Archive for August 11, 2017

Friday, August 11, 2017

HyperCard on the Internet Archive

Jason Scott (Hacker News):

Flourishing for the next roughly ten years, HyperCard slowly fell by the wayside to the growing World Wide Web, and was officially discontinued as a product by Apple in 2004. It left behind a massive but quickly disappearing legacy of creative works that became harder and harder to experience.

To celebrate the 30th anniversary of Hypercard, we’re bringing it back.

After our addition of in-browser early Macintosh emulation earlier this year, the Internet Archive now has a lot of emulated Hypercard stacks available for perusal, and we encourage you to upload your own, easily and quickly.

Phil Schiller:

Celebrating #HyperCard (I created some insane stacks in the day…)

As an Apple II user, I was surprised that Macs didn’t have BASIC built-in. I ended up liking HyperTalk fine, and HyperCard was a great environment for writing little programs, making quick user interfaces, and building presentations and databases.

Update (2017-08-12): See also: Jonathan Wight, Alan Storm, Chris Espinosa, Thomas Brand, Bill Bumgarner, Mouse Reeve.

Safari Should Display Favicons in Its Tabs

John Gruber:

Once Safari gets to a dozen or so tabs in a window, the left-most tabs are literally unidentifiable because they don’t even show a single character of the tab title. They’re just blank. I, as a decade-plus-long dedicated Safari user, am jealous of the usability and visual clarity of Chrome with a dozen or more tabs open. And I can see why dedicated Chrome users would consider Safari’s tab design a non-starter to switching.

I don’t know what the argument is against showing favicons in Safari’s tabs, but I can only presume that it’s because some contingent within Apple thinks it would spoil the monochromatic aesthetic of Safari’s toolbar area. I really can’t imagine what else it could be. I’m personally sympathetic to placing a high value on aesthetics even when it might come at a small cost to usability. But in this case, I think Safari’s tab design — even if you do think it’s aesthetically more appealing — comes at a large cost in usability and clarity. The balance between what looks best and what works best is way out of whack with Safari’s tabs.


I really can’t say this strongly enough: I think Safari’s lack of favicons in tabs, combined with its corresponding crumminess when displaying a dozen or more tabs in a window, is the single biggest reason why so many Mac users use Chrome.

It’s not even really monochromatic. Unless you turn on “Reduce transparency,” Safari will use color to show an unreadable blur of the top part of the page beneath the toolbar and tabs. And it will also bleed the colors of your desktop picture underneath the Bookmarks sidebar. To my eye, it’s ugly, non-functional, and harder to read. But can Safari use shapes or colors to help you identify which tab is which? No, it won’t let you do that.

Update (2017-08-14): See also: Hacker News.

Update (2017-11-27): Faviconographer (via John Gruber):

Faviconographer is a little utility that displays Favicons for the tabs you have opened in the current Safari window, just like almost every other browser does it. This helps you navigate between them more quickly.

It uses the accessibility APIs to find the locations of the tabs on screen.

A a a a a Very Good Song

Mitchel Broussard:

For some vehicles, when an iPhone is plugged into the car’s USB port music playback begins automatically, and it always starts in alphabetical order at the top of the user’s iTunes library. Because of this, many users will hear the same song, usually beginning with an “A,” over and over again each time they plug their iPhone into their car. This week, a potential solution to that problem has been soaring up the iTunes charts in the form of a ten-minute silent song called “A a a a a Very Good Song” [Direct Link].

Created by Samir Mezrahi, the song allows users a full nine minutes and fifty-eight seconds to find the song they actually want to hear after connecting their iPhone to their car through USB. Mezrahi is charging $0.99 for each download of the music-less track, although Apple Music subscribers can simply add the song into their library for free.

It’s not just in the car. My iPhone often gets confused when I try to resume audio playback, and instead of remembering which podcast I was listening to it picks a song to play (using a different app).

Update (2017-08-12): See also: David Pierce (via JR Raphael).

How Facebook Squashes Competition From Startups

Betsy Morris and Deepa Seetharaman:

At an all-hands meeting last summer, Facebook Chief Executive Mark Zuckerberg told employees they shouldn’t let pride get in the way of serving users, another way of saying they shouldn’t be afraid to copy rivals, according to someone who was at the meeting. The message became an informal internal slogan: “Don’t be too proud to copy.”


Facebook uses an internal database to track rivals, including young startups performing unusually well, people familiar with the system say. The database stems from Facebook’s 2013 acquisition of a Tel Aviv-based startup, Onavo, which had built an app that secures users’ privacy by routing their traffic through private servers. The app gives Facebook an unusually detailed look at what users collectively do on their phones, these people say.

Via John Gruber:

So Facebook is using a VPN app that is supposed to protect users’ privacy to violate their privacy by analyzing which apps they use.

Also worth noting: in the iOS App Store, Onavo’s owner is still listed as “Onavo, Inc.”, not “Facebook”.

Because people would probably find a VPN app from Facebook creepy.

Version Control ssh:// URL Shell Injection Vulnerability

Junio C Hamano (via Greg Hurrell):

These contain a security fix for CVE-2017-1000117, and are released in coordination with Subversion and Mercurial that share a similar issue.


A malicious third-party can give a crafted “ssh://…” URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim’s machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running ”git clone --recurse-submodules” to trigger the vulnerability.


A “ssh://…” URL can result in a “ssh” command line with a hostname that begins with a dash “-”, which would cause the “ssh” command to instead (mis)treat it as an option.


In the same spirit, a repository name that begins with a dash “-” is also forbidden now.