Archive for September 2018

Saturday, September 29, 2018

iPhone XS Users Complain About Skin-Smoothing Selfie Camera

Juli Clover (via Dominik Wagner):

Over the course of the last week, the front-facing camera in the iPhone XS and XS Max has been receiving a lot of attention because the selfies captured on the new devices are drastically different from those captured with the iPhone X or earlier iPhone models.

In a MacRumors forum thread and on Reddit, Apple has been accused of using a skin-smoothing feature or a “beauty filter” for prettier selfies from the front-facing camera.

This looks exactly like what HDR does to some pictures of faces. It’s why I have HDR enabled but set to keep both the HDR and non-HDR versions. Sometimes HDR really helps, and sometimes it produces unnatural, plasticky results like this. I frequently have to choose between the photo where the background looks detailed instead of blown out and the one where the face looks detailed and natural.

I was initially willing to give Apple the benefit of the doubt that Smart HDR was smart enough to prevent this from happening. Clearly, it is not, so there needs to be an option to turn off Smart HDR. There are reports that Apple is working on a software fix. I don’t want to see just a tweak to the Smart HDR algorithm. I want a way to disable it entirely.

The camera is one of the most important features of iPhone. If it’s not trustworthy, I will have to look into switching to Android. I don’t say this lightly, as I have little interest in Android, otherwise, and depend on some excellent iOS-only apps.

Previously: The iPhone XS and Its Camera.

Update (2018-09-29): I rarely use the front-facing camera, but I’m concerned because there are reports that the rear-facing camera is also affected (which would make sense if it’s a Smart HDR software issue.)

Update (2018-09-29): I do not have access to an iPhone XS to test this. I was writing based on reports like John Gruber’s:

The way I understand it, Smart HDR is basically applied to all images from the iPhone XS.

and Juli Clover’s:

Turning off HDR does not remove the smoothing effect, nor does tweaking any other camera setting, so if the ultra skin smoothing is a result of something like unintentional excessive noise reduction, it needs to be tweaked on Apple’s end through a software update.

However commenters below say that there is a switch in Settings to turn off Smart HDR. Christian Zibreg makes it sound like Smart HDR is on by default but can be disabled, though he also writes that it “is always on.”

So it’s not clear to me (a) whether one can fully turn off Smart HDR, or (b) whether the smoothing is in fact related to HDR.

Halide:

iPhone XS does not apply a skin smoothing or beautification filter. What people see is an artifact of how differently the XS camera takes photos. We’re working on a detailed article explaining it in depth which will be out soon.

Update (2018-10-02): John Gruber and Nilay Patel talk about how Apple and Google’s phones shoot more natural looking photos.

Matthew Panzarino:

I apparently totally missed that there was a conspiracy theory about iPhone XS smoothing skin tones. That’s not what’s happening.

I explained it a bit in my review and to other people that have asked, but Apple is using a new (for the last couple of generations) type of noise reduction. I MUCH prefer this to the last iteration which I felt was too ham fisted.

Sebastiaan de With (MacRumors):

The only way to circumvent the laws of physics is with something known as ‘computational photography’. With the powerful chips in modern iPhones, Apple can take a whole bunch of photos—some of them before you even pressed the shutter—and merge them into one perfect shot.

[…]

People feel the iPhone XS ‘smoothens’ things for two reasons:

  • Better and more aggressive noise reduction due to merged exposures, and
  • Merged exposures reducing sharpness by eliminating sharp light/dark contrasts where light hits parts of the skin

[…]

The iPhone XS merges exposures and reduces the brightness of the bright areas and reduces the darkness of the shadows. The detail remains, but we can perceive it as less sharp because it lost local contrast. In the photo above, the skin looks smoother simply because the light isn’t as harsh.

Still unexplained: why the skin color looks so unnatural (as with HDR, sometimes) and what exactly happens when you turn off Smart HDR.

Nick Heer:

The rear cameras have large enough sensors and lenses that they are able to compensate for the higher noise created by faster shutter speeds through more intense noise reduction while preserving detail. When it comes to the front-facing camera’s much smaller sensor, though, it appears that the noise reduction is tuned to be a little more aggressive than expected, and it sounds like Apple is tweaking it.

Update (2018-10-03): John Gruber:

One fascinating development: RAW images are way noisier than they are on an iPhone X. Halide has a pretty good solution they’re calling “Smart RAW”.

Update (2018-10-09): Mitchel Broussard:

In an effort to combat the BeautyGate claims, YouTuber Jonathan Morrison posted a series of selfies on Instagram and Twitter over the weekend. In captions, Morrison said these were captured on the Google Pixel 2’s Portrait Mode, and asked his fans their thoughts on how the images came out, particularly if they were better than the iPhone XS.

Commenters said that the images rivaled DSLR shots and that the Pixel 2 was still among the best smartphone cameras, based on the pictures. Some even commended Google for producing high-quality selfies without the need for having a so-called make-up effect, and argued that the Pixel 2 had the best Portrait Mode of any smartphone.

After all of this, Morrison on Sunday revealed that both images were not taken on a Pixel 2, but instead captured on an iPhone XS Max.

Matt Birchler:

First, I prefer Apple’s handling of dynamic range. Even last year when the iPhone wasn’t as good at this, I liked how shots taken with the iPhone camera maintained more shadow detail than the Pixel 2. As I’ve said many times at this point, the Pixel 2 camera optimizes for drama, which means it often loses detail in the lower end.

And the second reason I stick with the iPhone camera is that the RAW performance is just worlds better than the Pixel 2’s.

Update (2018-10-10): Nilay Patel:

The iPhone XS camera is the rookie tailback who flashes tons of potential but fumbles the handoff and falls down a little too often

The weird thing is that it saw the face, but then apparently decided to prioritize exposing the windows? Look at the printer on the shelf, this is an HDR merge gone totally sideways

Dan Masters:

I’ve heard from several people on here that the iPhone X camera software actually produces superior photos, with some considering switching back.

Update (2018-10-16): Jason Snell:

This animation may give you some idea of the difference in detail between Smart HDR and non-HDR shooting on the iPhone XS.

Update (2018-10-24): Jason Cross (MacRumors):

According to Apple, the Smart HDR system is choosing the wrong “base frame” from the several exposures it takes and composites into a single final picture. Instead of taking a sharper, shorter-exposure image as the base frame, it chooses one with a longer shutter time, thus making the final composite image less sharp. This explains why the strength of the effect varies from one test to the next (as the amount of blur on the longer-exposure shot would vary), and why we see the problem on the iPhone XS but not the iPhone X (which does not have the Smart HDR processing system).

Apple says this will be fixed in iOS 12.1; going forward, the Smart HDR system will choose the sharpest frame as its base image when using the selfie camera.

However, this doesn’t explain the issues with the rear-facing camera.

Update (2018-10-25): Erin Brook:

This shot above brings me to the next new feature: Smart HDR. I shot the above photo with it turned on, and I can’t say I love it. For me, it doesn’t make a whole lot of visual difference when I’m shooting, and that very well could be by default. I almost always underexpose my shots so I don’t blow out the highlights anyway, but I noticed it did weird things to highlighted, especially white, areas. Take a look at the SOOC version of the forest shot below, and look at her shirt collar.

It’s FREAKING BLUE. I underexposed to try and get it to stop doing that, but no matter what I did, it came out blue. It took a lot of correcting in Lightroom Mobile to fix it, and that was the last straw: I turned Smart HDR off. Even with Smart HDR off, I’m having trouble with other white or bright things, like my cat’s face. I underexposed the image below, and again, no matter what I did, his face was blown out (look at the bridge of his nose to see what I mean).

[…]

I’ve noticed that a lot with this new phone’s camera, I have to underexpose dramatically, far more than with previous phones, to get hot spots to go away, and by then the rest of the image is too dark to salvage.

Update (2018-10-29): Mike Rundle:

Forgot to shave? Don’t worry! Selfies taken with the new iPhone shave your face for you! X vs. XR comparison. This is hilarious

Update (2018-11-19): Ryan Jones:

I’m officially certain iPhone XS takes blurrier photos. ANY movement at all and it’s a blur. What is that – shutter speed? It sucks.

I’m hearing Smart HDR is causing this ridiculous blurring. I’ll test it, anyone else citing this. It’s not tolerable... so Smart HDR becomes inept.

Tim Ruhter:

It is smart HDR you can turn it off in settings. All of the photos my wife took with her XR were worse than her 7 until we turned it off. I think it’s because apple just isn’t as good with computational stuff as google/others.

Friday, September 28, 2018

PhotoKit’s Core Data Model

Ole Begemann:

In my quest to understand the Photos framework better (especially its performance characteristics), I wanted to inspect its data model. I found a file named PhotoLibraryServices.framework/photos.momd/photos-10.0.mom deep in the bowels of the Xcode 10.0 app bundle[…]

[…]

A .mom file is a compiled Core Data model. Xcode can’t open this directly, but it can import one into another Core Data model. Follow these steps to view the model in Xcode[…]

Brian Webster:

The Mac version of Photos doesn’t use Core Data, but instead a custom SQLite database format that originated in Aperture. Looks like a similar number of tables/entities though.

Brian Ganninger:

That’s correct (former UI engineer here ) The Aperture database format served as the basis for the shared library format between Aperture & iPhoto. That library format was then evolved for Photos library and cloud integration.

Previously: The History of Aperture.

Update (2018-10-02): Guilherme Rambo:

The Core Data model used by “Find My Friends”.

Basecamp App Rejected for Including Help Link

David Heinemeier Hansson:

Apple is rejecting an update to the @basecamp app in part because our app include a link to web-based help pages that have information about a paid version of Basecamp. Nothing changed in this app update from how that’s been since forever. Now a scramble to hide help links

The capricious review process that Apple subjects app devs to is such a stain on the company’s relationship with its ecosystem. It feels so utterly unnecessary, with such little upside, and such serious downsides. Apple may be the most benevolent in Big Tech, but it’s still in it

It also highlights what a glorious anomaly the web is as an application platform. Free from capricious overlords. Viva the open web. Viva email. Viva all open platforms.

This rule has never made sense to me. It’s even less understandable than the rules that you can’t mention which other platforms your app works with or which hardware or OS versions are compatible. And Basecamp’s intent is clearly not to bypass paying through Apple.

See also: Rejected for Mentioning a Pre-release macOS Version, Overcast Rejected for Listing Competing Podcast Apps, Purchasing From the Kindle App, iBookstore Rejects Book for Linking to Amazon.

How Swift’s Mirror Works

Mike Ash (now at Apple, but thankfully allowed to blog):

There isn’t a single universal way to fetch the info we want from any type. Tuples, structs, classes, and enums all need different code for many of these tasks, such as looking up the number of children. There are further subtleties, such as different treatment for Swift and Objective-C classes.

All of these functions will need code that disptaches to different implementations based on what kind of type is being examined. This sounds a lot like dynamic dispatch of methods, except that the choice of which implementation to call is more complicated than checking the class of the object the method is being used on. The reflection code attempts to simplify matters by using C++ dynamic dispatch with an abstract base class that contains a C++ version of the above interface, and a bunch of subclasses covering all the various cases. A single function maps a Swift type to an instance of one of those C++ classes. Calling a method on that instance then dispatches to the appropriate implementation.

[…]

Looking up the elements in structs, classes, and enums is currently quite complex. Much of this complexity is due to the lack of a direct reference between these types and the field descriptors which contain the information about a type’s fields. A helper function called swift_getFieldAt searches for the appropriate field descriptor for a given type. This whole function should go away once we add that direct reference, but in the meantime it provides an interesting look at how the runtime code is able to use the language’s metadata to look up type information.

Why Did Apple Spend $400M to Acquire Shazam?

Daniel Eran Dilger:

Virtually every one of Apple’s recent acquisitions can be directly linked to the launch of serious, significant new features or to embellishing core initiatives designed to help sell its hardware, including Face ID (Faceshift, Emotient, and Perceptio); Siri (VocalIQ); Photos and CoreML (Turi, Tuplejump, Lattice Data, Regaind); Maps (Coherent Navigation, Mapsense, and Indoor.io); wireless charging (PowerbyProxi) and so on.

Further, the reported $400 million price tag on the Shazam acquisition puts it in a rare category of large purchases that Apple has made which involved revolutionary changes to its platforms. Only Anobit (affordable flash storage), AuthenTec (Touch ID), PrimeSense (TrueDepth imaging) and NeXT itself are in the same ballpark apart from Beats—Apple’s solitary, incomparably larger $3 billion purchase that delivered both the core of Apple Music and an already profitable audio products subsidiary paired with a popular, global brand.

[…]

Given Apple’s interest in building traction for ARKit, which launched last fall as the world’s largest AR platform, it seems pretty clear that Apple bought Shazam, not really for any particular technology as Apple has already developed its own core visual recognition engine for iOS, but because Shazam has developed significant relationships with global brands to make use of AR as a way to engage with audiences.

[…]

With the development of ARKit, Apple has now created a new "mixed reality" world of app experiences that mesh right into the real world. At its last two WWDC events, Apple has introduced various games as primary examples of using ARKit. However, Shazam has already developed marketing campaigns that take advantage of ARKit to build engaging experiences—very similar to the core concept of iAd many years ago.

Update (2018-10-02): Scott Perry:

You can tell Apple has finished its acquisition of Shazam because none of the Spotify integration seems to work anymore. Even basic stuff like deep linking is busted.

Thursday, September 27, 2018

How Dropbox Migrated to Python 3

Max Bélanger and Damien DeVille (Hacker News, Reddit):

Though we’ve relied on Python 2 for many years (most recently, we used Python 2.7), we began moving to Python 3 back in 2015. This transition is now complete: If you’re using Dropbox today, the application is powered by a Dropbox-customized variant of Python 3.5. This post is the first in a series that explores how we planned, executed, and rolled out one of the largest Python 3 migrations ever.

[…]

To solve this build and deploy problem, we decided on a new architecture to embed the Python runtime in our native application. Rather than delegate this process to the freezers, we would use tooling specific to each platform (e.g. Visual Studio on Windows) to build the various entry points ourselves. Further, we would abstract Python code behind a library, aiming to more directly support the “mixing and matching” of various languages.

This would allow us to make use of each platform’s IDEs/toolchain directly (e.g. to add native targets like FinderSync on macOS) while retaining the ability to conveniently write much of our application logic in Python.

Android at 10

Dieter Bohn:

In an effort to ensure that another company wouldn’t gain dominant control over the mobile market, Google and Android have wildly, unequivocally succeeded in doing just that.

Android has taken the place in smartphones that Windows once held with desktops: dominant market share. Worldwide, IDC pegs Android’s share at about 85 percent. We can argue about regions and whether enough of those customers are willing to spend money on apps and many other things, but that number is almost too big for nuance.

Android is the dominant computing platform on the planet. Not only has Android prevented some version of Windows from taking over mobile, but it has actually eclipsed Windows as the most popular operating system, period.

CodeRunner 3

Nikolai Krill:

The all-new documentation sidebar lets you browse the online docs for your programming language without ever leaving the app.

[…]

The editor has been enhanced with lots of new features. It now supports more than 230 syntax highlighting modes, all updated to the latest language specifications.

[…]

Web development is now more powerful than ever in CodeRunner. Use the built-in Web Inspector to debug JavaScript, view and edit HTML elements, work with CSS styles, and much more. New run modes for web files let you magically inject your JavaScript or CSS files into a website or HTML file. When running your PHP files, the output can now be quickly toggled between terminal and web mode.

Todd Ditchendorf:

Wow. Dunno when this happened exactly, but CodeRunner 3.0 includes a graphical debugger UI for Python. And it’s the best I’ve seen. (By “best”, I suppose I mean “most like Xcode”… cuz that’s what I’m used to). And it seems to work with virtual environments. Nice!

Previously: CodeRunner 2, CodeRunner 1.0.

What Facebook Does For Advertisers

Kashmir Hill (Hacker News):

Facebook is not upfront about this practice. In fact, when I asked its PR team last year whether it was using shadow contact information for ads, they denied it. Luckily for those of us obsessed with the uncannily accurate nature of ads on Facebook platforms, a group of academic researchers decided to do a deep dive into how Facebook custom audiences work to find out how users’ phone numbers and email addresses get sucked into the advertising ecosystem.

[…]

They found that when a user gives Facebook a phone number for two-factor authentication or in order to receive alerts about new log-ins to a user’s account, that phone number became targetable by an advertiser within a couple of weeks. So users who want their accounts to be more secure are forced to make a privacy trade-off and allow advertisers to more easily find them on the social network.

Parmy Olson:

Facebook’s plans remain unclear. When Sandberg, Facebook’s COO, was asked by U.S. lawmakers in early September if WhatsApp still used end-to-end encryption, she avoided a straight yes or no, saying, “We are strong believers in encryption.” A WhatsApp spokesperson confirmed that WhatsApp would begin placing ads in its Status feature next year, but added that even as more businesses start chatting to people on the platform, “messages will remain end-to-end encrypted. There are no plans to change that.”

For his part, Acton had proposed monetizing WhatsApp through a metered-user model, charging, say, a tenth of a penny after a certain large number of free messages were used up. “You build it once, it runs everywhere in every country,” Acton says. “You don’t need a sophisticated sales force. It’s a very simple business.”

[…]

Within 18 months, a new WhatsApp terms of service linked the accounts and made Acton look like a liar. “I think everyone was gambling because they thought that the EU might have forgotten because enough time had passed.” No such luck: Facebook wound up paying a $122 million fine for giving “incorrect or misleading information” to the EU—a cost of doing business, as the deal got done and such linking continues today (though not yet in Europe).

Wednesday, September 26, 2018

SuperDuper 3.2 Adds Smart Delete

Dave Nanian:

This is something we’ve been thinking about and working on for a while. The problem has always been balancing safety with convenience. But we’ve finally come up with a idea (and implementation) that works really well.

Basically, if we hit a disk full error, we “peek” ahead and clean things up before Smart Update gets there, just enough so it can do what it needs to do. Once we have the space, Smart Delete stops and allows the regular Smart Update to do its thing.

Smart Update and Smart Delete work hand-in-hand to minimize disk full errors while maximizing speed and safety, with no significant speed penalty.

This is seriously one of my favorite improvements to backup software in a long time. My backup drives/partitions tend to be the same size (or a bit smaller) than the source drives, which are close to full and have many files that have changed. So it was common to run out of space after an hour or so of copying only to have to start over by reformatting the destination drive. A relatively quick Smart Update would require my intervention and turn into potentially a day of copying. That shouldn’t happen anymore.

Rebuilding the Services Menu

Howard Oakley:

If a service is missing, you can get pbs to rescan it by logging out and back in (or restarting), then opening any item in a Services menu. If that doesn’t do the trick, try the command /System/Library/CoreServices/pbs -flush and then use a command in a Services menu. The resulting rescan will take a while, but should create a brand new list of services.

When I updated to OmniFocus 3, its service was renamed from OmniFocus 2: Send to Inbox to OmniFocus 3: Send to Inbox, but the menu got out of sync. It kept showing the old name, whereas System Preferences showed the new one. Because of the mismatch, my custom keyboard shortcut didn’t work. Flushing pbs fixed the problem.

OmniFocus 3 for Mac

Brent Simmons:

This release brings a modern design that still manages to feel familiar — OmniFocus 2 users will feel right at home, while still being delighted by the fresh new user interface. It also brings new features and improves existing features.

[…]

  • Tags add a powerful additional organizing tool. Create tags for people, energy levels, priorities, locations, and more.
  • The Forecast view shows your tasks and calendar events in order, so you can better see what’s coming up in your day.
  • Enhanced repeating tasks are easier than ever to set up — and they work with real-world examples such as the first weekday of the month.
  • The updated, modern design helps you focus on your projects and actions.

A solid update to one of my most important apps. My favorite new feature is being able to reorder actions from the Tags view. They’ve also brought back the 1.x feature of being able to drag and drop onto tags within the main part of the window. I was initially concerned about tags replacing contexts because I thought this might make things cumbersome given that I usually only want one tag, but the implementation seems to be really well done.

I like the updated design in general, but the inspector has lower information density than before. I suppose the idea was to follow Apple’s lead with iWork’s iOS-inspired sidebars, which I also found to be a regression. Whereas I used to be able to quickly glance at the inspector to, e.g., check a date, I can no longer do that without scrolling. In theory, I should be able to collapse some of the sections to more easily see the areas I care about. However, each section contains something that I do want to see, so there’s no way to hide just the parts that I rarely care about (status and duration) or to use a smaller font or a less padded layout.

Brent Simmons:

Your old archive isn’t copied to OmniFocus 3 as part of the first run — but the first time you use the Archive feature in OmniFocus 3, the app will prompt you to copy it over.

Ken Case:

When OmniFocus 3 for Mac becomes available for sale (on Monday, September 24), you’ll be able to get a 50% discount on the upgrade so long as you download the new version from the same source as your earlier version.

The Mac App Store doesn’t support paid upgrades, so this is implemented as a separate SKU that offers you a discounted In-App Purchase if you had purchased the previous version. The direct sale version also has the new bundle identifier, and as a result it doesn’t retain your preferences from OmniFocus 2.

See also:

Previously: OmniFocus 3 for iOS, OmniFocus 2018 Roadmap.

Update (2018-09-27): See also: David Sparks and Allen Pike.

Screen Time Issues

Spencer MacDonald:

So Screen Time is showing me stats for an app I don’t even own?

Ben Lovejoy:

Of particular interest to parents was the ability to impose restrictions on their children – but it hasn’t taken long for kids to figure out how to bypass the limits …

The first, and most obvious one, was for kids to change the time of the device to an earlier one – before the downtime kicks in.

But a Reddit thread spotted by Business Insider reveals that this isn’t the only hack kids are employing.

Update (2018-09-27): Daniel Alm:

Apple recognizes which domains you have been browsing and shows apps associated with that domain instead of the actual domain in Screen Time, including apps you don’t even own.

Patrick Metcalfe:

Filed a radar and was told this is intended. Even for @github who’s URL is being used by someone ELSE’s app! Somehow that’s allowed.

Update (2018-10-03): Eric Chen:

It’s not just domains that have apps associated with that domain, it tracks (some?) domains in general. My screen time has timings for “http://news.ycombinator.com” and more. Want to see something creepy? Go visit a certain hub of porn for a few minutes and check screen time.

Update (2018-10-25): See also: Accidental Tech Podcast.

DragThing No Longer for Sale

James Thomson (tweet):

DragThing is written using the 32-bit Carbon APIs that Apple have announced they will remove in the next major update of macOS after 10.14 Mojave, most likely in September 2019.

64-bit support would require completely rewriting DragThing from the ground up, a process which would take us six months to a year to complete, with no guarantees we could re-implement all the existing functionality.

Unfortunately, we do not believe there is enough of a market out there for a new version, such that it would be financially viable for us to do so. Almost all of our income over the last ten years has come from PCalc, and time spent on a new version of DragThing would be time we couldn't spend on improving PCalc.

While we have not yet made a final decision, we do not feel comfortable selling an app with an uncertain future, so DragThing is no longer for sale. It should continue to function on 10.14 Mojave for now.

The end of an era—DragThing must have been one of the first Mac apps that I bought. It’s still better than the Dock in many ways, but I didn’t use it much on Mac OS X because Apple never provided the APIs to allow to be a full Dock replacement.

James Thomson:

DragThing would need 6-12 months to rewrite, and I don’t even know if it’s technically feasible to do most of the stuff with the sandboxing changes in macOS.

Tuesday, September 25, 2018

The Mojave Marzipan Apps

Benjamin Mayo (tweet):

Marzipan apps are ugly ducklings. As soon as you use them, you can just know these are not at one with the system. You detect that there’s a translation layer of some kind at work here, just like when you use Slack on the Mac you instinctively feel that it’s a web app in a thin wrapper. The underlying implementation is exposed to the user with a bevy of performance sluggishness, UI quirks and non-standard behaviours. That’s bad.

[…]

I debated calling this post ‘Home, News, Stocks and Voice Memos for Mac’ because it’s not really a comment on the Marzipan project initiative. After all, I don’t expect the solution Apple ships next year to have the same laundry list of drawbacks that these Mojave apps do. It’s a critique of the apps that are shipping now to customers of macOS. These apps are preinstalled with the OS. News was even unceremoniously placed into the middle of my Dock upon upgrading. And they are not good, simple as that. I would have been mildly happier if Apple had offered these apps as optional App Store downloads affixed with a beta label.

Steve Troughton-Smith:

Everybody’s looking at Marzipan and going ‘wow, these apps will never fit in on macOS’ and I’m here going ‘wow, this is what Mac apps are going to all be like in a few years…’

[…]

Logically, I expect:

1) Marzipan to get better on the desktop — visually, and functionally

2) iOS-based apps to dominate and subsume macOS-based apps

3) Many of iOS’ paradigms to ‘win’ in this transition, enabling new classes of touchscreen computers that otherwise wouldn’t exist

Kuba Suder:

It makes zero sense to bring Mac to the lowest common denominator to support iOS apps, it’s what Microsoft did and what Apple always criticized. I believe they’ll improve the APIs and VM layer to make such apps feel much more Mac-like, let them easily launch multiple windows etc.

[…]

But it will take a long time until Marzipan can compete with AppKit for building Mac apps that feel truly at home on macOS, and probably both AppKit and UIKit will be replaced by something new by then.

Charlie Melbye:

- marzipan is going to quickly improve and eventually power most new Mac apps

- marzipan v1 apps in Mojave are some of the poorest quality first party Mac apps in recent memory

Both of these things are true.

Steve Troughton-Smith:

The existing Mac apps are not good apps! Messages is a web view! iBooks is a travesty! Apple’s history of bringing features to both platforms strongly favors iOS

Eli Schiff:

Consider @stroughtonsmith’s rhetoric—he’s in an uncanny valley wherein one is not sure if he’s running interference for Apple to assuage fears, or if he’s the only one providing sober analysis. The truth is a drop of idealism turns latter into the former.

Bob Burrough:

His analysis is sober. The moment I realized it was when he said iPhone needed mouse support. His vision for the platform is authentic. He’s not running interference for Apple any more than you’re arbitrarily bashing them. You’re both being genuine.

John Gruber:

These Marzipan apps are not good apps.

Jason Snell:

MacOS is on the way to being a superset of iOS with legacy app compatibility and slightly relaxed security? But I do think the marzipan apps will get better than they are now. One would hope.

Bob Burrough:

I’m a bit astonished by the unanimity of opinion that Mojave’s Marzipan apps are not good. There’s usually always a holdout.

The new Mac App Store app, which does not use Marzipan, also has issues:

I’m not a huge fan of this hiding title bar in the new App Store. It’s clever, but confusing to new users (I didn’t even know it was there.) It makes the app look a little cleaner but non uniform. And it seems like a haphazard experiment around iOS navigation controllers on Mac.

Just to add to the confusion, it’s not even present/showable when you actually pop another view onto the stack, meaning it doesn’t even really reliably bridge the navigation controller concept from iOS.

And there remains a lot of interest in third-party developers using Marzipan today.

Previously: Apple Announces Marzipan for 2019, macOS Mojave: Back to the Mac, Tim Cook Says Users Don’t Want iOS to Merge With macOS.

Update (2018-09-27): Nick Heer:

I didn’t want to complain about the state of these apps prior to release because I didn’t think that was fair — plenty of bugs were fixed as the release date drew nearer. Unfortunately, they didn’t become any more Mac-like. That would be fine if these were one-offs, but Apple is planning on releasing this framework to developers just next year, and the initial results are not promising. They remind me of the janky apps you’ll find at the top of the free chart in the Games section of the Mac App Store. I worry that this will be increasingly common now that directly porting an app from iOS is something that is seemingly officially sanctioned, and I’m not the only one. These apps are not ready.

Or, here’s an even worse situation: maybe Apple does consider these apps ready. Surely they figured they were good enough to bundle preinstalled in the latest public update to MacOS. Are these the model apps for third-party developers to aspire to when they get to start porting their apps next year? I certainly hope not.

Colin Cornaby:

The Mac Home app is a direct refutation to the idea that iOS developers won’t just use Marzipan to ship thoughtless iOS shovelware on the Mac. From Apple themselves.

Update (2018-09-28): Jason Snell:

Some of Apple’s built-in Mac apps lag behind their iOS equivalents. The best example might be Messages, which lacks all sorts of iOS features, including stickers and message effects. It’s hard not to imagine a world where most of Apple’s cross-platform apps are developed using this system, allowing them to be feature-compatible across iOS and Mac. Which is worse, knowing that the app you’re using originated on iOS, or getting up to find your iPhone because the Mac version of the app you’re using doesn’t support a feature that Apple rolled out on iOS last year?

[…]

Imagine a world where Apple has to add features to iOS apps so that they’re palatable to Mac users. That solves a lot of problems for iOS users too, doesn’t it?

See also: Connected, Hacker News, MacRumors.

Update (2018-10-10): See also: Accidental Tech Podcast.

Update (2018-10-19): John Gruber:

In Apple News on iOS you can open any article in Safari via the share sheet. Am I getting this right that there’s no way to do that in Apple News on Mojave? I don’t even see a way to copy the original URL.

Did anyone at Apple even try using these Marzipan apps?

Sam Byford:

when you pause a recording in voice memos (say, an interview for transcription) and then press play again, it starts from the beginning. and you can’t even open the file in quicktime or anything else! they’re just staggeringly bad pieces of software

Nick Lockwood:

It’s difficult for me to advocate for a technology that produces bad apps without feeling like a hypocrite wrt native app experience.

Not for the first time, Apple has put me in a position of not being willing to stake my own reputation on them not fucking something up.

I want UIKit on Mac and I think it could be done well, but the belief that it will be done well is predicated on the assumption that Apple wouldn’t deliberately lower the quality ceiling for Mac apps, and yet Apple has just shipped a bunch of apps that disprove that assumption.

Will Cosgrove:

Have you noticed the text selection color if you put News in the background. What is even happening.

Peter Steinberger :

I will show the hacks currently needed to try Marzipan, and walk through what I needed to do to get PDF Viewer to run on macOS Mojave.

Update (2018-12-10): Wojtek Pietrusiewicz:

Personally I’m horrified at what these apps look like and how they function. They appear to be foreign entities among all the software designed for MacOS. Despite understanding Apple’s reasoning behind shipping them now and not when their backbone is ready, I cannot quite fathom who said: ‘Yes, this is good enough.’ Not at Apple in any case.

Bypassing Mojave Security Protections

Juli Clover:

Researcher Patrick Wardle, who has uncovered many security flaws in Apple’s macOS operating system, today shared some details on a new vulnerability that he’s found in the newly released macOS Mojave update.

As outlined by BleepingComputer, Wardle discovered that he was able to access Contacts data from the address book using an unprivileged app, as demonstrated in the video below.

And a separate vulnerability from Sentinel One:

Here, we have remotely logged in to Sally’s user account via ssh and retrieved the last website she visited, a banking logon page, by reading the LastSession.plist stored in the (supposedly) protected Safari folder.

Importantly, the ability to ssh into the local account and traverse the protected folders does not require pre-approval of Terminal in Full Disk Access, and can even be performed locally by Sally herself with ssh[…] In short, any local or remote user can bypass the Full Disk Access requirement simply by logging in via ssh.

This is pretty demoralizing. I’ve spent months trying to make smooth user experiences in spite of the hurdles Apple has added for developers (in some cases without even telling them). Some things are broken and not in my control to fix. Even once things settle down, my customers will still have to jump through extra hoops to use my apps. And yet the bad guys can still get at the protected data, anyway.

Presumably these will be fixed, and maybe Apple will eventually improve the user interface, but it just seems like this shipped far before it was ready. As did the rest of Mojave, as there wasn’t even time to distribute a GM build.

Previously: Mojave’s New Security and Privacy Protections Face Usability Challenges.

Update (2018-09-25): Jeff Johnson:

I’ve got 1 too, different from the other 2

Update (2018-09-26): Dave Nanian:

The nice thing about the Vista-ing of Mojave is that it’s a huge pain for everyone but the people who you have to worry about.

Update (2018-09-27): Jeff Johnson:

I used a different attack vector than SentinelOne (ssh) and Wardle. I don’t know what Patrick’s attack vector is, but I did ask him if he used mine, and he said no. So there are at least 3 different privacy protection bypasses in Mojave. I suspect that there are even more.

Update (2018-11-06): Jeff Johnson:

As of today, the support document does not mention the privacy protection bypass that I discovered and alluded to in my blog post. Nonetheless, macOS 10.14.1 does appear to fix the main issue, although there remain other avenues for bypassing Mojave’s privacy protections under certain conditions.

[…]

The privacy protection bypass that I discovered is quite simple. It’s obvious that Apple exempted some of its own code from Mojave’s privacy protections; for example, you’re able to navigate protected folders in Finder without triggering permission dialogs.[…] The body in this case was Automator. Or more accurately, /usr/bin/automator.

[…]

Another possible way to bypass Mojave privacy protections is to “piggyback” on another app. Even if a malicious app is unable to obtain special permission itself, the app can use another app that has already been granted permission, such as Terminal app.

Photos Needs Better Storage Management

Bradley Chambers:

On iOS and macOS alike, I’d like to be able to control how much of a cache that the Photos app can keep offline. I know that both iOS and macOS does an excellent job of keeping free space, but I’d love additional control over how much space it uses. An idea here would to set a maximum GB usage that iCloud could use. On iOS, I’d like to be able to say: use no more than 10 GB (I have a 64GB phone) for iCloud Photo Library.

Greg Hurrell:

Wish I could automatically sync lower-quality versions of photos from my Apple Photos library to my iPhone. It seems to sync the full(-ish?) resolution versions, which at 10MB apiece adds up to 100GB. Only way I can see to make this happen is to export lower-res and sync that.

Previously: Protecting Your Network From Photos Uploads.

Apple’s Use of Swift in iOS 12

Alexandre Colucci:

Apple added some new features in iOS 12 and with no surprise the corresponding applications contain some Swift code. This is the case of the ContinuityCamera and Measure apps. Previous existing apps have been updated and some of them contain more Swift code: AppStore, Books, Music, News, SharingViewService and Stocks.

As we can see, Apple is slowly using Swift in more apps with each new iOS release, but the number of these apps is still really limited. Here is a chart showing the evolution of the number of binaries using Swift in iOS (without counting the Swift libraries)[…]

More than double the number of binaries as last year.

Update (2018-09-28): See also: Hacker News.

Swift 5 Preview

Paul Hudson:

Swift 5.0 is the next major release of Swift, and is slated to bring ABI stability at long last. That’s not all, though: several key new features are already implemented, including raw strings, future enum cases, checking for integer multiples and more.

Update (2018-09-26): See also: Swift 5.0 Release Process.

Compiler User Interfaces

Greg Titus (via Doug Gregor):

The force unwrap fixit still exists, but it is now never the only or preferred fixit offered, and hopefully the explanations of the errors are a lot more beginner-friendly now.

Shriram Krishnamurthi:

Error messages come from languages, but errors are made in programs. By definition, there’s a big semantic gulf between the language and program. Fixes have to be at the level of the program. How can the language make “obvious” the program’s problem?

This also assumes that there is “the” problem. Many times an error is the result if an inconsistency (trivial example: f takes two args and is given three; not clear whether caller or callee is to blame).

[…]

Errors live in a very complex ecosystem. As a programmer, course I’d love what the slide asks for. [“An error should make it obvious how to fix the problem.”] As a researcher and language designer and curriculum author, I’d be terrified of anything that makes such claims. Even as someone who’s spend 8 hard years now on better msgs.

Monday, September 24, 2018

macOS 10.14 Mojave Released

Apple:

macOS Mojave, the latest version of the most advanced desktop operating system, is now available as a free software update for Mac users. macOS Mojave brings a number of new features to the Mac, including Dark Mode which transforms the desktop with a dramatic dark color scheme, and a new Dynamic Desktop with a series of time-shifting images to match the time of day. New productivity features like Stacks cleans up messy desktops by automatically organizing files into neat groups. The Mac experience is also enhanced with the arrival of familiar iOS apps, including News, Stocks, Voice Memos and Home, and a redesigned Mac App Store featuring rich editorial content that makes finding the right Mac apps easier than ever.

See also reviews from:

Adam Engst:

I’ve been running Mojave betas all summer on my MacBook Air, and honestly, I will not be installing the final release of Mojave on my 27-inch iMac right away. I’ve seen too many quirks and problems, a number related to the new privacy protections (see “Mojave’s New Security and Privacy Protections Face Usability Challenges,” 10 September 2018). Some of my Keyboard Maestro macros have stopped working, and I haven’t yet been able to figure out why. I’ve also been annoyed by the constant nagging of utility apps asking to control other apps or access privacy-protected data.

Therefore, I recommend that you wait to install Mojave on your main Mac until two things are true[…]

SK:

Several users report that their Mail crashes or quits unexpectedly after updating to macOS Mojave.

If you are experiencing this issue after updating to macOS Mojave, please follow the steps below and check if your issue is solved.

Previously: Mojave’s New Security and Privacy Protections Face Usability Challenges, Removed in macOS 10.14 Mojave, macOS Mojave: Back to the Mac.

Update (2018-09-24): VMware reports an error when I try to create a new VM from the Mojave installer app, but it works using an installer disk that I created using the Create macOS Install Disk command in DropDMG.

Joe Cieplinski:

If you’ve been on the Mojave beta and are wondering how to get the shipping version: (Wasn’t showing up in Software Update for me.) Go to the Mac App Store, search for Mojave, click Get. That’ll bounce you to the System Prefs Software Update pane and start downloading.

Update (2018-09-25): See also:

Josh Centers:

If you are running the macOS 10.14 Mojave beta, be sure to install the final retail version, as they are different!

Howard Oakley:

Over the last few days, Apple has updated many of its Support Notes, and added some new ones, to cover issues raised or changed by Mojave. Here’s a selection of the more important ones.

Stephen Hackett:

I have published two big updates to the Aqua Screenshot Library that I wanted to share.

Rob Griffiths:

Mojave Beta 11, the last developers received, was build 18A389. The release is 18A391.

So Beta 11 was not the GM—which means developers haven’t been able to test against what just shipped to consumers today.

Is that a first for Apple? Or did I miss something?

Marcin Krzyzanowski:

“Reduced transparency” in Mojave, means really JUST REDUCED transparency, while it disabled transparency in High Sierra. I found it quite annoying that everything is semitransparent again.

Christina:

macOS Mojave Dark Mode on non-retina displays is unusable (photos with and without font smoothing)

Update (2018-09-26): Joe Rossignol:

Apple provides a download page on its website for the special edition of iTunes, which originally had a version number of 12.6.3. Two updates have since been released, including version 12.6.4 and the current version 12.6.5.

As brought to our attention by a MacRumors reader, and confirmed by our own testing, however, iTunes 12.6.5 fails to install on Mac systems updated to the public release of macOS Mojave this week. It also appears that the previous 12.6.3 and 12.6.4 versions do not function properly on macOS Mojave.

Howard Oakley:

I will shortly be opening a separate article in which bad features, poor interface design, and problems with third-party apps, etc., will be recorded, and will add its link here. This article lists bugs which you and I have encountered in macOS Mojave itself.

Colin Cornaby:

The lack of fixes around Boot Camp (no eGPU support, Mojave dropping support for it on some Macs) makes me wonder if Boot Camp is abandoned or going to be abandon by Apple. Would be kind of a shame.

Howard Oakley:

Many users with MacBook Pro 2018 models with the T2 chip are reporting that upgrading to macOS 10.14 Mojave fails towards the end of the process.

Apple:

Background updates include security-configuration updates and system data files, which are automatically installed by default. They don't cause your Mac to restart, but some take effect only after you restart.

Via Jeff Johnson:

So many hidden updates!

I find this particularly interesting:

“TCC Configuration Data: Improves compatibility of specified software with macOS security features”

Update (2018-09-27): Scott:

Bluetooth is messed up in Mojave. My keyboard and mouse intermittently fail to reconnect on wake (it’s always one or the other).

Update (2018-10-09): Tom Nelson:

Having issues with Mojave? Seems like it’s a rite of passage to install a new version of the macOS, and then uncover issues we didn’t see in the beta version.

Howard Oakley:

Maybe we have just moved into an age of disinformation, but I keep seeing statements about macOS 10.14 Mojave which are plain wrong. Here are corrections to seven which you may come across. When you discover others asserting otherwise, please point them in this direction so that they can become better-informed.

Update (2018-10-12): Howard Oakley:

In most cases, the reason for this molasses-like behaviour isn’t a failed install, neither is it a bug in Mojave or its installer. If you rush in and restart in Recovery mode, you won’t be able to fix it, because much of what is going on is actually normal behaviour.

[…]

What happens when Time Machine can’t use the FSEvents database is that it then performs a ‘deep scan’ or traversal, in which the datestamps of all files are checked against an earlier record, and a new database is built. Inevitably, the more files there are on a volume, the longer that deep scan will take. Mojave can accelerate this process on APFS volumes by examining snapshots rather than the whole file system, but this still takes time.

Update (2018-10-24): Miles Wolbe:

[DVD Player] been moved from /Applications/ to /System/Library/CoreServices/Applications/. Due to SIP, “Make Alias” is not available from the Finder’s context menu in that directory, nor does the new Make Alias keyboard shortcut (Ctrl+Cmd+A - really, Apple?! Cmd+L does not appear to have even been reassigned!) work.

Ryan C. Gordon:

Some things that broke in Mojave OpenGL:

- renders to a black screen by default

- -[NSOpenGLPixelFormat initWithAttributes] inexplicably stalls for several seconds

- vsync no longer works

- swapping buffers on 2 contexts on 2 threads may deadlock

Update (2019-01-24): Howard Oakley:

This article lists bugs which you and I have encountered in macOS Mojave 10.14.3 itself[…]

Update (2019-01-29): Howard Oakley:

In the release of 10.14.3, Apple made two howling errors, though.

The first was in the Combo version of the standalone updater, whose scripts prevented it being installed on many Macs. Building such installer scripts isn’t easy, but it shows yet again that code checking and good quality management aren’t Apple’s strong suits, a year after Apple was driven to admit that some of the gaffes in High Sierra should never have seen the light of day.

The other was in the total lack of release notes, other than one remark which would only have been of interest to enterprise users, and some brief security notes.

Update (2019-02-01): Pixelmator Team:

We’re aware of some performance issues with Pixelmator Pro on certain 2017 & 2018 MacBook Pro models running macOS 10.14.3.

John Gruber:

Seems like an odd oversight that the description for Mojave system updates includes URLs, but you can’t select them (so you can copy/paste) nor click on them.

David Dunham:

I filed a bug on the iOS App Store (same issue for Apple’s Shortcuts) and they said it was expected. So someone there actually thinks this is a good idea.

Update (2019-02-27): Thomas Brand:

Photoanalysisd has been analyzing my photo library of 1,424 photos hard for a week now without sleep.

At this rate my child’s face and all the pictures I took at the zoo 5 years ago should be expressed in an algorithm.

Swap is at 39.79 GBs. So this is a big algorithm?

Photoanalysisd is using over 77 GBs of memory.

I only have 1,424 photos. My Photo Library is 6.87 GBs in size. I don’t know what my iMac is doing, but I can’t imagine doing it on a spinning hard drive.

Apple Shying Away From R-Rated Original Content

Tripp Mickle and Joe Flint:

The show, a dark, semi-biographical tale of hip hop artist Dr. Dre, featured characters doing lines of cocaine, an extended orgy in a mansion and drawn guns.

It’s too violent, Mr. Cook told Apple Music executive Jimmy Iovine, said people familiar with Apple’s entertainment plans. Apple can’t show this.

John Gruber:

And how in the world did Vital Signs go the distance into production without knowing where the red line was? Shouldn’t this have been flagged when it was just a screenplay? It really does seem like the Eddy/Jimmy content team is an island within the company. I actually hope there’s some sort of misunderstanding in the sourcing for this story, and that they didn’t really shoot a pilot (or a whole season?) only to throw it away.

It never seemed like a good fit for Apple’s brand.

Tim Hardwick:

Apple’s approach is in direct contrast to that of other streaming platforms, which have found great success in producing edgy content like HBO’s “Game of Thrones” and Netflix’s “House of Cards.” However, Apple apparently feels it has more to lose if viewers are offended by its entertainment offering.

[…]

According to the report, Van Amburg and Erlicht have successfully pushed some edgier shows, including a series made by M. Night Shyamalan about a couple who lose a young child. However, Apple executives reportedly pushed for changes in the show because they didn’t want content to venture into religious subjects or politics.

Previously: Inside the World of Eddy Cue, Apple’s Services Chief.

iPhone XS Benchmarks

Mark Spoonauer:

Geekbench 4 is a benchmark that measures overall performance, and no other phone comes close to Apple’s new handsets on this test. The iPhone Xs notched 11,420, and the iPhone Xs Max hit 11,515. The older iPhone X scored 10,357, so that’s about an 11 percent improvement.

David Heinemeier Hansson:

The iPhone XS is faster than an iMac Pro on the Speedometer 2.0 JavaScript benchmark. It’s the fastest device I’ve ever tested.

This result doesn’t make much sense to me. The iMac Pro has a higher clock rate and more cores. And it’s inconsistent with the Geekbench Mac and iOS benchmarks.

Update (2018-09-26): Jason Cross:

The iPhone XS and XS Max offer essentially the same performance. Single-threaded CPU performance is about 13 percent faster, very close to Apple’s claimed 15 percent speedup. That helps contribute to a very small improvement in multi-core performance, but since the four energy-efficient cores aren’t really any faster, the difference is minimal.

Geekbench’s GPU test uses Metal to perform computational tasks, so it’s a pretty good indicator of the graphics processor’s ability to do math without actually rendering 3D graphics on your screen. It’s almost 40 percent faster, which is impressive, though not quite the “up to 50 percent” that Apple claims.

Update (2018-10-03): Greg Parker:

ARMv8.3 adds a new float-to-int instruction with errors and out-of-range values handled the way that JavaScript wants. The previous insns to get JavaScript’s semantics were much slower. JavaScript’s numbers are double by default so it needs this conversion a lot.

This could help explain what DHH saw.

Update (2018-10-05): Andrei Frumusanu:

Overall the new A12 Vortex cores and the architectural improvements on the SoC’s memory subsystem give Apple’s new piece of silicon a much higher performance advantage than Apple’s marketing materials promote. The contrast to the best Android SoCs have to offer is extremely stark – both in terms of performance as well as in power efficiency. Apple’s SoCs have better energy efficiency than all recent Android SoCs while having a nearly 2x performance advantage. I wouldn’t be surprised that if we were to normalise for energy used, Apple would have a 3x performance efficiency lead.

Update (2018-10-09): See also: Hacker News:

Timmers EM1:

iPhone XS Max vs Xiaomi Pocophone F1 speed test comparison! What’s gonna happen?!

Meek Geek:

Spoiler: The “cheap” phone wins.

Apple can have the “3x faster” SOCs but if they don’t translate to real world gains in important tasks like launching apps, what’s the point?

iOS 12 was just a first step. Still needs more performance improvements (app launch & multitasking).

Update (2018-10-12): John Gruber:

Turns out JavaScriptCore (Safari’s JavaScript engine) doesn’t use this new instruction yet — it should make things even faster once it does but the A12 chip is getting these benchmark scores without this new instruction’s help.

Update (2018-11-13): Marco Arment

All of this power in the A12, and I need to throttle Overcast’s Watch-transcoding engine, even when connected to power, because iOS kills any app that uses more than 80% of the CPU over 60 seconds.

Colin Cornaby:

As someone who works on machine vision on iOS: Yes! We’ve observed it on all iPhone models since the 6S, a few earlier ones too. iPhone benchmarks are kind of misleading because you can’t use that power for more than a minute or two. iPads seem better, but we work with them less.

If you look at some of Apple’s samples they actually subscribe to thermal notifications and warn you when the phone is getting too hot and will start downclocking.

What is Haptic Touch on iPhone XR?

Rex Chamberlain:

However, there are many functions of 3D Touch which could simply be accomplished by a touch and hold on the display, eliminating the extra stress on your finger too. 3D Touch naysayers have raised these points for years.

[…]

Apple has finally given in to the idea. The new iPhone XR is not equipped with 3D Touch but will get much of the functionality through a feature dubbed Haptic Touch. Never one to resist flashy feature names, Haptic Touch is Apple’s fancy designation for touching and holding your finger on the display.

The added layer of haptic feedback will help you recognize when the feature is triggered. And with Apple’s excellence in haptic feedback technology, it makes you wonder if 3D Touch is on it’s way out.

Previously: September 2018 Apple Event.

Software Disenchantment

Nikita Prokopov (Hacker News):

Look around: our portable computers are thousands of times more powerful than the ones that brought man to the moon. Yet every other webpage struggles to maintain a smooth 60fps scroll on the latest top-of-the-line MacBook Pro. I can comfortably play games, watch 4K videos but not scroll web pages? How is it ok?

[…]

Every device I own fails regularly one way or another. My Dell monitor needs a hard reboot from time to time because there’s software in it. Airdrop? You’re lucky if it’ll detect your device, otherwise, what do I do? Bluetooth? Spec is so complex that devices won’t talk to each other and periodic resets are the best way to go.

[…]

We put virtual machines inside Linux, and then we put Docker inside virtual machines, simply because nobody was able to clean up the mess that most programs, languages and their environment produce.

Previously: Most of the Web Really Sucks If You Have a Slow Connection, Continued Mac Bluetooth Problems.

Update (2019-01-29): Pierre Lebeaupin:

But later on I started seeing things differently. It is clear that browser developers have been for the last few years engaged in a competition for performance, features, etc., even if they don’t all favor the same benchmarks. In that fast-paced environment, it would be a hard dilemma between going for features and performance at the risk of bugs, especially security vulnerabilities, slipping through the cracks, and instead moving at a more careful pace, at the risk of being left behind by more innovative browsers and being marginalized; and even if your competitor’s vulnerabilities end up catching up with him in the long term, that still leaves enough time for your browser to be so marginalized that it cannot recover. We’re not far from a variant of the prisoner’s dilemma. Chrome resolved that dilemma by going for performance and features, and at the same time investing up front in an architecture that provides a safety net so that a single vulnerability doesn’t mean the attacker can escape the jail yet, and bugs of other kinds are mitigated. This frees the developers working on most of the browser code, in particular on the JavaScript engine, from excessively needing to worry about security and bugs, with the few people having the most expertise on that instead working on the sandbox architecture of the browser.

Update (2023-10-25): See also: Hacker News.

Friday, September 21, 2018

Apple File System Reference

Howard Oakley:

Apple has at last released the Apple File System Reference, 143 pages and over 400 KB of detailed documentation about its new file system.

According to its revision history, this describes the data structures used for read-only access to APFS on unencrypted storage, but doesn’t apparently cover Fusion Drives, which hopefully will be detailed later.

See also: APFS encryption, ghost guest users, and odd UUIDs, What APFS Does for You, and What You Can Do with APFS.

Update (2018-09-24): See also: Hacker News:

ken:

At last! Apple’s old APFS docs always had this mysterious note about Fast Directory Sizing:

You cannot enable Fast Directory Sizing on directories containing files or other directories directly; you must instead first create a new directory, enable fast directory sizing on it, and then move the contents of the existing directory to the new directory.

but there was never any documentation on how to do this, and no Apple engineer would say. The most common internet theory seemed to be that this feature was purely automatic, and all mentions (like this) in the docs were just incredibly misleading.

Now it seems we have an answer, in this flag: “INODE_MAINTAIN_DIR_STATS: The inode tracks the size of all of its children.”

Update (2019-01-25): Joe Sylve:

Apple’s APFS documentation now contains information about software encryption.

Thursday, September 20, 2018

New Git Client: Sublime Merge

Sublime Merge:

The Integrated Merge Tool allows you to resolve any merge conflicts directly in Sublime Merge, rather than having to open up your editor of choice.

[…]

Use find-as-you-type search to dig up the exact commit you're looking for.

Search for commit messages, commit authors, file names, and wildcard patterns. Complex search queries can be constructed using and, or and () symbols.

[…]

Where it makes sense we will show you exactly which individual characters have been changed for a commit.

[…]

Sublime Merge performs full syntax highlighting identically to Sublime Text for every line of code you see.

From a Mac perspective, the user interface looks kind of odd. But there is a lot to like here. It feels really fast and has good keyboard navigation. It has some ideas I hadn’t seen before, such as hunk history and putting the staging area at the top of the commit list rather than in a separate source list item. The main thing it doesn’t seem to do is full text search.

Sublime Store:

Personal licenses [$99] are a once off purchase, and come with 3 years of updates. After 3 years, an upgrade will be required to receive further updates. One license key in all you need for all your computers and operating systems

On the other hand, business licenses are $75/year.

Update (2018-09-24): I found that the diff viewer does not wrap long lines, making it unusable for certain types of files (such as .strings). I also really missed Tower’s way of having a separate list to manage the staged files, rather than showing the hunks and the files together.

Update (2018-10-24): jps:

We currently have an internal prototype where the there’s an optional extra column listing the file names for a diff or the commit dialog (replacing the ability to expand a commit to show files in the commit graph). I expect this will appear in a dev build in the not too distant future.

With regards to the initial post, Dev Build 1080 will do full text search now.

It’s crashy for me in the beta, but I’m glad to see them working on this.

Update (2018-11-06): Will Bond:

While we continue to add more features and polish to the default Sublime Merge experience, we know that developers love the ability to tweak their tools. Sublime Merge is built on the same foundation as Sublime Text, so you can tweak key bindings, menus, command palette entries, and even the look and feel of the UI.

To assist, we’ve just rolled out a number of pages of documentation for users who wish to customize Sublime Merge to look and function a little differently.

iOS 12 Security Guide

Jacques Fortier:

The iOS security guide is out! I’m so proud of the Secure Enclave team’s work on the secure storage IC, Kernel Integrity Protection, System Coprocessor Integrity Protection, Boot Progress Register

Matt Stancliff:

No reviews are mentioning iPhones XS, XR, and Watch 4 are the most secure iOS devices ever.

A12 and S4 devices now:

- use ARM signed pointers for all Apple software

- have new physical anti-replay counter circuit in Secure Enclave

- mitigate USB DFU hijacking in enclave firmware

mikeymikey:

If you’re wondering about authenticated pointers in the new iPhones, this is the best plaintext description of how something like that works I’ve seen so far.

Previously: iOS 12 Released.

Twitter Brings Back the Reverse Chronological Timeline

Andy Baio:

This ✨magical link✨ shows your Twitter timeline in true chronological order—without retweets, liked tweets, or any algorithm nonsense. (On mobile? Click “Latest.”) Enjoy!

Mitchel Broussard:

In a series of Tweets sent by @TwitterSupport, the company explained that while it tries to balance showing you the “best” Tweets with the most recent Tweets, it “doesn’t always get this balance right” (via TechCrunch).

Following user frustration with this curated selection of Tweets -- which is sometimes mixed in with ads, Tweets your friends like, and more -- the company says it will soon provide an easily accessible way to switch between a timeline of Tweets that are most relevant for you and a timeline of the latest Tweets.

Jack Dorsey:

if you turn off timeline ranking in settings today, you’ll see all the tweets from people you follow in reverse chronological order…no “in case you missed it” or tweets the people you follow “liked”.

Jason Kottke:

What Twitter should do instead is use the same simple mechanism people already use to control their timelines: following and unfollowing. Instead of adding tabs to the interface or throwing random stuff into everyone’s timeline for the greater good, those things should be accounts you can follow. Call them Smart Accounts because they would be based on each user’s particular activity. Then users would be able to have a fully chronological timeline but also see tweets from their Smart Accounts according to their particular preferences.

Overcast 5

Marco Arment:

I’ve been getting emails almost every day from people asking where the speed controls were because they set them once and couldn’t find them again, or saying how they’d really like my app more if it offered speed controls. The only indication in the interface was three “page dots” below the scrollable area, but that wasn’t enough.

The new design maintains the same scrollable pages, but now as obvious, tactile cards. In my testing, everyone figured these out immediately.

[…]

Podcasts now display their estimated release frequency (daily, weekly, etc.) if it can be inferred.

The new interface is much better except that the new search box is always shown. I wish that it only appeared when you pull down, as it takes up a lot of space on my iPhone SE. The main feature I’d like to see in a future version of Overcast is better support for triaging within a playlist. Right now you cannot see the episode description when in bulk edit mode, and it requires a lot of taps to repeatedly view the next description and then delete.

Federico Viticci:

Once you accept the barrier (imposed by Apple, not Arment) that every Overcast action has to be a pre-assigned shortcut rather than an arbitrary search command, controlling Overcast via voice is a remarkable experience. Media shortcuts kick off background audio playback in a couple of seconds (even if the app had been previously force quit), and other actions (such as chapter navigation or recommending an episode) execute reliably. Even better though, because shortcuts in iOS 12 can appear in multiple locations, this means you can set up custom shortcuts in the Shortcuts app to control Overcast from, say, a widget or through dictation without having to trigger them with a custom Siri phrase.

The first custom shortcut I created for Overcast is a simple menu that lets you choose whether you want to skip to the previous or next chapter in the episode you’re listening to. Because menus are natively supported in the Shortcuts widget, and because Overcast’s native shortcuts run in the background, you can just swipe over to the widget view while listening and navigate chapters without opening Overcast or talking to Siri.

Jason Snell:

For me, the best new feature of Overcast is the return of Apple Watch playback. The app previously made an attempt at supporting Apple Watch, but watchOS just wasn’t advanced enough to reliably transfer and keep playing audio. Now it is.

Update (2018-09-25): See also: Accidental Tech Podcast and Under the Radar.

The iPhone XS and Its Camera

John Gruber (Hacker News):

But there is one wow factor comparing the iPhone XS to last year’s iPhone X: photography. But the reasons don’t show up in Apple’s comparison spec list (even though some of them could). I’ve focused nearly the entirety of my testing on taking photos and videos side-by-side against my 10-month old iPhone X. Overall, I’m simply blown away by the iPhone XS’s results. Sometimes the difference is subtle but noticeable; sometimes the difference is between unusable and pretty good. The iPhone XS can capture still images and video that the iPhone X cannot.

[…]

The iPhone XS has a seriously improved wide-angle camera. Just in terms of pure old-fashioned optics — light passing through a lens onto a sensor. More — perhaps too much more — on that later. But the iPhone XS has captured images for me that I’m certain can’t be explained by optics alone.

[…]

The way I understand it, Smart HDR is basically applied to all images from the iPhone XS. Sometimes more, sometimes less. If an image needs a little highlight recovery, a little Smart HDR is applied. If it needs a lot, it does more. But Photos only applies the “HDR” badge when it’s really extreme.

[…]

Apple confirmed that the iPhone XS wide-angle sensor is in fact 32 percent larger. That the pixels on the sensor are deeper, too, is what allows this sensor to gather 50 percent more light. This exemplifies why more “megapixels” are not necessarily better.

Great review. I’m not sure what to think of Smart HDR. The idea sounds great, but regular HDR sometimes messes up the image—will people occasionally get stuck with bad photos when Smart HDR does the same (since it sounds like it doesn’t save a non-HDR version)? Or is this not a problem because it’s less aggressive, and the faster processing will prevent artifacts from motion? Lastly, of course Smart HDR looks great compared with a regular photo, but how does it compare with standard HDR?

I continue to think that Portrait Mode looks weird. At first glance, the results are striking, but then you start to see areas that are sharp that should be blurry and vice-versa.

Also of note: Apple told him that the glass is more scratch-resistant than on any other smartphone.

See also: Sebastiaan de With, Nilay Patel, Rene Ritchie, Michael Zhang (MacRumors), Austin Mann, Justine Ezarik, Pete Souza, Apple’s list of reviews.

Previously: iPhone 8 and iPhone X Cameras, Scratched iPhone 8 and iPhone X Screens.

Update (2018-09-24): See also: iFixit.

Jason Snell:

Maybe the most bananas thing I’ve learned about iPhone XS is that if you shoot 4K 30fps video, it actually shoots 60fps with every other frame stepped up/down, and then stitches the frame pairs together on the fly to create extended dynamic range.

John Gruber:

As promised, here’s a selection of photos and videos taken with iPhone XS and iPhone X side-by-side. The low-light video clips are just amazing. And audio quality is remarkably better in all video.

Matt Birchler:

One of the most impressive elements of the iPhone XS is the new camera, which appears to be far more enhanced than even Apple let on when they revealed it a few weeks ago. Before I get into a strong of posts comparing the 2018 and 2017 iPhone cameras, I wanted to take a look at some iPhone XS photos on their own to judge them without compassion…at least for now.

Mike:

While it’s still a 12-megapixel sensor with an optically stabilized f/1.8 lens, Apple has bumped up the size of the sensor and the megapixels

[…]

Smart HDR will then look at these frames and decide whether they can improve a photo by adding detail. It also intelligent detects motion or faces within a shot and adapts the final result accordingly.

So, essentially, Apple’s A12 Bionic chip takes a photo and makes it look better in the very instant that you snap it. That’s a feature that even full-frame cameras can’t do, even though they might take higher-quality photos.

Update (2018-09-25): Juli Clover:

There’s a weird amount of smoothing used in the front-facing camera on iPhone XS Max. It looks dull and unnatural.

The Talk Show:

Nilay Patel returns to the show to talk about the iPhone XS and XS Max. We got so caught up talking about cameras, we never even mention headphone jacks.

Mark Spoonauer:

If you really care about battery life and you’re in the market for a new iPhone, we would opt for the iPhone XS Max over the iPhone XS. Apple’s 6.5-inch flagship lasted nearly an hour longer on a charge than its smaller, 5.8-inch sibling.

On the fence between Android and iOS? You can get considerably better endurance from Android phones, especially those with larger batteries.

Tim Hardwick:

Both of Apple’s latest flagship models failed to reach the heights of last year’s first-generation iPhone X using the same battery endurance test, which involved surfing the web continuously over a 4G data connection.

Juli Clover:

According to multiple threads on the MacRumors forums, iPhone XS and iPhone XS Max users are experiencing connectivity problems with Wi-Fi and LTE on the two new iPhones when compared to other, older Apple devices.

Update (2018-09-26): Joe Rossignol:

iPhone XS Max has the best smartphone display ever, according to display testing and calibration firm DisplayMate Technologies.

Wednesday, September 19, 2018

Safari 12

John Gruber:

My favorite new feature today, of course, is the ability to show website favicons in Safari tabs — a feature now available in Safari 12 and iOS 12. They’re off by default, but the way they work on Mac, iPad, and iPhone is just perfect.

This is great.

Ricky Mondello:

I’m going to highlight a few iCloud Keychain, Safari, and WebKit features and improvements that mean a lot to me. (Thread…)

[…]

While you’re in Safari 12’s preferences on macOS, stop by the Passwords pane, which has a new look and a feature to show you where you’re reusing passwords.

[…]

The link to change your password for a website through iCloud Keychain on iOS 12 and Safari 12 allows for web developers to help streamline the password change process.

[…]

If you’ve ever had a website insist on using a pop-up window to do something important, you’ll appreciate Safari 12’s new affordance for allowing a blocked pop-up from a website.

Dan Moren:

Firstly, Safari no longer supports extensions cryptographically signed by developers themselves. The browser also implements a new Safari App Extensions API, which doesn’t have all the features of the previous, now deprecated extension API, causing some developers to cease work on extensions.

Howard Oakley:

There is, though, a worrying anomaly in Safari 12’s handling of plugins. XProtect is the tool which determines the oldest version of vulnerable plugins such as Flash which are permitted to operate. With Apple’s six-month neglect of updating the XProtect database, macOS and Safari 12 currently tolerate six-month old versions of Flash and other vulnerable plugins.

hax (via Hacker News):

Per my testing, the bug is due to the optimization of array initializers in which all values are primitive literals. For example, () => [1, null, 'x'] will result in such an array; all returned array references from this lambda will link to the same memory address, and some method like toString() will be cached. Normally, any mutable operation on such arrays will copy the data to a separate memory space and link to it; this is called copy-on-write, or CoW for short.

The reverse() method mutates the array, so it should trigger a copy-on-write. Apparently, it no longer does so, which causes the bug you’re seeing.

Previously: Ghostery Lite, Safari Should Display Favicons in Its Tabs, Intelligent Tracking Prevention 2.0.

Update (2018-09-27): Chris Nebel:

Notice Safari launching faster in macOS #Mojave, especially if you have a HDD? You’re welcome.

[…]

1. Safari no longer loads a redundant listing of all your LocalStorage databases at launch. This could take several seconds on an HDD.

2. Safari now only spawns WebContent processes at launch for tabs that are visible. This is a big deal if you have State Restoration on and leave lots of tabs open; it saves around half a second per tab on an HDD.

Update (2018-10-03): William Tsing:

“Safari turned off extensions that slow down web browsing.” In the most literal sense, this is true.  Browsing without any extensions at all would most likely be fractionally faster. This is not why Safari turned them off, however.

“You can find newer extensions in the App Store.” This is literally true. But can you find newer versions of the specific extensions referenced? Who knows? The extensions in the screenshot at the top were most likely turned off because they did not come from the extension gallery to begin with, and only one had a new app extension available at time of writing.

Apple does not communicate any of this via the dialog box.

Apple Watch Series 4

John Gruber:

Apple Watch is a hit despite this because it’s such a great product. People love it for what it does, how it works, and for how nice it actually is. Apple Watch is thriving despite being far from the nicest watch because all of the watches that are nicer do so much less. That’s the flip side of Apple Watch’s anomalous status in Apple history. Apple’s products, especially new ones, generally do less than their competitors. Apple Watch is taking over the watch industry because it does so very, very much more than traditional watches could ever do.

[…]

That the Series 4 watch is rendered so much thinner than the Series 3 even though the stated difference in thickness is only 0.7 mm may strike you as shameless marketing exaggeration. But after wearing and looking at a Series 4 watch on my wrist all week, I’d say this illustration conveys the difference completely accurately, and far better than any side-by-side photograph could.

[…]

This makes me think it took Apple four years to get to the point where the Digital Crown and Taptic Engine in production Apple Watches feel the way they’ve wanted them to feel all along.

[…]

But the other thing I’ve found is that the older watch faces, at least the analog ones, don’t look as good on a Series 4 watch as they do on Series 0-3. The old faces look better on the old watches and the new faces look better on the new ones.

Unfortunately, it is still thicker than the Series 0 and Series 1 watches.

Previously: September 2018 Apple Event.

Update (2018-09-20): Dieter Bohn:

Here it is: my review of the Apple Watch Series 4. Spoiler: it’s super great and makes me bummed I sprung for the Series 3 last year. It’s the best smartwatch by an order of magnitude.

coolhunting:

These Apple Watch Series 4 faces are more special than Apple let on during their keynote. They’re not rendered—each face is high resolution video shot in a studio using real fire, water and vapor elements. This exclusive behind-the-scenes video shows how they were made.

New Objective-C Bridges

Ronald Oussoren:

The release of macOS 10.14 is near, it is therefore time to release a new major version of PyObjC. I’ve uploaded PyObjC to PyPI, it can be installed using “python3 -m pip install -U pyobjc”.

[…]

The main feature of this release is the addition of support for APIs introduced in macOS 10.14 (Mojave).

FMJS (Gus Mueller):

An incomplete and experimental JavaScript to C/Cocoa bridge

Swift 4.2 Released

Ted Kremenek:

Swift 4.2 is now officially released! Swift 4.2 builds on the strengths of Swift 4, delivering faster compile times, improving the debugging experience, updating the standard library, and converging on binary compatibility.

[…]

The standard library in Swift 4.2 includes a number of new features, including improvements to the Hashable protocol as well as a new unified set of randomization functions and protocols.

See more at:

JaviAir:

A year later, and Swift 4.2 shipped with a ship-stopper KVO bug still unresolved. Don’t use the Swift KVO syntax in an iOS app unless you want random crashes.

Previously: Swift 4.2.

Update (2018-09-20): John Sundell:

Instead of manually defining our font dictionary, like we do above, let’s take a look at how Swift 4.2’s CaseIterable can help us avoid bugs and make our code more consistent when defining enum-keyed dictionaries.

Soroush Khanlou:

Ideally, you’d be able to initialize the Hasher with a seed, instead of mixing it in. Swift’s Hasher uses a different seed for each launch of the application (unless you set an environment variable which they added for consistent hashing between launch, mostly for testing purposes), meaning you can’t write these values to disk. If we controlled the seed of the Hasher, then we could write these values to disk as well. As this Bloom filter currently stands, it should only be used for in-memory caches.

Renaud Lienhart:

I think this is new in the Swift 4.2 toolchain: it is now possible to declare a nested type in an extension, in a different file than the one with the parent type’s declaration. This will clean up things nicely

Update (2018-09-24): See also: Swift 4.2 Release Notes for Xcode 10.

Bruno Rocha:

You can reverse engineer the resulting binary, but it would be painfully hard to understand what the [CaseIterable] assembly means. Another option is to fork the Swift compiler and attach lldb to it, but you would need to know what to breakpoint in the first place - which I have no idea.

Luckily, the Swift compiler in your Xcode’s toolchain offers several arguments that allow you to extract human-readable files that represent “processed” versions of Swift source files, and one of these options allow you to retrieve the Abstract Syntax Tree (AST) of a file.

Apple’s Measure App and Accuracy

Kirk McElhearn:

I tried measure a number of objects, and two things were apparent. The first is that Measure is not very accurate, and the second is that the same object measured twice can return different dimensions.

Rejected for Mentioning a Pre-release macOS Version

Luc Vandal:

Apple: “Update and submit your Mac apps for Mojave TODAY!”

Me: Ok!

App Store Connect: Can’t talk about Mojave in your release notes.

[…]

How the hell do I inform my users and potential customers that Screens is ready for Mojave?

This is a longstanding policy, and my apps have been rejected for it as well, but as far as I can tell it’s an unwritten rule. The closest thing I can find in Apple’s guidelines would seem to indicate that you should mention the new OS:

2.3.12 Apps must clearly describe new features and product changes in their “What’s New” text.

rather than imply it.

Aleksandar Vacić:

While Apple’s own apps happily mention Mojave in iWork updates I installed today.

Jonathan Deutsch:

I feel they always try to pull this... most of the time they relent if challenged. It is user-hostile to reject for this reason and wastes our time as one of the top questions we get near a new OS release date is “does it run on macOS 10.x?”

Update (2018-09-24): Greg Knauss:

Apple apparently considers referencing the devices that an application is designed to run on not relevant to its functionality.

[…]

Given Apple’s ad budget, the entire observable universe is aware what the new-model iPhones are called, and there’s simply no reason not to accurately reflect that in release notes. Not doing so makes the notes worse, and at the end of that particular road is a sign that just says, “Bugs fixed.”

Max Seelemann:

Funny. Seems that if you app is being metadata-rejected for mentioning an upcoming OS release by name, you just need to wait a bit and the review will “auto”-continue.

Update (2018-10-19): Patrick Balestra:

App Review team be like

Previously: Weather Alarms Scam.

Update (2018-10-22): Peter Steinberger:

Mentioning iPhone XR in changelog gets you rejected, but mentioning a non-existing iOS version is fine?

The Rise and Demise of RSS

Sinclair Target (Hacker News):

While Netscape was trying to win eyeballs in what became known as the “portal wars,” elsewhere on the web a new phenomenon known as “weblogging” was being pioneered. One of these pioneers was Dave Winer, CEO of a company called UserLand Software, which developed early content management systems that made blogging accessible to people without deep technical fluency. Winer ran his own blog, Scripting News, which today is one of the oldest blogs on the internet. More than a year before Netscape announced My Netscape Network, on December 15th, 1997, Winer published a post announcing that the blog would now be available in XML as well as HTML.

[…]

At the root of this disagreement about namespaces was a deeper disagreement about what RSS was even for. Winer had invented his Scripting News format to syndicate the posts he wrote for his blog. Guha and Libby at Netscape had designed RSS and called it “RDF Site Summary” because in their minds it was a way of recreating a site in miniature within Netscape’s online portal. Davis, writing to the Syndication mailing list, explained his view that RSS was “originally conceived as a way of building mini sitemaps,” and that now he and others wanted to expand RSS “to encompass more types of information than simple news headlines and to cater for the new uses of RSS that have emerged over the last 12 months.”

[…]

Today, RSS is not dead. But neither is it anywhere near as popular as it once was. Lots of people have offered explanations for why RSS lost its broad appeal. Perhaps the most persuasive explanation is exactly the one offered by Gillmor in 2009. Social networks, just like RSS, provide a feed featuring all the latest news on the internet. Social networks took over from RSS because they were simply better feeds. They also provide more benefits to the companies that own them.

Brent Simmons:

In a nutshell: judging RSS itself because RSS readers are not mainstream is to miss everything that RSS does. And judging RSS readers for not being mainstream is to judge them against expectations set by some hype artists more than a decade ago — but not by me or anybody else actually doing the work.

I don’t expect to see RSS readers running on every Mac and iOS device. This does not make it a failure.

CSS That Forces iOS to Reboot

Mitchel Broussard:

The vulnerability hits the WebKit rendering engine used in Safari by applying a CSS effect -- “backdrop-filter” -- that requires enough heavy graphics processing to cause iOS to crash completely.

Tuesday, September 18, 2018

watchOS 5 Released

Alex Guyot:

This year’s watchOS 5 update, released today for all Apple Watches Series 1 and later, fills in the gaps of the watchOS audio feature set. Third-party audio apps can now run in the background, and full audio controls including volume adjustment via the Digital Crown have been made available to them. watchOS 5 also introduces the first-party Podcasts app, which supports automatic syncing of new episodes that you’re subscribed to and streaming of any show in the iTunes podcast directory.

Beyond audio, watchOS 5 also builds on the solid fitness foundation with activity competitions, expanded Workout types, automatic workout detection, and advanced running statistics. Siri has continued to receive attention as well, introducing third-party integrations to the Siri watch face and a raise-to-speak feature which truncates the inveterate “Hey Siri” prefix for the first time on any platform. A new Walkie-Talkie app marks the first return to novelty Apple Watch communication methods since Digital Touch, but this time I think Apple might have tapped into a legitimate, albeit niche use case. Top things off with improved notifications, the introduction of web content, and NFC-powered student ID cards and we have a substantial watchOS update on our hands.

Matt Birchler:

Personally, I find the enhancements to podcasts to be a game changer. I can finally, finally leave my iPhone at home when I go for a run because I can take my podcasts with me. Even more, the surprising fact that I can stream any podcast in existence over LTE just by asking Siri to play it for me is huge!

Beyond that, the Siri watch face is even better this year, and as a devout user of it already in watchOS 4, the addition of third party apps makes it the only watch face I have eyes for anymore. The updates to activity tracking makes the official Workouts app and all third party apps better, and competitions are a nice way to compete with your friends (even though I wish they would add group competitions badly). And of course, notifications are more powerful and easy to use than ever before.

Apple did nothing to address the “app honeycomb” which remains a less-than-perfect UI and the omission of third party watch face support, but overall I think they did a very nice job of making changes that needed to be made.

An Oral History of Apple’s Infinite Loop

Steven Levy (Hacker News):

For more than a year I’ve been interviewing Apple employees, past and present, about their recollections of Infinite Loop. In their own words, edited for clarity and concision, here is the story of a plot of land in Cupertino, California, that brought us the Mac revival, the iPod, iTunes, the iPhone, and the Steve Jobs legacy.

Previously: Oral History of Avie Tevanian, Mike Slade on Apple, NeXT, Microsoft, and Starwave History, Scott Forstall Discusses the iPhone’s Creation, Tony Fadell on Apple’s Pre-iPhone Devices.

Monday, September 17, 2018

iOS 12 Released

Juli Clover:

Apple today officially released iOS 12, the latest operating system designed for the iPad, iPhone, and iPod touch. iOS 12 is available on all devices able to run iOS 11, which includes the iPhone 5s and later, the iPad mini 2 and later, the iPad Air and later, and the 6th-generation iPod touch.

[…]

iOS 12 is a major update that brings several new features and upgrades to Apple’s iOS devices, along with some significant performance improvements. Apple has revamped the operating system from top to bottom to make iPhones and iPads, especially the older models, faster and more responsive.

Jared Newman:

I didn’t realize this until charting it, but the number of iOS upgrades that each iPhone gets has increased every two years since the original launch.

Federico Viticci (tweet):

iOS 12 isn’t Apple’s Snow Leopard release: its system changes and updated apps wouldn’t justify a “No New Features” slide. However, for the first time in years, it feels as if the company is happy to let its foot off the gas a little and listen to users more.

[…]

I’ve been reviewing Apple apps and iOS releases for almost a decade now; I believe Shortcuts is the most beautiful, creative piece of software the company has ever shipped. Shortcuts is a new kind of command line for iOS – a tool to visually script any app and feature of iOS – but it’s also something else entirely. More than Workflow before it, Shortcuts is a productivity playground in between the OS and apps – a place for users to create their own enhancements to iOS; a lab where every iOS user is free to experiment, chain apps together, remix actions, and tie everything back to Siri.

Rene Ritchie:

There’s a lot I’d still like to see from Apple, from small details like rotation lock for everything but photos and video, to rounding out foundational technologies with handoff for media and the ability to change default apps, to re-revolutions like a new Home screen experience and far deeper and more personal, though still private, context for Siri.

Maybe that’ll come tomorrow with iOS 13. Today, iOS 12 is the biggest sign yet that Apple is starting to think beyond multitouch interfaces by finally opening voice to all apps, and beyond current devices by pushing augmented reality so far, so fast.

Samuel Axon:

But there’s more to iOS 12 than the average user will notice. It adds or expands upon a few ways for third-party developers to make different kinds of apps or to tap into the work Apple has done on Siri, machine learning, or augmented reality to bring new capabilities to those apps. iOS 12 also adds new features to Apple’s own apps—and many of those features are driven by the company’s machine-learning efforts.

Mattt Thompson:

In celebration of this week’s release of iOS 12, we’re sharing what we found after trawling through the API diffs from iOS 11.4 to 12. (As it were, many of these are still undocumented, so proceed with caution).

Apple:

Shortcuts in iOS 12 let you get things done with your apps, with just a tap or by asking Siri. In addition to running shortcuts available on your iOS device, you can use the Shortcuts app to create custom shortcuts, simplifying everyday tasks by combining steps across multiple apps.

Foundation Release Notes (finally):

Foundation in macOS 10.14, iOS 12, watchOS 5, and tvOS 12 includes new features, API changes, and deprecations.

Update (2018-09-20): Nicholas Riley:

iOS 12: best upgrade ever. Awesome job folks. If this is the worst I see...

Rui Carmo:

The keyboard switcher (world icon) and the number toggle key (123) are swapped on the iPad, but remain in the same positions on the iPhone. Whomever decided to change this is an unqualified moron, since the inconsistency is maddening and I am constantly hitting the wrong key.

The Shortcuts app broke pretty much every single workflow I had (which I was expecting), and can’t even access third-party storage providers outside iCloud Drive.

The Curious Case of AirPower

John Gruber:

I wrote about AirPower’s absence earlier this week. What I’ve heard, third-hand but from multiple little birdies, is that AirPower really is well and truly fucked. Something about the multi-coil design getting too hot — way too hot. There are engineers who looked at AirPower’s design and said it could never work, thermally, and now those same engineers have that “told you so” smug look on their faces. Last year Apple was apparently swayed by arguments that they could figure out a way to make it not get hot. They were, clearly, wrong. I think they’ve either had to go completely back to the drawing board and start over with an entirely different design, or they’ve decided to give up and they just don’t want to say so.

Marco Arment:

The craziest part of @gruber’s AirPower report, if correct, is that they decided to announce it to the public before having a working solution to a critical engineering challenge that, if unsolvable, would be fatal to the product.

Bob Burrough:

Now that everyone’s asking “why did they announce it if it wasn’t ready?” Go back and review this thread from February of this year.

Marko Karppinen:

Adding wireless charging years after others in 2017 and simultaneously announcing AirPower feels to me like they just didn’t think Qi was good enough. Had they known AirPower wouldn’t work out… I wonder if they would’ve done wireless charging at all.

Sonny Dickson (via Benjamin Mayo, MacRumors):

We have managed to obtain several pieces of exclusive information that shed some light on what challenges Apple is currently facing with the project. According to our sources, the broad feeling of many working the project at Apple is that the device may be doomed to failure, and may not be viable at all unless significant advancements can be made.

[…]

Chatter from less notable individuals involved with the project further suggest that the AirPower concept and trademark are likely to be applied to an all new product, which will include unmentioned features, to be publicly shown at an undisclosed date “not likely to occur before Spring”.

Binyamin Goldman:

We have now confirmed with two independent sources that Apple has cancelled the AirPower wireless charger.

John Gruber:

After I published what I’ve heard, a wise and knowledgeable little birdie told me that it’s not at all uncommon for a project at Apple to have massive resets multiple times. [Cough, Titan.] What is unusual regarding AirPower is that it’s happened in the open, for the world to see. That is to say, the real mistake may not be a flawed coil design or whatever, but rather the decision to announce it when they did, before those problems were solved.

Previously: September 2018 Apple Event, AirPower Status and Removing the Lightning Port, Pre-Announcing AirPower.

Update (2018-09-19): See also: Hacker News.

Update (2018-09-20): Russell Ivanovic:

Apple: AirPower? What’s that. Never heard of it. Don’t know what you’re talking about!?

IKEA: Hold my NORDMARKE!

Update (2018-09-24): Guilherme Rambo (MacRumors):

Looking into iOS 12.1, we noticed that the component of iOS responsible for managing the charging interface that appears when using AirPower has been updated, which means that Apple is still actively working on the project.

Furthermore, a picture of the “getting started guide” that comes packaged with the iPhone XS clearly mentions AirPower. “Place iPhone with screen facing up on AirPower or a Qi-certified wireless charger,” it reads.

HomePod Now Supports Multiple Timers

Juli Clover:

The update lets you use Siri to search for your favorite songs using song lyrics, and it lets you create multiple timers. It also allows you to make and receive phone calls right from the HomePod.

The HomePod could previously be used as a speakerphone, but after the update, it will be able to be used to place and answer phone calls without the need to transfer a call from the iPhone.

HomePod will be able to ping your iPhone or any of your other Apple devices so you can find them in your Home, and it works with Siri Shortcuts, a new feature introduced in iOS 12.

Why is iOS 12 still limited to a single timer?

Previously: Multiple iOS Timers.

Update (2018-09-28): Marco Arment reports that Siri’s initial support for multiple timers is not very reliable.

Friday, September 14, 2018

Screens of the 2018 iPhones

Apple (via Greg Heo):

If your app has already adopted safe area insets, there’s not much you will need to do to update your app for iPhone XS, iPhone XS Max, and iPhone XR. Learn how to set a collection view’s section inset reference to the safe area with no code changes. Hear about an API change unique to iPhone XS Max, iPhone XR. Make sure your full-screen app is scaled correctly by using the proper number of points and the correct resolution. Defend against some common pitfalls to ensure your app provides its full feature-set to all of your customers while maintaining best practices that will save you time and effort in the future.

Geoff Hackworth:

The 6.5" iPhone XS Max is to the 5.5" plus size iPhones as the 5.8" iPhone X (and XS) is to the 4.7" iPhones: almost the same physical body size but with an edge-to-edge OLED screen using 3 pixels per point. The iPhone XS Max has the same screen width in points as the plus size iPhones but is correspondingly taller to account for the 9:19.5 aspect ratio. The iPhone XS Max has a screen size of 414×896 points (1242×2688 pixels).

The 6.1" iPhone XR is effectively a 2x version of the iPhone XS Max with the same pixel density as the iPhone 6/6s/7/8 models. The iPhone XR has a screen size of 414×896 points (828×1792 pixels).

How do the iPhone XS Max and iPhone XR display apps on their larger screens? Just like last year with the iPhone X, that depends on which version of Xcode the apps were built with.

modulusshift:

So [with the iPhone 6 Plus] they decided to triple the points instead of double them, resulting in 2208x1242 with a PPI of 461. Then they realized that the tech wasn’t really ready for a PPI that high, but they did find a supplier who was working on making 1080p screens at 5.5 inches. Since the target was 1472x828 anyway, 1920x1080 was deemed close enough to 2208x1242, so they told the phone to render all the software at 2208x1242, then scale it down a little to 1080p. We’ve been living with this kludge on all the Plus phones ever since, and it’s a major reason the 6 Plus bogged down a lot faster than the 6 did.

[…]

Apple doesn’t actually like densities higher than 326 PPI, they just keep having problems that keep it from being a good idea. None of those problems cropped up when making the XR, so 326 PPI it is. Also, the XR is a Plus phone in practically all but name, just like the XS Max, but in a cheaper way.

Previously: September 2018 Apple Event.

Update (2018-09-24): Max Seelemann:

iPhone XR’s notch is 33pt. iPhone XS’ and XS Max’s notch is 30pt. Someone help me please.

PaintCode:

We have added the new iPhone Xs, iPhone Xs Max and iPhone Xr to the guide below.

Update (2018-09-26): Philip Amour:

Apple forgot to tell us that the iPhone XS Max Home Screen icons are upscaled from 180x180px (60x60 pt) to 192x192 px (64x64 pt). Also there’s no way to provide an iOS 12 64x64 pt icon assets.

Update (2018-09-28): Erica Griffin:

“For the iPhone XS Max there is an increasing Color Shift towards Blue for Increasing Viewing Angles” Yes, Displaymate recognizes the shift too with #iphoneXSmax. There are variations within this shift that I can see with my 3 phones. Don’t quote Displaymate at me for perfection.

Brian Hawkins:

Got my iPhone XS and I’m seeing noticeable color shifts in the display as I change the angle I hold the phone. Probably a swing of 700 kelivin. Is this degree of shift normal for OLED?

Goodbye, iPhone SE

Thomas Brand:

Harry has his own explanations for why Apple might want to standardize on the high-end iPhone X platform, but I think the message from Apple’s September 12th event is clear. If you are looking for a phone with a smaller screen, a phone with a headphone jack, or or a phone that costs under $400, Apple no longer makes an iPhone for you.

Rui Carmo:

The apparent death of the SE form factor is particularly annoying to me given that I prefer small devices with just enough screen real estate for messaging, but the overarching trend to do everything on a phone has clearly driven Apple towards bigger form factors, something that I’m not keen on at all.

Nick Heer:

For a lot of people, it was a perfectly-sized device — the last one that many people could comfortably reach with their thumbs across the entire display without doing a little shimmy with their hand, and the last one with flattened sides that made it easier to hold for photos. The SE was a really good product, and it’s unfortunate that Apple has chosen to stop making it instead of releasing a successor. It’s one of the few bum notes from yesterday’s event, but it is perhaps the loudest.

Eric Schwarz:

With discounts and sale prices, the SE was going for $49 on some carriers without any sort of commitment just a few weeks ago, making it a tremendous value that still runs things quite nicely.

[…]

The interface really tends to breathe more on the larger displays and developers seem to be working on the 4.7″ models first, then scaling up or down. Because of that, nudging potential SE buyers to a 7 makes some sense, and I suspect we’ll eventually see discounts on prepaid or refurbished 7 units from time to time. I’m not denying that the extra size is a bit of an adjustment, but the market has shifted to larger phones—there aren’t many Android models, let alone good ones, that are SE-sized.

I really wish my iPhone SE had a better camera, but other than that I’m not eager to give it up. I will decide what to do after trying the iPhone XR in person. I’d also like to see whether we hear any more rumors of a potential iPhone SE 2 for 2019. Around WWDC time, it seemed like it was actually happening. But given that it didn’t ship by then, it’s not surprising that we didn’t see it in September.

A few days ago, my iPhone SE, less than 17 months old, spontaneously shut down. Prior to the shutdown, it was shown as about 95% charged, but afterwards it was down to under 10%. The Battery Health screen still shows it at 100% of Maximum Capacity.

Previously: September 2018 Apple Event, iPhone SE Tops Customer Satisfaction Survey.

Update (2018-09-20): Colin Cornaby:

Apple seems more and more like it’s becoming a volume sales company, and the death of the iPhone SE seems like another casualty. Very likely that the SE was both profitable and their worst seller. But for years, Apple was a company who’s whole business was niche products.

Devin Coldewey:

I only wanted one thing out of 2018’s iPhone event: a new iPhone SE. In failing to provide it Apple seems to have quietly put the model out to pasture — and for this I curse them eternally. Because it was the best phone the company ever made.

Clark Goble:

ATP gave theory Apple was caught unaware by SE’s success and that a small form factor will return. WSJ suggested margins are much higher on big phones and that’s the incentive. If I had my pre-middle age eyes I’d be all over small form factor.

Walt Mossberg:

I agree. I know several people, including my wife, who adore the SE size. I suspect the move to all big iPhones is dictated by Chinese and other overseas tastes. But I’m with you guys. The SE should have been retained and upgraded.

Update (2018-09-24): Jeff Grossman:

I don’t know if Apple is ever planning on making a modern replacement for iPhone SE (i.e., a smaller iPhone with a notch and no home button), but if they are going to make such a phone, I think I can do a good job predicting what it will look like because Apple is often a pretty predictable company.

Update (2019-01-28): Nick Statt:

Earlier this week, Apple began a clearance sale on the iPhone SE, its nearly three-year-old, 4-inch smartphone modeled after the iPhone 5S, at a $100 discount. It was the second round of recent sales after an initial batch sold out the previous weekend.

[…]

Well, the SE is first and foremost going to be my second phone. It will be an object with a tightly controlled experience centered on a singular notion of unplugging, as best as someone can unplug in 2019. It won’t have my work email, it won’t have Fortnite or Holedown, and it most certainly will not have Twitter.

Jeff Benjamin:

In my opinion, the iPhone 5-era design, with squared-off, instead of rounded sides, and refined chamfered edges, represents the pinnacle of Apple design for its phones.

The iPhone SE also lacks a camera bump, which became an iPhone design staple beginning with the iPhone 6. The lack of a camera bump allows for a completely smooth and cohesive back cover, lending to the device’s overall beauty.

Update (2019-04-03): David Heinemeier Hansson:

The iPhone SE arrived and the first impression is how impressive it is that Apple fit so much usable power in such a small device. If this had actually come out after the big slabs of glass, we'd be cheering their miniaturization prowess!

Ending PHP Support, and the Future of Hack

HHVM:

HHVM v3.30 will be the last release series where HHVM aims to support PHP.

[…]

We are proud of Hack, but there are still many areas where we want to make major improvements to the language; during the next 2-3 years, we will be working towards making Hack a language that builds on the best parts of its’ heritage to produce:

  • a consistent, statically typed language
  • the development speed and ease-of-use that’s traditionally associated with dynamically typed languages

Exactly what one would expect.

Security Flaw in “Nearly All” Modern PCs and Macs Exposes Encrypted Data

Zack Whittaker:

Modern computers overwrite their memory when a device is powered down to scramble the data from being read. But Segerdahl and his colleague Pasi Saarinen found a way to disable the overwriting process, making a cold boot attack possible again.

[…]

It’s no secret that if you have physical access to a computer, the chances of someone stealing your data is usually greater. That’s why so many use disk encryption — like BitLocker for Windows and FileVault for Macs — to scramble and protect data when a device is turned off.

But the researchers found that in nearly all cases they can still steal data protected by BitLocker and FileVault regardless.

However, it sounds like the newer Macs with T2 chips are not vulnerable because the key doesn’t leave the Secure Enclave.

Thursday, September 13, 2018

Apple Can Delete Purchased Movies From Your Library Without Telling You

Anders G da Silva:

Hey Apple, three movies I bought disappeared from my iTunes library.

Casey Johnston (Hacker News):

When da Silva wrote to Apple to complain about the missing movies, Apple wrote back to him that “the content provider has removed these movies from the Canadian Store. Hence, these movies are not available in the Canada iTunes Store at this time.” For his trouble in notifying Apple that it had disappeared three of his ostensible belongings for incredibly dubious legal reasons, Apple offered da Silva not even a refund, but two credits for renting a movie on the iTunes Store “priced up to $5.99 USD.”

[…]

“You may be able to redownload previously acquired Content (‘Redownload’) to your devices that are signed in with the same Apple ID (‘Associated Devices’),” says the TOS, but also, “Content may not be available for Redownload if that Content is no longer offered on our Services.” For reasons that are easy to guess, Apple has never widely advertised that, by deleting locally stored content, users are actually rolling the dice as to whether they will ever be able to get it back.

[…]

As da Silva and others have pointed out before, the “Buy” button in digital stores is, at best, mislabeled.

Because of DRM, even if you keep a local copy of the movie you won’t be able to play it when you inevitably replace your device.

The Macalope:

This guy should get his money back in full.

Ken Kandel:

Happened to me too. Got three rentals in place of 30 episodes of the original Star Trek. Taught me to download everything and keep a backup of it. It truly pissed me off,

Scott Perry:

This has happened to me with music as well. If something doesn’t live DRM-free on your own storage, you don’t actually own it.

John Archer:

I have even been contacted just today by an iTunes user who tells me that dozens of films he owns in iTunes—many of which were actually bought in iTunes—have stepped back on his Apple TV 4K to HD, having previously being available in 4K.

Rene Ritchie:

Movies appearing and disappearing in iTunes (or any service) as the studio agreements dictate has been happening for years. Totally customer hostile and studio agreements should prevent it but it’s not new.

Previously: Outlawed by Amazon DRM.

Update (2018-09-14): Bob Burrough:

The problem appears to be a mismatch between legal reality and customer expectation. Customers are broadly under the impression that if they have purchased content, they will be able to download that content indefinitely.

Problems:

  1. Legal reality is not what customers want.
  2. Apple doesn’t try very hard to communicate the actual reality.
  3. Customer not notified when content removed.
  4. Apple (and, I guess, the content provider, too) keeps the money after removing the content.

Winmaciek:

Also, even if you have a local copy, [local desktop copies] won’t be in full 4K resolution (iTunes only supports up to 1080p). So it’s not really a solution, unless you accept downgraded quality.

There’s also a similar case with purchased music. I’ve purchased The Wall (Deluxe Edition) with iTunes LP. Item has since become unavailable - I can only get songs but not LP. Apple’s solution? 5 song credits. Thankfully, I had the LP stored on my old PC.

Ashley Bischoff clarifies that iPads can cache 4K video locally, though I don’t think the cache survives restoring from backup.

Update (2018-09-20): Sean Hollister (Hacker News):

When we reached out to da Silva, he clarified the disparity: He moved to Canada, roughly nine months ago, after purchasing the films in Australia. Not only is that two separate countries, it’s two separate iTunes Store regions. Perhaps Canada doesn’t offer those films anymore, and that left him unable to access them in his new location?

The thing is, those three titles -- Cars, Cars 2 and The Grand Budapest Hotel, according to da Silva -- are still available to purchase in both Australia and Canada, CNET confirmed. He could buy new “Canada” copies right now. So why are his “Australia” copies gone?

[…]

Indeed, those movies may still be stored in da Silva’s Australian account -- but he can’t easily switch back to the Australian region to download them again.

So Apple Support was mistaken when they told him that the content provider had removed the movies.

Author:

The big takeaway here is that media licensing is a hot mess. Region locking was a big headache when DVDs were the big thing, and now we’re seeing a version of that with digital movie purchases.

Downloading a digital purchase means you have the movie and it won’t disappear from your library. If iTunes checks the license when you play it, however, you may still be locked out from watching.

Dominik Wagner:

If you switch countries of your apple account, content might disappear. So nothing new really, just something to keep in mind. As a german with both an American and a German account im intricately aware of this sadness.

Kirk McElhearn:

But Apple does remove content from the iTunes Store from time to time. They don’t do it on their own; it’s the rights holders who pull it. I’ve found several albums I had purchased in the early days of the iTunes Store are no longer available for redownload.

And this is much more common with music on Apple Music. I have a playlist of music that iTunes shows as “No Longer Available,” which currently contains 674 items. In some cases, albums have been replaced by updated versions, so I could find some of that music again. But I’ve found this to be quite frequent, even with the eclectic music I listen to.

EU Approves Controversial Copyright Directive

James Vincent:

The directive was originally rejected by MEPs in July following criticism of two key provisions: Articles 11 and 13, dubbed the “link tax” and “upload filter” by critics. However, in parliament this morning, an updated version of the directive was approved, along with amended versions of Articles 11 and 13. The final vote was 438 in favor and 226 against.

The fallout from this decision will be far-reaching, and take a long time to settle. The directive itself still faces a final vote in January 2019 (although experts say it’s unlikely it will be rejected). After that it will need to be implemented by individual EU member states, who could very well vary significantly in how they choose to interpret the directive’s text.

[…]

The legislation requires that platforms proactively work with rightsholders to stop users uploading copyrighted content. The only way to do so would be to scan all data being uploaded to sites like YouTube and Facebook. This would create an incredible burden for small platforms, and could be used as a mechanism for widespread censorship.

Via Dan Masters:

This is a shocking attack to the very nature of the internet—I’m surprised it didn’t gain as much coverage as similar US bills.

EFF:

Worst possible outcome in the European Parliament copyright vote: MEPs vote for #uploadfilters , #linktax, a narrow #TDM exception for data-mining, no #freedomofpanorama—plus a new IP right for sports organizers.

scott:

As I was saying... GDPR is the biggest backdoor ever created and the single greatest threat to data privacy. The EU made your data available to anyone that can get your password and there’s nothing you can do about it.

Previously: Europe’s New Copyright Rules.

This is legislative fantasizing at its finest: Internet platforms should get a license from all copyright holders, but if they don’t want to (or, more realistically, are unable to), then they should keep all copyrighted material off of their platforms, even as they allow all non-infringing work and exceptions. This last bit is a direct response to the “meme ban” framing: memes are OK, but the exception “should only be applied in certain special cases which do not conflict with normal exploitation of the work or other subject-matter concerned and do not unreasonably prejudice the legitimate interests of the rightholder.” That’s nearly impossible for a human to parse; expecting a scalable solution — which yes, inevitably means content filtering — is absurd. There simply is no way, especially at scale, to preemptively eliminate copyright violations without a huge number of mistakes.

The question, then, is in what direction those mistakes should run. Through what, in retrospect, are fortunate accidents of history, Internet companies are mostly shielded from liability, and need only respond to takedown notices in a reasonable amount of time. In other words, the system is biased towards false negatives: if mistakes are made, it is that content that should not be uploaded is. The Copyright Directive, though, would shift the bias towards false positive: it mistakes are made, it is that allowable content will be blocked for fear of liability.

Article 13 would make it so that every online community, platform, or service would have to implement filters for copyrighted content. Even worse, these latest proposals have gutted exceptions for artists and scientists. The Copyright Directive is headed to the European Parliament and will be voted on in either March or April.

Nick Heer:

It isn’t clear how non-automated intervention is supposed to sort through the four hundred hours of video uploaded every minute to YouTube and figure out whether the use of any identified copyrighted material constitutes a violation. Perhaps this is a stealthy way of forcing giant platforms to scale back.

Also, contrary to the New York Timesinexplicable framing, this seems like it could be a windfall for Google. As Reynolds says in an accompanying video, it’s likely Google will license YouTube’s Content ID system to third parties.

[…]

Turns out that nine representatives who intended to vote for amendments that would have removed Articles 11 and 13 from the Directive voted against those amendments by mistake. Parliament is refusing to honour their intended votes even though they messed with the voting order which caused this confusion and which would have been enough votes to change the result. Disgraceful.

Brent Simmons:

Will it still be legal to distribute an RSS reader in Europe? I honestly don’t know, but would like to know.

Josh Centers:

The European Union has passed the Copyright in the Digital Single Market Directive, with its controversial Articles 11 and 13 […]. According to the Wikimedia Foundation, Article 11 will require licenses for nearly all online uses of news content, and Article 13 will impose liability on platforms for copyright-infringing content uploaded by users unless they meet a number of stringent requirements. In a statement, YouTube said the final version was an improvement, but the Electronic Frontier Foundation is more alarmed than ever. The EU insists the rules are to protect artists, while critics say they’re a crackdown on user-generated content. Member nations have several years to write the Copyright Directive into their own laws, though they’re sure to be challenged in court.

Wednesday, September 12, 2018

September 2018 Apple Event

Apple Watch Series 4 looks like a great upgrade: larger screen, faster, less chunky. I didn’t like the previous Apple Watch hardware, but I think this is something I would actually wear. I think the hardware has finally crossed a threshold. I’m impressed by so many of the details, but I just can’t figure out what I would use it for. The base model costs more than the iPhone SE did.

Names aside, the new iPhones look good. I’m very excited about Smart HDR and the speed of the A12. I want to see how changing the depth of field works for those of us who use Image Capture. I don’t want to have to review all my photos on device, nor use Photos.

I think the iPhone X’s OLED display is overrated and want a thicker phone to hold, so I find the iPhone XR very interesting. It’s quite a bit wider and taller than the iPhone X, so I’m not sure yet how it will feel in the hand and pocket. I don’t quite what Haptic Touch is, but with cursor functionality coming to the keyboard I don’t think I would miss 3D Touch. I’m not sure it has much of a future, anyway.

The pricing of the iPhone XR is not as aggressive as I’d hoped, but I think it will be very successful. It’s not going to be like the iPhone 5c or even the iPhone 8. I don’t think most customers will care about the lower-resolution LCD display, and it may actually be easier to read than the iPhone X’s because it’s larger. Almost all the other specs are uncompromised.

I like the idea of colors but am not crazy about these particular ones except perhaps the red. I wish they were darker and more saturated. I would prefer a screen that scratches less since I’ve never broken any of mine.

I’m sorry to see the iPhone SE go and have little hope that Apple will make another small phone. AirPower’s status remains a mystery.

Update (2018-09-13): Andre Plaut:

If you, like me, are struggling to figure out the differences in Apple Watch Series 4 sizes, hopefully this helps.

Kate Matthews:

This year’s quick iPhone comparison sketch

John Gruber:

AirPower must be well and truly fucked. No one at Apple will say a word about it, even off the record. And as a result they didn’t even mention inductive charging during the event, even though the XS and XR both charge faster than the X.

Steve Troughton-Smith:

Apple’s intro video yesterday showcased the second-generation AirPods with ‘Hey Siri’, but they weren’t announced as a product; must be coming in hot? AirPods are personal and wearable, so fit this event’s theme perfectly

Edward Sanchez:

This is about the route that girl took on the intro video. She must be new at Apple Park - I probably took similar routes in my first week here.

Ryan Jones:

This is some Samsung bullshit, comparing the battery life to different phones. (red arrows)🙄

Ben Thompson (Hacker News):

Second, the iPhone XR is big — bigger than the XS (and smaller than the XS Max, and yes, that is its real name). This matters less for 2018 and more for 2020 and beyond: presuming Apple follows its trickle-down strategy for serving more price-sensitive markets, that means in two years its lowest-end offering will not be a small phone that the vast majority of the market rejected years ago, particularly customers for whom their phone is their only computing device, but one that is far more attractive and useful for far more people.

Third, that 2020 iPhone XR is going to be remarkably well-specced. Indeed, probably the biggest surprise from these announcements (well, other than the name “XS Max”) is just how good of a smartphone the XR is.

[…]

To put it another way, to the extent the XR cannibalizes the XS, it cannibalizes them with an average selling price equal to Apple’s top-of-the-line iPhone from two years ago; the iPhone 8 is $50 higher than the former $550 price point as well.

Nick Heer:

For a start, it’s confusing: there are maybe eight people on Earth who can adequately articulate the differences between Haptic Touch, 3D Touch, and Force Touch, which is still what Apple calls the display on the Apple Watch. In the keynote presentation, Phil Schiller compared it to the trackpad in the MacBook Pro, but that’s marketed as a Force Touch thing. I might be an idiot, but this is unfathomable.

Second, it’s conceptually muddy. There seemed to be specific rules Apple was adhering to with their use of 3D Touch on past iPhones — it opens app menus on the home screen, for instance, or allows you to preview something in a list before opening it. But this indicates that there’s either no difference between a long press and a Force/3D/Haptic Touch press, or there’s no consistency in Apple’s application of it. If Apple doesn’t know what the standards should be, users can’t even begin to understand what they should be doing. I like 3D Touch a lot, but if Apple continues to be confused by their own technology after it has been on the market for three years, I don’t think they should keep it around.

[…]

There’s always a catch — in this case, there are three. This iPhone lineup no longer includes the headphone jack adaptor; all iPhones still come with a five-watt charger; and all iPhones still ship with only a USB-A cable instead of a USB-C cable. I don’t get it.

ᴺᴼᵀ Jony Ive:

It Just Works.™

Michael Love:

Apple prices 5W and 12W adapters the same on their store. This isn’t being cheap, it’s giving users (most of whom charge overnight) something small and sleek to go with their small and sleek new phone.

Owen Williams:

Wait so the dual-SIM iPhones launch without software support for it.... and some vague restrictions in place? Oh hell no.

Chris Espinosa:

For copy and pasting, it’s the iPhone X 🅂 and X 🅂 MAX

Steve Troughton-Smith:

The real winner this year is gonna be iPhone’s ASP The flagship iPhone line now is entirely above $999, and there’s only one consumer model, at 6.1". Will there ever be an SE 2 with the X-style design and Face ID? I do hope so

Horace Dediu:

New iPhone price graph. (The stairway to heaven.) Use this to estimate where ASP is going.

Mitchel Broussard:

Commenting on this price range in an interview with Nikkei today, Apple CEO Tim Cook said, “We want to serve everyone.”

Ruffin Bailey:

I think we add one more point to this list…

  • Apple was surprised by SE sales, and wishes they’d charged more.

What needs to happen to charge more for a cheaper version of the same internals? Well, first, you can’t pitch it as a spiritual remake of a four year-old design. You have to pitch it as a new phone.

Joachim:

PSA: Apple removing the iPhone SE from sale does not mean you can stop designing for its resolution soon. Non-Plus iPhones can be used in zoomed mode, which means they’ll have the same logical resolution as an SE.

And you’ll have to support the iPhone 8 for about a half-decade

zeynep tufekci:

“Welcome to the big screens” says Apple and women like me with small hands who need the most secure phone for safety reasons are stuck with something they can’t hold and constantly risk dropping. Company that designs $5 billion headquarters without a childcare center for the win.

Matt Birchler:

As I’ve done in 2016 and 2017, I have collected all of the rumors from MacRumors’ main feed in 2018 about the new iPhone lineup and have judged them based on how accurate they ended up being.

Nick Lockwood:

This is what, the 3rd (4th?) consecutive keynote in which Apple has shown us a generic shooty ARKit game on a table that would clearly work much better without ARKit or the table? Stop trying to make AR games happen .

Nick Lockwood:

Interesting... It looks like the iPhone XR has the same virtual resolution (414x896@2x) as the XS Max (414x896@3x) even though the physical size and resolution are lower.

(For comparison, the iPhone X/XS has 375x812@3x, which is more pixels but less usable real-estate).

That means the XR counts as a “plus” size device (that means it supports split view in Mail, etc) even though it’s not much larger physically than the iPhone X/XS.

Michael Love:

First few GeekBench reports for the iPhone XS/XR seem to be up. Looks like roughly a 10% single-core and 6% multi-core increase over the 8/X.

[…]

I expect the AI/Graphics speed bumps to be much more impactful, but it seems like for general-purpose computing, phones are going to max out at about the same plateau as PCs.

[…]

But certainly CPU-benchmark-wise this is the least impressive ‘s’ update ever; the 3gs (not-just-a-DVD-player-chip), 4s (dual-core), 5s (64-bit) and 6s (> 50% faster) all offered enough extra performance to justify an upgrade on that basis alone for heavy users at least.

See also:

Update (2018-09-14): Chuck Reynolds:

I’m not saying this was on purpose... but the image they chose for the screens is positioned so eloquently so that it just hides the ‘notch’ on the good phones but shows it on the lower-priced model... coincidence?

Harry McCracken:

Apple, I have a question:

Is it iPhone XS or Xs?

Ben Bajarin:

This [iPhone pricing] is achievable because for many this their primary computer. People used to pay $800-1500 for a computer/PC because they saw the value.

Smartphones are arguably more valuable than laptops for the masses.

Update (2018-09-20): See also:

Ben Bajarin:

Continuing my thread of subscribing to iCloud and saving money on higher memory iPhones.. I did the math on my girls and wife needing a new phone this year.

Subscribing to the $120 2TB iCloud service will save us $600 in hardware costs. Minus $120 is $480 in total savings.

h:

“3D Touch is only useful because Apple made certain features hard to use without it.”

— the clearest way i’ve ever heard it explained, and it came from not-a-tech-nerd

Joe Rossignol:

iPhone names solved!

I’ve received official confirmation that it is iPhone XS / iPhone XS Max / iPhone XR, capitalized, unless Small Caps are available, in which case it is iPhone Xs / iPhone Xs Max / iPhone Xʀ.

Apple even updated its iOS 12 press release with caps XS and XR.

Update (2018-09-26): Ken Segall:

So whew, yes, I’m elated with this rebirth of the iPhone product line. But Apple’s return to sanity is not complete. Inexplicably, the company continues to struggle with four naming problems of its own making.

Feedbin Private by Default

Ben Ubois:

Feedbin previously whitelisted a number of iFrame sources like YouTube and Vimeo so you could see embedded content. iFrames embed full web-pages from a 3rd-party source. They’re usually resource intensive to load and they enable cross-site tracking.

Feedbin now replaces all iFrames with a custom new module. The new module still includes the poster frame from videos (where available) and will fetch the title and other metadata.

[…]

I thought about replacing Google Analytics with Matomo, but I came to the same conclusion that it didn’t provide anything I need in order to run Feedbin. Better to not collect that data at all.

[…]

However there is an alternative. Both Twitter and Instagram offer public oEmbed endpoints. oEmbed can give you much of the data needed to properly render this content. Feedbin takes this a step further by making the oEmbed requests from the server. If your browser made the requests client-side, this would give the publishers the opportunity to read and set tracking cookies. The end result is that you see pretty much the same content as you did before.

Writing Hexadecimal Numbers

Pamela Fox:

TIL: we didn’t always use “A-F” to represent 10-15 in hexadecimal numbers.

Update (2018-09-14): Pamela Fox:

What are some interesting uses of hexadecimal numbers that you’ve run into? (I’m making content on hexadecimal right now, looking for inspiration)

Backup on Connect, launchd, and ThrottleInterval

Dave Nanian (tweet):

But that wasn’t the problem. The problem is what the man page isn’t saying, but is implied in the last part: “jobs should linger around just in case they are needed again” is the key.

Basically, the job must run for at least as long as the ThrottleInterval is set to (default = 10 seconds). If it doesn’t run for that long, it respawns the job, adjusted by a certain amount of time, even when the condition isn’t triggered again.

So, in our case, we’d do our thing quickly and quit. But we didn’t run for the minimum amount of time, and that caused the logging. launchd would then respawn us. We wouldn’t have anything to do, so we’d quit quickly again, repeating the cycle.

Tuesday, September 11, 2018

Apple Video Recommends App Subscriptions

Apple (via Apple Developer News):

The developers behind Elevate, Dropbox, Calm, and Bumble share how they create great customer experiences by continuing to provide value throughout the subscription lifecycle.

Juli Clover:

“The value for a user is that you’re not just buying this one thing at this one point in time, you’re actually buying something that’s evolving,” said Elevate developer Jesse Germinario.

“If you’re a subscription business, your incentives are actually perfectly aligned with your customers, because they need to continue to get value out of the product in order to keep subscribing, which means that you have to continue making the app better,” said Calm developer Tyler Sheaffer.

Ben Lovejoy (tweet):

The appeal for developers is obvious: subscriptions generate the holy grail of tech businesses, recurring income. But users appear less convinced.

Mark Munz:

Apple wants developers to move to subscriptions. Three problems that I see right away:

1) implementation of subscriptions is A LOT OF WORK… esp. for indie developers.

2) based on feedback, most customers DON’T want it

3) it doesn’t make sense for all kinds of apps.

Colin Cornaby:

I think the thing people underestimate about subscription apps is the significantly higher hurdle they create for getting them purchased in a corporate environment.

There’s this weird disparity where subscription software that every last person in the org needs (like Office) is easy. Software that only a few people need? A nightmare.

I don’t think subscriptions are a good fit for all apps. But since subscriptions are the only sustainable business model that the App Store offers, why make them so difficult to adopt? Even putting the substantial implementation work aside, it’s a big risk because Apple doesn’t let customers keep what they’ve already bought:

Previously: 2 Years of App Subscriptions 2.0, IAPKit.

Update (2018-09-13): Damien Petrilli:

The way Apple is trying to push subscription feels exactly like their design: dismissing user feedbacks.

Users are against it but whatever, they don’t know what they want.

Luc Vandal:

Really don’t know what to think about subscriptions. I find them more appealing as we see some developers having some success with them but still not convinced it’s the answer for all apps.

mikeymikey:

Unless your paid product has zero ads and couldn’t possibly work without an online backend (not for ever dynamic interface changes but literally to exchange content with other users or to pull/push content from my phone) - I do not want this.

Ryan Jones:

“Only iPhone.”

Most apps are free."

Nice.

Compiling and Exporting iOS Review Chapters With Drafts

Federico Viticci (tweet):

At the same time, I also wanted to simplify my process so that I wouldn’t end up writing my review in an app and editing it in another. For the past few years, I’ve experimented with Scrivener and Ulysses for this, but neither of them is well suited for the unique mix of longform writing and heavy Markdown automation I’m looking for. Drafts 5 felt like the spiritual successor to Editorial that I could fully script and customize to my needs. So for the past three months, I’ve been writing and editing my upcoming iOS 12 review entirely in Drafts.

[…]

One function of the Draft object in Drafts 5 is the ability to retrieve an array of drafts by querying the app for items that match a specific search string, filter, or tag (or combination of all three). Essentially, this allows you to search Drafts 5 for items that match specific conditions; items can then be iterated upon in JavaScript for additional manipulation. My action involves querying Drafts 5 with a tag filter, which returns an array of drafts that can be read in a repeat loop and appended (one after the other) to a new variable, which then becomes the .md file to share with other apps.

[…]

Finally, because iOS doesn’t have a way to save data directly into another app’s container, saving the .md file to a GitHub repository in Working Copy is done via the share sheet.

Previously: Drafts 5.

Amazon Is Stuffing Its Search Results Pages With Ads

Rani Molla (via John Gruber):

Amazon-sponsored product ads have been around since 2012. But lately, as the company has invested in growing its advertising business, they’ve become more aggressive.

See, for example, our search below for “cereal.”

The first three results, which take up the whole screen above the fold — everything visible before you scroll — are sponsored placements that appear as search results: Ads for Kellogg’s Special K, Quaker Life and Cap’n Crunch. (It’s similarly dramatic on mobile, where it takes up the entire first screen.) This is followed by a section featuring Amazon’s own brand, 365 Everyday Value, which was part of its Whole Foods acquisition.

[…]

Nearly 8 percent of views on Amazon product pages came from sponsored links in May, more than double what it was a year earlier, according to data from analytics firm Jumpshot, which collects URL data from a panel of 100 million people.

Molla’s example doesn’t show any ads on Walmart’s site, but Walmart does indeed show sponsored products when you search. Instead of all appearing at the top, they are mixed in with the other results.

Previously: Early App Store Search Ads Fail.

The Way Out

Manton Reece:

We should be careful before copying everything from Twitter. I don’t want to take features that failed us and recreate them in a new environment. Micro.blog leaves out features on purpose that we think undermine a healthy community.

[…]

Proprietary APIs reinforce the lock-in with content silos. This is why so much of Micro.blog is based on IndieWeb standards. It’s why Mastodon uses APIs like ActivityPub.

[…]

Some problems are inevitable when power is concentrated in only 2-3 huge social networks — ad-based businesses at odds with user needs and an overwhelming curation challenge.

Previously: Mastodon, The Struggle for Twitter Alternatives, IndieWeb Generation 4 and Hosted Domains.

Monday, September 10, 2018

Mojave’s New Security and Privacy Protections Face Usability Challenges

Rich Mogull:

Apple has been inching down this path of protected files in macOS since it introduced Gatekeeper and sandboxing. With each release, Apple has tightened the sandboxing screws to limit the traditionally near-unfettered access of apps.

[…]

You might be thinking that there’s quite a bit more that deserves protection, and you’d be right. In fact, Mojave extends protection to data in Mail, Messages, Safari, Home, Time Machine, and certain administrative settings, but without the granular notifications of the data types we’ve been discussing. Apps can request access to data in Mail or Messages or Safari too, and they’ll appear in the Full Disk Access list in the Privacy pane of the Security & Privacy preference pane.

I don’t think there is actually a way for apps to programmatically request Full Disk Access.

Apple needs to improve Mojave to provide both developers and users with clear alerts that avoid the pitfalls that crippled so many similar attempts in the past. There’s a reason any mention of Windows Vista still sends shudders down the spine of anyone who worked a help desk during those perilous times. And the company needs to improve the current situation for anyone who creates AppleScript-based apps to make sure such apps don’t prompt constantly for access.

Luc Vandal:

Well this is going to be fun in a couple of weeks!

See also: xkcd.

Previously: AEDeterminePermissionToAutomateTarget Added, But AEpocalyse Still Looms, Apple Events Usage Description, Call Recorder for FaceTime Won’t Be Compatible With Mojave, Ghostery Lite, Little Flocker.

Update (2018-09-11): Christopher P. Atlan:

Even with full disc access apps can’t access rootless_mkdir folders (a.k.a DataVaults). So a backup app can’t make a perfect replica.

Update (2018-09-13): Howard Oakley:

Important lessons for Mojave early adopters are:

  • Mojave’s privacy protection extends to some folders beyond your Mojave startup disk; these aren’t currently documented, but include /Library/Applications Support/com.apple.TCC.
  • When you think an app needs to be given Full Disk Access, it may actually be a helper tool which must be added to the Privacy settings, not the app itself. This appears to be a special case to the rule that command tools are traced through their Attribution Chain to the ‘parent’ app which called them in the first place: in this case, adding the C3 app to Full Disk Access doesn’t give its command tool helper com.bombich.ccchelper full disk access. This may be because it is run as a Launch Service, but none of this is documented.
  • Third party apps which use helper tools, as C3 does, need to be provided with a mechanism similar to that in C3 to guide the user through the process of adding their helper tools to the Full Disk Access list, when required. As far as we know at present, that cannot be performed by the app, but requires the user to make that addition. Users can add command tools to the Full Disk Access list, but need to be helped to do so.

Update (2018-09-19): Mike Bombich:

If you would prefer a simple “CCC is trying to access your data, would you like to allow that? Allow/Deny” dialog – hey, so would we! I spoke with members of Apple’s Privacy Team at Apple’s developer conference in June, and I suggested offering such a dialog for notarized applications – apps that Apple has deemed to be free of malware. They were adamant that users should not get a simple dialog; they want it to be hard for you. If you’re feeling Mo’hassled by Mo’jave, let Apple know that you’d like a simpler UI for granting full disk access to notarized apps.

Update (2018-09-24): Patrick Wardle:

Mojave’s ‘dark mode’ is gorgeous ...but its promises about improved privacy protections? kinda #FakeNews

Update (2018-09-26): Dave Nanian:

Looks like our little Finder Extension, built with Automator, doesn’t work under Mojave.

It also doesn’t prompt for authorization. Because AEApocalypse.

Automator actions run from Services menu don’t prompt for AppleEvents - bug 44799942 - sigh.

Update (2018-10-03): Howard Oakley:

A few who have upgrade to Mojave are finding apps which either don’t display the expected consent dialogs, or display them once and never again, so preventing them from giving that app access to protected data or services. Here’s what to do if you are having problems.

Ettore Software:

6: Over on the right, locate TypeIt4Me in the list of apps that are allowed to control your computer

7: Untick the checkbox next to TypeIt4Me, then tick it again and close System Preferences

Shane Stanley:

Nonetheless, there has been no formal direct announcement, so this will come as a shock — and pain point — for some users. If you use third-party additions, you will need to start looking elsewhere for equivalent functionality. Either AppleScriptObjC or some of the publicly available script libraries offer similar abilities to some of the commonly used commands, and it’s possible some addition authors will offer equivalent or similar functionality in faceless background applications or script libraries.

Update (2018-10-05): Daniel Jalkut:

As an alternative, I wonder if Apple could introduce some kind of “Security Profiles” feature for Terminal so that individual windows within the app could be run when different permissions? This could build on Terminal’s existing support for “Profiles” which already support varying Terminal settings dramatically on a per-window basis.

Howard Oakley:

If you’re suffering problems with TCC, in particular when you have an app which should be generating a consent dialog but doesn’t, as well as checking that app’s entitlements and usage strings using Taccy, try inspecting the log with the single predicate 'subsystem == "com.apple.TCC"' and looking for an exchange involving that app’s ID. It is easy to do that in Consolation 3, as you can make the app’s ID a filter, rather than part of the predicate. Once you have located the relevant log entries, remove that filter and browse all the messages from TCC around that time.

If you’re struggling to work out what to add to your Full Disk Access list to get a command to work, then you should be successful when you add the item listed in the ACC field of the Attribution Chain shown by TCC.

Update (2019-01-04): John Martellaro:

What I had the most fun with was the more thorough app authorization required in Mojave. My first encounter was the most striking and annoying.

[…]

I mention this procedure because I am sure that, back in September, there was a lot of literature about Mojave’s additional app authorizations. But if you wait, as I did, the articles explaining it all fall off one’s radar. This is one reason to, nowadays, upgrade ::cough:: soon after the rest of the community does, even on a production Mac.

Update (2019-09-18): Craig Hockenberry:

This is the key: my backup script has been failing silently with “operation not permitted” for who knows how long — only today did I discover it — and that my backups were incomplete.

[…]

From the dev forums they previously said they don’t plan on changing the behavior. Nor is there an easy way for a program to tell if they have Full Disk Access or not. We fell back on querying the contents of a directory we know should exist and if that fails prompt for FDA.

“git log --follow” Enthusiastically Tracks Empty Files

Mark Dominus:

This bug I just found in git log --follow is impressively massive. Until I worked out what was going on I was really perplexed, and even considered that my repository might have become corrupted.

[…]

It appears that Git, having detected that book/Watchmen.blog was moved to movie/Watchmen.blog in Febraury 2012, is now following book/Watchmen.blog backward in time. It sees that in January 2012 the file was modified, and was formerly empty, and after that it sees that in June 2009 the empty file was created. At that time there was another empty file, wikipedia/mega.notyet. And git-log decides that the empty file book/Watchmen.blog was copied from the other empty file.

At this point it has gone completely off the rails, because it is now following the unrelated empty file wikipedia/mega.notyet. It then makes more mistakes of the same type.

Update (2018-09-14): Mark Dominus:

The roadblock is: how does --rename-empty fit together with my proposed --rename-size-threshhold flag? Should they be the same thing? Or should they be separate options? There appear to be at least three subsystems in Git that try to decide if two similar or identical files (which might have different names, or the same name in different directories) are “the same file” for various purposes. Do we want to control the behavior of these subsystems separately or in unison?

Friday, September 7, 2018

Call Recorder for FaceTime Won’t Be Compatible With Mojave

Chance Miller (tweet):

In an email to users this evening, Ecamm said that with macOS 10.14 Mojave, Apple has tightened the overall security of the operating system and FaceTime, rendering its Call Recorder for FaceTime software incompatible. Thus, the application will not be compatible with macOS 10.14 Mojave at launch[…] As for the future, Ecamm says it will “continue to assess the feasibility” of brining its Call Recorder software to Mojave, but that it currently has “no plans for a compatible version or for creating a replacement.”

I’m so glad that Apple is eliminating useful apps, nerfing others, and adding friction instead of acting on the actual malware at the top of its charts.

Update (2018-09-08): Greg Hurrell:

1/ Apple is nerfing a bunch of 3rd-party shit. Don’t think it will affect me, yet, but only because I have been very conservative with what I install for many years now (in the interests of not breaking shit), but am waiting for the time they kill something I can’t live without

2/ Once both the software and the hardware have gone south, there really won’t be anything keeping me in the Apple camp any longer. 😟

Ghostery Lite

Ghostery:

Extensions like Ghostery 5 that use an older (deprecated) API build will be disabled as soon as you upgrade to Mojave. We highly recommend that you give Ghostery Lite a try as we’ve designed it to work exclusively with the new Mojave changes. If for whatever reason you’d like to stick with Ghostery 5, here are the steps to reenable it after you upgrade to Mojave.

Update (2018-10-31): It’s now available.

Apple and Google Face Growing Revolt Over App Store “Tax”

Mark Bergen and Christopher Palmeri (Hacker News):

Netflix Inc. and video game makers Epic Games Inc. and Valve Corp. are among companies that have recently tried to bypass the app stores or complained about the cost of the tolls Apple and Google charge.

[…]

On Tuesday, video streaming company Netflix said it’s testing a way to bypass Apple in-app subscriptions by sending users to its own website. Currently, Netflix users on iPads and iPhones can subscribe via the App Store’s in-app-purchasing system. This makes subscribing simpler, but also gives Apple a 15 percent cut of those subscriptions. And as of May, Google Play billing for Netflix was unavailable to new or rejoining customers, according to Netflix’s website.

On iPhones in the U.S., Netflix was the No. 1 entertainment app by consumer spend and the most downloaded entertainment app on the Google Play store over the last 90 days, according to App Annie, which tracks the industry.

More recently, Epic Games, the maker of hit video game Fortnite, opted to ditch Google’s app store.

Dan Masters:

A more honest description:

“App Store subscribers comprise a large chunk of the Netflix subscriber base.

Therefore, Netflix is attempting to find a way to retain the otherwise-unsustainable $10 price point, without resorting to the recently tested advertising.”

cptaj:

I worked on an app that is in the same category as Netflix. A week before launch, Apple chose to reject us in spite of months of meetings and reviews with their app teams and assurances we were in-bounds since we were working with them for launch featuring.

It came down to the fact we required an email address and password for IAP so you could bring your subscription to the web or other platforms. While everyone else in the category did this, they decided that policy was going to change and we were just going to be the first people to deal with it. Since having an email-based account was core to the architecture and the UX, I went through a week of refactor hell to make emails/passwords optional to meet our launch date.

Since other apps still get to do this, it’s clear the policy change message was BS. I’ve suspected a lot has had to do with Apple’s ambitions in the streaming space and their desire to be in a position to offer bundling and other over the top services. They’re already trying to control the UX with the TV app and are offering companies better rev share rates to do the integration work.

It seems like Netflix is daring Apple to pull them from the store. If that’s what’s happening then I applaud them. I understand that Apple may think they’re protecting the consumer by creating a walled garden, but as a developer whose livelihood is tied to their decisions, I’m tired of being jerked around.

Previously: That 30% App Store Tax, 2 Years of App Subscriptions 2.0, App Store Subscriptions And You, Valve’s Steam Link App Rejected From the App Store.

Update (2018-09-08): See also: Merge Conflict.

Update (2018-12-31): Dan Gallagher:

Epic Games, the developer of the Battle Royale-style shooter game, is capitalizing on that popularity by launching its own app store. The company’s founder and CEO, Tim Sweeney, has long been critical of the app store business models propagated by Apple and Google, believing both companies take too large of a cut from app sales relative to the costs involved in running the stores.

Epic’s solution is to allow developers to keep 88% of the revenue their apps generate compared to the standard 70% allowed by Apple and Google. The first version of Epic’s store went live earlier this month for games designed for the PC and Mac and it has already had an impact on that end of the market.

A Deceitful “Doctor” in the Mac App Store

Nicole Nguyen (Hacker News, MacRumors, 9to5Mac, Wired, Techmeme):

Apple has removed a top Mac app called Adware Doctor, designed to “prevent malware and malicious files from infecting your Mac,” which, according to security researchers Patrick Wardle and Privacy 1st, was collecting users’ browsing history without their consent, violating Apple’s policies.

[…]

Adware Doctor, which costs $5, was the top paid app in the “Utilities” category, and the fifth top paid app overall, before it was removed Friday. The app appears to violate the App Store’s “Data Collection and Storage” guidelines, which prohibit developers from “surreptitiously discovering private data” or collecting data without consent. It is unclear whether customers who purchased the app will receive a refund.

Patrick Wardle (tweet):

Finally, the stellar reviews are bestowed upon Adware Doctor (and other applications by the same developer), are likely fake, as the application is specifically discussed in the insightful post, “Mac AppStore apps with fake reviews”.

[…]

By editing the system’s /etc/hosts file we can redirect this request to a server we control can capture what Adware Doctor is trying to upload. And what do you think that might be? If you guessed the history.zip file you would be correct!

[…]

When Adware Doctor is executed for the first time, it requests access to the user’s home directory (~) and all files and directories underneath it as well[…]

[…]

Apple also claims that “if there’s ever a problem with an app, Apple can quickly remove it from the store”. Maybe the key word here is “can”.

A full month ago, we reported our findings to Apple, which they acknowledged, and promised to investigate[…]…since then, crickets!

I’m not sure Wardle is correct that sandboxed apps are not supposed to be able to enumerate the running processes.

Update (2018-09-07): Thomas Reed (tweet):

There is a concerning trend lately in the Mac App Store. Several security researchers have independently found different apps that are collecting sensitive user data and uploading it to servers controlled by the developer. (This is referred to as exfiltrating the data.) Some of this data is actually being sent to Chinese servers, which may not be subject to the same stringent requirements around storage and protection of personally identifiable information like organizations based in the US or EU.

Jeff Johnson confirms that [[NSWorkspace sharedWorkspace] runningApplications] works in the sandbox.

Patrick Wardle:

Stoked that Apple has:

  • now removed the app (& dev’s others apps)
  • is adding extra sandboxing protection on “privacy-sensitive content like Safari history” in Mojave

Update (2018-09-08): John Gruber (tweet):

We can’t expect the app review process to flag every bad actor, but I do think we should expect Apple to take action when a bad actor is found.

Third, why wasn’t this developer “Yongming Zhang” flagged years ago? Adware Doctor started out named “Adware Medic”, the same name as a legitimate successful app from Malwarebytes[…]

[…]

Even if Apple isn’t willing to commit the human resources to tackle review fraud across the entire App Store — a Sisyphean task at this point, to be sure — they surely ought to tackle it for popular apps, and Adware Doctor was very popular. This app’s success, sketchy description, and the developer’s history of bad behavior should have set off alarm bells inside Apple.

[…]

Lastly, what’s going on with all the copies of the app that have already been bought and installed? Do existing copies still run? Isn’t this exactly the sort of scenario where Apple should use the kill switch to remotely disable installed copies of the app?

Privacy 1st:

What is sad is that it was reported by me on 12th of August and Apple didn’t even care... Attached are email screenshots

Malcolm Owen:

A second app, Open Any Files, takes over a system’s ability to handle documents that are not associated with an existing app, using the opportunity to advertise other apps that supposedly could open files. Aside from the extra affiliate-based behavior, the app was also found to have similar characteristics to Adware Doctor, in acquiring the browsing and search history of Safari, Chrome, and Firefox, as well as the App Store.

While the app was reported to Apple in December 2017, it is still available to download from the Mac App Store.

Howard Oakley:

For the first time since its introduction, Apple has left XProtect without any updates for over five months; that’s more than 150 days. The last XProtect update was version 2099 pushed on 13 March 2018, when many of us were struggling through snow and ice instead of the current heat and drought.

Stephen Silver (Hacker News, TechCrunch, MacRumors):

According to a new report from GuardianApp, “a growing number of iOS apps have been used to covertly collect precise location histories from tens of millions of mobile devices, using packaged code provided by data monetization firms. In many cases, the packaged tracking code may run at all times, constantly sending user GPS coordinates and other information.”

Howard Oakley:

Having written quite a lot recently about Mojave’s new privacy protection, I have tended to gloss over the differences between privacy and security, why we need effective controls over both, and how those controls are so different. This article tries to explain using hypothetical examples as illustrations.

Update (2018-09-11): Howard Oakley (tweet):

I am stunned that Apple, a company which rightly refuses to sell cheap adaptor cables in its stores because it considers that we should only use high quality approved accessories, is continuing to sell (or give away, in some cases) four products which security researchers have demonstrated break Apple’s own rules, and grossly abuse the user’s privacy.

[…]

Can the App Store survive in its present form? Haven’t users finally lost faith in its bland assurance that its apps are screened and checked by Apple, and are ‘safe’ for us to use? When Apple has ignored the evidence of well-known security experts and failed to take action over these apps, how many others in the store might prove similarly malicious?

[…]

As of 0730 10 September 2018, Apple has finally removed the apps named above from its UK App Store, and apparently from its other App Stores too. However, there are still a lot of apps which need to be more thoroughly investigated as to their efficacy and legitimacy: search on adware for example to see a lot which make bold claims that would appear to be impossible under App Store rules.

Tom Reeve:

Dr Cleaner was reportedly removed from the Apple App Store on Friday and Dr Antivirus, also owned by Trend, was reportedly removed this morning.

Privacy 1st:

Update: Apple removed most of the TrendMicro apps including the fake developer account they had to promote the Open Any Files, which was reported as malware by @thomasareed from @Malwarebytes . Kudos to @Apple for fast action.

Thomas Reed:

Be suspicious of every single antivirus on the App Store. Even the legit ones are junk because of the limitations that will prevent them from detecting all threats.

Trend Micro:

Reports that Trend Micro is “stealing user data” and sending them to an unidentified server in China are absolutely false.

Trend Micro has completed an initial investigation of a privacy concern related to some of its MacOS consumer products. The results confirm that Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder collected and uploaded a small snapshot of the browser history on a one-time basis, covering the 24 hours prior to installation. This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service). The data collected was explicitly identified to the customer in the data collection policy and is highlighted to the user during the install. The browser history data was uploaded to a U.S.-based server hosted by AWS and managed/controlled by Trend Micro.

Thomas Reed:

It’s hard to verify after the apps were removed, but I explicitly looked for in-app data collection notification and did not find any.

Howard Oakley:

Unlike another app which stole private data, Adware Doctor, which has also been taken down from the App Store, these three aren’t from a near-anonymous developer, but a multi-national corporation specialising in ‘cybersecurity’.

Trend Micro Inc. is a public-quoted corporation (KK) headquartered in Tokyo, founded nearly thirty years ago, with almost six thousand employees worldwide, and revenue (2017) of ¥148.8 billion. Surely, this isn’t the sort of company to be involved in the secretive collection of private data including full browser histories?

Liam Tung (via Hacker News):

The company notes that it disclosed this data collection in its end-user license agreements and that browser history data was uploaded to a US server hosted by Amazon Web Services and managed by Trend Micro.

Trend Micro blamed the behavior on the use of common code libraries and has now removed the browser data collection feature and deleted logs store on the AWS servers.

Update (2018-09-14): Graham Cluley:

In short, Trend Micro says that the code was designed to help the software determine if users had recently encountered online threats - and yet the code was also incorporated into products which were not security-related.

Dr Battery, for instance, is an app that purports to offer real-time monitoring of your Mac’s battery and determine which apps are draining resources the most. Why on earth would that need to take a gander at your browsing history?

[…]

Shared code libraries that aren’t actually required by a program to perform its function increase the threat surface, introduce security and privacy vulnerabilities that could impact your customers, and - potentially - give more opportunities for hackers to strike.

Adam Engst:

What could possibly be the excuse for a company that advertises itself as “a global leader in cybersecurity solutions” to engage in such behavior, which is not just a serious ethical lapse, but a clear violation of Apple’s App Store policies? And if Apple is going to claim that the App Store approval process protects users, it clearly needs to do a better job.

Thursday, September 6, 2018

Why You’re Not Supposed to Call Swift’s description

Ole Begemann:

However, you should absolutely not use the following pattern, where a function argument is constrained to Custom[Debug]StringConvertible, either with a generic constraint or a plain type specification[…]

[…]

Instead, the function should accept any type, because anything is printable:

func doSomething3<T>(with x: T) {
    // ...
    // Call String(describing: x)
}

[…]

When you rely on LosslessStringConvertible semantics, you should absolutely access the description property directly, despite the above advice to the contrary. As we have seen, the alternative String(describing:) prefers Text​Output​Streamable’s representation over description if it’s available, and you can’t be 100 % certain that representation is identical to the value’s description, however unlikely any differences are.

The “Post-PC Era” Never Really Happened

Mark Lowenstein:

Tablets have had a good run, but sales have tailed off of late. I’d say they’ve had greater influence on the evolution of the smartphone and the PC, rather than leading to a significantly different nomenclature for what most of us carry around today. My Techpinions colleague Ben Bajarin says that Creative Strategies surveys indicate that only about 10% of tablet users have ‘replaced their PC’ — a number that has held steady for several years. And that 10% is concentrated in a handful of industries, such as real estate and construction. PC sales aren’t exactly surging, but they’re steady. Your average white collar professional today still carries around a smartphone and a laptop, with the tablet being an ancillary device, used primarily for media/content consumption.

[…]

And if anything, the tablet segment might fall off somewhat, squeezed by bigger and more functional phones on one end, and by more versatile laptops on the other end.

Previously: Post PC Cars, Trucks, and Motorcycles.

Update (2018-09-07): Zac Cichy:

Alternatively: post-pc happened, but the phone was underestimated.

James O’Leary:

this is why I rant about Apple’s laptop story - it’s not that they’re fundamentally broken, it’s that devotion to the iPad as laptop story has them easily 2-3 years behind Windows + ChromeOSJames O’Leary added,

Damien Petrilli:

This is why doubling down on iOS could be a problem for Apple: macos and Mac hardware lagging behind with all resources invested in a dead end.

Ben Szymanski:

Imagine if Apple had invested all of the effort they put in to make try and make the iPad line replace desktop computing, into the Mac line and keeping that up to date.

Colin Cornaby:

Seems like Apple’s post-PC era is about not trusting users. Don’t let users have the option of buying a modular Mac. Don’t let users have the option of running touch unfriendly software on a tablet.

The existence of these things would not hurt Apple. But they think we’re dumb.

I keep thinking about the declining tablet sales numbers, but what I want to know is if those numbers count convertibles.

Convertibles trust the user to make choices. You can run any software. You can run it as a laptop or a tablet. You’re trusted to make choices.

Every modern Apple device seems to be an exercise in single function purity. It’s simply absurd to me I have to buy a laptop AND a tablet. But Apple is so concerned about me not understanding touch vs. mouse that they sell them as different devices.

Zac Cichy:

No one did. The larger point is that everything iPad was meant to take over actually turned out to be iPhone. Beyond the wildest dreams of the PC.

This is a post-PC world.

Matt Birchler:

It would disingenuous of me to say I’m not a little disappointed with the glacial progress tablets have seen in the last few years. After years of explosive growth, things have cooled down quite a bit. The iPad is staying mostly level, with some growth over the past year, but Android tablets are turning to dust in the wind. In the Windows world, tablets are far more rare than laptops with touch screens.

See also: Hacker News.

Update (2018-09-10): See also: Hacker News.

Update (2018-09-11): Eugene Belinski:

8 years ago, people would buy $1000 computers and $100 flip phones. Now they’d buy $800 smartphones and $200 chromebooks.

It’s amazing how much the utility of phones and computers have realigned.

Previously: Chrome OS Is Set to Expand Beyond the Education Market.

Inside the World of Eddy Cue, Apple’s Services Chief

Mitchel Broussard:

As he looked into Cue’s history with Apple, The Information’s Aaron Tilley interviewed more than two dozen people who have worked with Cue.

[…]

According to former employees, Cue “seemed to lack much interest in [Siri]” from “the moment he gained responsibility.”

[…]

The profile also looks at Apple’s entry into streaming music, following former CEO Steve Jobs’ derision of the idea of renting music. Apple reportedly “fought tooth and nail” to keep Spotify out of the United States following its debut in Europe, with Jobs going so far as to privately threaten Universal Music by stating Apple would remove its content from iTunes if it worked with Spotify in the U.S.

Aaron Tilley (tweet):

During meetings, Mr. Cue is sometimes known to fall silent, shut his eyes and tilt his head back, leaving other participants to wonder whether he is staring at the ceiling or sleeping, said several former Apple employees and one outside partner present on multiple occasions when it happened over the past few years. In at least two of these situations, Mr. Cue began snoring, one source said.

A lot of Apple’s problem areas are (or were) Cue’s responsibility. But I don’t blame him that much because I think he was given an impossible job, too many disparate things to manage, many of which didn’t seem to be in his wheelhouse.

An interesting detail is that Cue is said to have a “hands-off leadership style” and doesn’t like to “mediate between warring factions.” That sounds a lot like his boss, Tim Cook, contra Jobs and Forstall.

Previously: What Went Wrong With Siri, Apple Services, Apple’s MobileMess, iCloud’s First Six Months.

Update (2018-09-08): See also: John Gruber.

Mastodon

John Gordon:

Twitter will become a blend of home shopping network, daytime TV, and tabloid news. That might be quite profitable.

There is money in sane social communication, but there isn’t big money. In particular there isn’t publicly traded corporation money.

Joe Rosensteel:

The short version is that Mastodon clones features of Twitter with open source software that can be run on any server. Those servers talk to each other and form a larger world than any one server could. The default place most people land is mastodon.social but they have halted admissions because of the large influx of people leaving Twitter at the same time. You can join mastodon.cloud or any other server. Since your server can talk to the others, and you can move your account to another one, there’s no immediate pressure. There’s a timeline which is functionally like Twitter - or at least how it was back when it was chronological. You can mute, block, follow, etc.

[…]

Unfortunately, there aren’t polished apps like that for Mastodon. The majority of apps are wrappers around a webview - fancy browsers. They have certain features, or present user-facing data in a way that is more appealing that the web site. Unfortunately, none of them are much better than the website. I would really suggest getting started on the website just because options for things will be in places you can google or ask any other user about.

Joe Rosensteel:

The benefit of Mastodon is that it’s not a company, but a series of instances all run by different people. Think of it more like email. Anyone can host an email server (but why), and they can send emails to other people not on their email server. Just in this case it’s an “instance”. I can block instances I don’t like, and I can still communicate with others that I do. There’s an admin for each instance to moderate and shape the kind of conduct that’s allowed on the instance. I’m on a private instance with a few friends, after having an account on the large “mastodon.social” instance which is the default place most people start. You can redirect followers if you move to another instance. All your data can be exported, including follow, block, and mute lists. I can take my stuff anywhere I would like to go. A “federated” timeline view exists, which shows all the stuff people on your instance are interacting with and saying. I found it unusable on mastodon.social, but on a smaller, more focused instance it’s worth looking at.

Brent Simmons:

I’ve joined Mastodon, and I find myself constantly confused. It’s not the idea of the federation — I get that. Not a problem. It’s just that the apps I’ve tried (including the web app) are difficult to use and/or don’t do the things I want them to do, or do them confusingly.

Bob Burrough:

Wil Wheaton leaves Twitter for Mastodon because Twitter wouldn’t ban people, is promptly banned by Mastodon.

Wil Wheaton:

I thought that if I left Twitter, I could find a new social network that would give it some competition (Twitter’s monopoly on the social space is a big reason it can ignore people who are abused and harassed, while punishing people for reporting their attackers), so I fired up this account I made at Mastodon a long time ago.

I thought I’d find something different. I thought I’d find a smaller community that was more like Twitter was way back in 2008 or 2009. Cat pictures! Jokes! Links to interesting things that we found in the backwaters of the internet! Interaction with friends we just haven’t met, yet! What I found was … not that.

Brent Simmons:

The power of mobs in Mastodon reminds me of the power of mobs in baby Twitter of 2009. Which is to say: it’s entirely possible it will get worse and worse — as it did on Twitter — to the point where lives can be ruined and even threatened.

So I’m thinking about whether or not to stay.

David Chartier:

Like many other people recently, I jumped ship to Mastodon, an alternative, bite-sized social network with an odd name and some great new ideas. I’ve spent time learning about Mastodon’s mission and open-source, decentralized design, and I’m starting to think that this should be the way forward for social networks in general.

Previously: The Struggle for Twitter Alternatives.

Update (2018-09-14): David Anson:

Many of us are looking at Twitter alternatives and there are two services that stand out: Micro.blog and Mastodon.

These services take different approaches, so choosing one is challenging. This page highlights some of the differences and is meant for non-nerds who don't want to get bogged down by implementation details. Every attempt has been made to be accurate, but some technical details are deliberately glossed over.

Wednesday, September 5, 2018

A Farewell to StreamToMe

Matt Gallagher:

I fixed the bugs but now I had a different problem: customers, lots of them, all wanting features. If they all wanted the same features, there might not be a problem but I quickly learned that media is a deeply personal experience and everyone wants to experience it a different way.

Ever wondered why all the major media player are a weird kitchen-sink of features bolted onto each other? Media players are a product-space where everyone uses a tiny slice of the features but no two users use the same slice of features and the entire space is really, really broad.

[…]

Like an idiot, I scrambled to add as many features as I could. Unfortunately, I ended up with a huge swath of features that I didn’t really use and the app stopped starting to feel like it properly catered to me. For something that started as a personal passion project, I was starting to feel like an dispassionate observer, rather than a passionate participant.

And as the feature set grew, so did a different class of maintenance problems and these were not simple bugs that could be fixed.

What’s Going on With Cesium

Mike Clay:

What the crash logs showed were that the system was not always returning these properties in a timely way. In fact, the app was crashing because it exceeded the iOS cutoff for inactivity – while waiting for the system player to return. Instances where a property was returned more quickly might avoid a crash, but could still cause a period of unresponsiveness. The logs showed that certain properties were more common culprits, but crashes were caused by a variety of them.

[…]

Well, first I could (and have) reported the issue to Apple. Next, I had to look for ways to decrease the number of calls to the system. Unfortunately, not all calls can be omitted or Cs would show no playback info and be pretty useless. But a lot of the queuing stuff could default to the standard boilerplate functionality provided by Apple. There would be less functionality, but there would be fewer system calls, and in theory better performance.

Firefox to Block Trackers

Nick Nguyen:

In the near future, Firefox will — by default — protect users by blocking tracking while also offering a clear set of controls to give our users more choice over what information they share with sites.

Via David Heinemeier Hansson:

Love the strong stance that Firefox is lining up to take on tracking. It’s a grotesque free-for-all by default at the moment. We need both political solutions like GDPR and technical safeguards like those from Firefox and Safari.

John Gruber:

Back in the early 2000s, every web browser other than IE turned toward web standards. It painted IE as the bad player, and drove IE users to switch to Firefox and other standard-based browsers. I think the same thing is happening now with ad tracking, with Safari and Firefox leading the way.

Nick Heer:

Of course, Google still makes the world’s most popular browser. There’s simply no way they can join the club of companies that actually care about user privacy with their current business model.

Previously: Intelligent Tracking Prevention 2.0, Firefox 11.0 for iOS Has Tracking Protection on by Default.

Updates for Mojave

I’ve now updated all my apps for macOS 10.14:

This required more work than for other recent macOS releases because of Dark Mode, the security changes, and a number of framework bugs that I had to work around.

I used to like to wait until the Golden Master build before shipping my updates, but these days there are so many people using the public betas of macOS, and many of them don’t know about my public betas. Also, Apple seems to be making more substantial and undocumented changes in later betas, so even if I waited until the GM there might be changes I didn’t find out about until after shipping. So I’m doing the best I can now, with the understanding that post-Mojave updates will probably be necessary, too.

Tuesday, September 4, 2018

Parallels 14

Bradley Chambers:

As I mentioned, I’ve been using VMware Fusion since the early days (version 2), so I have become accustomed to all of its strengths and weaknesses. The first thing I noticed was how fast everything felt inside of Parallels.

[…]

Version 14 brings many new features to Parallels. One of the ones I was most excited about is optimized file sizes for your Windows 8 and 10 virtual machines. My current VMware Fusion image is 44 GB. Using the file I imported from Fusion, Parallels is using 27 GB.

Christopher Spera:

There are a few key reasons to upgrade to Parallels 14 from an earlier version. The biggest is that version 13.x won’t run on macOS Mojave. A new macOS version will always require an update to key utilities like Parallels Desktop.

[…]

Perhaps the most noticeable feature is that Parallels Desktop 14 is 35% faster than previous versions; and it was immediately noticeable, too. This means that existing VM’s really move. Based on my limited experience running both a Windows 7 and Windows 10 VM, I can attest to the increased speed.

[…]

Licensing for a lot of modern software is shifting from a standalone license to a subscription model. Consumers have seen that in a number of popular titles, include apps like Office 365 and Creative Cloud. You pay a little each month, and you get software for a year. Parallels Desktop is doing this as well; and this year, their subscription model is taking more of a front seat as opposed to its standard license. The matrix below outlines which features come at which tier level. The Standard Edition is the only edition not on a subscription model.

Previously: Productivity Apps and Subscription Pricing, Turning Off Ads in Parallels, VMware Fusion 8.5 Announced, Free.

Update (2018-09-06): Peter N Lewis:

So I bought Parallels in March, I’ve used it a half a dozen times and if I want it to keep working after next month I have to pay another $70 to upgrade? I don’t think so.

Remote Mac Exploitation via Custom URL Schemes

Patrick Wardle:

Once the target is visits our malicious website, we trigger the download of an archive (.zip) file that contains our malicious application. If the Mac user is using Safari, the achieve will be automatically unzipped, as Apple thinks it’s wise to automatically open “safe” files. This fact is paramount, as it means the malicious application (vs. just a compressed zip archive) will now be on the user’s filesystem, which will trigger the registration of any custom URL scheme handlers! Thanks Apple!

Now that the malicious app’s custom URL scheme are registered (on the target’s system), code within the malicious webpage can load or “browse” to the custom url. This is easy to accomplish in JavaScript

window.location.replace('windshift://');

Behind the scenes macOS will lookup the handler for this custom URL scheme-which of course is our malicious application (that was just downloaded). Once this lookup is complete, the OS will kindly attempt to launch the malicious application to handle the URL request!

Medium Deprecates Custom Domains

Medium (via Brent Simmons):

Medium is no longer offering new custom domains as a feature. Instead, you can create a publication on Medium that will live on a medium.com/publication-name URL.

Previously: Backchannel Is Moving to Wired, Renewing Medium’s Focus, Anywhere But Medium.

Update (2018-09-05): David Heinemeier Hansson:

I would not recommend anyone to use Medium for a new publication without custom domain support. Medium has proven themselves an excessively volatile partner to publications already. Their whims will change again. You need an escape hatch.

Also: “If you already have a custom domain on Medium, nothing will change for you for the foreseeable future, and your domain will continue to work as expected”. What a shitty way to sow doubt amongst existing publications. Signal vs Noise is OUT the second this changes.

And the strong implied suggestion that this will change, Medium’s “foreseeable future” seems to be about a fortnight, should we prod all publishers to have their contingency plans ready to go. What a shame.

Three years ago we explained why moving Signal v Noise to Medium made sense to us. I’m very happy with the time we’ve spent on the platform so far, but the choice wouldn’t look so simple today.

After further review, we’re going to be leaving Medium at some point in the near-to-mid-term future. Thanks for all the fish, @ev! You built a beautiful typewriter, the early community was awesome, and I respect trying something different. Shame about the VC pressures. Adieu!

John Gruber:

I don’t understand why any publication, even a personal blog, would use Medium without a custom domain name. It’s not just about branding now, but about long-term sustainability. If you have your own domain name, you can keep old URLs working in perpetuity.

So You Think You Can Tell Arial From Helvetica?

Ironic Sans (via Hacker News):

I’ve taken 20 logos that were originally designed in Helvetica, and I’ve redone them in Arial. Some people would call that blasphemy. I call it a challenge: can you tell which is the original and which is the remake?

Previously: Arial and Helvetica.

Monday, September 3, 2018

Chrome OS Is Set to Expand Beyond the Education Market

Peter Bright (via Hacker News):

Most Chrome OS systems are cheap: plastic instead of metal; TN displays instead of IPS; screen resolution that felt cramped and low a decade ago; inexpensive ARM processors rather than more powerful and pricier Intel ones. In a lot of regards, Chromebooks are hitting the same price points—with the same compromises—as netbooks did in the mid-2000s. This has given Chromebooks great appeal in the K12 education market, where the low price and almost disposable nature of the devices makes them a good match for careless student users.

But these $600 machines aren’t aimed at those same students. Lenovo reps told us that its new Chromebook was developed because the company was seeing demand for Chromebooks from users with a bit more disposable income. For example, new college students that had used Chrome OS at high school and families who wanted the robustness Chrome OS offers are looking for machines that are more attractive, use better materials, and are a bit faster and more powerful. The $600 machines fit that role.

And that’s why Microsoft should be concerned. This demand shows a few things. Perhaps most significantly of all, it shows that Chrome OS’s mix of Web applications, possibly extended with Android applications, is good enough for a growing slice of home and education users. Windows still has the application advantage overall, but the relevance of these applications is diminishing as Web applications continue to improve. A browser and the Web are sufficient to handle the needs of a great many users.

Previously: Everything You Knew About Chromebooks Is Wrong, Chrome OS Is Getting Linux App Support.

The Missed Opportunity of Shelf Apps on iOS

Gabe Weatherhead:

Apps like Gladys also help with a terrible implementation of Apple’s clipboard sharing. All too often, when I copy anything to the iOS clipboard, the content is gone before I get to an app to paste it. That’s because Apple’s clipboard sharing through HandOff somehow erases it. Instead, I drag items to Gladys and then drag them to the destination app. Because I’m not relying on the Clipboard, I have more control and a better experience.

Apple never made a clipboard manager for macOS. I have no hope they will make one for iOS. But, because the AppStore is heavily focused on games and mainstream apps, utilities like Gladys have little hope of reaching sustainability. With affiliate linking removed from the AppStore, I’m guessing this will only get more dire.

Via John Gordon:

Perfect win-win fit for subscription pricing. Stop the hating on subscriptions.

Update (2018-09-04): Pata Ling:

Not sure if John Gordon read beyond Gabe Weatherhead’s headline before posting his snarky blog because the example of a discontinued shelf app in the article, Workshelf, used supscription pricing.

Google and Mastercard’s Ad Deal to Track Retail Sales

Mark Bergen and Jennifer Surane:

Alphabet Inc.’s Google and Mastercard Inc. brokered a business partnership during about four years of negotiations[…]. The alliance gave Google an unprecedented asset for measuring retail spending, part of the search giant’s strategy to fortify its primary business against onslaughts from Amazon.com Inc. and others.

[…]

“Before we launched this beta product last year, we built a new, double-blind encryption technology that prevents both Google and our partners from viewing our respective users’ personally identifiable information,” the company said in a statement. “We do not have access to any personal information from our partners’ credit and debit cards, nor do we share any personal information with our partners.” The company said people can opt out of ad tracking using Google’s “Web and App Activity” online console.

[…]

Since 2014, Google has flagged for advertisers when someone who clicked an ad visits a physical store, using the Location History feature in Google Maps. Still, the advertiser didn’t know if the shopper made a purchase. So Google added more.

Update (2018-09-05): Nick Heer:

It is worth noting that privacy was one of Apple’s goals for the design of Apple Pay. According to this Bloomberg report, the complete opposite was true of Google Wallet. As much as we view decisions by any companies as financially-motivated, we should remember to also think of Google’s moves — and those of credit card companies, data brokers, and so forth — as inherently creepy, invasive, and also likely not in the best interests of consumers.

Different Kinds of Archives

Dave Winer:

Most of the content of the Village Voice is probably already safely stored at archive.org. But what about the villagevoice.com domain? Don’t we also want to preserve the links into the site, for ongoing web sites that point to the Voice? Or when someone reads the preserved Scripting News, if I’m able to get that done, be able to click a link to a great Voice article and not get a 404? That’s analogous to preserving ancient Rome in addition to remembering its history. (BTW, some of it’s already gone. Here’s a post on this blog from 2004 that links to a VV article. Not found. Ouch.)

With the web we have the technical means to create a perfect archive, but without planning ahead, all we will have are the museums. And we are not doing the planning. The web, as a historic medium is far less than imperfect, it’s temporary. Only present as long as someone keeps paying the bills. And there’s no way to pay the bills far in advance, so the historic record has a literally no chance of surviving, given the current state of things.