Apple Dropped Plans for End-to-End Encrypted iCloud Backups After FBI Objected

Bug Debugging Instruments Mac macOS 10.15 Catalina Memory Management Programming Testing Xcode

Profiling Mac Unit Tests

Ilja A. Iwas:

Mac Devs: Is it just me, or is the “Profile ‘Test XYZ’” command in Xcode 11.3 broken? Instruments launches the main app, but does not run any tests. 🤷‍♂️

He’s filed bug FB7543911.

There was a brief period of time where running tests under Instruments worked for me, and it was glorious. Then the handy “Profile [test]” command stopped working—Instruments would launch but not record anything from the test. I reverted to the old method of setting a breakpoint and manually attaching Instruments to the test process while it was paused. Lately, that no longer works for me, either.

Mostly, I use Instruments to track down memory leaks. An alternative tool is the Memory Graph Debugger, which works within Xcode itself and never seems to have trouble attaching/recording.

Rejected for Working Around macOS Bugs

It’s a dramatic day for @MarsEdit and compatiblity, as App Review has suddenly become more interested in private WebKit SPI. I patch WebHTMLView to work around serious bugs which I have filed. One of them is a crasher. I don’t think WebKit1 is the best focus for App Review?

A truly unfortunate situation to be in as a developer. Apple will likely never fix the bugs, as WebView is now deprecated. Its replacement, WKWebView, is not fully ready yet, and will require a complete rewrite in a different language to get the same functionality, if that’s even possible.

Spending my whole weekend, apart from celebrating the delightful birthday of my little baby 8yo, working around issues that App Store review put on my plate. The price I pay for playing this game, I know. I just wish the game were a little different.

[…]

Overall I am pretty chill about App Store review and the goals of bringing developers into line. I do think it would be massively improved by a graduated system of warning of future rejection while allowing immediate fixes to pass through.

As a Mac App Store developer whose apps have been in the store since the beginning, it’s not a great feeling to know that any critical update might be held up because Apple decided to get more uptight about something that was OK for the past 8 years.

Generally I would say the thing for other developers to look out for is Apple may be improving its ability to detect things like patches as opposed to outright “use” of private API, and they may also be getting less forgiving of some behaviors, even if in the name of better UX.

This is the thanks you get for filing Radars and putting up with bugs for all those years.

It’s not exactly altering the deal because the Mac App Store has always banned private API. As was said at the outset, this is not realistic. There will always be (different) OS bugs. Even in the best case, they will take time to fix. Nobody—not customers, developers, nor Apple—wants apps to exhibit bugs, but that’s the inevitable result of a policy that forbids patching to work around buggy API.

When the Mac App Store debuted with this policy, some people said it would force Apple to fix the bugs faster. I don’t think that’s happened. Rather, developers kept doing what they were doing—I bet most large or popular apps are using private API to work around bugs—and Apple either failed to detect this or chose to look the other way.

Now, the rules haven’t changed, but perhaps enforcement has. This is a problem both because of increased user-visible bugs and fairness. Some apps like MarsEdit will eat up development time to end up with something buggier than they started with. Other apps will get a different reviewer and slide right through. Apps that Apple deems sufficiently important will be exempt from the rule.

With out-of-process Web views, increasing use of Swift, and direct Objective-C properties, patching will be more difficult. This will level the playing field—but to the lowest common denominator.

App Store Rejection Bug Catalyst (Marzipan) Mac Mac App Mac App Store macOS 10.15 Catalina MarsEdit Private API Programming WebKit

My compromise build was approved by Apple this afternoon. I found another way around one of the bugs I was fixing, but have no fix for the other one, yet. It’s a fairly minor thing, but the Mac App Store version is now buggier than it was, thanks to App Review.

Previously:

Update (2020-01-20): Jeff Johnson:

Apple currently lets Catalyst apps use private API as workarounds, but at some unpredictable time they’ll get rejected for it.

Documentation Flask Programming Python Web

Friday, January 17, 2020 [Tweets] [Favorites]

The Flask Mega-Tutorial

Miguel Grinberg:

Welcome! You are about to start on a journey to learn how to create web applications with Python and the Flask framework. The video above will give you an overview of the contents of this tutorial. In this first chapter, you are going to learn how to set up a Flask project. By the end of this chapter you are going to have a simple Flask web application running on your computer!

Via Sean Heber:

[It] is quite possibly the best and most complete technical tutorial I’ve ever come across.

Malicious WebAssembly

Catalin Cimpanu:

In an academic research project that was carried out last year, four researchers from the Technical University in Braunschweig, Germany, looked at WebAssembly’s use on the Alexa Top 1 Million popular sites on the internet, in an attempt to gauge the popularity of this new technology.
[…]
However, while the vast majority of samples were used for legitimate purposes, two categories of Wasm code stood out as inherently malicious.
The first category was WebAssembly code used for cryptocurrency-mining. These types of Wasm modules were often found on hacked sites, part of so-called cryptojacking (drive-by mining) attacks.
The second category referred to WebAssembly code packed inside obfuscated Wasm modules that intentionally hid their content. These modules, the research team said, were found part of malvertising campaigns.

Via Kyle Howells:

WebAssembly should be a user opt-in per website feature.

Advertising JavaScript Malware Privacy Web WebAssembly

App Movement Monitoring

Cocoa Localization Mac macOS 10.15 Catalina Open Source Programming Sandboxing Swift Programming Language URL

Essentially, when a Mac app is launched, the location of that app on disk is saved, and used repeatedly whenever an internal component needs to located. The dynamic nature of resource loading in Mac apps means that these components are not typically loaded until they are need. For example, if you never show the Preferences window in a typical Mac app, the resources that define that window will never be loaded.

If, on the other hand, you decide to show the Preferences window, but you’ve moved the app since it was launched, things have a tendency to go haywire. The app will go searching for its Preferences resources in the location on disk where they used to be, and it won’t find anything.

Why doesn’t Cocoa use file reference URLs to delay resolving the path until it’s actually needed, like it does for the document architecture? Or at least try to prevent users from moving apps that are open?

Paul Kafasis:

To avoid these issues, the Finder already works to avoid multiple types of changes to running applications. For instance, if you try to delete an application that’s open, the Finder stops you[…] As well, if you attempt to rename an open application, the Finder will warn against it[…] However, while any Unix geek can tell you that a rename is really just a move by another name, the Finder does nothing to stop you from actually moving the app.

Paul Kafasis:

I discussed this issue with Daniel and Brent, and provided them with the code we’d been using to watch for this issue. This actually led us to make several changes and tweaks, and a simplified implementation of this “Application Moved” watcher can be found below[…]

RSAppMovementMonitor:

RSAppMovementMonitor handles the nuanced details of monitoring for the movement, prompting the user, and relaunching the app[…]

This is more complicated than it seems, due to quarantine, translocation, sandboxing, and need to preload any localized strings before the app is moved.

The latter was surprising to me, but I recently ran into a similar issue when updating my apps to en.lproj instead of English.lproj.

Previously:

Thursday, January 16, 2020 [Tweets] [Favorites]

YouTube RSS Feeds

Thomas Brand:

In 2020 I am watching less stupid on YouTube by skipping the algorithm. Instead of letting the YouTube decide which videos it wants to show me, I am watching only the videos I want to see by subscribing to my favorite content creators via RSS.

[…]

[Append] the Channel ID to the end of this URL https://www.youtube.com/feeds/videos.xml?channel_id=

The combined URL + Channel ID is the Feed URL of that YouTube channel, and can be added to my feed reader.

Too bad there’s no way to do this for Twitter.

Nick Heer:

YouTube isn’t the only website that buries its RSS feeds in this manner. I don’t know that it’s deliberate — in the sense that they’re trying to discourage the use of RSS. I think it might be a result of product teams convincing themselves that RSS is something used only by the technically-proficient, so it’s put in a place where that group can find it. The trouble is that only the technically-proficient will end up using it, so it’s cyclical.

Why not just put it in a <link> tag?

Previously:

No Engagement Algorithms

RSS Twitter Web YouTube

15 Comments

Optionals in Swift Objective-C Interoperability

Fabián Cañas (tweet):

The problem is that since Swift doesn’t think this value can be nil, it’s not trivial to check.

[…]

It says the non-optional value shouldn’t be compared to nil, and that it’s always false. But at run time, the nil is detected, and we print the statement.

[…]

What’s interesting here is that the argument to the bridge function is an Optional<NSCalendar>. The static method, by its signature, accepts nil. What’s happening then? In this case, The culprit for the crash and what saves us from unexpected behavior later on is a force unwrap. Though the value that’s actually passed in to the function is Optional<NSCalendar>.some(nil), which is still not a valid value and we’re still in undefined behavior territory, so it’s pleasantly surprising that a force unwrap catches this case.

[…]

Having the the compiler automatically check and assert that nonnull Objective-C types returned by Objective-C methods are indeed present would be fantastic, whether for debug builds or as an independent flag.

Brent Royal-Gordon:

To make sure we’re all on the same page: returning null from a nonnull imported API is full-on, demons-flying-out-of-your-nose undefined behavior. There’s no guarantee that it will do what you saw.

Unfortunately, it’s rather easy to get the annotations wrong, and even Apple does this. For example, the SecDigestTransformCreate() and SecTransformExecute() calls can return NULL in Objective-C, but Swift acts as if they can’t fail. I filed a bug about about this, which Apple recently said was so old that they wanted to close it and have me open a new one. Meanwhile, I’m able the work around the issue because these two APIs have a separate error pointer that can be examined. Without that, I think you would need an Objective-C wrapper to safely detect whether an error has occurred.

Bug iOS iOS 13 Mac macOS 10.15 Catalina Objective-C Programming Swift Programming Language

4 Comments

Is Git Irreplaceable?

wyoung (Hacker News):

I worry that Git might be the last mass-market DVCS within my lifetime. Git effectively has a global monopoly on DVCSes, and I don’t see how you replace such a thing.

Replacing RCS with CVS was easy. Replacing CVS with Subversion was a big fight in many places. Replacing the remaining CVS and Subversion repos with something modern may never happen. Replacing Git with something better looks impossible.

Via Greg Hurrell:

My take: scalability is the biggest hurdle (weak spot) that must be overcome; complaints about usability are majorly exaggerated – version control has some inherent complexity that can’t be elided.

I think that’s right. The command-line weirdness is gradually being addressed, and you can mostly avoid it by using a GUI, anyway. The alternatives I’ve seen are also inherently complex.

Previously:

Fossil Git Mercurial Programming Version Control

iOS iOS 13 Mac macOS 10.15 Catalina Top Posts Wallpaper

Composite Mac Desktop Picture

J3nRa1n:

No one asked for this. But here it is: every macOS wallpaper from Mac OS X 10.0 Cheetah to macOS 10.15 Catalina combined.

The full-resolution image is here, and there’s also one for iOS.

Previously:

Which Emoji Scissors Close?

wh0 (via Nick Heer):

Conveniently, the emojis studied in this post depict the scissors from a viewpoint parallel to the axis of the hinge. This allows us to simulate swinging the blades with basic image rotations. I collected a dataset of emojis from different vendors from Emojipedia. In the following experiments, I swing the blades around the hinge until the handles collide with each other.

Design Emoji Facebook iOS iOS 13 Mac macOS 10.15 Catalina Twitter Web Windows

Wednesday, January 15, 2020 [Tweets] [Favorites]

AppleScript to Export Open Safari Tabs to OmniFocus

Jesse Squires:

I am often in a situation where I have a number of tabs open in Safari. I may be reading a collection of blog posts about how to implement a new iOS API, or I may be researching something I need, like new running shoes. I cannot always complete the task in that moment and I want to revisit it another time, or I want to save all the links for later. If they stay in Safari (even as bookmarks) they will be lost forever to me. I need to save them into OmniFocus. So I wrote an AppleScript to do that.

AppleScript Mac macOS 10.15 Catalina OmniFocus Open Source Safari

History IBM National Security Agency (NSA) Privacy Russia Security

Typewriter Keylogger

Kyle Mizokami (via Espionage News):

The NSA eventually shipped all of the electronics located at the embassy back to the U.S. for study. They struck gold: parts inside an IBM Selectric typewriter had been cleverly duplicated but rigged to transmit the typist’s keystrokes. The typewriter still worked, but it also quietly broadcast the keystrokes, using Soviet over-the-air TV signals as a form of electronic camouflage. It was in effect a non-digital form of the keylogging malware that hackers install on PCs.

Robert W. Lucky:

A solid aluminum bar, part of the structural support of the typewriter, had been replaced with one that looked identical but was hollow. Inside the cavity was a circuit board and six magnetometers. The magnetometers sensed movements of tiny magnets that had been embedded in the transposers that moved the typing “golf ball” into position for striking a given letter.
Other components of the typewriters, such as springs and screws, had been repurposed to deliver power to the hidden circuits and to act as antennas. Keystroke information was stored and sent in encrypted burst transmissions that hopped across multiple frequencies.

Previously:

How China Used a Tiny Chip to Infiltrate U.S. Companies

Why Wireless Networks Pose No Known Health Risk

Glenn Fleishman:

More recently, the Chicago Tribune published the results of testing from a firm it had hired to check if emissions from modern smartphones truly fell below FCC safety limits. In those tests, many appeared to exceed regulatory limits. The Tribune didn’t overstate its results, but the bottom line was, more or less, positing that smartphone makers were all deceiving the FCC and the general public. This plays into our fears, even though the work was presented rigorously. (Smartphone makers dispute the methodology of the testing; the Tribune stands by its research. Regardless, there’s a big difference between detecting higher-than-approved emission levels and proving a link between those levels and cancer.)
[…]
To achieve the promised high rates of speed and serve new categories of devices, 5G networks will draw from a much broader range of frequencies, some far higher (or shorter) wavelengths than current technologies. And many times as many base stations will need to be deployed.
But the newness and differentness of 5G don’t matter. Whether we’re talking about 5G, 4G, 3G, Wi-Fi, or other consumer-level wireless technologies, the sum total of results from many studies and many years of research paints a straightforward picture—there’s nothing to worry about.

Antenna Federal Communications Commission (FCC) Health iOS Mac Wi-Fi

Bluetooth LE Audio

Bluetooth SIG (MacRumors, Hacker News):

As the names suggest, Classic Audio operates on the Bluetooth Classic radio while LE Audio operates on the Bluetooth Low Energy radio.

[…]

LE Audio will include a new high-quality, low-power audio codec, the Low Complexity Communications Codec (LC3). Providing high quality even at low data rates, LC3 will bring tremendous flexibility to developers, allowing them to make better design tradeoffs between key product attributes such as audio quality and power consumption.

[…]

LE Audio will enable the development of Bluetooth hearing aids that bring all the benefits of Bluetooth audio to the growing number of people with hearing loss.

[…]

LE Audio will also add Broadcast Audio, enabling an audio source device to broadcast one or more audio streams to an unlimited number of audio sink devices. Broadcast Audio opens significant new opportunities for innovation, including the enablement of a new Bluetooth use case, Audio Sharing.

Andrew Liszewski (via John Gordon):

[One] of the biggest improvements it will include will be a feature called Multi-Stream Audio. Bluetooth is currently limited to streaming audio to just a single device. That’s fine for portable speakers and headphones where both sides are connected with a wire, but for wireless earbuds, such as Apple’s AirPods, your smartphone can actually only connect to one side. That earbud then has to forward the audio stream onto the one in your other ear, which requires some clever software tricks to ensure everything remains in sync.

AirPods Audio Bluetooth iOS Mac

2 Comments

Tuesday, January 14, 2020 [Tweets] [Favorites]

Low Power Mode for Mac Laptops

Marco Arment:

In light of today’s rumor that a Pro Mode may be coming that seems to offer benefits in the opposite direction, I wanted to re-make the case for a Low Power Mode on macOS — and explain why now is the time.

[…]

Apple’s customers don’t usually have control over these balances, and they’re usually fixed at design time with little opportunity to adapt to changing circumstances or customer priorities.

[…]

Turbo Boost Switcher Pro relies on a kernel extension that’s grandfathered into Apple’s latest security requirements, but it can never be updated — and when macOS Catalina loads it for the first time, it warns that it’ll be “incompatible with a future version of macOS.” I suspect that this is the last year I’ll get to run the latest OS and be able to turn off Turbo Boost at will, making all of my future laptop usage significantly worse.

Previously:

Low Power Mode on the Mac

Battery Life Mac MacBook Air MacBook Pro macOS 10.15 Catalina

The Security of Safari Extensions

Jeff Johnson:

Every Safari extension that runs JavaScript — in other words, almost every Safari extension — will have these same warnings, so what are users supposed to do with the warnings? Avoid Safari extensions entirely? Then why does Apple provide a developer API for Safari extensions, if they aren’t meant to be used? Why are Safari extensions available in the Mac App Store? Why does Apple advertise that they’re available in the Mac App Store? You get the feeling that different teams within Apple are not on the same page here, and they’re giving unhelpful mixed messages to users.

[…]

In general, my view is that you shouldn’t install software on your Mac unless you trust the developer. You can’t rely on the system to protect you from malicious software, because there are always vulnerabilities and ways to get around the system.

It’s a recurring theme. Without the scary warning, Apple gets blamed for any problems. With the warning, developers blame Apple for scaring customers away from their products, and if anything bad happens everyone blames the customer for ignoring the warning that they had no way to evaluate.

Previously:

Extensions JavaScript Mac macOS 10.15 Catalina Safari Security

5 Comments

Aerial Screensaver and Catalina

Guillaume Louel (via Tanner Bennett):

In macOS Catalina, 3rd party screensavers are now running in a sandboxed container which limits everything. As of right now there are no workarounds for many of the restrictions.

[…]

Aerial can only write in the legacyScreenSaver.appex sandbox container, which means in Catalina, JSON files and videos can only be downloaded in ~/Library/Containers/com.apple.ScreenSaver.Engine.legacyScreenSaver/Data/Library/Application Support/Aerial. Aerial can still read (only) the rest of your system disk so you can still store the videos in another folder after they are downloaded by manually setting the Cache. But Aerial cannot download videos to this cache.

[…]

Your cache may be wiped by the Catalina installer

[…]

[Because] a screen saver is not an app (we are a plugin run by legacyScreenSaver) we can’t ask for entitlements for, say, accessing filesystem.

[…]

Some (not all) of Apple screensavers are now bundled as an .appex too, with their own permissions. As far as I know that format is still not documented to this day nor available to 3rd parties.

Previously:

Mac macOS 10.15 Catalina Programming Sandboxing Screensaver

2 Comments

The Dark Side of Dark Mode and Night Shift

Adam Engst (tweet, Hacker News):

Unfortunately, Apple’s marketing claims about Dark Mode’s benefits fly in the face of the science of human visual perception. Except in extraordinary situations, Dark Mode is not easy on the eyes, in any way. The human eyes and brain prefer dark-on-light, and reversing that forces them to work harder to read text, parse controls, and comprehend what you’re seeing.

[…]

In the scientific literature, black on white is called “positive polarity,” whereas white on black is called “negative polarity.” Numerous studies over decades of research have found that positive polarity displays provide improved performance in a variety of areas.

[…]

When there’s a mismatch between the two—the screen is too dim outside or too bright inside—it’s hard to look at. That’s why Apple implemented automatic brightness control in iOS (find it in Settings > General > Accessibility > Display Accommodations) to reduce the screen brightness when you’re reading in a dark bedroom and increase it when you’re trying to take a picture on a sunny day.

I haven’t personally found any use for Dark Mode on my Mac. I don’t like the way it looks, and it feels like it slows me down. I have always preferred light text on a dark background for code, though. My sense is that this is not because I like light-on-dark better than dark-on-light for the primary text, but rather because most of the other colors work better on a dark background. With multi-color themes, the secondary colors tend to be easier to see on a dark background.

I don’t like how Dark Mode looks on iOS, either, except that I’ve always preferred Tweetbot in dark. I also like to run OmniFocus in dark so that the screen isn’t so bright if I’m making a note at night. Automatic brightness control just doesn’t cut it.

I continue to like Night Shift.

Jonathan Wight:

Giving on up dark mode.

Don’t like.

I get double vision due to my eye condition on most text and in almost all dark mode implementations it’s far more pronounced.

John Gruber found that Dark Mode helps with his eye condition.

Chance Miller:

These features are designed to change the temperature and color of your display based on what time of day it is. New research suggests, however, that features designed to reduce blue light before bedtime might not be as effective as initially thought.

Previously:

Accessibility Dark Mode iOS iOS 13 Mac macOS 10.15 Catalina Night Shift OmniFocus Sleep Tweetbot

4 Comments

Monday, January 13, 2020 [Tweets] [Favorites]

macOS Filename Homoglyphs Revisited

Adam Chester (tweet):

Last year I posted a few tricks to help when targeting MacOS users, and included a technique useful for spoofing file extensions with the aim of taking advantage of Finder’s removal of the .app extension from certain filenames.

A few weeks ago I was about to use this on an engagement and found that Apple had patched the tricks presented previously. While this was frustrating for me as an attacker, it did provide an opportunity to dig into the fix, understand just how filenames are now being sanitised by MacOS Catalina, and see if I could bypass this again.

Lambda the Ultimate Pattern Factory

thma (via Heath Matlock):

One of my earliest findings was that several of the GoF-Patterns had a stark resemblance of structures that are built into in functional languages: for instance the strategy pattern corresponds to higher order functions in fp[…]
Recently, while re-reading through the Typeclassopedia I thought it would be a good exercise to map the structure of software design-patterns to the concepts found in the Haskell type class library and in functional programming in general.

Craft Design Patterns Haskell Programming Language Programming

iPod and Other History via Tony Fadell

It took 4+ yrs to ship Magic Cap v1.0 - our leaders wanted to avoid making the same mistakes they had made with MacOS v1.0 We all learned how important it is to stick to a schedule. The “new” internet crushed GM. Real artists ship - fast & iterate fast!

The real reason why iPod & iPhone were successful was based on the market timing & the complete ground up design (HW+SW) That said, I pushed to ship the 1st iPod in <10 months. Long timelines are the death of daring projects inside (struggling) companies. We even surprised SJ!

[The small Toshiba hard drive] was a critical component no doubt. But even more important was the “exclusive supply” agreement I/we negotiated to enable us to get the hdd for 3+ years before any of our competitors could… Toshiba didn’t think MP3 players were a big market - they thought it was laptops.

Benedict Evans:

At 3GSM in 2005 a Motorola exec explained to me how hard they were working to put an HDD into a phone to compete with you. Six months later the Nano came out...

I bet the whole product & business on a processor from a tiny unknown startup who had failed once to deliver. Most big companies would NEVER do such a risky thing.

Design + HW + SW + App (then later + Content)

But even more importantly - continually introducing new products at lower price points while adding new features at the high end. That was the way iPod locked up the market with consumers.

Many sleepless nights worrying about Sony. It was one of my biggest questions I asked Steve during the first pitch “Sony owns every audio market category.…”

MSFT - no worries - they weren’t a SW+HW innovator like they are today. I would worry about them now however.

I was at the starting point of first 18 gens of iPod that shipped (& a few generations that didn’t ship). Was a team effort, but mainly technology driven since we could only deliver what we could push the tech to do.

You are defined by what you do & also by what you don’t do.

I remember the day when Steve called me to the Board Room to personally sign a $4B purchase order for Samsung Flash for the Nano. “Are you sure we are ordering the right stuff? It’s going to work, right?” It was the biggest single order Apple had ever placed at the time.

iPod Nano, yet-to-be-launched, was about to use >40% of the world’s flash. Samsung would build new factories to support our, what we hoped, incredible sales volume.

Sony Corp was too concerned about the declining CD music sales in the Sony Music Entertainment business. They didn’t want to appear to embrace MP3s - since that implied the music was stolen. Corporate politics. Reminds me of Kodak who invented the digital camera…

Luckily our good friend @waltmossberg helped us (or should I say “convinced the non-believer, Steve”) make the (highly religious) decision ship the iPod for PC!

Walt Mossberg:

Just to be clear: I had no agenda, owned no Apple or Microsoft stock and took no money or goods from either. As I recall, Jobs and I were in the middle of a long chat, and he asked what I thought of putting iTunes on Windows. I asked if he was considering it. He said yes.

I merely said two true things: (a) some readers had been emailing me to ask if this was going to happen and (b) there was a low upper limit to Mac owners. I wasn’t trying to “convince” him and left thinking only that I’d learned, off the record, that he was considering it.

Steve Jarrett:

We started working on Windows sync earlier, right after xpod. There even was a secret iPod Windows Connectivity SDK for any app to sync. MusicMatch used that. Steve changed his mind, killed the SDK, and decided instead to port iTunes to Windows. Fateful.

Walt Mossberg:

I recall him actually asking me if MusicMatch was a good Windows app. I said yes and pointed out that I had given it favorable reviews in my column. I had the impression he was going to sort of designate it as the Windows software for the iPod.

This was the exact conversation I referred to & that @waltmossberg didn’t know about. Afterwards we committed to shipping iPod on the PC… the rest is history.

This was Steve’s way of settling this highly contentious decision. He didn’t want to say YES to us & we wouldn’t take NO from him. So SJ said, well let’s get someone external, who we trust, to help us get to the right answer…

Triangulation:

What do you get when the creators of the Macintosh, iPod, Android, Ebay, Linked In, Nest, Flash, and the future CTO of the United States try to invent the iPhone a decade before its time? General Magic was a spin-off of Apple tasked with creating the ultimate personal digital assistant. It failed. Filmmakers Matt Maude and Sarah Kerruish join Leo Laporte to talk about their new documentary, General Magic, which chronicles the rise and fall of the greatest failed company in Silicon Valley.

Previously:

Apple Business General Magic History HP iPod iPod nano iTunes Marketing Sony Steve Jobs Tony Fadell

Cocoa Dark Mode iOS iOS 13 Key-Value Observing (KVO) Mac macOS 10.15 Catalina Programming

Friday, January 10, 2020 [Tweets] [Favorites]

Project Zero Remote iPhone Exploitation

Samuel Groß (Hacker News):

This is the first blog post in a three-part series that will detail how a vulnerability in iMessage can be exploited remotely without any user interaction on iOS 12.4 (fixed in iOS 12.4.1 in August 2019).

[…]

This research was mainly motivated by the following question: given only a remote memory corruption vulnerability, is it possible to achieve remote code execution on an iPhone without further vulnerabilities and without any form of user interaction? This blog post series shows that this is in fact possible.

[…]

For the purpose of this blog post series, it is important to realize that a vulnerability in the NSKeyedUnarchiver API can generally be triggered in two different contexts: in the sandboxed imagent and in the unsandboxed SpringBoard process (which manages the main iOS UI, including the homescreen).

Samuel Groß (Hacker News):

The initial primitive gained from the vulnerability is an absolute address dereference in which the read value is afterwards used as an ObjC object. As such, some knowledge of the target address space is required in order to exploit this vulnerability for remote code execution. This blog post describes a way to defeat ASLR remotely without any additional information disclosure vulnerabilities.

First off, the effectiveness of an old technique, heap spraying, is evaluated. Afterwards, a technique is described through which it is possible to infer the base address of the dyld shared cache region given only a memory corruption bug. The released code implements the presented attack and can infer the shared cache base address remotely on vulnerable devices within a couple of minutes.

Samuel Groß (Hacker News):

At this point, ASLR has been broken as the shared cache’s base address is known and controlled data can be placed at a known address with the heap spray. What remains is to exploit the vulnerability one more time to gain code execution.

After a short introduction to some relevant ObjC internals, an exploit for devices without pointer authentication (PAC) will be outlined. It involves creating code pointers, so it no longer works with pointer authentication enabled. Afterwards, a different exploit that works against PAC and non-PAC devices will be presented. Finally, a technique to chain the presented attack with a kernel exploit, which involves implementing the kernel exploit in JavaScript, will be shown.

Previously:

Bug Cocoa dyld iMessage iOS iOS 12 JavaScript Memory Management Objective-C Security

Observing Appearance Changes

Jesse Squires:

I needed to get notified when the system appearance changed. On iOS, this is very straight-forward and a first-class API. On iOS 13, the interface style is part of UITraitCollection.
[…]
[On macOS,] you can KVO on NSApp.effectiveappearance. […] Using KVO still does not feel great, but this is the best solution I could find without having an explicit API like iOS.

Previously:

KVO, My Enemy

Brent Simmons:

One of the keys to the stability of the shipping versions of NetNewsWire is that we don’t allow KVO (Key-Value Observing).

KVO is a false convenience — it’s often easier than setting up a delegate or old-fashioned notification. But to use KVO is to just ask for your app to crash.

And not just crash, but crash in hard-to-figure-out ways.

Drew McCormack:

As others point out, there are a bunch of issues with the FeedlyOperation class, such as the isAsynchronous override, and not changing to the final state atomically. But I think maybe the biggest problem is the use of Swift key paths. Not sure if that should be supported, but in my testing, it doesn’t work. Changing to strings for the key paths fixed things for me.

I’m not sure what the issue is—perhaps a Swift bug or incorrect property declarations so that there’s disagreement about whether is is part of the property name—but Swift key paths seem to be a common source of problems.

Brent Simmons:

We’re going to write a replacement for OperationQueue.

Previously:

Cocoa Concurrency Debugging Key-Value Observing (KVO) Mac macOS 10.15 Catalina Memory Management NetNewsWire Programming Swift Programming Language

How to Downgrade a New Mac to Mojave From Catalina

Armin Briegel:

Apple has started shipping Mac models that used to come with Mojave pre-installed with Catalina. If your organization has blockers for Catalina (incompatible software, etc.) you may want to install Mojave on these Macs. Unfortunately, this is not so easy.

[…]

Directly downgrading from Catalina to Mojave with the startosinstall --eraseinstall command will fail. Attempts to run the Mojave installer from a Catalina Recovery (local or Internet) will also fail. The reason seems to be that the Mojave Installer application chokes on some aspect of Catalina APFS.

[…]

The solution requires a Mojave Installer USB disk.

[…]

To boot a new Mac with a T2 chip off an external drive, you need to allow external boot from the Security Utility in the Recovery partition.

Via Josh Centers:

We’re still hesitant to recommend upgrading to Catalina, particularly if you use Mail, since reports of email data loss continue.

I continue to receive reports of Mail messages lost when upgrading/migrating/rebuilding and when moving messages between mailboxes (particularly between different accounts). There also seem to be a bunch of new crashing bugs affecting Exchange users, as well as problems with messages not moving (but, thankfully, not disappearing either). Yet many customers are also using Catalina without these issues. It’s not yet clear why some are affected and others aren’t, but it’s good to know that downgrading is possible (unless you have a 16-inch MacBook Pro or a 2019 Mac Pro).

Previously:

Apple File System (APFS) Apple Mail Apple T2 Bug Mac macOS 10.14 Mojave macOS 10.15 Catalina Secure Boot

Thursday, January 9, 2020 [Tweets] [Favorites]

End & Accept, Decline, Hold & Accept

Brenden Mulligan, on the three choices given when you’re on an iPhone call and a new call comes in:

These options break my brain every time.

The issues:

1. It’s unnecessary decision making in the 10 seconds before the new call goes to voicemail

2. It’s too specific about what’s going to happen to the current call

[…]

This is an interesting one because you don’t see this in a stress free state. You see it while juggling at least one other task, and you have time pressures, etc. and you don’t see this UI very often.

I find this confusing, too. One issue is that the language isn’t parallel. In two of the choices, the first word applies to the current call, but in the other one it applies to the new call. Keeping the current structure, I think it would be clearer to have either:

Accept & End, Decline, Accept & Hold
End & Accept, Keep & Decline, Hold & Accept

I also find the icons too hard to interpret quickly. One issue is that the red circle with the hung-up phone doesn’t mean the same thing in both cases.

Shekhar Somani:

[This] screen breaks the muscle memory. We don’t panic when the first call arrives because there are two clear options (if the phone is unlocked) – Accept on the right and Decline on the left.

Whereas, now Decline is in the middle.

John Gruber:

[It’s] the same exact location as the big red end button that does end the current call before (and after) the incoming call arrives.

Willi Kampmann:

The big red phone button in the middle is deeply encoded into my brain as “end call”. I’d rather see a big X or sth to signify declining another call.

John Gruber:

Took me a while to find it, but I knew in my gut that Apple had completely knocked this one out of the park — in 2007.

[…]

Watching and listening to the incoming call in the video, it is even more clear. You have a thing — the current call. The current call has an End Call button. A new thing arrives — the incoming call. Two options for new thing that don’t end the existing thing are grouped.

This is so much better. No confusing icons, and the red button consistently means to end the current call.

Design iOS iOS 1 iOS 13 Phone.app

6 Comments

Dark Patterns on Travel Websites

Chris Baraniuk:

Being a cyber-security researcher, she was familiar with web code so she decided to examine how OneTravel displayed its web pages. (Anyone can do this by using the “inspect” function on web browsers like Firefox and Chrome.) After a little bit of digging she made a startling discovery – the number wasn’t genuine. The OneTravel web page she was browsing was simply designed to claim that between 28 and 45 people were viewing a flight at any given moment. The exact figure was chosen at random.

Via Nick Heer:

Also, many of the biggest travel booking websites are owned by just a couple of companies: Bookings Holdings runs Booking.com, Priceline, Kayak, and Cheapflights; the Expedia Group owns Expedia, Hotels.com, Hotwire, Orbitz, Travelocity, and Trivago. Each group shares the same inventory, and they all use the same tactics. Users simultaneously get the impression that they’re shopping around and competing with other users, when neither is true.

Dark Patterns Travel Web