” is a mobile spyware toolkit created and distributed by NSO Group. Once successfully installed, it reportedly has root-level access and can, therefore, exfiltrate anything of intelligence interest: messages, locations, phone records, contacts, and photos are all obvious and confirmed categories. Pegasus can also create new things of intelligence value: it can capture pictures using any of the cameras and record audio using the microphone, all without the user’s knowledge. According to a 2012 Calcalist report, NSO Group is licensed by the Israeli Ministry of Defense to export its spyware to foreign governments, but not private companies or individuals.


The phones of Panyi, Thakurta, and Vaqifqizi were analyzed by Amnesty International’s Security Lab and found to be infected after their numbers appeared on a list of over 50,000 numbers that were allegedly selected for targeting by governments using NSO software. Reporters were able to identify the owners of hundreds of those numbers, and Amnesty conducted forensic analysis on as many of their phones as possible, confirming infection in dozens of cases. The reporting was backed up with interviews, documents, and other materials.


The strongest evidence that the list really does represent Pegasus targets came through forensic analysis.

Amnesty International’s Security Lab examined data from 67 phones whose numbers were in the list. Thirty-seven phones showed traces of Pegasus activity: 23 phones were successfully infected, and 14 showed signs of attempted targeting. For the remaining 30 phones, the tests were inconclusive, in several cases because the phones had been replaced.

John Scott-Railton:

We @citizenlab conducted peer review.

Here’s an explainer THREAD.

Daniel Cuthbert:

NSO Group has a full zero-click zero-day iMessage exploit chain that can install the Pegasus spyware on the latest version of iOS at the time of writing (14.6).

Craig Timberg, Reed Albergotti, and Elodie Guéguen:

Pegasus can collect emails, call records, social media posts, user passwords, contact lists, pictures, videos, sound recordings and browsing histories, according to security researchers and NSO marketing materials. The spyware can activate cameras or microphones to capture fresh images and recordings. It can listen to calls and voice mails. It can collect location logs of where a user has been and also determine where that user is now, along with data indicating whether the person is stationary or, if moving, in which direction.

And all of this can happen without a user even touching her phone or knowing she has received a mysterious message from an unfamiliar person — in Mangin’s case, a Gmail user going by the name “linakeller2203.”

Ivan Krstić:

For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market. […] Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.

Timberg et al.:

The investigation found that iMessage — the built-in messaging app that allows seamless chatting among iPhone users — played a role in 13 of the 23 successful infiltrations of iPhones.


In a 2,800-word email responding to questions from The Post that Apple said could not be quoted directly, the company said that iPhones severely restrict the code that an iMessage can run on a device and that it has protections against malware arriving in this way. It said BlastDoor examines Web previews and photos for suspicious content before users can view them but did not elaborate on that process.

It’s not clear to me how this was done. Is there a flaw in the BlastDoor sandbox? Or is Messages not actually using it for all decoding of untrusted data, e.g. images?

Reed Albergotti:

Apple has so many bugs that it can’t fix them all, and can take years to implement fixes. It created a bug bounty program in 2016, which it says pays the most in the industry. But inside and outside the company, the view is that it has room for improvement. A lot of room.

One former employee told me the security team would send canned responses (to ensure they would not be vetoed by the marketing team) to researchers who submitted bugs. That kind of communication does not lead to good relationships with security researchers.


Apple is famously shy about sharing anything, especially acknowledging problems, and that is true when it comes to security. Apple argues that it’s better that way. The less hackers know, the better. That is why Apple makes it difficult to even locate traces of malware on iPhones.

As @craiu told me, that means we don’t know the extent of the problem. He said if Apple allowed more analysis of iPhones for malware, it would generate bad press, but make iPhones more secure.

Stefan Esser:

With PEGASUS in the news again. Never forget that behind closed doors people will tell you that when PEGASUS was found the first time in the wild Apple forbid researchers to put the samples in the public and they complied because they were scared for their app(s) in the @AppStore

Whenever Apple claims the @AppStore is required for security keep in mind those “secret” stories where Apple managers threatened security companies to shut up because otherwise their apps in the @AppStore might get extra reviewed….

Stefan Esser:

Interesting in this PEGASUS research is also that we have been right: making persistence hard does not stop phone hacks instead it makes them even harder to find because less to no artifacts on the disk. Without introspection of the computers in our pockets we are doomed :P

Nikias Bassen:

This is the problem with Apple (and Google) locking out their users. It actually helps the bad actors since the user cannot see what is happening on the device, and after the fact you can’t even get a sample of the malware without a jailbreak.

Stefan Esser:

iOS attack have been ongoing for years. They were invisible because Apple denies introspection of iPhones. This is part of their marketing to claim iPhones are invulnerable compared to the competition. Then iOS exploitation capabilities slipped into the hands of NSO who are notorious for getting caught apparently. So finally the world learned that this is real. But only because one of the many players has been caught in the act. Since they were caught the first time the only other player that has been found was the campaign Google found. No other iOS drive by attacks or malware has ever been found. And no this is not because it doesn’t exist. It is because nobody can see it. Much to the joy of Apple management.

Dan Moren:

Tech Crunch’s Zack Whittaker linked to a tool that can help you check if your phone was compromised.

I downloaded and tried out the Mobile Verification Toolkit so you don’t have to and, well, it’s definitely not user friendly. I had to install some command line updates via Homebrew, which took a little bit of trial and error after the instructions proved to not be exactly correct for my system, then had to make a decrypted copy of my iPhone backup, plus had to make sure I’d downloaded the correct definitions file to compare it to.

How likely is it that the evidence would be included in a backup?

Simone Manganelli:


Israeli spyware company NSO Group has said repeatedly that its surveillance tools do not work against smartphones based in the United States

Why would that matter for 0-click iMessage vulnerabilities?

Matthew Green:

Many attacks used “network injection” to redirect the victim to a malicious website. That technique requires some control of the local network, which makes it hard to deploy to remote users in other countries. A more worrying set of attacks appear to use Apple’s iMessage to perform “0-click” exploitation of iOS devices. Using this vector, NSO simply “throws” a targeted exploit payload at some Apple ID such as your phone number, and then sits back and waits for your zombie phone to contact its infrastructure.


Adding a firewall is the cheap solution to the problem, and this is probably why Apple chose this as their first line of defense. But actually closing this security hole is going to require a lot more. Apple will have to re-write most of the iMessage codebase in some memory-safe language, along with many system libraries that handle data parsing.


NSO can afford to maintain a 50,000 number target list because the exploits they use hit a particular “sweet spot” where the risk of losing an exploit chain — combined with the cost of developing new ones — is low enough that they can deploy them at scale. That’s why they’re willing to hand out exploitation to every idiot dictator — because right now they think they can keep the business going even if Amnesty International or CitizenLab occasionally catches them targeting some human rights lawyer.

See also:


Update (2021-07-26): Nick Heer:

The reporting associated with the Pegasus Project has been enlightening so far, but not without its faults. The confusion about this list of phone numbers is one of those problems — and it is a big one. It undermines some otherwise excellent stories because it is not yet known why someone’s phone number would end up on this list. Clearly it is not random, but nor is it a list of individuals whose phones were all infected with Pegasus spyware.

See also: Wired, MacRumors, TidBITS.

Update (2021-07-30): John Gruber:

[Last] year Motherboard reporter Joseph Cox revealed that Facebook attempted to purchase the right to use Pegasus to spy on their own iOS users.

Thursday, July 22, 2021 [Tweets] [Favorites]

Git Tower 7

Julian Rothkamp:

The first thing you will notice after updating to Tower for Mac version 6 is our new dock icon.


After adapting the toolbar to the new design, we decided to go one step further and remove Tower’s “Navigation Bar” right below the toolbar.


Across the whole app you will find new as well as redesigned icons.

Julian Rothkamp:

Version 7 gives you the option to easily give your commits more context by directly referencing issues, commits and files.


Similar to issues numbers, you can search and autocomplete commit references by typing “c:”.


If you want to quickly reference specific changed files from your working copy, simply do so by typing “\”.


For a quick overview of the list of available commands, just type “/”. Tower will show you command suggestions to help you discover available completion actions easily.


If you start your commit message with the “fixup!” or “squash!” keywords in the subject field, Tower lets you choose an existing commit you want to fixup or squash, respectively. After making that commit, you can switch to your HEAD branch’s history and will find a bright yellow button at the top to conclude the process.

The version numbers are changing so quickly now.

I still wish I could just drag and drop a file onto Tower to see its history.


Hopper 4.8

The new version of Hopper includes an important change:

Initial support for the new DYLD shared cache of macOS Monterey,

This version allows it to open the shared cache rather than failing outright. However, Hopper is not yet able to show all of the symbols. Also, each architecture now has four separate files, so you may have to try several before finding the framework that you want.

Hopefully the format of the shared cache doesn’t keep changing each year, because not having working tools makes it harder to track down crashes and other bugs.


Wednesday, July 21, 2021 [Tweets] [Favorites]

Windows 11: Android Apps

Tom Warren (Hacker News):

Android apps will run natively on Windows 11 and will be downloadable from Amazon’s Appstore, via the new Windows store that’s included in the operating system.


Microsoft is also partnering with Intel to use its Intel Bridge technology to make this a reality, although the Android apps will still work with both AMD and Arm-based systems.

Presumably, the bridge is only necessary for the parts of the apps compiled for ARM, and the Java bytecode can just run in a Windows JVM.

Steve Troughton-Smith:

I hope Microsoft goes beyond simply running Android apps in a VM; provide a path towards a native-feeling Fluent Windows app, like Catalyst does for UIKit apps on the Mac. Is it an also-ran, or is it the future of consumer app development on Windows?


Windows 11: Windows Store Changes

Dieter Bohn:

At the end of a surprisingly eventful, exciting presentation of Windows 11, Microsoft CEO Satya Nadella came on the video feed to deliver some closing remarks. He laid out his vision for Windows 11 as a “platform for platform creators,” and in doing so, he issued a subtle but nonetheless stinging critique of Apple.

Nadella’s speech was almost entirely about building a case that Windows would be a better platform for creators than either macOS or (especially) iOS. He argued that “there is no personal computing without personal agency,” insisting that users should be more in control of their computers.

Nadella called out the changes Microsoft is making to its app store rules, allowing more types of apps, Android apps, and — most importantly — allowing apps to use their own payment systems if they so choose.

Nilay Patel:

If you had told me in 2000 that in 2021 Microsoft would be positioning itself as the champion of creators and developers while Apple was being pilloried in Congress for being a monopolist... I would have probably flamed you on Slashdot?

Zac Bowden (via Steve Troughton-Smith):

The new store features policy changes that allows app developers to submit unpackaged Win32 apps, such as raw .exe and MSI applications.

Microsoft is also allowing app developers to use their own content delivery networks for app hosting and updates, meaning app updates no longer have to come directly from the Microsoft Store.

Finally, the company has announced that app developers can now use third-party commerce platforms, and Microsoft won’t take a revenue cut from apps that do.

Jay Peters:

But the deal has one important caveat: it doesn’t apply to games, Microsoft confirmed to The Verge.


Microsoft is largely on the side of apps and games being different because its bottom line depends on it. During the Epic trial, the company testified that it sells expensive Xbox hardware at a loss and makes its profits from the 30 percent cut it takes of game sales and subscriptions. But it also seemed like Microsoft was saying that PC games were different: the company recently announced that it would lower its cut of game revenues in the Microsoft Store from 30 to 12 percent starting on August 1st.

Steve Troughton-Smith:

Microsoft opening up the Windows Store to any arbitrary exe file or installer URL has kicked off a mad rush for everybody to get their apps listed there — because why wouldn’t you be in the Store, now? It’ll rapidly become the first & only place most users look for software


Windows 11: ARM64EC

Marc Sweetgall:

ARM64EC is a new application binary interface (ABI) for Windows 11 on ARM that runs with native speed and is interoperable with x64. An app, process, or even a module can freely mix and match ARM64EC and x64 as needed. The ARM64EC code in the app will run natively while any x64 code will run using Windows 11 on ARM’s built-in emulation.


Traditionally, rebuilding an app for ARM has meant recompiling the entire app. The result is a great native experience for the customer that unlocks the full power of the ARM device. However, from a developer perspective, porting an app can be all-or-nothing, since all the binaries within a process need to be rebuilt before a customer can see the benefit.

With ARM64EC, you can choose to start small and build incrementally. You can identify a part of your codebase that would benefit most from native performance and rebuild it as ARM64EC. The rest of the app will remain fully functional as emulated x64, but the recompiled ARM64EC parts will now have native speed. Over time, you can recompile more of the app as ARM64EC to further improve performance and conserve battery life for your app’s customers.

Via Rosyna Keller:

Windows 11 is bringing back the Mixed Mode Manager!


Instead of allowing arbitrary ARM apps to load arbitrary x64 code in-process, the ARM app needs to have its ABI “massaged” to look more like the x64 ABI.


Windows 11 Announced

Panos Panay (Hacker News):

We’ve simplified the design and user experience to empower your productivity and inspire your creativity. It’s modern, fresh, clean and beautiful. From the new Start button and taskbar to each sound, font and icon, everything was done intentionally to put you in control and bring a sense of calm and ease. We put Start at the center and made it easier to quickly find what you need. Start utilizes the power of the cloud and Microsoft 365 to show you your recent files no matter what platform or device you were viewing them on earlier, even if it was on an Android or iOS device.

Windows has always been about helping you work how you want, by offering flexibility of multiple windows and the ability to snap apps side by side. New in Windows 11, we’re introducing Snap Layouts, Snap Groups and Desktops to provide an even more powerful way to multitask and stay on top of what you need to get done. These are new features designed to help you organize your windows and optimize your screen real estate so you can see what you need just the way you want in a layout that’s visually clean. You can also create separate Desktops for each part of your life and customize them to your liking – imagine having a Desktop for work, gaming or school.

John Gruber:

Microsoft is doing something very interesting with app icons — they’re using different shapes for each of them, rather than forcing them all into the exact same roundsquare shape. That’s an idea Apple should copy.

Nick Heer:

On the surface, it is more of an iterative update than any new version of Windows for a long time; it seems like, with Windows 10, Microsoft established a good foundation that does not require radical changes. At the time, Microsoft even went so far as to claim that Windows 10 would be the “last version of Windows”. Things change.

Ben Thompson:

Of course Windows remains essential software, with a billion-plus userbase of its own, and a critical part of the enterprise landscape in particular (although, as the company highlighted in the presentation, COVID re-established the importance of the PC for consumers as well). What gives Microsoft more freedom-of-movement, though, is that Windows is no longer the core of its business. This remains CEO Satya Nadella’s biggest triumph; I recounted how he shifted the company away from its Windows-centricity in 2018’s The End of Windows[…]


Microsoft, like Apple, is responding by doing what they do best, but, because it’s Microsoft, it’s the exact opposite of Apple: instead of more deeply integrating and doing everything themselves in an attempt to appeal to consumers, they are opening up and removing limitations in an attempt to appeal to developers, and by extension consumers who don’t want to be bound into Apple’s ecosystem.

Nilay Patel (via John Gruber):

We’ve got a special episode of Decoder today — I’m talking to Satya Nadella, the CEO and chairman of Microsoft.

Nick Heer:

Officially, Windows 11 is incompatible with processors in computers released starting just a few years ago, but even more recent models are going to be stuck on Windows 10.

Jack Wellborn:

As successful as Apple has been, they aren’t an immediate threat to Microsoft. Fundamentally, one is primarily a consumer technology company and the other is a business technology company. While each has tried to drink the other’s milkshake, neither has meaningfully succeeded. The biggest and most immediate threat to Windows is not anything made by Apple. It’s Chromebooks.


These aren’t features to lure Mac or iPad users to Windows. They are to keep Windows customers, consumers and businesses alike, from switching to Google.


Tuesday, July 20, 2021 [Tweets] [Favorites]

BBEdit 14

Bare Bones Software (tweet):

BBEdit 14.0 and later feature built-in support for the Language Server Protocol, (occasionally referred to here as “LSP”, not to be confused with Lightspeed Pascal).


Completions supplied by the language server are significantly more accurate and complete than those available using the built-in mechanisms.

If a language server supports the “signature help” feature, BBEdit enables the “Show Parameter Help” command on the Edit menu; choosing this will open a panel providing assistance for filling in function parameters at the current insertion point (if applicable).

If a language server reports issues (errors and warnings) for a file in which you’re editing, ranges corresponding to those issues get highlighted according to their severity, and the corresponding lines are highlighted in the line number bar.


Command-double-click on a word will direct the request to an appropriate language server and perform the equivalent of “Go to Definition”, if possible.

I’m really excited about this, as it enables all sorts of IDE-type features. I’d long hoped that Xcode would add an API to make its indexing information available to external editors. In a way, this is better because it also works with languages not supported by Xcode. It uses an open protocol that’s implemented by various open-source language implementations. If you’re using a custom language, you can write your own LSP server.

As you might expect, to get this working requires installing a server package for each language (links here). C-family languages and Swift “work” out of the box if you have Xcode installed. I put that in quotes because, although the language server is pre-installed and pre-configured:

clangd relies on a “compilation database” which provides necessary information about compiler options and lists the files relevant to the current project workspace. The compilation database is a JSON file named “compile_commands.json” which lives at the root directory of the project.

Without this, it won’t even know what NSString is. There’s a sample shell script that you can set up to generate the compile_commands.json for each Xcode project. Note that this JSON only contains information about the project files and how they’re compiled. It’s not a list of the actual symbols to be indexed, like with ctags, so it does not need to be regenerated frequently.

One issue I ran into is loose C/Objective-C files that aren’t part of an Xcode project. For example, I like to view/search the header files from Apple’s SDKs. It’s not obvious how to generate a compilation database for those files, nor where to put it. So I end up with spurious warnings about types (even intptr_t) and macros (such as API_AVAILABLE) that were declared in an included file. My workaround for this is to configure .h files as Objective-C++ and then turn off LSP for Objective-C++ files. I mostly care about it in .m files, anyway.

The compilation database does not include information about Swift files, and sourcekit-lsp for Swift doesn’t seem to be able to figure out my project structure itself. So, when editing a Swift file, I get live reporting of syntax errors, which is great, but it doesn’t offer completions of symbols from the same framework or know how to find definitions. But neither, thankfully, does it show warnings for symbols that it doesn’t know about.

More new stuff from the release notes:

Notes are mostly like ordinary text documents, except that you don’t have to remember to save them or even make up a name if you don’t want to. BBEdit keeps notes all together in a “notebook”. Notes exist on disk as text files; there’s no secret file format involved.


Added “Repeat Last Command” to the Edit menu.


When dragging an image or an HTML file into a Markdown document, BBEdit will generate appropriately formatted Markdown references.


Added the ability to drag files (not folders) from an FTP/SFTP browser window to the Finder (and other applications that want files). When the item is dropped in its destination, BBEdit will download the file as indicated.


Added “Precompose Unicode” to the Text menu. This command will convert decomposed Unicode pairs (such as a letter followed by a combining accent or diaresis) into a single Unicode character, where possible.


Added a new script attachment point, to provide additional control over the text generated when you drop an image file into a BBEdit editing view.

It also adds language modules for R, Lisp, Go, and Rust—and a nice new icon for Big Sur. This is definitely one of the bigger BBEdit upgrades.

Pricing is unchanged, $50 for new licenses and $30 for upgrades.

See also:


Update (2021-07-26): See also: Hacker News, TidBITS.

Monday, July 19, 2021 [Tweets] [Favorites]

Owner Accounts on M1 Macs

Howard Oakley:

In the next few days those using M1 Macs will be updating to Big Sur 11.5, blissfully ignorant of how, as an admin user, their Mac could refuse to update. Because now, in addition to regular users, admin users and root, there’s another class of admin user: the Owner.


If you install a second operating system, on internal or external storage, the Owner needs to agree to hand over Ownership to users of that second system. And that’s where problems can occur, with a combination of puzzlement and frustration. Last week, when trying to perform a macOS update on a second operating system on my M1 Mac mini, I only succeeded at the third attempt, after a total of five hours.


Update (2021-07-26): Howard Oakley:

So during this creation of the default state, the OIK, the private half of a public-private key pair, is generated and stored in the Secure Enclave. Also created is a new User Identity Key (UIK) for Activation Lock. This is sent to Apple for certification, where it’s checked to see if it’s associated with a lost Mac using the Find My Mac service. If it is, then certification is refused and that attempt to set that Mac up fails. If the UIK is certificated successfully, then that User Identity Certificate (ucrt) is used to sign in RemotePolicies, which provide constraints for LocalPolicies.


Creating and maintaining LocalPolicies requires a user to have access to the private OIK in the Secure Enclave, making that user an Owner. Apple states: “Access to the Owner Identity Key (OIK) is referred to as “Ownership.” Ownership is required to allow users to resign the LocalPolicy after making policy or software changes.”


M1 Macs always start their boot process from their internal storage, even when they’re then going to boot from a second operating system stored elsewhere. To be able to boot from that second OS, it requires a LocalPolicy with an OIC attached, and Ownership has to be handed off to an Install User created when that OS is installed.


Handing off Ownership to the Install User is more of a problem, as users are only created once the installation is complete. To accommodate that, macOS offers to copy a user from the current boot system as the Install User, and the primary admin user, on the second OS.

He notes that the process doesn’t “always work as expected, particularly when using beta releases,” and that there is “no way to identify Owners or Install Users.”

The Print Shop Club

Benj Edwards:

In 1984, Brøderbund Software released “The Print Shop,” a pioneering desktop publishing app that allowed anyone with a PC to easily make large banners, signs, and greeting cards at home for the first time. Here’s what made it special.


One of the coolest features of The Print Shop was that you could type in any message, and the program would automatically format it so that it could be printed in a large font horizontally on a continuous feed of paper. Since graphics capability wasn’t common in printers in those days, the letters of the words in the banner were usually composed of simple blocks or many smaller characters grouped together to form the shapes of larger letters.

This was one of my favorite Apple II apps. I used it to make lots of foldable greeting cards, posters, and banners—where the flaw of the tractor-feed printers of the day was turned into a feature.

The Print Shop Club (via Brad Fitzpatrick, Hacker News):

We’ve created this website as a tribute to David, Martin, and The Print Shop, and all of the fond memories children, parents and teachers from the 1980s have of it. On this site we’ve emulated the Apple II and The Print Shop software, so that visitors can easily use The Print Shop to create their own cards, posters and banners. See the Documentation page to read The Print Shop manual, or just get started by clicking on the application window on the Application page once the Click to Start message appears.

It prints by downloading a PDF file.