Archive for June 2017

Friday, June 30, 2017

Web Form Data Sent Before You Click “Submit”

Kashmir Hill and Surya Mattu:

But it’s too late. Your email address and phone number have already been sent to a server at “,” which is owned by NaviStone, a company that advertises its ability to unmask anonymous website visitors and figure out their home addresses. NaviStone’s code on Quicken’s site invisibly grabbed each piece of your information as you filled it out, before you could hit the “Submit” button.


In yesterday’s report on Acurian Health, University of Washington law professor Ryan Calo told Gizmodo that giving users a “send” or “submit” button, but then sending the entered information regardless of whether the button is pressed or not, clearly violates a user’s expectation of what will happen. Calo said it could violate a federal law against unfair and deceptive practices, as well as laws against deceptive trade practices in California and Massachusetts. A complaint on those grounds, Calo said, “would not be laughed out of court.”

Chris Lattner on the Realm WWDC 2017 Swift Panel

Ole Begemann:

Chris Lattner was a guest on a Swift panel during WWDC a few weeks ago. Here are some quotes I found interesting, edited for brevity and clarity. (Iʼm focusing on Chris Lattner here, but the other panelists — Kamilah Taylor, Kevin Ballard, and Jesse Squires — also had interesting things to say. You should really watch the whole thing if you can.)

Previously: WWDC 2017 Links.

Writing a Really, Really Fast JSON Parser

Chad Austin (via Hacker News):

Here are the optimizations that mattered:

  • Moved the input and output pointers into locals instead of members, which helps VC++ and Clang understand that they can be placed in registers. (gcc was already performing that optimization.) 71078d3 4a07c77
  • Replaced the entire parse loop with a goto state machine. Surprisingly, not only was this a performance win, but it actually made the code clearer. 3828769 05b3ec8 c02cb31
  • Change an 8-entry enum to a uint8_t instead of the pointer-sized value it was defaulting to. 799c55f
  • Duplicated a bit of code to avoid needing to call a function pointer. 44ec0df
  • Tiny microoptimizations like avoiding branches and unnecessary data flow. 235d330 002ba31 193b183 c23fa23
  • Store the tag bits at the bottom of the element index instead of the top, which avoids a shift on 64-bit. e7f2351


An iOS team at Dropbox replaced JSONSerialization with sajson and cut their initial load times by two thirds!

Previously: Parsing JSON Is a Minefield.

Swift 4: JSON With Encoder and Encodable

Greg Heo:

Rather than pore through all the source code for encoding and decoding, let’s take a different approach and step through a simple example: how does a single Int instance wind its way through JSONEncoder and become JSON data?


To summarize: our Swift values get turned into their Foundation object equivalents by JSONEncoder and friends, then these objects get JSON-ified by JSONSerialization.


Now what about the reverse, decoding? And how can you write custom encoders and decoders for formats other than JSON, say protocol buffers? Stay tuned for more, or why not dig into the code and see what you find?

Thursday, June 29, 2017

My 2017 iMac

The Mac Pro is still an unavailable unknown, and the iMac Pro is not really what I was looking for, so I upgraded my 2012 MacBook Pro to a 2017 iMac (27-inch, 4.2 GHz i7).

I got the version with a built-in VESA mount. I’m mounting it on an UPLIFT View Monitor Arm, which is rated for up to 19.8 lbs. The non-VESA iMac is listed at 20.8 lbs., and Apple wasn’t able to tell me the weight without the stand, but this combination seems to work fine after I turned the weight adjustment all the way. If I were buying again, I might try to find an arm that has a little bit more range of vertical motion.

It’s been a long time since I upgraded RAM in a Mac, since my last several Macs were either not upgradeable or I maxed them out from the start. This time, the iMac supports up to 64 GB. I bought it with 8 GB and added 32 GB, savings lots of money and ending up with more RAM than if I’d bought it from Apple. The door and levers were incredibly easy to use, probably the smoothest Mac RAM upgrade I’ve ever done.

This is my first Mac without Apple Hardware Test, and unfortunately the new Apple Diagnostics does not test RAM. I installed Memtest and ran it single-user mode. I seem to remember this taking a very long time with older Macs, but even with 40 GB of RAM it completed overnight.

The iMac’s display is incredible. My original plan was to keep the 30-inch Dell display that I used with the MacBook Pro as my main display, using the iMac on the left side as I did with the MacBook Pro. I thought I would miss the extra vertical space since the iMac’s 27-inch display is only 1,440 vs. 1,600 points high without scaling. However, the Retina text is so sharp and the colors are so nice that I ended up putting the Dell off to the side. I’ve found plenty of uses for all this screen space, but unfortunately the Mac sometimes fails to wake the external display, which reports that it isn’t getting any signal, even though the Mac still acts like there is a display attached. Resetting the PRAM and various other remedies haven’t helped. I have to power cycle the display to get it recognized, and then rearrange my windows (with the assistance of Moom).

I’m very happy to have Ethernet again. Technically, I could have used it with my MacBook Pro, but I didn’t have enough Thunderbolt ports to use the adapter and never bought a dock. Aside from Ethernet preventing the occasional problem with Wi-Fi disconnecting or joining the wrong network, network transfers are much faster than before, even though the other Macs I’m connecting to are using Wi-Fi.

Between the faster processor and SSD, everything feels faster. Building SpamSieve takes 1m15s (while the iMac was doing some Spotlight stuff and FileVault encryption in the background) vs. 1m54s on the MacBook Pro. Lightroom is also much faster at importing photos and building previews. Unfortunately for a desktop computer, the iMac seems just as prone to turning on its fans as the MacBook Pro. It’s fast, but just opening up Xcode makes it sound like it’s really working hard. And there is the aforementioned Kaby Lake hyper-threading bug.

I’ve long wanted more performance than a notebook could offer, but I resisted getting a desktop Mac because I didn’t want to deal with file syncing. However, over the years the software situation has improved. My code and text snippets are already in Git. My bug tracker and customer support database are online in FogBugz. My e-mail is in IMAP, and I can remotely train SpamSieve on the iMac from other devices. OmniFocus and Fantastical sync. My RSS feeds and passwords sync. Other key files are in Git repositories, Dropbox, or Resilio Sync. For the remaining documents, preferences, and app data (e.g. MarsEdit), I set up some scripts using rsync.

The iMac came with a Magic Mouse 2, which I expected not to use. I’ve always found its sharp edges uncomfortable when using other people’s Macs, and I would constantly be swiping by accident. However, I was having problems with my Logitech mouse not tracking well unless the batteries were very freshly charged, so I decided to give the Magic Mouse a solid try. I found that if I hold it differently, gripping the underneath sides between my thumb and fourth finger, it works much better. As my hand is no longer resting on top, I no longer really touch the sharp edge at all. I’m not sure yet whether I prefer swipe-scrolling to using a scroll wheel, but I like being able to swipe between pages and spaces. Another pleasant surprise is that the Magic Mouse works fine with my lotion gloves, whereas Apple’s trackpads and iOS devices don’t.

There are two problems with the Magic Mouse. The first is that the Mac often doesn’t recognize it at boot time—even after power cycling it, even though my Bluetooth keyboard works fine. So I have to use the arrow key on the keyboard to select my user for FileVault login, and there’s no way to click the Restart or Shut Down button.

The second problem is that it’s subject to the same spontaneous Bluetooth disconnects as all the Bluetooth keyboards I’ve use with Sierra. But, unlike the Magic Keyboard, the Magic Mouse cannot be used in wired mode because the Lightning connector is on the bottom.

Banning Force Unwrapping Swift Optionals

Alexandre Colucci:

Download a random Sample Code from Apple Developer website and look if and how force unwrapping is used.


Xcode’s Fix-it feature proposes to insert the explicit unwrap operator… even when it doesn’t make sense[…]


There are multiple solutions that are cleaner and safer than using an explicit unwrap. I also generally find the code more readable. Below are several examples.


Similarly to force unwrapping an optional, I see a lot of code dangerously using implicit unwrapped optionals. This kind of optionals should also be avoided… except in one case where it is extremely useful: When declaring an IBOutlet, you should use an implicit unwrapped optional because once the method viewDidLoad is called, the IBOutlet will be initialized.

Another case where IUOs are unfortunately needed is in test code, because the variables aren’t initialized until set setUp() method.

Type-Safe HTML in Swift

Brandon Williams:

An alternative approach to views is using “embedded domain specific languages” (EDSLs). In this approach we use an existing programming language (e.g. Swift), to build a system of types and functions that models the structure of the domain we are modeling (e.g. HTML).


We can use the type system to provide safety around how plain text is encoded for use with HTML. It allows us to prove that non-encoded strings never make it into our HTML.


Once you go down the road to thinking of views as functions (Data) -> [Node], you start to build up lots of lil helper views that can be reused in (hopefully) any which way. However, you soon find out that the data these subviews demand needs to be threaded all the way through the view hierarchy all the way back to the root view. This naturally leads one to something known as a Reader and solves this problem in a beautiful way.

Brandon Williams:

In our previous article we described how to build an EDSL to model HTML in Swift. Here we describe how to take our Node value type and render it to a string that can actually be served to the browser.

Brandon Williams:

Now we are going to tackle a problem that goes up one layer in the web-server request lifecycle: creating views. These are the things responsible for taking some data, say a list of articles, and creating the HTML to represent that data. It may sound easy, but there are a lot of difficult problems to solve with views. We want our views to be composable so that we can create small sub-views focused on rendering one piece of data and be able to reuse it. We also want our views to be flexible enough for future developments that are hard to see right now.

A Day Without JavaScript

Sonniesedge (via Hacker News, John Gruber):

So how was it? Well, with just a few minutes of sans-javascript life under my belt, my first impression was “Holy shit, things are fast without javascript”. There’s no ads. There’s no video loading at random times. There’s no sudden interrupts by “DO YOU WANT TO FUCKING SUBSCRIBE?” modals.

If this were the only manifestation of turning off javascript, I’d do this for the rest of time. However, a lot of things don’t work. Navigation is the most common failure mode. Hamburger menus fail to internally link to a nav section (come on, that’s an easy one kids). Forms die when javascript is taken away (point the form to an endpoint that accepts GET/POST queries ffs). Above the fold images fail to load (you do know they’re streaming by default, yes?).

Wednesday, June 28, 2017

Tony Fadell on Apple’s Pre-iPhone Devices

Jeremy White (via MacRumors):

The touchscreen Macbook project was basically trying to get touchscreen technology into a Mac to try to compete with Microsoft tablets. Steve was pissed off, and wanted to show them how to do it right. Well, that might have been the project to show Microsoft how to do it right, but they quickly realised there was so much software and there were so many new apps needed, and that everything had to be changed that it was very difficult. Plus the multitouch itself, we didn't know we could scale it that large to a full-screen display. Those were the challenges over on Mac.


It was very clear, after the Rokr, and after everything we had learned in what it was going to take, that the worry was about the 'celestial jukebox' - people wouldn't have to buy large capacity iPods, 150GB or so, because they were soon going to be able to download. So we had an existential problem, people were not going to have to buy larger and larger iPods. The high-capacity iPods were where we were making all our money, and if they could download at any time - and we could see the time when the networks were going to get faster because of 3G - we were like 'oh my God, we're going to lose this business' to this music jukebox in the sky, which is basically what Spotify is.

Previously: Scott Forstall Discusses the iPhone’s Creation.

MarsEdit 4 Public Beta

Daniel Jalkut:

The good news? MarsEdit 4 is finally shaping up. I plan to release the update later this year.


Customers who purchase a new MarsEdit 3 license from the Red Sweater Store between now and the final release will be entitled to a free upgrade to MarsEdit 4. Unfortunately, the Mac App Store does not accommodate free or discounted upgrades.

I’ve been using the private beta for a long time, and it’s been rock solid. I especially like the new feature to download the entire history of posts. Also, there have been a lot of changes under the hood, such as adopting Auto Layout and sandboxing.

Update (2017-06-29): See also: MarsEdit 4 and microblogs.

iOS 11 Control Center

Benjamin Mayo:

Each individual platter on the screen looks decent; some of the icons even animate in response to state changes for a nice touch of whimsy. Holistically, the layout is messy.


iOS 10 brainwashed me into thinking that one additional swipe to change page was a reasonable price to pay. I feel silly now for thinking that was acceptable. With a specific goal of access to quick actions, any Control Centre design that involves fewer intermediary interactions has to be superior.

It isn’t just about removing the need to swipe, the mental assessment of the current state of Control Centre also falls away. Your brain can rely on the button always being there. As soon as you finish swiping up, your finger can instantly start moving to the learned position of the Play/Pause button (for example).

The iOS 10 design drives me crazy. It is seemingly always on the wrong page, and with no discernible benefit over the more crowded single-page layout. The iOS 11 layout looks kind of funny but should work much better.

Delta Updates and App Thinning Do Not Solve the Apps-Are-Too-Damn-Big Problem

Matt Birchler (via John Gruber):

The internet is full of people who are both upset about these app sizes and those who think delta updates make this complaint void. I think it’s important that people understand that the size you see on the Updates page in the App Store is not how much you are going to download but it’s certainly not fair to say delta updates have fixed everything.


The fact [is] that someone could blow through 10% of their monthly data plan (2GB) just by updating Snapchat and Messenger once. This could be tough if you do it once, but Facebook updates Messenger all the time. They’ve updated the app 5 times in the past month, which could work out to upwards of 400-500 MB over just a month.

iPad File Transfer Frustrations

Mark Alldritt:

In the end, I had to FTP the file (using Panic’s Transmit) from the iPad to my Mac. From there I could copy the file to a USB memory stick. Side note: When sharing a massive file like this, the iPad should not go to sleep in the middle and abort the share operation – it sucked having to baby sit the thing to keep it from going to sleep.

The MacBook Adorable

Casey Liss:

To me, the real bummer is the lack of USB-C power passthrough on most USB-C devices available for sale today. As an example, when I attempted to do my initial Time Machine backup, I did so via the Ethernet dongle. However, I had to ensure the machine didn’t sleep, since it was on battery power. Furthermore, I had to stress out about whether or not it would complete the initial backup before the battery gave up, since I had no way to power the MacBook and have it connected via Ethernet.


I opted to get a maxed-out MacBook Adorable. It has the don’t-call-it-a-m7 i7 processor, 16 GB of RAM, and a half-terabyte SSD. For such a small computer, it was far from cheap, at around $2000.

Intel’s naming seems to be almost intentionally confusing. In this case, i7 means that it’s the high-end version of the low-power Core M processor. The i7 line name goes all the way from 3.5 W in the MacBook to 91 W in the iMac. This dual-core 1.4 GHz processor is slower than the i7 in the 2009 MacBook Pro and even the i5 in the MacBook Air.

Tuesday, June 27, 2017

Little Snitch 4 Public Beta

Objective Development (Hacker News):

Third party developers can now bundle their apps with an Internet Access Policy file containing descriptions of all network connections that are possibly triggered by their app. Little Snitch will then display that information to users, helping them in their decision how to handle a particular connection. A description of the policy file format will be provided soon.


The network filter now performs Deep Packet Inspection instead of the previous IP address based filtering. This results in much more precise filter matching, especially in those cases where one and the same IP address is possibly associated with multiple hostnames (e.g. vs.


The code signature of the connecting processes is now taken into account. If a rule was created for a process with a valid code signature, that rule will no longer match if the signature changes or becomes invalid. This prevents malicious software from hijacking existing rules.


To avoid a vast numbers of connection alerts from appearing when using common macOS and iCloud services, Little Snitch now provides preconfigured rulesets for these usage areas.

Sounds awesome. It is compatible with macOS 10.13 if you use the new option in System Preferences to allow the kernel extension to load. Previously, kernel extensions just had to be signed using a special key that you apply for. Going forward, Apple is deprecating kernel extensions, so hopefully they will be adding an extension point so that utilities like Little Snitch can continue to work. If you want to do novel things with the kernel that Apple hasn’t pre-planned for, it sounds like you’ll be out of luck.

Update (2017-06-29): See also: Little Snitch and Possible Deprecation of NKEs.

Bug in Skylake and Kaby Lake Hyper-threading

Henrique de Moraes Holschuh:

This advisory is about a processor/microcode defect recently identified on Intel Skylake and Intel Kaby Lake processors with hyper-threading enabled. This defect can, when triggered, cause unpredictable system behavior: it could cause spurious errors, such as application and system misbehavior, data corruption, and data loss.

It was brought to the attention of the Debian project that this defect is known to directly affect some Debian stable users (refer to the end of this advisory for details), thus this advisory.

Please note that the defect can potentially affect any operating system (it is not restricted to Debian, and it is not restricted to Linux-based systems). It can be either avoided (by disabling hyper-threading), or fixed (by updating the processor microcode).

Due to the difficult detection of potentially affected software, and the unpredictable nature of the defect, all users of the affected Intel processors are strongly urged to take action as recommended by this advisory.

Via Tom Harrington:

Check your Mac CPU with “sysctl machdep.cpu” and compare to this. [Skylake list, Kaby Lake list]

Developers who are concerned can use Instruments to disable hyperthreading until reboot. See Instruments prefs.

Unfortunately, the “Hardware Multi-Threading” setting in Instruments does not persist after the Mac reboots or sleeps, so you have to keep re-applying it. The good news is that Apple should be able to offer a software update that applies Intel’s microcode patch.

Update (2017-07-05): Xavier Leroy (via Hacker News):

Late April 2016, shortly after OCaml 4.03.0 was released, a Serious Industrial OCaml User (SIOU) contacted me privately with bad news: one of their applications, written in OCaml and compiled with OCaml 4.03.0, was crashing randomly. Not at every run, but once in a while it would segfault, at different places within the code. Moreover, the crashes were only observed on their most recent computers, those running Intel Skylake processors.


SIOU didn’t take my suggestions well, arguing (correctly) that they were running other CPU- and memory-intensive tests on their Skylake machines and only the ones written in OCaml would crash. Clearly, they thought their hardware was perfect and the bug was in my software. Great. I still managed to cajole them into running a memory test, which came back clean, but my suggestion about turning HT off was ignored. (Too bad, because this would have saved us much time.)

Update (2017-12-28): I contacted Apple in early August and was told that the bug would be addressed in High Sierra. However, as of macOS 10.13.2 there is no update for the processors. Mine still shows:

machdep.cpu.brand_string: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz 6
machdep.cpu.model: 158
machdep.cpu.extmodel: 9
machdep.cpu.extfamily: 0
machdep.cpu.stepping: 9
machdep.cpu.signature: 591593
machdep.cpu.microcode_version: 88

I spent a couple weeks in December going back and forth with Apple’s support people, trying to get an answer. None of the advisors had even heard of the bug. Eventually, a senior advisor escalated the issue to engineering. The engineer confirmed that Apple is aware of the bug but does not yet have a fix. They will not say when or even if Apple will ship a fix. Apple’s policy is not to comment on unreleased products.

Looking at Intel’s spec sheet, it appears that KBL095/KBW095 were not fixed as of August, so perhaps Apple is waiting on Intel for the Kaby Lake fix. (Intel has had an update for Skylake CPUs since at least June, but it’s not clear to me whether Apple has shipped it.)

For now, Apple recommends keeping hyper-threading turned off to prevent data corruption. This can be done by unchecking the “Preferences ‣ CPU ‣ Hardware Multi-Threading” setting in Instruments. Unfortunately, this setting is not preserved if you sleep or restart your Mac. Apple confirmed that there is no way to make the setting stick. (Years ago, the nvram command could be used.)

My recommendation is to set the Mac not to sleep the CPU and to add Instruments as a login item so that you remember to disable hyper-threading when your Mac starts up.

It’s not clear to me whether the Xeon W processors in the iMac Pro are affected.

See also: ArsTechnica, Hacker News, MacRumors, OCaml Mantis, Reddit, StackExchange.

APFS Native Normalization

The iOS transition to APFS seems to have gone very smoothly except for some Unicode normalization issues. Apple never really explained to developers how they could make their code work properly, most were not aware that there were issues at all, and the necessary app modifications were difficult to develop and fully test. In my view, pushing this responsibility onto apps was a recipe for endless obscure bugs and poor performance.

At WWDC 2017, Apple essentially admitted that they had made a mistake and told us how they are going to fix it. There is a short-term fix and also a long-term fix that will require another file system conversion. This is not yet documented in the APFS Guide, but here’s a summary of the different cases:

Update (2017-12-14): Despite the native normalization, I’m seeing problems with Git and accented filenames on macOS 10.13.2. If I edit a file with such a name, Git sees it as a new file, and therefore sees two files whose names differ only in normalization. It’s somewhat tricky to then remove the original entry.

Google Will Stop Reading Your E-mails for Gmail Ads

Mark Bergen (via John Gruber, tweet, MacRumors):

Google is stopping one of the most controversial advertising formats: ads inside Gmail that scan users’ email contents. The decision didn’t come from Google’s ad team, but from its cloud unit, which is angling to sign up more corporate customers.


Ads will continue to appear inside the free version of Gmail, as promoted messages. But instead of scanning a user’s email, the ads will now be targeted with other personal information Google already pulls from sources such as search and YouTube. Ads based on scanned email messages drew lawsuits and some of the most strident criticism the company faced in its early years, but offered marketers a much more targeted way to reach consumers.

Friday, June 23, 2017

Refactoring a Massive View Controller

Andrew Pontious:

Even though I wasn’t trying to finalize the design or the APIs yet, for each new area I pulled out, I found I could refine the previously-extracted areas. Exposed properties that before were accessed seemingly at random, I could now see were only used by one of the specific areas I’d pulled out, and only at specific times. I could start to move properties around between the extracted classes, cut and paste them where they should go. I could move closer to the encapsulation I wanted.

All without breaking anything, because I was taking such tiny, straightforward, safe steps.

That meant, by the time everything was extracted, I was actually much closer to a final design than I had any right to be, given initial conditions.

I have found this to be true as well.

Modern Python Dictionaries

Raymond Hettinger (slides):

Python’s dictionaries are stunningly good. Over the years, many great ideas have combined together to produce the modern implementation in Python 3.6.

This fun talk uses pictures and little bits of pure python code to explain all of the key ideas and how they evolved over time.

Includes newer features such as key-sharing, compaction, and versioning.

Brandon Rhodes:

Since my “Mighty Dictionary” talk at PyCon 2010, the Python dictionary has evolved dramatically. Come learn about all of the the improvements, up to and including the re-architecture that has just landed with Python 3.6! The talk will discuss iterable views, the dictionary’s dedicated comprehension syntax, random key ordering, the special key-sharing dictionary designed to underlie object collections, and, most famously of all, the new “compact dictionary” that cuts dictionary storage substantially — and carries a fascinating side-effect.

Each new feature that the talk discusses will be motivated by considering the trade-offs inherent in hash table data structure design, and followed up with hints about how you can now use the dictionary even more effectively in your own code!

Via Jake VanderPlas (via Hacker News):

One piece both mention is the addition in Python 3.6 of a private dictionary version to aid CPython optimization efforts […] “every dictionary has a version number, and elsewhere in memory a master version counter.”

PEP 509:

Python is hard to optimize because almost everything is mutable: builtin functions, function code, global variables, local variables, … can be modified at runtime. Implementing optimizations respecting the Python semantics requires to detect when “something changes”: we will call these checks “guards”.

The speedup of optimizations depends on the speed of guard checks. This PEP proposes to add a private version to dictionaries to implement fast guards on namespaces.

Previously: PyPy’s Hash Table Implementation, Python’s Dictionary Implementation.

JavaScriptCore Loves ES6

Saam Barati et al.:

This post describes the development of our first ES6 benchmark, which we call ARES-6. We used ARES–6 to drive significant optimization efforts in JSC, and this post describes three of them: high throughput generators, a new Map/Set implementation, and phantom spread. The post concludes with an analysis of performance data to show how JSC’s performance compares to other ES6 implementations.


The figure above shows the overall ARES-6 scores in three different browsers: Safari 11 (13604., Firefox 53.0.3, and Chrome 58.0.3029.110. Our data shows that we’re nearly to 1.8x faster than Chrome, and close to 5x faster than Firefox.

Swift’s MemoryLayout: size and stride

Russ Bishop:

This might surprise you: the size of some types can be zero but the stride will always be at least 1 byte. Having types take up at least 1 byte means you don't need a bunch of special casing everywhere you deal with memory to avoid calling malloc(0). This does mean an array of 100 zero size types allocates 100 bytes that are never read or written.

Is the Keyboard Faster Than the Mouse?

Dan Luu:

The most cited AskTog page on the topic claims that they’ve spent $50M of R&D and done all kinds of studies; the page claims that, among other things, the $50M in R&D showed “Test subjects consistently report that keyboarding is faster than mousing” and “The stopwatch consistently proves mousing is faster than keyboarding.”. The claim is that this both proves that the mouse is faster than the keyboard, and explains why programmers think the keyboard is faster than the mouse even though it’s slower. However, the result is unreproducible because “Tog” not only doesn’t cite the details of the experiments, Tog doesn’t even describe the experiments and just makes a blanket claim.


Unlike claims by either keyboard or mouse advocates, when I do experiments myself, the results are mixed. Some tasks are substantially faster if I use the keyboard and some are substantially faster if I use the mouse. Moreover, most of the results are easily predictable (when the results are similar, the prediction is that it would be hard to predict).


I didn’t realize that scrolling was so fast relative to searching (not explicitly mentioned in the blog post, but 1⁄2 of the text selection task). I tend to use search to scroll to things that are offscreen, but it appears that I should consider scrolling instead when I don’t want to drop my cursor in a specific position.

Thursday, June 22, 2017

The Tragedy of FireWire

Richard C. Moss (Hacker News):

He noted that Nintendo’s Game Boy link cable was unlike anything else, and they could make it unique to their technology by swapping the polarization around. The connector could use exactly the same technology—same pins and everything—and it would look different. Better yet, the Game Boy link cable was the first major connector that put the fragile springy parts inside the cable. That way, when the springy bits wear out, you just have to buy a new cable rather than replace or repair the device.

The problem with the FireWire 400 connector was that it wasn’t asymmetrical enough to prevent it from being jammed in backwards.

FireWire’s innovations as a technology were drawing attention from the tech press—Byte magazine awarded it Most Significant Technology, for instance—but within Apple, Teener recalls that simply keeping the project alive required a conspiracy between FireWire’s Apple and IBM collaborators. Supporters kept the project funded by each telling their marketing guys the other companies were going to use it.

Getting funded and getting shipped is not the same thing, however. The decision-makers in the Mac engineering and marketing groups refused to add FireWire to the Mac. “Their argument was, ‘Well, show us that it’s being adopted in the industry, and we’ll put it in,’” explained Sirkin. It was their technology, but they didn’t want to be first to push it.


After being informed of IBM’s hundreds of millions in yearly patent revenue, CEO Steve Jobs authorized a change in FireWire’s licensing policy. Apple would now charge a fee of $1 per port. […] A month later, Apple lowered the fee to 25 cents per (end-user) system, with that money distributed between all patent holders. But it was too late. Intel wasn’t coming back to the table.

Tooth Fairy

Tooth Fairy (via Brian Webster):

Tooth Fairy helps you to switch connection of selected bluetooth devices, for example, AirPods, directly from menu bar or even global hotkey.

I was surprised that the AirPods don’t just show up the Mac’s menu of speakers, like they do on iOS. You have to go to the Bluetooth menu (which you may not have any other reason to have enabled), find the AirPods, and choose Connect from the submenu. Tooth Fairy lets you set a hotkey—I chose F12 because of the speaker icon—to connect to the AirPods, and it has a hollow or filled indicator in the menu bar for whether they are connected. So you can also see when the AirPods have auto-reconnected to the Mac, e.g. because it was the last-used device, and you don’t have to manually connect to them.

Update (2017-08-04): Version 2.4 adds a battery level indicator.

H.265/HEVC and HEIF

Chris Adamson:

H.265 promises data rate savings of up to 50% over the ubiquitous H.264, meaning that your video can look much better with the same bandwidth, or can use half as much.


In 2017, the licensing situation is far worse. HEVC contains hundreds (probably thousands, but I couldn’t verify) of patented technologies. This has long been the case with the MPEG codecs, and the way they deal with this is with patent pools: rather than having to negotiate licenses with every company that has IP in the standard, “patent pools” like MPEG-LA offer a one-stop shop for paying all the needed licenses in one place. The problem is, some patent holders aren’t in the MPEG-LA pool. Some are in a rival pool, HEVC Advance. And then a third one recently popped up. And Technicolor SA has HEVC patents that aren’t in any of the pools, so everything still sucks. And the cherry on top is that the license demands are pricier than H.264, hitting makers of both encoders and decoders, as well as content providers. It’s pretty much a dumpster fire, and one reason that Netflix has stayed away from HEVC thusfar, according to a Streaming Media NAB article[…]


This feels like it could be the end of 10+ years of codec peace, and a return to the bad old days of the late 90s when internet media insisted users install plugins for Windows Media, RealPlayer, QuickTime Streaming, or Flash, based on the technology choices made by the content provider.

Kelly Thompson (via Gus Mueller):

Apple just offered up JPEG’s replacement, and it couldn’t come soon enough.


High Efficiency Image FormatHEIF—isn’t an Apple-invented format. It’s actually a standard created by the MPEG group, and it’s a container rather than a format. In Apple’s case, they’re using it to wrap still images compressed with the HEVC (a.k.a H.265) codec. The container is incredibly flexible, and can also store multiple images, audio, depth information, image sequences, thumbnails and many others—which makes it perfect for Apple’s Live Images and dual camera systems.


The format doesn’t just beat JPEG, JPEG 2000, JPEG XR, and WebP—it handily crushes them. It claims a 2 to 1 increase in compression over JPEG at similar quality levels. In our tests, we’ve seen even better levels, depending on the subject of the image.

See also: WWDC 2017 sessions 503 and 513.

Update (2017-06-30): See also: Glenn Fleishman.

Update (2017-07-13): Here’s a thread that explains how HEIF works in iOS 11. You can choose whether the camera capture in “High Efficiency” or “Most Compatible” format. If you choose the former, it’s not clear to me how lossy the conversion is if you later want your photos in JPEG format. Presumably you need to choose the latter if you want to transfer photos using Image Capture.

Resetting the volinfo.database

From time to time, my SuperDuper backups fail with the error “Could not enable permissions for volume __ : please restart your Macintosh”. Unfortunately, restarting doesn’t usually help. The fix is to delete the volume information database:

sudo rm /var/db/volinfo.database

The next time SuperDuper tries to enable ownership on the volume, the setting will stick, and SuperDuper will be able to complete the backup.

Update (2017-09-19): I think this fix is built into SuperDuper 2.9.2.

Wednesday, June 21, 2017

Acorn 6 Public Beta

Gus Mueller:

We’re doing something new with trials in Acorn 6. The direct version will get its usual 14 day trial, but after that’s up you’ll be able to still use Acorn to view your images. The only change will be that the tools are disabled if you choose not to purchase it. We’re also doing this for the App Store version in Acorn 6. When Acorn officially ships you’ll be able to download it for free and “purchase” a 14 day trial for $0.00. When that’s up you can keep on using Acorn to view your images, or you can unlock Acorn at the usual price. This will make it really easy for App Store customers to download Acorn and try it out.


If you purchase Acorn 5 directly from us between now and Acorn 6’s release, you’ll be emailed an Acorn 6 license when it ships. We aren’t able to do this for the App Store however (sorry).

The new version of Acorn sounds great. I still think this expiring $0 IAP is a confusing hack that’s worse for all parties than actual App Store support for trials.

Update (2017-07-12): Acorn 6 has shipped.

Scott Forstall Discusses the iPhone’s Creation

Computer History Museum:

Museum Historian John Markoff moderates a discussion with former iPhone team members Hugo Fiennes, Nitin Ganatra and Scott Herz, followed by a conversation with Scott Forstall.

Via Chance Miller, who has some good quotes, although I recommend watching the whole video. It’s too bad that Cook and Forstall couldn’t coexist.

Update (2017-06-22): Here’s the video on YouTube.

Update (2017-06-27): WSJ (via Chance Miller):

On the iPhone’s 10th birthday, former Apple executives Scott Forstall, Tony Fadell and Greg Christie recount the arduous process of turning Steve Jobs’s vision into one of the best-selling products ever made.

There’s some good stuff about the development of the keyboard.

Update (2018-05-08): See also: Part 2.

Tuesday, June 20, 2017

App Store Editorial Comes Out of the Shadows

Jason Snell:

In the redesigned App Store app in iOS 11, app highlights go way beyond buttons that would present an app’s App Store page when you tapped. The new Today tab is populated with full-fledged feature articles, with screen shots, videos, animations, pull quotes, and real writing. There are app spotlights, curated best-in-category collections, and even how-to articles.

No, this isn’t independent journalism—it’s curation and marketing. But it’s a sign that Apple sees the value in telling the stories of the apps it’s seen fit to highlight.

No word on whether this will make it into the Mac App Store.

See also: An In Depth Look At the New App Store, Information Density and the New App Store Design.

Inside Apple’s Global War on Leakers

William Turton:

To make sure of it, Apple has built an infrastructure and a team “to come after these leakers,” Joswiak says, and “they’re being quite effective.”


However, Rice says, Apple has cracked down on leaks from its factories so successfully that more breaches are now happening on Apple’s campuses in California than its factories abroad.


The stolen parts often end up in Huaqiangbei, one of the biggest electronics markets in the world, located in Shenzhen, Southern China. This market employs about a half million people and does about $20 billion a year in revenue, Rice says. One “particularly painful year” was 2013, when Apple had to buy back about 19,000 enclosures before the iPhone 5C announcement, he recalls, and then an additional 11,000 before the phones were shipped to customers. “So we’re buying as fast as we possibly can to try to keep it out of every blog on Earth,” Rice says.

Lots of stuff was kept secret for WWDC 2017.

Why Reach Navigation Should Replace the Navbar

Brad Ellis (via John Gruber):

Burgeoning screens mean the distance between the navbar and our thumbs has grown. The screen on a 7 Plus is so tall it would take a thumb-length increase of 150 percent to reach those pesky buttons with one hand.


Now here’s where the turn toward Reach Nav gets more apparent. Apple has already started weaning their apps off the navbar. Maps and Music both had structural redesigns for iOS 10 that diminished or removed the need for navbars.

Now both apps use a sheet you can swipe down to dismiss.


Here are some specifics on how to incorporate Reach Nav in your apps[…]

Swiping is often more convenient, even on an iPhone SE. I do this all the time in Overcast, even though I can reach the button.

Porting Objective-C to Swift

Jeff Johnson:

The disadvantage of the Generated Interface is that it breaks all of the existing Objective-C calls to that API. The automatic compiler API transformation does not work in reverse: when you import Swift into Objective-C, the Swift API stays the same, it doesn’t automatically become more “Objective”. So once you let the compiler do its dirty work on the API, you then have to refactor any leftover Objective-C files that use it. When you’re just beginning to port an entire Objective-C project to Swift, this can be a major pain.

One approach would be to add @obj() annotations to the Swift API to customize how it’s imported into Objective-C. Then you could preserve the existing calls in Objective-C files, as well as the existing calls in Swift files, and when everything has been ported to Swift, you can ditch the @obj(). This seems like a lot of busywork for a “temporary” solution, though[…].


However, Swift does not export global functions to Objective-C, so you can’t call global Swift functions in Objective-C code. In order to export a Swift function to Objective-C, you have to wrap it with an Objective-C object.

Amazon Buys Whole Foods

Ben Thompson:

This is the key to understanding the purchase of Whole Foods: to the outside it may seem that Amazon is buying a retailer. The truth, though, is that Amazon is buying a customer — the first-and-best customer that will instantly bring its grocery efforts to scale.

Today, all of the logistics that go into a Whole Foods store are for the purpose of stocking physical shelves: the entire operation is integrated. What I expect Amazon to do over the next few years is transform the Whole Foods supply chain into a service architecture based on primitives: meat, fruit, vegetables, baked goods, non-perishables (Whole Foods’ outsized reliance on store brands is something that I’m sure was very attractive to Amazon). What will make this massive investment worth it, though, is that there will be a guaranteed customer: Whole Foods Markets.

Update (2017-07-12): Beth Kowitt says that Whole Foods approached Amazon (via Ryan Jones).

Thursday, June 15, 2017

The Surprising Awesomeness of Grouped Dictionaries

Erica Sadun:

Dictionary grouping provides a solid solution for sequence partitioning by predicates. But you can also do a lot more with this API. Let me give you a bunch of examples that showcase the power of this one little call.

Update (2017-06-20): Erica Sadun:

Dictionary now has a feature that allows you to recognize you’re overwriting an existing key and apply a function to a key’s value each time the key is added. It’s called uniquing, and it lets you do neat things like count the number of times a token appears in a sequence[…]

The 2017 iMacs

Andrew Cunningham:

At a high level, single- and multi-core CPU performance has increased by around 40 percent since 2012, or by somewhere between 50 and 60 percent if you go back to 2011. Much of that comes from architectural improvements, but the clock-speed boosts deserve some of the credit, too.


The decision to choose AMD matters because, while its chips aren’t completely uncompetitive and offer a solid value for the price, they generally offer less performance per watt than contemporaneous GPUs from Nvidia. That’s a problem in the iMac especially, since you can’t just add cooling capacity for the sake of boosting performance.


But if you want to go with a pure SSD or increase your capacity, you’ll pay dearly: upgrading from the standard 2TB Fusion Drive in the top-end iMac to a 512GB SSD costs $200, a 1TB SSD costs $600, and a 2TB SSD costs $1,400.

If you can pay that price, though, you’re getting some of the fastest SSDs that anyone will sell you in any computer. Apple has been ahead of the curve on SSDs since it began moving away from SATA drives to PCI Express drives in 2013, long before anyone else thought to do it. The company has continued to extend its lead by adding more and more PCIe bandwidth and aggressively adopting standards like NVMe.

Apple also charges a lot for RAM, but on the 5K it’s user-replaceable (unlike on the iMac Pro), so you can add your own. Apple asks $600 to upgrade the high-end iMac 5K from 8 GB to 32 GB, but Crucial has a 32 GB kit for $260, and there are likely better deals to be found. Since there are four slots, you can keep the 8 GB and end up with 40 GB total.

Third-party external SSDs are also much cheaper if you want to add storage later, though the performance is likely worse than on the internal SSD.

Matthias Gansrigler:

Just did a quick test duplicating a 3.58 GB zip file in Finder.

#iMac: about 2 seconds

#rMBP2012: about 18 seconds

Nick Heer:

This situation feels like a repeat of the longstanding 16 GB entry-level capacity for iOS devices: it’s clearly inadequate. I don’t know what hardware Apple’s executive team uses, but I doubt any of them could honestly recommend that someone should buy an iMac today with a spinning hard drive. Solid state storage might be far too expensive to put in every iMac, but they could at least start with a Fusion Drive which, yes, would eat into margins, but it would be the right thing to do.



Kuery, a type-safe Core Data query API using Swift 4’s Smart KeyPaths.

See also: SE-0161: Smart KeyPaths: Better Key-Value Coding for Swift.

FileMaker 16’s Invisible Brilliance

William Porter:

FileMaker’s WebDirect technology has been around for several years now. It was good but not great when it first appeared, but now it’s approaching what I might call “usability parity” with FileMaker Pro. WebDirect is a technology that translates a normal FileMaker database file into an HTML5 Web page that users can view and interact with in a Web browser.


In the past, FileMaker has relied on older data-exchange technologies like ODBC/JDBC to share data with non-FileMaker databases. In recent years, the reach of FileMaker has been extended through expensive plug-ins. FileMaker now has explicit, native support for a variety of technologies used widely on today’s Internet to exchange and manipulate data, technologies such as cURL, JSON, and RESTful APIs, including the new FileMaker Data API.


With FileMaker 16, costs will vary roughly between $5 and $15 per user per month. […] Moreover, pricing depends on your deployment scenario: Does your company want to keep up with upgrades as they happen, which is what I recommend, or buy fixed-price perpetual licenses and use them forever?

Apple Is Trying to Make iMessages More Private

Lorenzo Franceschi-Bicchierai (via Hacker News):

But, as several security and privacy researchers warned over the years, there’s always been a major, somewhat overlooked catch: If you back up iMessages to iCloud, then Apple—or authorities who can force the company to turn the back ups over—can still read those messages, which to some extent defeats the purpose of the encryption.


Starting with the upcoming iOS11 all your conversations in iMessage will be automatically synchronized across your iPad, iPhone, Mac and whatever other iGizmo you own, he said. As anyone who uses iMessage knows, that’s something that you can’t do right now. And it leads to annoyances such as having to manually delete messages on all your devices if you want to get rid of an embarrassing message, or having to restore a full backup if you want old iMessages on a newer iDevice.

But if iMessages, which are supposed to be end-to-end encrypted, now sync, doesn’t that mean Apple can decrypt and read them at some point? Apple says that soon won’t be the case.

I look forward to hearing how this works and whether it also affects backups.

Previously: iMessage End-to-End Encryption, Can Apple Read Your iMessages?, iOS Security White Paper (Nick Heer).

Update (2017-08-07): Mark Rowe (also Steven Sinofsky):

Huh. The “Messages in iCloud” feature has been removed in iOS 11 beta 5 and will ship in a future software update to iOS 11.

Wednesday, June 14, 2017

Even Swiftier Objective-C

Peter Steinberger and Matej Bukovinski:

In our original “Swifty Objective-C” blog post we talked about the C++ auto keyword and how it’s great for preserving type information while also making the code more readable and easier to write. This is especially true when dealing with generics or block types. Since then, Objective-C learned the same trick via the new __auto_type keyword. Since nobody wants to type __auto_type all day long, we decided to make things nicer by defining Swift-like macros for it.


There’s only one copy selector, and it’s not generic. It’s also not a case where returning instancetype would be the right fix, as there’s no general way to understand what a mutable counterpart of a class pair is called and if one even exists. […] However, we can just add that ourselves! Again, a header-only declaration that simply redefines copy on our collections. This won’t magically add types to every single object, but it will solve the common case of (mutable) copying collections


We define a block and add __attribute__((cleanup)) to it that tells the compiler to execute the function defined in that attribute. We pass along the block as a parameter and thus execute the block when the scope is exited.

Previously: Swifty Objective-C, foreach Using Objective-C Generics.

A Eulogy for CAPTCHA

Abigail Rowe (via Nick Heer):

So this is how we prove our humanity, by TYPEing-IN the dirty-sock arithmetic on a Tide-branded CAPTCHA. “Prove you’re human.” It’s so blah, so crass—not even a please. And the worst part: CAPTCHA was supposed to be a good thing! Reducing spam? Good! Halting the internet bot takeover? Good! Improving AI technology? Good, hopefully! Stopping one bot from buying up all the whatever and reselling it 500%? Yes! Good again! But CAPTCHA isn’t so straightforward. And through it’s question, and our often incorrect answers, a darker, more dysfunctional portrait of the internet and the economy behind it seems to tip its hand.


As hard as CAPTCHAs are on some, they’ve become much easier for the bots they’re meant to keep out. Christopher Romero, a software developer, spoke with me about CAPTCHA’s history and a bit about the program’s possible future. Romero sees a shift by the major companies towards two-factor authentication to filter out sign-up spam. This is not, again, because the tech companies are questioning the broader implications of the “are you a robot” shtick, or even because of the problems they pose for people who have trouble seeing, or reading English. The robots are just getting smarter. They can read those dumb squiggly lines better than we can.

Charles Thacker, RIP

Cyrus Farivar:

Charles Thacker, one of the lead hardware designers on the Xerox Alto, the first modern personal computer, died of a brief illness on Monday. He was 74.

The Alto, which was released in 1973 but was never a commercial success, was an incredibly influential machine. Ahead of its time, it boasted resizeable windows as part of its graphical user interface, along with a mouse, Ethernet, and numerous other technologies that didn’t become standard until years later.

The History of BlitzMail

DEN-NYC Conversations (via Jim Matthews):

Ned Kenney (Dartmouth ’10) interviews Jim Matthews, a software developer and Dartmouth employee from 1987 to 2001 who played a central role in the creation of Blitzmail (aka “Blitz”). Blitz, an email/instant messaging hybrid, was literally decades ahead of its time and would become as much a cultural institution at Dartmouth as a technical one. It was eventually replaced by Microsoft software in 2011, but for over 20 years, it was the primary mode of communication for members of the Dartmouth community.

What I remember most about BlitzMail is how fast it was on the slow hardware and even slower modems of the day, even though the messages had to be pulled from the server. Secondly, the user interface was very compact and efficient, though somewhat unorthodox with menu bars inside of the windows.

Tuesday, June 13, 2017

Podcasts, Analytics, and Centralization

Ben Thompson:

In fact, I expect these analytics to have minimal impact, at least in the short run. For one, every indication is that analytics will only be available to the podcast publishers, although certainly advertisers will push to have them shared. More pertinently, though, all of the current podcast publishers know exactly what they are getting: X amount of podcast ads results in Y number of conversions that result in Z amount of lifetime value.


What more data does do is open the door to more varied types of advertisers beyond the subscription services that dominate the space. Brand advertisers, in particular, are more worried about reaching a guaranteed number of potential customers than they are tracking directly to conversion, and Apple’s analytics will help podcasters tell a more convincing story in that regard.

See also: Manton Reece, Padraig O Cinneide.

Swift Text Output Streams

Tim Vermeulen:

This code doesn’t look too bad, but it’s a pain to write var description = "" and return description over and over, if this is a pattern you commonly use. It’s also quite easy to forget to add \n to each line.

The relatively unknown standard library protocol TextOutputStreamable solves both of these problems for you. Rather than adding a description computed property, all you have to do is write your properties to a TextOutputStream instance[…]

ProMotion and the 2017 iPad Pros

Federico Viticci:

To my surprise, while I still prefer longform writing and heavy Split View-driven research on the 12.9” iPad Pro, I’ve enjoyed everything else more on the 10.5” version. A big reason for that, I believe, is the improved display technology and expanded screen size.


The first time I swiped on the 10.5” iPad Pro’s 120Hz display last week, I thought it looked fake – like a CGI software sequence. It was incredibly, utterly crisp and fast. It didn’t look like iOS belonged on the screen: after years of iPad usage, my brain was telling me that something didn’t seem normal about the way iOS was animating. Except it’s all real, and it simply takes a couple of days to get used to the new display and the work Apple has put into ProMotion for smoother scrolling and fluid animations throughout the system.

A good way to think about the iPad’s new display with ProMotion is not the difference between low-res and Retina screens, but the jump from 30fps to 60fps. You see more of every animation. Text is more legible when you scroll and doesn’t judder. It’s hard to explain and it has to be seen and experienced to be fully understood.

John Gruber:

new iPad Pros have the best displays of any computer I’ve ever seen. True Tone plus ProMotion is simply terrific. (The first generation 12.9-inch iPad Pro didn’t have True Tone; with these new models, the only noticeable difference between the 12.9- and 10.5-inch models is the size.) You really do have to see the 120 Hz refresh rate in person — and play with it while scrolling content on screen — to get it. You can actually read text as it’s moving during a scroll. It’s not as significant as the jump from non-retina to retina, but it’s in that ballpark.


The astounding thing is that the new iPad Pro holds its own against the MacBook Pro in single-core performance — around 3,900 on the Geekbench 4 benchmark for the iPad Pro vs. around 4,200–4,400 for the various configurations of 13- and 15-inch MacBook Pros. Multi-core performance has effectively doubled from the first generation of iPad Pro.


But if you are reckless enough to install the iOS 11 beta on the new iPad Pro? Holy smokes is this better. I used the iPad Pro for a full week with iOS 10.3.2 because that’s the product that’s shipping, but after upgrading to iOS 11 beta 1 this morning and using it to write this entire review, I’m just blown away by how much more useful this machine is, and how much easier it is to work with 5 or 6 apps at a time.

Serenity Caldwell:

If I had to pick the WWDC announcement that made my week, it’d have to be Apple’s newest display technology, ProMotion. Essentially, it makes the new iPad Pro feel faster without compromising on battery life. But simply saying “faster” doesn’t do justice to how ProMotion is going to not only improve the iPad Pro experience — or the experience of Apple’s other computing platforms in the future.

James Thomson:

Controversial hot take. While the 120Hz screen on the new iPad is nice, if you hadn’t told me, I might not have noticed. Not like retina.

See also: 9to5Mac’s list of reviews.

Update (2017-06-14): See also: John Gruber’s list.

Tracking Work

Mark Dominus:

The way I have been able to escape this horrible trap is by tracking every piece of work I do, every piece, as a ticket in our ticketing system. People often come to me and ask me to do stuff for them, and I either write up a ticket or I say “sure, write me a ticket”. If they ask why I insist on the ticket (they usually don’t), I say it’s because when self-evaluation time comes around I want to be able to take credit for working on their problem. Everyone seems to find this reasonable.


Instead of thinking “Why didn’t I finish big project X? I must have been goofing off. What a lazy slacker I am” I think “holy cow, I resolved 67 tickets related to big project X! That is great progress! No wonder I got hardly anything else done last fall” and also “holy cow, X has 78 resolved tickets and 23 still open. It is huge! No wonder it is not finished yet.”


I think it is important to maintain the correct attitude to this. It would be easy to imagine ticket management as unproductive time that I wasted instead of accomplishing something useful. This is wrong. The correct attitude is to consider ticket updates to be part of my work product: I produce code. I produce bug fixes. I produce documentation, reports, and support interactions. And I also produce ticket updates. This is part of my job and while I am doing it I am not goofing off, I am not procrastinating, I am doing my job and earning my salary. If I spent the whole day doing nothing but updating tickets, that would be a day well-spent.

Executable Code in Educational Apps

John Voorhees (Hacker News):

The ban on executable code remains intact, but rule 2.5.2 now also provides that:

Apps designed to teach, develop, or test executable code may, in limited circumstances, download code provided that such code is not used for other purposes. Such apps must make the source code provided by the Application completely viewable and editable by the user.

I seem to recall an additional requirement about the percentage of the screen that should be devoted to showing the code, but I don’t see that in the current version of the guidelines.

Previously: Apple Rejecting Apps That Use Rollout, Pythonista in App Store Peril, Briefs Rejected From the App Store, Again.

Monday, June 12, 2017

AppleCare+ Comes to the Mac

Andrew Cunningham:

For the last few years, the “AppleCare” plans that have protected the Mac have differed from the “AppleCare+” plans for iPhones and iPads in a couple of ways. Standard AppleCare boosted Mac warranties from one to three years, while AppleCare+ only extended warranties from one to two years but also included up to two flat-rate repairs for accidental damage (the price varies by device and by damage type, but typically doesn’t exceed $99). AppleCare could also be purchased and added to your Mac as long as it was within its one-year standard warranty period, while AppleCare+ could only be purchased within the first 60 days of ownership.

Now, there’s also a version of AppleCare+ for the Mac that brings both good and bad changes. On the good side, you still get three years of coverage, and you now get accidental damage coverage, too (a $99 flat fee covers “screen or external enclosure damage,” while $299 takes care of “other damage”). On the bad side, you now have to decide if you want the extra coverage within 60 days of your purchase.

Safari’s Intelligent Tracking Prevention

Natasha Lomas (via Hacker News):

The feature will use machine learning technology to power tracker blocking in a bid to outwit the digital stalkers, according to Federighi.

“Safari uses machine learning to identify trackers, segregate the cross-site scripting data, put it away so now your privacy — your browsing history — is your own,” he explained.

“It’s not about blocking ads, the web behaves as it always did, but your privacy is protected,” he added.

John Wilander:

A machine learning model is used to classify which top privately-controlled domains have the ability to track the user cross-site, based on the collected statistics. Out of the various statistics collected, three vectors turned out to have strong signal for classification based on current tracking practices: subresource under number of unique domains, sub frame under number of unique domains, and number of unique domains redirected to. All data collection and classification happens on-device.


If the user has not interacted with in the last 30 days, website data and cookies are immediately purged and continue to be purged if new data is added.

However, if the user interacts with as the top domain, often referred to as a first-party domain, Intelligent Tracking Prevention considers it a signal that the user is interested in the website and temporarily adjusts its behavior as depicted in this timeline[…]


If you run a single sign-on system with a centralized session, the user needs to interact with the domain that controls the session. Otherwise you run the risk of Intelligent Tracking Prevention treating your session controller domain as a tracker.

Update (2017-06-28): See also: Hacker News.

Update (2018-04-17): John Wilander:

The biggest update to ITP so far is the introduction of the Storage Access API which provides a mechanism for embedded third-party content to get out of cookie partitioning through user interaction. In addition to the Storage Access API, ITP 1.1 includes two behavior changes described below.

Amazon Cloud Drive No Longer Unlimited

Amazon (Hacker News):

Amazon is now providing options for customers to choose the storage plan that is right for them. Amazon will no longer offer an unlimited storage plan. Instead, we’ll offer annual storage plans of 100 GB for $11.99 and 1 TB for $59.99, up to 30 TB for an additional $59.99 per TB.


When your paid storage subscription expires, your account will be considered in an over-quota status if your content stored is greater than the free storage quota on your account. If your account is in an over-quota status, you will not be able to upload additional files, and can only view, download, and delete content.

You have a 180-day grace period to either delete content to bring your total content within the free quota, or to sign up for a paid storage plan. After 180 days in an over-quota status, content will be deleted (starting with the most recent uploads first) until your account is no longer over quota.

I guess it was too good to be true.

Backchannel Is Moving to Wired

Jessi Hempel:

The short answer is that we love the platform and the thoughtful community that has coalesced around our publication because of Medium. But in the time since Backchannel launched, Medium has shifted its business strategy, and it’s no longer as focused on helping publications like ours profit. To bring you the tech reporting that matters most, we must fund it. Under new editor Nick Thompson, Wired is committed to figuring out how to make a robust business off of thoughtful, meaty journalism. We share this vision and believe that by bringing our publications even closer together, we’ll be doubling down on Backchannel’s original mission.

Previously: Renewing Medium’s Focus.

Update (2017-06-13): See also: John Gruber.

Update (2017-06-20): John Gruber:

I don’t expect to break through to the SEO shitheads running the asylums at most of these publications, but Medium is supposed to be good. When people click a URL and see that it’s a Medium site, their reaction should be “Oh, good, a Medium site — this will be nice to read.” Right now it’s gotten to the point where when people realize an article is on Medium, they think, “Oh, crap, it’s on Medium.”

Update (2017-06-28): John Gruber:

If you hate dickbars like I do, you should install this bookmarklet.

In-App Purchase Scams in the App Store

Johnny Lin (Hacker News, MacRumors):

I scrolled down the list in the Productivity category and saw apps from well-known companies like Dropbox, Evernote, and Microsoft. That was to be expected. But what’s this? The #10 Top Grossing Productivity app (as of June 7th, 2017) was an app called “Mobile protection :Clean & Security VPN”.


Buried on the third line in a paragraph of text in small font, iOS casually tells me that laying my finger on the home button means I agree to start a $100 subscription. And not only that, but it’s $100 PER WEEK? I was one Touch ID away from a $400 A MONTH subscription to reroute all my internet traffic to a scammer?


Later, I dug deeper to find that unfortunately, these aren’t isolated incidents — they’re fairly common in the app store’s top grossing lists. And this isn’t just happening with security related keywords. It seems like scammers are bidding on many other keywords.

John Gruber:

There should be no “virus and malware” scanners in the App Store. None. iOS does not need anti-virus software. The App Store sandboxing rules mean that anti-virus software couldn’t really do anything useful anyway. And by allowing them to be listed on the store, it creates the false impression that Apple thinks you might need anti-virus software.

But do-nothing anti-virus utilities that are scamming people into $100/week subscriptions? That’s downright criminal.


Given how many legitimate developers are still having problems getting their apps approved due to seemingly capricious App Store reviewer decisions, it’s doubly outrageous that these apps have made their way onto the store in the first place. These are the exact sort of apps that the App Store review process should be primarily looking to block.

The scams wouldn’t be possible on this scale without App Store search ads.

See also: Vienna, Icon Factory, PCalc.

Wednesday, June 7, 2017

WWDC 2017 Links


What’s New:

Release Notes:




This post will be updated in place as I find new links. If you see anything good that I missed, please e-mail me.

Previously: WWDC 2016 Links, Preparing for WWDC 2017.

Sunday, June 4, 2017

What Really Happened With Vista

Terry Crowley (via Hacker News):

Microsoft badly misjudged the underlying trends in computer hardware, in particular the right turn that occurred in 2003 to the trend of rapid improvements in single-threaded processor speed and matching improvements in other core elements of the PC. Vista was planned for and built for hardware that did not exist. This was bad for desktops, worse for laptops and disastrous for mobile.


The bet on C# and managed code included a strategy that reduced investments in the core unmanaged Win32 layers. I remember long meetings trying to get Windows to commit to relatively minor investments in text and graphics features that Office needed. Pulling these C# components out of the release made it even more obvious that Windows would be going years with very little improvement in core user interface controls for developers (like Office) on their main Win32 API.

Also catastrophically, the bet on Avalon had been paired with a major disinvestment in IE. The IE team was gutted to staff Avalon and IE was left on life support struggling to address the torrent of security issues cascading in.


Avalon’s model was based on this focus to realize Bill’s vision and provide a universal canvas runtime for applications. […] By only exposing functionality at a very high level, they made all their work essentially unavailable to more sophisticated applications (like the Office apps) that would like to tie in at lower levels.

Previously: Complexity and Strategy in Microsoft Office.

Swift’s Evolution

Justin Williams (Hacker News):

The biggest travesty was the “Great Renaming” which touched every line of Swift code I had and burned a week of my life on tedium. In my decade of professional development, I have never had a worse experience. The migration tool caused more issues than it automatically resolved, leaving a manual migration as the only sane path forward. How that migration tool ever made it through QA is beyond me, but I’d have felt better if Apple just said “good luck” instead of offering a half-baked utility.

I like where we ended up after the renaming, but the migration tool was indeed a disaster. I wish I had never tried to use it and just migrated manually.

I realize that the tools team and the Swift team are separate, but its hard to separate the two when Swift’s primary method of development is Xcode. Xcode’s quality as a Swift development language has never been great with its constant indexing, opaque compile errors, not great typing auto-completion, and lack of refactoring support still.

The continuing poor reliability of the tooling has been the biggest surprise to me with Swift. These kind of bugs should be fixable. It seems like the team is either understaffed or more interested in “showy” stuff, as Williams says, than in addressing developer pain points.

Right now it feels like I’d have been better served by continuing on with Objective-C, which is still being improved in meaningful ways, rather than going all-in on Swift.

I think I’ve been well served writing most of my new code in Swift. Though there are still some important things missing, in most cases I find it both more efficient and more fun than writing Objective-C.

How Anker Is Beating Apple and Samsung at Their Own Accessory Game

Nick Statt (via Hacker News):

Steven Yang quit his job at Google in the summer of 2011 to build the products he felt the world needed: a line of reasonably priced accessories that would be better than the ones you could buy from Apple and other big-name brands. These accessories — batteries, cables, chargers — would solve our most persistent gadget problem by letting us stay powered on at all times.


Most Anker charging products have one signature: the PowerIQ logo. Launched in 2013, the company’s proprietary charging standard is now present on nearly all of its batteries and wall plugs. The technology, carried by a small chip inside each charger, identifies whatever device is being plugged in, be it an iPhone 7 Plus, Google Pixel, or an iPad Pro 9.7-inch, in order to detect and deliver the maximum current the product allows. Anker says the technology can shave hours off the amount of time it takes to reach a full charge.


Building this system gave Yang invaluable insight into how third-party selling on Amazon functioned. He discovered what worked and what didn’t, and how entire brands could crop up overnight and fade into obscurity the next day. Anker thrived by borrowing infrastructure from Amazon and relying on engineering and support in China.

I don’t really like the headline, since it seems clear that Apple and Samsung have bigger fish to fry. However, I’m a big fan of Anker, which always seems to offer quality USB products and good service at reasonable prices.

Hacker, Hack Thyself

Jeff Atwood (Hacker News):

The name of the security game is defense in depth, so all these hardening steps help … but we still need to assume that Internet Bad Guys will somehow get a copy of your database. And then what? Well, what's in the database?


After this exercise, I now have a much deeper understanding of our worst case security scenario, a database compromise combined with a professional offline password hashing attack. I can also more confidently recommend and stand behind our engineering work in making Discourse secure for everyone. So if, like me, you’re not entirely sure you are doing things securely, it’s time to put those assumptions to the test. Don’t wait around for hackers to attack you — hacker, hack thyself!

The Art of Writing One-Sentence Product Descriptions

David Bailey (via Andy Bargh):

I wanted to know why some one-sentence descriptions sound like a genius idea and others flop. As I researched how the founders of successful startups presented their products before they were well-known, I discovered something interesting.


Facebook and Uber have thousands of features, yet Mark and Travis elevate a single feature above the others, making the product easy to understand, easy to remember, and, most importantly, easy to talk about.

Friday, June 2, 2017

Preparing for WWDC 2017

Nick Heer:

Ryan Jones’ gigantic WWDC Bingo spreadsheet returns on Google Docs. So far, fifty-four people — including yours truly — have added their best guesses for what will be announced this year.

Brendan Shanks (tweet):

I’m starting a new series of posts looking back at past WWDCs. My aim is to make original slides/videos publicly available for the sake of preservation, add historical context, and to find interesting tidbits: undelivered promises, unrealized possibilities, presenters who would later rise through the ranks, etc. First up: WWDC 97.

Frank Lefebvre is posting some of the CDs from the early 90s.

Outsourcing Your Online Presence to Facebook

Dave Winer:

I don’t know what your privacy settings are. So if I point to your post, it’s possible a lot of people might not be able to read it, and thus will bring the grief to me, not you, because they have no idea who you are or what you wrote.

It’s supporting their downgrading and killing the web. Your post sucks because it doesn’t contain links, styling, and you can’t enclose a podcast if you want. The more people post there, the more the web dies.

John Gruber (Hacker News):

You might think it’s hyperbole for Winer to say that Facebook is trying to kill the open web. But they are. I complain about Google AMP, but AMP is just a dangerous step toward a Google-owned walled garden — Facebook is designed from the ground up as an all-out attack on the open web. Marc Haynes’s Facebook post about Roger Moore is viewable by anyone, but:

It is not accessible to search engines. Search for “Marc Haynes Roger Moore” on any major search engine — DuckDuckGo, Google, Bing — and you will get hundreds of results. The story went viral, deservedly. But not only is the top result not Haynes’s original post on Facebook, his post doesn’t show up anywhere in the results because Facebook forbids search engines from indexing Facebook posts.

Joe Cieplinski:

Look, I get that I’m the nut who doesn’t want to use Facebook. I’m not even saying don’t post your stuff to Facebook. But if Facebook is the only place you are posting something, know that you are shutting out people like me for no good reason. Go ahead and post to Facebook, but post it somewhere else, too. Especially if you’re running a business.

The number of restaurants, bars, and other local establishments that, thanks to crappy web sites they can’t update, post their daily specials, hours, and important announcements only via Facebook is growing. That’s maddening. Want to know if we’re open this holiday weekend? Go to Facebook.


I deactivated my Facebook account several months ago, and it’s been about 90% great, 10% frustrating. It’s great for all the obvious reasons (less timesuck, less compulsion to endlessly scroll your life away, no notification interruptions).

The frustrations are real, though. Primarily it’s around events and photos. There are some communities I participate in that regularly organize events through Facebook, and now I don’t really get invited to those anymore. It’s also harder to organize events where you casually invite people you don’t know as well.

Pinboard Acquires Delicious

Maciej Cegłowski (Hacker News):

If you’re a Delicious user, you will have to find another place to save your bookmarks. The site will stay online. but on June 15, I will put Delicious into read-only mode. You won’t be able to save new bookmarks after that date, or use the API.


As for the ultimate fate of the site, I’ll have more to say about that soon. Delicious has over a billion bookmarks and is a fascinating piece of web history. Even Yahoo, for whom mismanagement is usually effortless, had to work hard to keep Delicious down. I bought it in part so it wouldn’t disappear from the web.

Nick Heer:

Delicious was ultimately saved from sunsetting by being passed from one company to another, never staying very long under any particular ownership.

A Year of Teaching Swift

Fraser Speirs:

I have taught a range of programming languages over the years. Primarily Visual Basic, Ruby and Python. I liked Ruby the best so far and hated Python for its crazily inconsistent library programming.

Swift is the closest thing to Ruby I’ve used. It is very consistent and predictable in its syntax and mostly makes sense as you read it.


In the Learn to Code curriculum, I found that everyone got something working. The difference between the stronger students and the weaker students then was more to do with evaluations of the complexity of their solution, the understandability and style of their solutions or other factors like memory and time efficiency.

I have never really had these kinds of conversations in classes at this level before.


Apple today announced that Swift Playgrounds, its educational coding app for iPad, will offer an exciting new way to learn to code using robots, drones and musical instruments. Swift Playgrounds is perfect for students and beginners learning to code with Swift, Apple’s powerful and intuitive programming language for building world-class apps. Apple is working with leading device makers to make it easy to connect to Bluetooth-enabled robots within the Swift Playgrounds app, allowing kids to program and control popular devices, including LEGO MINDSTORMS Education EV3, the Sphero SPRK+, Parrot drones and more. The Swift Playgrounds 1.5 update will be available as a free download on the App Store beginning Monday, June 5.

Why Do So Few People Major in Computer Science?

Dan Wang (via Tyler Cowen, Hacker News):

That means that the share of people majoring in computer science has decreased, from 3.76% of the all majors in 2005 to 3.14% of all majors in 2015. Meanwhile, other STEM majors have grown over the same period: “engineering” plus “engineering technologies” went from 79,544 to 115,096, a gain of 45%; “mathematics and statistics” from 14,351 to 21,853, a gain of 52%; “physical sciences and science technologies” from 19,104 to 30,038, a gain of 57%; “biological and biomedical sciences” from 65,915 to 109,896, a gain of 67%. “Computer sciences and information technologies?” From 54,111 in 2005 to 59,581 in 2015, a paltry 10.1%.


It might be true that being a software developer is the field that least requires a bachelor’s degree with its associated major. Still: Shouldn’t we expect some correlation between study and employment here? That is, shouldn’t having a CS major be considered a helpful path into the industry? It seems to me that most tech recruiters look on CS majors with favor.


Wow, the number of people graduating with CS degrees is really cyclical. The first peak in 1985 corresponds to the release of the IBM Personal Computer. The second peak corresponds to the 2001 dotcom bubble. I agree now that the ’01 bubble explains a lot of the decline afterwards; people graduated into a bad job market and that scared many students away. That year, however, may have been the worst of it; by 2005, Google had IPO’d, Facebook was spreading on campuses, the iPod was a success, and the iPhone would be released two years later. Those companies drew students back into studying CS, and we can see that from the rise again in 2009.

This is a neat story, but still I have to confess some surprise. Should it take 15 years before the popping of the bubble before we see that college students are graduating with the same degrees again?

I found studying computer science to be very helpful and greatly enjoyed it. However, lots of people, including people who knew at the time that they liked tech and programming, seem to dislike it and perceive it as unnecessary or not relevant.

Where Is E-book Interoperability?

Kirk McElhearn:

Not only do I need to sign into two different accounts, but I don’t get all the benefits of Amazon Prime on my Kindle account (my Prime subscription is on my main account; I’ve added the second account, and I can get free shipping, but nothing else: no Kindle Lending Library, no Prime Video, etc.).


This wouldn’t be a problem if these ebooks didn’t have DRM. I would be able to simply download them to my Mac, then send them to the Kindle account of the main account. But Amazon offers no solution to this issue; a problem that they created back in 2009.


If music has managed to shed DRM, why have ebooks resisted? Part of what caused Jobs to issue his statement was a European Commission investigation into interoperability of digital files; why have there been no similar investigation regarding ebooks?

And he’s talking about e-books that are part of the same platform, to say nothing of interoperability with iBooks and Nook. The situation is even worse for video, as you can often buy e-books direct from the publisher (e.g. and Take Control).

Thursday, June 1, 2017

Evergreen Mac Feed Reader

Brent Simmons:

Evergreen is an open source, productivity-style feed reader for Macs.

It’s at a very early stage — we use it, but we don’t expect other people to use it yet.


We don’t plan on doing an iOS version ever.


Future versions will add syncing via existing services (such as FeedBin, Feedly, Feed Wrangler, and others), though we make no promises about which ones and when.

This is very exciting coming from the developer of NetNewsWire 3, one of my favorite Mac apps ever.

Currently the Evergreen blog only supports JSON Feed.

See also: The Talk Show, Hacker News.

Update (2017-06-02): See also: Brent Simmons.

Adobe Scan

Juli Clover:

Unlike most OCR apps on the market, Adobe Scan is free to use, with no watermarks or page limits, and it's optimized for capturing multi-page documents.

The app works by capturing a picture of what a user wants to scan, from notes and forms to receipts and business cards. Adobe Scan detects the edges of a document, captures and cleans the image, fixes perspective, removes shadows, and then uses image recognition to detect and convert printed text.

I tried it and found it OK. The OCR works pretty well, and the capturing interface is streamlined. As with Dropbox, it creates much larger PDF files than my ScanSnap. It supports iOS share extensions, but before you can share a newly created PDF you have to save it to Adobe Document Cloud. I’ve tried a lot of these apps, but in practice I find myself waiting until I have access to my ScanSnap or just using the built-in Camera app.

Previously: iPhone Scanning/OCR Apps.

See also: Scanbot, Scanner Pro.

The Largest Git Repo on the Planet

Brian Harry (via @whitequark, Reddit):

Over the past 3 months, we have largely completed the rollout of Git/GVFS to the Windows team at Microsoft.

As a refresher, the Windows code base is approximately 3.5M files and, when checked in to a Git repo, results in a repo of about 300GB. Further, the Windows team is about 4,000 engineers and the engineering system produces 1,760 daily “lab builds” across 440 branches in addition to thousands of pull request validation builds. All 3 of the dimensions (file count, repo size and activity), independently, provide daunting scaling challenges and taken together they make it unbelievably challenging to create a great experience. Before the move to Git, in Source Depot, it was spread across 40+ depots and we had a tool to manage operations that spanned them.

As of my writing 3 months ago, we had all the code in one Git repo, a few hundred engineers using it and a small fraction (<10%) of the daily build load. Since then, we have rolled out in waves across the engineering team.

Previously: GVFS (Git Virtual File System).

Basic Attention Token


The Brave browser knows where users spend their time, making it the perfect tool to calculate and reward publishers with BATs. This service creates a transparent and efficient Blockchain-based digital advertising market. Publishers receive more revenue because middlemen and fraud are reduced. Users, who opt in, receive fewer but better targeted ads that are less prone to malware. And advertisers get better data on their spending.

Via Corin Faife:

Because the BAT integrates with a browser, a value for advertising slots can be calculated based on precise metrics for the time spent on the page, ad size in proportion to the content, and a detailed profile of the user's tastes—potentially sensitive information, but which Brave says is anonymized and never leaves the device.


As of today, Brave is raising money through a token sale of the BAT—a common way of crowdfunding cryptocurrency projects—with the full operational launch of the platform on both mobile and desktop to come at a still undisclosed date.

Previously: Funding the Web.

The Subscription Paradox

Jason Snell:

What makes someone a happy magazine subscriber, newsletter reader, or television viewer is the feeling that you’re consuming all of something you enjoy. You get to the end and still wish there were more, making you anticipate the next installment.


But then there’s another, less obvious danger zone: People who like your stuff but just can’t finish it all. You’d think that this shouldn’t matter, that if you only ever consume half of everything but enjoy it all, that should be good enough. But it’s not. Most people hate feeling that they’re not using everything they’re paying for. (I know the feeling, at least when it comes to Dropbox storage.)