Friday, December 2, 2022 [Tweets] [Favorites]

Stable Diffusion With Core ML on Apple Silicon

Apple (Hacker News):

Today, we are excited to release optimizations to Core ML for Stable Diffusion in macOS 13.1 and iOS 16.2, along with code to get started with deploying to Apple Silicon devices.

[…]

Beyond image generation from text prompts, developers are also discovering other creative uses for Stable Diffusion, such as image editing, in-painting, out-painting, super-resolution, style transfer and even color palette generation.

[…]

To learn more about how we optimized a model of this size and complexity to run on the Apple Neural Engine, you can check out our previous article on Deploying Transformers on the Apple Neural Engine. The optimization principles outlined in the article generalize to Stable Diffusion despite the fact that it is 19x larger than the model studied in the previous article. Optimizing Core ML for Stable Diffusion and simplifying model conversion makes it easier for developers to incorporate this technology in their apps in a privacy-preserving and economically feasible way, while getting the best performance on Apple Silicon.

Core ML Stable Diffusion:

This repository comprises:

  • python_coreml_stable_diffusion, a Python package for converting PyTorch models to Core ML format and performing image generation with Hugging Face diffusers in Python
  • StableDiffusion, a Swift package that developers can add to their Xcode projects as a dependency to deploy image generation capabilities in their apps. The Swift package relies on the Core ML model files generated by python_coreml_stable_diffusion

An M2 MacBook Air is significantly faster than an M1 Pro MacBook Pro.

Previously:

Coinbase Wallet NFT Transfers Blocked From App Store

Coinbase (Hacker News):

You might have noticed you can’t send NFTs on Coinbase Wallet iOS anymore. This is because Apple blocked our last app release until we disabled the feature.

Apple’s claim is that the gas fees required to send NFTs need to be paid through their In-App Purchase system, so that they can collect 30% of the gas fee.

For anyone who understands how NFTs and blockchains work, this is clearly not possible. Apple’s proprietary In-App Purchase system does not support crypto so we couldn’t comply even if we tried.

This is akin to Apple trying to take a cut of fees for every email that gets sent over open Internet protocols.

Note that, even with IAP, apps aren’t allowed to use NFTs to unlock content. So they only have value outside of the app/device. Normally that’s where IAP restrictions don’t apply. You don’t have to use IAP to transfer funds using Venmo or your banking app. You can also use apps to trade stocks without paying Apple 30% of the brokerage’s fee.

Previously:

Study on Research Code Quality and Execution

Ana Trisovic et al. (via Ethan Mollick):

Research code is typically created by a group of scientists and published together with academic papers to facilitate research transparency and reproducibility. For this study, we define ten questions to address aspects impacting research reproducibility and reuse. First, we retrieve and analyze more than 2000 replication datasets with over 9000 unique R files published from 2010 to 2020. Second, we execute the code in a clean runtime environment to assess its ease of reuse. Common coding errors were identified, and some of them were solved with automatic code cleaning to aid code execution. We find that 74% of R files failed to complete without error in the initial execution, while 56% failed when code cleaning was applied, showing that many errors can be prevented with good coding practices. We also analyze the replication datasets from journals’ collections and discuss the impact of the journal policy strictness on the code re-execution rate.

iPhone 14 Repair Changes

Kevin Purdy:

While the iPhone 14 hardware lineup costs largely the same as the previous generation, the cost of replacing the battery has gone up considerably, surpassing the prices Apple was charging before its 2016/2017 “Batterygate” reckoning.

Replacing the battery in any of the iPhone 14 models will cost $99, up from the $69 Apple charges for the 13, 12, 11, and X lines. The newest iPhone SE and iPhones in the 8 and older series cost $49.

Joe Rossignol:

This is a 43% increase to the fee, which includes the cost of a new battery and service by an Apple Store or an Apple Repair Center. iPhone battery replacement fees will vary at third-party Apple Authorized Service Providers.

[…]

Apple’s out-of-warranty service fees have also increased for select other iPhone 14 repairs. For example, in the U.S., Apple charges $379 to fix cracked glass on an iPhone 14 Pro Max’s display, compared to $329 for the same repair on an iPhone 13 Pro Max.

Benjamin Mayo (Hacker News):

As evidenced in this iFixit teardown, Apple has made it much easier to repair the back glass panel. The back glass can now be removed independently of the logic board, making repairs much cheaper. Previously, only the front glass was separably removable. And, it seems Apple is also passing this cost savings onto consumers…

Kyle Wiens:

We are hearing reports that Apple is continuing their hostile path of pairing parts to the phone, requiring activation of the back glass after installation. You really shouldn’t need Apple’s permission to install a sheet of glass on a phone that you already own.

Previously:

Thursday, December 1, 2022 [Tweets] [Favorites]

Long App Hangs Due to Spotlight

Whenever I mount a hard drive with lots of files, typically a clone drive, various other apps that deal with files often hang. An individual hang can last for minutes to over half an hour. If the app is doing a long series of file operations, which would normally take fractions of a second, it can be unusable until some time after the drive has been unmounted. This happens even though the apps in question are not accessing files on the hard drive. The problem has been occurring since Monterey but has gotten a lot worse in Ventura. It got to the point where I didn’t want to do any backups during the day since my Mac could essentially become unusable for hours, even after pausing or aborting the backup.

Sampling the hung apps shows that they are waiting (for an XPC process) to read or write Spotlight metadata. I don’t know exactly what’s going on, but it’s as if the newly mounted drive generates lots of potential work for Spotlight to update its index. You would think that each volume would have its own work queue, but it seems like there’s a single queue so that operations for the slow hard drive, which are not time-sensitive, block high-priority operations for the internal SSD. Maybe this is exacerbated by the fact that my clone drives get ejected after the backup completes so that the Spotlight index is always way out of date.

Once I traced the problem to Spotlight, the obvious workaround was to exclude those volumes from indexing. This is, in fact, effective, though it has some problems:

Some drives were stubborn, and I had better luck excluding them from Spotlight using a Mac running macOS 10.14. I hope to eventually get all of my backup drives excluded, at which point I expect the hangs to stop completely.

Previously:

Update (2022-12-02): Nicolai Henriksen:

Aha! Thats why! I have a TimeMachine backup disk that makes my entire machine halt completely whenever it is attached. It does not return to normal even when connected overnight. The TM disk was only connected once a week - until I gave up.

Blank File Icons in Ventura

After updating to Ventura, throughout Finder, other apps, and the Dock, all my documents were shown with blank icons. This eventually resolved itself in Finder and in open/save panels, but I still see incorrect icons in apps such as BBEdit, EagleFiler, TextEdit, and the Dock. PDF files show a blank document icon. Text files show the generic Mac text file icon, rather than the document icon from the app that they are set to open in.

This is only occurring on one of my Macs, but I’m not alone. Doing a safe boot, resetting the icon services cache, and rebuilding Launch Services didn’t help. Nor did clearing $TMPDIR and the Caches folders. Unless there’s some other cache I need to reset, this seems like a bug in Ventura. It’s easily reproducible outside of these apps, just by calling NSWorkspace.icon(forFileType:) or NSWorkspace.icon(forFile:).

Vector Icon Speedruns

Marc Edwards:

It’s common to have to draw the same kinds of icons over and over — many different apps and websites use similar glyphs, but each instance typically needs to be tweaked for size and style, so they need to be redrawn.

Due to this repetition, I’ve always been interested in trying to work out optimal ways to create them. This is to save time, but also as a fun challenge.

Marc Edwards:

When viewing my vector icon speedruns, it can be difficult to see precisely what’s going on. Everything happens quickly, with many actions triggered via keyboard shortcuts, and Illustrator’s interface is cropped out of view. That’s just the nature of what they are, which means they provide more entertainment than education.

This article aims to be a director’s commentary for my fountain pen icon speedrun, noting the techniques used, and why they were chosen. I use Adobe Illustrator for all the icon speedruns, but many of the tips are relevant for other design tools.

There are corresponding articles for the pushpin, flag, and fingerprint videos, and also a YouTube channel (via John Gruber).

Eufy Cameras Uploading to Cloud Without Consent

Juli Clover:

Anker’s popular Eufy-branded security cameras appear to be sending some data to the cloud, even when cloud storage is disabled and local only storage settings are turned on.

[…]

According to Moore, he purchased a Eufy Doorbell Dual, which was meant to be a device that stored video recording on device. He found that Eufy is uploading thumbnail images of faces and user information to its cloud service when cloud functionality is not enabled.

[…]

There is also another issue that Moore has highlighted, suggesting Eufy camera streams can be watched live using an app like VLC, but little information on the exploit is available at this time. Moore said that unencrypted Eufy camera content can be accessed without authentication, which is alarming for Eufy users.

Previously:

Wednesday, November 30, 2022 [Tweets] [Favorites]

Recovery Options on Apple Silicon Macs

Howard Oakley:

When pressed briefly, it starts the Mac up in normal macOS mode; when pressed and held until the Mac reports that it’s loading Recovery Options, it engages Recovery mode, where you navigate startup and other options using buttons and menus. These invariably work fully with Apple’s wireless keyboards and mice/trackpads, so there’s no need to connect them with their charging leads.

There’s also a Fallback Recovery Mode engaged by pressing the Power button twice in rapid succession, and on the second press, instead of releasing the button, hold it pressed until recovery options are reported as loading. This provides all the features of regular Recovery Mode, with the exception of Startup Security Utility, which isn’t available.

Apple:

Follow these instructions if you need to pair a Bluetooth keyboard, trackpad, or mouse with your Mac when you start up in macOS Recovery.

[…]

When the system volume and the Options button appear, press the power button three times.

The procedure for rebooting in safe mode has also changed:

Turn on your Mac and continue to press and hold the power button until you see the startup options window.

Select your startup disk, then press and hold the Shift key while clicking “Continue in Safe Mode.”

I didn’t realize this and had just been holding down the Shift key like normal, but I guess that doesn’t clean out caches anymore, though it does suppress login items.

Previously:

SwiftUI Performance Gotchas

Alin Panaitiu (Hacker News):

[LazyHGrid] container is lazy so it takes more time get the view rendered because SwiftUI has to check if each row is visible before rendering it.

[…]

What looks unusual is the huge number of updates on my custom views. Some updates also take 5ms or more which when called on the main thread, will block any UI rendering and animations.

[…]

In the following example, I needed a way to highlight the selected day, but passing selected as @State wouldn’t propagate through the view graph. So I made it a binding, which caused all the DayViews to update when selecting another day (instead of just the two days that actually changed)[…] The solution I found for this was to turn the Binding back into a State and manually add an .id() to the DayView that factors in the selected property.

[…]

Two months later, after exhausting all the optimization possibilities, the app finally felt usable. […] I’m not entirely sure if there’s still a lot of performance left on the table for the SwiftUI engineers, but it kinda looks that way from my side. There are some places where the framework seems to be doing a lot of unnecessary work.

Previously:

New Social Media Platforms

Jamie Zawinski:

If posts in a social media app do not have URLs that can be linked to and viewed in an unauthenticated browser, or if there is no way to make a new post from a browser, then that program is not a part of the World Wide Web in any meaningful way.

[…]

Hive Social is exactly this app-only experience. […] Post Dot News also seems absolutely vile.

[…]

Mastodon is kind of a mess right now, and maybe it will not turn out to be what you or I are looking for. But to its credit, interoperability is at its core, rather than being something that the VCs will just take away when it no longer serves their growth or onboarding projections.

John Brayton:

A few days ago Phil Gyford launched ooh.directory, a collection of blogs with RSS feeds.

Craig Grannell:

But get over this hurdle and it turns out Mastodon is easy. Well, easyish.

Previously:

Epic v. Apple Appellate Hearing

Florian Mueller:

This is the DOJ’s motion, which already states very specifically what aspects of the case the Biden Administration will address (every single one of which weighs in favor of at least a partial reversal of the district court’s judgment).

[…]

One of the issues that the DOJ is also going to raise at the hearing is whether there can be an antitrust market for a product that is not sold separately--such as iOS, which Apple doesn’t license separately (the only way to get a license is to buy an iPhone or iPad). Regardless of Apple’s licensing practice, there obviously is a market for smartphone operating systems in which iOS competes with Android. Apple’s own lawyers surprisingly blundered as they conceded that fact. The smartphone OS market is the foremarket part of Epic’s proposed single-brand market definition. There is competition in that one, but not in the iOS app distribution and iOS in-app payment processing aftermarkets.

Juli Clover:

The ongoing legal battle between Apple and Epic Games resumed today, with lawyers for both companies meeting in the United States Court of Appeals to attempt to get the initial ruling from last year overturned.

Kyle Orland:

If the Mac App Store was the equivalent of a lap belt, the iOS App Store, with its costly human review system, is “a six-point racing harness,” Perry said. “It’s safer. They’re both safe, but it’s safer.” […] Those kinds of “pro-competitive” security features Apple offers with its App Store restrictions legally outweigh the “minor anti-competitive effects” iOS app developers face on the platform, Perry said.

[…]

By way of example, Goldstein brought up a potential Disney App Store on iOS that could provide even greater protections for families when it comes to potentially objectionable content. Competing iOS App Stores could also provide cheaper prices, Goldstein said, by competing on Apple’s 30 percent fees.

Blocking those kinds of alternative methods for app downloads creates a kind of circular definition of “product differentiation” for the iPhone, Goldstein said. He sardonically summed up Apple’s argument: “I have a better product. You know what makes my product better? That I have no competition! … You can’t block horizontal competition [among iOS App Stores] and then use as your excuse that I am now going to offer a product that is differentiated by the fact that it has no competition!”

Florian Mueller:

Circuit Judge Smith has a more systematic approach (as do I) and stressed that antitrust analysis begins with market definition, and everything depends on it. And just like me, he feels that if the appeals court reverses Judge Yvonne Gonzalez Rogers on that part, there should be a remand, though it appears that the Ninth Circuit is perfectly prepared to do more than the bare minimum and to provide further clarity and instructions. I, frankly, think Epic should be grateful for that. It’s nothing to be taken for granted; quite often, appellate judges are minimalists and just kick the ball back into the lower court. I understand why Epic’s counsel said that in this event, things would just take longer and they’d be meeting again in the same appeals court in two years from now. They don’t want it; they want a solution as quickly as possible, and maybe they’re uneasy about what the Supreme Court might do in the next step. But it would be incredibly beneficial if the appeals court resolved market definition, especially if one looks beyond just Epic’s case: there are so many App Store issues.

[…]

The problem with the district court’s rule-of-reason analysis is that it doesn’t really balance the anticompetitive effects of Apple’s App Store monopoly against the attempted procompetitive justifications.

Circuit Judge Smith asked how the court of appeal could analyze a rule-of-reason decision without any quantitative amounts. In my opinion, this also counsels for a remand.

Florian Mueller:

The most important question here is whether one considers the district court’s finding of Epic not having proved lock-in a legal or factual determination. Apple uses an overbroad definition of what is “factual” and accuses Epic of, conversely, describing actually factual determinations as legal conclusions. So let’s look at this part more closely because that’s what the appeals court is going to do in the months ahead.

[…]

In its reply brief, Epic then countered Apple’s suggestion that it was confusing customer satisfaction (voluntary) with lock-in (an unwanted consequence of a previous decision)[…]

Previously:

Tuesday, November 29, 2022 [Tweets] [Favorites]

Masto-Redirect

Federico Viticci:

At this point, you may be wondering: if someone has an account on a different instance, or posted something I want to reply to, how can I do this from my account on a separate Mastodon instance?

This is where my friend Jason Snell comes in: a few days ago, he shared a post in which he noted that the default method for redirecting a post or profile from another Mastodon instance back to yours is, well, somewhat convoluted. If you come across a profile or post from a different Mastodon server, you have to copy its original URL, go to your instance, manually paste it into the search box, find the result you’re looking for, and only then you can interact with it. That works, but it’s not intuitive, and I figured I could improve this aspect of the Mastodon experience with a shortcut.

Swift Mutating Functions and Property Observers

Christian Tietze:

I was under the (wrong) assumption that the mutating func needed to, well, somehow mutate the receiver of that method call, like change a property value. And that this in turn would be noted “somewhere”. Conversely, I was under the (wrong) assumption that a mutating func without any mutations inside would behave 100% like a regular, non-mutating function.

[…]

A pretty nice consequence is that you can use mutating func to change a reference type property inside a value type, and have references to the value type still know that it has changed:

Introduction to Move-Only Types in Swift

Tim Kientzle:

I thought it would help to have an informal sketch to help outline why move-only types are interesting, clarify a few subtle points (like what “move” really means), and briefly explain some of the issues we’ll need to tackle in order to bring this to Swift.

[…]

So the first step in bringing move-only support to Swift is to add operations with different lifetime-management behaviors. This will include constructs such as for borrow x in collection that let you iterate over the items in a collection without requiring an implicit copy and f(take x) that explicitly invalidates the local value as part of passing it into a function. We’re also exploring variations of these that would allow you to temporarily gain mutable access to a value. These would allow you to efficiently mutate an element “in place” in various scenarios, which is a useful optimization tool for copyable values and an essential prerequisite for move-only values.

[…]

By making Any a synonym for any Copyable, we can ensure that Any is itself always copyable at the cost of limiting it to only store copyable values. This redefinition would preserve the behavior of current code that uses Any. Of course, this means we need to introduce a new type that can hold any value whether it is copyable or not.

Previously:

Why Rosetta 2 Is Fast

Dougall Johnson (Hacker News):

Generally translating each instruction only once has significant instruction-cache benefits – other emulators typically cannot reuse code when branching to a new target.

[…]

Given these constraints, the goal is generally to get as close to one-ARM-instruction-per-x86-instruction as possible, and the tricks described in the following sections allow Rosetta to achieve this surprisingly often. This keeps the expansion-factor as low as possible. For example, the instruction size expansion factor for an sqlite3 binary is ~1.64x (1.05MB of x86 instructions vs 1.72MB of ARM instructions).

[…]

All performant processors have a return-address-stack to allow branch prediction to correctly predict return instructions.

Rosetta 2 takes advantage of this by rewriting x86 CALL and RET instructions to ARM BL and RET instructions (as well as the architectural loads/stores and stack-pointer adjustments). This also requires some extra book-keeping, saving the expected x86 return-address and the corresponding translated jump target on a special stack when calling, and validating them when returning, but it allows for correct return prediction.

[…]

The Apple M1 has an undocumented extension that, when enabled, ensures instructions like ADDS, SUBS and CMP compute PF and AF and store them as bits 26 and 27 of NZCV respectively, providing accurate emulation with no performance penalty.

Previously:

Rosetta 2 Won’t Let the Undead Die

Howard Oakley:

You might think that apps are either running or they’re not, but there are actually four different states a macOS ap can be in (in addition to those a user shouldn’t directly encounter, such as suspended).

[…]

Intel apps running with Rosetta translation […] appear to persist far longer in an undead state than on Intel systems. I’m unsure whether this is deliberate, to minimise the cost of loading them again should the user decide to open that app once more, or a passing phase. But if you run many apps in Rosetta which join the ranks of the undead, it could get inconvenient.

[…]

When napping apps are restored after a restart, they aren’t fully loaded and put into App Nap. Instead, macOS starts to load them and then stops at _dyld_start, so they only take around 8 KB of memory and don’t open any of their other files, such as frameworks. […] This can cause strange problems with some apps which you may leave running in App Nap. When in App Nap, they can be awoken by different events as well as the user bringing them to the front. When they’re in this stopped state, they have insufficient code loaded to respond to events which would normally wake them from App Nap, unless you manually wake them up after starting up.

See also: Felix Schwarz.

Previously:

Monday, November 28, 2022 [Tweets] [Favorites]

Palm Pilot Emulator

Sean Hollister (Hacker News):

Yes, I am playing Dope Wars on a Palm Pilot inside my iPhone. It’s thanks to The Internet Archive, which is once again launching a giant collection of software you can instantly play on any web browser, up to and including your touchscreen-equipped phone. There are currently 565 classic Palm apps in all, including games, widgets, and even free trials from both the greyscale and color eras.

And it’s more than just the individual apps, too: the entire Palm OS is loaded with each launch, including its full selection of default apps (like the calculator and memo pad) and a working Graffiti touchscreen writing system. I cannot emphasize this enough: you can reach out and touch a 1996 pocket computer with your 2022 pocket computer and it works like a charm. It’s a tiny interactive window into the pre-iPhone era, and what lived in the proto-App Store.

Previously:

TextKit Custom Truncation

Amy Worrall:

TextKit has the option to truncate the last line of text if there’s more text than will fit in the container. It does this by displaying an ellipsis. But what if you wanted to display something else to indicate truncation? (In my case, the string “See More”, which will function like a button.)

I tried and discounted a bunch of different approaches before coming up with something that worked. Let me take you on the journey.

Friday, November 25, 2022 [Tweets] [Favorites]

clipped() Doesn’t Affect Hit Testing

Ole Begemann:

The clipped() modifier in SwiftUI clips a view to its bounds, hiding any out-of-bounds content.

[…]

When you run this code, you’ll discover that the button isn’t tappable at all. This is because the (unclipped) square, despite not being fully visible, obscures the button and “steals” all taps.

[…]

The clipped() modifier doesn’t affect the clipped view’s hit testing region. The same is true for clipShape(_:). It’s often a good idea to combine these modifiers with .contentShape(Rectangle()) to bring the hit testing logic in sync with the UI.

Tumblr to Add Support for ActivityPub

Sarah Perez (via Hacker News):

Tumblr will add support for ActivityPub, the open, decentralized social networking protocol that today is powering social networking software like Twitter alternative Mastodon, the Instagram-like Pixelfed, video streaming service PeerTube, and others. The news was revealed in response to a Twitter user’s complaint about Mastodon’s complexities. Automattic CEO Matt Mullenweg — whose company acquired Tumblr from Verizon in 2019suggested the user “come to Tumblr” as the site would soon “add activitypub for interconnect.”

[…]

If Tumblr were to add ActivityPub support, it means users on Mastodon could follow Tumblr users’ posts from their own Mastodon instance — without having to use the Tumblr app. It could also provide Tumblr users with an entry point into the so-called fediverse without having to face some of the complexities that are involved with signing up for Mastodon for the first time.

Previously:

Update (2022-11-30): Rui Carmo:

I decided to start keeping track of ActivityPub-related resources and software.

Outlining and Documents

Dr. Drang:

I’ve always had this silly belief that I should be able to convert an outline into the skeleton of a report (or a blog post or whatever, but it’s usually a report) more or less automatically and then flesh it out into a final product. This doesn’t work because, except for the items at the top-level, the various items and subitems in outlines don’t correspond perfectly to sections and subsections of a report. Some outline items are subsections, but most are paragraphs or lists within a subsection. There’s no general way of knowing what an outline item is; its level doesn’t offer enough information to slot it into the proper place in the report.

This has been an issue for me, too. I find outliners to be great for taking notes and for working on and rearranging ideas. But then there’s an inevitable break to get from there to get from there to the final output, if it is to be a document.

I confess this way of working still nags at me. Surely, the back of my brain says, there must be a way to avoid the repetition. But the front of my brain argues back that years of trying have never led to that magical solution. There’s no way to avoid the actual work of writing.

Aside from the repetition, it’s a one-way transformation. Once you’re in the document format, you lose the ability to do certain outliner things. Fortunately, most of my writing these days is in Markdown, reStructuredText, or HTML, and BBEdit has some tools for navigating and collapsing those structures.

You may be wondering how I can show Example.html on my iPad as I’m writing a report. Unlike Safari on the Mac, Safari on the iPad cannot open local files. There are two ways to get around this[…]

Previously:

Gitea Ltd. Takes Over Open Source Project

techknowlogick (Hacker News):

With Gitea reaching 6 years old, it is time to reflect on the past, and to look forward to the future. With over 14k+ commits, 1k+ contributors, 40+ maintainers, and 300M+ Docker Hub pulls, Gitea has come a long way.

Our most important goal is ensuring the long term success of the project. Over the years we have tried various ways to support maintainers and the project. Some ways we have tried include bounties, direct donations, grants, and a few others. We have found that while there have been many wonderful individuals, and a few corporations who have been incredibly generous, and we are so thankful for their support, there are a few corporations (with revenues that are greater than some countries GDP) are building on Gitea for core products without even contributing back enhancements. This is of course within the scope of the license, however prevents others from the community from also benefitting.

We’d like to announce that we have formed a company, Gitea Limited, to ensure the goals are met. Some companies are unable to contribute back to open source via sponsorship or code contribution. Many more cannot contract individuals due to internal policies. In creating this new company, we are now able to offer support to those companies who do want to give back.

Open Letter to Gitea (Hacker News):

With that in mind, you can understand our surprise when we learned on October 25th, 2022 that both the domains and the trademark were transferred to a for-profit company without our knowledge or approval.

Lunny Xiao:

In 2015, I created Gitea along with its domain, gitea.io and acquired gitea.com at the same time. Throughout the life of the project, I have always personally owned both domains. As it continued to grow, I additionally trademarked the name “Gitea” in order to protect the project’s brand.

[…]

To help ensure the operation and community decision-making of the Gitea project remains transparent and public, we’re exploring the use of different management models. One of the options we have been considering includes a decentralized autonomous organization (DAO). This method would allow us to have continued voting within our community (including votes from non-code contributors), help keep track of topics being voted upon and provides contributors with greater participation to have more votes. The DAO management model would also not mean the creation of a gitcoin or crypto token.

[…]

We want to be clear that Gitea will always be a community-built project that is open.

Christian Tietze:

So a company is formed to offer services as a means to fund maintenance; then the community of contributors and fans pushes back because the proprietary ownership doesn’t sit right with them.

[…]

The name, the domain, the trademark, that’s truly the powerful piece of an open source project. In short, it’s the brand. And even though every contributor can pack up and move to Forgejo, the brand is not moving with them.

Previously:

Wednesday, November 23, 2022 [Tweets] [Favorites]

Amazon Alexa to Lose $10 Billion This Year

Ron Amadeo (Hacker News):

Amazon is going through the biggest layoffs in the company’s history right now, with a plan to eliminate some 10,000 jobs. One of the areas hit hardest is the Amazon Alexa voice assistant unit, which is apparently falling out of favor at the e-commerce giant. That’s according to a report from Business Insider, which details “the swift downfall of the voice assistant and Amazon’s larger hardware division.”

Alexa has been around for 10 years and has been a trailblazing voice assistant that was copied quite a bit by Google and Apple. Alexa never managed to create an ongoing revenue stream, though, so Alexa doesn’t really make any money. The Alexa division is part of the “Worldwide Digital” group along with Amazon Prime video, and Business Insider says that division lost $3 billion in just the first quarter of 2022, with “the vast majority” of the losses blamed on Alexa.

[…]

Just about every plan to monetize Alexa has failed, with one former employee calling Alexa “a colossal failure of imagination,” and “a wasted opportunity.”

[…]

The report says that while Alexa’s Echo line is among the “best-selling items on Amazon, most of the devices sold at cost.”

It’s not clear to me how it’s losing so much money if they’re selling the hardware at cost. Are they spending that much on the associated employees and server resources?

Via John Gruber:

What is (was?) Alexa about, strategically? I’ve often heard that the vague idea was that people would buy Alexa devices for obvious stuff (playing music, setting timers) but that eventually they’d starting using Alexa to buy stuff from Amazon — and thus wind up buying more stuff from Amazon than they would if they didn’t have an Alexa device in their house.

I find Alexa kind of annoying because it’s always trying to sell us stuff. The product recommendations are unhelpful, and we don’t want to subscribe to anything beyond Prime. But we keep using it because for basic questions, kitchen timers, and free music it works so much better than Siri.

Eugene Kim:

Internally, the team worried about the quality of user engagements. By then Alexa was getting a billion interactions per week, but most of those conversations were trivial, commands to play music or ask about the weather. That meant less opportunities to monetize. Amazon can’t make money from Alexa telling you the weather — and playing music through the Echo only gives Amazon a small piece of the proceeds.

Nick Heer (Hacker News):

We are often told technology companies are reinventing the way many of us will purchase products, but I do not buy that narrative.

Previously:

Android Contact Tracing App Installed Without Consent

Hiawatha Bray (Hacker News):

A nonprofit law firm has filed a class action lawsuit against the Massachusetts Department of Public Health for allegedly working with Google to secretly install COVID-tracing software onto as many as a million smartphones.

[…]

Dozens of states issued such apps, including Massachusetts. But few people voluntarily used the Massachusetts version. According to the lawsuit, the state health department worked with Google to develop a version that was installed on all Android phones, without permission from the phone owner.

[…]

Android owners are given the choice of whether to activate the Massachusetts app. But the suit alleges that the app transmits and receives data through its Bluetooth radio even when it’s not activated. This data can be accessed by Google and by a variety of apps installed on Android phones, the suit claims. If enough data is collected from enough phones, data scientists can “de-anonymize” the information and figure out the identities of the phone users.

Jessica Lyons Hardcastle:

The Massachusetts app, according to the legal complaint, gave the public health department, Google, application developers, and others access to the device owners’ media access control addresses, wireless network IP addresses, phone numbers, contacts and emails, thus making these parties privy to the owners’ personal information, location and movement. If Android users discovered and deleted the COVID-19 tracer, the state’s health agency would reinstall it on their devices, the lawsuit alleges.

[…]

“In sum, DPH installed spyware that deliberately tracks and records movement and personal contacts onto over a million mobile devices without their owners’ permission and awareness,” the lawsuit claims [PDF]. “On knowledge and belief, that spyware still exists on the overwhelming majority of the devices on which it was installed.”

Previously:

Apple’s Device Analytics Can Identify iCloud Users

Tommy Mysk (Hacker News):

Apple’s analytics data include an ID called “dsId”. We were able to verify that “dsId” is the “Directory Services Identifier”, an ID that uniquely identifies an iCloud account. Meaning, Apple’s analytics can personally identify you[…]

Apple states in their Device Analytics & Privacy statement that the collected data does not identify you personally. This is inaccurate. We also showed earlier that the #AppStore keeps sending detailed analytics to Apple even when sharing analytics is switched off.

Sami Fathi:

On Apple’s device analytics and privacy legal page, the company says no information collected from a device for analytics purposes is traceable back to a specific user. “iPhone Analytics may include details about hardware and operating system specifications, performance statistics, and data about how you use your devices and applications. None of the collected information identifies you personally,” the company claims.

[…]

Apple has historically taken a hard stance on user privacy, repeatedly claiming it believes privacy is a “fundamental human right.” Apple’s privacy claims have been under increasing scrutiny in recent months, with the company now facing a class action lawsuit accusing it of tracking users without their consent.

Nick Heer (Hacker News):

Apple also refers to the DSID by other names, such as the “Apple User Account Identifier”, “Apple ID Number”, “Apple ID Reference Number”, and “Original Unique Identifier”. Based on my 2021 data request it is, as described, a proxy for a specific Apple ID. It identifies you with Apple’s services, including for things like marketing and communications efforts. I have a spreadsheet of the nearly nine hundred times me and my DSID ignored Apple’s attempts to upsell me on Apple One, a service which launched just thirteen months before I made this data request. I also have a list of all the times I contacted AppleCare and the same identifier is attached.

[…]

The researchers point to Apple’s Device Analytics & Privacy document where it says in the iOS Device Analytics section that “[n]one of the collected information identifies you personally”. But this does not pertain to Apple’s services which are covered by entirely different policies. Both the App Store and Apple Music say usage information is collected. These are not device analytics, they are services analytics.

[…]

In fairness, perhaps the Device Analytics toggle in Settings should be worded more clearly to indicate that turning it off will not opt out of store and services activity. I am also shocked by the granularity of information in these storefront analytics. It is relevant to Apple’s recommendation engine if I listened to an album or song and whether I finished it, but it is hard to see what value it has in knowing my track playback to the millisecond. I also think the identifier used by Apple’s services should be different than the Apple ID that is correlated with your device purchase history and support requests.

Ruffin Bailey:

That at first seems mostly like fair game info, doesn’t it? But if you say “I don’t want anyone tracking me,” I can understand why you don’t want and, what’s more, wouldn’t expect all of that pushed up into the pipe. As a developer, it’d be nice if Apple had to ask for that info the same as anyone else.

It certainly fails the Steve Jobs test:

Privacy means people know what they’re signing up for, in plain language, and repeatedly.

See also: Bruce Schneier, TidBITS Talk, Florian Mueller.

Previously:

iCloud for Windows Downloading Other People’s Photos

sleeping_ghost (via Hacker News):

iCloud for Windows is corrupting videos recorded from an iPhone 14 pro max resulting in black videos with scan lines. On rare occasions, it is inserting stills into videos from unknown sources, possibly other’s iCloud accounts. I’ve been shown photos of other people’s families I’ve never seen in my life, soccer games, and other random photos.

[…]

I have been able to replicate this bug on 3 different PC’s, 2 of which were running the latest version of Windows 11 pro, and the last running Windows 10 pro. I have tried on multiple other devices including an iPhone 11 Pro and an iPad.

[…]

I reported it to the apple security team and they told me it wasn’t a “security concern”!

extr0pian:

This happened to me during a Google Takeout export when I was degoogling in late 2019. I recall going through some photos from the earlier 2010’s and some random pictures of other people were popping up. About a month or so later I received an email from Google letting me know that some of my files may have been accidentally in other people’s exports. Since then, I stopped using apps like Google Photos and cloud storage in general.

Previously:

Mastodon URIs, Not URLs

Chris Hanson:

One of the annoying things about Mastodon is that it’s tough to share Mastodon links and have them open in your favorite app instead of in a web browser. This is due to the lack of a shared scheme or a shared server—which makes sense for a distributed/federated system, but doesn’t help its usability.

One thing the community should do is use a URI instead of a URL or a Twitter/AOL-style “handle” to refer to an account: A URI is a Uniform Resource Identifier that is resolved to a URL, which makes it easier to have all links to Mastodon accounts go to the user’s preferred app—and also enable the global namespace that ATP cares about so much.

Previously:

Tuesday, November 22, 2022 [Tweets] [Favorites]

Network Locations in Ventura

Rob Griffiths:

Apple, in their infinite wisdom, removed the Locations feature from the Network System Settings panel.

I use locations a lot, as they make it easy to switch between various network configurations. In my case, I have locations created that enable or disable my ad blocker, change my settings for when I’m on my VPN, one I need to use to set up my mesh router, and another for when I’m traveling. All of that seemingly gone.

[…]

But we do still have Terminal, and the locations code itself is still in macOS.

[…]

The key command is networksetup, and here are the relevant options from the man page[…]

Previously:

Update (2022-12-01): Sébastien LeBlanc notes that the user interface for network locations is back in the macOS 13.1 beta.

D2 Diagram Scripting Language

Terrastruct (via Hacker News):

D2 is a modern diagram scripting language that turns text to diagrams.

[…]

D2 is built to be hackable -- the language has an API built on top of it to make edits programmatically.

[…]

D2 is designed with language tooling in mind. D2’s parser can parse multiple errors from a broken program, has an autoformatter, syntax highlighting, and we have plans for LSP’s and more. Good language tooling is necessary for creating and maintaining large diagrams.

Text to Diagram:

Compare the syntax and renders of various languages that produce diagrams from text.

GraphViz has seemed fine to me, but:

This project has only 3 of its founders remaining as volunteer maintainers, and support is limited and may end soon. If you can help fund to a more formal foundation to continue this project, please contact north on graphviz org.

Sapling Source Control

Durham Goode (Hacker News):

Sapling is a new Git-compatible source control client.

Sapling emphasizes usability while also scaling to the largest repositories in the world.

[…]

We’ve spent the past 10 years building Sapling, a scalable, user-friendly source control system, and today we’re open-sourcing the Sapling client. You can now try its various features using Sapling’s built-in Git support to clone any of your existing repositories.

[…]

When used with our Sapling-compatible server and virtual file system (we hope to open-source these in the future), Sapling can serve Meta’s internal repository with tens of millions of files, tens of millions of commits, and tens of millions of branches.

Previously:

Managing Xcode Downloads

Craig Hockenberry:

Now that you know what Xcode is using, you’ll wonder where it’s getting the disk image. It’s located in a sibling directory: /Library/Developer/CoreSimulator/Images. That folder also contains an images.plist file that contains metadata for the disk images. There are only a handful of files there, but on my Mac they use 13 GB of disk space.

And up until a couple of hours ago, that folder contained 7 GB of data that was incompatible with the current version of Xcode. I had to delete these files manually.

[…]

In the end, this short post saved me 32 GB of disk space. If you’re developing for platforms other than the current iOS, you’ll likely see something similar. As time passes, you’ll need to manually keep an eye on this stuff: Xcode can’t clean things up for you because it has no idea what you need.

Black Friday 2022

My apps are on sale for Black Friday and Cyber Monday, and here are some other good app deals that I found:

Accessories:

Books:

Photos and Video:

Stores:

Lists of Deals:

Previously:

Please feel free to post any other deals that you find in the comments below, and I’ll incorporate them above.

Monday, November 21, 2022 [Tweets] [Favorites]

ReadKit 3.1

Balazs Varkonyi:

Smart Folders Are Back

These are folders that automatically update their content according to the search criteria you specify.

It can also send you notifications, and a unique icon can be selected for each one.

[…]

The text size of the feed and entry list can be customized separately.

[…]

In addition to the universal ReadKit Premium, separate lifetime plans are now available for iOS/iPadOS and macOS.

Previously:

Update (2022-12-01): See also: John Voorhees.

Swift Pitch: Reflection

Alejandro Alonso:

I propose adding a new module to the Swift toolchain named Reflection that provides high level APIs for reflection in Swift. This makes use of reflective information that has always been available, but was never exposed as API until now.

[…]

[Mirror] works great, but there is a serious issue here in that it requires an instance of the type you want to introspect over.

[…]

Swift introduces a new module, Reflection, with a whole new suite of high level APIs that make working with reflection easier, more ergonomic, and provides developers with much more information than what they had.

Previously:

Mac Text Editing: Mark, Kill, Yank

Jesse Grosjean:

There isn’t much documentation of the macOS implementation. Much of the following behavior was discovered by experimenting with TextEdit.

[…]

When text is deleted by certain actions it gets added to the kill ring. By default the kill ring contains a single text entry. If you change the NSTextKillRingSize system default the kill ring can contain multiple entries.

[…]

Each app maintains a private kill ring. You can kill text in one view and then yank it into another view within the same app. You can’t kill or yank between apps.

Sunday, November 20, 2022 [Tweets] [Favorites]

Microsoft Brings Back SwiftKey for iOS

Sami Fathi:

In September, Microsoft said SwiftKey for iOS was being shut down and removed from the App Store for no clear reason. SwiftKey has been a popular alternative for iPhone users to Apple’s default iOS keyboard, leaving many disappointed by the decision. Now, a few weeks later, Microsoft says due to customer feedback, it is bringing the app back to the App Store.

Previously:

Viewing man Pages on Ventura

Armin Briegel:

Ventura’s Preview app lost the ability to render postscript or ps files. This breaks the previous, popular shell alias to open a man page in Preview.

[…]

Add this function to your shell configuration file: (bash, zsh)

preman() {
    mandoc -T pdf "$(/usr/bin/man -w $@)" | open -fa Preview
}

[…]

I prefer opening the ‘yellow’ man pages in Terminal app. You can do so by entering a command in the Help menu, or by using the x-man-page URL scheme. In these yellow terminal windows, you can scroll and search in the text with command-F. You can also do a secondary click (right/ctrl/two-finger click) on any word and it will offer to open that man page in the context menu.

Previously:

StopTheMadness Font Substitution

Jeff Johnson:

My web browser extension StopTheMadness is updated today in the iOS App Store and Mac App Store. The biggest change is a new font substitution feature! Thanks to John Gruber of Daring Fireball for inspiring the feature and for linking to my blog post a few weeks ago. The blog post described how the custom style element feature of StopTheMadness can add @font-face rules to web pages in order to substitute one font for another. But that’s all very technical, requiring the user to write CSS. The “Fireballing” generated a lot of feedback requesting a simpler way to substitute fonts on the web, so I started work on that immediately, and now the feature is available! It works in all web browsers supported by StopTheMadness: Safari for iOS, Safari for Mac, Firefox for Mac, and Google Chrome for Mac (as well as all Chromium browsers).

Previously:

FORCEDENTRY Sandbox Escape via NSExpression

Ian Beer and Samuel Groß (back in March):

It’s clearly a serialized NSKeyedArchiver. Definitely not what you’d expect to see in a JBIG2Bitmap object. Running strings we see plenty of interesting things[…]

[…]

NSPredicates using the FUNCTION keyword are effectively Objective-C scripts. With some tricks it’s possible to build nested function calls which can do almost anything you could do in procedural Objective-C. Figuring out some of those tricks was the key to the 2019 Real World CTFDezhouInstrumenz challenge, which would evaluate an attacker supplied NSExpression format string. The writeup by the challenge author is a great introduction to these ideas[…]

[…]

Prior to iOS 14.5 the isa field of an Objective-C object was not protected by Pointer Authentication Codes (PAC), so the JBIG2 machine builds a fake Objective-C object with a fake isa such that the invocation of the dealloc selector causes the deserialization and evaluation of the NSFunctionExpression. This is very similar to the technique used by Samuel in the 2020 SLOP post.

[…]

Perhaps the most striking takeaway is the depth of the attack surface reachable from what would hopefully be a fairly constrained sandbox.

Previously: