Archive for November 2017

Thursday, November 30, 2017 [Tweets] [Favorites]

Why the Selection Changes When You Do Syntax Highlighting in a NSTextView

Christian Tietze:

In short: when you type and the attributes of the line change, the insertion point is moved to the end of the line. That sucks.

TL;DR: Do not perform style changes inside of NSTextStorage.processEditing() or NSTextStorageDelegate methods but subscribe to NSText.didChangeNotification or NSTextDelegate or NSTextViewDelegate.textDidChange(_:).

CloudApp for iMobile Scam App

Dan Byler (via John Gruber):

While browsing for an iOS-native service like Droplr or CloudApp, I came across and downloaded the “free” app CloudApp for iMobile – Cloud Drive App Sync Data. Astoundingly, this app trades on the reputations of both iCloud and CloudApp to scam users into paying $99/month for iCloud services.

[…]

I nearly fell prey to the scam myself: while screenshotting the app, I accidentally subscribed (because of the way TouchID is integrated into the home button – and the home button is part of taking screenshots)[…]

[…]

It’s maddening that garbage like this gets through the App Store review process when legitimate developers providing truly useful services are stymied all the time.

Dave Winer Interview

Internet History Podcast:

Dave Winer has been called the godfather of a lot of things. The godfather of blogging. The Godfather of Podcasting. One of the key people involved in the development of RSS. But as you’ll hear in this great and wide ranging chat, Dave Winer is just a software developer who has never stopped tinkering, never lost his interest in coming up with new tools and new technologies. Dave was kind enough to sit down and go over his whole career, from the very earliest days of the PC era, to the present day.

See also: Outliner History.

iBooks in iOS 11 and High Sierra

Guillermo del Toro:

Message in a bottle to Apple: My Ibooks have ceased to download- they freeze and then cancel themselves. I have tried everything: googled forums, emailed the pretended help lines- no answer. Is there no hope? What is a fat mortal to do?

Dan Masters:

iBooks has had PDF rendering issues going back to iOS 8. It’s a fucking joke and reflects poorly on iOS that it’s even preinstalled still.

Matt Birchler:

I wonder if iBooks would even exist if the iPad was new today and we understood tablets didn’t need to compete with e-readers. Seems Apple didn’t need to add anything to this market, nor did they have passion for it.

I pretty much only use iBooks to read Apple’s free developer documentation. So it’s hilarious that it’s constantly preventing me from doing this by telling me that my account is already authorized for five Macs. I have not even owned five Macs since iBooks was released, and I’ve used Deauthorize All on my iTunes account multiple times in the interim to get around bugs like this.

I’ve been happy with both my Kindle Oasis and the Kindle iOS apps, but the Kindle Mac app leaves a lot to be desired. For example, it doesn’t let you view more than one book at a time. And, as Dave DeLong notes, it doesn’t support cloud collections.

Previously: iBooks Author Conference Highlights Ecosystem Worries.

Wednesday, November 29, 2017 [Tweets] [Favorites]

Swift and GPU Compiler Details

Implementing Swift Generics:

Swift is a safe and efficient systems language with support for generic programming via its static type system. Various existing implementations of generic programming use either a uniform runtime representation for values (e.g., Java generics) or compile-time monomorphization (e.g., C++, Rust). Swift takes a “dictionary-passing” approach, similar to type-classes in Haskell, using reified type metadata to allow generic code to abstract over the memory layout of data types and avoid boxing. In this talk, we will describe the compilation of Swift’s generics from the type checker down to LLVM IR lowering and interaction with the Swift runtime, illustrating the how the core representation of generics flows through the system, from answering type-checking queries to the calling convention of generic functions and runtime representation of the “dictionaries”.

Slava Pestov:

If you’ve seen our Swift generics talk, this document will shed some light on generic signature canonicalization.

See also: Marcin Krzyzanowski’s Slow Swift talk.

Apple LLVM GPU Compiler: Embedded Dragons:

The adoption of LLVM to develop GPU compilers has been increasing substantially over the years, thanks to the flexibility of the LLVM framework. At Apple, we build LLVM-based GPU compilers to serve the embedded GPUs in all our products.The GPU compiler stack is fully LLVM based. In this talk, we will provide an overview of how we leverage LLVM to implement our GPU compiler: in particular we will provide details about the pipeline we use and we will describe some of the custom passes we added to the LLVM framework that we are considering to contribute to the community. Additionally, we will discuss some of the challenges we face in building a fast GPU compiler that generates performant code.

Why Little Bugs Need to Get Fixed

Joe Rossignol:

When affected users type the word “it” into a text field, the keyboard first shows “I.T” as a QuickType suggestion. After tapping the space key, the word “it” automatically changes to “I.T” without actually tapping the predictive suggestion.

Via Nick Heer (tweet):

It’s alarming to see a recurring theme of bugs in Apple’s software and hardware input devices. From dust under MacBook Pro keyboards to this autocorrect bug and the other autocorrect bug, it’s a worrying sign. Then there’s the noticeable lag when using a Magic Trackpad 2 in El Capitan or later, and the seemingly-random capitalization of words on iOS.

I don’t know how accurate the broken windows theory is, nor how appropriate it would necessarily be to compare it to problems with input devices. But it kind of feels as though the occasional usability irritants — interactivity-blocking animations, occasional layout bugs, and the like — have been ignored as a cost of a rapid development cycle. It seems like the tolerance of these kinds of bugs has built up to the point where input device bugs are now shipping.

One issue is Apple shipping bugs that should have been caught. To a certain extent, you can just chalk this up to people making mistakes, as humans do. You could perhaps blame the rigid schedule and the number of new features Apple decided to put into that major release.

But what about the little bugs that hang around for multiple major releases? Those are evidence of a process that doesn’t value quality. If Apple can’t fix bugs faster than it creates them, the only possible outcome is operating systems and apps that get buggier and buggier. This is a vicious cycle that is demoralizing for customers, and especially for the people who send in bug reports for free. If Apple can’t pay off this technical debt in a time of record earnings, stock price, and expansion, when can it?

Nick Heer:

Maybe I’m being too harsh lately with all my harping on bugs. But it’s about trust and value. I trust that I can use this software and hardware to do my job, and I paid decent money for it, so it would be nice if it were less broken.

Steve Uffelman:

I’ve seen more problems with iOS 11 and macOS High Sierra than with any other Apple releases in recent memory.

Tanner Bennett :

I’ve created a Moment full of iOS 11 and High Sierra bugs.

Steve Randy Waldman:

apple has so much money. it is constantly sending money back to shareholders. while its computer and computer software businesses are left to wither, their products increasingly shoddy, breaking the hearts of customers who stuck with the firm for decades. cool watch bands tho.

Maynard Handley:

Display multiple windows without crashing the display in bizarre ways? Not drop BT trackpad connection? Not crash on a hard disk error?

Let’s get the bugs fixed, then we can think about features. Same damn complaint for the past three years...

Even something essential like Spotlight is so polluted by bugs (dift each release but always present) and lousy UI in the face of dusk spin up, that it’s depressing to use and one is scared to suggest new features.

We don’t want engineers to feel bad, we want process to be fixed. There is adequate process for capturing and handling crashes and memory leaks, terrible process for broken UI, utterly hostile process for broken design.

And that is why they are angry when you deny that there is a problem, or say that “Apple feels your pain”. We don’t want happy words, we want the reversal of what are clearly deliberate decisions to simply stop caring about large areas of functionality.

On the mac side, how, for the love of god, is this acceptable? Happens on an iMac, no monitor plugged in, at least three times a week. Apparently randomly, and only solution is to reboot.

Apple used to care about details. And much of the company still does, but not all. A lot of crap is being shipped by people who don’t care about details, and their managers don’t care enough to notice, or to straighten them out.

There’s a LOT of this sort of crap that, as I say, is not captured by Apple’s automatic logging/tracking infrastructure; it just manifests as people rebooting and cursing --- and losing their love for Apple.

Another issue is that Apple has no PROCESS in place for handling complaints that are not traditional bugs. They track (mostly automatically, mostly successfully) crashes, hangs, memory leaks. But they don’t automatically track UI bugs, or have sentiment analysis around design.

Well, is it acceptable that my non-techie friend has to reboot her MacBook once a week bcs the audio has mysteriously gone very silent? That might not lose Apple a sale, but it does lose Apple an evangelist who would never think of buying alternatives.

Previously: Low-Hanging Fruit, iOS 11 Autocorrect Bug.

Update (2017-11-29): Luc Vandal:

What are yearly macOS updates any good for if all they bring are bugs and annoyances? How about fixing external monitor support so I don’t have to force shutdown my Mac almost every time?

I find my MBP has restarted every other day because of some mysterious Kernel Panic. Forget bells and whistles, I want reliable and stable!

Clark Goble:

iOS11 really is the buggiest I’ve encountered. Visual voicemail stopped working for me and AT&T told me it was a common problem. I had to do a clean reinstall to get it to work.

There are always bugs - especially ones that affect battery life. But for basic things just not working having bluetooth and phone app be so bad for so many people is pretty surprising. Further both have a big effect on people.

Will Cosgrove:

It’s all about the forced yearly updates. No time to pay off debt. Echoed by employees I know there as well.

Evgeny Cherpak:

Apple isn’t doomed - but people starting to feel that they paying premium prices for sub premium products… wonder how long that can last on Apple brand only. Time to wake up @tim_cook and recognize you have a problem.

James Bulman:

Apple needs standing teams of software devs who are permanently associated with a particular product. Continually pulling devs off one project onto another is what is causing these persistent bugs / product stagnation.

Richard Coppola:

Apple remains a “Functionally” structured company. Unprecedented for their size. This may be taking its toll.

Update (2017-11-30): Ryan Jones:

My Apple software is more buggy than ever. I’ll be chronicling bugs in this thread and with #bugs.

Cédric Luthi:

High Sierra is a disaster, and I’m not even talking about #IAmRoot but about what happened after I installed the 10.13.1 update.

@eurozerozero:

Also the issue of GPUs in 2016/2017 MBPs being stuck throttled to about 30% of normal performance after standby still isn’t fixed, driving me and other people nuts. Restarting has become a daily routine. No response to radar to this day.

Jeff Johnson:

What’s changed is this:

Snow Leopard had 2 full years of bug fixes. Since Lion, Apple has released major Mac updates every year, mostly on a 12 month schedule. Introducing bugs faster than they can fix.

Howard Oakley:

While we’re all thinking about Apple’s software quality assurance, following its recent root user vulnerability, I’d like a few words about Disk Utility.

Peter Steinberger:

IAP purchases on macOS are broken when using Touch ID. Stable doesn’t work, 10.13.2b5 also doesn‘t fix it.

I guess nobody using Mac App Store apps anymore?

Update (2017-12-01): Lloyd Chambers:

Curiously, the configuration dialog does show icons with labels, but when dragged into the toolbar, the labels disappear. It shows a inattention to detail: if the icons need labels in the configuration dialog, why not in the toolbar?

On my Mac, Mail lets me show the toolbar labels in the main window but not in the message windows.

Jeff Johnson:

It’s little things like wonky smart folders in Mail app. They used to work perfectly, now they randomly forget emails.

Matt Long:

This interface in Xcode 9 is more evidence Apple is no longer dog-fooding. What is going on over there?

Nicholas Riley:

Family member called to report a Family Sharing app refused to launch claiming it was no longer shared. App Store wanted to charge her.

But the app clearly claims in the App Store that it’s supported by Family Sharing. What the…?

Update (2017-12-02): Jesse Squires:

Good round up of software quality problems at Apple. Although, we’ve been saying this for years now and nothing has changed. 😭

Maynard Handley:

And if you use multiple macs with screen-sharing, after a few days remote screens will no longer capture command-space and command-tab keystrokes…

(On the plus side, now that I have to reboot my Mac 4x+ a week, this is a problem encountered less frequently...)

Mark Munz:

1. I used to have months & months w/o system-wide crash.

2. I got a new iMac + High Sierra.

3. Now I wake up to a crashed Mac EVERY SINGLE MORNING!

Update (2017-12-05): See also: Accidental Tech Podcast.

Ilja A. Iwas:

For some of our users running 10.13, certain values stored in NSUserDefaults are lost upon app restart. Anybody else seeing this?

Steve Troughton-Smith:

iPad Pro 12.9" Smart Keyboard owners: has your Smart Keyboard suddenly become incredibly unreliable since the release of iOS 11 in September?

Antonio Mikatović:

Hello, is anyone aware of the bug where flash on iPhone 8Plus and iPhone X doesn’t work in cold weather? Flashlight works fine, flash for photos does not. Im having the problem on my X.

Samer Farha:

It’s not just iOS or macOS, either. tvOS is pretty much unusable. The Computer app requires a force quit for every other show watched.

John Gordon:

Contact search still broken in 11.2. Returns empty Contact.

Update (2017-12-06): Steven Frank:

Why can’t computers wake from sleep reliably?

Like imagine spending $2-3,000 on literally anything and it doesn’t always turn on/off properly and going oh, yeah, it just does that sometimes and everyone being fine with that.

Ryan Jones:

As usual, my MBP is completely dead after going to sleep with full battery.

Update (2017-12-07): Marco Arment:

Disabling font smoothing is STILL broken in High Sierra 10.13.2[…]

Maynard Handley:

Well that didn’t take long!

Installed 10.13.2 at around 10:am.

Screen corruption by 7:00pm.

Hell of an OS you have there, Apple!

HTF is a broken graphics stack not the highest bug fix priority?

And, after a brief month or so of iOS-macOS WiFi sync actually WORKING, we’re back to it completely broken. Just like in Sierra and El Capitan.

After it used to work flawlessly in Yosemite.

James Thomson:

Sigh, 10.13.2 doesn’t fix the random black frames in the PCalc About screen on Intel built-in video cards, if anything it’s worse…

Update (2017-12-08): Jason Snell:

My hope is that these missteps lead to an analysis of Apple’s internal processes that leads to changes that improve the quality of Apple’s software. I believe that Apple can effect that change if it wants to.

Nick Heer:

This thing where the mouse cursor becomes unresponsive during heavy network activity has been a bug since Sierra. It’s probably worth fixing.

Update (2017-12-13): Steven Woolgar:

I’ve had my issues with macOS releases (cough Lion cough), but High Sierra is far away the most buggy macOS I’ve used to date (and I’ve used them all). I didn’t even install it until 10.13.2! I feel the same way about the latest iOS version. 🤞🏽 to improvements.

Update (2017-12-13): Marco Arment:

Damn, another High Sierra point release likely to pass without fixing font smoothing.

Settings, General, “Use LCD font smoothing when available”

It’s subpixel antialiasing, making fonts look sharper on low-res displays but thick and blurry on Retina (in my opinion).

In High Sierra, with it disabled, text truncated with an ellipsis renders in AA mode anyway.

Marco Arment:

Holding onto Sierra on my iMac is becoming untenable.

My iCloud photos are all in HEIF, I can’t receive AirDrop from my phone anymore, and now, iMessages from my phone are starting not to show up on the iMac.

I think it’s over.

Update (2017-12-15): Alex J Burke:

Honestly, High Sierra has seriously damaged the Mac for me. I regret the upgrade - none of us with Touch Bar MBPs can plug into external monitors without flickering, I’ve had weird beach balls that require reboot, on and on. Never experienced this in 11 years of OS X.

Harald Wagener:

After a year of absence on the macOS platform, I have recently returned. And I see all issues that I experienced on Linux and some: Weird unlock bugs (chrome windows on top of screen unlock), wake-from-sleep bugs (suddenly showing error below), seconday monitor glitches, phantom touchpad events, weird wifi behavior, ... my four year old chromebook pixel behaves better than this. @googlechrome if you'd offer the Pixelbook in Germany, I'd buy one yesterday.

High Sierra Bug Allows Root Access With Blank Password

chethan177, in the Apple Developer Forums, two weeks ago (via Mike Myers):

If you’re unable to login at startup using username: root and empty password, then login with your existing account (standard user).

Again, head over to System Preferences>Users & Groups. Click on the Lock Icon. When prompted for username and password, type username: root and leave the password empty. Press enter. This might throw an error, but try again immediately with the same username: root and empty password. This should unlock the Lock Icon.

@jeremydmiller78, a week ago, posted a video.

Lemi Orhan Ergin, yesterday (Hacker News):

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as “root” with empty password after clicking on login button several times. Are you aware of it @Apple?

Juli Clover:

There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with a blank password and no security check.

Adam C. Engst:

Wait, it gets worse. I’ve confirmed that if you have Screen Sharing (or Remote Management) enabled in System Preferences > Sharing, someone can connect to your Mac over the local network or, depending on your Internet setup, the outside world. I did this from a guest account on my MacBook Air and ended up at a login window on my iMac, from which I was able to click the Other button, enter root and no password in the appropriate fields, and create a root user account on my iMac.

The practical upshot is that anyone who has local or network access to your Mac can log in and access all files with impunity.

Rene Ritchie:

“We are working on a software update to address this issue,” an Apple spokesperson told iMore. “In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

Juli Clover:

Disabling the root user account again follows the same steps, but at the “Edit” portion of the process, you’ll select “Disable Root User” to remove the option. Until the bug is fixed, though, you’ll want to leave the root user account intact to prevent it from being accessed without a password.

Ilja A. Iwas:

Not impressed by Apple’s poor handling of yesterday’s 0-day. No e-mail, no mention on http://support.apple.com, only a KB-link circulated in the media that doesn’t even acknowledge the issue.

John Gruber:

I rarely describe any bug as inexcusable, but this is inexcusable.

Peter Maurer:

Oh how I’d love to know how they ended up with code that creates root as a side effect. “Account doesn’t exist” => “let’s create it” seems like a weird train of thought. For testing, perhaps?

Rui Carmo:

The scheduled release approach (whereby software is shipped in lockstep with increasingly predictable hardware launches) has been steadily eroding quality across the board (and iOS 11.0 was a great example of that), but macOS seems to be falling into full-fledged neglect, and as a primarily UNIX user, I’m flabbergasted this kind of thing is even possible in 2017.

Nick Heer:

I’m not deluded enough to think that complex software can ever be entirely bug-free, but I’d love to see more emphasis put on getting Apple’s updates refined next year, rather than necessarily getting them released by mid-September.

[…]

For extra irony, recall that High Sierra was pitched as a refinement of MacOS Sierra.

Previously: Encrypted APFS Volume’s Password Exposed as Hint.

Update (2017-11-29): Patrick Wardle:

Starting with the odm_RecordVerifyPassword function, it invokes an unnamed method, ‘sub_826b’. This subroutine first invokes another helper function, ‘sub_826b’, to “read shadowhash data from” from the account that the user (or attacker) is trying to log in to. For enabled accounts (such as the user account) this read will succeed as this data exists.

[…]

For disabled accounts, (such as root account that is being targeted), this information is not present, so this function will fail!

[…]

Since a non-zero value was returned, execution continues with a call to various methods such as sub_13d00. As the debug log statments in the decompilation show, these will perform an upgrade from a crypt password to a shadowhash or securetoken[…]

[…]

However, if we look at what these ‘upgrade’ subroutines are called with, it’s with the password we provided[…]

Apple has fixed the bug:

A logic error existed in the validation of credentials. This was addressed with improved credential validation.

Rene Ritchie:

Apple sent me the following statement:

When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8:00 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

Patrick Wardle:

Apple’s patch for #iamroot bug “improves cred validation” ... meaning they perform extra checking on the call to od_verify_crypt_password() In prev. blog posting we surmised “it should fail” - it did; appears they just didn’t check💥😅 👋🏽

Unfortunately, the update breaks file sharing.

Apple:

If you experience issues with authenticating or connecting to file shares on your Mac after you install Security Update 2017-001 for macOS High Sierra 10.13.1, follow these steps to repair file sharing[…]

John Gruber:

It’s natural to speculate how a bug as egregious as the now-fixed High Sierra root login bug could escape notice for so long. It seems to have been there ever since High Sierra 10.3.0 shipped on September 25, and may have existed in the betas through the summer.

Steve Troughton-Smith:

Bad actors could have known about this since June and we’d never know, as [remote] root access to a machine would let you easily cover your tracks.

Update (2017-11-30): Jeff Johnson shows that Apple is now distributing a new version of the update, which doesn’t break file sharing. The changes seem to indicate that the file sharing problem was caused by a flaw in the updater itself, rather than in the code that was patched to fix the root issue.

Update (2017-12-01): Andy Greenberg (via Hacker News):

Those who had not yet upgraded their operating system from the original version of High Sierra, 10.13.0, to the most recent version, 10.13.1, but had downloaded the patch, say the “root” bug reappears when they install the most recent macOS system update. And worse, two of those Mac users say they’ve also tried re-installing Apple’s security patch after that upgrade, only to find that the “root” problem still persists until they reboot their computer, with no warning that a reboot is necessary.

Update (2017-12-05): Jeff Johnson:

AFAICT you don’t get the so-called “automatic” security update 2017-001 as long as you have all the prefs off?

Howard Oakley:

These are indicators that Apple is in the process of rewriting a lot of macOS. In the case of the root user vulnerability, this was in Open Directory, whose source code may well date back ten years or more. It has been my contention that macOS-only code, such as Time Machine, gets considerably less resources than that which is shared with iOS, but that doesn’t explain why, if such macOS development is being poorly resourced, Apple’s precious engineers are busy rewriting systems such as Open Directory, when there are so many other demands.

Thomas Reed:

Since the update doesn’t require a restart, and since many Mac users can be rather averse to restarting, this means that people upgrading from 10.13.0 to 10.13.1 could easily end up being vulnerable to this bug for weeks or months, until they next decide to restart. Keep in mind that nearly all 10.13.0 users have probably already had Security Update 2017-001 installed automatically at this point, putting them into a pipeline heading straight for this issue.

Update (2017-12-11): Accidental Tech Podcast says that the bug was actually reported to Apple via the proper channels around the same time as chethan177’s forum post.

Network Neutrality, Ajit Pai, and Title II

Tim Wu:

On Tuesday, the F.C.C. chairman, Ajit Pai, announced plans to eliminate even the most basic net neutrality protections — including the ban on blocking — replacing them with a “transparency” regime enforced by the Federal Trade Commission. “Transparency,” of course, is a euphemism for “doing nothing.” Companies like Madison River, it seems, will soon be able to block internet calls so long as they disclose the blocking (presumably in fine print). Indeed, a broadband carrier like AT&T, if it wanted, might even practice internet censorship akin to that of the Chinese state, blocking its critics and promoting its own agenda.

[…]

The problem for Mr. Pai is that government agencies are not free to abruptly reverse longstanding rules on which many have relied without a good reason, such as a change in factual circumstances. A mere change in F.C.C. ideology isn’t enough. As the Supreme Court has said, a federal agency must “examine the relevant data and articulate a satisfactory explanation for its action.” Given that net neutrality rules have been a huge success by most measures, the justification for killing them would have to be very strong.

The idea of network neutrality is very appealing, but I find this editorial by the coiner of that term rather unconvincing. His main example is the Madison River case, where Vonage was fined for violating antitrust rules. This was 10 years before network neutrality became law. Where is the evidence of the “huge success” as a result of the 2015 change? Most of the examples that people cite seem to not actually be cases where network neutrality was relevant. In fairness, the evidence that the law has caused harm also seems to be weak.

We need to weigh the potential costs and benefits of keeping vs. repealing Title II and also look at what would happen if we’re wrong. It seems to me that, if it’s repealed and then there is abuse, this would be a relatively easy thing for Congress or the FCC to address. There would be a clear goal with a lot of popular support. Whereas, it is difficult to see which opportunities and innovations Title II might be preventing, and so there is no mechanism for a possible course correction from that side. So I think the structure of the issue favors a wait-and-see approach.

Via Tyler Cowen:

Keep in mind, I’ve favored net neutrality for most of my history as a blogger.

[…]

If you are wondering why I have changed my mind, it is a mix of new evidence coming in, experience over the 2014-present period, relative assessment of the arguments on each side moving against NN proponents, and the natural logic of the embedded trade-offs, whereby net neutrality typically works in a short enough short run but over enough time more pricing is needed. Of course it is a judgment call as to when the extra pricing should kick in.

Elizabeth Harrington:

Pai said it is necessary to repeal the net neutrality rules because of their effect on broadband investment. Capital expenditure in broadband declined by 5.6 percent since Title II was adopted in 2015, which amounted to over $3.6 billion in lost investment.

“These heavy-handed regulations as we find in the order are having an effect on investment and innovation, making companies less likely to raise and spend capital building out networks, especially in rural, and low-income urban America,” he said.

I don’t find this very convincing, either. I don’t see how the repeal would incentivize Comcast to upgrade my local infrastructure or make it possible for another ISP to compete with them. Frankly, I don’t think the fight is about helping those of us in rural areas with little competition. It’s primarily a struggle between two different groups of large companies, the ISPs and carriers vs. the tech giants who fill their bandwidth.

Ben Thompson (Hacker News):

Of course ISPs should be neutral — again, who could be against such a thing? What is missing in the ongoing debate, though, is the recognition that, ever since the demise of AOL, they have been. The FCC’s 2015 approach to net neutrality is solving problems as fake as the image in Wu’s tweet; unfortunately the costs are just as real as those in Congressman Khanna’s tweet, but massively more expensive.

[…]

To put it another way, given the stakes, the benefit from regulation must be massive, which is why the “net neutrality” framing is so powerful: I’ll say it again — who can be against net neutrality? Telling stories about speech being restricted or new companies being unable to pay to access customers tap into both the Internet’s clear impact and the foregone opportunity cost I just described — businesses that are never built.

That, though, is exactly the problem: opportunity costs are a reason to not regulate; clear evidence of harm are the reasons to do so despite the costs. What is so backwards about this entire debate is that those in favor of regulation are adopting the arguments of anti-regulators — postulating about future harms and foregone opportunities — while pursuing a regulatory approach that is only justified in the face of actual harm.

The fact of the matter is there is no evidence that harm exists in the sort of systematic way that justifies heavily regulating ISPs; the evidence that does exist suggests that current regulatory structures handle bad actors perfectly well. The only future to fear is the one we never discover because we gave up on the approach that has already brought us so far.

[…]

And, I’d add, if neutrality and foreclosed competition are the issue net neutrality proponents say they are, then Google and Facebook are even bigger concerns than ISPs: both are super-aggregators with unprecedented power and the deepest moats ever seen in technology, and an increasing willingness to not be neutral.

John Gruber:

The key idea to keep in mind is that the basic principles of “net neutrality” and the specific regulations put in place by the Obama administration in 2015 are different things. You can be in favor of net neutrality in principle but be opposed to the current regulatory structure as the best way to achieve and protect it.

Geoff Duncan:

All these claims are dubious. Where the FCC says broadband investment has fallen since 2015, ISPs have consistently told their investors (via legally-binding financial disclosures) that net neutrality regulations were not impeding them. Almost every major network operator — from Comcast and Verizon to Time-Warner, Sprint, and T-Mobile — has engaged or is actively engaging in some form of blocking, paid prioritization, or (particularly) throttling with little or no disclosure to customers. And network operators didn’t set up fast lanes in the “light-touch” regulatory era before 2015 because they were waiting to see how a number of court challenges to FCC authority were going to turn out.

[…]

When proposing to undo net neutrality, Pai promised a “far more transparent” process than that used by the FCC in 2015. Yet the process the FCC implemented this time around apparently gave no thought to filtering out automated spam and trolling of the comment process, leading to the FCC claiming that it was just too burdensome on them to, you know, actually process the comments. Also too burdensome? Publishing the comments, or responding to inquiries about the comment process. In the words of Commissioner Mignon Clyburn, the process completely ignored “thousands of consumer complaints and millions of individual comments that ask the FCC to save net neutrality and uphold the principles that all traffic should be created equal.”

Nick Heer:

Recently, Verizon began throttling video streaming on their cellular network, too, with the exception of its NFL app which, by the way, is also exempt from data caps. The FCC under Tom Wheeler said that AT&T was violating net neutrality rules when they exempted their own DirecTV service from users’ data caps, too, giving it an unfair advantage over other streaming video services. Comcast hilariously argued that their broadband-powered service for streaming video to laptops was exempt from the anticompetitive agreement they signed when they acquired NBCUniversal.

[…]

There is clearly plenty of evidence that ISPs will not treat data the same if offered the opportunity to do otherwise. And, I stress again, we aren’t simply talking about internet providers here — these are vertically-integrated media conglomerates which absolutely have incentive to treat traffic from friendly entities differently through, for example, zero-rating, as AT&T did with DirecTV, Verizon does with their NFL app, and T-Mobile does for certain services.

[…]

In fact, zero-rating is, in general, covered by the 2015 net neutrality rules. That’s why the FCC sent a letters to AT&T and Verizon stating that aspects of those companies’ zero-rating practices discriminated against competitors.

Ben Thompson:

To summarize the takeaways:

  • Unregulated cable broadband grew faster than highly-regulated DSL
  • Removing the mandate that telephone companies open up their networks was correlated with a significant increase in DSL growth relative to cable, suggesting increased investment
  • Harmonizing regulation further increased DSL growth relative to cable (and, from the vantage point of 2017, precipitated significant investments in fiber offerings)

Note the Canadian broadband control set: there was not a similar shift in DSL numbers in Canada, suggesting that it is unlikely a secular technology shift drove these numbers.

[…]

The question that must be grappled with, though, is whether or not the Internet is “done.” By that I mean that today’s bandwidth is all we all never need, which means we can risk chilling investment through prophylactic regulation and the elimination of price signals that may spur infrastructure build-out (that being the elimination of paid prioritization).

Previously: Network Neutrality.

Update (2017-12-01): Jared Newman:

Absent some new legislation, the current Title II rules are the only protection consumers have against zero-rating. Although the practice has some consumer-friendly uses—T-Mobile’s Binge On program, which is open to all streaming video services at no cost, is one example—it also allows for anti-competitive behavior. Investigating the latter would be a way to keep internet providers honest.

All of which may explain how cable companies and telcos can now claim to support net neutrality, and how Comcast can specify that it’s against the notion of internet “fast lanes” and “anti-competitive paid prioritization.” Those tools are no longer necessary to gain an advantage in streaming video. The ever-present threat of data caps can do the heavy lifting instead.

Update (2017-12-07): See also: Exponent and Mike Masnick (via Nick Heer).

Update (2017-12-08): Nick Heer:

Pai has claimed that his proposed rollback will encourage net neutrality practices without regulation because it will require ISPs to be fully transparent. In a shocking turn of events for statements and policies originating from the top minds of this administration, that claim turns out to be a complete lie: ISPs won’t have to be as open and transparent about their pricing and policies, and they have repeatedly stated that they would use tactics like paid prioritization to manipulate network traffic if given the opportunity.

Monday, November 27, 2017 [Tweets] [Favorites]

Strings in Swift 4

Ole Begemann:

Encountering a function that only accepts a Substring when you want to pass a String is less common — most functions should either take a String or any StringProtocol-conforming type. But if you do need to pass a String, the quickest way is to subscript the string with the range operator ... without specifying any bounds[…]

[…]

You may be tempted to take full advantage of the existence of StringProtocol and convert all your APIs to take StringProtocol instances rather than plain Strings. But the advice of the Swift team is not to do that[…]

[…]

Keep in mind, though, that as of Swift 4, StringProtocol is not yet intended as a conformance target for your own custom string types. The documentation explicitly warns against it[…]

The Mystery of the Phantom App Updates

Jeff Johnson:

Starting on November 17, many iOS and tvOS apps that had not been updated for a year or two years suddenly received phantom updates in the App Store, without any action by the developers of those apps. The version numbers of the apps did not change. For some of the updates, the release notes were the same as the previous update. For others, the release notes said, “This update is signed with Apple’s latest signing certificate. No new features are included.”

[…]

It’s conceivable that recompiling the Bitcode would result in the same assembly size as before, but in my opinion that’s unlikely. It’s even more unlikely that this would result in some kind of significant runtime performance gain, which would be the only good reason I can think of for shipping a new Bitcode compile, absent a new processor architecture. Most likely, the matching __text sizes indicate that the same machine instructions as before were simply encrypted with a new key.

Mystery unsolved. Mission unaccomplished. I’m still quite puzzled why Apple shipped all of these phantom app updates.

Update (2017-11-27): Timo Hetzel:

My tvOS app got the certificate update note, as it doesn’t have a previous update and lacks any release notes. That’s my guess.

The Cost of JavaScript

Addy Osmani (via Hacker News):

On the high-end iPhone 8 it takes just ~4s to parse/compile CNN’s JS compared to ~13s for an average phone (Moto G4). This can significantly impact how quickly a user can fully interact with this site.

“Just?”

Using HTTP Archive (top ~500K sites) to analyze the state of JavaScript on mobile, we can see that 50% of sites take over 14 seconds to get interactive. These sites spend up to 4 seconds just parsing & compiling JS.

20 Years of Adobe Photoshop

Sue Chastain (via Hacker News):

On February 19, 2010, Adobe Photoshop turned 20 years old. Take a look at the evolution of Photoshop over its first 20 years with this image gallery. Browse product packaging, splash screens, and screen shots while learning about the history of Photoshop and its features.

Previously: Congratulations.

Uber Customer Data Breach and Cover-up

Eric Newcomer (via MacRumors):

Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.

[…]

Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information.

Previously: Yahoo Says Hackers Stole Data on 500 Million Users in 2014.

Tuesday, November 21, 2017 [Tweets] [Favorites]

iOS Background Transfer

Agnes Vasarh (tweet):

Memory consumption is not the only factor when iOS is judging your app. What also counts is the time your app spends executing in the background and the number of times it wants to be woken up. Keep these in mind when implementing background transfer, because you will want to be a good citizen. iOS ranking your app down means delays in your background execution window, and as mentioned, sometimes might lead to termination.

[…]

To find out when your tasks did complete when your app was terminated while doing background transfer, you can implement that one function on the AppDelegate for handling the results of those sessions. The tricky part here, is that it provides a completion handler that’s very important for you to call it as soon as possible. Remember, iOS judges you if you spend too much time executing code in the background. This is how it measures it.

[…]

How does iOS punish you? One way is by not waking you up in the background to receive silent push notifications.

Silent pushes are the only way to wake up your app from your server, indicating there’s work to do, such as download data.

Something seems to have changed in iOS 11, as OmniFocus now rarely syncs in the background for me.

The biggest surprise of this journey was when authentication between our app and our server broke the minute we switched to background sessions. It stopped working in both the foreground and the background.

According to Apple, client authentication doesn’t work with background sessions. Don’t even try.

[…]

But even after re-engineering for only what works, we learned that iOS will still punish you for some approaches that are fully supported. Any server-trust authentication is unwise.

Please make sure to read Quinn the eskimo’s responses to Alexis near the bottom of the dev forum thread carefully, if you want to understand why Apple doesn’t encourage this kind of authentication method when implementing background sessions.

Google Collects Android Users’ Locations Even When Location Services Are Disabled

Keith Collins:

Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers—even when location services are disabled—and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals’ locations and their movements that go far beyond a reasonable consumer expectation of privacy.

[…]

The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson. They were never used or stored, the spokesperson said, and the company is now taking steps to end the practice after being contacted by Quartz. By the end of November, the company said, Android phones will no longer send cell-tower location data to Google, at least as part of this particular service, which consumers cannot disable.

Via Michael Rockwell:

But if no one noticed, how much longer would this have gone on?

Update (2017-11-27): John Gruber (tweet):

If they were “never used or stored”, why did they start collecting them in the first place?

Skype Removed From Chinese App Stores

Paul Mozurnov (Hacker News, MacRumors):

“We have been notified by the Ministry of Public Security that a number of voice over internet protocol apps do not comply with local law. Therefore these apps have been removed from the app store in China,” an Apple spokeswoman said Tuesday in an emailed statement responding to questions about Skype’s disappearance from the app store.

[…]

A Microsoft spokesman said Skype had been “temporarily removed” from Apple’s store and that the company was “working to reinstate the app as soon as possible.” But the spokesman did not address Skype’s absence from a variety of major third-party Android app stores. Because Google’s services are largely blocked in China, Android users revert to alternate stores for downloads, and Skype’s main app was not available on popular ones run by Chinese tech giants like Huawei and Xiaomi.

xoa:

This sort of thing represents one of the true dangers of single-source App Stores on general purpose computers with no side-loading fallback, and is why we should be proactively working to make it illegal. It’s not that Apple is malicious per se, or even that they’re particularly slow at reviews or whatever (though that has been the case at times too), but the mere fact that they represent a single, easy to pressure choke point. Apple themselves have reacted to this appropriately when it comes to the hardware by removing more and more of their own ability to affect it once it’s been sold and giving that power to the owners instead. That’s not just a positive for owners’ privacy and security (and in turn a selling point), it also reduces Apple’s exposure and liability. If they don’t hold a given set of data or power in the first place, then nobody can go after them for it.

Unfortunately on the software side they have not sought any of the better tradeoffs available between security and vetting vs owner power and decentralization, and in turn find themselves in the crosshairs for every single app. Not even just from governments though they’re most coercive, but from any public cultural/religious interest group at all. Since Apple has to approve everything, Apple is also seen (correctly) as directly responsible for everything on the App Store. The result has been exactly as you’d expect: they’re more conservative on average about what sort of content they’ll allow, not merely about objective issues like security.

Previously: Apple Pulls VPN Apps From China App Store, Apple Removes New York Times Apps From Chinese App Store.

The Whole Pantry

Mitchel Broussard:

After facing a wave of controversy in March over reports of false claims made towards her cancer diagnosis, Australian indie developer Belle Gibson this week spoke out, admitting that “none of it’s true” in regards to her ever having cancer (via News.com.au).

Last month, when $300,000 of her app sales failed to find its promised home at certain charities, the legitimacy of her cancer claims began to be questioned. Gibson is the founder of The Whole Pantry, a healthy lifestyle and diet app that focuses on naturally-occurring ingredients and solutions to complicated recipes.

Matt Novak (via John Gordon):

When the Apple Watch launched in 2015, Belle Gibson was touted by Apple as a star. Not only had Gibson supposedly cured her own cancer through healthy eating, she now had an app for both the iPhone and Apple Watch that could help others do the same. But now that her own cancer and “cure” have been exposed as fake, people are asking what responsibility Apple had to the public.

[…]

When the press started asking hard questions and raising doubts about her astonishing claims in April of 2015, Apple’s internal emails about their star app developer show that the company was ready to stand by Gibson.

MattCastaway:

This is the second-worst instance of Apple falling for “natural cancer cure” quackery.

MailChimp Switches to Single Opt-In

Graham Cluley (via Hacker News):

The only saving grace is that the better-managed newsletters ask you to confirm that you really really want to receive emails from them. They do this by sending a single email - normally with a clickable confirmation link - to the email address entered on their subscription form.

If you don’t respond to the confirmation email, you don’t get any follow-up emails. That’s how things are supposed to work. And it’s called double opt-in.

Per Axbom:

Yesterday, out of the blue and without explanation, users of the service received an e-mail saying Mailchimp will in seven days change a default behavior affecting how people subscribe. They have previously described the current behavior as a safeguard against malicious spambots and scammers. By their own account the new default behavior will contribute to reducing list engagement, reducing clicks and increasing unsubscribes.

[…]

Not only will Mailchimp change default behavior, they will also make this change to all existing lists without any intervention by the list owners. Read that again. They are automatically removing safeguards from all lists without my consent.

MailChimp:

We know that some of you are curious about why we’re moving to single opt-in as a default, after having been double opt-in by default for so long.

[…]

Rather, as the majority of companies have moved to single opt-in, recipients have become re-educated on how email marketing confirmation works. Today, most people don’t expect or look for a double opt-in confirmation message when they subscribe to a newsletter.

Indeed, we’ve seen double-opt in rates within MailChimp slip to 39%. This means 61% of people start but do not finish the double opt-in process.

[…]

So while we’ll continue to support double opt-in, we’re shifting the behavior of native forms in MailChimp to default to single opt-in. We’re making this change now because we have stronger, more intelligent data-backed systems in place to prevent spam for all of our hosted forms—double and single opt-in—so we don’t expect this to impact deliverability.

For what it’s worth, nearly all the newsletters I subscribe to still use double opt-in.

Monday, November 20, 2017 [Tweets] [Favorites]

Mac Modifier Key Order

Apple:

In combination keystrokes, use hyphens to signify that the user should hold down the first key or keys while pressing the last key. Don’t use a hyphen if each key should be pressed and released separately. Be sure to explain this convention on first use.

Control-Shift-N

[…]

If there’s more than one modifier key, use this order: Fn (function), Control, Option, Shift, Command.

[…]

Shift-Command-Tilde

[…]

Shift-Command-Question Mark

Dr. Drang (tweet):

The order is similar to how you see them down at the bottom left of your keyboard. […] The oddball is the Shift(⇧) key, which sneaks in just in front of Command.

Jason Snell (tweet):

I absolutely do not follow this style. It seems completely backward to me, in fact. It’s not “Shift-Command-3”, it’s “Command-Shift-3.” Command is the commander! Command is the monarch of all keys! Command always comes first, in my book.

It seems backward to me, too, and I wonder if perhaps Apple’s preferred style has changed. I seem to recall Command always coming first. The documented order does have the advantage of matching the order shown in menu items.

Update (2017-11-21): Andy Lee:

Xcode deviates in its display of some keys. Command-Shift-[ is displayed as ⌘⇧[ in System Preferences, Keyboard Maestro, and BBEdit, but as ⌘{ in Xcode. In all cases, though, it’s ⇧⌘3, not ⇧#.

Update (2017-11-27): See also: Upgrade.

Dr. Drang:

It’s not just having the ⌘ symbols aligned. The additional modifier symbols go in front because ⌘ is king and must sit next to the N or the W. The importance of the modifier decreases as you move away from the letter.

[…]

Having said all this, and despite agreeing with Apple’s symbol ordering, my ear for shortcut ordering works just like Jason’s and John’s. The main reason I use keyboard shortcut symbols in my posts instead of words is that I can read ⌥⇧⌘W and not be bothered because I don’t “hear” it as I read the symbols. “Option-Shift-Command-W,” on the other hand, gets sounded out in my head, and it sounds wrong.

The Mac Still Feels Like Home

Sahil Mohan Gupta:

As he walked into the room along with Microsoft India head Anant Maheshwari, Nadella spots that I and a colleague have iPads and cheerfully says, “You need to get a real computer, my friend.”

Jason Snell:

Amazingly, today Apple released this ad, titled “What’s a computer?”, in which a kid uses an iPad Pro in countless ways. It feels… familiar.

[…]

What’s a real computer? My iPad Pro is whatever I want it to be.

David Sparks:

Before iOS 11, managing multiple files and email attachments felt masochistic. iOS 11 fixes that. Now with iOS 11 and the Files App, I’m able to manage files nearly as fast on iPad as I am on Mac. If I had 35 years experience using a tablet like I do the mouse and keyboard, I’d probably be just as fast.

[…]

Two such roadblocks that immediately come to mind are Microsoft Word and Googe Docs. I spend a lot of time in both these apps doing day-job legal work. In many ways, Microsoft Word on iPad is superior to its Mac counterpart, but it has one glaring omission, the inability to modify style preference. If I want to change a style format or line spacing, it’s simply not possible in Microsoft Word for iPad. I’ve used styles in Word forever. If you know what you are doing, they dramatically improve document editing and tricky legal paragraph numbering. Likewise, Google Docs has a change tracking feature that works fine on the Mac but has never been properly implemented on the iPad app.

Gabe Weatherhead:

As the title suggests, the Mac still feels more comfortable for almost everything. The Mac feels less innovative and “fun” but I actually feel more relaxed when using multiple windows, real keyboard shortcuts, and a true file manager. The irony here is that the size and design of the iPad makes it more of a joy to use, but it’s also tainted by inefficiency. I do almost every task faster and more easily with my Mac than I can do it on my iPad Pro.

[…]

I think it’s well understood now, but the quality of apps on the Mac is far above anything I use on iOS. Maybe it’s the high-quality developers that started on the Mac, like the Omni Group and Panic, but even within their apps, the quality is generally better on the Mac. Having multiple windows open for OmniFocus makes it more capable for moving tasks between projects and the inbox. The new Transmit FTP application on the Mac is just more reliable than the corresponding iOS app from Panic. I suspect that many of my failures have to do with the frameworks provided by Apple. Sharing files on iOS into Transmit regularly fails to upload them to the SFTP server. This never fails on the Mac.

[…]

The other thing iOS gives me is email and calendar integration with work that’s just not supported on my Mac. The Exchange certificate management of iOS means that my iPad Pro is the only place I can see all of my calendars from work and home in one place on a big screen.

Operating System Update Rates

Dan Luu:

In May 2017, Google announced that there are over two billion active Android devices. If we look at the latest stats (the far right edge), we can see that nearly half of these devices are two years out of date. At this point, we should expect that there are more than one billion devices that are two years out of date! Given Android’s update model, we should expect approximately 0% of those devices to ever get updated to a modern version of Android.

[…]

For reference, iOS 11 was released two months ago and it now has just under 50% iOS marketshare despite November’s numbers coming before the release of the iPhone X (this is compared to < 1% marketshare for the latest Android version, which was released in August). It’s overwhelmingly likely that, by the start of next year, iOS 11 will have more than 50% marketshare and there’s an outside chance that it will have 75% marketshare, i.e., it’s likely that the corresponding plot for iOS would have the 50%-ile (red) line in the second plot at age = 0 and it’s not implausible that the 75%-ile (orange) line would sometimes dip down to 0. As is the case with Android, there are some older devices that stubbornly refuse to update; iOS 9.3, released a bit over two years ago, sits at just a bit above 5% marketshare. This means that, in the iOS version of the plot, it’s plausible that we’d see the corresponding 99%-ile (green) line in the second plot at a bit over two years (half of what we see for the Android plot).

Dan Luu:

This is the most common😡response to this which is😂because I literally wrote this while talking to someone who recently quit the Android team because of how painful the Android update model is and I also link to a PhD thesis which shows that play store updates aren’t sufficient.

Matt Birchler:

I get that Android has different incentives than iOS, but there are more active devices out there using a version of Android that came out to compete with iOS 4 than there are on Oreo.

Adam C. Engst:

If you’re running macOS 10.12 Sierra or earlier, and do not want to upgrade to 10.13 High Sierra right now, be careful because Apple has started pushing High Sierra to older Macs and making it easy to upgrade inadvertently. In short, if you get a macOS notification asking you to install High Sierra, click the Details button to launch the App Store app, and then quit it.

[…]

Apple is clearly trying to move macOS in the direction of iOS, where upgrades are difficult to avoid. However, macOS is a much more complex environment and one that’s usually more important to people’s livelihoods, so we recommend approaching upgrades carefully. Presenting people with a one-click install that offers no chance to back up first and that will take hours of time prioritizes ease of use over doing what’s best for the user, and that’s a dangerous tradeoff.

Stephen Hackett (Hacker News):

I don’t know if this is what the whispers about forced upgrades was about or not. I really don’t want Apple to get even more aggressive about this.

Update (2017-11-20): Yalım K. Gerg:

What I also despise is that Apple tricks people into upgrading to ios 11. When the phone prompts you there is not an option for No, only Later. Then it asks for your password to upgrade overnight. The No is hidden down at the bottom in small fonts. Many regular people fall for it

Update (2017-11-27): James Thomson:

Because of a bug on 10.8, I spent the morning looking at stats for PCalc usage over the last two months. Nothing too surprising, although High Sierra lagging a bit in adoption.

Pushy Notifications in Apple News

Jordan Merrick:

Rather than ask if I want to enable notifications for a particular channel, Apple News does so automatically—it doesn’t even ask or tell you how to opt out. Worse still, there is no logic to when this happens. I’ve had this happen months after following a new channel, and even repeatedly occur even if I already turned off notifications.

Copying All Your Music to Your iPhone

Joe Cieplinski:

You would think this would be easy, copying my entire library, since all my music is on my Mac, and thus a simple USB cable would be all I'd need to copy all that music over to my new phone. If you think this is true, you clearly haven’t been reading my blog for very long. For several years now, as Apple has ignored users in my situation, the process of getting my songs onto my phone has resulted in doubled tracks, missing tracks, incorrect album artwork, songs that simply never copy, songs that appear to be on the phone but refuse to play, and on and on. It has been a nightmare for a geek like me who makes an effort to have a very orderly library and who likes to listen to entire albums.

[…]

When you restore from a backup during the setup process, your iPhone will not only restore all your settings and apps; it will also start downloading music. Not all your music. Just whatever songs were on your previous phone that happened to be purchased in the iTunes Music Store. This will likely leave you with a weird mix of some tracks from your entire library. If you have iTunes Match or Apple Music, the restore may also attempt to grab your other tracks, but I’ve found this completely unreliable.

Basically, you have no idea what you’ll actually get from a restore, so it’s best to remove everything and start over from scratch.

[…]

There are lots of ways to copy your songs over, but in my experience there’s only one way that works reliably. (At least it does now. This would not have been true in earlier versions of iTunes.) For me, all the auto-syncing methods are unreliable. I tried again this year, resulting in multiple issues. What works best for me, thanks to that most recent iTunes update, is good old-fashioned drag and drop.

Update (2017-12-11): Joe Cieplinski:

You read that right. Moving forward, whenever I get a new audio track that isn’t from Apple Music, I’ll have to add the track to iTunes, turn on iCloud Music Library on the Mac, let it upload that new track to the cloud and download all these thousands of duplicates, then turn off iCloud Music Library on the Mac to remove all the duplicates.

Friday, November 17, 2017 [Tweets] [Favorites]

Firefox Quantum

Mark Mayo:

It’s fast. Really fast. Firefox Quantum is over twice as fast as Firefox from 6 months ago, built on a completely overhauled core engine with brand new technology stolen from our advanced research group, and graced with a beautiful new look designed to get out of the way and let you do what you do best: surf a ton of pages, open a zillion tabs, all guilt free because Firefox Quantum uses less memory than the competition. Your computer will thank you. 🙂

Via John Voorhees:

I haven’t had an opportunity to thoroughly test Firefox on my Mac, but even after opening 50 tabs on a fresh install of the browser, many of which were notoriously heavy sites, Firefox remained responsive.

I’m not sure it’s twice as fast, but it really does feel faster than previous versions of Firefox, and perhaps faster than Safari in some cases. I still prefer Safari, though, because it’s a better Mac app.

K.Q. Dreger:

If you haven’t tried Firefox since Chrome came out, or you’ve always used your operating system’s default browser, I’d encourage you give the new Firefox a shot. It’s free and I was left genuinely surprised.

Rui Carmo:

Another thing that worried me was that Firefox seems to have a larger energy footprint and was still claiming a significant percentage of CPU cycles (5-10%) while out of focus and “idle”.

Manish Goregaokar:

Rust code began shipping in Firefox last year, starting with relatively small pilot projects like an MP4 metadata parser to replace some uses of libstagefright. These components performed well and caused effectively no crashes, but browser development had yet to see large benefits from the full power Rust could offer. This changes today.

Firefox Quantum includes Stylo, a pure-Rust CSS engine that makes full use of Rust’s “Fearless Concurrency” to speed up page styling. It’s the first major component of Servo to be integrated with Firefox, and is a major milestone for Servo, Firefox, and Rust. It replaces approximately 160,000 lines of C++ with 85,000 lines of Rust.

[…]

This top-down structure is ripe for parallelism; however, since styling is a complex process, it’s hard to get right. Mozilla made two previous attempts to parallelize its style system in C++, and both of them failed. But Rust’s fearless concurrency has made parallelism practical! We use rayon —one of the hundreds of crates Servo uses from Rust’s ecosystem — to drive a work-stealing cascade algorithm. You can read more about that in Lin Clark’s post. Parallelism leads to a lot of performance improvements, including a 30% page load speedup for Amazon’s homepage.

Todd Ditchendorf:

While they’ve been inventing Rust, Firefox has lost most of its market share, completely missed mobile, & the latest Servo .app release is completely non-functional on my Mac. Meanwhile Mozilla is celebrating their greenfield research success story.

I guess it depends on what you find more important: a fantastic new programming language, or a relevant indie browser that’s not controlled by a BigCo or tracking your every move. But while there are lots of cool prog langs, there was only one relevant indie browser.

Now we have yet another cool programming language, and no relevant indie browsers.

Update (2017-11-21): Matt Birchler:

Both Apple and Google’s web apps make me feel like I’m living through the ActiveX days all over again. Firefox sadly feels like a second class citizen because of this.

HomePod Delayed

Joe Rossignol (Hacker News):

Apple today announced it has delayed the release of the HomePod until early 2018. The speaker was originally set to launch in December.

Jason Snell:

Announcing a product in June for “late 2017” suggested to me it always had a good chance of slipping. That’s a long way off.

I am still trying to figure out why they announced it so far ahead. FUD? Overconfidence?

Ryan Jones:

This is Tim Cook’s Achilles heel – he let’s Wall Street pressure get to him – he announces and ships prematurely.

  • Mac Pro
  • Watch (original)
  • MacBook
  • AirPods
  • HomePod

Apple Watch missed 2014 holidays.

AirPods missed 2016 holidays.

HomePod missed 2017 holidays.

That’s really bad, really – perfect gifts.

Update (2017-11-20): Shira Ovide:

A delayed product on its own isn’t necessarily a big deal. Sure, Apple misses a shot at 2017 holiday sales for the HomePod, but this is a long game and one holiday season doesn’t matter in the grand scheme of things for the world’s most valuable public company. The troubling thing, though, is product delays or other problems are no longer unusual for Apple.

Benjamin Mayo:

When Apple announced the HomePod at WWDC in June, I couldn’t understand why they chose to show it so far in advance. HomePod doesn’t have an SDK that developers could learn about, nor did it serve as a platform for a new wave of Siri features. Moreover, Apple didn’t need to scrape the barrel to find stuff to talk about. The WWDC keynote was jam-packed with hardware and software announcements. HomePod could have been cut and it would have still been a very impressive event.

I care less about the reason for the delay (it’s probably something boring) and more about why Apple felt pressured to announce their smart speaker prematurely in the first place.

Ryan Jones:

Tim is kowtowing to Wall Street – to the public. He’s muddying hardware launch stories with “delayed” and “out of stock”. He’s shipping unbaked software to annual dates.

Promise dates you can hit. Hell, stop promising dates! Do less and do it RIGHT (iOS).

The entire point of being super secret is to deliver “surprise and delight”.

And then you come out and promise a date you can’t hit!?

What a waste. What an unforced error. You just spoiled YOURSELF! Talk about “ruining engineers hard work”...YOU did it for no reason.

Update (2017-11-21): Mark Gurman (MacRumors):

More than two years passed. In that time Amazon’s Echo became a hit with consumers impressed by Alexa’s ability to answer questions, order pizzas and turn lights on and off. Meanwhile, Apple dithered over its own speaker, according to people familiar with the situation. The project was cancelled and revived several times, they said, and the device went through multiple permutations (at one point it stood 3 feet tall) as executives struggled to figure out how it would fit into the home and Apple’s ecosystem of products and services.

In the end, the company plowed ahead, figuring that creating a speaker would give customers another reason to stay loyal. Yet despite having all the ingredients for a serious competitor to the Echo—including Siri and the App Store—Apple never saw the HomePod as anything more than an accessory, like the AirPods earphones.

Twitter’s Verified Mess

Albert Wenger:

The net result of all of these mistakes was that the verified checkmark became an “official Twitter” badge. Instead of simply indicating something about the account’s identity it became a stamp of approval.

[…]

Just now Twitter has announced a further doubling down on this ridiculously untenable position. Twitter will now deverify accounts that violate its harassment rules. This is a terrible idea for two reasons: First, it puts Twitter deeper into content policing in a way that’s completely unmanageable (e.g., what about the account of someone who is well behaved on Twitter but awful off-Twitter?). Second, it defeats the original purpose of verification. Is an account not verified because it is an impostor or because Twitter deverified it?

Apple’s Use of Swift in iOS 11.1 and macOS 10.13.1

Alexandre Colucci:

On iOS 10.1 there were only 4 binaries using Swift. The number of apps and frameworks using Swift grew quite a lot in a year: There are now 20 apps and frameworks using Swift in iOS 11.1.

[…]

Similarly the number of binaries using Swift grew from 10 in macOS 10.12.1 to 23 in macOS 10.13.1.

Thursday, November 16, 2017 [Tweets] [Favorites]

FogBugz Becomes Manuscript

Anil Dash (Hacker News):

At Fog Creek, we’re a company that was pretty much born to help squash bugs, whether it’s “this doesn’t look right in my browser!” or “we shouldn’t be secretly polluting the earth!” We launched FogBugz back in 2000 as one of the first and most influential bug-tracking systems around, and it evolved to be great at project management, issue tracking, and lots more. Since it launched, the platform has been used to fix over 50 million bugs, by tens of thousands of teams around the world. But recently, we’ve been thinking about “Big Bugs”, trying to imagine how we can address both the necessary parts of shipping software and the larger risks that too often get overlooked.

So today, we’re using that same engine to create something new: Manuscript. Manuscript helps any team craft great software.

I find this rather confusing because Manuscript seems extremely similar to FogBugz, which it replaces. The core design and features seem to be the same. I guess this is good because I like FogBugz. The new name doesn’t make much sense to me, though I can live with it. The differences, as far as I can tell, are a visual redesign and a bunch of new integrations:

Our new Twitter integration for Manuscript enables you to monitor Twitter for tweets that mention the keywords you’re interested in, like @mentions and hashtags, creating a case for each match. This is great for Support teams, so you can manage your Twitter queue right from within Manuscript. And it’s good for Product Management teams too, who can add tweets about features and bugs as subcases, helping you gather requirements and prioritize feature work.

I don’t need any integrations and would have preferred to see improvements to the core product. There are a variety of longstanding problems with e-mail handling, and the basic case editing and wiki could use some attention. It also doesn’t officially support Safari.

The main complaint I have about Manuscript is the new design. Everything is more saturated and colorful, and the color choices are odd. The logo looks like an optical illusion. It’s all very distracting. It doesn’t look like a professional product for getting work done. Despite being redesigned, the main page’s elements are not fully consistent, and it clashes with less frequently used configuration pages, which have not been redesigned. The new product site is also oddly designed, with an unstable menu of features that is difficult to scroll through. I just don’t understand why these changes were made. The previous Ocelot design was fine and continuing to improve.

I set up a Customization, included below, that changes the colors and lines to be more subdued. It also changes the font from Benton Sans to San Francisco and removes the avatar images. I don’t need to see five copies of my face on every page. I also removed the RSS and Subscribe links, which I never use. Lastly, there’s some JavaScript to restore keyboard shortcuts, which were inexplicably removed in 2013, for moving up and down the case list. I’d like to make more changes to the CSS to improve the information density, but that will take a lot longer.

name:        Boring Colors and Fonts
description: Change text to be less garish. Hide avatars. Add next/prev keyboard shortcuts.
author:      Michael Tsai
version:     1.0.0.0

js: 

$(function() {
    var isOcelot = function() {
      return (typeof fb.config != 'undefined');
    };
    var changeIt = function() {
        // Previous Case: Control-Shift-[
        // Next Case: Control-Shift-]
        $('#case-lightbox-wrap > div > div.case-lightbox-overlay > div.case-lightbox-modal > div > section > article > nav:nth-child(1) > span.case-arrows > a.icon.icon-case-prev').attr("accesskey", "[");
        $('#case-lightbox-wrap > div > div.case-lightbox-overlay > div.case-lightbox-modal > div > section > article > nav:nth-child(1) > span.case-arrows > a.icon.icon-case-next').attr("accesskey", "]");
    }
    if (isOcelot()) {
      fb.pubsub.subscribe({
        '/nav/end': function(event) {
          changeIt();
        }
      });
    }
    else {
      changeIt();
    }
  });

css: 

/* 
To Do:
- SVG icons and arrows.
- Possibly tighten up spacing.
*/

.case-header-block a,
a.case, 
a.person,
a.action-button, 
span.value.action-link, 
#filter-bar #filter-description .filter-description-sort-element .filter-sort-clickable,
#filter-bar #filter-description .filter-axis-clickable,
.case-list th .header-sort-toggle,
.case-list .grid-column-header-drag-helper .header-sort-toggle,
.case .corner a.case,
.event .timestamp,
.m-btn,
.event #labelFileUpload,
.event .emailFields,
.event header .changes,
.case-list .list-group-footer>.list-add-case
{
    color: black;
}

.case .left a, /* Release Notes */
.case .left #sidebarSubscribe span /* Subscribe */ {
    color: black;
    border-bottom-width: 0;
}

.case .left a {
    text-decoration: underline;
}

span.value.action-link,
#filter-bar #filter-description .filter-description-sort-element .filter-sort-clickable,
#filter-bar #filter-description .filter-axis-clickable {
    border-bottom: 1px solid black;
}

.event.email .event-content {
    background: #eee;
}

.event .editor > textarea:active, .event .editor > textarea:focus, .event .editor > textarea.active {
    box-shadow: 0 0 0 1px black;
}

.case-list th .header-sort-toggle, .case-list .grid-column-header-drag-helper .header-sort-toggle {
    font-weight: 600;
}

body,
table.mini-report,
th .header-sort-toggle,
.event .timestamp,
.event .emailFields {
    font-family: -apple-system-font;
}

img.event-avatar,
.case .left .rss,
div#sidebarSubscribe {
    display: none;
}

Wednesday, November 15, 2017 [Tweets] [Favorites]

Dive Into APFS

Tim Standing of OWC gave a great presentation about APFS at the MacSysAdmin conference in Göteborg (via St. Clair Software). Topics include previous Apple file system efforts, the fragmentation caused by copy-on-write, reasons to never use APFS on a spinning hard drive, sluggish performance compared with HFS+, making snapshots with tmutil and restoring them using macOS Recovery, and a mysterious 11th hour change to the format.

His SMART Alec app also looks interesting.

Previously: Local Time Machine Uses APFS Snapshots, APFS Benchmarks.

Update (2017-11-16): Edward Marczak:

Funny timing: you posted this an hour after Tim gave an updated version of this talk at @MacTechConf. There were significant updates in that month.

Update (2017-11-20): Howard Oakley:

Tim – an immensely knowledgeable and experienced Mac software engineer, who for more than twenty years has been half of SoftRAID – draws attention to one of the adverse effects of copy-on-write, perhaps the single most important technology behind APFS. Copy-on-write is the heart of snapshots in APFS, its support for versioning, even the increased metadata protection which makes journalling unnecessary.

I have previously shown how copy-on-write works in the context of a single edit, and versioning. Let me illustrate its downside the same way.

Update (2017-11-27): Lloyd Chambers:

Folder copy performance is pathetic: I observed it as about 100 times slower versus my Mac Pro. This same folder took about 3 seconds on my 2013 Mac Pro, with its SSD which is about 1/3 as fast as the blazingly fast SSD in the 2017 iMac 5K. Who at Apple thinks this is a win?

[…]

Bottom line: APFS is a substantial performance downgrade on the fastest SSD that Apple ships, which is the ideal claimed use case for APFS.

The Best Laptop Ever Made

Marco Arment (tweet, Hacker News, MacRumors):

Apple has made many great laptops, but the 15-inch Retina MacBook Pro (2012–2015) is the epitome of usefulness, elegance, practicality, and power for an overall package that still hasn’t been (and may never be) surpassed.

[…]

At its introduction, it was criticized only for ditching the optical drive and Ethernet port, but these were defensible, well-timed removals: neither could’ve even come close to physically fitting in the new design, very few MacBook Pro users were still using either on a regular basis, and almost none of us needed to buy external optical drives or Ethernet adapters to fit the new laptop into our lives. In exchange for those removals, we got substantial reductions in thickness and weight, and a huge new battery.

There were no other downsides. Everything else about this machine was an upgrade: thinner, lighter, faster, better battery life, quieter fans, better speakers, better microphones, a second Thunderbolt port, and a convenient new HDMI port.

Two years ago, I called my 2012 MacBook Pro “possibly the best Mac I’ve owned,” and I’m even more sure of that now. I just wish there had been a 17-inch model. I hope it continues to work, not least because I think I’d be less happy with any of the models in the current lineup, despite advances in some areas.

Marco Arment:

Apple still sells them new (MBP, Buy, 15”, scroll down) with all options except dGPU. $2000–$2900.

B&H sells them new for a bit less.

I got mine on eBay, 2.2/512 with low battery cycles and AppleCare through 2019, for $1600.

Heard from people who got them on Swappa as well.

Update (2017-11-16): Friedrich Markgraf:

I completely agree. I have a Touch Bar 15″ from work now, had a 2012 15″ before. It was the best computer I ever had.

Marco Arment:

Tons of great 2015 MBPs in Apple’s refurbished inventory right now, including some with the dGPU if you need it.

Greg Hurrell:

Yep. That’s why I bought a refurbished mid-2015 MacBook Pro in late 2017. Hoping Apple gets their shit together by the time it expires.

Marco Arment:

It’s almost as if port bandwidth isn’t always as important as practicality and ubiquity for real-world utility, a lesson we apparently didn’t learn with FireWire, FireWire 800, Thunderbolt, or Thunderbolt 2.

(But nobody ever made a computer that had only those ports.)

Josh Centers:

It doesn’t matter how great the port bandwidth is if you can’t reliably plug things into them. Some things don’t work correctly even with adapters.

Jason Snell:

I love Apple’s tendency to make bold design decisions, but as the single hardware vendor on the Mac platform, Apple’s designers have a responsibility to create features that don’t leave users with nowhere to turn. Better to make a keyboard that nobody loves (but everyone can use) than something loved by a quarter of users, met with indifference by half, and despised by the remaining quarter.

[…]

When I look at Mac laptop users today, they seem cornered by Apple’s design decisions. I hope that the next generation of MacBook and MacBook Pro models show a little more diversity—designs with their own personalities and strengths and weaknesses. The more diversity in design, the more opportunity Apple has to make bold product-design decisions without cornering its most loyal users.

Update (2017-11-27): Marco Arment (tweet, Hacker News):

If a third-party hub or dongle is flaky, the owner doesn’t blame it — they blame their expensive new Apple computer for needing it.

Apple needs to step up with its own solid offerings to offer more ports for people who need them.

[…]

Re-adding HDMI and at least one USB-A port would reduce or eliminate many people’s dongle needs, which I bet would dramatically improve their satisfaction.

[…]

The Touch Bar should either be discontinued or made optional for all MacBook Pro sizes and configurations.

Michael Love:

This. Also, at least 32GB RAM, and better thermals even at the cost of making it a tad bit bigger; current version gets too hot too fast.

See also: Accidental Tech Podcast.

Update (2017-11-29): Wojtek Pietrusiewicz:

Make the Touch Bar optional, then everyone can order the one they want.

Rob Griffiths (tweet):

The Touch Bar, despite its name, is actually an Eye Bar: It forces your eyes off the screen, down to the Touch Bar, back up to the screen, repeat ad infinitum. There’s nothing physical about interacting with the Touch Bar, aside from using your finger: There are no defined button areas, and there’s no haptic feedback when you tap something. So you absolutely must look at the Touch Bar to interact with it.

Update (2017-11-30): Timothy Buck:

I don’t think Apple will do much of what Marco wants, and here is why.

Zac Cichy:

Timothy does a good job of going through @marcoarment’s grievances with the state of the MacBook and thinking through Apple’s possible justifications.

My issue is this: their possible justifications are not good enough. Particularly on the issue of killing MagSafe.

Apple may have “changed its view” on how it sees charging, but when the reality is that professionals live on their laptops, it’s really hard to swallow the notion that they are just supposed to completely alter the way they use their laptops on Apple’s design whim.

Eric_WVGG:

The lack of just one good USB-C hub on the market is infuriating.

Monday, November 13, 2017 [Tweets] [Favorites]

Local Time Machine Uses APFS Snapshots

Lex Friedman, writing in 2012:

With Lion, Apple introduced local Time Machine snapshots. This mostly-silent feature lets your Mac use free space on your main drive to create iterative backups of your files when you’re away from your external Time Machine disk.

By default, Apple disables local snapshots on desktop Macs; the assumption is that you only need them when you’re using a laptop, and that your trusty desktop machine is always connected to a Time Machine drive.

This was called Mobile Time Machine and managed by the mtmd process.

Apple, describing macOS 10.13 (via Accidental Tech Podcast):

Your Time Machine backup disk might not always be available, so Time Machine also stores some of its backups to your built-in startup drive and other local drives. These backups are called local snapshots.

[…]

  • A bright red tick mark is a backup that can be restored now, either from a local snapshot or your backup drive. When your backup drive isn’t available, only the local snapshots are bright red.

  • A dimmed red tick mark is a backup that can be restored from your backup drive after that drive becomes available. Until then, the stack of windows on the screen shows a blank window for that backup.

[…]

Time Machine in macOS High Sierra stores snapshots on every APFS-formatted, all-flash storage device in your Mac or directly connected to your Mac.

Howard Oakley:

Inevitably, depending on how full your disk is and how often new data has to be written to it, old versions of files will be lost over time, as they have to be re-used to make free space. But if you can keep a reasonable amount of space free on your internal disk, mobile Time Machine should give you a valuable means of going back to any version of a document over the last several days, maybe even weeks.

What in Sierra is of relatively limited value will, therefore, become very useful indeed in High Sierra – and come with no performance or storage penalties. For laptop users, this will be an important feature to consider when deciding how quickly to upgrade to High Sierra.

Previously: SuperDuper and APFS, Finder 10.9 Disk Space Embellishment.

Update (2017-11-27): Rich Trouton:

As part of macOS High Sierra, Apple has added a new feature to Apple software updates which require a restart. When these updates are installed onto a boot drive which is using Apple File System (APFS), an APFS snapshot is automatically created on the boot drive prior to installing the software update. An APFS snapshot is a read-only copy of the state that the boot drive was in at a certain point in time, so it can be used as a backup in case something goes wrong with the update.

App Nap, Automatic Termination, and Zombie Apps

Howard Oakley:

More recently, Apple’s apps have started to behave differently. Support tools like TextEdit and Preview enter this [zombie state] instead of quitting automatically, when they go into App Nap without an open document. You can observe this by starting them up and leaving then to go into the background without any open documents.

With a longer list of apps open and in the background, most of them now go into App Nap, as shown in Activity Monitor.

Bring up the Force Quit dialog using Command-Option-Escape, and you’ll see that they are still listed there as running.

Look at their icons in the Dock, though, and the normal black dot has vanished, as if the app has actually quit.

They’re also missing from the list of open apps in the App Switcher (Command-Tab).

[…]

macOS has therefore gone from having two basic states for apps, to four[…]

Howard Oakley:

To prevent all apps from becoming zombies, simply type the following into Terminal:

defaults write -g NSDisableAutomaticTermination -bool TRUE

When you next open an app like Preview, if you leave it unattended in the background with no open windows, it will just sit there, and won’t quit or become a zombie.

Howard Oakley:

This zombie state is possibly the most complete antithesis of all good human design. The app is still there, but the user can’t directly use or quit it. The only two ways of regaining control over it are to open a document which by default will be opened by that app, or to act as if opening the app again. As zombies are removed from the Dock, App Switcher, etc., the latter is often very inconvenient.

[…]

This sort of behaviour is probably most tolerable when it occurs in such one-shot viewer utilities. But when it becomes standard in major productivity apps like Pages, Numbers, and Xcode, you have to ask why macOS is being so deliberately deceptive of the user. As Apple glosses over the matter in a couple of terse lines, and then only in its developer documentation, we’ll never know its design intent.

Update (2017-11-15): Howard Oakley:

In the absence of anything better, I suggest that they are termed undead apps, which has no other meaning in this context, and should therefore be unambiguous. It also seems a good description as to what they are. And despite my previous assertion, it appears that they can only exist for any length of time in App Nap. Indeed, as I show here, all apps running under macOS Sierra and High Sierra are eligible for App Nap, irrespective of custom settings in their Info.plist file.

App Store Changes

John Voorhees, quoting Apple:

Soon, you’ll be able to offer new customers a discounted introductory price for your auto-renewable subscriptions on the App Store. iOS 11.2 introduces new classes … and new properties … to provide details on the introductory pricing and billing period you’ve selected for your auto-renewable subscriptions.

One step closer to trials.

Juli Clover:

As part of its newly updated App Store in iOS 11, Apple is introducing a new “This Weekend Only” feature for the “Today” section, which will see the company offering “new ways to save” with apps.

Apple will introduce an app with a special deal each Thursday, with discounts available through Sunday.

Twitter Sidestepped Russian Account Warnings

Selina Wang:

In early 2015, a Twitter employee discovered a vast amount of Twitter accounts with IP addresses in Russia and Ukraine. The worker, Leslie Miley, said most of them were inactive or fake but were not deleted at the time. Miley, who was the company’s engineering manager of product safety and security at the time, said efforts to root out spam and manipulation on the platform were slowed down by the company’s growth team, which focused on increasing users and revenue.

“Anything we would do that would slow down signups, delete accounts, or remove accounts had to go through the growth team,” Miley said. “They were more concerned with growth numbers than fake and compromised accounts.”

Previously: Yahoo Says Hackers Stole Data on 500 Million Users in 2014.

Friday, November 10, 2017 [Tweets] [Favorites]

Building a Better Date/Time Library for Swift

Dave DeLong (tweet):

Chronology is an attempt to build a better date and time API for Swift on top of the constructs provided by Foundation.

Foundation.framework has one of the absolute best and most capable APIs available to any developer on any platform. However, it comes with a heavy price in the form of cognitive load. Too many developers do too many incorrect things. Over the years, Foundation has gained more and more convenience methods via the Calendar type, but fundamental issues remain.

We’re Just Doing Data Entry for Google

André Staltz:

What has changed over the last 4 years is market share of traffic on the Web. It looks like nothing has changed, but GOOG and FB now have direct influence over 70%+ of internet traffic. Mobile internet traffic is now the majority of traffic worldwide and in Latin America alone, GOOG and FB services have had 60% of mobile traffic in 2015, growing to 70% by the end of 2016. The remaining 30% of traffic is shared among all other mobile apps and websites. Mobile devices are primarily used for accessing GOOG and FB networks.

[…]

Prior to 2014, Search Engine Optimization (SEO) was a common practice among Web Developers to improve their site for Google searches, since it accounted for approximately 35% of traffic, while more than 50% of traffic came from various other places on the Web. SEO was important, while Facebook presence was nice-to-have. Over the next 3 years, traffic from Facebook grew to be approximately 45%, surpassing the status that Search traffic had. In 2017, the Media depends on both Google and Facebook for page views, since it’s the majority of their traffic.

[…]

There is a tendency at GOOG-FB-AMZN to bypass the Web which is motivated by user experience and efficient communication, not by an agenda to avoid browsers. In the knowledge internet and the commerce internet, being efficient to provide what users want is the goal. In the social internet, the goal is to provide an efficient channel for communication between people. This explains FB’s 10-year strategy with Augmented Reality (AR) and Virtual Reality (VR) as the next medium for social interactions through the internet. This strategy would also bypass the Web, proving how more natural social AR would be than social real-time texting in browsers. Already today, most people on the internet communicate with other people via a mobile app, not via a browser.

Via Matt Birchler:

And now we have Google Assistant, which is a great tool for getting information, but is another step in obscuring the line of what content belongs to who. You can ask the Assistant a question and it will give you an answer in the Assistant app (or just in the air if you’re using a Google Home). A recipe, for example, will be scraped from someone’s cooking blog and then presented in the Assistant app as if Google had created this recipe. You can poke around the interface to find out where it came from, and you can sometimes tap a link to see the source of an answer, but it’s not the default behavior. Hell, a “failed state” in Assistant is when it has to show you a list of websites in your search results.

In short, Google once was a tool for getting people to content that we as creators made, but today it seems like we are just doing data entry in Google’s database to let them display nuggets of our content in their software.

Work on SQLite 4 Has Concluded

Richard Hipp (via Hacker News):

Lessons learned from SQLite4 have been folded into SQLite3 which continues to be actively maintained and developed. This repository exists as an historical record. There are no plans at this time to resume development of SQLite4.

The Design Of SQLite4:

SQLite4 stores all content, from all tables and all indices, in a single keyspace. This contrasts with SQLite3 that required a separate keyspace for each table and each index. The SQLite4 storage also differs from SQLite3 in that it requires the storage engine to sort keys is lexicographical order, whereas SQLite3 uses a very complex comparison function to determine the record storage order.

[…]

The default built-in storage engine is a log-structured merge database.

[…]

SQLite3 allows one to declare any column or columns of a table to be the primary key. But internally, SQLite3 simply treats that PRIMARY KEY as a UNIQUE constraint. The actual key used for storage in SQLite is the rowid associated with each row.

SQLite4, on the other hand, actually uses the declared PRIMARY KEY of a table (or, more precisely, an encoding of the PRIMARY KEY value) as the key into the storage engine. SQLite4 tables do not normally have a rowid (unless the table has no PRIMARY KEY in which case a rowid is created to be the implicit primary key.) That means that content is stored on disk in PRIMARY KEY order. It also means that records can be located in the main table using just a single search on the PRIMARY KEY fields.

LSM Design Overview:

The LSM embedded database software stores data in three distinct data structures[…]

makmanalp:

I’ve had the chance to hear Richard Hipp talk about SQLite yesterday! He mentioned that the LSM tree storage engine is available as an extension to sqlite3. More specifically, he mentioned that he didn’t really get the performance improvements he had hoped for, for insertion-heavy use cases.

I think part of this is because of a fundamental limitation of sqlite that it’s an embedded database that has to persist data on disk at all times: The design of LSM trees works well with databases with a resident in-memory component because it’s an approximation of just dumping every new thing you see at the end of an unordered in-memory array. This is as opposed to a data structure like a b-tree where you have to find exactly where to put the data first, and then put it there. This finding bit means you’re doing a lot of random access in memory, which is thrashing all of your caches (CPU / disk etc). LSM trees avoid this thrashing by just dumping stuff at the end of an array. However this means you have to scan that array to do lookups (as opposed to something easier like binary search). Then as your array gets big, you merge and flush it down to a lower “layer” of the lsm tree which is slightly bigger and sorted. And when that one fills, you flush further. And these merge-flushes are nice big sequential writes so that’s nice too.

Anyway, with SQLite, the highest layer of your LSM tree would probably (this is conjecture) have to be on disk because of the way that there is no server component, versus in an in-memory system it’d probably be in your L2/L3 cache or at least your main memory. So this could be one reason why that model didn’t work out as well for them.

Previously: SQLite 4.

See also: Richard Hipp on the Changelog podcast.

How Facebook Figures Out Everyone You’ve Ever Met

Kashmir Hill:

Behind the Facebook profile you’ve built for yourself is another one, a shadow profile, built from the inboxes and smartphones of other Facebook users. Contact information you’ve never given the network gets associated with your account, making it easier for Facebook to more completely map your social connections.

Shadow contact information has been a known feature of Facebook for a few years now. But most users remain unaware of its reach and power. Because shadow-profile connections happen inside Facebook’s algorithmic black box, people can’t see how deep the data-mining of their lives truly is, until an uncanny recommendation pops up.

Facebook isn’t scanning the work email of the attorney above. But it likely has her work email address on file, even if she never gave it to Facebook herself. If anyone who has the lawyer’s address in their contacts has chosen to share it with Facebook, the company can link her to anyone else who has it, such as the defense counsel in one of her cases.

[…]

Handing over address books is one of the first steps Facebook asks people to take when they initially sign up, so that they can “Find Friends.”

Update (2017-11-15): Christopher P. Atlan:

God damn Facebook. You need to press learn more to be able to skip the import of your contacts.

AstroPad’s Camera Button Rejected From the App Store

Savannah Reising (via Tim Hardwick):

We planned to introduce the Camera Button in an update to Astropad Studio going out today. However, we are disappointed to report that the Camera Button was rejected by Apple’s App Store review under Section 2.5.9:

Apps that alter or disable the functions of standard switches, such as the Volume Up/Down and Ring/Silent switches, or other native user interface elements or behaviors will be rejected.

It doesn’t look like the guideline actually covers what their app does. But it’s the kind of feature that I would expect Apple to disapprove of.

David Barnard:

I get why Apple rejected the super fun/innovative @astropadapp camera button, but I’m still very disappointed.

And as I’ve said many times before, this kind of rejection has a chilling effect on iOS innovation.

App Review and many other App Store policies end up being shaped primarily by scammers, not conscientious developers.

At this point in the life of the platform I’d much rather Apple make special exceptions than outright block innovation/experimentation.

Apple pretends the App Store is a level playing field, but it never has been. And it’s better for customers if it’s not.

See Uber’s special entitlement for Apple Watch. They couldn’t have built a great app without special treatment.

There’s no way for us to ever know what all has been rejected and what was never even submitted to the App Store for fear of rejection.

Rejecting an innovative app/feature here or there might seem innocuous, but it’s easy to underestimate the long-term consequences.

I would’ve never built the Camera Button because I assumed it would be rejected. And that’s a very real problem.

Previously: The Camera Button.

Thursday, November 9, 2017 [Tweets] [Favorites]

Twitter Increases Limit to 280 Characters

Aliza Rosen (Hacker News):

In September, we launched a test that expanded the 140 character limit so every person around the world could express themselves easily in a Tweet. Our goal was to make this possible while ensuring we keep the speed and brevity that makes Twitter, Twitter. Looking at all the data, we’re excited to share we’ve achieved this goal and are rolling the change out to all languages where cramming was an issue.

[…]

We – and many of you – were concerned that timelines may fill up with 280 character Tweets, and people with the new limit would always use up the whole space. But that didn’t happen. Only 5% of Tweets sent were longer than 140 characters and only 2% were over 190 characters. As a result, your timeline reading experience should not substantially change, you’ll still see about the same amount of Tweets in your timeline.

Peter N. Lewis:

So I suppose I shouldn’t be surprised the the official Twitter/Mac app can’t do 280 characters.

John Gruber:

Given 280 characters, people are going to use them, even to express thoughts that could have fit in 140. Given unlimited characters, such as in email, people ramble aimlessly.

That’s why email feels like a dreary chore, and Twitter feels like fun. The fewer tweets that fit in a single screen at a time, the less fun Twitter feels. I’m sure Twitter considered this change carefully, but I’m convinced they’ve made a terrible mistake.

Part of the charm of Twitter is the finely crafted short tweets. But I think those have already become less prevalent as people resort to posting screenshots and long tweet threads to get around the limit. My guess is that the increased limit will be fine. I think most tweets will remain short and that 280 characters will provide a better overflow experience than threads. App.net had a limit of 256 characters, and that seemed to work well. If long tweets do become a problem, clients could discourage them when posting or display only the first few lines to keep the timeline compact.

Previously: Fixing Twitter With Reputation Systems, Twitter Won’t Raise 140-Character Limit.

Update (2017-11-13): Twitter:

Starting today, your Twitter display name can be up to 50 characters in length! Go ahead, add that middle name or even a few more emojis.

The Paradise Papers

Bastian Brinkmann and Lena Kampf:

In 2014, the law firm Appleby – the recipient of Apple’s long list of questions – took the company on as a client. The Paradise Papers show that in 2015, Appleby listed two Apple subsidiaries as being based in Jersey. Laws on the island allow foreign companies to establish their tax residency there.

[…]

One possible explanation for the company’s presence in Jersey is that Apple wanted to quickly react to the Irish tax reform. Previously, Apple subsidiaries in Ireland, thanks to the trick outlined above, had been considered “stateless” from the perspective of tax law – they weren’t based anywhere at all. But that’s no longer allowed. It could be, then, that Apple’s homeless companies have now finally settled down – on the island of Jersey, where the tax rate is zero percent.

[…]

Those familiar with the procedure say that the end result of Apple’s restructuring is that not much has changed for the company. And in Apple’s publicly available financial information, there has indeed been virtually no change in the amount of taxes paid by the company since 2015. According to that information, Apple paid around 4 percent on profits made outside of the U.S. in both the years 2013 and 2014. In 2015, it was around 5 percent and approximately 6 percent in 2016. Fluctuations of that magnitude are common for international corporations.

Jesse Drucker and Simon Bowers:

“We pay all the taxes we owe, every single dollar,” Mr. Cook declared at the hearing. “We don’t depend on tax gimmicks,” he went on. “We don’t stash money on some Caribbean island.”

True enough. The island Apple would soon rely on was in the English Channel.

Five months after Mr. Cook’s testimony, Irish officials began to crack down on the tax structure Apple had exploited. So the iPhone maker went hunting for another place to park its profits, newly leaked records show. With help from law firms that specialize in offshore tax shelters, the company canvassed multiple jurisdictions before settling on the small island of Jersey, which typically does not tax corporate income.

[…]

The documents reveal how big law firms help clients weave their way through the gaps between different countries’ tax rules. Appleby clients have transferred trademarks, patent rights and other valuable assets into offshore shell companies, avoiding billions of dollars in taxes. The rights to Nike’s Swoosh trademark, Uber’s taxi-hailing app, Allergan’s Botox patents and Facebook’s social media technology have all resided in shell companies that listed as their headquarters Appleby offices in Bermuda and Grand Cayman, the records show.

Wolfgang Krach (via Hacker News):

Public filings reveal that between 2010 and 2017, on average, Apple generated two-thirds of its profits outside the U.S. Evidently, it earned $41.1 billion in 2016 and $44.7 billion in 2017. What these filings also show is that since 2010, Apple’s foreign-earned income has been taxed at a rate of between 1 and 7 percent. Mr. Cook, do you believe this comports with the “moral responsibility” you have advocated? Such “tax optimization” – albeit legal – is only possible because specialized law firms such as Appleby devise complex company structures inaccessible to most other firms. Skilled workers, small business owners and employees in most countries outside the U.S., many of whom surely use Apple products, don’t have the means to shirk ordinary taxes.

Alastair Houghton:

In a very real sense, for instance, there is no such company as “Apple”. Rather, there is Apple, Inc (which is in the United States), Apple Europe Limited (in the United Kingdom), Apple Operations International (Ireland), Apple Sales International (Ireland), Apple Distribution International (Ireland), as well as a host of other entities. All of them are separate companies, and therefore separate legal entities, though some may hold shares in others and they likely share some directors too. The thing the public thinks of as “Apple” is not, in a legal sense, real — but instead is projected by the actions of a number of co-operating legal entities in various different jurisdictions. You might say this is a sleight of hand, but it’s how the world works because it’s how the laws passed by our politicians work.

[…]

Clearly both the delivery company and the website company will be able to calculate a profit figure (essentially sales minus costs), and so Corporation Tax will be paid at UK rate on the profit made by the delivery company and at some other rate depending on where the website company is incorporated on its profits. Now, let’s say the website company can choose where it incorporates — after all, it’s a website and the Internet is everywhere. So let’s pick somewhere with low tax rates. Luxembourg, say. […] It was fine before I gave them both similar sounding names, and before they had shared directors/shareholders. Why is it suddenly not OK now?

Kirk McElhearn:

If you are a company making widgets, and you don’t sell them directly, you sell them through distributors, and they in turn tell your widgets to retailers, who sell to end users. Lets say you sell your widgets at 50% of their retail price; the local distributors and retailers earn the rest of the money, and pay taxes on it.

But since Apple sells most of their products directly, either through their own store, their online store, or their subsidiaries, they are able to retain much more of the total price of their goods.

Shawn Tully:

But the U.S. code provides ample room for sheltering and avoiding taxes on foreign income, a major reason it needs an overhaul. The rules essentially divide foreign profits into three categories. One bucket of profits is more or less taxed at the full rate of 35%. On a second bucket, the multinational can defer paying the U.S. tax due. And a third category is excluded from all U.S. taxation, amounting to corporate America’s biggest loophole.

[…]

The U.S. GAAP financial accounting rules stipulate that if a multinational either reinvests earnings from operations to grow its business, or intends to do so in the future, it’s required to neither pay U.S. tax on those profits in cash, nor to accrue a tax expense for the future that lowers net income. However, if plans change, and multinational decides that it will eventually bring those profits back, it has accrue U.S. tax on that income.

It’s important to note that Apple is extremely responsible in the use of this exemption for reinvested earnings. Many multinationals report that they intend to plough all of their foreign profits into operations, and hence, don’t make any accruals for U.S. taxes on their offshore earnings. Apple the rare tech titan that books large annual accruals that lower net income.

Via John Gruber:

The news coverage on Apple’s tax avoidance would lead you to believe (and in fact has led many to believe) that Apple pays a lower effective tax rate than most companies, when the truth is they pay a higher rate than most of their peers.

[…]

You can argue that Apple should voluntarily pay more in taxes than they’re legally obligated to, but no one who holds such views would ever get hired as a finance executive at a large publicly held company.

Previously: Apple, Ireland, and the EU.

Update (2017-11-09): See also: Todd Ditchendorf and my tweets.

Update (2017-11-13): Apple:

Apple believes every company has a responsibility to pay its taxes, and as the largest taxpayer in the world, Apple pays every dollar it owes in every country around the world. We’re proud of the economic contributions we make to the countries and communities where we do business.

See also: Sean O’Grady.

Enduring Xcode and SourceKitService Problems

Ling Wang:

This is how I’ve been coding in Xcode 9 since WWDC. Code completion is totally broken. It’s basically TextEdit with syntax highlight.

Many issues beside code completion:

  1. Jump to Definition shows menu not jump
  2. to ObjC header not Swift

Tony Arnold:

My experience isn’t as bad, but it’s still poor enough to have made me think seriously about starting a different career. There were a few points in the last year where Xcode made me want to give up coding entirely.

I file bugs, I sympathise and I try to understand where I can. But I have jobs to do, too - there are limits to my time.

Sadly and ultimately, working with Xcode is a minefield where the basics sound amazing on paper, but just don’t live up to the promises made.

I had a realisation earlier this week that the only reason I was considering buying an iMac Pro (which is likely to be a $10-15k AUD Machine) was to make Xcode run faster because I spend half of my professional time cleaning & rebuilding my projects to get basic editing working.

My recollection is that the old ProjectBuilder was solid but that Project Builder and Xcode have been perpetually buggy. It used to be that the compiler tools were reliable and the interface was buggy and crashy. Lately, the app itself has gotten better, but the Swift support (highlighting, jumping to definitions, and compiler) have been dragging it down. It is rare for me to make it through a day without the compiler crashing or the editor breaking. Fixing these issues would save developers inside and outside of Apple countless hours and frustration.

Previously: Swift 4.0 Released, Why I Don’t Write Swift.

Update (2017-11-09): Slava Pestov:

I think we’ve reached an inflection point and general compiler crashes have been getting fixed at a good pace since 3.1

SourceKit crashes have the same root causes often but are more challenging because SourceKit sees more invalid states

Source compatibility as a goal means we can grow the body of code we test against with the source compat suite

Up until Swift 3 we had the double whammy of spending most of our time on language features and changes and also breaking compatibility meaning we had trouble getting good test coverage

There is still a lot of work to do but I’m much happier with our priorities now that the language has settled down and things are moving in the right direction

Update (2017-11-10): Joe Groff:

Turns out Ling’s problem was a bug that is fixed in master SourceKit. You can remove -v from OTHER_SWIFT_FLAGS to work around it.

Facebook Solicits Nude Photos to Stop Revenge Porn

Louise Matsakis:

As part of a new feature the social network is testing in Australia, users are being asked to upload explicit photos of themselves before they send them to anyone else, according to the Australian Broadcasting Corporation (ABC).

[…]

The social network then builds what is referred to as a “hash” of the image, meaning it creates a unique fingerprint for the file. Facebook says it is not storing the photos, just the hashes of the photos. If another user tries to upload the same image on Facebook or Instagram, Facebook will test it against its stored hashes, and stop those labeled as revenge porn from being distributed.

Joseph Cox (tweet):

What that and other explanations do not necessarily make clear, however, is that prior to making that fingerprint, a worker from Facebook’s community operations team will actually look at the uncensored image itself to make sure it really is violating Facebook’s policies.

[…]

“It is absolutely necessary for images to be reviewed by a person when introduced into the checked for dataset, otherwise it would be trivial for someone to abuse this process to censor images,” Nicholas Weaver, a senior researcher at the International Computer Science Institute in Berkeley, California, told The Daily Beast. Weaver pointed at the iconic photo of Tank Man in Tiananmen Square as an example.

Nick Heer:

In a bizarre way, this actually makes some sense: Facebook already bans pornography, but there’s no algorithmic way to determine if a photo was shared non-consensually, so a user must manually state that certain images were shared without their consent. The distinction is important because someone sharing consensual porn is merely violating Facebook’s terms of use, while someone sharing non-consensual images is violating a person’s privacy and, potentially, the law.

Bruce Schneier:

I’m not sure I like this. It doesn’t prevent revenge porn in general; it only prevents the same photos being uploaded to Facebook in particular.

Previously: Photos Machine Learning and Trusting Apple.

Update (2017-11-09): Wil Shipley:

Facebook could have said: “Here’s a tool for you to create hashes of anything you’re afraid someone might post in revenge. Send us the hashes and if we see matching posts we’ll evaluate their content then and take them down if needed.”

Wednesday, November 8, 2017 [Tweets] [Favorites]

iPhone X Reviews

Designing Apps for iPhone X

Chris Harris:

If iPhone X is a design for the next 10 years, maybe our app design should change with it? Here’s my Rule of Thumbs to help :)

Tanner Bennett:

This map is horribly incorrect. The entire bottom centimeter of the phone should be red.

Stefan Kieleithner and Michael Ochs:

Supporting the iPhone X was more difficult than initially anticipated, and it required much more work than adding support for any previously announced new iPhone model.

This time around, things were different, because not only did the screen size change — which was the case for previous hardware generations like the iPhone 6 and 6 Plus, and the 12.9" and 10.5" iPad Pro — but Apple also added a whole new concept with always visible elements. Because of this, if not laid out correctly, both the sensor housing and the indicator for accessing the Home screen will obscure content that would otherwise display fine on simple rectangular screens.

Marco Arment:

All iOS apps with dark modes or dark themes must reconsider them for OLED.

On LCDs, dark gray looks better than black. OLED is different.

Previously: iPhone X Design and the Notch.

Update (2017-11-10): Ryan Christoffel:

We’re only a week out from the iPhone X’s debut, so what we see from X-ready apps today will likely evolve over time as developers are able to live with the device longer. But despite it being early days still, there are several apps that stand out among the best the App Store has to offer for iPhone X.

Update (2017-11-20): Federico Viticci:

The most visible departure from Overcast 3.0 is the replacement of the “stacked card” visual metaphor (of which I was a fan) with a more traditional horizontal navigation. Show pages and episode details are now always pushed into view from the side of the app; the Now Playing screen has gone back to the Overcast 2.0 style, abandoning the Apple Music-inspired card design of version 3.0.

According to Arment, these were necessary changes to take advantage of the iPhone X’s screen and increase the reachability of all navigation controls throughout the app. It’s hard to tell without an iPhone X in my hands, but I assume that “embracing the notch” with a unified title bar should look better than blocking out the device’s status bar with a black background, which Overcast’s old stacked card UI (pictured in the image above) would have done.

Update (2017-12-15): Sebastiaan de With:

Now, a month after the release of iPhone X, I want to show you how we designed and released an app redesigned for iPhone X, without ever even having held one.

iPhone X Physical Design

Jason Snell:

If there’s an ergonomic issue I’m going to have with the iPhone X, it’s the height of the device, not its width. Holding my iPhone 8 in one hand, I can barely reach my thumb up to the top of the screen. But not only is the iPhone X 5mm taller, but the screen extends almost all the way to the top. I can’t keep the bottom of the iPhone X braced with my pinky and use my thumb to tap items high up in the interface. I suppose over time I will either change how I hold the phone in my hand, get used to shimmying my hand up the phone to reach the top, or get used to not one-handing my iPhone as often as I currently do.

Scott Perry:

For any of you buying glass-back phones that are used to leaving them on your lap or bag or whatever know they are REAL slippery on textiles.

Ben Lovejoy:

Following a series of six drop tests of the iPhone X, gadget insurance company SquareTrade has labelled the iPhone X ‘the most breakable, highest-priced, most expensive to repair iPhone ever.’

Kyle Wiens (Hacker News):

When it comes to hardware, this is the most densely-packed gadget we’ve ever taken apart. Thanks to drastically shrinking the bezels, the iPhone X sports the largest display of any iPhone—in a smaller form factor than the “Plus” devices. That super-sized display needs a super-sized battery, and there wasn’t room with the iPhone’s traditional layout. The solution? An unprecedented degree of miniaturization of the main board. Apple effectively folded the logic board in half—and soldered the layers together—to free up valuable real estate for the Plus-sized battery. In its compact and stacked form, the iPhone X logic board takes up about 70% of the area of the iPhone 8 Plus board. Separated and spread out, the X’s board is actually 35% bigger than the one in the 8 Plus—which leaves plenty of room for new goodies, like hardware to power FaceID.

Sebastiaan de With:

Looking at iPhone X, you can see how Apple has taken 10 years of those innovations in industrial design and essentially summarized it.

[…]

The iPhone X is a design that condenses the essence of every past iPhone and somehow transcends it to become something entirely new.

iPhone X looks great, but like all of Apple’s phones since the iPhone 5s (and SE), I do not find it comfortable in the hand without a case. The edges are too rounded, though they feel a bit less sharp than the 6/6s/7, perhaps because the X is thicker. Unfortunately, it’s even more slippery than previous models. I’d prefer to see a more sticky surface and more square edges.

iPhone X Face ID

Michael Potuck:

While Apple has touted that Face ID is more secure than Touch ID, it also shared that this isn’t the case for twins and those under the age of 13. Now that a few outlets have had more time with the iPhone X, we’re seeing some mixed results when it comes to identical twins tricking Face ID.

[…]

Today, Business Insider,Mashable, and The Wall Street Journal put Face ID to the test with identical twins and triplets…and so far it looks like a false match probability of 3 out of 4 (with extremely limited testing).

[…]

Another interesting note from the Mashable article is that Windows has apparently solved the twin problem with its Windows Hello facial recognition.

Emmanuel Ocbazghi (via Mitchel Broussard):

I was pretty shocked that the iPhone X could really pick apart the details between me and my [twin] brother, considering some of our own family members can’t tell us apart.

Chance Miller:

Apple touts that Face ID is even more secure than Touch ID was, with there being a 1 in 1,000,000 chance of a different person being able to unlock someone else’s iPhone X with Face ID. A new video posted to Reddit, however, shows Face ID failing to properly differentiate between siblings…

[Update (2017-11-08): It sounds like the siblings inadvertently trained Face ID that they were the same person.]

Adrian Weckler:

Pretty fully used to the iPhone X now, and overall it’s a superior phone. One issue with Face ID, in fluorescent light. Otherwise flawless.

Matthew Panzarino:

Here’s a theory about why folks who haven’t used the iPhone X for several days might get more Face ID misses: it’s a learning computer.

James Vincent:

Here’s what the infrared dot projector on the iPhone X’s Face ID looks like when viewed using a night vision cam[…]

Russell Ivanovic:

Face ID is very nice. But anyone who tells you it works flat on a table without awkwardly towering over it might be yanking your chain 😂

Overall though I’d take it over Touch ID. It actually does feel more convenient. Didn’t expect it to either.

Dan Masters:

Face ID works well—doesn’t work at my desks at all though

Jordan Merrick:

The iPhone X can be unlocked with a passcode instead of Face ID, but it's not obvious how to do it. To use a passcode, tap the screen to wake up the iPhone, swipe up on the Home bar, and tap “Face ID”.

I do this to unlock my iPhone while it's lay down flat on my desk.

Long Zheng:

I just ran into the HUGE flaw with #iPhoneX Face ID. It doesn’t work in other orientations besides normal portrait. Can’t unlock in bed

Michael Love:

Face ID was better than 5s Touch ID on day 1, even better now (it actually seems to be improving for stuff-in-front-of-my-face somewhat).

Juli Clover:

It took 1.2 seconds for Spoonauer to unlock the iPhone X from pressing the side button on the side of the device and another 0.4 seconds to swipe up to get to the lock screen, while getting to the Home screen on an iPhone 7 Plus using Touch ID took 0.91 seconds.

When using Raise to Wake and swiping up on the display as the iPhone is recognizing a face (as Face ID is meant to be used, according to John Gruber), unlocking was faster at a total of 1.16, but Spoonaeur still found it to be slower than Touch ID.

In a raw comparison like that, Touch ID seems like the faster unlocking method, but as TechCrunch’s Matthew Panzarino points out, in actual day-to-day usage, Face ID has benefits over Touch ID because it’s a more streamlined interaction.

M.G. Siegler:

It’s hard to describe how well done FaceID is. So well done that it’s subtle in use. Obviously how this should have always been done.

Which makes the minor blow up over unlock speed versus TouchID even more silly. It’s 1000x better. The button will not be missed.

Jason Snell:

I’ll be honest: The combination of the Touch ID sensor with the iPhone’s home button led me to bad behavior. My habit was always to lay my thumb on the sensor and then push the button, a combination that invariably led me to unlock the phone and send it to the home screen. The idea of gently laying my thumb on the home button and then taking it off in order to browse notifications rarely, if ever, occurred to me.

Ben Thompson:

Face ID isn’t perfect: there are a lot of edge cases where having Touch ID would be preferable. By its fourth iteration in the iPhone 7, Touch ID was utterly dependable and, like the best sort of technology, barely noticeable.

FaceID takes this a step further: while it takes a bit of time to change engrained habits, I’m already at the point where I simply pick up the phone and swipe up without much thought; authenticating in apps like 1Password is even more of a revelation — you don’t have to actually do anything.

[…]

The trick Apple pulled, though, was going beyond that: the first time I saw notifications be hidden and then revealed (as in the GIF above) through simply a glance produced the sort of surprise-and-delight that has traditionally characterized Apple’s best products. And, to be sure, surprise-and-delight is particularly important to the iPhone X: so much is new, particularly in terms of the interaction model, that frustrations are inevitable; in that Apple’s attempt to analogize the iPhone X to the original iPhone is more about contrasts than comparisons.

Ian McDowell:

Apple Pay is so cumbersome now with Face ID...has taken me multiple tries each time I’ve used it with my new phone 😞

Update (2017-11-08): Tommy Collison:

I’m interested in Face ID from an accessibility standpoint. PINs and Touch ID take fine motor control that not everyone has.

Tanner Bennett:

When Face ID doesn’t work the first time, you have to lock the phone to try again AFAICT. That’s pretty unintuitive and annoying.

Update (2017-11-10): Rich Mogull:

Put simply, Face ID is the most compelling advancement in security I have seen in a very long time. It’s game changing not merely due to the technology, but due to Apple’s design and implementation.

Update (2017-11-13): Tim Bradshaw (via Ivan Krstić):

The real secret to both FaceID and TouchID, however, is that they are easier to use than manually typing a numerical passcode to unlock the phone. More customers, therefore, are likely to leave this vital security protection turned on. Even the most rock solid of security systems is useless if customers turn it off because it is too complicated.

Andy Greenberg:

When Apple released the iPhone X on November 3, it touched off an immediate race among hackers around the world to be the first to fool the company’s futuristic new form of authentication. A week later, hackers on the actual other side of the world claim to have successfully duplicated someone’s face to unlock his iPhone X—with what looks like a simpler technique than some security researchers believed possible.

On Friday, Vietnamese security firm Bkav released a blog post and video showing that—by all appearances—they’d cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. That demonstration, which has yet to be confirmed publicly by other security researchers, could poke a hole in the expensive security of the iPhone X, particularly given that the researchers say their mask cost just $150 to make.

Update (2017-11-15): Bruce Schneier:

I don’t think this is cause for alarm, though. Authentication will always be a trade-off between security and convenience. FaceID is another biometric option, and a good one. I wouldn’t be less likely to use it because of this.

Joe Rossignol:

A new video has surfaced of a 10-year-old child unlocking his mother's iPhone X with his face even though Face ID was set up with her face.

Update (2017-11-20): Rich Trouton:

Face ID is the most compelling security advance I have seen in a very long time. It’s game-changing not merely due to technology, but also thanks to design and implementation. Apple has created a new authentication modality.

Update (2017-11-21): Ashley Park (via Dan Masters):

FaceTec conducted an experiment with a “sleeping” iPhone X owner and placed numerous pizza toppings on their eyes, such as olives, mushrooms, and pepperoni, to easily hack into what Apple promoted as a “secure and private new way to unlock, authenticate, and pay.” As shown in the video, the iPhone opens right up as soon as it recognizes the toppings as the owner’s eyes.

Update (2017-11-29): Juli Clover:

Bkav reset Face ID on camera and then set it up anew with the demonstrator’s face. “Require Attention for Face ID” and “Attention Aware Features” were both shown to be enabled on the iPhone X. For those unaware, “Require Attention for Face ID” is meant to add an extra layer of security by requiring you to look at your iPhone to use Face ID, and it’s one of the features that’s supposed to prevent Face ID from unlocking with a mask, with a photograph, or when you’re looking away from your phone.

After activating Face ID, the Bkav demonstrator unlocks the iPhone X normally with his own face, and then unlocks it once again with the mask. The mask appears to be able to unlock the iPhone X right away, with no failed attempts and no learning, as Face ID was set up from scratch just before the test. The mask’s 2D infrared eyes also appear to fool the “Require Attention for Face ID” setting.

Update (2017-11-30): Sam Bingner:

I don’t know if it’s me or if everybody else just seems to have better luck… but FaceID is much less reliable and slower than TouchID was for me. FaceID is always slower, and fails quite often. Yes, I enter the code to “train” it when it fails. Constantly.

Update (2017-12-01): Joe Rossignol:

Apple’s current focus with Face ID is on single-user authentication, suggesting support for multiple faces won’t be added in the near future, according to an alleged email from the company’s software engineering chief Craig Federighi.

Update (2017-12-05): Ryan Jones:

Face ID is magic – clearly the future. But it still works less often than Touch ID, so far for me.

Touch ID ~98%

Face ID ~92%

Update (2017-12-13): Troy Hunt:

I’ve been gradually coming to this conclusion of my own free will, but Phil Schiller’s comments last week finally cemented it for me: Face ID stinks.

iPhone X Display

Rene Ritchie:

iPhone X is the first iPhone with an OLED display. OLED — organic light emitting diode — has several advantages over the LCD technology Apple used in every previous iPhone. For example, the pixels emit their own light so there’s no need for a separate backlight the way there is on LCD. That allows for thinner displays and, because only the pixels that need to be lit are lit, deep, inky blacks.

[…]

To make the diamond arrangement look as good as possible, Apple is applying its own subpixel anti-aliasing. It’s effective enough that, after leaving the iPhone X hands-on area after Apple’s September event, almost no one seems to have noticed the difference in pixel layout. Even now, staring at it, it looks great. Maybe under a macro you could see the difference but to my naked eye, Apple nailed the pixels.

Apple is also individually calibrating every iPhone X before it leaves the factory. That’s not something most vendors do.

Aurélien C.:

It’s an awesome display. After reading your review I took this picture of the diamond PenTile pixel arrangement.

Marc Edwards:

A closer look at the iPhone X display’s OLED diamond subpixel pattern.

Matthew Panzarino:

I hate to say it, but it makes the iPhone 8 Plus LCD look kind of like butt. I love it, even though it is flawed in one noticeable way.

The one area where this display falls prey to standard OLED gripes is in off-axis viewing. Apple tells me that it has done work to counter the drop in saturation and shift to blue that affects OLED screens traditionally. I can tell you that, compared to other OLED screens, you have to get further “off of center” to see a real shift in color, holding the phone 30 degrees or more off of dead on. But it is still there. For people who share their phone’s screen or use it at odd angles a lot, it will be noticeable. On some phones, OLEDs go super blue. On the iPhone X it’s more of a slight blue shift with a reduction in saturation and dynamic range. It’s not terrible, but it definitely exists.

Apple (via Steve Troughton-Smith, Hacker News):

If you look at an OLED display off-angle, you might notice slight shifts in color and hue. This is a characteristic of OLED and is normal behavior. With extended long-term use, OLED displays can also show slight visual changes. This is also expected behavior and can include “image persistence” or “burn-in,” where the display shows a faint remnant of an image even after a new image appears on the screen. This can occur in more extreme cases such as when the same high contrast image is continuously displayed for prolonged periods of time. We’ve engineered the Super Retina display to be the best in the industry in reducing the effects of OLED “burn-in.”

Colin Cornaby:

Still getting comfortable with the iPhone X, but the Pentile artifacts are present. Especially on text.

Pentile is usually bad with hairline text and lines which helllllooooo iOS UI

Mitchel Broussard:

As it does for each iPhone launch, DisplayMate has released a display shoot-out for the iPhone X, praising Apple’s technology in areas like the higher resolution OLED screen, automatic color management, viewing angle performance, and more. According to DisplayMate, the iPhone X has the "most innovative and high performance" smartphone display it has ever tested.

John Gruber:

I’m seeing very different color temperatures with True Tone on X vs. 8 (iPhone 7 on right for reference)[…]

Dan Counsell:

The dead pixels are visible throughout the video on all close-ups of the iPhone; this means it’s probably a hardware issue and not something that can be fixed via a software update.

Ryan Jones:

This phone is absolutely unreal. It also seers my eyeballs this early in the morning. It can’t get as dim.

Manton Reece:

I’m going to miss the iPhone SE size. But the X screen is incredible. So crisp and close to the surface it looks fake.

Matt Birchler:

As someone who uses the Plus phones more for vertical real estate than horizontal, the X looks to give me exactly what I want.

Update (2017-11-09): John Gruber:

Here’s a Reddit thread [suggesting the] iPhone X display is not responsive once temperature gets to around freezing.

Dave Mark:

We asked Apple about this situation and they sent us this response:

“We are aware of instances where the iPhone X screen will become temporarily unresponsive to touch after a rapid change to a cold environment. After several seconds the screen will become fully responsive again. This will be addressed in an upcoming software update.”

Update (2017-11-13): Steve Troughton-Smith:

So what does PenTile mean in practice on iPhone X? Only green is ‘true 3X’ You need exceedingly tiny text to notice the effect, just about the limits of decent human vision.

See also: Simon Helyar.

Tuesday, November 7, 2017 [Tweets] [Favorites]

iPhone X Buttons and Gestures

Joanna Stern:

The Internet may not need another iPhone X review but it absolutely does need the @JoannaStern iPhone X user manual[…]

Jordan Merrick:

Apple has changed the button combinations for both Emergency SOS and a force restart on the iPhone 8 and iPhone X. This gave me quite a fright when I needed to restart my iPhone X, only to trigger Emergency SOS by mistake.

Chan Karunamuni:

The project i’ve been working on the past 1.5 years is finally here. Try out the all new fluid gestural interface on the iPhone X.

Dan Masters:

I can attest to this too – no lag at all.

In fact, I would say iPhone X has the best iOS multitasking UX to date.

Update (2017-11-07): Adrian Weckler:

When downloading an app on iPhone X, instead of home button Touch ID it’s a double click of power button and then Face ID does the rest.

Joe Rossignol:

Once enabled, Reachability can be invoked by swiping down on the bar that serves as a visual indicator for returning to the Home screen.

Update (2017-11-08): Craig Grannell:

The Home indicator, though, feels like a really weird decision. By all means, have it there to begin with. And for those users who need the reminder, let them keep it. But for everyone else, there needs to be a setting to banish the thing for good. Having it sit there permanently is a distraction that feels decidedly un-Apple.

Update (2017-11-20): Stephen Hackett:

I understand conceptually why Control Center is where it is. Pulling down on the cell signal, Wi-Fi and battery indicators open the controls for those things. I actually like that linking of those two bits of UI.

The problem is that Control Center is too far away. I use my iPhone in my right hand, and even as someone who carried a Plus-sized phone for three years, I struggle to activate Control Center. Because Spotlight can be triggered with the same gesture — a downward swipe — from about anywhere on the screen, I often am greeted with a search field when all I wanted was to turn down my screen brightness or enter Airplane mode.

For people who use their iPhones with their left thumbs, it’s all but unreachable.

Update (2017-11-21): See also: Gabe Weatherhead.

Update (2017-12-05): Joe Cieplinski:

The first stage of admitting you made a poor UI choice: “We just need to hang a sign on it, so people will SEE it.”

Update (2017-12-15): Raluca Budiu:

The table below provides an inventory of the meanings of swipe on iPhone X compared with the previous iPhones.

[…]

Is swipe ambiguity likely to be a deal breaker on the iPhone X? Although it will cause annoyance, the new types of swipe ambiguity are unlikely to be as problematic as the already existent Safari ambiguity mentioned above.

[…]

Apple is in a unique position to push this kind of gesture-based innovation and could even go beyond that to create a standard vocabulary of gestures that can be used by other apps or phone manufacturers, because the Apple brand is so strong that people will put up with the hurdles of learning a new system and unlearning what they know for the sake of using its products.

iOS 11 Autocorrect Bug

Brett Molina:

Are you having a tough time typing a lowercase “i” on the iPhone lately? It’s not just you.

Apple (Hacker News):

If you updated your iPhone, iPad, or iPod touch to iOS 11.1 and find that when you type the letter “i” it autocorrects to the letter “A” with a symbol, learn what to do.

Nick Heer:

Apple suggests creating a text replacement shortcut to swap the letter I for the letter i. Yeah, really. They also say that they’re going to fix this in an update soon.

John Gruber:

What I’ve heard is that this is a machine learning problem — that, more or less, for some reason the machine learning algorithm for autocorrect was learning something it never should have learned.

Update (2017-11-07): Jeremy Burge (via Rosyna Keller):

What’s really going on is that the letter “I” is being appended with an invisible character known as Variation Selector 16 when auto-correct kicks in to replace the lowercase “i”.

This VS-16 character is intended to be used to make the previous character have emoji appearance. When used in conjunction with the letter “I” it displays in some apps as “A ⍰”.

The correct behaviour should be to ignore the invisible variation selector if the previous character doesn’t have an emoji version.

iPhone X Exclusive Ringtone

Benjamin Mayo (MacRumors):

One small nicety included with the iPhone X is a new ringtone called ‘Reflection’. Until now, every iPhone has defaulted to the ‘Opening’ ringtone since iOS 7.

‘Reflection’ is not only exclusive, but the default for fresh iPhone X setups.

I don’t recall Apple doing something like this before.

Jacob Kleinman (via Shawn King):

If you’re looking to status signal without dropping $1,000 (or just really like the way “Reflection” sounds), there’s a way to get the new ringtone on your current iPhone right now for free.

[…]

The first thing you’ll need to do is download the Reflection audio file onto a Mac or PC. You can grab the ringtone from MediaFire right here.

Next, connect your iPhone to that computer via USB and launch iTunes. Then open the folder with your downloaded copy of Reflection and drag the file into iTunes. Drop it in the left side of the window under Tones, which should show up below your iPhone’s name.

I’m not sure what the legality of this is. Presumably, every iOS 11 user already has a copy of the ringtone file, direct from Apple, but iOS just isn’t letting them select it.

Wednesday, November 1, 2017 [Tweets] [Favorites]

iPhone X Media Strategy and Early Reviews

Tripp Mickle (via Hacker News):

Apple Inc. departed from its traditional preview strategy for what it bills as its most important new iPhone in years, prioritizing early access to the iPhone X for YouTube personalities and celebrities over most technology columnists who traditionally review its new products.

Dan Frommer:

It invited a handful of YouTubers you probably haven’t heard of to its fancy penthouse in New York, gave them some early hands-on time with the iPhone X, and let them publish their videos a day or more in advance of the official reviews. (It also let Wired/Backchannel’s Steven Levy write a “first first impression of the iPhone X” post because Steven Levy. It also gave one to Axios co-founder Mike Allen, who had his nephew play with it. And Mindy Kaling for Glamour. And The Ellen Show.)

John Gruber:

I totally get including a bunch of YouTubers, and seeding review units to celebrities. YouTube is how young people get their news and reviews, and Apple definitely wants to reach young people. But I don’t get restricting real reviews to just three publications in the U.S. Leave me out of it, personally, just for the sake of argument here.

Benjamin Mayo:

I think the Monday YouTube iPhone X videos were a shambles. Not because they were YouTubers, but because Apple didn’t give them sufficient access to create interesting and engaging videos.

Every Apple-sanctioned hands-on posted on Monday was the exact same, incredibly generic, rough overview of Animoji, Face ID and the bigger screen. Each video was shot in the same New York City location and felt incredibly scripted by the invisible hand of Apple PR, with restrictive guidelines on what they could talk about and limited time to handle (and shoot) the product.

Matt Alexander:

The upset, although I’ve not seen it written explicitly, seems to be that the traditional crowd feel better equipped to provide a critical analysis of Apple’s new flagship, product-line altering product.

And, although that’s true, it’s worth bearing in mind that Apple’s goal isn’t for you to produce a multi-thousand word treatise about the Face ID mechanism for your audience of people who are statistically most likely to have already pre-ordered the product.

[…]

Simply put, they’d create a crashing wave, of sorts, of press around the product, which would enable them to control and manipulate consumer perception of the news, regardless of how more technical reviewers may feel.

Lesson learned from the Apple Watch Series 3 launch, the tech press created a huge amount of uproar about the device being unable to maintain an LTE connection.

Apple (9to5Mac, MacRumors):

After testing iPhone X, reviewers from around the world are giving their impressions of its beautiful 5.8-inch Super Retina display, TrueDepth camera, Face ID and Animoji. Read what they’re saying about the future of the smartphone.

Zac Cichy:

I guess “let the product speak for itself” is dead. 🤷🏻

More early review roundups: John Gruber, 9to5Mac, MacRumors, MacStories.

Update (2017-11-07): John Gruber:

In short, Apple wants control over the narrative for its products, and in-depth reviews are mostly out of their control.

They can’t have it both ways though. Apple yesterday posted “iPhone X: What Reviewers Are Saying” to their Newsroom blog, but most of the quotes were from “reviews” which were written by people who’d only spent a few hours with the phone.

Christina Bonnington (via John Gruber):

What all this means: Apple needs to focus its marketing efforts on millennials, teens, and wallet-controlling female buyers if it wants to expand its reach in the U.S., where Android controls 65 percent of the market.

It would make sense then that a few years back when I left WIRED, with its older, male-dominated audience, to head up tech coverage at Refinery29, which targets millennial women, I not only received an Apple review unit that year—I got one of the coveted early review units. (Other women-focused publications, such as Vogue and Teen Vogue, have also been getting early iPhone review units.) This year’s iPhone X reviews continue that push. Mindy Kaling is a millennial female icon who’s smart, savvy, and digitally connected. Giving her an iPhone to review, from a marketing standpoint, is positively genius. And The Ellen DeGeneres Show, one of the highest-rated daytime talk shows, has a strong audience of female viewers aged 25 to 54. Giving the phone early facetime ahead of its Friday launch was also a shrewd move.

Update (2017-11-13): See also: The Talk Show.

Google Docs Glitch Blocks Files for TOS Violations

Louise Matsakis (via Hacker News):

Google Docs, the collaborative, cloud-based word processing software, appears to be randomly flagging files for supposedly “violating” Google’s Terms of Service. A member of Motherboard’s team, as well as numerous users on Twitter, report that their documents are being locked for no apparent reason. Once a document is flagged, the owner of that document can no longer share it with other users. Users who have already been shared on a document that’s been flagged are kicked out and can no longer access it.

[…]

No matter what's causing the Google Docs bug, the issue is a pertinent reminder that you don't really have control over the content you put on the internet. The documents you create and save on Google Drive are ultimately controlled by Google—even if they can feel like they belong to us.

Maya Salamo:

“This shows that Google is using advanced machine learning and other A.I. technologies to examine vast amounts of information in near real time,” Dana Gardner, a leading cloud expert and a principal analyst at Interarbor Solutions, said on Tuesday.

[…]

A Google spokesman said in a statement that a “code push” caused a small percentage of Google Docs to be incorrectly flagged as abusive, which caused them to be automatically blocked.

“A fix is in place and all users should have full access to their docs,” the statement said. “Protecting users from viruses, malware and other abusive content is central to user safety. We apologize for the disruption and will put processes in place to prevent this from happening again.”

Mr. Gardner said the complexity of the technology and its widespread use carried considerable risks. “A small tweak to the rules on what to flag or not can produce false positives like we saw today,” he said.

iOS Feature Wish: Contact Provider Extensions

Dave DeLong:

I really wish iOS offered a way for these apps (Facebook, Next Door, Twitter, LinkedIn, etc) to “donate” their contact information to the system database in a non-permanent way. (By “non-permanent” I mean “don’t just dump it in to my iCloud contacts and call it good”; deleting the app would cause that info to disappear, and the app could update it on-demand) There would need to be some pretty intelligent merging that happens, but generally it’s pretty safe to assume that an individual with a certain phone number and email address is probably the same individual as another with the same phone number and email address. You’d also have to consider how to handle apps that provide unboundedly-large data sets (like the corporate directory for a 50,000+ employee company). But, these are solvable problems.

Photos Machine Learning and Trusting Apple

Nick Heer:

This realization went viral; Christine Teigen posted about it, too. And, arguably, rightfully so — if you found out that your phone was, somehow, making it easier for you to search semi-nude photos, you might find that creepy, and you’d probably want to warn a lot of people about that.

[…]

There’s something else, too, that’s bothering me about this: I wonder if most people — and, let’s face it, “people” is too broad a term; “women” is much more accurate — want to search for photos of bras in their image library. That is, even if this capability and the privacy protections in place had been effectively communicated, is this something that users want catalogued?

I don’t know how many women are on Apple’s machine learning teams specifically, but just 23% of their technical employees are women. Judging by Twitter users’ incredulity, it seems like something women may not actually want, and I wonder if a higher percentage of women in technical roles might have caused object recognition to be filtered more carefully.

One issue is that most people probably don’t understand that Apple is not looking at their photos (though clearly it could). Apple does try to communicate things like this, and I’m sure it would like to do so better, but it’s not clear how.

The other issue is that I’m sure there are many groups of people who don’t want certain things cataloged, and for many of those cases there are other groups who would benefit from that type of searching. Is it possible to make everyone happy? I can’t imagine Apple adding detailed preferences for something like this. My guess is that it tries to pick an intersection of restrictions that’s suitable for the mass-market, and if you have more specialized needs you’ll have to find another photos ecosystem.