Archive for March 2018

Friday, March 30, 2018

Swift for TensorFlow

Google:

Swift for TensorFlow is a result of first-principles thinking applied to machine learning frameworks, and works quite differently than existing TensorFlow language bindings. Whereas prior solutions are designed within the constraints of what can be achieved by a (typically Python or Lua) library, Swift for TensorFlow is based on the belief that machine learning is important enough to deserve first-class language and compiler support.

First-class language and compiler support allows us to innovate in areas that have traditionally been out of bounds for machine learning libraries. Our results provide the performance of TensorFlow graphs with the ease of use of define-by-run models, and provides a great user experience - for example, by catching more mistakes before you run your code.

Chris Lattner:

This is an early stage project which isn’t ready for use by general machine learning researchers. We are open sourcing the project early while it is still possible to change anything about its design, allowing the project to benefit from the expertise of the broader community. We don’t have 1.0 release plans, but will discuss that when it comes closer.

macOS 10.13.4

Apple:

The macOS High Sierra 10.13.4 update improves the stability, performance, and security of your Mac, and is recommended for all users.

[…]

Adds support for external graphics processors (eGPUs)

[…]

Enables sorting Safari bookmarks by name or URL by right clicking and choosing ‘Sort By…’

[…]

Displays privacy icons and links to explain how your data will be used and protected when Apple features ask to use your personal information

So far the update has worked fine for me except that (like most of the recent ones) it got stuck with a black screen for several hours. Eventually I power cycled the iMac, and then (after a few more auto-reboots) the update completed.

Rob Griffiths:

Maybe next we’ll be able to sort the App Store app’s Purchased tab by alpha…who am I kidding, that’s real rocket science.

Steve Troughton-Smith:

I caught myself wondering whether this dialog was the first UI change to the Mac App Store in 5 years, and then I felt sad

Howard Oakley:

The latest update to High Sierra, bringing it to 10.13.4, does fix the bug discovered by Sarah Edwards when making an APFS encrypted volume in Disk Utility – in both its original form (fixed in 10.13.2) and the form which remained into 10.13.3.

Juli Clover:

The update also introduces the smoke cloud wallpaper that was previously only available on the iMac Pro[…]

David J. Loehr:

Would you look at that. @Apple updated the Photos app and managed to eliminate a few thousand photos.

I hope they turn up sometime.

Because I put them there manually because I don’t use or trust iCloud Photo Library since that deleted several hundred photos a few years ago.

Avatron Software:

Air Display users: Please don’t update your host Mac to macOS 10.13.4. It introduces severe WindowServer bugs that crash most inelegantly when you connect to a virtual monitor like Air Display (or its competitors). 10.13.3 still works fine. Hopefully Apple will fix 10.13.4 soon.

Dave Howell:

Thanks to App Store policy, we cannot change Air Display 3’s app description, to warn that macOS 10.13.4 kernel panics when you connect to Air Display, when we submit a new version of the iOS app. But a new version won’t be approved because the host crashes. Sigh.

Gus Mueller:

Apple has just released 10.13.4, which includes support for HEIC / HEIF encoding (support for reading HEIC was introduced in 10.13). And if you’ve already updated to Acorn 6.1, the option to export your image as HEIC will now appear for you in the Web Export window.

Steve Troughton-Smith:

Don’t forget that macOS 10.13.4 has a 64-bit-only mode, which you’ll want to turn on as a Mac developer to see if your apps still function correctly. Users can give it a go too just to see what’s about to break forever in the next macOS…

Steve Troughton-Smith:

If you happen to want Messages in iCloud in macOS 10.13.4, the checkbox shows up in Messages if you have an empty /AppleInternal folder… Do with this information what you will — but there’s clearly a reason why it hasn’t shipped yet for the public, so be warned

Previously: macOS 10.13 High Sierra Released, Hello HEIF, High Sierra Stored APFS Volume Passwords in Log Files.

Update (2018-04-01): macOS 10.13.4 seems to have fixed a bug I was seeing since 10.13.0 with Preview thinking PDF files were dirty as soon as I’d opened them.

On one Mac, the installer left behind a macOS Install Data folder.

Update (2018-04-02): Guilherme Rambo:

Ok, “stable” build of High Sierra finally installed. After several minutes of Spotlight and kernel_task using 300% CPU, I now have only 200mb disk space left (I had 70gb before)

Update (2018-04-04): David Smith:

Some fixes in iOS 11.3/macOS 10.13.4

  • KVO auto-unregistration no longer crashes if an object observed self & unregistered some but not all observers in dealloc
  • Using defaults(1) to read non-defaults plists no longer deletes them
  • Extensions aren’t incorrectly suspended now

Update (2018-04-09): Steven Frank:

Why can’t computers wake from sleep reliably?

Like imagine spending $2-3,000 on literally anything and it doesn’t always turn on/off properly and going oh, yeah, it just does that sometimes and everyone being fine with that.

Update (2018-04-10): Adam Engst:

And Alban Rampon, a product manager at DisplayLink, shared a similar story in the company’s support forums[…]

Thursday, March 29, 2018

Charles Proxy for iOS

XK72 (tweet, Hacker News):

We are excited to announce that Charles Proxy is now available on iOS!

With the iOS version of Charles you can capture and inspect network requests and responses on your iOS device. You can view metadata, headers and bodies in the app, so you can finally debug your app’s networking issues without a computer.

It works by creating a local VPN.

Lukas Kollmer:

playing with the @charlesproxy iOS app and it’s super creepy watching all these apps constantly send home data in the background. (the screenshots only show connections over a 2 minute period when I had all apps force quit). this is so fucked up

Update (2018-03-30): Bad Uncle Leo:

Same experience I have with @AdGuard Pro logs, only AG’s logs persist.

iOS 11.3

Juli Clover:

iOS 11.3 is a major update that introduces a long list of new features, including several that Apple has been promising for months. The update introduces a new “Battery Health” feature that's designed to provide iOS users with more information about their batteries, and it is a function Apple promised to introduce following backlash over the power management features added to older iPhones.

I was disappointed to find that my iPhone battery’s Maximum Capacity is still 100% and that it supports “normal peak performance.” This means that the incredible slowness I’ve been seeing over the past month or so: 10 seconds to log in, 15 seconds to launch apps that used to just take a few seconds, stuttery animations, 5-second freezes doing seemingly basic tasks like adding actions in OmniFocus—are software problems with no obvious fix. It’s weird because sometimes my iPhone SE feels like it’s running full speed. But other times it feels like an iPhone 4S or older. This contrast made me suspect that the CPU was being throttled, except that the slowness did not seem to be correlated with battery level.

Steve Troughton-Smith:

Disappointed that iOS 11.3 doesn’t include iMessage in iCloud, according to reports from new iPad owners. Maybe major iOS releases should launch with ‘beta’ labels in September, like new features do? (High Sierra sure needed a warning label)

This was originally to ship with iOS 11.0, six months ago.

Michael Yacavone:

We should be happy when beta features don’t yet graduate to a release - it means they’re still working it out, and WE WANT LESS BUGS.

Also missing is AirPlay 2, which people expected in iOS 11.3 since it’s necessary for some features that were supposed to be part of the HomePod launch originally scheduled for December, however Apple only said that it would ship “later this year.”

Previously: Battery Health and Peak Performance Capacity, Do iPhones Get Slower Over Time?, Messages on iCloud in iOS 11.3 Beta, HomePod to Arrive February 9.

Update (2018-03-30): Keith Broni:

With the release of iOS 11.3 today, Apple is making some minor adjustments to four emojis: 🦁 Lion Face, 💀 Skull, 🐻 Bear Face and 🐲 Dragon Face.

David Barnard:

Better later than buggy. I’m thrilled Apple is working hard to get things right and not releasing a half baked feature to save face on the delay.

Ryan Jones:

The gloom is inability to build software. Yes, building software includes the ability to know +/- 1 year when it will be done.

Rene Ritchie:

Honestly, stuff like not updating iWork or Mac mini regularly and not pushing out services like Apple News internationally are a much bigger concern to me than stuff they are working on but just taking longer than expected.

Nick Heer:

But there is, I think, a reasonable argument to be made that over-promising and under-delivering is a worrying narrative to have taken hold.

Matt Comi:

I think only people in tech identify iMessage Sync as a feature; I think the lack of (reliable/predictable) sync is more practically identified as a bug, and iMessage Sync as a bug fix. My point: iMessage sync is Apple slowing down and producing better quality software.

Benjamin Mayo:

With 11.3, every device starts unthrottled. The first time you have an unexpected shutdown it will throttle.

(The actual throttling is more fine grained too when it does happen.)

Serenity Caldwell:

Apple shows the following messages in Battery Health, depending on your iPhone's capability to handle apps at peak performance[…]

[…]

iPhone 8, iPhone 8 Plus, and iPhone X models use a more advanced hardware and software design that provides a more accurate estimation of both power needs and the battery's power capability to maximize overall system performance. This allows a different performance management system that more precisely allows iOS to anticipate and avoid an unexpected shutdown.

David Cabecinhas:

You joke but Apple changed the throttling decision algorithm. My 6s was throttled prior to iOS 11.3 and now is working at full speed again!

Update (2018-04-02): Bob Burrough:

I find it more likely that, as a result of the extreme backlash when iPhone throttling was discovered, much more scrutiny was applied to the throttling algorithm, and it was likely relaxed in 11.3.

Update (2018-04-03): Bradley Chambers:

Looks like iOS 11.3 bug is breaking some MDM stuff. This means I can’t administer standardized testing sessions tomorrow without manually configuring a bunch of iPad for guided access.

This is why Apple’s IT services stack is so important. I can get away with these because we are a smaller school. At a larger district, this is a show stopping problem. I have no doubt that if something like this happened with G Suite, it would be fixed today.

There is no way an iOS update is coming today to address this. Apple Radar # 39116010. This is why I don’t get super excited about Pencil support or a Classwork app. Apple just still hasn’t gotten the basics down.

This isn’t like “oh Apple Music doesn’t give as good recommendations at Spotify” complaint about Apple’s services. This is a major major bug on a release that had been beta tested for months.

See also: Apple’s Lane Tech Education Event.

Update (2018-04-04): Peter Steinberger:

Ah, the Internet discovers that iOS 11.3 broke a lot of websites.

Update (2018-04-05): Marco Arment:

If this is accurate, iOS 11.3 NOTIFIES users when old-battery speed throttling gets enabled.

This is, finally, correct and reasonable behavior.

Update (2018-04-13): Accidental Tech Podcast discusses the unfortunate wording of the notification.

Firefox’s Facebook Container

Nick Nguyen:

Facebook Container isolates your Facebook identity from the rest of your web activity. When you install it, you will continue to be able to use Facebook normally. Facebook can continue to deliver their service to you and send you advertising. The difference is that it will be much harder for Facebook to use your activity collected off Facebook to send you ads and other targeted messages.

This Add-On offers a solution that doesn’t tell users to simply stop using a service that they get value from. Instead, it gives users tools that help them protect themselves from the unexpected side effects of their usage.

Mozilla:

Because you will be logged into Facebook only in the Container, embedded Facebook comments and Like buttons in tabs outside the Facebook Container will not work. This prevents Facebook from associating information about your activity on websites outside of Facebook to your Facebook identity.

In addition, websites that allow you to create an account or log in using your Facebook credentials will generally not work properly. Because this extension is designed to separate Facebook use from use of other websites, this behavior is expected.

I’ve love to see this sort of thing for more sites and in more browsers.

Previously: Cambridge Analytica Harvested 50 Million Facebook Profiles.

Update (2018-03-30): Brendan Eich:

With @Brave you do not need an “extension that isolates your Facebook identity from the rest of your web activity” -- we block all trackers by default, including FB’s. The real consistency+courage test would be to do the same to Google’s trackers.

The Missing iCloud Storage Bump

Dan Moren:

The standard 5GB of free iCloud storage has been in place for years now, and, frankly, it’s starting to wear thin. When most iOS devices come in 32GB configurations at the smallest, and many start at 64GB, 5GB feels pretty paltry. Especially when the next step in the upgrade tier is to pay $0.99 for 50GB of storage space. I realize Services has become a moneymaker for Apple, but it just feels cheap.

[…]

I see too many people who don’t want to back up their data because they are worried about being hostage to additional fees for the rest of their lives.

David Sparks:

I think the single best reason for giving us increased storage is Apple Photos. They’ve built a platform that lets us take, save, and share photos, but it requires nearly all of us to make regular monthly payments so we have enough storage.

[…]

Taken to its logical conclusion, paltry free storage results in people losing their photos and being understandably pissed at Apple.

Chris Welch:

The 5GB limit has been in place since Apple unveiled iCloud at WWDC 2011. It’s been almost seven years! That’s too long to be stuck in place, and it’s reminiscent of the way Apple dragged its feet in moving away from 16GB iPhones. It eventually happened, but long after many of us had determined 16GB to be an unworkable amount of space.

[…]

If you never upgrade, you’re likely going to have a worse time using an iPhone. Full stop. It surprises me that Apple continues to let that fly.

[…]

And despite Apple’s best efforts (like the video above) to explain how you can manage iCloud, customers are inevitably confused, frustrated, and annoyed when they hit the ceiling. It usually happens well before they approach the limits of their iPhone or iPad’s physical storage, and that disconnect between the two only makes things more irritating.

John Gruber:

5 GB isn’t enough for most people, so they get these warning messages, which sound scary and which they don’t understand.

Matt Birchler:

As I’ve written before, iCloud’s paid tiers are very competitively priced. Here’s how much you need to pay get get different amounts of data on the major cloud storage platforms[…]

But note that photos in Google Photos don’t count toward your Google Drive’s storage.

Previously: Apple’s Lane Tech Education Event, “I’ve Only Had Good Years”.

Update (2018-05-15): See also: Bryan Jones.

Update (2018-06-25): Bradley Chambers:

If you are pro personal privacy, you should be arguing even more for Apple to expand the free tier of iCloud.

Update (2018-11-12): Ben Sandofsky:

Waiting at a Genius Bar, I heard a customer be told he can’t move his data to his new phone because he’s out of space on the free iCloud tier.

This is nuts. Why put friction on upgrading? Why ruin the unboxing? “Buy an iPhone, get a year of iCloud,” would cost Apple pennies.

Dan Masters:

And to think Google not only offers a free 6 month YouTube Premium subscription, but also unlimited full quality photo backup until 2022.

But wait; there’s more! Both device backups and app sync data don’t count toward your Google Drive quota.

Space Gray Input Devices

Jeff Dunn:

The space gray versions of Apple’s Magic Keyboard with Numeric Keypad, Magic Mouse 2, and Magic TrackPad 2 are now available to purchase separately from the company’s new iMac Pro.

[…]

All three space gray variants come with a $20 price bump over their white counterparts, putting the space gray Magic Keyboard and Magic TrackPad 2 at $149 each and the space gray Magic Mouse 2 at $99.

Meek Geek:

Is this the first time Apple has sold a product with a different color AND the same internals for more?

Previously: The Magic Keyboard With Numeric Keypad Is Apparently Bendy, The iMac Pro.

Update (2018-03-30): See also: PC vs Mac: Performance (via MrBliz).

Tuesday, March 27, 2018

Apple’s Lane Tech Education Event

MacRumors:

Apple is not providing a live video stream of today’s event, but will post the video on its website and the Apple Events app on Apple TV following the event. We will be updating this article with live blog coverage—no need to refresh—and issuing Twitter updates through our @MacRumorsLive account as the keynote unfolds.

Tom Warren (Hacker News, MacRumors):

Apple previously lowered the price of its 9.7-inch iPad last year, with a base model starting at $329, but today it’s going a step further for students. Apple is offering the new iPad to schools priced at $299 and to consumers for $329. The optional Apple Pencil will be priced at $89 for schools and the regular $99 price for consumers. This is obviously not the $259 budget iPad pricing that was rumored, but it does make it a little more affordable to students and teachers.

Federico Viticci (article):

The new 9.7” iPad does NOT have:

  • ProMotion
  • Wide color P3 display
  • True Tone
  • Smart Connector
  • OIS
  • 4K video
  • Second-gen Touch ID

Tim Hardwick:

Apple and Logitech today announced Crayon, a more affordable stylus for the iPad, at its education-themed event in Chicago. The device will cost $49, roughly half the price of the Apple Pencil.

Benjamin Mayo:

The Crayon has the same stylus technology as Pencil (but no pressure sensitivity) with a completely different external design. Plug in a normal Lightning cable to charge, and it has a power status LED.

The Crayon basically has all the ‘ugly’ features that Jony Ive would never approve.

Matt Bonney:

Also important to note that the Crayon only works with the iPad announced today. Doesn’t even support iPad Pro.

Tim Hardwick:

Integrated Apple Pencil support in the new upcoming versions of Pages and Keynote will enable users to add drawings directly to reports and take advantage of smart annotation features, while students in particular will benefit from using the input device in Numbers to add to their “lab reports”, said Apple.

Tory Foulk:

In addition, the Pages update is bringing digital book creation to the iPad. That essentially means no more iBooks Author, as it’s being integrated directly into Pages.

Dan Masters:

Who wants to bet the caveat is that it’s way less powerful than iBooks Author?

Riccardo Mori:

Pages and iBooks Author had the potential to become two great apps. Now that they’re one single app, I hope it’s not going to be a worst-of-both-world kind of software.

When it comes to first-party software, my impression is that Apple has become somewhat lazier in these past years. The move Pages = iBooks Author + Pages reminds me of Photos = Aperture + iPhoto.

Juli Clover:

Instead of providing each student and teacher with the standard 5GB of free storage, Apple is now offering 200GB of storage at no additional cost.

So, after you graduate, you lose all your work if you don’t pay up?

Tim Schmitz:

Good for students, but I take this as a sign that Apple doesn’t plan to increase free storage for other users. I’m just baffled by the 5 GB limit. I guess it’s a play to increase “services” revenue?

David Sparks:

I think Apple still has a pricing problem. Chromebooks are in the low $200 range. The new iPad is $300, but when you add a case/keyboard $100 and an Apple Pencil ($100), a fully rigged iPad becomes nearly 2.5 times the cost of a Chromebook. When schools need to buy them by the hundreds (or thousands), that extra $300 is going to matter.

Walt Mossberg:

I’m a big iPad fan. And the new iPad education software Apple showed off today looked great. But the school discounts for the new iPad and the pencil seem way too paltry.

Casey Liss:

Schools only compete on price. So if Apple won’t, then they will never be a big deal in education. It’s a waste of time.

Josh Centers:

A lot of people mistakenly believe that schools choose Google for price. No, it’s a superior product that just happens to also be the cheapest option. (At what cost, though?)

Mike:

They should’ve bundled the keyboard for students. I’m honestly disappointed about that

Adam C. Engst:

Notably missing from the sixth-generation iPad’s specs is the Smart Connector, necessary for Apple’s Smart Keyboard. Apple likely felt that adding such support would cannibalize sales of the 10.5-inch iPad Pro, and it’s also possible that it would have forced a price increase. Nonetheless, it’s unfortunate, because it forces schools that adopt the sixth-generation iPad to come up with some Bluetooth keyboard solution for older students who need to, you know, actually write. And frankly, any iPad in an education setting needs a ruggedized case anyway.

Brian X. Chen:

Not only is $500 ($300 for iPad, $100 for Pencil, $100 for keyboard) too expensive to compete with cheap ChromeBooks in education, but the iPad keyboards (first- and third-party) just aren’t good enough to replace a laptop keyboard.

Steve Troughton-Smith:

So was that really worth having an Apple Event for? What did you think?

Michael Gartenberg:

Net net. Solid offering from Apple. I don’t see it making a dent against Google in the near future.

Noah Kravitz:

The hardware cost is important, but far secondary to the cost of administration. Chromebooks are so popular in schools bc they’re so cheap and easy to deploy and administer. iOS was not made for network admins.

Carolina Milanesi (tweet):

When the iPad was first brought into the classroom it was done in schools where, by and large, budget was not an issue and teachers were empowered to invest time in finding the best way to use technology to reinvent and energize teaching. It was really about rethinking how to teach and connect with students. As technology became more pervasive, schools discovered that it was not just about teaching but it was also about managing the classroom. This is what Google was able to capitalize on. Yes, schools turn to Chromebooks because the hardware is cheaper but also because the total cost of ownership when it comes to deployment, management, and teacher’s involvement is much lower.

Jason Smith:

I work in the 11th largest school district with 190k students. All Google here.

I imagine a large number of these kids will always use docs and never even look at Word.

Eric Young:

The lack of an identity management platform - which allowed for Apple to so very quickly get replaced in the education market

Poses the same risk for them in the corporate enterprise market as well

CJ:

There was no lock in identity platform for even iPad 1:1 schools so now you see them using iPads running G Suite.

I just sat in a K-12 iOS user group meeting where one district said “Why do we even bother with Apple ID’s anymore? We use G Suite.”

Stefan Constantine:

Apple: Buy an iPad for your kid so they can learn how to code.

Kid: I learned how to code! How do I make an app?

Apple: Buy a laptop.

Mom and dad: Wait, I thought the iPad was a computer replacement?

Kid: What’s a computer?

Previously: Apple Losing Education Share, iBooks Author Conference Highlights Ecosystem Worries.

Update (2018-03-27): Dieter Bohn:

Logitech’s Rugged Combo 2 keyboard case for the iPad is not likely to be something you’ll want to buy. It’s just too big for most. It’s very, very rugged, surrounding the device in a huge plastic block that feels like it could protect the glass inside from nearly anything.

[…]

But I am here to tell you that it is fascinating. The spill-proof keyboard doesn’t connect via Bluetooth, but instead via a custom smart connector Logitech developed, which passes through to the Lightning port inside the case. The keyboard is therefore removable (it attaches by a strong magnet) and can be replaced with a simple cover.

The thing stands up via a kickstand on the back. That means, when the keyboard is attached, it basically looks like a big, blocky Surface Pro.

Ryan Christoffel:

The special iWork-optimized flavor of Markup included here has marker, pencil, crayon, and shape tools, along with an eraser. If you tap one of the tools when it’s already selected, it will reveal more options to modify the tool’s size and opacity. To get started with Markup, you simply tap your Pencil to the screen and hold, and the Markup tools will appear. If you want to add a sketch without your Pencil in hand, you can do that by hitting the app’s + button, then selecting the Drawing option.

One special Pencil feature Pages receives is something Apple calls Smart Annotation. Launching in beta with today’s update, Smart Annotation enables making comments and proof marks on written work that will then remain dynamically attached to the annotated text, so your Pencil markings will remain with the right words even if changes are later made within the document.

Helge Heß:

Classroom for Mac is the first Marzipan app they show in public. I guess.

Stephen Hackett:

It cannot open my iBooks Author file for my book on the iMac G3 and history of Mac OS X. I’m not super surprised by that, but as the future of iBooks Author is unknown, I’d like a way to know I can edit this file using Pages in the future.

Serenity Caldwell (article):

iBooks Author is NOT being sunset. It’s continuing development. This Pages update is not a replacement.

Jared Willis:

I am a full time college student and a full time creative professional. The iPad Pro is... Not good for creative work. Just buy a Dell XPS 15 and move on with your life.

OTOH, the iPad Pro has been a absolutely essential to me in school.

It does what literally no other device can do, which is flawlessly bridge the gap between digital and paper.

Steve Troughton-Smith:

Of course annotations should export! Sadly they don’t even print (to PDF) properly — drawings and highlights don’t stay in the right place when printing even though they’re included

You can definitely draw on the page, but only in defined rectangles that you have to rearrange afterwards. Not like writing on paper

Bob Burrough:

Why shouldn’t Apple sell an iPad + Apple Pencil for $149 to any student who wants one?

Dieter Bohn:

Both accessories are specifically designed to sell to the education market and will not hit general retail.

Let’s start with the Crayon because it’s fascinating. It’s half the price of the Apple Pencil and works a little bit differently. It does not need to be paired via Bluetooth. Instead, any Crayon can work with any [6th generation] iPad. Apple says that’s so a teacher can walk around with it and use it with student devices. Since it doesn’t pair via Bluetooth, it can’t do pressure sensitivity.

Update (2018-03-28): Shira Ovide:

Chromebooks accounted for 60 percent of laptops, tablet and other mobile computers shipped to U.S. K-12 schools in the third quarter of 2017, according to FutureSource Consulting. Apple’s iPads accounted for 12 percent of those school devices, less than half of its market share in 2014.

Zac Cichy:

Announced today:

  • Same iPad now with Pencil support. Discounted just slightly for edu. (Was already going to happen)
  • iWork with Pencil support. (Was already going to happen)
  • Improvements to its general education efforts. (Was already going to happen)

Justifies this? [Apple + Education: Ignite the creativity in every student.]

Matt Birchler:

Her opinion is that the tablet form factor is problematic, mainly because students can barely be trusted to not lose a laptop, let alone a tablet, a case, and a stylus. Also, look at the profile view of an iPad in the new keyboard case Apple showed on stage[…]

The iPad requires a decent amount of space behind the keyboard to stand up. When kids are using these on small desks, this can be a problem and makes a laptop form facto more appealing.

Dan Benjamin:

My review of the Logitech Rugged Combo 2 keyboard case for the iPad:

Just get a laptop.

Matt Birchler:

The iPad mini has the same A8 chip that was in the iPhone 6 and iPad Air 2. At $329 for an A10 iPad, it’s hard to see what the market is for the $399 mini with an A8

Matt Birchler:

I get it, iCloud storage is a pain for a lot of people. As I’ve written before, iCloud’s paid tiers are very competitively priced. Here’s who much you need to pay get get different amounts of data on the major cloud storage platforms[…]

Carolina Milanesi:

I came into this event hoping to see three things: hardware pricing, an improved productivity and collaboration suite and a bigger focus on managing the classroom. Apple addressed my three points but in true Apple fashion it did so in a way that was not obvious to me.

[…]

While I am not sure yet if these changes are enough for a consumer to switch from Microsoft Office or G-suite, I think they are welcome additions in education.

[…]

[Classroom management] was for me the most important part of the day and what really shows that Apple now as a full solution rather than a series of features.

Bob Burrough:

The slide presented by Steve Jobs showed two street signs representing “the intersection of liberal arts and technology.” As shown today, they are drawn as wayposts, meaning “liberal arts is that way, and technology is in the other direction.”

Nick Lockwood:

The implication is that new Apple misunderstands the meaning of the phrase, but the reality is far worse: they just don’t put enough attention into anything they do to notice that these are different, or to consider that it might matter to anyone.

John Voorhees:

The podcast version of today’s education event is now out

Update (2018-03-29): Josh Calvetti:

re: what happens when students graduate with that 200gb of iCloud- it’s tied to managed Apple IDs, so they can’t even take that ID with them once they leave. So it’s less about the content getting deleted and more about what to do with the entire account.

Bradley Chambers:

The key thing Apple talked about then was the goal of reinventing the textbook. Apple announced iBooks 2 which introduced interactive books. Did they succeed in changing the world of textbooks? Hardly. In fact, no one has. […] The iBooks Author strategy was failed from the beginning.

[…]

iTunes U is an iPad-only application, with a grade book that doesn’t connect to a student information system or a major learning management system. […] So here’s something to consider: how much from Apple’s 2012 education keynote has made a difference in the years since? I’d argue nearly nothing.

[…]

As I rewatched the 2012 keynote and pondered the 2018 keynote, I realized that Apple is yet again trying to craft a future for education that I am not sure fits with reality.

[…]

Education didn’t need a faster iPad. Education didn’t need Apple Pencil support. Those are great features for a consumer-friendly iPad, but education needed a clearer signal from Apple that they understand how school districts actually operate around the country and around the globe.

Matt Birchler:

The more people I talk to and read about this stuff seem to have few concerns with Apple’s hardware offerings. $299 for an iPad is pretty good and the flexibility a tablet gets you is really convenient, but Apple needs to own more of the software stack if they want to move the needle in this market.

Paul Miller:

I probably wouldn’t recommend a kid learn Swift as their first programming language, not because it’s not a great and interesting language, but because the barrier to distribution and the creation of useful software is so high. The Xcode cliff is a steep one.

 Observer:

Apple should do education keynote every year. And show how their score card is evolving. That would be a sign that they do really care about education.

Colin Cornaby:

I know a lot has been said about Apple and education, but it speaks VOLUMES about today’s Apple that they refused to release any accessories for students themselves and pawned it off to Logitech because they didn’t want to “degrade the brand.”

10 or 20 years ago Apple selling accessories and even education specific computers was a badge of honor and something they were happy to do. Now they’re worried that it might detract from selling fashion items.

Julio Ojeda-Zapata:

Schoolwork is being positioned as a direct competitor to a Google service called Classroom that lets educators create curricula, distribute student assignments, communicate with students and their guardians, incorporate apps into classroom programs, and more.

The cloud-based nature of Apple’s Schoolwork is key here since Google’s Classroom is — like almost everything Google does — a Web-based service.

Schoolwork is due in June 2018.

Jim Dalrymple:

In its 40 years of being in the education market, Apple has never been the cheapest product—they never will be. I don’t know why people expect Apple to all of a sudden just give away iPads to schools or even compete against a product like a cheap Chromebook on price.

Apple doesn’t make cheap products. Ever. They also don’t make shitty products. You can expect the iPad to last for years without breaking or becoming obsolete. I expect the return on investment for schools to be quite high when purchasing iPads for the classroom.

[…]

Apple screwed up a few years ago by not having the software and administration abilities on the iPad available for school districts. There is no question about that. But they have those features available now.

Jono Hayes:

I wrote some notes after my first shared iPad deployment (180 students, 60 iPads) March 2017... Nothing has changed in a year within ASM and management.

Update (2018-03-30): Nicole Nguyen:

this guy just said welcome to your first day of school

Benjamin Mayo:

At the event this week, Apple heavily pushed this as the iPad for education. If you escape Apple’s carefully crafted PR bubble, though, I don’t think the statement holds its weight. This is the iPad that education will lean towards buying en masse, but it’s not really designed for education use.

Shannon Liao:

But Holloway says that while she’s been able to use her iPad in the classroom to engage students in material they otherwise wouldn’t pay enough attention to, it can be a double-edged sword. “Once they’re used to using the iPad, the excitement of 2D and even manipulative materials pales in comparison, and it’s more difficult to engage them in activities that don’t include a digital component,” she says.

[…]

Teachers like Chen do not believe the focus should be put on the competition between iPads and Chromebooks, nor an obsession with what shiny new device a school should purchase. “For an educator, the question shouldn’t be which device, but which learning objective should we be aiming for?” she says. “I don’t think we can clearly say one device can be better than the other.”

Rene Ritchie (via Phil Schiller):

That resulted in the, just as usual, expectational debt: The angst and anger over what the event wasn’t and was never going to be, rather than what it was — Apple celebrating 40 years in education with a love note passed in class to the teachers and students in attendance, the rest of us watching on.

[…]

That it took until almost two years after Pencil launched for iWork to gain that compatibility is a devastating critique of Apple’s ability to keep all the balls it’s currently juggling in there air. As much as hardware like Mac mini suffers from neglect, so does software, and it’s something that Apple can’t ignore away.

[…]

Whether it became apparent early on iBA wasn’t the right solution but there was no timeline on a better replacement or not, I’ll echo what I said previously about Apple not showing it can effectively juggle all the balls it has in motion. As a single provider, that’s bad for everyone. It makes it difficult to trust at any time that an Apple device or service critical to you will be treated as such by the only company in control of its destiny. It’s something Apple will have to reckon with — sticking to its “thousand nos for every yes”, and making firm choices about all the “ah… dunnos?” that are piling up.

[…]

In terms of education specifically, it really did feel like a love note, but one passed in school. One that’s full of romance but short on details. Run away with me — I’ll figure out getting a car and where we’re going later! It’s fantastic that Apple has this vision, but it’s going to be the consistency and expansion of that vision that’s key.

Update (2018-04-01): See also: Accidental Tech Podcast, Core Intuition, The Talk Show, Upgrade.

Update (2018-04-02): Chuq Von Rospach:

One of the things Apple brings to all of us, beyond its products, is that it continues to show us how things could and should be, and it forces the other companies to chase their innovations and aspirations and that makes things better for everyone over time. We need that, because if Apple stops doing that, who will?

So this educational event was all about Apple doing what Apple does best, and that’s a good thing. This doesn’t mean Apple doesn’t have things it can (and should!) do, such as better ID management, but much of the griping about the event boiled down to two big themes:

  • Apple has to do netbooks or it’s in big trouble! (Remember that? It’s back!)
  • Apple has lots of money; it should give it to education, and then we’ll like them.

Andy Ihnatko:

Before I explain why I was in such a good mood, let’s deal with the sour stuff. If you were hoping that Apple would unveil new hardware, software, and strategy that would allow iPads to compete with Chromebooks toe-to-toe for classroom market share … well, that did not happen. It seems like an unrealistic goal to begin with. The market for classroom computers, software, and services is unique and somewhat bizarre, and Apple is uniquely ill-suited to compete in terms of raw market share.

[…]

Despite all these ugly realities, Apple used its Tuesday event to clearly explain a comprehensive and well-considered plan for the value that iPads and Apple software could add to education. There was none of the (dare I say) jaunty 1800s missionary “meet your new god” swagger that I sensed in the earlier “iPads for schools” push. Apple certainly didn’t say “Chromebooks are a huge success in education because they’re practically perfect for that world,” but it seemed to acknowledge that reality.

Apple’s new stance seems to be that kids can interact with iPads in ways that are unique. iPads have a point of view on education. And while not every school–or even most of them–can choose the iPad as its classroom computer, Apple is motivated to remove every obstacle that it can, making the experience as valuable as possible for the kids who use them and the educators who help the kids.

Update (2018-04-03): See also: this iOS 11.3 MDM bug.

Update (2018-04-04): Stefan Constantine:

Does Apple care about education?

You tell me.

Google just announced it’s going to make some school buses in rural America WiFi enabled and give out free Chromebooks.

Update (2018-04-05): Scott Yoshinaga:

The big difference is that unlike a regular Apple ID, Managed Apple ID has no option to purchase any additional storage. Neither the school that owns the account nor a parent with a credit card can purchase more storage on behalf of the student. Once a student exceeds the 5GB iCloud limit they are forced to either delete content to free up space, move the content to a competing cloud service or export it off the device by connecting it to a computer. A huge pain for students and quite an oversight on Apple’s behalf.

[…]

A good relationship requires communication; a lasting one requires commitment. It often feels like Apple’s not interested in either. It can feel like being in a relationship where your partner tells you they’re all-in with you but is constantly distracted or even ignores you. Mixed signals can cause doubt and frustration in any relationship and this event reminded me of that.

[…]

The reality is that Apple has software that is rarely updated and minimal services that don’t get much attention either. It feel like their solution is for IT administrators to fill that void with third-party applications, tools and services that it doesn’t provide.

NSDoubleLocalizedStrings and Friends

The NSDoubleLocalizedStrings user default is a reasonably well-known and officially documented localization debugging aide. It repeats the text of each localized string, making it double-length so that you can test whether your layout still works.

Another longstanding one is NSShowNonLocalizedStrings, which logs to Console when a string can’t be found.

Interface Builder also lets you preview views using an “Accented Pseudolanguage” and a “Bounded String Pseudolanguage.” These correspond to the NSAccentuateLocalizedStrings and NSSurroundLocalizedStrings user defaults.

Finally, there are NSForceRightToLeftLocalizedStrings and AppleTextDirection to enable the “Right to Left Pseudolanguage.” This lets you use test right-to-left layout (e.g. for Arabic) using strings from your development language.

Solving Problems With iCloud Drive

Howard Oakley:

Yesterday I was a bit scathing over published solutions for problems with iCloud, specifically the common problem of protracted or failed synchronisation of iCloud Drive. You dragged some files to iCloud Drive five or more minutes ago, and they still haven’t been synced to it.

[…]

in spite of trying these, sometimes it takes up to 72 hours for iCloud to propagate new files/folders.

[…]

I have been unable to discover any suggestions based on insights into how iCloud works, methods for establishing where the failure is or its cause (even a cryptic error number), nor more specific remedies which can be attempted. All recommendations treat iCloud and iCloud Drive as an impenetrable Black Box.

This just happened to me. I mostly use Dropbox, but I’ve been trying out iCloud Drive in a limited fashion to move PDFs from the Mac with the scanner to my iMac. It’s normally reasonably fast (though not as fast as Dropbox), but every once in a while there’s a long delay, with no obvious cause or remedy.

See also: Inside iCloud Drive: In the log in Sierra and High Sierra.

Update (2018-03-27): Brad Dougherty:

I’ve found that going to the iCloud preference pane triggers things to update sometimes.

Update (2018-03-31): Howard Oakley:

There is a clue suggested by Apple, one of the very few non-generic fixes available for such problems: “create a new document and save it [to iCloud] to see if it uploads to iCloud. If it does, see if other documents start uploading”.

kottke.org at Twenty

Speaking of long-running Web sites, Kottke.org recently celebrated its 20th birthday (Hacker News).

But had I not written all those posts, good and bad, I wouldn’t be who I am today, which, hopefully, is a somewhat wiser person vectoring towards a better version of himself. What the site has become in its best moments — a slightly highfalutin description from the about page: “[kottke.org] covers the essential people, inventions, performances, and ideas that increase the collective adjacent possible of humanity” — has given me a chance to “try on” hundreds of thousands of ideas, put myself into the shoes of all kinds of different thinkers & creators, meet some wonderful people (some of whom I’m lucky enough to call my friends), and engage with some of the best readers on the web (that’s you!), who regularly challenge me on and improve my understanding of countless topics and viewpoints.

I also enjoyed Jason Kottke’s interview with John Gruber on The Talk Show (tweet).

MacInTouch Note to Readers

Ric Ford:

The revenue that used to sustain MacInTouch has dropped below a viable business minimum, while a plethora of other websites, operating under different business and security models, produces constant Apple news, reviews and commentary.

The MacInTouch Discussions forum is unique, as far as I know, but it’s also unsustainably labor-intensive, and there’s no way around that in its current incarnation.

At this point, my plan is to continue running MacInTouch Discussions and home/news pages at a reduced intensity for a little longer. But, before long, it will be time for a change - a sabbatical, a new blog, research, development, or something else – I’m not quite sure what yet, but I expect macintouch.com to continue in some form.

John Gordon:

Ric passed on RSS and blogs and feeds and permalinks. For a year or two he tried to get permalinks working — which made Macintouch potentially tweetable. Recently those went away, so I wasn’t surprised by today’s announcement …

The site has often been frustrating for technical reasons like this, but it’s long been a unique and valuable resource. My thanks to Ford for all of his work, and I hope that he’s able to find a way to continue.

Friday, March 23, 2018

Swift Integration Traps

Daniel Jalkut:

A worse consequence is the number of pitfalls that ABI instability present, that are difficult to understand intuitively, and in many cases impossible, or at least dangerous, to work around. These pitfalls lie mainly in areas where developer code is executed on behalf of a system service, in a system process. In this context, it is not possible for developers to ensure that the required version of Swift libraries will be available to support their code. Game over.

[…]

But once you’ve written the code to draw those fancy graphs in Swift, you’re locked out of using that code from a QuickLook Plugin. Worse? Finishing touches such as supporting Quick Look are liable to come later in the development of an app, so you’ve probably gone through the decision-making process of writing your app in Swift, before realizing that the decision effectively cuts you off from a key system feature.

Spotlight importer plug-ins face the same issue.

Update (2018-03-30): Daniel Jalkut:

I think it’s officially impossible to offload QuickLook plugin to an embedded XPC service in order to use Swift.

High Sierra Stored APFS Volume Passwords in Log Files

Sarah Edwards (tweet):

I’ve been updating my course (Mac and iOS Forensics and Incident Response) to use new APFS disk images (APFS FTW!) and came across something that both incredibly useful from a forensics perspective but utterly horrifying from a security standpoint.

[…]

I used the following command to watch my unified logs in the Terminal while the process above was doing its thing:

log stream --info --predicate 'eventMessage contains "newfs_"'

…and there we have it, a plaintext password!

It’s fixed in macOS 10.13.2 [Update (2018-03-25): Actually not; see below.], but I wonder how many passwords are still stored in logs somewhere, e.g. in sysdiagnoses uploaded to Radar. Also, judging from the usage message for newfs_apfs, it looks like the fix may have been simply to suppress this particular log message. It still takes the passphrase as a command-line argument, so it might still be exposed in other ways, rather than using the more secure -stdinpass method that hdiutil uses.

Howard Oakley:

If you:

  • encrypted an APFS volume using macOS 10.13 to 10.13.1 using Disk Utility, and
  • have a copy of the unified log collected at the time of that encryption, in a logarchive

chances are, that logarchive will contain the passphrase recorded in plain text. You therefore might like to destroy or encrypt that logarchive.

[…]

I am not aware that Apple has issued any warning of this potential security breach. Given that the bug appears to have been recognised and fixed, that seems more than a little remiss.

Previously: Encrypted APFS Volume’s Password Exposed as Hint, High Sierra Bug Allows Root Access With Blank Password, App Store System Preferences Can Be Unlocked With Any Password.

Update (2018-03-25): Moe Lassus:

Reproducible on 10.13.3.

Howard Oakley:

Thanks to @moelassus, who reported seeing this bug persist in 10.13.3, and Sarah Edwards, we have established that this is a 100% reproducible bug in 10.13.3. It does not, any longer, affect the creation of new encrypted APFS volumes, but occurs when an existing unencrypted APFS volume is encrypted, by erasing just that volume in Disk Utility.

[…]

When Apple ‘fixed’ the original bug, which occurred when creating a new encrypted APFS volume, it clearly did so by accident, and was unaware that the change that was made to the volume creation step blocked the entry of the plaintext password in the log. Consequently, another instance in which an almost identical call was made by diskmanagementd, to newfs_apfs to make an existing volume encrypted, was left in the code. It is that call which is currently appearing in the log.

Previously: Sierra Log Littering.

Update (2018-03-30): Sarah Edwards (Hacker News):

The previous examples were found in the unified logs which can hang around for a few weeks, this new example stores the exact same information in the system’s /var/log/install.log. I have found that the install.log will only get wiped out upon major re-installation (ie: 10.11 -> 10.12 -> 10.13), therefore these plaintext passwords will hang around for quite a bit longer than a few weeks! I had entries dating back to when I originally installed High Sierra on this system back in November of 2017!

Update (2018-03-31): Howard Oakley:

Although 10.13.4 fixes this leak, it still only does part of the job. It doesn’t roll the install.log to remove all those old plaintext passphrases, which remain in the log for all to see. What is worse, to my mind, is that it doesn’t stop diskmanagementd and associated processes from writing to install.log.

Update (2018-04-01): Howard Oakley:

When Apple introduced its new unified log in macOS Sierra, almost every other system log went silent (other than in residual entries by legacy products), apart from install.log. Why that was spared has never been explained by Apple, which suggests that it wasn’t part of its plan. This has now proved helpful in many situations, as sysadmins and others can still examine installation and update problems without having to do battle with thousands of other entries in the unified log.

[…]

One potentially good reason for continuing to write to a traditional log as well as the new unified log is the weakness of Apple’s tools – then and now – for accessing the unified log. Console still lacks any ability to browse history in the unified log, except when the live log is converted into a logarchive, and even then it is hard to use. install.log remains far more convenient to examine, and the engineers working on those parts of macOS which have been writing to it have probably been very grateful that they were not forced to work with the unified log alone.

[…]

Returning to the accident chain behind this, I can see the following links[…]

Sarah Edwards:

APFS encrypted volumes can be created on the disk level as well as the volume level and it truly seems to make a difference. Please also test if you find (or don’t find) the results in the Unified logs and/or the install.log or neither (and god forbid any other locations you might come across!). I’m also consistently using the “Erase” button versus the “Partition” button.

Update (2018-05-11): See also: Paul Ducklin.

Apple Stores Suffer From Customer Complaints, Long Wait Time

Kate Taylor:

A recent trip to a New York City Apple Store by Business Insider’s Avery Hartmans revealed a chaotic, hellish mess.

The store was packed with people. It was unclear which employees were available to help and which were otherwise occupied. Without a reservation, it was nearly impossible to get help at the Genius Bar. To make matters worse, it could be days before there was an open reservation.

This isn’t an isolated issue. Social media has been flooded with complaints about Apple Stores in recent months.

[…]

“We haven’t been able to keep up with traffic since I started 8 years ago,” a senior Genius at a small store in the Midwest told Business Insider. “I wouldn’t even walk in the store because of how crowded it gets. During Christmas [season] you can hardly move.”

Via Mike Rundle:

Buying something at an Apple Store, ostensibly the most important interaction at any type of store, is annoying and involves wandering aimlessly to find an employee. Not fun at all.

Neven Mrgan:

My last five visits have been complete disasters. It was worse than going to Best Buy in the 90s. If any other business had a waiting area consisting of “go stand in that corner,” we’d laugh at it mercilessly.

Previously: Angela Ahrendts’s Plan for Apple Retail.

Dealing With Weak in Closure-based Delegation

Oleg Dreyman (via Joshua Emmons):

Let’s look at the core of the problem: 99% of the time, when assigning a delegation callback, there should be a [weak self] capture list, but nothing is actually preventing ourselves from omitting it. No errors, no warnings, nothing. What if instead we could force the correct behavior?

[…]

Leveraging the power of Swift generics, we can do better:

struct DelegatedCall<Input> {

    private(set) var callback: ((Input) -> Void)?
    
    mutating func delegate<Object : AnyObject>(to object: Object, with callback: @escaping (Object, Input) -> Void) {
        self.callback = { [weak object] input in
            guard let object = object else {
                return
            }
            callback(object, input)
        }
    }
}

Alexa’s New “Brief Mode”

Sarah Perez:

For example, if you ask Alexa to turn on your lights today, she will respond “okay” as she does so. But with Brief Mode enabled, Alexa will instead emit a small chime as she performs the task.

Via Nick Heer:

I would love an option like this for Siri on all of my devices. It indicates a great deal of trust Amazon has in its own product for them to reduce Alexa’s feedback to a simple audio chime.

Kickstarter and Business Advice

Max Temkin:

Simplify your project as much as possible so that backers have an easy decision to make. If you have 30 levels of rewards, it can become paralyzing. Just confidently offer the best version of what you’re doing.

[…]

Don’t do any other gimmicks, tricks, or hacks to get money from Kickstarter. They will almost always backfire and make you look like an asshole. The whole point of Kickstarter is to test out your idea and see if it connects with an audience. If it does - great! You get to make your thing. If it doesn’t - that’s okay too! It’s an opportunity to figure out what didn’t work and fix it.

For the love of god figure out how much shipping is going to cost before you launch.

[…]

My biggest fear about dispensing advice and platitudes is that people will just try to do the same things that I did. But of course that won’t work. Working through the anxiety of not knowing what to do and emerging on the other side with an authentic understanding of what’s special about your game is not something you can hack your way out of; it is the creative process.

Apple AirPods: the Audiophile Review

Vlad Savov:

But here’s the thing: using the AirPods isn’t merely a “wireless EarPods” experience. Or rather, there are surprising aspects to making the EarPods wireless that I didn’t appreciate until I used the AirPods. My impression of the EarPods has always been colored by how loosely they sat in my ears. The merest tug or tension on their wire would unseat them. Well, without a wire, that entire issue is obviated, and moreover, the stem of the AirPods sits flush with the side of my face and helps to anchor them in place. I have run with the AirPods, I’ve done push-ups, lifted weights, and moved around vigorously without either one coming close to falling out. Your mileage will, of course, vary, but I can’t say the same about Google’s Pixel Buds or the majority of other earbuds on the market, wired or wireless.

[…]

I say the AirPods aren’t technically amazing, but that’s only when comparing against existing standards for sound quality. In the category of truly wireless earbuds, the AirPods are the best I’ve yet heard.

[…]

Maintaining a consistent and reliable Bluetooth connection, the thing I actually care about, is still sadly uncommon among truly wireless buds, so Apple’s wireless earphones are easy to recommend even to Android phone users.

See also: Kirk McElhearn.

Monday, March 19, 2018

Cambridge Analytica Harvested 50 Million Facebook Profiles

The Guardian (Hacker News):

A whistleblower has revealed to the Observer how Cambridge Analytica – a company owned by the hedge fund billionaire Robert Mercer, and headed at the time by Trump’s key adviser Steve Bannon – used personal information taken without authorisation in early 2014 to build a system that could profile individual US voters, in order to target them with personalised political advertisements.

[…]

Documents seen by the Observer, and confirmed by a Facebook statement, show that by late 2015 the company had found out that information had been harvested on an unprecedented scale. However, at the time it failed to alert users and took only limited steps to recover and secure the private information of more than 50 million individuals.

[…]

The data was collected through an app called thisisyourdigitallife, built by academic Aleksandr Kogan, separately from his work at Cambridge University. Through his company Global Science Research (GSR), in collaboration with Cambridge Analytica, hundreds of thousands of users were paid to take a personality test and agreed to have their data collected for academic use.

However, the app also collected the information of the test-takers’ Facebook friends, leading to the accumulation of a data pool tens of millions-strong. Facebook’s “platform policy” allowed only collection of friends’ data to improve user experience in the app and barred it being sold on or used for advertising.

Mike Rundle:

Chief Security Officer of Facebook @alexstamos says that Cambridge Analytica misusing the data from 50M profiles was a feature of their platform at the time.

Cool man. Great PR work.

Alex Stamos:

I have deleted my Tweets on Cambridge Analytica, not because they were factually incorrect but because I should have done a better job weighing in.

Zac Cichy:

Facebook was doing things covered under the ToS. For the first time in the history of Facebook — and countless people like me screaming about it for years — people decided to be upset.

Kyle Baxter:

CA acted dishonestly in using an unrelated quiz to harvest user and friends’ profile, etc data, but it really isn’t any different than what a ton of people were doing at the time. That’s on Facebook, and on them for not notifying the public about it when they discovered it.

Collin Allen:

If your API allows access to more data than I’m granted, that’s a vulnerability. And if I access it, that’s a breach. The honor system is not a valid layer of defense in depth.

John Gruber:

This was not a security breach. This is simply what Facebook is: a massive surveillance machine.

The New York Times:

“This was a scam — and a fraud,” Paul Grewal, a vice president and deputy general counsel at the social network, said in a statement to The Times earlier on Friday. He added that the company was suspending Cambridge Analytica, Mr. Wylie and the researcher, Aleksandr Kogan, a Russian-American academic, from Facebook.

Peter Jukes:

So the Cambridge Analytica Whistleblower has been ‘depersonned’ by @facebook without any chance to retrieve his contacts or private materials.

Nick Heer:

Facebook preempted the publication of both of these stories with a press release indicating that they’ve suspended Strategic Communications Laboratories — Cambridge Analytica’s parent — from accessing Facebook, including the properties of any of their clients.

However, the reason for that suspension is not what you may think: it isn’t because Kogan, the developer of the thisisyourdigitallife app, passed information to Cambridge Analytica, but rather because he did not delete all of the data after Facebook told him to.

[…]

Facebook can make all the policy changes it likes, but I don’t see any reason why something like this can’t happen again at some point in the future.

Brian Boyer:

Facebook is a machine built to collect your personal information and hand it to others, en masse. Not surprised that a hostile actor acquired that information. I expect there are many, many, many more that we will never hear about.

[…]

Anyone who builds a Facebook app (and any rookie can do this) has access to an absurd amount of information about you and your loved ones. And there is nothing stopping them from giving it away, besides the “Terms”.

Rene Ritchie:

It’s been said many times before but it takes a while to sync in: The cloud is just someone else’s computer. If you’re giving up your data or attention in exchange for free social, mail, messaging, photograph, document, or other transit or storage, then you’re really just taking the drive from your computer, unencrypted, and mailing it to those companies to do with it whatever they will.

[…]

The only thing we can do is delete Facebook. And Messenger, and Whatsapp, and Instagram, and every app like them.

Maciej Cegłowski:

There is a widespread belief that Facebook is a frivolous thing people should just quit. Two billion people use it. For many of them, it is the Internet. For others, it’s the only way to stay in contact with family or loved ones. Facebook has worked hard to get ubiquitous

In large areas of the Third World, Facebook has offered free data plans as long as you stay on the site. WhatsApp and Messenger are integral parts of people’s lives. Before you say ‘just get off Facebook’, ask yourself if you really understand what Facebook is (I know I don’t)

Josh Constine:

The company routinely ignores or downplays the worst-case scenarios, idealistically building products without the necessary safeguards, and then drags its feet to admit the extent of the problems.

[…]

Here’s an incomplete list of the massive negative consequences and specific abuses that stem from Facebook’s idealistic product development process.

Ben Thompson:

Google is already facing significant antitrust challenges in the E.U., which is exactly what you would expect from a company in a dominant position in a value chain able to dictate terms to its suppliers. Facebook, meanwhile, has always seemed more immune to antitrust enforcement: its users are its suppliers, so what is there to regulate?

That, though, is the answer: user data. It seems far more likely that Facebook will be directly regulated than Google; arguably this is already the case in Europe with the GDPR. What is worth noting, though, is that regulations like the GDPR entrench incumbents: protecting users from Facebook will, in all likelihood, lock in Facebook’s competitive position.

This episode is a perfect example: an unintended casualty of this weekend’s firestorm is the idea of data portability: I have argued that social networks like Facebook should make it trivial to export your network; it seems far more likely that most social networks will respond to this Cambridge Analytica scandal by locking down data even further.

Dean:

The dark patterns @facebook use to get me to give access to my personal contacts in Messenger is pretty sickening and shouldn’t be allowed on the @AppStore.

  1. No option for “No”
  2. “Learn More” leads to a real option
  3. In-app notification shameing
  4. Push notification shameing

Update (2018-03-23): Bob Burrough:

The con-job is that this is a Facebook-specific “breach,” and therefore theirs to address. The problem is much bigger than that. Why are the New York Times, CNN, and The Guardian reporting what you’re reading to Facebook?

Casey Johnston:

never forget you also give up data to Facebook by not ever signing up for Facebook and just visiting any web page with a like button 🙃

Karl Bode:

But while Facebook has been on the receiving end of some heated and justified media criticism for its privacy abuses, that criticism feels detached from a broader context: namely that we’ve increasingly approved of the wholesale collection and sale of our private data without anything even vaguely resembling transparency, accountability, or oversight.

Nothing personifies this more clearly than the telecom industry, which has been gobbling up and selling consumer data on an industrial scale for the better part of the last few decades. Often with only an iota of the outrage we’ve already seen during Facebook’s latest scandal.

More than a decade ago, ISPs like Comcast began hoovering up your clickstream data (data on every website you visit) and selling it with little accountability and absolutely no transparency. When press outlets back then asked ISPs about what data they were collecting, most would simply refuse to respond. And regulators (and most press outlets) saw no real problem with that.

Dave Winer:

I’ve written software against the Facebook API, and accessing information about the social graph is part of the API. We may not like what Cambridge Analytica did with the data, but I don’t think they did anything that every other company that makes products that work with Facebook doesn’t already do. Including of course Facebook itself.

Kevin Bankston:

The API condundrum(s):

--legit researchers using APIs to expand human knowledge, track fake news and abuse, etc = GOOD

--fake researchers siphoning data for Cambridge Analytica = BAD

--APIs open enough to allow competitive/innovative use of data with user permission = GOOD

M.G. Siegler:

Still, it seems to me that a lot of these wounds are self-inflicted. Not just in choices the company makes from a product and policy standpoint, but also how they choose to react to issues when they arise. Even on Friday night, when it seemed like they were doing the right thing by making a swift, decisive move around a very complicated situation, it turns out, no — Facebook was simply reacting quickly because publications were about to run stories about the pilfering of data from their network for mass political profiling. And what’s worse, Facebook was apparently threatening said publications if they ran said stories.

Paul Lewis:

Sandy Parakilas, the platform operations manager at Facebook responsible for policing data breaches by third-party software developers between 2011 and 2012, told the Guardian he warned senior executives at the company that its lax approach to data protection risked a major breach.

“My concerns were that all of the data that left Facebook servers to developers could not be monitored by Facebook, so we had no idea what developers were doing with the data,” he said.

Parakilas said Facebook had terms of service and settings that “people didn’t read or understand” and the company did not use its enforcement mechanisms, including audits of external developers, to ensure data was not being misused.

Sarah Frier:

Facebook Inc. tried to get ahead of its latest media firestorm. Instead, it helped create one.

The company knew ahead of time that on Saturday, the New York Times and The Guardian’s Observer would issue bombshell reports that the data firm that helped Donald Trump win the presidency had accessed and retained information on 50 million Facebook users without their permission.

Facebook did two things to protect itself: it sent letters to the media firms laying out its legal case for why this data leak didn’t constitute a "breach." And then it scooped the reports using their information, with a Friday blog post on why it was suspending the ad firm, Cambridge Analytica, from its site.

Spencer Ackerman:

It’s not just that he’s silent in public. Facebook CEO and co-founder Mark Zuckerberg declined to face his employees on Tuesday to explain the company’s role in a widening international scandal over the 2016 election.

[…]

Nor, The Daily Beast has learned, did chief operating officer Sheryl Sandberg attend the internal town hall.

The New York Times:

Mr. Stamos, who plans to leave Facebook by August, had advocated more disclosure around Russian interference of the platform and some restructuring to better address the issues, but was met with resistance by colleagues, said the current and former employees. In December, Mr. Stamos’s day-to-day responsibilities were reassigned to others, they said.

Mr. Stamos said he would leave Facebook but was persuaded to stay through August to oversee the transition of his responsibilities and because executives thought his departure would look bad, the people said. He has been overseeing the transfer of his security team to Facebook’s product and infrastructure divisions. His group, which once had 120 people, now has three, the current and former employees said.

John Gruber:

So Facebook is forcing out Stamos, the one executive with the moral backbone to do the right thing in response to what they’d allowed to happen.

Mark Zuckerberg:

First, we will investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we will conduct a full audit of any app with suspicious activity. We will ban any developer from our platform that does not agree to a thorough audit. And if we find developers that misused personally identifiable information, we will ban them and tell everyone affected by those apps. That includes people whose data Kogan misused here as well.

Second, we will restrict developers’ data access even further to prevent other kinds of abuse. For example, we will remove developers’ access to your data if you haven’t used their app in 3 months. We will reduce the data you give an app when you sign in -- to only your name, profile photo, and email address. We’ll require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data. And we’ll have more changes to share in the next few days.

Third, we want to make sure you understand which apps you’ve allowed to access your data. In the next month, we will show everyone a tool at the top of your News Feed with the apps you’ve used and an easy way to revoke those apps’ permissions to your data. We already have a tool to do this in your privacy settings, and now we will put this tool at the top of your News Feed to make sure everyone sees it.

Matt Stoller:

The problem with Zuckerberg’s post is this. In 2011, FB was caught deceiving people about how it violated their privacy. It signed an agreement w/the FTC pledging to stop doing that. Today, Zuckerberg is outlining the steps he promised to take in 2011.

Nick Heer:

They did not disclose this at the time, nor did they notify the fifty million users whose information was accessed by Cambridge Analytica. So their claim in their press statement that they felt deceived is bunk: they knew, and did nothing when it mattered first.

Carole Cadwalladr:

Dear Mark Zuckerberg, you offered interviews to lots of outlets but not the @guardian & Observer. We broke the story first in 2015. We led the reporting last weekend. You used legal threats to try and stop us. And now, you’re... ignoring us?

Matt Stoller:

This is 100% right. Zuckerberg threatening to sue the outlets who broke the stories while giving interviews to the ones who didn’t shows that the leadership of Facebook is a part of the problem.

Zuckerberg’s multiple apologies are undercut by a ruthless legal strategy to attack critics in the press, a huge lobbying operation against things like the Honest Ads Act, and massive financing of researchers and academics through dollars and access to data.

James Allworth:

Facebook was so kind as to offer up each user’s unique Facebook User_ID when it returned these data requests. This means that all the data from all the different apps, quizzes and games can be immediately and instantly recombined into one massive database… just like Facebook’s!

[…]

To give a sense of how many apps were out there doing this: here’s an AdWeek article back in 2012, quoting Facebook as saying there were 9 million apps and websites integrated with Facebook. And 2012 was three years before Facebook cut off API access to pulling this kind of data.

[…]

For the longest period of time, Facebook was an advertising business that dreamed of being something else other than an advertising business. It wanted to be a platform.

[…]

And if those are the grand illusions that you’ve got, it’s not your proprietary data that you view as the secret to your success (which you only need to advertise). Instead, it’s developers, and getting them to build on top of your precious platform.

Ryan Jones:

FB is incentivized to keep your data only to themselves. So ONLY THEY can target with it.

We’ll never let apps do this again!

Ya, I bet you won’t. Why WOULD you give them free data when you can charge for it, per ad.

Kara Swisher and Kurt Wagner:

In a wide-ranging interview with Recode this afternoon, the Facebook CEO and co-founder said that he would appear before legislators if he was the “right” one inside the company to give lawmakers information about what happened.

Sheryl Sandberg:

You deserve to have your information protected - and we’ll keep working to make sure you feel safe on Facebook. Your trust is at the core of our service. We know that and we will work to earn it.

Katie Notopoulos:

Facebook: here’s a photo montage of your random friend anniversary we send you every week!

Also Facebook: we’re not sure we can notify people affected by Cambridge Analytica because we’re not sure if we know who your friends were in 2014

Craig Phillips:

In the process of deleting my little used #Facebook account, I’ve downloaded my data & found worrying things…

Daniel Jalkut:

This is bonkers. I definitely never authorized Facebook to share this information.

Rosyna Keller:

Privacy settings on Facebook are sadly opt-out. When Facebook introduces a new privacy invading feature (like facial recognition), it’s always on by default.

Phil Dokas:

If you need any more evidence for how important selling your info is to Facebook, look no further than how long it takes to opt out of everything you can.

David Nield:

If you can’t quite bring yourself to close down your account - maybe there’s a support group or family connections you’d like to keep active - then here’s how to restrict the amount of data Facebook has got on you.

Serenity Caldwell:

A few years back, I reworked my Facebook account to lock down my personal information; given everything going on with the social media giant this week, I figured I’d walk everyone through the steps I took to keep Facebook from accidentally broadcasting valuable data to the world.

James Thomson:

Something Apple would never do, but should - indicate on the App Store page for each app which analytics SDKs are included within it.

Update (2018-03-25): Taryn Luna (via Hacker News):

The California Consumer Privacy Act would require big companies to disclose the type of information they gather, explain how it is shared or sold and give people the right to prevent businesses from spreading their personal data.

The initiative has months to qualify for the November ballot and will likely become one of the most expensive fights this year.

Google, Facebook, AT&T, Verizon and Comcast have contributed $200,000 each to a campaign finance committee opposing the initiative since mid-February. The proponents, a trio of Bay Area business professionals, expect the Internet behemoths will eventually pour in over $100 million to try to stop the measure from passing.

brockhopper (via Sonya Mann):

What was the Facebook friend suggestion that made you go “OK, that’s just creepy, how did FB know to suggest them”?

Mike Rundle:

After I changed all my Facebook settings and deleted API access, the next time I opened Messenger I saw these two screens trying to trick me into giving Facebook full Address Book access. Shady as hell.

Colin Kalmbacher:

The New York Times apparently offers powerful third parties the ability to edit away–that is, to delete from the internet–unfavorable coverage appearing in the paper of record’s online edition.

[…]

The Times’ original story made reference to Facebook COO Sheryl Sandberg–and mentioned her “consternation” at Stamos’ efforts to shepherd the tech giant towards being more transparent about Russian trolls’ electoral interference.

Doc Searls:

Among other things (all correct), Zeynep explains that “Facebook makes money, in other words, by profiling us and then selling our attention to advertisers, political actors and others. These are Facebook’s true customers, whom it works hard to please.”

Irony Alert: the same is true for the Times, along with every other publication that lives off adtech: tracking-based advertising. These pubs don’t just open the kimonos of their readers. They treat them as naked beings with necks bared to vampires ravenous for the blood of personal data, all ostensibly so those persons can be served with “interest-based” advertising.

Dan Masters:

Apple is complicit with the power Facebook has amassed by refusing to provide their own identity management service.

Eli Schiff:

Zuck wants regulation because it serves him. Not because it’s doing the right thing.

parker:

Facebook is gonna turn this into an opportunity to strengthen the walls of its data silo, invite regulation that disadvantages new entrants, & avoid conversations about their propaganda amplification machine.

I don’t understand the take that this is bad for FB. This was a gift.

Update (2018-03-27): Josh Constine (Hacker News):

Meanwhile, if the government instituted new rules for tech platforms collecting persona information going forward, it could effectively lock in Facebook’s lead in the data race. If it becomes more cumbersome to gather this kind of data, no competitor might ever amass an index of psychographic profiles and social graphs able to rival Facebook’s.

Austen Allred:

The ironic thing about the Facebook data mess is after they get regulated other advertising companies will need huge legal and compliance teams to deal with the new regulations.

The regulations could actually build a nearly insurmountable moat for FB.

Jean-Louis Gassée:

The message is clear: Zuckerberg thinks we’re idiots. How are we to believe Facebook didn’t know — and derived benefits — from the widespread abuse of user data by its developers. We just became aware of the Cambridge Analytica cockroach…how many more are under the sink? In more lawyerly terms: “What did you know, and when did you know it?”

Exponent:

Ben and James discuss Facebook’s current crisis, and why almost everyone misunderstands what the company did wrong: the problem isn’t advertising, it was Facebook’s desire to be a platform.

Eric Young:

Apple handed over the role of managing our identities to Facebook - with their system level account login control

Eric Young:

So the best thing that Apple could do for users - to protect their privacy - would be provide a better alternative that did so

The worst thing from a privacy POV would be to bury their head in sand...not offer a safer alternative, and push their users to G/FB without privacy

[…]

see the most recent update to Safari with Intelligent Tracking Prevention

It solidifies FB/Goog monopoly - while destroying market competition in online ad marketplace (from strategic POV, that’s the last thing Apple wants)

Sean Gallagher:

Facebook responded to reports that it collected phone and SMS data without users’ knowledge in a "fact check" blog post on Sunday.

[…]

This contradicts the experience of several users who shared their data with Ars. Dylan McKay told Ars that he installed Messenger in 2015, but only allowed the app the permissions in the Android manifest that were required for installation. He says he removed and reinistalled the app several times over the course of the next few years, but never explicitly gave the app permission to read his SMS records and call history. McKay’s call and SMS data runs through July of 2017.

In my case, a review of my Google Play data confirms that Messenger was never installed on the Android devices I used. Facebook was installed on a Nexus tablet I used and on the Blackphone 2 in 2015, and there was never an explicit message requesting access to phone call and SMS data. Yet there is call data from the end of 2015 until late 2016, when I reinstalled the operating system on the Blackphone 2 and wiped all applications.

Nick Heer:

For what it’s worth, this story applies only to Android users, because of course it does; iOS has never allowed a third-party app to silently monitor call or messaging history.

Bob Burrough:

Oh! Guys. We just misunderstood! Everything is on the up-and-up here. Let’s go have a cup o’ tea!

Ben Sandofsky:

When an app uses the Facebook SDK, Facebook gets access to the same permissions that the containing app has. Let that sink in.

[…]

Using VSCO, you’d have no idea it’s talking to Facebook. We wager they’re just using it to track ad conversion, but who knows? Sadly, the web has tools like Ghostery to block trackers, but there’s no such solution for mobile apps.

Jeff Johnson:

On a locked down platform such as iOS, your privacy and security are entirely in the hands of the OS vendor. On an open platform such as macOS, you can take your life into your own hands. Little Snitch on iOS? No. Reverse engineering 3rd party apps on iOS? Not without jailbreak.

Antonio García Martínez:

I find it incomprehensible how Google-associated people still comment critically on Facebook’s business practices when 84% of their revenue (and what pays for all the free services and research) comes from precisely the targeted advertising that’s suddenly so contemptible.

Dylan Curran:

Want to freak yourself out? I’m gonna show just how much of your information the likes of Facebook and Google store about you without you even realising it

Update (2018-03-29): See also: The Menu Bar.

Mike Isaac:

i think one of the reasons facebooks reaction to the past few weeks seems so caught off guard is that this level of data collection and manipulation has literally been the standard for years

imagine them wondering “why does everyone suddenly care now?”

Can Duruk:

Facebook successfully managed to keep Instagram out of this debate, but as far as I know, it’s basically a different UI on the same platform at this point. What percentage of users connect IG accounts to FB? Must be >80%.

Update (2018-03-30): BuzzFeed:

The Bosworth memo reveals the extent to which Facebook’s leadership understood the physical and social risks the platform’s products carried — even as the company downplayed those risks in public. It suggests that senior executives had deep qualms about conduct that they are now seeking to defend. And as the company reels amid a scandal over improper outside data collection on its users, the memo shows that one senior executive — one of Zuckerberg’s longest-serving deputies — prioritized all-encompassing growth over all else, a view that has led to questionable data collection and manipulative treatment of its users.

Update (2018-04-02): Vox (Hacker News, MacRumors):

Ezra Klein: One of the things that has been coming up a lot in the conversation is whether the business model of monetizing user attention is what is letting in a lot of these problems. Tim Cook, the CEO of Apple, gave an interview the other day and he was asked what he would do if he was in your shoes. He said, “I wouldn’t be in this situation,” and argued that Apple sells products to users, it doesn’t sell users to advertisers, and so it’s a sounder business model that doesn’t open itself to these problems.

[…]

Mark Zuckerberg: You know, I find that argument, that if you’re not paying that somehow we can’t care about you, to be extremely glib and not at all aligned with the truth. The reality here is that if you want to build a service that helps connect everyone in the world, then there are a lot of people who can’t afford to pay. And therefore, as with a lot of media, having an advertising-supported model is the only rational model that can support building this service to reach people.

[…]

But if you want to build a service which is not just serving rich people, then you need to have something that people can afford. I thought Jeff Bezos had an excellent saying on this in one of his Kindle launches a number of years back. He said, “There are companies that work hard to charge you more, and there are companies that work hard to charge you less.” And at Facebook, we are squarely in the camp of the companies that work hard to charge you less and provide a free service that everyone can use.

Update (2018-04-03): Josh Barro:

I don’t think this is a very good line for Zuckerberg. Apple is a company that works hard to charge you more. Amazon is a company that works hard to charge you less. Facebook is a company that works hard to charge someone else more for access to you.

Shira Ovide:

Fair Zuckerberg counterpunch to Tim Cook. BUT. Apple has an 27% operating profit margin and Facebook is 50%. So Facebook is making a healthy amount from its paying customers (advertisers).

Kara Swisher:

Jobs told me that Apple had held unsuccessful talks with Facebook about a variety of unspecified partnerships related to Ping. The reason, according to Jobs: Facebook wanted “onerous terms that we could not agree to,” related to connecting with Facebook friends on Ping.

Jobs let that word hang in the air and even raised a disdainful eyebrow when I asked what he meant, including whether Ping would incorporate connecting with Facebook or even using Facebook Connect, which would make it much easier to find friends to share music with.

“We could, I guess,” he shrugged without much enthusiasm for Ping and, most of all, for linking Apple customers with Facebook.

Andrew Abernathy:

If Zuckerberg really is holding the sales team back from doing even more intrusive things, as he suggests, I don’t find that a comforting thought that leaves me feeling better about Facebook.

John Gruber:

The linguistic trick Zuckerberg pulls here is that nowhere in the entire interview does he mention the words user or customer. He only says you (in the plural sense) and people. That’s a dodge, because unlike Apple — and Amazon — Facebook’s users are not its customers — and most of the controversies they are dealing with today all stem from the fact that they favored their customers (advertisers willing to pay ever-higher sums for ever-more-invasively-targeted ads) at the expense of their users.

Update (2018-04-05): Olivia Solon (Hacker News):

The Facebook data of up to 87 million people – 37 million more than previously reported – may have been improperly shared with Cambridge Analytica, the company has revealed.

This larger figure, which included over a million UK users, was buried in the penultimate paragraph of a blogpost by the company’s chief technology officer, Mike Schroepfer, published on Wednesday, which also provided updates on the changes Facebook was making to better protect user information.

John Gruber:

The drip-drip-drip PR strategy is an old trick, and Facebook utilizes it every time they have bad news involving a number of users.

Update (2018-04-06): Josh Constine (Hacker News):

Facebook admits it deleted Fb messages sent by Zuckerberg & other execs from non-employees’ inboxes with no disclosure. Seems like a breach of trust to me.

Casey Newton:

Facebook now acknowledges it has a two-tiered privacy system in which regular users have to live with their dumb old texts forever and the CEO’s disappear into a memory hole. Let’s remember that next week when they tell Congress how seriously they take our privacy

Update (2018-04-10): Issie Lapowsky:

The data consulting firm Cambridge Analytica, which harvested as many as 87 million Facebook users' personal data, also could have accessed the private inbox messages of some of those affected. Facebook slipped this previously undisclosed detail into the notifications that began appearing at the top of News Feeds on Monday. These alerts let users know whether they or their friends had downloaded a personality quiz app called This Is Your Digital Life, which would have caused their data to be collected and potentially passed on to Cambridge Analytica.

Update (2019-10-21): Jason Kint:

Finally. Here in SEC docs is what Facebook has painfully avoided public knowing and press has mostly missed documenting. Facebook data was ****SOLD**** to Cambridge Analytica. Can everyone please now say that Facebook personal data was sold rather than captured, transferred, etc?

App Store Certificate Checker Framework

Wil Shipley (tweet):

The framework was written to be a Swift-y way to validate App Store receipts.

This contains receipt verification code plus a semi-complete ASN.1 parser (but not emitter) because the ASN.1 reading functions that Apple ships actually cannot be used from Swift, due to badly annotated headers combined with an incredibly horrrifying API (which they may have inherited from the standards body, to be fair).

Note: This seems to be Mac-only, due to an API that iOS is missing.

Software As a Service Pricing

Patrick McKenzie (via Ryan Jones):

After publishing our recent guide to low-touch and high-touch SaaS businesses, we had a Q&A session in our private forums for SaaS entrepreneurs specific to pricing and packaging.

Some of the entrepreneurs generously allowed us to talk about their pricing strategy publicly, to help the next generation of SaaS companies.

This advice is distilled from my career in running and consulting in various SaaS companies. Your mileage may vary; I’d encourage you to experiment often and boldly with pricing, as it is the easiest needle to move in your company. (The tendency of most SaaS companies is to set prices without much consideration and leave them alone for years at a time. I’d encourage you to revisit them quarterly.)

Genius Bar Not Prepared for APFS

Charles Arthur (via Michael Yacavone):

Except that the rMBP only had a 500GB SSD. How had it got two? “Have you got a Fusion drive in here?” the Genius asked.

[…]

At this point the Genius said he suspected there was something wrong with my SSD. So he restarted the machine, held down the key to boot from a network drive, whizzed over to the one marked 10.12 and started up. Could Disk Utility read my drive now? No, it couldn’t.

“Do you have this backed up?” he asked, indicating the computer. I sure did – SuperDuper clones, and a Time Machine backup. “I think we might need to reinstall the operating system.”

[…]

That, of course, is why the Genius’s HFS+-encoded 10.12 network drive couldn’t understand my APFS-encoded SSD. So I’d wiped the hard drive for nothing.

[…]

Apple obviously needs to implement some network drives formatted with APFS. Which might mean an overhaul of how it does some stuff in-store; but it should expect that there are going to be more and more people coming in with machines that are APFS-encoded.

As I understand it, the issue is not that the boot drive has to be formatted as APFS but that it needs to be running macOS 10.13. macOS 10.12.6 supports APFS, but only the older version that does not do native normalization.

GrayKey iPhone Unlocker

Thomas Reed (via MacRumors, Hacker News, Matt Odell, Reddit):

According to Forbes, the GrayKey iPhone unlocker device is marketed for in-house use at law enforcement offices or labs. This is drastically different from Cellebrite’s overall business model, in that it puts complete control of the process in the hands of law enforcement.

[…]

Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked. Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source. It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, according to Grayshift.

After the device is unlocked, the full contents of the filesystem are downloaded to the GrayKey device. From there, they can be accessed through a web-based interface on a connected computer, and downloaded for analysis. The full, unencrypted contents of the keychain are also available for download.

compounding:

The rising wait times and the phone erase function are built into the operating system. The operating system asks the Secure Enclave to do an unlock function, and when it returns an incorrect result the operating system won’t accept another attempt for a given time, and once 10 attempts are reached, sends a message to the Secure Enclave to purge its keys.

Based on the article, they have broken the chain of trust and are able to load their own operating system which can interact with the Secure Enclave directly and therefore doesn’t need to worry about those limits. It also looks like they haven’t penetrated the Secure Enclave itself, so the deliberate 80 ms minimum guess time within the Enclave itself is still intact (it takes them ~240 ms per guess based on the numbers they provide), which is good news - not everything is broken, just the weakest passwords (4-6 digit numeric)

This is basically what Apple admitted they could build for the FBI, but refused to comply and won in court saying they didn’t have to make this for them. This company either got ahold of Apple’s authentication keys to sign their “operating system” so the phone thinks it is legit and coming from Apple, or more likely they found a bug in the secure boot chain which lets them load and run their unsigned system.

Previously: Cellebrite Can Now Unlock Recent iPhones.

Update (2018-04-14): Juli Clover:

GrayShift’s recently publicized “GrayKey” box designed to crack locked iPhones is seeing wide adoption among police forces and federal agencies across the United States according to a recent investigation by Motherboard.

Friday, March 16, 2018

Designing Jank-Free Apps

Nathan Gitter:

Here’s an example of a visual glitch in the Messages app, caused by force-touching to “pop” a message followed immediately by tapping the back button.

These kinds of visual errors are not new to iOS 11, mobile apps, or user interfaces. As apps grow in complexity and user expectations rise, these seemingly small bugs can have a large impact on the final product. They make apps feel janky.

[…]

Be wary of animations that occur alongside the keyboard animation, and don’t assume you have full control over the keyboard. Hiding the keyboard without an animation is possible, but might cause complications later down the road.

[…]

If you are designing an element that animates between multiple states, make sure to consider all state transitions and edge cases.

Benjamin Mayo:

OMG Apple’s latest iPhone X ad includes a shot of the bugged notification bubbles (see thread for explanation)

Yes, I did file a radar on this months ago. I think it got closed as dupe. I’m way more concerned that this was signed off for the commercial.

Update (2018-03-17): See also: Tom Warren (Hacker News).

Update (2018-03-25): Rhett Jones (via Dan Masters):

Last week, a purely cosmetic bug in iOS 11 embarrassingly found its way into an Apple ad. Now, the ad is fixed, but the bug isn’t.

Lightning vs. USB-C for Headphones

John Gruber:

Samsung’s customers aren’t asking for the headphone jack to be dropped, so the path of least resistance is to just keep the jack. But looking at what’s available on the market, a big problem facing Samsung (and the rest of the Android world) is that the USB-C headphone market is a mess — and expensive to boot. “No-name brand headphones at high prices” is a hard sell.

As much as AirPods are better (and cheaper) than standard Bluetooth earbuds, there is seemingly nothing close to Lightning EarPods on the market for USB-C. AirPods get all the attention, but Lightning EarPods are even further ahead of their USB-C competition. The proprietary nature of Lightning allowed Apple to make sure it was ready to serve as the wired audio connector for iPhones when Apple wanted it to be. Keep that in mind the next time you wonder why Apple doesn’t drop Lightning for USB-C.

However, Lightning is no guarantee of quality, either.

Previously: The Impossible Dream of USB-C, Removing the iPhone’s Headphone Jack.

Thursday, March 15, 2018

What Went Wrong With Siri

Aaron Tilley and Kevin McLaughlin (9to5Mac, MacRumors, Mashable, Hacker News, iMore):

Many of the former employees acknowledged for the first time that Apple rushed Siri into the iPhone 4s before the technology was fully baked, setting up an internal debate that has raged since Siri’s inception over whether to continue patching up a flawed build or to rip it up and start from scratch.

[…]

Several former employees said Mr. Williamson made a number of decisions that the rest of the team disagreed with, including a plan to improve Siri’s capabilities only once a year.

[…]

Mr. Williamson wrote that he tried to get the team to implement SiriKit and allow for outside developers to improve Siri’s functionality, but the team resisted because Siri’s “original software was so brittle and inflexible.”

[…]

The Siri Data Services team was eventually lumped into the Topsy team under Mr. Prakash with the plan to integrate all of the tech into a single stack. But they’re based on two different programming languages and are tricky to reconcile. […] Users could get completely different responses to the same question based on whether they were using Siri or Spotlight[…]

[…]

Several members on the Siri team took an immediate disliking to Mr. Sinha, who had no background in the natural language processing world. One former employee said Mr. Sinha’s decisions seemed to be driven by office politics instead of science.

[…]

In a sign of how unprepared Apple was to deal with a rivalry, two Siri team members told The Information that their team didn’t even learn about Apple’s HomePod project until 2015—after Amazon unveiled the Echo in late 2014.

None of this is surprising based on what we’ve seen from the outside. Unfortunately, I do not see any evidence that Siri is about to turn the corner.

John Gruber:

If you’re not a subscriber and want to read the full article — and I encourage you to, there’s a lot in it — you can do so with this shared link if you’re willing to give The Information your email address.

[…]

The gist of The Information’s story is that Siri has existed for seven years without cohesive leadership or product vision, and the underlying technology is a mishmash of various systems that don’t work well together.

Jessica Lessin:

“After launch, Siri was a disaster,” Mr. Williamson wrote. “It was slow, when it worked at all. The software was riddled with serious bugs. Those problems lie entirely with the original Siri team, certainly not me.”

Dag Kittlaus (who left Apple for Viv):

This statement, wholly false, was made by the architect and head of the biggest launch disaster in Apple history, Apple Maps. In reality Siri worked great at launch but, like any new platform under unexpectedly massive load, required scaling adjustments and 24 hour workdays.

This matches my experience that Siri was more responsive initially. But I don’t understand why the load was unexpectedly massive. It required an iPhone 4S, and Apple must have known how many of those it could make.

John Bafford:

@AppleSupport @tim_cook Can you guys please make Siri responses A) consistent; B) straight and to the point, not cutesy. It is really irritating to hear meaningless filler like “the suspense is killing me” when setting a timer. Thanks.

Previously: The Original Siri App Compared to Siri Today.

Update (2018-03-15): See also: Dan Masters.

Update (2018-03-16): See also: Kontra (2012).

Update (2018-03-24): See also: Accidental Tech Podcast.

Update (2018-03-29): See also: The Menu Bar.

Update (2018-03-31): Chance Miller:

Following last month’s release of HomePod, which puts Siri inside of a $349 smart speaker, Apple appears to be ramping up Siri hiring. According to hiring data tracked by Thinknum, job openings for Siri-related positions at Apple are at an all-time high…

Apple’s job listings indicate that it currently has 161 openings for jobs that contain the term “Siri” in their title or description.

Update (2018-04-14): Juli Clover:

Apple appears to have recently updated Siri on iPhone, iPad, Mac, and HomePod with a slew of new jokes to tell.

YouTube to Outsource Truth to Wikipedia

BuzzFeed:

YouTube will accompany conspiracy theory videos with links to Wikipedia to better inform viewers, YouTube CEO Susan Wojcicki announced at the South by Southwest (SXSW) conference on Tuesday in Austin, Texas.

[…]

Wikipedia is a crowdsourced digital encyclopedia — anyone can edit it — and editors sometimes engage in fierce partisan battles over divisive topics. It remains unclear how YouTube will ensure factual accuracy of suggested pages. The reliability of Wikipedia’s information has been disputed over the years, as detailed on the encyclopedia’s page about its own reliability and its catalogue of hoaxes that have appeared there.

Similarly unclear is how “informational cues” might work for breaking news events, where subjects involved may not have a complete or even partial Wikipedia presence.

Melanie Ehrenkranz (Hacker News):

It’s unclear why YouTube didn’t feel the need to ask or inform Wikimedia about its plans ahead of this week’s announcement. That’s a pretty crucial piece of information not to share. And given that YouTube has failed at efficiently moderating conspiracy theories on its platform, it might have been smart to consult with Wikimedia about how to best use its resources to fight misinformation. Of course, maybe YouTube would’ve learned that showing users a Wikipedia link isn’t the best way to fight hoaxes.

See also: Ryan Mac.

Overcast 4.1 and Smart Resume

Marco Arment (tweet):

Smart Resume is actually two features:

  1. It jumps back by up to a few seconds after having been paused to help remind you of the conversation.
  2. It slightly adjusts resumes and seeks to fall in the silences between spoken words when reasonably possible.

[…]

I was using an NSNumberFormatter to read the total [time saved] value from Overcast’s server as a double. My server always sends values with U.S.-style number formatting, using a period as the decimal separator (e.g. “1234.5”). But by default, NSNumberFormatter uses the device’s locale, so in countries that use a comma as the decimal separator (e.g. “1234,5”), it was interpreting the server’s numbers with periods as invalid and returning zero. So the Settings screen thought they hadn’t saved any time, and hid the time-saved label.

Fortunately, it was an easy fix: setting that NSNumberFormatter locale to en_US to match what the server was sending.

Macro Arment:

My first instincts were all surface-level UI issues: string localization, nil strings, and UILabel sizeToFit problems.

Ryan Jones:

Overcast’s new Smart Resume feature has allowed me to turn voice turn-by-turn directions back on in Google Maps. Driving is easier (and safer – I don’t look down for next turn). I swear I’m not just saying this either. Honest truth.

Very small wins make products.

It’s amazing how much better Overcast—from a solo developer—still is than Apple’s Podcasts app. If anything, its lead seems to be increasing.

Marco Arment:

Thanks for all of the Smart Resume praise and press coverage!

To be clear, skipping back a bit after being paused isn’t a new idea. I think Instacast was first to it, years ago.

I think adjusting those (and other) seeks to fall on silences is new, though.

Jake Achée:

Overcast feature idea:

SmartStop. When enabled, wait for a silence that would normally be SmartSpeed optimized THEN stop.

Marco Arment:

I actually tried this during the beta, but it’s much more complex to implement than seek adjustments, and I couldn’t get it stable enough to ship in time.

Update (2018-03-30): Marco Arment:

If there’s any doubt why I file trademarks…

(Didn’t for Smart Resume, unfortunately.)

France to Take Legal Action Against App Stores

Bloomberg (MacRumors):

Finance Minister Bruno Le Maire said Wednesday France will take legal action against Google and Apple and fines could be in the “million of euros”. Fines are likely to be about 2 million euros ($2.5 million) per company, accused of taking advantage of local developers. This comes after a two-year investigation by the ministry’s fraud repression unit, according to an official in Le Maire’s office.

“I learned that when developers develop their applications, and sell to Google and Apple, their prices are imposed, Google and Apple take all their data, Google and Apple can unilaterally rewrite their contracts,” Le Maire said in an interview with RTL radio. “All that is unacceptable and it’s not the economy that we want. They can’t treat our startups and developers the way they do.”

Update (2018-03-16): Pierre Lebeaupin:

I sure hope the actual suit is drawn from better information than what we’ve been given here, because while I’m on the record as deeming the current system of exclusive distribution through an app store (something which Google isn’t even guilty of) as being unsustainable in the long run, to have any hope of improving the situation through a suit Apple should be blamed for things it is actually doing. For instance, developers do not sell their wares to Apple (or Google) by any definition of that word, they do have to use a price grid but have full latitude to pick any spot in that grid, and Apple at least does not get that much data from apps.

Steve Troughton-Smith:

I’m confused as to why so many reporting on this seem to be confused about the pricing comment. I would have expected it to be about price tiers and not being able to set specific prices, not about the 30% cut

Nicolas Lellouche:

That’s it actually. The French secretary is blaming Apple because developers are forced to choose between different prices. The 30% cut is not even discussed.

Brijit Sheelia:

They are just abusing us. They just removed my app (the original) instead of a copycat app..

Chance Miller (MacRumors):

In its statement, Apple explained that it has a relationship with “tens of thousands” of developers in France, who have collectively earned over 1 billion euros via the App Store. The company highlights how developers can start with a company of one or two people, but ultimately grow to a full team.

John Gruber:

And what’s the point of a $2 million fine? Last quarter Apple made $200 million in profit per day.

Previously: That 30% App Store Tax.

The Apple TV 4K’s HDR Nightmare

Josh Centers (tweet):

As much as it pains me to say this, Gene Munster was right. For years the former Piper Jaffray analyst was routinely mocked because at every Apple investor call, he would ask Apple leadership if they were planning to make an Apple-branded smart TV set. But after weeks of fighting to get HDR working with my Apple TV 4K, I’m convinced that if Apple intends to succeed in the TV business, the best thing to do would be to ship a television set that just worked. I’ve been writing and updating “Take Control of Apple TV” for four years now, so I know that if I’m flummoxed, the average user has little hope.

[…]

Imagine: no calibration, no special settings, nothing to twiddle with! Just sit down and watch TV in the best possible quality. Sure, it wouldn’t be Apple’s most profitable business, but neither is the current Apple TV.

Until that day comes, I’ve seen my family relying more and more on my Chromecast Ultra. It has no interface, and no settings as such — it just works.

Matt Birchler:

I would have paid $10 more to get The Last Jedi in 4K, but the option just isn’t there. This is a Disney thing more than an Apple thing though, as this is the case on all major storefronts.

Previously: Apple TV 4K, Still a Hobby, Cultural Insularity and Apple TV, No 4K iTunes Videos on iPad Pro or Mac.

iPhone Wireless Phone Charging Comes at a Cost: Your Battery

Sasha Lekach:

Kingsley-Hughes determined — based on Apple’s claim that an iPhone battery is “designed to retain up to 80 percent of its original capacity at 500 complete charge cycles” — that his phone would hit 500 charges in about a year and a half. Most phones are expected to keep a charge at 80 percent for two or three years of use.

In about six months, he’s already hit 135 charging cycles. He looked at his charging behavior and realized that since switching over to a wireless charging plate about six months ago, he was eating up his charges at an alarming rate. Now instead of the cord bearing the brunt of power duties, his battery is constantly working to charge. It’s a losing battle.

Other phone users on Android devices have their suspicions about heavy battery wear on the devices with inductive charging.

Dan Masters:

Fantastic. Basically, if you don’t want your phone throttled in less than a year, don’t use wireless charging.

iPhone wireless phone charging comes at a cost: battery health

My iPhone SE does not have wireless charging, but according to coconutBattery it has already dropped to less than 80% capacity after less than a year.

Previously: iPhone Charging Speeds Compared, iPhone 8, Qi Wireless Charging, and the Challenge of Open, Apple’s Message to Customers About iPhone Batteries and Performance.

Update (2018-03-29): I now realize I was misinterpreting coconutBattery’s display. My iPhone SE battery actually retains its full design capacity.

Update (2018-04-06): See also: Accidental Tech Podcast.

Tuesday, March 13, 2018

Time for a Complete Home App Makeover

John Voorhees:

I’d like to say I got the setup right the third time, but I didn’t, though I think it helped me understand better why groups are so deeply buried in Home’s UI. I had forgotten that after a group is set up, its component accessories are no longer available in Home’s UI. This makes sense if you have a lamp with two bulbs in it that you always want to come on at the same time and behave in the same way, but it’s a limitation that greatly reduces the utility of groups because it means the individual accessories that make up a group cannot be added separately to scenes. I backed out of the partially built scene realizing that I had to reconfigure my group.

The solution was to ungroup my desk lamp from the rest of my lights in the studio and set up a scene that turns the desk lamp red and a workflow that triggers that scene when the back door opens. The trouble is, scenes have a very limited concept of state so my lamp can’t be toggled back to its prior color using an automation workflow or by toggling the scene manually. I could add a timer to the automation to turn the desk lamp off after a certain amount of time, but I don’t want to turn off the light, I want to turn off the scene, and you cannot attach timers to scenes. Instead, I needed another scene to return the desk lamp to its original settings.

You probably get the point by now. Home is both too complex because of the way it splits things into rooms, zones, groups, scenes, and automations and too simple because it lacks features like robust state awareness and, in some places, timers. However, the problems with the Home app run even deeper. They are compounded by a generic UI and complex navigation.

Update (2018-03-16): See also: Take Control of Apple Home Automation, The Menu Bar.

Calendar 2 App Could Mine Crypto-Currency in Lieu of IAP

Dan Goodin (MacRumors):

The app is Calendar 2, a scheduling app that aims to include more features than the Calendar app that Apple bundles with macOS. In recent days, Calendar 2 developer Qbix endowed it with code that mines the digital coin known as Monero. The xmr-stack miner isn’t supposed to run unless users specifically approve it in a dialog that says the mining will be in exchange for turning on a set of premium features. If users approve the arrangement, the miner will then run. Users can bypass this default action by selecting an option to keep the premium features turned off or to pay a fee to turn on the premium features.

[…]

“On the one hand, using the user’s CPU for cryptomining has become extremely unpopular,” Thomas Reed, director of Mac offerings at antimalware provider Malwarebytes, told Ars. “The fact that this is the default is something I don’t like. I would want to see a legit app informing the user in advance or making it an option that can be turned on but is off by default. On the other hand, they [the developers] do disclose that they are doing it and give other options for people who don’t like it. My personal feeling on this is that, given the disclosure, I think the user should be allowed to make their own choice. Some people might be perfectly willing to let an app like this mine cryptocurrency so that they can use it for free.”

[…]

In an e-mail sent about 90 minutes after this post went live, Magarshak said he has decided to remove the miner from future versions of Calandar 2.

Patrick Wardle (tweet):

Hooray for honestly I guess!? And is getting “all advanced features for free” in return for allowing the app to turn your box into a cryptocurrency miner a fair deal? Maybe? But users clearly are not stoked about this[…]

Patrick Wardle:

Apple’s App Store guidelines seem rather clear RE: cryptocurrency mining in Apps: “monetizing built-in capabilities provided by the hardware or operating system” is “Unacceptable”-section 3.2.2 (ii)

I don’t think this is the type of thing the guideline is talking about, but who knows how Apple would interpret it.

Update (2018-03-15): Dani Deahl (MacRumors):

Apple pulled Calendar 2 from the Mac App Store yesterday, and today, Qbix CEO Greg Magarshak tells 9to5Mac that it was because it violated App Store guideline 2.4.2, which states: “Design your app to use power efficiently. Apps should not rapidly drain battery, generate excessive heat, or put unnecessary strain on device resources.”

Magarshak says that within an hour Qbix had removed all mining features and worked with Apple to expedite putting the app back on the App Store. It is now offering both new and preexisting users a free year of premium features. He also says that in the three days the app was mining, it earned about $2,000 worth of Monero[…]

Via Marcin Krzyzanowski:

Best AppStore business model, or what?

Smart Debugging

Peter Steinberger (tweet):

Debugging can be exciting, but often also very, very frustrating. In this talk, I’ll show you some lesser-known tools and techniques to find problems faster and make the compiler show you issues, before they become a crash for your users. Of course we also look at some real world examples.

The Origins of QuickTime

Computer History Museum (via Stephen Hackett):

In 1991, Apple released QuickTime, the first mass-market digital video software for personal computers. QuickTime is a multimedia platform for developers to add audiovisual recording, editing, and playback to their applications. Because it was built into the Macintosh operating system, users did not need to buy more hardware or software to play video. QuickTime became the most widespread media format on PCs after Apple brought it to Windows, and its incorporation into the MPEG-4 standard, used in every cell phone, computer, and set top video player today, cemented Apple’s position as a leading provider of media creation technology. How was QuickTime created? What role did it play in Apple’s history? And what impact does it have today?

Center for Software History curator Hansen Hsu leads a conversation with members of the original QuickTime team about the creation of QuickTime, its evolution, and its impact on the computer and media industries.

Update (2018-03-13): Ilja A. Iwas:

‘Pencil Test’ was the first QuickTime movie I saw. Got it on a dozen floppy disks, needed to wipe out almost my entire hard drive to make room. Took hours. Today, it’s just a link to YouTube.

Swift 4.1 Conditional Conformance Is Amazing

Stephen Celis:

Here’s a non-empty collection type that works with any collection.

Wrapping a MutableCollection type gives the non-empty type all those methods for free!

Previously: Conditional Conformance in the Standard Library.

Update (2018-03-23): See also: Swift Unwrapped.

Update (2018-03-27): See also: Swift Unwrapped.

Update (2018-05-01): See also: Ole Begemann.

Monday, March 12, 2018

Better Strategies Through Types

Joshua Emmons:

We have to limit our delegate to class implementations because delegates are assumed to hold mutable state.

[…]

So rather than holding our strategy’s implementation in instance methods that need to be instantiated, we’re going to move it all up into type methods on the type.

[…]

If all this .Type and .self stuff feels a little awkward, it’s probably because Swift already supports this kind of thing as a language feature. It has a specific syntax just for passing around types that are used to specialize implementations. We know it as “generics”.

However, a key difference is that, unlike delegates, the type cannot change at runtime.

The Original Siri App Compared to Siri Today

Mitchel Broussard:

In 2008 Siri began as spin-off of SRI International, where Winarsky was the President, and eventually launched as an app for iOS in February 2010. Two months later Apple acquired Siri, and just over a year after that introduced it within the iPhone 4s, shutting down the standalone app shortly thereafter. Seven years later, Winarsky said that Siri’s capabilities have fallen short of his earlier predictions for where he thought the assistant, and Apple’s development, would end up.

Specifically, Winarsky’s comments focus on what Siri’s intention was “pre-Apple” versus where the assistant is today. According to the co-founder, Siri was originally meant to be incredibly intelligent in just a few key areas -- travel and entertainment -- and then “gradually extend to related areas” once it mastered each. Apple’s acquisition pivoted Siri to an all-encompassing life assistant, and Winarsky said that this decision has likely led Apple to search “for a level of perfection they can’t get.”

Kevin Clark:

It’s fascinating that the original Siri demo is still better than today’s Siri in a few aspects.

Nick Heer:

For fun and frustration, I tried all of the original commands featured in that eight year old video on my iPhone[…]

[…]

What’s clear to me is that the Siri of eight years ago was, in some circumstances, more capable than the Siri of today. That could simply be because the demo video was created in Silicon Valley, and things tend to perform better there than almost anywhere else. But it’s been eight years since that was created, and over seven since Siri was integrated into the iPhone. One would think that it should be at least as capable as it was when Apple bought it.

John Voorhees:

Eight years is an eternity in the tech world.

Wojtek Pietrusiewicz:

Examples attached: 1, 2, 3, 4, 5, 6. Basically, I expect so much more of her today, that she feels stupider than back in 2011, when she launched on the iPhone 4S.

HyperCard Zine

Jae Kaplan (via Hacker News):

Now accepting submissions!

[…]

On the 20th anniversary of HyperCard’s discontinuation, I want to pay tribute to the programming tool that started it all.

[…]

Please make your stack using the Classic size template so that it is playable on older machines and in Mini vMac. While you’re free to use color, I’d recommend against it so that you can guarantee how your stack will look on all machines.

Once you’ve finished your stack, please compress it in StuffIt to preserve any resource forks or other extended attributes.

This last part is not really necessary except for notalgia. Other formats such as disk images and .zip and .tar archives also support resource forks, and HyperCard does not need any extended attributes.

Mark Hughes:

There's a few modern variants, but nothing I know of that works[…] So everyone just gives up and uses emulation, because making a new Hypercard is impossible. If you're going to do that, do it the easy way:

Archive.org Hypercard in the Browser

Previously: HyperCard on the Internet Archive.

Can U.S. States Hang on to Net Neutrality?

Geoff Duncan:

States aren’t pinning all their hopes on successfully suing the FCC: several are working to enact their own net neutrality laws, and this week Washington became the first state to put such a law in the books.

[…]

Going for the purse strings is a nice idea — and very likely ducks under the FCC’s preemption authority — but broadband operators are already used to dealing with innumerable state and local utility commissions. It’s the sort of thing that can be sidestepped with shell companies and finagling — and in markets like New York, Texas, and California, there’s more than enough money at stake for broadband operators to do just that. In smaller markets, broadband operators may simply choose not to comply, effectively holding improved Internet service hostage until regulators relent. That too would hurt users — and, of course, state services like schools and educational institutions.

[…]

Notice who isn’t participating in this debate? Major Internet companies like Google, Facebook, Amazon, and Apple. All these firms took public stances in favor of net neutrality — because it helps their businesses — but have been remarkably silent on state efforts to preserve some semblance of net neutrality.

Previously: Network Neutrality, Ajit Pai, and Title II.

Update (2018-03-15): Jon Brodkin:

Some states are trying to evade the federal preemption with indirect measures that apply only to ISPs that accept state contracts. No one knows for sure how a court would rule on state bills that regulate net neutrality directly. Even legal analysts who support net neutrality laws disagree on whether such laws would survive lawsuits filed by ISPs.

Van Schewick argues that the FCC’s preemption claims are invalid.

“While the FCC’s 2017 Order explicitly bans states from adopting their own net neutrality laws, that preemption is invalid,” she wrote. “According to case law, an agency that does not have the power to regulate does not have the power to preempt. That means the FCC can only prevent the states from adopting net neutrality protections if the FCC has authority to adopt net neutrality protections itself.”

Via Karl Bode:

In other words, when the FCC rushed to neuter its authority over ISPs it also neutered its authority to stop states from filling the void and protecting consumers.

Update (2020-09-14): Patrick Collison:

Has anyone written a good retrospective of what actually happened after US net neutrality rules expired two years ago? A lot of predictions were made; I’m curious how they look now.

Friday, March 9, 2018

Solving a Mysterious Heap Corruption Crash

Agnes Vasarhelyi (tweet, via Alexis Gallagher):

I removed every third-party dependency, to exclude the possibility that the problem is not in our code.

[…]

Move suspicious pieces to an empty project

[…]

The code was fairly slim at this point - a few thousand lines of parsing 3D models into all kinds of data structures. Nothing concurrent, everything running synchronously. I wanted to try and look at the crash site again. Even though I knew the cause of the heap corruption could be elsewhere, seeing the stack trace in the same piece of code every time made me want to look closer there.

The pattern I started to see was that there was always a Dictionary involved, and there was always a simd type such as double3 in the dictionary.

[…]

But what if.. what if it’s really a Swift bug? 🙀

[…]

When their elements had unusually wide alignments, storage for the standard library’s collection types was not guaranteed to be always allocated with correct alignment. If the start of the storage did not fall on a suitable address, Dictionary rounded it up to the closest alignment boundary. This offset ensured correct alignment, but it also meant that the last Dictionary element may have ended up partially outside of the allocated buffer — leading to a form of buffer overflow. Some innocuous combination of OS/language/device parameters probably caused this issue to trigger more frequently — which is probably why it became noticeable on particular devices running iOS 11.

Update (2018-03-23): Greg Heo (via Agnes Vasarhelyi):

The tail-allocated size is sufficient, but the system didn’t take alignment into account. The alignment boundary we need is not at the start of the tail allocation.

The result? A buffer overflow. Corrupted heap. 💥

Faster Swift String Concatenation

Nick Lockwood:

I’m sure I heard somewhere that "\(foo)\(bar)" is the recommended way to do string concatenation in Swift, but I benchmarked it and it’s almost 100x slower than using + or String.append().

I know I’ve heard that as well. I assumed it was taken as a hint to figure out the proper allocation size up front. But currently it’s slower because the interpolated elements are not assumed to be strings.

Joe Groff:

Yeah, \(x) goes through the print-anything path for x, which hasn’t really been optimized

Steve Barnegren:

I thought that the recommendation to use "\(foo)\(bar)" over + was more for compilation performance than runtime performance, as the compiler has to work to understand which + operator to use.

Joey Devilla:

Running on the phone, the + method is almost 70 times faster, which is a significant difference when concatenating a large number — 100 million — strings. If you’re concatenating far fewer strings, your better bet is to go with the option that gives you the more readable, editable code.

Marcel Weiher:

A factor 100 here, a factor 100 there, soon enough… ¯\_(ツ)_/¯

Nick Lockwood:

A lot of people have jumped on this to criticise Swift’s maturity as a language.

To put it in context, even at 100x slower, you can still comfortably perform 500,000 string concatenations per second. In most apps this would be a complete non-issue.

Update (2018-03-10): Nick Lockwood:

Deleted this, since it was due to a misconception on my part.

His original test measured foo = "\(foo)bar" vs. foo += "bar", which is not what I would have expected from the tweet’s description. The latter is 100x faster because Swift is able to mutate the string rather than create a new one. The benchmark code is here.

I measured baz = "\(foo)\(bar)" vs. baz = foo + bar, which is what I thought he was originally talking about (i.e not building up a giant string), and found the latter to be about twice as fast, perhaps because of the overhead that Groff mentioned.

Devilla measured newString = "\(string1) \(string2)" vs. newString = string1 + " " + string2 and found the latter to be 70x faster. I tried to reproduce this but found less than 10% difference in the opposite direction. In other words, interpolation was slightly faster. However, I am using Swift 4, and he was using Swift 2.

Your Nose Isn’t Really As Big As It Looks in Selfies

Rachel Becker:

Last year, more than half of plastic surgeons were approached by patients who wanted to look better in selfies, according to a survey by the American Academy of Facial Plastic and Reconstructive Surgery.

[…]

Most smartphone cameras have wide-angle lenses, says The Verge’s creative director James Bareham, and close-ups with wide-angle lenses cause distortion that makes objects closer to the camera — like, say, a nose — look larger. “It’s kind of one of the basics of photography: don’t shoot portraits on a wide-angle lens because you will look terrible,” Bareham says.

Old Steve Jobs Videos

MIT (via Thomas Brand):

Steve Jobs, one of the computer industry’s foremost entrepreneurs, gives a wide-ranging talk to a group of MIT Sloan School of Management students in the spring of 1992. Jobs shares his professional vision and personal anecdotes, from his role at the time as president and CEO of NeXT Computer Corporation, to the thrilling challenges of co-creating Apple Computer, and subsequent disappointments at his ousting. In conversational exchanges with audience members Jobs underscores the value of direct experience in the field, and “developing scar tissue.”

ABC (via Farhad Manjoo):

Ted Koppel, Bettina Gregory, and Ken Kashiwahara present news stories from 1981 on the relevancy of computers in every day life and how they will affect our future. Included are interviews with Apple Computer Chairman Steve Jobs and writer David Burnham.

Photoshop CC Easter Eggs

Michael Zhang (via John Nack):

Did you know that hidden within Photoshop CC are a number of “easter eggs” that customize the photo editing app in wacky ways? Three that you can activate in the latest version of Photoshop CC are “Layer Monkey,” the “Banana Toolbar,” and “Coffee & Toast.”

Here’s a quick look at how you find each one (keep in mind that these are entirely for fun, i.e. completely useless)[…]

Wednesday, March 7, 2018

Apple to Discontinue iTunes LP

Zac Hall:

Apple appears to be finally pulling the plug on its iTunes LP format this year. For music sold in the iTunes Store, iTunes LP has served as a useful but not popular digital solution for including a rich multimedia experience with digital music.

Like physical records and CDs, iTunes LP content can include lyrics, photos, and liner notes as well as access to video — but the format has never been optimized for iPhone and iPad. The special iTunes format has been around for almost ten years but only around 400 albums have used it.

I’m not quite sure whether iTunes LP was a bad idea or simply one that neither Apple (aside from Steve Jobs?) nor the music producers actually had much interest in. How else to explain that Apple never brought it to iPad?

Nick Heer:

But, these days, those extras don’t require a specific packaged format. Videos are streamed for the one or two times most people watch them, and lyrics are just a scroll away for many Apple Music tracks. The world moved beyond iTunes LP. And the remaining things it offered — like exquisite artwork on gorgeous poet, and that sense of a packaged product — simply can’t be replicated effectively on a screen.

Previously: Eliminating iTunes Store Music Downloads, No iTunes Extras on Apple TV or iOS.

Update (2018-03-08): Ruffin Bailey:

I think this signals less “whether iTunes LP was a bad idea” (though the skeuomorphism Jobs loved is slowly dying our from the ’OSes) than “someone’s paying attention to scaling down iTunes”. I think they’re slowly moving towards killing music sales, no matter what Sellers at AWT thinks. ;^D

[…]

Cesium’s author points out that playing music on your own phone is increasingly difficult via Apple Music in iOS 11.

Deckset Leaves the Mac App Store

Unsigned Integer (via Ilja A. Iwas, 9to5Mac):

The main reason for us to leave the App Store is greater flexibility in pricing. For example, we are now able to offer a 50% discount to students, teachers and other members of educational institutions. That is something we simply couldn’t do before, and we feel it’s essential to reflect the realities of how and why people use Deckset.

There also is a 20% discount for teams buying either 5 or 10 copies of Deckset in bulk.

[…]

Since Deckset will now live independently of the Mac App Store (and hence, its tedious submission and review process) we will also be able to release updates much more frequently.

Brett Terpstra:

I first wrote about Deckset back in 2014. Since then I’ve continued to love it as an alternative to Keynote, using it whenever I can for presentations.

Getting the Current NSBundle

Nicolas Bouilleaud:

  1. Use backtrace() to find the function pointer of the caller;
  2. Use dladdr() to find the executable image path containing this function;
  3. Find the loaded bundle with this executable path.

[…]

With this, I can finally write Bundle.current everywhere, instead of Bundle.main or Bundle(for: AnyClass).

Update (2018-03-12): Leo Natan:

Very cool, but this is an error prone approach due to inlining and optimizations.

For performance, __builtin_frame_address()/__builtin_return_address() either directly in Swift if possible or in a C shim function would work quite well. Same risks as original approach.

A Lot Can Happen in a Decade

Craig Hockenberry:

It’s the ten year anniversary of the original iPhone SDK.

[…]

Discoveries happened quickly. It took just a matter of weeks before the filesystem was exposed. A couple of months later, the entire native app experience was unlocked. Development toolchains were available and folks were writing installers for native apps.

[…]

There were a lot of surprises in that early version of UIKit. It took forever to find the XML parser because it was buried in the OfficeImport framework. And some important stuff was completely missing: there was no way to return a floating point value with Objective-C.

There were also strange engineering decisions. You could put arbitrary HTML into a text view, which worked fine with simple tags like <b>, but crashed with more complex ones. Views also used LKLayer for compositing, which was kinda like the new Core Animation in Mac OS Leopard, but not the same.

Craig Hockenberry:

Still, it’s easy to see why today’s apps are much more sophisticated. They run code hundreds of times faster.

They also have screens that are a bit larger than 320 × 480 :-)

Guilherme Rambo:

I decided to compare SpringBoard from iPhoneOS 1 to SpringBoard on iOS 11.3 (b4). Binary size back then: 691KB. Now: 11,5MB. Classes back then: 145. Classes now: 1418. The only thing I could find that’s not changed are two instance variables on the SpringBoard class.

Constructing Human-grade Parsers

Joe Groff (tweet):

Parsing is one of the most thoroughly explored topics in computer science, but building parsers that give high-quality diagnostics and user feedback is still largely folk art. Here are some observations on how parsers can be constructed in a way that makes it easier to recover from parse errors, produce multiple diagnostics in one pass, and provide partial results for further analysis even in the face of errors, providing a better experience for user-driven command line tools and interactive environments.

[…]

Thinking about it a different way, we want parsing to always succeed at producing some kind of structured result. The result can contain error nodes inside it, but the error nodes don’t have to replace the entire result. How do we make a parser that always succeeds, and how exactly do we recover when we find a parse error? We can look at both problems from the perspective of designing the grammar. Effectively, we want to take a grammar and extend it to make it total, so that every string matches a rule, by adding rules for erroneous inputs.

[…]

If you’re designing a grammar from scratch, it’s also good to think about how your grammar can be parsed in a recoverable way, by considering what kinds of errors or incomplete edits users may make, and what kinds of synchronization points you can design into the grammar so that a parser can recover from malformed input.

Joe Groff:

Yeah, even though whitespace isn’t formally significant most people well-indent their code in practice. I think recent GCC uses indentation as a hint to match up imbalanced { } pairs; Clang and Swift should do the same

Andy Gocke:

My first rule: don’t use a generated parser. The effort in making a hand-written recursive descent parser will pay itself off many times over in maintenance.

Parser combinators are awesome for getting something working, but tend to produce a lot of allocations. For a production compiler, I think the amortized cost of rolling your own is so low I wouldn’t look for a library to help.

Tuesday, March 6, 2018

Keeping Your Safari Data Private

Apple (via Bob Burrough):

Apple products are designed to do amazing things. And designed to protect your privacy.

At Apple, we believe privacy is a fundamental human right.

And so much of your personal information — information you have a right to keep private — lives on your Apple devices.

Your heart rate after a run. Which news stories you read first. Where you bought your last coffee. What websites you visit. Who you call, email, or message.

Every Apple product is designed from the ground up to protect that information. And to empower you to choose what you share and with whom.

I don’t find Safari’s privacy options very empowering. There are lots of features to protect your from the sites you visit, but that’s only half the story. Safari’s user interface doesn’t mention which user data is sent to Apple’s servers. In fact, iCloud stores your bookmarks and Reading List, open tabs, and even your full browsing history (excluding private windows).

There is no granular control. If you want to sync your bookmarks or use Reading List to move the occasional link from your iPhone to your Mac, you also have to enable history syncing.

The history data is only secured by your Apple ID password, which means that Apple has full access to it. And there have been bugs where deleted history was not actually deleted.

With Chrome, your data syncs to Google if you create an account and log in, and you can choose which specific types of data sync. With Safari, you never really get a chance to opt in. macOS strongly encourages you to sign into iCloud during installation, and many apps won’t work without having it enabled in some fashion. You can opt out of iCloud’s Safari features, if you know to look for the checkbox tucked away in System Preferences.

Update (2018-03-06): Jason:

I appreciate the granularity Chrome enables with their syncing, even amongst individual instances. I can sync my themes and extensions on my work computer without syncing my browse history, for example.

It confounds me that Safari still doesn’t sync extensions between Macs.

Update (2018-06-02): Denis Bosnic:

I won’t bore you with long intros, suffice it to say that I filed a GDPR request with Apple to obtain all the data associated with my Apple ID account and I was surprised to see that it contained a log filled with my browsing history spanning the last 4 years of my Safari usage, containing 5,083 URLs and timestamps.

[…]

Clearing your browsing history with this feature turned on seems to clear it locally from all your devices, but there is a chance that a sizable part of this data stays in a hidden / difficult-to-access log stored on Apple’s servers.

There is currently no user-facing way of seeing or deleting that data apart from contacting Apple through a web form and hoping they will comply.

Update (2019-09-27): Maxwell Swadling:

I was also surprised to find in the iCloud data archive it includes your IP and reverse geo-ip lookup for every time you open a tab if you have this turned on.

Streaming Your Own Music

Amazon Echo used to let you upload 250 of your own music files to the cloud, or up to 250,000 if you paid $25/year.

HomePod lets you upload 100,000 songs to iTunes Match for $25/year. It cannot initiate streaming from your Mac, even if you use Home Sharing.

Google Home Max lets you upload 50,000 songs for free.

I still use iTunes to sync music to my iPhone, like an animal, and stream from the phone to a Logitech Bluetooth speaker. So I can use Siri to play my own music for free. Right now, I use my own phone for this, but the downside is that as I move around there can be interference or I can get totally out of range. Also, my iPhone SE is full, so much of my music doesn’t fit on it. It might be better to dedicate an old iOS device as a stationary music controller, but that would make controlling it less convenient.

The other option, which I’ve used in the past, is to stream from iTunes on my Mac to the Bluetooth speaker. This can be controlled from the Remote app on my phone, but that is slower and less nice than Cesium and doesn’t work with Siri.

The Mystery of the Slow Downloads

Cabel Sasser:

Our downloads really were slow — but seemingly only to Comcast users, and only during peak internet usage times. Something was up. At first we thought, maybe Comcast bandwidth is just naturally more congested in the evening as people come home from work and begin streaming Netflix, etc. But that didn’t explain why the connections to our Linode control server from Comcast, during the exact same time windows for each tester, were downloading with good speeds. We wondered, is Comcast intentionally “throttling” Cogent customers? And if so, why?

[…]

It felt like there was no way this should have worked. If I had to guess, I’d say it’s simple: in the middle of a serious ongoing debate over net neutrality, the last thing Comcast wanted to look like was a network-throttling bad guy in this blog post. But then again, maybe I’m still being too cynical — maybe they just saw a problem they hadn’t noticed and fixed it. (But really, did they really not notice that pipe was full until I asked? Surely there are network monitoring tools?) Frankly, I have to stop thinking about it, because I’ll never know. But no matter the reason, I’m very grateful: thanks for listening to us, Comcast.)

A Year Away From macOS

Wesley Moore (via Hacker News):

At this point I can’t see myself switching back to Mac OS. There is only one task (MoneyWell) that I haven’t been able to achieve with my new Linux or FreeBSD systems.

[…]

Over the year I think what I value in an operating system has shifted. I went in valuing design, consistency, and attention to detail. I definitely still value those things but I think I’ve softened on them. I’m willing to settle for a few rough edges. In return I get:

  • Systems that are always up to date
  • More hardware options
  • Upgradeable hardware
  • The ability to build an environment that works for me
  • “The freedom to study how the program works, and change it so it does your computing as you wish”.

That last one has come as a bit of a surprise. I’ve always been a fan of open source but was happy to use well-made proprietary software. It turns out that when a huge portion of your system is open source your perspective changes. Jumping through hoops to install proprietary software (that’s not in the system package repos) is kind of a drag, and feels sort of wrong for the system.

There’s also something wonderful about public bug trackers. You can search and track the progress of an issue instead of just submitting it into the void.

Previously: Finding an Alternative to Mac OS X.

GitHub Survived the Biggest DDoS Attack Ever Recorded

Lily Hay Newman (via Dave Mark):

Akamai defended against the attack in a number of ways. In addition to Prolexic’s general DDoS defense infrastructure, the firm had also recently implemented specific mitigations for a type of DDoS attack stemming from so-called memcached servers. These database caching systems work to speed networks and websites, but they aren’t meant to be exposed on the public internet; anyone can query them, and they’ll likewise respond to anyone. About 100,000 memcached servers, mostly owned by businesses and other institutions, currently sit exposed online with no authentication protection, meaning an attacker can access them and send them a special command packet that the server will respond to with a much larger reply.

Unlike the formal botnet attacks used in large DDoS efforts, like against Dyn and the French telecom OVH, memcached DDoS attacks don’t require a malware-driven botnet. Attackers simply spoof the IP address of their victim and send small queries to multiple memcached servers—about 10 per second per server—that are designed to elicit a much larger response. The memcached systems then return 50 times the data of the requests back to the victim.

Monday, March 5, 2018

First-Class Swift API for Objective-C Frameworks

Marcin Krzyżanowski:

In Objective-C, it’s possible to store a block as an id type, e.g. in a collection like NSDictionary<String *, id>. However, that’s a trap. If we store a Swift closure in the imported dictionary type, it will crash at the time we access the value.

There is a workaround, but it has to be done on the Swift side. Declare the closure type with the @convention(block) and use it as a type[…]

[…]

The non-system framework Objective-C NSUInteger is imported as UInt. That’s not very consistent with the Swift concept of having an Int as the ultimate integer type. The conversation about if NSUInteger should be automatically imported as an Int is already older than a year, and we’re still looking for a better solution in this area.

[…]

API Notes is a textual file with a set of metadata interpreted by Swift’s Clang Importer without the need to rebuild the binary.

[…]

@_exported will make an imported module re-exported as if the imported symbols were part of the intermediate module. The intermediate module is logically placed between two other modules, which is why it’s called an overlay framework: It overlays the @_exported modules.

Script Debugger 7

Late Night Software (press release):

The biggest change in Script Developer 7 is the release of our new “lite” mode, which offers all the basic editing, debugging and dictionary functions that you need to write your code. Even without Script Debugger’s advanced features, it represents a significant improvement over the Script Editor which comes with your Macintosh.

[…]

Script Debugger 7 offers a new way of deploying AppleScripts as standalone applications with an improved interface for your users, support for automatic software updates via Sparkle and much more.

[…]

Script Debugger 7’s Dictionary Explorer lets you move, copy or delete objects. Script Debugger 7’s lets you explore much more of an application’s scripting abilities without writing a single line of AppleScript code.

[…]

Script Debugger 7 offers an entirely new way of generating AppleScript code: Explorer recording. Start recording a script, and then begin exploring an application using Script Debugger’s Dictionary Explorer. As you alter property values or move, copy or delete objects, the corresponding AppleScript code is added to your script.

More changes are listed here. I also really like the redesigned Web site and the new application and document icons. This is a great app.

Update (2018-03-15): Mark Alldritt:

The standard applet shell provided by Apple has been with us since AppleScript’s inception. It is a minimal means of deploying a script as a stand alone application. Our objective with the Enhanced Applet shell is to provide additional functionality for scripters and to improve the user experience, especially when developing droplets (scripts that open files).

See also: The Talk Show.

Risks of In-App Browsers

Felix Krause (tweet):

Many larger iOS apps re-implemented their own in-app web browser. While this was necessary many years ago, nowadays it’s not only not required any more, it actually adds a major risk to the end-user.

[…]

Using a custom in-app browser, allows the app developer to inject ANY JavaScript code into the website the user visits. This means, any content, any data and any input that is shown or stored on the website is accessible to the app.

[…]

It allows the app maintainer to inject additional analytics code, without telling the user.

[…]

Any app with an in-app browser can easily steal the user’s email address, passwords and two-factor authentication codes.

[…]

Once the user is logged in, you also get access to the full HTML DOM + JavaScript data & events, which means you have full access to whatever the user sees. This includes things like your emails, your Amazon order history, your friend list, or whatever other data/website you access from an in-app web view.

This is partially a consequence of iOS’s full screen interface. On the Mac, it’s no big deal to open a separate Safari browser window, and entering credentials or doing general browsing in an in-app browser would seem weird.

I’m not sure what Apple can do about this on iOS. Even if the user knows what the safer SFSafariViewController looks like, that appearance could be spoofed. And there are plenty of legitimate uses for a regular embedded Web view.

Previously: iCloud Passwords in Mail, Device Passwords, and Safari Passwords.

Update (2018-03-06): Bad Uncle Leo:

w-w-where’s App Review??

Bob Burrough:

That’s how the house of cards comes crumbling down. App Review certainly should boot apps that steal credentials and do other nefarious things. However, if their responsibilities cover the behavior of apps (they do), then they also have to consider apps like Facebook.

Facebook’s business is built on exploiting user data in some way. Hell, Google’s is, too. However, I don’t think anyone is under any misconception that Apple’s App Review team is giving a serious, critical look at the behavior of those companies. They’re not.

This line of thinking forces us to ask what is the role of app review, and ultimately what is the role Apple’s moral policies? Are they really running their business as if they’re fighting the good fight, or is that all just marketing?

This is an area where App Review could help but won’t. App Review continues to look the other way, even for blatant push notification spam. And when there is enforcement, the rules are different for the big players.

Update (2018-03-07): Sean Hussey:

My son’s school isn’t supposed to allow outside recess if it’s below 32 degrees, so my son went to http://weather.com , opened up the web inspector, changed the temperature from 28 to 36, and showed the teacher.

Amazon Will Stop Selling Nest Smart Home Devices

Steve Kovach (via Hacker News):

After weeks of silence, Amazon's retail team informed Nest employees on a conference call late last year that it would not list any of the newer Nest products recently announced by the company, according to a person familiar with the call. The products in question include the latest Nest thermostat and the Nest Secure home security system, among others.

On that call, says the person, Amazon told Nest that the decision came from the top — and that it had nothing to do with the quality of Nest products, which had great reviews on Amazon.

[…]

As a result of Amazon's decision, Nest decided to stop selling any of its products through Amazon, meaning the limited number of Nest devices listed on Amazon today are expected to disappear from the site once current inventory is sold out, according to a person familiar with the matter.

Amazon still doesn’t sell current iPhones or iPads, but it has changed its mind and now sells Apple TVs.

I find these decisions fascinating. Amazon could already promote its own line of home products all over its site, even on listings for Nest products. Is it that much better to have Nest products not show up in searches at all? Is it really worth the lost revenue and analytics to send those purchasers elsewhere? And to tarnish Amazon’s image as the “everything store”? iPad and Kindle are not even really in the same market, and Amazon does sell tablets from other companies.

Update (2018-03-06): Amazon doesn’t sell Google Chromecast, either.

Apple Networking Feedback

Quinn the Eskimo:

I’m soliciting feedback about the networking APIs on Apple’s various platforms.  The focus here is on commonly-used user-space networking APIs; think NSURLSession, NSStream and BSD Sockets, not VPN, NKEs, Wi-Fi management, and so on.

Dave DeLong:

Here are his questions and my answers[…]

It’s great to see Apple asking for API feedback.

Update (2018-03-06): Riccardo Mori:

Part of a survey at the end of the “Apple IIGS Owner’s Reference” manual. Lovely, effective layout.

Friday, March 2, 2018

Amazon Is Complicit With Counterfeiting

Casey Hopkins:

This is exactly what has happened to us. Our popular product The Anchor, the first under desk headphone mount, with 1500+ reviews, has been getting flooded with counterfeits. The current counterfeit seller, suiningdonghanjiaju Co Ltd (yeah they sound legit), has been on there for the past 5 days and taken all the sales.

They literally reverse engineered it, made steel compression molds, made the logo wrong, used fake 3M adhesive that’s very thin and was diecut smaller than the top (measure once, cut twice), they use a lower durometer silicone so it flexes more, its has huge mold parting lines, and the packaging is literally photocopied then reprinted (you can tell by the lack of image contrast). And they had to apply a big sticker to cover our SKU with theirs. But to the untrained eye, it would pass. Can’t wait for the negative reviews to come…

This is not a cloned product with its own listing on Amazon. Rather, the counterfeiter is listed as a seller on Elevation Lab’s own product page.

There is something extremely simple Amazon could do about it. If you have a registered brand in the Brand Registry and don’t sell the product wholesale - there could be one box to check for that. And anyone else would have to get approval or high vetting to sell the product, especially if they are sending large quantities to FBA. I imagine there are some algorithmic solutions that could catch most of it too. And it wouldn’t hurt to increase the size of the Brand Registry team so they can do their work faster.

Previously: Sellers Printing Counterfeit Books and Selling Under Amazon’s Brand, Amazon Selling Fake Apple Chargers and Cables, Amazon’s Chinese Counterfeit Problem Is Getting Worse.

Update (2018-03-05): See also: 9to5Mac, BuzzFeed.

iOS Uses CFBundleName to Differentiate Apps

Kasuist (via Peter Steinberger):

To keep this service affordable to small businesses, we have a white label application that can be themed to their specifications. So everything is built from a single project.

Recently it got to the point where some customers would have a few of our apps installed.

We started getting tickets from users telling us that an app of ours was only working on WiFi. It took us a while to figure out what was actually going on.

[…]

Rather than using an apps unique BundleID to differentiate between applications, Apple is using BundleName instead. You can install any number of apps with the same BundleName on the same device as you like.

This means that should you turn mobile data off for one of these apps, the others will also be affected.

Felix Krause:

I’m gonna use the same CFBundleName as Safari, always have mobile data access

Ignacio Enriquez G:

Same problem with TouchID, install app 1 and app2 with same name and touch ID will always fail for app1. I don’t know who had this brilliant idea of using the bundle name instead of the bundle id.

Previously: Apple Narrows Ban on Templated Apps.

Working at Google

Michael Lynch (via Stephanie Hurlburt, Hacker News):

The pipeline didn’t record many metrics. The ones it did have made it look like things had gotten worse. My bug discoveries caused the overall bug count to increase. The pipeline’s failures increased because I made it fail fast on anomalies instead of silently passing along bad data. I drastically reduced the time developers spent repairing those failures, but there were no metrics that tracked developer time.

My other work didn’t look so good on paper either. On several occasions, I put my projects on hold for weeks or even months at a time to help a teammate whose launch was at risk. It was the right decision for the team, but it looked unimpressive in a promo packet. To the promotion committee, my teammate’s project was the big, important work that demanded coordination from multiple developers. If they hornswoggled me into helping them, it’s evidence of their strong leadership qualities. I was just the mindless peon whose work was so irrelevant that it could be pre-empted at a moment’s notice.

[…]

I adopted a new strategy. Before starting any task, I asked myself whether it would help my case for promotion. If the answer was no, I didn’t do it.

My quality bar for code dropped from, “Will we be able to maintain this for the next 5 years?” to, “Can this last until I’m promoted?” I didn’t file or fix any bugs unless they risked my project’s launch. I wriggled out of all responsibilities for maintenance work.

See also: The Econ 101 Management Method, Sins of Commissions.

Searching for Paid Apps

Andrew Abernathy:

I hate that when searching on the iOS App Store I can filter out the paid apps, but I can’t filter out the free options. For lots of searches, the free results are crap. Show me the apps that are actually worth some money.

C String Functions in Swift: a malloc’y Story

Helge Heß (tweet):

The pointer you get back points into a buffer, which doesn’t exist anymore. That is why you need to be super careful when accessing C APIs.

[…]

Why does this [Objective-C] rarely result in an allocation? In the case above the NSString is an NSConstantString which is already backed by an UTF-8 string, and as mentioned above, a lot of NSString’s are backed by UTF-8.

[…]

I was incorrectly assuming that Swift would create the static String in a way that is backed by an UTF-8 buffer, including the terminating 0 (because that byte is negligable). And more importantly, that the compiler would directly pass over the pointer to that cString buffer. […] When using C API with Swift Strings (be it a simple puts or maybe libxml2), be aware that such calls are really expensive (a malloc+free per call).

Thursday, March 1, 2018

SwiftNIO

SwiftNIO:

SwiftNIO is a cross-platform asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.

It’s like Netty, but written for Swift.

Update (2018-03-02): Ben Cohen:

Two strengths of Swift that worked really well for SwiftNIO:

- tight, deterministic memory management

- easy transition between C/Unsafe and higher-level APIs

There are still some places in the code that are a little bit, uh, Java-y. PRs welcome!

Update (2018-03-05): Vapor:

We have branches of Vapor and Fluent 3.0 built on #swiftnio successfully running and passing tests. Integration went very smoothly with few breaking changes. With close to 15k LOC deleted so far, we think this is definitely the right choice going forward and we’re excited!

Twitter Launches Bookmarks for Saving Tweets

Jesar Shah (MacRumors):

To bookmark a Tweet, tap the share icon under the Tweet and select, “Add Tweet to Bookmarks”. To find it later, tap “Bookmarks” from your profile icon menu. You can remove Tweets from your Bookmarks at any time. Also, only you can see what you’ve bookmarked.

Nick Heer:

Unfortunately, there’s nothing in this announcement nor anything in Twitter’s documentation that suggests they’re making this available to third-party developers; I hope they do.

Respecting Privacy at Basecamp

Noah Lorang:

Many companies, especially startups, review every signup manually and reach out to interesting looking customers. I get lots of these emails, and every one leaves me unsettled.

Tons of companies will also use the fact that you signed up as permission to identify you as a customer for marketing purposes. Over the years, I’ve had to ask no fewer than a dozen companies to remove Basecamp from their marketing material.

I find both of these practices to be distasteful.

I don’t think companies should promote you as a customer without asking.

Cellebrite Can Now Unlock Recent iPhones

Thomas Fox-Brewster:

Cellebrite, a Petah Tikva, Israel-based vendor that’s become the U.S. government’s company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11 (right up to 11.2.6). That includes the iPhone X, a model that Forbes has learned was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.

Jeff Atwood:

“The story I hear is that Cellebrite hires ex-Apple engineers and moves them to countries where Apple can’t prosecute them under the DMCA or its equivalents”

I’m not sure where this quote comes from, as it’s not in the current version of the article.

Ray [REDACTED] (via Nick Heer):

If you are concerned by this then one thing you can due to mitigate it is to change your iPhone PIN from a six digit number to an alphanumeric passphrase. The cellebrite exploit involves a brute force PIN trick that allows unlimited attempts without wiping.

Previously: iOS 9 Source Code Leak, FBI Asks Apple for Secure Golden Key.

Update (2018-03-05): Thomas Fox-Brewster:

Just a week after Forbes reported on the claim of Israeli U.S. government manufacturer Cellebrite that it could unlock the latest Apple iPhone models, another service has emerged promising much the same. Except this time it comes from an unknown entity, an obscure American startup named Grayshift, which appears to be run by long-time U.S. intelligence agency contractors and an ex-Apple security engineer.

In recent weeks, its marketing materials have been disseminated around private online police and forensics groups, offering a $15,000 iPhone unlock tool named GrayKey, which permits 300 uses. That's for the online mode that requires constant connectivity at the customer end, whilst an offline version costs $30,000. The latter comes with unlimited uses.

The Rise of China As a Digital Totalitarian State

Xiao Qiang:

Zhou’s story is the latest example of how much stricter state control has become across the Chinese Internet, especially social media platforms. In China, censorship and propaganda go hand in hand, backed by the use of physical force, including police visits, arrests and attacks by state media on people who have expressed controversial political opinions online.

Ever since he came to power in 2012, President Xi Jinping has attempted to bolster the authority of the Communist Party in part by imposing wide-ranging policies to gain ideological and informational control over the media and Internet. In 2017, the country’s first cybersecurity law came into effect; it requires Internet companies to allow even more surveillance of their networks, submit to mandated security reviews of their equipment and provide data to government investigators when requested, among other regulations.

The University of Toronto-based Citizen Lab has identified various surveillance mechanisms used to monitor social media platforms such as WeChat, which can leave people with the sense that they have a surveillance weapon in their pockets. What’s more, these mechanisms remain in effect when individuals leave the country, as do large number of Chinese students who study abroad.

Previously: iCloud in China and on Google’s Cloud.