Archive for February 2018

Wednesday, February 28, 2018

Code Size Optimization Mode in Swift 4.1

Erik Eckstein:

We have seen that using -Osize reduces code size from 5% to even 30% for some projects.

But what about performance? This completely depends on the project. For most applications the performance hit with -Osize will be negligible, i.e. below 5%. But for performance sensitive code -O might still be the better choice.

[…]

But in contrast to -O, the compiler tries to avoid code duplication. For example, when inlining functions the compiler uses a lower size limit to decide whether a function should be inlined.

Algorithmic Arrangements at OkCupid

Tom Quisel (via Hacker News):

There could be two different interpretations for the question, and you just answered one of them. Then the population is evenly split on a question not because people feel strongly about the answer, but because they have different interpretations of the question. Knowing this can happen, we use the algorithms to help us understand the statistics behind each question, and we’ll try to identify questions that are the most likely to be mistaken in this way so that we can remove them.

We also examined messaging patterns as a backup, and correlated answers to other questions. So if the question is an outlier compared to many other questions, we’ll tend to count it less; or if messaging patterns don’t line up with answers to the question, we would sometimes use that as a reason to remove the question as well.

[…]

One change we debated quite a bit was our rating system. Originally we had a rating system that allowed people to score other people from one to five stars. And we thought, well, it would be a simpler user interface to just use a yes or no answer. That would be more straightforward, but then again we would lose a lot of information resolution, and was that really worth it? We were pretty torn on it, and couldn’t come to a decision through discussion alone, so we resorted to an experiment to understand which would lead to better messaging patterns.

[…]

The ethics around experimentation really depends on what you’re trying to accomplish with the question. The goal should be improving the product for people, and you should focus on not degrading the experience very much for any one person—don’t hurt someone too much for the experiment.

Swift Protocols Wish List

Dave DeLong:

If you’re adopting a protocol (especially one from the standard library), the tools don’t provide any help whatsoever in knowing what you actually have to implement.

[…]

Basically any time you find yourself using a PAT, you know that you’re either going to have to create a type eraser, or you’re going to have to make things generic that have no business being generic.

[…]

I wish the compiler generated type erasers for me.

[…]

I wish I could provide default implementations of protocol methods that assign to self.

[…]

I wish I could extend a protocol to conform to another protocol.

Previously: Swift Protocols With Associated Types, Swift Type Erasure, Patterns for Working With Associated Types.

Update (2018-03-05): See also: Swift Unwrapped.

Update (2018-07-27): Dave DeLong (tweet):

What I really want to do is this:

protocol Predicate<Element> {
    func contains(_ other: Element) -> Bool
    func union(_ other: Predicate<Element>) -> Predicate<Element>
}

Of course, the compiler doesn't let me do this.

I want to express the idea that union() can take any Predicate-conforming value with the same element type, and you're going to get back some sort of Predicate-conforming value that contains elements of that type.

Then in specific situations where I can provide a much more efficient implementation (like the IndexSet + IndexSet = IndexSet scenario), I want to provide those explicit overrides for that method, and otherwise default back to the implementations I provide in my protocol extension (which happen to return an OrPredicate<Int>)

Brent Royal-Gordon:

What I think you actually want here is the generalized existential feature. “Generalized existential” is a ten-dollar term for a ten-cent idea: “Swift should have built-in type-erasing wrappers for PATs, much like it has them for ordinary protocols.” Their syntax might be slightly different—they’d probably use a where clause instead of a generic parameter list—but they would do the thing you want to do here.

Designing Windows 95’s User Interface

Josh (via Joe Groff):

First, we gathered market research data about Windows 3.1 users’ twenty most-frequent tasks. We then conducted several lab studies comparing Windows 3.1 and Windows 95, focusing on the top twenty tasks derived from the market research data. We also interviewed professional Windows 3.1 (and Macintosh, for comparison) educators, to learn what they found easy and difficult to teach about the operating system.

[…]

Although we had opted for an iterative design approach from the beginning, one legacy of the waterfall design approach remained: the monolithic design specification (“spec”). During the first few months of the project, the spec had grown by leaps and bounds and reflected hundreds of person-hours of effort. However, due to the problems we found via user testing, the design documented in the spec was suddenly out of date. The team faced a major decision: spend weeks changing the spec to reflect the new ideas and lose valuable time for iterating or stop updating the spec and let the prototypes and code serve as a “living” spec.

After some debate, the team decided to take the latter approach. While this change made it somewhat more difficult for outside groups to keep track of what we were doing, it allowed us to iterate at top speed. The change also had an unexpected effect: it brought the whole team closer together because much of the spec existed in conversations and on white boards in people’s offices. Many “hallway” conversations ensued and continued for the duration of the project.

[…]

Although we abandoned the idea of a separate shell for beginners, we salvaged its most useful features: single-click access, high visibility, and menu-based interaction. We mocked up a number of representations in Visual Basic and tested them with users of all experience levels, not just beginners, because we knew that the design solution would need to work well for users of varying experience levels. Figure 5 shows the final Start Menu, with the Programs sub-menu open. The final Start Menu integrated functions other than starting programs, to give users a single-button home base in the UI.

Google Libraries for Objective-C

Google:

Promises is a modern framework that provides a synchronization construct for Swift and Objective-C.

Google (via Peter Steinberger):

Functional operators for Objective-C: An Objective-C library of functional operators, derived from Swift.Sequence, that help you write more concise and readable code for collection transformations. Foundation collections supported include: NSArray, NSDictionary, NSOrderedSet, and NSSet.

Update (2018-03-01): Gianluca Bertani:

On the same domain, Opinionated-C looks way better[…]

Tuesday, February 27, 2018

Paradigms of Artificial Intelligence Programming

Michael Nielsen:

Peter Norvig has just put his book (+code) “Paradigms of Artificial Intelligence Programming” on GitHub. This is a very beautiful book in the good old-fashioned AI tradition.

The macOS Versions Management System

Howard Oakley:

The first version of Revisionist listed all versions, including those for which there was no version file. This has changed: Revisionist now tells you how many versions the versions database knows about, but only lists those for which there are still files.

When you select a version in the new table view, Revisionist displays additional information about that version, including the full path to the file within the versions database, whether its contents are stored locally, whether that version can be purged or discarded by macOS, its localised file name (as will be shown when you browse versions in an app), and (when available) the name of the Mac which wrote that version. The latter can be very helpful when accessing shared storage, including cloud storage.

Howard Oakley:

Technically, within macOS, the versioning system is actually part of the Managed File Access features of the File System, and is related to the File Manager, which provides high-level access to files, and is part of the Document Architecture. It is not a background service which can be turned off or on in the way that you can with Time Machine.

If something goes wrong with the versioning system, you may find yourself unable to save documents, but Time Machine will continue to make backups as normal. If you turn Time Machine off, the versioning system continues to function exactly as it did before.

[…]

When documents are emptied from the Trash, or even deleted from Terminal’s command line using the rm command, all their previous versions are also removed from the database. That is a feature of the File System.

Howard Oakley:

The most important limitation to bear in mind is that the versioning database cannot undo deletion/removal, and there is no way to re-insert removed versions. So when you delete versions, they really are gone for good. To ensure that you are mindful of that, Revisionist displays an alert immediately after you click on the Delete button, and requires you to confirm the deletion before it goes ahead.

Howard Oakley:

Despite being almost seven years old, the version management system built into macOS is almost undocumented. Its only substantive documentation is that provided to developers to enable their apps to use it, which doesn’t describe how it works. There is nothing to explain properly to users or system administrators topics such as how and when macOS decides to purge old versions, or how the user can force it to purge them, other than using its increasingly opaque Version Browser.

Update (2018-02-28): Howard Oakley:

The biggest problem with using the Versions Browser to remove old versions is that they have to be removed one at a time, which quickly becomes tedious. You also aren’t informed as so how large each version is; as saving space on storage is a major reason for removing old versions, this is a significant shortcoming.

Decoding Dictionaries in Swift

Sam Deane:

Swift’s Codable support is really great for doing this when you’ve got JSON or a Plist, but not all dictionary data ultimately lives in a file.

For example, I was recently doing some stuff with the Disk Arbitration framework. This has a DADiskCopyDescription call which gives you back a dictionary of known keys (many of which may be missing). This dictionary only ever exists in memory.

What I really want to do in this situation is extract some of these keys into a structure or object as a way of validating that I have what I need, and discarding anything I don’t need.

[…]

The Codable support would be ideal here, except that as it comes out-of-the-box, it appears that I’d have to convert the dictionary into JSON first in order to convert it back. This seems… non optimal… so I set out to make encoder / decoder classes which just work with dictionaries.

Speed Improvements in Python 3.7

Anthony Shaw (via Hacker News):

The new LOAD_METHOD opcode replaces loading bound methods as attributes and just calling them as normal functions. Remember, LOAD_METHOD and CALL_METHOD are faster than CALL_FUNCTION for instance methods.

[…]

Keyword arguments require special treatment in the execution loop because there is no equivalent in C (which CPython is written in), some extra code has to compile 2 tuples to pass to the method.

[…]

In Python 3.7, the expected Unicode code-point size is no longer hard-coded and the methods are optimised long (mostly unusual) characters.

[…]

Matching and searching case-insensitive regular expressions is much slower than matching and searching case-sensitive regular expressions. Case-insensitivity requires converting every character in input string to lower case and disables some optimizations. But there are only 2669 cased characters (52 in ASCII mode). For all other characters in the pattern we can use case-sensitive matching.

HomePod Positioning

Jean-Louis Gassée:

A venerable Valley story doctor was brought to the patient’s bedside and, in short order, offered a simple remedy: Position the Mac as a Graphics Based Business System (GBBS). The Business System part was adman puffery meant to project gravitas, but the reference to graphics made unarguable sense: The Mac’s Graphical User Interface (GUI) was clearly a distinguishing factor at the time.

Everyone in the room loved the idea. Rather than take on the whole market, Apple would define and dominate a niche. As the Valley marketing sage put it (quoting Julius Caesar), better to be the chief of a small village in the Alps than second-in-command in Rome.

[…]

Back to today: Is there an Alpine hamlet that the HomePod can claim as its own?

[…]

Here, we have to pause and realize that the answers to the HomePod JTBD question are fragile and incomplete because the product itself is incomplete.

Monday, February 26, 2018

WatchKit Is a Sweet Solution

Marco Arment:

The separation of Apple’s internally-used frameworks from WatchKit has two huge problems:

  • Apple doesn’t feel WatchKit’s limitations. Since they’re not using it, it’s too easy for Apple’s developers and evangelists to forget or never know what’s possible, what isn’t, what’s easy, and what’s hard. The bugs and limitations I report to them are usually met with shock and surprise — they have no idea.

  • WatchKit is buggy as hell. Since Apple doesn’t use it and there are relatively few third-party Watch apps of value, WatchKit is far more buggy, and seems far less tested, than any other Apple API I’ve ever worked with.

Apple will never have a very good idea of where WatchKit needs to improve if they’re not using it. But this sweet solution is the only choice anyone else has to make Apple Watch apps.

Previously: A Very Sweet Solution.

Update (2018-02-26): Dan Masters:

Reminds me of Core Data sync: “There are two iClouds. One of them is used heavily inside Apple & the other is offered as a developer API & used only selectively for Apple’s own apps”

Update (2018-02-28): John Gruber:

I’ve long given up on using any third-party apps on my Apple Watch, and I am so much happier for it. A year or two ago I would have been “Hell yeah”-ing this piece by Arment, but at this point I half feel like Apple should just get rid of third-party WatchOS apps and be done with it.

The one type app I think most people want is the one type of app Apple is never going to allow: custom watch faces.

iCloud in China and on Google’s Cloud

Stephen Nellis and Cate Cadell (Hacker News):

Until now, such keys have always been stored in the United States, meaning that any government or law enforcement authority seeking access to a Chinese iCloud account needed to go through the U.S. legal system.

Now, according to Apple, for the first time the company will store the keys for Chinese iCloud accounts in China itself. That means Chinese authorities will no longer have to use the U.S. courts to seek information on iCloud users and can instead use their own legal system to ask Apple to hand over iCloud data for Chinese users, legal experts said.

Jack Purcher:

In a statement, Apple said it had to comply with recently introduced Chinese laws that require cloud services offered to Chinese citizens be operated by Chinese companies and that the data be stored in China. It said that while the company’s values don’t change in different parts of the world, it is subject to each country’s laws.

“While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful,” it said. Apple said it decided it was better to offer iCloud under the new system because discontinuing it would lead to a bad user experience and actually lead to less data privacy and security for its Chinese customers.

[…]

It’s now clear that this is the route that any foreign government could take in the future in order to break Apple’s holier than thou stance on handing private data. China has shown them all the way. Pandora’s Box has now been opened and other foreign governments with any clout are likely to adopt China’s policy on privacy over time and that’s the sad reality of the day.

Or even the U.S. government. How long before there’s a law requiring man-in-the-middle access to iMessage?

Nick Heer:

Nothing about this is good news, but it’s very hard to see what alternatives there are in this case. They could threaten to pull out of the Chinese market unless the law is changed, but that would do more damage to Apple than it would the Chinese government, with likely little effect. Also, it’s likely that iCloud not being offered in China would motivate people there to switch to a less secure alternative.

Jordan Novet (MacRumors):

Apple periodically publishes new versions of a PDF called the iOS Security Guide. For years the document contained language indicating that iCloud services were relying on remote data storage systems from Amazon Web Services, as well as Microsoft’s Azure.

But in the latest version, the Microsoft Azure reference is gone, and in its place is Google Cloud Platform.

James Thomson:

Presumably, if Apple was only using Amazon and Google’s cloud services, the millions of square feet of data centres they own themselves would be entirely superfluous…

Bob Burrough:

It doesn’t bother me one bit that Apple buys cloud services from Google. Cloud services are such a commodity that there can be competitive advantage in buying on the open market.

Nick Heer:

I don’t think that iCloud users expect their data to be stored in ways not entirely controlled by Apple, especially given the company’s emphasis on privacy.

Zac Cichy:

Apple needs to think long and hard about privacy and their messaging around it or they’ll (deservedly) look like constant hypocrites.

Previously: Chinese Firm to Operate China iCloud Accounts, Apple Starts Using Google Cloud Platform, iOS 5 and iCloud, Apple Is Trying to Make iMessages More Private, Apple’s iMessage Metadata Logs, Can Apple Read Your iMessages?.

Update (2018-02-27): See also: Rene Ritchie, Nick Heer, John Gruber, Eric Young, Lloyd Chambers.

Nicholas Weaver (via Dan Masters):

iMessage and FaceTime have a cryptographic architecture that enables prospective wiretapping, yet there is reason to believe that Apple not is fully complying with lawful court orders to exercise this capability. There is also evidence that, although Apple is supposedly complying with pen register orders, the company is actually providing something substantially less than what the law is able to compel them to provide in response to a pen-register or trap-and-trace (PR/TT) order.

[…]

Such monitoring works because Apple, unlike Signal and other end-to-end encrypted platforms, does not provide transparency to its users when keys are added or changed. If Bob uses Signal or WhatsApp, he is notified whenever Alice’s key changes. This prevents Signal from silently replacing Alice’s key with the FBI’s. Likewise, when Alice makes a call with Signal, it shows two “random” words that aren’t actually random but a function of the key used to encrypt the message. If Alice and Bob agree that they see the same words, they will then know that their key is the same, preventing a man-in-the-middle. Apple could have implemented similar features, perhaps hidden behind options, years ago; they have not.

Since Apple now seems to pride itself that “[they] follow the law wherever [they] do business,” I think it is reasonable for the U.S. government to demand that Apple do so in the U.S. Because it seems to me they haven’t.

Update (2018-02-28): Bruce Schneier:

While I would prefer it if it would take a stand against China, I really can’t blame it for putting its business model ahead of its desires for customer privacy.

Ben Bajarin:

Apple retains all encryption keys and Chinese gov still has to make requests to Apple only on an individual level.

Update (2018-03-12): See also: The Talk Show.

BigTechCo Strategy: Paying the Platform Tax

Sriram Krishnan:

In a world dominated by Aggregation Theory, a few large players own large vectors of distribution. Mobile? You can’t work around Apple and Google. Search? Can’t work around Google.

If you’re one of these large companies and you have a product that needs distribution through a competitor, you face a choice: do you pay a potential competitor their ‘rake’ - in whatever form that takes - or do you go it alone?

[…]

Once you clarify what your business actually is, you then get to define who gets protection and who has to face competition. One framework you could apply: working with a competitor that cannibalizes a supporting, or new & unproven business is acceptable but one that risks a core business is a no-go.

[…]

You can see why Fitbit resists some very vocal customer requests to build Apple Health support - they probably believe doing so will only let Apple compete with Fitbit faster.

The Dropbox Comp

Ben Thompson (Hacker News):

Dropbox’s customer base, thanks to all those consumers, is over 500 million users (Dropbox announced 500 million signups last March, but explained in its S-1 that it had culled what were apparently ~100 million inactive accounts over the last year), while Box, as of last quarter, had only 57 million registered accounts. On the other hand, 17% of Box’s users had paid accounts; only 2% of Dropbox’s did. This contrast in efficiency gets at the biggest difference between the two companies: to whom they sell, and how they go about doing so.

Box sells to big companies using a traditional sales force; free accounts exist primarily to enable temporary collaboration with paid accounts, as well as trials. There is a self-serve option, but that’s not the point: Box notes in its financial filings that “Our marketing strategy also depends in part on persuading users who use the free version of our service to convince decision-makers to purchase and deploy our service within their organization”. In other words, when it comes to Box’s ideal customer, the CIO decides for everyone all at once.

For Dropbox, on the other hand, self-serve is the most important channel by far. The company brags that “We generate over 90% of our revenue from self-serve channels — users who purchase a subscription through our app or website.” Dropbox has a sales team, but as it notes in its S-1, the team “focuses on converting and consolidating these separate pockets of usage into a centralized deployment. Nearly all of our largest outbound deals originated as smaller self-serve deployments.”

Tom Krazit (Hacker News):

After making the decision to roll its own infrastructure and reduce its dependence on Amazon Web Services, Dropbox reduced its operating costs by $74.6 million over the next two years, the company said in its S-1 statement Friday.

Previously: Dropbox Files Confidentially for IPO, Dropbox’s Exodus From the Amazon Cloud Empire.

Update (2018-03-01): Lisa Stromer (via Hacker News):

And today, we’re announcing a new partnership with Google Cloud that will bring Dropbox and G Suite users one step closer to a world where our work comes together.

Money Laundering via Author Impersonation on Amazon?

Brian Krebs:

But that didn’t stop someone from publishing a “novel” under his name. That word is in quotations because the publication appears to be little more than computer-generated text, almost like the gibberish one might find in a spam email.

[…]

The impersonator priced the book at $555 and it was posted to multiple Amazon sites in different countries. The book — which as been removed from most Amazon country pages as of a few days ago — is titled “Lower Days Ahead,” and was published on Oct 7, 2017.

Reames said he suspects someone has been buying the book using stolen credit and/or debit cards, and pocketing the 60 percent that Amazon gives to authors.

[…]

Reames said Amazon refuses to send him a corrected 1099, or to discuss anything about the identity thief.

Google and HTTP

Dave Winer:

I’ve been writing about Google’s efforts to deprecate HTTP, the protocol of the web. This is a summary of all the reasons why I am opposed to them doing this.

[…]

They don’t have standing. The web is an open platform, not a corporate platform. It is defined by its stability. Also, if Google succeeds, it will make a lot of the web’s history inaccessible. People put stuff on the web precisely so it would be preserved over time. That’s why it’s important that no one has the power to change what the web is.

Previously: The Rush to “Deprecate” HTTP.

Update (2018-03-09): Nick Heer:

As Mill points out in his article, there are great reasons to add an HTTPS certificate to a website that has no interactive elements beyond links. It makes sense to me to generally prefer HTTPS going forward, but I have concerns about two browser vendors working to effectively eliminate the non-HTTPS web; or, at least, to put barriers between it and users.

Edward Snowden:

@Citizenlab catches ISPs invisibly redirecting download requests for popular programs, injecting them with government spyware. Unencrypted web traffic is now provably a critical, in-the-wild vulnerability. 20-30% of top internet sites affected.

Update (2018-03-12): Dave Winer:

What Google is planning on doing to the web is unnecessarily damaging to the work of millions of people they don’t know. If they could step back and look at their objectives, and let’s see if we can compromise, so they can get what they really want and the web can be what it always has been, an open space for experimentation, free thought, and the development of world-changing ideas. It’s where Google itself came from.

Update (2018-03-23): Dave Winer:

I had to explain to a non-technical friend the significance of Google breaking HTTP in their browser. I offered an analogy.

Update (2018-05-19): See also: Mark Hughes.

Update (2018-07-11): James Donohue (via Jason Snell):

A few weeks ago the BBC News website finished transitioning to HTTPS. The green padlock you now see next to the web address is probably the biggest publicly visible technical change to the site since it relocated from news.bbc.co.uk in 2011. Even so, a question we’re often asked is “why did it take so long?”

Friday, February 23, 2018

Debugging NSNotificationCenter and NSRunLoop

Tim Ekl:

The debugDescription property has been around for quite awhile. Formally first appearing as a @property on NSObject in iOS 5 and macOS 10.8, it came across into Swift as a member of the CustomDebugStringConvertible protocol, and continues to be incredibly useful today.

[…]

I don’t remember why I decided to try printing plain old NSNotificationCenter.defaultCenter in lldb, but I do remember being very surprised at the output. Rather than a plain object class-name-and-pointer pair like most things return, I found a long list of registered notification observers, complete with column headers[…]

Rob Mayoff:

NSRunLoop/CFRunLoop also provides a very detailed debugDescription.

Practices Make Perfect (Backups)

Dave Nanian:

If you need to store more than one backup on a physical device:

  • If you’re on 10.12 or earlier, partition the drive into the number of volumes you need to back up. So, three source volumes to back up? Three partitions on the backup drive.
  • If you’re running 10.13 or later, format the backup drive as APFS, and use APFS’s very flexible “volumes” as your backup destinations, one per source volume.

[…]

Having an archive volume is fine. Keep it separate from your backup volume. And back it up.

[…]

I truly believe you should never, ever use a network drive as your only backup. It’s fine to have a network backup as a secondary backup. But by its very nature, it’s going to be the least reliable one.

[…]

Remember, you should never rely on a single backup device, or a single backup program. No matter what you’re using for your backups…use something else too.

[…]

My daily backup is left unmounted but connected.

Dave Nanian:

And speaking of “don’t cheap out, get a backup drive”, these Seagate USB3 drives are on sale. 3TB for $76, 4TB for $100, 8TB for $150.

Big List of Naughty Strings

Max Woolf (via Daniel Martín):

The Big List of Naughty Strings is an evolving list of strings which have a high probability of causing issues when used as user-input data. This is intended for use in helping both automated and manual QA testing; useful for whenever your QA engineer walks into a bar.

[…]

blns.txt consists of newline-delimited strings and comments which are preceded with #. The comments divide the strings into sections for easy manual reading and copy/pasting into input forms. For those who want to access the strings programmatically, a blns.json file is provided containing an array with all the comments stripped out (the scripts folder contains a Python script used to generate the blns.json).

Previously: Another iOS Crash Caused By Sending Unicode Character.

Update (2018-11-16): See also: Hacker News.

Reasons to Get an Apple Watch

Vlad Khvatov:

Should you get an Apple Watch or not?

To answer this question, I asked dozens of tech experts and prolific bloggers to reveal what is best about this watch and what to look for by asking them a simple question:

“If you had to pick only 3 reasons to get an Apple Watch, what 3 reasons would you choose?”

When macOS High Sierra’s Content Caching Isn’t Working

Cabel Sasser:

Tip: have lots of iOS / Mac devices in your house? And a Mac that’s usually on? Turn on “Content Caching” in Sharing prefs, and updates will be downloaded to all your devices from your Mac, saving time and bandwidth.

(This used to be a macOS Server-only feature, but no more! The best part is zero configuration is needed on all of your devices — they’ll automatically find and go to your local Content Cache first.)

(Also there are some hard-core settings probably useful to someone if you option-click the, er, Options… button.)

Steve Troughton-Smith:

Incidentally a great way to nab the IPAs for platforms like tvOS

Maynard Handley:

It’s nice in theory. Unclear that it works in practice. (Like 80% of what Apple ships these days: buggy? broken design?)

I’ve been monitoring it across a few updates (OS and XCode) and as far as I can tell it works for El Capitan clients (!?) but NOT for High Sierra Clients…

Glenn Fleishman:

However, shortly after I wrote the column noted above, content caching stopped working for me.

[…]

I decided to solve this, and found a detailed article explaining the command line tool AssetCacheManagerUtil, which offers more controls than those found in the preference pane.

[…]

When you select a different drive to store the cache, that drive has to have the folder:

/Library/Application Support/Apple/AssetCache/Data

If it doesn’t exist? It stalls. This seems like a foolish testing error on Apple’s part: no message explains what’s going on, and there’s no text or other information that tells you a particular folder has to be on the destination volume you’re choosing for caching.

StarCraft: Emulating a Buffer Overflow for Fun and Profit

Elias Bachaalany (via Omar Cornut):

Basically, the classic StarCraft 1.16.1 had a buffer overflow that was exploited to create impressive maps well beyond the original game programming.

In this talk, I explained how I tackled the problem and emulated the buffer overflow so that exploited maps work on the latest version of StarCraft.

Thursday, February 22, 2018

Code Signing Validation Bug

Patrick Wardle (video):

🤬🤬 Apple’s SecStaticCodeCheckValidity() API validates the signature of a file. Allows AV/security tools to say stuff like: “I’ll trust this 🍎-signed binary!” But malware can trick it into saying they are signed by Apple.

The ‘good news’ is Apple’s utils/defenses such as Gatekeeper & vm.cs_enforcement=1 aren’t tricked....just basically every 3rd-party security tool 😭😭 Until Apple fixes this - don’t invoke said API with kSecCSDefaultFlags.

Howard Oakley:

Patrick has found a workaround, and has already updated Objective-See’s invaluable signature-checking tool What’s My Sign?, which shouldn’t now succumb to this spoofing. If you rely on any other malware checking tools, such as an anti-virus product, you may want to install the updated What’s My Sign? (version 1.4.1) and perform manual checks until that product has been updated to address this problem.

Jeff Johnson:

Is the issue “By default, only the native architecture is validated”?

Patrick Wardle:

I believe that’s where the bug resides as kSecCSUseAllArchitectures correctly returns a code signing issue. Problem is, what ends up running by default (i.e. what the runtime identifies/executes as native architecture) is unsigned malicious code. So there is a discrepancy :(

Avast Antivirus False Positives for Apps That Use Swift

fed_h:

AVG Anti-virus quarantined two files today. Both were instances of libswiftDispatch.dylib from the Applications/1Password.app. AVG says they are MacOS:BitCoinMiner-AS[Trj].

vol24pl:

Suddenly one of Swift’s standard library files is considered a bitcoin miner.

Dave Nanian:

Avast is finding a false-positive bitcoin mining trojan in libswiftDispatch.dylib. If it quarantines the file, you will break many applications, including SuperDuper.

There is NO Trojan in our app (or the others it’s flagging)…

Howard Oakley:

The Avast and AVG detection libraries should be updated very shortly to address this error.

Update (2018-02-22): Dave Nanian:

One last follow-up regarding Avast’s really dumb mistake. They actually flagged THEMSELVES!

What this seriously shows is that they don’t really test on the Mac. AV apps are really focused on Windows.

“I’ve Only Had Good Years”

Tim Cook (via John Gruber, MacRumors):

Stock price is a result, not an achievement by itself. For me, it’s about products and people. Did we make the best product, and did we enrich people’s lives?

[…]

In each case, if you look at when we started, I would guess that we started much before other people did, but we took our time to get it right. Because we don’t believe in using our customers as a laboratory. What we have that I think is unique is patience. We have patience to wait until something is great before we ship it. […] But ultimately the question is, Is the product great? Is it ready? And if it’s not, we delay.

Actions speak louder than words. Cook’s Apple is known for shipping incomplete products late. Was the disastrous MacBook keyboard really ready nearly three years ago? What about the first-generation Apple Watch?

A financial person just looking at revenues and profits may think, They’re good [at making money]. But that’s not who we are. We’re a group of people who are trying to change the world for the better, that’s who we are. For us, technology is a background thing. We don’t want people to have to focus on bits and bytes and feeds and speeds.

Why then does iCloud include such a pitiful amount of storage?

Music is a service that we think our users want us to provide. It’s a service that we worry about the humanity being drained out of. We worry about it becoming a bits-and-bytes kind of world, instead of the art and craft.

The introduction of Apple Music made the music experience worse for anyone who doesn’t pay a monthly fee.

You’re right, we’re not in it for the money. I think it’s important for artists.

Compare the way Cook talks about music vs. software and artists vs. developers.

iDefrag and iPartition Discontinued

Alastair Houghton:

Apple, for whatever reason, elected to release its new filesystem — and convert existing machines over to using it — without first publishing the filesystem specification so that utility vendors like us could update our software. Four months after the release of macOS High Sierra, it still hasn’t published the necessary information, and while without seeing the details it’s hard to speculate on how much work it would be to support APFS in our utilities, it’s a good bet that it’s more than six months’ work. In the meantime, in spite of the messages we’ve put on our website, customers continue to purchase the products, realise they don’t work for them, then ask for refunds (or, worse, file chargebacks through their respective banks); this actually costs us money, and also results in a string of less than satisfied customers. We don’t want that, and you, our customers, don’t want that either.

There have also been changes in recent versions of the macOS to tighten up security, which is definitely a good thing for end users, but makes it very awkward to make utility software function in a reasonable manner.

This is a shame because HFS+ fragmentation will likely be with us on spinning disks for a long time. I’m also not convinced that APFS fragmentation is a non-issue on SSDs. APFS apparently includes automatic defragmentation, but there’s little information about when and how that works. Does it do anything for large files when the disk is nearly full (as APFS volumes often will be due to snapshots)? My brand new Lightroom database is already fragmented into 10,833 pieces. Does that overhead really not matter? This is for a 1.5 GB file that’s stored on an SSD with (according to Finder) 363 GB available.

See also: Aura (Hacker News).

Previously: SuperDuper and APFS.

Swype Keyboard Discontinued

Naunce:

Nuance will no longer be offering the Swype keyboard on iOS app store. We’re sorry to leave the direct-to-consumer keyboard business, but this change is necessary to allow us to concentrate on developing our AI solutions for sale directly to businesses.

Ron Amadeo:

While Swype has a patent for “System and method for continuous stroke word-based text input,” for whatever reason that wasn’t enough to stop everyone on Earth from copying Swype’s gesture typing. Google made gesture typing a standard feature in Android’s default keyboard, and Microsoft did the same for Windows Phone 8.1(back when that was a thing). Third-party keyboards on iOS and Android have taken the idea, too, and today you can “swype” on Swiftkey, GoKeyboard, TouchPal, Ai-type, and a million other options.

By the time Swype finally launched in the Play Store, all the copycats had greatly limited the appeal of Swype’s 99 cent app. Swype’s ultra-slow rollout and OEM deals meant it never got a head start on creating a large user base, and, by the time it was finally for sale, it was too little, too late. Now it’s dead.

Previously: iOS 8 Keyboards.

On Writing Software Well

David Heinemeier Hansson:

I’ve begun a new YouTube series called On Writing Software Well where I explore the real Basecamp codebase in search of interesting programming topics. It’s less “here’s how to do it” and more “here’s what I was thinking when we made this choice or took this direction”. And it’s intimately grounded in real, production code that’s been used by millions of people.

On Compiling WebKit (Now Twice As Fast!)

Michael Catanzaro:

The approach is pretty simple: instead of telling the compiler to build the original C++ source code files that developers see, we instead tell the compiler to build unified source files that look like this:

// UnifiedSource1.cpp
#include "CSSValueKeywords.cpp"
#include "ColorData.cpp"
#include "HTMLElementFactory.cpp"
#include "HTMLEntityTable.cpp"
#include "JSANGLEInstancedArrays.cpp"
#include "JSAbortController.cpp"
#include "JSAbortSignal.cpp"
#include "JSAbstractWorker.cpp"

Since files are included only once per translation unit, we now have to parse the same headers only once for each unified source file, rather than for each individual original source file, and we get a dramatic build speedup. It’s pretty terrible, yet extremely effective.

Tuesday, February 20, 2018

Optimizing Global Constant Data Structures Using Relative References

Joe Groff (tweet):

Building a native compiler for a programming language with rich reflection? Runtime type information, method dispatch tables, and other metadata require complex data structures full of cross references between related language entities. To reduce the size, memory usage, and launch time cost of these pointer-heavy constant data structures, you can try building them out of relative references instead of pointers. Pointers are one of C’s defining features, and seemingly the simplest mechanism for building data structures, but they carry hidden costs when used in global constants, which we’ll explore in this post and look at how we can avoid them. Even if you’re not writing a compiler, understanding this optimization is a fun chance to peel back some of the mystique of C, explore a bit of the runtime machinery that makes C programs work in contemporary operating systems, and see how a compiler can make different tradeoffs when not constrained by the abstractions C provides.

[…]

The object_vtable structure here is a global constant, full of pointers to other global constants—it should be “free”, right? In reality, operating systems provide a fairly elaborate runtime environment in order to make C programs work. Data structures that contain global pointers will in fact allocate memory at program launch before even entering main(). To understand why, we need to peek behind the scenes and look at how the dynamic linker works.

[…]

One tradeoff to using relative references is that they do require slightly more generated code on average to dereference than absolute pointers, leading to small performance and code size costs.

Update (2018-02-20): McCloud recommends DYLD_PRINT_STATISTICS.

When Swift Makes You Use “throws” Instead of “rethrows”

Brent Royal-Gordon:

rethrows lets you specify that a function can only throw if one of the functions passed to it as a parameter can throw. It enforces this by only allowing try to be applied to calls to those functions or rethrows functions which are being passed those functions, and only allowing throws inside a catch block.

However, this enforcement can sometimes get in the way. For example, this function only throws if the function it is passed throws, but the compiler cannot statically prove this to itself[…]

[…]

It is possible to work around this by exploiting certain bugs in the rethrows checking—the Dispatch overlay does this to add error handling to DispatchQueue.sync(execute:)—but this is not ideal for obvious reasons.

Via Ole Begemann:

We can use the same trick for our problem. Check out the relevant code in the Swift repository. And here’s the verbatim copy of the code (I only changed the function names) for performAndWait[…]

[…]

performAndWait now calls through to a private helper function that takes two throwing functions (the original block and an error handler) and this convinces the compiler that the rethrows invariant holds.

How to Use Adaptive Width Strings for Localization

Daniel Martín:

One of the challenges of localization lies in the length of translated texts. Languages like German are especially problematic because of its longer texts compared to English. In addition to that, translators are often working with isolated strings, where the only context they get (if they get any) is the place where the string is going to be placed and its purpose, but they don’t usually have any idea about the available physical space on the screen. Moreover, the available space may not be constant as the same app may be run on an iPhone or an iPad (or even a Mac in the future?).

[…]

In order to solve this problem, if you don’t want to engineer your own solution Apple introduced “adaptive strings” with iOS 9. This feature is based on string dictionaries (.stringsdict files), which are commonly used to support pluralization rules in apps.

[…]

For each key that you want to support multiple localizations, add a NSStringVariableWidthRuleType dictionary with key/value pairs, one for each “class” of screen width that you want to support.

This relies on a private __NSVariableWidthString string subclass, which survives conversion to a Swift String, though you may need to be careful not to lose it if you manipulate the String rather than passing it directly to a control.

Christoph Mantler:

When Wordcrafts is finished with the translations, the company will push its changes in the dedicated branch, create a pull request on GitHub, and send us an email stating that everything is finished. Once this occurs, the translations go through a second process of QA — this time on our end — to ensure that all strings are correct. There are also tests in place to check whether or not the code syntax is correct.

[…]

Below is a great example of how a plural string will look when translated. The key is defined on the top, and below are all the various cases that can apply for this string (zero, one, other)[…]

Update (2019-04-10): Kuba Suder:

Looks like the i18n pluralization rules used in Cocoa “stringsdict” files are a Unicode standard - there are some nice charts here.

Security and Privacy Issues of Bitcoin

Adrian Colyer:

At the core of this survey is a catalogue of security attacks on Bitcoin, together with known defences or mitigations where applicable. We’ve touched on many of these before in one way or another, but it’s helpful to see them all in one place.

GitHub Shouldn’t Allow Username Reuse

Jesse Donat (via Hacker News):

Usernames, once deleted, should never be allowed to be valid again. Many sites including Google do it this way.

Allowing username reuse completely breaks any trust that what I pull is what it claims to be.

[…]

I think another good option would be Github offering permalinks to repos, such that if they were deleted and recreated the pathing would change.

It affects not only package managers and programs and software, but humans. Humans navigating Github. I have no way to tell while navigating the site if a project is the original or a charade. That is a problem.

Previously: Trusting SDKs.

Monday, February 19, 2018

How iFixit Became the World’s Best iPhone Teardown Team

Motherboard (video, via Dave Mark):

The iPhone teardown, undertaken by third-party teams around the world, provides a roadmap for the life of the iPhone X: Is it repairable? Who made the components inside it? The answers to these questions shift stock markets, electronics design, and consumer experience.

Every year there’s a race to become the first to tear down the phone, with teams from around the world flying to Australia—where it’s first released—to compete to be the first to look inside the world’s most coveted new phone. Motherboard embedded with iFixit, a California-based company whose primary mission is to make it easier for the average person to disassemble and repair their electronics, for its iPhone X teardown.

We went inside iFixit’s office, the “headquarters of the global repair movement, which features a tool laboratory and a parts library with thousands of electronics parts and disassembly tools. Then we went to Sydney, Australia, as iFixit tried to become the first team to tear down the iPhone X.

See also: HomePod Teardown (Hacker News).

Previously: Apple Fighting New “Right to Repair” Legislation.

Lightning Charge/Audio Dongles

Almost 1.5 years after Apple removed the headphone port with the iPhone 7, it still doesn’t seem like there’s a good solution for playing audio and charging at the same time.

The Wofalodata adapter that I bought for $15 stopped playing audio after a few months, with the iPhone intermittently complaining that it’s not a certified accessory. The Amazon reviews indicate this is common. I contacted the company, who said they would send a replacement unit, but two months later it hasn’t arrived.

I then tried the $14.50 Zerkar, but it also failed after a few months, again confirmed by reviews.

A year after the iPhone 7 was released, Belkin shipped its $35 adapter, which is the only one I’ve seen that’s MFi certified. I haven’t tried this one yet, but it, too, has lots of Amazon reviews indicating unreliability.

I don’t understand why this is such a hard problem to solve. And with over 100 million eligible iPhones, and increasing, you’d think there would be a market for a good product.

In a way this is like the situation with Macs and USB-C. The problem with removing a port isn’t so much that you have to buy and carry a dongle as that the dongle/hub is never as reliable as having the port built-in.

Previously: Removing the iPhone’s Headphone Jack, iPhone 7, Apple’s Lightning to Headphone Adapter.

Update (2018-02-19): To be clear, I use AirPods rather than headphones. The reason I have the dongle is to play audio from the iPhone in my car.

See also: Marco Arment’s tweet and replies.

Is APFS Fully Supported Yet?

Howard Oakley:

In his presentation to WWDC in June 2017, Pavel Sokolov, a File System Manager, stated unequivocally that APFS was the official replacement for HFS+, Fusion Drives were fully supported as boot volumes, APFS stored all its metadata on the SSD part of a Fusion Drive, APFS automatically defragments on hard disks[…]

[…]

However, when High Sierra 10.13 was released on 25 September 2017, not only did it not convert Fusion Drives to APFS, but Apple made it clear that APFS was not then supported on Fusion Drives. There were reports at the time that Apple staff stated that such support would be provided in a future update to High Sierra, but I did not see any written release from Apple making that clear, nor was there any promised timescale.

[…]

APFS has been updated several times since 25 September, the last being in the 10.13.3 update of 23 January 2018. I have not come across any release notes which have claimed any change in the storage supported by APFS.

[…]

Support from third-party tools remains more patchy. For example, DiskWarrior 5.0 does not support any operations on APFS, but Prosoft claims its Drive Genius supports all features apart from defragmentation and repartitioning of APFS containers/volumes.

I also haven’t been able to get VMware to compact APFS volumes.

Previously: How to Disable macOS High Sierra Upgrade Notifications.

Update (2018-05-01): Colin Cornaby:

Boot Camp doesn’t support browsing/using Startup Disk with APFS drives, and doesn’t support eGPU. Is anyone still working on it at Apple? Or is it going to be AirPorted?

Update (2018-06-02): Juli Clover:

Apple is planning to share news on APFS support for Fusion Drives “very soon,” Apple software engineering chief Craig Federighi told MacRumors reader Jonathan in an email this afternoon.

Update (2018-06-05): Howard Oakley:

Apple has just announced that, at long last, its Fusion Drives will soon support its new file system, APFS – but not until the release of macOS 10.14 Mojave this autumn/fall.

Lightroom Classic CC 7.2

Priya Alexander:

We are pleased to announce the latest update of Lightroom Classic. We have made some significant performance enhancements and added a few key features that will help optimize your photography workflow. When customers talk about performance enhancements, there are generally two categories of improvements requested: Interactive (how quickly the interface responds to your actions) and batch processing (how efficient Lightroom is at utilizing system resources and completing batch tasks). This update is focused on batch processing improvements and we’ll continue to focus on both Interactive and Batch Processing improvements going forward.

We have made significant strides with our partners at Intel to optimize CPU and memory usage so that performance will scale better across multiple cores on computers with at least 12 GB of RAM.

DL Cade:

Our own tests also showed a noticeable speed boost when it came to exporting files, and a massive increase in performance on import.

[…]

Adobe was adamant that this update is just the beginning. The company is “pleased with these performance improvements” and believes Lightroom Classic users will be please as well, but Adobe also told us it is “far from done.” The company promises continued performance optimizations and improvements in future releases of Lightroom Classic CC.

It does feel quite a bit faster to me. Additionally, the database schema has changed—at least compared with the 6.x version that I was using—and that shrunk my 2 GB catalog by about 500 MB. There are also some new features.

See also: Why Lightroom CC Is a Big Step Up from Apple’s Photos.

Previously: New Lightroom CC and Lightroom Classic CC.

Trusting SDKs

Felix Krause (tweet):

Third-party SDKs can often easily be modified while you download them! Using a simple person-in-the-middle attack, anyone in the same network can insert malicious code into the library, and with that into your application, as a result running in your user’s pockets.

31% of the most popular closed-source iOS SDKs are vulnerable to this attack, as well as a total of 623 libraries on CocoaPods.

[…]

The previous example injected malicious code into the iOS app using a hijacked SDK. Another attack vector is the developer’s Mac. Once an attacker can run code on your machine, and maybe even has remote SSH access, the damage could be significant[…]

See also: How to Protect Your App From Hijacking.

Update (2019-08-21): Felix Krause:

And now it happened, one of the most popular Ruby gems ‘rest-client’ got hijacked due to lack of 2FA.

Affected servers now

- Leak all ENV variables and API keys
- Allow the attacker to run any code on your server
- Steal all entered user credentials

Smart Speakers, Speech Recognition, and Accessibility

Steven Aquino:

Smart speakers are a unique product, accessibility-wise, insofar as the voice-first interaction model presents an interesting set of conditions. You can accommodate for blindness and low vision with adjustable font sizes and screen readers. You can accommodate physical motor delays with switches. You can accommodate deafness and hard-of-hearing with closed captioning and using the camera’s flash for alerts.

But how do you accommodate for a speech impairment?

Saturday, February 17, 2018

Time to End-of-Life Interact

Greg Pierce:

Since day one it’s been plagued by bugs in the underlying Contacts frameworks and almost none of them have been fixed by Apple in the intervening years.

It works great for most people, but for the ones with contact data that does not get along with the Contact framework, it fails in annoying ways. There are likely still places I could improve their experience in Interact, but I’ve burned too much time and effort on those edge cases for it to make sense to keep it going.

Nowhere Else to Go

The Menu Bar (tweet):

Marco Arment joins Zac and Andrew at the bar to talk about Ads vs Patreon, the end game for social networks, the trouble you get into for criticizing Apple, iPod as the new Vinyl, and the very sad state of affairs with newer MacBook keyboards.

This is another solid episode. (The previous episode with Dan Masters about Twitter and privacy was also good.) The key point for me is that the Mac and iOS platforms are one-of-a-kind resources that Apple controls. They are it for the foreseeable future unless you want to use Windows or Android, which have their own share of problems. It’s like the dark ages that Steve Jobs spoke of in the mid-90s. The barriers to entry are so high now that there is unlikely to be a Be or NeXT or Palm that seems to come out of nowhere.

Apple clearly feels a great responsibility as a steward of our planet. However, there are many governments, companies, and individuals who can also contribute to environmental causes. But in the case of these computing platforms, Apple is the lone steward. Making sure they are good—not just good enough—is something only Apple can do.

Previously: The Best Laptop Ever Made, Unreliable MacBook Pro Keyboards, New MacBook Pros and the State of the Mac, The 12-inch MacBook, Finding an Alternative to Mac OS X.

Twitter Abolishes Native Mac Client

Twitter (Hacker News, MacRumors):

We’re focusing our efforts on a great Twitter experience that’s consistent across platforms. So, starting today the Twitter for Mac app will no longer be available for download, and in 30 days will no longer be supported.

For the full Twitter experience on Mac, visit Twitter on web. 👉 https://twitter.com

Jason Snell:

Masterclass in doublespeak. Please wait while we upgrade your Twitter experience. With a browser window.

Thomas Brand:

A really sweet solution!

Peter Bright:

that plan again:

1. Kill third party apps

2. Force everyone onto first party apps

3. Kill first party apps too, for good measure.

Anil Dash:

I can’t complain about them making official what’s already been obvious for ages, but I wonder what Twitter’s answer is for how those of us with multiple accounts are supposed to use Twitter. Just keep logging in and out?

Jack Dorsey:

Within the iOS app you should be able to switch easily.

John Gruber (tweet):

It’s all fine, really, so long as they continue to allow third-party clients like Tweetbot and Twitterrific to exist. But this “Mac users should just use the website” attitude is exactly what I was talking about here as an existential threat to the future of the Mac.

People choose the Mac because they want the best experience — not the same experience they can get on a $200 Chromebook.

Kontra:

To want to be “consistent across platforms” is a UX self-own: there’s a reason why platforms (plural) continue to exist. And a very few apps manage to escape platforms’ gravity.

Steve Troughton-Smith:

The Mac losing an app as fundamental to today’s society as Twitter is exactly why macOS needs ‘Marzipan’; without a shared app platform, the app ecosystem is going to leave the Mac behind — get used to web apps

Jeff Johnson:

There are so many apps that have both Mac and iOS native versions. I’ve worked on some. With small teams. Even a team of one. It can be done, very reasonably. It’s not trivial, but the narrative about how big corporations can’t afford to do it is absurd.

Somehow MAGICALLY small third party dev shops can have native iOS and Mac Twitter clients. But Twitter can’t because IT’S TOO HARD.

Macs are empirically selling better than ever. This is a matter of public record. But everyone wants to say the Mac is dead. WTF is wrong with this world? We’ve lost all touch with objective reality.

Calum Hunter:

it just shows how bad everything else is. mac hardware is crazy outdated they are still selling a macpro from 2013 on their store or crying out loud! MacOS 10.13 is a dumpster fire. But even still, its still better to use than windows or linux

Craig Hockenberry:

To celebrate, we just lowered the price of Twitterrific for Mac from $19.99 to $7.99.

John Siracusa:

Third-party clients haven’t even been able to use all Twitter features (e.g., polls, group DMs, etc.) for years. Only the “sweet solution” of the web can fill in completely for a first-party native Mac app.

Rosyna Keller:

The API third party Twitter clients use is also free and doesn’t support Twitter ads or other revenue generating features.

This API is also severely limited (no group DMs, searches limited to 7 days, no polls) and may be entirely deprecated in June.

Brent Simmons:

That thing where indie developers have a Twitter-imposed limit of OAuth tokens is still a thing.

Twitter leadership are jerks in so many different ways.

Jeff Johnson:

You know, they didn’t even need native clients that badly, because they had RSS. Any RSS reader allowed you to follow Twitter. But then they killed RSS support.

Oluseyi Sonaiya:

The app ecosystem is going to leave the Mac behind regardless. The desktop is increasingly marginal for non-productivity software, so this hand-wringing over a mediocre app being shuttered is surprising.

Josh Centers:

And you know what? Apple is as much to blame as anyone. When is the last time Apple made a great case for a native interface? Apple News?

Which doesn’t even have a Mac version…

Previously: Twitter’s First Profit.

Update (2018-02-19): Colin Cornaby:

What alarms me is the number of iOS devs who think it could be “write once run anywhere” and what they would do if trusted with that power.

Chris Adamson:

On a larger scale, if a company doesn’t care about making Mac apps now, making the process slightly easier probably won’t move the needle. Twitter finally made a $90MM profit; they could maintain their Mac app if they cared.

Colin Cornaby:

I don’t think Twitter cares about the Mac at all and a universal framework would change little.

They might put a token app out there but they still won’t pay it any special attention.

Jeff Johnson:

It looks like the official Twitter Windows client has also been neglected. It doesn’t even have 280 characters either. Most likely it will also be discontinued. Jack himself said they’re focusing on mobile.

Anyone who thinks this is all about “Marzipan” has not considered the Windows side. You can say Mac is a niche, but Windows worldwide market share is about 90%.

Of course, Windows isn’t on phones. Twitter only cares about phones now.

Dan Frommer:

Twitter on the web feels like a static product. Like something you open, read, and close. Twitter for Mac made it feel alive; a never-ending conversation, in a way even the best mobile clients don’t. Really too bad.

Update (2018-02-22): See also: Upgrade.

Ben Sandofsky (via Jeff Johnson):

I was never in the C level suite on any of the conversations about how they truly felt, but it was always…You know Google has 20 percent projects? [Twitter for Mac] was always a 120 percent project of, “Once you’re done with all of your work, we’re going to give you your nights and weekends.”

It’s really a testament to a lot of the people who love the app inside the company, who would go on to spend, in some cases, their holiday time off building in updates. I think that it never really received all of the support it needed.

Color Picker Now Rearranges Custom Swatches

Rory Prior:

Oh joy another High Sierra annoyance. Some engineer took it upon themselves to rewrite the custom colour swatch area in the colour picker to use a bloody collection view so it no longer lets you use spatial grouping.

He recorded a video.

iOS Share vs. Action Icons

Ole Zorn:

I suspect that 90% of users have no idea what distinguishes these two (completely separate) rows of icons, aside from the color.

(To be clear, I have no idea either. Theoretically, it’s “share” and “action”, but those concepts are so muddy that it’s hard to know which group a particular app extension belongs to.)

Further confusing things is that the “More” button in both rows brings up a panel titled “Activities.”

Friday, February 16, 2018

Acorn Drops IAP Trial

Gus Mueller:

For the App Store version of Acorn, I’ve also removed the option to “purchase” a free trial for $0 via in app purchases. You can still grab the free trial off our website, and if you like it you can purchase Acorn directly from us or from the App Store.

IAPs have a lot of issues on the Mac, and provided a really crappy experience just to enable free trials. Incomplete store APIs (such as receipt refreshing), buggy / hung app store background processes (we were having to tell people to restart their computers if the purchases weren’t working), 403 App Store errors when trying to purchase the trial, dialog boxes saying “Are you sure you want to spend $0?” which scared people away, and of course emails from people assuming that I was going to try and charge them after the trial was up and they wanted to cancel their “subscription”.

Previously: App Store Trials: No More Free IAPs?.

Google Removes “View Image” Button From Search Results

Jacob Kastrenakes (via Hacker News):

The change is essentially meant to frustrate users. Google has long been under fire from photographers and publishers who felt that image search allowed people to steal their pictures, and the removal of the view image button is one of many changes being made in response. A deal to show copyright information and improve attribution of Getty photos was announced last week and included these changes.

Chrome’s Ad Filtering

Rahul Roy-Chowdhury:

Chrome will stop showing all ads on sites that repeatedly display these most disruptive ads after they’ve been flagged. More technical details about this change can be found on the Chromium blog.

Frederic Lardinois:

The most important thing to know is that this is not an alternative to AdBlock Plus or uBlock Origin. Instead, it’s Google’s effort to ban the most annoying ads from your browser. So it won’t block all ads — just those that don’t conform to the Coalition for Better Ads guidelines. When Google decides that a site hosts ads that go against these guidelines, it’ll block all ads on a given site — not just those annoying prestitials with a countdown or autoplaying video ads with sound.

[…]

As Google’s product manager for the Chrome Web Platform Ryan Schoen told me, 42 percent of publishers that were in violation have already moved to other ads.

Via Dare Obasanjo:

Chrome starts blocking ads unless they meet its rules. This is driving publishers to switch to “compliant” ad networks.

Would love to see stats on how many such publishers move to Google’s ad network. The strong arming so blatant. 😮

Mathew Ingram:

I would just like to point out again that having the world’s largest digital advertising company decide which ads to show in the world’s most popular browser is a bad idea

Jared Smith:

If Microsoft had an ad network in 1998 and tried something like this in Internet Explorer...

Multiple iOS Timers

Dr. Drang:

But you do have Reminders. They have names and can be set to alarm not only at an absolute time, but also at a relative time:

“Hey Siri, remind me to check the casserole in 20 minutes.”

This works on my iPhone, iPad, and Watch, and I assume—based on this article—that it would work on my HomePod if I had one. This is clearly Apple’s preferred solution to setting multiple timers, each with a distinct name.

Holger Eilhard:

The problem I see aside from the ones already mentioned from others: the HomePod doesn’t actively tell you a reminder is due, unless there’s some configuration option that I haven’t seen. Sure, the iPhone does but that might be in another room not in the kitchen.

John Gruber:

There’s no more reason for the Clock app to support only one timer than there is for it to support only one alarm.

Dr. Drang:

It’s been this way for years, and there’s always been a need for multiple timers. Right or wrong, Apple thinks you should use Reminders for that function. Maybe the HomePod complaints will change its mind, but I doubt it.

I frequently want multiple timers, but I’m not thrilled with using reminders for this. First, it’s easy to miss reminders. They might be muffled by Do Not Disturb, and they don’t keep playing the sound until you act.

I also use Siri and Reminders to enter tasks into OmniFocus. This works better for me than using Siri with OmniFocus directly. The problem is that if I then enter a “timer” reminder, it might get moved into OmniFocus and never go off.

The obvious solution is to have a separate Reminders list for timers. Even assuming that I would remember to use this, I haven’t been able to get it to work with Siri. The syntax is apparently supposed to be:

Add “list name” reminder “new item” on “date and time”

So I tried making a list called “Timers” and said:

Add Timers reminder check oven in 30 minutes

Siri transcribed this correctly, and it set the due date to 30 seconds in the future, but it added the reminder to my default Reminders list, not to Timers. I also tried various other names for the list, such as “Alarms” and “Cooking” with the same result. Adding to “Timers” usually works fine when not specifying a time, but when I add the time it silently does the wrong thing.

Previously: OmniFocus and Siri on iOS 11.

Update (2018-02-16): Matt Deatherage reports that pausing while you speak can help improve Siri’s parsing. I found that this:

Add a reminder…in 30 seconds…to check oven…to my Timer list

works. I had better success after renaming the list from “Timers” to “Timer.” Even so, you have to be careful with how long you pause. Speak too quickly and Siri gets confused. Pause for too long and Siri stops listening. Holding the Home button can prevent that but is inconvenient. My initial accuracy was only about 25%. After some practice, I am now able to speak at a normal rate with very small pauses and entered 10 reminders correctly in a row. It remains to be seen whether this will carry over into everyday use.

Update (2018-02-19): Dr. Drang:

In the table below, I’m comparing the features of the three alert types on iOS: Timers, Alarms, and Reminders. Included in the comparison is how certain features work (or don’t work) on the iPhone, iPad, Watch, Mac, and HomePod.

Simplenote Outage Due to DMCA

Simplenote:

We discovered shortly after that Google Cloud Platform, which hosts the web application, had shut down the site due to a DMCA notice for allegedly infringing content that appeared in published notes. We worked with Google to rectify the issue as quickly as possible and they reinstated the app yesterday morning.

Via John Gordon:

This needs a LOT more explanation.

Your data (temporarily) disappears because of something posted by a completely unrelated user.

Bringing the Power of AMP to Gmail

Aakash Sahney:

This new spec will be a powerful way for developers to create more engaging, interactive, and actionable email experiences.

For example, imagine you could complete tasks directly in email. With AMP for Email, you’ll be able to quickly take actions like submit an RSVP to an event, schedule an appointment, or fill out a questionnaire right from the email message. Many people rely on email for information about flights, events, news, purchases and beyond—more than 270 billion emails are sent each day! AMP for Email will also make it possible for information to easily kept up-to-date, so emails never get stale and the content is accurate when a user looks at it.

Steven Frank:

Please don’t allow Google to subsume (even more of) the open web in exchange for “more interactive and engaging” emails.

Devin Coldewey (via Hacker News):

The moat between communication and action is important because it makes it very clear what certain tools are capable of, which in turn lets them be trusted and used properly.

We know that all an email can ever do is say something to you (tracking pixels and read receipts notwithstanding). It doesn’t download anything on its own, it doesn’t run any apps or scripts, attachments are discrete items, unless they’re images in the HTML, which is itself optional. Ultimately the whole package is always just going to be a big, static chunk of text sent to you, with the occasional file riding shotgun. Open it a year or ten from now and it’s the same email.

[…]

What Google wants to do is bridge that moat, essentially to allow applications to run inside emails, limited ones to be sure, but by definition the kind of thing that belongs on the other side of the moat.

[…]

Ads and trackers that adapt themselves to the content around them, the data they know about the viewer, and the latest pricing or promotions. That’s how Google wants to “modernize” your inbox.

Does “engaging, interactive, and actionable email experiences” ring a little different now?

Nick Heer:

Of course, there’s a good chance the advanced capabilities of this format won’t catch on because email clients are already pretty fragmented as things stand today. It’s an area of the web where the lowest common denominators — HTML tables and old-school tags like <font> — are used with disturbing regularity, simply because it’s the only markup that works well in all clients.

Tim Kadlec (via Hacker News):

So, to recap, the web community has stated over and over again that we’re not comfortable with Google incentivizing the use of AMP with search engine carrots. In response, Google has provided yet another search engine carrot for AMP.

This wouldn’t bother me if AMP was open about what it is: a tool for folks to optimize their search engine placement. But of course, that’s not the claim. The claim is that AMP is “for the open web.” There are a lot of good folks working on AMP. I’ve met and talked with many of them numerous times and they’re doing amazing technical work. But the way the project is being positioned right now is disingenuous.

If AMP is truly for the open web, de-couple it from Google search entirely. It has no business there.

Update (2018-02-19): Jason Rodriguez (Hacker News):

As an email geek, I’m liable to disagree with a lot talk in the web world but not in this case. I think AMP for Email is a bad idea. An interesting idea with some cool demos, sure, but poorly executed by Google.

Everything Easy Is Hard Again

Frank Chimero:

I had fifteen years of experience designing for web clients, she had one year, and yet some how, we were in the same situation: we enjoyed the work, but were utterly confused and overwhelmed by the rapidly increasing complexity of it all. What the hell happened?

[…]

Except with the websites. They separate themselves from the others, because I don’t feel much better at making them after 20 years. My knowledge and skills develop a bit, then things change, and half of what I know becomes dead weight. This hardly happens with any of the other work I do.

I wonder if I have twenty years of experience making websites, or if it is really five years of experience, repeated four times.

Oluseyi Sonaiya:

Two days ago this contention that web tech is self-obsoleting sparked a bunch of agitated responses from people who assumed I didn’t know what I was talking about.

Nick Heer:

Over the last five years or so, even the most basic website stopped being treated as a collection of documents and started being thought of as software. Over the same period of time, I have gone from thinking that I know how to build a website quickly and efficiently to having absolutely no clue where to start learning about any of this stuff. I can’t imagine being eight years old again and being interested in the web as something anyone can contribute to.

David Mack:

I appreciate now that technologies have a surprisingly short lifespan. CoffeeScript and AngularJS are our most obviously tired components (we plan to migrate to TypeScript and latest Angular). All of our technologies were fairly bleeding-edge when we adopted them and it’s a blessing that my predilection for hipster technologies has not caused any serious problems.

I’ve hugely appreciated the succinct functional syntax of CoffeeScript and believe it’s helped me achieve greater personal productivity over the years.

Building on the above, I now know that you need to budget time and strategize for the replacement of technologies. You accept long-term “technical debt” with the adoption of any technology.

Marc Edwards:

It’s amazing how much variation there is in blur radius across browsers and design tools. You can’t assume things will look the same.

App Store Selective Enforcement

Ryan Jones:

App Store rules don’t apply to a) big companies b) tiny piece of shit apps.

Everyone else? We’re going to rake you over the coals for 3 months lighting your time on fire (and passion to create, tbh).

App Store review won’t honor or even listen to precedents - such as approving *60* other app icons.

THAT’S THE FOUNDATION OF A FAIR JUDICIAL SYSTEM. SAME RULES FOR ALL.

I can’t make great stuff if I can’t invest time and I can’t invest time if I don’t know what’s allowed! 😡😤

If the rules are vague, and you can’t rely on precedent, and you can’t ask for pre-approval, the only way to be safe is to stay really far away from the lines, and hope they don’t move.

Eric Schwarz:

I sort of felt like things were out the window when apps can send spam notifications or blatantly disregard rules, especially if they’re big players like Facebook. What you shared is also not surprising…

Previously: iPhone X Design and the Notch, Designing Apps for iPhone X.

Update (2018-02-16): Addison Webb:

Currently being burned by this as well. Vague rules. Spotty enforcement. No clarification from App Review on the exact problem, let alone a suggested fix.

Thursday, February 15, 2018

Can macOS Tell How Large a File Really Is?

Howard Oakley:

The macOS programming class which provides most information about files is URL. It has quite an elaborate interface which involves telling a file URL object which ‘keys’ you want it to reveal, then accessing those that you want. In this case, the URLResourceKey in question is totalFileSize, which Apple’s developer documentation describes as:

Key for the total displayable size of the file in bytes, returned as an NSNumber object (read-only). This includes the size of any file metadata.

But apparently this refers to metadata from the resource fork. It does not count extended attributes.

The evidence from Precize is that the only accurate way to measure the full size of a Mac file is to total the sizes of each of its xattrs, and add those to the size of its data fork. That doesn’t appear to be a function performed by macOS, or at least it is not exposed anywhere to developers or users. So, as far as I can tell, macOS itself doesn’t have any direct access to the total size of any of its files – which seems a startling omission.

Howard Oakley:

I had not expected xattrs to be so heavily used in the /Library folder, but the average size of xattrs across its files which have xattrs is just over 7 KB per file. I had expected them to be commonplace in my Home folder, but am surprised that the average total size of xattrs across all the files there (not just with xattrs) is just over 2 KB.

[…]

The largest contribution is in ~/Documents, which has a total of 2.6 GB of xattrs across less than half a million files. However, a lot of my images in ~/Pictures still seem to sport thumbnails, so the average total of xattrs per file with xattrs is there almost 21 KB – that’s 0.796 GB in only 38018 files.

GitFinder 1.0

ZigZag:

Apple has finally come up with official way and API to extend Finder functionality and offer custom badges for icons, as well as contextual and/or toolbar menu items (actually, adding contextual menu items was possible prior macOS 10.6, but it required tons of Carbon code, while icon badging was never officially supported). That was in macOS 10.10, also known as Yosemite. I immediately remembered seeing people years before using TortoiseGit/SVN on Windows and thought it would be nice to have something similar on Mac. However, the API in 10.10 was crippled in many ways (especially when it came to menus), that I just filled a bunch of bug reports and stopped thinking about it. As it usually happens in the last 7-8 years, Apple didn't bother fixing those things in minor updates, so most issues haven't been fixed before 10.11 (El Capitan) came out, a full year later.

[…]

The end result is the application, which can be used solely as Finder's extension, giving you quick access to files' git statuses via icon badging and most frequently used git command via Finder contextual and/or toolbar item menu. But, you can also kick its repository browser window and use it as a separate, fully functional git client. Repository browser offers all you could expect from such client; full list of branches, tags, remotes, submodules and other references, commits list, commit diffs, commits search and others. All just a click in a Finder window away.

I’ve been testing this for a while, and it looks promising. I like being able to quickly get the history of a particular file by Control-clicking on it. And it’s nice to be able to click, search, or glob in the Finder to choose which files to stage or revert. The main site has some good screenshots that show what it can do. For me, at least, it’s currently more of an adjunct than a replacement for other clients. Like GitUp, it uses libgit2 rather than the git command-line tool.

Data Loss on APFS Sparse Disk Images

Mike Bombich (Hacker News):

Earlier this week I noticed that an APFS-formatted sparsebundle disk image volume showed ample free space, despite that the underlying disk was completely full. Curious, I copied a video file to the disk image volume to see what would happen. The whole file copied without error! I opened the file, verified that the video played back start to finish, checksummed the file – as far as I could tell, the file was intact and whole on the disk image. When I unmounted and remounted the disk image, however, the video was corrupted.

[…]

Following the earlier example, suppose you attempt to copy 200GB of data to that 500GB disk image file. This shouldn’t be possible, because there was only 100GB of free space left on the underlying disk. The APFS disk image reports that there’s 500GB of free space available, though, so what the heck, let’s do this! The first 100GB of data does successfully get written into the disk image file – the disk image file has grown now to 100GB. But now the underlying disk is completely full, and the disk image file can no longer grow – the diskimages-helper application is getting “No space left on device” errors when trying to write data to its band files.

But diskimages-helper simply ignores these errors.

Update (2018-02-17): See also: Thomas Claburn.

kbumsik:

These are not even complex problems of the new format. It is just Apple forgot to have basic checks. It is like the root access with an empty password incident happened 2 months ago. Why these serious but basic problems happen?

Update (2018-02-19): See also: MacRumors.

Another iOS Crash Caused By Sending Unicode Character

Tom Warren (Hacker News, MacRumors):

A new bug has been discovered in iOS 11 that lets people send a specific character that will crash an iPhone and block access to the Messages app in iOS and popular apps like WhatsApp, Facebook Messenger, Outlook for iOS, and Gmail. Italian Blog Mobile World spotted the bug, and we’ve tested it successfully on multiple iPhones running iOS 11.2.5, and found it also works on the macOS versions of Safari and Messages. Apple plans to fix the problem in an iOS update before the release of iOS 11.3 this spring.

The bug itself involves sending an Indian language (Telugu) character to devices, and Apple’s iOS Springboard will crash once the message has been received.

I wonder if this is why Tweetbot was crashing on my Mac the other day.

Previously: Using Siri to Work Around iMessage Crash.

Update (2018-02-15): Ashley Bischoff:

At this rate, I’m kinda astounded that Apple still hasn’t yet run a fuzzer against Messages.

You’d think that someone at Apple would have brought up fuzzing after the first or second time that this sort of thing happened with Messages. But I guess not.

Update (2018-02-16): Rosyna Keller:

Likely because it’s not an issue in Messages or with the Unicode string itself. It’s a bug in the text renderer (which doesn’t necessarily lend itself to fuzzing).

Since some apps are unaffected, it means it also depends on layout options/factors.

Manish Goregaokar:

The original sequence is U+0C1C U+0C4D U+0C1E U+200C U+0C3E, which is a sequence of Telugu characters: the consonant ja (జ), a virama ( ్ ), the consonant nya (ఞ), a zero-width non-joiner, and the vowel aa ( ా).

[…]

And then I saw that there was a sequence in Bengali that also crashed.

[…]

So, ultimately, the full set of cases that cause the crash are:

Any sequence <consonant1, virama, consonant2, ZWNJ, vowel> in Devanagari, Bengali, and Telugu, where:

  • consonant2 is suffix-joining – i.e. र, র, য, and all Telugu consonants
  • vowel is not  ై or  ৌ

Paul Haddad:

Hey past me, good job on adding support for remotely filtering crashing unicode sequences.

Update (2018-02-20): Juli Clover:

Apple released iOS 11.2.6 to address a bug that causes apps like Messages to crash on the iPhone and iPad due to an inability to render a specific character in the Indian language Telugu.

There’s also a supplemental update for macOS 10.13.3.

Facebook’s “Protect” Feature

Adam C. Engst:

However, tapping Protect takes you to the App Store and displays an app called Onavo Protect — VPN Security. It is indeed a VPN — a virtual private network — that securely tunnels all your traffic through Onavo’s servers. The problem is that, as you might expect from the link source, Onavo is owned by Facebook. If you were to stumble on Onavo Protect in the App Store, you’d have to tap More and read the full description to discover that. If you read all the way to the end, you’d learn that Onavo Protect “directs all of your network communications through Onavo’s servers,” and that, “as part of this process, Onavo collects your mobile data traffic.”

Clearly, that menu item in the Facebook app should be labeled “Collect” instead of “Protect.”

Jamie Zawinski:

This lets Facebook “protect” you by intercepting and spying on the traffic of every other app on your phone including your web browser.

Nick Heer:

Even if you ignore potential anticompetitive issues, there’s still a question of whether users of Facebook’s VPN are adequately aware of how the company accessed and uses their data.

Previously: How Facebook Squashes Competition From Startups.

In other Facebook news, Kate Conger (via John Gruber):

Facebook is bleeding users, with external researchers estimating that the social network lost 2.8 million US users under 25 last year. Those losses have prompted Facebook to get more aggressive in its efforts to win users back—and the company has started using security prompts to encourage users to log into their accounts.

[…]

The texts are a particularly obnoxious form of spam, and instead of making me want to log into Facebook, they remind me why I’m avoiding it. It’s painful to see my ex’s name popping up on my phone all the time, and while my intern was great at her job, I’m not invested in keeping up with her personal life.

[…]

What’s most frustrating is that Facebook has taken a security feature like two-factor authentication—which gives users valuable protection from phishing and account takeovers—and perverted it into a tool for spam.

Update (2018-02-19): Nick Statt (Hacker News):

Facebook this evening clarified the situation around SMS notifications sent using the company’s two-factor authentication (2FA) system, admitting that the messages were indeed caused by a bug. In a blog post penned by Facebook Chief Security Officer Alex Stamos, the company says the error led it to “send non-security-related SMS notifications to these phone numbers.”

See also: Josh Centers.

Update (2018-02-27): Will Strafach:

I have some questions regarding Facebook’s Onavo Protect VPN app. I don’t have any proper contacts to pass these through, but if anyone I know does, I would be super interested in knowing the answers. because this is weird.

1. why does Onavo Protect track (and send to http://graph.facebook.com ) timings for when people’s screens are on/off? what use is this info? (they monitor http://com.apple .springboard.hasBlankedScreen + http://com.apple.mobile .SubstantialTransition Darwin notifications)

2. why does Onavo Protect track (and send to http://graph.facebook.com ) daily Wi-Fi and cellular data byte usage counts for the device, even for when Onavo VPN is not running?

3. did Apple give Facebook permission to embed analytics data upload code in the Packet Tunnel Provider app extension? (the extension would be running while VPN is connected, so Facebook can perform periodic uploads in the background as much as desired)

Update (2018-03-07): Will Strafach (via Hacker News):

I found that Onavo Protect uses a Packet Tunnel Provider app extension, which should consistently run for as long as the VPN is connected, in order to periodically send the following data to Facebook (graph.facebook.com) as the user goes about their day:

  • When user’s mobile device screen is turned on and turned off
  • Total daily Wi-Fi data usage in bytes (Even when VPN is turned off)
  • Total daily cellular data usage in bytes (Even when VPN is turned off)
  • Periodic beacon containing an “uptime” to indicate how long the VPN has been connected

Update (2018-09-07): Juli Clover:

Facebook today removed VPN app Onavo Protect from the iOS App Store after Apple decided that it violates App Store data collection policies, reports The Wall Street Journal.

Apple earlier this month told Facebook officials that the Onavo app, which serves as a virtual private network, violates June App Store rules that prevent apps from harvesting data to build advertising profiles or contact databases.

John Gruber:

I’m glad Apple cracked down on this, but it shouldn’t have taken until August.

Bob Burrough:

I’m confused about how Onavo was getting data even when not connected as a VPN tunnel. I’m surprised an iOS app has access to this information at all.

Wednesday, February 14, 2018

Castro 3’s Business Model

Supertop:

Oisín & Pádraig discuss the different options for Castro 3’s business model and the reasons behind the model they’ve chosen.

This is an interesting discussion about why they are switching to subscriptions despite previously not liking that model. Advertising does not seem like a good fit because they are deliberately targeting a niche user base. What is the proper way to balance unique features with a free trial?

Previously: Overcast Tries Ads.

Update (2018-04-05): Supertop:

In the latest episode of the podcast we give an overview of why we feel good about moving to subscription pricing for Castro and then discuss some of the issues we’ve experienced preparing for the transition.

Good vs. Better at Bad

Joe Cieplinski:

Without knowing where “good” is, anyone can wave either one of these comparisons away and chalk it up to priorities. Some people care more about the sound quality. Some people care more about the smart stuff. Sounds like a toss-up, right?

But there’s a threshold of quality where people consider something “good.” Where the general public—not just a niche of enthusiasts—agrees that a technology has gotten significantly good enough to make it ready for prime time.

We reached the “good” threshold for speakers decades ago. The subcategory of affordable bookshelf speakers got there sometime in the past few years.

But we’re nowhere near “good” yet when it comes to digital assistants.

I like the way his final chart visualizes this.

So yes, other platforms may currently be “better” than Siri. But when none of the platforms is good, what difference does that make, except to a small niche of enthusiasts? By all means, enjoy the Echo if you want to live on the bleeding edge of voice assistants. But don’t try to convince me Apple is doomed in this space[…]

The “doomed” narrative has taken hold because it seemed like Siri started out ahead but has fallen behind and is now facing a network effect. What reason do we have to think that it can or will catch up? Still, it’s far too early to know who will win the race, or whether that’s even the right question to ask. Perhaps at some point they’ll all be good enough that people choose based on other factors. Some would argue that’s what happened with maps, where Google remains ahead, and may even be increasing its lead, but yet Apple Maps is improving in an absolute sense and many people use it successfully.

Update (2018-02-15): Nick Heer:

But I maintain that, even if Amazon and Google aren’t that much closer to a fully assistive software or hardware product, the ways in which Siri frequently fails are unacceptable.

Update (2018-02-23): See also: Matt Birchler.

HomePod Can Leave White Rings on Wood Surfaces

Joe Rossignol (9to5Mac):

Apple has issued a statement confirming that the HomePod can possibly leave white rings on wood surfaces with an oil or wax finish.

The strange discovery was brought to light in HomePod reviews published by Wirecutter and Pocket-lint, as highlighted by VentureBeat, while at least one customer shared a picture of the same problem on Twitter.

Jeff Johnson:

This is why they didn’t notice the white rings on the table.

Not Jony Ive:

Fixed the HomePod “white ring” situation.

Update (2018-02-14): James Thomson:

The HomePod Wood Adaptor was included in every box. It’s the sticker.

Tiffany Arment:

Why don’t we just give everybody a coaster? Okay. Great. Let’s give everybody a coaster.

Riccardo Mori:

In reference to the latest HomePod issue, it’s time for another Tim & Steve strip: “If you see a ring, they blew it.”

Mike Burvill:

I’m really curious to find out if this has affected the famous wooden tables found in Apple Stores...

Myke Hurley:

If a device has a rubber base it suggests ‘protection’ between the surface and the product.

I feel there is no general assumption that you should also put something between a rubber base and a surface.

Apple:

It is not unusual for any speaker with a vibration-damping silicone base to leave mild marks when placed on some wooden surfaces. The marks can be caused by oils diffusing between the silicone base and the table surface, and will often go away after several days when the speaker is removed from the wooden surface. If not, wiping the surface gently with a soft damp or dry cloth may remove the marks. If marks persist, clean the surface with the furniture manufacturer’s recommended cleaning process. If you’re concerned about this, we recommend placing your HomePod on a different surface.

The article says “Published Date: Feb 15, 2018,” but it was posted today.

Shawn King:

“HomePod may leave white ring on wood surfaces. Apple recommends using elsewhere.” So…is this the latest Apple version of, “You’re holding it wrong”? Jesus Apple.

Federico Viticci:

Like many recent Apple PR debacles, this HomePod ring problem could have been easily avoided by simply…telling people beforehand.

Explain how things work. Even the obvious ones. Be proactive. Don’t wait until people discover issues to spin the narrative back in your control.

John Gruber:

Anyone who runs into this should be outraged. I honestly don’t see how this could happen. Apple has been making products that go on shelves and tables for years — AirPort base stations, Apple TV, various docks — and I’ve never seen a report of damage to a surface. I guess the difference with HomePod is that the base factors into the acoustics, but still, this seems like an issue that should have been caught during the period where HomePod was being widely tested at home by many Apple employees.

Jon Chase:

This really undermines the design aspect of the HomePod—especially if you were thinking of displaying it on some prized piece of furniture—and it will surely be a sore point for many potential buyers. In other testing, we have seen no visible damage when using it on glass, granite countertop, nice MDF, polyurethane-sealed wood, and cheap IKEA bookcases. We also tested the HomePod in the same place a Sonos One regularly lives—and the Sonos hasn’t caused damage in months of use.

Update (2018-02-15): Ryan Jones:

MacBook Pro’s have battery life issue: Apple just removes battery time remaining

iPhone’s can’t retain battery health: Apple throttles CPU silently

HomePod marks wood tables: Apple says use a coaster

This dismissiveness is getting old.

Josh Centers:

How could Apple have anticipated that people who buy $350 speakers would set them on wooden furniture? This is a difficult problem at scale.

Mike Prospero, contra The Wirecutter:

A closer inspection revealed that the Sonos One speaker, which also has small silicone feet, had made these marks on my cabinet. Looking around the top of the cabinet, I noticed a bunch of little white marks, all left from the Sonos Ones as I moved them around. So, they will damage your wood furniture, too.

Update (2018-02-17): See also: Accidental Tech Podcast.

Update (2018-02-19): Josh Centers:

In essence, the rings are caused by a chemical reaction between the silicone and wood oil, and so should affect only wooden furniture with oiled finishes (as opposed to polyurethane, varnish, shellac, paint, or other nonporous finishes). The rings may disappear on their own, but if not, you may be able to reduce or eliminate them with a bit of wiping. If that doesn’t work, This Old House has some advice for fixing furniture finishes, but in my experience, a little Murphy’s Oil Soap on an oil finish can do wonders. Oil finishes are easy to touch up, since you just need to fill the pores of the wood. I’ve heard some people suggest mayonnaise as a fix for this issue, but that’s a bad idea, since it will eventually break down and probably smell terrible.

Update (2018-02-21): See also: The Talk Show.

Tuesday, February 13, 2018

A Blind HomePod Test

David Pogue:

The PR person could switch playback from one speaker to the other without missing a beat. They even had a halo light rigged to turn on behind whichever speaker was playing, so you’d know which was which.

There was not a shred of doubt: In this side-by-side comparison, the HomePod sounded better than its competitors.

[…]

I hid the four speakers behind a curtain — a sheet of thin, sheer fabric that wouldn’t affect the sound. It took me a Sunday to figure out how to get the A/B/C/D switching to work seamlessly, but I finally managed it: All four speakers would be streaming from Spotify, all four over Wi-Fi. I’d use the Spotify app’s device switcher to hop among speakers without missing a beat.

[…]

For each song, I played the speakers in a different order (A to D sometimes, D to A sometimes). […] They held up their signs. Two of them ranked the Google Home Max (“D”) as the best. Three of them ranked the Sonos One (“A”) the best.

Nobody ranked the HomePod the best.

[…]

As far as I can tell, none of the other critics who declared HomePod No. 1 actually set up their own blind A/B/C/D tests. Maybe their conclusions wouldn’t have been so emphatic if they had.

Consumer Reports also rated HomePod lower (via MacRumors):

Overall the sound of the HomePod was a bit muddy compared with what the Sonos One and Google Home Max delivered.

All three of these speakers were impressive compared with other smart speakers we’ve tested, but they fall significantly short of our highest-rated wireless speakers, such as the Edifier S1000DB, $350, which earned an Excellent sound-quality rating.

It’s not clear to me whether they did a blind test.

Other reviewers continue to give HomePod high marks for sound. WinterCharm (ArsTechnica, Hacker News):

I am speechless. The HomePod actually sounds better than the KEF X300A. If you’re new to the Audiophile world, KEF is a very well respected and much loved speaker company. I actually deleted my very first measurements and re-checked everything because they were so good, I thought I’d made an error. Apple has managed to extract peak performance from a pint sized speaker, a feat that deserves a standing ovation. The HomePod is 100% an Audiophile grade Speaker.

See also: Jim Dalrymple.

Previously: HomePod Reviews.

Update (2018-02-14): WinterCharm:

In my review, I made a massive caveat that many news outlets when they picked this up, seemed to forget.

IN AN UNTREATED ROOM The HomePods are pushing better sound than a single X300A, as measured. That’s an impressive feat, I was impressed by it. but my conclusion was that obviously in a properly treated room, correctly set up speakers would be better. This is why I said that the product was great for the masses, but for audiophiles, you would be better off putting these in places like your kitchen and leaving your normal listening setup intact.

Unfortunately, as often happens with the news, they skim and summarize, in a way that some of the subtlety and conditions around which my main point rested are lost in translation. When you take 5000 words and turn it into 1 headline and a 250 word article, some stuff gets lost in translation.

Second, half the news outlets were Apple news sites who have a huge pro Apple bias. They picked it up… and it’s in their best interest to misrepresent or cherry pick the review, exaggerating the claims.

Kirk McElhearn:

The much touted review of the HomePod posted by an “audiophile” on Reddit last week – and gleefully tweeted by Apple’s Phil Schiller – turns out to be a long mess of uninformed and poorly made measurements.

This reply on Reddit highlights many of the problems, notably the fact that the HomePod wasn’t measure in an anechoic room, but mainly the fact that the “reviewer” fudged the display of his graphs, making them look better than they were.

Mark Sullivan (MacRumors):

We’ve heard plenty of opinions on the HomePod’s general sound quality, so it’s a good time to measure the consistency of the HomePod’s sound distribution using some professional-grade acoustic analysis tools.

Update (2018-02-15): Kirk McElhearn:

I’ve been following this Reddit thread and its published results. It’s amazing that in a world of audiophiles who obsess over which USB cable makes their music sound better, that this person performed all of these measurements, and forgot to mention that the HomePod uses digital signal processing to alter all music that it plays. In other words, it is far from neutral, and audiophiles make a big deal about their equipment being neutral. The frequency response may be excellent, but the equalization alters the music from what it should sound like.

In fact, I think it’s highly possible that this reviewer has based the conclusions of his testing on false assumptions. The HomePod has dynamic digital signal processing; it alters the music based on the music. In other words, it’s not a fixed EQ setting, but one that changes as music is played (and according to the room where it’s played). As such, sending single frequency sine waves, or whatever he did, won’t show the results of the EQ.

Update (2018-02-20): David Pogue:

“Since the HomePod adjusts its sound to the acoustics of the room, you should not have used a piece of fabric to hide the speakers,” wrote @markbooth and others. “The fabric may have affected the HomePod’s sound.”

Well, no. The HomePod re-samples its listening position after each time it’s moved, during the first few seconds of music playback. We let the HomePod do its room listening before hanging the curtain, so it had already had the chance to adjust its sound.

Jean-Louis Gassée (Hacker News):

This is where we find a new type of difficulty when evaluating this new breed of smart speakers, and why we must be kind to the early HomePod reviewers: The technical complexity and environmental subjectivity leads to contradictory statements and inconsistent results.

The Mac App Sandbox and Non-Native Apps

Felix Krause (tweet, Hacker News):

Any Mac app, sandboxed or not sandboxed can:

  • Take screenshots of your Mac silently without you knowing
  • Access every pixel, even if the Mac app is in the background
  • Use basic OCR software to read the text on the screen
  • Access all connected monitors

Jeff Johnson:

Nobody tell Felix that Mac apps can also read the clipboard.

This is why I think a network blocker like Little Snitch is more important for protecting users than the sandbox. Anyway, this is not really news, but it prompted some interesting comments from former Apple engineer Peter Ammon:

We did our best but the fact is that sandboxed apps run more slowly, have fewer features, are more isolated, and take longer to develop. Sometimes this cost is prohibitive (see Coda 2.5).

IMO the app sandbox was a grievous strategic mistake for the Mac. Cocoa-based Mac apps are rapidly being eaten by web apps and Electron psuedo-desktop apps. For Mac apps to survive, they must capitalize on their strengths: superior performance, better system integration, better dev experience, more features, and higher general quality.

But the app sandbox strikes at all of those. In return it offers security inferior to a web app, as this post illustrates. The price is far too high and the benefits too little.

IMO Apple should drop the Mac app sandbox altogether (though continue to sandbox system services, which is totally sensible, and maybe retain something geared towards browsers.) The code signing requirements and dev cert revocation, which has been successfully used to remotely disable malware, will be sufficient security: the Mac community is good at sussing out bad actors. But force Mac devs to castrate their apps even more, and there won’t be anything left to protect.

I still think the idea of sandboxing makes sense, but the actual implementation of it—the available entitlements, the framework bugs, the lack of documentation, and the App Store policies—were botched. And there has been little visible progress since macOS 10.7. Is this because it’s fundamentally not possible to do better, given that the Mac wasn’t designed with sandboxing in mind? Or has it simply not been a priority for Apple?

Peter Ammon:

It’s a hard UI problem. The Mac sandbox overcorrects to requiring capability resources for all file accesses, while on the other extreme we have e.g. Windows UAC which trains users to roll their eyes and click through.

But Apple doesn’t enjoy the luxury of solving this problem in a nuanced way, because Mac apps are not acting from a position of strength. I suspect you aren’t downloading lots of Mac apps today, and the reason is not insufficient sandboxing, but instead the limited selection, annoying install experience, etc. These are the problems that Apple must fix first.

[…]

Instead Apple should leverage the Mac’s unique software strengths. Aggressively evolve the Mac’s unique “UI vocabulary” and application frameworks. Empower, not punish, the dedicated and passionate developer community. Ship love to the userbase (perhaps the only one in existence) that’s willing to open their wallets for high-quality desktop software. And yes, tolerate web-tech apps too - but embarrass them!

Peter Ammon:

The theory of the Mac is to establish a set of UI conventions. When you launched a new app, you would already know how to use most of it, because it was a Mac app. It looks and behaves like other apps, so you feel at home already. And as a developer, you get the right behavior now and in the future, for free.

But if every developer builds a cross-platform app with a custom framework and appearance and behavior and UI, then the OS loses its role in defining the platform conventions. In that event, what’s the point in having more than one OS?

John Gruber (tweet):

I’m with Ammon: I think the Mac’s (relatively) recent move to cryptographically signed applications — with certificates that can be revoked by Apple — has been a win all around for security. But I don’t think the Mac sandbox has.

[…]

The whole point of the Mac is to be a great platform for native Mac apps. Sandboxing doesn’t help Mac apps do more. If the Mac devolves into a platform where people just use web browsers and cross-platform Electron apps, it might as well not exist[…]

[…]

The real problems facing the Mac are the number of developers creating non-native “Mac” apps and the number of users who don’t have a problem with them.

Andy Ihnatko (in 2011, previously):

Traditionally, the mandate of an operating system has been to enable all of a machine’s potential. Higher-level software is responsible for making a computer easy to use and sometimes that means putting the power tools high enough on a shelf that the kids can’t hurt themselves, but those resources should be there for anybody who looks for them.

[…]

The Mac must never, ever become a consumer product like the iPad, saddled with artificial limitations in the name of safety, reliability, and tidiness.

See also: Jeff Johnson, Dan Counsell, Sayz Lim, Michael Dupuis, Dave DeLong, Marcus Zarra.

Previously: Sandbox Limitation on Number of Files That Can Be Opened, Apple Rumored to Combine iPhone, iPad, and Mac Apps to Create One User Experience.

How Apple Plans to Root Out Bugs

Mark Gurman (tweet, MacRumors, Reddit, Hacker News, ArsTechnica):

Instead of keeping engineers on a relentless annual schedule and cramming features into a single update, Apple will start focusing on the next two years of updates for its iPhone and iPad operating system, according to people familiar with the change. The company will continue to update its software annually, but internally engineers will have more discretion to push back features that aren’t as polished to the following year.

[…]

The shift is an admission of what many customers have already come to notice: Some Apple software has become prone to bugs and underdeveloped features. […] Apple has also recently released features later than it expected, as the rush to meet the annual deadline overtaxed engineers and created last-minute delays.

John Gruber:

I’m not so sure the above is a new strategy so much as a tacit admission of what’s actually been going on the last few years.

Then why should we expect any improvement?

Jeff Johnson:

The idea of postponing features a year until they’re “ready” misses the whole point. It’s very difficult to find all the bugs in a major change until after you ship it. To get to a stable operating system, you need to spend at least a year just fixing bugs after a major release.

You can’t just consider the internal costs of annual updates. There are major external costs. Third party developers play an essential role in QA. If we never get the thing until June, and you ship every fall, never enough time to fix bugs.

A lot of people are pointing to Steven Sinofsky’s comments (Reddit). He makes some good points about the “broader context,” but I think he’s completely wrong about Apple’s software quality:

In any absolute sense the quality of Mac/iOS + h/w are at quality levels our industry has just not seen before. […] On any absolute scale number of bugs—non-working, data losing, hanging mistakes—in iOS/Mac is far far less today than ever before.

I don’t see how that can be taken seriously. He doesn’t have access to Apple’s bug database, so how would he know? I really doubt that the number of open bugs is lower than in the past, and even if it were there’s no reason to assume that Radar is representative of the actual number of bugs. He later says that the list of bugs is “infinitely long,” so this whole line of argument seems nonsensical. In what way is today’s Mac/iOS quality better in “any absolute sense” than in, say, 2010? He doesn’t say, except that more people are using it:

What is different is that at scale a bug that happens to 0.01% of people is a lot of people. A stadium full or more. […] No one ever anywhere has delivered a general purpose piece of S/W+H/W at scale of 1B delivering such a broad, robust, consistent experience. We don’t have a measure for what it means to be “high quality”.

Well, we can look at how many problems an individual user runs into. Is it higher or lower than before? This measure is independent of Apple’s scale. So is the circle of people I hear complaining. Apple’s customer base has doubled many times over, but the number of family members, friends, and customers that I communicate with has not. Now you could argue that maybe we have become exceptionally unlucky and are running into more than our share of issues, but I don’t find that very convincing.

He wants to discount the actual experiences of “many super smart/skilled people” because “the more a product is used the more hyper-sensitive people get to how it works.” What does that even mean? The number of hours in a day hasn’t increased; I don’t think my Mac/iPhone usage has increased much, if at all. Hardly anyone complains to me about the “slightest changes”; I hear about things that flat out don’t work. That’s not being hyper-sensitive.

Previously: Apple Delays Features to Focus on Reliability, Performance.

Update (2018-02-13): jarjoura:

As someone who used to work on iOS at Apple, what that company honestly needs is a culture not beholden to the whims of their EPMs (project managers). They used to help organize and work with engineering to schedule things across the company’s waterfall style development. However, by the time I left, they essentially took power over engineering. Radar became the driver for the entire company and instead of thinking about a holistic product, everything became a priority number. P0 meant, emergency fix immediately, P4 meant nice to have. You get the idea.

Nothing could be worked on if it wasn’t in Radar with a priority number attached and signed off by the teams’ EPM. No room for a side project or time away from your daily duties because there were always P1s to fix. If you didn’t personally have any left for the day, you’d take one from another engineer who was likely swamped with their own list of P1s.

[…]

This is how you get bugs in shipping software. EPMs driven to schedule things and over manage engineers would decide on a whim that something was a P2. That was basically always shelved to a follow-up .1 release.

Ultimately, engineers lost the freedom to decide when a feature was ready to ship.

This point about bug prioritization came up two years ago.

Bob Burrough:

This is absolutely, 100% true, and jibes with my experience.

There was (don’t know if there still is), another really whacky problem with iOS work prioritization back then. Radar has P1, P2, P3, etc priorities. Milestones were arranged such that “No P3’s” happened (the point at which P3’s were no longer allowed to be worked on)… followed by “No P2’s” then finally “No P1’s.” At first glance that arrangement makes sense because it means the only bugs getting fixed late in the game are the really high priority ones. However, what it meant in practice was, if there was a P2 bug an engineer wanted to fix… They would scramble to make sure it gets fixed before the “No P2’s” milestone occurs…in effect, causing P2 bugs to be worked on before P1’s.

throwaway7187:

I’m a former iOS EPM (not speaking for Apple, obviously, since I don’t work there anymore), and although the Reddit commenter got the atmosphere of constant crisis right, he/she is misplacing the blame and misunderstanding the power dynamic. EPMs at Apple essentially have zero power over engineers’ workload. They take the list of stuff the engineering managers said they want to get done this year and say “You guys are crazy, you’ll never be able to do this without 3x the hours/manpower.” Then they proceed to drive the team as hard as necessary to make sure that they actually deliver what they said they were going to deliver. That’s it. The idea that there is this cabal of mighty EPMs twirling their mustaches and loading developers down with work is pretty far from reality.

It’s true that you shouldn’t be working on anything not in Radar (the bug tracker) but this is true anywhere you’ll work. Project managers however do not sign developers up for all those radars--on the contrary--we’re usually trying desperately to help you get rid of scope and get the task list down to what’s actually do-able!

One of the great things that IMHO sets Apple apart is how engineering-driven they are. I’ve never worked anywhere else where engineers had so much freedom to decide what they’re working on. The fact that they always decide to work on 3x what they can actually achieve is kind of on them. But that drive to try to do so much is part of what keeps innovation strong at Apple.

Benjamin Mayo:

It sure looks like this is a case of the feedback loop working. The Apple community complains about software quality, the executive team reviews procedures and makes structural changes.

[…]

As an outsider, I think it’s hard to really assess whether these changes are meaningful rather than empty, ambitious, words. However, I’m glad the way it is portrayed in the Bloomberg report indicates it is a deeper shift of philosophy rather than a one-time focus for iOS 12 followed by a return to the status quo.

Nick Heer:

If the changes are as modest as this report makes them out to be, how much of an improvement can we realistically expect in software quality?

Tim Bradshaw:

First Apple shareholder question is about software quality, which he says is “very unsatisfactory”. “We are getting plenty of changes but not many improvements... My solution has been to stop upgrading because I no longer trust Apple.” Apple is “losing touch with working people”

Update (2018-02-14): Riccardo Mori:

While I’m certain there are still underlying issues left unsolved in both Tiger and Leopard, in day-to-day general use, nothing prominent shows up on my radar. I turn on this PowerBook, it boots into Mac OS X 10.5.8, I open whatever apps I need for this session, and I feel I’m working in a stable, predictable environment. The only unfortunate thing I notice is that in places the hardware shows its age, or that certain features or services are too new to support this platform, but neither this particular vintage Mac nor its Mac OS X version are at fault. And it’s pretty amazing I’m still being productive with a 14-year old machine.

[…]

I’m just an outside observer, with perhaps the vantage point of having been using Apple hardware for almost 30 years. I can’t say with certainty that today both Mac OS and iOS have more bugs and issues than before. I’m also not saying that everything was 100% perfect before and now it’s all rubbish, because it’s not true. But from having extensively used (almost) each version of Mac OS and iOS, what I do notice is that behind the scenes there was a different approach to their development before a certain point in Mac OS X’s timeline, and that something changed (for the worse) after that point.

Update (2018-02-16): See also: Download.

Update (2018-02-21): See also: The Talk Show.

Friday, February 9, 2018

VLC 3.0

John Voorhees:

Today, VideoLAN, the non-profit organization behind VLC, released version 3.0 of its media player app across several platforms, including macOS and iOS. The update, known as Vetinari, supports a long list of modern video, audio, and streaming technologies such as[…]

The new version can stream (and seemingly transcode) to a Chromecast. Here is the change log.

Update (2018-02-13): See also: MacRumors.

Twitter’s First Profit

Selina Wang (via Hacker News):

The company topped analysts’ average sales estimates in the fourth quarter and for the first time reported a real profit, a milestone in Chief Executive Officer Jack Dorsey’s turnaround effort. Monthly active users were little changed from the prior quarter at 330 million, a lower-than-projected total that the company attributed in part to stepped-up efforts to reduce spam, malicious activity and fake accounts.

[…]

Revenue in the recent period rose 2 percent from a year earlier to $731.6 million, buoyed by data-licensing sales and video advertising.

[…]

Twitter said daily active users increased 12 percent from a year earlier, marking its fifth consecutive quarter of double-digit increases. The company doesn’t disclose the specific number of daily active users, arguing that showing growth is more important.

[…]

The San Francisco-based company may stand to benefit from Facebook’s recent decision to shift its news feed toward content from family and friends and to focus less on posts from media outlets and businesses. The change is encouraging publishers and online advertisers to increase investment on Twitter, according to some analysts.

Previously: Birdcage Liners.

iOS 9 Source Code Leak

Lorenzo Franceschi-Bicchierai (Hacker News, MacRumors):

The GitHub code is labeled “iBoot,” which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. In other words, it’s the program that loads iOS, the very first process that runs when you turn on your iPhone. It loads and verifies the kernel is properly signed by Apple and then executes it—it’s like the iPhone’s BIOS.

The code says it’s for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11.

[…]

“This is the biggest leak in history,” Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, told me in an online chat, referring to Apple’s history. “It’s a huge deal.”

Via Jake Williams:

Remember that debate about the FBI adding backdoors to the iPhone and “don’t worry, it will stay secret?” None of us believed that, ever. But now I’d say we have evidence that even Apple can’t keep backdoor code a secret…

Sean Gallagher:

The DMCA notice required Apple to verify that the code was their property—consequently confirming that the code was genuine. While GitHub removed the code, it was up for several hours and is now circulating elsewhere on the Internet.

Steve Troughton-Smith:

The scary part about the iBoot source code leak isn’t that iBoot code leaked, it’s that somebody (from Apple) passed around Apple source code. And if this happens in public, what would you imagine is being sent in private to the most malicious of bad actors or hostile powers?

Sean:

I happen to have a copy of the System 7 source code that I acquired so long ago that I can’t even remember where it came from. So Apple employees passing around source code is nothing new.

Previously: FBI Asks Apple for Secure Golden Key.

Update (2018-02-09): Lorenzo Franceschi-Bicchierai:

A low-level Apple employee with friends in the jailbreaking community took code from Apple while working at the company’s Cupertino headquarters in 2016, according to two people who originally received the code from the employee. Motherboard has corroborated these accounts with text messages and screenshots from the time of the original leak and has also spoken to a third source familiar with the story.

Motherboard has granted these sources anonymity given the likelihood of Apple going after them for obtaining and distributing proprietary, copyrighted software. The original Apple employee did not respond to our request for comment and said through his friend that he did not currently want to talk about it because he signed a non-disclosure agreement with Apple.

According to these sources, the person who stole the code didn’t have an axe to grind with Apple. Instead, while working at Apple, they were encouraged to use their access to help their friends in the jailbreaking community with their security research by leaking them internal Apple code. And they did.

Update (2018-02-13): See also: MacRumors.

Many Siris

Bryan Irace:

When talking to Siri on my iPhone, she has a certain set of capabilities. These differ if I talk to Siri on my Mac. When talking to Siri through my AirPods, she’ll assume whatever functionality she’d otherwise have on the device that they’re currently paired with. Siri on my Apple Watch can take certain actions when untethered, but different ones when my iPhone happens to be in range. Siri on my Apple TV has a different set of skills altogether, and now, the HomePod will add yet another Siri to the family.

[…]

If the Lyft app is installed on your iPhone, you can ask Phone Siri to order you a car. But you can’t ask Mac Siri to do the same, because she doesn’t know what Lyft is. Compare and contrast this with the SDKs for Alexa and the Google Assistant – they each run third-party software server-side, such that installing the Lyft Alexa “skill” once gives Alexa the ability to summon a ride regardless of if you’re talking to her on an Echo in your bedroom, a different Echo in your living room, or via the Alexa app on your phone.

Update (2018-02-17): Steve Troughton-Smith:

Frustrating HomePod ‘feature’: because it intercepts all ‘Hey Siri’ requests in the room, it takes over requests that it can’t perform (like knowledge or search) that your iPhone can, tells you it can’t do that, and the request never gets passed back to the iPhone to continue

Kyle Copeland:

Even more frustrating is when it intercepts a request said at normal volume all the way across the house from a phone right next to my bed.

What I Learned from Watching My iPad’s Slow Death

John Herrman (via Jeremy Daer):

Fifteen years ago, before I would replace a desktop computer or a laptop, it would have quite conspicuously broken down, its fans getting louder, its spinning hard drive grinding to a halt. When I would replace it with something newer or faster or more capable, it would enter a promising second life: it could be repurposed as a spare, a computer for a friend, a terminal for playing old games or for doing undistracted work. It could be given to someone who could make use of it.

As I did when I first got it, I still use my old iPad for passive consumption: reading, watching videos, checking feeds. My routine has barely changed, but one by one, formerly easy tasks have become strained. Social apps have become slow, videos take longer to load and Safari can’t seem to handle the most important and fundamental services of the modern web.

As my iPad has aged, I’ve started to notice it more, not because I’m growing fonder, but because I’m getting frustrated: by the fact that it won’t do what it ought to or even what it used to.

That 30% App Store Tax

Brent Simmons:

Apple’s 30% tax on the App Store is increasingly absurd. Richest company in history, and it’s still taking 30% from your friendly neighborhood indie developers.

Jamie Halmick:

It’s an absurdly large cut for the level of support they give devs given the amount of profit they make on it. Obviously as a biz they can demand it and we will pay it. That doesn’t mean we should shut up and like it. They should either do better or take less or both.

Brent Simmons (tweet):

There’s no sacred verse that says businesses acting lawfully can’t be criticized. Nothing says we can’t advocate for change. In fact, I’d say that that’s part of capitalism, too.

[…]

My thinking is that a lower cut provides more incentive for developers to invest in high-quality, long-lived apps — and that that’s good for the platform and good for users, and good for Apple, and so everybody wins.

As hardware progress inevitably slows, software quality and app ecosystems will be increasingly important platform differentiators. The App Store has so many major problems, and I don’t think the 30% is at the top of the list, but on the other hand it’s a really easy knob to turn, with seemingly low downside and possible great upside.

Previously: Dirty Percent, BBEdit Leaving the Mac App Store, Pre-WWDC App Store Changes, Apple to Halve App Store Fees for Subscription Video Apps, Apple Wants 30% of Tips From Chinese Chat Apps.

Update (2018-03-02): Marco Arment:

2. Apple doesn’t get a cut of revenue from third-party ads or privacy-invasion payola networks.

So, in a way, Apple is incentivizing indirect and less privacy friendly methods of app payment such as ads.

Update (2018-08-16): scott:

App Store fees got you down? Meanwhile at Epic, they lowered their take on the Unreal Marketplace from 30% to 12% and retroactively paid back years of fees.

Epic said this is due to the success of Fortnite. If only Apple and Google had successful products to rely on for income.

John Perry Barlow, RIP

Cindy Cohn (Hacker News):

It is no exaggeration to say that major parts of the Internet we all know and love today exist and thrive because of Barlow’s vision and leadership. He always saw the Internet as a fundamental place of freedom, where voices long silenced can find an audience and people can connect with others regardless of physical distance.

Barlow was sometimes held up as a straw man for a kind of naive techno-utopianism that believed that the Internet could solve all of humanity’s problems without causing any more. As someone who spent the past 27 years working with him at EFF, I can say that nothing could be further from the truth. Barlow knew that new technology could create and empower evil as much as it could create and empower good. He made a conscious decision to focus on the latter: “I knew it’s also true that a good way to invent the future is to predict it. So I predicted Utopia, hoping to give Liberty a running start before the laws of Moore and Metcalfe delivered up what Ed Snowden now correctly calls ‘turn-key totalitarianism.’”

Cory Doctorow:

Barlow wrote the Declaration and co-founded the Electronic Frontier Foundation precisely because he foresaw those possibilities: he saw that the world would be remade by general-purpose networks tied to general-purpose computers, and that unless we committed ourselves to making that network free, and fair, and open, that it would give the powerful and wicked the power to exert unprecedented, near-total control over our lives.

Today, Barlow is dead, and his vision is vindicated: the risks Barlow foresaw (along with other EFF founders like John Gilmore and Mitch Kapor) are more imminent than ever; the organization that he started and the movement he kicked off has never been more badly needed.

Steven Levy:

Over the next few years, I watched with fascination as Barlow became a leading voice in technology. With no engineering experience whatsoever, he became a great explainer, turning his gift for bullshit into a force for comprehension. He could hang around a bunch of cryptographers for a while and two weeks later explain public key crypto (pretty much) to a room of bankers, diplomats, and corporate managers. Even more important, he grasped the soul of the technology, whether the transporting aspects of virtual reality or the glorious disruptiveness of friction-free distribution.

See also: A Declaration of the Independence of Cyberspace, Electronic Frontiersmen.

Update (2018-02-14): See also: The Internet Archive.

Update (2018-02-20): See also: Hacker News.

iOS Auto-Correction From Contacts

Wil Shipley:

Imagine being in charge of an algorithm that hundreds of millions of users depend on every day and saying, “Hey, let’s take any word that’s capitalized in your contacts and just always capitalize it in text messages!”

“What could POSSIBLY go wrong? Unless you subscribe to ‘One Medical’ or ‘Capital One’ and you ever want to type ‘one’ to someone. But who would do that?”

Update (2018-02-13): Nick Heer:

It’s not just contact names that inform the autocorrect dictionary: any capitalized word in a contact record will be fed into the dictionary, as will installed apps. So, if you know someone who works at, say, Apple, or you have the Transit app installed, you will find yourself regularly undoing the automatic capitalization of those words when talking about fruit or the very concept of public transit.

Update (2018-02-28): Mark Rogowsky:

Forget privacy concerns, iOS does not ever learn that:

1) I did not want that proper name from my contacts. I always correct its autocorrect.

2) I’ve literally not used that proper name in years.

The algorithm has a default problem and a no-learning problem.

Tuesday, February 6, 2018

BBEdit 12.1

Bare Bones Software:

BBEdit is now built as a 64-bit application. This works around various reported bugs in the OS and has other beneficial side effects: the application starts more quickly on a “cold” launch; 64-bit color pickers and contextual-menu plug-ins are now available; and our customers are even more handsome and athletic than before.

[…]

When the “Match window appearance to selected editor color scheme” setting is turned on (as it is by default), BBEdit will use a light or dark (system-defined) appearance for the window title bar, appropriate to the color scheme.

[…]

Made a change to significantly improve performance when soft-wrapping long documents to the window width.

[…]

When using “Compare Against Previous Version”, the previous-version file now includes the time stamp as part of the file name, to make it easier to see which version of the file you’re comparing against.

Not being affected by 32-bit-only macOS bugs is a bigger deal than you would think.

Previously: BBEdit 12.

Battery Health and Peak Performance Capacity

Benjamin Mayo:

As promised, Apple has included a new screen in the iOS 11.3 beta 2 settings called Battery Health (Beta) available on all iPhones since iPhone 6. This view includes information about the maximum capacity of the battery in the device, and describes whether the battery has degraded to the point where it can no longer offer peak performance.

[…]

With iOS 11.3, it is now possible to disable performance management, stop the throttling, and restore full speed. Apple has also tweaked the algorithms that decide when performance management should come into effect. Apple says performance management is more ‘adaptive’ than it was before so that it can dynamically increase or decrease the amount it is used, without the user doing anything at all.

iPhone 8 and iPhone X include smarter hardware that enables Apple to more precisely apply power management, so noticeable effects of throttling on these devices should be less when it eventually kick ins.

Apple has actually posted lots of beta screenshots itself.

Previously: Tim Cook Talks iPhone Batteries, Apple’s Message to Customers About iPhone Batteries and Performance.

Update (2018-02-06): See also: Juli Clover.

Update (2018-06-23): Dr. Drang:

So, is the maximum capacity reading inaccurate? Is Apple giving bad advice to its customers? Am I drawing a conclusion too soon? Whatever the answers, I'm pretty happy with my $30 investment.

Update (2018-06-24): Dr. Drang:

I got the battery in my iPhone replaced last Sunday, and after a week of use I can say without reservation that it was a big success. Before the replacement, a normal day of use at the office would put the battery well below 50% and I’d usually have to recharge sometime during the evening; now it’s typically over 80% when I get home, and I don’t even think about recharging. This success is tempered, though, by the poor advice Apple gave me before doing the replacement.

HomePod Reviews

The consensus seems to that the sound is best of class but Siri needs work, which is what we all expected.

See also: Nick Heer, Ryan Jones, Marco Arment, Matt Birchler.

Previously: The Apple Music and HomePod Strategy, HomePod to Arrive February 9.

Apple E-mails Developers Other People’s Search Ad Results

Tech Crunch:

An issue at Apple appears to be resulting in app developers getting emails of ad spend and install summaries for apps belonging to other developers.

The issue — which appears specific right now to developers using Search Ads Basic, pay-per-install ads that appear as promoted apps when people search on the App Store — was raised on Twitter by a number of those affected […]

Some of the developers affected: Steve Troughton-Smith, Louis D’hauwe, Rafael Costa, René Fouquet, Luc Vandal.

Jeff Johnson:

You can lock down end users all you want, but the most damaging security vulnerabilities are always always always on the server side.

Previously: iTunes Connect Bug: Logs You Into the Wrong Account.

Update (2018-02-09): Joe Rossignol:

Apple today apologized after sending incorrect information to some iOS developers using its Search Ads Basic service yesterday. […] The follow-up email blames the mishap on a "processing error" and adds that all future reports of these kind will require developers to sign into their accounts to view their dashboards to ensure this issue does not occur again.

Steve Troughton-Smith:

“We can’t trust ourselves to not do this again, so we just won’t provide details by email again” I guess it’s a decent policy…

Minimum Password Lengths

Troy Hunt:

When I run my Hack Yourself First workshop, that’s one of the first questions I ask - “what’s the correct minimum password length?” I was thinking about that again just this weekend when preparing V2 of Pwned Passwords because I thought I might be able to use a minimum length threshold to reduce the size of the data set. So, rather than projecting my own views on minimum password length, I thought I’d go and check what the world’s top sites are doing. Here’s 15 of the biggest with a summary and some further commentary after that[…]

[…]

The point of all this is that you can no longer just look at a minimum length and say “ah, 6 characters - or even just 4 - is way too few” because authentication schemes can be far more intelligent than simply matching those 2 strings. That’s not to say those nice round, even numbers are always correct either - there are plenty of sites that don’t have any intelligence beyond mere string matching - but hopefully it provides food for thought.

Safari actually knows about the requirements for some top sites (via Hacker News). Or maybe this feature hasn’t shipped yet, since I could only find the referenced file in Safari Technology Preview:

/Safari Technology Preview.app/Contents/Frameworks/SafariShared.framework/Versions/A/Resources/WBSAutoFillQuirks.plist

Serialization on macOS and iOS: Speed and Size

Dirk Holtwick:

Overall for my personal purposes JSON and MessagePack seem to be the most appropriate ones. I was very positively surprised of the JSON results. MessagePack as the clear winner in the size comparison is probably the best choice for the projects I'm working on.

I was very disappointed of KeyedArchiver, which I previously expected to be in the top field. If not required for Apple OS specific purposes it really does not make sense to use any of those proprietary formats anymore.

I like the old, deprecated NSArchiver. It scales much better than NSKeyedArchiver.

Monday, February 5, 2018

How CloudKit Works

Apple (PDF, via Russ Bishop):

CloudKit is Apple’s cloud backend service and application development framework that provides strongly-consistent storage for structured data and makes it easy to synchronize data across user devices or share it among multiple users. Launched more than 3 years ago, CloudKit forms the foundation for more than 50 Apple apps, including many of our most important and popular applications such as Photos, iCloud Drive, Notes, Keynote, and News, as well as many third-party apps. To deliver this at large scale, CloudKit explicitly leverages multi-tenancy at the application level as well as at the user level to guide efficient data placement and distribution. By using CloudKit application developers are free to focus on delivering the application front-end and logic while relying on CloudKit for scale, consistency, durability and security. CloudKit manages petabytes of data and handles hundreds of millions of users around the world on a daily basis.

Russ Bishop:

Fun fact: development logs across CloudKit are on the order of 100TiB per day.

See also: Dynamo: Amazon’s Highly Available Key-value Store.

The Apple Music and HomePod Strategy

Joe Rossignol (Hacker News):

Apple Music now has 36 million paying subscribers around the world, an increase from well over 30 million reported last September.

Apple confirmed the updated total to The Wall Street Journal, which today reported that Apple Music is growing at a faster pace than Spotify in the United States, and could soon eclipse the service in popularity in the country.

Kirk McElhearn:

Also note that Apple Music is available in many more countries than Spotify. Spotify has a presence in 62 countries, and Apple Music is present in 117 countries, notably including India and China, where Spotify is absent.

Ben Thompson:

What HomePod shows, though, is that Apple Music is part of the strategy story. Remember, strategically speaking, the point of services is to differentiate hardware. To that end, HomePod is not exclusive to Apple devices to prop up Apple Music; rather, Apple Music is exclusive to HomePod to sell speakers. Most commentary has assumed that:

  1. Customer wants HomePod
  2. Therefore, customer subscribe to Apple Music
  3. Apple profits

Again, this doesn’t make sense because Apple Music isn’t profitable!

Instead, I think the order goes like this:

  1. Customer owns an iPhone
  2. Customer subscribes to Apple Music because it is installed by default on their iPhone
  3. As an Apple Music subscriber, customer only has one choice in smart speakers: HomePod (and to make the decision to spend more money palatable, Apple pushes sound quality), from which Apple makes a profit

If the goal is to sell speakers, why does HomePod lack an aux input and support for Bluetooth audio? You can’t use it from Android even if you subscribe to Apple Music there. You can’t even reliably play audio from third-party iOS apps.

Previously: HomePod to Arrive February 9.

Update (2018-02-05): Nick Heer:

More than anything, I think Simon falls into the same trap many others do: Apple isn’t setting out to build the biggest user base, but a large paying user base. A free trial accomplished that goal; a free tier does not.

Update (2018-02-06): Third-party app support may get better when AirPlay 2 is released and apps are rewritten to use it.

Update (2018-03-02): See also: Exponent.

Sandbox Limitation on Number of Files That Can Be Opened

Matteo Rattotti:

After loading a seemingly magic random number (around 3000/3200) of images the Sandbox will stop loading any more images. Any other operation that tries to load files from outside the container will fail.

The NSOpenPanel behave in a different way, it just won’t return more than the “magic random number” of images, and after that any attempt to use it will return zero files.

If the files are loaded from inside the container, they will all load as expected, but after reaching the “magic random number” files from outside the container can’t be loaded anymore.

I don’t think I’ve blogged about this before, but I’ve heard many reports of it, and as far as I’m aware it’s a longstanding issue that dates to the introduction of the com.apple.security.files.user-selected.read-only entitlement in macOS 10.7.3. Note that this is not about the number of files that can be open simultaneously. The undocumented limit applies even if you close your file descriptors.

A related issue is that I’ve been using OmniOutliner a lot more recently, and after a while it will complain that it doesn’t have permission to save my document. Indeed, it doesn’t think the file even exists. I can neither save nor close the document without force quitting. The Console log makes it look like this is related to security-scoped bookmarks, which are used to access files that are saved in the Documents folder rather than in the application’s container. The problem dates to at least 2014 and also affects OmniPlan and Numbers, adding to the likelihood that the bug is in the OS rather than apps. None of the workarounds described in the preceding forum links worked for me.

Update (2018-02-05): Peter Steinberger:

Security scoped URLs have many gotchas.

Update (2018-02-13): I also ran into a problem where Downcast couldn’t access any of the files in its sandbox container because of problems with security-scoped bookmarks. I had to delete everything and reset it.

Update (2021-08-04): Sindre Sorhus (via Christian Tietze):

It’s just ridiculous how they could leave this broken for so many years. I have gotten many 1 star reviews because of this issue. I even have an alert in the app to inform the user about it. (Half the number of files, since it’s both open and save)

Update (2021-08-10): Michael Buckley (Hacker News):

There has recently been some renewed discussion on Twitter about the limitation that the macOS sandbox places on the number of open files an app can access at once. Apps are still running into problems because of this limitation, and there is not a lot of technical detail available on it outside of Apple, so I’d like to share my understanding of it.

macOS only allows sandboxed apps to access a limited number of files at a time, but there is no way for an app to query how many files it can open, or if it’s close to the limit. In fact, this limit is dependent on the amount of RAM installed in the computer and the number of files open by other apps.

I’ve heard others say that it’s not an “at a time” limit, but rather a total limit for the lifetime of the process, despite what the documentation for NSURL.stopAccessingSecurityScopedResource() says.

The engineer stayed late to help me file radars on the issue for both the security team and the fonts team, but cautioned that the underlying problem would probably not get fixed any time soon. It would be up to app developers and other teams within Apple to work around the problems the limitation created. It was foundational to how the macOS app sandbox was designed, and could only be fixed if they found a safe and performant way to store this mapping in userspace, which was unlikely. Apple was not going to throw out the sandbox or compromise its security to remove this limitation. Considering that it remains a problem to this day, he was right.

[…]

Considering that this limitation still affects high-profile apps like Microsoft Office, I don’t think Apple is unmotivated to fix this, but considering how long it has remained a problem, until Apple announces otherwise, we can’t assume it’s going away any time soon.

[…]

There are two ways to deal with the issue. The first is to relinquish security-scoped bookmarks as quickly as possible, and the second is to prompt users to open folders, not files.

If you go the folder route:

However, you may need to limit yourself to APIs that access those files using string paths, rather than NSURLs.

Gus Mueller:

This is the primary reason Retrobatch isn’t sandboxed (and thus, not on the App Store). I’ve considered just dealing with the likely support emails (and suggesting folks give it full disk access, or only add folder), but I just can’t bring myself to do it. What a pain this bug has been for years.

The Experts Have Taken Over

The Menu Bar (tweet, Zac Cichy):

Bob Burrough drops by the bar to discuss his history as a software engineer, the seven years he spent at Apple, his reasons for leaving, and we ponder why we care so much about this company.

I really enjoyed this episode. Burrough has some good stories about the creation of iPhone. The title refers to how he thinks Apple has changed since those days, particularly after Tim Cook became CEO.

Ryan Jones:

Cool episode Bob. Just wanted to drop by and say that my experiences with product feature timing was different. You suggested all decisions were made years in advance. I know for a fact it’s not that black and white, and had experiences with shorter fuse decisions.

Just goes to show how both can be true. And that Apple does what it takes to ship the right product.

Also how there can be such external debate - because both are true.

Renaud Lienhart:

I can corroborate @bob_burrough’s story on the latest The Menu Bar podcast: when Scott Forstall got fired & iOS 7 really kicked off, the engineering feedback loop broke; HI took over, engineering input stopped being welcome.

I always assumed this was because they had such a humongous mountain of work to deal with, they didn’t have time to consider other opinions.

But the Jobs / Forstall ways never came back.

I used to file many Radars, some of them ending having an impact that I could feel proud of.

In my last 2-3 years of employment? I barely bothered anymore, I knew they’d likely be ignored.

Previously: The State of Apple.

Update (2018-02-05): Josh Centers:

Burrough says that under Jobs, employees were allowed to call out faults anywhere they saw them, regardless of whether it was in their wheelhouse or not, but under Cook, Apple employees are very much encouraged to stay in their own lanes.

Update (2018-02-13): Marco Arment:

I’ve heard a few times that Tim’s management style is, basically, “Don’t bring me problems.”

That doesn’t make the problems go away, of course — it just suppresses and siloes them.

Bob Burrough:

It actually exacerbates problems. When disputes occur -- as they inevitably do in any human endeavor -- instead of being quickly escalated and decisively resolved, they're left to fester. Unresolved issues become institutional baggage.

Update (2018-04-18): See also: Unco.

Apple’s Q1 2018 Results

Jason Snell:

Today Apple reported its results for the holiday quarter of last year, traditionally the biggest quarter of the year. Three months ago Apple said it expected between $84 and $87 billion in revenue, which would have been a record. They beat their estimates, with $88.3B in revenue, on strong iPhone revenue.

Below, find many charts!

Jason Snell:

If you see a story that says iPhone sales in the holiday quarter were disappointing, check to see if they mention the number of weeks in the quarter, or if they cite overheated analyst estimates. Because the numbers make it clear that this is a strong validation of Apple’s somewhat risky strategy to restructure the contents of its most popular product line.

[…]

In terms of sheer numbers, Apple sold 850,000 iPhones per day on average during 91 days in late 2017, compared to 798,000 iPhones per day during 98 days in late 2016, meaning that unit sales went “down” by increasing by 6.5 percent.

But look a little deeper: In terms of revenue, the iPhone generated $61.6 billion, compared to $54.4 billion in the year-ago quarter. […] The average selling price of a holiday-quarter iPhone jumped by $100.

Jeff Johnson:

Here’s a chart showing the year-year weekly averages[…]

Ben Thompson (Hacker News):

Cook — who repeated the sentiment later in the call — couldn’t have given a more strident example of how every company is best viewed according to the dictates of their business model. If companies are what they measure, then what matters to Apple is the number of devices sold, not the number of users. Indeed, the user is a means to the end of selling a device — and ideally more than one at a time!

Christopher Mims:

Apple’s non-hardware revenue is its own Fortune 100 company, and it makes as much on every one of its 1.3 billion users as Facebook does

Joe Rossignol:

iPad remains the world’s most popular tablet by a significant margin, having outsold competing devices from rivals Samsung and Amazon combined last year, according to data shared by research firm IDC today.

Previously: Apple’s Q1 2017 Results.

Update (2018-02-16): Kirk Burgess has a chart that compares Apple’s numbers, ex-iPhone, with Facebook, Microsoft, and Google.

Friday, February 2, 2018

OWC Dual Drive Dock USB 3.1

I’ve had mostly good experiences with Other World Computing’s Dual Drive Dock USB 3.1 (Amazon). It’s the only USB 3 drive dock I’ve used that did not spontaneously unmount my drives. Previously, the only reliable dock I’d found was the Thunderbolt-based Highpoint RocketStor 5212. At $69, the OWC is less than half the (now reduced) price of the RocketStor and only $20 more than the adapter needed to connect the RocketStore to a modern Mac with USB-C. Other advantages over the RocketStore:

Unfortunately, the OWC dock does sometimes spontaneously eject one drive when swapping the other. This seems to occur much more often while the drive is in heavy use. The obvious workaround is to manually eject both drives before swapping. This somewhat reduces the utility of having a dual dock, but it’s still much more useful than a single dock, and I’ve not found anything better that uses USB 3.

(Another recent candidate was the $23 Sabrent lay-flat dock. Two of these were dead-on-arrival from Amazon with drives larger than 4 TB. Their replacements from the company both suffered from spontaneous ejections, interfered with my keyboard and mouse at boot time, and sometimes refused to mount newly inserted drives.)

Update (2018-05-10): I’ve also found that swapping drives with the OWC dock can cause drives connected to other USB devices to unmount.

Base64 Encoding and Decoding With SIMD Instructions

Daniel Lemire (via Hacker News):

Alfred Klomp showed a few years ago that you could do much better using vector instructions. Wojciech Muła, myself and a few others (i.e., Howard and Kurz) decided the seriously revisit the problem. Muła has a web page on the topic.

We found that, in the end, you could speed up the problem by a factor of ten and use about 0.2 cycles per byte on recent Intel processors using vector instructions. That’s still more than a copy, but much less likely to ever be a bottleneck. I should point out that this 0.2 cycles per byte includes error handling: the decoder must decode and validate the input (e.g., if illegal characters are found, the decoding should be aborted).

Our research code is available so you can reproduce our results. Our paper is available from arXiv and has been accepted for publication by ACM Transactions on the Web.

How Hotmail Changed Microsoft and E-mail

Sean Gallagher (via Hacker News):

Twenty years ago this week, on December 29, 1997, Bill Gates bought Microsoft a $450 million late Christmas present: a Sunnyvale-based outfit called Hotmail. With the buy—the largest all-cash Internet startup purchase of its day—Microsoft plunged into the nascent world of Web-based email.

Originally launched in 1996 by Jack Smith and Sabeer Bhatia as “HoTMaiL” (referencing HTML, the language of the World Wide Web), Hotmail was initially folded into Microsoft’s MSN online service. Mistakes were made. Many dollars were spent. Branding was changed. Spam became legion. Many, many horrendous email signatures were spawned.

But over the years that followed, Hotmail would set the course for all the Web-based email offerings that followed, launching the era of mass-consumer free email services. Along the way, Hotmail drove changes in Windows itself (particularly in what would become Windows Server) that would lay the groundwork for the operating system to make its push into the data center. And the email service would be Microsoft’s first step toward what is now the Azure cloud.

Good Ideas, Through the Looking Glass

Niklaus Wirth (PDF, via Andre Weissflog):

An entire potpourri of ideas is listed from the past decades of Computer Science and Computer Technology. Widely acclaimed at their time, many have lost in splendor and brilliance under today’s critical scrutiny. We try to find reasons. Some of the ideas are almost forgotten. But we believe that they are worth recalling, not the least because one must try to learn from the past, be it for the sake of progress, intellectual stimulation, or fun.

Thursday, February 1, 2018

Podcast Listeners Really Are the Holy Grail Advertisers Hoped They’d Be

Miranda Katz:

Since the beginning of the current podcast boom, often attributed to 2014’s Serial, data on how people listen to podcasts has remained woefully scarce, even as advertising spending climbed to an estimated $220 million in 2017. When Apple Podcasts announced last year that it would soon be offering podcasters more data on their listenership, some worried it would force a “reckoning”—and possibly an “ad apocalypse,” if brands decided that the fledgling new medium wasn’t worth their dollars, after all.

Apple’s Podcast Analytics feature finally became available last month, and Euceph—along with podcasters everywhere—breathed a sigh of relief. Though it’s still early days, the numbers podcasters are seeing are highly encouraging. Forget those worries that the podcast bubble would burst the minute anyone actually got a closer look: It seems like podcast listeners really are the hyper-engaged, super-supportive audiences that everyone hoped.

Via Marco Arment:

The podcast business didn’t really need precise listener behavioral data. Who knew?

Touch ID and the Fifth Amendment

Tim Cushing:

The US Supreme Court hasn’t seen a case involving compelled production of fingerprints land on its desk yet and there’s very little in the way of federal court decisions to provide guidance. What we have to work with is scattered state court decisions and the implicit understanding that no matter how judges rule, a refusal to turn over a fingerprint or a password is little more than a way to add years to an eventual sentence.

The Minnesota Supreme Court has issued the final word on fingerprints and the Fifth Amendment for state residents. In upholding the appeals court ruling, the Supreme Court says a fingerprint isn’t testimonial, even if it results in the production of evidence used against the defendant.)

Things I Wish I’d Known About Bash

zwischenzugs (via Hacker News):

The difference between [ and [[ was another thing I never really understood. [ is the original form for tests, and then [[ was introduced, which is more flexible and intuitive. In the first if block above, the if statement barfs because the $(grep not_there /dev/null) is evaluated to nothing, resulting in this comparison:

[ = '' ]

which makes no sense. The double bracket form handles this for you.

This is why you occasionally see comparisons like this in bash scripts:

if [ x$(grep not_there /dev/null) = 'x' ]

so that if the command returns nothing it still runs. There’s no need for it, but that’s why it exists.

[…]

Bash has configurable options which can be set on the fly. I use two of these all the time:

set -e

exits from a script if any command returned a non-zero exit code (see above).

This outputs the commands that get run as they run:

set -x

zwischenzugs (Hacker News):

  • The # means ‘match and remove the following pattern from the start of the string’
  • The % means ‘match and remove the following pattern from the end of the string

[…]

The trap builtin can be used to ‘catch’ when a signal is sent to your script.

Previously: Mac Terminal Tips, Craig’s Terminal Tips.

Update (2018-02-05): Der Teilweise:

It’s wrong regading !$:

!$ is not the last argument of the previous command. It’s the last word. The last argument is $_.

Given echo x>/dev/null:

$_ is x

!$ is /dev/null

C String Functions in Swift

Helge Heß:

The pointer you get back points into a buffer, which doesn’t exist anymore. That is why you need to be super careful when accessing C APIs.

[…]

When using C API with Swift Strings (be it a simple puts or maybe libxml2), be aware that such calls are really expensive (a malloc+free per call). If you want to do this a lot, you may want to convert Strings to UTF-8 unsafe buffers very early on, and use those.

Is this Swift behaviour reasonable? For a high level language I would say yes. Yet Swift also claims to be useful for system and server programming, and in such scenarios it is really hard to access standard Swift types in a performance sensible way (do zero copy, avoid allocs, etc).

Colour Management

Marc Edwards (via Gus Mueller):

Colour spaces are more complex than measurement units. They don’t just define a scale, they set a white point, range and scale for red, green and blue in the visible spectrum, as well as other various properties. There’s many ways to visualise colour profiles, but using a 3D hull is a common and useful way to display them.

[…]

However, there are some colours in the Display P3 space that are not in the sRGB space. Display P3 is wider gamut and it can represent more, especially deep reds and greens. #ff0000 in Display P3 can not be described as an sRGB HEX value, because it is out of the sRGB range.

[…]

On iOS and Android, sRGB is also the default, but both support wider gamut colours and colour spaces. On macOS, sRGB is sort of the default (the situation is a bit more complex due to some legacy issues).

Marc Edwards:

A colour space’s gamut defines the range of colours that can be represented by that colour space. It defines the extremities of how strong and pure colours can be.

[…]

Colour precision isn’t defined as part of a colour space. It is an implementation detail that’s left up to the rendering engine or design tool. This means different tools take a different amount of care, and the likelihood of problems is dictated by what you’re using as well as how you’re using it.

[…]

Unlike most rulers, the notches aren’t always evenly spaced. It is actually more common for them to be unevenly spaced. sRGB uses a non-linear gamma curve that’s like the image below. Other common colour spaces also use non-linear gamma curves. Display P3’s gamma curve is identical to sRGB’s gamma curve.

Update (2018-02-06): McCloudStrife:

“#ff0000 in Display P3” Get out.

I have also read Part 2 of this and I think the internet would be better off without either article tbh. Ignorance > misinformation.

Update (2018-03-15): Marc Edwards (tweet):

This article details the settings required for screen design in many popular design tools.