Archive for January 2018

Wednesday, January 31, 2018

Scratched iPhone 8 and iPhone X Screens

Stephen Hackett:

Unfortunately, the stainless steel band isn’t the only thing that has picked up scratches on my iPhone X. This phone has picked up scratches across the front and back glass in a way no previous iPhone I have owned has. None of them are particularly long, but they are deep enough that I can catch them with the corner of a finger nail if I try.

I’m not sure what’s going on here, but I’ve heard lots of reports like this over the last month or so.

Marco Arment:

I, too, have a scratched-up phone with bizarre-looking fake portrait-photo modes I never use, but that otherwise I absolutely love and I can’t fully believe is real.

Nick Heer:

I’ve been skeptical of claims that the iPhone X has glass that’s more prone to scratching, but there are noticeable marks building up where my thumb scrolls. Dunno if my nail or pocket lint or something is causing that.

Wojtek Pietrusiewicz:

I have now heard numerous reports about people having scratches on the band, front, and back glass. The strange thing is that I use my iPhone X caseless (white model) and it still looks pristine.

Update (2018-01-31): Christopher Pickslay:

My 3-month-old iPhone X has more scratches on the screen than any previous phone I carried for 2 years

Tony Arnold:

Yep, my $1800AUD phone has scratches all over the screen from being on my wooden desk, and in my pocket.

The quality of the glass on my iPhone X is really disappointing.

dan nolan:

mine is scratched to absolute shit from using it the same way I used my scratchless iPhone 7+ so...

Pat Murray:

Yep. 3 months in and my X has way more scratches than the 10year old original iPhone I have on my desk… the kicker of course, my X is in a case 24/7

Andrew Madsen:

My iPhone X screen has scratches I can feel with my nails too, and had them within the first month. Have never had that with any other iPhone, and I treat this one just as well. No idea where they came from.

Update (2018-02-01): Craig Grannell:

My 8 Plus has a scratch. No idea how it happened. Never had one on an iPhone (3G; 3GS; 4s; 5s; 6s) before. No change in usage.

Update (2018-02-05): Adam Clark Estes:

Apple says that the iPhone X features “the most durable glass ever in a smartphone, front and back.” So did I get a different kind of glass by mistake? Did Apple sacrifice some quality control as it was rushing out the first iPhone X orders? Is it just my fault? Sure, I could’ve avoided some of this grief by using a case. But I’ve never used a case, and I’ve never had a screen develop scratches so quickly or so comprehensively in a decade of using iPhones and Android phones.

The stainless steel edge has a couple of nicks but is otherwise good as new since I’ve never dropped the phone. The first scratch appeared on my iPhone X screen just a few days after I bought it. It was small, shallow, but clearly visible in the center of the screen. In the weeks that followed, more and more micro-abrasions appeared as if through sorcery. Then came a fan of deep scratches on the bottom left on the screen, deep enough that I could feel them with my finger and see them when the display was on. The latest scratch is even deeper and mars that cute little slice of screen next to the notch. It’s not like the phone is hard to use or anything. I just feel annoyed and confused that the thing is so fragile.

I’m not the only one. There are countless threads on Reddit and other forums featuring disgruntled iPhone X owners who are similarly perplexed about how easily their screens scratch.

Update (2018-02-17): Accidental Tech Podcast says that Apple semi-officially announced that it was using different glass that is less likely to crack but more likely to scratch. As someone who has never cracked an iPhone screen, I would prefer they not make that trade-off.

Update (2018-02-20): See also: Nick Heer.

Update (2018-03-15): Bob Burrough:

I see that my $800 iPhone's glass is made out of clay.

A $100 plastic phone is probably more durable than this.

OH BY THE WAY. I actually worked on *plastic* faced iPhones back in 2007. Funny thing, that. Steve Jobs made the decision to replace those with *GLASS* because he found that his keys scratched the plastic. In his absence, Apple has found a way to unsolve that problem.

iOS Top Buttons Under Notifications

Karim (via Hacker News):

A split second before my finger touches the glass, a popup appears in the wild!

I accidentally tap the notification and I’m taken into an entirely different app, away from where I intended to be.


By the time I’ve navigated back to the Notes app and performed the originally intended action, I’ve experienced pure agony for about 2 seconds.

CNN Blames Apple for Repeat Notifications

Juli Clover:

Earlier this afternoon, a bug with the Apple News app caused notifications for a single CNN news story to be sent out to iPhone and iPad users over and over again.

The issue, which lasted for approximately 15 minutes, appears to have impacted all Apple News subscribers who had alerts turned on for CNN based on a slew of complaints that popped up on reddit, Twitter, and the MacRumors forums.

Here’s what it looked like. It apparently affected other news providers such as Fox as well. Push notifications have normally been described as one of the more reliable parts of iCloud. Perhaps the problem was instead with Apple News.

What I Wish the iPad Would Gain From the Mac

Ryan Christoffel:

Sierra's tab expansion is relevant here because the iPad should realistically be able to follow suit. The chance of windowing on iOS may be practically nonexistent, but there's nothing about current iOS paradigms that would prevent tabs from becoming a systemwide feature. If we assume that iOS will eventually allow viewing two instances of the same app at once, then using tabs to power that system would make the most sense due to the groundwork that's already been laid in Safari on iOS.


Whether you would continue calling it an iPad or not, an iOS-powered laptop would be a fascinating product. The laptop form factor is tried and true, providing a more rugged, durable feel than the current iPad Pro and Smart Keyboard combo. The device's keyboard could be backlit and provide larger keys[…] Would the device have a trackpad?


Outside of cloud storage management, background privileges for apps could enable a host of helpful utilities and automation. Clipboard management, for example, should be just as easy on the iPad Pro as it is on a Mac, where an app like Copied can instantly, invisibly log everything you copy across the system. Wouldn't it be great if an app like Workflow could become more Hazel-like, triggering workflows automatically in the background based on pre-set rules?


Despite their lack of proper multi-user support, iPads are often shared devices in a household. If that isn't reason enough, how about this: multi-user support already exists on the iPad, but it's exclusive to education customers. Just bring it to everyone, Apple.

Swift Tip: OpaquePointer vs. UnsafePointer

When a struct person is completely defined in the header file, any pointers to it will be imported by Swift as UnsafePointer<person>. This means we can also dereference the pointers, and look at the contents by calling .pointee on the pointer.


Because account is only in the [implementation] file, it’s called an opaque (or sometimes: incomplete) type: from the outside, we don’t know anything about it.

Swift Imports Fixed-size C Arrays As Tuples

Ole Begemann:

The Swift equivalent of the C type float[4] would be (Float, Float, Float, Float). This has the benefit of incurring no bridging overhead because the Swift compiler can lay out tuples in a C-compatible way.


Swift’s Clang importer sees the char[256] declarations and turns them into 256-tuples(!).


I did a quick test: my version of _FixedArray256 (approximately 1,600 lines of generated Swift code) takes about 8 seconds to compile and adds nearly 750 KB to the compiled binary (with optimizations enabled). The convenience doesn’t come for free.


Instead, let’s just take the idea of obtaining a pointer to the tuple’s storage and using that to initialize a string.

Tuesday, January 30, 2018

Apple Delays Features to Focus on Reliability, Performance

Ina Fried (Hacker News, MacRumors, 9to5Mac):

Apple has shaken up its iOS software plans for 2018, delaying some features to next year in an effort to put more focus on addressing performance and quality issues, Axios has learned.

Mark Gurman (MacRumors):

While core features like the combined apps platform are still on schedule to be introduced this year, some flashier changes like the redesigned home screen will likely be held back until the 2019 software update, a person familiar with the matter said. The company will also probably delay a revamped photo management application that used new algorithms to better automatically sort pictures, though some smaller upgrades to the Photos app will still appear this year.


The company told its software engineering groups about the change this month, one of the people said. The shift will also affect this year’s update to Mac computer software, but to a lesser degree, the person said, adding that planned upgrades to Apple Watch and Apple TV software won’t be affected.

I imagine that it’s normal for some features to get cut, so it’s not clear how much of a change this is. And we were told last year that High Sierra was to be a refinement release, but it didn’t end up the way we expected. We already know that macOS 10.14 will contain major changes for 32-bit apps and possibly Marzipan-related framework changes.

There are benefits to a predictable schedule, but the problem is that even cutting features doesn’t guarantee quality. If finding or fixing bugs takes longer than expected, you either have to ship the bugs or slip the schedule. In the old days, Apple was more flexible with the schedule, and there was almost always more than a year between major releases. It’s debatable whether the old 10.x.0 releases were more solid than recent ones. I think they were, though they always seemed to be a bit buggy.

I think the real difference is that, with more time between major releases, there was less churn, and there was time for things to settle down before the next major release upended everything again. The last few versions of each cycle got to be really good, and you could stick with them until the next version settled down. Some people stayed with 10.6.8 for multiple whole cycles. (There was also less pressure to update then.) Last fall, if Sierra was buggy for you, the choice was between sticking with a release you weren’t happy with or rolling the dice on High Sierra, which included significant fixes but also introduced new problems of its own.

All of this is to say that this sounds good on the surface, but I would have preferred to hear about schedule changes rather than feature cuts. I would be more excited about a 10.13.11 than a less ambitious 10.14.0. And lengthening the schedule would be more of a long-term fix. In any case, the proof will be in the pudding.

Update (2018-01-30): Marco Arment:

You can’t produce high-quality software with a large number of short-staffed platforms following an aggressive annual release schedule.


Rejiggering what fundamental components ship means that much of the work prior to the rejigger was a waste of time. Which also leads to lower software quality.

No easy choices, no easy fix.

Update (2018-01-31): Michael Steeber:

Over the past two years, the legend of Snow Leopard has steadily grown, its mythology spreading with every new discussion about Apple software.

Update (2018-02-01): Benjamin Mayo:

Long term, I don’t know how Apple prevents this same cycle of happiness, discontent, and anger, from happening again without deeper structural changes in organisation and management. Like, how is software quality affected when iOS 13 reverts back to a release where employees are stretched to deliver new features?

Fixing PDFs Whose Pages Render as Black Rectangles

Adam C. Engst:

When he sent me the PDF, it opened and displayed fine in Preview on my Mac, running the same versions of macOS and Preview.


The solution may have been simple, but it was far from obvious. User oakcan reported suffering from the same problem and resolved it by calibrating his display. Chris Lee said that recalibrating the display worked for him too.

The PDF issue I’ve been seeing lately is pages that render as white rectangles, but only intermittently (e.g. after switching back from another app).

Previously: PDFKit Improves Somewhat in High Sierra.

Update (2018-01-30): Dan Masters:

This happens all the time in iBooks – maybe Apple should allow us to recalibrate iOS displays too 😄

Update (2019-01-31): Alas, I’m still seeing the problem with white pages on macOS 10.14.3.

Update (2019-02-01): Friedrich Markgraf:

Had a DHL shipping label PDF. Looked good in Preview, strange artifacts in Chrome, and totally unusable printed from Preview. Had to print a screenshot.

Fitness Tracking App Gives Away Locations of US Army Bases

Alex Hern (via Bruce Schneier):

Sensitive information about the location and staffing of military bases and spy outposts around the world has been revealed by a fitness tracking company.

The details were released by Strava in a data visualisation map that shows all the activity tracked by users of its app, which allows people to record their exercise and share it with others.

The map, released in November 2017, shows every single activity ever uploaded to Strava – more than 3 trillion individual GPS data points, according to the company. The app can be used on various devices including smartphones and fitness trackers like Fitbit to see popular running routes in major cities, or spot individuals in more remote areas who have unusual exercise patterns.

Liz Sly et al.:

The concerns raised by the online map went beyond sensitive military sites, with evidence that Strava could help reveal the movements of international aid workers, intelligence operatives and millions of other people in many countries.

In the latest discoveries Monday, Internet sleuths found ways of using the publicly available Strava data to identify individual users of the tracking service by name, along with the jogging routes they use in war zones such as Iraq and Afghanistan.


Privacy experts have long warned that tech companies often make personal information — including contact lists, social media posts and location data — available by default. That means users who do not routinely read privacy notices and tweak settings can be surprised by how much information is collected by private companies, as well as how that data ultimately is used.

iMessage on Android

Russell Ivanovic:

Honest question: do you think Apple will bring iMessage to Android? I feel like the list of reasons they should outweighs the shouldn’t in 2018.

Apple Pay Cash is the business model. As is the Halo Effect of doing it well. And yes, I think a CloudKit backed iMessage could be both reliable and good.

Also think about the value in being the message service people use.

I, too, wonder the calculus for keeping iMessage Apple-exclusive will change. In this case, Apple Pay everywhere could be a great business, but I doubt that Apple would want to deal with supporting it on third-party hardware with differing mechanisms for secure storage, which are not controlled by them.

Update (2018-02-05): See also: Rene Ritchie.

Monday, January 29, 2018

OmniFocus 2018 Roadmap

Ken Case:

The ability to apply tags without replacing existing tags opens up all sorts of possibilities. You can have a set of tags representing locations (#home, #work, #grocery-store), and an orthogonal set of tags representing things you might want to tackle based on difficulty or energy level (#tough, #easy, #routine). You can track priority (#urgent, #important) or people (#tim, #molly), or even use tags to track a list of things to do #today. Tags are incredibly flexible, letting you organize things in whatever ways make the most sense to you.

Fortunately, it sounds like they are not replacing contexts.

OmniFocus 3 solves this issue by letting each tag track its own independent ordering of tasks. If I’m planning a run to the grocery store, I can look at my #grocerystore tag and drag those items into whatever order I prefer, without changing the order of those tasks in the project list or in other tags. And if I’ve tagged a bunch of tasks to do #today, I can reorder those tasks in whatever way makes the most sense to me.


For OmniFocus 3, we’re adding support for linking tasks between unrelated databases. The idea is that I can send you a task (with its notes and attachments and due date) and propose that our tasks be linked, and you can choose whether to accept the link or not. While our tasks are linked, we can each see updates to the status of that specific task. But in each of our databases, that task can live wherever we want: so I can turn my task into its own project with a number of subtasks, while you might have that task as one step in a sequential project.


OmniFocus for the Web will not be offered as a standalone service: it will only be able to sync with existing databases set up by the OmniFocus app. Since this is another version of the app that we’ll be maintaining as a constantly available online service, we’ll be charging a subscription fee for access.

Update (2018-01-29): Ken Case:

We won’t have anything we call “contexts” anymore, but v3’s tags will have all the same capabilities v2’s contexts had: locations, hierarchy, and status. But they’ll be getting some new (optional) capabilities as well. (With a more familiar name.)

Update (2018-02-01): See also: The Omni Show.

Finding a CPU Design Bug in the Xbox 360

Bruce Dawson (via Mike Ash, Hacker News):

But, the CPU was for a video game console and performance trumped all so a new instruction was added – xdcbt. The normal PowerPC dcbt instruction was a typical prefetch instruction. The xdcbt instruction was an extended prefetch instruction that fetched straight from memory to the L1 d-cache, skipping L2. This meant that memory coherency was no longer guaranteed, but hey, we’re video game programmers, we know what we’re doing, it will be fine.


So, the branch predictor makes a prediction and the predicted instructions are fetched, decoded, and executed – but not retired until the prediction is known to be correct. Sound familiar? The realization I had – it was new to me at the time – was what it meant to speculatively execute a prefetch. The latencies were long, so it was important to get the prefetch transaction on the bus as soon as possible, and once a prefetch had been initiated there was no way to cancel it. So a speculatively-executed xdcbt was identical to a realxdcbt! (a speculatively-executed load instruction was just a prefetch, FWIW).

And that was the problem – the branch predictor would sometimes cause xdcbt instructions to be speculatively executed and that was just as bad as really executing them.


I knew that would be the result and yet it was still amazing. All these years later, and even after reading about Meltdown, it’s still nerdy cool to see solid proof that instructions that were not executed were causing crashes.

Previously: Intel CPU Design Flaw Necessitates Kernel Page Table Isolation.

Four Column ASCII

Robbie V (via @angealbertini):

I found this gem on Hacker News the other day. User soneil posted to a four column version of the ASCII table that blew my mind. I just wanted to repost this here so it is easier to discover.

Here’s an excerpt from the comment:

I always thought it was a shame the ascii table is rarely shown in columns (or rows) of 32, as it makes a lot of this quite obvious. eg, It becomes immediately obvious why, eg, ^[ becomes escape. Or that the alphabet is just 40h + the ordinal position of the letter (or 60h for lower-case). Or that we shift between upper & lower-case with a single bit.


In the terminal you can type these control characters by holding the CTRL (control characters, get it?) key in combination with another key. For example, as many experienced vim users know pressing CTRL+[ in the terminal (which is ^[ in caret notation) is the same as pressing the ESC key. But why is the escape key triggered by the [ character? Why not another character? This is the insight soneil shares with us.

Mac and iOS Privacy Guide

Andrea Callea (via Hacker News):

In this Apple-user-oriented and safari-and-mail-centric guide to improve privacy, security, and speed for the Average Joe online experience, I suggest some extensions, applications, and components for both macOS an iOS.


To both make a point of how simple it can be to mitigate risks, and to encourage you to continue reading this post, I’ll start with the one regarding Mail and requiring the least effort: email tracking. It is a sneaky and deceitful practice that went from sacrilegious to an unnoticed, widespread, and abused practice, easily accessible to everyone. It’s also very hard to effectively defeat. The only effective method to mitigate it today, according to the conclusion of Englehart in this article, is to disable remote content from automatically loading in your emails. The only downside is that you get uglier emails but they would be safer. It’s a good compromise and you still retain the choice to view the email in your web browser, should you want to. So, go to Mail preferences and disable remote content, on both macOS and iOS.

Update (2018-01-30): See also: Bruce Schneier.

Mosaic’s Birthday: 25 Years of the Modern Web

Steven J. Vaughan-Nichols (via @Illinois_Alma):

In the beginning, the web, or WEB as it was known then, was a mystery. Like gopher and archie, it was a character-based internet tool interface that only the proud, the few, and the early internet users knew about. Then, everything changed. First, the Commercial Internet Exchange (CIX) made it easy for anyone to get on the net, and then two graduate students, Marc Andreessen and Eric Bina, at the National Center for Supercomputing Applications (NCSA) at the University of Illinois Urbana-Champaign, created the first popular web browser: Mosaic.

Lookmark Now Tracks App Updates

John Vorhees:

Lookmark is a bookmarking and monitoring service for iTunes content. It’s an excellent way to save apps, movies, books, and other media for later. Users who purchase a subscription can also use Lookmark to track price changes for apps, which is useful for bargain hunters. Today, Lookmark released an update that pushes the app further into the realm of app monitoring that started with price tracking. Now, users can also track when iOS and macOS apps are updated on the App Store and Mac App Store.


From inside the Lookmark app, you can access Apple’s store pages for your saved media, which can be filtered by type and other criteria like whether there has been a price update. Saved media can be shared or deleted, and if you are a subscriber, you can turn on price and update monitoring for apps. This last feature is new. By turning on update watching, subscribers will be alerted to new updates to apps with rich notifications that include the release notes. In Lookmark, there is also a new dedicated Updates section where you can view all the updates you track chronologically.

Friday, January 26, 2018

iCloud Photo Library Re-uploading

Adam C. Engst:

Messages wasn’t getting or sending messages, Wi-Fi calling wasn’t working, and after upgrading to 10.13.3, I was unable to enable auto-unlock with my Apple Watch. To solve these problems, I turned iCloud off and back on. Despite the iCloud preference pane throwing an ominous error, the problems did indeed disappear.

However, there’s a nasty side effect of turning iCloud off and back on: iCloud Photo Library needs to re-upload all your photos. It does this in order to compare the library’s contents to the synchronization “truth” at iCloud. Fair enough, except that this process can take days, depending on the size of your Photos library and the speed of your Internet connection. Bad Apple! We don’t see that sort of poor performance with Dropbox or Google Drive, and this behavior is both unnecessary and driving people away from iCloud Photo Library.

It turns out that there are quite a few actions that can cause your entire Photos library to be re-uploaded to iCloud[…]


Why should Photos say at one point that my library is 113.03 GB, and then 94.6 GB at another? And do I have 30,875 photos, 30,879 photos, or some larger number that caused the iCloud progress count at the bottom of the Photos screen to report that it had 33,726 items to go, even though adding the number of photos and videos together never results in a number higher than 31,471. Come on, Apple, this is basic math, and discrepancies like this reduce user confidence.

Kirk McElhearn:

Adam suggests that not all the data is uploaded, but I watched it cripple my internet access for a week, since I could only allow it to upload overnight.

Hello HEIF

Gus Mueller:

Yesterday Apple released to developers the first beta of MacOS 10.13.4, and I was delighted to see that support for encoding HEIF images was included (finally). So naturally, and only a few hours later (sorry for the delay), I’ve got a pre-release version of Acorn which supports it.

We thought this would be in macOS 10.13.0, but better late than never. However:

Apple’s encoders both on iOS and MacOS only support 8 bits per channel. So that means if you were wanting to convert your RAW images to HEIF but you wanted to keep your color accuracy, you’re out of luck for now.

Previously: macOS 10.13 High Sierra Released, H.265/HEVC and HEIF.

Swift’s Reflective Underpinnings

Joe Groff (via Helge Heß):

People tend to think of static typing and Reflection as being diametrically opposed. But ultimately, I think we can come up with designs that marry the best aspects of both. Providing the expressivity and power of Reflection while still preserving the static reasoning capabilities of the type system.


When we cast to a protocol type, the runtime consults this table and searches for the implementation of that protocol if there is one. So using this technique, we can ask the same questions that we asked in Objective-C. “Do you respond to this method and if so, please respond.” And we can factor this out into a generic function, allowing us to avoid hard coding a particular responder protocol and use any protocol in our system as an action for responders to respond to.


The good news is that the runtime is fairly well set up to support this kind of query. Even though the implementation isn’t yet there in the standard library. Those type meta data objects that I talked about for Structs, Enums, and Classes, have a reference to what’s called the nominal type descriptor. And this contains fairly detailed information about the original definition of the type. It includes its name, it includes the module or parent type it was nested in, and it includes a fairly detailed account of its layout as well.


Swifts type system was carefully designed to support either specialization or runtime dynamic dispatch with the same source code. And no matter what implementation you use, you get type safety from the compiler.

So I wonder whether we could do the same thing for reflecting over the shapes of types.

See also: SE-0195: Introduce User-defined “Dynamic Member Lookup” Types.

Recommendations for Buying Music

Ruffin Bailey:

Seems like folks like me are being underserved. It’s not that we don’t like to buy music. In many cases, it’s the opposite. I buy more albums & tracks each year than I’d like to count.

Why don’t any of these music cloud services provide good, ad-free recommendation services for music buyers, not renters, like me? They’re sitting on millions of people’s listening habits. Why not convince me to buy more with spot-on suggestions?


Why can’t folks who are stuck in 2007 get good recommendations from Apple Music? Why can’t I play even the stuff I’ve purchased from Apple on the Android Apple Music app? Why doesn’t Apple try to sell and sell me good music? Why does Apple Music feel like a closed system, and the iTunes Music Store feel a little Tower a month or two before they started discounting for clearance?

Previously: Eliminating iTunes Store Music Downloads.

Old-Style Apple API DIffs

Steve Troughton-Smith:

If you find Apple’s new API diffs impossible to discover & navigate like I do, check out @mattstevens’ old-style diffs for iOS 11.3

The new ones are pretty but require too much clicking and scrolling to see what’s new. For example, compare this page showing the new HEIF methods in CoreImage vs. first clicking on Core Image, then CIContext, then scrolling down to find the new methods. Also, Apple’s diffs mark seemingly every type changed to add conformance with Equatable and Hashable, but that’s really a change to Swift, not a mass change of all the APIs.

Creating a Bootable APFS Clone From the Command Line

BeLight Software:

Activate on-disk ownership on your disk volume with the help of vsdbutil tool.


Create Preboot volume in APFS container disk3 that includes BackupClone[…]


Update dyld’s shared cache on clone volume using update_dyld_shared_cache tool[…]

Personally, I would use SuperDuper or Carbon Copy Cloner to create an actual clone, but it’s instructive to see these steps using rsync and Apple tools such as vsdbutil, diskutil, and bless.

Previously: SuperDuper and APFS.

Tim Cook on Coding

Josh McConnell (via Slashdot):

Cook surprised a class of Grade 7 students in Toronto’s east end as they learned how to program robots to dance on tables using Apple’s Swift programming language, recently introduced by the company as a low-barrier-to-entry way of coding.

“Swift came out of the fundamental recognition that coding languages were too geeky. Most students would look at them and say, ‘that’s not for me,’ ” Cook said as the preteens participated in an Apple-designed “Everyone Can Code” workshop, which helps children learn how to build mobile apps, at the Apple Store in Toronto’s Eaton Centre.

“That’s not our view. Our view is that coding is a horizontal skill like your native languages or mathematics, so we wanted to design a programming language that is as easy to learn as our products are to use.”

I like Swift. But, having programmed in probably more than a dozen languages, I would not classify Swift as easy to learn. It’s at the end with the harder ones like C++. It’s complicated enough that I’m not sure there’s anyone, even among those creating it, who fully understands all the nooks and crannies. It’s definitely a geeky language.

Now, maybe Cook meant that the basics are easy to pick up. I suppose that’s true, but I would’t say that the basics are easier in Swift than in, say, Python. Playgrounds notwithstanding, Swift does not feel like a clean, easy teaching language to me; it’s more of a pragmatic tool for professionals.

Consider the simple example of removing an object from an array. In Python, it’s list.remove(object). In Objective-C it’s [array removeObject:object]. (Yes, I’m aware these behave differently.) There’s no method that does this in Swift 4. There’s currently an enhancement proposal in review, but it looks like even then you would need to pass a closure rather than an object. I’m not saying that’s necessarily the wrong design—in fact it’s very pragmatic—but it’s certainly not the one that’s easiest to learn.

See also: Kirk McElhearn, Riccardo Mori.

Update (2018-01-26): See also: Nick Lockwood and Bob Burrough.

Update (2018-06-05): Nick Lockwood:

Tim Cook once again repeated the claim that Apple built Swift as a way to make programming easy to learn for everyone.

I like Swift a lot, but it is by far the most complex and nuanced language I have ever used. It will take me a decade to fully master it.

2017 Six Colors Apple Report Card

Jason Snell:

It’s time for our annual look back on Apple’s performance during the past year, as seen through the eyes of writers, editors, developers, podcasters, and other people who spend an awful lot of time thinking about Apple.

This is the third year that I’ve presented this survey to a hand-selected group. They were prompted with 11 different Apple-related subjects, and asked to rate them on a scale from 1 to 5, as well as optionally provide text commentary on their vote.

My grades were pretty much in line with the panel’s except on Cloud Services. I’m still seeing basic reliability issues with iCloud Drive, iCloud Photo Library, iMessage, and Siri.

Previously: Six Colors’ 2016 Apple Report Card, Apple in 2018.

Update (2018-01-26): Nick Heer:

When I posted last year’s report card, I noted that 2016 was a bad year for software quality. 2017 makes 2016 look alright by comparison.

Nick Heer:

That’s what I get for praising iCloud yesterday.

Update (2018-01-27): See also: Hacker News.

Wednesday, January 24, 2018

macOS 10.13.3

Apple (Hacker News):

The macOS High Sierra 10.13.3 improves the security and stability of your Mac, and is recommended for all users.

This update:

  • Addresses an issue that could cause Messages conversations to temporarily be listed out of order

However, it seems to contain far more than a fix for out-of-order Messages conversations.


After 2 hours I gave up and held down the power button for 5 seconds to force poweroff. Next reboot, I get a boot chime, but still a black screen. Force power off. Cold boot again and zap PRAM, still black screen. This update has fucked my mac over, or it’s one hell of a coincidental hardware fail

I also had to power off my iMac after it got stuck at a black screen while applying the update.

Safari reset my homepage to Apple’s and forgot that I had Develop ‣ Allow JavaScript from Apple Events checked. I continue to have a faded out Safari icon stuck superimposed over the top-middle of my display, presumably some sort of Handoff bug.

Juli Clover:

After installing macOS High Sierra 10.13.4, which is now available in a beta testing capacity, when you open up an app that’s a 32-bit app, you’ll get a warning about its future incompatibility with the macOS operating system.

Stephen Hackett notes that most of the features of macOS Server are now deprecated.

Update (2018-01-24): Zac Hall:

macOS 10.13.4 gives everyone the ‘Ink Cloud’ wallpaper previously exclusive to iMac Pro

Update (2018-01-25): Steve Troughton-Smith:

Protip: ⌘⌥⇧W shows the macOS installer menu bar, so you can turn on the Installer Log and watch what’s going on…

Update (2018-01-26): Regarding 32-bit apps, see also: Samuel Axon (Hacker News).

Felix Schwarz:

In the past, Mac apps could OPT OUT of debugging by calling ptrace(PT_DENY_ATTACH, 0, 0, 0).

In #macOS 10.13.4+, apps need to OPT IN (via an entitlement) for debuggers to be able to attach. That will make it a lot harder to peek under the hood.

Update (2018-01-27): Adam C. Engst:

Because of Apple’s obvious lack of interest in macOS Server in recent years, few people are surprised by Apple’s announcement. However, many are distressed by it because it sends a troubling message to small businesses that have long relied on OS X Server and now macOS Server. Consultants and IT admins who recommended, installed, and maintained those macOS Server setups are concerned about having to research, install, and keep up with the wide variety of apps necessary to replace all the capabilities that macOS Server provided in a single coherent package. And of course, even if the alternatives are better technically, moving to them will require non-trivial investments of time and money.

Update (2018-02-06): Steve Troughton-Smith:

Longer-term High Sierra (10.13.3) check-in: all my major issues are resolved; the OS really needed the extra few months of dev time. Graphics corruption is still very prominent & frequent across various apps, which really isn't good enough. But the OS is liveable now. ★★★☆☆

Stefan Constantine:

It nuked my 2016 MacBook Pro.

Had to reformat my machine.

Messages on iCloud in iOS 11.3 Beta

Juli Clover:

Apple in iOS 11 promised a new Messages in iCloud feature that will allow customers to save their iMessages in iCloud and sync them across devices. Messages in iCloud was pulled from iOS 11 during the beta testing period, with Apple promising to reintroduce it at a later date.


According to Apple’s release notes, once iOS 11.3 beta 1 is installed, Messages will prompt users to turn on Messages in the Cloud when it is first launched.

Messages in the Cloud is automatically enabled for users who have two-factor authentication and iCloud Backup enabled, says Apple.

I haven’t seen an explanation of how this works. If you get a new iPhone, do you need to have another device still active so that it can encrypt all the old messages with the new phone’s key? Or does Apple now store a key in the cloud and gain access to your messages? Maybe there’s a clever solution to avoid that? I would hope so, since the feature is enabled by default.

I’m still plagued by problems with the basic iMessage service. Some messages arrive hours late or not at all. Messages sometimes says messages were delivered that weren’t.

After updating to macOS 10.13.3, I lost the ability to send messages from my Mac. It could receive them but would report a delivery failure, after a long delay, whenever I tried to send. Restarting and signing out and in again didn’t help like they usually do. I ended up having to delete a large number of entries from my keychain.

See also: Apple’s iOS 11.3 preview.

Previously: Apple Is Trying to Make iMessages More Private.

Update (2018-04-20): Steven Frank:

Bye, iMessage. It’s been a fun nearly 7 years of waiting for your out-of-sequence and non-delivery (but reported as delivered) issues to get fixed.

Steve Yegge Leaves Google

Steve Yegge (Hacker News):

The main reason I left Google is that they can no longer innovate. They’ve pretty much lost that ability. I believe there are several contributing factors, of which I’ll list four here.


But fourth, last, and probably worst of all, Google has become 100% competitor-focused rather than customer focused. They’ve made a weak attempt to pivot from this, with their new internal slogan “Focus on the user and all else will follow.” But unfortunately it’s just lip service. It’s not that they don’t care. The problem is that their incentive structure isn’t aligned for focusing on their customers, so they wind up being too busy and it always gets deprioritized. A slogan isn’t good enough. It takes real effort to set aside time regularly for every employee to interact with your customers. Instead they play the dangerous but easier game of using competitor activity as a proxy for what customers really need. This is where their incentives are focused. Google incentivizes successful feature and product launches, and by far the easiest, safest way to produce those is by copying competitors.

Previously: Stevey’s Google Platforms Rant.

Update (2018-01-24): See also: Hacker News, Reddit.

Trickster Mac App Store Woes

Jacob Gorban:

Five days after submitting Trickster, it got rejected for two supposedly macOS Human Interface Guidelines points, one of them being: “your app does not have any features with the menu icon”.

That’s funny (and sad) because Trickster is menubar-only app. It seems to me that they didn’t understand how to use Trickster; perhaps I need to provide them with a video walkthrough or something.

HomePod to Arrive February 9


HomePod delivers stunning audio quality wherever it’s placed — in any room in the house, playing any style of music. Using just your voice, it’s easy and fun to use, and works together with an Apple Music subscription for a breakthrough music experience, providing access to one of the world’s largest cloud music libraries. Siri, now actively used on over half a billion devices, has developed a deep knowledge of music and understands your preferences and tastes. And with Siri, HomePod can send a message, set a timer, play a podcast, check the news, sports, traffic and weather, and even control a wide range of HomeKit smart home accessories.


Coming this year in a free software update, users will be able to play music throughout the house with multi-room audio. If HomePod is in the kitchen, users can ask Siri to play jazz in the dining room, or play the same song in each room — perfectly in sync. If there’s more than one HomePod set up in the same room, the speakers can be set up as a stereo pair for an even more immersive sound experience.

John Gruber:

How does this handle multiple people in the same home? That seems like a big question to remain unanswered before folks start plunking down $349. This feels like if Apple had started selling the iPod back in 2001 without ever having explained how the click wheel worked or how you synced music to it from iTunes, and instead just said “Trust us, it’s great.”

Also: AirPlay 2 has been postponed until “later this year” — and AirPlay 2 is required for using two HomePods in stereo or multi-room audio. Both of those features were promised all the way back in June when HomePod was announced.

Steve Troughton-Smith:

HomePod is only mysterious if you’re still hoping it has secret features Apple hasn’t announced; reality is it’s just a straightforward, ‘boring’ product that does just what it says on the marketing page (and, 8 months later, still unable to ship with all features advertised)

(That’s not to say it’s bad, or anything. It’s just a modern take on the iPod Hi-Fi for a Siri world. It’s totally fine, not Earth-shattering)

Matt Birchler:

This is big, and weird. What if I’m an Android user and my spouse (iPhone user) is out of the House? Does the HomePod still work? Is the iOS device just needed for setup?

Ben Bajarin:

HomePod officially coming soon. Looking forward to trying it. Few thoughts from release:

1. Apple keeping the line pushing audio quality. It will sound fantastic but audio quality is not a mainstream value proposition

2. Big question on how fast it can improve via Siri services

Joe Cieplinski:

I’m not saying HomePod is a guaranteed success. Far from it. I’m just saying there’s a much bigger, more established market for great-sounding home stereo equipment than there is for “smart” home appliances. And in that world, $350 is a steal.

Steve Troughton-Smith:

If HomePod were a mesh-network AirPort replacement, I would be all over it. As it is, it’s just another outlet-taker-upper, and I’ve run out of outlets

Marco Arment:

Nothing about the HomePod release shows Apple’s confidence in it, which makes it hard for any of us to get excited about it.

Even the press photo is bland and soulless.

Steve Troughton-Smith:

(And hides the power cable one would have to snake around that shelf)

Michael Steeber:

With each iteration of the web page, the living room dissipates a little more. By launch, HomePod will be floating in the void, its Siri animation a tiny point of light in an endless abyss

Ryan Jones:

Classic Tim Cook launch.

1. late

2. missing key features

3. rushed

4. unorganized

Note I’m not saying ship prematurely. These are big unforced errors that sully a launch. Ship when ready, until then STFU so the launch narrative is clean and an excitement wave can form.

It makes no sense to be insanely secretive – so that “employees work is honored” with a big surprise launch–only to effectively leak it yourself. Except worse because you promise things you don’t later deliver. Very hypocritical.

I’m not being hyperbolic about a one-off issue, this is a 100% clear, established pattern. Whether it’s Tim or Phil or Craig or all, doesn’t matter. As Steve Jobs said, that’s the different between a janitor and an executive.

Michael Flux:

The most bizarre thing is that Tim Cook got to where he is by being an exceptional COO under SJ. For all his flaws he ran an extremely tight ship back then.

Last 2 years, every other feature is severely delayed or forgotten, and yet every other week a new interview with him.

Ben Brooks:

Apple gets a ton of undeserved shit for its ego. However this HomePod launch, I mean its deserved here. This launch seems to point to how much Apple cares about the device.

Marco Arment:

I can only think of two reasons why they announced the HomePod early, both of which are terrible:

1. They thought it was WAY closer to release than it was, a colossal failure of management.

2. They wanted to preempt sales of competitors, showing a severe lack of confidence.

Ryan Jones:

Notice this wording: It says HomePod has a direct connection to Apple Music, but does not have a direction connection to Siri. It needs an iPhone to relay Siri back-and-forth.

Matt Bonney:

I may end up eating these words, but: in my opinion, this is the worst part of the HomePod. Amazon Echo, Google Home, and Sonos are not reliant on having a specific phone.

Maynard Handley:

Most people are not willing to pay 100x (or even 5x) for better sound quality. Are they willing to pay 20% more? I think yes.

Joe Cieplinski:

I have no idea if Apple’s strategy of doubling-down on speaker quality will succeed, but I know trying to beat Amazon or Google at the voice stuff alone will fail. You have to play to your strengths.

Eric Blair:

I’m more excited about AirPlay 2 than the actual HomePod, so I’m rather disappointed right now.

Dan Moren:

My biggest HomePod question is: If I use the iCloud Music Library with iTunes Match, can the HomePod play music from my music? Because press release sure makes it sound like an Apple Music subscription is going to be integral…

Benjamin Mayo:

If you add music to your home iTunes library that was not acquired through a purchase, HomePod will not be able to access it. It appears HomePod doesn’t have Home Sharing, which would enable that kind of feature.

Nick Heer:

Perhaps the reason I’m so skeptical of this launch is that the HomePod was not demonstrated onstage when it was announced. Its features were described publicly; after the keynote, journalists were given small, limited demos. That’s the extent of public information on this product. I’m especially curious to know if it will be demoed at all in Apple’s retail stores — and how.

The HomePod could be a good — even great — product. But it’s not confidence-inspiring for Apple to set a public deadline, miss it, then launch the product with key features missing and almost no demonstrated capabilities of it performing as expected.

Michael Sagmeister:

I know people keep comparing it to initial AirPods reaction — but AirPods was priced competitively, does a lot of things better than similar products, and has no huge downsides.

This HomePod launch is as if AirPods had cost $100 more and only played Apple Music.

James O’Leary:

You need to be an Apple Music user who cares a ton about sound quality, but only for music, and you don’t want sound from multiple speakers, and you want to pay 3x for voice assistant that’s been treading water for years, and you want to rely on your phone to use apps. ¯\_(ツ)_/¯

Matt Birchler:

I plan on ordering a HomePod and using it myself when it comes out, but the whole rollout strategy and target market segment has me baffled on this product.

Josh McConnell:

“We think one thing that was missing from this market was a quality audio experience, a very immersive audio experience,” Cook said. “Music deserves that kind of quality as opposed to some kind of squeaky sound.”

Previously: HomePod Delayed.

Update (2018-01-25): Mitchel Broussard:

The sale offers two Sonos Ones for the same price as Apple’s $349 HomePod, and is debuting on the same day that customers will be able to pre-order the HomePod in the U.S., U.K., and Australia. With two Sonos Ones, users can have a stereo pair of speakers to enhance sound, or play music across multiple rooms -- two features HomePod will not have at launch.

Update (2018-01-26): Benjamin Mayo:

These drawbacks dilute the original concept that Apple laid out at WWDC and the 1.0 will not fulfil the vision of a true smart Sonos replacement. I’m sure there’s an interesting behind-the-scenes story on why AirPlay 2 has caused them so many internal setbacks. It’s embarrassing to announce a product, then delay it, then release with a stripped down offering of features from what they originally sold people on.

My guess is that when Apple made the decision to delay HomePod into early 2018, they thought that the multi-room AirPlay 2 stack would be ready to go with just a few more weeks of work. It has since transpired that it is actually going to take months to finish it up, and a product manager made the call to ship the HomePod as is, without these features.

Matt Birchler:

If the HomePod is just a nice speaker and we shouldn’t be worried about the smart things it does/doesn’t do, then why did Apple pre-announce this by 8 months? And why announce it at a developer conference? This is a computer with a voice interface and nice speakers.

Madeline Buxton:

Fortunately, HomePod also delivers where it counts: The sound. When I listened to the speaker next to Google Home Max, the latest Amazon Echo, and Sonos One, the vocals were consistently crisper and clearer on HomePod. The pluck of guitar strings pops, and bass notes have the robust thump-thump you want from them.

It’s also nice that regardless of where you are in the room, HomePod’s sound quality stays strong. That’s due in part to HomePod’s ability to automatically tune to the size of the room you’re in, without you needing to do any additional setup. You don’t have to carry your phone around the room, covering all its dimensions to ensure the best sound, like you do when setting up some other speakers. You can get Siri’s attention when you want to change the volume or switch songs without screaming at her — just a gentle “hey, Siri” will do.

John Gruber:

The difference between HomePod and Amazon Echo isn’t that they’re in different product categories. They’re in the same category. No one other than a gadget reviewer is going to put both a HomePod and Echo in their kitchen. They’re going to have one. It is, most certainly, a competition.

The difference is in the priorities behind the devices.

Serenity Caldwell:

On the HomePod, every part of a choral harmony sounds just as clear as the lead vocalist — no easy feet for a single 6.8-inch speaker. Harmonies do sound beautiful on the Sonos One, but blend more into a single musical phrase; you can’t isolate the singers in your mind as well as you can through the HomePod.


And while the HomePod is currently limited to a single iCloud user, there are some very smart improvements built in to protect what Apple calls “Personal Requests” — handoff of phone calls, querying calendar events, and sending messages. HomePod is synced with a single iPhone, iPad, or iPod touch when you first set it up; if you choose to sync your iCloud account with that HomePod, it will only respond to personal requests while that device is on your home Wi-Fi. Take the device off Wi-Fi or leave the home, and HomePod will continue to be able to play music, report traffic, and give you weather data — but if someone asks it to send a message to your wife, it’ll refuse until your device is back online.


As someone who cares deeply about the Mac, I’m not thrilled with this development, even if I understand its root cause. Yes, the iPhone and iPad are closer to representing our actual physical locations and movements, and that allows for smart security decisions. But cutting Mac users out of the joy of HomePod simply because they choose to use a different smartphone or tablet isn’t the best usability decision.

Update (2018-01-27): John Gruber:

Shouldn’t it work with iCloud Music Library? I get that it might not be able to access songs that only exist as MP3 files on your Mac, but if you have iCloud Music Library, it seems obvious that HomePod ought to be able to access them, no?

Kirk McElhearn:

Siri isn’t that smart. You can already see that now; if you try to play music from your iCloud Music Library that isn’t in Apple’s databases, it often fails.

Todd Ditchendorf:

Biggest problem with the “but HomePod is all about audio quality” argument is that there’s no good reason why Siri shouldn’t also be as good or better than the AMZN or GOOG offerings.  had a head start with Siri,  has more money, & a job at  carries at least as much cachet.

Update (2018-01-28): Dan Masters:

If HomePod is meant to be a speaker first, why does it “require compatible Apple devices”? Apple Music is on Android, right?

Forget the voice assistant angle – this is the wasted opportunity. (Halo effect, anyone?)

And why doesn’t it have a line in or act as a Bluetooth receiver?

John Gruber:

I have heard from a friend seeded with HomePod that it does work with tracks that are not Apple Music or purchased from the iTunes Store if you have iCloud Music Library enabled.

/r/audiophile/ likes it.

Nilay Patel:

All of these HomePod early listens are fundamentally flawed: none of these devices support the same services, so they’re all playing differently compressed music. Trying to figure out how to get around that.

Update (2018-01-29): Avery Hartmans:

Here are seven major things Apple’s new HomePod can’t do[…]

Update (2018-01-31): Bob Ankosko interviews Phil Schiller (via MacRumors).

Update (2018-02-05): David Pogue:

In the meantime, it’s pretty obvious that the HomePod sounds better than any other smart speaker —but its limited smarts make it attractive only to Apple Music subscribers.

Tuesday, January 23, 2018

Net Neutrality Testing App Rejected From the App Store

Jon Brodkin:

An iPhone application that attempts to detect whether ISPs are throttling online services was rejected by Apple when its developer tried to get it into the company’s App Store.

David Choffnes, a Northeastern University professor who researches distributed systems and networking, built an app called “Wehe” that tests the speeds of YouTube, Amazon, NBCSports, Netflix, Skype, Spotify, and Vimeo. Abnormally low speed results for one or more of those services might, in theory, provide evidence that your mobile carrier is throttling a service.

But as Motherboard reported today, Apple refused to let the app into the iPhone App Store, telling him that “your app has no direct benefits to the user.”


Hours after this story was published, Apple reversed course and approved the app.

This was after they continued to reject the app, following a dialog with Choffnes where Apple insisted that it was intended to mislead users. As always, going to the press seems to help.

Rejected From the App Store for Emoji in Screenshot

Ryan Nystrom:

Apple now rejecting an expedited @githawk review for using EMOJI in screenshots?

The fact that on an expedite-approved build to fix a huge crash, of all things THIS gets flagged.

Not to mention the fact that the crash even happened means the previous review DIDN’T EVEN OPEN THE APP.

Eli Perkins:

Time to pull Instagram, Snapchat, WhatsApp and Venmo too then, I guess!

Ryan Nystrom:

Don’t forget Slack

Michael Love:

Seeing a bunch of these lately - feels like somebody at Apple Legal got a bug up their bottom about emoji trademarkability and wrote a memo and @pschiller et al have not seen fit to countermand it yet.

I can grok the business / legal arguments for emoji-as-trademarks - distinct ‘style’ they’ve developed + don’t want other OEMs to rip off - but you can’t ban developers from using a built-in system font in screenshots.

Update (2018-02-05): Sam Eckert (via Jeff Johnson):

I’ve just been on the phone with the App Review team regarding the Emoji issue.

Apps are NO LONGER ALLOWED TO USE EMOJI in non-keyboard based situations. Means if your app displays emoji anywhere without a user having it typed in, it’s illegal and will be rejected.

Sam Eckert:

Meanwhile Instagram & Yubo just pushed their latest update with this and it apparently was no problem.

Andrew Briscoe:

Apple demonstrates using emoji in apps in their App Development with Swift courses.

Benjamin Mayo:

As always with App Store stories like this, the App Review team has shown itself to be inconsistent in interpretation and enforcement. However, Eckert’s tweet is not the only account we have heard with a similar story on this new anti-emoji policy.

Apple has not added an explicit mention of allowed emoji usage to its public App Review Guidelines yet.

Update (2018-02-06): Jeremy Burge:

Other apps such as Signal and Telegram continue to use Apple emojis on Android.


Now app developers are getting word that the use of emoji in iOS apps may be stepping over the line too.


This is not the first time this has happened. Eddie Lee, developer of app Reaction Match, reported a similar incident dating back to December 2017. This stemmed from a screen which used the 😭 Loudly Crying Face emoji as the heading for a Game Center error, and three 👾👾👾 aliens on the same screen.


GitHawk, a Github client, was also rejected for emoji use within the app in January 2017. These emojis were primarily used in the context of emoji reactions. First created by Slack in 2015, these are now a common feature across all kinds of communication environments.


To help navigate what appears to be going on here, we have compiled a guide for what is and isn't allowed by Apple when using their emojis. This has been created based on feedback from numerous developers over multiple days.

Tim Schmitz:

I can see disallowing emoji as part of branding, but why prohibit them as a button or inline with text? This feels like Apple disallowing the use of system fonts and requiring you to install a custom one instead

Update (2018-02-09): Mitchel Broussard:

Like other newly discovered App Store guidelines, there is some inconsistency in Apple's processes and the exact rules remain unclear. For example, a few major apps apparently violate the new emoji-as-text-only rule -- like Snapchat's emoji friend scores -- but appear to not have had issues in recent updates. Other areas of uncertainty include emojis in push notifications and in responses from chatbot apps.

Casey Newton (tweet, via David Barnard):

Apple has not responded to repeated requests for comment.

WhatsApp and Slack are among the major developers that have changed their emoji in recent weeks in response to pressure, as Emojipedia noted this week. Ryan Nystrom, an engineer at Instagram who is working on a GitHub notification app, tweeted a rejection from Apple indicating that he had violated App Store rule 5.2.5: “Apps and extensions, including third party keyboards and Sticker packs, may not include Apple emoji.” (Nystrom’s tweet was first noticed by Mashable.)


Whatever the case, developers are on edge. Over the past day, three app makers have told me that the uncertainty around emoji use has roiled their teams. Depending on how widely emoji are used in an app, a change in enforcement could require an extensive — and expensive — redesign.

Update (2018-02-13): See also: Accidental Tech Podcast, Connected.

Monday, January 22, 2018

Microsoft Office 2016, Version 16.9

Juli Clover:

Office for Mac today received a major update, with Microsoft updating the software to version 16 and introducing new features for Word, Excel, PowerPoint, and Outlook.

In Word, Excel, and PowerPoint, Microsoft is introducing real-time collaborative editing, allowing multiple people to work on the same document at the same time. In Word and PowerPoint, flag icons will let you know what others are working on and what’s been changed.

Changes to documents, worksheets, and presentations stored in the cloud will be saved automatically, and updates will be synced in seconds. A version history will let you roll back to earlier versions of a document if necessary.

Bill Smith:

Pyramid never shipped, but the idea of the common codebase was implemented to create Word 6 for Windows, which crushed the competition, and Word 6 for Mac, which “was a crappy product” according to Rick Schaut in his “Buggin’ My Life Away” blog. He’s been working on Mac Word for most of its life.


Eventually, the features between both platforms diverged and their object models (the way each handles code) began to differ. The code in Office 2008 for Mac was as different from the Windows code as it ever was and feature parity between the two platforms greatly suffered.


For the last 10 years, Microsoft has been taking those few steps back with the plan to reunify the code and it’s been paying off. During that time, Microsoft has released Office for two new platforms they didn’t anticipate when they started their project — iOS and Android. These were the first new platforms to ship from the new unified codebase and that was possible because the majority of the underlying code was the same.

Erik Schwiebert:

For the first time in over 20 years, Office is again built out of one codebase for all platforms (Windows, Mac, iOS, Android)!

The shared code is all C++. Each platform has native code interfacing with the OS (ie, Objective C for Mac and iOS, Java for Android, C/C++ for Windows, etc)

This is emphatically not a repeat of Word 6.

See also: Paul Bowden and Erik Schwiebert’s presentation, Dave Mark, David Sparks.

Update (2018-01-27): Brad Sams:

I really want to know what Office app this loving family is looking at...

Some wicked pivot tables, maybe a PowerPoint of their food consumption??

Update (2018-02-15): Pierre Igot:

Even @microsoft itself apologized for Word 6 for Mac at some point in its history… And yet, here we are, in 2018, and the Visual Basic Editor in @office #Word2016 looks like this in #macOS[…]

Update (2018-02-19): John Gordon:

Dear @Office - if Mac and Win have same codebase now, why don’t we Mac users get that fabulous "tell me what you want to do" box?

Update (2019-01-09): See also: The Talk Show on Word 6.

Swift Forums

The Swift mailing lists have moved to a Web forum. I’m still not a fan of Discourse, but you can read the forums via e-mail if you enable the Preferences ‣ Emails ‣ Mailing list mode option.

Ole Begemann:

Every once in a while I come across a site for which Safari ignores the global switch to block notification requests. [is] one of them. Mysterious.

See also: Hacker News.

iOS 11 Adoption Reaches 65%

Juli Clover:

iOS 11 is now installed on 65 percent of iOS devices, according to new statistics Apple shared yesterday on its App Store support page for developers.


Since iOS 11 was released, its adoption rate has been quite a bit slower than iOS 10 adoption rates in 2017. In January of 2017, for example, iOS 10 was installed on 76 percent of iOS devices.

Apple has released several updates for iOS 11 since its September launch, but the operating system has also been plagued by bugs and security issues, which doesn’t appear to have helped adoption rates.

This is curious because iOS has gotten more pushy about getting you to update. iOS 11 still supports the iPhone 5s, so I don’t think the difference is due to old devices that can’t update. It sounds like a large number of users are choosing not to, and living with the annoying notification prompts.

I’m seeing about 63% adoption for macOS 10.13 with my apps, vs. 62% a year ago for macOS 10.12.

Update (2018-01-22): Nick Heer:

Perhaps the reason for this is that iOS 11 simply isn’t as compelling of a software update for iPhone users as was iOS 10; but hypothetically lax iPhone upgrades should, theoretically, be offset by rapid adoption on the iPad, where iOS 11 was a massive release.

Update (2018-01-24): jc:

I lost 27 third-party apps on my phone when upgrading to iOS 11. I deliberately waited to upgrade until the last crucial app received the necessary 64-bit update. A more likely reason for the slower uptake.

Redesigned Web Versions of App Stores

Juli Clover:

Apple recently introduced an all new design for App Store apps on the web, with a new, cleaner interface that puts screenshots and critical information front and center.

You can see the new redesigned interface by accessing or searching for any iOS or Mac app while on the web. With iOS apps, you'll see a clear notice that you need to open up the App Store to download the app, while with a Mac app, you'll get a notice letting you know you need to open up the Mac App Store.

Craig Grannell:

Now called App Store Preview, the result is awful. In fact, it’s arguably worse than it was before, with tiny screenshots, absurdly small grey-on-white pricing, and body copy that on my iMac looks like ants have crawled across the display. Perhaps apps are now only for the young, and anyone fortunate enough to have 20/20 vision when blazing into their 40s and beyond.


If I read an article about new Android apps and games and end up on Google Play, I can click a price button, pay for the item, and send it to my Android device, ready for when I next use the thing. With Apple, I can, what, email a link to myself like it’s 2003? It’s absurd that with such a joined-up ecosystem in so many ways, Apple lacks joined-up thinking when it comes to its store.

Friday, January 19, 2018

Tim Cook Talks iPhone Batteries

I was not impressed by this interview (via Wojtek Pietrusiewicz):

When asked about the incident, Cook apologized to Apple users who believe that the company deliberately slowed the processors down in older models.

He hypothesized that when Apple released software updates to slow down older devices in older models to keep up with the new features, people may not have been “paying attention” when they explained what it was.

“Maybe we weren’t clear,” he said. “We deeply apologize for anyone who thinks we have some other kind of motivation.”

I’m not sure where the part about keeping up with new features came from. It’s not in the clip, so I’ll give Cook the benefit of the doubt that he didn’t say that nonsense.

However, the part about people not “paying attention” is in the clip, and I don’t find that credible at all. The press coverage of iOS 10.2.1 at the time did not explain this, and there’s some dispute as to whether the press was even told. Customers certainly weren’t.

Adam Engst:

The fact that Apple was doing something to address those shutdowns wasn’t a revelation. The company had said it was looking into the problem and claimed it had implemented a fix in iOS 10.2.1, back in early 2017. There was some dispute as to whether that actually happened since Apple included nothing in the release notes about it at the time (see “Apple Releases macOS Sierra 10.12.3, iOS 10.2.1, tvOS 10.1.1, and watchOS 3.1.1,” 23 January 2017). Subsequently, however, Apple amended iOS 10.2.1’s release notes to say:

It also improves power management during peak workloads to avoid unexpected shutdowns on iPhone.

If you didn’t somehow figure out that Apple had amended the release notes and decode that “power management” means they’re slowing down your phone, you weren’t “paying attention.” That’s the message from Apple’s CEO?

The article continues:

Cook said it was “rational” to offer the less expensive battery option -- instead of free batteries -- considering that “most people kind of expect to get a [new] battery at some point in time.”

I don’t think that’s the case, either. Most people didn’t know the batteries could even be replaced. And Apple’s own marketing VP said they wouldn’t need to be:

“Most iPhone users will realize, as most iPod customers realized, that they never needed to replace their batteries,” Joswiak said.

Is Apple’s position now that iPhone customers should expect to have to go to an Apple Store, pay $79, and wait an hour or two for a technician to replace their battery?

Previously: Apple’s Message to Customers About iPhone Batteries and Performance.

Update (2018-02-06): Juli Clover:

In a recent inquiry, Senator John Thune, chairman of the Senate Commerce Committee, asked Apple why there was a discrepancy between the time that the update was introduced and the time when Apple explained what was in the update, a question Apple answered today.

Apple says that iOS users were not immediately informed about the power management features in iOS 10.2.1 because it first needed to confirm that the update successfully solved the problem causing unexpected shutdowns.


In February 2017, we updated our iOS 10.2.1 Read Me notes to let customers know the update “improves power management during peak workloads to avoid unexpected shutdowns.” We also provided a statement to several press outlets and said that we were seeing positive results from the software update.

Update (2018-02-26): Joe Rossignol:

Apple currently faces 59 putative class actions across 16 district courts in the United States. The total includes 30 before Judge Edward J. Davila in the Northern District of California, where the lawsuits will likely be centralized given their overlapping claims, according to court documents obtained by MacRumors.

BBEdit Codeless Language Module for Swift

I’ve posted a fork of Curt Clifton’s BBEdit CLM for Swift. My version adds support for some newer Swift keywords, triple-quoted string literals, and class functions. The main improvement is that functions inside of classes (and structs, extensions, and protocols) are now indexed and available for BBEdit’s function pop-up.

Previously, only top-level functions were indexed. This was a direct consequence of the way CLMs require a single regex to match the “function” name and its body (in curly braces). If an entire class is consumed all at once, the functions inside become invisible, as there is no nested matching. This was not very useful for me because I mostly write member functions rather than global ones. Aidan Dysart’s CLM solves this problem by only indexing functions. But I want the other types to be indexed, too. It turns out that this is possible by changing the regex so that it only consumes the body for functions; for other types it stops matching after the name.

My first thought was to implement this by having separate alternations in the pattern for matching functions with content in braces and “functions” without bodies. However, this didn’t work because the function name has to be marked with (?P<function_name>), and you are only allowed to use that once. The solution I found was conditional matches, whereby the braces after the “function” name only match if the keyword before the “function” name was func. The main downside to this approach is that since non-func functions no longer have any braced content, they cannot be folded. However, I think that’s a small price to pay for getting them indexed. I mostly want to fold function bodies rather than whole classes, anyway.

Two-factor Authentication for Old Apple TVs

I’ve been using two-factor authentication with my Apple ID for a while now, and I found that this prevented me from signing into the account on my Apple TV 2. I would enter and submit my password, and then it would ask for the two-factor verification code. The map and code would indeed pop up on my iPhone, but there was nowhere on the Apple TV to enter the code. There was just an OK button, which would take me back to the login screen.

The solution comes from Apple forum reader appmacwmm: you can go to Settings ‣ iCloud on your phone to get the verification code first, then enter it into the Apple TV after your password (in the same text box) before it asks for the verification code. It’s a convoluted procedure that I can’t imagine most users figuring out on their own, and the Apple TV’s interface prompts are of no help.

Previously: Strange Apple ID Sign-In Locations.

Update (2018-01-22): See also: Dan Masters.

Update (2019-01-07): Erica Sadun:

This is the furthest I’ve ever gotten from “it just works” in Apple’s ecosystem and a user experience that gives me great pause.

Simplifying Swift Framework Development

Dave DeLong:

@_exported will make an import-ed module visible to the entire module into which its been imported. This means you don’t have to import Dependency in every file you need it. You just @_exported that dependency once, and you’re good to go in any file in that module.


Second, I define a public constant that is the name of the framework, and whose value is the Bundle for that framework. I use the class-based look up (ie, find the bundle that declares this class), because it’s one of the few convenient Bundle initializers that doesn’t return a Bundle?, and thus I don’t have to deal with unwrapping. And then I use a special marker class for making that lookup resilient in the face of other functionality changes.

What Happens to the Traffic You Send to the App Store?


No matter how good your product is, you need to be found. We send all our traffic to the stores. In return, we get higher sales and higher rankings. Recently, some of the numbers left us guessing. The more traffic we get the higher the sales. But, somehow, our ranking suffers.


The good news is: Blogging pays off. The traffic you create on your side does translate into higher sales. But if it results in sudden spikes you get punished. Most probably the anti-spam algorithm kicks in assuming that you want to game the rankings and ranks you down. In consequence, you do not get proportionally more sales, when at the same time you fall in the rankings. A sudden spike in traffic and sales gets punished, no matter whether its real or fake traffic. There is not much we can do about that but whine. Or is there?

Using the App Store, you do not have much control over your sales process. You need to experiment and see what sticks. If you figure it out you still depend on Apple’s good will. Your most successful marketing campaign might result in a down-ranking, and, who knows, cause as much damage as it helps. This is probably not voluntary. Apple is a control freak, but this can’t be intended. It’s frustrating nevertheless.


The only thing you can do against the App Store algorithm punishing you for sending people to the Store is selling your app directly.

Dictation Eases Data Entry

Adam C. Engst:

And you know what? Dictation in iOS was way better than on the Mac, and no matter which of the variants I used, it formatted the number right every time. In subsequent testing, I discovered that saying “dot” instead of “point” prevented a few spurious spaces from creeping in.


In fact, I’d suggest that dictating numbers into iOS might be the most accurate way of entering them manually. It’s easy to make mistakes when transferring your gaze back and forth between a sheet of paper and the keyboard, and it’s also easy to tap a wrong key accidentally. But when you’re dictating, you can devote all your attention to reading and speaking the numbers, eliminating both context-switching and typing mistakes.

Wednesday, January 17, 2018

App Store Trials: No More Free IAPs?

Markus Müller-Simhofer:

Apple no longer allows free IAPs? Oh wow. I’m glad we got ours approved before this change. This basically means the option to offer free trials via non-consuming IAPs is dead. It’s also no longer possible to offer upgrades via free IAPs. We use this for recent customers.

Drew McCormack:

Huh? I thought Apple were promoting this as a solution for free trials.

Markus Müller-Simhofer:

The biggest issues with trials via IAPs are: 1. Users have to click a system Buy button to get a free IAP 2. Users thought they started a subscription 3. No way to reset the trial after eg a year. 4. MAS IAPs have many issues, better to not encounter them right after installation

Max Seelemann:

This. And no way to help through support. No way to re-trial after major updates. No way to make promotions with extended trials.

Markus Müller-Simhofer:

In one WWDC session the presenter mentions that the new iOS DeviceCheck framework can be used to secure a free trial. Now that this framework is available, I can imagine that Apple would prefer it.

Apple is currently promoting apps with free trials, but these seem to be based on subscriptions (which aren’t allowed for all apps) rather than in-app purchases. It does seem like the DeviceCheck framework would make it possible to implement trials, with the tracking handled by your server instead of Apple’s. If this is in fact recommended, it’s a mystery to me why Apple wants trials to be handled out-of-band so that they are inconsistent from app to app.

There doesn’t seem to be a corresponding workaround for offering upgrades, either.

And, as always, it’s disappointing that news about major policy changes arrives through Twitter rather than official channels.

Previously: App Store Introductory Pricing, Omni’s IAP Trials and Upgrade Discounts.

Update (2018-01-24): Note that DeviceCheck is not available for Mac.

Update (2018-01-28): Markus Müller-Simhofer:

New Year resolution, write more radars: Family Sharing should support non-consumable IAPs (App Store, Mac App Store) Promoting Family Sharing for Freemium apps is confusing

And this is the reply to my request to remove the Family Sharing badge from our store page. So what should I tell customers who see the Supports Family Sharing badge on our store page and than are unable to share the IAP with their family members?

Update (2018-02-19): Ken Case:

I saw those reports last month, but we’ve had no trouble at all in the last year. (We did have to have a lot of conversations before we first introduced this approach in our apps in 2016.)


Also, back in September, one of our update was rejected under 3.1.1 for using IAP to activate a 14-day free trial. The reviewer said we should be using non-renewable subscription instead. We appealed and got it approved.

Update (2018-03-02): Junjie:

Big fan of upgrade pricing using IAP. By checking the App Store receipt date, @mindnode can even offer customers who recently bought their app free upgrade.


Glad you like our new business model. (As you are also a developer: It sadly has a few disadvantages like missing Family Sharing and VPP support)

See also: Core Intuition.

Reading Twitter With Feedbin

Ben Ubois:

Feedbin treats tweets differently. The idea of the feature is to fully unpack the tweet. If a tweet links to an article, Feedbin will attempt to load the full article and display it alongside the tweet. Feedbin will also include full-size images, videos and gifs with native YouTube, Vimeo and Instagram embeds.

You can start adding Twitter content to Feedbin the same way you would subscribe to a feed. Feedbin will recognize any Twitter URL that contains tweets. It also supports shortcuts for subscribing directly to twitter @usernames as well as #hashtags.

Reading Disks From 1988 in 2018

Jason Snell:

With that all set, it was time to run ADTPro on my Mac. It’s a Java app and therefore not the prettiest thing, but it did the job—I was able to connect to the Apple IIc and boot into ADTPro, at which point I could simply start inserting disks one by one and watch as they were transferred (at a surprisingly fast rate—less than a minute) across the serial cable to my Mac, where they were saved as 143K Apple II disk image files. Talk about anticlimactic. Imaging took less than an hour. There were no bad disks, nearly 30 years later.

After the imaging was done, it was time to read them on my Mac using Gerard Putter’s Virtual II emulator. The disks with DOS or ProDOS on them booted just fine. There’s even a Quick Look extension for Virtual II that would display the contents of a disk in the Finder when I pressed the space bar. How civilized.

Then came a new problem: How do you get text files out of a virtual computer? The answer seems to be the same as with a real one: you “print” the files, and Virtual II’s virtual printer can generate a PDF or put text on the clipboard. But to print a text file, you need to load it into a program.

WDMyCloud Multiple Vulnerabilities

James Bercegay (via Hacker News):

WD My Cloud is a personal cloud storage unit to organize your photos and videos. It is currently the best selling NAS (network attached storage) device listed on the website, and is used by individuals and businesses alike. It’s purpose is to host your files, and it also has the ability to sync them with various cloud and web based services.


The WDMyCloud device is vulnerable to an unrestricted file upload vulnerability within the following file[…]


As you can see in the above code, the login functionality specifically looks for an admin user named “mydlinkBRionyg” and will accept the password of “abc12345cba” if found. This is a classic backdoor.


By sending a request like the one above a remote attacker could now execute any commands as root.


The triviality of exploiting this issues makes it very dangerous, and even wormable. Not only that, but users locked to a LAN are not safe either. An attacker could literally take over your WDMyCloud by just having you visit a website where an embedded iframe or img tag make a request to the vulnerable device using one of the many predictable default hostnames for the WDMyCloud such as “wdmycloud” and “wdmycloudmirror” etc.

Violating a Website’s Terms of Service Is Not a Crime

Jamie Williams:

Good news out of the Ninth Circuit: the federal court of appeals heeded EFF’s advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle’s website in a manner it didn’t like. The court ruled back in 2012 that merely violating a website’s terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes—in this case, California and Nevada—to enforce their computer use preferences.


Oracle v. Rimini involves Oracle’s terms of use prohibition on the use of automated methods to download support materials from the company’s website. Rimini, which provides Oracle clients with software support that competes with Oracle’s own services, violated that provision by using automated scripts instead of downloading each file individually. Oracle sent Rimini a cease and desist letter demanding that it stop using automated scripts, but Oracle didn’t rescind Rimini’s authorization to access the files outright. Rimini still had authorization from Oracle to access the files, but Oracle wanted them to access them manually—which would have seriously slowed down Rimini’s ability to service customers.

Tuesday, January 16, 2018

Swift String ABI, Performance, and Ergonomics

Michael Ilseman:

String’s ABI consists of its in-memory layout, any methods that are public or callable from inlineable methods, and any interpretation of its bit pattern by inlineable methods. The challenge in designing String’s ABI is determining what avenues are worth keeping open to pursue in the future and what should be closed off for good to ensure performance.


We’re planning on two major efforts to improve performance this release: comparison improvements and small-string optimizations. Additionally, internal to the standard library, we’re introducing and using unmanaged strings and some performance flags, which may be worth surfacing as API for highly-performance-sensitive uses.


Ergonomics is an area that’s not been well-served by String. Collection conformance and multi-line literals in Swift 4 were a welcome first step. But, trying to write a script, solve a classic whiteboard interview question, or participate in a coding competition can quickly become an exercise in frustration.

Previously: Swift 4 String Manifesto, Swift ABI Stability Dashboard.

The Final Conf-Down

Chris Adamson:

I think it’s interesting to note that there’s been an obvious, substantial contraction in the conference scene.


The obvious explanation is that after 10 years, iOS is old news, that most people who want to work with it are already doing so, and there’s less travel/training money available. This makes sense, to a point, although if that’s the case, then how can the No Fluff Just Stuff tour be doing 17 events this year, hawking old warhorses like Java and Spring?

Still, the idea that iOS is old and unsexy can be seen in the fact that nearly every new conference focuses on Swift, even putting it in their name: dotSwift, try! Swift, Forward Swift, Swift by Northwest, Swift Summit, etc. Good for marketing, although as a speaker, I find it somewhat limiting: I don’t feel like I could do a talk on, say, debugging with Instruments or Auto Layout in storyboards, since those wouldn’t really be about Swift.


Today, WWDC is nearly impossible to get into, and all its videos are quickly made available to non-attendees (lately, most or all of them have been livestreamed). So if you’re just interested in getting Official Info from Cupertino, just standing in front of that firehose is all that’s necessary.

Update (2018-01-17): Marco Arment.

Ten years ago, you had to go to conferences to hear most prominent people in our industry speak in their own voice, or to get more content than an occasional blog post. Today, anyone who could headline a conference probably has a podcast or YouTube channel with hours of their thoughts and ideas available to anyone, anywhere in the world, anytime, for free.

But all of that media can’t really replace the socializing, networking, and simply fun that happened as part of (or sometimes despite) the conference formula.

I don’t know how to fix conferences, but the first place I’d start on that whiteboard is by getting rid of all of the talks, then trying to find different ways to bring people together — and far more of them than before.

Update (2018-01-18): Jeff Johnson:

You can’t really eliminate formal talks at conferences, because then it becomes a lot more difficult to justify the expense to employers.

Manton Reece:

It can’t be overstated how important it is to meet people face to face in our community.

Update (2018-01-27): Adam C. Engst:

There’s no shortage of Apple-focused conferences for professionals to gather with peers. We have once again collected details — or at least dates — for all the Apple-related conferences we can find; if we’ve missed any, let us know in the comments.

iPad Erased By Too Many Failed Passcode Entries

Josh Centers:

Alas, I know this problem all too well because I have a tech-addled toddler who likes to use the iPad Lock screen as a drum, so he disables his iPad regularly. And before you ask, no, this feature is not related to the Erase Data feature in Settings > Touch ID & Passcode that erases the data on your iOS device after 10 incorrect passcode entries. This is a built-in security feature that cannot be disabled.

How many incorrect passcode entries it takes before the iPad locks is up for debate. Apple’s support document says six. In my testing, that isn’t true. It took only five tries with random passcodes to disable my iPad for 1 minute.


Once you kick off the process, it works like this: the device is disabled for 1 minute. There is no way to bypass it being disabled — you just have to sit in time out like a naughty child. Once that time is up, you get one chance to get the passcode correct or your device is disabled for 5 minutes. Get it wrong again and it’s disabled for 15 minutes! The next failure disables it for another 15 minutes. After that, 1 hour. Get it wrong one more time, and you won’t be able to get in directly on the device ever again. Your only solution at that point is to erase all content and settings and restore from backup.


Worse, this feature can render a device completely useless and potentially cause a user to lose data, if the device wasn’t set to back up or its backups were failing for some reason. I’ve never seen a non-optional security feature that could brick a consumer-level device even if an authorized user could later authenticate themselves.

Update (2018-04-07): Dave DeLong:

Working myself up to write a righteously angry blog post about how pathetically terrible the parental controls on iOS are.

This time it’s that f***ing “finish setting up your iPad” nag that tells them to set a passcode.

They set a passcode. They forget the passcode. They enter a wrong one. I now have to DFU the stupid thing and spend an hour bringing it back to life.

Meanwhile, all app data is lost

Google Memory Loss

Tim Bray:

I think Google has stopped indexing the older parts of the Web. I think I can prove it. Google’s competition is doing better.


My mental model of the Web is as a permanent, long-lived store of humanity’s intellectual heritage. For this to be useful, it needs to be indexed, just like a library. Google apparently doesn’t share that view.

It’s hard to know whether something like this is just a temporary glitch. It doesn’t make sense to me that Google would want to skip some pages just because they’re old.

I have actually had a lot more trouble whenever I try Bing or DuckDuckGo. Some pages they don’t seem to be able to find at all, and others are in the list of matches but don’t have the relevance ranking I would expect.

Update (2018-01-18): Jonathan Poritsky:

I had a few little tricks to discover aging content back then, including using Google’s date range search tool. Trying to use the same tool again this week brings up precious few useful results. From the outside looking in, it feels as though Google is discarding the early web. Which is strange given the company’s supposed raison d’être of organizing the world’s content.

Apple Health Data Used in Murder Trial

BBC (via Hacker News):

Data suggesting the suspect was climbing stairs could correlate to him dragging his victim down a riverbank and climbing back up, police said.


The suspect - identified by a hair found at the scene of the crime - refused to provide police with the PIN code to his phone so investigating officers turned to an unnamed cyber-forensics firm in Munich, which broke into the device.

Previously: Amazon Echo Privacy.

Monday, January 15, 2018

Agenda’s Feature Unlocking Business Model

Drew McCormack (tweet):

I’ll no doubt have more to tell about Agenda itself after the launch, but right now, I wanted to introduce the sales model we have settled on, because it is quite unique.


The app itself is free, with no time limits, but there are extra premium features that require an In App Purchase (IAP) to unlock. When an upgrade pack is purchased, all current features are permanently unlocked across all of the user’s Macs (…and iOS devices, when the iOS app becomes available). In addition, any features added to Agenda in the twelve months following the purchase are included, and permanently unlocked as well.

Only after the twelve month pack has expired can new premium features begin to appear that require a new purchase. The user can choose to buy a new pack, unlocking twelve more months of new features, or be content with what they already have until features are added which tempt them to purchase again.


Agenda’s sales model is inspired by Framer and Sketch, but there is a fundamental difference — we never leave a customer behind. We felt it was important to always be able to offer customers the latest build of Agenda, so that they get all of the bug fixes, even if they haven’t paid or their year of features is up. For this reason, cash cow is about unlocking features, rather than unlocking updates.



Also interesting is that you can pre-order the app (for $0) so you don’t forget to try it when it’s released.

Previously: App Subscriptions, New Sketch 4.0 Licensing Model, App Store Introductory Pricing.

The MacBook Air: A Decade’s Worth of Legacy

Stephen Hackett:

A decade ago, we entered the current era of notebook design when Steve Jobs pulled the future out of an envelope.


At just three pounds, it was a full two pounds lighter than the 13-inch MacBook, which was still wrapped in white or black plastic at the time.


The base model shipped with a 4,200-RPM hard drive straight out of an iPod. This led to the MacBook Air feeling slower than other Macs of the era. A 64 GB SSD option was available for a whopping $999.


In hindsight, it was clear that Apple was building toward a world without optical drives for some time. The media components of this plan were obvious, but the Time Capsule wasn't introduced until this very keynote.

Joe Rossignol:

A decade later, the MacBook Air remains a product in Apple's lineup, but likely only because it is a lower-cost option. Beyond a minor speed bump last June, the notebook hasn't been updated since March 2015[…]

David Sparks:

For early adopters, it was rough going with a very slow spinning disk (unless you paid a mint for the SSD) and a slow processor but even then it was clear Apple was rowing in the right direction. The original MacBook Air even had a hinged door for the USB port, making it feel more like a tiny spaceship than a computer.

What’s striking to me is the huge improvement in size and weight compared with the MacBook of the time. There were a lot of compromises, but you were also getting a lot in return. The weight dropped from 5 lbs. to 3 lbs. (67%). The 2016 MacBook Pro made similar compromises but for diminishing returns. It reduced the weight by less than half a pound (about 10%).

Tim Hardwick:

Apple currently has no plans to make any major upgrades to its MacBook Pro lineup in 2018, according to DigiTimes.

Update (2018-01-17): See also: Hacker News.

Hawaii Missile Alert

Amy B Wang (via Eric Umansky):

Around 8:05 a.m., the Hawaii emergency employee initiated the internal test, according to a timeline released by the state. From a drop-down menu on a computer program, he saw two options: “Test missile alert” and “Missile alert.” He was supposed to choose the former; as much of the world now knows, he chose the latter, an initiation of a real-life missile alert.


Around 8:07 a.m., an errant alert went out to scores of Hawaii residents and tourists on their cellphones: “BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL.”


The false warning sparked a wave of panic as thousands of people, many assuming they had only minutes to live, scrambled to seek shelter and say their final goodbyes to loved ones. The situation was exacerbated by a 38-minute gap between the initial alert and a subsequent wireless alert stating the missile warning was a mistake.

John Gruber:

This is just terrible, terrible user interface design.


imagine if there was a real missile and he clicked Test missile alert without knowing it.

Bob Burrough:

The problem isn’t that someone fat-fingered the alert, or that the “test” and “real” alerts were near each other in a dropdown menu. The problem is that one person has ability to send an alert to millions.

Update (2018-01-16): Honolulu Civil Beat:

This is the screen that set off the ballistic missile alert on Saturday. The operator clicked the PACOM (CDW) State Only link. The drill link is the one that was supposed to be clicked.

Paul Kafasis:

The same selection screen contains both drill and real options, in extremely close proximity to one another. The naming of these options is inconsistent, and often opaque. Further, there’s no grouping to differentiate items. While there was a confirmation screen after this, it seems certain that it did not fully spell out what would occur. All of that led to literal panic in the streets.

See also: Hacker News.

Update (2018-01-17): See also: Nick Heer.

Update (2018-01-22): See also: Jason Kottke.

Update (2018-01-23): Kevin Dayton:

Gov. David Ige told reporters today that part of the delay in notifying the public that the Jan. 13 ballistic missile alert was a false alarm was that he did not know his Twitter account password.

Update (2018-01-24): See also: xkcd.

Update (2018-01-30): Associated Press:

US regulators: Hawaii employee who sent false ballistic missile alert thought actual attack was imminent.

Brian Fung and Mark Burman (Hacker News):

The Hawaii employee who sent out a false alarm earlier this month warning of an incoming missile attack said they misheard a message played during a drill and believed a ballistic missile was actually heading for the state, according to a federal investigation.

This directly contradicts the explanations previously offered by Hawaii officials, who have said the Jan. 13 alert was sent because the employee hit the wrong button on a drop-down menu.

Megan Geuss:

A preliminary report released on Tuesday from the Federal Communications Commission details the events leading up to a false missile alert sent to mobile phones and television and radio broadcast stations in the state of Hawaii earlier this month. The report (PDF) suggests that the employee who sent the alert did not hear a recording notifying staff that an announcement regarding an incoming missile was simply a test. Instead, the employee apparently thought it was the real thing, according to the FCC.

The Black Hole of App Review

Chris Eidhof:

I submitted the first version of a new app almost month ago, it got rejected within a few days (b/c copycat, which it isn’t). I immediately sent a reply, resubmitted, and still waiting. No feedback.

The responses seem to indicate that this happens a lot.

Chinese Firm to Operate China iCloud Accounts

BBC (Hacker News):

Apple’s iCloud services in mainland China will be operated by a Chinese company from next month, the tech giant has confirmed.


They include a clause that both Apple and the Chinese firm will have access to all data stored on iCloud.

Apple said it had made the move to comply with the country’s cloud computing regulations.

Jon Russell:

However, after talking to a number of users, we found that Apple has included iCloud accounts that were opened in the U.S., are paid for using U.S. dollars and/or are connected to U.S.-based App Store accounts in the data that will be handled by local partner Guizhou-Cloud Big Data (GCBD) from February 28.


One user did find an apparent opt-out. That requires the user switching their iCloud account back to China, then signing out of all devices. They then switch their phone and iCloud settings to the U.S. and then, upon signing back into iCloud, their account will (seemingly) not be part of the migration.


If you move to a new country or region, go to your Apple ID account page, Account Info, or Settings to change your Apple ID information.

Ben Lovejoy:

The company issued a reassuring-sounding statement that the same encryption standards would be applied, and that ‘no backdoors will be created into any of our systems.’ However, Apple’s revised iCloud terms and conditions for the country make it clear that GCBD will have full access to the data.

You understand and agree that Apple and GCBD will have access to all data that you store on this service, including the right to share, exchange and disclose all user data, including Content, to and between each other under applicable law.

The benign interpretation of this would be that GCBD only has access to the encrypted data, which it needs in order to operate the servers, and would have no more access to the data than the U.S. government. The more cynical one would be that the Chinese government will have free access to all your data, provided only that it comes up with a legal justification for this. And cynics would argue that this is the reason the government changed the law in the first place.

It’s also possible the government would be in a position to man-in-the-middle, without needing a backdoor.

See also: Lloyd Chambers.

Previously: Apple Pulls VPN Apps From China App Store.

Update (2018-01-17): Matthew Green:

If Apple needs to fundamentally rearchitect iCloud to comply with Chinese regulations, that’s certainly an option. But they should say explicitly and unambiguously what they’ve done. If they don’t make things explicit, then it raises the possibility that they could make the same changes for any other portion of the iCloud infrastructure without announcing it.

It seems like it would be a good idea for Apple just to clear this up a bit.

Update (2018-02-20): John Gruber:

This whole situation reeks to high hell, but I don’t know what Apple could do other than pull out of the Chinese market entirely.

Update (2018-02-22): Josh Centers:

Google pulled out of China rather than give information to the Communist regime. Apple is literally handing that info over. Who cares more about your privacy?

See also: Microsoft.

Dropbox Files Confidentially for IPO

Alex Barinka (Hacker News):

Dropbox Inc., the file-sharing private company valued at $10 billion, has filed confidentially for a U.S. initial public offering, people familiar with the matter said.


Unlike money-losing Snap, Dropbox will come to the table with annualized sales of more than $1 billion, Chief Executive Officer Drew Houston said in an interview last year. It’s also been profitable, excluding interest, taxes, depreciation and amortization. Those benchmarks are the product of more than two years of focusing the company, expanding its product suite for businesses and reining in expenses, Houston said at the time.


As of August, Dropbox had 500 million users, including 200,000 businesses, storing and sharing files online through its cloud service.

Previously: Dropbox Secures $600M Credit Line.

Friday, January 12, 2018

Former Apple Intern Looks Back at Designing First Apple Emoji in 2008

Angela Guzman (via Juli Clover, Hacker News):

My first emoji was the engagement ring, and I chose it because it had challenging textures like metal and a faceted gem, tricky to render for a beginner. The metal ring alone took me an entire day. Pretty soon, however, I could do two a day, then three, and so forth. Regardless of how fast I could crank one out, I constantly checked the details: the direction of the woodgrain, how freckles appeared on apples and eggplants, how leaf veins ran on a hibiscus, how leather was stitched on a football, the details were neverending. I tried really hard to capture all this in every pixel, zooming in and zooming out, because every detail mattered. And for three months I stared at hundreds of emoji on my screen. Somewhere in there we also had our first Steve Jobs review, which had created a shared experience of suspense and success when they were approved for launch. And if Steve said it was good to go, I’d say lesson in craftsmanship, check.

Sometimes our emoji turned out more comical than intended and some have a backstory. For example, Raymond reused his happy poop swirl as the top of the ice cream cone.

Birdcage Liners

Joel Spolsky (Hacker News):

Rather than providing a constant stream of satisfying news and engagement with friends, Facebook’s algorithm had learned to give me a bunch of junk I didn’t need to hear, and only gave me intermittent rewards through the occasional useful nugget of information about friends. Once in a blue moon I would hear about a friend’s accomplishment or I would find out that someone I like is going to be in town. The rest of the time I would just get the kind of garbage newspaper clippings[…]


Both Twitter and Facebook’s selfish algorithms, optimized solely for increasing the number of hours I spend on their services, are kind of destroying civil society at the same time.


The good news is that Facebook suddenly realized what they had done, and today they announced a pretty major change of direction. They want the feed to leave people feeling like “more connected and less lonely,” so they have actually decided to sacrifice “engagement.” Mark Zuckerberg posted, “By making these changes, I expect the time people spend on Facebook and some measures of engagement will go down. But I also expect the time you do spend on Facebook will be more valuable.”

Cory Doctorow:

There is a war for your attention, and like all adversarial scenarios, the sides develop new countermeasures and then new tactics to overcome those countermeasures. The predator carves the prey, the prey carves the preda tor. To get a sense of just how far the state of the art has advanced since Farmville, fire up Universal Paperclips, the free browser game from game designer Frank Lantz, which challenges you to balance resource acquisi tion, timing, and resource allocation to create paperclips, progressing by purchasing upgraded paperclip-production and paperclip-marketing tools, until, eventually, you produce a sentient AI that turns the entire universe into paperclips, exterminating all life.

Update (2018-01-12): See also: John Gruber.

Update (2018-01-14): Andy Coravos:

Wait. @instagram strategically withholds “likes” from users that they believe might disengage hoping they'll be disappointed and recheck the app?! Harvesting painful insecurities. This is so messed up.


In case you’re not trained in cutting PR wood: They will not completely “eliminate” news (no one thought that anyway) but show “less”. Will hurt the business of news organizations? You bet, but who cares? Will it hurt Facebook’s business? Probably, at least a bit. So why do they go this way? Next Wednesday, Facebook is set to appear at another hearing on Capitol Hill, along with Twitter and YouTube, about the online spread of extremist propaganda.

Tyler Cowen:

In essence, they are blaming the media, without having to throw the stones themselves. Americans respond positively to attacks on the media, so this is a strong public relations move. Facebook retains the option of blaming the media more explicitly for its previous troubles, if need be.

Update (2018-01-15): Sarah Mei:

I find it really hard to believe that instagram chose eventual consistency for likes specifically so they could drive re-engagement. Let me walk you through how this sort of thing scales up.

Mike Krieger:

To be super clear, we don’t do this.

Frederic Filloux:

Consider us notified. Facebook is done with journalism. It will happen, slowly, gradually, but the trend is here.

Update (2018-01-16): See also: Nick Heer.

Update (2018-01-17): Ben Thompson:

So excuse me if I take Facebook’s pronunciations about the harm its business will soon befall with a rather large grain of salt. The company has already demonstrated it has pricing power such that its advertising revenue can continue to grow strongly even as the number of ads-per-user plateaus; moreover, that power further complicates any attempt to understand Facebook’s motivation.


It follows that Facebook’s ultimate threat can never come from publishers or advertisers, but rather demand — that is, users. The real danger, though, is not from users also using competing social networks (although Facebook has always been paranoid about exactly that); that is not enough to break the virtuous cycle. Rather, the only thing that could undo Facebook’s power is users actively rejecting the app. And, I suspect, the only way users would do that en masse would be if it became accepted fact that Facebook is actively bad for you — the online equivalent of smoking.

This is why I find Facebook’s focus on what is good for users to be so fascinating. On one level, maybe the company is, as they can afford to be, simply altruistic. On another, perhaps they are diverting attention from problematic trends in user engagement. Or perhaps they are seeking to neutralize their biggest threat by addressing it head-on.

Swift Code Generation at Uber

Tuomas Artman:

For images, the tooling would run through the asset catalogs associated with each project target, find relevant images, and generate a static struct with non-null accessors for all the images. Continuous integration would run the tooling too, making sure that if anyone accidentally deleted an image from any of the asset catalogs, the revision would fail to build and the erroneous change would not land.

For localized strings, a similar struct would be constructed. Additionally, the tooling would recognize localized strings that require input variables and generate API that guarantees that the string is only accessed with the correct parameters.


The information required to generate mock classes already exists in the Swift protocol. For Uber’s use case, we set out to create tooling that would let engineers automatically generate test mocks for any protocol they wanted by simply annotating them.

Previously: Sourcery: Template-Based Code Generation for Swift.

Matias RGB Backlit Wired Aluminum Keyboard


With a generous 2mm of key travel, typing feels as tactile and responsive as any of the best laptop keyboards.

Via Jeff Benjamin:

To adjust the color of the RGB Backlit keyboard, Matias has included a handy spectrum color dial for quickly adjusting hues. Turning the dial all the way to the left or right turns the backlight white, while moving in between cycles through the full RGB color spectrum.

Matias has also wisely designed the keyboard to reduce blue hues as you move away from 100% white. As you dial the keyboard back from hard left or hard right, the keyboard’s RGB system will preferentially reduce the blue component first, resulting in softer whites that research has suggested may be more conducive to sleep.

I don’t personally care for keyboard backlighting, but I have renewed interest in wired keyboards since macOS 10.13 continues to have Bluetooth disconnection problems and does not always recognize wireless keyboards at boot. Apple no longer makes a wired keyboard. Its wireless one is $129 and bendy.

Matias confirmed to me that its $99 keyboard does not require any third-party software to toggle whether fn is necessary to use the media/function keys. However, unlike with Apple’s keyboards, the fn key cannot be used by itself (e.g. for activating Diction or LaunchBar).

How does it feel? I have no idea. I liked Matias’s previous (widely praised) Tactile Pro, though I found the keys a bit stiff and was bothered by their high-pitched ringing sound. Matias already sells a wired aluminum keyboard for $59. The lone Amazon review for it isn’t favorable, though Jeff Benjamin likes his wireless one (which has lots of Amazon reviews).

On the subject of keyboards, I also found this article by Jacob Kastrenakes interesting (via Wojtek Pietrusiewicz):

Dell is introducing a 15-inch version of its XPS 2-in-1, after debuting a 13-inch model last year, but this isn’t just a scaled-up version of the original; it’s a much more powerful computer with some unique tweaks.

Among the most interesting quirks is the laptop’s keyboard: though it looks and feels just like typical Dell keyboard, it’s built using a brand-new mechanism that relies on magnets. The keys are still physically held in place at their corners, but there are now magnets beneath them to provide feedback. By controlling the strength of their repulsion, Dell can create a deeper, clickier feeling for the keys than their 0.7mm travel would normally allow.

Apple’s Indirect Presence Fades From CES

Ben Bajarin:

We would go to CES and remark at how Apple’s dominance loomed over the show. Vendors of all shapes and sizes were rushing to be a part of the Apple ecosystem. Apple’s ecosystem was front and center with everything from iOS apps, to accessories galore for iPhone and iPad, and even companies looking to copy Apple in many ways. The last year or so, things have dramatically changed, and that change is further evident at this year’s CES.

Gone are the days of Apple’s presence, or observably “winning” of CES, even though they are not present. It was impossible to walk the show floor and not see a vast array of interesting innovations which touched the Apple ecosystem in some way. Now it is almost impossible to walk the floor and see any products that touch the Apple ecosystem in any way except for an app on the iOS App Store. The Apple ecosystem is no longer the star of CES but instead things like Amazon’s Alexa voice platform, and now Google’s assistant voice platform is the clear ecosystem winners of CES.

Jason Snell (long thread):

He says “a vast array of interesting innovations which touched the Apple ecosystem,” but all I remember are cases, earbuds, batteries, styluses, and speaker docks.

John Gruber:

It may or may not mean anything for Apple, but I do think this is an interesting and undeniable observation.

Nick Heer:

But I have another theory: maybe CES is full of companies trying to carve their own little space with expensive gadgets that don’t work well and, ultimately, are of little relevance to what consumers will actually want or buy. Sure, there were plenty of products shown that work with Apple’s ecosystem — mostly HomeKit — but so much of what is shown at CES is just gadgetry for the sake of gadgetry. Does it matter how much Apple’s influence is felt at a showcase of stuff that’s mostly irrelevant?

Update (2018-01-12): Federico Viticci:

The difference, I think, is that this new generation of home automation products is an ecosystem in itself with higher value than, say, the iPad keyboards or stylii we used to see at CES. Alexa hasn’t “won”, but it has momentum among third-party companies making products that are or will soon be in our homes, sharing the same space of our TVs, routers, consoles, and mobile devices.

Improving URLs for AMP Pages

Malte Ubl (Hacker News):

We are making changes to how AMP works in platforms such as Google Search that will enable linked pages to appear under publishers’ URLs instead of the URL space while maintaining the performance and privacy benefits of AMP Cache serving.


Based on this web standard AMP navigations from Google Search can take advantage of privacy-preserving preloading and the performance of Google’s servers, while URLs remain as the publisher intended and the primary security context of the web, the origin, remains intact. We have built a prototype based on the Chrome Browser and an experimental version of Google Search to make sure it actually does deliver on both the desired UX and performance in real use cases.

John Gruber:

This announcement isn’t bad news, and might be good news, but at this point it’s all conjecture, particularly for browsers other than Chrome. Even if it all works out, it only solves one problem: URLs. It doesn’t solve the deeper problem of content being hosted on Google’s servers, rather than publishers’ own servers. In addition to ceding independence, think about what this means for search engines other than Google. One of AMP’s foundational tenets is that Google Search is the one and only search engine.

Thursday, January 11, 2018

ScreenShield: SDK to Prevent Screenshots


ScreenShield is a patent-pending technology that allows you to view an app’s content on your screen but prevents you from taking a screenshot of it. If you try to take a screenshot on Confide, you will now simply capture a blank screen. ScreenShield also protects against other forms of screen capture, including iOS 11 screen recording, AirPlay screen mirroring, QuickTime screen recording as well as taking screenshots from the app switcher or by using Xcode.

We initially developed ScreenShield for Confide, but quickly realized that it could be used in a large number of apps — far more than we could build ourselves. That’s why we created ScreenShieldKit — to offer the ScreenShield technology to 3rd-party developers for use in a variety of different apps and categories.

Via John Gruber:

My best guess as to how they’re doing this is that they’re using AVPlayer and somehow using FairPlay Streaming to block screenshots and recording. (Where by “my” best guess I mean the best guess of a smart friend who poked around the Confide app bundle.) Have you ever noticed how you can’t take screenshots of streaming video content in apps like Netflix and HBO Go/Now? That’s a feature in iOS (and MacOS — try taking a screenshot of Netflix video playing in Safari) for skittish video providers who don’t want us to capture even a still frame of their precious content. I think ScreenShieldKit is somehow using this to prevent screenshots or video captures of text or images.


If I’m reading their application correctly, Confide also has also filed for a patent for a way to identify when you’re using another device to take a photo of your screen.


Please do not use FairPlay to block screen capture of non-premium video content. It’s not for your ‘secure’ messaging app.

Running Old iOS Versions

Apple Toolbox:

We were surprised to find out today that Apple is suddenly allowing users to downgrade their operating systems. If you have an older iPhone or an older iPad and were always a big fan of the older iOS and wished you had never upgraded your device, this may be your window of opportunity.


It appears that this was a mistake at Apple. The window of opportunity only lasted a few hours. They have stopped signing older iOS versions now.

Steve Troughton-Smith:

It’s a little frustrating that enabling the installation of older iOSes is a switch that Apple can [accidentally] flick at will, yet developers asked for firmware downgrades for years to set up test devices 🤷 (I know, testing is an alien concept to current Apple… 🙃)


Our Corellium Hypervisor for ARM enables us to run virtual iPhones in the cloud with game-changing features like:

  • Run any version of iOS
  • On demand thread list & kernel backtrace
  • Optional jailbreak for any version
  • Web-based debugging
  • And much more!

Did they get a special license from Apple to do this?

Tetris Entitlements

Olly Browning:

Lol at the Tetris app apparently needing:

  • The contents of your music library
  • Your music history
  • All of your photos
  • All of your videos

…to apparently deliver “higher quality advertising EXPERIENCES” to you.

See also: Reddit.

Apple Comments on AirPort’s Future

Christian Zibreg (via Matt Birchler):

As Apple started selling the first third-party Wi-Fi router in the form of Linksys’ Velop, its spokesperson provided a comment regarding the future of its own AirPort line of appliances.

In a statement to 9to5Mac, which first spotted the presence of Velop devices on Apple’s online and retail stores, Apple acknowledged that it’s still selling AirPort Wi-Fi base stations: […] Unfortunately, the cryptic comment doesn’t say whether Apple plans on keeping AirPort alive.

Tim Cook in 2009:

We believe that we need to own and control the primary technologies behind the products we make, and participate only in markets where we can make a significant contribution.

We believe in saying no to thousands of projects so that we can really focus on the few that are truly important and meaningful to us.

Previously: Apple Abandons Development of Wireless Routers.

Update (2018-01-12): Nick Heer:

A reader email reminded me that Apple took at least two months to patch their base station products to protect against a significant WiFi vulnerability. iOS and MacOS were updated within two weeks. I don’t know if the thirdhand information I have is right, of course, but the general thrust of the reports I’ve seen and moves Apple has made when it comes to their AirPort lineup strongly suggests that they’re not interested in the WiFi router market much longer.

Update (2018-01-14): David Sparks:

Remember when the Apple Airport was the best home WiFi solution? I sure do.

Sharing Links From iOS Twitter Appends Tracking Garbage to the URL

Benjamin Mayo:

There’s been a change to the official Twitter app in the last few months that affects anyone who tries to share a URL from inside the app. Using the standard activity view controller, recognised as the system share sheet, the Twitter app surreptitiously appends some query string parameters to the original URL.


If the user commits to sharing the URL without amending the link, Twitter can see that its iOS app was the origin of the engagement if that URL is posted publicly.


If you share to Bear, the string will literally contain the words ‘Bear-iPhone-Sharing-Extension’. One of the more obtuse ones I’ve seen is com.tinyspeck.chatlyio.share … but a quick Google search reveals that it represents the Slack sharing extension.

The fact that thee last component changes dynamically based on what action the user selects feels invasive if you don’t know what’s going on at the API level. Users are told that the activity share sheet is managed by Apple so instinctively it feels like being able to grab the activity type is nefarious.

App Store System Preferences Can Be Unlocked With Any Password

Joe Rossignol (Hacker News):

A bug report submitted on Open Radar this week has revealed a security flaw in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password.


Apple has fixed the bug in the latest beta of macOS 10.13.3, which currently remains in testing and will likely be released at some point this month. The bug doesn’t exist in macOS Sierra version 10.12.6 or earlier.


It’s worth noting that the App Store preferences are unlocked by default on administrator accounts, and given the settings in this menu aren’t overly sensitive, this bug is not nearly as serious as the earlier root vulnerability.

Michael Love:

This is damning, less in and of itself and more because the fact that it’s architecturally possible suggests that much of OSX security is a facade.

Matt Birchler:

This one event isn’t the end of the world, but this is how reputations degrade over time. Apple needs a software win soon, because it’s really just been a streak of bad news for them for months.

See also: Ryan Jones and Rene Ritchie.

Previously: High Sierra Bug Allows Root Access With Blank Password, Encrypted APFS Volume’s Password Exposed as Hint.

Update (2018-01-11): See also: Lloyd Chambers.

Tuesday, January 9, 2018

Unregistering Block-based NotificationCenter Observers

Ole Begemann:

Yes, you still have to unregister block-based observations manually (as of iOS 11.2). The documentation for removeObserver(_:) is at least misleading if not wrong.


When you do the unregistering in deinit, you must make sure not to capture self in your observer block. If you do, your deinit will never get called because the block retains self (preventing its destruction) and the notification center holds a strong reference to the block. Your object will live forever.


I suggest you write a small wrapper class for the observation token the notification center returns to you. The wrapper object stores the token and waits to be deallocated. Its only task is to call removeObserver(_:) in its own deinitializer[…]

Previously: NSNotificationCenter With Blocks Considered Harmful.

Pop-up Mobile Ads That Trap

Lily Hay Newman:

Ads that automatically redirect you from your daily browsing to a flashy sweepstakes have long been an incredibly annoying facet of the internet. But the versions that have evolved on the mobile web are particularly vexing, because they can trap you with a pop-up “notification” and nowhere to go.

These redirects can show up seemingly out of the blue when you’re in a mobile browser like Chrome, or even when you’re using a service like Facebook or Twitter and navigating to a page through one of their in-app browsers. Suddenly you go from loading a news article to wriggling away from an intrusive ad. What enables these ad redirects to haunt virtually any browser or app at any time, rather than just the sketchy backwaters in which they used to roam? Third-party ad servers that either don’t vet ad submissions properly for the JavaScript components that could cause redirects, or get duped by innocent-looking ads that hide their sketchy code.


Sometimes the ads are even designed to block your “Back” button, or keep redirecting when you try to close them, making it difficult to escape without having to restart the browser.

Even ads from top, reputable sites do this.

Using HTTP to Avoid Mixed Content Warnings From Ads

MyFitnessPal (via Matt Birchler):

Although our home page at may not indicate the presence of https in your browser’s interface, the actual login “lightbox” or pop-over window on the home page does send your login credentials via https.

Once logged in, however, most data interactions on the site are not sent via https. This is a concession we have made in order to be able to offer our health and fitness tools for free. Our revenue model is mostly comprised of presenting advertising on the site. We work with a number of ad aggregation companies, and these partners serve their ads to us via http. As a result, we cannot serve most pages of the site via https without badly reducing the usability of the site. As but one example, many browsers and internet security programs are prompted to present warnings to users because of “mixed content” on pages of our site, when some content on a given page is sent via SSL and some is not.

Is there an advantage to the ad companies in not offering HTTPS?

The Kindle Moment: Fire and Fury

Kirk McElhearn:

You’ll note that the Kindle version currently costs more than the (unavailable) hardcover. This is a sort of surge pricing for books; why discount the hottest book of the season? It’s not a loss leader like the latest novels by Dan Brown or Stephen King, it’s a must-read that people want now, because it won’t be as interesting in a week, after many of the salacious elements are reported in the press.

It’s not often that a book like this drives demand so much that the publisher can’t keep up. Amazon is stepping in to help meet that demand, shifting a lot of readers from print to ebook. Even if they don’t have Kindles, they can read it on their phones or tablets.

I bet there are a lot of shared highlights.

Reverse-Engineering the iPhone X Home Indicator Color

Nathan Gitter:

  1. The home indicator’s color is determined by the system and cannot be modified directly.
  2. The home indicator’s color is determined by the content underneath, and it is not always a solid color.
  3. The home indicator on the simulator is not an accurate representation of the home indicator on a real device.
  4. The home indicator animates to its new color(s) when the content underneath changes.
  5. The home indicator is either in a “light” or “dark” state.


If a screen in your app has a background color in the middle range where the home indicator could be either light or dark, you may prefer one style over the other. If the status bar is white, for example, it may look more visually balanced if the home indicator is white as well. Being aware of the home indicator’s nuanced behavior can help ensure that it doesn’t accidentally animate between light and dark when it could be distracting to the user.

Monday, January 8, 2018

Conditional Conformance in the Standard Library

Ben Cohen:

The most noticeable benefit of conditional conformance is the ability for types that store other types, like Array or Optional, to conform to the Equatable protocol. This is the protocol that guarantees you can use == between two instances of a type.


Having equatable elements gives collections other helper functions for tasks like searching[…]


This approach also works for Codable. If you try and encode an array of non-codable types, you’ll now get a compile-time error instead of the runtime trap you used to get.


If the collection we’re splitting is bidirectional, we ought to be able to make our splitting wrapper bidirectional too. In Swift 4.0, the way to do this was pretty clunky. You had to add a whole new type, LazySplitBidirectionalCollection, which required Base: BidirectionalCollection and implemented BidirectionalCollection. Then, you overloaded the split method to return it where Base: BidirectionalCollection.

Now, with conditional conformance, we have a much simpler solution: just make LazySplitCollection conform to BidirectionalCollection when its base does.

iCloud Drive Can Strip Metadata From Your Documents


Apps create files and directories in iCloud container directories in exactly the same way as they create local files and directories. And all the file’s attributes are saved, if they add extended attributes to a file, those attributes are copied to iCloud and to the user’s other devices too.

Howard Oakley:

I have examined files with a rich collection of extended attributes, under 10.12.6 and 10.13.2, on local storage and in iCloud Drive. This confirms that most xattrs are stripped by iCloud Drive in this fashion.

Xattrs removed include:

  • net_sourceforge_skim-app_ series
  • net_sourceforge_skim-app_notes
  • net_sourceforge_skim-app_rtf_notes
  • net_sourceforge_skim-app_text_notes
  • co.eclecticlight.[any]


Xattrs which are preserved include:

  • series

For me, iCloud Drive preserves tags, but labels, resource forks, and any third-party extended attributes have always been lost. I don’t understand why Apple’s documentation claims otherwise.

Previously: Dropbox 1.0.

Update (2018-01-09): See also: Hacker News.

Update (2018-01-12): See also: Howard Oakley.

Update (2018-01-29): Howard Oakley:

When you access your iCloud Drive from two or more client systems, iCloud Drive knows which files originated from each of the clients, and keeps track of that.


What is most startling is the way that it adds an apparently unique xattr of type to many files within application bundles. iCloud Drive doesn’t appear to add quarantine flags (, but adds instead – only when accessed from a second client.


Some* xattrs, like and, always get stripped; others will only be stripped if they exceed a certain size, which varies according to the type of xattr. All xattrs of 80 KB or larger are removed, but iCloud allows, for example, to reach 24 KB size and leaves it intact. If you rely on a particular xattr passing unscathed through iCloud’s filters, you need to test it carefully over a range of sizes and situations.

Update (2020-03-27): Howard Oakley:

However, when you access files which have been uploaded to iCloud from a different Mac or iOS device, iCloud doesn’t preserve all xattrs by any means. Some are often but not always preserved, others usually stripped, and one type invariably stripped.

How to Disable macOS High Sierra Upgrade Notifications

Elizabeth Jones (via John Gordon):

Every time I turn on my MacBook (2017,) it immediately starts up with that exasperating High Sierra notice to upgrade to High Sierra so I can “enjoy the latest technologies and refinements.” And it’s even popping up on my iMac (2015 with Fusion Drive,) that Apple itself recommends NOT updating to High Sierra.


After spending a lot of time trying things, I came upon the easiest of solutions, all done within the Mac App Store.

  • Click on mac OS High Sierra Notifications Details option OR just open Mac App Store
  • In the banner for macOS High Sierra, control-click anywhere inside that banner
  • Select Hide Update and bingo, no more notification!

However, updating to macOS 10.13 is currently the only way to get Apple’s Meltdown security update.

Update (2018-01-11): Andrew Abernathy:

Welp. I just got another alert to upgrade to High Sierra despite having hidden the update yesterday. :(

Let Facebook Rejoin the Open Web

Dave Winer:

The fact that I have to post a screen shot of his message is a perfect demo of the problem. I could have posted this on Facebook, but then I wouldn’t have been able to use links, style or images. The post couldn’t have a title. And if I wanted to include a podcast I couldn’t. Or I could post it on my blog, as I have, and link to the screen shot, because who knows what you’ll see if I post a direct link to the message.

Panic Discontinues Transmit for iOS

Cabel Sasser (Hacker News):

Transmit iOS made about $35k in revenue in the last year, representing a minuscule fraction of our overall 2017 app revenue. That’s not enough to cover even a half-time developer working on the app. And the app needs full-time work — we’d love to be adding all of the new protocols we added in Transmit 5, as well as some dream features, but the low revenue would render that effort a guaranteed money-loser. Also, paid upgrades are still a matter of great debate and discomfort in the iOS universe, so the normally logical idea of a paid “Transmit 2 for iOS” would be unlikely to help. Finally, the new Files app in iOS 10 overlaps a lot of file-management functionality Transmit provides, and feels like a more natural place for that functionality. It all leads to one hecka murky situation.


  • This does not affect Transmit 5 for Mac. It’s doing extremely well
  • This also does not affect Coda iOS and Prompt iOS, both of which are still going strong

Jason Snell:

Totally get why you are doing it, still makes me extremely sad. Wouldn’t it be nice if Files supported other server protocols directly?

This is a real bummer for me personally, because Transmit is a huge part of my iOS workflow.

Steve Troughton-Smith:

Transmit, an app for transferring files, spent most of its iOS lifetime on a platform that didn’t have a user-accessible filesystem or files, where users learned to do without—tough to gauge anything from its success or lack thereof up to this point. No doubt it’ll return someday

David Sparks:

What is even more upsetting is that an app of the calibre of Transmit for iOS is a financial failure and none of us are much surprised. There are so many iPads and iPhones out in the world. Granted not everyone will need a world-class file sharing app, but enough should need it that an app like Transmit for iOS can flourish.

If this were a simple problem, it would already be solved, but I think it is a combination of factors: hardware, operating system, software, and App Store climate.

Dr. Drang:

I don’t upload podcasts, but as I use my iPad Pro more and more (I’m writing on it now), Transmit—in particular, its Share Sheet—has become a important part of my blog writing process.

Matt Birchler:

I have transmit on the second page on my iPhone and the first page of my iPad. It’s one of the first apps I mention when talking about how much more I like iOS than Android as well as being one of the apps that lets me go Mac-free more easily.

Michael Rockwell:

I’m not sure if Panic would have found success by transitioning to a subscription-based business model or if charging more for Transmit would have actually resulted in more revenue. But it’s clear to me that Panic needed a way to get more money from users that rely on and loved using the app.

Stephen Hackett:

I can’t help but see this is a bad omen for the iOS productivity scene. An FTP client may not be as exciting as whatever the hot GTD app of the year may be, but it’s the type of app that signals stability.

Ruffin Bailey:

I’m also surprised by this...

Also, paid upgrades are still a matter of great debate and discomfort in the iOS universe, so the normally logical idea of a paid “Transmit 2 for iOS” would be unlikely to help.

Is that really not worth trying?

My guess: with the sales they had, it was an iffy proposition even if lots of customers upgraded, and surely they have other apps that are likely to offer a better return for their development time. If you’re already busy, do you hire more or just drop the app for now? I do expect that it will come back.

John Gruber:

iOS is a vastly bigger platform, but high-quality apps that you pay for to use for work still do better on the Mac. Sure makes me wonder just how much of App Store revenue is from games.

Nick Heer:

But something is clearly still not right in the App Store economy if developers are finding it as difficult as they are — generally speaking — to make a living building apps for one of the world’s biggest platforms. Making progress on this, I think, ought to be one of Apple’s highest priorities this year. 2018 marks the tenth anniversary of the App Store and, while they may generally be averse to marking historical milestones, it would be a shame if independent developers had less hope of a successful career this year than they did in 2008. Based solely on the revenue and growth Apple announced last Thursday, there should be hope for developers. The giant pool of money is clearly there; unfortunately, smaller developers simply aren’t seeing enough of it. Whether that change must start with things Apple controls, or developers, or users, I don’t know, but it would be a shame if the App Store becomes the place for virtually all users to download Facebook Messenger, Google Maps, and a manipulative game — and that’s it.

Previously: Status Board Discontinued.

Update (2018-01-09): Cabel Sasser:

🤔 An interesting mental debate today after a weekend of intense thoughts and feedback from users: what’s worse, pulling an app from sale that you can’t reasonably maintain, or letting it sit in the App Store unmaintained?

② Pulling from sale is ripping off the band-aid. It doesn’t feel great to do, it makes some people feel dumb for buying your app (which I hate), it makes you look a bit stupid (which I hate). But it’s honest and truthful and is appreciated by many:

③ On the other hand, keeping it in the store unmaintained means people can still find it and buy it and use it! It does a ton today! But feels gross to sell an uncertain future? And how long until it breaks? And how long until you’re buried in 1-star “app is abandoned!” reviews?

④ I have no great answer. But I’ll note we’ve dropped 5 apps in our lifetime (Audion, CandyBar, Unison, Status Board, and Transmit iOS). Knowing when to hold ‘em and when to fold ‘em certainly isn’t the only reason we’ve been around for 20 years… but I bet it hasn’t hurt?

Update (2018-01-17): Federico Viticci:

It’s difficult to pin down what, exactly, made Transmit for iOS unprofitable. The iOS counterpart always lagged behind the cloud integrations from the Mac app (Backblaze B2 and Rackspace Cloud Files, for instance, never made it to iOS); Panic didn’t update Transmit to take advantage of major additions to iOS 11 such as Files and drag and drop; perhaps more importantly, Transmit for iOS is a product of the pre-iOS 11 era, back when the concepts of desktop-like file management and drag and drop were alien to the platform. Ultimately, I think Transmit for iOS lived and (slowly) died because we had it too soon.

But this isn’t a post-mortem for Transmit on iOS, which, according to Panic, may even relaunch as a new app on the Store someday. Instead, I’d like to take a quick tour of some of the alternatives for Transmit available on iPad today. In case Panic decides to pull Transmit from the App Store, or if the app stops working in a future release of iOS, these FTP clients and file managers should compensate for the features of Panic’s app. Most of them don’t offer the same sophisticated and polished UI design, but some of them may even turn out to be more flexible and better integrated with iOS than Transmit.

Computer Latency: 1977-2017

Dan Luu (tweet):

These are tests of the latency between a keypress and the display of a character in a terminal (see appendix for more details).


Compared to a modern computer that’s not the latest ipad pro, the apple 2 has significant advantages on both the input and the output, and it also has an advantage between the input and the output for all but the most carefully written code since the apple 2 doesn’t have to deal with context switches, buffers involved in handoffs between different processes, etc.

On the input, if we look at modern keyboards, it’s common to see them scan their inputs at 100 Hz to 200 Hz (e.g., the ergodox claims to scan at 167 Hz). By comparison, the apple 2e effectively scans at 556 Hz.

Previously: Touchscreen Latency.

Thursday, January 4, 2018

Fingerprinting Swift Code Using Spacecrypt


Spacecrypt works by converting your private message into binary data, and then converting that binary data into zero-width characters (which can then be hidden in your public message). These characters are used:

  • Unicode Character 'WORD JOINER' (U+2060)
  • Unicode Character 'ZERO WIDTH SPACE' (U+200B)
  • Unicode Character 'ZERO WIDTH NON-JOINER' (U+200C)

Craig Hockenberry (tweet):

It appears that these hidden payloads can work their way into code, not just data (such as the string shown above.)


I think this poses some serious issues, not just for Stack Overflow, but for the languages which are discussed on this Q&A site. Hidden characters in code make effective code review much more difficult. In the example above, a quick review of the code would lead someone to believe that foo * bar would be 11111111, not the actual value of 12345678987654321. This would be an easy way for someone to hide a security vulnerability in plain sight.

It’s also very difficult to see these hidden characters at the point-of-origin: They don’t appear at all in Safari’s Web Inspector and in Chrome the HTML entities blend right in with the other HTML and CSS for this site.

Update (2018-01-05): Craig Hockenberry:

And before you say, “just ban zero width joiners and combining characters”, remember that Emoji uses both extensively.

The T2 Chip Makes the iMac Pro the Start of a Mac Revolution

Jason Snell (Hacker News):

On most Macs, there are discrete controllers for audio, system management and disk drives. But the T2 handles all these tasks. The T2 is responsible for controlling the iMac Pro’s stereo speakers, internal microphones, and dual cooling fans, all by itself.


As for the disk controller? There isn’t one—or more accurately, the disk controller is built into the T2 itself. This gives the T2 complete control over internal storage on the iMac Pro. This has some major benefits in terms of speed and security. Every bit of data stored on an iMac Pro’s SSD is encrypted on the fly by the T2, so that if a nefarious person tried to pull out the storage chips and read them later, they’d be out of luck.


This new boot process means there’s also a new utility for Mac users to get to know: Startup Security Utility, which you can only access by booting into Recovery mode by holding down Command-R while starting up. Startup Security Utility gives the T2 guidance about just how strict it should be when judging whether it should boot your computer.

Update (2018-01-05): @nurtopsc:

Everyone is talking about Meltdown & Spectre, but no one is really talking about exploits enabled by the Intel Management Engine. I think Apple’s T2 solves this.

Update (2018-01-08): See also: Tim Perfitt and Rich Trouton.

Update (2018-01-16): Pepijn Bruienne:

If you didn’t spot it yet, it’s the apparent existence of an “Erase all content and settings” feature for macOS. As I noted in November, this would be possible with the iMac Pro’s T2 via mobile_obliterator

A Branchless UTF-8 Decoder

Chris Wellons (via Matías N. Goldberg):

The CPU must correctly predict the length of the code point or else it will suffer a hazard. An incorrect guess will stall the pipeline and slow down decoding.


This reads four bytes regardless of the actual length. Avoiding doing something is branching, so this can’t be helped. The unneeded bits are shifted out based on the length. That’s all it takes to decode UTF-8 without branching.

Dash’s Year in Review: 2017

Bogdan Popescu:

I’m happy to report Dash has had its best year to date. Revenue in 2017 was 30% higher than Dash’s previous best year, 2015.

Previously: 100 Days Without the App Store.

Alexa Everywhere

M.G. Siegler:

Look, I think Apple positioning the HomePod around music is smart — at least at first. Such a device strengthens and expands the Apple Music ecosystem, while giving Apple an avenue to focus on what they do best: creating high-end hardware sold at a premium.

But I think Amazon — and to a lesser extent Google — has not only established a market ahead of Apple’s entry, but has done so in such a way that will make the HomePod sound a bit out of touch upon launch. Again, I know this is a risky prediction to make. But per above, I also know that Amazon is the number one seller of speakers in the world right now. And they’re doing this not by focusing on quality, as Apple will, but by focusing on making their digital assistant, Alexa, ubiquitous.

Update (2018-01-15): Matt Birchler:

I didn’t understand how a voice assistant could possibly be more convenient by being somewhere stationary in my home, rather than in my pocket or on my wrist.

I’m here to say I was a fool.

Wednesday, January 3, 2018

Apple Acquires Buddybuild

Buddybuild (via Juli Clover, Hacker News, Reddit):

We’re excited to share that the buddybuild team has joined the Xcode engineering group at Apple to build amazing developer tools for the entire iOS community.

We’ve always been proud to be a Canadian company, so we’re also pleased that we will be staying right here in Vancouver — a hotbed of developer and engineering talent.


As of today, we are no longer accepting new customers. Existing Free Starter plans and Android app development will be discontinued on March 1, 2018.

On the one hand, this is good news because Xcode’s continuous integration needs lots of work. On the other hand, it sounds like this is the end of the Buddybuild product that people loved. I’ve been using Jenkins, which is a good, but it requires Java and is not especially easy to use or integrated with Xcode. On the plus side, it’s open source and so unlikely to strand its users like Buddybuild did.

Nick Lockwood:

Awesome! Apple just acquired some software I depend on. I look forward to uninterrupted service, followed by stability improvements and amazing new features!

- Nobody

John Sundell:

Sadly, this means BB can no longer be used for open source projects 😢


Apple has a very bad reputation when it comes to taking over products like this. TestFlight is the prime example. TestFlight basically disappeared for a year until coming back as a more limited and slower Apple branded service. And by slow I mostly mean, it takes 6 months for bugs to be fixed or for exciting things to happen. Agility and innovation of a startup basically ends when Apple assimilates a service.

From the blog posting it is also not very clear what will happen to existing iOS customers. Can I upgrade my plan? Can I expect service? Will the existing infrastructure be maintained?

Update (2021-03-02): Sami Fathi:

Vancouver-based app startup, Buddybuild, will officially shut down in the fall of this year following Apple’s acquisition of the company in 2018.

In an email sent to existing customers, Buddybuild says that services will no longer be supported as of March 31, 2021, and updates ceased. By the fall, the company will shut down operations altogether.

Decrypting an APFS Encrypted Volume Using diskutil

Rich Trouton:

However, the diskutil apfs decryptVolume command has been updated on macOS 10.13.2 to require additional authentication:


In order to decrypt using a user account’s password or personal recovery key (PRK), it is necessary to specify the following:

  1. The relevant user UUID
  2. The relevant account password or the PRK.

Some Useful URL Schemes in Xcode 9

Daniel Martín:

The new Xcode source editor, written in Swift, has a neat way to link between documentation and source code locations inside a project.


You can automatically clone repositories from GitHub by clicking on “Open in Xcode” in a repository that contains an Xcode project or workspace[…]


I happen to open the Devices and Simulators pane in Xcode quite frequently (accessible from Window, Devices and Simulators), typically to open crash logs. This is the URL scheme that I use to automate this step and manage my devices more quickly[…]

Alan Kay’s Thoughts, Old and New

Alan Kay, 1972 (via sdf):

A combination of this “carry anywhere” device and a global information utility such as the ARPA network or two-way cable TV, will bring the libraries and schools (not to mention stores and billboards) or the world to the home. One can imagine one of the first programs an owner will write is a filter to eliminate advertising!

iA Inc.:

The excerpts from recent Alan Kay emails are a gold mine. The text itself is a raw cut-up from a series of private emails. Kay argues that fundamental innovation and following objectives run counter to each other. Very much like art, fundamental research needs to be free from objective purpose.

Intel CPU Design Flaw Necessitates Kernel Page Table Isolation

John Leyden and Chris Williams (tweet):

A fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.


Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we’re looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model.


Similar operating systems, such as Apple’s 64-bit macOS, will also need to be updated – the flaw is in the Intel x86-64 hardware, and it appears a microcode update can’t address it. It has to be fixed in software at the OS level, or go buy a new processor without the design blunder.


The fix is to separate the kernel’s memory completely from user processes using what’s called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.

Tom Lendacky (via Hacker News):

AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.

I wonder when Apple will have a macOS update and whether it will ship any Macs with AMD processors, depending on how long it takes Intel to develop a fix.

Ian King and Jing Cao (via Hacker News):

AMD shares surged as much as 7.2 percent to $11.77 Wednesday. Intel fell as much as 3.8 percent, the most since April, to $45.05.


The Santa Clara, California-based company’s chips have more than 80 percent market share overall and more than 90 percent in laptops and servers.

See also: The mysterious case of the Linux Page Table Isolation patches.

Update (2018-01-03): Alex Ionescu:

The question on everyone’s minds: Does MacOS fix the Intel #KPTI Issue? Why yes, yes it does. Say hello to the “Double Map” since 10.13.2 -- and with some surprises in 10.13.3 (under Developer NDA so can’t talk/show you).

The performance drop on a system with PCID is minimal. Most Macs have PCID.

Michael Larabel (via Hacker News):

I’ve been running some benchmarks and will have some more extensive tests soon, but given all the emails today about the issue, here are my initial benchmark numbers on two systems.

See also: MacRumors.

Update (2018-01-03): Intel (Hacker News):

Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.

Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors[…]

At first, I didn’t like how they wrote this in such a way as to imply that AMD and ARM processors are among those affected, but apparently maybe they are.

See also: Pierre Lebeaupin.

Matt Linton and Pat Parseghian:

The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.

These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.


The Project Zero researchers discovered three methods (variants) of attack, which are effective under different conditions. All three attack variants can allow a process with normal user privileges to perform unauthorized reads of memory data, which may contain sensitive information such as passwords, cryptographic key material, etc.


oh, and one last thing: the thing that gets me most about this exploit is it isn’t really a single exploit, it’s a whole category of exploits. verifying that no further attacks exist sounds EXTREMELY hard.

See also: Hacker News.

Juli Clover:

ARM and AMD have both issued statements following Intel’s press release. AMD says there is a “near zero risk” to AMD processors at this time, while ARM says its processors are vulnerable.

Update (2018-01-04): Meltdown and Spectre:

These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.

ARM (archive, Hacker News):

The majority of Arm processors are not impacted by any variation of this side-channel speculation mechanism. A definitive list of the small subset of Arm-designed processors that are susceptible can be found below.

Via Bob Burrough:

Arm’s response is downright misleading.

Microsoft Azure:

The majority of Azure infrastructure has already been updated to address this vulnerability. Some aspects of Azure are still being updated and require a reboot of customer VMs for the security update to take effect.

Troy Wolverton:

Intel CEO Brian Krzanich sold off $24 million worth of stock and options in the company in late November.


Intel says the stock sale was unrelated to the vulnerability, but came as part of a planned divestiture program. But Krzanich put that stock sale plan in place in October — several months after Intel was informed of the vulnerability.

Linus Torvalds (via The Register):

I think somebody inside of Intel needs to really take a long hard look at their CPU’s, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed.

.. and that really means that all these mitigation patches should be written with “not all CPU’s are crap” in mind.

Or is Intel basically saying “we are committed to selling you shit forever and ever, and never fixing anything”?

Aaron Pressman (via Alex Ionescu):

AMD said its chips were affected by some but not all of a series of related security exploits uncovered by researchers. AMD has already developed a simple software fix for its chips that will not impact PC performance, an AMD spokesman said. “Due to differences in AMD’s architecture, we believe there is a near zero risk to AMD processors at this time,” the company said in a statement. “We expect the security research to be published later today and will provide further updates at that time.”

Microsoft Edge Team (via Steve Troughton-Smith):

These techniques can be used via JavaScript code running in the browser, which may allow attackers to gain access to memory in the attacker’s process.


Initially, we are removing support for SharedArrayBuffer from Microsoft Edge (originally introduced in the Windows 10 Fall Creators Update), and reducing the resolution of in Microsoft Edge and Internet Explorer from 5 microseconds to 20 microseconds, with variable jitter of up to an additional 20 microseconds. These two changes substantially increase the difficulty of successfully inferring the content of the CPU cache from a browser process.

Mozilla (Hacker News):

Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox.  This includes both explicit sources, like, and implicit sources that allow building high-resolution timers, viz., SharedArrayBuffer.

Chromium (via Yehuda Katz):

Chrome allows users to enable an optional feature called Site Isolation which mitigates exploitation of these vulnerabilities. With Site Isolation enabled, the data exposed to speculative side-channel attacks are reduced as Chrome renders content for each open website in a separate process.


Don’t serve user-specific or sensitive content from URLs that attackers can predict or easily learn. Attackers can load such URLs in their attack pages (e.g. <img src=""/>) to get the sensitive information into the process rendering their page, and can then use out-of-bounds reads to discover the information. Use anti-CSRF tokens and SameSite cookies, or random URLs to mitigate this kind of attack.

Kevin Beaumont:

Okay there is another VERY IMPORTANT THING with Microsoft Meltdown patches - “Customers will not receive these security updates and will not be protected from security vulnerabilities unless their anti-virus software vendor sets the following registry key”

Joe Armstrong:

I think I might have said now and again that

“shared memory is the root of all evil”

now I should add

“Shared memory is the root of all security problems”

Aras Pranckevičius:

“Retpoline”, an optional compiler flag to deal with Spectre attack…. Landing to llvm/gcc as we speak. Virtual calls, as well as switch statements etc., are about to get more expensive.

Here’s the Hacker News thread about the LLVM patch.

Jacek Galowicz (Meltdown paper, PDF):

This kind of speculative execution does not only occur over branches: When a program accesses a specific cell of memory, the processor needs to decide if it is allowed to do so by consulting the virtual memory subsystem. If the memory cell has previously been cached, the data is already there and data is returned while the processor figures out if this access is legitimate. With speculative execution, the processor can trigger actions depending on the result of a memory access while working to complete the corresponding instruction.

If the memory access was not legitimate, the results of such an instruction stream need to be discarded, again. For a user application it is not possible to access the final result of any computation relying on such an illegitimate memory access. The interesting crux of this is that although retirement is correctly performed, all speculatively executed and then discarded instructions have still left some measurable effect on the cache subsystem…


While none of these spots contains anything useful before or after this sequence of machine code instructions, it is possible to make sure that the whole user space array is completely uncached/cold before executing them. After trying to execute them, it is necessary to recover from the page fault that the processor reacts with. But then, one of the spots in the user space array remains cached!

Finding out the offset of the cached/warm spot of memory in the user space array allows for calculating the actual value that was read from memory, which can be done by measuring access timings on each of the 256 spots that could have been touched by the speculative execution.

Spectre paper (PDF):

Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary. This paper describes practical attacks that combine methodology from side channel attacks, fault attacks, and return-oriented programming that can read arbitrary memory from the victim’s process. More broadly, the paper shows that speculative execution implementations violate the security assumptions underpinning numerous software security mechanisms, including operating system process separation, static analysis, containerization, just-in-time (JIT) compilation, and countermeasures to cache timing/side-channel attacks. These attacks represent a serious threat to actual systems, since vulnerable speculative execution capabilities are found in microprocessors from Intel, AMD, and ARM that are used in billions of devices.

See also:

Update (2018-01-05): See also:

Update (2018-01-08):mikeymikey:

Apple JUST updated today (Jan 5th) and REMOVED mention of 10.12 and 10.11 being fixed for CVE-2017-5754 aka #Meltdown

Only 10.13.2 contains the fix.

Juli Clover:

Apple today confirmed that it has addressed the recent “Meltdown” vulnerability in previously released iOS 11.2, macOS 10.13.2, and tvOS 11.2 updates, with additional fixes coming to Safari in the near future to defend against the “Spectre” vulnerability.

Zac Hall (Hacker News):

Apple has released an update to macOS High Sierra for all Macs running macOS 10.13.2. The supplemental security update likely addresses the Spectre flaw that affected Safari and may contain further mitigations for Meltdown.

Jon Masters:

At Red Hat, we’ve been working on mitigations for potential attacks under standard industry security embargos, deploying small, targeted teams operating on a “need to know” basis in order to prepare ahead of public disclosure. I was fortunate enough to be co-leading our efforts at mitigation of Meltdown and Spectre, alternatively known as variants 1, 2, and 3 of a family of similar attacks disclosed by Google Project Zero in a blog post on January 3rd. In the course of our efforts, we reproduced Meltdown (variant 3) in our labs, and examined other variants, while working alongside many of our trusted hardware partners on mitigations.

While we have a solid understanding of these vulnerabilities and the current analysis of the contributing factors as well as patches to mitigate their potential impact, we will continue to collaborate with our partners, customers and researchers on this situation. Additionally, we would like to help others to understand these complex issues, ideally using language and terms that don’t require the reader to be in the chip design business.

See also:

Update (2018-01-09): Andy Greenberg:

Yet when Intel responded to the trio’s warning—after a long week of silence—the company gave them a surprising response. Though Intel was indeed working on a fix, the Graz team wasn’t the first to tell the chip giant about the vulnerability. In fact, two other research teams had beaten them to it. Counting another, related technique that would come to be known as Spectre, Intel told the researchers they were actually the fourth to report the new class of attack, all within a period of just months.

“As far as I can tell it’s a crazy coincidence,” says Paul Kocher, a well-known security researcher and one of the two people who independently reported the distinct but related Spectre attack to chipmakers. “The two threads have no commonality,” he adds. “There’s no reason someone couldn’t have found this years ago instead of today.”

Gil Tene (via Hacker News):

PCID is now a critical feature for both security and performance.

Ezequiel Bruni (via Matt Birchler):

Even if we did magically get perfect fixes for the Meltdown and Spectre problems, this is going to spark a larger conversation about security and JavaScript in particular. I mean, what other bits of hardware could be compromised by a simple web page? This could happen again. No, to hell with that. This will happen again.

Filip Pizlo:

Spectre impacts WebKit directly. Meltdown impacts WebKit because WebKit’s security properties must first be bypassed (via Spectre) before WebKit can be used to mount a Meltdown attack.


This document explains how Spectre and Meltdown affect existing WebKit security mechanisms and what short-term and long-term fixes WebKit is deploying to provide protection against this new class of attacks.

This is a great write-up.

See also: CommitStrip (via Andy Bargh).

Update (2018-01-11): See also:

Update (2018-01-14): Jérôme Segura:

Online criminals are notorious for taking advantage of publicized events and rapidly exploiting them, typically via phishing campaigns. This particular one is interesting because people were told to apply a patch, which is exactly what the crooks are offering under disguise.

Marcel Weiher:

I just retested the stock mkfile after the meltdown patch, and I/O rates are now down to a measly 61.5MB/s, measured both by wall-clock (well, time) and iostat. That’s actually 1/4 the throughtput measured before, but the new timing is also with APFS enabled. Using large buffers to minimize the number of sys calls and presumably effectively eliminates the meltdown penalty shows the maximum throughput with APFS to be reduced by about 20% compared to before, to 1.6GBs.

Update (2018-01-15): Cameron Kaiser:

Tip of the hat to miniupnp who ported the Spectre proof of concept to PowerPC intrinsics. I ported it to 10.2.8 so I could get a G3 test result, and then built generic PowerPC, G3, 7400, 7450 and G5 versions at -O0, -O1, -O2 and -O3 for a grand total of 20 variations.

Jean-Louis Gassée:

It now appears that “in principle” trouble with microprocessors was understood more than 20 years ago. In a 1995 paper titled The Intel 80x86 Processor Architecture: Pitfalls for Secure Systems, authors Sibert, Porras, and Lindell described architecture subtleties and implementation errors that made many x86 processors undesirable for secure systems. In particular, the paper’s authors pointed to memory architecture flaws that allow unwanted peeks into “protected” processes — precisely the sort of trouble that we’re seeing today.

The concern that Sibert et al expressed decades ago and its realization as Meltdown and Spectre should shake our old habits of the mind. We’ve come to believe that while software is a petri dish of deadly germs, the CPU is a reliable, antiseptic “hard truth”.

See also: Adrian Colyer.

Update (2018-01-19): Bloomberg:

In 2013, a teenager named Jann Horn attended a reception in Berlin hosted by Chancellor Angela Merkel. He and 64 other young Germans had done well in a government-run competition designed to encourage students to pursue scientific research.

In Horn’s case, it worked. Last summer, as a 22-year-old Google cybersecurity researcher, he was first to report the biggest chip vulnerabilities ever discovered.

Update (2018-01-22): See also: Linus Torvalds (Slashdot, Hacker News) and Bloomberg (Hacker News).

Update (2018-01-23): Juli Clover:

Along with macOS High Sierra 10.13.3, Apple this morning released two new security updates that are designed to address the Meltdown and Spectre vulnerabilities on machines that continue to run macOS Sierra and OS X El Capitan.

Tuesday, January 2, 2018

Apple in 2018

Jason Snell:

In 2018, I want to see a new Mac Pro. But more than that, I want to see it really live up to Apple’s statements that it will be modular and expandable.


2018 is the year for the Mac mini revival. The Mac mini is never going to be a major part of Apple’s Mac product line, but it adds a huge amount of versatility to the platform, and that’s reason enough to keep it around.


But for the third straight year, I’m also hoping that we’ll see a proper MacBook update, one that does more than just speed up the internals.


I think it’s time for Apple to backtrack on a design misstep and change the keyboard on the MacBook Pro. A pro laptop deserves a great keyboard, not one that was built as a compromise in exchange for the ultra-thinness of the MacBook.


If Apple’s truly committed to the Touch Bar for the long term, it’s time to see some progress.


The most important thing to do is keep the platform stable. Reduce bugs, remove security flaws, and keep everything running smoothly.

Rene Ritchie:

Apple gets told it’s wrong so goddamn always the company can no longer tell when it’s really wrong. At least not in a way that prevents it from happening or course-corrects it quickly.

Hopefully, iMac Pro and the upcoming new Mac Pro are signs Apple recognizes this danger. Not just at the highest end of the lineups and not just after the fact — but across all of its products and well in advance of what’s going into production next.


These products have not been significantly updated in years yet they’re still being sold. Apple hasn’t discontinued any of them but it also hasn’t shown any sign of them being continued.

Apple typically doesn’t talk about future products. It leaves the old product up, unchanged, until a new product comes along to replace it. And that works, when we’re talking a year, maybe two at the outside. When we’re talking multiple products over multiple years, it stops working.


These are all growing pains. The problems that come with a company based on focus having to focus on multiple things at the same time. They’re problems of scale.

But unless Apple wants to go back to only making one or two products, its the core problem Apple absolutely has to solve in 2018.

Maynard Handley:

Yes it’s hard to slot new people into existing extremely difficult programming like the kernel.

It is NOT hard to hire merely competent people to fix the on-going bugs in apps like Finder or iTunes, or to write tests, or to deal with BugReporter reports.

Juli Clover:

Let us know what you want to see in the comments, and make sure to check out our What to Expect post to get a glimpse at the current rumors.

iMac Pro Performance

Jason Snell:

One of my most common audio workflows involves grabbing audio files from panelists, converting them to WAV format via the ffmpeg command line tool, removing background noise via iZotope RX 6’s Spectral Denoise filter, writing that file back to disk, and using the private-beta tool sidetrack to sync the panelist’s file up with a reference track. There’s a lot of processor-intense stuff in there, as well as some disk access.

It took my 2014 5K iMac 160 seconds to perform all of those tasks; it took the iMac Pro 96 seconds, meaning that the iMac Pro was able to do the job in 60 percent of the time. Isolate just the processor-intensive task of denoising three hours of audio, and the 5K iMac took 94 seconds, versus 49 seconds for the iMac Pro—a little more than half the time.

I frequently take large 1080p videos export from editing apps and slim them down into versions I can upload to YouTube or post for a video podcast via the HandBrake video-encoding app. I performed one of these encodes on both the 2014 5K iMac and the iMac Pro; the 5K iMac encoded the video in 21 minutes and 16 seconds, while the iMac Pro took 11 minutes and 14 seconds. Once again, that’s a little more than half the time. It’s enough for me to declare that for jobs optimized for multiple processor cores, this base model iMac Pro is nearly twice as fast as the top-of-the-line 5K iMac from 2014.

Max Yuryev (via Václav Slavík):

After the second test, each additional run would cause the iMac Pro to slow down the CPU when the temperature reached roughly 94C, which caused the clock speed to drop from 3.9ghz to about 3.6ghz for a second or two. This allowed the CPU to drop below 92C, and the clock speed to rise back to the maximum turbo boost of 3.9GHz.

Interestingly, even after 10 consecutive benchmarks, the iMac Pro fans were barely audible. Instead of ramping up the fan speed to keep the CPU at its maximum turbo boost speed, the iMac Pro just kept the cycle going, with the clock speed dipping every 10 seconds or so while staying very quiet.


With that said, it is a bit disappointing to see Apple prioritize noise over performance and thermals on a high-end pro machine.

Ben Cunningham:

I’ve been trying out an iMac Pro for FCPX editing and have been really disappointed with the performance. This review confirms it: in many cases, the iMac Pro performs WORSE than this year’s iMac[…]

I can also confirm this reviewer’s findings: the CPU and GPU are seriously underutilized when dealing with any common formats, like H264 or ProRes. The Pro only starts to show an advantage when dealing with H265/Raw/8k formats.

rob-ART morgan:

In this article we highlight CPU and GPU performance of the ‘low end’ iMac Pro (with optional GPU) compared to two popular Mac Pro configurations and the fastest iMac 5K.


Apple did its homework when planning the iMac Pro. As you can see from the results above, it beat both beefy Mac Pros in CPU performance. And if we had not jury-rigged an RX Vega 64 in the 2010 Mac Pro tower, it would have won 3 out of the 4 GPU contests.

On the other hand, maybe the fact that an 8-year-old Mac Pro with an updated GPU can beat a current iMac Pro means that GPUs should be upgradeable.

Previously: The iMac Pro.

Update (2018-01-02): See also: iMac Pro Teardown.

Update (2018-01-03): Tuomas Artman:

First iMac Pro tests indicate that you’ll get almost no Swift Xcode compilation performance gains compared to a recent MBP.

Daniel Martín:

Assuming a good benchmark test, this is not very surprising. Parallelism is only exploited at the later stages of compilation; SIL generation, importing, and type checking never run in parallel, for example. Using WMO also exploits parallelism worse.

Troy Gaul:

Decided to do a few Xcode build timings of the iMac Pro. It’s about twice as fast as my [2016] 15” MacBook Pro.

Average full build times for Linea (simulator, debug build):

  • iMac Pro (3 GHz 10-core, 64GB): 17.76 sec
  • MacBook Pro (2.9 GHz 4-core i7, 16GB): 33.14 sec

A bit of context: Linea is written in Swift (about 200 .swift files of varying sizes) and only includes a little Objective-C and few dependencies. Build times were done in the Xcode app after cleaning twice (to avoid pre-build and indexing).

Update (2018-01-08): Steven Frank:

Very unscientific benchmark: re-encoding a 12m WMV video to MP4 with ffmpeg -- Mac Pro 2010 (12 core) 5:54 -- Mac Pro 2013 (6 core) 6:57 -- iMac Pro (10 core) 3:21

Nothing surprising, but I was surprised how much I'd future-proofed myself by buying a 12-core Mac in 2010. iMac Pro10-core is almost but not quite 2x as fast. Still trying to convince myself to hold off until the mythical modular Mac is revealed.

See also: Lloyd Chambers.

Oliver Peters (via Hacker News):

After all of this testing, one is left with the answer “it depends”. The 2013 Mac Pro has two GPUs, but not every application takes advantage of that. Some apps tax all the available cores, so more, but slower, cores are better. Others go for the maximum speed on fewer cores. All things considered, the iMac Pro performed at the top of these three machines. It was either the best or close/equal to the best. But, this is an incremental difference in the 10% to 30% range. But, of course some of these numbers will be meaningful and others won’t, depending on the apps used and a user’s storage situation.

Update (2018-01-11): See also: Lloyd Chambers.

Update (2018-01-12): James Thomson:

Rough first benchmark - doing a full build of PCalc in Xcode on this iMac Pro takes around 56s, compared to 92s on my 1st gen iMac Retina 4Ghz i7. Less of an improvement than I would have hoped to see for having six more cores, if I’m being honest.

See also: Accidental Tech Podcast.

Update (2018-01-17): Mark Bernstein:

The new iMac Pro builds Tinderbox from scratch in 30sec — about 6x my trusty MacBook Pro 15. In other respects, it’s just fast, but for compiling and running code, it’s blazing.

Update (2018-02-27): Orta Therox:

Interesting that it’s the Hackintoshes that are at the top of @ashfurrow’s Xcode Hardware Performance charts.

Update (2018-03-30): Peter Steinberger:

iMac Pro builds our project almost twice as fast as a 2015y iMac. (6 minutes. Maxed Mac Mini takes around 30)

Update (2018-05-10): See also: Austin Mann.

IOHIDeous: IOHIDFamily 0day

Siguza (via Patrick Wardle, Hacker News):

This is the tale of a macOS-only vulnerability in IOHIDFamily that yields kernel r/w and can be exploited by any unprivileged user.


The thing is that between this line:

eop->evGlobalsOffset = sizeof(EvOffsets);

and this one:

evg = (EvGlobals *)((char *)shmem_addr + eop->evGlobalsOffset);

The value of eop->evGlobalsOffset can change, which will then cause evg to point to somewhere other than intended.

From looking at the source, this vulnerability seems to have been present at least since as far back as 2002.


I would’ve submitted to Apple if their bug bounty included macOS, or if the vuln was remotely exploitable.


And an engineer from Apple’s security team contacted me a bit after releasing - they had found the bug a while ago, but hadn’t verified the subsequent patch which actually didn’t fix it. And a while ago I tweeted this (try diff’ing sources to find it :P). So they do have people on it. I also told that person to extend my condolences to whoever has to come in and fix that now, but they basically said that there’s nothing to apologise for and that they (the team) really like such write-ups.

Previously: identityservicesd: What If Anyone Can Be You?, Explanation of HomeKit Vulnerability.

The “app” You Can’t Trash: How SIP Is Broken in High Sierra

Howard Oakley:

So how did this third-party kernel extension end up in this mysterious folder, complete with SIP protection? Surely SIP is there to protect macOS, not third-party app components installed later by the user? Who or what enabled SIP on that extension, and how can it be removed?


High Sierra has a new mechanism for handling third-party kernel extensions (User-Approved Kernel Extension Loading, or UAKL), which requires the user to authorise them. When a third-party installer tries to install a kernel extension, you see the warning[…] High Sierra then packages the extension in the form of a non-executable stub app, which it installs in /Library/StagedExtensions/Applications.


Thus SIP prevents the user from uninstalling a third-party app which the user installed, even though the kernel extension might be rendering macOS unstable, or have other significant side-effects.

Previously: Kernel Extensions in High Sierra.

Update (2018-01-03): See also: Hacker News.

The iOS Gaming Business


This year we spent a lot of time updating our old mobile games, to make them run properly on new OS versions, new resolutions, and whatever new things that were introduced which broke our games on iPhones and iPads around the world. We’ve put months of work into this, because, well, we care that our games live on, and we want you to be able to keep playing your games. Had we known back in 2010 that we would be updating our games seven years later, we would have shook our heads in disbelief.

This year, a lot of time we had planned to spend on our current project, ended up being spent on just making sure that our games would not be gone from the app store. Because sadly, the platform holder seems to have no interest in preservation of software on their platform. We can criticize and be angry and mad about it all we want, but we don’t think that any efforts we put in can change that direction.


The ease of mobile game development drew us to making iPhone games back in 2010. But, it’s getting increasingly financially unviable, tiring and unenjoyable for us to keep on making substantial alterations for new resolutions, guidelines, and what have you, as they seem to never end. The appeal of the mobile platform is less evident today than it was a few years back. Before we started Simogo, we had made console games, and had grown really tired of the clunky processes, politics, certifications and primitive development environments that was involved in making a console game. Today, a lot of that clunkiness is gone, and sadly, for a small developer like us, mobile has become more difficult to support than consoles. Releasing a mobile game means supporting it perpetually, and justifying that is tough for us, at the moment.

Via Craig Grannell:

Apple should treat this as a body blow. Simogo has consistently been one of the best developers on the platform, pushing the boundaries of gaming in new and interesting directions. Device 6, in particular, remains a masterclass in touchscreen game development – a strange puzzle/adventure hybrid, where you explore corridors composed of the very words in the game’s narrative. Sure, it could be made for a traditional console or PC – but it’d make far less sense.


I’ve heard similar from other developers. It’s such a shift from when I visited an EA developer press event around 2012, when indies they’d got on board were brimming with excitement about iOS gaming. Then, it was a breath of fresh air – less hassle with platform issues and gatekeepers alike. But iOS has become a moving target in a way it never used to be.

Matt Birchler:

7 of the top 10 selling games on Amazon last year were Nintendo exclusive games. That’s positively nuts!

Lukas Mathis:

Telling Nintendo to abandon its hardware platform for iOS was never a good idea. It doesn’t help Nintendo, and it doesn’t help iOS. There is no sustainable market on iOS for really good, non-abusive, fairly priced mid- to high-budget games, and Nintendo can’t fix that. The only company that can fix that is Apple.

Previously: Super Mario Run’s Disappointing Profit, Nintendo.

Update (2018-01-19): NintendoSoup:

In a NPD research, the Nintendo Switch is the best selling console in history when comparing the console’s first 10 month sales data with every other console’s first 10 month.

Monday, January 1, 2018

Ad Targeters Are Pulling Data From Your Browser’s Password Manager

Russell Brandom:

The researchers examined two different scripts — AdThink and OnAudience — both of are designed to get identifiable information out of browser-based password managers. The scripts work by injecting invisible login forms in the background of the webpage and scooping up whatever the browsers autofill into the available slots. That information can then be used as a persistent ID to track users from page to page, a potentially valuable tool in targeting advertising.

The plugins focus largely on the usernames, but according to the researchers, there’s no technical measure to stop scripts from collecting passwords the same way. The only robust fix would be to change how password managers work, requiring more explicit approval before submitting information.

Update (2018-01-02): Nick Heer:

I’m not sure if I’ve come across these scripts specifically, but on a few occasions, I have been surprised to see a Face ID indicator appear while visiting a website, without explicitly tapping in a login form.

AgileBits (tweet):

Because 1Password insists on user action to fill a web form, it’s immune to the particular attack from advertising trackers and a large family of related attacks.

But, presumably, a tracking script on the login page would receive the form data.

Gunes Acar et al.:

Publishers, users, and browser vendors can all take steps to prevent autofill data exfiltration. We discuss each in turn.

Publishers can isolate login forms by putting them on a separate subdomain, which prevents autofill from working on non-login pages. This does have drawbacks including an increase in engineering complexity. Alternately they could isolate third parties using frameworks like Safeframe. Safeframe makes it easier for the publisher scripts and iframed scripts to communicate, thus blunting the effect of sandboxing. Any such technique requires additional engineering by the publisher compared to simply dropping a third-party script into the web page.

Users can install ad blockers or tracking protection extensions to prevent tracking by invasive third-party scripts. The domains used to serve the two scripts ( and are blocked by the EasyPrivacy blocklist.

Now we turn to browsers. The simplest defense is to allow users to disable login autofill.

Unfortunately, if you disable automatic AutoFill in Safari, you cannot then invoke it manually when you know you’re on a login page. The “AutoFill Form” command in the Edit menu is disabled.

See also: the 1Password blog post.

Update (2018-01-24): Ricky Mondello:

Safari Technology Preview 48 changes how Password AutoFill works. Safari will no longer automatically fill user names and passwords into forms shortly after page load to prevent sharing information without user consent.

Pressing the Side Button to Confirm Payments on iPhone X

John Gruber:

These remarks caught my attention because a technically-savvy family member was confused by the same thing the first time they tried to buy an app on their new iPhone X. They showed me the phone with the “Double Click to Pay” animation and asked me, “What am I supposed to double click here? It doesn’t work.” What they had tried was double tapping on the “Double Click to Pay” label on screen. When I explained that the animation was pointing to the physical side button, the proverbial light bulb went off.

This is an interesting design dilemma. The reason why Apple requires you to press the physical side button to confirm a purchase with Apple Pay or in the App Store is because pressing the side button can’t be faked by an app. If it was an on-screen button, a nefarious app could present a fake Apple Pay button. With any normal app, clicking the side button once will always lock the screen, and double-clicking will put you in Apple Pay mode. Only Apple’s own software can override the side button like this. Double clicking the side button to confirm a purchase effectively guarantees that it was a legitimate payment experience.

I’m sure there must be a good reason, but I don’t understand what problem this is solving. A fake payment button is not actually going to charge me. And prior to Touch ID, payment confirmations used regular software buttons.

Update (2018-01-01): Tanner Bennett:

I had this question too. Consider this scenario:

Say the payment UI uses an on-screen button. A malicious app presents a fake IAP dialog that looks just like the real one. When you try to use Face ID, what it really does is use ARKit to detect your face then fakes the Face ID popup and tells you it couldn’t recognize your face. Now, when you hit the blue Install button, it will ask for your iTunes password.

So, it doesn’t apply to Apple Pay so much as it applies to phishing for your iTunes password.

All of this could be faked, except the Double-Click to Confirm, which would either lock the phone or trigger Wallet.

identityservicesd: What If Anyone Can Be You?

Khaos Tian (tweet):

Remember that super convenient, magical feature that allows you to send SMS on your Mac through your phone? It turned out the “it just works” part is only possible because your phone will just process any command send to it asking it to send SMS from the current number. And our beloved personal assistant, Siri? It’s also a dummy that just processes command without checking the command is from you. Both daemons don’t verify message origin and process the request when IDS delivered the request to them.


How are we suppose to separate individual identity away from the device that suppose to be your identity? Should individual be blamed for things their device did without the owner’s knowledge? I mean, with the SMS issue, one can literally put words in other’s mouth. All records will show the messages were sent by the owner of the device when the reality is that the device send those without the owner’s consent. The SMS is even logged on the victim’s device which cannot be achieved with traditional SMS spoofing techniques.


I found the IDS bypass issue on Dec 15th, then spent Dec 16th on scoping the affected daemons. Since I don’t want to do all the work free for Apple, I sent product-security an email asking about if I can get an invitation to join their security bounty program so I can report this one with some guarantee of the submission will be a bounty submission. […] Then the next day they fixed the issue from server side and said nope again.

Previously: Explanation of HomeKit Vulnerability.

Gruber on the iPhone X

John Gruber (tweet, Hacker News):

With the iPhone X, Apple is attempting something I believe to be unprecedented — a complete ground-up rethinking of a fabulously popular and successful platform, without a disruptive, painful transition.


Apple hasn’t called attention to this, but effectively there are two versions of iOS 11 — I’ll call them “iOS 11 X”, which runs only on iPhone X, and “iOS 11 Classic”, which runs on everything else.


The iPhone X display does not, alas, offer the ProMotion feature introduced with the latest iPad Pros, which allows for dynamic screen refresh rates of up to 120 Hz. But it does track touch input at 120 Hz, double the rate of all other iPhones. The result of this is that the animations for gestures track your finger better. It feels less like an animation that is playing in response to your touch and more like your finger is actually manipulating and moving things on screen as though they are real objects.


Thanks to Face ID, no-PIN “slide to unlock” is back. This, to me, epitomizes the iPhone X. In ways small and large, it changes fundamental aspects of using an iPhone. But it does so in ways that are faithful to the spirit of the original iPhone.


When an alarm from the built-in Clock app fires, it fades out in volume as soon as you look at the display. This is utterly charming.


I would love to see Apple introduce a smaller iPhone SE-sized phone with all the same features and design elements. I’m not holding my breath, but I’d love to see it. I’m not even saying I personally would prefer it (but I’d give it a try) — but it would be great for people who value one-handed reachability.


Why not bring more of what’s different on iPhone X to the other iPhones running iOS 11? iPhone X needs these gestures because it doesn’t have a home button. Classic iPhones could have supported them though — there’s no reason Apple couldn’t have added the swipe-up-from-bottom-to-go-home gesture to all iOS devices. And they could have then moved Control Center to a swipe down from the top right corner on all devices, too.

Previously: iPhone X Buttons and Gestures.

Update (2018-01-09): Riccardo Mori:

When now I read that the iPhone X is ‘the future of the smartphone’ or that ‘the future is here’, it just rings hollow. Why is it the future of the smartphone? The only feature that feels mildly futuristic is Face ID. As for the rest, what about it? It has very good specifications, very good cameras, a very good display… But I don’t understand what the big deal is, essentially. iPhone X users will probably say that the device is more than just the sum of its parts; that it’s the overall experience that ultimately makes the difference. But I still don’t see what makes the experience on this device truly stand out compared with, say, an iPhone 8.

Entering a FastMail Account Using a QR Code

Neil Jenkins:

Unfortunately, setting up your account can be tricky and error-prone. Proper support for autodiscovery of server settings is sadly missing still in most apps including Apple’s (despite the fact they literally wrote the spec…) and you have to set up mail, contacts and calendar syncing separately.

However, now there is a better way thanks to a feature Apple provides called configuration profiles. A profile is a file which bundles all the settings needed for your account, and can easily be installed or removed from your phone or Mac.