Archive for November 4, 2015

Wednesday, November 4, 2015 [Tweets] [Favorites]

Facebook’s Code Quality Problem

Graham King (via Dave DeLong, comments):

The Facebook iOS app has over 18,000 Objective-C classes, and in a single week 429 people contributing to it. That’s 429 people working, in some way, on the Facebook iOS app. Rather than take the obvious lesson that there are too many people working on this application, the presentation goes on to blame everything from git to Xcode for those 18,000 classes.

[…]

“These two data points seem to suggest that when Facebook employees are not actively making changes to infrastructure because they are busy with other things (weekends, holidays, or even performance reviews), the site experiences higher levels of reliability.”

The article moves on, without wondering whether releases regularly breaking your app are a normal part of the software engineering process.

David Reiss (via steffandroid):

That’s when we had the idea of using a JNI extension to replace the existing buffer with a larger one. At first, this idea seemed completely insane. Modifying the internals of the Java class loader is one thing, but modifying the internals of the Dalvik VM while it was running our code is incredibly dangerous. But as we pored over the code, analyzing all the uses of LinearAlloc, we began to realize that it should be safe as long as we did it at the start of our program. All we had to do was find the LinearAllocHdr object, lock it, and replace the buffer.

[…]

But for some reason it failed on the Samsung Galaxy S II… The most popular Gingerbread phone… Of all time…

[…]

Manual inspection of the GSII revealed that the LinearAlloc buffer was only 4 bytes from where we expected it, so we adjusted our code to look a few bytes to each side if it failed to find the LinearAlloc buffer in the expected location. This required us to parse our process’s memory map to ensure we didn’t make any invalid memory references (which would crash the app immediately) and also build some strong heuristics to make sure we would recognize the LinearAlloc buffer when we found it. As a last resort, we found a (mostly) safe way to scan the entire process heap to search for the buffer.

See also: Background Data and Battery Usage of Facebook’s iOS App, The Facebook App’s 18,000 Classes.

Update (2015-11-10): sippeangelo (via Laura Jane Watkins):

Whatever a OptimisticPayloadFactoryProtocol-protocol is, I don’t want to know…

comp-sci-fi:

Real Programmers can write java in any language.

Rewriting a Mac App in Swift

Brad Larson (tweet):

We believed that redesigning this application using Swift would allow us to create a safer, more maintainable, and more testable application. Not only did we achieve those goals, but the resulting application is more responsive, nearly doubles the printing speed of our systems, and has a slew of other improvements.

[…]

The Swift version of our Objective-C application, with the same user interface and features, is only 39% as large. […] While a chunk of the code reduction is due to removing redundancies (replicated definitions in interfaces and implementations, etc.) and abandoning my trusty Allman indentation style, most is due to better code reuse and better design that Swift encourages.

[…]

However, I have only become more convinced over time that there should be the ability to specify error types in the Swift 2 model. […] At present, I have no way of telling the compiler that the only error type a function should return return is a RoboticsError, so if I miss a conversion from a CommunicationsError to a RoboticsError at some point, I'm accidentally bubbling up a generic CommunicationsError and losing error recovery information (and potentially exposing myself to a crash if I make assumptions about error types higher up).

[…]

The ease with which you can create lightweight data types in Swift also worked for cases where we were getting physical units mixed up in our code. We created small structs for frequency units like Hertz and Kilohertz that were incompatible and used them to make it clear when we were using one unit and when another. Conversions were made explicit, and it was easier to read the code of many functions.

[…]

Could I have done this in Objective-C? With blocks, yes in most cases. Swift just makes this easy, so I started thinking about problems in a different way.

MacUpdate Adware Installers

Thomas Reed:

Following Mr. Urdaneta’s hints, I sought out the Skype page on the MacUpdate site and downloaded the app. The result was a file named Skype Installer.dmg, which seems legit on first glance. However, opening this disk image file results in a MacUpdate installer, very similar to the adware-riddled custom installers used by sites like Download.com and Softonic.

Sure enough, when running this installer, it will display a license agreement that the user is likely to click right past, giving the installer the right to change the browser’s settings and install a “Search-Assist” browser extension[…]

This is behavior exhibited by many adware installers these days, and this particular license agreement is identical to the ones being used by the InstallCore adware. And sure enough, once the installer is finished, an InstallCore browser extension ends up installed in Safari[…]

I download from MacUpdate all the time and had never seen this. However, I found that the Firefox (Stable Version 41.0) download mentioned in the comments does download a “MacUpdate Installer” rather than the normal Firefox. The 1Password download is also not the actual 1Password. This only happens when I’m not logged into the site.

In contrast, the SpamSieve, BBEdit, and MarsEdit downloads are pristine even when I’m logged out. It looks like the installers are being downloaded from macupdatefiles.com, whereas the others are direct from the developers’ sites. So perhaps this has to do with the (seemingly removed) option where the developer could opt in (I think—it might have been opt out) to having MacUpdate host the downloads. I’ve always had that box unchecked for my apps.

Update (2015-11-06): Weaselboy:

If you look in the user reviews on the site for Skype there is some discussion of this issue and a comment from the site’s editor Joel Mueller acknowledged they are including adware with the installer. I have screen capped some excerpts here.

Update (2015-11-16): John Brayton:

MacUpdate is adding adware to more apps. Cyberduck is the latest.

Update (2015-11-29): David Kocher:

We therefore urge users to refrain from downloading Cyberduck from download sites such as download.com, softonic.com or macupdate.com which are or have in the past distributed adware (advertising-supported installers) without our consent.

Update (2015-12-08): Pixelmator and Skim now have MacUpdate installers.

Update (2016-01-20): Adam Chandler:

Today, I was downloading the Time Lapse Encoder tool to assemble some photos I took with the GoPro and I was greeted with an installer DMG that wasn’t the one the developer used. it was some strange package with a Macupdate logo and a prompt to install Yahoo extensions and make Yahoo my homepage.

Update (2016-04-10): Keith Gugliotto:

What matters right now, though, is if you read between the lines, MacUpdate isn’t planning to do anything about how some folks out there may experience that dreadful shiver I mentioned earlier when they perceive PUA.OSX.InstallCore is a bona fide threat to their data, identity, and finances.  Causing users any kind distress is not cool with us.

I’m gonna throw [this link] into the mix. Search for “MacUpdate” on that page and you’ll find it occurs 82 times, with some pretty clear indications this isn’t just our imagination – others aren’t really taking to MacUpdate Installer, either.  Alarm, disgust, distrust.  All reactions you want associated with your brand, right?

[…]

Here’s hoping MacUpdate updates MacUpdate Installer so that it doesn’t trip alarms in common malware scanners, or they get in touch with those malware scanner developers to see if they can prevent MacUpdate Installer from being called out as truly infected.

Update (2016-05-24): MacUpdate started using their installer for my DropDMG app but stopped when I asked.

Using 3D Touch to Create a Digital Scale

Ryan McLeod on his rejected Gravity app:

We’re on the phone talking through this initial hurdle, when my excitement turns to concern. I start recalling other times Apple hasn’t exactly been stoked on novel uses of their devices’ sensors, but then I remember that despite this the App Store is speckled with creative workarounds including a panorama app that uses vibration to rotate the phone, magnetometer-based stud finders, camera/flash-based heart-rate monitors, and even Square’s ubiquitous headphone-jack card reader. A creative solution is waiting to be found. Creating a scale turns from impossible to a challenge.

[…]

Conductive, capacitive, common, and curved to a single-point of contact. A spoon was the perfect solution we had been looking for.

[…]

With the force values linearly correlated to weight, turning any force into a weight was going to be as simple as recording the force of known weights and creating a linear regression. It’d even be possible to use some statistics to predict how well the calibration went (there are many factors that can throw off a calibration). We opted to use coins for calibration, with a framework that made it easy to internationalize in the future.

[…]

To make a long story short the final answer over the phone was that the concept of a scale app was not appropriate for the App Store.

Update (2015-11-05): Dan Moren:

Really, what Apple needs is a small group within the App Store review team to flag apps that are pushing the envelope in smart, respectful ways; work with those apps’ developers; and present overall recommendations to App Store leadership—perhaps even reporting directly to Eddy Cue. Blanket rejections get you nowhere, and they increase the frustration of developers who are legitimately trying to do cool things that delight users—just as Apple aims to do.