Archive for August 2016
Wednesday, August 31, 2016 [Tweets] [Favorites]
Dave Nanian (product page):
The result of all this (beyond slowing copies down) is that Antivirus users are being informed of potential threats constantly, and before v2.9, each of these pseudo-threats would cause SuperDuper! to stop, because they’re flagged as errors (specifically, “Permission Denied” errors) when we try to open the file for copying.
So, we’ve added a new preference -- which defaults to ON -- that ignores “Permission Denied” errors. We do log any occurrences, but we don’t fail the copy.
If you don’t use antivirus software, you’ll probably want to turn this off immediately.
Also from the release notes:
Restored dyld cache rebuild after copy for 10.8 and later
Hard linked files made invalid in 10.10.3 will be now be copied instead of failing due to a link permission error
Previously: Xcode 8 Illegal Hard Links Prevent Cloning.
Pacific Tech (video via Ron Avitzur, App Store):
Thirty years in the making, we are proud to announce the Pacific Tech Graphing Calculator for iOS.
Previously: The Graphing Calculator Story.
This is an exciting release for us because it marks the first time that we have provided a yearly update for no additional cost to current-version customers. We’ve been holding the surprise in for some time, so we’re very excited to finally share this with the world.
While you’ll have to be a Fusion 8 or Workstation 12 customer to qualify for a free upgrade, VMware pricing will remain the same. The company is also extending reduced pricing to older versions of the software. Workstation 12 Pro costs $250, or $150 for users upgrading from Workstation 7 (released in October 2009) or higher.
VMware users have had cause for concern since January when the company laid off developers in the hosted UI team responsible for Fusion and Workstation.
But “we’re very much alive and well” despite the staffing changes and pending merger of Dell and VMware owner EMC, Roy said. “We’re really excited about what we’ve got, we’re definitely not dead.”
VMware has had to make other compromises to save money. For example, Workstation 12 last year removed the Unity view for Linux host and guest operating systems.
VMware fired the entire team that develops Fusion and Workstation. You can upgrade to the newest version for free now! But who developed it?
Previously: VMware Fusion.
Emil Ernerfeldt (via Russ Bishop, Hacker News, Reddit):
This article is the first of four in a series, in which I argue that thinking of a memory access as O(1) is generally a bad idea, and we should instead think of them as taking O(√N) time. In part one I lay out a hand-wavy argument based on a benchmark. In part II I build up a mathematical argument based in theoretical physics, and in part III I investigate some implications. Part IV is a FAQ in which I answers some common questions and misunderstandings.
I think he’s misusing O-notation by not focusing on the asymptotic behavior. However, the general point that memory access times are nonuniform and layers of cache matter is sound.
See also: Erik Demaine’s Memory Hierarchy lectures.
Update (2016-08-31): See also: CacheFun (via McCloud).
Tuesday, August 30, 2016 [Tweets] [Favorites]
Chris Eidhof (tweet):
A sort descriptor uses two runtime features of Objective-C: the
key is a key
path, and key-value coding is used to lookup the value of that key at runtime. […]
This is a pretty cool use of runtime programming, especially when you realize the array of sort descriptors can be built at runtime, say based on a user clicking a column heading.
Rather than copying and pasting, we can define a function with an interface that
is much like
NSSortDescriptor, but without the runtime programming. This
function takes a key and a comparison method, and returns a sort descriptor (the
function, not the class
key is not a string, but a
function. To compare two keys, we use a function
isOrderedBefore. Finally, the
result type is a function as well, even though that is slightly obscured by the
However, he does not show how to achieve functionality equivalent to
NSSortDescriptor, e.g. pulling the
identifier out of a table column and sorting by that. Of course, this is trivial by leaning on the Objective-C runtime, but can it be done efficiently and concisely with a pure Swift object?
One drawback of the function-based approach is that functions are opaque. We can
NSSortDescriptor, print it to the console, and we get some information
about the sort descriptor: the key path, the selector name and whether it’s
This also prevents straightforwardly persisting the sort descriptor or translating it into a database query.
At this stage, the Commission has reasons to consider that the tax ruling granted to Apple constitute State aid pursuant to Article 107(1) of the Treaty. Accordingly, the Commission has doubts that Apple is paying a sufficient amount of taxes in Ireland. The rulings are imputable to Ireland and would constitute a use of State resources in terms of foregone tax revenues. In line with the case-law of the Court of Justice of the European Union (Joined Cases C-182/03 and C-217/03 Forum 187), tax rulings can provide an advantage to the undertaking to which they are granted if those rulings approve of a pricing arrangement which departs from conditions which would have been set between independent market operators (the arm’s length principle).
The Commission examined whether the pricing arrangements in the tax rulings concluded between the Irish tax authorities and Apple depart from conditions which would have been set between independent market operators. In the present case, the methods used to determine the profit allocation to the two branches ASI and AOE are not supported by an economic assessment and seem at least in part to be guided by employment considerations which raises doubts as to whether a prudent independent market operator would have accepted a similar pricing arrangement in the same situation. Instead, the authorities accepted to calculate the profit attributable to the branches on the basis of actual costs without this choice being reasoned. As costs should normally be an appropriate net profit indicator for routine functions not requiring a specific valuable such as a unique intellectual property right, which at least existed in relation to AOE, the Commission doubts the appropriateness of the transfer pricing method chosen.
European Commission (via Tim Hardwick):
The European Commission has concluded that Ireland granted undue tax benefits of up to €13 billion to Apple. This is illegal under EU state aid rules, because it allowed Apple to pay substantially less tax than other businesses. Ireland must now recover the illegal aid.
Following an in-depth state aid investigation launched in June 2014, the European Commission has concluded that two tax rulings issued by Ireland to Apple have substantially and artificially lowered the tax paid by Apple in Ireland since 1991. The rulings endorsed a way to establish the taxable profits for two Irish incorporated companies of the Apple group (Apple Sales International and Apple Operations Europe), which did not correspond to economic reality: almost all sales profits recorded by the two companies were internally attributed to a “head office”. The Commission’s assessment showed that these “head offices” existed only on paper and could not have generated such profits. These profits allocated to the “head offices” were not subject to tax in any country under specific provisions of the Irish tax law, which are no longer in force. As a result of the allocation method endorsed in the tax rulings, Apple only paid an effective corporate tax rate that declined from 1% in 2003 to 0.005% in 2014 on the profits of Apple Sales International.
Tim Cook (via Mitchel Broussard, Hacker News, Slashdot, Investor FAQ):
The opinion issued on August 30th alleges that Ireland gave Apple a special deal on our taxes. This claim has no basis in fact or in law. We never asked for, nor did we receive, any special deals. We now find ourselves in the unusual position of being ordered to retroactively pay additional taxes to a government that says we don’t owe them any more than we’ve already paid.
As I understand it, Apple didn’t get a special deal; rather, they went to great lengths to take advantage of a tax loophole. Ireland was happy with this—it got lots of jobs and taxes on revenue that didn’t really have to do with Ireland. The EU says that the Apple/Ireland position is in violation of what Ireland agreed to when joining the Common Market. The business structure is definitely illegal now, which is why Apple changed it in 2015, but it was allegedly also illegal in 1991, which is why they want Apple to pay retroactively. Cook’s letter seems to be aimed at getting Ireland to fight the EU on its behalf.
Apple is saying that sales in EU countries are actually made by Apple’s Irish subsidiary; that any brick and mortar or online store in another country is actually part of Apple Ireland. That the store where I buy my iPhone in the UK isn’t really in the UK, as far as taxes are concerned.
Before Ireland adjusted their tax code in 2015 to remove the so-called “Double Irish” scheme, Google, Facebook, and many other large companies made use of the country’s policies to dramatically reduce the tax they paid outside of the United States. Earlier this year, Google was accused of using a similar scheme to Apple’s in the U.K., which they ended up settling for far less than the expected amount.
Regardless of what you think of Apple’s tax evasion strategy, it doesn’t jibe with Cook’s usual conspicuous self-righteousness.
Update (2016-08-31): Dan Bookoff:
“The Irish Revenue don’t do deals,” Noonan told CNBC on August 30. “They issue opinions to clarify a tax situation for individual companies, but we never do deals.”
One reason all this might seem odd to Americans is that the
“special treatment” Ireland is accused of giving Apple is similar
to incentives American states give companies all the time
Massachusetts, for instance, put together
$145 million in incentives to persuade General Electric to
move from suburban Connecticut to Boston.
Update (2016-09-06): Mark Sullivan (via Hacker News):
To get the other side of the argument I went to Matt Gardner, the director of the Institute on Taxation and Economic Policy (the research umbrella for Citizens for Tax Justice). The CTJ is nonpartisan and nonprofit, and it’s funded by some of the same foundations that fund NPR. As it turns out, Gardner energetically disagrees with many of the statements in Cook’s letter. Here are his responses to Cook’s main points.
It’s clear as day—and this was one of the findings of the 2013 Senate subcommittee—that there was no sensible business reason to set up those subsidiaries except to avoid paying taxes. It makes no difference that Ireland cheerfully agreed to it. It’s still a tax dodge, just a state-sanctioned tax dodge.
All the EU is saying is that Ireland’s tax rate is 12.5% and wouldn’t it be nice if Apple actually paid that tax rate. It’s certainly not coming up with a new tax regime that’s never been seen before.
It sounds like what they’re saying is that these ought to be thought of as U.S. profits, which makes it hard to understand why they have been so eager to report these profits in Ireland up until now.
reminds us of “just do what’s right
” and “the bloody ROI
Monday, August 29, 2016 [Tweets] [Favorites]
Result type is so useful that it was almost included in the Swift standard library and even its rejection reveals an interesting look at the philosophies underpinning Swift’s design.
Some implementations of
Result use a generic parameter for the error […] Frankly, until Swift supports structural sum types (and there is no guarantee that it ever will), this can potentially involve a lot of manual work propagating errors to communicate a small amount of additional type information that the interface user will promptly ignore by treating all errors identically (bail out on any error).
The effect of Swift’s error handling over successive
throws statements is equivalent to the monadic
flatMap over multiple
Result generating functions but Swift avoids making abstract mathematical concepts like
flatMap a required part of the core language and instead makes the code look as though it is a simple, linear sequence of actions.
Given that all of the Swift compiler developers are themselves C++ developers, it is interesting that Swift has turned out almost, but not quite, entirely unlike C++. While Swift’s error handling offers potentially similar control flow to C++ exceptions, C++ exceptions provided the clearest example of what the Swift developers wanted to avoid with Swift.
Swift would also rather solve problems with clear syntax rather than the numerous safe implementation rules required in C++. The
defer syntax used to manage cleanup at scope exit, including around thrown errors, is an example of language syntax avoiding the need for safe implementation rules like RAII.
However, Haskell’s approach to error handling does have some limitations. Specifically, monadic handling makes it very easy to “bind” (
>>=) to get the “success” result and totally ignore what happens in an error case. Monadic handling encourages the ignoring of errors. If this code had omitted the
catch handling, the
IO monad would have propagated all the way to the output of the
There’s also an almost total lack of signalling. Unless you look for the bind operator,
do notation or the
fail functions, it’s difficult to know where
IO or other monads are involved. Haskell’s pervasive type inferencing is often a hindrance here: only one of these functions is required to actually specify a type signature.
While Swift has copied some of the syntactic elements of [Java] checked exceptions, Swift is very careful to avoid calling its errors “exceptions” since they are different in important ways. Most significantly, Swift’s errors are as performant as returning an error code and have no overlap with technology intended for fatal errors.
Lily Hay Newman:
Earlier this month at the Usenix security conference, security and computer vision specialists from the University of North Carolina presented a system that uses digital 3-D facial models based on publicly available photos and displayed with mobile virtual reality technology to defeat facial recognition systems. A VR-style face, rendered in three dimensions, gives the motion and depth cues that a security system is generally checking for. The researchers used a VR system shown on a smartphone’s screen for its accessibility and portability.
Their attack, which successfully spoofed four of the five systems they tried, is a reminder of the downside to authenticating your identity with biometrics. By and large your bodily features remain constant, so if your biometric data is compromised or publicly available, it’s at risk of being recorded and exploited. Faces plastered across the web on social media are especially vulnerable—look no further than the wealth of facial biometric data literally called Facebook.
Stephen Dolan (PDF, via Emily St.):
It is well-known that the x86 instruction set is baroque, overcomplicated, and redundantly redundant. We show just how much fluff it has by demonstrating that it remains Turing-complete when reduced to just one instruction.
The instruction we choose is mov, which can do both loads and stores. We use no unusual addressing modes, self-modifying code, or runtime code generation. Using just this instruction (and a single unconditional branch at the end of the program to make nontermination possible), we demonstrate how an arbitrary Turing machine can be simulated.
The M/o/Vfuscator (short ‘o’, sounds like “mobfuscator”) compiles programs into “mov” instructions, and only “mov” instructions. Arithmetic, comparisons, jumps, function calls, and everything else a program needs are all performed through mov operations; there is no self-modifying code, no transport-triggered calculation, and no other form of non-mov cheating.
Update (2016-08-29): Rosyna Keller:
As is xor
We didn’t work with long media lists. Instead, we focused on a relatively small number of reporters who we believed set the tone for others to follow. We’d offer these reporters such things as exclusive interviews, following a launch or first shot at reviewing new products. By keeping the number small, our hands-on approach was more manageable. After the initial coverage from influencers, we’d expand our reach to regional reporters and trade publications.
Most importantly, respect your brand. That’s the biggest lesson of all that I learned at Apple. It’s your biggest asset and you have to protect it. Think twice before giving away your products in a raffle. Think carefully about what other brands you associate with.
Friday, August 26, 2016 [Tweets] [Favorites]
Richard Mitton (via Hacker News):
Deflate was invented by Phil Katz back in 1993, and forms the basis of the ZIP file format, the zlib library, gzip, PNGs, and probably a whole bunch of other stuff. At the time it was pretty cutting-edge.
So we have two compression algorithms. LZSS is reliant on finding previous data to match against, and Huffman coding is reliant on some letters being more common than others. Can we do better than picking one of those two? Can we weave them together?
Deflate is based around the idea of the unified alphabet. If an alphabet is just a set of choices, why not bring all the choices together under one umbrella? Deflate’s alphabet consists of 286 symbols. The first 256 are the ASCII codes for each letter, including all the ASCII control codes and other such. The remaining 30 symbols are used to represent lengths. That’s right, we’re storing the actual match length here.
There were a lot of encoders at the time using this general scheme (a few more values to indicate match length or distances). PKZIP won at the time because it was faster, and PK had the name recognition from his PKARC, which was a superfast implementation of SEA ARC (the dominant archiver on PCs at the time).
There’s another non-trivial thing that PKZIP had going for it - it put the directory at the end, which meant you could see the list of files in the archive without reading the entire archive! This sounds simple, but back then everyone adopted the tar-style “file header then data” appendable style, which meant that just listing the files inside a 300KB zip file (almost a whole floppy disk!) meant reading that entire floppy (30 seconds at least). PKZIP could do it in about 2 seconds.
Jan Dawson (via John Gruber):
R&D spend was under $2.5 billion the four quarters before Tim Cook took over, but it was almost $10 billion five years later, a roughly fourfold increase. And that’s not just because Apple’s revenue has grown during that time — R&D has actually grown significantly as a percentage of revenue over the same period, going from just over 2% to just over 4%, or almost doubling as a percentage. That’s interesting, because R&D actually fell fairly consistently as a percentage of revenue during most of Steve Jobs’ second stint as Apple CEO, from a peak of 8% in 2001 and 2002 all the way down to 2% just before Cook took over. That’s largely a function of the massive iPod- and iPhone-driven revenue growth during that period — dollar R&D spend rose from around $400 million a year to over $2 billion a year during the same time period — but it’s interesting to note that Cook has reversed the trend and significantly increased R&D spend even above and beyond the rate at which revenue has grown. Interestingly, that 2 percentage point increase in R&D spend is roughly equal to the 2 percentage point drop in margins during the Tim Cook era.
Apple ended calendar Q2 2011 with a total balance of cash and investments of $76 billion, while it ended Q2 2016 with a balance of $231.5 billion. In other words, it has added over $155 billion to its coffers over this time. Meanwhile, an increasing proportion of this cash and investments has been held overseas — the percentage was 63% five years ago, but was 93% at the end of Q2 2016.
They are actually selling bonds (paying around 4% interest) here in order to finance the dividends and buybacks without using the overseas cash.
Perhaps one of the most significant contributions Tim Cook has made at Apple can’t be seen in any of these charts, because it’s about the changes to Apple’s culture that have happened under his leadership. The increased openness, best exemplified by the frequent interviews Cook and other executives now regularly grant to various publications (and even podcasters), is one element of this, though Apple’s secrecy about future products remains as tight as ever. But an increased sense of social responsibility, especially as regards the environment and contributions to social causes is another major change.
Kamran Ali et al. (PDF, via Paul Fenwick, Hacker News):
In this paper, we show for the first time that WiFi signals can also be exploited to recognize keystrokes. The intuition is that while typing a certain key, the hands and fingers of a user move in a unique formation and direction and thus generate a unique pattern in the time-series of Channel State Information (CSI) values, which we call CSI-waveform for that key. In this paper, we propose a WiFi signal based keystroke recognition system called WiKey. WiKey consists of two Commercial Off-The-Shelf (COTS) WiFi devices, a sender (such as a router) and a receiver (such as a laptop). The sender continuously emits signals and the receiver continuously receives signals. When a human subject types on a keyboard, WiKey recognizes the typed keys based on how the CSI values at the WiFi signal receiver end. We implemented the WiKey system using a TP-Link TL-WR1043ND WiFi router and a Lenovo X200 laptop. WiKey achieves more than 97.5% detection rate for detecting the keystroke and 96.4% recognition accuracy for classifying single keys. In real-world experiments, WiKey can recognize keystrokes in a continuously typed sentence with an accuracy of 93.5%.
Update (2016-08-30): See also: Bruce Schneier.
Gavin Thomas (2012) (via Hacker News):
Richard Stallman had announced his intention to write a complete UNIX-like operating system to be known as GNU, ‘GNU’s Not Unix!’, in September 1983. The years between 1983 and the inception of the Hurd were spent writing the operating system and tools that made the development of a kernel possible, the editors and compilers, Bash, Make, Autoconf, Emacs, GCC, sed, gawk and the command-line tools.
From a user perspective, the Hurd was going to be a long time coming, and the Linux developers had slotted Linux into the space that was meant to be occupied by the Hurd at the heart of the GNU operating system. Stallman was initially [skeptical]. Early versions of Linux were exclusive to the IBM 386, and according to Stallman: “We heard that Linux was not at all portable (this may not be true today, but that’s what we heard then). And we heard that Linux was architecturally on a par with the UNIX kernel; our work was leading to something much more powerful.”
Stallman later admitted, “I take full responsibility for the technical decision to develop the GNU kernel based on Mach, a decision which seems to have been responsible for the slowness of the development. I thought using Mach would speed the work by saving us a large part of the job, but I was wrong.” In latter years the Hurd has been ported to a variety of microkernels, from L4 to Coyotos and to Viengoos, but has never had the community and resources that went the way of Linux.
Thursday, August 25, 2016 [Tweets] [Favorites]
TIL NSData only uses the first 80 bytes to hash itself and doesn’t use length at all for some reason.
Other classes with potentially bad hash codes:
NSDictionary both simply return their count. NSString’s hashing has changed a few times. Currently it uses up to 96 characters (taken from the beginning, middle, and end) and also incorporates the length.
If you know these hash functions are bad for your data, you can use wrapper objects to override the
-hash method or an NSMapTable with a custom NSPointerFunctions.
Previously: Swift Tuples Aren’t Equatable.
Update (2016-08-25): David Smith:
Using the length is a good idea. We [should] change that.
Just an oversight afaik. Not all that many people hitting that code path. Should be a safe fix.
A few weeks ago, Dropbox launched a set of new productivity tools including document scanning on iOS. This new feature allows users to scan documents with their smartphone camera and store those scans directly in their Dropbox. The feature automatically detects the document in the frame, extracts it from the background, fits it to a rectangular shape, removes shadows and adjusts the contrast, and finally saves it to a PDF file. For Dropbox Business users, we also run Optical Character Recognition (OCR) to recognize the text in the document for search and copy-pasting.
We decided to develop a customized computer vision algorithm that relies on a series of well-studied fundamental components, rather than the “black box” of machine learning algorithms such as DNNs. The advantages of this approach are that it is easier to understand and debug, needs much less labeled training data, runs very fast and uses less memory at run time. It is also more accurate than Apple’s SDK for the kinds of usage scenarios we care about; in an A/B test evaluation, the detections found by our algorithm are 60% less likely to be manually corrected by users than those found by Apple’s API.
Once we have a rectangular rendering of the document, the next step is to give it a clean and crisp scanned appearance. We can explicitly formulate this as an optimization problem; that is, we solve for the final output image J(x,y) as a function of the input image I(x, y) that satisfies the two aforementioned requirements to the greatest extent possible:
- The background of the document is mostly a uniform white, with even illumination.
- The foreground text and figures are crisp and visible with high contrast.
In our experiments, the output colors using this simple algorithm would look faded, even though the RGB values were exactly the same as the input! The reason is that the human visual system is based on relative brightness, not absolute ones; this makes colors “pop” more relative to the dull gray of the input, but not relative to the bright white background of the enhanced image.
Don Syme (via Doug Gregor):
Generics for .NET and C# in their current form almost didn’t happen: it was a very close call, and the feature almost didn’t make the cut for Whidbey (Visual Studio 2005). Features such as running CLR code on the database were given higher priority.
It was only through the total dedication of Microsoft Research, Cambridge during 1998-2004, to doing a complete, high quality implementation in both the CLR (including NGEN, debugging, JIT, AppDomains, concurrent loading and many other aspects), and the C# compiler, that the project proceeded. Product group resourcing for the feature was low until 2004, and remained sparse, leading to major overload on MSR Cambridge employees, though ultimately the code, designs and specifications were fully transferred into both the CLR and C#. Today, the future of the CLR is firmly in the hands of those in Redmond.
What would the cost of inaction have been? What would the cost of failure have been? No generics in C# 2.0? No LINQ in C# 3.0? No TPL in C# 4.0? No Async in C# 5.0? No F#? Ultimately, an erasure model of generics would have been adopted, as for Java, since the CLR team would never have pursued a in-the-VM generics design without external help.
Wednesday, August 24, 2016 [Tweets] [Favorites]
Steven Levy (via Zac Hall):
Machine learning, my briefers say, is now found all over Apple’s products and services. Apple uses deep learning to detect fraud on the Apple store, to extend battery life between charges on all your devices, and to help it identify the most useful feedback from thousands of reports from its beta testers. Machine learning helps Apple choose news stories for you. It determines whether Apple Watch users are exercising or simply perambulating. It recognizes faces and locations in your photos. It figures out whether you would be better off leaving a weak Wi-Fi signal and switching to the cell network. It even knows what good filmmaking is, enabling Apple to quickly compile your snapshots and videos into a mini-movie at a touch of a button.
How big is this brain, the dynamic cache that enables machine learning on the iPhone? Somewhat to my surprise when I asked Apple, it provided the information: about 200 megabytes, depending on how much personal information is stored (it’s always deleting older data). This includes information about app usage, interactions with other people, neural net processing, a speech modeler, and “natural language event modeling.” It also has data used for the neural nets that power object recognition, face recognition, and scene classification.
And, according to Apple, it’s all done so your preferences, predilections, and peregrinations are private.
Acero began his career in speech recognition at Apple in the early ’90s, and then spent many years at Microsoft Research. “I loved doing that and published many papers,” he says. “But when Siri came out I said this is a chance to make these deep neural networks all a reality, not something that a hundred people read about, but used by millions.” In other words, he was just the type of scientist Apple was seeking — prioritizing product over publishing.
“It’s a source of a lot of internal debate,” says Federighi. “We are used to delivering a very well-thought-out, curated experience where we control all the dimensions of how the system is going to interact with the user. When you start training a system based on large data sets of human behavior, [the results that emerge] aren’t necessarily what an Apple designer specified. They are what emerged from the data.”
Update (2016-08-31): Steven Levy (via Nick Heer):
The company’s machine learning talent is shared throughout the entire company, available to product teams who are encouraged to tap it to solve problems and invent features on individual products. “We don’t have a single centralized organization that’s the Temple of ML in Apple,” says Craig Federighi. “We try to keep it close to teams that need to apply it to deliver the right user experience.”
Following its acquisition of machine learning platform Turi earlier this month, Apple is now growing the team that will serve as the company’s new machine learning division focusing on integrating the tech into new and existing products, 9to5Mac has learned.
Update (2016-09-06): Dr. Drang:
This is what’s most frustrating about Siri and why I find myself yelling at her so often. It has nothing to do with big data or compromised privacy. The problem I posed was ideal for Apple’s everything-on-the-phone strategy. It didn’t even require changing apps. And yet Siri interpreted “get directions to the nearest gas station” without any regard to the data she had in her hands just seconds earlier. For some reason, when I asked for directions, only my position was used in developing the answer. That I was in a car and traveling south—essential information for giving good directions—was ignored.
Instapaper (Hacker News, Slashdot):
Today, we’re excited to announce that Instapaper is joining Pinterest. In the three years since betaworks acquired Instapaper from Marco Arment, we’ve completely rewritten our backend, overhauled our mobile and web clients, improved parsing and search, and introduced tons of great features like highlights, text-to-speech, and speed reading to the product.
For you, the Instapaper end user and customer, nothing changes. The Instapaper team will be moving from betaworks in New York City to Pinterest’s headquarters in San Francisco, and we’ll continue to make Instapaper a great place to save and read articles.
Hidden at the bottom of this announcement is a ‘sunsetting’ of Instaparser, a paid API endpoint for developers to take advantage of Instapaper’s intelligent article parsing. The service is shutting down in November. It launched in April, now being shuttered in the same year it was debuted. This is pretty crappy especially given Instaparser was a paid service charging hundreds of dollars per month for an API key.
We will be using the signals from Instapaper to power some news-based discovery within Pinterest, however, those signals will be used in aggregate in a manner similar to which we use them for the Instapaper Daily and Instapaper Weekly offerings.
I’m worried about this. I’m a long-time Instapaper user and customer, and its features — particularly highlights and notes — are essential to my reading and research habits.
Update (2016-08-24): Here’s Arment’s post on selling Instapaper to Betaworks (via McCloud).
We were talking about scrolling performance, and how the iPhone 4 had to draw 4x the pixels to get 2x the resolution, and still do it smoothly. This, at a time when Android scrolling performance was just awful. I asked him how Apple could be so far ahead. He said “John, nobody else gives a shit.”
The other interesting tidbit from that conversation was that I said something to the effect of “You guys have been working on graphics performance ever since 2001” or something like that, alluding to Mac OS X 10.0.
He immediately jumped back at me with “No, we’ve been killing ourselves over graphics since 1989.” Alluding to NeXTstep 1.0.
Tuesday, August 23, 2016 [Tweets] [Favorites]
Apple appears to be making a slight branding change to its retail business, dropping the “Store” moniker when referring to its Apple Store locations. Apple has already made the change online, and all of its store pages now refer to stores by names like “Apple Union Square” or “Apple Valley Fair” or “Apple The Grove,” instead of “Apple Store, Valley Fair” or “Apple Store, The Grove.”
Now that Apple’s stores are well established, it makes sense to drop the “Store”. Think about the brands that are Apple’s peers in retail. No one goes to the Tiffany Store or Gucci Store, they just go to Tiffany or Gucci.
The difference between these brands and Apple is that Apple’s identity has long been independent from the notion of a store. Calling it the “Apple Store” was not only important because the stores were a novelty, but because Apple is a brand that transcends retail.
I suppose this is the biggest problem with Apple dropping the word “store” — it devalues the Apple brand.
Perhaps “Apple at location” would sound better in nearly all circumstances. But, then again, Apple has always been funny about their phrasing — note, for example, their persistence in dropping the definite article when referring to any of their products: it’s always “iPhone”, never “the iPhone”.
With the removal of “Store” from Apple retail locations, I’m wondering what we’ll call the one on campus.
A trio of former Apple Store employees recently delved into some stories of their tenure at various retail locations of the company’s well-recognized brand. Although their names were changed to keep their identities a secret, the group which spoke with Thrillist included: Lucas, a Lead Genius with five years of experience; David, who worked part-time as a Sales Specialist for four-and-a-half years; and Tony, a Family Room Specialist for five years at an Apple Store.
Lucas and David went further into the specifics of the “distinct hierarchy” of the Apple Store, detailing an “odd” dynamic imbalance between entry level employees and those higher up. Most of the full-time positions were “seen as an accomplishment” due to Apple’s extensive training program that flew out applicants to Cupertino or Austin for a few days. This created an “off-putting” atmosphere for new employees trying to get by in the store and still years off from being able to take advantage of the company’s perks.
App Store screenshots are really, really important, if done correctly they can convince more users browsing the store to download your app. Unfortunately so many good apps get overlooked because of bland or poorly designed screenshots. This is not an article telling you how to design screenshots, it's more of an overview of the styles and options that are out there right now.
Monday, August 22, 2016 [Tweets] [Favorites]
Jason Snell (tweet):
The app, developed by John Gruber, Brent Simmons, and Dave Wiskus, featured a tasteful interface design. (I used it a lot, especially for recipes.) But it’s hard to compete with Apple’s own Notes app, especially after Apple upgraded it dramatically with iOS 8. The last post to the development blog was in February 2015 when the app was updated to support iPad screen resolutions.
Brent Simmons (tweet):
We at Q Branch just released the final version of Vesper. It does one crucial thing: it allows you to export your notes and pictures. See the new Export section in the sidebar.
Sync will be turned off Aug. 30 at 8pm Pacific. We’ll destroy all the data, and neither we nor anyone else will be able to recover it.
Brent Simmons (tweet):
The iOS document provider feature — which was introduced after Vesper shipped (it was originally an iOS 6 app) — was just what we needed. It meant we could write the notes and pictures as files in a folder, and then a document provider could upload those files to iCloud Drive, Dropbox, or wherever.
Perfect. It works whether you’re syncing or not — it has nothing to do with syncing.
And it will continue to work even after sync shuts down. It will continue to work as long as you have the app on your device.
Belief inside Q Branch: if we had started with a Mac app rather than an iOS app, Vesper would have been much more successful. That wasn’t clear at the time we started, though (Dec. 2012).
All things must come to an end, and all, but it’s heartbreaking to see it happen to a great app like Vesper, especially since this serves as a de facto acknowledgement that a Mac version is never coming as well.
I still firmly hold the belief that iOS applications are either loss leaders or loss generators, that iOS devices themselves are thick terminals, and that a proper iOS execution strategy must be backed with a useful service either involving real world consequences (i.e. get a ride or get groceries delivered), or a wider cross-platform strategy (i.e. build your document on one platform, revise on another).
Props to Q Branch for putting time into a dying app to make it possible to export user data. Too many apps and services don’t get that part right.
However, I would argue that apps should have an export feature from the first version.
Update (2016-08-24): John Gruber (tweet, Hacker News):
iOS 7’s appearance was so different that even an app like Vesper that was designed with many of the same ideals needed a thorough redesign. So we spent the summer of 2013 not building a sync system, but rather building an iOS 7 version of Vesper.
We suffered an enormous chicken-and-the-egg problem with our decision to keep to a small team and self-fund our efforts through revenue from the app itself. A notes app is only of interest to many people if it’s available both on their desktop and mobile device. The number one reason, by a long shot, that people didn’t buy Vesper is because it wasn’t available for the Mac. I get that. It makes total sense. Hell, I even cheat, personally, and run Vesper on my Mac in the iOS Simulator. The bottom line is we needed revenue from the first version we built to fund development of the next version, and I think we would have made money from the Mac version.
Ultimately, what we should have done once we had versions of the app for both Mac and iOS is switch to a subscription model. Make the apps free downloads on all platforms, and charge somewhere around $15/year for sync accounts. That’s where the industry is going.
With “Vesper” we were thinking things like beautiful, smart, clever, strong. In the end, the name was more apt than we knew, because it also carries heartbreak.
From first comp to 1.0.
But the one on the right is what we shipped before we ever saw iOS 7.
We pay more for the server in some months than we do for Ideal Sans for the year.
It’s kind of bizarre the only healthy developer market in the Apple ecosystem right now is the outside-the-Mac-app-store Mac market.
For years now I’ve been talking to app developer friends and they are nearly universally wondering how long they will be able to survive in a business where consumers expect to pay less than $5 for an app and expect that app to be maintained for years at a time with no further revenue to the developer.
This problem is holding back productivity software on the iPhone and–even more dramatically–on iPad. The iPad Pro hardware is, performance-wise, competitive with a laptop. The difference, however, is that people are simply not willing to pay the same for iPad productivity software as they are willing to pay for Mac productivity software.
I think the most important take home here is that The Marco Effect is greatly overestimated.
At the time I was using Evernote and for me it gets the job done. I was getting tired of seeing good note apps for iOS but not a lot on the Mac. I only got into the app when version 2 came out but I never really used it that much because it doesn’t offer a Mac app.
Several bloggers have expressed curiosity as to why public interest in the App Store has waned so much. I can’t answer for everyone, but at least within myself, I’ve noticed an increasing and persistant reluctance to try new apps. It’s just that I’ve seen same pattern crop up over and over again. Somebody releases an interesting new app, touting fantastic design and improved productivity. The app gains some (but not overwhelming) traction. The app gets a few updates. The app lingers for a few years. And finally, the app untriumphantly rides off into the sunset, taking entire years of not just developer time, but thousands of users’ ingrained habits with it. The case is clear: most apps — and especially indie apps — cannot be reliably expected to continue operating.
That said, hats off to the dream team for building a well done and well engineered application. The diary that Brent wrote about synching is still a great read, after three years.
This is an adventure that every indie should learn from. Sometimes a great design, a great production and a great engineering is not enough. There’s many more factors to take into account[…]
Vesper has had more downloads since Sunday (when it went free, and was announced EOL) than it did in 3+ years as a paid app.
I think it’s a little more subtle than that. They will pay, but not if there are free options. And most of the time there are.
We didn’t omit export from 1.0 because we didn’t think it was important, we omitted it because we found no good solution.
Update (2016-08-25): Brent Simmons:
Way back in 2002 I wrote Why I Develop for Mac OS X — it’s because of what Joel Spolsky called an “emotional appeal.” […] It’s still true, 14 years later. And it’s why Vesper didn’t start as a web app, and why we’re not converting it now.
See also: Under the Radar, Kirk McElhearn, Eddie Smith, Importing to Ulysses, Jonathan Poritsky.
Update (2016-08-26): Trello Importer.
Update (2016-08-30): Brent Simmons:
Update (2016-09-06): Allen Pike:
Software is deeply impermanent. While it is often built painstakingly and methodically, it is experienced ephemerally, in the moment. Apps are hard to preserve for study or posterity. Network-backed apps, doubly so.
Update (2016-10-07): Adam Rush:
Some people are finding success on the iOS App Store — and I congratulate those folks. This includes Omni, where I work.
But I do think it’s far more difficult to make a living as an indie iOS developer in 2016 than it was as a Mac developer in 2005. My suspicion is that in the Mac market, 2016 is not very different from 2005, and you can still make money there. But iOS is like a giant curtain laid across the map, so people don’t see the opportunity.
David Owens II:
Alrighty, so this is looking better, but still not great:
10,138,624 bytes (approx
10 MB). This of course is missing some of the frameworks that I was using above, like Swift support for AV Foundation, but seeing as
libswiftCore is the primary culprit of the size, I think it’s safe to say that budgeting for
15 MB for Swift support should be sufficient.
I should also note that the App Store does compress your bundle as well. At the end, it’s really hard to know exactly how big your app bundle is going to be without actually publishing it up to the store.
Which is too bad because then you can’t be sure whether your app fits under the 100 MB limit for cellular downloads.
Joanna Stern (via John Gruber):
After pulling out the stopwatch for over 50 transactions at various retailers in recent days, I can confirm that it takes twice as long to pay with a chip card than with a card swipe or mobile payment—on average, 13 seconds versus 6 seconds.
And that doesn’t count the time playing swipe-or-chip roulette. Consider yourself lucky when you encounter a “NO CHIP!” sign or a duct-tape blockade over the slot.
Lately, I’ve been spared. I’ve only seen signs saying not to use the chip reader and had cashiers tell me to ignore the sign saying to insert my card.
“Many [retailers] don’t yet take EMV because the longer lines tend to be a much greater hit than the fraud that they’d have to pay for,” says Joseph Koenig, a technology manager at Index, a company that implements software in point-of-sale terminals.
Apple Pay, Samsung Pay and Android Pay were all twice as fast as current chip cards in my testing. Hold up your phone, press on the fingerprint sensor to confirm it’s you and six to seven seconds later, you’ll hear that pleasing ding that you’re done.
It seems weird, though, that I still have to sign on that awful electronic pad after providing my fingerprint.
CVS Pay is part of the CVS Pharmacy app for iOS that combines access to your debit or credit card, ExtraCare rewards card, and a Health Savings or Flexible Spending account. Like CurrentC and Walmart Pay, CVS Pay uses barcodes to transmit information.
That’s wonderful considering that their terminals are never able to scan the ExtraCare and prescription barcodes from my phone.
Previously: Why I Started Using Apple Pay.
Dieter Bohn (via Nick Heer):
Google’s “Accelerated Mobile Pages,” more commonly known as AMP, are meant to be a reboot of the mobile web. Designed to fix mobile webpages that suck because they’re too slow, they have been available in a specialized carousel at the top of search results since February. When you click on an AMP link, you get a stripped-down, faster version of the article you wanted — often delivered directly from Google’s own caching servers.
Now, Google has announced that it plans to expand the delivery of AMP links beyond that carousel to all mobile search results. So when you search for a story and an article from an AMP publisher shows up in search results, clicking on that blue link will take you to the AMP version of the story instead of the traditional website.
If this sounds familiar, it’s because Facebook just did the same thing with its own mobile-focused Instant Articles format — instead of loading a webpage when you click a link, the Facebook app loads a proprietary Instant Article from participating publishers, complete with lightning bolt icon.
Previously: Google’s Accelerated Mobile Pages.
Saturday, August 20, 2016 [Tweets] [Favorites]
The most prominent example of CarPlay’s challenges may be that it looks terrible, though through no fault of its own. The display of most in-dash consoles is not of Retina quality, and as a result, the CarPlay apps and UI elements look jagged and poorly rendered. That’s compounded by the fact that, even though you can tap and swipe on the screen, the performance is sluggish and occasionally choppy.
Beyond that, I was surprised to find that CarPlay only works when your iPhone is plugged into your console’s USB port via Lightning cable. This is probably necessary for the “casting” aspect of the experience, as the CarPlay interface that you see on the console is essentially powered by your phone. But for me, it represents a step back from the ability to connect your phone to the car’s system via Bluetooth.
From May 1 to July 31, 1995 users who upgraded to System 7.5 could choose between an Apple watch or a copy of Conflict Catcher 3..
The watch band says “Mac OS,” but the software product itself was called “Macintosh System 7.5.” The “Mac OS” logo existed and was shown on the boot screen, but it didn’t become the name of the product until version 7.6.
Update (2016-08-22): Jason Snell:
I have an Apple watch of my own. It’s a “Think Different” model that runs counterclockwise. Oh, ’90s Apple. Such a strange company.
Update (2016-08-24): Brendan Shanks:
To be highly pedantic, the “Mac OS” logo came with 7.5.1. 7.5 was “Wecome to Macintosh” with progress bar.
Most developers we asked are gods with multiple arms: they manage to sell their apps both on the Mac App Store and outside of it. About a third were brave enough to only sell outside, while the smallest part have chosen the MAS as their only marketplace.
Unexpectedly, for those who sell both on the MAS and outside, revenue parts coming from the two channels are practically identical, which means you don’t actually make more money on the MAS.
About a third of the devs we asked run their own business. Funny enough (not really), more than 20% of them have tried MAS, but left.
While sandboxing does show up on the complaint list, it’s ranked low as a reason to not use the Mac App Store, even though it was why I pulled my app Clipstart from the Mac App Store 4 years ago. And not much has changed since I wrote about Sketch and other apps leaving the Mac App Store last year.
Update (2016-08-20): Marcus Fehn is critical of the survey. These sorts of surveys always have sampling issues, so I wouldn’t take the numbers too seriously. But I do think it’s interesting as a rough snapshot of what the community thinks, particularly the ranking of the different pain points. I would have liked to see additional choices, though, e.g. the unreliability of iTunes Connect and the Mac App Store app.
Criteo (and their partners, like sears.com) have successfully performed an end-run around the traditional newsletter opt-in process.
By managing email lists and functioning as an advertising retargeting network, Criteo enables spammers to enroll innocent users browsing the web to 3rd party newsletters.
Criteo’s claim that they didn’t store my information is besides the point. The problem is that I got signed up for spam because I was merely browsing the web, and now a third party has my name and email address. Criteo gets to claim they don’t store that information, but what does it matter if it ends up in the hands of spammers like Sears?
Update (2016-08-22): Sami Samhuri:
Make sure you disable 3rd party cookies in all your web browsers.
Friday, August 19, 2016 [Tweets] [Favorites]
YouTube (via Hacker News):
Today we added YouTube to Google’s HTTPS transparency report. We’re proud to announce that in the last two years, we steadily rolled out encryption using HTTPS to 97 percent of YouTube’s traffic.
We found that HTTPS improved quality of experience on most clients: by ensuring content integrity, we virtually eliminated many types of streaming errors.
97 percent is pretty good, but why isn’t YouTube at 100 percent? In short, some devices do not fully support modern HTTPS. Over time, to keep YouTube users as safe as possible, we will gradually phase out insecure connections.
Here’s how to check if your image editor of choice does the right thing when making and saving images. Create a new document, set the color profile to sRGB, fill it with 100% red, and see what Digital Color Meter tells you. If it says the RGB values are 234,51,35 (or thereabouts) then you’re in good shape. If it says 255,0,0 then you’re going to eventually be in a world of hurt, because it’s not correctly handling color profiles.
Users looking to get the most out of Siri may want to check out Hey-Siri.io, a new website that launched in July. Hey-Siri.io features a comprehensive list of many of the different Siri commands that are available, giving iOS and Mac users a quick way to discover all of the different things Siri can do.
But, with our latest updates today (OmniFocus 2.6 for Mac and OmniFocus 2.15 for iOS), your data will be completely encrypted before it leaves your device so that it’s encrypted on the server itself. We’re using your sync password to generate a key that encrypts everything as it leaves your device. All encryption and decryption happens locally, so your data is always encrypted end-to-end and our server never has access to your encryption key.
To make this level of encryption work—and for other features down the road—we needed to make some adjustments to our database format.
The releases of OmniFocus out today will periodically check to see if all of your devices are using the latest version. Once they are, you’ll be prompted to migrate to the new database format.
The migration went very smoothly. In fact, they made it so easy that there’s little indication that encryption is being used. The local files remain unencrypted, and you’re not asked to enter a new password. Here are the release notes and the open-source OmniFileStore.
The guiding principle of today’s updates is that the only things which should ever have access to your OmniFocus tasks are devices you own and control: your phone, your Mac, your tablet.
There are a few other things worth remembering: no one at Omni will have the ability to look at or restore your data.
Presumably you are not protected from nefarious modifications to the server, though, as the password for syncing and logging into their site is the same one that secures the encryption key.
Previously: Proposed Client-side Encryption in OmniFocus.
Update (2016-08-19): Ken Case:
Our next update will let people set a separate encryption password from their sync password.
Thursday, August 18, 2016 [Tweets] [Favorites]
Triage allows you to scan new episodes and decide whether you’re interested or not.
Newly published episodes arrive in the Inbox tab. From here, you can review the descriptions, queue the best ones and archive the rest. The Queue tab is a single central playlist. Queued episodes are automatically downloaded, and can be re-ordered or archived any time.
You can set your favourite shows to queue automatically and use the inbox to triage the rest.
This is especially important in an era where there are a whole lot of podcasts to wade through. In a few moments I was able to get through a half-dozen new podcast episodes in my Inbox, marking some of them for immediate listening, tacking others on to the bottom of my queue, and bypassing less interesting episodes entirely.
The inbox idea doesn’t really appeal to me, but I’ve often wanted a play queue in Overcast, i.e. a reorderable history of episodes that have been started. Otherwise, it’s hard to get back to an episode that was interrupted, especially since the In Progress playlist was removed. This, combined with something like iTunes’s Up Next, would be ideal for me.
There doesn’t seem to be an easy way to switch podcast apps, preserving episode state, even if I wanted to.
The new Mobile Share Advantage plans are available Aug. 21. Consumers and businesses alike can gain a wireless experience, without overage charges. Instead of overage charges, after customers use all of their high-speed data amounts, all data usage will be reduced to a maximum of 128 kbps for the rest of their bill cycle.
Via Josh Centers:
It’s likely that the new Mobile Share Advantage plans will either save you money or provide more data for roughly the same amount that you’re paying now.
It depends on your plan, though. I currently have 2 GB plan for $30, whereas the new plans are 1 GB for $30 or 3 GB for $40.
Update (2016-08-18): Scott:
AT&T raised the price of the device connect $5, from $15 now $20 across the board. Lower plans (<10GB?) were $25, so lower there.
Here, 3 iPhones on $100 15GB plan:
new 10GB: $95
old 15GB: $100
new 16GB: $105
The first problem we ran into was stability. Core Data is notorious for crashing if one small thing goes wrong. It’s really easy as a developer to introduce race conditions very subtly which can be tricky to debug. In general, we found that approximately 50% of the crashes that we had on our Core Data applications were in some way related to Core Data itself, and these crashes were one-offs here and there. It wasn’t one big bucket that we could fix them all, making it really difficult to diagnose these issues.
The final thing for us was scalability. Facebook has talked quite a lot, a couple of years ago, about that problem, scaling Core Data. They believe that Core Data is very difficult to scale to large applications. Given that our application has hundreds of view controllers and hundreds of models, we’re terrified of this.
To accomplish all these things we wrote RocketData. RocketData is a caching and consistency solution for immutable models. It’s intended to replace Core Data or at least fulfill that role in an application. It’s written 100% in Swift, and we really like it.
He uses “model” to mean the entity objects, i.e.
NSManagedObject, rather than the entity descriptions (which Core Data calls the model).
Briefly, a Managed Apple ID is an Apple ID that is created by the school for pupils. They can also be created for teachers and administrators. A Managed Apple ID allows access to iCloud and iTunes U but not to commercial services like the App Store and iBookstore. A Managed Apple ID is literally disbarred from any commercial transaction with Apple.
So, as a result of this decision to only allow iTunes U interaction between Managed Apple IDs in the same ASM domain, this means that teachers effectively have to be using a school-issued Managed Apple ID to run their iTunes U courses.
This is fine - in a very restricted set of circumstances that don’t apply to any existing school iOS deployment anywhere.
At the moment, I have no satisfactory workaround for this. I cannot conceivably expect teachers to switch to using a Managed Apple ID permanently, abandoning all their past purchases and content. Similarly, the idea of switching between two Apple IDs in the course of doing your job is maddening at best and potentially disastrous if you accidentally trigger an App Store tripwire.
Tuesday, August 16, 2016 [Tweets] [Favorites]
Xcode Tip Of The Day:
[Xcode > Edit > Copy Qualified Symbol Name]
It’s hard to type with one hand but rather useful. For example, you can put the cursor anywhere in a method definition or call, and it will copy the full name to the clipboard, e.g.:
You don’t have to select any of the pieces.
Now, if only Open Quickly supported qualified symbols…
For sure: 10450773. Pile on!
My most recent Radar number is 27865953, so I guess people have been wanting this for a long time.
Update (2016-09-20): Felix Schwarz:
In Xcode 8, place the cursor above a method or function & press “⌥ + ⌘ + /” to auto-generate a doc comment.
So when we want something underlined (for example), the
ue entries in our terminal’s termcap record are what we need to send to the terminal to start and end underlining that section of text.
less, it seems, provides this handy way to override those entries using environment variables. We can make
ue and any other termcap string do whatever we want!
\e[ essentially tells the terminal to start listening for a command that will change its behavior.
m is actually the command here; all the inputs to the command come before it. The
m command tells the terminal to change how it renders subsequent text until further notice.
Apple just sent me an e-mail about its Reporter tool:
Reporter is a Java-based, command-line tool you can use to download your Sales and Trends and Payments and Financial reports. Autoingestion is an older tool that works like Reporter. But newer and expanded functionality will only be available in Reporter, so we recommend using this tool from now on.
Alex, I’ll take Bad Ideas for $1000:
“Requires a cleartext Apple ID password in a file.”
The thing that’s most frustrating about all of this is that we really want a RESTful API for this info. Would be easier to harden, too.
Update (2016-08-18): fedoco:
This script mimics the official iTunes Connect Reporter by Apple which is used to automatically retrieve Sales- and Financial Reports for your App Store sales. It is written in pure Python and doesn’t need a Java runtime installation. Opposed to Apple’s tool, it can fetch iTunes Connect login credentials from the macOS Keychain in order to tighten security a bit. Also, it goes the extra mile and unzips the downloaded reports.
You know what? I’m done. 20 lines of code so far and we don’t even have a
class that does anything; the hard part of this problem was supposed to be
the quaternion solver, not “make a data structure which can be printed and
compared”. I’m all in on piles of undocumented garbage tuples, lists, and
dictionaries it is; defining proper data structures well is way too hard in
So here’s where my favorite mandatory Python library comes in.
x = attr.ib()
y = attr.ib()
z = attr.ib()
This is also a big pain in Objective-C. Swift structs are better, although you do need to make them
I had to return an order, and after going through the usual steps, I was presented with three options for sending the package back. Two of them, UPS pickup and UPS dropoff, were the options I was familiar with. The new one was Amazon Locker. These are the sort of lockers you’d see at a bus terminal—or, more likely, the sort of lockers you’d see in a bus terminal in a black-and-white movie—but they’re owned by Amazon and set up in places to make it easy for customers to pick up and return orders (and for Amazon to avoid paying UPS).
Truth to tell, the UPS Store is closer to my office than this Amazon Locker, but I always have to talk to a person at the UPS Store (ew) and there’s usually a line. An interaction with a touchscreen and cold sheet metal seems much more Amazon-like.
I was not able to find any lockers in my state.
Monday, August 15, 2016 [Tweets] [Favorites]
Apple hasn’t often made appearances at the Black Hat hacker conference, but this year Cupertino is Thinking Different™ about security. Head of Apple security, Ivan Krstic, today said the company would pay huge (up to $200K) bug bounties to invited researchers who find and report vulnerabilities in certain Apple software.
Kate Conger (via Hacker News):
In the past, Apple has cited high bids from governments and black markets as one reason not to get into the bounty business. The reasoning went: If you’re going to be outbid by another buyer, why bother bidding at all? While $200,000 is certainly a sizable reward — one of the highest offered in corporate bug bounty programs — it won’t beat the payouts researchers can earn from law enforcement or the black market. The FBI reportedly paid nearly $1 million for the exploit it used to break into an iPhone used by Syed Farook, one of the individuals involved in the San Bernardino shooting last December.
A bug bounty program is unlikely to tempt any hackers who are only interested in getting a massive payout. For those who only care about cash, Mogull said Apple could probably never pay enough. But for those who care about making an impact, getting a check from Apple could make all the difference. “This is about incentivizing the good work,” Mogull explained.
Both the bounty program and the mere fact that Krstic was speaking at Black Hat are signs of Apple’s thawing relationship with the security industry.
Ivan Krstić (tweet):
Each SEP [Secure Enclave Processor] has reference access to a unique private key (UID)
UID generated by SEP itself immediately after fabrication, using its own free-running oscillator TRNG
Available for cryptographic operations via commands exposed by the Secure ROM
No access to UID key material from SEP or other mutable software after fuses blown
Production devices can be “demoted” to enable some debugging features like JTAG and loading development software on the AP (but not the SEP)
Requires full OS erase and device explicitly authorized by the personalization server
Forces a different UID on the SEP, no access to existing user data after demotion
A few years ago Apple quietly introduced a new service called iCloud Keychain. This service is designed to allow you to back up your passwords and secret keys to the cloud. Now, if backing up your sensitive passwords gives you the willies, you aren’t crazy. Since these probably include things like bank and email passwords, you really want these to be kept extremely secure.
So Apple finds itself in a situation where they can’t trust the user to pick a strong password. They can’t trust their own infrastructure. And they can’t trust themselves. That’s a problem. Fundamentally, computer security requires some degree of trust -- someone has to be reliable somewhere.
Apple’s solution is clever: they decided to make something more trustworthy than themselves. To create a new trust anchor, Apple purchased a bunch of fancy devices called Hardware Security Modules, or HSMs. These are sophisticated, tamper-resistant specialized computers that store and operate with cryptographic keys, while preventing even malicious users from extracting them. The high-end HSMs Apple uses also allow the owner to include custom programming.
Note that on HSMs like the one Apple is using, the code signing keys live on a special set of admin smartcards. To remove these keys as a concern, once Apple is done programming the HSM, they run these cards through a process that they call a “physical one-way hash function”. […] So, with the code signing keys destroyed, updating the HSM to allow nefarious actions should not be possible. Pretty much the only action Apple can take is to wipe the HSM, which would destroy the HSM’s RSA secret keys and thus all of the encrypted records it’s responsible for. […] The downside for Apple, of course, is that there had better not be a bug in any of their programming. Because right now there’s nothing they can do to fix it -- except to wipe all of their HSMs and start over.
Update (2016-08-17): Here’s the video of Krstić’s talk.
Update (2016-09-20): Bruce Schneier:
Ever since Ivan Krstić, Apple’s Head of Security Engineering and Architecture, presented the company’s key backup technology at Black Hat 2016, people have been pointing to it as evidence that the company can create a secure backdoor for law enforcement.
Marco Arment (Hacker News):
AVFoundation, the low-level audio/video framework in iOS and macOS, does not accurately seek within VBR MP3s, making VBR impractical to use for long files such as podcasts. Jumping to a timestamp in an hour-long VBR podcast can result in an error of over a minute, without the listener even knowing because the displayed timecode shows the expected time.
Three simple solutions to accurate VBR stream-seeking have existed for almost twenty years to embed seek-offset tables at the start of VBR MP3s for precise seeking[…] But AVFoundation supports none of them.
Update (2016-08-21): See also: Accidental Tech Podcast.
Daniel Eran Dilger:
Microsoft has demonstrated why the FBI’s desire for “Golden Key” backdoors allowing “good guys” to bypass security is such a bad idea: it inadvertently released its own keys to Windows tablets, phones, HoloLens and other devices using UEFI Secure Boot.
Tom Mendelsohn (via Bruce Schneier):
Secure Boot works at the firmware level, and is designed only to allow an operating system signed with a key certified by Microsoft to load. It can be disabled on many desktops, but on most other Windows devices, it’s hard-coded in. The golden key policy seems to have been designed for internal debugging purposes, to allow OS signature checks to be disabled, apparently so programmers can test new builds. In practice, it could well open up Microsoft’s tablets and phones to serious attacks.
Microsoft has now responded to the Secure Boot blooper.
The company said: “The jailbreak technique described in the researchers’ report on August 10 does not apply to desktop or enterprise PC systems. It requires physical access and administrator rights to ARM and RT devices and does not compromise encryption protections.”
Unfortunately older versions of the boot loader will happily load a supplementary policy as if it were a full policy, ignoring the fact that it doesn’t include a device ID. The loaded policy replaces the built-in policy, so in the absence of a base policy a supplementary policy as simple as “Enable this feature” will effectively remove all other restrictions.
Unfortunately for Microsoft, such a supplementary policy leaked. Installing it as a base policy on pre-Anniversary Edition boot loaders will then allow you to disable all integrity verification, including in the boot loader. Which means you can ask the boot loader to chain to any other executable, in turn allowing you to boot a compromised copy of any operating system you want (not just Windows).
I can still remember a time when the ability to install any software on your very own computer wasn’t considered to be a “bug” or a “vulnerability”.
Previously: FBI Asks Apple for Secure Golden Key.
Unfortunately, however, I recently discovered that all of our 1Password applications (iOS and Mac) have stopped syncing their data with 1Password’s servers. And to make matters worse, the apps don’t provide any feedback to the user that synchronization has failed! It was only after removing a Families account from one of the devices, and trying to add it back did I finally see a “No response from server” error.
Right now, because so few users are affected by this, 1Password’s response is just: “Sorry, you can’t use our service if you’re going to use a VPN.”
If you’re going to put your software API in front of CloudFlare, as 1Password has done, then you must also engineer a model and user experience that accounts for false positives.
Adding a CAPTCHA like is certainly an option and we may take that route. We need to keep in mind that we’d need to do this on all the client apps as well, so it’s not a trivial change. Hopefully we can get there.
When one German customer emailed Apple’s SVP of software engineering Craig Federighi to suggest that Night Shift had more blue light than Flux, he received a reply explaining that there was good reason for this[…]
Given the display technology we push it as far as we can without introducing major red ghosting artifacts when scrolling / animating. (Unfortunately, the red phosphors in the LCD hold their color longer and when we shift the display too far into the red then scrolling results in irritating ghosting artifacts).
Update (2016-08-16): etendue:
Federighi’s response is nonsensical: LCDs don’t use phosphors in the color filter plane.
Sunday, August 14, 2016 [Tweets] [Favorites]
Laura Sydell (via Hacker News):
Delta canceled about 530 flights on Tuesday in addition to about 1,000 canceled a day earlier after a power outage in Atlanta brought down the company’s computers, grinding the airline’s operation virtually to a halt.
“Because they have to worry so much about safety and security, they are constrained in ways that other businesses aren’t,” he says. “Delta can’t just host its systems on Joe Blow’s cloud server somewhere else in the way that another business might be able to do.”
Kaplan says if Delta and other airlines distribute their computing to many different locations, it will make them more vulnerable to, say, hackers or terrorists. In other words, given a choice between more backup systems and more security, airlines are picking security.
First, AWS, Azure and GCE are not just “Joe Blow’s cloud server”, they are multi-billion dollar companies, and they all can provide hosting environments compliant with a multitude of security programs including SOC 1, 2, 3, PCI DSS, HIPAA, etc.
If a hospital can store patient records on AWS, why can’t Delta store my flight records there? If the government is worried that a public cloud leaves them open to terrorist attacks, then they can sponsor them to run on Gov Cloud for better isolation.
I am confused: they talk about terrorists & critically etc. And they have only 1 site holding their entire system with no backup? A couple of fibers to cut and those baddies cripple your airline?
There’s more information available now. Apparently part of their system switched to backups, but not all of it. A Delta rep says “We are actually fully operational, it’s just that we’re not able to use that newer interface.” Unclear what that means.
I like keeping a comprehensive an accurate addressbook that includes all past
email addresses for my contacts, including those which are no longer valid. I
do this because I want to be able to see conversations stretching back over the
years as originating from that person.
Unfortunately this causes problems when sending mail sometimes. On macOS, at
least as of El Capitan, neither the Mail application nor the Contacts
application have any mechanism for indicating preference-order of email
addresses that I’ve been able to find. Compounding this annoyance, when
completing a recipient’s address based on their name, it displays all email
addresses for a contact without showing their label, which means even if I
label one “preferred” or “USE THIS ONE NOW”, or “zzz don’t use this hasn’t
worked since 2005”, I can’t tell when I’m sending a message.
This has long been an issue for me. My workaround has been to put the old e-mail addresses in the note field, so that Mail doesn’t see them as addresses, but his “most recent outgoing address” hack sounds promising.
Xcode 8ß5: “Interface Builder is much less likely to modify documents on open, prior to any user events or manually saving.”
Of the files we tested, < 5% were still modified on open. Please file bugs for specific cases that still occur.
Finally. (And it seems to work with my files.)
David Owens II:
Xcode supports the concept of embedding frameworks into your bundle. This is essentially the same thing as the old “Copy Files” build phase where you can copy a dependency into your app bundle under a particular directly, such as “Frameworks”.
However, there is an extremely important distinction between the “Copy Files” build phase and the “Embed Frameworks” option.
If you are providing frameworks to people that you expect to be able to develop with and not just use at runtime, please be sure to distribute the non-embedded framework version! Otherwise, well, all of your consumers will face the above issues.
Anya Kamenetz (via Jeremy W. Sherman):
Last fall, the Organization for Economic Co-operation and Development published its first-ever, and one of the largest-ever, international analyses of student access to computers and how that relates to student learning. (The OECD administers the PISA test, the world-famous international academic ranking.)
For this report, the researchers asked millions of high school students in dozens of countries about their access to computers both in the classroom and at home, and compared their answers to scores on the 2012 PISA. Here’s the money quote:
“Students who use computers very frequently at school do a lot worse in most learning outcomes, even after controlling for social background and student demographics.”
Saturday, August 13, 2016 [Tweets] [Favorites]
Rick Tetzeli (via John Gruber):
Under Cook’s leadership, Apple has come to seem quite fallible to many people. Its recent products have seemed far less than perfect, at least compared to the collective memory of its astonishing iPod–iPhone–iPad run from 2001 to 2010. There are the public embarrassments, like its 2012 introduction of Maps, or those 2014 videos of reviewers bending, and breaking, an iPhone 6 Plus. Apple Pay hasn’t become the standard for a cashless society, and the Apple Watch “is not the watch we expect from Apple,” according to John Gruber, editor of Daring Fireball, the preeminent Apple-centric website. Then there are the design flaws: Apple Music has been saddled with too many features, as if it were something designed by, God forbid, Microsoft; the lens on the back of the iPhone 6 extrudes; the new Apple TV has an illogical interface and confusing remote control.
Perhaps, say the worriers, Apple is doing too many things at once, cranking out multiple editions of the watch, endless varieties of watchbands, iPhones, and iPads in numerous sizes, proprietary earbuds alongside headphones from Beats. Credible reports that the company is spending billions of dollars in R&D to explore the possibility of designing a car only heighten the fear that Apple is spread too thin. Steve Jobs had been the company’s editor, proud of saying no to features, products, business ideas, and new hires far more often than he said yes. Apple’s seemingly diffuse product line reinforces the argument that Cook is not as rigorous.
Eddy Cue on Apple Maps:
The advantage of us coming to this later in the game is that, yeah, we have to do some of that, but in order to stay updated we’re trying to use the iPhone itself, and the data it’s giving us. Let me give you a good example: a golf course. How do we know when a new golf course opens up? We’re not exactly driving around looking for golf courses. But we know it’s there, because there are all these golf apps that get used at a golf course. If we see that all these golf apps are being used at a particular location, and we don’t show that as a golf course, we probably have a problem. You can discover that pretty quickly.
This is a cute example, but is that really how Apple updates Maps? It doesn’t seem like this technique really scales.
And look, we made some significant changes to all of our development processes because of it. For example, the reason you as a customer are going to be able to test iOS is because of Maps. We were never able to take it out to a large number of users to get that feedback. So, to all of us living in Cupertino, Maps seemed pretty darn good. Right? The problems weren’t obvious to us. Now we do a lot more betas.
I lived on a major thoroughfare < 5mi from Apple Campus when Maps was released - it misplaced my address by ~3mi.
The “It worked for us near campus. How could we know it was crap elsewhere?” narrative is useful for recounting in interviews but it’s false
And Apple Maps still sucks. It doesn’t have the newer streets in Mission Bay that have been there for over a year. I keep reporting…
A world where people do not care about the quality of their experience is not a good world for Apple. A world where people care about those details and want to complain about them is the world where our values shine. That is our obsession.
He’s saying the right things, but I’m not seeing this consistently come through in the products. Apple seems too unfocused, spread too thin, still in denial of how buggy their software has become. The iOS 9.3.4 update still hasn’t fixed the Camera audio bug, and it made my iPhone stop charging, at a very inconvenient time, so that I thought its Lightning port was damaged. Preview, long a reliable app, now regularly has drawing glitches and hangs. One of my apps hasn’t been up-to-date in the Mac App Store since May, and it is currently removed from sale, because of multiple backend store bugs. True or not, the perception is that the reality TV show and the car are distracting the company from working on the aging Mac lineup. Schiller’s triumphant “Can’t innovate anymore, my ass” line has become a punchline. The removal of the iPhone’s headphone jack seems like a parody of an Apple design decision. I want a new MacBook Pro, but at this point I’m more worried about the new keyboard and that Apple might do something more to make it less Pro, like remove Thunderbolt or the SD slot, than I am excited about what new features it might offer.
What I think is interesting is how much Federighi and Cue play up the benefits of data collection elements, I’ve never seen them emphasise it like this before. Usually, it’s very quaint with endless assurances about privacy and anonymity. In this interview, though, they admit that the data they do collate is enough to accurately pinpoint new sports venues.
Towards the end of the interview, Cue and Federighi mentioned the largely similar work relationship seen with both Tim Cook and former CEO Steve Jobs. Although the approach each took in tackling the job has been “completely different,” Cue said there’s one common factor he’s had with both: “I never wanted to disappoint Steve. I never want to disappoint Tim.”
Peter N Lewis:
Eddy Cue’s “We want to be there from when you wake up till when you decide to go to sleep” sounds disturbingly like the Microsoft of the 90s.
Update (2016-08-13): McCloud:
Regarding Todd Ditchendorf’s tweets: I once tried to use Apple Maps to go from One Infinite Loop to a UPS store, took me to Marriott.
Update (2016-08-15): Nick Heer:
It doesn’t really matter whether there’s a real decline in Apple’s software quality, or if it’s mostly an exaggeration bolstered by a larger user base and increased media coverage. What is concerning is the sentiment I perceive in Cue’s explanation — that a bug affecting 1% of users is comparable in 2016 to one affecting 1% of users in, say, 2006 or 1996. But, as he says, there’s an enormous chasm in the actual number of users affected, and that’s what’s particularly concerning. If Apple is pushing out, to be generous, one-quarter of the number of these bugs as they were ten years ago, that means that they’re still affecting orders of magnitude more users.
My perception is that it’s not just the larger user base. I personally encounter a lot more Apple bugs than I used to.
Update (2017-01-06): Dr. Drang:
I swear I’m not making this up. Today I asked Siri for directions to Midway [airport, near his location in Chicago], and she started giving me directions to Midway Island [in the Pacific].
On the surface (pun unintended), Apple proffers the iPad Pro as a computer. We don’t begrudge Apple its right to ‘performance bragging’: Witness Apple’s rightfully proud statements about its powerful homegrown Ax line of processors and the impending A10 64-bit processors that easily outperform Seymour Cray’s supercomputers. But simply promoting the iPad to ‘computer’ avoids the real issue: Is the iPad Pro a PC replacement? Can we toss out our laptops and move wholly to our iPads?
The problem with the iPad is both hardware and software related. Anything work related you can do on an iPad can, in most cases be done faster on a Mac. No question.
This is still one of the fundamental problems with having the iPad attached to a keyboard — when you need to interact with the screen, you have to raise your arm out in front of you to interact with apps, it’s cumbersome and gets tiring very quickly.
iPads are great to use while you’re lounging on the couch. However, they are not so great to use for extended periods of time at a desk.
Remember when @tim_cook talked about android tablet apps being blown up phone apps?
The new Apple Store app on iPad is just the iPhone version blown up to fit the screen. Come on…
Mark Gurman (Hacker News):
The most significant addition to the new MacBook Pro is a secondary display above the keyboard that replaces the standard function key row. Instead of physical keys, a strip-like screen will present functions on an as-needed basis that fit the current task or application. The smaller display will use Organic Light-Emitting Diodes, a thinner, lighter and sharper screen technology, KGI Securities analyst Ming-Chi Kuo said earlier this year.
Apple’s goal with the dedicated function display is to simplify keyboard shortcuts traditionally used by experienced users. The panel will theoretically display media playback controls when iTunes is open, while it could display editing commands like cut and paste during word processing tasks, the people said. The display also allows Apple to add new buttons via software updates rather than through more expensive, slower hardware refreshes.
I think a multipurpose, adaptable function strip would be infinitely more useful than a strip of function keys. Here’s what I mean: look at your keyboard from an oblique angle and notice all the places where the original plastic texture remains, and where it has been worn down. If your keyboard is anything like mine, it’s probably mostly shiny, but the strip of function keys at the top likely looks pretty similar to the day you bought it. Those keys have valuable purposes, of course, but they’re nowhere near as oft-used as the rest of the keyboard. Why fix them in plastic?
The possibilities are intriguing, but I use Esc all the time in Terminal, as well as function keys programmed for other tasks, and this change is likely to make using those keys less convenient and comfortable. Instead of removing keys, I would rather Apple add more and restore the arrow keys to full size. For a Pro notebook, I want more storage and more screen space, not a yet thinner computer that compromises everything else.
I’m surprised nobody has mentioned the loss of the ESC key. I use Vim and touch that key all day long. Replacing that with a touch button sounds like a terrible idea for usability. Clearly nobody in charge at Apple is also a vi user.
There is also the unaddressed issue of how terrible OLED displays are for anything persistent (they burn in), consume power when idle and offer no tactile feedback.
John Gordon reminds that older documents don’t open in Microsoft Word 2008 and later. Microsoft recommends using Microsoft Word 2004 or TextEdit. If you still have the ability to run Office 2004, it’s probably a good idea to migrate any remaining .doc and .xls files to .docx and .xlsx soon. Microsoft supports file formats for longer than Apple, but not forever.
Yup there’s the Office Migration Manager but it’s Windows only.
There was a program called MacLinkPlus that did pretty good conversions of all formats from the 80’s and 90’s. Unfortunately its PPC. I’m pretty sure I have a copy on my old G5. (Which hasn’t been booted in years)
Reportedly LibreOffice can do the conversion as well.
MIT (via Hacker News):
Papert’s career traversed a trio of influential movements: child development, artificial intelligence, and educational technologies. Based on his insights into children’s thinking and learning, Papert recognized that computers could be used not just to deliver information and instruction, but also to empower children to experiment, explore, and express themselves. The central tenet of his Constructionist theory of learning is that people build knowledge most effectively when they are actively engaged in constructing things in the world. As early as 1968, Papert introduced the idea that computer programming and debugging can provide children a way to think about their own thinking and learn about their own learning.
Papert was among the first to recognize the revolutionary potential of computers in education. In the late 1960s, at a time when computers still cost hundreds of thousands of dollars, Papert came up with the idea for Logo, the first programming language for children. Children used Logo to program the movements of a “turtle”–either in the form of a small mechanical robot or a graphic object on the computer screen. In his seminal book Mindstorms: Children, Computers and Powerful Ideas (1980), Papert argued against “the computer being used to program the child.” He presented an alternative approach in which “the child programs the computer and, in doing so, both acquires a sense of mastery over a piece of the most modern and powerful technology and establishes an intimate contact with some of the deepest ideas from science, from mathematics, and from the art of intellectual model building.”
Friday, August 12, 2016 [Tweets] [Favorites]
Twitter is opening the blue checkmark to everyone. Starting today, the company will let users request a verified account on its website by filling out a form with a verified phone number and email address, a profile photo, and additional information regarding why verification is required or helpful. In defining who will get approved, Twitter still says “an account may be verified if it is determined to be of public interest.” Prior to today, Twitter tended only to verify public figures, brands, and people in media, politics, sports, business, and other high-profile sectors.
It’s unclear why Twitter is opening the process to the public. The company says it has about 187,000 verified accounts, but around 310 million monthly active users. The disparity there, alongside increased pressure to provide anti-harassment tools, means more and more users may only be interacting with those who share their verification status. For instance, Twitter lets verified users filter their notifications to only show replies, mentions, or likes by other verified users. (The new Engage app offers some of those features to regular users as well.)
I submitted the form and was notified about three weeks later that I was verified. Others have gotten quicker approvals and rejections. It is not clear what criteria Twitter is using or why it is limiting certain features to verified users.
According to 10 high-level former employees, the social network’s long history with abuse has been fraught with inaction and organizational disarray. Taken together, these interviews tell the story of a company that’s been ill-equipped to handle harassment since its beginnings. Fenced in by an abiding commitment to free speech above all else and a unique product that makes moderation difficult and trolling almost effortless, Twitter has, over a chaotic first decade marked by shifting business priorities and institutional confusion, allowed abuse and harassment to continue to grow as a chronic problem and perpetual secondary internal priority. On Twitter, abuse is not just a bug, but — to use the Silicon Valley term of art — a fundamental feature.
Talk to enough Twitter insiders and one thing becomes painfully evident: The company’s understanding of its platform hasn’t always been clear to employees, even at senior levels — a problem that has made it difficult to understand how to police harassment. One source recalls that, when asked, Jack Dorsey refused to answer exactly what kind of tool Twitter was. “He said, ‘Twitter brings you closer,’” the former employee recalled. “And I said, ‘To what?’ and he replied, ‘Our users always finish that sentence for us.’ And to me, I thought, Well, it’s going to be really difficult to set policy in place if we can’t define what this thing is.”
Internally, employees have long raised questions about whether Twitter was a media company — a broadcast platform that should be governed by content standards and practices similar to a a television network — or a piece of the internet’s infrastructure, like an ISP, that should remain open and free.
They ended up with a system that works kind of like the App Store: unclear rules, inconsistently applied, with certain people getting favorable treatment, and the sense that the platform isn’t providing the tools its users want.
Sources inside the company in the years after Twitter’s IPO also said that product decisions were often scrapped or never advanced out of initial tests if they were thought to inhibit user growth.
Update (2016-08-12): Lee Bennett:
Curious you got verified. They rejected @floridaconf that I control, official account for Adventist denomination in Florida.
Update (2016-08-13): Charlie Warzel:
According to a former senior Twitter employee, Costolo ordered employees to deploy an algorithm (which was built in-house by feeding it thousands of examples of abuse and harassing tweets) that would filter out abusive language directed at Obama. Another source said the media partnerships team also manually censored tweets, noting that Twitter’s public quality-filtering algorithms were inconsistent. Two sources told BuzzFeed News that this decision was kept from senior company employees for fear they would object to the decision.
Update (2016-08-18): Twitter:
Last year we began testing a quality filter setting and we’re now rolling out a feature for everyone. When turned on, the filter can improve the quality of Tweets you see by using a variety of signals, such as account origin and behavior. Turning it on filters lower-quality content, like duplicate Tweets or content that appears to be automated, from your notifications and other parts of your Twitter experience. It does not filter content from people you follow or accounts you’ve recently interacted with – and depending on your preferences, you can turn it on or off in your notifications settings.
While our work is not done, today we are announcing that we have suspended an additional 235,000 accounts for violating our policies related to promotion of terrorism in the six months since our February 2016 post. This brings our overall number of suspensions to 360,000 since the middle of 2015. As noted by numerous third parties, our efforts continue to drive meaningful results, including a significant shift in this type of activity off of Twitter.
Thursday, August 11, 2016 [Tweets] [Favorites]
More than one hundred new and redesigned emoji characters will be available to iPhone and iPad users this fall with iOS 10. This exciting update brings more gender options to existing characters, including new female athletes and professionals, adds beautiful redesigns of popular emoji, a new rainbow flag and more family options.
The emoji depicting people and faces now use a new gradient style to give them a visual refresh. The default yellow face emoji now look more artistic and less like ‘Simpsons’. In fact, they look more like traditional emoticons from chatrooms.
The new public betas now include 10 additional families: every combination of single mom and single dad with one and two children across gender binaries. I’m not sure what families with more than two children use for emoji, but there you go—these are both symbolic and concrete at once. Technically, these new families involve coding of combinations of emoji using Zero Width Joiners (ZWJs), which Jason explains in detail in his column. When you open an iOS Pages document containing the new families using El Capitan, those combos are revealed, such as a woman, a boy, and a girl instead of the all-in-one single mom plus one boy and girl emoji.
Apple has also added gender variants for all sports and professions in which a male or ostensibly non-gendered figure was provided before. There’s now a basketball player with cropped hair and one with a ponytail and the slighest suggestion of breasts. For swimmers, the male and female differ between a partial unclothed male torso and a swimsuit on the female version.
Now, Apple hasn’t gone that far. It’s still in the hills above the uncanny valley. But compare the before and after faces, and you’ll see a more definitive expression than the previous drawings. The emoji look like someone specific, instead of a generic impression. (The new “woman” emoji looks eerily similar to a tech reporter friend; I shared it with her and she agreed.)
Jeremy Burge (via Jason Snell, Hacker News):
Pistol emoji has changed from a realistic-looking gun in iOS 9.3 to a bright green toy water gun in the iOS 10 beta.
In the history of running Emojipedia, I have never seen an emoji change so poorly received.
If Apple goes ahead with this change in the public iOS 10 release, one person could innocently tweet a toy and have that be seen by others as a weapon. […] All other vendors display this emoji as a real gun.
The unicode code chart actually says “PISTOL = handgun, revolver”, and the reference glyph (with a larger version on page 4) is pretty clearly a Beretta M9.
Intriguingly, Microsoft is switching their pistol emoji from a toy sci-fi ray guy to a realistic revolver. And Ben Sandofsky argues that the new emoji should be a variant, not a replacement, to avoid the ambiguity of the glyph conveying a very different meaning depending on the recipient’s OS.
Benjamin Mayo (tweet):
With previous iOS versions, Apple presented this emoji as an actual gunmetal pistol. With iOS 10, they’ve changed it to a green toy water gun. I don’t like how they have handled this. This has nothing to do with the associated political implications of free speech and everything to do with the way Apple has implemented this technically.
My personal qualm is that Apple has distorted the integrity of the Emoji language by replacing the glyph for a character which has a very different meaning. A toy water gun depicts very different intentions than a real gun.
While I’m on it, I’ve heard from a little birdie that Apple’s new water pistol glyph was in fact changed from left-pointing to right-pointing, but only in internal-to-Apple builds of iOS. The idea was to make the water pistol pair well with the “splashing sweat” symbol, which to date has been rendered left-to-right. But because flipping the gun direction changes the meaning when it’s paired with any other emoji to its left, it was decided that it would be easier to flip the direction of the splashing emoji and leave the pistol left-pointing. If Apple does change the splash direction, it will also pair better with the much-beloved eggplant.
In this case, the change to the squirt gun emoji comes nearly a year after a social media campaign called #DisarmTheiPhone was launched by advocacy group New Yorkers Against Gun Violence, with the goal of pressuring Apple to drop support for the revolver emoji.
Previously, Apple was reported to have pressured the emoji masters of the universe —the Unicode consortium, an international standards body — to drop plans to add a rifle emoji to the set.
There are now around a thousand base emojis and tens of thousands of variations. One day, in a dark mood, I wondered: What are the least-loved emojis? I checked out the live stats on emojitracker.com and asked Jeremy Burge of Emojipedia for his site’s least-favorite emojis. The result is this list: The world’s least-loved emojis.
Stephanie Studer (via Hacker News):
Kim Uryong, a professor of communication at Hankuk University of Foreign Studies in Seoul, says emoji are South Korea’s “third language” (after Korean and English) – worthy, he thinks, of their own dictionary.
Stickers give cadence and character, punch-lines and punctuation, to South Korean text-speak. They act as qualifiers that inflect words with humour or sadness; they also establish an intimacy that most would shy away from in face-to-face dialogue. Many appeal for forgiveness. A dog called Frodo, one of KakaoTalk’s signature characters, proffers a bouquet of roses on one knee while perspiring.
Emoji in South Korea and Japan tend towards over-dramatisation, irony and self-mockery. They appeal not just to the young but also to middle-aged office workers looking to smooth awkward or delicate situations with bosses, colleagues and family members. One sticker set revolves around “Salaryman Mr Ho”, who veers between slumping over his desk from exhaustion surrounded by energy drinks, spinning gleefully in the CEO’s chair, and crying with rage. Kim’s recent hits include a crotchety grandmother who curses a lot – a softer way for chat-app users to swear in front of their elders – and a loving father-daughter set in which the girl gently admonishes her dad. Kim says wives use such stickers to show their disapproval of their husbands’ behaviour – when they’ve been out drinking late, for example.
See also: Hacker News.
Update (2016-08-13): Becky Hansmeyer:
As I seek to understand more about the popularity of stickers in messaging apps (hint: they’re more than just big emoji!), I thought I’d share some of the interesting articles I’ve come across.
Update (2016-08-15): Pierre Lebeaupin:
When I first heard of the change, I was already skeptical, and after pondering it some more, I have reason to think the benefits are not worth the costs.
To begin with, by doing it this way Apple makes the change retroactive. Any piece of text (email, text message, blog post, article, photo caption, or of course tweet) with a pistol emoji has now had its meaning retroactively changed when viewed on the latest iOS 10 beta. This change does not just affect newly received messages: any time the pistol emoji was used in the last few years will be affected by this change.
It’s not clear to me that there even is a benefit. I suppose the idea is that Apple, the company that made the 1984 ad, thinks that Newspeak emoji would reduce real-world violence. I’m not aware of any evidence that would support that hypothesis, and any potential effect might actually be reversed by the ambiguity the change introduces with other platforms.
Monday, August 1, 2016 [Tweets] [Favorites]
It is with sadness that we announce Kagi has ceased operations as of July 31st, 2016.
For the past ten years Kagi has been struggling to recover from financial losses due to a supplier fraud situation. We have reduced the debt but the recovery has failed and forced us to close.
I’ve bought tons of software through Kagi. They were pretty much synonymous with Mac shareware. I used them as a payment process for ATPM in the late 90s; this was not a good experience because we experienced payer fraud. I also used them as a backup payment processor for C-Command in the early 2000s; that went well, although configuring things in the store was a much more manual process than with the newer payment services.
See also: Eric Slivka, James Thomson, Ilja A. Iwas, Daniel Jalkut.
Update (2016-08-13): Adam C. Engst:
Over ten years ago, Kagi was looking to expand its business. In the process, they started handling subscriptions for a company selling a legal consulting service — the idea was that you’d pay a $29 monthly fee and be able to get answers to legal questions. The company was both legit and seemingly successful, and the service was real, but what Kagi missed in their due diligence was that the firm’s sales team used high-pressure sales tactics. As a result, many customers were unhappy, and to avoid further pressure when trying to cancel their subscriptions, they instead disputed the credit card charges, generating what Kee described as “an amazingly large number of chargebacks.”
After four months of refining the legal consulting company’s process to set customer expectations appropriately and improving the chargeback process, however, Kagi realized that the problems weren’t going to go away and dropped the company as a client.
The legal consulting company then reneged on its responsibility to repay Kagi for both the $25 chargebacks and the $29 subscriptions, leaving Kagi with a massive debt. That’s an unacceptable way to run a business, to say the least, but when Kagi eventually took the matter to arbitration and won, the settlement didn’t even pay for Kagi’s legal fees.
As you may or may not know, I started with Kagi back in 1996, when getting shareware payments still often involved people mailing in checks.
I’m really sad to see this happen. Many of us owe a huge thanks to Kee for starting the service - if it weren’t for him, I don’t think I would have been able to quit my day job and turn St. Clair Software into a full-time business.
Peter N Lewis:
It’s a tragedy for all concerned. As Kagi’s first customer, I whole heartedly agree with Jon, I doubt very much whether I would have been able to spend the last twenty odd years in this business.
Before Kagi, I collected piles of US checks and cash and periodically sent to a US bank account. It was tedious and problematic to say the least, didn’t deal with tax issues, and couldn’t process credit cards.
I’ve dealt with businesses before that ended up going under, and they gave a warning a few weeks ahead of time so that I’d be able to get set up with a new company and have a smooth transition. Kagi did not do that. In addition to probably losing two whole months of sales, Kagi’s users are stuck with no store, and consequently no income, until a new store can be set up. As an additional insult to injury, we were not even given the opportunity to download our customer databases before they shredded the servers. It’s sad that Kagi wasn’t able to stay in business anymore, but does that really justify treating their longtime loyal customers this way?
Wow, I remember using Kagi to purchase shareware for many years.
Love and respect for Kagi. They were so great for so long.
I wrote “Kagi Registration Module (lack of) security” in 2008… Also, all the comments are worth reading.