Archive for November 2015

Monday, November 30, 2015

Optimizing Facebook for iOS Start Time

Natansh Verma:

Our instinct was that cold start was dominated by network and that the rest would be mostly response processing. This belief came from the assumption that we spent much less time on the client and that we managed to get the request out rather quickly. However, once we instrumented it, we found the data quite surprising. It presented a starkly different picture, with a significant portion of time spent before the feed request — on the order of a second. Also, the response processing time was very short. Hence, we refocused on optimizing the initialization phase.


As we stepped back, we figured that the objective for this phase was simply to send out the feed network request. But why was the feed request so late to get out? It was because many dependencies had been added to the initialization of the feed request over the years. However, they weren’t truly necessary — the bare minimum requirements for sending out the feed request were a valid authentication token and feed cursors (the location in News Feed). Hence, we whittled down the dependencies of the feed request, progressively moving it closer to the app’s launch. This allowed the rest of the app to initialize concurrently with the feed response.


We came up with a creative solution for this — UDP Priming. In essence, before we send out the feed request over TCP, we send an encrypted UDP packet to the server, containing the feed request. The purpose of doing this is to give a hint to the server to kick off fetching and caching of data much earlier. When the actual feed request arrives over TCP, the server can then simply construct the response from cached content and send it back. Enabling this technique allowed us to gain several hundred milliseconds more.

Swift init()

Krzysztof Zabłocki:

With Swift strong typing and immutability, there are rules that prevent you from accesing variables until an object is fully initialized.

I do not like having a function do more than one thing, so I like to split my initializers into multiple functions, this becomes problematic.


We can define private static functions and use that to setup our variables (and we can also put them into private class extension)[…]

Done With iCloud Photo Library

Stephen Hackett (comments):

Over the week of Thanksgiving, I decided to give it another try. I hadn’t really spent any time with since OS X El Capitan, and I had heard a lot of good things from people I know about it.

I imported my photos and uploaded my 70GB photo library to iCloud. Everything went very smoothly, so I turned on iCloud Photo Library on my iPad.

Aaaaaand it all exploded.


I will probably keep my photos in, but I won’t be uploading them to Apple’s service again. Photo management needs to be bulletproof, and iCloud has proved, yet again, to be far from it.

Update (2015-12-10): Christopher Sardegna:

Nearly all of the old photos I have in my iCloud Photo Library look like this. Great images, all gone. Destroyed.

Justin Searls:

My iCloud Photo Library is now so big that metadata/thumbnails can’t be loaded onto a 16GB iOS. Has to be disabled

Update (2016-12-13): Jonathan Wight:

People were asking me if using for storing all my photos was working for me?

Well today it ate them all. So no.

300 GB of photos no longer accessible in Fortunately I have many backups (not crazy!)

Favorite Terrible Programming Languages


Write about your favorite programming language honestly, but make it sound terrible.

Marcel Weiher:

Objective-C is a car crash of Smalltalk and C, combining the type-safety of the former with the memory-safety of the latter.

David Smith:

[Objective-C is] An attempt to graft an old children’s language onto the source of 97% of all security bugs and crashes

David Smith:

[Swift is] A forward-looking/past-looking scripting/applications/systems language with no source or link-time compatibility.

Joe Groff:

or working compiler

Benjamin Stiglitz:

[Forth has] No variables, no basic blocks, no syntax, no compiler, doesn’t understand strings.

David Smith:

“Our codebase was unmaintainable, so rather than refactor, we wrote a new language to rewrite it in” [Rust]

Damien Sorresso:

A language that language nerds can’t fathom the success of because its design was influenced by systems programmers.

I presume he’s referring to C.

Surprising Complexity Inside Apple’s Power Adapter

Ken Shirriff (comments):

This is a fantastic quote, but unfortunately it is entirely false. The switching power supply revolution happened before Apple came along, Apple’s design was similar to earlier power supplies[4] and other computers don’t use Rod Holt’s design. Nevertheless, Apple has extensively used switching power supplies and pushes the limits of charger design with their compact, stylish and advanced chargers.


The transformer safely transmits power between the primary and the secondary by using magnetic fields instead of a direct electrical connection. The coils of wire inside the transformer are triple-insulated for safety. Cheap counterfeit chargers usually skimp on the insulation, posing a safety hazard. The optoisolator uses an internal beam of light to transmit a feedback signal between the secondary and primary. The control chip on the primary side uses this feedback signal to adjust the switching frequency to keep the output voltage stable.

One unexpected component is a tiny circuit board with a microcontroller, which can be seen above. This 16-bit processor constantly monitors the charger’s voltage and current. It enables the output when the charger is connected to a Macbook, disables the output when the charger is disconnected, and shuts the charger off if there is a problem. This processor is a Texas Instruments MSP430 microcontroller, roughly as powerful as the processor inside the original Macintosh.

Sunday, November 29, 2015

Using the Old Remote and Keyboard With Apple TV 4

Rob Griffiths:

Yes, that’s the third-gen Apple TV’s password entry screen, on my fourth-gen Apple TV. Just how did I get it to appear? Very easily, though it took me a bit to figure out exactly how I did it. Here’s how:

To use the old-style password entry screen on the new Apple TV, wake the Apple TV using the old silver remote, and don’t touch the new Siri remote.

Rob Griffiths:

On the Apple TV, what I found is that regardless of method used (i.e. grid or line), the silver remote is both faster and more accurate than the Siri (black) remote. After discarding the Siri remote, I was notably faster using the silver remote with the grid layout than with the line layout.

The other thing to notice is that I only had accuracy issues with the Siri remote. The first time I tried to enter my password for this test, it took me three tries to get my password correct. The 2:59 time shown for the “grid” line is the total of all three times (0:47, 0:57, and 1:15). I then tried again, going very slowly to make sure I didn’t make a mistake, which is the 1:41 time shown on the last row. I had no accuracy issues with the silver remote, regardless of line or grid data entry style.

Of course, it would be better still to be able to use the Remote app for typing.

Previously: Apple TV 4.

Update (2015-11-29): Lee Bennett:

I’ve actually had great accuracy with the Siri remote. People forget the 4 edges can be tapped (not clicked) for arrow keys.

Update (2015-11-30): Ángel Domínguez:

If only the new remote wasn’t triggered by events as slight as the flapping wings of a passing fly.

Microsoft’s Astoria Proves Too Complex

Steven Max Patterson (via Hacker News):

Microsoft confirmed this weekend that it has delayed, if not killed entirely, Astoria, a tool designed to make it easy for Android apps to run on Windows 10 phones and tablets, according to Re/Code. Microsoft’s stated strategy for the Astoria project was to enrich its app store with some of the 1.5 million Android apps that, after displacing Google’s cloud services within the apps, the company could monetize with its own cloud services.

Microsoft’s ambitions may not be achievable in the time the company allotted itself. Microsoft complicated the project by orders of magnitude when it linked the porting of Android apps to Windows 10 with replacing Google’s cloud services. Microsoft wrote an app interoperability library that traps and converts Google cloud APIs for things like payments and advertising to Microsoft’s APIs.

Previously: Microsoft’s New Middleware: Islandwood and Astoria.

Update (2015-12-08): Jean-Louis Gassée:

Considering Ballmer’s history of miscalculated hot takes (iPhone: No way! iPad: just a PC minus keyboard and mouse; MacBooks: Apple logo slapped on an Intel laptop), I’m chagrined that I agree with him: Universal Apps won’t work; Android is now the way to go (a suggestion I made to Nokia’s management in June 2010, along with the suggestion that they fire their CEO, Olli-Pekka Kallasvuo).

Covariance and Contravariance

Mike Ash:

Covariance is when subtypes are accepted. Overridden read-only properties are covariant.

Contravariance is when supertypes are accepted. The parameters of overridden methods are contravariant.

Invariance is when neither supertypes nor subtypes are accepted. Swift generics are invariant.


Swift generics are normally invariant, but the Swift standard library collection types — even though those types appear to be regular generic types — use some sort of magic inaccessible to mere mortals that lets them be covariant.


There is an interesting problem with generic collection covariance: it potentially allows objects of the wrong type to be inserted in the collection.

I’m told that the first version of Java had covariant arrays without sufficient protection, which allowed to downcast objects without compile time or runtime checks[…]


Fortunately, with Swift’s copy-on-write arrays, this code is perfectly fine: the assignment of animals[0] will create a copy of the array, so cats will still only contain Cats.

The Worst App

Allen Pike (via Federico Viticci):

The app’s website link on the App Store went to an unrelated company, and the copyright credit was for another unrelated company. I contacted them, and they were as confused as I was. With no way to contact the actual creator of the app, the only solution was to get Apple to pull it.


These weren’t emails for a Steamclock app at all. […] Turns out, this is my problem. One email a month turned into one a week, then one a day, then multiple every day. Soon I was spending more time dealing with support for Music Player & Playlist Playtube manager than I was for our actual apps.

When customers complained to Apple about the scam app that was directing technical support to his company, they were told to contact him. And then:

Yesterday I got an unexpected email, congratulating me on launching some app called “Feeling Drawing”. I checked the store, and sure enough a new app had just gone live, featuring virtually the same icon as the Playtube app, but this time called Feeling Drawing and attributed to “Solaro Nohimdad”. This time, the app’s support website was listed as They even went as far to proclaim the app “© Steamclock”. In the immortal words of Stephanie, OHHH HELL NO.

Longevity of the Retina MacBook Pro

Mark Alldritt:

I’m here to report that I’m still using this machine as my main development system. I think this is now my favourite Mac laptop ever, displacing the Titanium PowerBook which held that spot for a long, long time. Its still fast, its still thin, it still has a great screen, and from what I can tell it has a better keyboard than current MacBook Pro Retinas.

Mine is still going strong aside from the image retention problem. It definitely does not feel as slow at the 3.5-year mark as previous Macs I’ve had. It’s possibly the best Mac I’ve owned, despite being a first-generation product. Mainly, I’d like more RAM, a larger SSD, and the ability to drive a high-resolution external display. Current MacBook Pros are still limited to 16 GB of RAM, and the SSD has only increased from 750 GB to 1 TB.

Tuesday, November 24, 2015

Quicken 2015 Switches From Mac App Store to Direct Updates

Craig Hockenberry:

To everyone who thinks the Mac App Store makes installing updates quick and easy[…]


Quicken Mac 2015 updates are no longer distributed via the App Store. To install the latest version of Quicken Mac 2015 if you purchased from the App Store, you need to download Quicken Utility, which will install a version of Quicken Mac 2015 that has the ability to install updates without using the App Store.


You may be prompted to enter an administrator user name and password. This is required to replace the application you installed from the App Store with the new version that was downloaded.

Craig Hockenberry:

And the root cause for this wonderful user experience: no paid upgrades on the Mac App Store…

Wil Shipley:

The point is you can’t add paid upgrades if you’re in the App Store, so Intuit had to leave or go bankrupt.

Quicken 2016 is a separate product in the Mac App Store, presumably so that it could be a paid upgrade. So it makes sense to remove Quicken 2015 from the store to avoid confusion. Then there is no way to ship updates via the store, so we get this 14-step procedure.

Craig Hockenberry:

Note that I had no idea that critical security updates were available because I relied on the Mac App Store[…]

With Quicken 2015 removed from sale, there’s no way for the store to notify customers. And Intuit can’t e-mail them because only Apple knows who they are. The Mac App Store version of Quicken could periodically check Intuit’s server for news about important issues, but Apple forbids apps from offering updates that are available outside of the store.

Jon Hendry:

Best not to buy a tax app from the store, in case it goes unusable April 14


Update (2015-11-24): Wil Shipley:

You’ve created a marketplace that actively punishes developers for maintaining their software[…] You are losing the innovators. You are losing the developers who are actually loyal to your platform.

Daniel Jalkut:

Not to say that Apple losing in this scenario means that developers win. It’s a lose lose, unfortunately. Who loses most? Uncertain.

Chris Hisle:

the answer is always the customers. They lose the convenience of the App Store or access to high quality apps

Update (2015-11-25): I want to be clear that I’m not criticizing the way Intuit’s updater works. It looks like it’s about as straightforward as could be. You essentially download an app, launch it, and then follow the normal Sparkle prompts. The large number of steps is because the instructions are very clear, which is a good idea because customers following them may not be familiar with how to download apps outside of the Mac App Store.

Pushing to the Git Working Copy on a Web Server

Rachel Worthington:

With this in mind, the model that I thought would be best for me, would be a git repository on the server, and a git repository on my laptop where I like to write. I could then make changes locally, commit them, and push them to the server repository, where they would magically appear, so that hugo could run over them and re-generate my website.

Rachel Worthington:

My mysterious error also suggested a setting could be used to override this safe-guard, (the recieve.denyCurrentBranch setting) and indeed it can.


The initial error, about updating the current branch of a working copy is denied because it will make the index and and There is a way to make the setup I wanted, and I was most of the way there. The rest of the way would have involved setting up a post-recieve hook to run git reset --hard on the repository after the push. This would have kept the working copy win sync with the rest of the repository, allowing the working copy to update, whenever an external push happened.

It looks like there is also a newer way:

git config receive.denyCurrentBranch=updateInstead


Update the working tree accordingly, but refuse to do so if there are any uncommitted changes.

An Ode to Kai’s Power Goo

Christopher Phin:

Power Goo’s features—the ability to smear regions of an image around and paint bits of one photo onto another to create composites—seem unexceptional today, but in the ’90s, this was mind-meltingly exciting stuff, not in and of itself maybe, but in how easy and fun Power Goo made the process.

Just look at that interface! That’s the thing I remember about Power Goo at least as much as the images you could create with it. It really felt for a few years that this was how software might look in the future: not staid, rectilinear, essentially monochrome buttons and menus, but big, juicy, floating 3D buttons and big, exciting levers that you pull to change variables. It was a future that lots of people thought was horrendous, of course—silly Fisher Price exuberances getting in the way of your work—but after decades of the command line and the established modern GUI conventions, it was at the very least new, and I’d argue intoxicating too.

See also: Bryce 2, Kai’s Power Tools 5.

Ranchero SpotLight

Brent Simmons:

Back in the ’90s I shipped SpotLight, a search engine that ran on Macs running WebSTAR (http server), FileMaker Pro (database), and UserLand Frontier (scripting system).

It was the closest thing I had to success at the time, but it was still a failure. It sold just 10 copies.

But it was 10 copies at $99 each, and people paid with a check, so I made exactly $990.


It seems like such a small and cute amount of money. But it occurred to me just today to figure out how you’d get there on the iOS App Store.

How Swift Implements Unowned and Weak References

Joe Groff:

Unowned is faster and allows for immutability and nonoptionality. If you don’t need weak, don’t use it.

unowned uses a second refcount in the object. weak refs are tracked in a global table.

It’s a space/time tradeoff. unowned can’t free memory until unowned refs die, but weak frees immediately when strong refs die.

Yeah, so we can check whether the object is still alive before strong-retaining it again.

The object is destroyed and gives up all its resources when the last strong reference is released.

The memory for the instance is still allocated but left in a zombie state.

This is so that Swift can guarantee that if you try to access it you get an error rather than a crash or the wrong data. If you don’t want that overhead:

There’s unowned(unsafe), which is completely unmanaged.

With weak references, the memory can be freed immediately. This is safe because the references are zeroed, but it’s more cumbersome because you have to deal with optionals.

Dangers of NeXTSTEP Plists

Sam Marshall (comments):

Most of you are probably familiar with the fact that Xcode uses NeXTSTEP plists for the format when serializing project files.


Xcode’s implementation of deserializing the NeXTSTEP plist files is different from that of what is used in (Core)Foundation. There are assumptions made about what the output encoding is assumed to be, as well as supporting writing out this format of plist when (Core)Foundation does not. The NeXT/OpenStep plist format assumes that strings are written as ASCII, whereas Cocoa assumes strings are written in Unicode. As a result, Cocoa will happily read unescaped Unicode data from NeXT/OpenStep plists (while the parser will fail to read properly escaped sequences longer than 4 digits). This makes the format invalid as it is no longer ASCII data on disk, however will still be parsed correctly by classes like NSDictionary because of Cocoa's assumption that all strings are Unicode.

Sunday, November 22, 2015

Lightroom 6.3 Fixes Import Dialog, Flickr

Sharad Mangalick:

Lightroom CC 2015.3 and Lightroom 6.3 are now available on The goal of this release is to provide additional camera raw support, lens profile support and address bugs that were introduced in previous releases of Lightroom. This release also restores the Import experience available prior to Lightroom 6.2.

It’s nice to have the old import dialog back. More importantly, this version fixes a major bug that was introduced in 6.2 where Lightroom messed up multi-word keywords when posting to Flickr. Unfortunately, there is no easy way to fix the Flickr tags on photos that were uploaded with 6.2. Republishing the photo with Lightroom does not update the tags. You can manually remove the tags from a Flickr photo, and then republishing in Lightroom will restore the keyword tags. However, Lightroom won’t restore the location tags. And Flickr doesn’t support removing tags from multiple photos at once.

Previously: Lightroom 6.2’s Import Dialog.

Wednesday, November 18, 2015

Not on the Mac App Store

Dan Counsell:

The Mac App Store has been around for 6 years, but is still lacking some of the best software the Mac has to offer. You might be wondering why this is. Sandboxing certainly has a lot to answer for, but it’s not the only reason. There’s also paid upgrades, sustainability, quality of life, and the Mac App Store just generally being half-assed.


Don’t let all that get you down though, there’s plenty of benefits to selling software outside of the Mac App Store. I’ve compiled a list of over 60 apps that are all world-class and seem to be doing just fine without it.

To this list, I would add some of the apps that I have installed: Arq, CrashPlan, DiskWarrior, Drive Genius, iDefrag, IntegrityChecker, MailMate, Mailsmith, Name Mangler, OmniDiskSweeper, Opacity, PhoneView, ProfitTrain, Skim, SourceTree, and Vienna. There are also lots of Mail plug-ins.

Monday, November 16, 2015

A Look Into Realm’s Core DB Engine

JP Simard:

The whole point of Realm, or at least one of its very core ideas, is that it is objects all the way down. That was one of the driving principles that encouraged us to start fresh, rather than using an existing relational model. If you look at existing solutions that are currently out there, they tend to be ORMs. More often than not, there’s this conceptual object-oriented model that people are working with, which is really an abstraction of what’s going on underneath. Usually, these are records, tables with foreign keys, and primary keys. As soon as you start to have relationships, the abstraction starts to fall apart because you start needing expensive operations to be able to traverse these relationships.


As soon as you add this company object to the Realm, it becomes an accessor. Once you start reading properties from it, you’re no longer accessing your ivars, you’re accessing the raw database values, with the benefit of cutting out four or five steps and a bunch of memory copy along the way.


Even though we’re doing this composition by adding one filter after another, we’re not redoing all these queries, we’re essentially building a tree of what the result should look like. Even if you just access the first result out of this query, we’re not going to have to read all the properties for all the other objects, because we really try to keep it lazy.


There are a bunch of optimizations that we can make at the core level such as native links at the file format level.


An important part and design consideration for the core file format was to make sure that the format on disk was readable in memory without having to do any deserialization. You skip that whole step. All you do is calculate the offset of the data to read in your memory-mapped memory, read that value from the offset to its length, then return that raw value from the property access.

Update (2015-11-16): Jonathan Wight:

Using Realm on a new feature here at 3DR and so far very impressed. Minor issues but on the whole better experience than using CD

Improved App Store Search

Sarah Perez (comments):

A number of mobile app developers and industry observers recently noticed a significant change in the way the Apple App Store’s search algorithms are returning results. Developers say that, following a series of shifts that took place beginning on November 3, app search results now appear to be more intelligent and far more relevant – especially among the top results – than in previous months.


This new change is focused more on how apps are returned when users type in keywords to find an app – something that’s becoming a more common way to find apps in a crowded app store featuring over a million mobile applications.

David Sparks:

I’ve often thought App Store search was pretty embarrassing for Apple. My own particular canary-in-a-coal-mine on this issue is Tweetbot. When I needed to rebuild my new iPhone a few months ago. I searched “Tweetbot” in the App Store and the results came up empty. This is one of the most popular Twitter clients in the App Store and yet searching its explicit name did not find it. Searching “Twitter”, gave me a long list of Twitter-related applications but despite scrolling for a long time, Tweetbot did not show up.

He says this is fixed now.

Interstellar Functional Reactive Framework

Interstellar (via Jonathan Wight):

The simplest Signal<T> implementation for Functional Reactive Programming you will ever find.

Nimble Matcher Framework


Use Nimble to express the expected outcomes of Swift or Objective-C expressions. Inspired by Cedar.

// Swift

expect(1 + 1).to(equal(2))
expect(1.2).to(beCloseTo(1.1, within: 0.1))
expect(3) > 2
expect(["Atlantic", "Pacific"]).toNot(contain("Mississippi"))

BDD has never felt right to me, but I do like using a layer on top of XCTest’s macros because they are both verbose and incomplete.

Ads Use Inaudible Sound to Link Your Devices

Dan Goodin:

The ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser. While the sound can't be heard by the human ear, nearby tablets and smartphones can detect it. When they do, browser cookies can now pair a single user to multiple devices and keep track of what TV commercials the person sees, how long the person watches the ads, and whether the person acts on the ads by doing a Web search or buying a product.

Sunday, November 15, 2015

Saving the iPad

Jared Sinclair:

The App Store is designed, from what it features to what it permits, to promote cheap, shallow, candy apps. It discourages developers from ever starting ambitious apps, both passively and actively.


The iPad was marketed as a third category of device, neither a phone nor a PC, but Apple has never managed to articulate what that third category really is.


iOS user interface paradigms are not suited to using more than one app at a time. iOS was designed almost a decade ago for a phone whose screen is smaller than the gap between the iPad Pro’s app icons.

He suggests bringing Gatekeeper to iOS to address the business issues, positioning it as a Mac replacement to address the category confusion, and making a separate “padOS”:

The iPad is walking backwards into all the use-cases for which the Mac was designed with deliberate intention from the Mac’s earliest days. But because of Apples bolted-on approach, tacking features onto a decade-old smartphone OS, the result is far removed from Apple’s best work. The design principles of an iPhone simply don’t scale up to an iPad, in the same way that the design principles of an iMac don’t scale up to an Apple TV.

Beware of Apple Mail Resizing Outgoing Images

Lloyd Chambers:

Something to be aware of when sending an image: Apple Mail may mangle the image you sent, recompressing it while greatly reducing it in size. One consulting client kept sending me screen shots that were so tiny so as to be unreadable.

It wasn’t obvious what the problem was, so here is the answer: check the Image Size control in the mail window.

This happens to me all the time.

How Facebook’s Safety Check Works

Todd Hoff (comments):

How do you build the pool of people impacted by a disaster in a certain area? Building a geoindex is the obvious solution, but it has weaknesses.


When there’s a disaster, say an earthquake in Nepal, a hook for Safety Check is turned on in every single news feed load.

When people check their news feed the hook executes. If the person checking their news feed is not in Nepal then nothing happens.


Safety Check fans out to all their friends on their social graph. If a friend is in the same area then a push notification is sent asking if they are OK.


Using the news feed gives a random sampling of users that is biased towards the most active users with the most friends. And it filters out inactive users, which is billions of rows of computation which need not be performed.


Two machines in two different datacenters have a user that’s friends with the same person. This means both edges are traversed which ends up sending two notifications to the same person.

So they added a database and in-memory locking.

Alex Schultz:

This activation will change our policy around Safety Check and when we activate it for other serious and tragic incidents in the future. We want this tool to be available whenever and wherever it can help. We will learn a lot from feedback on this launch, and we'll also continue to explore how we can help people show support for the things they care about through their Facebook profiles, which we did in the case for Paris, too.

Saturday, November 14, 2015

What Goes Up

John Gruber:

What I don’t get is why Apple gets singled out for its singular success, but other companies don’t. 92 percent of Google’s revenue last year came from online advertising. And more importantly, I don’t get why Apple’s non-iPhone businesses are so quickly written off only because they’re so much smaller than the iPhone.

Apple’s total revenue for last quarter was $51.5 billion. The iPhone accounted for $32.2 billion of that, which means Apple’s non-iPhone business generated about $19.3 billion in revenue. All of Microsoft in the same three months: around $21 billion. All of Google: $18.78 billion. Facebook: $4.5 billion. Take away every single iPhone sold — all of them — and Apple’s remaining business for the quarter was almost as big as Microsoft’s, bigger than Google’s, and more than four times the size of Facebook’s. And this is for the July-September quarter, not the October-December holiday quarter in which Apple is strongest.


Nothing in the world compares to Apple’s iPhone business, including anything else Apple makes. But a multi-billion-per-quarter business here (Mac), a multi-billion-per-quarter business there (iPad), a “Services” division that generates more revenue than Facebook, and an “Other” category (Watch, Apple TV, Beats, iPod) that booked $3 billion in a non-holiday quarter — and it’s clear that Apple’s non-iPhone businesses, combined, amount to a massive enterprise.


Update (2015-11-14): Landon Fuller:

It’s not like Apple’s non-iPhone segments are totally independent of changes in the iPhone market, though.

Where “where” May Be Used in Swift

Marcin Krzyżanowski:

The fact is you can use where keyword in a case label of a switch statement, a catch clause of a do statement, or in the case condition of an if, while, guard, for-in statement, or to define type constraints.

There are no Python-style list or dictionary comprehensions, though.

Swiping to Dismiss Safari View Controller

Juli Clover:

The first beta of iOS 9.2 introduced some changes for the Safari View Controller within apps, letting it work more like the standard Safari app with support for third-party Action Extensions and the ability to long tap on the Reload button to reload content without content blockers or request desktop site.

Much better.

Git Diff for Binary Property List Files

Christopher Bowns:

In the same vein as diffing UTF-16 .strings files in git:

It’s easy to set up git to show diffs for binary .plist files.

The commands are:

git config --global diff.plist.textconv "plutil -convert xml1 -o -"
echo "*.plist diff=plist" >> .gitattributes

The Depressing Effect of Bug Bounties

Jacob Torrey (via Gwynne Raskind):

By artificially deflating the cost of finding and fixing bugs in operation/shipped product through monopolistic means, bug bounties remove the economic incentive to develop better software by integrating security-aware architects into the SDLC. Bug bounties use their monopoly on setting prices (and preach the evils of selling exploits to other buyers on the market), usually after the vulnerability has been disclosed.

Gene Amdahl, RIP

Katie Hafnernov (via Slashdot, comments):

Dr. Amdahl rose from South Dakota farm country, where he attended a one-room school without electricity, to become the epitome of a generation of computer pioneers who combined intellectual brilliance, managerial skill and entrepreneurial vigor to fuel the early growth of the industry.

As a young computer scientist at International Business Machines Corporation in the early 1960s, he played a crucial role in the development of the System/360 series, the most successful line of mainframe computers in IBM’s history. Its architecture influenced computer design for years to come.

Computer History Museum (via Grady Booch):

In 1970, Amdahl left IBM for the second and final time to pursue his dream of building his own computers, founding Amdahl Corporation. His new company made mainframe computers that ran IBM software, but at lower cost. At its peak, it captured nearly one-fifth of the market.


FUD was first defined with its specific current meaning by Gene Amdahl the same year, 1975, after he left IBM to found his own company, Amdahl Corp.: “FUD is the fear, uncertainty, and doubt that IBM sales people instill in the minds of potential customers who might be considering Amdahl products.”

Chris Espinosa:

Gene Amdahl was the John DeLorean of mainframes (but without the cocaine). Invented, tried to out-compete, the IBM 360.


In computer architecture, Amdahl’s law (or Amdahl’s argument) gives the theoretical speedup in latency of the execution of a task at fixed workload that can be expected of a system whose resources are improved.


Amdahl’s law is often used in parallel computing to predict the theoretical speedup when using multiple processors. For example, if a program needs 20 hours using a single processor core, and a particular part of the program which takes one hour to execute cannot be parallelized, while the remaining 19 hours (p = 95%) of execution time can be parallelized, then regardless of how many processors are devoted to a parallelized execution of this program, the minimum execution time cannot be less than that critical one hour.

Update (2015-11-14): btilly:

The technical staff said that the operating system should run on microcode to abstract away the hardware. That way it would be easier for customers to migrate to new hardware as it became available. And they could easily add a new instruction if they needed to.

Gene said that it would be an order of magnitude faster if it ran directly on the hardware, and it wasn’t that hard to support that API going forward.

Both proved right. Gene built computers that were massively faster than IBM’s and perfectly compatible. IBM then added an instruction in micro-code and made all of their software use it. Gene’s installed base all crashed on IBM’s new code, while IBM’s was fine. The US government launched an anti-trust lawsuit, which wound up binding IBM’s hands for many years after.

IBM mainframes today still run on micro-code. And it still makes them massively slower than they need to be, but with better backwards compatibility. The mainframe world depends on a lot of programs from the 1960s and 1970s that runs, unchanged, today. Everyone else is using native instructions and runs faster.

John Dieffenbach:

“Because as soon as the IBM sales rep sees the Amdahl coffee cup on your desk, he’ll know I was here and he’ll drop his price by $1 million if you ask him to.”


Amdahl left his company in 1979 to set up Trilogy Systems, an organization aimed at designing an integrated chip for even cheaper mainframes. When the chip development failed within months of the company’s $60-million public offering, Trilogy focused on developing its VLSI technology, which also did not do well. In 1985 Trilogy was merged into microcomputer manufacturer Elxsi (now Tata Elxsi), but poor results there had Amdahl leaving in 1989 for a company he founded in 1987 to produce mid-sized mainframes, Andor International, which had been driven into bankruptcy by production problems and strong competition by 1995.


Said David Patterson, a professor of computer sciences at the University of California, Berkeley, and a computer pioneer in his own right, “The IBM System/360 was one of the greatest computer architectures of all time, being both a tremendous technical success and business success. It invented a computer family, which we would call binary compatibility today. When he left to form his own company, his mainframes were binary compatible with the System/360.”


In addition to Amdahl’s Law, Patterson said, "Less well-known are Amdahl’s rules of thumb for a balanced computer system," which include, "A system needs a bit of IO per second and one byte of main memory for each instruction per second."

Friday, November 13, 2015

Apple Forbids Sideloading f.lux

f.lux (comments):

Apple has contacted us to say that the f.lux for iOS download (previously available on this page) is in violation of the Developer Program Agreement, so this method of install is no longer available.

We understood that the new Xcode signing was designed to allow such use, but Apple has indicated that this should not continue.


It is proven that screens can negatively influence sleep, and we believe that f.lux makes a significant improvement, as it mirrors very closely the research on blocking blue light before bed. But as we’ve discovered, it is even difficult to conduct basic research in this area, because so many people today use mobile devices (with closed APIs) right before bed.


Technology and devices that know more about our bodies could make a major impact on health and wellness, and these are the reasons why we work on it every day.

For years, f.lux has been the app I most wanted to see on iOS. It really does make my life better and help me to sleep.

Juli Clover:

F.lux is a popular Mac app that’s been downloaded 15 million times, but with side-loading no longer available, f.lux for iOS is non-existant. F.lux’s developers are urging customers who want f.lux for iOS to send feedback to Apple, as the company would need new documented APIs to introduce the app through official channels.

Riccardo Mori:

Come on, Apple, at least allow f.lux’s developers to make available a regular f.lux iOS app. It really helps against eye strain.

iOS Developer Program License Agreement, 3.2(g) (via Jay Tamboli):

Applications developed using the Apple Software may only be distributed if selected by Apple (in its sole discretion) for distribution via the App Store, VPP/B2B Program Site, for beta distribution through Apple’s TestFlight Program, or for limited distribution on Registered Devices (ad hoc distribution) as contemplated in this Agreement

Mike Ash:

So every open source iOS app violates the rules? If so, the rules are insane.

Previously: Sideloading f.lux on iOS.

Update (2015-11-14): f.lux’s author:

If this were only about reverse-engineering or using LLVM to compile code I wrote, it would be reasonable to fight it. The remarkable thing about their agreement is that it concerns using information that is not provided under the agreement. This is a reasonable term for app store distribution, but it seems unprecedented and heavy-handed for unsigned binaries.

Ultimately, we pulled the app both to show good faith, and also because we were asking hundreds of thousands of people to use Xcode to make accounts and sign our software. When Apple calls up and says they don’t want that to happen, it is not really a thing you can fight. It’s their infrastructure, and they can decide how it is used.

We were feeling pretty good about introducing “building stuff in Xcode” to people who’ve never tried it before.

We have been as polite as we can to Apple in hopes that they will open up the platform to developers like us. The demand for f.lux is certainly incredible.

Riccardo Mori:

This isn’t hype — f.lux works. It works as advertised, and it’s great. I’m a night owl, I write a lot at night because it’s peaceful and I can concentrate better. Before using f.lux on my Macs, I always went to bed with red, teary, sore eyes. The strain was perceivable, and I had to take frequent breaks and turn the desk lamp off for a bit. And when I had to stay up until the wee hours of the morning, I never ended up sleeping very well, either. After installing f.lux, everything changed instantly. At first it was strange to look at the altered colour temperature of the Mac’s screen, but I adjusted quickly, and the eye strain disappeared right away. As I’ve often said, f.lux saved my eyes.


Well, I urge Apple to reconsider and look the other way, or to work with f.lux’s developers to find a way to allow them to ship a regular iOS app. It saddens me that something this useful is not allowed on the App Store, while a generous quantity of utter, useless crap is.

Update (2015-11-22): Noah Kulwin:

“The last six months of ‘sideload’ press — which Apple didn’t try to stop — had convinced us that Apple would be receptive to an approach like this, but they seem to disagree,” Michael Herf said. “I asked him about open source used in a similar way, and he did not answer clearly, but he kept repeating the party line that we should make apps that could use Public APIs.”

Thursday, November 12, 2015

Castro 1.5


Castro is now a free app. Every feature is available without charge.

If you like Castro, please consider becoming a patron by contributing $1/month. You will support the work of a small indie app studio in a way that the standard App Store model never can. Yesterday, Supertop needed an endless stream of thousands of new customers to sustain our business. From today, we can be successful with a far smaller number of much happier customers. We can offer better support. We can add new features more often, instead of holding them back for splashy major releases. In other words, we can do the things that indies do best.

Samantha Bielefeld blames Overcast 2 for accelerating this “race to the bottom.” Overcast may have been the impetus, but I see it as more canary than cause. I think it’s likely that—given current App Store realities—this change will be a (relative) financial success for both Overcast and Castro. Patronage may be the least bad option for certain kinds of apps. Individual developers don’t make the rules; they can only respond to them, trying different ideas in the hope of finding something that works. Regardless, it’s a bad sign for the app ecosystem in general. It’s hard to believe that this is where we are given that over 1 billion iOS devices have been sold. But if cheap-paid-up-front and free-plus-in-app-purchase don’t work with this installed base, it will take more than just selling more devices to solve the problem.

See also: Jason Snell.

Update (2015-11-13): Charles Perry (tweet):

The iOS developer community has been locked in a game of the Prisoner’s Dilemma since the App Store was introduced in 2008, and we’ve lost at every turn. For us, the stakes aren’t whether we’ll go free or go to jail, but whether there will be a vibrant market for paid mobile software. Our choice isn’t whether or not to sell out an accomplice, but rather it’s whether we’ll choose short-term gains while at the same time contributing to the perception that mobile software isn’t worth paying for, or if we’ll forego those short-term gains knowing that a competitor could cash in and make our restraint all for naught. In short, it’s about the race to the bottom.


This new model, in fact, is the opposite of patronage. Instead of requiring a patron to provide money up front in exchange for an item of value, this new model gives away all the value in advance and requires nothing from those who receive it.

Michael Rockwell:

But what happens when we get even further away from the days when we paid for apps and get accustomed to a world where high-quality, best-in-class applications are free. How long will users continue paying? My guess is not very long.

I hate to say it, but I think we’re in the midst of an App Store bubble. There’s far more developers building apps then there is money in the ecosystem to support them. And the sad truth is that that if Overcast didn’t do it, somebody else was going to. That’s just the way markets evolve when there’s seemingly infinite supply.

iPad Pro Reviews

Tim Cook:

Yes, the iPad Pro is a replacement for a notebook or a desktop for many, many people. They will start using it and conclude they no longer need to use anything else, other than their phones.

John Gruber:

We’ve now reached an inflection point. The new MacBook is slower, gets worse battery life, and even its cheapest configuration costs $200 more than the top-of-the-line iPad Pro.


The iPad Pro is “pro” in the way MacBook Pros are. Genuine professionals with a professional need — visual artists in particular — are going to line up for them. But it’s also a perfectly reasonable choice for casual iPad users who just want a bigger display, louder (and now stereo) speakers, and faster performance.


For just plain typing, it’s not that bad […] My complaints and frustrations are more from the software, both iOS 9.1 itself and individual apps, both from Apple and third-party developers. Trying to use the iPad Pro as a laptop with the Smart Keyboard exposes the seams of an OS that was clearly designed for touchscreen use first.


I don’t think it’s inherently problematic that iOS has no conceptual support for a mouse pointer, and thus can’t work with any sort of trackpad. But, given this constraint, good support for navigating as much of the UI as possible using the keyboard is more important on the iPad than it is on the Mac. But iOS’s support for navigating using the keyboard is worse.


It brings me no joy to observe this, but the future of mass market portable computing involves neither a mouse pointer nor an x86 processor.

Andrew Cunningham:

The A9X can’t quite get up to the level of a modern U-series Core i5 based on Broadwell or Skylake (see the 2015 MacBook Air and Surface Pro 4 results), but it’s roughly on the same level as a Core i5 from 2013 or so and it’s well ahead of Core M. And despite the fact that it lacks a fan, the A9X shows little sign of throttling in the Geekbench thermal test, which bodes well for the iPad Pro’s ability to run professional-caliber apps for extended periods of time.

Daniel Eran Dilger:

When Apple first unveiled iPad Pro, it noted that its custom designed A9X chip would be faster than 80 percent of the PCs that shipped this year. Benchmarks indicate that it’s not just faster than low end generic PCs, but also faster — and less expensive — than Microsoft’s Surface Pro 4.


This isn’t quite what we’re used to! With the logic board situated in the center of the iPad, the display cables connect in the very middle of the device, so we can’t even lay the display down while we work.

Federico Viticci:

The feeling of a bigger-than-usual but lighter-than-I-imagined device has stuck with me. Every time I pick up the iPad Pro, I realize that it’s much bigger than the screen I’ve held every day for a year, but also not as heavy as I thought it would be.


After a week of intense usage, various trips in my car, and numerous walks around the house, I’m glad to acknowledge that the iPad Pro is still a portable iPad. I can hold it with two hands when walking around for a few minutes without feeling excessive wrist fatigue, and I can even hold it with one hand (usually my left one) if I want to interact with an app on screen with my right hand. I know that it sounds ridiculous – and I couldn’t believe Apple’s marketing shots either when I first saw them – but holding the iPad Pro with one hand in a corner is possible.


On the Home screen, the iPad Pro keeps the same 5x4 grid (in landscape, excluding the dock) of smaller iPads, only app icons are more spaced out. It’s odd to look at when coming from an iPad Air 2, and I think users should be able to keep more apps on the same page. The Home screen hasn’t been updated to take advantage of the iPad Pro at all, so even folders carry the same four-apps-per-row limitation of the Air 2 (same with the dock).


The Slide Over app picker is the leading example of how scaling some UI elements to the bigger screen isn’t going to cut it. Five months into iOS 9, I believe that the way apps are found and picked in the Slide Over interface is aging badly – you can’t search for a specific app in the tray, and if you realize that you need to re-open an app that you last used a few days ago, you’ll have to scroll all the way back to the top to launch it. This is starting to be problematic on the Air 2, and the issue is exacerbated by the iPad Pro.


The iPad Pro doesn’t use the second-generation Touch ID sensor employed on the iPhone 6s (Apple confirmed this to me) and the device doesn’t have a 3D Touch display.


Two ways to interpret this:

  1. Apple no longer cares
  2. New Springboard design coming in 2016

Federico Viticci:

The Apple Pencil feels great in the hand, it’s taller than I expected it to be (it’s really the size of a pencil), and its performance on screen is phenomenal.


You can pair a Pencil with the iPad Pro simply by removing the cap, plugging its Lightning connector into the device, and accepting the pairing request. The cap itself snaps magnetically onto the Pencil, which is a nice detail, and you can also remove the tip and replace it with a new one if it’s worn down too much. Apple includes a replacement tip in the box, and I’m a fan of the small tip that allows for fine strokes and small handwriting.


I noticed that iOS would have the occasional line accidentally drawn by the back of her hand; I’d say that Apple has managed to achieve a solid 90% palm rejection with the Pencil, which is impressive.


Once paired with an iPad Pro, you’ll be able to use the Pencil to interact with apps normally through taps and swipes. In fact, using the Pencil as a pointer and interactive tip when the iPad is held upright by a stand on a desk is quite nice.


The lack of special function keys makes interacting with the iPad Pro when connected to the Smart Keyboard a bit slower – I need to touch the screen to bring up Control Center for music controls, and I can’t double press a Home button shortcut to enter the app switcher.

However, the Smart Keyboard’s biggest advantage is that it doubles as a cover, it’s light, and it connects to the iPad via the Smart Connector. I can’t overstate how nice it is to not have to worry about Bluetooth pairing requests anymore – or having to recharge a Bluetooth keyboard every few months.

David Pogue:

Unfortunately, the iPad doesn’t have an adjustable kickstand like the Surface’s. Put another way: You can prop the iPad at any angle, as long as it’s 55 degrees.

There’s an upside to that inflexibility, though: The iPad’s keyboard cover is rigid enough to use on your lap.


Finally, Apple focused exclusively on the act of using the Pencil, and put no thought at all into storing it or resting it. There’s no place to carry it on the iPad, or even in the keyboard cover. It doesn’t attach magnetically during your work session, as on the Surface Pro 4. And it doesn’t even have a pocket clip, flat edge, or anything else to stop this perfect cylinder from rolling away from you.

Lauren Goode:

But the Pencil is just plain fun. It is indeed Apple white, and there are Apple-y things about it — for example, the fact that it is weighted, and won’t roll away on a table top, and always stops rolling with the word “Pencil” facing upward on its metal band.


To move the cursor on your iPad screen, place two fingers anywhere on the keyboard until the keyboard turns gray. Then move your fingers to move the cursor around.

Previously: iPad Pro.

Update (2015-11-14): Manton Reece:

I don’t think I’ve ever been less excited to walk out of a store with a brand new $800 gadget. The iPad Pro has so much potential. I think it’s going to be a success and I’m building apps for it. But without the Pencil and keyboard, a significant part of the appeal is missing. And worse, developers who need a Pencil to start testing their apps — especially those apps like the one I’m working on that already supports third-party stylus pressure — are put at a month-long disadvantage compared to Adobe and the other early partners.

Update (2015-11-30): Gordon Mah Ung:

3DMark also runs a physics test, which measures how a platform would run a theoretical game engine. In short, it’s supposed to measure how fast a device’s CPU would be, not its GPU. The result here actually puts the iPad Pro and the A9X at a pretty big disadvantage against all of the x86 chips—yes, even the lowly Atom.

Update (2016-04-20): Kirk McElhearn:

I’ve noticed one annoyance with the iPad Pro however: the display shows smudges much more than previous iPads.

Decoding Old Nibs: a Sad Tale of Vendor Lock-in and Abandonment


I have over 200 NIBs of which most of them have EOInterface objects in them. The problem is, that they don’t open in the newer Interface Builders anymore.


If I redo 200 NIBs manually, I am spending a year on this alone.


[IBInspectable] doesn’t really work well for the kind of custom bindings EOInterface needs. It’s good, that you can put NSObject based instances into XIBs (again ?), but the kind of typed connection EOInterface has are not possible with IBOutlet alone (unless you expose every EOAssociation). But I can’t load the NIBs anyway, because the loader complains even with all classes present.

No One Minding the Store

I woke up to an inbox full of e-mails from customers reporting that my apps wouldn’t launch. This included new customers who had just purchased from the Mac App Store as well as people who had purchased long ago, hadn’t made any changes, and expected that things would just keep working.

On my own Mac, 1Password and Dash wouldn’t launch until I entered the Apple ID password for my App Store account. For some customers, the fix is more complicated: restarting the Mac or deleting and redownloading the app. I was in the middle of using ReadKit, when it suddenly quit, then wouldn’t launch, with the OS reporting that it was damaged. However, redownloading the app didn’t work; I had to restart the Mac to get it running. Then I got the password dialog for Tweetbot. In some cases, there seems to be no way to get the App Store version working, so I’ve pointed customers to the direct sale versions of the apps and issued them temporary serial numbers. Fortunately, my apps don’t require iCloud, Map Kit, or other system services that are withheld from non–App Store apps.

The Mac App Store is supposed to make things easier, but it’s also a single point of failure. Not only is it neglected, but sometimes even the existing functionality stops working. Mac OS X 10.9 introduced a code signing bug that prevented me from submitting updates for several months. In June 2015, there was a month-long iTunes Connect bug that prevented my uploaded build from entering the review queue. And I currently have a bug fix update that Apple has been reviewing for 33 days (with 8 days of waiting before that). When I inquired about the status, Apple told me that everything was normal and that I should just keep waiting. In short, the system is broken on multiple levels, and there is no evidence to suggest that things will get better.

Paul Haddad shows the expired certificate that seems to be the source of the problem.

Dan Counsell shows a flurry of “App is damaged” dialogs.

Tom Harrington:

Every single app I have downloaded from the Mac app store is failing to launch, with a variety of errors. Every one.

Jonathan Wight:

Um. Launching Photoshop because MAS Acorn isn’t opening due to MASpocolypse.

Rainer Brockerhoff:

The “damaged” screen seems to be a GateKeeper glitch (fixed by reboot). Then, some apps don’t check expiring receipt certs; most do.

Mike Ash:

Turns out that the App Store is just another DRM scheme with all the nonsense and dysfunction that implies. Who’d’a thunk it.

Drew McCormack:

Whoa, serious Mac App Store problem: It is delivering a binary to users that is still waiting for review; crashing on receipt validation.

Had to pull the app from the store, because otherwise all my customers will upgrade and be left with a non-functioning app.

Lukas Mathis:

Catch-22. (Also, no, Apple. It wasn’t. I bought this app on this computer, and just yesterday, it worked fine.)

Kirk McElhearn:

Seriously, what a bunch of noobs sometimes…

Update (2015-11-12): Craig Hockenberry:

Just verified that you don’t need to reboot to work around the Mac App Store certificate problem. Instead:

$ killall -KILL storeaccountd

Craig Hockenberry:

When that dialog says “YourApp” is damaged, who’s the customer going to contact? You or Apple?

Worse, there’s no way for us to be proactive about this situation because we have no fricken’ idea who’s affected.

This is because only Apple has the customers’ contact information.

Bare Bones Software:

Restart your computer. (This is a necessary step, because the App Store’s code signing certificate has expired, and restarting will clear the local certificate cache.)

Necessary, but alas not always sufficient.

Daniel Jalkut:

Mac App Store meltdown: the less a developer heeded Apple’s own advice for validating receipts, the better they look to customers today.

Jim Matthews:

I can’t get MAS Fetch to launch on any OS.

Mihira Jayasekera:

This is some MobileMe-level brand tarnishing.

The Guardian:

Apple did not respond to request for comment.

Update (2015-11-13): John Gruber:

Inexcusable for a service that is absolutely essential to users and developers.

Harsh words, but I don’t see how anyone could disagree.

Matt Berg:

So many of their products feel this way. They’re just stretched too thin. And for what? Apple Watch? They’ve lost focus.

Steven Frank:

Every aspect of this MAS cert thing is completely infuriating to me.

Daniel Jalkut:

I spent a lot of years being sarcastic but optimistic about the Mac App Store. I guess my patience, like so many others’, has worn thin.

More than anything else, sandboxing and my assumption that the future was in the Mac App Store, has shaped my priorities the last 5 years.

Paul Haddad shows a 1-star review from a customer whose app stopped launching.

Andrew Wickliffe shows a reply from Apple Support encouraging him to post a review in the Mac App Store in the hopes of the developer contacting him. This is ironic because Apple does not let developers contact customers who post reviews.

A customer e-mailed me to say that AppleCare told him that “actually the app store certificates come from the developer of the app, not Apple. Apple only approves the certificates. […] So their current position is that it’s the responsibility of the app developer to fix it!” I think this is incorrect and that Apple itself signs the apps that the store distributes. My own certificates are for submitting to the Mac App Store and have not expired. Furthermore, if AppleCare’s explanation were correct, the workarounds (entering your password, redownloading the app, restarting the Mac to clear the caches) wouldn’t work for anyone.

Michael Yacavone:

Wishing all my favorite MAS developers the best after Apple dropped the cert and then blamed devs. Sad situation. Everyone take a month off.

I woke up in the middle of the night thinking about how egregious Apple’s behavior this week has been toward devs.

Michael Gorbach:

Between Apple nuking sideloading for f.lux and the Mac App Store issues, I’m really feeling ecosystem angst today.

Pierre Lebeaupin:

This is not just unacceptable: this is a fundamental violation of the trust that both app developers and customers have placed in Apple, namely that bought, installed and compatible apps would keep working (short of any dramatic action taken for consumer protection so that they would not, such as revoking the certificate of a malicious developer).


So, in turn, how am I supposed to trust iCloud or Apple Maps, if I am not sure I can run any app that can access it? As if these services did not already have a reputation…

But even more troubling are the implications for long-term usage and preservation of software and it data.

Rene Ritchie:

Before it expired, Apple issued a new certificate, but one using SHA-2 (secure hash algorithm 2). This was supposed to be transparent, but once the old certificate expired, some people began experiencing problems.

First, outdated certificate information was stuck in cache, which required some people to reboot or re-authenticate in order to clear it out.

Second, some apps are apparently using an old version of OpenSSL for receipt validation, and—you guessed it!—it doesn’t support SHA-2, and hence isn’t compatible with the new certificate.

This makes sense, although I suspect there are also other factors involved because it doesn’t explain all the cases that I’ve heard about.

Paul Haddad:

Grabbed a new Mac App Store receipt. They are back to using SHA1 and it now has an expiration date in 2023.

Philip Elmer-DeWitt:

A security certificate Apple installed to protect users from malware had expired on Nov. 11, 21:58:01 GMT—precisely five years after its original creation—and nobody at Apple had thought to renew it.

The company fixed the problem—pushing through a new certificate that expires in 2035—but not before breaking untold numbers of Mac apps and confusing and inconveniencing countless Mac owners.

Matt Stevens says that developers need to be careful to validate App Store receipts using the receipt’s creation date rather than the current time. The creation date field was not initially documented, and Apple’s sample code uses the current time.

Keith Gugliotto:

What we know, so far, is the receipts embedded in most, if not all, Mac App Store apps became invalid yesterday. This happened without any advance warning from the mothership. How apps reacted to this varied. Our apps are among those affected, and in the worst way. […] In the meantime, we’re giving away our apps at our online store.

Jim Matthews:

As of November 13, 2015, it appears that Apple has fixed this issue. If your copy of Fetch from the Mac App Store does not open, drag it to the trash, empty the trash, and download a fresh copy from the App Store.

Nick Heer:

Today’s ongoing certificate expiration issue is yet another reminder that Apple needs to commit more talent and resources to the Mac App Store, or get rid of it.

Graeme Devine posts another response from Apple Support blaming the developer.

Update (2015-11-14): Shawn King:

This is a huge embarrassment to Apple (and one they haven’t explained or apologized for) as well as being a giant pain point for developers. After all, when your app stops working, who do you contact? The developer or Apple?

Core Intuition:

Daniel returns from Amsterdam to find Mac App Store issues abound. Manton buys an iPad Pro but has to wait for the Pencil. The two discuss the Mac App Store’s 6-year failure to evolve substantially, and dig into the emotional highs and lows of enjoying and surviving Apple’s platform constraints.

Glenn Fleishman:

When a certificate fails—whether through an accidental expiration or due to tampering—it’s a reasonable precaution for software to act as if the sky is falling, because there’s no good reason it should fail unless an attack or compromise is underway.


And yet because Apple’s infrastructure is seemingly so brittle, not only did it happen, it inconvenienced an unknown number of Mac App Store software purchasers, while offloading the frustration and customer-service load to developers.

Rainer Brockerhoff:

There are actually several different unfortunate problems here. First, the “damaged” dialog seems to be caused by some sort of cache or memory corruption in the system processes that coordinate to implement GateKeeper and the app store updates; some reports say killing the “storeagentd” process solves this problem without rebooting. (My system doesn’t seem to run this, FWIW.) What not everyone knows is that this dialog appears before the app it allowed to run; that is, it’s not affected by any checking done inside the app itself!

Second, asking for a new AppleID password. This is caused by the app itself checking the store receipt; something strongly recommended by Apple, since otherwise, it’s easy to copy a downloaded app to another computer and having it run there; I remember some early games not doing this and being widely pirated.


When and if you get a new version of the app, all certs will probably be new ones. So there’s no “allowing” a leaf cert to expire — they do so naturally.


Apple “pushed” a new certificate that expires in 2035. This is probably just looking in the wrong place — not knowing which certificate had expired, someone glanced at the root certificate and noticed the “new” 2035 date. Nothing new to see, of course; that cert was created in 2006!

Update (2015-11-18): Benjamin Mayo:

Apple has emailed developers about the recent damaged apps bug affecting a sizeable proportion of the OS X user base with some getting repeated errors on app launch. Whilst a reboot should be enough to invalidate and reload the certificate cache for most people, there are some weird edge cases. Apple says that a permanent fix for the caching issue will be included in a future OS X software update.

Rainer Brockerhoff notes that Apple’s e-mail linked to the wrong documentation page and neglected to mention the important receipt creation date issue.

Pierre Lebeaupin:

Conceptually, there are two “security” services the Mac App Store provides: DRM, to protect the developer against unlicensed use of the app or the app being pilfered, modified, and passed off as being the modifier’s creation; and code signing, to protect the user against an attacker tampering the app between the moment the app was signed by someone the user (supposedly) trusts and the moment he runs it.

Code signing, by its nature, relies on digital certificates, and these certificates expire, for what I hear are good security reasons. The archivist does not particularly care about code signing: even if the app was tampered with by an attacker, the archivist has a pristine copy of the data, and the machine is off the network and nothing will ever exit it. Since code signing is put for the user’s benefit he should have as a last resort the ability to disengage it, otherwise this is not done for the user’s benefit and is not just code signing, is it?

Update (2015-11-20): Gus Mueller:

Maspocalypse. The gift that keeps on giving. Now I get to support family members who bought things years ago, that just stopped working.

Other users continue to find apps that aren’t working after rebooting.

Update (2015-11-24): See also Accidental Tech Podcast.

Dan Moren:

But given that the Mac is doing tremendously well, setting sales records—even if not approaching the sales volume of iOS devices—and given that Apple takes a 30-percent cut of both iOS and Mac app sales, regardless of the disparate support for the two app stores, it might behoove the company to spend a little time bringing the Mac App Store up to snuff.

Tom Harrington:

Still finding new “app is damaged” errors, over a week later.

John Gruber:

Put aside the argument about whether a fiasco like this should have ever happened in the first place. Why did it take six days for Apple to publicly respond and explain what happened?

And since Apple only contacted developers and select Mac press, not the people who bought the apps, most users probably never heard anything about it.

Update (2015-11-29): Rob Griffiths:

However, with a few simple changes—and one not-so-simple changes—the Mac App Store really could be the place to shop for Mac software, instead of a place where you only find apps that meet Apple’s narrow definition of what an app should be.

Wednesday, November 11, 2015

Sideloading f.lux on iOS

f.lux, the excellent Mac display color adjuster, has not been available for iOS except via jailbreaking. Now, however, there is a way to sideload it (comments):

In Xcode 7, you can install apps directly to your iOS device with a free account from Apple. So we decided to make a beta version of f.lux for people to try.

It’s a few more steps than installing the app store, but there are plenty of harder things even on Pinterest. So, here’s how to get f.lux installed on your iOS device.

Note that although you are downloading an Xcode project, it’s not open source. You’re just using Xcode to codesign the app and install it on your device.

f.lux uses location services to figure out the light levels in your area. The iOS version has two settings, day and night, whereas the Mac version automatically uses a bedtime setting late at night. The iOS version does, however, have the manual Darkroom mode.

It seems crazy to me that apps like this need to use a network connection and push notifications just to ensure that they get periodic minimal background processing time.

Given that f.lux no longer requires jailbreaking, it’s not clear to me what’s keeping it out of the App Store. Presumably, it relies on an API that’s private.

Update (2015-11-11): It’s a bit disconcerting, but with f.lux installed my iPhone’s screen will turn on every once in a while. I think this is because it has to wake up the screen to change the colors. Also, I don’t like the way it makes the camera look.

Riccardo Mori has a photo showing the f.lux effect.

Update (2015-11-12): The updated FAQ suggests that you can avoid waking the screen by allowing notifications and notes that there is a bedtime mode; it just isn’t configurable yet. However, I found that with notifications enabled it still wakes up the display.

Update (2015-11-13): Jason Snell:

Here’s hoping that iOS 10 might offer a feature that makes f.lux unnecessary, but in the meantime the only way to use f.lux on iOS has been to jailbreak your devices and download it from the Cydia store.

Alas: Apple Forbids Sideloading Flux.

How Apple Is Giving Design a Bad Name

Don Norman and Bruce Tognazzini (via Don Norman, comments):

The products, especially those built on iOS, Apple’s operating system for mobile devices, no longer follow the well-known, well-established principles of design that Apple developed several decades ago. These principles, based on experimental science as well as common sense, opened up the power of computing to several generations, establishing Apple’s well-deserved reputation for understandability and ease of use. Alas, Apple has abandoned many of these principles. True, Apple’s design guidelines for developers for both iOS and the Mac OS X still pay token homage to the principles, but, inside Apple, many of the principles are no longer practiced at all. Apple has lost its way, driven by concern for style and appearance at the expense of understandability and usage.

Apple is destroying design. Worse, it is revitalizing the old belief that design is only about making things look pretty. No, not so! Design is a way of thinking, of determining people’s true, underlying needs, and then delivering products and services that help them.


What kind of design philosophy requires millions of its users to have to pretend they are disabled in order to be able to use the product? Apple could have designed its phone so that the majority of people could read and use the phone without having to label themselves as needy, disabled, and requiring assistance. Even worse, the assistive corrections destroy the very beauty Apple is so fond of as well as sometimes making the text no longer fit on the screen.


Unfortunately, visually simple appearance does not result in ease of use, as the vast literature in academic journals on human-computer interaction and human factors demonstrates.

There are lots of good points here, although I don’t think the solutions are necessarily clear. There are tough choices to make when the screen is so small. In my view, the biggest usability problem right now is not Apple’s design but rather the general buggy state of its software. On both iOS and Mac, I am running into new little things that don’t work properly every day. And then there are the larger issues, like the fact that my iPhone’s ringer sometimes sounds muffled until I reboot and that the Do Not Disturb exclusion list doesn’t always work. On the Mac, Safari and Mail routinely stop working.

Previously: Long-Term Exposure to Flat Design.

Update (2015-11-13): Lukas Mathis:

That’s not a great way to make design decisions. Remember how funny we thought the Blackberry Storm was, with its «sometime you just tap it, but sometimes you have to press harder and make it actually click» screen? Well, that’s now your iPhone.

Likewise, people made fun of Windows 8, and how people found it hard to use at first, but one of its genius decisions was to put all of its hidden features behind edge swipes. In order to figure out how to find possible actions in Windows 8, you had to learn exactly one thing: swipe from the sides of the screen to see your options.

Update (2015-11-16): Chris Pirillo:

I wouldn’t be surprised if there was a memo circulating internally which outlines a game plan for every release along the lines of: “Get our hardware out the door, but keep the software working poor.”

Update (2015-11-24): Andy Ihnatko:

I’ve had plenty of reasons to ask myself some of the same questions…particularly in the past month.


More than that, though, I still haven’t warmed to Apple’s 2013 overhaul of the iOS interface. Even after two years with it I experience many of the problems that Don and Tog talk about in their article. The UI is so subtle and stripped down that I often find myself hunting around the screen to figure out what I need to tap to make something happen. I just like Android 6 better.

Adam C. Engst:

The article is a damning indictment, coming as it does from some of the leading voices in the user experience field, and frankly, it has the best chance of any criticism of being heard at Apple. (That said, these points aren’t new — back in 2010, Don Norman and Jakob Nielsen wrote a more general criticism of gestural interfaces in the ACM CHI magazine Interactions.) The situation is similar to that of the emperor’s new clothes — although many in the Apple community have pointed out interface problems in Apple’s recent software (cough iTunes cough), the impression one gets is that Apple’s executives can’t hear any nay-saying because of the continual sound of money rolling in. Alas, usability is no more defined by corporate profits now than it was in the 1990s when Microsoft dominated the computer industry.

These interface issues aren’t just a matter of academic complaint — in writing and editing TidBITS articles and Take Control books for everyday users, we constantly run across tasks in Apple apps that are difficult to document because they’re dependent both on multiple levels of context and visual controls that have no names[…]

See also: The Talk Show.

Update (2015-12-12): Lloyd Chambers:

Over two years ago in iPhone Viewing Tips for Presbyopia and Vision Issues I discussed one core design problem: unreadability of text on iOS. What Norman and Tognazzini point out matches my experience exactly:

On Keyboards and Thinness

Riccardo Mori:

The other day, my friend Alex Roddie pointed me to this article on MacRumors: Apple Patents Switch-Less Force Touch Keyboard, Could Lead to Thinner Macs. Alex’s further comments were: I know Apple patents things all the time, but this one seems particularly ominous. — I think they have an end goal in mind of paper-thin (or completely insubstantial) computers for the sake of fashion. — And the rest of the industry will inevitably copy Apple, as it always has.


Except for the PowerBook Duo 280c and the eMate 300, typing on all these keyboards has been, overall, a great experience and a better experience for my fingers, hands, and wrists than typing on more recent Apple keyboards. In some cases — like the PowerBook G3 and the iBook — the shape and design of the laptop’s top case really helps and works in synergy with the keyboard in making the typing experience pleasant. It is precisely the absence of thinness and flatness (of the computer and the keys) that makes typing better.


Perhaps all these keyboard designs weren’t as stylish as the latest flat and thin Apple trend, but they were certainly keyboards that did their job quite well, no matter how long the typing session. And, most importantly, they were keyboards that didn’t need ‘adjusting’. I spent years typing on them and my fingers, hands, wrists are still pain-free and stress-free. Three days typing on a 12-inch retina MacBook, and my fingertips hurt as if I had been tapping on a block of marble.

After trying the new MacBook keyboard, I share his concern about the future of Apple keyboards. However, I don’t miss the old Apple notebook keyboards at all. In my view, the current MacBook Air/Pro and non-magic wireless keyboards are terrific.

Tuesday, November 10, 2015

Microsoft Band 2

David Pogue:

For decades, Microsoft was considered a company distinguished by copycatting and mediocrity. But today, the company is leading, not following. The latest products, like the Surface Pro 4, the Surface Book, and Windows 10, are elegant, coherent, and truly innovative. The company name may be the same, but the people working there seem to be completely different.


Unlike any other touchscreen smartwatch, the Band works with any brand of phone: iPhone, Android, or Windows Phone.


Your fitness data isn’t locked into the Microsoft app. You can share its data with popular apps from other companies, like Strava, MapMyFitness, Runkeeper, MyFitnessPal, and so on.


The Band 2 is one of the most successful fitness wearables ever made. It strikes a unique halfway position on the spectrum between fitness band and smartwatch.

Apple on Hamburger Menus

Manbolo quoting Apple’s Mike Stern (via Samuel Goodwin):

I’m not going to say that there’s no place for these controls categorically. I think there are some apps that could maybe use one. But I will say that their value is greatly over-stated, and they have huge usability downsides too.


Remember, the three key things about an intuitive navigation system is that they tell you where you are, and they show you where else you can go. Hamburger menus are terrible at both of those things, because the menu is not on the screen. It’s not visible. Only the button to display the menu is.

Previously: The Hamburger Menu Doesn’t Work, Hamburgers and Basements.

Apple’s Beautiful Construction Barriers

Dave Caolo:

When I saw these photos of the forthcoming Apple Store in Amsterdam, I noticed how great the construction barriers look. Typically barriers like this are erected simply to discourage prying eyes, but Apple often uses them as a marketing opportunity. This practice isn’t unique to Apple, of course, nor does the company always make such an effort. But when it does, the results are often charming. Here’s a look at some clever barriers Apple has used.


I’m biased as a former Bostonian, but my favorite example graced the Boylston Street Store. Made to resemble Fenway Park’s Green Monster, Apple successfully pandered to Red Sox Nation.

George Boole: a 200-Year View

Stephen Wolfram:

Today is the 200th anniversary of the birth of George Boole. In our modern digital world, we’re always hearing about “Boolean variables”—1 or 0, true or false. And one might think, “What a trivial idea! Why did someone even explicitly need to invent it?” But as is so often the case, there’s a deeper story—for Boolean variables were really just a side effect of an important intellectual advance that George Boole made.

When George Boole came onto the scene, the disciplines of logic and mathematics had developed quite separately for more than 2000 years. And George Boole’s great achievement was to show how to bring them together, through the concept of what’s now called Boolean algebra. And in doing so he effectively created the field of mathematical logic, and set the stage for the long series of developments that led for example to universal computation.


It is something of an irony that George Boole, committed as he was to the methods of algebra, calculus and continuous mathematics, should have come to symbolize discrete variables. But to be fair, this took a while. In the decades after he died, the primary influence of Boole’s work on logic was on the wave of abstraction and formalization that swept through mathematics—involving people like Frege, Peano, Hilbert, Whitehead, Russell and eventually Gödel and Turing. And it was only in 1937, with the work of Claude Shannon on switching networks, that Boolean algebra began to be used for practical purposes.

Long-Term Exposure to Flat Design

Kate Meyer:

Clickable UI elements with absent or weak visual signifiers condition users over time to click and hover uncertainly across pages—reducing efficiency and increasing reliance on contextual cues and immediate click feedback. Young adult users may be better at perceiving subtle clickability clues, but they don’t enjoy click uncertainty any more than other age groups.


The motivation behind minimalist and flat design was a desire to get the ugly distractions out of the interface, so that the focus is on the content and user tasks. It’s ironic, then, that the misuse of these design styles slows users down by forcing them to think harder about what options are available to them.

The Mac App Store: With Convenience Comes Compromise

Rob Griffiths:

A user may not know what sandboxing is, but they may wonder why a developer “chose” to put up an annoying “please grant permission” dialog box when they try to do something.


This may not seem limiting, but we’ve heard from many customers who tell us they use computers at work that are blocked from the App Store; these buyers would have no recourse if we sold solely on the Mac App Store.


App review times can be an issue if you’re trying to patch a critical bug or get a major new release in customers’ hands. Currently, the review time is about seven days[…]

More important than the average review time is its variance. A week is bad enough compared with the minutes that it takes to update a directly sold app. However, sometimes the review process stretches on for a month or two, for no discernible reason.

Sunday, November 8, 2015

The New Favicon

Craig Hockenberry:

The href points to an SVG file and the color is used to draw the vector shape contained in the file (the background color for the tab changes depending on whether the browser window is active and if it’s selected.)

The documentation states that the graphic should be a vector shape filled with black. In our first test, we used a fill color that wasn’t black: the image is used as a mask, so the opacity of a filled shape is the only thing that matters. Any opacity in the shape’s fill color will be used, but we don’t recommend using it (and you’ll see why in just a second.)


Of course, at such a small size, a hand-tuned bitmap graphic would be a better choice.


It’s our guess that the company has other plans for these files. They currently only appear in pinned tabs, but as more sites support this new style of “favicon”, it’s likely that they’ll make their way into lists for browser history or frequently visited sites.


Of course you’ll want to preview your work as you tune your vectors. Safari caches the SVG files, so it takes a bit of effort to clear the old data and see your changes.

The Java Deserialization Bug and NSSecureCoding

Charles Miller:

The problem, described in the talk the exploit was first raised in — Marshalling Pickles — is that arbitrary object deserialization (or marshalling, or un-pickling, whatever your language calls it) is inherently unsafe, and should never be performed on untrusted data.


This means that if there is any object reachable from your runtime that declares itself serializable and could be fooled into doing something bad by malicious data, then it can be exploited through deserialization. This is a mind-bogglingly enormous amount of potentially vulnerable and mostly un-audited code.

In Cocoa land, this is why we have NSSecureCoding. Some things to be aware of:

Update (2015-11-10): Paul Kim:

Even if you don’t call -decodeObject:… in your -initWithCoder: you still have to implement +supportsSecureCoding and return YES in your class, even if a superclass already did it.


Objects like NSPredicate and NSSortDescriptor can take in key paths or selectors making them potentially unsafe. As a result, they are disabled after being securely decoded. To re-enable them, you have to call -allowEvaluation (presumably after doing some sort of check).

Friday, November 6, 2015

Flickr for iOS 9


On the iPhone 6s and iPhone 6s Plus, we’ve added 3D Touch support, enabling you to preview photos, people, notifications and more with a light press of your screen.


New in iOS 9, 3D Touch “Quick Actions” let you do the things you do most often, faster and in fewer steps. Lightly press our app icon to upload a photo, skip directly to notifications or the feed or to kick off a search right from your homescreen.


With universal link support, links you send or receive will now open directly in the Flickr app, instead of as a web page in Safari.

Why Is Swift’s String API So Hard?

Mike Ash:

Incidentally, I think that representing all these different concepts as a single string type is a mistake. Human-readable text, file paths, SQL statements, and others are all conceptually different, and this should be represented as different types at the language level. I think that having different conceptual kinds of strings be distinct types would eliminate a lot of bugs.


Swift’s String type takes a different approach. It has no canonical representation, and instead provides views on various representations of the string. This lets you use whichever representation makes the most sense for the task at hand.


Going from an arbitrary sequence of UTF-16 code units back to a String is pretty obscure. UTF16View has no public initializers and few mutating functions. The solution is to use the global transcode function, which works with the UnicodeCodecType protocol. There are three implementations of this protocol: UTF8, UTF16, and UTF32. The transcode function can be used to convert between them. It’s pretty gnarly, though. For the input, it takes a GeneratorType which produces the input, and for the output it takes a function which is called for each unit of output. This can be used to build up a string piece by piece by converting to UTF32, then converting each UTF-32 code unit to a UnicodeScalar and appending it to a String[…]


The various views are all indexable collections, but they are very much not arrays. The index types are weird custom structs. This means you can’t index views by number […] Instead, you have to start with either the collection’s startIndex or endIndex, then use methods like successor() or advancedBy() to move around […] Why not make it easier, and allow indexing with an integer? It’s essentially Swift’s way of reinforcing the fact that this is an expensive operation.

Shoot the Heap

Russ Bishop:

Ah, the joys of non-garbage-collected languages. I spent some time debugging a retain cycle today and thought I’d share the process I used to locate and fix the cycle. Along the way, we’ll see how the Leaks instrument is a dirty filthy liar, watch as Xcode inexplicably mixes old and new code into the same binary yielding impossible behavior, and finally figure out how to use heap shots (or as the new Allocations instrument calls them Generations) to find the retain cycle even in the midst of a retain/release history thousands of entries long.

Home File Sharing via Flash Drive

John Gordon:

Dropbox, Google Drive and OneDrive all move our family data into the Cloud — and I’d like to not worry about that. Sync solutions mean new software, but perhaps only on one machine.

I’m going to stick our unused $20 SanDisk Ultra Fit 64GB flash drive in back of the Airport Extreme.


This Apple article partly explains what is supposed to happen. From Airport Utility we can create username/password “accounts”. Say “Parent” and “Kids”. When a client connects you are asked username/password, that gives access to the Folder of the same name as well as a “Shared” folder. So Emily and I connect as “Parents” and see the “Parents”  and “Shared” folder, but we don’t see a “Kids” folder unless we connect with that username password.

There’s no way for me to connect with to the AE shared disk (partitions?) and see everything.

It’s so nice to be able to use USB flash drives and SD cards for smaller backups and shared volumes. They’re compact, and there are no cables or power supplies to worry about.

Apps Sharing User Data

Dan Goodin:

Apps in both Google Play and the Apple App Store frequently send users’ highly personal information to third parties, often with little or no notice, according to recently published research that studied 110 apps.

The researchers analyzed 55 of the most popular apps from each market and found that a significant percentage of them regularly provided Google, Apple, and other third parties with user e-mail addresses, names, and physical locations. On average, Android apps sent potentially sensitive data to 3.1 third-party domains while the average iOS app sent it to 2.6 third-party domains. In some cases, health apps sent searches including words such as “herpes” and “interferon” to no fewer than five domains with no notification that it was happening.


iOS apps, meanwhile, most often sent third parties a user’s current location, with 47 percent of apps analyzed in the study transmitting such data. In total, 18 percent of apps sent names, and 16 percent of apps sent e-mail addresses. The Pinterest app sent names to four third-party domains, including,, and

How Swift Implements Generics

Chris Lattner (via Erica Sadun):

The semantic model of swift generics is that they use runtime dispatch through “witness tables” provided by the protocol conformances of the generic types. This model allows for fast -O0 compiles and separate compilation of generics.

The problem with this model is that actually relying on this for everything would produce code that runs very slowly. To solve this problem, the optimizer uses heuristic-driven generic specialization that does code duplication where it thinks that it is profitable and sensible.

The way to contrast C++ and Swift is: C++ eagerly duplicates code in the frontend (and hopefully the optimizer can eliminate some of the copies later, with LTO…). Swift does not generate any copies in the front-end, but does generate them in the optimizer.


We are still on track to open source Swift (including Linux support) “by the end of 2015” as promised, more details will come out when they can.

Thursday, November 5, 2015

Google Engineer Reviews USB-C Cables That Don’t Work

Benson Leung (via Hacker News, Slashdot):

I bought the CableCreation Micro-B receptacle to Type-C plug for testing with Pixel and Nexus devices. I found that this adapter does not correctly charge the Chromebook Pixel and other Type-C devices. My analysis shows that this cable, although will charge and provide data through to the devices, does not correctly follow the USB Type C specification for power delivery identification. The CableCreation adapter advertises itself as 3A capable, but that is not appropriate because this is a legacy host port adapter.


In other words, since you are creating a USB Type-C plug to a USB 2.0 Type-B receptacle assembly, you must use a resistor of value 56kΩ. According to our testing, your cable uses a 10kΩ pull-up, which is not legal when the other end of the cable or adapter is a legacy Type-A or Type-B connector or receptacle.

By using this cable, your phone, tablet, or laptop computer may attempt to draw 3A, which may be more than the micro-b to A cable you attach to this adapter may be able to handle. This may cause damage to whatever cable, hub, pc, or charger you plug into this.

Amazon reviews have their problems, but for many types of products they’re the best available source of information.

Update (2016-03-30): Katie Collins (Hacker News):

The online retailing giant on Wednesday tightened regulations for selling USB Type-C cables. It added faulty USB-C cables to a list of banned items that also includes pirated DVDs and portable lasers. Those selling them risk Amazon shutting down their account and destroying any of their products stocked in Amazon fulfillment centers.

Mail’s Vanishing Rules Actions

Rob Griffiths:

Each click on the Edit button eats a bit more of the space reserved for the Actions section. After about 25 clicks on Edit, the Actions section will be completely gone. (I have verified this on three machines, including a fully-stock El Capitan installation, so I don’t think it’s something on my end.)

At this point, the only fix is to quit and relaunch Mail—this will restore the Actions section, at least for another 25 clicks.

I’ve seen this, too.

Apple News Format

Apple (via Federico Viticci):

Apple News Format is the custom JavaScript Object Notation (JSON) document format for News content. With Apple News Format, you can create beautifully crafted layouts with iOS fonts, rich photo galleries, videos, and animations—all optimized for iPhone, iPad, and iPod touch.

See also: Facebook Instant Articles, Google’s Accelerated Mobile Pages.

Dropbox API v2 Drops Objective-C SDK

Steve Marx (via Peter Steinberger):

There are currently four SDKs for API v2: Swift, Python, .NET, and Java. We’re continuing to add new SDKs, so watch the blog for upcoming announcements. All SDKs and documentation for API v2 are managed via a code generation process, which means that they’re consistent across languages and easy to update as we add new API features.


Developers have often asked us to support the notion of a file ID: a unique identifier for a file that remains constant even when the file is moved. We’re pleased to announce that API v2 includes this highly-requested feature. Developers can now use file IDs instead of paths to make sure their apps don’t lose track of a file when it’s moved by a user.

You could call the old Objective-C API from Swift, but the new API does not work from Objective-C.

Update (2015-11-05): Matthew Abbot:

FWIW, objc support is planned as soon as the swift API leaves beta. There are a few aspects that will need a compat layer.

Update (2015-11-09): This Week in Swift links to this thread, which makes it look like Dropbox didn’t realize what they were doing.

WebKit Shadow DOM API and the State of Web Type

Ryosuke Niwa (comments):

Shadow DOM is a part of Web Components, a set of specifications that were initially proposed by Google to enable the creation of reusable widgets and components on the Web. Shadow DOM, in particular, provides a lightweight encapsulation for DOM trees by allowing a creation of a parallel tree on an element called a “shadow tree” that replaces the rendering of the element without modifying the underlying DOM tree. Because a shadow tree is not an ordinary child of the “host” element to which it is attached, users of components cannot accidentally poke into it. Style rules are also scoped, meaning that CSS rules defined outside of a shadow tree do not apply to elements inside the shadow tree and rules defined inside the shadow tree do not apply to elements outside of it.

Bram Stein:

Up-to-date data on support for type and typographic features on the web.

Via John Gruber:

It’s disappointing how poorly Safari fares here. Mac OS X has had wonderful built-in typographic features for over a decade — Apple led the industry. But now, on the web, Apple trails the industry.

See also: Safari Is the New IE.

Wednesday, November 4, 2015

Facebook’s Code Quality Problem

Graham King (via Dave DeLong, comments):

The Facebook iOS app has over 18,000 Objective-C classes, and in a single week 429 people contributing to it. That’s 429 people working, in some way, on the Facebook iOS app. Rather than take the obvious lesson that there are too many people working on this application, the presentation goes on to blame everything from git to Xcode for those 18,000 classes.


“These two data points seem to suggest that when Facebook employees are not actively making changes to infrastructure because they are busy with other things (weekends, holidays, or even performance reviews), the site experiences higher levels of reliability.”

The article moves on, without wondering whether releases regularly breaking your app are a normal part of the software engineering process.

David Reiss (via steffandroid):

That’s when we had the idea of using a JNI extension to replace the existing buffer with a larger one. At first, this idea seemed completely insane. Modifying the internals of the Java class loader is one thing, but modifying the internals of the Dalvik VM while it was running our code is incredibly dangerous. But as we pored over the code, analyzing all the uses of LinearAlloc, we began to realize that it should be safe as long as we did it at the start of our program. All we had to do was find the LinearAllocHdr object, lock it, and replace the buffer.


But for some reason it failed on the Samsung Galaxy S II… The most popular Gingerbread phone… Of all time…


Manual inspection of the GSII revealed that the LinearAlloc buffer was only 4 bytes from where we expected it, so we adjusted our code to look a few bytes to each side if it failed to find the LinearAlloc buffer in the expected location. This required us to parse our process’s memory map to ensure we didn’t make any invalid memory references (which would crash the app immediately) and also build some strong heuristics to make sure we would recognize the LinearAlloc buffer when we found it. As a last resort, we found a (mostly) safe way to scan the entire process heap to search for the buffer.

See also: Background Data and Battery Usage of Facebook’s iOS App, The Facebook App’s 18,000 Classes.

Update (2015-11-10): sippeangelo (via Laura Jane Watkins):

Whatever a OptimisticPayloadFactoryProtocol-protocol is, I don’t want to know…


Real Programmers can write java in any language.

Rewriting a Mac App in Swift

Brad Larson (tweet):

We believed that redesigning this application using Swift would allow us to create a safer, more maintainable, and more testable application. Not only did we achieve those goals, but the resulting application is more responsive, nearly doubles the printing speed of our systems, and has a slew of other improvements.


The Swift version of our Objective-C application, with the same user interface and features, is only 39% as large. […] While a chunk of the code reduction is due to removing redundancies (replicated definitions in interfaces and implementations, etc.) and abandoning my trusty Allman indentation style, most is due to better code reuse and better design that Swift encourages.


However, I have only become more convinced over time that there should be the ability to specify error types in the Swift 2 model. […] At present, I have no way of telling the compiler that the only error type a function should return return is a RoboticsError, so if I miss a conversion from a CommunicationsError to a RoboticsError at some point, I'm accidentally bubbling up a generic CommunicationsError and losing error recovery information (and potentially exposing myself to a crash if I make assumptions about error types higher up).


The ease with which you can create lightweight data types in Swift also worked for cases where we were getting physical units mixed up in our code. We created small structs for frequency units like Hertz and Kilohertz that were incompatible and used them to make it clear when we were using one unit and when another. Conversions were made explicit, and it was easier to read the code of many functions.


Could I have done this in Objective-C? With blocks, yes in most cases. Swift just makes this easy, so I started thinking about problems in a different way.

MacUpdate Adware Installers

Thomas Reed:

Following Mr. Urdaneta’s hints, I sought out the Skype page on the MacUpdate site and downloaded the app. The result was a file named Skype Installer.dmg, which seems legit on first glance. However, opening this disk image file results in a MacUpdate installer, very similar to the adware-riddled custom installers used by sites like and Softonic.

Sure enough, when running this installer, it will display a license agreement that the user is likely to click right past, giving the installer the right to change the browser’s settings and install a “Search-Assist” browser extension[…]

This is behavior exhibited by many adware installers these days, and this particular license agreement is identical to the ones being used by the InstallCore adware. And sure enough, once the installer is finished, an InstallCore browser extension ends up installed in Safari[…]

I download from MacUpdate all the time and had never seen this. However, I found that the Firefox (Stable Version 41.0) download mentioned in the comments does download a “MacUpdate Installer” rather than the normal Firefox. The 1Password download is also not the actual 1Password. This only happens when I’m not logged into the site.

In contrast, the SpamSieve, BBEdit, and MarsEdit downloads are pristine even when I’m logged out. It looks like the installers are being downloaded from, whereas the others are direct from the developers’ sites. So perhaps this has to do with the (seemingly removed) option where the developer could opt in (I think—it might have been opt out) to having MacUpdate host the downloads. I’ve always had that box unchecked for my apps.

Update (2015-11-06): Weaselboy:

If you look in the user reviews on the site for Skype there is some discussion of this issue and a comment from the site’s editor Joel Mueller acknowledged they are including adware with the installer. I have screen capped some excerpts here.

Update (2015-11-16): John Brayton:

MacUpdate is adding adware to more apps. Cyberduck is the latest.

Update (2015-11-29): David Kocher:

We therefore urge users to refrain from downloading Cyberduck from download sites such as, or which are or have in the past distributed adware (advertising-supported installers) without our consent.

Update (2015-12-08): Pixelmator and Skim now have MacUpdate installers.

Update (2016-01-20): Adam Chandler:

Today, I was downloading the Time Lapse Encoder tool to assemble some photos I took with the GoPro and I was greeted with an installer DMG that wasn’t the one the developer used. it was some strange package with a Macupdate logo and a prompt to install Yahoo extensions and make Yahoo my homepage.

Update (2016-04-10): Keith Gugliotto:

What matters right now, though, is if you read between the lines, MacUpdate isn’t planning to do anything about how some folks out there may experience that dreadful shiver I mentioned earlier when they perceive PUA.OSX.InstallCore is a bona fide threat to their data, identity, and finances.  Causing users any kind distress is not cool with us.

I’m gonna throw [this link] into the mix. Search for “MacUpdate” on that page and you’ll find it occurs 82 times, with some pretty clear indications this isn’t just our imagination – others aren’t really taking to MacUpdate Installer, either.  Alarm, disgust, distrust.  All reactions you want associated with your brand, right?


Here’s hoping MacUpdate updates MacUpdate Installer so that it doesn’t trip alarms in common malware scanners, or they get in touch with those malware scanner developers to see if they can prevent MacUpdate Installer from being called out as truly infected.

Update (2016-05-24): MacUpdate started using their installer for my DropDMG app but stopped when I asked.

Using 3D Touch to Create a Digital Scale

Ryan McLeod on his rejected Gravity app:

We’re on the phone talking through this initial hurdle, when my excitement turns to concern. I start recalling other times Apple hasn’t exactly been stoked on novel uses of their devices’ sensors, but then I remember that despite this the App Store is speckled with creative workarounds including a panorama app that uses vibration to rotate the phone, magnetometer-based stud finders, camera/flash-based heart-rate monitors, and even Square’s ubiquitous headphone-jack card reader. A creative solution is waiting to be found. Creating a scale turns from impossible to a challenge.


Conductive, capacitive, common, and curved to a single-point of contact. A spoon was the perfect solution we had been looking for.


With the force values linearly correlated to weight, turning any force into a weight was going to be as simple as recording the force of known weights and creating a linear regression. It’d even be possible to use some statistics to predict how well the calibration went (there are many factors that can throw off a calibration). We opted to use coins for calibration, with a framework that made it easy to internationalize in the future.


To make a long story short the final answer over the phone was that the concept of a scale app was not appropriate for the App Store.

Update (2015-11-05): Dan Moren:

Really, what Apple needs is a small group within the App Store review team to flag apps that are pushing the envelope in smart, respectful ways; work with those apps’ developers; and present overall recommendations to App Store leadership—perhaps even reporting directly to Eddy Cue. Blanket rejections get you nowhere, and they increase the frustration of developers who are legitimately trying to do cool things that delight users—just as Apple aims to do.

Tuesday, November 3, 2015

OneDrive Reduces Free Storage to 5 GB, Maximum to 1 TB

Microsoft (via @SwiftOnSecurity, comments):

Since we started to roll out unlimited cloud storage to Office 365 consumer subscribers, a small number of users backed up numerous PCs and stored entire movie collections and DVR recordings. In some instances, this exceeded 75 TB per user or 14,000 times the average. Instead of focusing on extreme backup scenarios, we want to remain focused on delivering high-value productivity and collaboration experiences that benefit the majority of OneDrive users.


We’re no longer planning to offer unlimited storage to Office 365 Home, Personal, or University subscribers.


Free OneDrive storage will decrease from 15 GB to 5 GB for all users, current and new. The 15 GB camera roll storage bonus will also be discontinued. These changes will start rolling out in early 2016.

Rosyna Keller:

The FAQ also makes it clear that Microsoft looks through the contents of a user’s OneDrive account. Not that anyone doubted that before.

OneDrive is now more expensive than iCloud for the smaller capacities. It’s probably not a good idea to count on unlimited anything sticking around. Will Amazon be next?

Update (2015-11-04): Brett Howse:

The paid 100 GB and 200 GB tiers are now gone, and have been replaced with a single 50 GB offering for $1.99 per month. So you get half the storage now for the same price. Previously the 100 GB plan was $2 per month and the 200 GB option was $4 per month. This seriously reduces the number of tiers, and you now go from free, to 50 GB, to 1 TB, with no other options anywhere else.

Update (2015-12-16): Joe Rossignol:

OneDrive users who sign up by January 31, 2016 will be able to keep their 15GB of free storage and 15GB camera roll bonus, even after Microsoft reduces its free storage tier to 5GB next year. OneDrive customers using more than 5GB of free storage will also receive a free Office 365 Personal subscription with 1TB storage for 12 months.

Chuck Forsberg, RIP

Crown Memorial Centers (via Jason Scott, comments):

In 1974, Chuck was recruited by Sidereal Corporation, a small startup computer communications company. When he started, Chuck did Sidereal’s engineering work on the dining room table of his houseboat. He was both the hardware and software engineer for Sidereal’s first project, the Micronet.

In the early 1980s, when Chuck was designing specialized word processing hardware at a company called CDI, he made computer programming history. In his free time he wrote a file transfer protocol software that would change his career, and propel him into an elite group of computer software pioneers.

Initially he released YModem, a program that improved on another programmer’s work called XModem. Chuck’s notoriety grew and a large timeshare company, needing an even better data communications program, contracted with Chuck to write an improved version.

The result was ZModem. ZModem was good, really good, and Chuck became more prominent in the industry. At the time, noted PC Magazine columnist John Dvorak said about Chuck’s work: “Here’s the simple fact. Zmodem is the state of the art protocol for microcomputers. … It’s fast and bullet-proof.”


The widely adopted ZMODEM used a sliding window protocol. Rather than wait for positive acknowledgment after each block is sent, it sent blocks in rapid succession and resent unacknowledged blocks later. By avoiding delays due to latency, the bandwidth usable for transmission more closely approached the bandwidth of the underlying link. ZMODEM could also resume interrupted transfers without retransmitting the already-received blocks.

Update (2015-11-03): Wolf Rentzsch:

Sadness, ZMODEM was a great protocol. Implementing it on Classic Mac OS lead me to create Red Shed Threads

Apple TV 4

Josh Centers:

However, hardcore gamers will likely be frustrated with the gaming experience. Developers might have some surprises up their sleeves, but the Siri Remote is too small and limited to provide much in the way of traditional gaming experiences. Bear in mind that Apple requires all apps to function with the Siri Remote, so developers will be limited in what they can do with more advanced controllers.


Yes, because unfortunately, Apple didn’t implement a single-sign-on service. So you must individually set up each app that requires a login or a cable authentication.


In fact, text input on the new Apple TV is a huge step backward, since the letters are arranged in a straight line instead of a grid. Entering passwords via the onscreen Apple TV keyboard is infuriating, since you have to scroll through every letter. It’s a big step down from the previous Apple TV interface, which presented the keyboard as a grid that was easier to navigate.

Unlike the Apple TV 3, it doesn’t support Bluetooth keyboards or typing via the iOS Remote app.

Yes, [the Flickr app is] still there, but the screensaver functionality is broken. Selecting Use as Screensaver in an album presents an error message: “Screensaver functionality is not available at this time. Flickr will be updated with screensaver support as soon as possible.”


Yes, you can finally connect Bluetooth audio devices to the Apple TV, which should be a boon for those with Bluetooth hearing aids, or anyone who wants to listen to TV without bothering others in the room!


Another drawback to Siri is that video keeps playing while it’s activated, although it mutes the audio so as to not interfere with voice recognition. I hope Apple updates the Apple TV to pause video while using Siri.

Bizarrely, Siri does not work with Apple Music, and Apple says it won’t until early 2016. It also cannot search the App Store.

Jason Snell:

Whenever I try to make a purchase on a new Apple device, I am forced to verify that it’s legit, usually by entering in the security code from the back of my credit card. I expected to need to do that on the Apple TV. But being forced to switch to my Mac, click into my account settings, click on my billing address, and re-enter the code there? That seems… a bit out of the way.

But I did it! And then I turned back around to the Apple TV, only to discover it was once again asking me to input my Apple ID and password.


Unfortunately, Apple’s hardware and packaging are being let down by its software and services. The unboxing experience doesn’t end when the device is pulled out of the box—it ends when it’s set up and running smoothly. There’s a lot more work that needs to be done.

It’s curious that there are no plans to make the Remote app work. iCloud Photo Library is not supported at all.

Wil Shipley:

I literally can’t enter my Netflix password into the new Apple TV because I set it to 60 characters of garbage. No “show my typing” option.

David Gewirtz (via John Gruber):

It’s very difficult to tell top from bottom on the remote. It’s almost entirely symmetrical, and the only difference is the top is less shiny, the surface you’re supposed to use as a touch surface. In the dark, I expect people will be pushing the wrong buttons and talking into the wrong end.

John Gruber:

It’s also pretty frustrating that you can only log into one Game Center account at a time. That seems downright wrong for a shared family device.

I’m still waiting for a software update to fix streaming on our Apple TV 2 and 3.

See also: Nick Heer’s review roundup.

Update (2015-11-04): Dan Moren:

As such, that decentralized approach is also a weakness. Apple’s tipped its hat to that problem with the addition of universal search, one of the very best features of the Apple TV, but that’s only the tip of the iceberg. Because it means that a lot of the apps end up reinventing the wheel, creating the same features over and over again.

Take, for example, the watchlist. Almost every video streaming app on the Apple TV has some form of this, and while implementation details differ, the premise is the same: a place where you can add videos you want to watch at some point. That’s great…but on a device that’s focused on video consumption it’s also hugely inefficient.

Update (2015-11-05): Joe Rosensteel:

The device feels very unfinished. Surprising, given the amount of time between the last model and this one. Rumors are that the team working on it stopped and it sat there while Apple tried to work with outside parties. Then they gave up and had to resume. Apple picked when to ship this device though, just like every other thing they make.

Dan Moren:

Why Apple decided to forego support for iCloud Keychain on the Apple TV is a mystery, but let me tell you: it sure would be helpful after the fifth attempt to enter the right Hulu password. Given that all of my passwords are already stored in iCloud, why make me do the hard work of entering them all over again? This is the exact purpose for which that system was designed.

Clark Goble (blog):

Text entry is if anything worse than everyone was reporting. […] That said entering all you cable channels is done from your laptop or iPad. No typing via the Apple TV. A lot of the reviews weren’t clear on this making it seem like they were typing all their passwords via the Apple TV text entry screen. I’m glad they were wrong. Honestly it now works vastly superior to the old Apple TV.

Update (2015-11-10): Two more good posts from Joe Rosensteel.

Update (2015-11-16): See also the Accidental Tech Podcast.

Update (2015-11-24): Joe Rosensteel:

That is the Bezos graph of comparison charts.

Update (2015-12-03): Clark Goble:

Usually Apple’s pretty solid on hardware. Arguably of late far better on hardware than software. Yet the remote is horrible. Seriously I don’t know a single person who likes it. Every time I pick it up off the couch I accidentally hit the trackpad and do something I don’t want to. In the dark I can’t tell what end is up.


The other disappointment is that Siri search seems to work great with the iTunes Store but doesn’t seem to find my movies that I have in iTunes on my iMac. That’s pretty disappointing. Honestly Siri seemed a great idea for the Apple TV but in practice I never use it simply because of its limitations.

Update (2015-12-04): Clark Goble:

So I absolutely love my Apple TV. There are those small caveats that perhaps I focused a tad too much on. But this is the device I’ve really wanted for years. Once more apps become available I imagine this will do everything I can imagine wanting it to do.

Update (2016-02-19): John, Craig & Eddy Solve the Mystery of the Apple TV Remote.

Monday, November 2, 2015

SuperDuper’s El Capitan Issues

Dave Nanian:

Much of this is our fault. The update itself isn’t displayed until the application launches, and a scheduled copy continues past the notice and completes the tasks at hand, then quits. That means that most users never even see SuperDuper! doing its thing, and thus never even know the update is available. So, by trying to be as “magic” and “unobtrusive” as possible, we end up hiding important information.


Non-Apple applications can no longer programmatically set the startup drive, so we can’t offer that as an “On successful completion” option. And, due to the above, the option to restart from the backup drive has also been disabled.


It seems that, on some systems, the size of a pipe write can shrink much smaller than in previous versions of the OS, perhaps because of resource constraints (although our test system that was always failing was a new Mac Pro with tons of resources)…as small, as far as we can tell, as the guaranteed minimum of 512 bytes. So, when our commands got larger than that, things started to fail on some systems, sometimes.

Still quite annoying. And even with that, we’d expect an error to be returned or thrown when writing to the pipe, but that didn’t happen…and seems to be a new bug in El Capitan.

I updated before Mac OS X 10.11 came out, and it’s been totally problem-free for me.

SGI Screen Fonts Converted for Mac OS X

Nicholas Riley:

Screen remains the most readable monospaced bitmapped font I’ve ever used. It’s available in regular and bold weights, and a wide range of sizes: 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 and 18 point. While I mostly use it in the 11 point size, the smaller sizes are terrific for fitting a bunch of log output in the corner of your screen.


In 2003 I used PfaEdit, now FontForge, to convert screen to a TrueType font so it’d work on OS X, and I have used it as my standard bitmapped font since. I would have made the conversions public earlier, but I was concerned about whether this would be a licensing violation. It turns out the SGI fonts were released under a MIT license a few months after I initially converted them back in 2003, but I didn’t notice until today.

OmniFocus 2.9 for iOS

The Omni Group has fixed an annoying part of using Siri to create OmniFocus actions:

Captured Reminders — Added a hidden preference for whether Reminders Capture should add a note about where to find the original item. You can turn the note off using:

this URL

…and back on using:

this one

The other main issue I’ve been seeing lately, which doesn’t seem to be fixed, is that the button to create a new action often disappears. Sometimes it comes back if I go back to the top menu or open and close a project.

Update (2015-11-02): Ken Case says the hidden “New Inbox Item” button problem was fixed in version 2.8.1. I’m pretty sure I was using that, as I have automatic app updates enabled on my iPhone, however I can’t be sure. So far, the problem has not recurred in version 2.9.

If-Let Assignment Operator

Weston Hanners defines a custom Swift operator (via This Week in Swift):

infix operator ?= { associativity right precedence 90 }

func ?=<T>(inout left: T, right: T?) {
    if let value = right {
        left = value

func ?=<T>(inout left: T?, right: T?) {
    if let value = right {
        left = value

So that code like:

if let value = someOptionalValue as? String {
  self.value = value

Can be written as:

self.value ?= someOptionalValue as? String

I like the brevity, but often I care that there was no value, or perhaps want to report why there wasn’t one (e.g. which key was missing). So I kind of see this as a way to make the compiler happy, which is not necessarily the same thing as properly handling the unexpected situation. I might prefer a pattern where the helper extracts the value from the containing object, rather than checking it after the fact.