Archive for June 2018

Friday, June 29, 2018

Rebuilding Apple Maps Using Apple’s Own Data

Mark Gurman (in 2015, tweet):

The current plan is to revamp the foundation of the Maps application, shifting to the in-house base map database by 2017; this would lead to the cutting of ties with partners such as TomTom, which currently have multi-year Maps contracts. While Apple hopes to achieve the 2017 shift, a source says that Apple is not completely on track to meet this goal, so a 2018 launch may be more likely.

Matthew Panzarino (tweet, Hacker News, MacRumors, iMore):

It’s doing this by using first-party data gathered by iPhones with a privacy-first methodology and its own fleet of cars packed with sensors and cameras. The new product will launch in San Francisco and the Bay Area with the next iOS 12 Beta and will cover Northern California by fall.


This is nothing less than a full re-set of Maps and it’s been 4 years in the making, which is when Apple began to develop its new data gathering systems. Eventually, Apple will no longer rely on third-party data to provide the basis for its maps, which has been one of its major pitfalls from the beginning.


The consistent message is that the team feels it can deliver a high quality navigation, location and mapping product without the directly personal data used by other platforms.

“We specifically don’t collect data, even from point A to point B,” notes Cue. “We collect data — when we do it — in an anonymous fashion, in subsections of the whole, so we couldn’t even say that there is a person that went from point A to point B.


All of this, of course, is governed by whether you opted into location services and can be toggled off using the maps location toggle in the Privacy section of settings.

Apple says that this will have a near zero effect on battery life or data usage, because you’re already using the ‘maps’ features when any probe data is shared and it’s a fraction of what power is being drawn by those activities.

This sounds good, but I’m skeptical that Apple’s focus on privacy is not putting it at a disadvantage. It does not seem possible that the end points of a trip are not useful data. It’s also not clear to me how this benefits the user who is already having their location tracked by Apple (Find My iPhone) and the carriers, anyway. And if Apple Maps is not good enough for people to choose it, they’ll use Google Maps and give Google their data, so Apple’s principled stance would be for naught.

Mark Gurman:

Should be noted that it’s been 6 years since the bungled launch of Apple Maps and they’re launching the new version in half of one state.

Matthew Panzarino:

Maps is not getting a visual “overhaul” yet (it was implied that it will eventually) but you’ll notice differences immediately.


Can I opt out?

Yes. It will not happen if you do not turn on location services, and it can be toggled off in the Privacy settings for Maps. It’s not a new setting, it’s just the existing maps setting.

From what I can see, the existing Maps setting only lets you control the sending of probe data by turning off Location Services entirely, rendering the app mostly useless. So, practically speaking, you can’t opt out, and you can’t measure how much of your cellular data is being consumed to update Apple’s maps. [Update (2018-06-29): This is incorrect; see below.]

Update (2018-06-29): John Gruber:

The new maps sound great, but the big question how long will it take to roll them out everywhere.

See also: @agilethumbs.

Update (2018-07-02): See also: The Talk Show.

Update (2018-10-12): See also this historical perspective from Richard Williamson.

Update (2019-02-18): Maxwell Swadling:

looks like apple got access to a bunch of Australian business regos and just dumped them into maps without validation. Now everyone’s ‘retirement trusts’ (SMSFs) are showing up...

Ryan Jones:

Every once in a while I try Apple Maps because I keep hearing “it’s not that bad” or “it’s all a narrative in the press”.

First attempt in 2 months...😔

Twitter to Show Ad Payment Information

Selina Wang (via Hacker News):

Twitter Inc. said it will show detailed information about advertisers on the social-media service, addressing concerns from lawmakers that the company let foreign meddlers run rampant during the U.S. presidential election.

Starting on Thursday, anyone will be able to search for a Twitter account and see all the ads it has run in the past seven days. For U.S. political advertisers, users will be able to see billing information, ad spending, demographic targeting data and the number of times tweets have been viewed. Twitter had been planning to create this “transparency center” since last October. Facebook Inc. has introduced similar features.

Exploring @dynamicMemberLookup

Olivier Halligon:

This proposal had some controversy, and one thing I didn’t personally like on this new feature is that it meant that typed annotated with @dynamicMemberLookup would not, by design, show any potential compilation error. Which is understandable, as the whole need for that proposal was to be able to call properties which we didn’t know at compile-time.

But this also meant that once the type was annotated with @dynamicMemberLookup, you wouldn’t be able to choose at call-site if you wanted an expression to allow dynamic member lookup or wanted the expression on that type to be type-checked.


The solution is actually quite short to implement. We’ll create a ^ postfix operator that will wrap the instance it’s applied on into some proxy object that is the one being @dynamicMemberLookup. That proxy object will just wrap the dictionary we applied ^ on, and on dynamic lookup, will search the key in the dictionary to return the corresponding value (if it exists).


In the playground attached below, I’ve explored that idea a bit more, by allowing another syntax. This one looks more like creating a context or scope in which everything we call is dynamically looked up (instead of looking like chaining ^ calls)

Ole Begemann (tweet):

Here are some non-obvious things you can do with @dynamicMemberLookup:

  • Provide a setter in addition to the getter. This allows assignments through dynamic member lookup, or passing the subscript expression inout. For an example, check out Doug Gregor’s wrapper for reading and writing environment variables.

  • Choose any return type. The subscript must have a single parameter, which can be any type that conforms to ExpressibleByStringLiteral but will likely be a String 99 % of the time. The return type, though, can be anything you want, including generic parameters.

  • Provide multiple overloads of the subscript with different return types. If there are multiple dynamic member subscripts, the compiler will pick the best match according to its normal type inference rules, or emit an error if the choice is ambiguous.

Here are some things you can’t do:

  • “Hide” a declared member of a type. Declared properties always take precedence in the type checker over dynamic member lookup.

  • Retroactively support dynamic member lookup for a type you don’t control. The attribute only works on the original type declaration.

Chris Lattner:

Nice summary, including a good descriptions of potential caveats. One thing that I haven’t explained yet is that the constexpr work can grow to support static diagnosis of bad members - the member names are constants after all!

Previously: Swift 4.2.

Update (2018-07-18): Jonathan Wight:

Found a great using for Swift 4.2’s @dynamicMemberLookup doing Python “records” (ala @kennethreitz ) style sqlite binding[…]

Everything You Knew About Chromebooks Is Wrong

Mike Elgan:

Today, the best new Chromebooks can runs apps from three additional operating systems.

Not only do Chromebooks run apps, but they run more apps without dual- or multi-booting than any other computing platform. Chromebooks can run apps from Android, Linux and Windows concurrently in the same session.


Now that Chromebooks are getting far better and easier for running Linux, Google is explicitly promoting Chromebooks as a development platform.


A huge number of major cloud services, especially Google ones such as Docs and Gmail, offer easy offline modes. The Chrome Web Store is packed with free extensions that give you offline capability.


Yes, some low-end Chromebooks are very cheap. But the powerful new generation is more comparable to a normal laptop.

Thursday, June 28, 2018

Apple Event Sandboxing in macOS Mojave Lacks Essential APIs

Felix Schwarz (tweet):

In the WWDC 2018 session “Your Apps and the Future of macOS Security”, Apple announced big changes to macOS security.

One of them - and possibly the one with the biggest impact: apps can no longer send Apple Events to other apps without user authorization.

Apple argues that Apple Events (which AppleScript uses under the hood) can be used to get access to otherwise protected user data in other apps, so the user should be prompted for authorization.


I am deeply worried that the implementation of Apple Event sandboxing in Beta 2 could make it into the final release of macOS Mojave unchanged.

As it is, it offers too little to developers who want to provide a good user experience. And not enough for utility apps and pro users who are in need of an option to exempt apps from Apple Event sandboxing.

He does a great job of explaining the issues with the current implementation.

Update (2018-07-12): Daniel Jalkut:

I ran into another usability challenge that Felix didn’t itemize: the problem of denying authorization to an application and then living to regret it. I guess at some point I must have hastily denied permission for Xcode (Apple’s software development app) to control the Finder. This resulted in a seemingly permanent impairment to Xcode’s “Show in Finder” feature. I’m often using this feature to quickly navigate from Xcode’s interface to the Finder’s view on the same files. After denying access once, the feature has the unfortunate behavior of succeeding in activating the Finder (I guess that one is whitelisted), but failing silently when it comes to revealing the file.

OK, that’s fine. I messed up. But how do I undo it? Unfortunately, the list of applications in the Security and Privacy preference pane is only of those that I have clicked “OK” for. There’s no list of the ones that I’ve denied, and no apparent option to drag in or add applications explicitly. For this high level problem, I filed Radar #42081464: “TCC needs user-facing mechanism for allowing previously denied privileges.”


What’s the service called, and does tccutil even support resetting it? After a crude search of the private TCC.framework’s binary, I discovered I was looking for “AppleEvents”:

tccutil reset AppleEvents

Update (2018-08-23): Mark Munz:

Having tried to navigate this myself, I suspect new macOS Mojave permissions are going to be a major cluster***k for more advanced users.

It feels like Apple rushed this “feature” with little or no usability/power user input.

Great idea – horrible execution.

Update (2018-08-30): Evgeny Cherpak:

This prompt is so lame:
1. Include
a) requesting app icon
b) icon of the app it wants to control
2. Add some new line characters to make it more readable
3. Data and documents in iTunes... documents aren’t data? Wording needs work.

Howard Oakley:

With Mojave’s release possibly only a couple of weeks away, I’ve been trying to resolve problems in my own apps which seriously limit their functionality when they’re run in macOS 10.14. What I’ve learned is how complex its new privacy protection is, and how users, sysadmins and developers may be in for a shock when they upgrade to Mojave.


It’s worth pausing for a moment to consider whether Mojave’s current implementation of privacy protection is actually in the users’ interests. I know of no other situation in which an operating system deliberately crashes an app because it lacks an explanatory string like this. Unix and almost all other operating systems handle many requests to access the inaccessible, and respond by returning an error, which the calling app can trap for and handle gracefully, ensuring that the user is made fully aware of what went wrong.

AT&T More Than Doubles Administrative Fee

Juli Clover:

The fee hike was first noticed by BTIG Research analyst Walter Piecyk (via CNBC), who pointed out that AT&T has increased its monthly fees by approximately $1.23 in 2018 with two price hikes in April and June. Customers are now paying $1.99 in administrative fees, up from 76 cents last year.

I’ve been using an old iPhone to experiment with switching to Boom Mobile, as it now supports Visual Voicemail. The red (Verizon) network seems to have better coverage than AT&T in most places that I care about. The rates and customer service seem to be better. The main downsides seem to be that there’s no support for Wi-Fi calling or international roaming. I ran into a few glitches with the Web site and had to use the chat to get them to make the necessary changes to my account, but that was surprisingly quick.

Run, RunLoop, Run

Nicolas Bouilleaud (tweet):

Put simply, a run loop is a messaging mechanism, used for asynchronous or interthread communication. It can be seen as a post box that waits for messages and delivers them to recipients.

A run loop does two things:

  • wait until something happens (e.g., a message arrives),
  • dispatch that message to its receiver.


The most important feature of CFRunLoop is the CFRunLoopModes. CFRunLoop works with a system of “Run Loop Sources”. Sources are registered on a run loop for one or several modes, and the run loop itself is made to run in a given mode. When an event arrives on a source, it is only handled by the run loop if the source mode matches the run loop current mode.

Greg Parker:

1. Write an event-handling loop: it waits for events—user input, timers, etc—and calls the handlers registered for those events.

2. Put the loop in an opaque box. That’s a run loop object.

I imagine it as a jack-in-the-box. You turn the crank and calls to event handlers pop out.

Making Your Shell Prompt Show Xcode and Git Status

Marc Palmer:

Often I run two or more different Xcode builds on the same machine, either because a client project can’t yet build on the latest Xcode release, or because we’re in a new Xcode beta period. Of course I forget which one I am running, especially if switching between projects multiple times in the same day.


I’ve never customised my shell prompt before but I knew it was possible and I suspected it would be simple to show the current version of Xcode toolchain that the shell is using (which is controlled by xcode-select).


By default it is set up to show your host and working dir, Xcode version — yep that’s the bit with the hammer 🔨 — and following that your git branch and status, if any.

Wednesday, June 27, 2018

iTunes Remote Updated

Benjamin Mayo:

Rising from the ashes, iTunes Remote has been updated with a new design and support for the latest device form factors. The icon is greatly improved. It went from a white roundrect with an inscribed circle and harsh geometric triangle to a simpler coloured gradient and neatly-rounded play symbol. It’s a nicer icon than the stock Music app now.


Looking slighter wider, what is the point of this app existing. Remote controlling your Mac’s iTunes app makes little sense in an era of AirPlay 2 and HomePod speakers. Also, Apple now has three separate places to find ‘media remotes’. There’s the iTunes Remote app, Apple TV Remote app, and the Apple TV Remote platter in Control Centre. Each of these tread on each other’s toes in different ways, but there’s not one app for everything either. It is messy.

I’m glad the app is still around, as iTunes on my Mac is the only device that has access to all my music.

Update (2018-06-28): Nick Heer:

Because my music library and bookshelf speakers are still connected to my Mac, I use the iTunes Remote app all the time. It’s nice to see this app updated.

Marzipan As a Path to ARM-Based Macs

Gus Mueller:

I really do hope we see things from iOS move to the Mac, touch and Pencil support in particular. And the idea that “folks don't want to use touch on the Mac” is pretty dumb when you realize Apple sells a hardware keyboard for the iPad which works exactly the same way as a touch Mac would.


Well, what if they made it easier for other apps to possibly take their place or at least fill in the gaps until the giants can ship something? Where can we find a billion other developers that already have a codebase that's ready to be compiled on another architecture, because they don't have decades of legacy code to clean up?

And if you look at from this angle, UIKit for MacOS makes perfect sense. Even if it's only to potentially help with a transition, that may or not actually happen. It gives Apple leverage.

Brian Webster:

So I dove into the Frameworks folder in the latest macOS SDK and found a total of 147 frameworks listed there. Yikes! I went down the list and wrote down which ones I think could reasonably be jettisoned on an architecture switch (note that there would also be many APIs within various frameworks that could be tossed too, even if the framework as a whole sticks around).

Previously: Intel and the Danger of Integration, Apple Announces Marzipan for 2019.

Handles Are the Better Pointers

Andre Weissflog (via Joe Groff):

The worst case being tens- to hundreds-of-thousands of small C++ objects, each in its own heap allocation, pointing to each other through smart pointers. While such code is quite robust in terms of memory corruption (segfaults and corruption rarely happens, since most attempts are caught by asserts when dereferencing smart pointers), this type of ‘object spiderweb code’ is also dog-slow without obvious starting points for optimization, since the entire code is full of cache misses. Other typical problems are memory fragmentation and ‘fake memory leaks’ because a forgotten smart pointer prevents freeing the underlying memory (I call them ‘fake leaks’ because this type of leaks cannot be caught by memory debugging tools).


The gist is:

  • move all memory management into centralized systems (like rendering, physics, animation, …), with the systems being the sole owner of their memory allocations
  • group items of the same type into arrays, and treat the array base pointer as system-private
  • when creating an item, only return an ‘index-handle’ to the outside world, not a pointer to the item
  • in the index-handles, only use as many bits as needed for the array index, and use the remaining bits for additional memory safety checks
  • only convert a handle to a pointer when absolutely needed, and don’t store the pointer anywhere

Nintendo’s Method for Detecting Online Switch Piracy

SciresM (via Hacker News):

After doing some research earlier today into how the Switch gains authorization to play a given game online, I learned that Nintendo has implemented some very strong anti-piracy measures in this regard -- they can actually perfectly detect whether a digital copy of a game has been legitimately purchased.


In the gamecard case, Nintendo can detect whether or not the user connecting has data from a Nintendo-authorized gamecard for the correct title. This solves the 3ds-era issue of gamecard header data being shared between games. Additionally, there’s a fair amount of other, unknown (encrypted) data in a certificate being uploaded -- and certificates are also linked to Nintendo Accounts when gold points are redeemed. Sharing of certificates should be fairly detectable, for Nintendo.

In the digital game case, Nintendo actually perfectly prevents online piracy here. Tickets cannot be forged, and Nintendo can verify that the device ID in the ticket matches the device ID for the client cert connecting (banning on a mismatch), as well as that the account ID for the ticket matches the Nintendo Account authorizing to log in. Users who pirate games definitionally cannot have well-signed tickets for their consoles, and thus cannot connect online without getting an immediate ban -- this is exactly how I would have implemented authorization for digital games, if I were them.

SR-7380, Ambiguous KeyPath

Matt Diephouse:

Here’s the bug I fixed (with a lot of help):

7380.swift:1:16: error: type of expression is ambiguous without more context
"str"[keyPath: \.count]

That seems obviously broken. The value is a String literal. They KeyPath should obviously be String.count. So why doesn’t this work?

This is an interesting look at learning how to fix a bug in the Swift compiler.

Software Updates: the “Unknown Unknown” of the Replication Crisis

Anastasia Ershova and Gerald Schneider (via Simon Hix):

By trying to replicate the results of a conditionally accepted article, we uncovered discrepancies between the reported results calculated by the author and the ones obtained by us. These divergences spurred an intensive exchange between the author and us and, finally, resulted in the discovery that they are due to changes in an algorithm used by the (commercial) software company for calculations done with a certain estimator. The software company, which pressures universities and research institutes to buy the expensive updates of their statistical package every second year at least, reports that it has since modified its algorithm. Yet, the company does not justify which version of the program is the correct one to use in order to get as close as possible to the underlying true relationship. It could be the case that the new algorithm saves us computing times, while the older versions calculate more accurate coefficients.


Researchers need to report which version of the software they used and, if this information is available, precisely when they last updated their software. In addition, they should be encouraged to replicate their findings with another software in the case that they are using a relatively newly developed estimator.

Tuesday, June 26, 2018

macOS Mojave: Back to the Mac

Jason Snell:

macOS Mojave feels like a macOS update that’s truly about the Mac, extending features that are at the core of the Mac’s identity. At the same time, macOS Mojave represents the end of a long era (of stability or, less charitably, stagnation) and the beginning of a period that could completely redefine what it means to use a Mac.

Is macOS Mojave the latest chapter of an ongoing story, the beginning of a new one, or the end of an old one? It feels very much like the answer is yes and yes and yes.

Update (2018-06-29): Daniel Eran Dilger:

While reviewing the Public Beta in advance, it repeatedly occured to me that the overall intent of this release is to make the Mac the ideal computing system for iOS users. As I run through the new features, you’ll see what I mean.

Update (2018-07-26): Colin Cornaby:

New App Store has Marzipan patterns and they just feel weird to me. Navigation controllers and in window modal sessions. The navigation controllers feel least weird. But the in window models just leave me feeling like things are in the wrong place with a Done button.

(New App Store is not a Marzipan app, but if this is the direction Apple wants to go with AppKit apps, bleh.)

Git Tower 3 Switches to Subscription

Tobias Günther:

Today, after years of work, we are finally launching a brand new version of Tower! It’s packed with awesome new features like Pull Requests, Interactive Rebase, and our unique “Quick Actions”. It reinvents many existing features like Search, File History, or Blame.

Here’s some more information about the new design and features. I like the new back/forward buttons and the quick actions. Hopefully, I won’t need to use the Reflog, but it’s good that it’s now available. Search is improved, but GitUp is still better as searching content. The file history view is better in some ways, but it no longer lets you see the full commit messages, and there’s still no way to invoke it without first navigating to the file within the app. The new commit details view is much better in that you can more easily see the changed files. I prefer the old icon.

In this context, we can also announce that we’re finally moving Tower’s license model to an annual fee. This is probably neither surprising nor unusual news: many other companies have made similar changes already years ago.

For brevity’s sake, let me just state the most important reason why we decided to make this change: Although we had shipped countless small and medium-sized features for free since we launched version 2 in 2014, we had to save up the big features for a new major release. Now, we will finally be able to ship big features more quickly to our customers.

Previously, the app was $79; now it’s $69/year. Including discounts, I paid $53.10 for Tower 1 in 2011, $26.55 for the Tower 2 upgrade in 2014, and $34.50 for a 1-year subscription for Tower 3 today. Presumably that will go up to $69 next year. So this is a huge price increase. But it’s also a really good app, and I use it every day.

Tower is an interesting case study for subscriptions because:

As a customer, I still dislike subscriptions. However, I expect this change will be a success for Tower because it’s a solid professional tool, and if you’re the type of person who likes and uses it there’s no obvious alternative.

Previously: Productivity Apps and Subscription Pricing.

Update (2018-06-26): Ian Beck mentions Fork, which seems like a promising newcomer that’s similar to Tower but less mature. It supports syntax highlighting and has a command-line tool for quickly opening a file’s history.

Update (2018-06-27): Tyler Fox:

Regarding @gittower’s switch to subscriptions: I think a subscription model is completely fine, but the annual subscription cost should generally be much less (1/2 or 1/3) than what the normal purchase price was. Regular users don’t re-purchase their software every year.

See also: Hacker News.

Update (2018-06-29): Morgan Sammons:

Dear software companies who want academics to buy their software, Please let me buy a perpetual license. I have money now that I need to spend. That money won’t exist next year…so I can’t “subscribe” to your software…

Update (2018-07-24): Tobias Günther:

Tower for Mac now supports Image Diffing for a variety of formats (including PNG, JPG, GIF, BMP, TIFF, JPEG2000, and HEIC). In both the Working Copy and various History / Changeset views, you can now see the actual images - and how they were changed!

iOS 12 Beta: Easier-to-Access Trackpad Mode

Federico Viticci:

Previously available only on 3D Touch-enabled iPhones or with a two-finger swipe on the iPad’s keyboard, trackpad mode can be activated in a much easier way in iOS 12: just tap & hold on the space bar until the keyboard becomes a trackpad. This mode (seemingly inspired by Gboard and other custom keyboards with a similar implementation) gives owners of iPhones without 3D Touch a way to more precisely control the cursor in text fields.

Update (2018-06-26): Craig Pearlman:

Leaving the 3D Touch alive/dead argument aside, I actually find the spacebar activation easier and more responsive even with 3D Touch.

Fibonacci Hashing

Malte Skarupke (via Hacker News):

Everyone uses the algorithm that’s unnecessarily slow and leads to more problems, and nobody is using the algorithm that’s faster while at the same time being more robust to problematic patterns. Knuth talked about Integer Modulo and about Fibonacci Hashing, and everybody should have taken away from that that they should use Fibonacci Hashing, but they didn’t and everybody uses integer modulo.


So what’s happening here is that Knuth uses the term “hash function” differently than we use it today.  Today the steps in a hash table are something like this:

  1. Hash the key
  2. Map the hash value to a slot
  3. Compare the item in the slot
  4. If it’s not the right item, repeat step 3 with a different item until the right one is found or some end condition is met

We use the term “hash function” to refer to step 1. But Knuth uses the term “hash function” to refer to something that does both step 1 and step 2. So when he refers to a hash function, he means something that both hashes the incoming key, and assigns it to a slot in the table. So if the table is only 1024 items large, the hash function can only return a value from 0 to 1023. This explains why “integer modulo” is a hash function for Knuth: It doesn’t do anything in step 1, but it does work well for step 2. So if those two steps were just one step, then integer modulo does a good job at that one step since it does a good job at our step 2. But when we take it apart like that, we’ll see that Fibonacci Hashing is an improvement compared to integer modulo in both steps. And since we’re only using it for step 2, it allows us to use a faster implementation for step 1 because the hash function gets some help from the additional mixing that Fibonacci hashing does.

But this difference in terms, where Knuth uses “hash function” to mean something different than “hash function” means for std::unordered_map, explains to me why nobody is using Fibonacci hashing. When judged as a “hash function” in today’s terms, it’s not that great.

Privacy News

Carole Cadwalladr and Emma Graham-Harrison:

Facebook used its apps to gather information about users and their friends, including some who had not signed up to the social network, reading their text messages, tracking their locations and accessing photos on their phones, a court case in California alleges.


Facebook has not fully disclosed the manner in which it pre-processes photos on the iOS camera roll, meaning if a user has any Facebook app installed on their iPhone, then Facebook accesses and analyses the photos the user takes and/or stores on the iPhone, the complainant alleges.

Brian Krebs (via John Gruber):

Craig Young, a researcher with security firm Tripwire, said he discovered an authentication weakness that leaks incredibly accurate location information about users of both the smart speaker and home assistant Google Home, and Chromecast, a small electronic device that makes it simple to stream TV shows, movies and games to a digital television or monitor.

Young said the attack works by asking the Google device for a list of nearby wireless networks and then sending that list to Google’s geolocation lookup services.

Jon Brodkin (via John Gruber):

“After my investigation and follow-up reports revealed that middlemen are selling Americans’ location to the highest bidder without their consent or making it available on insecure Web portals, Verizon did the responsible thing and promptly announced it was cutting these companies off,” Wyden said. “In contrast, AT&T, T-Mobile, and Sprint seem content to continuing to sell their customers’ private information to these shady middle men, Americans’ privacy be damned.”

AT&T changed its stance shortly after Wyden’s statement.

Monday, June 25, 2018

Open Sourcing NonEmpty

Point-Free (via Ole Begemann):

We believe that a compiler proven non-empty type is incredibly important for every developer to have at their disposal, and so that’s why today we are open sourcing our NonEmpty library.


The core of the library is just a single generic type, NonEmpty<C>, which allows you to transform any collection type C into a non-empty version of itself. The majority of the code in the library consists of conformances on NonEmpty to make it act as much like the collection that it wraps.


We encourage the reader to start looking critically at their own application code, their library API’s and their interactions with other API’s to see where non-empty types might be appropriate. By pushing the non-emptiness requirement to the type level you get to enforce this invariant in a single place rather than sprinkle if’s and guard’s into your code.

Previously: Why Dependent Types Matter.

Update (2018-06-26): Ole Begemann:

Important caveat: because NonEmpty stores its first element separate from the rest, it doesn’t necessarily capture all of the underlying collection’s semantics. E.g. NonEmpty<Set<Int>> doesn’t guarantee that all elements are unique unless you take special precautions.

Intel and the Danger of Integration

Ben Thompson:

As Bajarin notes, 7nm for TSMC (or Samsung or Global Foundries) isn’t necessarily better than Intel’s 10nm; chip-labeling isn’t what it used to be. The problem is that Intel’s 10nm process isn’t close to shipping at volume, and the competition’s 7nm processes are. Intel is behind, and its insistence on integration bears a large part of the blame.


It is perhaps simpler to say that Intel, like Microsoft, has been disrupted. The company’s integrated model resulted in incredible margins for years, and every time there was the possibility of a change in approach Intel’s executives chose to keep those margins. In fact, Intel has followed the script of the disrupted even more than Microsoft: while the decline of the PC finally led to The End of Windows, Intel has spent the last several years propping up its earnings by focusing more and more on the high-end, selling Xeon processors to cloud providers. That approach was certainly good for quarterly earnings, but it meant the company was only deepening the hole it was in with regards to basically everything else. And now, most distressingly of all, the company looks to be on the verge of losing its performance advantage even in high-end applications.

The Menu Bar:

We talk to chip expert Ashraf Eassa of The Motley Fool about how Intel’s chip delays mess with Apple’s roadmap, to what extent Intel is on fire, why Apple is likely moving away from Intel, why Switch may have serious staying power for Nintendo, how Marzipan points to Apple avoiding the Microsoft misstep, speculation about Project Star, a way Apple could get around saying ’No’ to a hybrid, Intel’s ongoing talent hemorrhage, the path for Apple migrating to ARM, a little bit on where AMD stands, and Apple’s bonkers silicon advantage.

Previously: On the Sad State of Macintosh Hardware.

Update (2018-07-03): See also: Steven Sinofsky.

Update (2018-07-11): Jean-Louis Gassée:

Perhaps Otellini truly didn’t believe Apple could sell huge numbers of iPhones — it wasn’t a sure thing at the time. But was there also an unconscious process that blinded him to the iPod’s volumes? More strikingly, why couldn’t Otellini “see” the hundreds of millions of handsets that were being sold by Nokia, RIM/Blackberry, and Windows Mobile licensees? Nokia had sold 265M devices in 2005 and the numbers were climbing rapidly. Not at PC prices, yet, but PC-like unit volumes, nonetheless.


Just as old Cultures can no longer “see” their origins, Intel pushed under its consciousness the true source of the x86’s superiority: The margins it commanded through the Windows monopoly. Better manufacturing technology became Intel’s “conscious” explanation, but the truth was that in the PC era, non-Windows microprocessors simply couldn’t compete and had to settle for lower prices. The worst part of the Culture dictate is that Intel believed its own story, at least until it stopped working as interlopers such as TSMC came up with competitive technology. How else to explain their sale of their ARM-centered Xscale to Marvell in 2006?

Update (2018-07-20): See also: Vector.

iOS Game Revenue

Jeremy Horwitz (tweet):

There are over 800,000 games in the App Store, and in 2017, only the top 50 of them took 76 percent of all the revenue, leaving 24 percent of revenues to be shared by the remaining 99.993 percent of games. And if you’re thinking of chasing one of those top spots, it’s worth noting that over the several years of Apptopia’s study, only 14 games hit the No. 1 spot, only 142 hit number 10 or better, and only 525 hit number 25 or better. Moreover, six games — Clash of Clans, Candy Crush Saga, Game of War — Fire Age, and three casino titles — have held top 50 spots for the entire duration of the study.

The study’s numbers explain why relatively few top-flight game developers are devoting significant resources to making iOS games, despite Apple’s promises of billions in overall developer revenue.

Mitchel Broussard:

Monument Valley 2 creators Ustwo Games today posted a new story on Medium (via The Verge) that highlights the first-year numbers and growth of the popular mobile sequel. Although there are numerous points of data to look at, one notable standout is that Monument Valley 2 earned $10.4 million in the one year period that began on June 5, 2017 (the game’s launch day) through June 4, 2018.

Previously: iOS App Sales Data, The iOS Gaming Business, Super Mario Run’s Disappointing Profit.

Update (2018-06-26): Rani Molla:

Fortnite: Battle Royale has brought in more revenue in a single month than any other game of its kind. The free-to-play game hit a new revenue record of $318 million in May, according to SuperData Research.

That puts Fornite well ahead of other breakout games like Pokémon Go and Clash of Clans, and it’s all the more spectacular when you realize the multi-platform game launched on consoles just eight months ago and on iOS just three months ago.

Since then, Fortnite has brought in more than $1.2 billion in revenue, all of which comes from nonessential in-app purchases, for stuff like clothing and dance moves.

Speeding Up WWDC Videos

Ricky Mondello:

Wanna watch a lot of WWDC videos in a short time? If you’re in a web browser, on a page like this one, you can run some JavaScript to speed up videos:

document.querySelector("video").playbackRate = 1.4;

Maynard Handley:

And yet it’s 25 years after QT provided the foundational tech for this and not a single Apple AV app actually provides both of these in their most useful form.

None of this is rocket science. Spoken word and video BOTH

- need variable speed playback (properly LABELLED speeds would also be nice -- don’t know WTF Apple could never get this right)

- need decent forward and backward jump buttons, ideally programmable, otherwise 15 sec each

It’s frustrating. The WWDC app doesn’t let you adjust the speed and doesn’t properly remember which video you were in the middle of playing or what time you were at. I eventually figured out that you can jump forward and backward 15 seconds when it’s in full screen mode.

For most sessions, though, the slides and demos are not critical (and can always be viewed after the fact), so I’ve been using Overcast. It’s a few extra steps to download the videos, convert them to audio, and upload them, but playback works so much better, especially with Smart Speed.

Previously: WWDC 2018 Links.

Update (2018-06-25): Steve Moser:

Nice! Also you can make this into a bookmarklet so that you can speed up videos on iOS as well.

Selling PowerSchool

Bradley Chambers:

Apple bought the US leading web-based student information system seven months before they announced the original iPod. They purchased PowerSchool before Flickr was created, before Digg launched, and before Facebook was making its way around Harvard.

I don’t know what happened with the product under Apple’s leadership, but they sold it to Pearson in 2006.


PowerSchool now has 32 million students, 66 million parents, and 100 million users across 13,000 school districts. This market should have been Apple’s to own. Instead, Apple is reliant on a critical part of the stack they can’t control.

Previously: Apple’s Lane Tech Education Event.

reMarkable Tablet

Omar Shahine:

I’ve been using a reMarkable Tablet for 3 months. The reMarkable is a kindle like device that simulates the experience of writing on paper.


Well the hardware is pretty great. The device is light as a feather. The screen is great, like a Kindle Oasis. The size is perfect. The pen has a friction feel to it and in fact the tips wear down like a real pencil. The device comes with 10 replacement tips - in 3 months I have worn 1 down and I use the device every day for about 4 hours.


If you evaluate it through the lens of paper pads, well it’s pretty close. You cannot easily “move” and “re-arrange” pages. You make decisions up front about how to store notes (folders, notebooks, pages).

Saturday, June 23, 2018

Apple Launches Keyboard Repair Program for MacBook and MacBook Pro

Juli Clover (tweet, Hacker News):

Apple today launched a keyboard repair program for MacBook and MacBook Pro models equipped with butterfly keys to address complaints over letters or characters that repeat unexpectedly, letters or characters that do not appear, and keys that feel “sticky” or do not respond in a consistent manner.

According to Apple, a “small percentage” of MacBook and MacBook Pro keyboards from 2015 to 2017 can experience these symptoms.


Customers who experienced keyboard problems but were forced to pay out-of-warranty repair fees for their damaged MacBook or MacBook Pro models can contact Apple to inquire about a refund.

This is all good news except that I was hoping the coverage would extend for more than 4 years after the original sale. I’m hearing mixed reports about whether the replacement keyboards last much longer. If the problem isn’t fully fixed, a lot of customers could still end up needing to pay for a replacement in year 5 or beyond. (My own 2012 MacBook Pro is 6 years old and still going strong.) So I still wouldn’t want to buy a new MacBook Pro now, even though it’s time for one.

We also don’t know Apple’s plans for future keyboards. Hopefully, they are working on a new design that is more reliable because a repair program is not a full solution. Even if the repairs are free, it’s incredibly disruptive to have to wipe your Mac (possibly your only Mac), bring it to Apple, be without it for a week or more, and then restore it (hoping your backup was good). Many people have already gone through multiple replacements.

The “small percentage” language is interesting, compared with the “a very small number” that Apple used in discussing the iPhone battery issues, and because on Twitter, at least, it seems like the percentage is not small.

See also: Rene Ritchie, John Gruber (tweet), Jordan Kahn (tweet).

Previously: Unreliable MacBook Pro Keyboards.

Update (2018-06-23): Steve Troughton-Smith:

The keyboard repair situation is a tough one, because it doesn’t fix the issue — just pushes the problem down the road, out of your warranty window. Working input is so important; I wouldn’t even consider recommending a current MB/P to anybody w/o a new & proven-fixed kb design

Max Shelley:

Totally agree. After the first one failed, there was just an assumption in my brain that at some point soon I was going to hit a key and it wouldn't work, which is incredibly distracting.

Mark Munz:

Will Apple ALERT MBP customers directly, or do you benefit ONLY if you learn about it in proper time frame?

Last year, my iMac failed because of design flaw, but it was out of warranty/service window. Had Apple told me about flaw, I could have brought it in during window.

Casey Johnston (via Cabel Sasser):

The admission comes after the company has been hit with no fewer than three class action lawsuits concerning the computers and their ultra-thin butterfly-switch keyboards.


Having become a one-woman clearinghouse for people complaining about these keyboards since I broke this story, I feel justified in saying that keyboard failures – dead keys, sticking keys, double-spacing spacebars – appear to happen early and often, and repairs do not permanently fix the issue. I also feel justified in saying that the design on offer as recently as February still presented the exact same issues as the design I purchased in the fall of 2016.


Until Apple confirms that the design of its computers is somehow different, and even maybe then, given its overall poor judgment in this matter, my personal recommendation would still be: don’t buy them.

Marco Arment:

I’m glad they’re doing the right thing and fixing faulty keyboards for free — finally.

But I wish it were longer — why 4 years? why not 5 or 8? what’s the expected life of a MacBook Pro? — and there still isn’t a new model on the market with a reliable keyboard except the 2015.

I also take “a small percentage” with a grain of salt. 1% is a small percentage. So is 30%. That doesn’t really mean anything concrete.

Keep in mind, also, that the percentage brought in for Genius repair is less than the percentage having problems — often significantly less.

Update (2018-06-24): dustin curtis:

After denying it for more than two years—and screwing countless customers—Apple has finally admitted that the MacBook scissor keyboard is faulty.

This is not how you put customers first.

Update (2018-06-25): Michael Lopp:

MACBOOK PRO: NACHOS? Wait, WHOA WHOA. You didn’t say we’d be eating food. I’ve got work tomorrow, and a single bit of chip, a smear of cheese, or a bit of jalapeño and I’m screwed.

APPLE EXTENDED II: Right, ok. Hold on the nachos. Back to you faux-keyboard. Do you know what you’re great at? TouchID. It’s a wonder because it simplifies a standard action. It transforms the process of typing a long secure password into a single click. That is legit magic, but TouchID is a button, and a button is always in the same location, it has a discernible shape you can feel with your finger, and when you press it, you feel the action of being pressed. You are a touch screen.

Joe Rossignol:

Many questions have arisen since the program was announced, so we wanted to consolidate some additional information that we have gathered from Apple and other sources we have spoken with[…]

Update (2018-06-28): Kyle Wiens (Hacker News):

The first-gen butterfly keyboard showed up in 2015, but the real root of the problem dates back to 2012 in the very first Retina MacBook Pro. That radical redesign replaced their rugged, modular workhorse with a slimmed-down frame and first-of-its-kind retina display.

And a battery glued to the keyboard.


We put a keycap under a microscope and injected a grain of sand so you can see how this happens. The grain is in the bottom right corner, and it’s completely blocking the key press action. It’s very challenging to remove it with compressed air.


Why did it take so long, and so many complaints, for the repair program to be put in place? Why do you need to send your MacBook Pro away for upwards of a week for a repair? That’s easy: because Apple made their product hard for them to repair, too. Apple’s new warranty program is going to cost them a lot of money.

Update (2018-07-02): See also: Accidental Tech Podcast.

Update (2020-04-22): Mark Rogowsky:

I bring my 2018 MacBook Air in for a keyboard repair (repeating o and space bar mostly) ... routine right? Covered my Apple repair program also I have AppleCare


The technician replacing my keyboard or “top case” in Apple logic has destroyed my logic board inadvertently. No chance of repair. No chance of data recovery.


After a wait to get him, I explain situation and say, “go ahead and repair my machine but I want the part”... he goes away for 10 minutes and says, “can’t be done”.

He wants the damaged MacBook to try to recover data from it.

Thursday, June 21, 2018

AirPower Status and Removing the Lightning Port

Mark Gurman (tweet):

Apple also wants users to be able to place any of their devices anywhere on the charging mat to begin a charge. That ambitious goal requires the company to pack the AirPower with multiple charging sensors, a process that has proven difficult, the people said.


The AirPower charger is also more advanced than the current competition because it includes a custom Apple chip running a stripped down version of the iOS mobile operating system to conduct on-device power management and pairing with devices. Apple engineers have also been working to squash bugs related to the on-board firmware, according to the people familiar.


Apple didn’t say when in 2018 it would release AirPower, but engineers hoped to launch the charger by June. The aim now is to put it on sale before or in September, according to one of the people.


During the development of the iPhone X, Apple weighed removing the wired charging system entirely.

Joe Rossignol (tweet):

Just to be absolutely clear, Gurman confirmed to me that this would have included removing the Lightning connector from the device. In fact, his report notes that Apple designers eventually hope to “remove most of the external ports and buttons on the iPhone,” although this is likely multiple years away.

A few years ago, it was reported that Apple’s design chief Jony Ive’s end goal is for the iPhone to resemble a “single sheet of glass,” while Apple has repeatedly expressed its ambitions to “create a wireless future,” so the eventual removal of the Lightning connector should perhaps come as no surprise.


Removing the Lightning connector would also prevent an iPhone from directly connecting to a wide range of peripherals, including many adapters, docks, battery cases, power banks, keyboards, game controllers, audio cables, wired headphones, and other accessories authorized under Apple’s MFi Program.

Previously: Pre-Announcing AirPower.

Airbnb Switching Away From React Native

Gabriel Peal (Hacker News):

The primary benefit of React Native is the fact that code you write runs natively on Android and iOS. Most features that used React Native were able to achieve 95–100% shared code and 0.2% of files were platform-specific (*.android.js/*.ios.js).


We opted to rewrite components instead of wrapping native ones because it was more reliable to make platform-appropriate APIs individually for each platform and reduced the maintenance overhead for Android and iOS engineers who may not know how to properly test changes in React Native. However, it did cause fragmentation between the platforms in which native and React Native versions of the same component would get out of sync.


Before React Native can render for the first time, you must initialize its runtime. Unfortunately, this takes several seconds for an app of our size, even on a high-end device.

Gabriel Peal:

A common misconception is that React Native allows you to move away from writing native code entirely. However, that is not the current state of the world. The native foundation of React Native still rears its head at times. For example, text is rendered slightly differently on each platform, keyboards are handled differently, and Activities are recreated on rotation by default on Android. A high-quality React Native experience requires a careful balance of both worlds. This, paired with the difficulty of having balanced expertise on all three platforms makes shipping a consistently high-quality experience difficult.

Gabriel Peal:

Because we weren’t able to achieve our specific goals, we have decided that React Native isn’t right for us anymore. We are currently in the process of working with teams to create a healthy transition plan. We have halted all new React Native features and have plans to transition the majority of the highest-trafficked screens to native by the end of the year.

Gabriel Peal:

Even though we’re not using React Native, we still see the value in writing product code once. We still heavily rely on our universal design language system (DLS) and many screens look nearly identical on Android and iOS.

Several teams have experimented with and started to unify around powerful server-driven rendering frameworks. With these frameworks, the server sends data to the device describing the components to render, the screen configuration, and the actions that can occur. Each mobile platform then interprets this data and renders native screens or even entire flows using DLS components.

Nick Schrock:

I’m seeing a lot of hemming, hawing, and gnashing of teeth over AirBnB’s announcement that they are sunsetting React Native. They are unrolling a pretty massive investment. Obviously this is a setback for React Native ecosystem.

Update (2018-06-25): Ash Furrow (tweet):

So when people frame Airbnb’s decision as a failure of React Native, I wonder about how much they really understand about what React Native is for. If you have an expectation that a technology can do something that it’s not designed for, and then you’re disappointed when it fails to deliver, it’s not really the technology’s fault, is it? And further, if “only a small percentage” of your app even uses that technology, then you don’t get as much of the benefits.

I’m trying not to frame this as an Artsy-vs-Airbnb discussion, but it’s hard to avoid the comparison because Artsy has had such overwhelming success with our React Native stack. I think a big part of that comes from how we structured our React Native code: all the JavaScript is in its own repository and it gets shipped as a CocoaPod.

Update (2018-07-05): Nate Ebel (via Ben Sandofsky, Hacker News):

The mobile team here at Udacity recently removed the last features in our apps that were written with React Native.

Europe’s New Copyright Rules

Karl Bode:

The EU proposal in question is an attempt to shore up existing problems with EU copyright law. But the poorly crafted nature of the effort could have a profoundly negative impact on everything from your ability to share hot memes to the survival of new startups.

For example, Article 13 of the plan declares that any website that lets users upload text, sounds, images, code, or other copyrighted works for public consumption will need to employ automated systems that filter these submissions against a database of copyrighted works.


“This law does not anticipate the difficult practical questions of how companies can know what is an infringement of copyright,” Reddit said in a statement. “As a result of this big flaw, the law’s most likely result would be the effective shutdown of user-generated content platforms in Europe, since unless companies know what is infringing, we would need to review and remove all sorts of potentially legitimate content if we believe the company may have liability.”

Cory Doctorow:

If the proposal is adopted, a service that publishes a link to a story on a news website with a headline or a short snippet would have to get a license before linking. News sites could charge whatever they want for these licenses, and shut down critics by refusing to license to people with whom they disagreed. And the new rule would apply to any service where a link to a news story can appear, including social media platforms, search engines, blogging platforms, and even nonprofits like Wikipedia.


However you feel about the battles between these giant media companies and giant tech companies, you should be worried about this new link tax. For one thing, ironically enough it will help ensure that the tech giants of today can continue to rule the internet. Facebook and Google and Twitter will figure out how to deal with the link tax. Maybe they’ll share some of their profits with the big media companies, or maybe they’ll boycott the media companies until they agree to a “free license” (this is what happened when Germany tried this a few years ago.) Either way, they can afford to manage the cost.

But if you are hoping that someday there will be alternatives to these giants—European alternatives, say, that are responsive to the needs of European citizens, or just platforms that offer something different, maybe no surveillance of their users, or different rules on cyberbullying and harassment—then the link tax dashes your hopes.

James Vincent:

The European Union has taken the first step in passing new copyright legislation that critics say will tear the internet apart.

Andy Hertzfeld Interview

Devon Zuegel (tweet):

Welcome to the first episode of Tools & Craft! My name is Devon, and I spoke with Andy Hertzfeld, a member of the team that built the original Macintosh.

I’ve always been fascinated by the process of creating new tools and interfaces, especially those that amplify our thought and communication. We’ve all seen the legendary Apple keynotes and how personal computing has transformed the way we live and work, but what I was really interested to learn from Andy was what it was like to shape that vision from scratch, what it was like to work as an engineer when most people didn’t even really understand what a computer was, when the frontier of what it could become was wide open.

Good interview, but I wish it were longer.

Malware via USB Charging

Reuters (in 2016, via Alasdair Allan):

A nuclear power plant in Germany has been found to be infected with computer viruses, but they appear not to have posed a threat to the facility’s operations because it is isolated from the Internet, the station’s operator said on Tuesday.


As an example, Hypponen said he had recently spoken to a European aircraft maker that said it cleans the cockpits of its planes every week of malware designed for Android phones. The malware spread to the planes only because factory employees were charging their phones with the USB port in the cockpit.

Because the plane runs a different operating system, nothing would befall it. But it would pass the virus on to other devices that plugged into the charger.

Tom Lowenthal:

If you carry around a cable because you often need to charge your device, consider accessorizing with a data blocker dongle like this red cutie. You device can still charge at full speed, but there’s no data connection.

Wednesday, June 20, 2018

WebView and UIWebView Deprecated in Favor of WKWebView

Brady Eidson:

I hope most of you have heard the news by now, but UIWebView has been formally deprecrated.

That means it is going away altogether in a future release.

Please start adopting WKWebView now, and please ping me directly with any issues that arise.

(Same goes for WebView on Mac)

The separate process architecture is nice, but this is going to be a rough transition. It looks like WKWebView is still missing tons of features from WebView (Web archives, DOM, customized loading and display, probably more that I haven’t discovered yet). The limitations are so severe that I bet a lot of apps haven’t even looked much into switching. Other features will be possible to port, but the API is very different, and in many cases you’ll need to switch from Swift/Objective-C to JavaScript. I was expecting to see massive improvements to WKWebView before WebView was deprecated, but that doesn’t seem to be happening.

See also: What’s New in Safari and WebKit.

Previously: WKWebView Workarounds, WKWebView, Sandboxing, and Searching, WKWebView.

Update (2018-06-20): The WWDC session has no useful information about switching to WKWebView, and the presenter implies that it’s easy.

Steve Harris:

As @mjtsai the inability to create web archives is a problem for me (and adding iOS support would be great), while printing / saving PDFs doesn’t work at all on Mac

Matt Curtis:

On the subject, is there a way to invoke copy from a WKWebView while preserving rich text? I tried a while back and it doesn’t seem to work using the usual UIResponder methods.

Isaiah Carew:

My main income is Stack for Rapidweaver. The vast majority of the UI handled by manipulating the DOM directly.

That is not possible in a WKWebView.

If WebView is removed my business will die and strand thousand of customers.

the issue is that they’ve cut off most of the fast APIs.

this was, i’m sure, done to improve security and avoid content policy injection.

unfortunately it really limits the utility of the view.

it’s basically just a web page viewer now.

Update (2018-06-23): See also: Core Intuition.

Update (2018-06-24): David Dunham:

I tried using it but got random crashes and went back to UIWebView.

Daniel Jalkut:

We who rely upon WebView DOM manipulation really have our work cut out for us. We have to at least file the bugs with Apple and hope for accommodations where we need them.

Update (2018-08-01): Howard Oakley:

When WebViews are lost from macOS, a great many older apps will still expect to find them, and you should expect their behaviour to be untoward at least. I suspect that will kill far more apps than any future requirement for them to be 64-bit. And there’s no easy way to discover which apps are dependent on WebView.

Update (2018-08-10): Shazron Abdullah:

There are many limitations of WKWebview, especially if you were using UIWebView previously. The limitations are:

  1. Cookies don’t persist. This is a WebKit bug, but someone has created a plugin for a workaround. See CB-12074
  2. Can’t delete cookies. This is/was a WebKit bug (2015), we need to test for the iOS 11/12. See CB-11297
  3. Can’t execute JavaScript code in the background. There are several issues related to this. See CB-12815
  4. XmlHttpRequests don’t work, because of Cross-Origin Resource Sharing issue (CORS). There is a workaround plugin created by Oracle (UPL licensed, which is Apache-2.0 compatible). See CB-10143
  5. Migration of localStorage from UIWebView. There is a migration plugin available. See CB-11974
  6. iframes will not be supported any longer (they are now CORS restricted in WKWebView), and may be partially or completely broken. This may lead to incompatibilities with the same code in other Cordova platforms.
  7. Known issues with WKWebView on iOS pre-11 which will be deprecated and dropped in a future Cordova release

There are several bugs that need to be resolved as well. The full list here:

Update (2018-11-26): See also: Core Intuition.

Update (2019-06-14): Brady Eidson:

It’s been a year since we formally deprecated UIWebView and WebView.

They’re still in iOS 13 and macOS Catalina but are still going away in future releases.

We’ve gathered tons of great feedback in the last year, but want even more.

Update (2019-08-15): Isaac Halvorson:

I’ve spent the last two weeks migrating a simple WebView to WKWebView in our macOS app due to an issue in Catalina. Now that I’ve finished, it works fine in Catalina, but is broken in pre-Catalina macOS versions. So I guess I’ll just inject one or the other depending on what OS?

This has been a ridiculous process, especially because of the huge lack of APIs WKWebView has compared to the old WebView. WebView makes things SO much easier. I had to write a ton of custom code just to make WKWebView do the same things WebView does out of the box.

Update (2019-11-06): Ken Case:

OmniWeb is in an awkward place right now, rebuilt on top of WebKit 2 only to discover it doesn’t support some essential features a daily-use browser needs—like password autofill.

Monday, June 18, 2018

Faster Swiping Between Pages

Keir Thomas:

One of the irritations is that, if you’re using a trackpad, it reloads the page each time you two-finger swipe to go back. This can be slow but also infuriating if you’re scrolling through an auto-updating webpage list, for example, because the page will reload and you’ll be thrown back to the top of the list.

The solution is to activate three-finger back gesture—and then train yourself to make use of it. Here’s why: For reasons only known to Apple software engineers, using this gesture instead of the standard two-finger swipe means the page isn’t reloaded. It’s looks just as it did when you clicked away from it and it instantly appears without any redrawing or rendering.

The only caveat is that—again for reasons unknown to we mere morals—the three-finger swipe gesture works in the opposite direction compared to the two-finger swipe.

I’ve also noticed weirdness swiping with a Magic Mouse. System Preferences offers three options for “Swipe between pages”:

I’m not sure whether there is supposed to be a difference in the gesture between scrolling and swiping. The first option is the default and does not work well for me. I have frequent problems where either (a) nothing happening when I try to change pages, (b) it changes pages unintentionally, or (c) it starts to change pages, gets stuck partway through, and the Mac stops responding to input for 5–10 seconds. Even when it does work, this swiping feels slow because of the long animation of the page sliding over.

Swiping with two fingers has none of these problems and is also much faster. However, it comes at a cost: if you’re using two fingers to change pages you can’t also use two fingers for “Swipe between full-screen apps,” which I use to change spaces. There is no option in System Preferences to use a different mouse gesture to change spaces. (I also tried setting one up with BetterTouchTool but was unsuccessful.)

Update (2018-06-19): Friedrich Markgraf:

I believe scrolling with one finger actually scrolls the ScrollView to the appropriate edge, and when it goes into overscroll, starts moving the whole page. Try it on a view that has a horizontal scroller.

Quick Look Cache Reveals Sensitive Data From Encrypted Drives

Wojciech Regula:

I found out that Quicklook registers XPC service that is responsible for creating thumbnails database and storing it in /var/folders/…/C/ directory.

It means that all photos that you have previewed using space (or Quicklook cached them independently) are stored in that directory as a miniature and its path. They stay there even if you delete these files or if you have previewed them in encrypted HDD or TrueCrypt/VeraCrypt container.

Via Swati Khandelwal:

Patrick Wardle, chief research officer at Digital Security, equally shared the concern, saying that the issue has long been known for at least eight years, “however the fact that behavior is still present in the latest version of macOS, and (though potentially having serious privacy implications), is not widely known by Mac users, warrants additional discussion.”


In a separate blog post, Wardle demonstrated that macOS behaves same for the password-protected encrypted AFPS containers, eventually exposing even encrypted volumes to potential snooping.

This also affects third-party applications such as EagleFiler that use Quick Look to display images.

Update (2018-06-20): See also: MacRumors, Slashdot, ZDNet.

Update (2018-06-25): Patrick Wardle:

Want to disable Quick Look from caching your sensitive files?

$ qlmanage -r disablecache

Howard Oakley:

I am delighted to offer an update to improve my new tool for managing your QuickLook (or Quick Look) cache, Aquiline Check.

Update (2018-06-26): Howard Oakley:

Here is a brief overview of some of the potentially sensitive information which macOS secretes away in unexpected places.

How Apple Can Fix 3D Touch

Eliz Kılıç:

Not all of these buttons can be 3D Touched. How are you supposed to know which is which? The only possible thing you can do is try 3D Touch and remember it. And to make things worse, 3D Touch is not a gimmick anymore. You need to know you should be pressing hard on the “4 Button Control” to access “Personal Hotspot” or “AirDrop” toggles.

Now that we know what the problem is, here is my solution. Like we did with the link texts years ago on the web, we should visually distinguish 3D Touchable buttons.


My solution is adding a line on bottom-right of things that can be 3D Touched. Let’s call them Force Decorators (with reference to Force Touch).

Via John Gruber:

Total agreement from me on this.

Craig Mod:

Not only is 3d touch undiscoverable but it only reliably activates about half the time (less so on home screen icon grid). 3D touch and the touch bar are two of the most inscrutable apple design decisions in recent years.

Benjamin Mayo:

It’s been three years since Apple debuted pressure-sensitive screens and I still have conversations with my family about how to access what should be simple features … features that just so happen to be gated behind a firm press gesture.

Apple’s usage of 3D Touch throughout the system is inconsistent. that they artificially wall off features with 3D Touch gestures, when they aren’t needed at all. In Control Centre, you should be able to long-press on the platters to open them up. There’s no reason for this action to rely on pressure. Another case of this kind of misappropriation is the ‘Clear All Notifications’ button in Notification Centre. A long-press could serve the same job, and it doesn’t. That’s weird.

The iPhone X Suica Problem

Joel Breckinridge Bassett:

The iPhone X Suica problem is an issue that causes transit gate errors when using Suica Express Transit on iPhone X. Errors occur with any transit gate or any reader device. Overall iPhone X Suica transit gate performance is sluggish. iPhone 8 / 8 Plus and Apple Watch Series 3 are free of the Suica problem and work reliably. It’s not clear what the cause of the problem is: iOS 11 software or a iPhone X NFC related hardware flaw.

Joel Breckinridge Bassett (via Meek Geek):

It’s a problem in Japan because transit cards like Suica require much higher performance than low performance EMV contactless credit cards. Transit gates are not cash registers. EMV was developed for slow pokey credit card payments at your local supermarket, not whizzing through a transit gate at Tokyo rush crush hour. This is why EMV sucks at transit.


I believe that Apple’s inability to fix the iPhone X Suica problem despite multiple iOS 11 updates is proof of a iPhone X NFC related hardware problem: if it was just software it would be fixed by now.


Whatever the outcome, Apple’s complete silence and non-action regarding the iPhone X Suica problem has left iPhone X Japanese customers saddled with an inferior product that does not work with Apple Pay in Japan.

Previously: iPhone 6 Bendgate and Touch Disease.

Update (2018-06-19): Friedrich Markgraf:

FWIW I had great trouble pairing a Sony Alpha 7 III with iPhone X via NFC. It took me multiple minutes, but eventually it worked.

Update (2018-06-23): Joel Breckinridge Bassett:

iPhone X users with Suica problem units have no reliable way to obtain a good unit because Apple Support has no method to identify bad units or supply good units for exchange.

Update (2018-07-16): Joel Breckinridge Bassett:

The bad news: iOS 11.4.1 does not fix the iPhone X Suica Problem.

Update (2018-07-24): Joel Breckinridge Bassett (tweet):

Enough nonsense, if Apple can’t call it I’m calling it: iPhone X units produced before April 2018 have a NFC problem.

Update (2018-07-27): See also: iPhone X Suica Problem Q&A.

Update (2018-08-17): Joel Breckinridge Bassett:

As you can see below, the reader feedback iPhone X production tally suggests Apple made production changes in April 2018 that fixed iPhone X NFC hardware issues. I call these NFC error free units Revision B iPhone X. Readers report that Rev-B iPhone X NFC performance is substantially better and immediately noticeable.

Update (2018-09-03): Apple:

Apple has determined that a very small percentage of iPhone 8 devices contain logic boards with a manufacturing defect. Affected devices may experience unexpected restarts, a frozen screen, or won’t turn on. Apple will repair eligible devices, free of charge.

Joel Breckinridge Bassett:

Hopefully it will not be long before the other shoe drops and Apple issues a iPhone X Logic Board Replacement Program for the “very small percentage” of iPhone X units with defective NFC. The iPhone 8 Replacement Program came first because its logic board is much easier to replace, not so for iPhone X which is considerably more complex, and costly.

Update (2018-09-07): Joel Breckinridge Bassett:

The feel of Apple Pay Suica on a Rev-B iPhone matches what readers have been reporting: NFC performance is snappy with none of the problem iPhone X lag or errors going through the transit gate. The difference will be noticeable if you are familiar with Apple Pay Suica performance on iPhone 7.

Update (2018-09-11): Joel Breckinridge Bassett:

A reader in America took the iPhone X Suica NFC problem unit replacement challenge and shared his experience. He had to go to the Apple Store Genius Bar but was able to obtain an exchange for a 2018 Production Week 32 Rev-B iPhone X.


It’s very disturbing that Apple has internal support docs acknowledging the iPhone X NFC issue but refuses to acknowledge the issue publicly.

Joel Breckinridge Bassett:

To me 7 months of faulty iPhone X production (September 2017~March 2018) is a huge design failure. NFC on iPhone X was a dud. There is no way around it. There is no other excuse or explanation. The worst part is that Apple willingly sold iPhone X devices they knew were bad up to the April 2018 Rev-B iPhone X production switchover. The internal support doc is Apple’s attempt to limit a potentially huge number of iPhone X exchanges to something manageable: problem iPhone X devices using Apple Pay Transit in Japan and China.


Do not expect Apple to issue an exchange program: the internal support doc and iPhone X production tally prove the iPhone X NFC problem is too big and unwieldy to conveniently window down to a “very small percentage”of devices.

Joel Breckinridge Bassett:

More bad: Docomo source said they knew about iPhone X Suica problem but told to keep quiet

Update (2018-10-24): Joel Breckinridge Bassett:

iOS 12 Apple Pay Suica bugs are causing headaches for some users getting exchanges for iPhone X Suica problem devices (a NFC hardware problem across all iOS versions): users find they have the same Suica problems running iOS 12 (iOS 12.0 specific software bugs) on NFC hardware problem free Revision B iPhone X devices. Unfortunately for iPhone X users the 2 issues merge in a perfect storm. It’s confusing and only natural to assume nothing is fixed and yet another Apple Support runaround iPhone X exchange is needed to fix it. If you are using iOS 11.4.1 on Apple Pay Suica iPhone X, I suggest staying with it and not updating to iOS 12 just yet.

Update (2021-10-19): Joel Breckinridge Bassett:

One of the weird aspects of the saga is that I’m almost certain it was an Apple employee who emailed and suggested that I gather and compare iPhone X manufacturing dates to find the cause. That and the internal Apple Support doc says all that you need to know: Apple knew iPhone X NFC was defective but chose to ignore the problem and ride it out.

Apple chose this path of inaction because: (1) it was only a problem in Japan as Japan was the only country with Apple Pay Express Transit at the time, (2) Apple considered the Japanese market expendable enough to hang out and dry because Japanese customers don’t complain loudly like American and European customers or at least enough to cross the language barrier (so convenient that), (3) the IT tech press wasn’t competent enough to catch and report the issue.

Who Gets to Be on the Steam Store?


The challenge is that this problem is not simply about whether or not the Steam Store should contain games with adult or violent content. Instead, it’s about whether the Store contains games within an entire range of controversial topics - politics, sexuality, racism, gender, violence, identity, and so on. In addition, there are controversial topics that are particular to games - like what even constitutes a “game”, or what level of quality is appropriate before something can be released.


Valve shouldn’t be the ones deciding this. If you’re a player, we shouldn’t be choosing for you what content you can or can’t buy. If you’re a developer, we shouldn’t be choosing what content you’re allowed to create. Those choices should be yours to make. Our role should be to provide systems and tools to support your efforts to make these choices for yourself, and to help you do it in a way that makes you feel comfortable.

With that principle in mind, we’ve decided that the right approach is to allow everything onto the Steam Store, except for things that we decide are illegal, or straight up trolling. Taking this approach allows us to focus less on trying to police what should be on Steam, and more on building those tools to give people control over what kinds of content they see.

Previously: Lessons Learned From the App Store.

Friday, June 15, 2018

On the Sad State of Macintosh Hardware

Quentin Carnicelli (tweet, Hacker News, John Siracusa, MacRumors):

The inevitable march of technology means Mojave won’t install on all of our older hardware. There’s no shock there, but the situation is rather distressing when it comes to spending money to purchase new equipment. Here is the situation, as reported by the wonderful MacRumor’s Buyers Guide[…]

At the time of the writing, with the exception of the $5,000 iMac Pro, no Macintosh has been updated at all in the past year.


It’s very difficult to recommend much from the current crop of Macs to customers, and that’s deeply worrisome to us, as a Mac-based software company. For our own internal needs, we’ve wound up purchasing used hardware for testing, rather than opting to compromise heavily on a new machine. That isn’t good for Apple, nor is it what we want.

Rogue Amoeba:

We really didn’t think of it as especially gutsy or brave, because a stagnant Mac lineup is an existential threat to our company. We only hope this penetrates Apple’s bubble.

Sebastiaan de With:

I wrote this a year ago, hopeful that Apple would truly put more effort into the Mac.

It didn’t happen. I’m so stupefied as to why a company so big, ambitious and wealthy can’t maintain the Mac. Heartbreaking seeing so many creatives leave the platform.

John Gruber (tweet):

I’d really love to see Apple get Mac hardware on a roughly annual schedule, even if most years they’re just speed bumps, like they were a decade ago.

Nick Heer:

What is the acceptable shelf life of a Mac? How old can a model be before it becomes uncouth to sell it as new? I remember when Macs used to get regular, approximately-annual spec bumps. It wasn’t that long ago — maybe five years or so. Has something changed since 2013 that seemingly makes difficult for the Mac to be updated more frequently?

When Apple launched the 2016 MacBook Pro models — the first models with the Touch Bar — members of their executive team spoke with Shara Tibken and Connie Guglielmo of CNet. Schiller mentioned that the new models took a while to be launched because they “didn’t want to just create a speed bump on the MacBook Pro”. I hope that’s not their attitude across the product line. People love spec bumps; it helps customers know that they’re getting the newest model they can, and reassures them that it will last longer.

Michael Rockwell:

It feels like the folks at Apple believe that they need to introduce brand new features and top-down redesigns every time they update a Mac. But that couldn’t be further from the truth. Minor updates to the internal components every 6-12 months is all we really need — just enough to keep us from feeling like we’re getting ripped off when we go to buy something in the lineup.

Nick Heer:

At what point does it become disingenuous to mark a product as “new”? The iMac was last updated over a year ago, as far as I can tell.

John Gruber (tweet, Hacker News):

But the striking thing to me is just how much smaller the Intel NUC is. It’s only a little bit bigger than an Apple TV. Calling the Mac Mini “mini” is absurd in 2018.

Previously: New Mac Pro Won’t Arrive Until 2019, Mac mini Turning 3.5 Years Old, How Apple Alienated Mac Loyalists, Understanding Apple’s Marginalization of the Mac.

Update (2018-06-16): Bob Burrough:

Phil Schiller says using a 5 year old computer is sad, while other Apple executives look on and laugh.

Update (2018-06-18): Tony Arnold:

The fact I (a die hard Apple fan since the Apple II) even considered a Hackintosh, let alone spent money to build one should give Apple’s management some idea of how bad their maintenance and stewardship of the Mac hardware platform really is.

Parsing AppleScript

Chris Nebel:

AppleScript’s parser works mostly like any other parser: there’s a tokenizer that breaks the input into meaningful pieces, in particular, identifiers. The key difference is that there’s an extra phase to handle multi-word identifiers.


When reading an app’s dictionary, AppleScript takes all the terminology identifiers, which consist of one or more words, and runs the tokenizer on them to break them into word sequences.

When parsing source and it comes to a word, it starts looking for more immediately following words, greedily matching the longest valid sequence.


Precedence is fixed. Mostly. There used to be a “tightBindingFunction” flag you could attach to commands, I suspect so you could define a “cos” function that would work in expressions without needing parentheses. I never saw anyone use it, though.

The Unified Log in macOS Mojave: Signposts and Instruments

Howard Oakley:

Mojave is set to offer no respite or solution for the system administrator or advanced user. Console and the log command may have gained a few tweaks, but there are no signs of their being any more capable. However, Apple is introducing new features which should be very helpful to developers, particularly when optimising and tuning their products. As with WWDC 2018 as a whole, Mojave’s log is now about ‘doubling down’ on performance.


Signposts can have ‘metadata’ attached, which are roughly comparable to the contents of a normal eventMessage in os_log. Signposts additionally support an .event type as well as .begin and .end.

Points of Interest allow the developer to track where in the app a user is at a given moment, using the category .pointsOfInterest.


Apple has not stated how Signposts work with respect to the unified log.

See also: Measuring Performance Using Logging.

Previously: macOS 10.12.4 Locks Console Log Away From Normal Users, Sierra Logging Spew.

How to Improve Your Productivity as a Working Programmer

Michael Malis (via Dan Luu):

I now schedule meetings specifically at the times of the day when I’m least productive. It doesn’t take a ton of energy to sit through a meeting, and scheduling my day this way allows me to work when I’m most productive. Think of it this way. If I can move a single 30 minute meeting from the time when I’m most productive to the time of the time at which I’m the least productive, I just added 30 minutes of productive time to my day.


After watching a recording of myself writing code, I realized I was spending about a quarter of the total time implementing the feature tracking down which functions the bugs were in! This was completely non-obvious to me and I wouldn’t have found it out without recording myself. Now that I’m aware that I spent so much time isolating which function a bugs are in, I now test each function as I write it to make sure they work. This allows me to write code a lot faster as it dramatically reduces the amount of time it takes to debug my code.


At the end of every day, I spend 15 minutes thinking about my day. I think about what went right, as well as what went wrong and how I could have done better. At the end of the 15 minutes, I’ll write up my thoughts. Every Saturday, I’ll reread what I wrote for the week and implement changes based on any patterns I noticed.

You Are Probably Using the Wrong HDMI Cord

Alex Cranz (via John Gordon):

The first thing to understand is that the HDMI cable is not like the component, composite, or S-video cables you might have plugged into your TV in years past. All that mattered with those cables is that they were well made and had the right plugs. HDMI cables are more like USB or ethernet cables, however. There are different versions that look identical on the outside, but can grossly affect how much data you’re moving from point A to point B. You know how that old USB 2.0 cord slows down your external hard drive compared to a USB 3.0? HDMI is subject to the same kind of limitation—specifically, bandwidth.

There are, to date, seven different HDMI versions, starting with 1.0, which was introduced back in 2002, and currently ending with 2.1, which was only announced back in November of 2017.


At this point, you might think you cracked the code, as if you could just go out, find an HDMI 2.0 or 2.1 cable, plug it in, and you’re good to go. Unfortunately, in 2012 HDMI pulled a truly bonehead move and essentially forbid anyone from actually saying what standards their cables support.

Update (2018-06-23): Ashley Bischoff:

And I gather that compatibility is less of a concern than the author makes it out to be.

This comment from spoonTRex seems to sum things up decently.

We Are All Trapped in the “Feed”

Om Malik:

No matter where I go on the Internet, I feel like I am trapped in the “feed,” held down by algorithms that are like axes trying to make bespoke shirts out of silk. And no one illustrates it better than Facebook and Twitter, two more services that should know better, but they don’t. Fake news, unintelligent information and radically dumb statements are getting more attention than what matters. The likes, retweets, re-posts are nothing more than steroids for noise. Even when you are sarcastic in your retweets or re-shares, the system has the understanding of a one-year-old monkey baby: it is a vote on popularity.

Thumbs down, a feature that should have more adoption and utility, doesn’t work, because it doesn’t bring the dopamine rush of the like. I mean, to dislike something, you have to think. As a result, with every day that passes, the noise increases. What is essential, remains buried in the background, looking, seeking and praying for attention.


The question then is who will save us from the feed? It has to be someone whose principal business is not monetizing their customers by selling their data and advertising. For now, I think Apple is one of the companies which can do something about this. Apple News is a credible application, but it needs to embrace the web and become more open.

A New Home for ToothFairy

ToothFairy has been one of my favorite little Mac utilities since I first heard about it last year. If you’ve used AirPods with a Mac, you know that they don’t auto-switch the way you might expect. ToothFairy fixes that, as much as third-party utility can, by letting you click a menu bar icon (or press a hotkey) to connect the AirPods to your Mac. It also shows you the battery level and can help ensure that you’re getting the best audio quality. I keep referring to AirPods because that’s what I use, but it also works with other Bluetooth headphones and headsets.

I use ToothFairy nearly every day, so I was sorry to see that it had been removed from sale. The developer, Robin Lu (whose code is also in the IAPKit that I mentioned yesterday), got a new job and was no longer able to work on it. Happily, he’s let me acquire the app so that I can ensure that development continues. I’m pleased to report that ToothFairy is now back in the Mac App Store (exclusively, for now), and I’ve released a maintenance update. My thanks to Robin for developing ToothFairy in the first place and for trusting me with his creation.

Thursday, June 14, 2018


Black Pixel (tweet):

Last week at WWDC 2018 Apple announced they are officially supporting free trials for apps via a Non-Consumable IAP item. Inspired by The Omni Group, this is exactly the approach Black Pixel took last year when releasing Kaleidoscope 2 and Pixelboard.

Last Summer when working on these two apps, we decided to create a shared framework to use internally that would wrap the iOS SDK APIs necessary to provide a smooth consistent experience with starting a free trial and upgrading to full app versions. Today we are open sourcing the fruit of this labor as IAPKit.

Previously: Mac App Store Sandboxing, IAP Trials, Multiplatform Services.

Intel FPU May Spill Crypto Secrets to Apps

Chris Williams:

The security shortcoming involves what’s known as lazy FPU state restore. Operating system kernels would only save and restore the floating-point unit (FPU) registers, and other context information, when programs were actually using the math unit.

This, it turned out today, through a security gaffe in Intel’s blueprints related to Spectre-Meltdown Variant 3A, allows a program to obtain scraps of the FPU context of another app. Variant 3A allows applications to read system registers that only privileged code should be allowed to peek at.

The fix is to employ a mechanism called eager FPU state restore, which modern Linux, Windows and other kernels use. These mitigations do not carry a performance hit – in fact, eager state switching can increase performance.

It says that only older Windows and Linux versions are vulnerable—no mention of macOS.

Previously: Intel CPU Design Flaw Necessitates Kernel Page Table Isolation.

Shortcuts: A New Vision for Siri and iOS Automation

Federico Viticci:

On the surface, Shortcuts the app looks like the full-blown Workflow replacement heavy users of the app have been wishfully imagining for the past year. But there is more going on with Shortcuts than the app alone. Shortcuts the feature, in fact, reveals a fascinating twofold strategy: on one hand, Apple hopes to accelerate third-party Siri integrations by leveraging existing APIs as well as enabling the creation of custom SiriKit Intents; on the other, the company is advancing a new vision of automation through the lens of Siri and proactive assistance from which everyone – not just power users – can reap the benefits.

While it’s still too early to comment on the long-term impact of Shortcuts, I can at least attempt to understand the potential of this new technology. In this article, I’ll try to explain the differences between Siri shortcuts and the Shortcuts app, as well as answering some common questions about how much Shortcuts borrows from the original Workflow app.

Training a Text Classifier with Create ML

Mattt Thompson:

Consider this: in under an hour, we went from nothing to a working solution without any significant programming. That’s pretty incredible.

Create ML is a powerful way to prototype new features quickly. If a minimum-viable product is good enough, then your job is done. Or if you need to go even further, there are all kinds of optimizations to be had in terms of model size, accuracy, and precision by using something like TensorFlow or Turi Create.

Apple’s Design Language Has Killed Fun in Consumer Electronics

Mike Murphy:

For a while, the company stuck to this design trend, selling increasingly ambitious and playful products, including the original iPod, the iBook G4, the Power Mac G4 Cube, the iPod Nano, Touch, and Shuffle, and even the iPhone 5c. Today, the only colors you’ll find on Apple products is black, white, shades of grey, and occasionally, gold. We don’t even have rose gold anymore. Real pops of color are reserved for accessories like watch bands and phone cases.

Something changed over the last decade. Perhaps it was the hiring of Angela Ahrendts from Burberry to run Apple’s retail division and her increasing influence within the company. Perhaps it’s just because metal looks more premium than plastic does. For whatever reason, Apple looks and acts far more like a luxury brand than a consumer-technology brand in 2018.

Previously: What Happened to Apple’s Whimsy?.

Update (2018-06-15): But on the software side, Mojave is adding accent colors.

Update (2018-06-24): Riccardo Mori:

Now, perhaps Murphy’s piece is guilty of all the faults the Macalope points out — it all boils down to the author cherry-picking examples to fit his narrative — but the Macalope, in his rebuttal, does exactly the same. He points out that Apple still has colourful products: there’s the (PRODUCT)RED iPhone, there are the iPod touch colour options, there are the bands for the Apple Watch. These examples are valid, but weak.

Slix ~ Jeremy:

Still don’t see why Apple dropped the metallic colors, since the iPod line had a really good thing going for a long time. I think the colors and textures from the iPod nano 4th generation line could easily be put onto iPhones and people would eat them up.

Amazon Fire TV Cube

Mitchel Broussard:

Amazon today unveiled its latest “Fire” branded product, called the “Fire TV Cube.” The company describes the device as a hands-free box that streams 4K Ultra HD video using Alexa voice controls. The set-top box appears to have many features similar (or coming soon) to the Apple TV 4K, with 4K HDR content, smart assistant integration, HDMI CEC, Dolby Atmos support, and more.


The Fire TV Cube can be pre-ordered today and tomorrow for a special price of $89.99 (for Prime members only), and afterwards the device will cost $119.99. The Cube comes with 16GB of storage, a power adapter, IR extender cable, Ethernet adapter, Alexa Voice Remote, and will begin shipping out to customers on June 21.

Update (2018-06-24): Lauren Goode:

If you’re thinking of buying the Amazon Fire TV Cube, stop right there: it’s slow, talking to your TV gets old, and your significant other or roommate may very well move out if you buy it.

Tuesday, June 12, 2018

I Can Be Apple, and So Can You

Dan Goodin:

For almost 11 years, hackers have had an easy way to get macOS malware past the scrutiny of a host of third-party security tools by tricking them into believing the malicious wares were signed by Apple, researchers said Tuesday.


The technique worked using a binary format, alternatively known as a Fat or Universal file, that contained several files that were written for different CPUs used in Macs over the years, such as i386, x86_64, or PPC. Only the first so-called Mach-O file in the bundle had to be signed by Apple. At least eight third-party tools would show other non-signed executable code included in the same bundle as being signed by Apple, too. Affected third-party tools included VirusTotal, Google Santa, Facebook OSQuery, the Little Snitch Firewall, Yelp, OSXCollector, Carbon Black’s db Response, and several tools from Objective-See. Many companies and individuals rely on some of the tools to help implement whitelisting processes that permit only approved applications to be installed on a computer, while forbidding all others.

Mitchel Broussard:

Developer Patrick Wardle spoke on the topic, explaining that the bypass was due to ambiguous documentation and comments provided by Apple regarding the use of publicly available programming interfaces that make digital signature checks function: “To be clear, this is not a vulnerability or bug in Apple’s code… basically just unclear/confusing documentation that led to people using their API incorrectly.” It’s also not an issue exclusive to Apple and macOS third-party security tools, as Wardle pointed out: “If a hacker wants to bypass your tool and targets it directly, they will win.”

For its part, Apple was said to have stated on March 20 that it did not see the bypass as a security issue that needed to be directly addressed. On March 29, the company updated its documentation to be more clear on the matter, stating that “third-party developers will need to do additional work to verify that all of the identities in a universal binary are the same if they want to present a meaningful result.”

Josh Pitts:

Without passing the proper SecRequirementRef and SecCSFlags, the code signing API (SecCodeCheckValidity) will check the first binary in the Fat/Universal file for who signed the executable (e.g. Apple) and verify no tampering via the cryptographic signature; then the API will check each of the following binaries in the Fat/Universal file to ensure the Team Identifiers match and verify no tampering via containing cryptographic signature but without checking the CA root of trust. The reason the malicious code, or “unsigned” code, must be i386, is that the code signing API has a preference for the native CPU architecture (x86_64) for code signing checks and will default to checking the unsigned code if it is x86_64.


However, to properly check for this type of abuse you need to add an anchor certificate requirement via the following commands:

  • codesign -vv -R=’anchor apple’ ./some_application_or_mach-o # for Apple signed code
  • codesign -vv -R=’anchor apple generic’ ./some_application_or_mach-o # for Apple signed code and Apple developer signed code


Typically, a developer would check the a Mach-O binary or Fat/Universal binary with the following APIs SecStaticCodeCheckValidityWithErrors() or SecStaticCodeCheckValidity() with the following flags:

These flags are supposed to ensure that all the code in a Mach-O or Fat/Universal file that is loaded into memory is cryptographically signed. However, these APIs fall short by default, and third party developers will need to carve out and verify each architecture in the Fat/Universal file and verify that the identities match and are cryptographically sound.

Update (2018-06-13): Objective Development:

Fortunately for us and our users, the consequences this has for Little Snitch are not as as bad as it first seems when reading the various headlines about this issue: What connections are allowed or denied by Little Snitch’s network filter is completely unaffected by this. The only thing that could happen is that Little Snitch would show inconsistent or incorrect information about an app’s code signature, but it would never actually allow connections that should not be allowed.

File Radars Early and Often

Rene Ritchie (tweet):

Soon enough, the priority will begin and end with showstoppers that prevent software from shipping. At that point, the glitches, no matter how maddening, will get deferred. It’s simple project management. Apple has to fix the bugs that can’t be worked around before fixing the bugs that can. And they have to fix the bugs that affect a lot of people before fixing the bugs that affect relatively few.

Right now, though, right when the first betas hit, there’s some breathing room. And that’s where radar comes in. If someone at Apple wants to get a bug fixed, they need a radar to point to. If they want to get a bug fixed as a matter of priority, they need a lot of radars to point to. Otherwise, they simply won’t be given the time to do it.

James O’Leary:

After 11 years, I finally read an Apple engineer give an unofficial deadline to file bugs - they said by beta 3.

Marco Arment:

On one hand, this is true and pragmatic.

On the other hand, it’s stupid that the richest tech company in the world can only fix our reported bugs quickly (and seems to only pay attention to them) during a brief window once a year.

Daniel Jalkut:

To make a difference you need to file bugs often and file them well. I’ve had bugs ignored, duped, fixed, and fixed with honors ;)

There’s a toxic meme in iOS and Mac community that bug filing is pointless. It’s fed by misinterpreting Apple’s challenge in replying.

Corbin Dunn:

I second this! All bugs are looked at; sometimes the screening process is slow or gets stuck on one person, or in the wrong queue. Having an existing bug rack up duplicate reports will help increase its priority.

Installing and Debugging on Mojave

Howard Oakley:

Many developers are reporting that they have been unsuccessful in getting the initial beta-release of macOS 10.14 Mojave to install on external drives. In many cases, they are connecting the external drive via a USB-C adaptor to a MacBook or MacBook Pro.

I too had exactly this problem: I connected two different USB3 SSDs to my MacBook Pro 14,1 using a good quality USB-C to USB adaptor. Each time that I ran the Mojave installer to install on that external SSD, all it did was copy the install files into a folder, restart, then drop me back into High Sierra from the Mac’s internal SSD.

Jeff Johnson (tweet):

On Mojave, however, the first time after login that you try to debug an app without the entitlement, the system displays a modal dialog requesting an administrator password:

Developer Tool Access needs to take control of another process for debugging to continue.


Prior to Mojave, Xcode would request on first launch to “Enable Developer Mode on this Mac”. On Mojave, Xcode no longer requests Developer Mode. However, Developer Mode can still be enabled manually with /usr/sbin/DevToolsSecurity -enable in Terminal. After you authenticate with DevToolsSecurity once, Developer Mode is permanently enabled on Mojave, and you won’t have to authenticate again to debug.


What happens on Mojave if you try to debug an app compiled with the hardened runtime? If System Integrity Protection is disabled, then nothing changes; it’s the same as I described in the first section of this blog post. So the hardened runtime is enforced by SIP. With SIP enabled, you can still debug your app if it’s compiled with the entitlement. If an app doesn’t have that entitlement, however, then you can’t debug it at all.


The hardened runtime is also supposed to make the app ignore DYLD_ environment variables such as DYLD_PRINT_LIBRARIES.

Previously: The Impossible Dream of USB-C.

On Paying for Software

Seth Godin (Hacker News):

I like paying for my software when I’m buying it from a company that’s responsive, fast and focused. I like being the customer (as opposed to a social network, where I’m the product). I spend most of my day working with tools that weren’t even in science fiction novels twenty-five years ago, and the money I spend on software is a bargain–doing this work without it is impossible.

To name a few, I’m glad to use and pay for: Overcast, Feedblitz, Discourse, Zapier, Dropbox, Roon, WavePad, Bench, Nisus, Zoom, Slack, SuperDuper, Mailchimp, Hover, TypeExpander, Tidal, and many others. I wish I could pay for and get great support and development for Keynote.


One of the reasons that I switched from Linx to OSX was so that I could pay for more of my software. Why? Because then I more of the software I used could be maintained by someone who had the time to dig into bugs and UI problems and to fix them. But in Linux, couldn’t I just edit the source myself? Realistically, no. It takes a tremendous amount of effort to source-dive in a totally new project in a language I never use, especially without someone willing to give me a walkthrough of the architecture and fundamental models of the program. It is waaaay more efficient for these to be fixed by an engineer working not in their spare time, but as their full-time job.

Smile Turns 15: an Interview With Greg Scown

Stephen Hackett:

My co-founder Philip introduced himself to me at Macworld San Francisco 2003, where I was exhibiting PageSender, my faxing software. We hit it off, I had an idea for a product, he had the artistic know how, and together we produced DiscLabel, our disc labeling app.


We acquired Textpander from Peter Maurer, now of Many Tricks. Smile shipped TextExpander 1.3 on May 23, 2006, and the post you cite does a good job telling the story. It’s a case of, ‘I really need this app for my life, other people must also’ combined with ‘If I make it, I can ensure it will always work for me.’


If the era of fax and PageSender is over, what’s next? We figured PDFs sent via email would replace faxing. Looking at the PDF editor options showed a huge gap between Apple’s Preview, which was read-only at that time, and Adobe Acrobat, which was far too much for an everyday user. We figured we could fit somewhere between ‘free and very limited’ and ‘crazy expensive and can do everything, only a bit of which you need.’

SVG Favicons in Mojave Safari

Craig Hockenberry (tweet):

Why are the icons different? The answer lies in this one line of page markup:

<link rel="mask-icon" href="/favicon.svg" color="#990000">

We keep a favicon.ico file in the root of the website filesystem for compatibility with browsers that don’t support vector icons. But Safari knows that SVG will look better on a high resolution display, so it checks for a favicon.svg first.

Previously: Safari Should Display Favicons in Its Tabs.

Sunday, June 10, 2018

On My Misalignment With Apple’s Love Affair With Swift

Dominik Wagner (tweet, Hacker News, Reddit):

On top of all of this, there is that great tension with the existing Apple framework ecosystem. While Apple did a great job on exposing Cocoa/Foundation as graspable into Swift as they could, there is still great tension in the way Swift wants to see the world, and the design paradigms that created the existing frameworks. That tension is not resolved yet, and since it is a design conflict, essentially can’t be resolved. Just mitigated.


If you work in that world you are constantly torn between doing things the Swift/standard-library way, or the Cocoa way and bridging in-between. To make matters worse there are a lot of concepts that don’t even have a good equivalent. This, for me at least, generates an almost unbearable mental load. It leads to writers block and/or running around in cognitive circles trying to answer questions on how to best express the problem, or make Swift be happy with my code.


Yes, Swift code might end up being more correct in the end. It also might alert you to edge cases early on. However, the flip side is it inhibits your creativity while writing.


In my opinion, a lot of the “lofty goals” haven’t been achieved, and as discussed, should even be non-goals. Just imagine a world where Objective‑C would have gotten the same amount of drive and attention Swift got from Apple? It is not a big leap to see that everyone would be better off right now. Swift just ended up being a jack of all trades, master of none.

I agree with most of what he says, except that overall I do like programming in Swift, and I prefer it to Objective-C most of the time. I suspect I would also like an enhanced Objective-C much more than the Objective-C that we actually have. I remain unconvinced that Swift was the right strategy for Apple to take vs. putting the same amount of effort into improving Objective-C. But that decision was made long ago. I do not, as he suggests, want to see a pivot back to try that path now. I think Swift (and the frameworks and tools) can get to where they need to go, but a long way remains, and it will require continued sustained focus to get there.

Update (2018-06-10): See also these Twitter threads from: Daniel Pasco, Dominik Wagner, Nick Lockwood, Marcel Weiher, Ilja A. Iwas.

Update (2018-06-11): See also: Steven Sinofsky, Alexis Gallagher, Dominik Wagner, Lukas Spieß, Colin Wheeler, Kyle Bashour, Gopal Sharma, Daniel Pasco, Marco Scheurer, Helge Heß, Kristof.

Update (2018-06-12): See also: Stan Chang Khin Boon, Jonathan Gerlach, Marcin Krzyzanowski, Joe Groff, Steven Sinofsky (tweet).

Update (2018-06-21): Stefan Lesser:

I wanted to write a thoughtful article in response to Dominik Wagner’s “On my misalignment with Apple’s love affair with Swift”. During my research I realized, that Chris Lattner had already done this. Sort of. 17 months before Dominik published his piece.

Dominik Wagner:

Hehe, going full circle. Part of the motivation for my writing down my critique was based on this interview. A lot of the arguments boil down to deferring to the future, are all over the place, or (e.g. fast) not really true.

Colin Cornaby:

Lattner’s responses here are fairly level headed. But the goals mentioned in here, from the Swift manifesto, haven’t necessarily been achieved yet. That’s why they’re stated as goals.

Doesn’t mean Swift will never achieve them, but it’s still a give and take vs Obj-C.

Max Seelemann:

It’s also definitely good to have both sides of the [Swift] story told.

I’m still very much torn in-between though. I’m confident that at no point in the past, switching to Swift would have had net benefits to date. (100% ObjC here.)

But I’m also clear that this day will come…

Also… not a single one of the “core problems” of Objective-C stated in Chris’ post seriously affects us. It’s definitely not memory safety that keeps us up at night.

Devil’s advocate could say, Swift is fundamentally solving problems people (we) aren’t having.

Which brings it down to (for us): Everything Swift offers is a long list of very desirable nice-to-haves.

And in that point I’m totally siding with @monkeydom – there are no essential, fundamental issues being solved. (Again: for us)

Nobody asked, but here I go anyway:

If I had to put my finger on the #1 pain point for us in recent years (!), it’s never been the language.

It’d be frameworks lacking behind in quality. (bugs, workarounds) And UI programming paradigms not evolving with time. (e.g. reactive)

My sincere hope is though, that Swift lays the foundations for that to be tackled one day.

And that once we’re there, it will have fundamental effects on how we do apps.

And so I’m still torn in-between.

Dominik Wagner:

I think the (hidden) cost of complexity is undersold. And Swift opened that bottle wide up by making all the regular things very complex. And as of now it doesn’t even have the big benefits, e.g. like rust’s concurrency safety or full C++ style speed.

Update (2018-08-13): See also: Hacker News.

Friday, June 8, 2018

Intelligent Tracking Prevention 2.0

John Wilander (Hacker News, The Verge):

ITP 2.0, as opposed to earlier versions, immediately partitions cookies for domains determined to have tracking abilities. The previous general cookie access window of 24 hours after user interaction has been removed. Instead, authenticated embeds can get access to their first-party cookies through the Storage Access API. The API requires that the user interacts with the embedded content.


ITP 2.0 has the ability to detect when a domain is solely used as a “first party bounce tracker,” meaning that it is never used as a third party content provider but tracks the user purely through navigational redirects.


Through our research, we found that cross-site trackers help each other identify the user. This is basically one tracker telling another tracker that “I think it’s user ABC,” at which point the second tracker tells a third tracker “Hey, Tracker One thinks it’s user ABC and I think it’s user XYZ.” We call this tracker collusion, and ITP 2.0 detects this behavior through a collusion graph and classifies all involved parties as trackers.


ITP’s purging of website data does not prevent trackers from receiving the so called referrer header which reveals the webpage the user is currently on. In ITP 2.0, the referrer, if there is one, is downgraded to just the page’s origin for third party requests to domains that have been classified as possible trackers by ITP and have not received user interaction.

Previously: Safari’s Intelligent Tracking Prevention.

Yahoo Messenger Will Shut Down After 20 Years

Ingrid Lunden (via Luke Dormehl, Hacker News):

It’s the end of an era for Yahoo Messenger, one of the first instant messaging apps on the market. Today, Oath (which also owns TechCrunch) announced that it would be winding down the service on July 17 as it continues to experiment and consider how and if it can have a relevant place in the messaging landscape amid huge domination from Facebook and others in mobile apps.

“There currently isn’t a replacement product available for Yahoo Messenger,” the company writes. “We’re constantly experimenting with new services and apps, one of which is an invite-only group messaging app called Yahoo Squirrel (currently in beta).” Squirrel is a group messaging app Yahoo started testing last month. You can request access to the beta here.

Previously: AIM Will Shut Down After 20 Years.

Facebook Posts Accidentally Made Public

Heather Kelly (via Dylan Byers):

For a period of four days in May, about 14 million Facebook users around the world had their default sharing setting for all new posts set to public, the company revealed Thursday.

The bug, which affected those users from May 18 to May 22, occurred while Facebook was testing a new feature.

The 2013 Mac Pro, Five Years Later

Stephen Hackett:

On June 10, it will have been five years since Apple first showed off the iteration of the Mac Pro that has come to be known as The Trashcan.

To put that in a little context, it was the same WWDC keynote where iOS 7 and OS X Mavericks were introduced.


That comment about OpenCL is an important one. Apple had bet big that executing computational tasks on the GPU was going to be a big deal, but it never really took off on the Mac. Maybe that was due to OpenCL itself, or the high cost of entry to the Mac Pro, but the truth is that the CPU remained the heart of most workflows for high-end Mac users.

As this was going on, Mac Pro customers started complaining of GPU failures. In February 2016, Apple opened a Repair Program for the machine, as Joe Rossignol reported[…] Even with the GPU issues, Apple failed to revise the computer in any way.

And now OpenCL is deprecated.

Previously: New Mac Pro Won’t Arrive Until 2019.

Thursday, June 7, 2018

Removed in macOS 10.14 Mojave

Tim Hardwick:

When Apple released iOS 11, the company removed built-in integration with Twitter, Facebook, Flickr, and Vimeo, a feature that allowed iPhone and iPad users to store their third-party account information and access it within apps that needed to use those services.

The equivalent integration remains in macOS High Sierra, but Reddit user Marc1199 has noted that Apple appears to have removed support for third-party accounts completely in macOS 10.14 Mojave.

Paul Haddad:

Apple killed off subpixel antialiasing in 10.14 and called it a “refinement”. Not sure they know what that word means.

To be clear, having all NSViews backed by layers is a good thing. Framing loss of font smoothing as a refinement is 🙄

Mike Rundle:

It means Apple no longer cares about non-retina Macs like the MacBook Air and thinks owners of those machines won’t notice rough, jagged text when they “upgrade” to Mojave.

Mitchel Broussard (Hacker News):

Alongside the new features, Apple has confirmed that it is deprecating OpenGL (Open Graphics Library) and OpenCL (Open Computing Language) in favor of Metal.

This means that apps built using OpenGL and OpenCL will still run in Mojave, but they will no longer be updated after macOS 10.14 launches. Apple encourages games and “graphics-intensive apps” built with OpenGL to adopt Metal ahead of Mojave’s launch, and apps that use OpenCL for computational tasks “should now adopt Metal and Metal Performance Shaders.”


Although Apple’s decision to deprecate the older technology in favor of its own graphics API may not be surprising, some game developers have begun criticizing Apple for the move, particularly how it affects the future of gaming on Mac. Notably, OpenGL is an open-source, cross-platform solution that made it simple for developers to build games on both Mac and PC at the same time, providing some parity to a platform that many have agreed is lacking as a gaming hub.

Chris Messina:

⚰️ RIP Safari Extensions

“Safari Extensions installed from the Safari Extensions Gallery is deprecated with Safari 12 on macOS. Submissions to the Safari Extensions Gallery will no longer be accepted after December 2018”

Tim Hardwick:

As expected, Apple confirmed yesterday during its WWDC keynote that macOS 10.14 Mojave will be the last version of macOS to support legacy 32-bit apps.

Previously: John Carmack’s Steve Jobs Stories, macOS 10.13.4 to Warn About 32-bit Apps Starting April 12.

Update (2018-06-07): Rob Mathers:

You might want to add that developer-signed (not in the gallery) Safari Extensions are gone completely, not even deprecated.

Jeff Nadeau:

FYI the subpixel antialiasing change is unrelated to layer-backing on a technical level. We’ve had techniques for accomplishing smoothing in layer-backed text for years.


One other unmentioned point. Xcode 10 loses support for Subversion.

Update (2018-06-08): Jeff Johnson:

On Mojave you can no longer “Use dark menu bar and Dock” in non-dark mode.

I am not amused.

Nick Lockwood:

So many bad takes about Apple deprecating OpenGL. The reality is that this does not matter.

Windows games use DirectX instead of OpenGL, this doesn’t make it any harder to port them.

Most indie games are made using high-level game engines like Unity that already support Metal.

Apple didn’t kill OpenGL, it’s been dead in the water as a cross platform standard for some time.

The future is clearly DX on Win, Metal on iOS/Mac and Vulkan everywhere else

Hopefully a good, open source SDL-like wrapper that abstracts these three APIs will emerge at some point

Update (2018-06-12): John Siracusa:

Now that the new version of Safari has killed all non-App-Store extensions, I would pay a surprising amount for a replacement for this.

Update (2018-09-07): Mark Alldritt:

Non-system scripting additions are no longer supported by Mojave, so Script Debugger will not display them in Dictionary view.

Swift 4.2

Ole Begemann:

I made a “What’s new in Swift 4.2” playground for Xcode 10: new collection algorithms, random numbers, enumerating enum cases, and more.

Ole Begemann:

Working with random numbers in Swift used to be a bit of pain because there was no native random number API. Developers had to fall back on C APIs provided by the operating system, which are often easy to misuse. Moreover, the preferred random number API differs between platforms (e.g. arc4random vs. rand vs. random), making it difficult to write cross-platform code.

Swift 4.2 makes this much easier by including a native and fairly full-featured random number API in the standard library. You can read about the full API and its design rationale in Swift Evolution proposal SE-0202).

Previously: Swift 4.1.

Update (2018-06-09): Roadfire Software (via Hacker News):

In What’s New in Swift at WWDC 2018, Apple gave a quick overview of what’s new in Swift 4.2 and Swift 5. You can read my notes below, or you can watch the 40-minute video and download the slides from Apple.

Ole Begemann:

Problem: a manual CaseIterable implementation risks becoming incorrect as a type evolves. The compiler doesn’t catch this.

Solution: a dummy function whose only purpose is to produce a compile error on (almost) the correct line when a new case is added.

It’s ugly but it works.

Update (2018-06-12): Ole Begemann:

New in Swift 4.2, the compiler can generate a collection of an enum’s cases, relieving you from the error-prone task of maintaining such a list yourself. The Swift Evolution proposal that introduced this feature is SE-0194.


The manual implementation is easy enough to write, but it has a major downside compared to compiler-generated code: we now have to remember to keep it up to date. If we later add another workout type to our enum, the compiler won’t alert us that our allCases implementation is no longer correct. It will just silently return the wrong result.

The only workaround I can think of is a little ugly, but it solves this problem in a really interesting way.

Update (2018-08-14): Mattt Thompson:

Swift 4.2 refines Hashable even further by introducing the Hasher type and adopting a new universal hashing function.

Update (2018-09-03): Brent Simmons:

The point still stands, though, that automatic hashing in the case of objects with lots of properties might be a performance hit. As always — use the profiler.

Facebook-WhatsApp Turmoil Takeaway

Felix Salmon:

WhatsApp wasn’t an easy acquisition for Zuckerberg, because the two apps have very different founding principles. Koum, who grew up in Ukraine, believes deeply in privacy; Zuckerberg thinks that the more open and connected we are, the happier we all become. And so in order to acquire WhatsApp, Zuckerberg not only had to pay a lot of money and give up a board seat to Koum; he also had to make a lot of promises. Some of those promises were even enshrined in the acquisition agreement: If Facebook imposed “monetization initiatives” like advertising onto WhatsApp, its founders’ shares would vest immediately, and they could leave without suffering any kind of financial penalty.

Thus did WhatsApp retain exactly the independence that it had been promised—until it didn’t.

Today, it seems inevitable not only that advertising will make it onto WhatsApp, but also that the advertising in question will be targeted—which is to say that when you use the app, Facebook will know exactly who you are, where you live, and what kind of products you might be interested in buying. It’s a complete repudiation of WhatsApp’s founding principles, and makes a mockery of its end-to-end encryption.

Tuesday, June 5, 2018

Mac App Store Sandboxing, IAP Trials, Multiplatform Services

John Voorhees:

As the changes announced implicitly acknowledge though, the problems with the Mac App Store run deeper than its design. The Mac App Store has suffered since its inception from editorial neglect, a lack of feature parity with its iOS counterpart, the lack of access to TestFlight beta testing, and restrictive sandboxing that has made selling outside the store more attractive to many developers.

With the update to the Mac App Store in the fall, Apple is addressing some of those issues including sandboxing restrictions.

I’ve not seen any details about the sandboxing changes.

Chance Miller:

Apple today has updated its App Store Review Guidelines with a handful of changes. The new guidelines include revisions related to data security, cryptocurrency mining, free app trials, advertising, and more.

alex hern:

By updating the App Store guidelines to explicitly allow “Multiplatform services”, Apple appears to have explicitly disallowed the Kindle/Comixology compromise. Will be interesting to see if they push that.

Juli Clover:

A new guideline, 4.2.7, says that all Remote Application Mirroring apps, such as Steam Link, must comply with a specific set of rules. Such apps are not allowed to offer a user interface that resembles an App Store view or a store-like interface, nor can they include the ability to purchase software not already owned by the user. Apple is allowing transactions to be made by remote mirroring apps, as long as purchases are made on the host device rather than the iOS device.


A new rule, 2.3.12, states that all apps are required to “clearly describe” new features and product changes in their “What’s New” text. Apps can continue to use generic descriptions for bug fixes, security updates, and performance improvements, but anything more significant must be listed in the notes.

Mitchel Broussard:

Like on iPhone and iPad, the Mac App Store will have articles written by Apple editors to showcase useful apps and games currently popular on the App Store. This will be found in the Discover tab and include stories, interviews, tips, app collections, and more.


The company also mentioned that later this year, apps like Office from Microsoft, Lightroom CC from Adobe, BBEdit from Bare Bones, Transmit from Panic, Live Studio from Snap Inc. and Houseparty, among others, will be made available on the Mac App Store.

Cabel Sasser:

🚨 App Store Free Trials. So important, it should’ve been in the keynote. (I haven’t 100% confirmed this, but it apparently applies to the Mac App Store too.)


🧞‍♂️ So! Transmit 5 in the Mac App Store, coming later this year. Why?

• Coming improvements to sandboxing finally let us offer all Transmit 5 features in the App Store version.

• The new, redesigned Mac App Store is a store we’d like to be in.

But there’s a little twist!

🧞‍♂️ Our idea: Transmit 5 on the Mac App Store will be a subscription, while Transmit 5 direct from us will remain a one-time purchase. The choice is yours! Think Transmit 5 is too expensive or need it briefly? Subscribe. Hate subscriptions and prefer to own apps? Buy from us.

🧞‍♂️ (This approach also allows us to provide free trials on the Mac App Store, at last.) Hopefully we meet (almost) everyone’s needs, get experience with subscription models, and pull a classic Panic “gotta keep things interesting!”.


We’d like for Coda to return to the app store eventually. Right now, Coda cannot be properly sandboxed and still maintain the user experience we’re aiming for. We’re hoping that a few specific sandboxing improvements will land in the future, which would allow it. Stay tuned! –T

Ryan Jones:

Apple made the free trials for Paid apps “loophole” that Omni is most famous for using legal. Kinda handicapped instead of proper support.

Ken Case:

Yes, Apple has updated the App Store guidelines to explicitly allow the free trials approach they’ve approved for all our iOS apps over the last two years. (We worked very carefully to ensure this approach met Apple’s goals, and I’m glad they’ve now updated the guidelines!)

It’s not clear to me whether the guidelines now permit trials for all non-subscription apps, including ones that don’t degrade to a limited-but-still-useful viewer when the trial is over. Also, presumably this is still incompatible with Family Sharing.

Northern Virginia:

They’re really bending over backwards to do it in the most awkward way possible

Luc Vandal:

They seem to be a pain to implement and I’m not looking forward to the 1-star reviews left by users that didn’t end up purchasing. It’s Apple saying “FINE! You can people can have your free trials but we won’t make it easy for you.”

Rich Hong:

App Store Review Guidelines diff: WWDC 2018 Edition.


Update (2018-06-06): Rosyna Keller:

Some [sandbox changes], yes. And there are new entitlements you can use if you need certain changes.

Update (2018-06-07): Daniel Jalkut (tweet):

I think it’s particularly important, in the face of all the celebration this week about Apple’s perceived changes to the App Store, to understand the many ways in which this solution falls short of what many developers still hope for: bona fide support for real free trials in the App Store.


Paid apps are listed as free, even though payment is required to unlock core functionality.


Bulk purchase programs are unavailable.


Family sharing is unavailable.


Not applicable to all app types. Although Apple doesn’t explicitly state it in their revised App Review Guidelines, I strongly suspect that a continuing requirement for ersatz free trials is that the app must continue to function in some way as a perpetually free, unlocked app.


Apps are ranked and featured in the wrong charts.


Transaction mechanics are pushed onto developers.


Apps cannot be made to “just work” out of the box.

Read the whole thing.

Ken Case:

I’d love for the App Store to let free downloads categorize themselves as paid!

Luc Vandal:

As @danielpunkass pointed out, those App Store “free trials” are just a workaround that’ll confuse users and be a pain to implement and maintain for developers. Time that could be spent on improving our apps instead.

A better solution would’ve been to implement trials at the App Store level but I understand that Apple doesn’t want to spend time on this considering their stance on the issue and their push toward subscriptions.

Paul Haddad:

I really don’t care about free trials. Proper paid upgrades are far more important, I’d love to know why Apple refuses to implement them.

Michael Love:

Just realized an equally amazing consequence of this change: we can sell IAP to volume purchasers now!! I can sell a school 1000 copies of Pleco at a big discount and it’s totally OK with Apple that I did so.

Apple might be unwilling to put in the engineering time to actually support IAP with their own volume purchase program, but (as with IAP “free trials”) at least now they’re no longer standing in the way of my doing so independent of them.

Chris Liscio:

Not a single thing that I was hoping to hear about. Still no word on TestFlight for macOS, and nothing about the new Mac App Store providing analytics on page visits, etc.

30% cut: Develop your own beta program, no insight into where store traffic comes from, and DIY trials.

Update (2018-06-08): Ken Case:

I wonder how many people realize that the free downloads approach we’re now using doesn’t just solve the problem of free trials, but also the problem of upgrade discounts?

Until VPP supports in-app purchases, though, it means many business sales have to be outside the App Store.

Note that in order to keep the app available for anyone who doesn’t upgrade, each major version has to be a new SKU in the Mac App Store.

Update (2018-06-13): Drew McCormack (tweet):

I don’t want to get into a point-by-point debate on the topic; instead, I want to do something that I haven’t seen anyone do: try to understand why Apple don’t want the sort of free trials that are being demanded.

I do not agree that every developer rolling their own IAP-based solution is going to be clearer to the customer than Apple implementing trials in a uniform way.

Update (2018-06-15): Ken Case:

WWDC didn’t bring any news regarding the Volume Purchase Program and in-app purchases, so we’re planning to work out an alternative solution.

For those out there looking to make a VPP purchase, would you prefer separate B2B apps, or MDM-deployed unlock logins for existing apps?

Update (2018-06-20): John Gruber:

I think “free app with a free in-app purchase to unlock a one-month demo period, which, when expired, will require a $20 in-app purchase” is fundamentally more confusing than “this app costs $20 but you can try it for free for the first month”. You just need good design to make that clear. The former is what we have now, the latter is what the indie community has been clamoring for ever since the App Store debuted. And don’t forget paid upgrades.

Aristotle Pagaltzis:

The problems with App Store free trials [are] are actually just problems of a single-button UI. With 2 buttons, one to start a trial and one to pay for the app right away, most of them evaporate. (As you said: design.)

See also: App Store Review Guidelines History.

Update (2018-06-21): Damien Petrilli:

May be a good sign from Apple to convince everybody that IAP and subscription are the future would be to provide tools to make them easily.

Juli Clover:

At the same time, Apple also quietly expanded its data sharing rules, as Bloomberg points out, introducing strict new guidelines that prevent app developers from collecting user data to build advertising profiles or contact databases.

Update (2018-06-29): Brian Roemmele (via Dave Mark):

In 1983, Steve Jobs gave a speech to the International Design Conference in Aspen. The theme of that year’s conference was “The Future Isn’t What It Used To Be”.

Steve presented a concept of an online software store. Where one could purchase software, have it sent over a phone line and pay for it with a credit card. In 1983, few thought of this idea. This concept became the Apple app store decades later in 2007.

Update (2018-07-27): Here’s a clean URL for jumping to your App Store subscriptions list (via David Barnard).

Apple Announces Marzipan for 2019

Mark Gurman (tweet):

During its annual developer conference, the Cupertino, California-based company said the two app platforms will merge next year, allowing apps built for its iOS mobile operating system to also run on Mac computers. Bloomberg reported the planned change in December, but Apple hasn’t talked about it publicly until Monday, when it gave a preview.

Lauren Goode (tweet):

The point of this is not to create a single unified OS, Federighi said. But the fact that Apple spoke openly about an initiative that could arrive as late as a year from now is a clear nod to how the tech giant perceives the future of apps.

At WWDC on Monday, Apple said some of its homegrown iOS apps, including Home, Stocks, News, and Voice Memos, would be available later this year on macOS Mojave, the next version of macOS. On the surface, it seems obvious that Apple might make some of its own apps available across different platforms. But behind the scenes, Apple has been building tools third-party developers can eventually use to port their own apps from iOS to MacOS with what Federighi insists will be minimal effort. Apple began this initiative around two years ago, and its own internal software engineers have been beta testing the tools. These four iOS apps for Mac are the products of that testing.

John Gruber:

Still very light on technical details. I get why they announced this a year early — because they wanted to start shipping their own apps built on this — but it’s so unusual for Apple.

Bob Burrough:

Craig says the goal is not to merge iOS and macOS, but that is inevitably where this will end up.

Steve Troughton-Smith:

“We’re not merging macOS and iOS!” …but btw almost all the new Mac apps we showed today came from iOS and use UIKit

Steve Troughton-Smith:

The ARM transition seems so obvious at this point, it’s not even news. But UIKit on macOS was definitely not how I expected them to do it

Steve Troughton-Smith:

Marzipan is wild. It’s running the UIKit apps with XPC & remote rendering. Not quite Mac OS, but it totally feels like an alien OS hiding in the background

Steve Troughton-Smith:

Oh man

Steve Troughton-Smith:

So, Mac developers, how are you feeling about UIKit on macOS now you’ve had time to digest the news?

Steve Troughton-Smith:

Right now, it seems all-or-nothing; I would have expected apps with both AppKit & UIKit code, interleaved views, etc — but no way if they have separate window servers like now. That may change over timeSteve Troughton-Smith added,

Steve Troughton-Smith:

This is a fun UI on macOS

Colin Cornaby:

The current approach isn’t really evolvable into hybrid AppKit/UIKit apps at all so I’m not sure where this goes. The way the stack is oriented it’s not even remotely positioned to replace AppKit in the stack. Good for us AppKit lovers I suppose but generally confusing.

Colin Cornaby:

Ok one more Marzipan hot take.

It bothers me that if Marzipan is the “so you can’t afford to make a real Mac app” stopgap that Apple would ship key built in apps with it.

I know it’s dogfooding but it’s also Apple putting out second class Mac apps by their own definition.

Uli Kusterer:

From how I interpreted @stroughtonsmith’s spelunking so far, it is somewhere between a VM and NSOpenPanel. Out-of-process but transparent to the client app.

I think they’re taking the opportunity to move more of their code into a micro-kernel-like silo.

Colin Cornaby:

UIKit is not young. It’s about as old as Toolbox was when discussions started about it’s future, and it also is on a platform that’s outgrowing it.

Sticking it in a virtual environment is the perfect way to not commit to it while deciding your next move.


Update (2018-06-06): Jason Snell:

It feels like Federighi’s cutting it awfully close on the “unique ergonomics” front, though. Apple itself sells a keyboard for the iPad Pro, and even allows users to move their fingers like they’re using a trackpad when editing text. The iPhone and iMac Pro are about as far as two devices can get from one another, but the MacBook and the iPad Pro are not.

In his interview with Wired, Federighi also pooh-poohed the idea that Apple might make a MacBook with a touchscreen. And yet one of Apple’s greatest arguments against touch on macOS—that Mac software was designed with keyboard and pointing device in mind—is going to very rapidly become obsolete as iOS-sourced apps appear on the Mac in 2019 and 2020.

Rob Griffiths:

I think it’s time for a new word…

Marzipandemic: The spread of single-window odd-UI originally-on-iOS apps to the Mac.

Update (2018-06-07): Colin Cornaby:

I still really wish they’d actually made a UIFoundation that was shared between Mac and iOS and had common elements. It would solve all this...

But Apple, even publicly, is pitching this as a repackaging process of existing iOS apps, not developing Mac first apps with UIKit.

Adam Swinden:

Although I want to believe Marzipan will kill Electron, I doubt it will. Electron isn’t used by iOS developers who don’t know how to make a Mac app. It’s used by web developers who don’t know how to make a Mac app.

Update (2018-06-08): Steve Troughton-Smith:

Developer/user question: what features or UI elements does a Mac app need to have to be considered a good platform citizen? i.e. in your opinion what specific things does UIKit/Marzipan need to grow to actually be viable for Mac apps?

Update (2018-06-11): Jean-Louis Gassée:

In the end, Apple’s UIKit port to macOS raises questions we can’t answer. iOS apps such as News, Stocks, and Home ported to macOS are nice, but, again, I don’t see a stampede of iOS apps crossing the bridge to macOS, not enough to move the Mac volume needle. This leaves us with two possibilities. Either the UIKit move is a titillating but unimportant sideshow, or it’s part of a larger hardware plan for the Mac.

See also: Pierre Lebeaupin.

Update (2018-06-11): Mike Rundle:

Apple getting rid of subpixel antialiasing in Mojave while also applying a non-integer scale to Marzipan UI elements is some kind of sick joke.

Update (2018-06-13): Lauren Goode:

In other words, Frankensoftware might seem like the wretched experiment of a bunch of FOMO-driven executives when you’re struggling to swipe, tap, or shout your way through an interaction with a new product. But from now on, most every connected thing you buy is going to have a little bit of something else in it. And once the companies making those things figure out a way to make these interactions effortless, it won’t seem like such a bad thing.

Update (2018-06-14): Guilherme Rambo:

Any questions about iOS apps on the Mac? Ask me.

Update (2018-06-18): Chris Adamson:

That’s something that makes me skeptical about the Marzipan dream. Developers who give a crap are already able to make this kind of thing work, and developers who don’t give a crap aren’t going to do it no matter how easy you make it.

Mark Hughes:

Marzipan (candy frosting) is a legacy porting technology: Existing iOS apps can cost more to port to AppKit than they’re worth, but may be worth something as a cheap Marzipan port. Nobody ports their iOS apps to tvOS or watchOS because it’s not profitable, and everyone (in the first world with money) has an iPhone already.

Update (2018-07-05): See also: Rob Fahrni.

Update (2018-07-11): See also: Accidental Tech Podcast.

Update (2018-09-03): Melbourne CocoaHeads:

New video from July 2018 - @argentumko presenting Mac OS Mojave Marzipan’s Internals.

Dave Nanian:

I know it’s not done, that it’s a really hard problem, and that it’s “handy” to have Home etc in Mojave, but it’s all just so wrong.

Remember how we all laughed and laughed at Microsoft because Windows 8 had “tablet” apps & “native”/old apps?

How is this better/different?

John Gruber:

These apps are not good. It’s that simple.

Update (2018-09-04): Andy Ihnatko:

It kind of pisses me off. Because these system apps are also supposed to show developers and users how good these kinds of apps can be. If Apple’s own engineers can’t hit this pitch, it’s a missed opportunity at best and a bad sign at worst.

Steve Troughton-Smith:

…but they are ‘good enough’, and better than the Mac missing out completely on a viable app-led future. Such is the story of Marzipan

Joseph Slinker:

They’re good enough to launch with, but they’re clearly not the final destination. Initially they’re going to be like every other platform Apple has done. The “defaults” will get developers 90% of the way, and the last 10% is what will make certain apps shine.

Bob Burrough:

“Insanely good enough!”

Kyle Howells:

I agree with the first half. I want UIKit to take over as the UI framework on Mac.

However, I don’t want iOS UI elements on the Mac!

I SERIOUSLY hope the current UIKit on Mac does not become the ‘new normal’. That’d be the start of the death of the Mac.

Steve Troughton-Smith:

The ‘start of the death of the Mac’ was ten years ago. This is the start of a new chapter of life for the Mac

Bob Burrough:

My position here is that Apple just needs to do an outstanding job. Devs are gonna do what devs are gonna do, but if Apple makes it easy to make crap, we’ll get lots of crap.

James O’Leary:

Apple, and the community, needs a definitive takedown on how we waited a decade for Mac-like apps on our iPads, and ended up with ugly iPad apps on undependable, neglected Macs.

Matt Birchler:

The current Mojave apps feel like I’m using the iOS Simulator. If all Mac apps were like this today I’d be a Windows person 100%.

Colin Cornaby:

The other thing that always seems to get missed is that the apps that Marzipan can bring to the Mac and the apps that are missing from the Mac are two different sets of apps.

Will Marzipan bring Windows only software to the Mac? No? Then what apps are we talking about?

“But Colin you’ll be able to run Yelp”

Yeah seems to be running just fine already.

Update (2018-09-06): Peter Steinberger:

Here’s the slides for my Hacking Marzipan talk + lots of links to learn more[…]

Monday, June 4, 2018

WWDC 2018 Links



Customer Stuff:

What’s New:

Release Notes:

Key Sessions:


This post will be updated in place as I find new links. If you see anything good that I missed, please e-mail me.

Previously: WWDC 2017 Links.

Microsoft Acquires GitHub

Microsoft (Hacker News):

Microsoft Corp. on Monday announced it has reached an agreement to acquire GitHub, the world’s leading software development platform where more than 28 million developers learn, share and collaborate to create the future.


“Microsoft is a developer-first company, and by joining forces with GitHub we strengthen our commitment to developer freedom, openness and innovation,” said Satya Nadella, CEO, Microsoft. “We recognize the community responsibility we take on with this agreement and will do our best work to empower every developer to build, innovate and solve the world’s most pressing challenges.”

Under the terms of the agreement, Microsoft will acquire GitHub for $7.5 billion in Microsoft stock.

GitHub (tweet):

But more than that, their vision for the future closely matches our own. We both believe GitHub needs to remain an open platform for all developers. No matter your language, stack, platform, cloud, or license, GitHub will continue to be your home—the best place for software creation, collaboration, and discovery.


As part of this change, Nat Friedman will be taking on the role of GitHub’s CEO. We have been searching for a new CEO for some time and found in both Microsoft and Nat a partner we believe will strengthen and grow the GitHub community and company over the next few years. Nat has a ton of experience with software and the open source software community, having co-founded Xamarin and worked on numerous open source projects over the years, and is the perfect person to help GitHub grow and continue to make life better for developers.

I think this makes a lot of sense for Microsoft. I would have preferred that GitHub remain independent, but it sounds like that wasn’t an option. Given that, it’s hard to argue that there’s another company with $7.5B that would have been better.

Jason Fried (in 2014):

Prediction: If Github ends up selling itself one day, Microsoft will be the buyer.

Eric Blair:

Trying to figure out how I’d explain it to 20 yr old Eric that he’d think MS acquiring a key piece of his common development infrastructure would be a Good Thing…

Dave Winer:

I know this is the new compassionate loving Microsoft, but it’s still the tech industry, and Microsoft invented Embrace and Extend. It’s hard to imagine that not being in the playbook for the hub of git. 💥

One consequence of this deal, if it’s for real, is that Microsoft’s competitors will probably stop using GitHub and may launch competitors, esp if GitHub integrates with Microsoft’s cloud services.


I think it’s time I publicly shared about how Microsoft stole my code and then spit on it.

I’d been waiting for them to do something about it, but that is clearly never happening.

Microsoft has a long history of stealing stuff.

Russell Ivanovic:

I for one welcome our new Microsoft Overlords.

I think they will be great stewards of GitHub. I trust no giant company more when it comes to developer tools.

Russell Ivanovic:

GitHub For Enterprise is self hosted. So there’s no requests to comply with. Also everyone already trusted GitHub and they were massively VC backed which to me, is actually worse.

Russell Ivanovic:

The majority of their money comes from companies who host their own Githubs on their own servers.

But to your question: Would I trust the biggest open source contributor in the world to run a source code platform. Yes

Florent Pillet:

With Microsoft acquiring GitHub, we’re now in a situation where Apple’s open-source effort is ... hosted by Microsoft. Fun times!

David Heinemeier Hansson:

GitHub’s time bomb has exploded right on time with the sale to Microsoft. Venture capitalists need their pound of flesh in one big lump. There’s no path for simply taking profits in that world. It’s all or nothing. Sad end to the independence of GitHub 😢

Eric Sink:

A long-term independent GitHub became unlikely in July 2012 when they got a 100M investment. And three years later, after they got another 250M, their only possible destiny was acquisition.

When you raise $350M in VC money and want to stay independent, you can’t just be profitable. You have to be insanely profitable.

Kelly Sommers:

Our industry is really wack. We trust some rando startup with all our source code that could disappear any time and a company known to have a track record of supporting things for decades buys them out and now you all worry?

Who else would you have liked to buy them?

David Heinemeier Hansson:

One thing to consider re: the $7.5B for GitHub. Microsoft is trading at 82 P/E!! They have all this equity value burning a role in their pocket. Google is at 63, Facebook at 30, Apple at 18.

Myke Hurley:

It’s interesting to me that Microsoft announces huge acquisitions on the morning of WWDC

2018 - Github

2016 - LinkedIn

Thomas Brand:

Microsoft will make a better steward of GitHub than any other company I can think of.

Danny Greg:

Anyone who has spent any time working at GitHub will tell you this acquisition is fantastic news.

MS above all other potential suitors understands the community, modern open source and building fantastic developer tools.

Josh Centers:

The GitHub deal is probably a net good, but Microsoft is still fundamentally the same company it was 20 years ago. The beast is just hibernating.

Erik Sink:

Some people will never stop looking at Microsoft through their 1998 lens. But the truth is, here in 2018, nobody is doing open source better than Microsoft.

Keith Smiley (Hacker News):

Well now we know how the GitHub news is affecting gitlab.

Dan Luu:

If you’re curious about the actual rate, it’s been about 1 repo per second since the first story hit HN, mid-day Sunday in the US.


This is validation of the growing influence of software developers in the world, and the importance of modern DevOps. The software community owes a lot to GitHub, and that includes the GitLab community. GitLab was first developed on GitHub and found its first contributors through it.


While we admire what’s been done, our strategy differs in two key areas. First, instead of integrating multiple tools together, we believe a single application, built from the ground up to support the entire DevOps lifecycle is a better experience leading to a faster cycle time. Second, it’s important to us that the core of our product always remain open source itself as well. Being “open core” means everyone can build the tools together. Having it all in a single application means everyone can use the same tool to collaborate together. We see the next evolution of software development as a world where everyone can contribute.

Nick Lockwood:

There is no possible way that MS can attempt to profit from Github that won’t be a disaster.

I’m hoping that the plan is to simply run it at a loss because it’s a valuable developer tool and MS devs use it.

On that basis, I’m cautiously optimistic about the acquisition.

See also: Rocket.

Previously: GVFS (Git Virtual File System), The Largest Git Repo on the Planet.

Update (2018-06-04): Dave Winer:

GitHub was that rare thing, a consensus platform. Everyone used it. If you used some other git server, you’d have to explain why. Now that consensus will very likely break up.

Chris Siebenmann:

It’s not that you can’t extract yourself from Github or maintain a presence apart from it; it’s that Github has made its embrace inviting and easy to take advantage of. It’s very easy to slide into Github tacitly being your open source presence, where people go to find you and your stuff. If I wanted to change this (which I currently don’t), I’m honestly not sure how I’d make it clear on my Github presence that people should now look elsewhere.

Mark Hughes:

Remember how we all had our own Subversion and Mercurial servers (and Bitbucket if you wanted C-DVCS)? Good times are back. A lot of people are going to learn very hard lessons about backups, redundancy, and system administration.

Update (2018-06-05): Ben Thompson (Hacker News):

Again, though, GitHub revenue is not the point; Microsoft has plenty of revenue. What it also has is a potentially fatal weakness: no platform with user-based leverage. Instead Microsoft is betting that a future of open-source, cloud-based applications that exist independent of platforms will be a large-and-increasing share of the future, and that there is room in that future for a company to win by offering a superior user experience for developers directly, not simply exerting leverage on them.

This, by the way, is precisely why Microsoft is the best possible acquirer for GitHub, a company that, having raised $350 million in venture capital, was not going to make it as an independent entity.

Update (2018-06-06): Alex Sherman and Jordan Novet (via Hacker News):

Representatives from Alphabet’s Google were also talking to the company about an acquisition in recent weeks, according to people familiar with the deal talks.

The talks for GitHub went on for several weeks, according to several other people familiar with the process, but at the end the auction was not close, suggesting Microsoft’s bid was high enough to keep Google at bay. GitHub has, in the past, also attracted takeover interest from companies such as Amazon, according to people familiar with the matter.

Update (2018-06-07): Paul Ford (via Hacker News):

GitHub represents a big Undo button for Microsoft, too. For many years, Microsoft officially hated open source software. The company was Steve Ballmer turning bright colors, sweating through his shirt, and screaming like a Visigoth. But after many years of ritual humiliation in the realms of search, mapping, and especially mobile, Microsoft apparently accepted that the 1990s were over. In came Chief Executive Officer Satya Nadella, who not only likes poetry and has a kind of Obama-esque air of imperturbable capability, but who also has the luxury of reclining Smaug-like atop the MSFT cash hoard and buying such things as LinkedIn Corp. Microsoft knows it’s burned a lot of villages with its hot, hot breath, which leads to veiled apologies in press releases. “I’m not asking for your trust,” wrote Nat Friedman, the new CEO of GitHub who’s an open source leader and Microsoft developer, on a GitHub-hosted web page when the deal was announced, “but I’m committed to earning it.”

Reddit (via Hacker News):

I’m Nat Friedman, future CEO of GitHub. AMA.

Update (2018-06-08): See also: Exponent.

Update (2018-06-12): The Linux Foundation (Hacker News):

So what does this mean for open source? I expect generally good things. Microsoft has the means and the expertise to make GitHub better. They brought in Nat Friedman as GitHub’s CEO, someone I have known for years and has been well-respected in the open source community for a couple decades.

Update (2018-06-18): Helge Heß:

Given the recent events you may look down and acknowledge that you have been wrong when hosting unencrypted data on the Clown. It looked so convenient and they wouldn’t dare to touch your data and loose all credibility. The rest is history. Let’s take the shame but move on: git-remote-gcrypt.

Sunday, June 3, 2018

OmniFocus 3 for iOS

Brent Simmons:

OmniFocus for iOS is now celebrating ten years on the App Store — it’s been there since day one, and we’ve been so proud to see it earn its status as the trusted to-do list app.

This major update is the result of two years of design and engineering work — much of it under the hood — to bring new features, better workflows and user experience, and even more reliability and safety.

At the same time, the app should still feel familiar to everyone who used OmniFocus 2.

Indeed, it feels like a nice refinement. I like the new undo button. The release notes are far from exhausitve.

Ken Case:

Implementing free trials, upgrade discounts, and free upgrades for recent purchases for all our iOS apps was a whole lot of work—but on days like today (OmniFocus 3 release day) it’s nice to see that effort pay dividends in customer satisfaction.

Omni Group:

OmniFocus 3 for iOS is a free download in the App Store, with the Standard and Pro feature sets available via In-App Purchase. We also offer a 14-day free trial, after which OmniFocus will function as a free viewer.

The purchase options available to you are based upon your purchase history. If you owned a previous version of OmniFocus for iPad or iPhone, you can purchase Pro or Standard in v3 at a discount. If you start with Standard and decide you want Pro later, you can upgrade for the difference in cost.

Eric Bowers:

OmniFocus 1 and OmniFocus 2 were both very much geared toward the GTD method and contained some built-in Context lists like “Errands” as a default, and included a Project perspective to ensure that you captured items that were more complex to complete. It was and still is the gold standard for GTD in the Mac and iOS user-space.

However, some folks didn’t want to practice a “purely GTD” system, and that’s where the advent of OmniFocus 3 begins to add a lot of possibility to a once workflow-specific system.


A reason that each task now has a cleaned-up interface in OmniFocus 3 is due to what is called “Progressive Disclosure.” Progressive Disclosure is best exemplified by the “Repeat” setting.

Ryan Christoffel:

Notifications are now much more powerful in OmniFocus 3, because each task can now be assigned as many notifications as you’d like.

When a task is assigned a due date, by default it will receive a matching notification, just like in OmniFocus 2. Now, however, you can also add custom notifications to a task whether it has a due date or not. If you want a system that nags you until a particular task is done, you can create multiple reminders, spaced five or ten minutes apart, that won’t stop bugging you until you’ve marked the task complete.


Batch editing is the best small feature of OmniFocus 3.

Marc A. Kastner:

The Omni Group refreshed the look of OmniFocus for iOS. I would not go as far as calling it a revamp in design language - but various color changes, bolder font styles, and stronger contrasts make the app more visually pleasing.


The iPad now features a three pane layout, which is much easier to use than the previous sliding layout behavior in OF2.

David Sparks:

I’ve been experimenting with tags based on energy level, so when I’m in the afternoon doldrums, I can have OmniFocus show me just a list of “brain dead” tasks I can check off without needing to concentrate. I’m also experimenting with certain classifications of work. For example, I’ve created a tag that relates to a very specific online corporate filing I do for some of my legal clients. It’s a massive pain in the neck to get logged in, and that process started so now, with a tag, I can easily get a list of all those filings (regardless of project) once I do log in to the creaky government flash-based website and batch the filings all at once.


I’ve been adding more locations tags with places I go often like the grocery store, the post office, Target, and the hardware store so whenever I go in, I get a notification and can take a look at my list. Because this is tag based, it can pull items tagged to my location out of any of my projects.

A lot of folks like to set their tasks in an A-B-C priority order. You can do that. You can do whatever floats your boat. Make tags for tasks you just want to perform in the morning. Make tags for tasks you’ll only perform while drinking tea.

Jason McIntosh:

In recognition of how much this software-assisted cycle has helped me over the years, and in the hope that it may help someone else as well, this article describes several strategies I use when working with this glorified to-do list program. I focus here more on overall approaches than on software-specific tips-n-tricks.


I have a context called “Waiting”, whose status I marked as On Hold, and which has no particular location or other information associated with it. When the next step in a project literally involves me waiting for something to happen — an email response, a package arrival, and so on — then I represent it with a task — “Wait for Jim-Bob’s reply”, say — and assign that task the Waiting context.

Previously: Omni’s IAP Trials and Upgrade Discounts, Omni’s 2017 Plans, OmniFocus 2018 Roadmap.

Update (2018-06-03): John Gordon notes that, because of the In-App Purchases, OmniFocus no longer works with Family Sharing.

1Password 7 for Mac

Dave Teare:

While in your browser, mini will automatically suggest the items you’re most likely to need.

And mini doesn’t limit itself to just browsers. With our new app integration we’ll automatically suggest logins for the current app you’re using. Along with support for drag and drop, this is a real game changer.


You can now give your notes richly formatted text using Markdown!


It all began by combining 1Password and 1Password mini into a single process. This made items faster to load, reduced memory usage, and decreased launch times.

Jeff Shiner (Hacker News):

To be quite honest, one of the main reasons we haven’t had a paid upgrade on the Mac side for all these years is that we were dreading the pain this would cause us and our customers. However the time has come to bite the bullet and have a paid upgrade.

To avoid this pain in the future, this will be the last time we will be submitting a new app to the App Store. To make that possible, 1Password 7 will only be available as a subscription in the Mac App Store.


If we were to sell standalone licenses in the Mac App Store we would have these same problems all over again when 1Password 8 is released. Ultimately this is why we decided not to sell licenses through the Mac App Store.

Joe Rossignol:

For those who wish to purchase a license for 1Password 7 for Mac, instead of a subscription, the app must be downloaded directly from the AgileBits website. Licenses are $49.99 for a limited time, and $64.99 after that, and are per-person, per-platform.

I haven’t figured out how to actually pay for the direct version.

Kate Sebald:

1Password 7 from the Mac App Store will only support our hosted service, as that’s what you’re purchasing with a 1Password membership. If you install from our website, you’ll have to option to use a standalone vault synced via iCloud if you purchase a standalone license, or use our hosted service if you purchase a 1Password membership.

I see why they did this, but it does regress the product for me, because now the non-subscription version can’t automatically check for updates if I’m blocking the app’s network connections with Little Snitch. Previously, the App Store could do that on the app’s behalf.

See also: Gabe Weatherhead, David Sparks, Bradley Chambers.

Update (2018-06-05): Jeroen van der Ham:

It took me a long while to figure out how to pay for the direct version of @1Password because it’s not listed anywhere on the website.

What you do is download the app, and then you can select to buy the standalone version in the purchase screen.

Apple vs. My Daughter’s iPad

Erica Sadun (tweet):

The other day, Apple locked her out of her iCloud account and her iPad. We don’t know why. The Apple support people don’t know why. I think it may have to do with when I modernized my AppleID to use an email address, which is what the iTunes account on the iPad is registered to.

My daughter knows her account name. She knows her password. She did not forget either one. She did not lose her device. She did not do anything to trigger the Apple ID issue. The only thing we know is that it happened at roughly the same time the ApplePay person told me to update my AppleID.


Despite the fact that she owns the iPad, has the physical iPad, knows her id, and knows her password, there is no way for her to ever use the iPad again because we do not have a receipt for the iPad, nor does the kind gentleman who gave her the iPad. The Apple Store does not provide access to records from that far back, roughly 7 years ago.

Erica Sadun:

Our device was not stolen. My daughter did not enter bad passcodes or wrong passwords. There was no reason that the lockdown should have happened and no way for Apple Support to explain why it did happen. If it could happen to us, it can happen to anyone and potentially at any time.

That my daughter had forgotten her security recovery information, too, led to a much broader issue. She was young, foolish, and feels sorry for her choices. At the very least, she should have changed her email when the provider shut down its services. But having an outdated email and no memory of security questions isn’t limited to her specific situation.

Previously: iPad Erased By Too Many Failed Passcode Entries, If iPads Were Meant for Kids.

The Story Behind the Echo Eavesdropping Story

Jason Snell (Hacker News):

The story of an Amazon Echo sending a private conversation to a woman’s contacts has been making the rounds since it showed up in a local news story earlier this week.

Amazon’s statement on the matter says that this was a case of a false positive phrase triggering an Echo feature that lets you send voice messages to your contacts. (iOS has a similar feature built in to Messages, albeit not voice activated.) Usually, this requires a few steps worth of confirmation, which again, could be falsely triggered by overhearing a conversation. It’s extremely unlikely, but given the number of requests and number of devices out there, even a one-in-a-million incident is going to happen, you know, one in a million times.

What I suspect happened, as some other sites have speculated, is that the confirmation query was issued on a device that wasn’t in the room the people were in. (Or the volume was down on the responding device.)

John Gruber:

I do have a few Echo devices, but I never granted them access to my contacts and never enabled “Calling and Messaging”. If you did, and now wish to disable it, you need to call Amazon on the phone. Not joking.

Apple’s Emoji Search is Bad

Jeremy Burge:

At this stage you might think it’s simply a matter of learning the correct name for each emoji, so you know how to start a search.

That is sadly not the case.


Sorting is a challenge, so I don’t want to harp on here. But it does seem like an exact match of the Unicode name, CLDR name and Apple name should probably bring up that emoji in the top 10 at least.


iOS emoji search is one of the top feature requests I see whenever Apple releases new emojis.

Stephen Hackett:

The thing is, this shouldn’t be a hard problem. Every emoji has an official name granted by Unicode, as well an official localized name that can be more user-friendly. Apple’s search should take those two labels, plus its own custom names, into account when searching. Right now, the entire system seems bad in random ways, and inconsistent across emoji characters.

Jeremy Burge:

You’re not dreaming. There used to be a gavel emoji on iOS. It didn’t get removed, it simply changed appearance. Yesterday’s gavel is today’s 🔨 Hammer.


At the time of writing, Emojipedia contains every single emoji update from Apple, Google, Microsoft, Samsung, WhatsApp, Facebook, Twitter, LG, and HTC for the years 2008 to 2018.

Facebook’s GDPR-Related Dark Patterns

Francis Irving:

Facebook actually put fake red dots to try and make you think you have messages even if you don’t, so you agree to their tracking more hastily. Read full complaint against Facebook - with tricks like that, sorry Facebook, you deserve to be hit hard.

Via Nick Heer:

This is pretty sleezy, but also basically what you’d expect from a company that misleads users into accepting facial recognition, guilt trips users who try to deactivate their account, and places several other barriers to deactivation.

Previously: Cambridge Analytica Harvested 50 Million Facebook Profiles, Avoiding Apple Pay’s Pestering.

Saturday, June 2, 2018

Mac and iOS Automation History

Jordan McMahon:

As it turns out, Jobs was gauging the room to see who was passionate enough about their work to fight for it. Those were the people he wanted to keep. Soghoian passed the test.


As the CEO left the office, he saw Soghoian lingering and asked him what he wanted to talk about. Game face on, Soghoian told Jobs, “Automation, but for the rest of us.” They scurried into the conference room for a private demo. In the upper left hand corner of Automator’s window sat a grid of applications that worked with the program—you’d see things like Finder, Alarm, Mail, Pictures, Internet, and Music. Under each category was a list of all the functions Automator could make the apps complete. By selecting the functions one by one, you could string together as many commands as you wanted to build a little workflow. Anyone with a mouse could change the typefaces in a folder full of Word documents or build a playlist out of their 100 most-listened-to tracks in iTunes, all without typing a word of AppleScript.


Once their work was done, Pierce opened x-callback-url up to any developer eager to try it out. "Without that, it would’ve just been a clever integration between Instapaper and Terminology," Arment says. Instead, it became the de facto standard for getting apps—even big ones like Google Maps and Evernote—to share information with each other and process stuff in tandem.


In 2014, after Apple announced a ton of new tools for apps to work together in iOS 8, Barnard and Youens started brainstorming ways these tools could make their app better. Their plan was to find a way to run x-callback-urls in succession to create script-like actions. They had effectively dreamed up Automator for iOS, but their fear of being burned again by Apple’s often convoluted and murky app approval process held them back from following through.

Previously: Thank You, Sal, Omni’s 2017 Plans.

Update (2018-06-03): See also: Hacker News.

Update (2018-06-04): David Barnard:

To be clear, @youens and I would never have built @WorkflowHQ or been acquired by Apple. My regret is that we spent the summer on Contact Center and hardly touched @LaunchCenterPro. Staying focused, even on “safe” LCP features, would have been smarter.

macOS Special-Casing to Keep Apps Working

Zhuowei Zhang (Hacker News):

What do Photoshop, Matlab, Panic Transmit, and Eclipse have in common? They are among the 299 apps for which macOS applies compatibility fixes.

Here’s the full list of bundle IDs, along with the functions that checks for them, and the first caller to those functions.


Compatibility fixes are applied by checking the bool __CFAppVersionCheckLessThan(CFStringRef, CFSystemVersion) function, which returns true if the current app matches the specified bundle ID and is linked on or prior to the macOS version. Thus, older versions of the app would have the fix applied, while newer versions built with a newer SDK would not.

Dave Mark:

First things first, not sure “so buggy” is the right note here. Might be that, or might be more a combination of “so important” and taking advantage of a feature or bit of code that has been put out to pasture or has been replaced.

Chris Espinosa:

Apple has been special-casing apps in system software updates for 30+ years. This is an instructional tech article but not a dramatic revelation, and shouldn’t reflect poorly on the apps or their authors. Often they were working around our bugs.

Scott Knaster:

Yep. We were doing this at least as far back as the original 128K Mac.

Peter Steinberger:

Good example how Apple cares about backwards compatibility: A bug was fixed WebKit breaking the Box app (which fails to make any policy decision in its decidePolicyForMIMEType delegate) so the old behavior is now covered.

iMac Pro VESA Mounting Screws

Joe Rossignol (tweet):

Quinn Nelson, host of the popular YouTube channel Snazzy Labs, has shared a new video that appears to suggest the iMac Pro’s user-installable VESA mounting kit uses cheap screws that are prone to break when unfastened.


Unable to remove the adapter, Nelson said he contacted Apple by phone, explained the situation, and was told that Apple could not provide support because the adapter is manufactured by a licensed OEM, despite being sold by Apple with Apple-branded packaging and documentation.


Unfortunately, the Genius Bar was not very helpful, as apparently only the Head Genius at that store was trained to service the iMac Pro.


All in all, there are two separate issues here: the fragile screws and the un-pro-like customer service that was provided by Apple. And, unlike his fellow YouTube creator Linus Sebastian, Nelson did not disassemble the iMac Pro or perform any other action that would appear to violate Apple’s warranty.

Quinn Nelson:

Apple store offered to a) replace the outer shell in another repair or b) do a CRU (complete replacement unit). I obviously elected the latter.

In the end, I am getting taken care of, but a few have seen the video already. Don’t know what they would have done for an average Joe.

As stated, I’m not mad at my store. I’m mad at Cupertino for a) continuing to sell an absolute trash VESA mount, and, b) not training the Geniuses to work on iMac Pro. They’re clueless. “We don’t really do the VESA thing in store so just be careful if you decide to reinstall it.”

Previously: Apple Refuses to Repair iMac Pro.

iPhone 6 Bendgate and Touch Disease

Jason Koebler (tweet, ArsTechnica, Hacker News, MacRumors, 9to5Mac):

The company found that the iPhone 6 is 3.3 times more likely to bend than the iPhone 5s, and the iPhone 6 Plus is 7.2 times more likely to bend than the iPhone 5s, according to the documents. Koh wrote that “one of the major concerns Apple identified prior to launching the iPhones was that they were ‘likely to bend more easily when compared to previous generations.’”


Despite these findings, Apple publicly maintained that there were no engineering issues with the iPhone 6 and iPhone 6 Plus, but an internal review showed that engineering changes were necessary to prevent touch disease, according to court filings. In May 2016, a year-and-a-half after the iPhone 6 and 6 Plus were released, Apple quietly began reinforcing the part of the logic board associated with touch disease, Koh wrote.


Soon after the iPhone 6 and iPhone 6 Plus were released in September 2014, several customers said that their phones bent easily. Those cases went viral, which caused Apple to release a statement that said the phones were structurally sound: Apple “perform[s] rigorous tests throughout the entire development cycle including 3-point bending, pressure point cycling, sit, torsion, and user studies. iPhone 6 and 6 Plus meet or exceed all of our high quality standards to endure everyday, real life use.”

That news cycle died, and “Bendgate” went away for a while. But in early 2016, many iPhone 6 and 6 Plus devices began to exhibit symptoms of “touch disease.”

This is how today’s Apple handles hardware design defects, from bending phones to batteries, desktop and laptop keyboards, and 2013 Mac Pro thermal failures. You might expect, based on the company’s reputation and how it presents itself, that it would get out in front of these stories and recall the faulty products or offer free replacements. Instead, it pretends that the problems don’t exist, keeps selling the products (sometimes quietly revising them), and makes customers pay for the repairs.

See also: The Talk Show.

Previously: Just Avoid Sitting in That Way, iPhone 6 Plus “Touch Disease”, iPhone Bend Testing.

Friday, June 1, 2018

Differ: Swift Library to Generate Differences and Patches Between Collections

Tony Arnold:

Differ generates the differences between Collection instances (this includes Strings!).

It uses a fast algorithm (O((N+M)*D)) to do this.


Utilities for updating UITableView and UICollectionView in UIKit, and NSTableView and NSCollectionView in AppKit

10 Strikes and You’re Out

John Gruber:

I had no idea until I looked into it last weekend, but it turns out this feature is far more clever than I realized, and it’s highly unlikely that your kids or jackass drinking buddies could ever trigger it. After the 5th failed attempt, iOS requires a 1-minute timeout before you can try again. During this timeout the only thing you can do is place an emergency call to 911. After the 6th attempt, you get a 5-minute timeout. After the 7th, 15 minutes. These timeouts escalate such that it would take over 3 hours to enter 10 incorrect passcodes.

It seems pretty clear from the responses to my poll that I wasn’t alone in thinking that this feature was more dangerous than it really is. I’ve got it turned on now, and I can’t think of a good reason why anyone wouldn’t enable this.

I avoided the feature for the same reason he did.

See also: The Talk Show.

macOS 10.13.5

Howard Oakley (MacRumors):

The only new user feature identified by Apple is Messages in iCloud, which Apple states is a feature of High Sierra only; there is no comparable option in the Sierra version of the Messages app. The High Sierra update still seems very large: its App Store download is 2.12 GB in size.

There is no mention of whether 10.13.5 extends support for APFS to Fusion Drives.

The list of security fixes is quite long, and contains some important ones.

The combo updater is here.

Update (2018-06-02): Kirk McElhearn:

It’s surprising that Apple hasn’t rolled AirPlay 2 into macOS. You have long been able to stream to multiple speakers from the Mac, using iTunes, and that is new on iOS with AirPlay 2, but the inability for the Mac to be able to use AirPlay 2 and see a stereo pair of HomePods is surprising.

Nicholas Riley:

iCloud sync seems completely stuck on my desktop Mac across apps. Photos stop in December 2017; iMessage sync has been running for >12 hours without any visible progress. Ideas?

Update (2018-06-02): Since updating, I’ve had frequent problems with my Magic Mouse disconnecting. Once, Bluetooth even turned itself off, and I was not able to re-enable it until after restarting.

Halide: One Year Later

Ben Sandofsky (tweet):

For indie developers, a healthy way to look at profits is opportunity cost. If you took the hours spent on your own app and applied those toward freelancing, would you make more money?

We’re lucky to have no such dilema. Our launch immediately recouped the year of development costs. Our monthly revenue absolutely beats freelancing, and justifies ongoing development. Halide has a bright future ahead.


We launched at $2.99, and later bumped the price to $4.99. Last month, we increased the price to $5.99, which is in-line with other camera apps. Price changes have had no significant impact on profit.

I like the app, but (due to iOS limitations) there’s no way to access it from the lock screen or Control Center, and it doesn’t support HDR.