Archive for February 15, 2017

Wednesday, February 15, 2017 [Tweets] [Favorites]

Grand Central Dispatch’s Achilles Heel

Wil Shipley (tweet):

I don’t know much about the internals of GCD so I can’t speak with authority, but it seems like this could be solved with a couple of minor changes to sync(): figure out if the destination queue is the current queue, and if so just execute the submitted block immediately and return. This wouldn’t even be a source or binary-breaking change, because, again, the current behavior is HANG the app.

And, in fact, this is the workaround third-party programmers have made for the last several years. If you do a Google search for dispatch_get_current_queue [now deprecated] you’ll see a bunch of developers complaining about that call disappearing because they were using it for this hack.

[…]

Hopefully you’re as horrified by this mess as I am. This is the very model of spaghetti code. Last week I ported this file from macOS 10.8 to 10.12 and honestly I still couldn’t come up with a good way to re-architect it. I’m bending over backwards to interact with the main thread in multiple places in this codebase and I’m not sure if I’m on the main thread or not and it’s a nightmare.

Greg Parker:

dispatch_get_current_queue() == someQueue is insufficient to avoid the deadlocks you describe.

Rob Napier:

Interestingly, they did fix this in CoreData on top of GCD. performAndWait is reentrant. But unsure how they implemented.

Reverse Engineering Stickies.app

Alex Denisov:

The task becomes easy since the six colors are hardcoded in the binary. I just need to find where exactly and change the values to ones I like more.

[…]

What is important here: three consecutive values starting at 0x10000c790 moved to xmm_ registers. I’m not 100% sure, but I’d assume that they are used to pass parameters into colorWithDeviceRed:green:blue:alpha:.

[…]

Now I know where the colors reside in code. I need to find them in the binary. The address of a first color component is 0x10000c790. To find its on-disk address I need to subtract a base address from it. The base address can be obtained via LLDB as well.

[…]

Now I can use xxd with -s (--seek) and -l (--length) parameters to get exactly 8 bytes at a given address.

Switch 2FA From SMS to an App

Laura Shin (via David Heinemeier Hansson):

“So I called the company to make sure I hadn’t forgotten to pay my phone bill, and they said, you don’t have a phone with us. You transferred your phone away to another company,” he says. A hacker had faked his identity and transferred his phone number from T-Mobile to a carrier called Bandwidth that was linked to a Google Voice account in the hacker’s possession. Once all the calls and messages to Kenna’s number were being routed to them, the hacker(s) then reset the passwords for Kenna’s email addresses by having the SMS codes sent to them (or, technically, to Kenna’s number, newly in their possession). Within seven minutes of being locked out of his first account, Kenna was shut out of of up to 30 others, including two banks, PayPal, two bitcoin services — and, crucially, his Windows account, which was the key to his PC.

[…]

Last summer, the National Institutes of Standards and Technology, which sets security standards for the federal government, “deprecated” or indicated it would likely remove support for 2FA via SMS for security. While the security level for the private sector is different from that of the government, Paul Grassi, NIST senior standards and technology advisor, says SMS “never really proved possession of a phone because you can forward your text messages or get them on email or on your Verizon website with just a password. It really wasn’t proving that second factor.”

Usher Will Be Stepping Aside

Many Tricks:

QuickTime is very old, and obviously no longer updated. (It’s so old that it’s not even 64-bit code.) Newer video formats may cause issues, and we can’t resolve those issues in Usher because they’re actually in QuickTime. Given these age-related issues with QuickTime, we’re no longer comfortable selling and supporting Usher to new buyers, so we’ve decided it’s retirement time.

[…]

Beyond the market size, we can’t just delete “old QuickTime” and insert “QuickTime X” and be done with it. The two are very different, so much so that we’d need to totally rewrite the engine that drives Usher. And that’s a huge job…and one that wouldn’t ever be paid back in sales, due to the limited market size.

Previously: The Curious Case of QuickTime X, What Is Apple Doing With QuickTime?, AV Foundation and the Void.

Swift and Objective-C Forever?

Jeff Johnson (Hacker News):

When Swift became public in 2014, its creator Chris Lattner seemed to claim that Swift and Objective-C would coexist indefinitely.

[…]

The problem is that nobody believes this. And of course Lattner has now left Apple, so he won’t be there to take the criticism is his claim turns out to be false. The consensus among developers is that Apple will eventually deprecate Objective-C, and Swift will become the sole first class language for Cocoa app development.

[…]

You only have to review the history of Apple developer relations to see the long string of deprecations, disappointments, suffering, and broken promises. Objective-C garbage collection, 64-bit Carbon, the Cocoa-Java bridge, Yellow Box for Windows, Dylan. Need I go on? I could go on. Apple evangelists will tell you that Swift is the best programming language ever and then turn around and tell you that we’ve always been at war with Swift.

[…]

The people who think Apple will deprecate Objective-C, how do they think Apple can handle it? Some people suggest that Apple will deprecate Objective-C externally, but they will continue Objective-C development internally and indefinitely. However, I think these people underestimate the problem. Given the amount of Objective-C code Apple has, and the constraints they’re working under, taking the slow road internally to a Swift future would be a very slow road indeed.

I don’t see Apple dropping Swift. The technology seems to be sound, and Apple has really put its reputation on the line in a way that it didn’t with the other canceled projects. Plus, unlike those, Swift already has massive adoption outside of Apple.

That said, I expect that Objective-C, while not being deprecated, will decline in popularity the same way that Carbon—also officially a first-class coexister—did. I don’t think that Apple will maintain sample code parity for much longer.

Johnson is right that there are many open questions about how Apple will manage this transition—if that’s what it is—both internally and externally. It will affect the OS itself, Apple’s apps, the public APIs, and Apple’s own staffing. It’s got to be difficult for Apple to hire and retain WebObjects programers for its internal services, and it could face similar issues, to a lesser extent, if developers continue to switch to Swift.