Archive for May 2018

Thursday, May 31, 2018

Encrypting for Apple’s Secure Enclave

David Schuetz (tweet):

Encryption, once you have a safe and well-implemented algorithm, is all about the keys. Lose control of your keys, and it’s “Game over, man!” What if we could put our keys somewhere completely out of reach, where even their owner can’t get to them? Yibikeys and HSMs can provide that security, but they’re external devices.


One feature added in iOS 9, and macOS 10.13, is the ability to store keys and perform cryptography entirely within the Secure Enclave. The application asks the SE to create a public/private keypair. The SE returns the public key (which should then be stored somewhere safe), but it holds onto the private key. Then it can ask “Here, sign this message” and the SE will grab the private key, sign the message, and return the result. Or “Here, decrypt this,” and it’ll decrypt the message using the private key, and return the plaintext. The application itself never has direct access to the private key, so the key should be very secure.


So why is all this cool? Because we can be confident that nobody can read our data without our device.

iOS 11.4 and Messages in iCloud


Almost a year after they were first announced, Apple has finally shipped AirPlay 2 and Messages in iCloud[…]


Frankly, we think it’s shameful that Apple is effectively charging for message sync features that have been free on every other Internet messaging client in history. But, unlike most messaging clients, iMessage is end-to-end encrypted, and that’s still true even if you use Messages in iCloud.

However, I don’t think it’s documented yet whether turning syncing on gives Apple the keys.

Ashraf Eassa:

Messages in iCloud is a brilliant way to convince people to buy more iCloud storage. Those chat logs can get absolutely huge.

Juli Clover:

First and foremost, the update addresses the “Black Dot” unicode bug that could crash apps on iOS devices with a specific character sequence involving certain emojis. Following the release of iOS 11.4, this particular sequence of characters will no longer cause apps like Messages to crash.

Apple says the update also successfully fixes an issue that caused iMessages to appear out of order on some devices, a frustrating bug that’s been around for quite some time and has been the subject of many complaints.

Steve Troughton-Smith:

Now that iMessage in iCloud is here, it’s become essential to remap my ‘Delete Conversation’ menu item in macOS as it’s way too easy to accidentally ⌘-delete and watch an important or sentimental thread be wiped from all your devices. Hopefully won’t accidentally trigger now…

Russell Ivanovic:

When a device supports Airplay 2 you get a little checkbox next to it in the route picker. Fun fact you can play to both Apple TV and HomePod at the same time now.

Previously: iOS 11.3, “Black Dot” Unicode Bug, Messages on iCloud in iOS 11.3 Beta.

Update (2018-06-01): Steve Troughton-Smith:

Clearly this feature was totally ready to roll out and not in any way influenced by it being 51 weeks since its announcement. They are so confident in it it has no onboarding experience, a hidden enable toggle, and it’s disabled by default

Steve Troughton-Smith:

Oh neat, iMessage in iCloud has a size breakdown of each of your message threads. My average thread with any frequent contact is ~2GB, and my Messages are 32GB in total. That’s 32GB less storage space I now need on iOS devices, assuming cache eviction works as intended

Benjamin Mayo:

The byte sizes for Messages in iCloud is very wonky. My ‘Conversations’ total says Zero KB, but then I tap through and each thread is some number of MBs. Yet, the iCloud Storage screen says Messages is using several gigabytes.

Benjamin Mayo:

I will say this. For as wrong as the storage stats screens are, the actual Messages syncing has worked flawlessly for me. AirPlay 2 is similarly robust, and I’ve really been trying to trick that one.

Ryan Jones:

Just sad. Pathetic really.

Nick Heer:

Same here. Bizarre.

John Gruber:

Beat this:

Damien Petrilli:

Some wonders why Apple didn’t activated iMessage in the cloud by default.

I think the reason is simple: Apple got the numbers of ppl lacking storage on iCloud and its prob not small.

Would be a pretty bad PR if users stopped receiving messages because of that.

Josh Centers:

I warned that Messages in iCloud counts against your storage quota, but @bdougherty pointed out that it can actually save you space if you use iCloud backup. My testing confirmed and I’ve updated the article to reflect that.


Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, a copy of the key protecting your Messages is included in your backup. This ensures you can recover your Messages if you’ve lost access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and it is not stored by Apple.

In other words, turning on Messages in the iCloud makes iMessage less secure. Apple can read your messages unless you are not using iCloud Backup. [Update: I think Nat is right that there is not really a difference in security because iCloud Backup already made the messages available to Apple.]

Update (2018-06-03): Michael Yacavone:

There is no doubt that for me iMessage on iOS 11.4 is far worse than on 11.3. Example: Reading my iPad, phone beeps, respond there, two minutes later still not showing on iPad. Never happened on 11.3.

Update (2018-06-12): Noel Cornell:

It’s sadly as amazing as it disappointing how badly “Messages in Cloud” works after all this wait. Possibly one of my most wanted features for years. Now it’s here and it still just doesn’t work very well. Avatars sliding around the left side bar for minutes at a time.

Update (2018-07-11): Juli Clover:

The macOS High Sierra 10.13.6 update is minor in scale, focusing on bug fixes and security improvements. No major feature changes were discovered during the beta testing process, but Apple’s release notes say it adds AirPlay 2 multi-room support for iTunes with the accompanying iTunes 12.8 update.

Update (2018-07-31): Noel Cornell:

What did “Messages in Cloud” resolve exactly? Still after a vacation I get tons of messages appearing out of order, bad read/unread states, errors about unsent messages.

WWDC 1997 Videos and Other History

Brendan Shanks:

If you liked the slides, you’ll find the videos fascinating. In particular, the overview/strategy speakers take pains to emphasize what has changed since the year before: developing rather than abandoning the Mac OS, promising to ship regular incremental improvements, and moving ahead with a next-generation OS (Rhapsody) built on shipping, proven technology.

Riccardo Mori:

Thirty years of Mac ads - 1984-2014. (Love the early ones!)

Jason Kottke:

This 1985 catalog for engineers contains hundreds and hundreds of tech logos from the 70s and 80s. They are glorious.

Previously: Preparing for WWDC 2017.

Apple Hasn’t Blocked Telegram App, But Won’t Allow Updates

Juli Clover:

The Russian government has asked Apple to help it block Telegram, the secure messaging app that’s highly popular in the country, reports WCCFTech.

A Russian court in April ordered carriers and internet providers in the country to block Telegram back in April, after Telegram refused to provide Russia with backdoor access to user messages.

Mitchel Broussard:

As this unfolds, Telegram CEO Pavel Durov posted an update for users early this morning in an effort to explain why some features “don’t work correctly under iOS 11.4" (via ArsTechnica).

According to Durov, Apple has been “preventing” the Telegram iOS app from updating on a global scale, dating back to when Russia banned the app in April. Durov says that his company chose to do the “only possible thing” and refused to provide Russia with decryption keys to access user messages, “preserving the right of our users privacy in a troubled country.”

Apple wouldn’t have to be in the middle here if it let customers download apps directly from the developer.

Previously: Apple Removes LinkedIn App From Russian App Store, Apple Pulls VPN Apps From China App Store, Apple Removes New York Times Apps From Chinese App Store.

Update (2018-05-31): See also: Hacker News.

Update (2018-06-02): Juli Clover:

Telegram today received its first update in two months after an App Store update lockout caused by a dispute with the Russian government and Apple.


Amid this dispute, Apple was apparently refusing all Telegram app updates dating back to mid-April. This situation caused certain Telegram features, like stickers, to break with the launch of iOS 11.4, and it prevented Telegram from complying with new GDPR rules in the European Union.

Valve’s Steam Link App Rejected From the App Store

Valve (Hacker News):

Valve press statement on the Steam Link app for iOS being rejected by Apple.

Brian Crecente:

Valve’s Steam Link app, which allows Steam users to stream their library of PC video games to a smartphone where they can play them while at home, has been rejected from iTunes by Apple, effectively blocking its release on iOS, according to Valve.

Juli Clover:

The Steam Link app for iOS, which was announced on May 9, is designed to allow Steam users to play their Steam games on an iPhone, iPad, or Apple TV using either a 5GHz WiFi network or a wired Ethernet connection to a host PC or Mac.

John Gruber:

There are two parts to this story, both of which make Apple look bad. First, Steam Link is more or less equivalent to a VNC client. It doesn’t stream games from Valve’s servers — it streams them from a Mac or PC on your local network. As Ars points out, there are plenty of other VNC/remote desktop apps in the App Store.

Nick Heer:

As with many controversial App Store rejections, this one comes as a result of poor communication: Apple apparently allowed the app, which meant Valve could announce it, and then rejected it for unclear reasons.

Phil Schiller:

We would love for Valve’s games and services to be on iOS and AppleTV. Unfortunately, the review team found that Valve’s Steam iOS app, as currently submitted, violates a number of guidelines around user generated content, in-app purchases, content codes, etc.

We’ve discussed these issues with Valve and will continue to work with them to help bring the Steam experience to iOS and AppleTV in a way that complies with the store’s guidelines.

Neither side seems to be talking about what those alleged violations are.

Update (2018-06-02): See also: The Talk Show, Steve Troughton-Smith.

Friday, May 18, 2018

The Developers Union

Brent Simmons, Jake Schumacher, et al.:

We believe that people who create great software should be able to make a living doing it. So we created The Developers Union to advocate for sustainability in the App Store.

Today, we are asking Apple to commit to allowing free trials for all apps in the App Stores by the tenth anniversary of the App Store this July. After that, we’ll start advocating for a more reasonable revenue cut and other community-driven, developer-friendly changes.

See also: AppleInsider, Wired.

Update (2018-05-18): Brent Simmons:

Some of the press coverage about The Developers Union uses words like “angry” and “fed up.” These aren’t accurate characterizations at all. Nobody’s mad here!

But here‘s the deal: Apple controls the App Store and its economics. The system could be set up better to support high-quality apps, by indies, that last for years.

Update (2018-05-19): See also: Hacker News, MacRumors, The Verge.

Update (2018-06-02): Becky Hansmeyer:

My app, Snapthread, is a utility. In general, utilities aren’t great candidates for subscription pricing. So while devs do have the option to offer a free trial for their subscription-based apps, the only way to offer a trial experience for paid upfront apps is to implement some type of in-app purchase to unlock full functionality or upload a separate, “lite” version to the store. There’s really no good way for non-paying users to experience your app in its full glory without significant compromises.

Max Seelemann:

The freedom of offering re-trials on major releases. Bought with just a few months of engineering work

Basic Questions About Google Duplex

Dan Primack:

When you call a business, the person picking up the phone almost always identifies the business itself (and sometimes gives their own name as well). But that didn’t happen when the Google assistant called these “real” businesses[…]

John Gruber:

The way the people answered the phone in these recordings was one of the first things that made me suspicious that these examples were either significantly edited or outright fakes. Plus, the salon only asks for a name (and only a first name at that). No phone number, no checking if the client has a request for a certain stylist.

Nick Heer:

Google CEO Sundar Pichai insisted three times that these calls were real, but these discrepancies should be answered. If these calls were edited, even just to remove the business name to limit publicity, Google hasn’t said. Very strange.

Joe Cieplinski:

But if I had to guess: Google made a real phone call, but to someone who had been prepped to follow a very specific script. That way, they were sure to get the responses they wanted. Not so much a complete fake as a contrived circumstance that didn’t demonstrate how this app would behave in the real world.

See also: John Gruber.

Update (2018-06-02): John Gruber:

But Pichai also said “This will be rolling out in the coming weeks as an experiment.” On the one hand, that makes me feel like maybe I am off my rocker for being so skeptical. Why in the world would Pichai say that if they weren’t at a stage in internal testing where Duplex works as the recordings suggest? But on the other hand, if they are that close, why haven’t they invited anyone from the media to see Duplex in action?


The headlines last week should have been along the lines of “Google Claims Assistant Can Make Human-Sounding Phone Calls”, not “Google Assistant Can Make Human-Sounding Phone Calls”. There’s a difference.

Update (2018-06-28): John Gruber:

Google has finally done what they should’ve done initially: let a group of journalists (two groups actually, one on each coast) actually listen to and participate in live Duplex calls.

Thursday, May 17, 2018

New Twitter APIs and Pricing

Juli Clover:

Twitter today unveiled new details on its upcoming activity API changes, which will affect how third-party apps are able to access Twitter APIs and provide services to Twitter users who prefer to use apps like Twitterrific and Tweetbot.

Third-party Twitter app developers will be required to purchase a Premium or Enterprise Account Activity API package to access a full set of activities related to a Twitter account[…]


Twitter says it will be delaying the deprecation of its current APIs for three months to give developers time to transition over to the new platform. These APIs will be deprecated on Wednesday, August 16 instead of June 19, the original date Twitter planned to end support for the APIs.

Michael Glenn:

Twitter’s quarterly revenue was $665MM or $222MM a month.

Estimated active users are 267MM.

That’s $0.83 per user per month.

Why would they think $11.60 per user per month makes any sense?

Chuq Von Rospach:

In reality, priced to kill third party apps in a way Twitter hopes we blame the apps for.

Sean Heber:

It’s looking like it won’t be financially possible for us to afford the new account activity API from twitter.

John Gruber:

Twitter management obviously wants to steer people to their first-party mobile app and desktop website. I get that. But they already have that: the overwhelming number of Twitter users use exactly those products to access the service.


Twitter isn’t explicitly saying that they’re shutting down third-party clients, but I don’t know that it’s feasible for them to exist if they don’t have access to these APIs. It’s like breaking up with someone by being a jerk to them rather than telling them you’re breaking up.

Riccardo Mori:

What Twitter is doing to 3rd-party developers, is doing it purely out of spite. In the grand scheme of things, the sheer number of people using 3rd-party clients is too small to impact Twitter’s revenue.

Chuq Von Rospach:

They are pretty clearly moving to a model where brands and big names announce stuff and their fans listen, and those of us who use it to share info and chatter are inconvenient and in the way.

Previously: Twitter Shutting Down APIs, Twitter Abolishes Native Mac Client.

Update (2018-05-18): See also: Manton Reece.

Jan Dawson:

The big risk is that Twitter will focus so much on Twitter 2 that it fails to feed Twitter 1. Twitter 1 is the most vocal Twitter, and essentially all the influencers — whether celebrities, power users, or reporters — are in Twitter 1. Ignoring Twitter 1 as the company focuses on Twitter 2 would be a huge mistake, especially because so much of the content consumed by Twitter 2 is provided by Twitter 1. There’s a symbiotic relationship here, and one that Twitter has to be very careful not to disrupt.

The problem is that Twitter has another goal it’s trying to achieve: monetization. Twitter’s monetization strategy involves serving up ads, which in turn requires that people use Twitter’s own apps or its website to consume those ads. And yet Twitter 1 disproportionately uses third party clients like Tweetbot and Twitterrific. Because of Twitter’s insistence on monetization through advertising, and its general discouragement of clients that replicate the core Twitter experience, it’s started withholding some important features from the API it makes available to third party clients.

Via Nick Lockwood:

This Venn diagram is also equates pretty well with

Mac vs iOS users


Mac/iOS power users vs ordinary users

And similarly explains why Apple continues to grow and rake in profits whilst making decisions that frustrate its most vocal and valuable supporters.

Update (2018-06-02): See also: Accidental Tech Podcast.

US Cell Carriers Are Selling Access to Real-time Phone Location Data

Zack Whittaker (via Hacker News):

Four of the largest cell giants in the US are selling your real-time location data to a company that you’ve probably never heard about before.

In case you missed it, a senator last week sent a letter demanding the Federal Communications Commission (FCC) investigate why Securus, a prison technology company, can track any phone “within seconds” by using data obtained from the country’s largest cell giants, including AT&T, Verizon, T-Mobile, and Sprint, through an intermediary, LocationSmart.

Update (2018-05-18): Nick Heer:

While I was writing it, I couldn’t help but think that there isn’t much worse it could get, right? Well, what about if a similar location tracking application had no security — at all?

Update (2019-01-11): Nick Heer:

Two days after Joseph Cox reported that the real-time location of virtually every phone in the United States could be bought with few restrictions, Hamza Shaban and Brian Fung are reporting for the Washington Post that three providers have said that they would stop selling customers’ location data to third parties[…]

John Gruber:

The carriers’ defense is basically that they only intended to sell this data to the “right” people, and the fact that these middlemen are reselling it to the “wrong” people is against their “terms”. […] Honestly, for me and my family, our location data is more private than the content of our calls.

UIs That Amass Memories

Marcin Wichary (via Nick Heer):

Fascinated by UIs that accidentally amass memories. One of them is the wi-fi “preferred networks” pane – unexpected reminders of business trips, vacations, accidental detours, once frequented and now closed cafés.

Another? The alarm page and its history of painful negotiations with early mornings. (One of these, I’m sure, was for a lunar eclipse; another for sending a friend in Europe a “good luck” text.)

Some Thoughts on Google Photos vs. Apple Photos

Om Malik:

In my social circles — admittedly a very tech-centric community — it is hard to find anyone who has told me that they love Apple Photos. Usual refrain tends to be – “That’s a mess.” There are no magical aha moments. Photos are Apple and by extension, iPhone’s currency. And yet the software on iPhone and Macs resembles a two-legged dog dragging itself over the rocky ground. Yes, there is assurance that it is not feeding some giant ads-spewing web monster, but by Jove, it isn’t a fun experience, and not magical.

And that is the exact opposite of how you feel about the actual camera app and how simple and elegant it is compared to its rivals on other platforms. Magic comes from the way the software works on the hardware, and that is where Apple has put most of their photo emphasis lately: on the camera itself. Samsung, OnePlus, Google Pixel and Huawei are some of the Android phone cameras I have tried, and have been underwhelmed by them. Not because of the camera hardware, but by the overall experience.

Update (2018-07-11): Dan Counsell:

Good job

The Moat Map

Ben Thompson:

This relationship between the differentiation of the supplier base and the degree of externalization of the network effect forms a map of effective moats; to again take these six companies in order:

  • Facebook has completely internalized its network and commoditized its content supplier base, and has no motivation to, for example, share its advertising proceeds. Google similarly has internalized its network effects and commoditized its supplier base; however, given that its supply is from 3rd parties, the company does have more of a motivation to sustain those third parties (this helps explain, for example, why Google’s off-site advertising products have always been far superior to Facebook’s).
  • Netflix and Amazon’s network effects are partially internalized and partially externalized, and similarly, both have differentiated suppliers that remain very much subordinate to the Amazon and Netflix customer relationship.
  • Apple and Microsoft, meanwhile, have the most differentiated suppliers on their platforms, which makes sense given that both depend on largely externalized network effects. “Must-have” apps ultimately accrue to the platform’s benefit.


To be sure, the company has been more than fine: its developer ecosystem is plenty strong enough to allow the company’s product chops to come to the fore. I continue to believe, though, that Apple’s moat could be even deeper had the company considered the above Moat Map: the network effects of a platform like iOS are mostly externalized, which means that highly differentiated suppliers are the best means to deepen the moat; unfortunately Apple for too long didn’t allow for suitable business models.

Update (2018-06-02): Ben Thompson (Hacker News):

Once a platform dips under the Bill Gates Line, though, the long-term potential of a business built on a “platform” starts to decline. Apple’s App Store, for example, has all of the trappings of a platform, but Apple quite clearly captures the vast majority of the overall ecosystem, both because of the profitability of the iPhone and also because of its control of App Store economics; the paucity of strong and durable businesses on the App Store is a natural outgrowth of that.

Patrick O’Shaughnessy:

This 20-minute talk by @benthompson on the difference between platforms and aggregators is fantastic.

Tuesday, May 15, 2018

App Architecture: iOS Application Design Patterns in Swift

Chris Eidhof, Matt Gallagher, and Florian Kugler:

This book explains a range of application design patterns and their implementation techniques using a single example app, fully implemented in five design patterns.

Instead of advocating for any particular pattern, we lay out the problems all architectures are trying to address: constructing the app’s components, communicating between the view and the model, and handling non-model state. We show high-level solutions to these problems and break them down to the level of implementation for five different design patterns — two commonly used and three more experimental.

Tweetbot 3 for Mac

Tapbots (MacRumors, MacStories, The Verge, 9to5Mac):

Tweetbot’s new optional expanded sidebar provides one-click access to all of your subsections like your lists, direct message conversations and saved searches.

Columns have been rebuilt from the ground up to be far more accessible and customizable. Easily add/remove columns, change the content of a column or reorder them.

Automatically playback videos and GIFs in your timeline with a quick mouseover. A click on an image or video opens it up in our lightning fast new media viewer.

Go easy on your eyes in low light situations with the new dark theme, one of the most highly requested features for Tweetbot. See how images and videos pop beautifully.


Topics automatically chain together multiple Tweets to easily create tweetstorms or live blog events.


Ever forget why you followed someone or wanted to jot notes about someone for future reference? Create notes on a user’s profile that only you can see.

$10 is a small price to pay to keep supporting development of a quality native Twitter client, but I see this update as a bit of a design regression. It continues the trend of lowering the information density by adding a row of buttons to each tweet. This consumes a lot of vertical space and fills it with distracting widgets that I will never use—because I use the keyboard shortcuts.

Annoyingly, it did not remember my accounts or preferences from Tweetbot 2. Do I have the Mac App Store to thank for requiring paid updates to have a different bundle identifier and thus a different sandbox container?

Previously: Twitter Abolishes Native Mac Client.

Update (2018-05-19): See also: The Sweet Setup.

Update (2018-06-02): Tapbots (via John Gruber):

Tweetbot for Mac 3.0.2 is out with the ability to hide the action buttons until you move your mouse over the Tweet. You can enable this in the settings.

Unlike Tweetbot 2, favorited tweets do not show the heart icon unless they are selected or moused over.

When Disappearing Messages Don’t Disappear

Patrick Wardle:

In short, Alec noted that if using the macOS Signal App, disappearing messages may remain in macOS’s Notification Center. Yikes!


While the application deletes the messages (once the ‘disappear’ time is hit) from the app’s UI - the message may still remain in macOS’s Notification Center.

This apparently occurs because:

  1. Signal displays (posts) a message notification (with the content of the message) to the Notification Center (if the app is not in the foreground).
  2. The OS automatically dismisses the notification ‘banner’ … but the notification (which contains the message contents) remain in the Notification Center.
  3. Signal, does not explicitly delete this notification when it deletes messages from the app UI.

Even if it did delete the notifications, the data might still remain in the SQLite database file.

Previously: TextExpander 5 and Notification Center Privacy.

Why Apple Should Copy the Android P Notification Shade

Michael Simon:

Even before the public beta of version 9.0 landed this week, Android’s system of notifications was far superior to Apple’s. As someone who regularly bounces between the two platforms, I actively ignore the iOS Notification Center, but on Android, I use it regularly to catch up on things I might have missed. The Android notification shade isn’t just for messages and alerts; it’s an information center for your entire digital life.

As it stands, I have far fewer complaints about notifications on Android Oreo than I do on iOS 11, but the system has its kinks and annoyances just like it did on previous Android version, Nougat and Marshmallow. But in Android P, notifications are nearly perfect. Google hasn’t overhauled the notification system in Android P, but it has implemented a series of meaningful tweaks that work to make notifications useful, whether you want to interact with them, control what you see, or just keep them at bay.

Update (2018-06-02): Nick Heer:

Apple has apparently intended for the notification system to be seen as less of a todo list of items of interest, and more of an advisory area — something that you look at occasionally, and never really worry about clearing fully. I think that it feels too heavy-handed to be something so passive. Either Apple ought to be more prescriptive about how push notifications are to be used, or the design of the system needs to be pragmatic and take into account the notifications that people actually get. The latter is more challenging because it would need to compensate for all kinds of edge cases, but I think that would ultimately result in a better product.


I don’t think apps should require users to figure out a granular array of notification types; apps should set appropriate priorities for different kinds of alerts they may push, and the system ought to have a way to enforce that. The same goes for prioritizing notifications across multiple apps — no matter how much I miss grouping notifications by app instead of sorting chronologically, I don’t think that’s something users should be required to manage. As with multitasking and Bluetooth connectivity, above, an iPhone should be able to figure this stuff out.

20 Years of USB

Accidental Tech Podcast had a good segment on the many changes that USB brought and how, amazingly, peripherals for the original iMac can still be used today. I have always seen USB as a mixed bag. For the industry as a whole, it’s certainly a success. But for a Mac user, it represents a lowest common denominator approach and a degradation of the user experience in some ways.

All wired keyboards and mice can now use the same connector, and you can plug the mouse into the keyboard. That’s great—but we had that with ADB, and ADB input devices didn’t periodically stop working and have to be unplugged and replugged.

In theory, hubs are better than daisy chaining, but finding a USB hub that’s reliable is a challenge. Even when directly connected, nearly every USB 3 storage device I’ve used is subject to spontaneous unmounting. (That never happened with SCSI.) And the availability of hubs made Apple comfortable with reducing the number of USB ports, which amongst other reasons is a problem because some USB devices don’t work with hubs.

It took until at least USB 3 before it was as fast as FireWire.

Hot swapping devices worked reliably with FireWire, but doing that with my new USB 3.1 drive dock will sometimes knock other USB devices off the bus.

It sounds convenient that USB-C and Thunderbolt 3 now share the same port, but this has brought USB’s flakiness to the formerly rock solid DisplayPort. Every month or so my iMac stops recognizing my external display until I’ve restarted a few times and plugged and replugged the connector and swapped it back and forth between the different ports. (At least I have two.)

Previously: 20 Years of iMac.

Monday, May 14, 2018

EFail Vulnerabilities in OpenPGP and S/MIME

Efail (PDF, Hacker News, MacRumors, ArsTechnica):

The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails. In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago.

The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.


The victim’s client decrypts the encrypted second body part and stitches the three body parts together in one HTML email as shown below. Note that the src attribute of the image tag in line 1 is closed in line 4, so the URL spans over all four lines.

The email client then URL encodes all non-printable characters (e.g., %20 is a whitespace) and requests an image from that URL. As the path of the URL contains the plaintext of the encrypted email, the victim’s email client sends the plaintext to the attacker.


Second, we describe the novel CBC/CFB gadget attacks which abuse vulnerabilities in the specification of OpenPGP and S/MIME to exfiltrate the plaintext.

Matthew Green:

PGP has supported proper optional message authentication (which stops this attack) since 2001, but it can’t be made mandatory because “some implementations haven’t kept up.”


So in summary, PGP clients are vulnerable because 17 years after a vulnerability was known, the mitigation was not made a default in GnuPG and defense was instead “left to PGP clients”, which also make a convenient scapegoat when it goes pear-shaped.


Moving on from the question of who is to blame, there are two neat findings in this work. The first is that most mail clients are (were) way too willing to reach out to remote servers, even when set up not to. This is: yikes.

Update (2018-05-14): See also: Bruce Schneier.

Update (2018-05-15): Howard Oakley:

It appears that macOS High Sierra 10.13.4 does address direct exfiltration of S/MIME email, with the following fix now reported in its security release notes[…]

Update (2018-05-18): See also: Matthew Green.

John Carmack’s Steve Jobs Stories

John Carmack (Hacker News, Reddit):

I was brought in to talk about the needs of games in general, but I made it my mission to get Apple to adopt OpenGL as their 3D graphics API.


Steve first talked about application development for iPhone at the same keynote I was demonstrating the new ID Tech 5 rendering engine on Mac, so I was in the front row. When he started going on about “Web Apps”, I was (reasonably quietly) going “Booo!!!”.

After the public cleared out and the rest of us were gathered in front of the stage, I started urgently going on about how web apps are terrible, and wouldn’t show the true potential of the device. We could do so much more with real native access!

Steve responded with a line he had used before: “Bad apps could bring down cell phone towers.” I hated that line. He could have just said “We aren’t ready”, and that would have been fine.


The Steve Jobs “hero / shithead” rollercoaster was real, and after riding high for a long time, I was now on the down side. Someone told me that Steve explicitly instructed them to not give me access to the early iPhone SDK when it finally was ready.

Previously: A Very Sweet Solution.

Update (2018-05-18): Jim Black (via John Carmack, Hacker News):

And what happened next was one of the most impressive things I’ve ever witnessed about Steve or any Silicon Valley exec. Early on in the discussion, the Apple engineer realized that “graphics engineer” in the room was John Carmack. And he realized that he was going to need to defend his technical decision, on the merits, in front of Steve. After extended back and forth, the Apple engineer said, “John, what you’re arguing for is the ideal …”

He never made it to the next word because Steve suddenly stood bolt upright, slamming both palms onto the desk and shouting, “NO!!!!”

“NO!!! What John is saying is NOT the ideal. What John is saying is what we have to do!!! Why are we doing this? Why are we going to all this trouble to build this ship when you’re putting a TORPEDO IN ITS HULL?!!!!”


As a comical aftermath to the story, John next told Steve point blank that the iMac mouse “sucked.” Steve sighed and explained that “iMac was for first-time computer buyers and every study showed that if you put more than one button on the mouse, the users ended up staring at the mouse.” John sat expressionless for 2 seconds, then moved on to another topic without comment.

Google Is Rebranding Storage Plans As “Google One”

Frederic Lardinois (Hacker News):

Google is revamping its consumer storage plans today by adding a new $2.99/month tier for 200 GB of storage and dropping the price of its 2 TB plan from $19.99/month to $9.99/month (and dropping the $9.99/month 1 TB plan). It’s also rebranding these storage plans (but not Google Drive itself) as “Google One.”

Going forward, you’ll also be able to share your storage quota with up to five family members.


That access to live experts — not some barely functional AI chatbot — comes with every Google One plan, including the $1.99/month 100 GB plan.


It’s worth stressing that the existing free quota of 15 GB will remain.


I think this article is missing the bigger picture—this isn’t about storage. This is Google trying to copy the success of Amazon Prime.

They’re going to try to unify lots of different benefits under a single, high-value subscription. The storage plans and priority support are just the first benefit they’ve tied to the subscription.

Previously: The Missing iCloud Storage Bump.

Update (2018-05-15): John Gruber:

So Google is now ahead on the free and $1/month tiers — but not by much — and is only matching Apple at the other tiers. I would think Google would want to kick Apple’s ass here.

Google’s Privacy Policy

Paris Martineau:

Though Google announced that it would stop using consumer Gmail content for ad personalization last July, the language permitting it to do so is still included in its current privacy policy, and it without a doubt still scans users emails for other purposes. Aaron Stein, a Google spokesperson, told NBC that Google also automatically extracts keyword data from users’ Gmail accounts, which is then fed into machine learning programs and other products within the Google family. Stein told NBC that Google also “may analyze [email] content to customize search results, better detect spam and malware,” a practice the company first announced back in 2012.

Via Nick Heer:

It’s bothersome that Google was scooping up users’ emails for ad targeting purposes in the first place, then said that they would stop doing it — after way too long — and has now given itself permission to keep doing so if they want to.

I don’t really understand the issue here. The headline seems misleading:

Remember when Google said it would stop reading your email?

Google only said that it would stop using your e-mail for advertising purposes, and no one is alleging that it didn’t follow through. The privacy policy that’s mentioned says:

When you share information with us, for example by creating a Google Account, we can make those services even better – to show you more relevant search results and ads, to help you connect with people or to make sharing with others quicker and easier.

But this seems to apply to all of Google’s services, so of course it has to say that. Maybe there should be a separate privacy policy for Gmail?

Previously: Google Will Stop Reading Your E-mails for Gmail Ads.

Friday, May 11, 2018

Chrome OS Is Getting Linux App Support

Emil Protalinski:

As a result, Chromebooks will soon be able to run Linux apps and execute Linux commands. A preview of Linux on the Pixelbook will be released first, with support for more devices coming soon.

One of Google’s goals this year is to make it possible for developers to code on Chromebooks. Want Chrome OS to run the Linux terminal, Android Studio, Git, Sublime, Vim, or Android Studio? All of that will be possible this year.

Via Colin Cornaby:

Google just threw open the doors to Android development becoming a big thing taught in schools. No playgrounds, no restrictions, real Android Studio on Chromebooks.

Apple really needs to get back into the low end macOS notebook segment. Hoping they can build a cheap ARM laptop.

There is a huge gap (in both price and functionality) between an iPad and Apple’s current Macs. I can’t stop thinking about netbooks and the original MacBook Air. In 2008, Apple said it couldn’t make a cheap laptop that was good. So it made the MacBook Air, which was both better and much more expensive. Ten years later, I think this would be possible. Apple just doesn’t seem interested in doing it. The $899 11-inch MacBook Air was a step in the right direction, but instead of iterating and gradually bringing down the price, Apple discontinued it and replaced it with the 12-inch MacBook, which costs $1,299 and may actually be slower. There are PC laptops that cost $200 and run Windows 10. I don’t expect Apple to go that low, but they’re not even in the game.

Update (2018-05-14): See also: Are Chromebooks ready for serious development?.

Visual Studio IntelliCode


IntelliCode generates recommendations by using a machine-learning model that is trained on thousands of public codebases – today it uses over 2000 GitHub repos that each have more than 100 stars to ensure that you’re benefiting from best practices. The model is used in your IDE along with your local code context to provide .NET related APIs that are likely to be the most relevant for you given the line of code you’re writing. We’ll be growing and improving the model over time so the recommendations will get better as we progress.

Legacy FileVault and macOS 10.13

Mike Peterson (via John Gordon):

macOS 10.13 officially kills off support for legacy FileVault. It’s simply not usable with the operating system. If you have High Sierra installed, you won’t see the option to toggle FileVault (see above).

Because of that, users can’t even install macOS 10.13 without first disabling legacy FileVault. But, of course, bugs can happen.


As indicated in a recent Macworld article, if macOS 10.13 is installed on a system, any active legacy FileVault drives or user accounts become unusable.

macOS Monitoring the Open Source Way

Michael George:

Let’s say a machine in your corporate fleet gets infected with malware. How would you detect it? How could you find out what happened on the machine? What did the malware do? Did it steal your browser’s passwords? What network connections did the malware make? Was it looking for crypto currency? By having good telemetry and a good host monitoring solution for your machines you can collect the context necessary to answer these important questions.

Proper host monitoring on macOS can be very difficult for some organizations. It can be hard to find mature tools that proactively detect security incidents. Even when you do find a tool that fits all your needs, you may run into unexpected performance issues that make the machine nearly unusable by your employees. You might also experience issues like having hosts unexpectedly shut down due to a kernel panic. Even if you are able to pinpoint the cause of these issues you may still be unable to configure the tool to prevent the issue from recurring. Due to difficulties like these at Dropbox, we set out to find an alternative solution.

Thursday, May 10, 2018

The Laws of Core Data

Dave DeLong (tweet):

In my conversations with developers, I’ve heard a pretty common theme from them that “Core Data is hard” or “Core Data is buggy” or “I could never get it to work right and gave up on it”.

I’ve spent a lot of time using Core Data and thought I’d share my “Laws of Core Data”. These are a set of rules I’ve developed over time on how to use Core Data in such a way that it is almost entirely painless. When I follow these rules, I almost never have any problems using it.

Of particular note is that, contra Zarra, he thinks child contexts are usually unnecessary.

Colin Cornaby:

I find that when most people complain that CoreData is not thread safe out of the box, they’re really saying “I’m able to ignore that my existing model code is also not thread safe.”

Core Data has its issues—for example, there is a lot to learn, it is verbose, there are some persistent bugs, and in some cases it’s much slower than using SQLite directly—but overall I think it’s unfairly maligned.

Update (2018-05-11): Marcus Zarra:

All of the internal workings of your Core Data stack, your persistence and data model absolutely should be stored in the persistent container and that container should be injected through your controllers in your application.


An NSManagedObject is an NSObject that has additional functionality added. It should absolutely be treated as if it is an NSObject because it is an NSObject. NSManagedObject instances are your data objects and should be treated as such. Creating Plain Old Objects on top of NSManagedObject instances is asking for pain and data corruption.

The crux of the issue is that NSManagedObject is an NSObject that doesn’t obey that class’s standard contract. So it should not be treated as such. That said, I’m not sure there would be anything to gain by actually making it a separate root class. Creating plain objects on top of NSManagedObject instances can be a useful pattern. It has really simplified some of my code and made it faster and more robust. But I would only do this on a case-by-case basis, not as a regular part of using Core Data.

If your app talks to anything else then you will want to use parent-child contexts.

The parent context should be on the user interface thread (the main thread) and when you need to do asynchronous work with your data objects (importing or exporting) then you want to do that on another thread and that work should be done in a child context.

A child context simplifies the transfer of notifications of data changes and greatly simplifies using Core Data in a multi-threaded environment.

See also: Colin Cornaby and Marcel Weiher.

Update (2018-05-15): See also: Peter Steinberger.

C Is Not a Low-level Language

David Chisnall (Hacker News):

In the wake of the recent Meltdown and Spectre vulnerabilities, it's worth spending some time looking at root causes. Both of these vulnerabilities involved processors speculatively executing instructions past some kind of access check and allowing the attacker to observe the results via a side channel. The features that led to these vulnerabilities, along with several others, were added to let C programmers continue to believe they were programming in a low-level language, when this hasn't been the case for decades.


A modern Intel processor has up to 180 instructions in flight at a time (in stark contrast to a sequential C abstract machine, which expects each operation to complete before the next one begins). A typical heuristic for C code is that there is a branch, on average, every seven instructions. If you wish to keep such a pipeline full from a single thread, then you must guess the targets of the next 25 branches.


Consider another core part of the C abstract machine's memory model: flat memory. This hasn't been true for more than two decades. A modern processor often has three levels of cache in between registers and main memory, which attempt to hide latency.


A processor designed purely for speed, not for a compromise between speed and C support, would likely support large numbers of threads, have wide vector units, and have a much simpler memory model. Running C code on such a system would be problematic, so, given the large amount of legacy C code in the world, it would not likely be a commercial success.

Previously: Intel CPU Design Flaw Necessitates Kernel Page Table Isolation.

Update (2018-07-04): See also: Lambda the Ultimate.

“Black Dot” Unicode Bug

Benjamin Mayo:

A new Unicode text bug is being spread around today, popularised by a video by EverythingApplePro. It’s being called the ‘black dot’ bug because of its origins on Android as a bug relating to WhatsApp: it was being spread with the following emoji: <⚫>👈🏻. The iOS version of this bug is a bit different in its mechanics, but neither variants actually rely on the visible black dot character to cause the freezes and crashes.

The secret is that the strings contain thousands of hidden invisible Unicode characters, which churns through CPU cycles as the system attempts to process them. If this specially crafted text is sent through Messages, it will result in repeated crashes when the recipient tries to read it.


I’ve already said it but Apple should revisit the text rendering architecture. Unicode is so complex it cannot be trusted in the same process as the app (or SpringBoard). Rendering should be done off-process just like how the window server on macOS deals with windows, Mission Control, and the mouse cursor (which continue to work even when an app freezes).

Once a particular string hangs or crashes the rendering process, it should be blacklisted and dealt appropriately until an update comes around which fixes the issue. The process could even report the blacklisted string to Apple (with permission from the user) so that it could be fixed early on.

Various Web rendering and font tasks are also handled out-of-process already.

Previously: Another iOS Crash Caused By Sending Unicode Character.

iOS 11’s Streamlined, Yet Extensible File Management

Federico Viticci:

Notably, while some Mac users may scoff at my delight in iOS 11’s document browser and third-party storage locations, I think it’s remarkable how what I described above can be accomplished just by installing apps and extending the system without questionable installers or system modifications. Yes, I could probably save time by performing the same actions with a shell script on macOS, but I prefer having an intuitive GUI and a file manager that can be extended just by downloading new apps from the App Store. While not perfect, the document browser and file provider extensions are some of the most exciting changes in iOS 11 with a lot of untapped potential because they are deeply integrated with the system and consistent with iCloud Drive.

Which is why I’d like Apple to improve some aspects of this workflow: it’d be great, for instance, if Working Copy could show colored indicators for documents that haven’t been committed in the document browser, or perhaps offer a button to refresh the contents of a repository and update its contents inline within the Files view. Similar features are available in the Mac’s Finder; Apple should continue to borrow from it as they work on what’s next for Files.

JPEG Decoding With the Best

Luke Parham (via Indie iOS Focus Weekly):

That’s right, any time you have a UIImage created from a JPEG, assigning it to be displayed by an image view means that an implicit CATransaction will be created and your image will be copied, decompressed, and rendered on the next display pass triggered by the run loop. […] This all happens on the main thread.


Well you can’t make UIImageView do its decoding more quickly, but if you’re so inclined, you are able to preemptively render the jpeg yourself!


First, there is, unfortunately, no API that’s been exposed for you to tell whether a given UIImage has already been decoded or not. This means that if you’re using this trick, you’ll want to make sure to carefully cache and re-use these images when you can since they take up a lot more memory than their compressed counterparts.

Second, this particular method is technically "offscreen rendering" in that it’s no longer hardware accelerated, but it’s the ok-when-it’s-useful kind of offscreen rendering, not the kind that makes your GPU stall.

Tuesday, May 8, 2018

Discovery - DNS-SD Browser

Discovery 2.0 (via Kevin Ballard):

Discovery is a utility that displays all of the Bonjour services available on the local network or on Wide-Area Bonjour domains. Use it to debug your latest program, detect computers connected to your network, or just keep tabs on what services are available. Perfect for network admins or developers!

This application is the successor to the venerable Bonjour

Previously: Bonjeff 1.0.

What Happened to Apple’s Whimsy?

Peter Cohen:

The iMac debuted 20 years ago this week. It’s not hyperbole to say that it’s the computer that saved Apple and set the stage for Apple’s ascendance to becoming the biggest tech company in the world. All that said, Apple’s lost something in the translation – while the iMac is still a fixture in Apple’s product line, it lacks some essential qualities of that first model. Its personality has changed. The iMac has gotten harder. It’s lost the sense of whimsy, fun, and wonder that made the first iMac such a joy to use.


The original iMac was a mass-market computer designed to appeal to consumers, educators, and others that Apple saw as a ripe market. Today’s iMac is orders of magnitude faster and more capable, but as a design exercise, it’s also infinitely more severe. Severe in both form and function.

Marco Arment:

It tragically passed away in 2011.

We all really miss it.

On the other hand, now we have watch bands, Animoji, and Siri jokes.

Nick Heer:

I think that Apple’s increasingly austere take on industrial design has made them better at shipping products that feel almost invisible. I appreciate that. It reduces the hardware to a tool, but not an appliance, yet I think Apple’s products feel even more approachable than they used to because so much of what they make is entirely straightforward. They don’t need to mask the complexity of the software with a layer of gumdrop plastic; in many ways, the software has become simple enough that the hardware can reflect that.

Is the software on a 2018 iMac really simpler than on a 1998 iMac? I don’t know how you would measure this, but my gut feeling is that it’s more complex now.

Or, to take a specific example, Time Machine’s restoration interface no longer has a star field. Other than some additional colors (more complexity) it works pretty much the same as before, so I don’t see how you can make the case that the star field is no longer “needed.” It just seems like a change in fashion.

Previously: 20 Years of iMac.

Update (2018-08-02): See also: Memoji Apple Leadership, Accidental Tech Podcast.

Update (2019-09-13): John Gruber:

Whimsy is coming back.

Update (2020-02-07): Ryan Poolos:

It has been a long time since Apple had whimsy like this. On the homepage no less. Whoever is driving Apple Arcade inside is doing great.

A Tricky Feature

Mark Bernstein:

When you copy some text in Tinderbox 7, you copy the text and its styles but not thew text links. Being able to copy and paste text links along with the text seems a simple-enough request, and in fact it will be part of Tinderbox 7.5. One tester recently asked the obvious “what took you so long?” question: why was this difficult.


The whole business was, in short, a classic example of a task that ought to have been easy, that any reasonable customer would assume to be easy. The final implementation is really not very large or complex. Nevertheless, it required an inordinate amount of work. This is usually the mark of bad code, but I really don’t see what would have made this easier.

iOS Design Inconsistencies Across Apple’s Apps

Benjamin Mayo:

My gripe is there is no consistency, no structure or logic to this. Apps introduced later sometimes use rounded icons, sometimes not, sometimes create all-new custom glyphs of their own. Incredulously, you could open flagship apps like Messages, Mail and Safari and have no idea Apple was even playing with bold icons as a conceptual change. These apps adopted the iOS 11 large bold navigation bar title formats, but their icons and glyphs have stagnated for more than four years at this point.

All the icons I’ve showed you here are from Apple’s built-in default apps. I expect them to set the standard for the iOS design language … but the reality is far from a perfect point. It’s scattershot, it’s a mess of competing visions. I couldn’t say what Apple’s human interface team wants the share icon to look like, let alone the structure and experience of iOS apps as a whole. Everything is in disarray.

VI Months With the iPhone X

Nick Heer:

It is still the most beautiful product Apple has ever shipped; it still feels impossibly good, like a prototype, like a fine watch, et cetera, et cetera.


However, the display has not remained blemish-free. There are a few small but noticeable hairline scratches, especially in the area where my right thumb swipes upwards to unlock or scroll. I haven’t treated this iPhone any differently, nor is the skin on my thumb any different than it used to be, as far as I know. However, after comparing the screen of my iPhone X against my old iPhone 6S, it seems to be scratched more obviously.


Yet, no matter how much better the new noise reduction algorithms are, they’re still no match for the detail you can see in a RAW photo. That’s part of the hardware story: both of these cameras are truly sublime.


The home screen still follows a pattern of starting in the upper-left corner. Tapping the back button that appears after one app launches another now requires a warmup of finger callisthenics, and an active AppleCare agreement, just in case. And bringing down Control Centre by dragging from the upper-right “ear” still feels bizarre and unfinished.


The gestural navigation that replaces the home button is, frankly, ingenious. Jumping between apps and the home screen feels fun, and switching between apps by swiping across the home indicator is second nature.

I just wish it felt better in the hand and pocket.

Previously: Scratched iPhone 8 and iPhone X Screens, iPhone 8 and iPhone X Cameras.

Monday, May 7, 2018

Requesting Your Personal Data From Apple

Jefferson Graham (Hacker News):

I use an iPhone, iPad and two Mac computers, and Apple also offers data downloads in the privacy section of its website. It’s hard to find, and once you do make the connection, you can expect a hefty wait to get the results.


It took eight days for my data to arrive from Apple, from a European office that is handling the privacy requests. After making the request, the iPhone maker first asked for my street address, phone number, the serial number of the iPhone, and other personal information before releasing it. This compares to Google and Facebook’s data dump. They asked no questions, and the results arrived swiftly—Facebook within minutes, and Google within hours.


On the Safari browser on my Macs, my browsing history goes back to July 2017, but Apple says it doesn’t track that information.

That’s curious because Safari sends your full browsing history to iCloud, and the only way to opt out is to turn off all the Safari-related iCloud features.

Previously: Keeping Your Safari Data Private.

Update (2018-05-08): Tom Hagopian:

Isn’t the reason your Safari browsing history isn’t included because Apple doesn’t track it? Would the data dump also include, e.g., my typing shortcuts, also synced by iCloud? Mail signatures/smart mailboxes?

He may well be right, but I don’t understand the distinction. In reading about GDPR, it seems to matter what data you are storing, much more than what you are doing with it, and clearly Apple is storing a lot in iCloud.

My Data Request:

Hundreds of companies store & process information about you. In many cases, you’re entitled to this data, as well as information on how it’s being used & shared. We read these companies’ privacy policies to figure out how you can get this data about you.

Update (2018-05-16): Zack Whittaker (via Tom Hagopian):

Apple says that any data information it collects on you is yours to have if you want it, but as of yet, it doesn’t turn over your content which is largely stored on your slew of Apple devices. That’s set to change later this year when the tech giant will allow customers to download their data archives, largely to comply with new European data protection and privacy rules.


iCloudLogs.xlsx keeps a note on every time one of your devices downloads data from iCloud, including your photo library, contacts, and Safari browsing history -- but doesn’t contain the actual data.

Update (2018-06-02): Tim Hardwick:

Apple has launched a new Data & Privacy website that includes an option for Apple users to download all the data associated with their Apple ID account that the company keeps on its servers.

Olivier Roux:

I just downloaded my whole Apple Privacy Data stuff and in there the IS a json file named SafariBrowsingHistory.json so you can download your Safari history, it is included in the «Other data» category (and then in a zip file named «Apple Features Using iCloud») 1/2

Steve Sande:

For users in any other countries, the site currently offers two choices: Correct your data or Delete your account. Apple will make the other data and privacy services available to all customers within a few months, but it is possible to request a copy of your data at the present time.

Update (2018-06-12): See also: Kirk McElhearn.

Update (2018-10-26): Zack Whittaker:

Good news! Apple now allows U.S. customers to download a copy of their data, months after rolling out the feature to EU customers.

But don’t be disappointed when you get your download and find there’s almost nothing in there.

Update (2024-03-08): Accidental Tech Podcast reports on the limited data that’s provided from the Notes app.

What Do Security Updates Actually Fix?

Howard Oakley:

Apple claimed that all the 12,621 files installed in that security update were required to fix a memory corruption bug in Crash Reporter, and to address a spoofing issue in the handling of URLs in text messages (which Apple associated with “LinkPresentation”). Those were and remain the only fixes which Apple has listed as being included in that security update. Only last year, a typical security update of that size was accompanied by notes on 50 or more bugs which were fixed.


Apple is also in the habit of updating its security release notes after the release of that update. In some circumstances, where details of the vulnerability haven’t yet been released, and with contentious issues such as Meltdown and Spectre, this appears reasonable. But in several recent cases, Apple has later added details of fixes which appear simply to have been omitted from the original release notes. Unless you are in the habit of frequently re-reading release notes at Apple’s security updates listings, this means that you are likely to miss such delayed information.


Sarah did the right thing, and reported the bug to Apple, only to learn that she was not the first to do so. But Apple has still not revealed when the partial fix occurred, nor acknowledged that it delivered a complete fix in 10.13.4.

Previously: High Sierra Stored APFS Volume Passwords in Log Files.

Microsoft App Store Lowers Fees

Microsoft (via Nicole Lee):

Starting later this year, consumer applications (not including games) sold in Microsoft Store will deliver to developers 95% of the revenue earned from the purchase of your application or any in-app products in your application, when a customer uses a deep link to get to and purchase your application. When Microsoft delivers you a customer through any other method, such as in a collection on Microsoft Store or any other owned Microsoft properties, and purchases your application, you will receive 85% of the revenue earned from the purchase of your application or any in-app products in your application.

Previously: That 30% App Store Tax.

Update (2018-05-08): Ryan Jones:

6 months ago, I would have guessed Apple would continually drop the App Store’s 30% fee.

Now? No way- milking “services revenue” is their post iPhone story. See iCloud storage & Apple Music pushiness.

30% is SO high. So high. Anything above 15% feels crazy tbh.

Damien Petrilli:

30% and you have to pay for search ads in hope to be discovered...

Update (2019-03-07): Chance Miller:

The company says that starting immediately, developers will keep 95 percent of app revenue, while Microsoft will take the remaining 5 percent. There is, however, some fine print worth noting.

First and foremost, Microsoft says that in order for developers to lock-in the full 95 percent, the user must have downloaded the app through a direct URL.

Previously: Apple and Google Face Growing Revolt Over App Store “Tax”.

Swift LispKit

Swift LispKit:

LispKit is a framework for building Lisp-based extension and scripting languages for macOS applications. LispKit is fully written in the programming language Swift. LispKit implements a core language based on the R7RS (small) Scheme standard. It is extensible, allowing the inclusion of new native libraries written in Swift, of new libraries written in Scheme, as well as custom modifications of the core environment consisting of a compiler, a virtual machine as well as the core libraries.


From an architectural perspective, LispKit consists of:

  1. a compiler translating LispKit expressions into bytecode, and
  2. a virtual machine for interpreting the generated bytecode. The virtual machine is stack-based, handles tail calls and continuations, and provides a garbage collector.

Details can be found in the LispKit Wiki.

Ray Ozzie’s Encryption Backdoor

Bruce Schneier:

I have no idea why anyone is talking as if this were anything new. Several cryptographers have already explained explained why this key escrow scheme is no better than any other key escrow scheme. The short answer is (1) we won’t be able to secure that database of backdoor keys, (2) we don’t know how to build the secure coprocessor the scheme requires, and (3) it solves none of the policy problems around the whole system. This is the typical mistake non-cryptographers make when they approach this problem: they think that the hard part is the cryptography to create the backdoor. That’s actually the easy part. The hard part is ensuring that it’s only used by the good guys, and there’s nothing in Ozzie’s proposal that addresses any of that.

Previously: Microsoft Leaks Its Golden Key, Why Are We Fighting the Crypto Wars Again?, FBI Asks Apple for Secure Golden Key.

iCloud Drive Breaks the macOS Command Line

Howard Oakley:

Apple’s current engineering solution breaks consistency of file names and paths. When a file has been evicted from local storage, and only exists in full in iCloud storage, the local stub file uses the previous name prefixed with a stop/period, and gains the extension of .icloud. When that file is downloaded to local storage – something which can be triggered by all sorts of events – the leading stop/period and the extension are stripped.


Many commands and scripts can safely ignore files which the user has placed in their iCloud Drive. But the moment that a user enables Desktop & Document Folders to be stored in iCloud, with Optimize Mac Storage enabled, file names in ~/Documents are affected, and commands and scripts will fail when run on one of the most important and active directories on most macOS systems.


Apple’s own most robust tool for locating files, the Finder alias, is broken by iCloud.


Inevitably, all hard and symbolic links made to evicted files are also broken by their eviction.

Faced with the problems posed by iCloud, a lot of commands, shell scripts and other scripting becomes inordinately complex, and in some cases impossible. Apple needs to continue to evolve the iCloud interface, making it consistent with the fundamental needs of commands and shell scripts. If it doesn’t, but continues to converge with iOS, it will undermine macOS itself.

Update (2018-05-10): See also: MacInTouch.

Friday, May 4, 2018

Retrobatch Public Beta

Gus Mueller:

Retrobatch is a node based (not the JS language) batch image processor. A bit like Quartz Composer, and a bit like Audio Hijack. But for images. Lots and lots of images (or maybe a few or even one).


But why node based? Every batch image processor I’ve come across was linear. You put images in one end, and out they came the other side. But that’s so limiting! What if it was possible to take a folder of images and then operate on them twice with the same workflow? What if you could create branches where one would resize images to 50%, and another write out PNG files with the @2x suffix added to the file name? What if you had a workflow that referenced multiple folders which combined into a single output?

And all the possibilities! What if you could read an image from the clipboard, apply a filter to it, and write it to a folder and to the clipboard? What if you had a way to separate out PNG images of a certain size from a folder and only do an operation to those? What if you could script the application in response to new images being added to a shared folder? What about if it could capture all the open windows of your favorite application as images, then apply a filter to those, and then write out a layered PSD of those windows? What if you wanted to apply a machine learning model against your images, to figure out which contains pictures of hotdogs in them, and then perform some action based on that?

This is a really cool idea for an app, and I like the way he’s designed the interface. The beta seems to be pretty mature already.


The App Store requires apps be sandboxed, which would considerably limit Retrobatch’s functionality.

Update (2018-06-02): Gus Mueller:

Which is all to say Retrobatch 1.0 was released yesterday!


For instance, the initial work to bring Metal to Acorn 6.1 was originally done in Retrobatch. Since I had no legacy code to worry about with Retrobatch 1.0, I started with Metal from the beginning. And with that experience I was able to figure out how I could move code around and refactor Acorn in an intelligent way to bring Metal rendering there.

AirPods Switching Limitations

Ryan Jones:

Wasn’t the W1 in AirPods supposed to, and did initially ship with, automatic pairing switching between Mac and iOS?

Ryan Jones:

Consensus is saying W1 AirPods shipped with

1) shared pairing between iCloud devices

2) auto switching between iOS devices

No documented auto switching Mac to iOS.

Consensus was wrong. Auto switching is not between iOS devices, it’s between Watch and iPhone. That’s it.

For the record, the AirPods intro video deviously leads you to thinking they switch, without saying it.


Agree. Whatever it shipped with, right now Mac vs iOS switching doesn’t work automatically.

Ryan Jones:

Bingo. W1...meh for Bluetooth pairing. Actually, worse since they can only pair to 1 device at a time.

Also, press did get a version that auto switched between Mac and iOS...for a few weeks. It never shipped.

I continue to like my AirPods, but it is disappointing that the switching is more limited than we initially thought it would be.

Previously: Tooth Fairy.

Update (2018-05-04): See also: Dan Masters and Evgeny Cherpak.

Tom Hagopian:

Well they just remember which device used them last, right? What’s really annoying to me is 1) using them with iPad; 2) leaving the iPad at home and just bringing my Watch+iPhone; 3) AirPods don’t auto-connect to the “only device” present. (Quotes bc Watch+iPhone auto-switch.)

Twitter Stored Passwords in Log File

Twitter (Hacker News, MacRumors):

Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.

Nick Heer:

The euphemistic and misleading headline upsets me. What’s even more worrying is Agrawal’s reaction in a tweet[…]

CTO Parag Agrawal:

We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do.

Roustem Karimov:

This is weird, @Twitter. Shouldn’t you be hashing the passwords on the client side, BEFORE sending them to the server?

Mark Hughes:

So first, and most importantly, never reuse passwords, no matter how trivial. Eventually any company will screw up or be hacked, and your password exposed, and then someone can try it on every other site.

Rick Fillion:

It took us a while to find what we needed for this layer. (Apparently the marketing department of augmented password-authenticated key agreement protocols is underfunded.) But we eventually found SRP, which ticked all our boxes. SRP is a handshake protocol that makes multiple requests and responses between the client and the server. Now, that may not sound very interesting – and I’m not one to show excitement easily – but SRP is a hell of a layer. With SRP we can:

  • authenticate without ever sending a password over the network.
  • […]

Previously: High Sierra Stored APFS Volume Passwords in Log Files.

Thursday, May 3, 2018

The 2017 Panic Report

Cabel Sasser (tweet):

How’d it do, then? What’s the business side of macOS productivity software like? I’m happy to say Transmit 5 sold quite well, all directly through our store. And the timing was (accidentally) totally great — just as Firewatch revenue was starting to wane as the game ran its course, Transmit 5 fully picked up the slack. It was comforting to see that people are still willing to pay real money for good Mac software. That’s why we’re here and can continue to do what we do.

One interesting note: We added a ton of new cloud services in Transmit, which is great, but it definitely adds an exponential burden to our QA process (many connection types × many functions = many many tests). Interestingly, to this day, still nothing beats the popularity of plain old SFTP, and, oh my stars, FTP.

Wade Cosgrove:

The first and most obvious change we made to Transmit was how it handled transferring large file hierarchies. In prior versions of Transmit, when you started transferring a group of files and folders, it would transfer the top-level items using individual connections to the server, but the folders and their contents would be processed serially using one connection. This worked well if you were transferring many top-level folders, as they would be transferred concurrently, but transferring a single folder would only ever use one connection. With today’s fast internet connections and multi-core devices we felt it was time to fully multi-thread every possible transfer scenario. In Transmit 5, almost all transfers will use the maximum available connections regardless of their contents. (Some cloud services restrict the amount of API calls you can make to the service over a period of time, so those services are limited to two transfer connections.) This allows multiple connections to work on the contents of a single folder, which results in much faster transfers.


In some cases we found the entire transfer could be completed in the amount of time it was taking Transmit just to compute the overall transfer size! Transmit 5 now computes the overall transfer size dynamically and asynchronously with the transfers themselves, so your transfers start immedately and you still get that sweet double progress bar.

Previously: Panic Discontinues Transmit for iOS, Transmit 5, The 2016 Panic Report.

Pocket Casts Acquired

Russell Ivanovic (tweet, Hacker News):

We’ve had a lot of companies in the past contact us about acquiring us and or Pocket Casts and we’ve always had one simple answer for them: thanks, but no thanks. In talking to each of them it was obvious that they didn’t have the best interests of our customers or us at heart and as much as cashing out and walking off into the sunset is a nice ideal, it’s a crummy outcome for all of you and in turn for us. You see we care so damn deeply about what we’ve built and our relationship with each and every one of you that we know deep down inside that would just eat away at us. That’s why when a combined group comprised of WNYC, NPR, WBEZ and This American Life approached us with the goal of partnering for the good of the entire podcast industry, we knew that this opportunity was something else entirely. Everything from their not for profit mission focus, to their unwavering belief that open and collaborative wins over closed walled gardens resonated deeply with us. Together we have the passion, scale and laser focus needed to achieve some truly great things.

Chris Welch:

Pocket Casts, widely considered to be one of the best mobile apps for podcast listening, has been acquired by a collective group that includes NPR, WNYC Studios, WBEZ Chicago, and This American Life. “This unprecedented collaboration furthers public radio’s leading role as an innovator in audio discovery and distribution, while ensuring the continued support and growth of one of the most popular listening platforms on the market,” the companies said in a press release announcing the news. That team of stations and podcast producers are responsible for some of the format’s biggest hits like This American Life (duh), Serial, Radiolab, and Planet Money.

Moving forward, Pocket Casts will operate as a joint venture between the new owners. Philip Simpson and Russell Ivanovic, who formed Shifty Jelly (Pocket Cast’s developer) in 2008, will have unspecified “leadership roles.” The existing staff and development team is staying put. Owen Grover, a veteran of iHeartRadio / Clear Channel, has been named as Pocket Cast’s CEO. NPR’s apps including NPR One will remain in development.

Update (2018-05-04): John Gruber:

I hope this works out great, but I would wager money that this is about user-tracking (for user profile-based dynamic ad inserting) and embedding crap like listener surveys right in the player. Many of the shows in this collective are already doing dynamic ad insertions based on their best guess of your location based on your IP address. I could be wrong, and hope I am, but I’ll bet Pocket Casts will soon ask for permission to access your location. A CEO from Clear Channel is not encouraging.

Russell Ivanovic:

I get the cynical angle about OMG DATA MINING. But Pocket Casts is staying Pocket Casts. We are a seperate organisation and still a tiny company with the same values we’ve always had. We had plenty of chances to sell your data, we said emphatically no to all of them.

Russell Ivanovic:

We were very profitable before being acquired, so we did this deal from a place of wanting to keep the podcast industry open.

Ryan Jones:

why don’t you say what it IS about then?

Russell Ivanovic:

We’ve never talked about specifics of future plans. That’s just a business/ethos thing, you talk after you do, not before.

Update (2018-05-08): Renaud Lienhart:

And I think they’re being naive. Things are bound to turn sour very, very quickly.

Shifty Jelly:

Perhaps, but I also feel like that’s not giving us enough credit. We structured this entire deal in the best way we could to minimise that. We didn’t have to partner with anyone, we chose to because we agreed with them: bad things are coming for this industry.

Shifty Jelly (tweet):

The industry is amazing because it’s open. Anyone can publish a podcast and distribute it everywhere. No podcast is treated differently than another. However, “open” is not the default state of markets as they mature, as we’ve seen in other content businesses. When power is consolidated into the hands of just a few closed platforms, creators rarely win. And we care deeply about the fate of podcast producers everywhere.

It’s our mission to ensure that this doesn’t happen. If we succeed, we all benefit. If we lose, well, we feel it was a thing worth attempting. In the meantime there are some steps we need to take to get where we want to go, and we’ll talk about those when we’re ready. It’s early days, but we’re really excited for the future. Hope you all are too!

Cabel Sasser:

I got no horse in this race (someday I’ll listen to podcasts!!), but it seems like the “easy question to answer” in #6 isn’t actually answered? Consolidation bad… closed platforms bad… our mission is to ensure that doesn’t happen… isn’t that the opposite of selling the app?

Russell Ivanovic:

We didn’t have the resources or legitimacy to scale to the level required to fend that off. We could have taken VC funding but this seemed far better. Partner with the people who this affects and work together to solve it.

Announcing Stack Overflow for Teams

Joel Spolsky (Hacker News):

Today’s new thing is called Stack Overflow for Teams. It lets you set up a private place on Stack Overflow where you can ask questions that will only be visible to members of your team, company, or organization. It is a paid service, but it’s not expensive.


Quick background: every development team since the beginning of time has been trying to figure out how to get institutional knowledge out of people’s heads and into written, searchable form where everyone can find it. Like new members of the team. And old members of the team working on new parts of the code. And people who forgot what they did three years ago and now have questions about their own code.

iMac Pro and Secure Storage

Pepijn Bruienne (via Hacker News):

Given all of these changes, we wanted to explore how the T2 coprocessor was being used by Apple and how it currently fits into the larger system security model, as well as how this may evolve in the future. What follows is the first part of this exploration where we describe how the T2 coprocessor is used to implement Secure Boot on the iMac Pro, as well as comparing and contrasting this Secure Boot approach to those that have been present in Apple’s iDevices for a number of years.


The unique pairing here provides some very important security properties that prevent the memory chips that comprise the SSD itself from being physically removed from the system and connected to a different system, or from having their contents extracted from the chips and flashed onto SSD chips in another system. Apple states in further detail the way in which the T2 coprocessor and the SSD chips are uniquely bound together to provide these protections when the SSD chips are first initialized[…]


We believe that, with the introduction of always-on disk encryption in the iMac Pro, the FileVault activation process is now essentially identical to how a passcode protects an iOS device. When enabled, the user’s passphrase is entangled with the device’s hardware UID and used to create further derived keys that are used to encrypt and decrypt.

Previously: The T2 Chip Makes the iMac Pro the Start of a Mac Revolution, The iMac Pro.

20 Years of iMac

Michael Steeber:

Placed side-by-side with today’s models, the original Bondi blue iMac is nearly unrecognizable as a member of the same family. Yet, the iMac’s lineage follows one unbroken thread over the past two decades. Apple’s goal to make a powerful, easy to use all-in-one has not wavered. Perhaps Jony Ive summed it up most succinctly when he said Apple’s approach was to “evolve a solution until it seems completely inevitable, completely essential.”

The iMac’s design story is one of endless evolution, proof that innovation is the result of unrelenting iteration.

See also: ATPM 4.08, 4.09, and 4.10.

Update (2018-05-08): Josh Centers:

The iMac has now been around for 20 years, and 9to5Mac’s Michael Steeber documents its history from the original Bondi blue model (see “Welcome, iMac!,” 6 May 1998 and “iMac Hoopla,” 17 August 1998) to the current iMac Pro (see“Apple Releases the iMac Pro,” 15 December 2017).

Jason Snell:

Anyway, Andy Gore pretty much nailed his commentary on the iMac. Jobs choosing Flint Center at the venue was appropriate.

Jason Snell:

It’s hard to believe today that a Steve Jobs product presentation would be met with indifference, but there was a huge amount of skepticism about Apple’s product announcements back in early 1998.

John Gruber:

Until the iMac was unveiled, the only thing Apple had really shipped in the post-NeXT-reunification era was the Think Different ad campaign. That was a great campaign, but still, mere words, not action. The iMac was the first real product, and it set the stage for everything that has come since.

Tim Cook:

20 years ago today, Steve introduced the world to iMac. It set Apple on a new course and forever changed the way people look at computers.

Peter Cohen:

The first iMac was everything that PCs (and many previous Macs) weren’t. Bulbous, round, organic-looking, colorful. Free of legacy ports like parallel and serial connections, equipped instead with the then-novel USB interface for easy peripheral connectivity. An integrated design that didn’t lend itself to tinkering, but made the iMac less scary to people who weren’t familiar with computers.


I really enjoyed this weekend’s 20th anniversary celebration of the iMac.

It reminded me of when Apple still released new Macs

Lance Newcomb:

Apple took 8 months to design and ship the iMac. Yet it takes you TWO YEARS to design a new Mac Pro?

Update (2018-05-10): See also: Riccardo Mori, Jason Snell.

Tuesday, May 1, 2018

Scuttlebutt Regarding Apple’s Cross-Platform UI Project

John Gruber:

There is indeed an active cross-platform UI project at Apple for iOS and MacOS. It may have been codenamed “Marzipan” at one point, but if so only in its earliest days.


I don’t have extensive details, but basically it sounds like a declarative control API. The general idea is that rather than writing classic procedural code to, say, make a button, then configure the button, then position the button inside a view, you instead declare the button and its attributes using some other form. HTML is probably the most easily understood example. In HTML you don’t procedurally create elements like paragraphs, images, and tables — you declare them with tags and attributes in markup.


It’s a 2019 thing, for MacOS 10.15 and iOS 13. I would set your expectations accordingly for this year’s WWDC.

Mark Gurman:

Sounds like that‘s referring to a pair of separate projects (known alternately as “Amber,” “Infrared” and “Ultraviolet”) from the Swift team. Not the same as the iOS apps on Macs initiative. There are many moving pieces with a major multi-year, multi-step project like this.

This initiative likely intends to replace NIB files with Swift, linked to Interface Builder, which could allow developers to declare their UIs by hand or by using the existing visual tools, much like XAML on Windows.

Colin Cornaby:

A declarative control API, especially using a markup language like XML, opens up a lot of tooling possibilities. Apple could extend Interface Builder to create these declarative APIs, but I would love them to return to more powerful standalone UI tools. When Microsoft unveiled XAML, they also unveiled a tool called Sparkle, which eventually became Microsoft Expression.

Some kind of higher level declarative API atop Auto Layout sounds great. I really hope it’s not a markup language. That seems only marginally better than what we have now with nibs. The are pros and cons to using data vs. using code, but I think technologies like Auto Layout and Swift Playgrounds can eliminate most of the advantages of data, making it possible to unleash the power of code.

Brent Simmons:

We don’t know what it is. But my guess — based on my 38 years of writing code for Apple computers — is that it’s something you can use along with UIKit and AppKit, and not a wholesale replacement.

Michael Love:

Hmm. I’m inclined to trust @gruber’s sources here to a point, but I nonetheless feel like it’s suicidal for macOS to let this rumor be out there but not launch in 2018.

They could have made a more explicit attempt to tamp down that rumor at the time, for one thing - leak to someone like yourself that no, AppKit is AppKit and UIKit is UIKit and you should keep writing Mac apps.

John Gruber:

In my experience they don’t do that. Because if they did that to handle false rumors they’d give away when rumors are spot-on with their silence. The only rational strategy is silence, with rare exceptions.

Previously: Apple Rumored to Combine iPhone, iPad, and Mac Apps to Create One User Experience.

Update (2018-05-01): Dave Winer:

Reading Brent’s piece about Mac development made me think about the ideal, what I really want from being a developer for as long as I’ve been a developer. The thing that got me started was the independence of it. I could have taken a job at Bell Labs or some big mainframe or minicomputer company, and had a nice career being pushed around by bosses at big companies. But I went for PC development because it was something I controlled. I could do what I wanted. Make my own art. The things I wanted to do were things no company would approve of, they had no way of understanding it. And at first it was lovely. Then the corporate bosses at the PC companies started pushing us around and it turned to shit.

Update (2018-05-02): Mark Bernstein:

When personal computing got started, you could make pretty serious money by creating a good tool that people needed. Dave did that with MORE. Dan Bricklin did it with VisiCalc. Mitch Kapor with Agenda. There were lots more. No guarantees, certainly, and some good and smart people never got the big payday, but it was a real possibility.

That’s gone. The real money in iOS software comes from writing frauds and manipulating sad psychological quirks; it turns out that just about nobody makes a living, much less a killing, designing great iOS software. The economics are better on the desktop, but not much better.

The big fear from the iOS-macOS rumor is that Apple will destroy that, that they’ll cripple the Macintosh so badly that we’ll be left with a complete wasteland of 99¢ junk apps. There’s no place to run, no other viable desktop with a future.

See also: Accidental Tech Podcast.

Stop The Madness

Jeff Johnson:

Have you ever tried to copy some text from a web site, but the web site prevented it? Or the web site inserted an advertisement into the copied text? Has a web site ever prevented you from pasting text into an input field? Has a web site ever disabled password autocomplete, for your “security”? It’s madness! But no longer. Today I’m releasing a new Safari app extension called StopTheMadness that stops web sites from messing with the standard Mac user interface features you love and depend on. StopTheMadness is available now in the Mac App Store.

Update (2018-05-01): Jeff Johnson:

Did you know that web sites can hijack your keyboard shortcuts in Safari? command-w, command-q, command-p, etc.

I’m working on stopping that too.

Jonathan Deutsch:

Please be sure to include command-f; I cannot stand it when sites (like @discourse forums!) disallow reasonable in-page find in favor of their global and broken searching. Thanks!

Mermaid: Markdown-like Generation of Diagrams and Flowcharts

Mermaid (via Hacker News):

Ever wanted to simplify documentation and avoid heavy tools like Visio when explaining your code?

This is why mermaid was born, a simple markdown-like script language for generating charts from text via javascript. Try it using our editor.

ScannerPro or Scanbot Pro

Gabe Weatherhead:

I “scan” a lot of documents with my iPhone because I hate to accumulate paper and a lot of the time I’m far from my ScanSnap. I’ve used just about every scanning app available on the iPhone but I’ve settled on ScannerPro. I have no particular allegiance to ScannerPro so I gave the new version of Scanbot Pro a good try. I’m sticking with ScannerPro.

Luminar 2018 First Impressions From a Non-Power User

Kirk McElhearn:

Yes, I’m sure power users will find all sorts of things that Affinity Photo can do that Luminar cannot, but the advantage to Luminar is that all its features are accessible.


What I like about this is that the Raw Develop tool is available all the time; with Affinity Photo, you need to perform the “development” process, then you move on to other editing. With Luminar – as with Apple Photos – these options are always available, so if you want to tweak shadows, highlights, or exposure later, these changes apply to the original raw file, not the JPEG that you convert.


For most of my editing, Apple Photos is sufficient, but Luminar gives me access to a lot more features, and it can be used as an extension within Photos. Many photographers who don’t want to edit much will like Luminar’s ability to make one-click improvements, and others will find the more advanced features to be useful. It can’t do everything, but it can do most of what most people need.