Archive for June 11, 2015

Thursday, June 11, 2015

OmniFocus Push-Triggered Sync

The Omni Group:

Push-triggered sync is a new feature in OmniFocus that uses push notifications to keep all your devices up to date. When OmniFocus receives a push notification, it can silently pull down changes from Omni Sync Server or your own private server, so you’re ready to go the next time you open OmniFocus. This all happens in the background without OmniFocus needing to be launched manually.


After OmniFocus finishes a sync, it asks the Device Registration Server to notify all the other devices associated with its Group ID. The server looks up all the Device Tokens in the group and sends them to Apple, and in turn Apple uses those tokens to issue a push notification to each of your devices. When one of your other devices receives a notification from Apple, it triggers a background sync in OmniFocus that pulls down the changes made on the first device.


To avoid syncing too frequently, OmniFocus includes the Tail Transaction ID in each push request. This randomly generated string identifies the last change made to the server database, so that if your iPhone already knows about the last change your iPad made, for example, the iPhone can prevent a sync and save on cellular data and battery. Transaction IDs include no information about what change was made.

Update (2015-09-23): Tim Ekl:

This way, parsing a configuration file can return one ConnConfig struct for each bundle ID that we’ll use to connect. The provider’s connection code can then iterate over these structs, establishing multiple connections along the way.

Update (2015-10-14): Tim Ekl:

With this implementation, constructing an instance of this logging pipeline component is as simple as calling a function. It needs an existing channel as input, but gives back a new output channel; this means that we can easily chain multiple different components by passing the output channel from one function to the input of another.


For the push provider’s use, we can do a bunch of different things in each of these components – and logging is only the simplest! The provider itself is structured as a pipeline with nearly a dozen components from start to end[…]

Tim Ekl:

Next up, we needed a way to hang on to notification information: what clients were registered with the provider, how they’re grouped, and some statistics tracking. We also needed to integrate with Omni Sync Server for a staged rollout of push: during testing, we enabled push only for some sync servers, in order to measure the kind of extra load that push would levy on our sync system. (Thankfully, this period was very brief, and push is enabled for every customer now.)


The Web portion of the provider was fairly straightforward. Rather than try to wrap Web access in Apache or nginx, or write a separate Web interface that called a push API, we used Go’s built-in HTTP and HTML templating support to handle all incoming HTTP requests and expose a simple but serviceable administrative interface.

iCloud Passwords in Mail, Device Passwords, and Safari Passwords

Dan Goodin:

The proof-of-concept attack exploits a flaw in, the default iOS e-mail program. Since the release of version 8.3 in early April, the app has failed to properly strip out potentially dangerous HTML code from incoming e-mail messages. The proof-of-concept exploit capitalizes on this failure by downloading a form from a remote server that looks identical to the legitimate iCloud log-in prompt. It can be displayed each time the booby-trapped message is viewed.

“This bug allows remote HTML content to be loaded, replacing the content of the original e-mail message,” a user with the GitHub name jansoucek wrote in a readme file accompanying the exploit. “JavaScript is disabled in this UIWebView, but it is still possible to build a functional password ‘collector’ using simple HTML and CSS [cascading style sheets].”

Mitchel Broussard (comments):

Soucek says that Apple did not respond to his discovery of the bug when he stumbled across it back in January.


Soucek kept the details of the bug only between himself and Apple, letting the company have time to possibly fix the attack and inform him of its progress. Given the company’s remaining quietness on the subject, he decided to publish the proof of concept - called the inject kit - on GitHub in hopes of spreading its awareness.

Cyrus Farivar:

As part of its iOS 9 announcement on Monday, Apple revealed that all newer iDevices equipped with TouchID and running the newer version of the operating system will be required to upgrade from a four-digit to a six-digit passcode. Passcodes remain optional, and users can create a more complex alphanumeric password, but six digits will be the minimum. After 10 failed attempts to type in the code, the device will erase itself.

Dan Thorp-Lancaster:

The issue up until now has been that web view hasn’t been allowed to store cookies for security reasons, so logins can’t persist. The solution that Safari view controller brings to the table is to essentially pull the information from Safari.


You can use SFSafariViewController to display web content within your app. The Safari View Controller shares cookies and other website data with Safari, and has many of Safari’s features, like Safari AutoFill and Safari Reader. Unlike Safari itself, the Safari View Controller UI is tailored for displaying a single page, featuring a Done button that’ll take users right back where they were in your app.

Consider replacing your WKWebView or UIWebView-based browsers with SFSafariViewController if your app displays web content but does not customize that content.

iOS 9 Keyboard

Juli Clover:

Keyboard changes - The shift function has been altered once again, making it easier to determine when it’s activated and when caps lock is turned on. With shift pressed, all letters on the keyboard are now shown in upper case. With shift off, letters on the keyboard are lower case. On iPad, there are new edit controls, and the keyboard now uses the new San Francisco font.

Federico Viticci:

In iOS 9, the left side of the QuickType bar will feature buttons for cut, copy, and paste; the right side will offer formatting options and a universal Attachments icon to quickly pick and share files. Apple calls this the Shortcut Bar, and developers will be able to enhance it with custom shortcuts for their apps.

Text selection has also been a major pain point in older versions of iOS, and Apple wants to tackle this aspect with a two-finger swipe that turns an iPhone and iPad into a trackpad for on-screen text. Simply place two fingers anywhere on screen (including over the keyboard) to start moving the cursor anywhere; tap & hold with two fingers to start a selection. In the demo on stage, Federighi showed how trackpad mode will enable small adjustments to cursor position across characters as well as bigger jumps across lines and paragraphs within a fraction of a second with a good mix of speed and precision.

Surprisingly, Apple also announced major changes for users of external keyboards. With iOS 9, iPad keyboards will be capable of opening the new Search page and an OS X-like app switcher similar to the CMD+Tab command found on desktop computers; in any app that implements the feature, you’ll be able to press and hold keys like Command, Option, and Control to view a popup of supported shortcuts.

Timothy Reavis:

Also, the traditional pop-up character preview iOS has always displayed when a key is pressed is not present in iOS 9, with its replacement being a darkened key which is largely hidden by one’s finger when typing. This is possibly a security enhancement by Apple, as technology exists for logging key presses via video analysis of the pop-ups above pressed keys from camera footage of someone typing on their device.


Additionally, a new method of moving the on-screen cursor and selecting text has been added in iOS 9 that utilizes a two-finger swipe anywhere on the screen, including over the keyboard, to quickly adjust cursor position or highlighted text. This feature works on both iPhone and iPad, and brings the hugely popular jailbreak tweak SwipeSelection’s functionality to iOS 9 in a way more optimized on iPad.

This sounds great.

Update (2015-06-17): John Gruber:

Trying iOS 9. With new keyboard, quickly getting used to “Character Preview” being off. Can’t get used to case-shifting on alphabet keys.

It sounds like all the keys switching case at once is distracting. There’s a way to turn that off, but then you run into the old Shift key confusion.

Update (2015-06-18): Peter N Lewis:

IMHO it’d be relatively easy to avoid the shift confusion by coloring it blue when it is pressed. Flipping Black/White wont work.

Update (2015-08-17): The swipe selection feature has unfortunately been disabled on the iPhone.

Kirk McElhearn

One change coming to iOS 9 – currently in beta – is the appearance of lowercase keys on the keyboard when the Shift key is not engaged. Many people like this, but I find it confusing.

However, you can turn this off, and display only uppercase keys, regardless of whether you’ve tapped the Shift key.