Monday, October 19, 2020 [Tweets] [Favorites]

Face ID and Touch ID for the Web

WWDC 2020 Session 10670:

But this time, when I sign in, rather than go through a password and SMS 2FA flow, instead I just Face ID, like that. Boom. I’m signed in.

[…]

Safari will only allow public key credentials created by this API to be used within the website they were created, and the credentials can never be exported out from the authenticator they were created as well. This means that once a public key credential has been provisioned, there is no way for a user to accidentally divulge it to another party.

[…]

There are two important properties that Apple builds into the authenticator. The first one, as we saw, is the Face ID and Touch ID, which is used to verify users’ identity. The second one is Secure Enclave, which is a processor that manages all the private keys and guarantees that they cannot leave the device. By combining both, each sign-in performed with the Face ID or Touch ID is essentially a multi-factor authentication. The response the device sends back to the websites encapsulates two factors: something you have, the iPhone, and something you are, the biometrics. And the sign-in only takes a single tap.

Jiewen Tan (tweet):

What follows is the recommended way to invoke Face ID and Touch ID for the web.

[…]

Attestation is an optional feature which provides websites a cryptographic proof of the authenticator’s provenance such that websites that are restricted by special regulations can make a trust decision. Face ID and Touch ID for the web offers Apple Anonymous Attestation. Once verified, this attestation guarantees that an authentic Apple device performed the WebAuthn registration ceremony, but it does not guarantee the operating system running on that device is untampered.

Previously:

How iOS Apps Adapt to the Various iPhone 12 Screen Sizes

Geoff Hackworth (via Peter Steinberger):

As a general rule, apps must build with the latest version of Xcode to opt in to seeing the native screen resolutions of new devices. Older apps would run on newer devices but appeared as letterboxed, pillar boxed and/or scaled versions of previous device sizes. This ensured that the old apps never ran at screen resolutions that didn’t exist when they were built.

[…]

At their October 2020 event, Apple announced four iPhone 12 models[…] None of these resolutions correspond to existing devices. The iPhone 12 mini has an extra surprise in store. Just like the iPhone 6+, 6S+, 7+ and 8+, an app running on the iPhone 12 mini renders at a different resolution to what is actually shown on screen.

Jonathan:

So Apple seem to have forgotten they said last year apps will now always display at the native resolution of future devices 🤷‍♂️

Keith Harrison:

Here’s a recap of what you need to know to update your Apps for the new devices.

[…]

There’s one more curiosity with the iPhone 12 mini. The safe area inset at the top of the device is slightly larger than the height of the status bar.

Previously:

Evolution of the Programming Languages From iPhone OS 1.0 to iOS 14

Alexandre Colucci:

In this new article, I will answer this question by measuring the total number of binaries in iOS. I will go one step further and also count the number of binaries using other programming languages: Objective-C, C++ and C.

Finally to be as complete as possible, I ran this analysis on all major iOS releases, from iPhone OS 1.0 to iOS 14. This will provide a detailed overview of the evolution of the different programming languages over more than a decade of iOS development.

[…]

iPhone OS 1.0 contained less binaries than the number of binaries in iOS 14.0 using Swift.

[…]

The number of binaries using Objective-C is still growing with each iOS release.

Looking at the graph, it’s scary to contemplate just how much iOS has grown. So much new code, so many potential new interactions. As with macOS, we can lament the shocking number of bugs that go unfixed, even unacknowledged, but it’s also a wonder that it works at all.

Previously:

Pure Programming

gazzini (via ChrisLTD):

I used to joke, back then, that I was a professional App Store rules explainer, because in every role, I was constantly explaining to peers, managers, and clients why we couldn’t build X because it violated Apple’s terms & conditions. I just wanted to build what our users wanted, but instead we debated endlessly about what Apple might allow. Even then, we’d still occasionally be punished by a frivolous rejection, moving us to the back of the app-review line.

But Apple isn’t the villain here – this is a large industry trend. The entire internet is increasingly burdened by various governments, corporations, and everything in-between.

[…]

In-app purchases. Email verification w/ various “unsubscribe” options. Sign-in with X. DUNS numbers. Applying for AWS Service Limit increases to send any emails. These “table-stakes” features are a real drag on productivity because… well, because they’re no fun to develop! It’s energizing to solve real problems, and draining to solve fake problems.

Previously:

Friday, October 16, 2020 [Tweets] [Favorites]

Apple Watch With Family Setup

Dan Seifert:

The most interesting thing is Apple’s new Family Setup service, which lets parents provision an Apple Watch for their kids to use. They can choose what apps and services their kids can access, who they can call or send messages to, and track their location through GPS. Even if you’re not a parent, the new Family Setup service is interesting because it gives us an idea of what a truly standalone Apple Watch could be.

For the past few weeks, I’ve strapped an Apple Watch SE to my eight-year-old child to see what the new Family Setup service is like to use in the real world (or at least as real of an experience as I can get in the middle of pandemic lockdown). Here’s what I’ve learned.

Avoiding AppleScript Security and Privacy Requests

Armin Briegel:

Since macOS Mojave, the Security and Privacy controls restricts sending and receiving AppleEvents. A given process can only send events to a different process with user approval. Users can manage the inter-application approvals in the Privacy tab of the Security & Privacy preference pane.

I ran into another case today where macOS failed to auto-add a checkbox under Automation so that the user could approve communication between two apps. There remains no way to manually add an app to give it permission. The only solution seems be to reset the privacy database and hope that macOS will add the checkbox the next time the app tries to communicate.

Over time, even though the underlying problem with hidden dialog has been fixed, this practice has persisted. You often even see AppleScript code use this with commands other than user interaction, where it wouldn’t have made sense in the first place. With the privacy restrictions in macOS Mojave, this practice has become actively trouble some, as you are sending the display dialog (or other) command to a separate process. The process running this script will require approval to send events to “System Events.”

[…]

Even after you have considered the above options to avoid sending AppleEvents to another process, there will still be several situations where it is necessary. […] MacAdmins can pre-approve AppleEvents (and most other privacy areas) between certain processes with a Privacy Preferences Policy Control (PPPC) configuration profile. PPPC profiles can only be managed when pushed from a user-approved or automatically enrolled MDM.

Previously:

Local Network Privacy FAQ

Quinn:

I regularly get asked questions about local network privacy. This is my attempt to collect together the answers for the benefit of all. Before you delve into the details, familiarise yourself with the basics by watching WWDC 2020 Session 10110 Support local network privacy in your app.

Via Peter Steinberger:

Including gems such as: “Receiving an incoming UDP multicast or broadcast does not currently require local network access but, because we hope to change that in a future update, our advice right now is that you write your code as if did”

Chrome Exempts Google Sites From User Site Data Settings

Jeff Johnson:

In Google Chrome’s “Cookies and site data” settings, accessible via the Preferences menu item or directly with chrome://settings/cookies in the address bar, you can enable the setting “Clear cookies and site data when you quit Chrome”. However, I’ve discovered that Chrome exempts Google’s own sites, such as Search and YouTube, from this setting.

[…]

Some people are going to read this article and say “Use Safari instead of Chrome!” But it’s important to note that Safari doesn’t even have the feature to clear site data on quit, so Safari is actually worse.

Steve Jobs Stories

Drew McCormack:

Steve’s anniversary was a few days ago. I always pause, at least for a moment, to remember how great those times were after his return to Apple in 1996. A rollercoaster that convinced me to leave my secure job in the scientific community, and risk everything on something new they were calling “apps”.

[…]

That’s when I got the order. I would receive details of all Mental Case purchase orders in my email inbox. (Yes, there were so few I could read them all individually.) This one was different, because I recognized the name immediately.

[…]

I have no idea if this was the real Steve Jobs on the line, or just a carefully crafted practical joke. (I don’t think the information about treatment in Missouri was even common knowledge at that time.) But I like to think it really was Steve, bored in his hospital bed, recovering from surgery, and just browsing through apps to see where the wind was blowing.

Chris Hynes:

I worked right on the hallway where he hiked between buildings, so it was very common to see him. A few days after the bicycle incident, we were walking towards each other in the hall.

He looked at me, ducked his head, and did the same apologetic gesture with his hand. I couldn’t believe he remembered. He did this duck and wave about a dozen times in the next month or so. Then one time he passed me with a grin on his face and just said “Hey”

Perhaps he felt he had done enough apologizing.

Previously:

Thursday, October 15, 2020 [Tweets] [Favorites]

The Developer Experience Gap

Stephen O’Grady (via Hacker News):

Fragmentation makes it impossible for vendors to natively supply the requisite components for a fully integrated toolchain. That does not change the reality, however, that developers are forced to borrow time from writing code and redirect it towards managing the issues associated with highly complex, multi-factor developer toolchains held together in places by duct tape and baling wire. This, then, is the developer experience gap. The same market that offers developers any infrastructure primitive they could possibly want is simultaneously telling them that piecing them together is a developer’s problem.

Thoughts on the App Store

Riley Testut:

As a user, I love the App Store and would hate to see it become less important to iOS. In practice though, the current App Store situation has some significant problems which are getting harder and harder to ignore — several of which Congress’ antitrust report explicitly call out, such as requiring developers to implement in-app purchases or risk being thrown out of the App Store. I’ve wrestled with these two seemingly conflicting notions for a long time, but after running an alternative app store for the past year I’ve finally been able solidify my thoughts on what I believe is best for the platform.

So to celebrate AltStore’s first birthday, I decided to finally write up my thoughts on the App Store — including why I went through all this effort in the first place and why I believe sideloading is ultimately the right long-term solution for iOS.

[…]

12 years on, it’s clear that while band-aids can be applied to the App Store Guidelines every few years or so to quell developer dissent, the underlying philosophy that Apple maintains sole discretion over which apps are allowed to run on its platform is showing its age.

Previously:

Deliveries Switches to Subscription

Ryan Christoffel:

Deliveries, the package tracking app for iOS and Mac, has received a strong update today with a wide variety of quality of life improvements. There’s nothing huge or flashy here, but the sum of the many small changes should help Deliveries continue being one of the best and easiest ways to track that steady stream of packages heading your way.

Joe Rossignol:

A subscription will unlock all features of the app across the iPhone, iPad, Mac, and Apple Watch, with pricing to be set at 99 cents per month or $4.99 per year through the App Store.

Deliveries until now has been a one-time purchase, with iOS and macOS versions of the app each costing $4.99.

Junecloud:

For those who purchased Deliveries before subscriptions were available, most of the features from earlier versions are included without a subscription. You will need a subscription to sync with Junecloud, and for new features we add in the future.

You’ll get a complimentary subscription for up to 18 months from the date you purchased the app. If you bought the app more than 18 months ago, your complimentary subscription will end February 1, 2021.

iCloud sync is free, however.

Previously:

A Warning About Glassdoor

his_rotundity_ (via Hacker News):

I have a very close family member that works for Glassdoor. I spoke to this person and found out that a strategic repositioning, if you will, for Glassdoor is that they are trying to become a PR company of sorts, so they are focusing on brand management for companies. As a result, they are getting very aggressive with negative review-takedowns while allowing very obviously fraudulent positive reviews to remain the same.

shiftpgdn:

I worked at a mid sized company that was going through a very rough patch (right before the inevitable bankruptcy.) During this time I got a call from a Glassdoor rep who explicitly offered to remove bad reviews in exchange for us moving to a high paid tier and putting up X amount of job listings.

Glassdoor is just corporate Yelp.

See also: Quora.

Wednesday, October 14, 2020 [Tweets] [Favorites]

Faster Xcode Updates

Igor Kulman (via Cédric Luthi):

Installing Xcode from the Mac App Store might seem like a convenient way to do so but it is too slow and inflexible. You cannot use the Mac App Store to install multiple version of Xcode at the same time if you need them, like when testing with a Xcode beta for an upcoming iOS release. Download from the Mac App Store is incredibly slow and sometimes not even available for days after release (like 11.2.1).

[…]

Downloading Xcode from the Apple Developer Portal is faster than using the Mac App Store, but it can be made even better. You just need to use the right tools.

[…]

This script downloads the given Xcode by URL from the Apple Developer Portal, but uses up to 16 separate connections to do so. You will see a significant download speed improvement.

Paul Hudson:

Pro tip: if you downloaded Xcode straight from Apple, you can use xip -x Xcode_12.1_GM_seed.xip to skip the validation step and save approximately a billion tons of CO².

And don’t forget to turn off Dropbox.

BBEdit 13.5

Bare Bones Software:

BBEdit has a new feature to protect your data: in the Text Files preferences, there is an option: “Rescue untitled documents when discarding changes”. When this option is on (as it is by default), and you close an untitled document (one that has never been saved to disk), and click “Don’t Save”, BBEdit will save a snapshot of that document’s contents to disk.

[…]

Added a command to the Palettes submenu: “Markdown Cheat Sheet”. This opens a floating window showing common Markdown constructions. Double-clicking on an item will insert it into the active document; you can also drag an item to insert it where desired.

[…]

When running on macOS 10.15 and later, there’s an additional command on the Window menu: “Move to [Display]”, where “[Display]” is the name of an eligible attached display.

I wish macOS in general had better ways of moving windows between displays and spaces. Why can’t I pick up a window, press the Mission Control hotkey, and then choose where to drop it? Instead, you have to go into Mission Control first, find the window that it just moved out from under you, and then wait for the hover animation before you can even see the other spaces.

Update (2020-10-14): It looks like macOS can do what I suggested, but only if “Displays have separate Spaces” is unchecked. Alas, I really prefer my displays to be linked on the same space.

Previously:

MagSafe 2020

Mitchel Broussard:

Apple today announced that the iPhone 12 family is gaining support for MagSafe, which will offer high-powered wireless charging as well as a new ecosystem of accessories that attach to the iPhone 12. Previously, MagSafe was Apple’s brand for the MacBook’s breakaway charging cables.

The company said that MagSafe will improve the charging experience on iPhone 12, with magnets that are optimized for alignment and efficiency, and support 15W of charging.

Alex Guyot:

Apple’s MagSafe accessory lineup starts with the MagSafe charger, a 15-watt Qi-compatible charging puck that magnetically attaches to the back of an iPhone 12 (all iPhone 12 models from the Mini to the Pro Max include MagSafe). There are also a series of new MagSafe cases which magnetically attach in the same way. These cases come in a variety of silicone colors, or in a clear design with a MagSafe circle. The magnetic connection allows the cases to be easily put on and pulled off, while staying attached during use. The case edges no longer have to bend around the front of the iPhone’s display because MagSafe is holding them in place.

Previously:

Update (2020-10-15): Robert Howard:

The new iPhone MagSafe really isn’t. The whole point of MagSafe on MacBook Pro was that it would easily breakaway and keep your laptop from crashing to the floor. But the new Mag”Safe” is strong enough to hold on a case, become a dashboard mount, etc. More like MagLock…

I think it’s going to be great, though.

Update (2020-10-19): Juli Clover:

We don’t have an iPhone 12 model on hand yet to see the actual difference between the magnetic connection of one of the new models and an existing iPhone , but just based on the marketing materials Apple has released, that magnetic ring in the iPhone is an important factor when it comes to the strength of the connection.

Even using a MagSafe-compatible iPhone 12 case from OtterBox results in a connection that’s not super strong, and it appears that OtterBox, at least, has just stuck a couple of magnets in a little insert in the case to add MagSafe functionality.

iOS 14 and 14.1

Federico Viticci:

Second, context is necessary because despite the pandemic and rocky rollout of iOS 13 and its many updates, Apple was still able to infuse iOS and iPadOS 14 with fresh, bold ideas that are tracing a path for both platforms to follow over the next few years.

On the surface, iOS 14 will be widely regarded as the update that brought a redesigned Home Screen and a plethora of useful quality-of-life additions to the iPhone. For the first time since the iPhone’s inception, Apple is moving past the grid of icons and letting users freely place data-rich, customizable widgets on the Home Screen – a major course correction that has opened the floodgates for new categories of utilities on the App Store. In addition to the upgraded Home Screen, iOS 14 also offers welcome improvements to long-standing limitations: phone calls can now come in as unobtrusive banners; Messages borrows some of WhatsApp’s best features and now lets you reply to specific messages as well as mention users; Siri doesn’t take over the entire screen anymore. There are hundreds of smaller additions to the system and built-in apps in iOS 14, which suggests Apple spent a long time trying to understand what wasn’t working and what customers were requesting.

[…]

We can see the results of this initiative in modernized system apps that take advantage of the iPad’s display with a sidebar, multiple columns, and deeper trackpad integration – new options that every iPad app developer could (and, according to Apple, should) consider going forward. Although some of the iPad’s oft-mentioned ongoing struggles remain unaddressed in iPadOS 14 (see: multitasking and window management), Apple is embracing the iPad’s nature as a modular computer this year, and they feel comfortable leaning into lessons learned with the Mac decades ago.

John Voorhees:

Among the Club-only extras this year are three eBooks, a set of stunning, widget-friendly iPhone wallpapers, advanced shortcuts, podcast episodes, and a special edition of MacStories Weekly.

Juli Clover:

Following the introduction of the iPhone 12 mini, iPhone 12, iPhone 12 Pro, and iPhone 12 Pro Max, Apple has released iOS and iPadOS 14.1 golden master betas for developers, with the iOS 14.1 update presumably coming pre-installed on the new iPhones at launch.

[…]

There’s no word yet on what’s included in these updates[…]

Previously:

Tuesday, October 13, 2020 [Tweets] [Favorites]

iPhone 12 and iPhone 12 Pro

iPhone 12 (MacRumors, event, Hacker News):

Apple today unveiled iPhone 12 and iPhone 12 mini with 5G technology, ushering in a new era for the world’s best smartphone. The newly designed iPhone 12 models feature expansive edge-to-edge Super Retina XDR displays for a brighter, more immersive viewing experience, and a new Ceramic Shield front cover, providing the biggest jump in durability ever on iPhone. The Apple-designed A14 Bionic, the fastest chip in a smartphone, powers every experience on iPhone 12, and coupled with an advanced dual-camera system, delivers meaningful new computational photography features and the highest quality video in a smartphone. iPhone 12 models also introduce MagSafe, offering high-powered wireless charging and an all-new ecosystem of accessories that easily attach to iPhone.

iPhone 12 Pro (MacRumors):

The Apple-designed A14 Bionic chip, the fastest chip in a smartphone, powers impressive computational photography features including the all-new Apple ProRAW for more creative control in photos, and enables the first end-to-end Dolby Vision video experience, up to 60 fps. The reimagined pro camera systems include an expansive Ultra Wide camera, a Telephoto camera with an even longer focal length on iPhone 12 Pro Max, and new Wide cameras to capture beautiful professional-quality images and video in bright and low-light environments. iPhone 12 Pro models also introduce a new LiDAR Scanner for immersive augmented reality (AR) experiences[…]

First, I love the return of the flat sides, last available on a flagship phone in 2013. This should make it more comfortable to hold without a case.

I’m happy to see the mini, although I have doubts about the battery life and adjusting to a smaller screen. These days, all the software is designed for larger screens. I wish it were available with the Pro camera. Compared with the iPhone 5s, the iPhone 12 mini is 0.31 inches taller, 0.22 inches wider, 0.01 inches thinner, and 0.81 ounces heavier.

I’m disappointed with the display resolutions of the new phones. The iPhone 12 Pro Max is way too big for me to carry, and all the other models display less on screen than the iPhone XR that I currently use. This reduction is larger than the increase that Apple touted between the iPhone 11 Pro and iPhone 12 Pro. I would much rather have the higher resolution than OLED.

iPhone ModelWidthHeight
5s/SE320 pts568 pts
8/SE 2375 pts667 pts
11 Pro/12 mini (scaled)375 pts812 pts
12/12 Pro390 pts844 pts
XR/11/11 Pro Max414 pts896 pts
12 Pro Max428 pts926 pts

Other thoughts:

Sebastiaan de With:

The iPhone 12 and iPhone 12 Pro have seemingly the same sensor as the iPhone 11 and 11 Pro.

For the 12 (and 12 Pro): The main ("Wide") camera lets in 27% more light thanks to a new lens with a f/1.6 aperture.

For the 12 Pro Max, though, you now get a new sensor that is significantly larger with a faster (better) lens.

[…]

Smart HDR 3 now takes scenes apart to prevent its teething issue of over-smoothing faces vs. preventing noise in dark areas. Deep Fusion and Night Mode are coming to all the lenses; likely because of the extra processing power of the A14 chip.

Steve Troughton-Smith:

Apparently the iPhone 12 mini uses the same screen resolution as the 5.8” iPhones, according to the iOS Simulator, which makes this a 495ppi iPhone UI. The actual device screen resolution is 476ppi, which suggests everything will run scaled

[…]

6.1" iPhone models this year don’t get a ‘Plus-style’ layout, despite the 6.1" model last year doing so.

Previously:

Update (2020-10-14): Sebastiaan de With:

As we said before, we really expect to see the greatest leaps in photographic improvement on phone cameras to come in software.

Brian Barrett:

How far has phone-size creep gone? Look no further than the iPhone 12 Mini’s introduction. “With its amazing size, it fits in the palm of your hand,” said Apple vice-president of marketing Kaiann Drance in Tuesday’s promotional video. Imagine that: A phone. That fits. In your hand.

Kate Matthews (via Rahul Gaitonde):

Here’s a version of my iPhone sizes sketch with the ghost of the original SE, if anyone wants that size comparison.

Jason Snell (Hacker News):

It’s embarrassing that Apple is hiding the real price of the iPhone 12. More troubling is the suggestion that Apple is now happy to join forces with its carrier partners to play marketing games—not just with the price of the iPhone 12 and 12 mini, but with the embarrassing amount of screen time Apple gave to Verizon’s CEO on Tuesday so he could flog his company’s 5G network.

Jesper:

First, Apple’s come a long way from calling carriers “orifices”. Without checking, Verizon probably got more stage time than the lidar in the iPhone 12 Pro, where it assists autofocus and plays a big role in magically making photos work out even for people who have never knowingly 3D scanned something in their life. But more importantly, the sense I’ve got is that 5G isn’t a dud technology but that it really only provides its advantages in areas where it’s really well built out.

Nick Heer:

As I have written for years now, the way 5G is being sold to the public is wildly disproportionate to the actual day-to-day impact it will have on most of us most of the time. At the moment, 5G is largely a useful buzzword for when you want billions of dollars in tax breaks, a shortcut for newspapers to seem more technologically advanced, and a way to eat up phone batteries at speeds slower than LTE.

Mark Sullivan:

I thought Apple, with its marketing prowess, would finally make me understand the importance of having 5G on my phone. But after watching its press event for the first 5G iPhones on Tuesday, I remain unconvinced and unlikely to upgrade from my iPhone 11.

Dieter Bohn:

The problem with 5G is that it’s not good yet. In a comprehensive, US-wide test of 5G speeds, PC Mag found them seriously lacking. In many cases 5G speeds were actually slower than 4G speeds. And the study also found that the other hyped-up reason for 5G, low latency, also isn’t here yet.

See also: Ryan Jones.

Update (2020-10-15): Riccardo Mori:

After watching the Apple event from yesterday, my impression is that Everything is a Remix would have been a more fitting title than Hi, Speed.

MacRumors (via Michael Love):

A spokesperson for T-Mobile has informed MacRumors that the carrier will also have iPhone 12 offers that will go live on Apple’s website on Friday, the day that pre-orders of the devices begin.

Joe Rossignol:

Benchmark results for the iPhone 12 Pro and iPhone 12 Pro Max are beginning to surface on Geekbench, and based on the scores available so far, the new A14 Bionic chip is over 20 percent faster than its A13 predecessor in iPhone 11 Pro models.

Joe Cieplinski:

I don’t want a small phone that is also a “budget” phone, in other words. I want a top-of-the-line phone that happens to be small.

[…]

For at least a few hours, I was truly torn about which phone to get.

But in the end, how could I not get the mini?

I would love to have a better camera in a hypothetical Pro mini. But, given the available choices, I’ve come to the same conclusion..

Update (2020-10-19): Thomas Brand:

Apple is removing the charger and headphones from all iPhones, even models released years ago, and the price remains the same.

John Gruber:

Herewith, I believe, is the full accounting of the differences between the 12 Pro and 12 Pro Max, camera by camera[…]

[…]

Apple’s upcoming ProRAW features — which will enable shooting RAW images using the built-in Camera app and a bunch of new APIs for third-party camera and photo-editing apps — are exclusive to the 12 Pro models.

When you consider the camera specs alone, that seems like pure marketing spite. All iPhone 12 models have the A14 SoC with the same CPU, GPU, and Neural Engine. But there might be a technical reason ProRAW is limited to the iPhone 12 Pro models: according to the latest version of Xcode, the 12 Pro models have 50 percent more RAM than the iPhone 12 and 12 Mini (6 GB vs. 4 GB). It seems reasonable to assume that ProRAW and 60 FPS Dolby Vision encoding are RAM-hungry features. But because Apple never ever talks about RAM in iOS devices, even in the small print of their advertised tech specs, this comes across as purely marketing-driven differentiation.

[…]

But I think a non-Pro iPhone Max model, in particular, would be really popular, because I think a lot of people desire big-ass phones solely for the display size. And I think Apple doesn’t make it because a lot of people who really care that much about having the largest possible display will just pay the premium for the Pro Max. This product strategy is true for the iPad and MacBook lineups, too — Apple’s biggest displays are only in its “Pro” models.

A14 Bionic

Chris Velazco (via MacRumors):

At a high level, the A14 seems similar to Apple’s other Bionic chipsets. This system-on-a-chip packs a six-core CPU — two cores high-performance cores and four for lower-priority tasks — just as the A12 and A13 did. The number of GPU cores here has also remained unchanged at four. Don’t be fooled by these passing similarities, though: Because the A14 was designed for a 5nm manufacturing process, there’s more going on in this system-on-a-chip than ever before.

[…]

Unsurprisingly, this year’s Neural Engine is a far cry from the first one we saw in 2017. While that original co-processor could perform 600 billion operations per second, last year’s A13 raised the bar to 6 trillion operations in the same amount of time. Meanwhile, the A14 generally obliterates the bar by performing a claimed 11 trillion operations per second.

[…]

Apple hasn’t yet issued claims about the A14 Bionic’s performance improvements over last year’s A13 Bionic -- expect more on that during the company’s upcoming keynote. (A set of leaked benchmarks suggests some healthy gains over last year’s chipset, though some are less than impressed.) When Apple revealed the new iPad Air, though, it did say the A14’s CPU was up to 40 percent faster than the previous model, and that people could expect up to a 30 percent increase in graphics performance.

Upgrade:

Jason and Myke interview Apple's Tim Millet and Tom Boger about the new iPad Air and Apple silicon.

HomePod mini

Apple (MacRumors, Hacker News):

Apple today unveiled HomePod mini, the newest addition to the HomePod family that delivers impressive sound, the intelligence of Siri to get things done, and a smart home experience that offers comfort and convenience without complexity. At just 3.3 inches tall, HomePod mini is packed with innovative technologies and advanced software that together enable computational audio to deliver breakthrough audio quality wherever it is placed. HomePod mini will be available in white and space gray at a great price of just $99.

The weak link is Siri.

Monday, October 12, 2020 [Tweets] [Favorites]

Spotify Not Playing Fair

SongShift Team (also: MacRumors):

The Spotify Developer Platform Team reached out and let us know we’d need to remove transferring from their service to a competing music service or have our API access revoked due to TOS violation.

Spotify only wants you to use the API to import, not to export. The mixlib app is also affected (via Olivier Simard-Casanova).

Even putting aside that this sort of API restriction is bad for customers, you’d think that Spotify would have its eye on the bigger picture of not undermining its argument about fairness.

Jason Snell:

Spotify hates how Apple tends its own ecosystem, but it has zero interest in allowing its customers to migrate metadata in any way that might make it more convenient to leave Spotify behind. That’s their decision to make, of course, but for a company that claims to support consumer freedom, it has just made a hypocritical decision designed to reduce the freedom of its own customers.

Previously:

Update (2020-10-14): Damien Petrilli:

Until there is a regulation to prevent Apple to integrate Apple Music so tightly to iOS it’s probably safer for Spotify to prevent easy migration.

[…]

It’s like asking to play fair in a game where all other players cheat and respect no rule.

Rust After the Honeymoon

Bryan Cantrill (Hacker News):

So Rust is going really well for us at Oxide, but for the moment I want to focus on more personal things — reasons that I personally have enjoyed implementing in Rust. These run the gamut: some are tiny but beautiful details that allow me to indulge in the pleasure of the craft; some are much more profound features that represent important advances in the state of the art; and some are bodies of software developed by the Rust community, notable as much for their reflection of who is attracted to Rust (and why) as for the artifacts themselves. It should also be said that I stand by absolutely everything I said two years ago; this is not as a replacement for that list, but rather a supplement to it.

Epic Denied Preliminary Injunction for Fortnite

Juli Clover (also: Hacker News):

A California judge today denied Epic Gamesrequest for a preliminary injunction that would have required Apple to allow Fortnite back into the App Store, which means the app will continue to remain unavailable on Apple’s iOS platform for the duration of the legal battle between the two companies.

While the Fortnite app for iOS devices will not be reinstated into the App Store , Epic did successfully win an order that will require Apple to continue to allow Epic to operate its Unreal Engine developer account.

Florian Mueller:

While the TRO was a pre-PI decision, the PI is preliminary to a hypothetical permanent injunction that may or may not come down after the bench trial to be held in Oakland in May 2021. Whoever loses will likely appeal, and then it’s another question whether a permanent injunction coming down at that point will or will not continue to be enforced.

[…]

The PI order gives both parties some guidance as to where they bear the burden of proof and on what aspects of the case they must do more going forward. For instance, Apple will later have to convince the court that what its app distribution terms are designed to achieve cannot be achieved with softer rules. Only Epic, however, is told that “adamant[ly]” taking unreasonable, “baffling” positions has already made it lose some of its credibility with Judge Gonzalez Rogers.

Arguing that the hotfix to introduce direct payment was not deceptive seems like an unforced error.

Previously:

MacUpdate Acquired by Clario

Thomas Reed:

Just learned that MacUpdate was purchased by the company that makes MacKeeper in July. 👀

Andrew Okhota:

MacUpdate has announced its new ownership as part of Clario. There will be no change to MacUpdate as a platform and no change to MacUpdate community teams and management. Clario will invest in MacUpdate to provide an even safer environment for downloads and support an improved experience for the MacUpdate community.

Previously:

Apple’s New Map: U.S. Territories, Ireland/U.K.

Justin O’Beirne:

On April 9th, 2020, Apple’s new map expanded to a number of U.S. territories, including Puerto Rico, Guam, and the U.S. Virgin Islands[…]

Justin O’Beirne (MacRumors):

On October 1, 2020, Apple’s new map expanded to Ireland and the United Kingdom[…]

This is the ninth time that Apple has expanded its new map since its public launch in September 2018. And it’s also the first time that Apple has expanded its new map outside of the United States[…]

Nick Heer:

Look Around is uniquely interesting. It is the first attempt in a long time at building a true competitor to Google Street View. Microsoft’s Bing Maps has a “street level” view, but it lacks imagery for Calgary, and its last update in Vancouver occurred about eleven years ago. Meanwhile, I’ve seen Apple’s cars roaming around different cities in Alberta for about a year now.

Previously:

Friday, October 9, 2020 [Tweets] [Favorites]

Google v. Oracle at Supreme Court

Timothy B. Lee:

The Supreme Court’s eight justices on Wednesday seemed skeptical of Google’s argument that application programming interfaces (APIs) are not protected by copyright law. The high court was hearing oral arguments in Google’s decade-long legal battle with Oracle. Oracle argues that Google infringed its copyright in the Java programming language when it re-implemented Java APIs for use by Android app developers.

John Gruber:

My gut feeling is that Google is in the right here — APIs should not be copyrightable — but that they utterly failed to make the argument in a clear way.

See also: Miguel de Icaza, Florian Mueller (3, 4).

Charles Duan:

Readers of this site no doubt know that Oracle’s arguments in its lawsuit against Google, set to be argued in the Supreme Court on Wednesday, could spell disaster for the computer industry, by turning the act of reimplementing an API into copyright infringement. Back in January, I revealed in an Ars Technica piece that it could even spell disaster for Oracle itself, because Oracle’s cloud storage service reimplements Amazon’s S3 API. Oracle did not dispute my findings but shrugged them off, claiming Amazon had granted permission. I was skeptical, but at the time did not have hard evidence to prove a negative that Oracle had no license.

I’ve now found the evidence for why Oracle should be worried. And more importantly, it shows why every tech company and startup should be worried about the Google v. Oracle case.

Previously:

Apple Forces Telegram to Close Channels Run by Belarus Protestors

Scott Chipolina (via Old Unix Geek, Hacker News):

Apple is requesting that Telegram shut down three channels used in Belarus to expose the identities of individuals belonging to the Belarusian authoritarian regime that may be oppressing civilians.

[…]

These channels are a tool for Belarus’ citizens protesting the recently rigged presidential election, but, with a centralized entity like Apple calling the shots on its own App Store, there’s little the protesters can do about it.

Previously:

Update (2020-10-12): Pavel Durov (via Hacker News):

Apple released a statement saying they didn’t want us to take down the 3 channels run by the Belarusian protestors, but just specific posts “disclosing personal information.

This sly wording ignores the fact that channels like @karatelibelarusi and @belarusassholes consist entirely of personal information of violent oppressors and those who helped rig the elections – because that is why those channels exist.

By hiding their demands with vague language, Apple is trying to avoid the responsibility of enforcing their own rules. It is understandable: according to this poll, over 94% of Belarusian users think the channels that made Apple worry should be left alone.

Previously, when removing posts at Apple’s request, Telegram replaced those posts with a notice that cited the exact rule limiting such content for iOS users. However, Apple reached out to us a while ago and said our app is not allowed to show users such notices because they were “irrelevant”.

Alex Stamos:

I had been looking forward to next week’s new batch of iPhones for a while, but thanks to Apple’s increasingly unethical use of DRM to enforce their rules and support of authoritarian regimes, I gotta consider moving the entire family to the Android ecosystem.

Stefan Esser:

In this comment it was said that Apple told Telegram to censor the info that certain posts had to be removed due to Apple. Standard apple monopoly practice. When we released SysSecInfo Apple bullied us into removing features and they forbid us to inform users about it.

Previously:

Update (2020-10-15): John Gruber (tweet, Hacker News, AppleInsider):

This has nothing to do with relevance and everything to do with convenience. I’ve said it before and will adamantly say it again: it is prima facie wrong that one of the rules of the App Store is that an app is not allowed to explain the rules of the App Store. I’m hard pressed to think of an exception to this conviction, not just on Apple’s App Store, but in any sphere of life — whether a harmless game or the administration of the law.

saagarjha:

My own experience with this was that once I included a description of an OS bug I worked around in the changelog of my apps and the reviewers made me remove it with almost exactly the same verbiage–I can’t remember if they actually said “irrelevant” but the summary was “this information is not useful to your users”.

My experience has also been that you’re not allowed to mention OS bugs in release notes, even if they were officially reported via Radar and acknowledged there by Apple. “Irrelevant” basically means “potentially embarrassing to Apple.”

David Heinemeier Hansson:

Apple reaching inside communication apps to tell the maker what users can and cannot posts is 🍌. Apple then asking that their censorship is kept private is 🤯. Apple justifying their prohibition on notices because they’re “irrelevant” is positively 1984.

Phones are the primary computing device for the majority of people today. It’s completely insane that we’ve arrived at a place where two companies can dictate what can be said or installed on those devices.

Remote Work and Apple and Microsoft

AppleInsider:

Apple CEO Tim Cook participated in an interview as part of The Atlantic Festival on Monday, where he discussed a range of topics from climate change to remote work and the company's antitrust troubles.

Mark Gurman (Hacker News):

Cook said he doesn’t believe Apple will “return to the way we were because we’ve found that there are some things that actually work really well virtually.”

Bloomberg’s headline is “Apple CEO Impressed by Remote Work, Sees Permanent Changes,” but it does not actually sound to me like Cook is changing much.

Juli Clover:

As for the shift to working from home for many Apple employees, Cook said “it’s not like being together physically” and that he can’t wait for “everybody to be able to come back,” confirming that Apple is not going to be one of those companies that lets employees work from home long term.

Tom Warren:

Microsoft is allowing some of its employees to work from home permanently. While the vast majority of Microsoft employees are still working from home during the ongoing pandemic, the software maker has unveiled “hybrid workplace” guidance internally to allow for far greater flexibility once US offices eventually reopen.

See also: 1Password (Hacker News).

Previously:

Sunsetting Google Play Music

Google:

YouTube Music is the new home for your music. Starting in September, we will close the Music store on Google Play.

Starting in October, users will begin losing access to the Google Play Music app.

To keep your Play Music library, including your purchases, you can transfer to YouTube Music or download any music that you’ve purchased via Google Takeout.

[…]

After the Play Music app goes away, the transfer tool will be available for a minimum of 30 days

Previously:

BitBar Needs a Developer

Jason Snell:

Hey developer friends, it has come to my attention that BitBar development has stopped. I love this app and maybe you do too? If anyone is interested in keeping it afloat (and getting it to work well with Big Sur), here’s a github thread.

See also: How bad is the air out there?.

Previously:

Thursday, October 8, 2020 [Tweets] [Favorites]

ProtonMail Forced to Add IAP

Sean Hollister:

But also, one app developer revealed to Congress that it — just like WordPress — had been forced to monetize a largely free app. That developer testified that Apple had demanded in-app purchases (IAP), even though Apple had approved its app without them two years earlier — and that when the dev dared send an email to customers notifying them of the change, Apple threatened to remove the app and blocked all updates.

That developer was ProtonMail, makers of an encrypted email app, and CEO Andy Yen had some fiery words for Apple in an interview with The Verge this week.

[…]

Yen tells me there was a month-long period where ProtonMail couldn’t update its app at all, even for security reasons, and Apple was threatening to remove the app if his company continued to delay. So ProtonMail decided to raise the cost of its entire service on iOS by roughly 26 percent to satisfy Apple’s needs, eating the rest itself.

[…]

Apple’s own head of app review from 2009 to 2016, spoke to Congress for its bombshell antitrust report, too. He testified that Apple’s senior executives would find pretexts to remove apps from the store[…]

Recall that Tim Cook told Congress that Apple had only exempted additional categories of apps from fees and that Apple does not retaliate or bully developers.

Jason Snell:

The more consistent the stories, the less Apple can claim this was all just a big misunderstanding.

Previously:

Update (2020-10-09): See also: MacRumors.

Date Format Change in App Store Receipts

Frank Illenberger:

After some sweat and tears we have found the reason for the installation failures in the Mac App Store: At some point in the last weeks, Apple has changed the format of the date values in its ASN.1 receipt files.

They used to look like “2020-10-03T07:12:34Z”. Now they added millisceonds like in “2020-10-03T07:12:34.567Z”. Apple’s specification only states that dates follow RFC 3339, which does not specify if there should be milliseconds or not.

[…]

To make it even harder, Apple still sends out receipts containing dates WITHOUT milliseconds if an app has been originally bought before October.

Daniel Jalkut:

More on this: as far as I can tell the documented IAP dates are still returning dates that don’t have milliseconds. I don’t think there is a documented date field for Mac App Store receipts for the main app, as installed in the app binary.

These are the documented fields for local (on a Mac) receipt validation.

For server side receipt validation, there are host of other fields, including one that exposes the original purchase date in timestamp format.

Rosyna Keller:

The dates on the receipt documentation pages all mention they’re in ISO 8601, so you’d want to use that data formatter to read them instead of specifying an entirely manual, hand-crafted format string.

Hilariously, the documentation only promises that the date format will be “similar to the ISO 8601.”

Pádraig Kennedy:

A base ISO8601DateFormatter will parse the non-ms version only. To avoid this issue, devs would have to make two date parsers and try them one after another.

Daniel Jalkut:

If anybody thinks ISO8601 datetime strings are a well-defined format, here’s the code in @MarsEdit that handles ISO8601 dates from various blogging platforms.

Previously:

We Hacked Apple for 3 Months

Sam Curry (via Steve Troughton-Smith, Hacker News):

Between the period of July 6th to October 6th myself, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked together and hacked on the Apple bug bounty program.

[…]

During our engagement, we found a variety of vulnerabilities in core portions of their infrastructure that would’ve allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.

There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports.

Most have already been fixed.

One example:

During testing the iCloud application we noticed that you could open up certain attachments from the iCloud mail application in the iCloud pages application via the “Open in Pages” functionality. When you submitted the form to do this, it sent an HTTP request containing a URL parameter which included the URL of the mail file attachment in the request.[…] If you attempted to modify this URL to something arbitrary[…] Our proof of concept for this report was demonstrating we could read and access Apple’s internal maven repository which contained the source code for what appeared to be hundreds of different applications, iOS, and macOS.

Brandon Azad:

It’s with both bittersweet sadness and excitement that I say goodbye to Project Zero, as I’ll be joining Apple next week to continue my work improving Apple device security.

Previously:

Update (2020-10-09): Sam Curry:

Within the article I’d mentioned that Apple had not yet paid for all of the vulnerabilities. Right after publishing it, they went ahead and paid for 28 more of the issues making the running total $288,500.

Swift “Algorithms” Package

Nate Cook:

I’m excited to announce Swift Algorithms, a new open-source package of sequence and collection algorithms, along with their related types.

Algorithms are powerful tools for thought because they encapsulate difficult-to-read and error-prone raw loops. The Algorithms package includes a host of powerful, generic algorithms frequently found in other popular programming languages. We hope this new package will help people embrace algorithms, improving the correctness and performance of their code.

[…]

It’s our ambition for the standard library to include a rich, pragmatic set of generic algorithms. We think the Algorithms package can help realize this goal by serving as a low-friction venue to build out new families of related algorithms—giving us an opportunity to iteratively explore the problem space and learn how different algorithms connect and interact—before graduating them into the standard library.

I love how each one is documented and includes links to the source and tests.

Previously:

Windows XP Source Code Leaked

Dan Thorp-Lancaster:

Alleged source code for Windows XP leaked online this week. The leak was spread in a thread on the anonymous forum 4chan, which linked to archives of both the alleged Windows XP source code along with source code for other Microsoft products. Notably, the archive includes the Windows NT 3.5 and original Xbox source code dumps that appeared online in May.

[…]

If the leak is legitimate, it could expose any remaining Windows XP-based systems to new attacks. However, Microsoft hasn’t supported Windows XP in any meaningful way since it reached its end-of-support date in 2014, which marked the end of security updates for the aging operating system.

[…]

Interestingly, while this would be the first time Windows XP source code has gone public, Microsoft already shares its code with governments and university researchers around the world.

Tom Warren (via Hacker News, MacRumors):

Microsoft created a secret Windows XP theme that made the operating system look more like a Mac. A recent Windows XP source code leak has revealed Microsoft’s early work on the operating system and some unreleased themes the company created during its early XP development back in 2000.

One is labeled “Candy” and includes a design that closely resembles Apple’s Aqua interface that was first introduced at the Macworld Conference & Expo in 2000. Although the theme is incomplete, the Windows XP Start button and various buttons and UI elements are clearly themed to match Apple’s Aqua.

Wednesday, October 7, 2020 [Tweets] [Favorites]

Apple Will Temporarily Stop Taking a 30 Percent Cut on Facebook Event Fees

Juli Clover (also: James Vincent):

Apple has decided to temporarily waive the 30 percent cut that it takes from in-app purchases for Facebook’s in-app paid event feature, reports CNBC. Facebook had accused Apple of hurting small businesses by collecting fees from the new feature, which lets users attend online classes and events through Facebook.

The policy update will pertain to ClassPass and Airbnb, two companies that are also offering new digital experiences and classes within their apps.

An Apple spokesperson said that Apple reversed its decision on the Facebook event fees due to the pandemic and a desire to give companies more time to adapt to digital business models.

The article doesn’t make it clear, but I assume that Apple means allowing external payment processing, not waiving the fees for transactions processed through the IAP system.

Steve Kovach:

Apple’s reversal comes weeks after it blocked an update to the Facebook app that displayed a warning to users that a cut of transactions for paid events would go to Apple. At the time, Facebook said Apple would not make an exception to its rules to give the full amount of the transactions to the businesses hosting the events.

[…]

The Apple spokesperson said the decision does not affect gaming companies because gaming businesses have not been hurt by the pandemic and have always been digital-only.

It seems like a special carve-out for three big companies who complained loudly.

From the House Judiciary Committee report:

In response to the COVID-19 pandemic, some businesses moved physical events online, often booking through an app and holding the event through a video chat application. Educators have also shifted resources online, including through apps. The New York Times reported that Apple demanded a 30% commission from these virtual class offerings. As a result, one company stopped offering virtual classes to users of its iOS app. The Times reported that Apple threatened Airbnb that it would remove its app from the App Store if Airbnb did not comply with Apple’s demand for a share of its revenues.

In interviews with Subcommittee staff, multiple app developers confirmed the The New York Times’ reporting. Airbnb spoke with Subcommittee staff and described conversations with the App Store team in which Apple said it had observed an uptick in the number of apps offering virtual classes in lieu of in-person classes due to the COVID-19 pandemic. As a result, Apple began canvassing the App Store to require app developers implement IAP, entitling Apple to take 30% of in-app sales. Airbnb explained that Apple’s commission, plus compliance with Apple’s pricing tiers for in-app purchases would ultimately result in a 50-60% price increase for consumers.

[…]

At the Subcommittee’s hearing on July 29, 2020, Chairman Jerrold Nadler (D-NY) asked Mr. Cook about the allegations that Apple was canvassing the App Store to extract commissions from businesses that have been forced to change their business model in order to survive during the pandemic. Mr. Cook responded that Apple “would never take advantage” of the pandemic, but justified the conduct, explaining that the app developers were now offering what Apple defined as a “digital service” and Apple was entitled to commissions.

Previously:

House Report on Competition in Digital Markets

John Gruber:

The House Judiciary subcommittee that held a hearing with the CEOs of Amazon, Apple, Facebook, and Google back in July has issued a 449-page report on its findings and recommendations.

The report is here. Some of the parts I found interesting:

Apple’s market power is durable due to high switching costs, ecosystem lock-in, and brand loyalty. It is unlikely that there will be successful market entry to contest the dominance of iOS and Android.

[…]

In response to these concerns, Apple has not produced any evidence that the App Store is not the sole means of distributing apps on iOS devices and that it does not exert monopoly power over app distribution. Apple says it does not create—nor is it aware of third-party data—that tracks market share in the app distribution market.

[…]

Apple’s monopoly power over software distribution on iOS devices appears to allow it to generate supra-normal profits from the App Store and its Services business. Apple CEO Tim Cook set a goal in 2017 to rapidly double the size of the Services business by the end of 2020. Apple met this goal by July 2020, six months ahead of schedule.

[…]

Apple also makes some exceptions to its rules and may change or update its rules.

[…]

Industry observers have also challenged Apple’s implicit claim that the iPhone was the start of the online software distribution market.

[…]

In an interview with Subcommittee staff, Phillip Shoemaker, former director of app review for the App Store, estimated that Apple’s costs for running the App Store is less than $100 million. […] Although only estimates, these figures indicate that as the mobile app economy has grown, Apple’s monopoly power over app distribution on iPhones permits the App Store to generate supra-normal profits. These profits are derived by extracting rents from developers, who either pass on price increases to consumers, or reduce investments in innovative new services. Apple’s ban on rival app stores and alternative payment processing locks out competition, boosting Apple’s profits from a captured ecosystem of developers and consumers.

[…]

In Apple’s internal documents and communications, the company’s senior executives previously acknowledged that IAP requirement would stifle competition and limit the apps available to Apple’s customers.

Juli Clover:

Apple in a statement to MacRumors said that it strongly disagrees with the conclusions reached in the report in respect to Apple, and that Apple does not have dominant market share in categories where it does business.

See also: Hacker News, Steve Troughton-Smith, Steve Streza, Brent Simmons, Michael Love, Matt Birchler, Ben Thompson.

Previously:

Update (2020-10-09): James O’Leary:

here’s the landing page for all the docs they referenced, segmented by company

checkra1n T2 Exploit

Niels Hofmans (Hacker News, MacRumors):

The mini operating system on the T2 (SepOS) suffers from a security vulnerable also found in the iPhone 7 since it contains a processor based on the iOS A10. Exploitation of this type of processor for the sake of installing homebrew software is very actively discussed in the /r/jailbreak subreddit.

So using the checkm8 exploit originally made for iPhones, the checkra1n exploit was developed to build a semi-tethered exploit for the T2 security chip, exploiting a flaw. This could be used to e.g. circumvent activation lock, allowing stolen iPhones or macOS devices to be reset and sold on the black market.

Normally the T2 chip will exit with a fatal error if it is in DFU mode and it detects a decryption call, but thanks to the blackbird vulnerability by team Pangu, we can completely circumvent that check in the SEP and do whatever we please.

Since sepOS/BootROM is Read-Only Memory for security reasons, interestingly, Apple cannot patch this core vulnerability without a new hardware revision. This thankfully also means that this is not a persistent vulnerability, so it will require a hardware insert or other attached component such as a malicious USB-C cable.

[…]

I’ve reached out to Apple concerning this issue on numerous occasions[…]. Since I did not receive a response for weeks […] I am hereby disclosing almost all of the details. You could argue I’m not following responsible disclosure, but since this issue has been known since 2019, I think it’s quite clear Apple is not planning on making a public statement and quietly developing a (hopefully) patched T2 in the newer Macs & Silicon.

Dan Moren:

Strafach says that the T2 is indeed vulnerable to checkm8, and has been for some time, meaning that those with physical access to your computer can essentially reboot it into the device firmware upgrade (DFU) mode, and then execute arbitrary code.

However, Strafach also points out that what’s less clear is whether the arbitrary code will will last through a reboot:

DanyL:

People should really chill down regarding T2 publicly exploited. The vulnerability has been public for more than a year now and always been there on T2. Moreover, there are plenty of other vulnerabilities, including remote ones that undoubtedly have more impact on security.

If anything, our exploit enables researches to explore the internals more closely, possibly uncovering other issues that may lead to greater security on the mac; as well as allowing better repairability for otherwise pricy repairs or worse, issues Apple bluntly refuses to handle.

peterindark:

The biggest issue with this is that Apple cannot patch it via an update like most of other security issues

Update (2020-10-09): See also: Patrick Wardle.

Update (2020-10-14): Ben Lovejoy (tweet, also: MacRumors):

The T2 exploit team who found a way to take over the security chip in modern Macs has demonstrated a way to do so without user intervention — using nothing more than a modified USB-C cable.

The ad-hoc team, who call themselves Team t8012 after Apple’s internal name for the chip, believe that nation-states may already be using this approach.

The Era of Visual Studio Code

Roben Kleene:

Text editors, on the other hand, are a software category where the most popular options are not the oldest. According to the Stack Overflow Annual Developer Survey, Sublime Text was the most popular text editor available on the Mac from 2015–2017. Sublime Text was released in 2008, a sprightly youth compared to Excel and Illustrator. Text editors have been a category with a lot of movement: In the last 20 years, TextMate, Sublime Text, and Atom have all been the text editor with the most momentum. For big complicated desktop software, has any other category ever had so much movement?

I believe the era of new text editors emerging and quickly becoming popular has now ended with Visual Studio Code. VS Code has reached unprecedented levels of popularity and refinement, laying a foundation that could mean decades of market dominance.

[…]

With VS Code, the extension-based text editor has seemingly reached its final form. Ever since TextMate, extensions have increased in prominence and capabilities, and with VS Code, that progression appears to have culminated. There just isn’t anywhere else to go. Correspondingly, there isn’t a way a new text editor can leapfrog VS Code the same way previous text editors have been leapfrogging each other by improving extensions.

VS Code certainly has lots of features and extensions, but I remain quite happy with BBEdit and its Mac interface.

Previously:

Luna Display for Windows

Kickstarter:

Tens of thousands already use Luna Display for Mac and now we’re bringing that same magic to Windows. Whether you’re working remotely, looking to maximize your workspace, or seeking more creative flexibility - Luna has you covered. As the only hardware solution on the market, you can...Turn any iPad into a wireless second display for your PC or Mac[…]

Matt Ronge:

We tried to use Objective-C on Windows, it didn’t work.

[…]

Rust has been a GREAT choice for cross-platform work. Our core engine is in Rust and we use language bindings to C# (Windows) and Objective-C (Mac/iPad) for the UI.

[…]

There’s a huge opportunity outside of the Mac ecosystem. There are literally 10x as many Windows users as there are Mac users!

So we are super excited about the opportunity in front of us.

Jonathan Deutsch:

There’s a lot to the story; the interesting bit is a company once firmly entrenched in the Apple and Mac ecosystems now embraces Microsoft Windows.

It is a bright outlook: Luna’s kickstarter just hit 2x its goal.

Hell has frozen over because Apple became cold to its developers.

It’s sad to see top developers pushed to Windows. However, it makes total sense for something like Sidecar to be built into iOS and macOS. And all is not lost on macOS, since Luna Display has some advantages over Sidecar.

Previously: