Archive for December 18, 2017

Monday, December 18, 2017 [Tweets] [Favorites]

Developer Documentation for MailMate Bundles

Benny Kjær Nielsen:

Bundles have existed for MailMate for a long time, but the creation of bundles has been largely undocumented. This changed recently when I created a documentation page for bundles. This should make it easier to create personal bundles, but you are also very welcome to create bundles to be shared with other MailMate users. Companies with multiple MailMate users might also want to create their own company-wide bundles which could, for example, integrate with local issue tracking systems or provide easy creation of standard replies. If there’s something you would like to do which is not possible using bundles then let me know. I’d like to make it even more flexible than it already is.

Moving Acorn to Metal

Gus Mueller:

IOSurface is neat. A shared bitmap that can cross between programs, and it’s got a relatively easy API including two super critical functions named IOSurfaceLock and IOSurfaceUnlock. I mean, if you’re sharing the data across process boundaries then you’ll need to lock things so that the two apps don’t step on each other’s toes. But of course if you’re not sharing it across processes, then you can ignore those locks, right? Right?


What I couldn’t do though, was make a CIImage directly from that IOSurface. Every time I tried, I’d end up with an image that was either 100% blue, or 100% red. I had convinced myself that these were some sort of mysterious debugging messages, but I just hadn’t come across the correct documentation letting me know what it was.


Yes, you can use a CGBitmapContext with an IOSurface without locking it. But then some other frameworks are eventually going to grab that same IOSurface for drawing and they are going to lock it and then some crazy black magic is going to swoop in and completely ruin your image. Even if you aren’t using it across processes. So you better make sure to lock it, even if you’re not actively drawing to it, or else things are going to go south.

Update (2017-12-28): Gus Mueller:

And then there’s the issue of actually trying Metalcorn (get it, Metal + Acorn?) on another machine. Up to now it’s been on a couple of iMacs. But I threw in on a 2012 MBP the other day and wow, it was janky and not at all what I was expecting. Rendering problems related to alpha channels, jittery behavior, and general funkyness.

When rendering through GL + CGBitmapContexts I always got predictable behavior that scaled linearly with the CPU power of your machine. Not so with Metal.

Firefox Pushes Looking Glass Add-on

Chris Siebenmann:

This [Allow Firefox to install and run studies] preference sounds relatively harmless, and probably it used to be. Then very recently Mozilla pushed out a nominal SHIELD experiment in the form of a new extension called ‘Looking Glass 1.0.3’, with the helpful extension description text of ‘MY REALITY IS JUST DIFFERENT THAN YOURS’. Unsurprisingly, a lot of people who noticed this extension appearing were quite alarmed, because it certainly does look like malware from surface appearances, and to add to the fun there was no particular sign in Firefox of what it did. People on Reddit who noticed it resorted to reverse engineering the extension’s code in an attempt to figure things out, eg.

What this extension actually is is some kind of promotion from the Mr Robot TV show:

[…] Firefox and Mr Robot have collaborated on a shared experience to further your immersion into the Mr Robot universe, also known as an Alternate Reality Game (ARG). […]

From the outside, this collaboration certainly seems like it was actually ‘Mr Robot gave Mozilla a bunch of money and Mozilla abused its browser experiments system to inflict a Mr Robot promotional extension on people’. To make it worse, this is not just any old extension; this is an extension that apparently silently alters text on web pages (some text, only for a while).

Use SF Mono Outside of Terminal and Xcode

Collin Donnell:

Run this command from the Terminal and you’re all set:

cp -R /Applications/Utilities/ /Library/Fonts/

Ai.Type Keyboard Leaks Data for 31 Million Users

Bob Diachenko (via Bryan Chaffin):

Ai.Type accidentally exposed their entire 577GB Mongo-hosted database to anyone with an internet connection. This also exposed just how much data they access and how they obtain a treasure trove of data that average users do not expect to be extracted or datamined from their phone or tablet. MongoDB is a common platform used by many well known companies and organizations to store data, but a simple misconfiguration could allow the database to be easily exposed online. One flaw is that the default settings of a MongoDB database would allow anyone with an internet connection to browse the databases, download them, or even worst case scenario to even delete the data stored on them.


Phone number, full name of the owner, device name and model, mobile network name, SMS number, screen resolution, user languages enabled, Android version, IMSI number (international mobile subscriber identity used for interconnection), IMEI number (a unique number given to every single mobile phone), emails associated with the phone, country of residence, links and the information associated with the social media profiles (birthdate, title, emails etc.) and photo (links to Google+, Facebook etc.), IP (if available), location details (long/lat).


6,435,813 records that contained data collected from users’ contact books, including names (as entered originally) and phone numbers, in total more than 373 million records scraped from registered users’ phones, which include all their contacts saved/synced on linked Google account.

Previously: SwiftKey Keyboard Leaked User Information to Strangers, iOS 8 Keyboards.