Archive for October 2017

Tuesday, October 31, 2017 [Tweets] [Favorites]

HomePod to Run Apps Through iPhone/iPad

Apple:

iOS 11.2 introduces SiriKit for HomePod, the powerful speaker that sounds amazing, adapts to wherever it’s playing, and provides instant access to Apple Music. HomePod is also a helpful home assistant for everyday questions and tasks. With the intelligence of Siri, users control HomePod through natural voice interaction. And with SiriKit, users can access iOS apps for Messaging, Lists, and Notes.

Mark Gurman:

Voice apps don’t run on the HomePod, HomePod serves as a speaker to the iPhone. Only works with SiriKit for messaging, notes, and list apps.

So, no apps like Uber/Lyft (would have been perfect for the HomePod), no new Siri functionality for apps like Spotify (obvious-ish).

Benjamin Mayo:

The HomePod listens for a request from a user. If it recognises it as a request meant for a third party app, it sends the necessary data to a nearby iPhone/iPad with the app installed. The iOS device sends the response back to the HomePod, which speaks the reply. It’s similar to how WatchKit 1.0 worked where the connected phone did all of the heavy-lifting for third-party Watch apps.

[…]

Most significantly for HomePod is how it behaves as a device shared by multiple people. Or more accurately, how it seemingly ignores any such attempt to be a shared home product at the software level. It seems like one user will sign into the HomePod with Apple ID and iCloud, and all Siri features will be funnelled through that one account. This applies to first-party and third party services.

Update (2017-11-01): Manton Reece:

The problem for Siri is that Apple’s competition with Amazon and Google isn’t on a level playing field. Siri won’t “catch up” to Alexa because the architectures are fundamentally different, with SiriKit locked to the device while Alexa expands quickly to new products and thousands of extensible skills in the cloud.

Selective Selector Mapping

Daniel Jalkut:

It turns that adding that protocol conformance onto my class declaration not only gains me Swift’s protocol type checking, but changes the way key functions are mapped from Swift to Objective-C:

class MyDataSource: NSObject, NSTableViewDataSource {
    func numberOfRows(in tableView: NSTableView) -> Int {
        return 0
    }
}

let thisSource = MyDataSource()
thisSource.responds(to: Selector("numberOfRowsInTableView:")) // true

Armed with the knowledge that my class intends to comply with NSTableViewDataSource, Swift generates the expected mapping to Objective-C.

Super Mario Run’s Disappointing Profit

Andrew Webster (via John Gruber):

Nintendo’s first mobile game, Super Mario Run, was enormously popular — but that doesn’t mean it was a success for the company. During its most recent earnings report, Nintendo revealed that Mario Run has been downloaded 200 million times, 90 percent of which came from outside of Japan. However, Nintendo says that despite these big numbers, the game has “not yet reached an acceptable profit point.” While Nintendo didn’t reveal any specifics with regards to conversion rates, a big sticking point for many with Super Mario Run was its comparatively large price point; it’s free to download, but requires a one-time fee of $9.99 to unlock the whole game.

Previously: Super Mario Run.

Update (2017-11-01): See also: John Voorhees.

Update (2017-11-07): Adam Blacker:

While Mario definitely benefitted from the price drop, the game would have seen more conversions at the price point of $1.99. Apptopia firmly believes this to be the optimal price point for a paid app. While Super Mario Run is free to download, the in-app purchase to unlock all of the levels essentially acts in the same way. We estimate that Nintendo lost out on $8M by not pricing Super Mario Run at $1.99. We’re saying they could have increased their revenue by over 1,800% during the promo period.

Monday, October 30, 2017 [Tweets] [Favorites]

iOS 11 Changes Localized Date Handling

Jaanus Kase:

If you enable Estonian language/region support as shown on the above image, and developers are formatting dates with the correct/default NSDateFormatter approach that Apple has trained them to do for years, then…

… in iOS 10, you see dates and times in Estonian in many apps, even those that are not explicitly localized.

… in iOS 11, you see dates and times in Estonian only in those apps that are themselves localized into Estonian. Which, let’s be honest, is like 2 apps out of a million. The dates shown in the apps are not what Apple shows as “Region Format Example” in the screenshot. Unless you are on the home screen, which nevertheless chooses to still show the date in Estonian, making affairs just more confusing.

[…]

From a purist standpoint, seeing Frankenstein UI where English-language apps have Estonian dates in them may be undesirable. As a user, though, I am not a purist. I am a human. I prefer my own language, even if the support is Frankenstein-like and incomplete.

Redesigning Adobe’s File Type Icon System Language

Anny Chen:

When we factor in the number of sizes and formats for each file type icon, we’re looking at over 7,000 assets to modify and manage with each release cycle.

[…]

Only primary file types would get the product logo color association. For example, .PSD would be blue and .AI would be orange.

Create a neutral palette for secondary file types that are supported by multiple applications. For example, Photoshop and Illustrator would use the same .PNG file type icon, instead of each having their own unique version of the icon through brand color association.

[…]

One of the main drivers behind the redesign was to simplify and remove as many elements on the file type icon without losing its significance. We dropped the tag, and moved the file type mime to the bottom of the icon. We also removed the page curl to flatten the design and create a more modern visual language.

Previously: New Lightroom CC and Lightroom Classic CC.

Locks, Thread Safety, and Swift: 2017 Edition

Mike Ash:

Note that pthread_mutex_t, pthread_rwlock_t, and os_unfair_lock are value types, not reference types. That means that if you use = on them, you make a copy. This is important, because these types can't be copied! If you copy one of the pthread types, the copy will be unusable and may crash when you try to use it. The pthread functions that work with these types assume that the values are at the same memory addresses as where they were initialized, and putting them somewhere else afterwards is a bad idea. os_unfair_lock won't crash, but you get a completely separate lock out of it which is never what you want.

If you use these types, you must be careful never to copy them, whether explicitly with a = operator, or implicitly by, for example, embedding them in a struct or capturing them in a closure.

Additionally, since locks are inherently mutable objects, this means you need to declare them with var instead of let.

[…]

You must be careful with the pthread locks, because you can create a value using the empty () initializer, but that value won't be a valid lock. These locks must be separately initialized using pthread_mutex_init or pthread_rwlock_init[…]

Previously: Locks, Thread Safety, and Swift, OSSpinLock Is Unsafe, os_unfair_lock.

Amazon Now Has a $1 Billion Ad Business

Shareen Pathak (via Hacker News):

According to recent research by Merkle, Sponsored Products Ads are the most heavily targeted format and accounted for 82 percent of all Amazon ad spend, though Headline Search Ads and Product Display Ads did grow faster quarter over quarter in terms of spend.

Amazon has also invested in programmatic, growing its self-serve offering and trying to get more “non-endemic” brands into its platform so it can lessen reliance on retail. That’s involved courting advertisers from brands that don’t sell on Amazon, such as auto brands or wireless and telecom companies.

Friday, October 27, 2017 [Tweets] [Favorites]

Biskus APFS Capture

Thomas Tempelmann:

The first and only program to read APFS volumes for forensics analysis (DFIR).

While there are many programs available for capturing disk contents in general, Biskus APFS Capture is currently the only one that performs these operations on Apple’s new APFS file system format.

It does not yet support encrypted volumes (even if the password is known).

Panorama X’s Take on Subscriptions

ProVUE:

After your free trial, you can get started with Panorama X for as little as fifteen dollars up front, and ongoing use is as little as $5/month. For months when you don’t use it, you pay nothing. There are no recurring payments — we don’t keep your credit card on file and you are in control at all times (all payments are made from within the application, under your control).

So you essentially pre-pay for a certain number of months, and you aren’t billed for months with less than an hour of use, e.g. if you accidentally launch the app or just need to look up something quickly. It’s $8.33/month for one year, down to $5/month for five years. After the “subscription” expires, the app keeps working but switches to nag mode. All in all, this seems like a fair deal, although it’s considerably more complicated to implement than regular subscriptions or the traditional software model.

Jim Rea:

Our goal is to make it easier for new users to come onboard with Panorama. In the past, the only way a new user could start using Panorama was by paying hundreds of dollars up front. Sure, we’ve always had a free trial, but for a full featured product like Panorama, it often takes more than 15-30 days to really fully understand how and if it will fit into your workflow. But with the old model, the user had to take on all the risk and put up a big chunk of cash up front. Understandably, a lot of potential users were reluctant to do that. We’d like to see lots of new users start using Panorama X, so we gave a lot of thought to how we could help users around this roadblock.

[…]

In addition, I think subscriptions in general have gotten a bad name because quite a few companies have made a big price hike at the same time that they switched to the subscription model. In some cases the software now costs the same per year that it used to cost to purchase. We haven’t done that.

Ultimately, I think this new system is a big bet on our part that customers will like Panorama X and find it productive for them. If they don’t, our revenue will dry up, and we won’t have banked a big up front payment. We’ve set this system up in a way that we have to earn our keep on an ongoing basis. If the software isn’t great, we’ve got nowhere to hide.

Previously: Productivity Apps and Subscription Pricing.

Update (2017-11-07): Joe Kissell:

For those of you who were not already familiar with it, Panorama is to databases as Nisus Writer Pro is to word processors. That is to say: it doesn’t merely get the job done; it’s endlessly flexible, customizable, and programmable, so you can make it do whatever you need it to do. Just as Nisus Writer Pro can slice and dice text in any conceivable way, Panorama can do the same with structured data.

The only problem — and it was a pretty big one — was that for years, Panorama had been increasingly behind the technological curve. Panorama 6 wasn’t a 64-bit app, it didn’t support Unicode, it had a homely and old-fashioned user interface, and it suffered from a long list of other limitations that were more and more frustrating for people using recent versions of macOS. Developer Jim Rea decided it was time to rebuild the app from the ground up, and it has been a long but rewarding process. The new version has virtually all the capabilities of the old one — and many more — without those drawbacks, and in a form that’s both more comfortable to use and far more sustainable.

How to Accept Payments for Your Digital Products

Daniel Alm:

In this article, I will outline the common payment options for digital products and their individual advantages and disadvantages. This is from the perspective of a Mac developer, but apart from the licensing aspect, it applies to all other digital products as well, including SaaS subscriptions and online courses.

[…]

If you are based in the US, you might get away with ignoring the EU’s VAT rules altogether, but I don’t recommend that. You would be in good company there — looks like Panic and The Omni Group have just that approach — but I still don’t recommend it. (I’m German. We really like to avoid risks.)

I’m using FastSpring and am happy with the service, though the fees are higher than I’d like.

Sadly, Frank Illenberger is selling kagi.com (via Michael Love).

Previously: More International Taxes on Software Sales, Kagi, RIP.

One-Pixel Attack for Fooling Deep Neural Networks

Jiawei Su et al. (PDF, via Thomas Lahore):

Recent research has revealed that the output of Deep neural networks(DNN) is not continuous and very sensitive to tiny perturbation on the input vectors and accordingly several methods have been proposed for crafting effective perturbation against the networks. In this paper, we propose a novel method for optically calculating extremely small adversarial perturbation (few-pixels attack), based on differential evolution. It requires much less adversarial information and works with a broader classes of DNN models. The results show that 73.8% of the test images can be crafted to adversarial images with modification just on one pixel with 98.7% confidence on average. In addition, it is known that investigating the robustness problem of DNN can bring critical clues for understanding the geometrical features of the DNN decision map in high dimensional input space. The results of conducting few-pixels attack contribute quantitative measurements and analysis to the geometrical understanding from a different perspective compared to previous works.

Inside Amazon Web Services

David Pogue:

Over the last decade, Amazon has quietly built up the world’s largest cloud-services company, called AWS (Amazon Web Services). In terms of income and profit, it’s much bigger than Amazon.com (the division that sells stuff by mail-order).

It’s also much bigger than its rivals, which include Microsoft, IBM, and Google; in fact, AWS says that it’s bigger than its next 14 competitors combined.

[…]

POGUE: Snowball, you call it?

WOOD: It’s 100 terabytes of storage. And you just connect this up to your data center, load your data on. And then you just physically ship it back to us, and then we load it into the cloud from our data center.

[…]

POGUE: That leads into my other question, which is that 70% of the cloud, 70% of the world’s internet traffic, flows through data centers in Loudoun County, Virginia. Should we be worried about that concentration?

WOOD: No, that data is backed up across multiple different physical locations. And we do that to limit the blast radius. If something does happen, or we have a power event, or there’s a flood in one specific location, that data is held redundantly in other locations, as well. So the cloud just keeps running.

Update (2017-10-28): Tim Bray:

Some of our services are cooler than others, but what I think customers care about most is confidence that the services, cool or boring, will be there 24/7/365. What that means is that everything has to be automated, and much of the most brilliant engineering at AWS, done by some of the smartest people, does its work behind the scenes where nobody will ever see it.

[…]

If you’re the kind of person who’s OK with spending a lot of time constructing carefully-written narratives, and being in meetings that start with 20+ quiet minutes while every one reads the narrative, you’ll like working here, and if not, definitely not.

Thursday, October 26, 2017 [Tweets] [Favorites]

Protecting Against Rogue Camera Access

Felix Krause (MacRumors):

iOS users often grant camera access to an app soon after they download it (e.g., to add an avatar or send a photo). These apps, like a messaging app or any news-feed-based app, can easily track the users face, take pictures, or live stream the front and back camera, without the user’s consent.

[…]

How can the root of the problem be fixed, so we don’t have to use camera covers?

  • Offer a way to grant temporary access to the camera (e.g. to take and share one picture with a friend on a messaging app), related to detect.location.
  • Show an icon in the status bar that the camera is active, and force the status bar to be visible whenever an app accesses the camera
  • Add an LED to the iPhone’s camera (both sides) that can’t be worked around by sandboxed apps, which is the elegant solution that the MacBook uses

Three MacBook Mistakes: Will Apple Correct Course?

Jason Snell:

It’s been nearly three years since the new MacBook arrived bearing a single USB-C port for both charging and peripherals. Through two revision cycles, it has remained largely unchanged. USB-C hubs do exist, but the fact is that out of the box, you can’t power the MacBook and attach any USB devices. That’s less than ideal. So is a redesign in the works, and might Apple take that opportunity to add a second USB-C port?

[…]

An entire generation of Apple laptops may be saddled with fragile, unpleasant keyboards. And a laptop without a functional keyboard is basically useless.

[…]

My early hopes that app developers would innovate with the Touch Bar to improve productivity have also been dashed, more or less. A year later, the Touch Bar seems to have no momentum and fails to provide a compelling reason for users to embrace it.

Dan Counsell:

In general, the Touch Bar MacBook Pro is an excellent machine. It’s fast and well built. However, I’m not a fan of the new keyboard and touch bar, and when you combine that with the list of other issues I have, it’s easy to think that maybe I should have just stuck with the 2015 MacBook Pro.

[…]

Apple may have pushed to hard this time and misjudged the line between Innovation and annoyance.

Michael Love:

So yeah, I’m feeling more and more like old non-crappy MacBook + iMac (Pro or non) is going to be the way to go for a lot of developers.

This is what I’m doing.

I’m optimistic in a year or two Apple will come to their senses + release a laptop that can be my only computer, but isn’t so right now.

Previously: Unreliable MacBook Pro Keyboards, The Impossible Dream of USB-C, New MacBook Pros and the State of the Mac.

Update (2017-10-27): Colin Cornaby:

MacBook Pro shenanigans are a big reason my primary is still a desktop.

Angela Ahrendts’s Plan for Apple Retail

Nicole Nguyen (via Ben Lovejoy):

In February 2016, Ahrendts removed the word “store” from the retail naming convention (for example, Apple Store Union Square is now called Apple Union Square) — and at the most recent keynote, she said, “It’s funny, we actually don’t call them ‘stores’ anymore. We call them ‘town squares’ because they’re gathering places for 500 million people who visit us every year.” The phrasing didn’t sit well with critics, who say that a retail store that sells $1,000 iPhones is hardly a space synonymous with civic life, that it’s not actually a public place, and that calling it such is a “pretentious farce.”

[…]

“It used to be that 80/20 rule — [malls] would be 80% shopping and 20% experience. It’s got to go the opposite now, because all the shopping you can do faster, cheaper, etc., online,” Ahrendts said in a May 2017 interview with LinkedIn.

By adding communal features (including free Wi-Fi and outdoor tables) and offering classes (that extol the features of Macs and iOS devices), Ahrendts is hoping to persuade customers to spend more time in Apple Stores. Maybe they’ll even want to buy something. You can now go to the Apple Store to learn how to code in a schmancy new theater, or watch a performance by an Apple Music–featured singer-songwriter, or sit under a tree with a Genius to figure out why your iPhone doesn’t charge anymore, or watch as an illustrator doodles live (on, of course, an iPad).

[…]

Ahrendts also made a number of refinements to in-store service. Going to the Apple Store “shouldn’t be like going the dentist,” she said. You can now get a text message when someone at the Genius Bar is available, instead of having to wait around. That bar has also been, in some locations, refashioned into an airy “Grove” with additional seating. Updating the Genius area may be the most visible operations work Ahrendts is doing. Getting a broken iPhone, Mac, or iPad serviced remains a frustratingexperiencefor many.

I don’t see anything about increasing the Genius capacity or improving the appointments experience. It’s a nice idea to make people want to spend more time in the stores, but that seems at odds with what seems to be the current reality: stores that are overcrowded and understaffed.

Previously: Apple’s Support Gap.

Update (2017-10-27): Stephen Hackett:

Apple can make it stores as beautiful as they want, but until it can more effectively manage the many, many customers who show up needing support, the stores will still be frustrating.

Amazon Revokes Delicious Library API Access

Amazon:

We are writing to tell you that effective as of today’s date, Amazon is terminating your Associates account. Under the terms of the Operating Agreement, we may terminate your account at any time, with or without cause. This decision is final and not subject to appeal.

[…]

You are using Content or Special Links, or otherwise linking to the Amazon Site, on or in connection with a browser plug-in, toolbar, extension, or other client-side software.

Wil Shipley:

The stated reason (above) that non-North-American Amazons dropped us appears to be that we’re linking to Amazon from a program instead of from a website, which isn’t something we can change — Delicious Library is definitely a program! (I believe North America hasn’t dropped us because they understand our business model better, and because we have managed to turn off our advertising fees in the U.S. We’d love to turn them off in other countries, if we knew how, and were accepted back.)

It’s an odd and unfortunate situation. The API for searching Amazon’s catalog is only available through the Amazon Associates program, which pays a commission fee when a customer clicks through to Amazon from a tagged link and then makes a purchase. Delicious Monster is not abusing the program/API to get more commissions—indeed, they’re willing to decline the fees entirely—they just want to use the API to look up barcodes in Amazon’s catalog. It would be beneficial for all the parties concerned for the app to keep working, but there doesn’t seem to be a way to communicate that.

John Gruber:

I told the story a few months ago that I got dumped from Amazon’s affiliate program because of a single article from over a decade ago where I encouraged DF readers to bookmark my Amazon affiliate URL. I actually think that was allowed back when I wrote it, but apparently now it’s against Amazon’s terms. That’s fine. But the way they dumped me was a bit unsettling[…]

Apple’s practice is also to close an account without prior warning or a way to appeal. For better or worse, developers don’t have separate Apple accounts for different countries.

Wednesday, October 25, 2017 [Tweets] [Favorites]

Modeling One-to-Many in SQLite Using the JSON1 Extension

Benjamin Encz:

The real additional complexity lies in building a query that servers our typical query pattern: fetching an entire record by its UUID. In the past it was sufficient to select all columns (SELECT *), now we need to join with the issue_assignee table to get a full representation of an issue into memory. The relational approach reduces data locality (not all information about an issue is located in one place anymore) which adds complexity to our application.

[…]

As mentioned in the intro of the article, SQlite has built-in support to query columns that contain JSON documents (support was added in SQlite 3.9) through the JSON1 extension.

This means we can model the assignees of an issue as an array of JSON objects, instead of using a join table[…]

[…]

Thanks to the JSON1 extension we can also build queries for fetching all issues assigned to specific user, without fetching all issues into memory. To fetch all issues assigned to the user with the UUID “7” we can use the following query:

SELECT Issues.* from Issues, json_each(Issues.assignees) 
WHERE json_extract(value, '$.uuid') = "7"

iPhone X Production and Availability

Alex Webb and Sam Kim (Hacker News, MacRumors):

That left suppliers short on time to prepare their factories and explains why the iPhone X is being released a full six weeks later than the iPhone 8, said this person, who asked to remain anonymous to discuss an internal matter. “It’s an aggressive design,” the person said, “and it’s a very aggressive schedule.”

[…]

The dot projector is at the heart of Apple’s production problems. In September, the Wall Street Journal reported that Apple was having trouble producing the modules that combine to make the dot projector, causing shortages. The dot projector uses something called a vertical cavity surface-emitting laser, or VCSEL. The laser beams light through a lens known as a wafer-level optic, which focuses it into the 30,000 points of infra-red light projected onto the user’s face. The laser is made of gallium arsenide, a semiconductor material, and the lens is constructed of glass; both are fragile and easily broken. Precision is key. If the microscopic components are off by even several microns, a fraction of a hair’s breadth, the technology might not work properly, according to people with knowledge of the situation.

To make matters worse, Apple lost one of its laser suppliers early on. Finisar Corp. failed to meet Apple’s specifications in time for the start of production, and now the Sunnyvale, California-based company is racing to meet the standards by the end of October. That left Apple reliant on fewer laser suppliers: Lumentum Holdings Inc. and II-VI Inc.

[…]

To boost the number of usable dot projectors and accelerate production, Apple relaxed some of the specifications for Face ID, according to a different person with knowledge of the process. As a result, it took less time to test completed modules, one of the major sticking points, the person said.

Matthew Panzarino (via MacRumors, ArsTechnica):

Apple has issued a statement stating that the report is “completely false” and that it expects Face ID to be the new gold standard of facial authentication.

Apple:

iPhone X will be available in more than 55 countries and territories, and in Apple Stores beginning Friday, November 3 at 8:00 a.m. local time. Stores in most countries will have iPhone X available for walk-in customers, who are encouraged to arrive early.

Nick Heer:

Don’t count on it being easy, though. Nikkei reporters say that the initial iPhone X shipments from now until the end of the year will total just 20 million. For comparison, Apple shipped over 78 million iPhones between October and December last year.

Previously: Face ID.

Update (2017-10-26): Nick Heer:

Even with that limited information, though, I think it’s possible to guess at different ways that Bloomberg’s report may be a reflection of the complexity of producing the iPhone X at scale and how Apple’s statement reflects the shipping product[…]

John Gruber:

According to several trusted sources within Apple, including multiple engineers who worked directly on the iPhone X project, the decision to go “all-in on Face ID” (in the words of one source) was made over a year ago. Further, the design of the iPhone X hardware was “locked” — again, a source’s word — prior to January 2017. If I had to wager, I’d say it was locked a few months before the end of 2016.

[…]

So where do these rumors come from? I don’t know. My guess is that if there’s an intent behind them, it’s that competitors (cough, Samsung?) within the Asian supply chain are attempting to sow doubt about Face ID. The narrative presented by analysts and certain news reports this summer was that Apple was still scrambling to get Touch ID working embedded within the iPhone X display, suggesting that Face ID was their Plan B.

Dan Masters:

FWIW, I was never skeptical about Face ID:.

I am concerned with the supply chain management & product planning:

  • OLED supply (Samsung as sole supplier)
  • Face ID yield (as low as 20%!)
  • Halved iPhone X production
  • Incorrect iPhone 8 projections

Joe Rossignol:

Apple’s operating chief Jeff Williams will reportedly meet Foxconn chairman Terry Gou later this month, following several reports about ongoing iPhone X production issues, according to Nikkei Asian Review.

While the report did not say which topics Gou and Williams will discuss, it said the two executives will presumably look at ways to deal with the manufacturing bottleneck for Apple’s new high-end smartphone.

Update (2017-11-07): Robert Lo Bue:

Several people receiving iPhones with broken cameras, me included[…]

Steve Troughton-Smith:

Perhaps the increased Face ID production rate really was a ‘test the modules less, and if they fail let customers replace them’

Joe Rossignol:

For over a year leading up to the iPhone X, rumors ran rampant about Touch ID being placed under the display, or on the back or side of the device, but Apple’s hardware engineering chief Dan Riccio says the reports were never true.

In an interview with TechCrunch’s editor-in-chief Matthew Panzarino, Riccio said Apple “spent no time” looking at implementing fingerprint authentication in these ways because it was already focused on perfecting Face ID.

John Gruber:

Apple does not like talking about product development timelines. How long it takes them to design and ship a product is something they consider competitive information.

Josh Levenson:

During a recent interview with Mashable, Dan Riccio, Apple’s SVP of Hardware Engineering, revealed that the firm originally intended to release the iPhone X in 2018, “but with a lot of hard work, talent, grit, and determination [it was] able to deliver [it] this year”.

Brian X. Chen (via Riccardo Mori):

The iPhone X feels ahead of its time, perfect for a target audience of technology enthusiasts and obsessive photographers. Everyone else may want to wait awhile to buy.

Tuesday, October 24, 2017 [Tweets] [Favorites]

iBooks Author Conference Highlights Ecosystem Worries

Josh Centers:

Authors who choose iBooks Author do so because it’s free and it’s flexible, but the other reason I heard repeatedly was that it’s the “best in class.” iBooks Author can do things that no other publishing tool can do, making it easy to create multi-touch, multimedia-intensive experiences. Metrock said he is asked once a week about a Windows equivalent of iBooks Author. “It doesn’t exist,” he says.

[…]

That might sound like a ticket to publishing fortune, but it’s sadly not the case. iBooks Author users aren’t in it for the money. Denise Clifton of Tandemvines Publishing, who worked on the investigative reporting book “An Air That Still Kills,” said that the iBooks Author version was the best and most advanced, but sold fewer copies than any other.

[…]

It’s no secret that Apple doesn’t pay much attention to iBooks Author. All you have to do is look at Apple’s own page for it, which brags that it “has been beautifully redesigned for OS X Yosemite.” Welcome to 2014! iBooks and the iBooks Store haven’t fared any better.

So iBooks Author falls into a strange hole where it’s a powerful, unique tool, but its creator seems to have no interest in its survival. How did we get here, and why hasn’t Apple just pulled the plug?

Quicken 2018 Switches to Subscription

Zac Hall:

Mac customers now have more options for Quicken versions for the first time with Starter, Deluxe, and Premier versions offered. Starter is priced from $34.99/year, Deluxe from $49.99/year, and Premier from $74.99/year so Quicken customers on the Mac can now pick which version is best based on their needs.

[…]

Quicken 2018 shifts the pricing scheme from paid annual upgrades to a new annual subscription plan. Year-long subscriptions are available online while two-year plans that include different price points (full prices below) are available through retail channels.

Quicken 2017 and 2015 were both $75 ($64.59 at Amazon), with a $10 discount for upgrades. I’m not a Quicken user, and the different versions (some not available for Mac) are confusing enough that I’m not sure whether this is a price increase or just a change in model.

makeittalk:

Like others, I’m annoyed with Quicken for forcing upgrades without delivering added value. Previously, they disallowed online access after three years. Now that have reduced that to ONE year. I’ve used Quicken since it came on 3.5 inch floppy disks (remember them?) but for a while now have been searching for an alternative on my Mac. Quite honestly, there isn’t anything that is as robust as Quicken for Windows - Mac included. I run a VM with Windows just for Quicken.

[…]

I have grudgingly paid these guys every three years to keep my downloads working. All I have for this is a tweaked interface. With this model, they have tripled my cost.

iOS Calculator Bug

Stephen Heaps:

Is the iOS 11 Calculator slow for anyone else? Do button anims need to complete now? 1+2+3+4 at this speed should work fine…

1+2+3+4 = 28?

It’s the + after the 2 isn’t hit. But it should be hit. Look how slow I’m tapping!

Dave Peck:

Here’s a fun one: open the iOS 11 calculator. Rapidly type 1 + 2 + 3. Odds are you won’t get 6…

Javier Soto:

Apple software is buggy, but surely the iOS calculator can still do 1+2+3 correctly.

Mike Rundle:

Calculator in iOS 11 has such a long animation (and blocks all other touches) that it’s unusable. Burn it down.

I hadn’t seen this bug before, probably because I use PCalc, but I was easily able to reproduce it, even with Reduce Motion on.

See also: Reddit.

Update (2017-10-24): Marco Scheurer:

First (only?) default app coded in Swift and “Swift code is safe by design, yet also produces software that runs lightning-fast”. The irony.

Dave Mark:

When you hit the plus sign for the second time, the calculator app goes into some odd state. Not sure if this is intentional, or a bug, but either way, this is not what you’d expect.

Chris Espinosa:

In case you’re tempted to write a Radar on this, 70+ people have beaten you to it.

Update (2017-10-25): Rosyna Keller:

The interesting part is that this is a very old bug. Just now getting news.

Peter Maurer:

This made me realize that bug marketing is a thing. If you want an annoying, but fairly inconsequential bug fixed, find a way to make it go viral.

Update (2017-10-26): See also: MacRumors.

Update (2017-10-29): Nacho Soto is seeing a similar bug on macOS 10.13.

Update (2017-10-30): Juli Clover:

The new iOS 11.2 beta, released to developers this morning, addresses a Calculator animation issue that’s been present since iOS 11 was released to the public in September and throughout the iOS 11 beta testing process.

Update (2017-11-13): See also: The Talk Show.

Update (2017-12-02): Rob Griffiths:

The Calculator bug persists in iOS 11.2. It’s not as bad as it was before, but it’s definitely still there. You don’t even have to tap super fast; I can make it happen whether I’m using two fingers or one. As long as a couple of button taps are within a reasonably-quick amount of time, you’ll get the wrong answer.

Monday, October 23, 2017 [Tweets] [Favorites]

How Well Do Filesystems Handle Errors?

Dan Luu (tweet, Hacker News):

We’re going to reproduce some results from papers on filesystem robustness that were written up roughly a decade ago: Prabhakaran et al. SOSP 05 paper, which injected errors below the filesystem and Gunawi et al. FAST 08, which looked at how often filessytems failed to check return codes of functions that can return errors.

[…]

No tested filesystem other than btrfs handled silent failures correctly. The other filesystems tested neither duplicate nor checksum data, making it impossible for them to detect silent failures. zfs would probably also handle silent failures correctly but wasn’t tested. apfs, despite post-dating btrfs and zfs, made the explicit decision to not checksum data and silently fail on silent block device errors.

[…]

Relatedly, it appears that apfs doesn’t checksum data because “[apfs] engineers contend that Apple devices basically don’t return bogus data”. Publicly available studies on SSD reliability have not found that there’s a model that doesn’t sometimes return bad data. It’s a common conception that SSDs are less likely to return bad data than rotational disks[…]

Plus, APFS can be used on non-Apple SSDs as well as on hard drives, so there’s really no reason to believe that checksums wouldn’t detect errors.

Previously: Apple File System (APFS).

Backing Up Cloned APFS Files

Dave Nanian:

QThere are cases where we can’t make an exact copy of your APFS volume. And Time Machine can’t either. Nothing can.

[…]

The reason is there’s no (public) way to find out that two files are actually sharing the same data (they might even only be sharing some of the same data, as I explain above). So, when copied, the “clone” relationship is broken, as is the ten-pounds-of-shit-in-a-five-pound-bag magic. You now have a full ten pounds. It doesn’t fit…so you end up covered in shit.

[…]

Time Machine does seem to be able to determine if two files are clones (which I assume it’s doing with private APIs, because I can’t find any documented APIs to determine if two files are clones). When it backs up cloned files, it uses hard links to represent them (since HFS+ doesn’t support clones, and Time Machine can only back up to HFS+ volumes), and when it restores, it checks to see if those files are clones (which it tracks in a special database), and restores them as clones to APFS…unless they’re restored to an HFS+ volume, where all bets are off.

But even in the best case, restoring to APFS, when files get ‘separated’ when they’re changed, again, only the part of the file that was changed is separate. The other blocks are still shared. So even though they’ve jumped through hoops to maintain the clone relationship, there are lots of cases where Time Machine’s own copies will increase in size too, and it happens more and more as the files diverge further.

[…]

What does this mean for you? It means you can get in cases where data that fits on a source drive won’t fit on a destination, even when the drives are exactly the same size.

Previously: SuperDuper and APFS.

Update (2017-10-29): See also: Howard Oakley.

Stealing Sensitive Browser Data With the W3C Ambient Light Sensor API

Lukasz Olejnik (via Ricky Mondello):

To better compete with native apps, websites might soon be able to access ambient light readings. There is currently an ongoing discussion within a W3C Device and Sensors Working Group whether to allow websites access the light sensor without requiring the user’s permission. Most recent versions of both Chrome and Firefox have implementations of the API.

[…]

Since a website can apply different styles to visited and unvisited links, but cannot detect how the links are displayed to the user, we use the sensor to identify its true color[…]

[…]

Potentially more troubling is the fact that attackers can extract pixel-perfect representations of cross-origin images and frames: essentially, discover how a given site or image looks for the attacked user (in our demo we focus on images because they are easier to exfiltrate). In extreme cases, for example on sites which use account recovery QR codes for emergency access to an account, this could allow the attacker to hijack the victim’s account.

Update (2017-10-25): John Gruber:

I don’t want web browsers to compete with native apps. I want web browsers to be document viewers that I can trust with anything.

The Camera Button

Savannah Reising:

We set out to find an alternative to the Astropad ring. The obvious first option was to make a new gesture, but we realized pretty quickly that there was limited room for this. Every edge of the iPad is already occupied with an existing gesture: swipe up for your dock, left to search, and down for notifications. We really needed something novel to work with.

Our Astro HQ cofounder Giovanni Donelli said that the idea to turn the camera into a button came like lightning, “I had been staring at a white bezel iPad for so long, and I kept wishing there was another home button we could use. My eyes kept falling on the camera, and I really wanted to touch it!”

[…]

The Camera Button works by detecting the amount of light coming in through the camera. Covering up the camera with your finger blocks all light, triggering a response from the iPad. The tricky part was getting it to work in all lighting conditions, across all iPad cameras.

Why Work Without a Nib?

Jeff Johnson:

You can’t merge changes to nib files on different version control branches.

[…]

Unlike source code, nibs have no place for comments written by the developer.

[…]

A couple years ago I was working on an app that was itself around 10 years old. I wanted to fix a bug, and that required a change in a nib file, but when I made the change, that somehow caused another problem even worse than the one I was trying to fix. It was a total mystery. Ultimately, we just had to declare that nib file off-limits, untouchable, in order to avoid the problem caused by modifying the file. This is a terrible position to be in as a developer.

No matter how outdated the source file, no matter how many deprecations and build errors, you can always at least read the old source code and try to refactor it to work again. The same is not true of nibs. Old nibs can become completely unrecoverable, and you just have to trash them and start over from scratch. You may not even be able to use them as a model for the new UI. Remember Interface Builder 3 Plugins? Any nib with an IBPlugin dependency is now garbage.

Previously: Working Without a Nib, Decoding Old Nibs: a Sad Tale of Vendor Lock-in and Abandonment.

Update (2017-10-24): Arek Holko:

XIBs/storyboards are kinda technical debt. Quick and easy to create, hard to maintain.

Update (2017-10-25): Mark Damon Hughes:

These NIB files “work”, in that they deserialize into objects, but there’s no way to edit them. Where possible, I now do most UI work in code; this isn’t great fun, I end up with a ton of builder functions to avoid repetitive code blocks, but it’ll still compile and work in 10 years.

Update (2017-10-27): James Shore:

You say, “no coding necessary!” I hear, “we built a crappy DSL accessed via point-and-click with no version control or testing API.”

Friday, October 20, 2017 [Tweets] [Favorites]

How “Hey Siri” Works

Apple:

To avoid running the main processor all day just to listen for the trigger phrase, the iPhone’s Always On Processor (AOP) (a small, low-power auxiliary processor, that is, the embedded Motion Coprocessor) has access to the microphone signal (on 6S and later). We use a small proportion of the AOP’s limited processing power to run a detector with a small version of the acoustic model (DNN). When the score exceeds a threshold the motion coprocessor wakes up the main processor, which analyzes the signal using a larger DNN. In the first versions with AOP support, the first detector used a DNN with 5 layers of 32 hidden units and the second detector had 5 layers of 192 hidden units.

Apple Watch presents some special challenges because of the much smaller battery. Apple Watch uses a single-pass “Hey Siri” detector with an acoustic model intermediate in size between those used for the first and second passes on other iOS devices. The “Hey Siri” detector runs only when the watch motion coprocessor detects a wrist raise gesture, which turns the screen on. At that point there is a lot for WatchOS to do—power up, prepare the screen, etc.—so the system allocates “Hey Siri” only a small proportion (~5%) of the rather limited compute budget. It is a challenge to start audio capture in time to catch the start of the trigger phrase, so we make allowances for possible truncation in the way that we initialize the detector.

An Important Part of Our Product Line Going Forward

Brian Stucki:

It’s been three years since the current Mac mini was released on Oct 16, 2014. “All About That Bass” was the number one song in the land. Four hundred million humans have been born since that day and have never known a new Mac mini. My daughter is one of them. She already walks and talks and just moved to her big-girl bed. Three years is a long time.

Even as a new machine in 2014, the size was unchanged. With every other Apple product shrinking, the Mac mini has kept the same shape for 7 years, despite losing options like optical drives, dual drives, and port variations. Keeping this same shape has been great for our data center rack plans, but I wouldn’t mind seeing the next version…

Juli Clover:

MacRumors reader Krar decided to email Apple CEO Tim Cook to get an update on the Mac mini and he received a response. Cook said it was “not time to share any details,” but he confirmed that the Mac mini will be an important part of the company’s product lineup in the future.

[…]

It’s not clear when Apple will introduce a new Mac mini, and aside from a single rumor hinting at a new high-end Mac mini with a redesign that “won’t be so mini anymore,” we’ve heard no rumors about work on a possible Mac mini refresh.

Previously:

Schiller: “On that I’ll say the Mac Mini is an important product in our lineup and we weren’t bringing it up because it’s more of a mix of consumer with some pro use. … The Mac Mini remains a product in our lineup, but nothing more to say about it today.”

Update (2017-10-20): Bob Burrough:

In my opinion, the Mac mini is supremely damning, because the minimum effort is just updating the CPU, RAM, storage each year. They didn’t.

Like how would they answer “Why didn’t you update the Mac mini?”

“We’re undergoing a difficult and sophisticated redesign.” I don’t think so.

Nick Heer:

But, over the past few years, you’ve likely noticed a growing concern across the web that Apple doesn’t care about the Mac any more. I doubt that sentiment would be as significant or as pervasive if Apple were providing spec bump updates along the way.

[…]

Also, for what it’s worth, I think it’s difficult to justify charging the as-new price on a Mac that hasn’t been updated in three years. Not from a sales perspective, mind you, but from an ethics perspective — Macs aren’t houses, for example, and 2014 was a long time ago in technology terms.

Update (2017-10-24): Jason Snell:

I can see how those who are pessimistic about Apple’s current and future stewardship of the Mac platform would choose to believe that this statement provides no information about the company’s plans. But I’m not one of them. I think there will be a new Mac mini and I hope that when we finally see it, it’s the smallest one yet.

Movies Anywhere

Valentina Palladino (via nolen, Joe Rosensteel):

A new service launched late yesterday promises to make streaming your favorite purchased movies easier by putting them all in one place. The new free app Movies Anywhere acts like a digital locker for the movies you’ve paid for through various online retailers, including Amazon Video, Google Play, iTunes, and Vudu. Signing up for a Movies Anywhere account gives you access to the digital locker, which you can then populate with purchased or redeemed movies by logging in to the accounts you have with those online retailers.

[…]

Disney launched its service in 2014, and it allowed users to get access to all of the company’s titles in one place. Movies Anywhere is using the same architecture with the blessing and collaboration of five Hollywood studios: Walt Disney Studios (which includes Disney, Pixar, Marvel Studios, and Lucasfilm), Sony Pictures Entertainment, Twentieth Century Fox Film, Universal Pictures, and Warner Bros. Entertainment. While discussions are ongoing with Paramount Pictures and Lionsgate to join the service, Movies Anywhere will not launch with any titles from those studios. However, that still means the service has more than 7,300 titles in its library already.

It looks like this will address some of the problems I’ve been having with videos purchased from Apple. I tried it last night, and everything was amazingly easy considering what must be going on behind the scenes. First, I created an account on the Web site and gave it access to my iTunes and Amazon accounts. Because I’d added two services, I got five free movies: Big Hero 6, The Lego Movie, Ghostbusters (2016), Ice Age, and Jason Bourne. (Before I read the fine print that explains this, I thought it was a bug that it was showing movies that shouldn’t be my library.)

All of the movies from both services are available in the Movies Anywhere iOS app (which seems somewhat better than Apple’s TV app), as well as in the Amazon Prime Video app (which I prefer). In addition, my iTunes purchases now show up in my Amazon account on the Web and in the Amazon Instant Video app on my Blu-ray player. Presumably they would also work on a Kindle Fire or other Android tablet, if I had one. I almost can’t believe that this is possible.

Unfortunately, this only works for movies, not TV shows or concert videos. And only certain studios are participating. In addition to movies from Paramount and Lionsgate, I noticed that the recent James Bond films are missing. These were co-produced by Columbia (which is part of Sony) and MGM (which is not participating).

Update (2017-10-25): Rob Griffiths:

What’s really amazing, though, is that you can not only combine purchases from multiple sources into iTunes, but convert and/or upgrade them in the process. Thanks to Movies Anywhere, I’ve been able to do two seemingly amazing things…

  1. Put an UltraViolet-only (i.e. no iTunes version) digital redemption movie into the iTunes ecosystem.
  2. Paid a modest fee—not to Apple—and converted an old physical DVD into a high-def—and 4K—digital version.

[…]

Beyond redeeming all codes, one really cool feature is the ability to convert any DVD or Blu-ray physical disc into a digital version, in only a matter of minutes—for a small fee, of course. You can convert DVDs to SD for $2, or to HD for $5; Blu-ray conversions cost $2, and obviously, they’re converted to HD only. How do you do this magic?

You do it courtesy of Vudu and the Disc-to-Digital feature in the Vudu iOS app—they offer a Mac desktop app, too, but I didn’t try that one.

The Ridiculous Amount of Energy It Takes to Run Bitcoin

Peter Fairley (via Hacker News:

The ever-expanding racks of processors used by miners already consume as much electricity as a small city. It’s a problem that experts say is bad and getting worse.

[…]

The Bitcoin leech sucking on the world’s power grids has been held in check, so far, by rapid gains in the energy efficiency of mining hardware. But energy and blockchain analysts are worried about the possibility of a perfect storm: Those efficiency gains are slowing while bitcoin value is rising fast—and its potential transaction growth is immense.

[…]

Developers of blockchains for such disparate applications as health care management and solar-power trading see Bitcoin’s energy-intensive design as a nonstarter and are now crafting more sustainable blockchains.

Apple Sued Over “Animoji” Trademark

Juli Clover:

Apple is facing a lawsuit for infringing on an existing Animoji trademark, reports The Recorder. Animoji is the name Apple chose for the 3D animated emoji-style characters that will be available on the iPhone X.

The lawsuit [PDF] was filed on Thursday by law firm Susman Godfrey LLP on behalf of Enrique Bonansea, a U.S. citizen living in Japan who owns a company called Emonster k.k. Bonansea says he came up with the name Animoji in 2014 and registered it with the United States Patent and Trademark Office in 2015.

[…]

In the summer of 2017, ahead of the unveiling of the iPhone X, Bonansea was allegedly approached by companies with names like The Emoji Law Group LLC who attempted to purchase his Animoji trademark, and he believes these entities were working on behalf of Apple.

He opted not to sell, though he says he was threatened with a cancellation proceeding if he did not.

Note that this is different from Ryan Jones’s more recent Animoji app.

Thursday, October 19, 2017 [Tweets] [Favorites]

The Sad State of iOS 11’s TV App

Dan Masters:

Here’s an accessibility outcome Apple didn’t consider:

In iOS 11, TV replaced Videos, which was my autistic brother’s most-used app for 7 years.

Now he can’t access his synced videos because the horrible TV app buries it, and he doesn’t know how to use it.

It’s incredibly frustrating for him. It’s not exactly easy to unlearn 7 yrs of a workflow, and then re-learn a poorly designed app.

The only solution: signing into my New Zealand account (where TV app is unsupported), which restores Videos.

Zac Cichy:

My dad can’t find purchased movies either. The TV app is a disaster and Apple really needs to hear how bad it is.

Yaakov:

It’s also slow and full of small UI bugs.

I have almost no good experiences with the TV app.

A few years ago, I lamented some problems with the iOS 9 Videos app. iOS 11 includes the TV app instead of Videos, and unfortunately it’s even worse.

It can now show the titles of the videos, but there’s still no list view or even a single-column view that can show the titles without truncation. There’s now a search field, but it searches the entire iTunes Store, not just what you’ve purchased. There’s now a side-scrolling list of what you’ve recently purchased. All the other issues that I mentioned still stand.

What’s worse is the way it manages downloads. There’s still no screen to show you downloads that are in progress. There’s still no way to see a list of the videos that have been downloaded. There’s not even a way to delete a downloaded video to free up space. With previous versions, you could go to the Settings app to see which videos were stored locally, and you could even delete them from within Settings. With iOS 11, Settings does not show any videos by name. It just shows the total amount of space consumed by all your videos and lets you delete the TV app itself.

Everything is pushing me away from Apple’s video ecosystem right now. My Apple TV 3’s networking remains buggy since the discoveryd fiasco and will likely never get an update. Apple didn’t even bother supporting it with iOS 11’s Control Center. Meanwhile, the Apple TV 4K does not impress. I’ve tried to avoid having more than one silo of videos, but at this point my iTunes video collection is a liability chaining me to bad software.

Amazon’s Prime Video app, though not perfect, is better on almost all the dimensions that I’ve discussed. And you can do a lot of the management from the Web, which is even better than an app. The main drawback is that it doesn’t support downloading videos to a Mac.

Update (2017-10-19): Ashley Bischoff says that on an iPad you can tap the “DOWNLOADED” text to access a popover with a “Remove Download” button. However, on my iPhone SE there is no such text. It turns out that you can long-press on the title of the video, and then you get a weird full-screen menu with a “Remove Download” button and a Back button.

Update (2017-10-20): Rosyna Keller points out that you can see the download status in the iTunes Store app. On my iPhone, the Downloads section was hidden behind the More tab. He also shows that I was wrong about no longer being able to delete videos from the Settings app. Before, tapping on Videos or TV in the list would immediately show the list of videos. Now, tapping on TV shows the standard Offload App and Delete App buttons, as with every other app, but below that is a Recommendations section with an option to Review iTunes Videos, and the list within that works as before. I should have seen that, but in my defense: the entire Recommendations section is hidden if you don’t have any fully downloaded videos, even when visible it’s below the fold on an iPhone SE, and if the Storage display is already open it doesn’t update to show the Recommendations after a download completes.

Update: I now see a Downloaded section on the main Library screen. It has sections for TV Shows, Movies, Downloaded, and Michael’s iTunes Library. I’m sure that when I wrote the post yesterday I had some fully downloaded videos and that this section was not there, because that’s where I expected it to be (by analogy with the Music app) and not finding it there was the reason I decided to write the post. In any case, it’s there now. And when I access videos from Downloaded (rather than other sections), I do get the DOWNLOADED button for deletion that Bischoff mentioned.

Update (2017-12-11): Martin Kopischke:

After a bit of usage, I’m rather underwhelmed by Apple’s “TV” app: it doesn’t know what iTunes rentals I already watched; on Apple TV, it misses everything else I watched and, to put the cherry on top, it injects an intermediate, not-quite-home home layer into the TV’s UI.

You Can’t Turn Off Spotlight on Your Time Machine Backup

Howard Oakley:

It used to be that you could exclude your Time Machine backups from Spotlight’s indexing. Not only does this save a great deal of time with the mdworker background service chundering through your backup drive making indexes, not only does it save all the resulting disk activity, but it also saves a lot of space. And the space which it saves inevitably grows as your backups grow.

Try adding your Time Machine backup folder to the files excluded from Spotlight indexing, though, and you will be told that you cannot. If you add the whole volume to the Privacy list, then Spotlight will ignore your wish, as regards the backup folder. Not that it will admit to that, of course.

I ran into this recently because of a noise problem that I traced to Spotlight activity on my Time Machine drive. I never need to search my Time Machine drive, so why not save all that noise, CPU time, space, and energy and just turn off indexing? Terminal showed that it succeeded:

$ sudo mdutil -i off /Volumes/imac17\ Time\ Machine\ 2/
/Volumes/imac17 Time Machine 2:
2017-10-19 13:52:13.060 mdutil[69677:5509896] mdutil disabling Spotlight: /Volumes/imac17 Time Machine 2 -> kMDConfigSearchLevelFSSearchOnly
	Indexing and searching disabled.

And it seemed to be off:

$ sudo mdutil -s /Volumes/imac17\ Time\ Machine\ 2/
/Volumes/imac17 Time Machine 2:
	Indexing and searching disabled.

But I still saw lots of indexing activity. It turns out that indexing is still enabled for the backup folder:

$ sudo mdutil -s /Volumes/imac17\ Time\ Machine\ 2/Backups.backupdb/
/Volumes/imac17 Time Machine 2/Backups.backupdb:
	Indexing enabled.

And it’s apparently not possible to change this.

Apple:

If you add a Time Machine backup disk to the privacy list, you will continue to see messages that Spotlight is indexing your backup disk. This indexing is necessary for Time Machine to function properly and can’t be disabled. Spotlight does exclude from searches any items you store on your backup disk that are not part of a Time Machine backup.

Nobody Thinks About eBay

Chavie Lieber (via Hacker News):

One of those things that so many brands want is scale: eBay is enormous. It has 171 million users, with 1.1 billion listed items at any given time. But it’s also no longer the only game in town. There’s competition from all over, most notably from eBay's great rival to the north, Amazon; Brooklyn-based crafts giant Etsy; and venture-backed consignment sites like The Real Real and Poshmark. Deering may talk of the company’s advancements, but the truth is, eBay has fallen far behind.

[…]

These days, 88 percent of postings are “Buy It Now” items, not at all tied to the auction function eBay is known for, and 81 percent of what’s available for sale is new. To eBay, new means unopened, never-used items; this claim is murky, though, as most items are still coming from third-party sellers and not from brands themselves. In fact, eBay has become a haven for flipping, a practice in which users sell in-demand merchandise at exponentially higher prices, further adding to eBay’s sometimes-dubious reputation.

[…]

Amazon Marketplace has grown significantly in the last 17 years. Today nearly half of all products sold on Amazon come from the Marketplace, which sells about 2 billion items and brings in an estimated $132 billion in sales each year, according to e-commerce consultancy firm ChannelAdvisor.

eBay is still useful to find items that no one else sells and to resell items that Amazon won’t allow. But it’s the last place I think about because there’s so much friction compared with other sites.

Wednesday, October 18, 2017 [Tweets] [Favorites]

Unreliable MacBook Pro Keyboards

Casey Johnston (Hacker News):

“If a single piece of dust lays the whole computer out, don’t you think that’s kind of a problem?”

In every other computer I’ve owned before I bought the latest MacBook Pro last fall, fixing this would have begun by removing the key and peering around in its well to see if it was simply dirty. Not this keyboard. In fact, all of Apple’s keyboards are now composed of a single, irreparable piece of technology. There is no fixing it; there is only replacing half the computer.

[…]

The primary motivator behind the rise of the butterfly switch seems to be that Apple keeps trying to make all its products thinner, to a degree beyond reason at this point (MacBook Pros now weigh as little as three pounds).

[…]

If Apple decides to replace the keyboard, it sends out the computer to replace the entire top case; there is no such thing as replacing an individual key or just the keyboard. On a Macbook Pro, the top case retails for $700, but the computers haven’t been around long enough for anyone to be out of warranty yet. In regular MacBooks, which were first available in the spring of 2015, Apple has quoted as much $330 to replace a top case out of warranty. The path from “a piece of dust” to “$700 repair” is terrifyingly short.

Make sure you buy AppleCare!

Stephen Hackett:

I, like the good kbase follower that I am, consulted and followed Apple’s directions for dealing with this[…]

After a couple days of light usage, the problem got worse. […] The bottom lip of the key began to flip up a little bit as the key tried sprinting back up after being depressed. […] One of the tiny arms that the key cap clips onto is broken. My nearly $2,000 laptop that I bought less than a year ago is now missing a key[…]

Nick Heer:

By the way, I know there will be some people suggesting that plenty of generations of Apple products have had their teething issues. I don’t deny that; the MacBook Pro was recalled for graphics issues, the first-generation iPod Nano scratched like crazy and the battery could overheat, and the unibody plastic MacBook’s bottom case peeled off.

But input devices should always — and I mean always — work, in hardware and in software. If a speck of dust affects the functionality of the most-used key because of an attribute inherent to the design of the keyboard, that’s a poor choice of keyboard design, especially for a portable computer.

Jason Snell:

We can feel free to disagree about whether Apple’s new laptop keyboard design with drastically reduced key travel is pleasant to type on or not—I don’t like the feel of the keyboard at all, but I recognize that reasonable people will differ.

But like them or not, these keyboards seem to be easily broken. I can’t tell you how many people I know who have reported some problem with the keyboard that has required a visit to the Apple Store.

Wojtek Pietrusiewicz:

My 2016 MacBook Pro Escape keys like to get sticky when I’m hammering away at the keyboard in the sun, probably due to the key caps expanding from the heat.

John Gruber (Hacker News):

I find these keyboards — specifically, the tales of woe about keys getting stuck or ceasing to work properly — a deeply worrisome sign about Apple’s priorities today.

Marco Arment:

Maybe after today’s articles, Apple will finally be forced to admit to themselves that the butterfly MBP keyboard is fundamentally flawed.

That keyboard has no place in pro laptops, and Apple needs to deeply reconsider the process that led to it being brought to the whole line.

The compressed-air thing is like blowing on an NES cartridge: it doesn’t really fix it. Ask any Genius how many they’ve fixed that way.

Wait until the first 2016 MBPs fall out of warranty in a few weeks and people need to pay hundreds of dollars to repair one broken key.

Anecdotally, it seems to affect about 50% of the people I know with butterfly-key MBPs. When I ask on Twitter, I get similar numbers.

The really scary part is that most of these computers are only a few months to a year old. How will they age?

Riccardo Mori:

I’ve been saying that MacBooks have shitty keyboard since 2015. An acquaintance who got a 12” MacBook had to replace the keyboard 3 times.

John Gruber:

Omit the word “pro”. All Apple laptops should (and for 15 years did) have excellent-feeling reliable keyboards.

Dan Masters:

This happens to me all the time.

It’s funny – I actually prefer the firmer feel of the butterfly keys, but this issue is madness.

Chris Johnson:

“Our” crowd is finding out about this issue now, but MacBook forums have known about these butterfly keyboard issues since mid-2015

Steve Troughton-Smith:

The iPad Pro Smart Keyboard has the same key switches as the new MacBook Pros, with none of the dust issues—fabric MacBook Pro, anyone? 😂

Colin Cornaby:

The key travel is so short the force of bottoming out travels up through my fingers and owwww...

2017’s have a dampener that helps.

Nick Heer (Hacker News):

Dan Luu tested a bunch of popular keyboard models and recorded their latency. Something that might surprise you: Apple’s Magic Keyboard, when connected over USB, had the fastest response time — albeit imperceptibly so in actual usage.

That goes to show that Apple can build great keyboards.

Previously: New MacBook Pros and the State of the Mac.

Update (2017-10-18): Mike Zornek:

I’ve been typing with a broken b key for a month. Will take it in for repair soon. It will be the second time in in less than a year.

andrewtj:

I guess I’m not the only with an MBP keyboard that gets sticky when the machine is hot.

Zac Hall (via Bad Uncle Leo, tweet):

Jonathan Mann of ‘Song a Day’ fame has a new hit on his hands. “I Am Pressing The Spacebar and Nothing Is Happening” is his latest jingle, and it’s a brilliant tune about keys on the MacBook keyboard having a tendency to get stuck when exposed to debris or crumbs or, well, in some cases, air.

Gil Roth:

The left shift-key on my 2017 MB needed fixing w/in 3 months.

Update (2017-10-19): See also: Reddit.

Steve Troughton-Smith:

Speaking of keyboards, had to avail of [the repair program] — so much for Smart Keyboard’s wiring durability 😂 Didn’t age well, @iFixit

Update (2017-10-20): Juli Clover:

“Will we see an October keynote event?” Luke asked. “I think we’re all Keynoted out for the season! :-)” Federighi replied.

So new and improved MacBook Pros are apparently not forthcoming soon.

Steve Troughton-Smith:

So, couple days later, here’s how MBP keyboard poll shook out—of over 2,500 responders, 450 people (22.5%) answered ‘yes’ to fix/replacement

A lot of folks are suggesting that the 2017 keyboards have fixed the issue, which is definitely not true from my responses. Helped? Possible

Riccardo Mori:

In early 2016, a friend of mine told me that she had to bring her 6-month old 12-inch MacBook to an Apple Store because the ‘V’ key had stopped registering, and the spacebar was stuck. I wrote her that this was troubling, but that somehow I wasn’t surprised. Later, when she asked me for advice (“Do you think I should try selling the MacBook after they fix the keyboard? I’m bummed, but I also love it for its lightness…”), I urged her to buy AppleCare if she wanted to keep it, because I feared the problem could return in the future.

It’s October 2017. She still has that Early 2015 MacBook. She had the keyboard replaced three times. She’s grateful to have followed my advice about getting AppleCare.

[…]

Long story short, of these twelve friends and acquaintances that got in touch with me regarding this particular matter, seven had serious keyboard issues, and the remaining five told me that their MacBook/MacBook Pro keyboard feels different now than when they purchased their Macs: some mentions uneven feedback when typing, others say that certain keys — despite still working and being registered after pressed — have kind of lost what little clickiness they had at the beginning.

Update (2017-10-21): See also: Accidental Tech Podcast, The Talk Show.

Update (2017-12-15): Mike Bolich-Ziegler:

@caseyjohnston you should know I was in an Apple store this week & two Apple specialists were baffled on why their iPhone activation system passwords wouldn’t work while using a MBP. Both of their passwords contained an “n.”

The “n” key was broken on a display MBP. 🙃

Cardhop 1.0

Flexibits:

Rather than writing a long blog post with lots of screenshots to tell you what it does or why you have to have it, go watch our promo video for Cardhop. While you’re there, be sure to check out the “Cardhop in action” videos, too.

The same way Fantastical revolutionized how you use your calendars — believe it or not, Fantastical 1 came out in 2011, before Apple released Siri and before voice assistants were mainstream — we believe Cardhop will revolutionize how your use your contacts. We hope that relationships are strengthened and people actually look forward to interacting with their contacts.

There’s one catch: You have to force yourself to use Cardhop for a day or two. After all, old habits die hard. Force yourself to open Cardhop rather than doing things the old way, and after a bit you’ll start to understand the power of Cardhop. It sounds silly, but just give it a day or two to develop new habits with Cardhop and you’ll thank us later.

I’ve been using LaunchBar to access my contacts for many years. It works great for searching but doesn’t really support adding or editing contacts. This is where Cardhop shines, since it features a Fantastical-like interface for parsing information about new contacts as you type. Going beyond Fantastical, you can also edit existing contents by typing in the search field.

For example, you can type “Brian twitter @brian” to add a Twitter account. This is limited, however. There doesn’t seem to be a way to add to the notes field. And I was hoping to be able to write something like “Brian spouse Sara” because it otherwise takes several steps to add a “related names” field, select “spouse” for it, and then enter the spouse. I was also excited to see that you can enter the contact’s title when creating it, but in practice this only worked some of the time. For example, “Tim Cook title CEO company Apple” sets Tim’s title to “title CEO”, although “Tim Cook title CEO” correctly sets the title to “CEO” (but doesn’t set the company).

I love the idea of entering contacts in this way, though I’m not sure I do it often enough to make it worth installing Cardhop and learning how to use it. I just don’t meet that many new people. In contrast, I enter multiple new calendar events every day, so Fantastical is invaluable. Still, I’m going to give Cardhop a try because I think I may find its group features helpful.

Lastly, the icon. I don’t fully understand why it’s a sandwich on a plate, but it’s beautiful.

See also: Stephen Hackett, Brett Terpstra, Rene Ritchie, Juli Clover, David Sparks, Jason Snell, Adam C. Engst.

Update (2017-10-24): Objective Development:

In this article I want you to show three basic features of Cardhop that can be easily accessed via LaunchBar:

  • Creating contacts
  • Sending selected texts to Cardhop
  • Opening contacts

New Lightroom CC and Lightroom Classic CC

Jeff Carlson (MacRumors):

Adobe is introducing Lightroom CC, a brand new, cloud-centric desktop application for Mac and Windows. At the same time, the application formerly known as “Lightroom CC” has been updated and rebranded as Lightroom Classic CC. The core Lightroom experience is at the heart of both programs, but they have different strengths and limitations, especially at this early stage of Lightroom CC development.

For people who do not yet use Lightroom, or have been told by friends that they should use it but were intimidated by it, Lightroom CC should be a welcome introduction to the Adobe ecosystem. For photographers who have used Lightroom for years… it’s complicated.

[…]

Adobe is stressing that both Lightroom desktop applications are in active development. Lightroom CC is the choice for a cloud-centric experience, and Lightroom Classic CC is the choice for customers who have more advanced needs that the desktop-centric version addresses.

[…]

All Lightroom products now require a subscription. Lightroom CC 6.x will be the last stand-alone, non-subscription version that Adobe releases; it will be updated for bug fixes and camera compatibility through the end of the year.

It’s also a price increase. I purchased Lightroom 6 for $149 in May 2015, which works out to $4/month over 30 months. To get Lightroom Classic CC 7.x, I’ll have to pay $10/month—and also get Photoshop, Portfolio, and Spark, which I have no use for. Still, I’m eager to try it because it’s supposed to be a lot faster.

Jeff Carlson:

This is a big shift. I’ve been using the new Lightroom CC for over a year as it has progressed from a little technology preview called Nimbus (demo’d in a blink-and-you’ll-miss-it slot at last year’s Adobe MAX event) to the polished 1.0 application we see today. It’s great, and the performance is stellar, but it does require that existing Lightroom users put some thought into how they’ll use it.

Go read the article. I suspect this move might confuse a lot of people—no, Lightroom Classic isn’t going away; yes, Lightroom CC is probably going to be the sibling that gets the most attention.

The question is, will Lightroom CC gradually evolve to do everything Classic can do, and then replace it? Or is this going to be like Aperture and Photos where the more featured app stagnates and is eventually killed with nothing to replace it?

Update (2017-10-20): Peter Krogh:

Lightroom was developed in response to this new market reality. Adobe took the Camera Raw engine from Photoshop and grafted it on to a database, creating one of the most successful applications in the company’s history. Lightroom was developed by a small team working inside Adobe, essentially functioning as competition to the flagship product. If Adobe had put all their effort into shoring up Photoshop, they would be in very serious trouble right now as a preferred tool for digital photographers.

[…]

But the architecture of Lightroom as a desktop application simply cannot be stretched enough to create a great mobile application. The desktop flexibility that has powers such a wide array of workflows can’t be shoehorned in to full cloud compatibility. The freedom to set up your drives, files and folders as you wish makes a nightmare for seamless access. And the flexibility to create massive keyword and collection taxonomies does not work with small mobile screens. After years of experimentation, the only good answer was the creation of a new cloud native architecture. As with the creation of the original Lightroom, this was done by taking the existing Camera Raw imaging engine and bolting it on to a new chassis – this time a cloud native architecture.

[…]

Just as the advent of Lightroom did not kill Photoshop, the introduction of Lightroom CC will not kill Lightroom Classic. It’s a hugely popular program for an important part of their customer base. And creating a cloud-native version of the software, instead of trying to shoehorn the program into a workflow it did not fit, frees up resources to make Lightroom a better desktop application.

Tom Hogarty:

No, we’re not phasing out Lightroom Classic and remain committed to investing in Lightroom Classic in the future. We know that for many of you, Lightroom Classic, is a tool you know and love and so it has an exciting roadmap of improvements well into the future. But please hold us accountable as we make updates in the following months and years to let us know if we’re meeting your expectations.

Paul Parkinson:

I still think the use of “Classic” is unfortunate. Classic denotes something old, venerated but old. To give the Desktop version this name whilst, at the same time introducing a new product with the old product’s name strongly indicates that the new product is a REPLACEMENT and not an ADDITIONAL product.

It would have been cleaner, clearer and altogether more reassuring to have “Classic” called “Lightroom Professional” or “Lightroom Pro” with the new product taking a different Lightroom nomenclature.

Rick LePage:

I understand the anger that some people have about subscription software—I have subscription fatigue myself—but there are clear, good alternatives out there right now if you don’t wish to be part of that world: Phase One, ON1, Alien Skin Software, and Macphun, among others. [Disclaimer: I have worked for ON1.] Do you have to make concessions based on which product you use? Absolutely, but you’ve always had to do that, even if you used Lightroom. There is no ‘perfect’ product.

[…]

If you’ve been wishing for a true, device-independent, cloud-based photo workflow, Lightroom CC will be hard to beat: even in its initial implementation, it is a better ecosystem for the photographer than anything Apple or Google has tried to do. In fact, I believe that this is what Google tried—and failed—to do a few years ago with their higher-end Google Photos initiative.

Matt Kloskowski:

Lightroom CC has the same tools that Lightroom (Classic) has. So think of it as a hybrid of sorts… it’s for people who like to take photos but probably aren’t using a DSLR most of the time. And they want some more powerful editing controls, as well as the ability to have those photos on any device (laptop, tablet, phone, desktop).

Matt Kloskowski:

They’ve also added something called Range Masking to the Grad filter, the Radial filter and the Adjustment Brush. It’s a way to help your adjustments blend (with a mask) based on color or luminance. And even though I’m mentioning it last, it’s actually one of my favorite things.

Anyway, I did a quick 10 minute video that shows you the changes below.

Richard Butler:

With the company stressing ease of use of the latest version, they probably don’t see it that way, but it’s clear that the user who upgrades their camera and their software only occasionally has no place in Adobe’s shiny new future in the cloud.

In my look back at my excitement surrounding the development and launch of Lightroom v1.0, I said I felt that the subscription model “runs counter to the longevity benefit of building a database around my images”. I stand by that.

Update (2017-10-23): Chuq Von Rospach:

My take, but I admit to just starting to dig into this as I dig out from the trip I just finished, is that other than the name change, if you’re using an Adobe product, nothing really changes (with one exception). So if you went to bed using Adobe Lightroom CC, you’re now using Adobe Lightroom CC Classic. If you had no real interest or use for the mobile stuff, you still don’t, even though it’s now rebranded to be “the” Lightroom.

But this clearly makes Adobe’s plans obvious, but not really a surprise to anyone who has been paying attention to their Mobile endeavours: the future is cloud. which I fully think is the right strategy in the long run, but in the short run, I just returned home with 1300 RAW images (68GB!) and no, the cloud isn’t my answer any time soon.

Eli Schiff:

Let’s talk Adobe icon updates.

Update (2017-10-26): Mark Fletcher:

We liked the power of Lightroom, but it’s almost impossible to share a catalog between two people. It just wasn’t designed for that.

Update (2017-10-27): Jeff Carlson:

I just received an email saying my copy of Capture One Pro 8, which I got two years ago to review for Macworld, is no longer being supported. (The current version is 10.0). So, someone who bought Capture One Pro for $300 two years ago needs to pay $99 to upgrade to version 10. Two year cost: $400.

Adobe’s Photography Plan subscription is $10 per month, which includes the latest versions of Lightroom and Photoshop (and now also includes the cloud-focused Lightroom CC). Two year cost: $240.

See also: MacInTouch.

Update (2017-10-29): Rick LePage:

Adobe’s $120 per year for Lightroom (both versions) and Photoshop is a good deal. It is made better by the fact that Lightroom really is the best product for most photographers in the market, but if you don’t like Lightroom/Photoshop, or are upset about Adobe’s policies, there are many alternatives in the market for you to use.

[…]

One refrain that I am hearing from folks who are intrigued with Adobe’s new stuff is this: if you do wish to move forward with the new plan, it’s going to ultimately cost you twice per month (or more) than you were paying before, and that’s only for 1TB of cloud storage.

Tuesday, October 17, 2017 [Tweets] [Favorites]

Erasing Touch Bar Data

Apple (via Zac Hall):

You can clear any information stored by the Touch Bar before you sell or give away your MacBook Pro.

First, start up from macOS Recovery: Hold down Command-R on your keyboard immediately after pressing the power button to turn on your Mac, or immediately after your Mac begins to restart.

When the macOS Utilities window appears, choose Utilities > Terminal in the menu bar. Type this command in Terminal:

xartutil --erase-all

Update (2017-10-19): Stephen Hackett:

When I first saw this, I assumed this has to do with the fingerprint information stored in the Secure Enclave. I rebooted into macOS Recovery, ran the command and rebooted again. After the restart, my Touch ID information had been wiped from the machine[…]

Third Victory for VirnetX in FaceTime Patent Case

Joe Mullin:

An order unsealed Friday (PDF) reveals that, not only did a federal judge award VirnetX the full $302 million jury verdict that it won last year, but the judge tacked on $41.3 million in enhanced damages and $96 million in costs, attorneys’ fees, and interest. In all, Apple has been ordered to pay a staggering $439.7 million to VirnetX because its VPN on Demand and FaceTime features were found to infringe VirnetX patents.

[…]

Schroeder said enhanced damages were warranted because of Apple’s repeated attempts to stay the litigation due to reviews at the US Patent Office and how the company sought “to inject evidence of the proceedings into the trial, even after receiving adverse rulings from the Court,” Schroeder wrote. He also ruled that Apple’s continued infringement after the first verdict in 2012 could not be justified and therefore must be considered willful.

[…]

Apple also created conflicts on the eve of trial, by hiring a jury consultant who used to work for VirnetX during the first trial, as well as a former VirnetX appellate counsel. Apple’s “failure to ensure that its consultant actually had no conflicts unnecessarily complicated the trial,” and the company’s decision to do so warrants the payment of attorneys’ fees related to the third trial, Schroeder held.

Previously: After Patent Loss, Apple Makes FaceTime Worse.

Google Pixel 2

Dieter Bohn (MacRumors, Hacker News):

Of course, neither the Pixel 2 nor the Pixel 2 XL are made out of plastic. They're made out of Gorilla Glass and aluminum, just like every other high-end phone these days.

But Google coated all that aluminum with a textured finish that hides most of the antenna lines and also makes the phones easier to grip. Google took what could have been a visually impressive design and covered it up in the name of ergonomics. It literally made a metal phone feel like a plastic one. It chose function over form.

Cupertino, please start your photocopiers.

Previously: My iPhone 6s and iOS 9 Experience.

How iCloud Drive Can Break Time Machine Backups

Howard Oakley:

So the error which was breaking these attempts to back up was the result of a source file having the same name as a file which had already been backed up on that occasion – something which should be impossible in HFS+, which does not permit two files in the same folder to have the same name and version. However, in this case the file causing the problem is not stored locally on an HFS+ volume, but in the user’s iCloud Drive, which is reported as ~/Library/Mobile Documents/.

I have no idea as to whether that particular file has a problem, but there is nothing that the user or I can do to fix issues like this in iCloud Drive. The best workaround, then, is for them to add iCloud Drive to their Time Machine exclusion list, using the Time Machine pane.

[…]

One possible explanation of this problem is that the files causing the errors have been written to iCloud Drive from iOS running case-sensitive APFS, and that iCloud Drive has not enforced compatibility with HFS+ naming. This would then mean that Time Machine’s backup would try to write two files with case-insensitive names which were deemed to be identical.

Presumably, case-sensitive HFS+ on iOS could cause the same problem. Assuming that Time Machine is copying the locally cached iCloud Drive files, and not directly accessing iCloud Drive, I don’t understand how the “duplicate” files ended up in his home folder, though, unless he’s not using regular case-insensitive HFS+ (or APFS).

Monday, October 16, 2017 [Tweets] [Favorites]

Disabling Xcode 9 Font Smoothing

Mike Ash uses mach_override and LLDB to patch Xcode 9’s new Swift/Core Text–based editor to get proper code rendering with Monaco 9. This is described in the first episode of Ash’s new podcast (RSS).

Previously: Disabling Xcode 8 Font Smoothing.

Localized App Store Keywords

Sensor Tower (PDF):

Understanding localization is a key component to sound App Store Optimization (ASO). Each App Store utilizes more than one set of localized keywords. This is Apple’s attempt at solving for the fact that multiple languages are spoken within a country. For instance, Spanish speaking users in the US need to find your app when they search in Spanish. This guide was created to help you understand which localizations are indexed in the top App Stores worldwide.

Via Evgeny Cherpak:

I can’t say I fully understand it now, but I learned some valuable things, like I can double or triple my keywords[…]

[…]

SearchAds is very helpful - sure they take a big cut from the revenue, but for my paid app its still worth it as you can see here[…]

Windows 10 Mobile, the End of the Line

Zac Bowden:

Microsoft’s Corporate Vice President for Windows, Joe Belfiore, has today clarified the company’s stance with Windows 10 Mobile and what it’s currently doing in the mobile space. In a series of tweets on Twitter, Belfiore states that as an individual end-user, he has switched to Android, and that Windows 10 Mobile is no longer a focus for Microsoft.

Dan Luu:

Internal vs. external perspectives on Windows Phone

In case you were wondering why there’s so much junk in the app store: MS paid people to upload garbage directly to the app store

KRACK: Breaking WPA2 by Forcing Nonce Reuse

Key Reinstallation Attacks (Hacker News):

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.

Dan Goodin (Hacker News):

The site went on to warn that visiting only HTTPS-protected Web pages wasn’t automatically a remedy against the attack, since many improperly configured sites can be forced into dropping encrypted HTTPS traffic and instead transmitting unencrypted HTTP data.

[…]

KRACK works by targeting the four-way handshake that’s executed when a client joins a WPA2-protected Wi-Fi network. Among other things, the handshake helps to confirm that both the client and access points have the correct credentials. KRACK tricks the vulnerable client into reinstalling an already-in-use key. The reinstallation forces the client to reset packet numbers containing a cryptographic nonce and other parameters to their initial values. KRACK forces the nonce reuse in a way that allows the encryption to be bypassed. Ars Technica IT editor Sean Gallagher has much more about KRACK here.

Graham Sutherland:

The beahaviour of accepting a retransmitted packet comes from the WPA2 standard, which makes the fix situation a little awkward. KRACK abuses the feature of allowing retransmission of lost packets, which is important in 802.11 protocols. “It’s a feature, not a bug”.

Matthew Green (Hacker News):

I don’t want to spend much time talking about KRACK itself, because the vulnerability is pretty straightforward. Instead, I want to talk about why this vulnerability continues to exist so many years after WPA was standardized. And separately, to answer a question: how did this attack slip through, despite the fact that the 802.11i handshake was formally proven secure?

[…]

One of the problems with IEEE is that the standards are highly complex and get made via a closed-door process of private meetings. More importantly, even after the fact, they’re hard for ordinary security researchers to access. Go ahead and google for the IETF TLS or IPSec specifications — you’ll find detailed protocol documentation at the top of your Google results. Now go try to Google for the 802.11i standards. I wish you luck.

[…]

The second problem is that the IEEE standards are poorly specified. As the KRACK paper points out, there is no formal description of the 802.11i handshake state machine. This means that implementers have to implement their code using scraps of pseudocode scattered around the standards document. It happens that this pseudocode leads to the broken implementation that enables KRACK. So that’s bad too.

[…]

The critical problem is that while people looked closely at the two components — handshake and encryption protocol — in isolation, apparently nobody looked closely at the two components as they were connected together.

sequence7:

As an Android user is there any mitigation for this other than ditching my handset and switching to an iPhone or waiting (hopelessly) for a patch from my vendor.

This really does highlight the absolute disaster zone that the Android handset market has become as far as updates are concerned. I’m sure the Pixels will get a fix relatively quickly but almost every other Android user is going to be left in security limbo.

Juli Clover:

Apple has already patched serious vulnerabilities in the WPA2 Wi-Fi standard that protects many modern Wi-Fi networks, the company told iMore’s Rene Ritchie this morning.

Rene Ritchie:

Apple’s AirPorts, including Express, Extreme, and Time Capsule don’t seem be affected, even if using one as a bridge.

Update (2017-10-17): Nick Heer:

I get why security researchers are dialling up the campaigns behind major vulnerabilities. CVE numbers aren’t interesting or explanatory, and the explanations that are attached are esoteric and precise, but not very helpful for less-technical readers. A catchy name gives a vulnerability — or, in this case, a set of vulnerabilities — an identity, helps educate consumers about the risks of having unpatched software, and gives researchers an opportunity to take public credit for their work. But, I think the histrionics that increasingly come with these vulnerabilities somewhat cheapens their effect, and potentially allows other very serious exploits to escape public attention.

Update (2017-10-18): Glenn Fleishman:

However, just because every device in the world could have its traffic sniffed doesn’t mean that every device will. Remember that Wi-Fi is local area networking: attackers must be within range of their targets.

[…]

Even worse are Internet of Things devices that use embedded operating systems with which you never interact directly, many of which can’t be updated at all. Even when products can be updated, dodgy manufacturers and cut-rate prices often result in the abandonment of support for a particular model months after it appears. Updates are often difficult to install and manufacturers don’t notify customers (or have any way to do so), making it unlikely that an average user will learn of a security fix or, discovering it, be able to install it. KRACK will become another tool in an attacker’s kit for recruiting devices like DVRs and nursery webcams into botnet armies.

[…]

Public Wi-Fi networks are unlikely to be affected by the KRACK attacks. Most rely on a portal page to control access to an unsecured network, rather than WPA2. If they do employ WPA2 for access, it’s typically to restrict usage to customers, as it doesn’t provide real security from other users on the same network. In either case, you should always treat public hotspots as untrustworthy.

Update (2017-11-01): It’s fixed in macOS 10.13.1.

Update (2017-12-13): Tory Foulk:

Earlier today Apple officially made firmware updates 7.7.9 and 7.6.9 available for its AirPort Wi-Fi base stations, including the AirPort Express, AirPort Extreme, and AirPort Time Capsule. The 7.7.9 update is meant for 802.11ac routers, while the 7.6.9 update is meant for for 802.11n routers. To install the updates to your firmware, you can use either iOS or macOS AirPort Utility app.

According to Apple support documents posted for both the 7.7.9 and 7.6.9 versions of the update, it addresses multiple issues, including the KRACK vulnerabilities that affected many Wi-Fi enabled devices earlier this year.

It’s not clear why, two months ago, Apple told us that the base stations were not vulnerable to KRACK.

Rui Carmo:

My AirPort Express was just bricked by this upgrade (can’t even factory reset it) which is a tremendous pain given that it was the tiny, neat device that provided coverage in my living room, and I have nothing to replace it with a similar form factor (nor planned budget for doing so).

Saturday, October 14, 2017 [Tweets] [Favorites]

The Impossible Dream of USB-C

Marco Arment (via Hacker News):

While a wide variety of USB-C dongles are available, most use the same handful of unreliable, mediocre chips inside. Some USB-A dongles make Wi-Fi drop on MacBook Pros. Some USB-A devices don’t work properly when adapted to USB-C, or only work in certain ports. Some devices only work when plugged directly into a laptop’s precious few USB-C ports, rather than any hubs or dongles. And reliable HDMI output seems nearly impossible in practice.

Very few hubs exist to add more USB-C ports, so if you have more than a few peripherals, you can’t just replace all of their cables with USB-C versions. You’ll need a hub that provides multiple USB-A ports instead, and you’ll need to keep your USB-A cables for when you’re plugged into the hub — but also keep USB-C cables or dongles around for everything you might ever need to plug directly into the computer’s ports.

Hubs with additional USB-C ports might pass Thunderbolt through to them, but usually don’t. Sometimes, they add a USB-C port that can only be used for power passthrough. Many hubs with power passthrough have lower wattage limits than a 13-inch or 15-inch laptop needs.

It’s been about 2 1/2 years since the 12-inch MacBook introduced USB-C to Macs. How are the hub and dongle choices still so poor? At first I thought USB-C was an annoyance and an additional expense. You have to buy new cables and hubs, but then it’s smooth sailing and ultimately worth the hassle. Increasingly, it seems like no one can actually complete the transition because there are essential pieces of the puzzle that don’t exist.

It’s not simpler to replace a bunch of different cables that look different with a bunch of cables that look the same but are actually different.

I previously thought that maybe Apple should replace Lightning on iPhones with USB-C. Now I’m not so sure. Aside from all the issues Arment mentions, having used USB-C for a while now, I don’t think the connector is as nice.

Update (2017-10-15): Wojtek Pietrusiewicz:

This is the main reason I have been trying, not completely successfully, to keep as many things wireless as possible.

Imagine that—putting up with slow and unreliable wireless connections because the wired options are so bad.

The iMore and Wirecutter USB-C roundups list no actual hubs that increase the number of USB-C ports. I did find this Belkin hub that adds a single non-charging USB-C port. However, it’s not currently available and has only 1.7 stars, with reviewers complaining that it breaks Wi-Fi and doesn’t have enough power for charging.

At this rate, that 2015 MacBook will lose its AppleCare coverage before there is actually a good selection of USB-C peripherals for it.

David Heinemeier Hansson:

USB-C is such a mess, and Apple bears a central role in just why it’s so fucked up. For shame.

I don’t know how much responsibility Apple bears for USB-C itself, but (a) Apple decided to switch its notebooks to USB-C before the ecosystem was ready, and (b) knowing there was a dearth of accessories it created only a few basic first-party adapters, leaving its customers out in the cold.

Update (2017-10-17): John Gruber:

Second, even if you do your homework and know exactly what to look for, there is severe dearth of USB-C products out there. The USB-C hub market is horrendous, but Apple’s MacBook has just one USB-C port, effectively demanding a hub for certain tasks that require external peripherals. Now that all modern Apple MacBooks are USB-C-only, USB-C’s problems are MacBook problems, too.

Update (2017-10-20): None of these USB-C “hubs” actually give you more USB-C ports, either.

Boris Bügling found an Aukey hub that adds two USB-C ports, albeit with limited power. Oddly, it’s not available from the US Amazon store, nor is it shown on Aukey’s own site.

Friday, October 13, 2017 [Tweets] [Favorites]

BBEdit 12

Bare Bones Software (tweet):

The setting “Surround selected text when typing matching delimiters” allows you to control whether typing an opening delimiter will surround the selection range. This is independent from whether delimiters are auto-paired when typing an opening delimiter with no text selected.

[…]

When performing an Extract operation, you can now use a Grep replacement pattern in the “Replace” field (in Find or Multi-File Search) to transform the extraction results.

[…]

Added an “Expert” preferences pane, which provides direction to the Expert Preferences help book. The “Restore Defaults” button in this pane will reset all expert preferences to their factory defaults.

[…]

The Live Search command now supports grep pattern matching when the “Grep” option is enabled, and stored patterns are available under the “Saved patterns” (“g”) popup.

[…]

The navigation bar now contains an item indicating the current Git branch (for documents that are in a Git working copy).

I’ve been happily using BBEdit for somewhere around 22 years now. As a user, I appreciate that it pretty much never does anything to annoy me. This is rare. With almost every other app, I’m always thinking to myself: if I had the time, I’d write my own version that works the way I want. As a developer, I admire that Bare Bones has been able to keep the product thriving for so many years with a steady stream of free and paid updates. They’ve done a good job of balancing adding new features, modernizing the code (incrementally rewriting in different languages and for different APIs), and keeping it (seemingly) bug-free. The next test will be whether BBEdit completes the transition to Cocoa before macOS 10.14 adds “compromises” for 32-bit apps. I’m optimistic because it looks like much of the app has already been rewritten over the last few major versions.

Jason Snell:

I do a lot of text and data formatting in BBEdit, and one of the great additions in this version is a Columns editing command, that enables quick processing of comma- and tab-delimited text ranges—you can cut, copy, delete, and rearrange columns. You might think that sounds like an esoteric feature, but I’ve probably pasted a tab-delimited text block from BBEdit into Microsoft Excel purely for column management hundreds of times at this point.

Wojtek Pietrusiewicz:

BBEdit also has a wonderful manual which is totally worth reading. It’s probably the first software manual that I have read in my life.

Bare Bones Software:

We’ve officially sunsetted TextWrangler and it’s not compatible with High Sierra. Time to switch! 🙂

Update (2017-10-14): Dr. Drang:

That may seem like damning with faint praise, but if much of your professional time is spent using software (and I suspect that’s true for most of you), you know what a ringing endorsement it really is. And it’s in keeping with the Bare Bones motto: it doesn’t suck.

Adam C. Engst:

As with any product that has been around for 25 years, there was a lot of old code in BBEdit, and one of the primary goals for BBEdit 12 was to modernize its code base. That’s work that users seldom see, but there are a few improvements that you might notice. For instance, BBEdit can now take advantage of intrinsic macOS features like Split View, and some controls now rely on system versions rather than custom implementations. Contextual menus now even include services!

[…]

So you can try all of BBEdit 12’s features for 30 days, and if you choose not to purchase a license after that, features that have green stars next to them during the trial will be disabled. The end result is a text editor that has even more features than TextWrangler did — the Preview window, for instance.

Update (2017-10-17): John Gruber:

BBEdit’s longevity and continuing excellence are simply remarkable. I’ve been using it since sometime in 1992 (version 2.2?), and in 1993 I bought the first commercial release, version 2.5. 25 years.

Thoughts on Yoink’s App Review

Matthias Gansrigler:

As some of you may know, getting Yoink for iOS through Apple’s App Review was, to say it lightly, a bit of a pain.

In the end, I was able to release it, but a month late. Had this been my first app as an indie developer, there’s a good chance I would have had to declare bankruptcy now.

I am fortunate enough to have a couple of apps out already that create a steady income, but still, I spent about two months exclusively on this app, so it’s still scary thinking about how I got rejected over and over.

Reviewing a submitted app is generally faster now than in the past, but that’s not really the right metric. What really matters is the total time from the first submission to when it’s available in the store. Imagine if you evaluated customer support based on the speed of the reply without regard to actually solving the problem. Imagine a compiler that would either successfully compile or report a single error.

Plus, it sounds like the rules his app was being rejected for were unwritten.

Thursday, October 12, 2017 [Tweets] [Favorites]

Strange Apple ID Sign-In Locations

Glenn Fleishman:

The first step in Apple’s 2FA is a location alert that appears on every computer and iOS you own logged into the same Apple ID account. The notion is that you should validate that the location is correct before you proceed to get the code. Clicking Don’t Allow terminates the login attempt.

[…]

The location can also be imprecise. My wife routinely is told she’s logging in from about 30 miles south, although on the same home network, it’s more accurate for me. If we both had this issue, I’d expect that the IP address of our network was misplaced in whatever geo-identification system Apple relied on to match IPs with a rough place on the globe.

Kirk McElhearn:

I’m not near London; I’m about 100 miles away.

[…]

I don’t use a VPN, which would certainly affect this, and I find it surprising that the Apple devices that already know my exact location can’t pass this info on to Apple’s authentication servers. Because if I look on Apple Maps on the same iPad, it pinpoints me, exactly where I am.

Nick Heer:

This is particularly troubling because two factor authentication is promoted as being a more secure login option. If a typical user were to set that up and then be shown a map of a login attempt from miles away, they may be concerned, and reasonably so.

Update (2017-10-13): Michael Kummer:

What puzzled me was that according to whatsmyip.org, the geolocation of my IP is Atlanta, GA. So why would Apple show a different location? As it turned out, there are various geo-location databases, and each shows slightly different information. Separate databases map my IP address  to the following locations:

  • Richardson, TX (IP2Location)
  • Atlanta, GA (EurekAPI)
  • Wallingford, CT (DB-IP)

That explains why I see strange location information when signing in from a new device or browser. Evidently, Apple uses the DB-IP database, instead of EurekAPI to query IP geolocation information. Interestingly enough, Apple Maps knows my correct location as you can see in the screenshot below.

Ten Safari Long-Press Shortcuts

Benjamin Mayo:

Much of Safari’s advanced functionality is hidden behind ‘secret’ long-press gestures that you can’t really know about unless you try randomly … or someone tells you. We’ve rounded up all the Safari long press tips and tricks below, so you can take advantage of all the different shortcuts and features it offers.

[…]

New to iOS 11, it is actually possible to have Safari automatically launch Reader for select domains. This means you can view a particular website without distractions, in the streamlined reading-focused Safari Reader interface, automatically every single time.

Update (2017-10-13): Rob Mathers:

Long pressing an image also displays the alt-text, if there is any.

Google Pixel Buds

Valentina Palladino:

Unlike Apple’s AirPods, the Pixel Buds have a wire connecting the two earpieces. However, that wire doesn’t connect to a smartphone or other device. […]

All of the Pixel Buds’ controls are built in to the right earpiece, which is a common hardware solution on wireless earbuds. […]

But the most intriguing feature of the Pixel Buds is the integrated Google Translate feature. Demoed on stage at Google’s event today, this feature lets two Pixel Bud wearers chat in their native languages by translating conversations in real time.

[…]

Pixel Buds have a battery that should last five hours on a single charge, which is average for wireless earbuds. They also come with a charging case that can hold up to 24 hours of battery life. Google’s Pixel Buds are available for preorder today for $159.

Dan Masters:

Kudos to Google for offering a distinct value proposition over AirPods, rather than just copying.

Nilay Patel (via Hacker News):

No one else can make W1 headphones, and obviously no one else can modify iOS to support their own custom wireless Bluetooth riff. So your choices are the four W1 headphones, and then a large market of second-class citizens.

Google’s version of this is the Pixel Buds, a set of over-ear neckbuds that serve as basic Bluetooth headphones but gain additional capabilities when used with certain phones. Seamless fast pairing? You need Android N or higher, which most Android phones don’t have. The always-on access to Google Assistant? That’s only for Android phones with Google Assistant; iPhone owners need not apply. And that cool Google Translate integration where Pixel Buds instantly translate languages in real time? Well, that’s entirely exclusive to the Pixel.

APFS and Institutional Recovery Keys

Rich Trouton:

This recovery key model has continued to be used on Apple File System (APFS), starting with macOS High Sierra 10.13.0, with one important difference:

  • You can encrypt an APFS boot drive using an IRK.
  • You cannot unlock or decrypt an encrypted APFS boot drive using an IRK.

[…]

The issue appears to be that a necessary function has not been added to the diskutil command line tool. For FileVault 2 on macOS Sierra and earlier, the command to unlock using an IRK is shown below[…]

Uncle Bob and Silver Bullets

Robert C. Martin:

I just finished reading an extremely depressing article in The Atlantic entitled: The Coming Software Apocalypse. The article does a good job, at first, of describing several terrible software bugs that have harmed, maimed, and killed people. But then the article veers off in a direction that I found disheartening.

The author of the article interviewed many thought leaders in the industry, but chose only those thought leaders who were inventing new technologies. Those technologies were things like Light Table, Model Driven Engineering, and TLA+.

[…]

The obvious solution:

  1. Raise the level of software discipline and professionalism.
  2. Never make excuses for sloppy work.

If only it were that easy.

Hillel Wayne (via Hacker News):

One of the core assumptions of modern systems engineering is that there’s a constant flow of defects: that people make mistakes. You can’t rely on people to not fuck up on their own: after all, the US still has 30,000 auto deaths a year. Rather, the best way to reduce the volume and severity of mistakes is to adjust the system itself. Either make them harder to do, make them easier to catch, or make them cause less damage when they do happen. Don’t just blame the drivers, give them safe roads! Give them seatbelts!

[…]

But unit tests are not enough. Type systems are not enough. Contracts are not enough, formal specs are not enough, code review isn’t enough, nothing is enough. We have to use everything we have to even hope of writing correct code, because there’s only one way a program is right and infinite ways a program can be wrong, and we can’t assume that any tool we use will prevent more than a narrow slice of all those wrong ways.

Wednesday, October 11, 2017 [Tweets] [Favorites]

HashVisitable Swift Evolution Proposal

Vincent Esche (via Tyler Fox):

In short: Hashable is utterly error-prone and does not compose well. And that’s a shame!

[…]

If even the official Swift documentation gets the implementation of hashValue wrong, then who is to expect the average Swift programmer to do any better?

[…]

Now, I’m the first to admit that a scenario where one needs to have multiple hashing algorithms is rather rare.

There are however certain circumstances where multiple hashes per value are desired, if not outright necessary: Bloom Filters.

[…]

As the name implies this new API makes use of the visitor pattern. Instead of implementing the hashing logic on the type T itself we are moving it into dedicated Hasher types, which then get passed to the objects to be hashed.

Here’s his propoasal.

See also: SE-0185: Synthesizing Equatable and Hashable conformance.

New Waterproof Kindle Oasis

Lauren Goode:

The new Kindle Oasis — the same name as last year’s premium Kindle — has jumped up in size, moving from a 6-inch screen to a 7-inch screen. It has an aluminum back, which gives it a more premium look and feel than the Kindles with soft-touch plastic.

Unlike last year’s Kindle Oasis, which used a magnetic case you attached to the e-reader to extend its battery life, the new Oasis relies entirely on its built-in battery. It has a similar physical design, with one thicker side that tapers down on the other side, for one-handed reading. But Amazon has made a point of saying that it managed to fit in a bigger battery, while keeping the tapered side of the device at 3.4 millimeters.

[…]

There are physical page-turn buttons, plus the touchscreen page-turn option; Amazon says it’s worked on both the hardware and software side of things to make page-turning feel faster.

The previous generation Kindle Oasis, which will be discontinued, is one of my favorite hardware products ever. Its shape is very comfortable to hold, it weighs only 4.6 oz. (without the case), and at 5.6″ × 4.8″ it fits in my back pocket or jacket pocket.

The new Kindle Oasis has a larger screen but weighs 6.8 oz. (more than a Kindle Voyage). It’s now 6.3″ × 5.6″ and looks significantly larger in Goode’s photo. The shape and buttons should still be good, but to me the larger size reduces the appeal a bit. Still, it’s much smaller than an iPad mini 4 at 8.0″ × 5.3″ and 10.4 oz.

See also: Kirk McElhearn, Gus Mueller.

Update (2017-11-01): Heather Kelly (via Jason Snell):

Water, it turns out, triggers the Oasis touchscreen. One small splash can turn the page, change the font size, exit the book or do anything else a rogue hand might. In my tests, it didn’t take more than one fat droplet to activate the 7-inch touchscreen.

Kirk McElhearn:

The new Kindle Oasis has the nicest display of any Kindle yet. In the past, Kindles have been plagued by uneven lighting; it was sometimes a crapshoot with different models, whether you’d see the LED bleed on the bottom or the side of the display. If you look at the photos in my review of the original Kindle Oasis, you can see that the lighting is uneven. But on the new model, it’s very smooth, with just some additional brightness at the bottom (which doesn’t show up in the photo below).

The new Oasis is also fast; page turns are fast, accessing menus is fast, and even typing is faster than before. It’s still got a bit of a lag, but you no longer have to wait to see a letter display before trying the next one when you’re searching for something.

Update (2017-12-07): Jason Snell:

The second-generation Oasis is a nice piece of hardware, but I really appreciated the light weight of the first-generation model and I had hoped Amazon would push a little bit more in that direction. The larger screen is good, but it’s not like I’m reading a hardcover book—it’s just a slightly larger paperback size, which is fine but not revelatory.

Tuesday, October 10, 2017 [Tweets] [Favorites]

In-App Apple ID Password Phishing

Felix Krause (tweet, Hacker News):

As a result, users are trained to just enter their Apple ID password whenever iOS prompts you to do so. However, those popups are not only shown on the lock screen, and the home screen, but also inside random apps, e.g. when they want to access iCloud, GameCenter or In-App-Purchases.

This could easily be abused by any app, just by showing an UIAlertController, that looks exactly like the system dialog.

[…]

Hit the home button, and see if the app quits:

  • If it closes the app, and with it the dialog, then this was a phishing attack
  • If the dialog and the app are still visible, then it’s a system dialog. The reason for that is that the system dialogs run on a different process, and not as part of any iOS app.

[…]

Initially I thought, faking those alerts requires the app developer to know your email. Turns out, some of those auth popups don’t include the email address, making it even easier for phishing apps to ask for the password.

Previously: macOS 10.12.2 Impedes Safari Bookmarklets.

Update (2017-10-11): Marco Arment:

It’s long past time that Apple removes the random password popups that plague iOS.

They’re a security flaw that should not exist in 2017.

John Gruber:

I’ve been thinking about this for years, and have been somewhat surprised this hasn’t become a problem. It’s a tricky problem to solve, though. How can the system show a password prompt that can’t be replicated by phishers?

Twitterrific 5.0 for Mac

The Iconfactory (tweet, MacRumors):

Take control of your tweets with multiple windows for a single or multiple accounts, all neatly organized on your Mac’s desktop. Twitterrific’s new Media Viewer lets you easily browse multiple images or watch videos. Media and popover windows can be detached from a timeline for easy reference or tracking conversations.

[…]

Whether you use Twitterrific on your iPhone, iPad, or another Mac, the app automatically syncs your reading position for a seamless Twitter experience. Catch up on your latest tweets on mobile, then pick up right where you left off when you’re back at your desktop, just like magic! Twitterrific also syncs your muffles and mutes from iOS to help you avoid spoilers and unwanted tweets on your Mac’s desktop.

It’s $20, Mac App Store–only, with no trial. But, if you do buy it, trying it should in theory be easy. I’ve been using Tweetbot and iCloud syncing recently, since that seemed to be more reliable than Tweet Marker. However, I could enable Tweet Marker in both Tweetbot (on iOS) and Twitterrific (on Mac), and then my timelines would sync between the clients. Twitter now has native support for muting, so those settings should sync via Twitter itself.

Eli Schiff:

The @Twitterrific for Mac icon evolution.

Marco Zehe:

If you attach an image to a tweet in @Twitterrific for Mac, click on it again to add a description for your visually impaired followers.

Previously: Twitterrific for Mac Kickstarter.

Update (2017-10-11): The Iconfactory:

With each beta release, we tried to make TURBO do something different and fun. Sometimes the sound changed (“We’ve got a chicken!”) or maybe the text was slightly off (much like the CHOCK himself.) We eventually added the spinning animation that you see in the final product.

Sketch 47: Libraries and Smooth Corners

Sketch:

A Library works just like a normal Sketch document that contains Symbols, which you can then access and use in any other document. If you update a Symbol in your Library those changes will sync across all documents containing that component. If you’re working with other designers, as part of a team, Sketch’s Libraries have got you covered. Simply place your document somewhere your colleagues have read-access, like a Dropbox folder, or GitHub repository, have them add the document to their Libraries in Preferences, and they will have quick and easy access to any Symbols in that Library. When you update the Library file, everyone with access will automatically receive the updated version, ensuring you’re all on the same page.

Update (2017-10-18): Sketch:

Last week we launched Libraries, our biggest and most anticipated update yet. We’re really excited about it and we know a lot of you are too, so we thought we’d take a closer look at how Libraries work and what they can do for you.

[…]

For a more technical rundown of these features, head over to our documentation.

Monday, October 9, 2017 [Tweets] [Favorites]

APFS, SuperDuper, and EFI

Dave Nanian:

But, with APFS, we were seeing a number of users indicating that their drive wasn’t ever showing up in the Option+Boot menu, even though the drive was in the Startup Disk Preference Pane, and the usual workarounds didn’t work.

[…]

Analyzing the code there showed that, indeed, bless was embedding an APFS driver into EFI using a private, privileged API that we couldn’t (and wouldn’t want to) use. Interestingly, it was being done during the processing of --setBoot, the option that actually makes a drive the current startup volume. So there we go!

[…]

Except SuperDuper! can’t use --setBoot, because it gives an error: only Apple apps can use --setBoot.

Or can it?

It takes a lot of testing and effort just to keep apps working.

Previously: SuperDuper and APFS.

Update (2017-10-13): Dave Nanian:

The code that’s having problems is in BLCreateBooterInformationDictionary.c in Apple’s Open Source bless project. After some additional investigation, it looks like, in this case, if the APFS container is on an Apple RAID, bless can’t find the Preboot volume and doesn’t properly set up the container.

Xcode Unit Testing Feature Requests

Ash Furrow:

The following is a hypothetical blog post, written by a version of me in a parallel universe. In this fictional world, Apple cares very much about software quality (ensured by unit testing), as well as the developer experience of building software for its platforms. The features I describe of Apple’s new fictional test runner are all real features in the Jest project.

Ash Furrow:

So here’s some due diligence: I have filed eleven radars with Apple asking for individual features that would each enhance the developer experience. They have all been cross-posted to Open Radar, so please feel free to duplicate them.

[…]

These are all feature requests that I’m bringing from other communities – mainly Ruby and JavaScript.

There are some great ideas here.

Bonjeff 1.0

Jeff Johnson:

Bonjour Browser has served us well for many years, and I salute Kevin Ballard for the work. Nonetheless, we’re long overdue for a replacement, and I’ve just written one. After an intense brainstorming session, I was able to produce the worst name imaginable for this new app. Today I’m thrilled to announce and release version 1.0.0 of Bonjeff!

Bonjeff is a free and open source Mac app. I’ve posted the source code on GitHub. You can also download a Developer ID signed Gatekeeper-friendly build of Bonjeff 1.0.0 from the Releases section of the project page. In addition to being validly codesigned, Bonjeff is sandboxed, with only network entitlements. Bonjeff was written entirely in Swift, because that’s what all the cool kids do. And Bonjeff was written without any nibs or storyboards, because that’s what all the uncool kids do.

watchOS SDK Limits

Benjamin Mayo:

What really puts salt in the wound is that Apple has access to a completely different Apple Watch technology stack and doesn’t hesitate to take advantage of it in its own apps. In thinking what I wanted to say for this article, I started flicking through the honeycomb and trying to find a stock app that could be visually replicated by a third party. I really, really, struggled.

[…]

The kind of things Apple doesn’t let you do are critical things that makeup a rich and responsive application. These things should not be passed off as little niceties, they serve a significant role in making an app feel alive and more enjoyable to use. Let’s drive this home with more examples of stock apps doing things third-party developers can’t.

[…]

The current WatchKit API leaves no room for invention. iOS innovations like pull-to-refresh came about because the iPhone OS UI frameworks were flexible enough to let developers and designers run wild with their own ideas, if they wanted to. Some of these custom controls worked so well Apple later incorporated them as standard components in UIKit. That free reign creativity simply can’t happen on the watch at the moment. Apple defines what is possible.

Do iPhones Get Slower Over Time?

Futuremark (via Wojtek Pietrusiewicz):

Our benchmarking data shows that, rather than intentionally degrading the performance of older models, Apple actually does a good job of supporting its older devices with regular updates that maintain a consistent level of performance across iOS versions.

That said, there are some factors that might affect people’s perception of performance after updating an older device with a newer version of iOS. An update might add new features that use more resources or require more processing power. New apps developed for the latest models might not run as smoothly on older devices.

I don’t think CPU and GPU benchmarks are the right way to investigate this question. Obviously, Apple is not using OS updates to slow down the chips themselves. When I see people complaining that their phone slowed down after an update, they’re often talking about a new animation that isn’t smooth. This makes the phone feel slower.

It’s possible that the new code isn’t as optimized for older phones as for new ones. It’s also possible that older phones simply aren’t capable of running the new animation at a speed that looks good. Either way, it’s fair to say that Apple has optimized the OS for newer devices, either through its allocation of engineering time or through its design choices.

New OS versions also bring new features, so there is more code running in the background and consuming memory. In summary, there’s nothing sinister going on, but I do think it’s generally true that newer iOS versions feel slower on the same hardware. In my experience, you generally don’t want to be more than two generations back. iOS 11 runs great on my iPhone SE (which has the same processor as a 2015 iPhone 6s), but I’ve heard complaints from people who have an iPhone 6 or iPhone 5s.

Mike Ash:

I raced Siri on my iPhone 6+ with iOS 11 and iPad Mini 2 with iOS 10. The iPad was waaayyyy faster despite an older CPU.

See also: comments about Mac performance changing with OS updates.

Update (2017-10-10): Riccardo Mori:

The most unfortunate device in this position is the iPad 2 running iOS 9.3.5, whose overall performance has taken a huge hit due to both these factors (poorly optimised apps, and Web advertising slowing down Web browsing). Every time I pick up my wife’s iPad 2, I keep thinking that Apple should have never allowed this device to be updated to iOS 9 in the first place.

[…]

It’s the software that, update after update, becomes more demanding and impacts performance more and more severely. Sometimes the drop is just limited to specific areas or apps. In other cases, like with the iPad 2, the snowball effect is such that the whole device becomes barely usable.

Update (2017-10-11): See also: Brian Barrett.

Update (2017-10-16): Mike Ash (podcast) reports that erasing and restoring his iPhone 6+ made it much faster.

Update (2017-11-13): Mike Ash:

Do iPhones really get slower over time, or is it just our imagination? This repository aims to keep records of iPhone performance for various models over time to objectively answer this question.

Friday, October 6, 2017 [Tweets] [Favorites]

AIM Will Shut Down After 20 Years

AOL (tweet):

AIM tapped into new digital technologies and ignited a cultural shift, but the way in which we communicate with each other has profoundly changed. As a result we’ve made the decision that we will be discontinuing AIM effective December 15, 2017.

Jacob Kastrenakes (via Hacker News):

AOL cut off access to AIM from third-party chat clients back in March, hinting at this eventual shutdown. It’s hard to imagine that many people are still using AIM, so that change, nor this upcoming shutdown, are likely to make a huge difference.

AIM was one of the first and most successful instant messengers, widely used in the late ’90s and even throughout the 2000s.

empath75:

I think it’s remarkable how badly aol fumbled the ball on AIM twice — first by not turning it into a social network, and second by not turning it into enterprise chat.

I didn’t use AIM much because I found it too distracting. Clearly the world has moved on, but it’s sad that replacements such as iMessage and Slack are less functional than AIM in certain ways and don’t have the rich ecosystem of third-party clients.

Cocoa Class Clusters

David Smith:

I was curious about how much mileage we get out of the class cluster pattern (spoiler: a lot!) so I catalogued some.

Apple Granted Uber a Background Screen Recording Entitlement

Kate Conger (via Felix Schwarz, MacRumors, Hacker News):

To improve functionality between Uber’s app and the Apple Watch, Apple allowed Uber to use a powerful tool that could record a user’s iPhone screen, even if Uber’s app was only running in the background, security researchers told Gizmodo. After the researchers discovered the tool, Uber said it is no longer in use and will be removed from the app.

[…]

“Essentially it gives you full control over the framebuffer, which contains the colors of each pixel of your screen. So they can potentially draw or record the screen,” explained Luca Todesco, a researcher and iPhone jailbreaker. “It can potentially steal passwords etc.”

If a user happened to have Lyft installed on their phone too, the entitlement could theoretically be used to monitor how the individual used a competitor’s app—a wild theory, maybe, but not entirely outlandish given Uber’s use of software nicknamed “Hell” to track drivers who worked for both Uber and Lyft.

[…]

The entitlement first appeared in Uber’s app around the time of the original Watch launch in 2015, according to Strafach. Apple only gave developers about four months before the official release of the Watch to slim down their apps and make them work on the new device, so it’s conceivable that Apple granted the entitlement to Uber in order to meet that tight launch deadline.

I don’t trust Uber to use this entitlement responsibly. Nor do I trust App Review to be able to police how the app is using it. It’s shocking that Apple would be so hypocritical about privacy and give special access to a known bad actor. I don’t jailbreak my phone, so I thought I knew that if I downloaded an app from the App Store there were certain things it just couldn’t do, especially without the OS prompting me to give it access. That’s apparently not the case. Fortunately, there likely aren’t many developers with enough clout to get this sort of special treatment.

Update (2017-10-09): Daniel Jalkut:

I have long felt that the sandboxing infrastructure on both iOS and Mac should be used to more accurately convey to users specifically what the apps they install are capable of doing. Currently the sandboxing system is used primarily to identify to Apple what a specific app’s privileges are. The requested entitlements are used to inform Apple’s decision to approve or reject an app, but the specific list of entitlements is not easily available to users, whose security is actually on the line.

Update (2017-10-25): See also: Kif Leswing.

Type-Safe User Defaults in Swift

Mike Ash:

To declare a key, write a struct conforming to the TSUD protocol. Inside, implement a single static property called defaultValue which contains the value to be returned if UserDefaults doesn't contain a value:

struct fontSize: TSUD {
    static let defaultValue = 12.0
}

This is an interesting take that uses a new type for each key and then creates the string key from the type’s name. I have been using a simpler system that looks something like this:

// register
extension MJTUserDefaults.IntDefault {
    static let cacheSize = key("CacheSize", 2000)
}

// query
MJTDefaults[.cacheSize]

I like this because it’s compact to register a bunch of keys in sequence and because putting them all into the same type works well for auto-completion.

Update (2017-10-09): Jean-David Gadina (tweet):

The solution I propose is to automate the wrapping code on runtime, using reflection. This used to be done with the Objective-C runtime. With Swift, it’s even easier through the use of the Mirror class.

Update (2017-10-14): Nicolas Bouilleaud:

#function, as per the documentation, “inside a property getter or setter it is the name of that property”. Unfortunately, that means we can’t write:

struct Prefs_ {
    var foo = TSUD<Date>()
}

because in this context, #function would be Prefs_. Using lazy, I guess, implicitely creates a closure, which is called as a getter the first time the property is accessed, and #function is foo.

Why Many Developers Still Prefer Objective-C to Swift

Paul Hudson:

Objective-C – once the rising star of the app development world – has started to become a second-class citizen in the Apple ecosystem. Yes, it might occasionally get dusted off for a slide or two at WWDC, but the majority of conference talks worldwide are in Swift, Apple is pushing Swift hard in the education space, and major language features come to Swift first.

But if you’re still using Objective-C, you’re not alone – many other developers still prefer Objective-C to Swift, and with good reasons. I got in touch with some Objective-C developers to ask what’s holding them back, whether they feel Objective-C development has become stigmatized, and more – here’s what they had to say…

[…]

Steve Troughton-Smith: Swift was absolutely catastrophic for Objective-C development; for any new APIs or features I no longer have sample code, WWDC slides, tutorials, GitHub or StackOverflow. Whatever about StackOverflow millennial jokes, but losing access to all of this context and knowledge is devastating. On the plus side, the ObjC language itself has gained a bunch of quality of life/syntactic sugar features to help it interop with Swift better, and all of those have been fantastic.

[…]

Michael Lauer: I can only dream about what could have been Objective-C if there was the same manpower behind it.

[…]

Marcel Weiher: Objective-C is OK for what it is and really needs a bullet in the head more than further development!

What’s more surprising and somewhat disturbing is how many obvious defects in the libraries and “preferred coding styles” that would have been trivial to fix without introducing a whole new language weren’t until Swift arrived – and are now attributed to Swift. It’s almost as if these improvements were held back in order to make Swift look good, though I am pretty sure that’s not how it happened.

However, the biggest negative impact will be that it will most likely prevent the development of successor that’s an actual improvement. We really have enough information to build such a beast now, and Apple ignored just about all of it.

It’s not good that people feel left out, but I’ve been pretty happy with the advancement of Swift so far. I feared that people wouldn’t embrace it, and it would be stuck in a limbo like some other former Apple technologies. People would be worried about using it because they thought Apple would drop it, and this would become a self-fulfilling prophecy. Instead, it seems like the train is going full steam ahead, and that gives us clarity. You don’t have to give up Objective-C right now if you prefer it. But time spent learning about Swift at this point will not be wasted. Swift is the future for most development. Yet I think Objective-C will remain useful for a long time to come, both because of existing code bases and because certain APIs and optimizations are more accessible from it.

Update (2017-10-06): See also: Steve Troughton-Smith, Wil Shipley, Hacker News.

When JSONDecoder Meets the Real World

Dave Lyon:

Take for example the “empty” object in JSON. You might expect that an object nested under another object would either be a complete and valid object or would be null – and this is what JSONDecoder expects as well. But in many cases an API might return an empty object (that looks like {}) and cause your JSON decoding to fail even if you’re decoding in to an Optional.

When faced with this issue recently I came up with a protocol based solution to work around this issue. I also made sure that the behavior was “opt-in” so that its possible to be flexible if there are differences between API endpoints.

[…]

Another issue that I hope doesn’t come up too often, is that APIs that have survived for a long time in the wild can sometimes have “versions” (if you’re lucky) or even potentially just have different representations for the same object based on which endpoint is requested. One way to handle this is to “smuggle” some context in to your decoding methods via the Decoder’s userInfo dictionary. Of course we would prefer to have a more structured contract for these and avoid any “Stringly Typed” interfaces, so we’ll want to leverage extensions to add a real interface to the JSONDecoder.

Previously: Swift.Codable, Swift 4: JSON With Encoder and Encodable.

Thursday, October 5, 2017 [Tweets] [Favorites]

Encrypted APFS Volume’s Password Exposed as Hint

Matheus Mariano (via Jeff Johnson):

This week, Apple released the new macOS High Sierra with the new file system called APFS (Apple File System). It wasn’t long before I encountered issues with this update. Not a simple issue, but a potential vulnerability.

The bug was easy to reproduce on my Mac. Plugging the drive into another Mac also shows the password as the hint. So I’m guessing it’s not actually an APFS flaw but rather that Disk Utility is passing the wrong variable as the hint parameter.

Update (2017-10-05): See also: Felix Schwarz.

Sabri:

Including a comma in the name or password of a APFS volume when creating it makes the process failing, miserably. #onlyApple

Apple (via Rene Ritchie):

Your password might be displayed instead of your password hint if you used the Add APFS Volume command in Disk Utility to create an encrypted APFS volume, and you supplied a password hint.

Changing the password on an affected volume clears the hint but doesn’t affect the underlying encryption keys that protect the data.

[…]

If your disk password for any affected encrypted APFS volume is the same as the password that you use for a macOS user account or an internet service, you should change the password of the user account or internet service.

I don’t understand why the underlying encryption keys need to be changed. In any event, Apple recommends downloading the “macOS High Sierra 10.13 Supplemental Update” and then completely erasing your drive and restoring it from backup.

See also: Howard Oakley, MacRumors, Howard Oakley.

Update (2017-10-06): macOS High Sierra 10.13 Supplemental Update:

Impact: A local attacker may gain access to an encrypted APFS volume

Description: If a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. This was addressed by clearing hint storage if the hint was the password, and by improving the logic for storing hints.

CVE-2017-7149: Matheus Mariano of Leet Tech

See also: Felix Schwarz.

Update (2017-10-09): Daniel Martín (tweet):

I decided to apply a binary diffing technique to the update to learn more about the root cause of this bug and hypothesize about how the defect could have been prevented.

[…]

The most interesting keys in the dictionary are kSKAPFSDiskPasswordOption and kSKAPFSDiskPasswordHintOption, which are responsible for storing the password and the password hint, respectively. The bug is that the same variable, which contains the password, (represented in the decompilation as the same virtual register, v50) was used as value for both keys in the dictionary, meaning that the clear password was incorrectly sent as a password hint via XPC.

[…]

This is an example of a common category of bugs where code with a common structure is copied and pasted but the developer forgets to make every required modification and consequently there’s a fatal change in behavior.

Howard Oakley:

That glaring error aside, Disk Utility version 17.0 does some quite strange things at times. My MacBook Air has a Transcend Flash drive inserted into its Secure Digital slot, which Disk Utility refuses to convert to APFS, reporting a StorageKit error 118. That apparently means that it became an unbootable system, which doesn’t seem to make much sense.

Sometimes you can coax Disk Utility 17.0 into doing tasks like that by selecting the drive in the list at the left, unmounting it using that command in the File menu, then trying the task again.

Wednesday, October 4, 2017 [Tweets] [Favorites]

USPS “Informed Delivery” Is Stalker’s Dream

Brian Krebs (via Hacker News):

The service, dubbed “Informed Delivery,” has been available to select addresses in several states since 2014 under a targeted USPS pilot program, but it has since expanded to include many ZIP codes nationwide, according to the Postal Service. U.S. residents can tell if their address is eligible by visiting informeddelivery.usps.com.

[…]

Once signed up, a resident can view scanned images of the front of each piece of incoming mail in advance of its arrival. Unfortunately, because of the weak KBA questions (provided by recently-breached big-three credit bureau Equifax, no less) stalkers, jilted ex-partners, and private investigators also can see who you’re communicating with via the Postal mail.

Perhaps this wouldn’t be such a big deal if the USPS notified residents by snail mail when someone signs up for the service at their address, but it doesn’t.

I wanted to sign up my post office box so I would know how urgent it was for me to check it, but apparently the service is not available for businesses:

Informed Delivery is a consumer-facing feature that gives eligible residential consumers the ability to see a daily digital preview of their household’s mail. While the Informed Delivery product is available for most addresses, it is not available for all. Eligibility for Informed Delivery is dependent on your current registered address and verifying your identity online.

As a business user you are not eligible to participate in the Informed Delivery program. If you want to participate, please create a new USPS account and register as a personal user.

I then tried to sign up my home address but got the error:

Unfortunately, we could not verify your identity online.

You may complete the identity verification process in-person by selecting the Opt-In button below.

It wanted me to verify my identity in person at a post office 43 miles away, in another state. However, I tried again and that time the online verification worked.

Update (2017-10-05): Daniel Jalkut:

I find it a little creepy that they show images of my mail in the unencrypted email to me, didn’t even think about somebody else getting it.

The e-mail includes the images as unencrypted attachments.

Pre-charging and Testing iPhones at the Factory

Bob Burrough:

Something Apple is oft derided for is its treatment of factory workers. Both Tim Cook and Steve Jobs rightly bristled at such accusations. One of my first jobs at Apple was developing factory line software for the first iPhone...

The purpose of our station was primarily to charge the battery to make sure iPhones were fully charged when the user first took them out of the box. After all, nobody wants a dead iPhone.

But why just sit there waiting for a freshly-assembled iPhone to charge? Why not do something useful while waiting? And so, we developed a battery of tests that made sure iPhones functioned properly under stress. A smoke test, if you will.

However, consider the fact that several devices per second are moving down a manufacturing line, the being pulled off to charge. As you pull every device off the line, you very quickly have hundreds, thousands, tens-of-thousands of devices sitting around.

This is indeed how it was, and continues to be. However...consider that one of the tests we ran was to activate all RF-capable equipment on the device to make sure it actually works. Cell, BT, Wi-Fi, GPS, all on at the same time.

Picture: thousands of devices sitting in a factory room, running RF tests.

Do you have any idea how a microwave oven functions?

Indeed. We had to make sure that the room which contained iPhones running such tests was sufficiently RF transparent as to not cook anyone who might have entered; myself included.

So, rather than make the world's largest microwave oven, we took care. Such consideration might not seem obvious, or reasonable, but it's critical. Otherwise, I might not be sitting here relaying this story to you now.

Multiply the number of racks shown here by 50...

A Eulogy for Eudora

Ernie Smith (tweet, Hacker News, TidBITS):

Welty once wrote a story called “Why I Live at the P.O.”; Dorner was inspired by the idea of a mailbox that comes to you, rather than the other way around, which inspired the name.

[…]

And while Andreessen moved to California, Dorner stayed in Illinois, telecommuting for Qualcomm, which eventually acquired his work from the university, for years. Dorner’s main job for many years was maintaining Eudora.

[…]

He got a long-term gig out of the move, obviously, but it meant that his idea was at the whims of a large company that was better known for designing communications hardware than email clients. Eudora was a loss leader of sorts—while it had a shrink-wrapped version, most people used the free one, and the success of the free app gave Qualcomm name recognition at a time when it was still pretty obscure.

[…]

In a 2015 interview with blogger Joe Clark, Dorner made the point that later internet users were less interested in customization than something that worked out of the box. Combined with the growing flood going into our inboxes, our collective philosophy around email had simply changed.

I always respected what Eudora could do, but my favorite 90s mail clients were Emailer and Mailsmith.

Your Device or Computer Could Not Be Verified

I got this error message a while ago, and suddenly none of my Mac App Store apps would launch, even after restarting the Mac. The App Store said that Tweetbot had been purchased on a different Mac, even though I had just downloaded an update for it minutes prior. Suddenly, I couldn’t even sign into the App Store app.

Eventually I traced the problem to something that happened a day or so earlier. We’d had a thunderstorm that damaged my iMac’s Ethernet port (amongst other equipment). At the time, I’d just switched the iMac over to Wi-Fi and started researching surge protection for my cable modem’s Ethernet output. All my apps continued to work.

But the Mac App Store uses the Ethernet MAC address for verification, even when connected via Wi-Fi. At some point it decided to verify things again, and my iMac’s Ethernet was broken enough to interfere with this.

The solution, MacBreaker explains, is a procedure to convince your Mac that it doesn’t even have an Ethernet port:

If neither of the above solutions fix the issue, open the System Preferences app and go to the Network section. On the left-hand column in the Network section, select each of the items and remove it by clicking the minus sign on the bottom of the column.

Then, go to /Library/Preferences/SystemConfiguration in your main hard drive and delete NetworkInterfaces.plist. Or alternatively, drag it to the desktop (as a backup, in case things go wrong).

By removing all of the Network items in System Preferences and deleting NetworkInterfaces.plist, you have effectively reset the network configuration for Mac OS X. Reboot (you may have to reconfigure your internet connection afterwards).

This worked for me. I was able to sign in and download new Mac App Store receipts tied to the Wi-Fi MAC address. And they continued to work after I started using an external Ethernet dongle.

Note: OmniFocus also uses the MAC address as a syncing identifier. After completing the above steps, it will see your Mac as two separate computers, one of which is no longer syncing. You’ll have to remove the Ethernet one or else syncing will get slower and slower because it can’t generate a new baseline without hearing from that Mac.

Previously: More Mac App Store Certificate Problems.

Update (2017-10-06): Howard Oakley:

It also bears pointing out that, in the event of a sudden loss of the Ethernet port, one of your first actions should be to ensure that port is properly connected to a network, and to restart in hardware diagnostics or AHT, as detailed here. You’ll also need to be within range of an active WiFi network, or you may find that you get a code CNWxxx reporting a WiFi hardware issue, rather than another error (unspecified, possibly CNxxxx series) pointing at the Ethernet port.

If your Mac returns a code ADP000, indicating hardware health, the cause is most likely to be software. Keep a watch on your software installations, because what has happened once could always happen again. If you want to read exactly what I experienced, the summary is here.

In those days of El Capitan, we had one major diagnostic advantage: the logs, which were still old-fashioned and relatively uncluttered. I’m not sure how we’d cope now with Sierra’s unified log, in which any useful information would be buried in a torrent of confusing error messages.

Update (2017-10-08): I’m not sure why, but Apple Diagnostics did not report any problems with my iMac’s Ethernet port.

Tuesday, October 3, 2017 [Tweets] [Favorites]

iPhone 8, Qi Wireless Charging, and the Challenge of Open

Ben Bajarin:

In the few weeks, I’ve been using an iPhone 8 and the Mophie wireless charging pad I have woken up the next day to an iPhone that did not charge and has less than 10% battery at least several times a week. This last week alone it happened three times. For a myriad of reasons, from charging coils, to pad design, etc., when using this pad the iPhone and Mophie pad have to be aligned just right, or it won’t charge. You can’t just drop it down anywhere on the pad but instead need to align it just right. Where this impacts me, is throughout the night my phone may get a notification buzz and as a result will move off the sweet spot and then stop charging.

[…]

While many third parties disliked Apple’s MFI accessory program, the guidelines Apple had in place for third parties to create accessories for their products led to consistent experiences with third-party products and Apple products. At the moment, we don’t have the same situation with Qi Wireless charging. While Apple’s embracing of the Qi standard means they will certainly get involved and help drive the standard and the technology forward, for now, Apple runs the risk of having third-party solutions not meet their standards of an accessory that will work with iPhones.

Previously: iPhone 8 Charging Speed.

Update (2017-10-04): Phil Wu:

The Panasonic Qi charging pad has coils that move to where your phone is (Panasonic QE-TM101-K).

Evolving the Dropbox Brand

Dropbox (tweet, Hacker News):

Today we’re announcing the biggest change to Dropbox’s look in our 10-year history.

As our mission has evolved from keeping files in sync to helping keep teams in sync, we realized our brand needs to change, too. Our new brand system shows that Dropbox isn’t just a place to store your files—it’s a living workspace that brings teams and ideas together. The look is expressive, with vibrant colors, rich imagery, a versatile typeface, and playful illustrations.

Putting aside how it looks, that Web site is incredibly hard to scroll and read. It’s like it broke my browser.

Paul Ford:

Dropbox has deemphasized the thing it does beautifully to emphasize the things everyone does poorly.

I just want to search through a folder and have files I actually personally created in this life show up.

Peter Maurer:

Side note: A service that’s meant to be invisible + shrill rebranding = heck of a juxtaposition. I bet those meetings were interesting.

Casey Newton (tweet):

In an interview with AdWeek, Dropbox says it’s hoping the new color combinations help it stand out more among the crowd, and aims to give a “nod to the creativity of our users.” The look and feel is now closer to Adobe than, say, Microsoft OneDrive. Dropbox says the logo colors “can change based on the situation,” though I am unclear on exactly what situation I would need my file sharing service to be a little more mint green than crimson red.

Armin Vit, we can’t wait until you get back.

Update (2017-10-04): Eli Schiff:

DROPBOX—DO YOU REALIZE BOXES’ FLAPS DON’T EXTEND THE ENTIRE WAY ACROSS THE TOP? YOU ARE HOPELESS.

Bob Burrough:

How real humans see the Dropbox redesign.

Buzz Andersen:

I also like the site, but I feel like tech company redesigns are increasingly all manifesto and no follow through.

Riccardo Mori:

I have to be honest: the Dropbox redesign is appalling, but navigating the Web interface appears to be faster & more responsive than before.

The impact of the new design is also extremely mitigated once you log in.

Armin Vit:

Unfortunately, when the name contains box and the icon looks like a box, I, and perhaps others, expect a more box-like, box. Trying to shift its meaning to “a collection of surfaces” is conceptually valiant and may look interesting in animation but it’s still a box at the end of the day and the hard, isometric angles of the new icon make it look stiff and slightly disproportionate.

The wordmark is an improvement simply because Sharp Grotesk is an infinitely superior typeface than whatever the old one was and shifting the color to black is the equivalent of changing clothes from wearing jeans paired with a denim shirt to pairing jeans with a black t-shirt, which is much more flattering and helps define that there are two parts to the whole.

[…]

But, just as always, the illustrations feel oddly disconnected from the user interface. I always felt like the Dropbox illustrations were in conflict with the rest of the interface and were just dropped in into an assigned space, which is still the case and feels less than integrated.

See also: How Dropbox Onboards New Users, MacRumors.

Update (2017-10-16): See also: In Depth.

PDFKit Improves Somewhat in High Sierra

Adam C. Engst:

Somewhat annoyingly, Apple has worked around many of these bugs in Preview rather than fixing them in the underlying PDFKit framework. That’s good for users, of course, because it means that Preview should work correctly. But it forces independent developers to implement their own workarounds, disable features, or put up with user complaints while hoping that Apple fixes the bugs.

[…]

My take is that those who rely on PDF support in independent apps are probably better off upgrading to High Sierra than remaining on Sierra, since Apple has fixed some bugs. If you have instead stuck with 10.11 El Capitan, you may wish to delay upgrading to High Sierra until you can verify that the apps you rely on for PDF-related features are fully functional in High Sierra.

Previously: macOS 10.13 High Sierra Released, More macOS Preview PDF Trouble.

Update (2017-10-16): Luc P. Beaudoin:

Cognitive Productivity reader, Richard Holmes, notified me that macOS 10.13 (“High Sierra”) worsens the PDF rendering problems Apple introduced in macOS 10.12, Sierra, that I blogged about earlier. The problems are in Apple’s PDFKit used by third party developers. Apple seems to be using a private API to work around these problems in its Preview app and Safari. Fortunately, Richard has discovered some work-arounds, which I describe below.

[…]

The PDF rendering problem seems to happen most frequently when multiple PDFs are open, and when some of those PDFs are big.

Apple Design in the Cook Era

Joshua Topolsky (Hacker News):

Stretching perhaps from the introduction of the first iPod in 2001, through the release of the groundbreaking iPhone 4 (and subsequent refinement with the iPhone 5), Apple was regularly lauded as best-in-class when it came to hardware and software design and the synchronicity of those elements.

[…]

But things changed.

In 2013 I wrote about the confusing and visually abrasive turn Apple had made with the introduction of iOS 7, the operating system refresh that would set the stage for almost all of Apple’s recent design. The product, the first piece of software overseen by Jony Ive, was confusing, amateur, and relatively unfinished upon launch. While Ive had utterly revamped what the company had been doing thematically with its user interface — eschewing the original iPhone’s tactility of skeuomorphic, real-world textures for a more purely “digital” approach — he also ignored more grounded concepts about user experience, systematic cohesion, and most surprisingly, look and feel. Gone were the mock felt backgrounds and virtual dials of Steve Jobs’ iOS, but suddenly present was a set of gestures and layers purported to be part of a system that never quite clicked. Ive converted understandable buttons into confusing rubrics (the share arrow?), clustered controls into a context-free space (Control Center), and perhaps worst of all, made some really ugly icons that have never fully recovered.

[…]

This is not an argument about what Steve Jobs would have done; this is an argument for a central, cohesive vision that accounts for systems, not just nodes on a network. Jony Ive is clearly not providing that vision. Phil Schiller is not providing that vision. And Tim Cook, the all-time don of supply-chain management, cannot and will not provide that vision. So what happens now?

His title is “Apple Is Really Bad at Design,” which I don’t think is true. And I don’t agree with all of his points—for example, the new Control Center seems pretty functional to me. However, I would agree that we are not currently in one of the golden eras of Apple design. Ive and his team are still talented, so what’s changed? From the outside it’s hard to know. One possibility is that it’s only in retrospect that we can really see the contributions of Jobs and perhaps others such as Forstall who have departed. Another is that the scope of what Apple is trying to do has greatly increased. The software and hardware teams seem to be stretched thin, and design probably is, too. Yet the company is clearly still capable of great design. AirPods is a new product that (aside from the manufacturing delays) is as close to perfect as any Apple has ever made.

Michael Love:

Regarding this heavily-discussed rant: virtually every design sin of Cook era has been case of pragmatism > purity.

Steven Sinofsky:

This is some rant and I’ve been on the receiving end of @joshuatopolsky rants 😱—seems a bit much to me.

Chuq Von Rospach:

With absolute certainty that everyone else is wrong and he’s right. Pure Topolsky.

David Owens II:

Maybe, but I’ve run into far more issues in the past two years with my Apple products then I ever had, all because of design choices.

I literally have all four some my USB-C ports used, two with USB adapters, one with a DP adapter (b/c HDMI doesn’t work for me), and power.

My PENCIL is constantly drained because I haven’t bought yet another adapter. I frequently can’t list to music on my iPhone 7.

Going back to the SE, they still haven’t actually solved any of the design issues in iOS 7, just used more space to help.

At some point, these failures all point to bad design choices.

Nick Lockwood:

Look, clearly Apple is great and all their long-term fans who are now complaining are wrong. Everything is fine so just shut up ok lalalala.

The Macalope:

No one complained about the plastic iPhone 3G, the buttonless iPod Shuffle, the cheap iPhone 5c, brushed metal, pinstripes and stoplight colors in OS X, or the “fat” iPod nano and no one ever said that the “groundbreaking” iPhone 4 was ugly. (The Memory Hole is open 24 hours a day, 7 days a week for your memory-shoving needs.) Topolsky misremembers that people only started complaining when iOS 7 was released. iOS 7 certainly wasn’t perfect, but it was a dramatic reset of the design of iOS, sometime most observers of the company agreed needed to happen. It was just another thing Apple did that people complained about. One that also evolved into something nice.

Previously: iPhone X Design and the Notch.

Update (2017-10-04): Riccardo Mori:

The thing is, back then I felt that Apple was making the right choices in several contexts, but that a lot of people (even certain long-time, inflexible Mac users) didn’t understand such choices. The absence of the floppy drive in the first iMac. The iPod as a potentially revolutionary device. The transition from Mac OS 9 to Mac OS X. The transition from PowerPC to Intel architecture. I spent long months full of long days as a consultant explaining Apple to bewildered users and clients who, more than once, thought that the company was “losing its mind”. And so on and so forth. If you’ve ever done tech consulting and/or support, you’ve surely been there too.

But now — now I’m criticising Apple more not because I suddenly developed a grudge against the company. On the contrary, I still care a lot about Apple. I’m surrounded by Apple hardware at home, I’m still quite invested in the ecosystem, and even vintage and obsolete machines are put to good use in the household. It’s because I care that I feel, strongly, that Apple should be criticised — mercilessly, provided it’s informed criticism — whenever there’s something truly worth criticising. And in recent times I’ve been more critic of Apple because I simply think there’s more to criticise.

Monday, October 2, 2017 [Tweets] [Favorites]

Command-P Squared to “Save as PDF”

David Sparks:

Years ago I shared a tip about printing to PDF by holding down the Command key and pressing P twice. It’s a great tip and people still use it. Unfortunately, it doesn’t work in High Sierra. That is because Apple removed the ellipsis from the command. To fix this, go to your keyboard shortcuts and remove the ellipsis, and all will be good again.

His original tip is great: you can assign the Command-P shortcut to the “Save as PDF” item in the PDF button menu of the Print sheet. Then just press Command-P twice to invoke it.

It’s not clear to me why Apple renamed “Save as PDF” without the ellipsis. It still brings up a sheet to ask where you want to save the file.

Apple:

When it appears in the name of a button or a menu item, an ellipsis character (…) indicates to the user that additional information is required before the associated operation can be performed. Specifically, it prepares the user to expect the appearance of a window or dialog in which to make selections or enter information before the command executes.

Because users expect instant action from buttons and menu items, it’s important to prepare them for this different behavior by appropriately displaying the ellipsis character. Use the guidelines and examples here to help you decide when to use an ellipsis in menu item and button names.

Update (2017-10-02): It‘s a longstanding guideline.

Apple Open Sources iOS Kernel

Apple has long open-sourced parts of macOS, but now the iOS kernel is available as well (via Hacker News). And it’s now on GitHub (which is nicely searchable), in addition to the old Apple Open Source site.

High Sierra’s Disk Utility Does Not Recognize Unformatted Disks

Miles Wolbe (Hacker News):

Plugging in an unformatted external drive produces the usual alert, “The disk you inserted was not readable by this computer. Initialize… | Ignore | Eject”, but clicking Initialize just opens Disk Utility without the disk appearing

[…]

As shown above, clicking View > Show All Devices does not cause the raw disk to appear.

Disk Utility has been a disaster since it was rewritten for El Capitan. It now has a single window, so you can only do one action at a time even though actions may take many hours. It’s missing key features related to Core Storage. Mounting/unmounting and partitioning often fail. Strangely, I’ve not had any problems when using the underlying diskutil command directly.

High Sierra did fix the bug from Sierra where Disk Utility would always show the tab bar, with a single giant tab, even though it did not let you create more tabs.

The Touch Bar’s Future

Stephen Hackett:

Of course, if Face ID is coming to Macs at some point, the need for Touch ID will diminish. As I outlined in that post, there is evidence that the iMac Pro could be the first iMac to ship with Face ID, but it doesn’t come with a Touch Bar on its custom space gray keyboard. Once Touch ID is gone, will the Touch Bar go with it?

Backing away from the Touch Bar would be a bitter pill for Apple to swallow, but every hardware release where it stays contained to the MacBook Pro, I can’t help but wonder. High Sierra’s lack of major update to how the system and apps can use it makes me wonder even more. Is the Touch Bar going to end up just a weird blip?

Making Better Use of the Touch Bar

Josh Centers:

Many users of Final Cut Pro X and Logic Pro X were quick to point out how useful the Touch Bar is for editing media, such as Chuck Joiner when we discussed the Touch Bar on MacVoices.

[…]

In QuickTime, the Touch Bar offers a Record button, and it lets you quickly select a camera and audio source. Since selecting sources in QuickTime requires clicking a drop-down menu, the Touch Bar saves time here.

Preview offers some interesting and useful Touch Bar shortcuts, such as rotating images, underlining text, and quickly accessing markup tools. But the one that stands out to me is fast highlighting of text. Select some text in a PDF and tap a color on the Touch Bar to highlight the text with that color.

[…]

When you press Command-Shift-4 to take a screenshot of a selected portion of the screen, the Touch Bar lets you choose which type of screenshot to take: Selected Portion, Window, or Entire Screen. Even better, you can choose where to save that screenshot! By default, macOS saves screenshots to the Desktop, but via the Touch Bar you can instead choose the Documents folder, you can send it to the clipboard, or you can open the screenshot in Preview, Mail, or Messages.

He also recommends BetterTouchTool, which can create custom Touch Bar buttons.

Previously: What’s Wrong With the Touch Bar.

Update (2017-10-03): Peter Steinberger:

Okay, this is a nice Touch Bar tweak. (when you have an external screen)