Archive for March 5, 2018

Monday, March 5, 2018

First-Class Swift API for Objective-C Frameworks

Marcin Krzyżanowski:

In Objective-C, it’s possible to store a block as an id type, e.g. in a collection like NSDictionary<String *, id>. However, that’s a trap. If we store a Swift closure in the imported dictionary type, it will crash at the time we access the value.

There is a workaround, but it has to be done on the Swift side. Declare the closure type with the @convention(block) and use it as a type[…]

[…]

The non-system framework Objective-C NSUInteger is imported as UInt. That’s not very consistent with the Swift concept of having an Int as the ultimate integer type. The conversation about if NSUInteger should be automatically imported as an Int is already older than a year, and we’re still looking for a better solution in this area.

[…]

API Notes is a textual file with a set of metadata interpreted by Swift’s Clang Importer without the need to rebuild the binary.

[…]

@_exported will make an imported module re-exported as if the imported symbols were part of the intermediate module. The intermediate module is logically placed between two other modules, which is why it’s called an overlay framework: It overlays the @_exported modules.

Script Debugger 7

Late Night Software (press release):

The biggest change in Script Developer 7 is the release of our new “lite” mode, which offers all the basic editing, debugging and dictionary functions that you need to write your code. Even without Script Debugger’s advanced features, it represents a significant improvement over the Script Editor which comes with your Macintosh.

[…]

Script Debugger 7 offers a new way of deploying AppleScripts as standalone applications with an improved interface for your users, support for automatic software updates via Sparkle and much more.

[…]

Script Debugger 7’s Dictionary Explorer lets you move, copy or delete objects. Script Debugger 7’s lets you explore much more of an application’s scripting abilities without writing a single line of AppleScript code.

[…]

Script Debugger 7 offers an entirely new way of generating AppleScript code: Explorer recording. Start recording a script, and then begin exploring an application using Script Debugger’s Dictionary Explorer. As you alter property values or move, copy or delete objects, the corresponding AppleScript code is added to your script.

More changes are listed here. I also really like the redesigned Web site and the new application and document icons. This is a great app.

Update (2018-03-15): Mark Alldritt:

The standard applet shell provided by Apple has been with us since AppleScript’s inception. It is a minimal means of deploying a script as a stand alone application. Our objective with the Enhanced Applet shell is to provide additional functionality for scripters and to improve the user experience, especially when developing droplets (scripts that open files).

See also: The Talk Show.

Risks of In-App Browsers

Felix Krause (tweet):

Many larger iOS apps re-implemented their own in-app web browser. While this was necessary many years ago, nowadays it’s not only not required any more, it actually adds a major risk to the end-user.

[…]

Using a custom in-app browser, allows the app developer to inject ANY JavaScript code into the website the user visits. This means, any content, any data and any input that is shown or stored on the website is accessible to the app.

[…]

It allows the app maintainer to inject additional analytics code, without telling the user.

[…]

Any app with an in-app browser can easily steal the user’s email address, passwords and two-factor authentication codes.

[…]

Once the user is logged in, you also get access to the full HTML DOM + JavaScript data & events, which means you have full access to whatever the user sees. This includes things like your emails, your Amazon order history, your friend list, or whatever other data/website you access from an in-app web view.

This is partially a consequence of iOS’s full screen interface. On the Mac, it’s no big deal to open a separate Safari browser window, and entering credentials or doing general browsing in an in-app browser would seem weird.

I’m not sure what Apple can do about this on iOS. Even if the user knows what the safer SFSafariViewController looks like, that appearance could be spoofed. And there are plenty of legitimate uses for a regular embedded Web view.

Previously: iCloud Passwords in Mail, Device Passwords, and Safari Passwords.

Update (2018-03-06): Bad Uncle Leo:

w-w-where’s App Review??

Bob Burrough:

That’s how the house of cards comes crumbling down. App Review certainly should boot apps that steal credentials and do other nefarious things. However, if their responsibilities cover the behavior of apps (they do), then they also have to consider apps like Facebook.

Facebook’s business is built on exploiting user data in some way. Hell, Google’s is, too. However, I don’t think anyone is under any misconception that Apple’s App Review team is giving a serious, critical look at the behavior of those companies. They’re not.

This line of thinking forces us to ask what is the role of app review, and ultimately what is the role Apple’s moral policies? Are they really running their business as if they’re fighting the good fight, or is that all just marketing?

This is an area where App Review could help but won’t. App Review continues to look the other way, even for blatant push notification spam. And when there is enforcement, the rules are different for the big players.

Update (2018-03-07): Sean Hussey:

My son’s school isn’t supposed to allow outside recess if it’s below 32 degrees, so my son went to http://weather.com , opened up the web inspector, changed the temperature from 28 to 36, and showed the teacher.

Amazon Will Stop Selling Nest Smart Home Devices

Steve Kovach (via Hacker News):

After weeks of silence, Amazon's retail team informed Nest employees on a conference call late last year that it would not list any of the newer Nest products recently announced by the company, according to a person familiar with the call. The products in question include the latest Nest thermostat and the Nest Secure home security system, among others.

On that call, says the person, Amazon told Nest that the decision came from the top — and that it had nothing to do with the quality of Nest products, which had great reviews on Amazon.

[…]

As a result of Amazon's decision, Nest decided to stop selling any of its products through Amazon, meaning the limited number of Nest devices listed on Amazon today are expected to disappear from the site once current inventory is sold out, according to a person familiar with the matter.

Amazon still doesn’t sell current iPhones or iPads, but it has changed its mind and now sells Apple TVs.

I find these decisions fascinating. Amazon could already promote its own line of home products all over its site, even on listings for Nest products. Is it that much better to have Nest products not show up in searches at all? Is it really worth the lost revenue and analytics to send those purchasers elsewhere? And to tarnish Amazon’s image as the “everything store”? iPad and Kindle are not even really in the same market, and Amazon does sell tablets from other companies.

Update (2018-03-06): Amazon doesn’t sell Google Chromecast, either.

Apple Networking Feedback

Quinn the Eskimo:

I’m soliciting feedback about the networking APIs on Apple’s various platforms.  The focus here is on commonly-used user-space networking APIs; think NSURLSession, NSStream and BSD Sockets, not VPN, NKEs, Wi-Fi management, and so on.

Dave DeLong:

Here are his questions and my answers[…]

It’s great to see Apple asking for API feedback.

Update (2018-03-06): Riccardo Mori:

Part of a survey at the end of the “Apple IIGS Owner’s Reference” manual. Lovely, effective layout.