Archive for May 28, 2015

Thursday, May 28, 2015

TextExpander 5 and Notification Center Privacy

TextExpander 5 looks like a good upgrade to what has belatedly become an essential app for me. I like the new preview pane, and the JavaScript support looks interesting. JavaScript doesn’t particularly interest me on the Mac because TextExpander has long supported AppleScript; the news here is that JavaScript snippets also work on iOS.

The coolest feature is that TextExpander can now suggest snippets based on “phrases you habitually type”:

TextExpander can suggest new snippets based on what you type. After you have typed the same group of characters, letters or words enough times, it will suggest you create a snippet. All the snippet suggestions are collected in a Suggested Snippets group where they remain without abbreviations. You may choose to ignore them, add an abbreviation to complete them, or delete them.

There are obvious privacy concerns here. TextExpander has always observed what you type, but it has not actually saved it to disk. Back in the day, I lauded SpellCatcher’s Ghostwriter key logging feature because it helped me to restore lost text. These days, file corruption and crashes are less common, and privacy is more of an issue, so I doubt that I would use such a feature. TextExpander has a careful design that doesn’t depend on logging your typing to disk, or even storing it in RAM:

TextExpander observes your keystrokes, as well as the contents of the pasteboard, or, what you copy then paste using ⌘V. TextExpander will track how many times you repeat the same group of characters and create a new suggestion after a certain amount of repetition. However, it does not save the tracking of what you type so the tracking is lost with each TextExpander restart. Therefore, frequent restarting of TextExpander won't result in many suggestions. None of what you type is saved by TextExpander except for the snippets listed in the Suggested snippets group “Tracking” does not mean TextExpander keeps a list of the actual characters you type. Instead, it keeps an encoded record (called a “hash”) of that group of characters that cannot be deciphered, similar to the way a password is securely stored so that no one reading it knows what it is. You might type “yourpetsname” but what TextExpander sees and records is “1739405847385.”

That minor tradeoff for more privacy seems like a good one.

There is a slight catch, though. When TextExpander makes a suggestion, it posts it to Notification Center. The system stores a database of notifications, so any repeated phrases that TextExpander notices will end up persisted to disk. This happens even if you’ve chosen not to display the notifications in Notification Center. As far as I know, there is no way for applications to opt out of this persistence.

(Along similar lines, the system has another database that tracks the files you’ve downloaded.)

Until my curiosity was piqued by TextExpander, I had not been aware of this or seen anyone talk about it. Now I’m wondering whether it should be a concern for other apps, too. For example, EagleFiler posts notifications to let you know when an import has completed. If you’re importing into an encrypted library, you might not want a cleartext record of the names of the files that you’ve imported. Should TextExpander use its own private notification system instead of Notification Center? Should EagleFiler not post notifications for encrypted libraries? I’m not sure what the answers are. There are many benefits to using Notification Center, but it isn’t as configurable as I would like.

Update (2015-05-28): Another cool feature is that TextExpander can tell me (via Notification Center) when I already have an abbreviation set up but have forgotten to use it.

Update (2015-06-02): Brett Terpstra:

Nested snippets work quite well, so you can create snippets containing JavaScript libraries and include them in other snippets. Just give them long names that you’ll never type, and then reference them using the %snippet:longJSLibrarySnippetName% format at the top of your JavaScript snippet. I had the best results when setting the snippet type of included snippets to “Plain Text.”

Update (2015-07-22): TextExpander 5.1 “adds new notification preference for snippet suggestions.”

Update (2024-07-15): Since adding Notification Center support in version 1.6.3, EagleFiler has had a DisableNotificationCenter esoteric preference to turn it off for privacy reasons.

Previously:

Kindle Typography Improvements

John Brownlee:

But today, Amazon is making a big step towards better typography on the Kindle. Not only are they unveiling Bookerly, the first typeface designed for the Kindle for scratch, but they’re finally solving the Kindle’s typesetting problems with an all-new layout engine that introduces better text justification, kerning, drop caps, image positioning, and more.

In appearance, it looks something like if Baskerville, a 225-year-old typeface that has been shown to shape our perception of truth, and Caecilia made a baby. Both of these parent fonts were previously available on the Kindle, but they had issues. On low-res devices, Baskerville’s thin, elegant lines looked crude, where as Caecilia, a slab serif, was just a bizarre choice for Amazon’s previous default font: although it’s highly readable, it’s a type of font best used for headlines, not body text, because slab serifs often look and feel bolded, even when they’re not.

Marco Arment:

It’s great that Amazon’s putting some effort into Kindle typography for the first time in far too long. But this is a small improvement, not a big one.

[…]

The new font and hyphenation are also only available on iOS so far. They’re not coming to Kindles until “later this summer”.

Bookerly looks nice to me, and I haven’t had problems with the justification.

Update (2015-05-28): Kirk McElhearn:

The difference is subtle, but if you pull back and look at them, you can see that the page with Bookerly is a bit lighter, which takes away that bulky feel you get when reading with Cecelia. This will be more noticeable on Kindle eink devices, where Cecelia is a bit weightier.

Applications Constantly Asking Permission to Accept Incoming Connections

Since, I think, installing Yosemite, I’ve been plagued by dialogs asking me whether to allow an application to accept incoming connections. It happens when I launch Messages, run unit tests in Xcode the first time after launch, and certain times when I run xcodebuild.

In the Security & Privacy ‣ Firewall pane of System Preferences, I have the firewall on, but all of these executables are set to Allow incoming connections. Their code signatures check out, so the system should remember what I’ve allowed and not keep prompting. This used to work.

In doing some searching, it seems that for some people this is an old problem, and for others it also started with Yosemite. I have yet to find a solution.

Similar problems with repeated prompts about privacy can be fixed with:

tccutil reset Accessibility

or:

tccutil reset AddressBook

But I do not know of an equivalent for the firewall settings.