Archive for October 2018

Wednesday, October 31, 2018 [Tweets] [Favorites]

IBM Acquires Red Hat

Ben Thompson:

Yesterday Young’s story came full circle when IBM bought Red Hat for $34 billion, a 60% premium over Red Hat’s Friday closing price. IBM is hoping it too to can come full circle: recapture Gerstner’s magic, which depended not only on his insight about services, but also a secular shift in enterprise computing.

[…]

This is the bet: while in the 1990s the complexity of the Internet made it difficult for businesses to go online, providing an opening for IBM to sell solutions, today IBM argues the reduction of cloud computing to three centralized providers makes businesses reluctant to commit to any one of them. IBM is betting it can again provide the solution, combining with Red Hat to build products that will seamlessly bridge private data centers and all of the public clouds.

Kontra:

MySQL, Java, OpenOffice → Oracle
SpringSource, Zimbra → VMware
XenSource → Citrix
GitHub → Microsoft
JBoss → Red Hat → IBM

Open source toolchain company exits are good for open source?

[…]

And who’s next?

Update (2018-11-16): See also: Hacker News.

Why a Helium Leak Disabled Every iPhone in a Medical Facility

Daniel Oberhaus:

The answer, it seems, is because Apple recently defected from traditional quartz-based clocks in its phones in favor of clocks that are also made of MEMS silicon. Given that clocks are the most critical device in any computer and are necessary to make the CPU function, their disruption with helium atoms is enough to crash the device.

In this case, the leaking helium from the MRI machine infiltrated the iPhones like a “tiny grain of sand” and caused the MEMS clocks to go haywire. This isn’t news to Apple, however, which explicitly mentions that “exposing iPhone to environments having high concentrations of industrial chemicals, including near evaporating liquified gasses such as helium, may damage or impair iPhone functionality” in the phone’s manual.

iFixit has a detailed explanation of how this all works over at its blog.

Tuesday, October 30, 2018 [Tweets] [Favorites]

October 2018 Apple Event

The new MacBook Air is oddly named. It’s not the lightest Apple notebook, and it doesn’t have that much in common with previous MacBook Airs. It’s more like a slightly smaller 13-inch MacBook Pro. The good: the Retina display, up to 16 GB of RAM, T2, more than one port (sad that this was not a given), Touch ID without a Touch Bar. The bad: the unreliable keyboard, only two ports (only one when charging), no USB-A, the larger trackpad that’s more susceptible to accidental input, and the $1,199 base price (up from $999, or $899 for the 11-inch). And that doesn’t include the dongles you’ll have to buy to connect the same peripherals. It’s not that the new MacBook Air is a bad buy, but that Apple is completely ignoring a huge part of the market. Apple could make something worth buying for half that price, and customers and developers would be well served by its existence. Why does the mass-market Mac have to be more expensive than the iPad Pro?

The new Mac mini looks great: lots of cores, RAM, ports (including 2x USB-A). Again, the downside is the price: the base configuration is now $799 for an i3, up from $499 for an i5.

I really like what Apple’s done with the iPad Pro: the magnetic pencil, wireless charging, the double-tap gesture, and being able to charge an iPhone from the iPad. At this point, the iPad hardware is so good, but it’s let down by software and inherent limitations of the form factor.

It’s strange that the iPad mini continues to exist in its current (old, relatively expensive) form. And there was no news about the Mac Pro or even a spec-bump for the iMac (last updated in June 2017).

It’s hard for me to get excited about Today at Apple. What I want to hear from retail is how they’re going to fix the Genius Bar.

Previously: Forthcoming MacBook and Mac mini Updates, Mac Sales Down in Q3 2018 Amid a Lack of Updates.

Update (2018-10-30): Dieter Bohn:

The stakes are higher for the MacBook because it has been several years since Apple could legitimately claim to sell the unquestioned best laptop for most people. For half a decade or more, the MacBook Air filled that slot — so much so that it became a running joke. Not only was the MacBook Air the unparalleled king of mass market laptops, for some of that time it also happened to be the best Windows laptop, via Boot Camp.

Those times are long gone. The new lineup of MacBooks haven’t lived up to the Air’s pedigree. The diminutive 12-inch MacBook was (and is) a marvel of miniaturization, but it was too underpowered and overpriced for most people. The same was true for the very first MacBook Air, but the MacBook hasn’t seen the same iterative progress that was applied to the Air. Throw in a controversial keyboard and aggressive lack of ports, and lots of people justifiably took a pass.

MacJournals.com:

Tim Cook’s revelation of an installed base of 100,000,000 Macs is the first time they’ve put a number on that statistic (as opposed to “new to Mac this quarter”) in a long time, maybe a decade, maybe more.

Michael Love:

This is an effing mockery, honestly - they took the one good laptop they had left and brought over all of the bad stuff (thermals, keyboard, confusing ports, etc) from their other ones. I hope Mac sales collapse and they’re forced to reckon with this.

Ilja A. Iwas:

Somebody should tell them that “Butterfly keyboard” is a burnt trademark.

Norbert M. Doerner:

Someone should have also told them that “thinner” nowadays means “irrelevant”. Sigh. Who cares? We need a better keyboard!

Peter Steinberger:

They reused the broken keyboard design? The spacebar of my 2018 MacBook Pro is already starting to fail (that‘s the supposedly fixed keyboard with the extra silicon)

Nick Heer:

This looks like a terrific product — one that I’d be itching to buy to replace my six-year-old Air — but I’m still skeptical of that keyboard. I don’t want to have to leave my only computer in the shop.

Kuba Suder:

13” Retina, T2, Touch ID, no touch bar, Escape key, thin wedge-shaped bottom, 16 GB RAM, USB-C, even 100 g lighter than old Air (!). This is seriously my dream laptop, I’m so happy I waited for it

Jonathan Deutsch:

MacBook Air Notes:

- Looks like a great successor to the MBP "Escape" model (still sold)

- And still selling the old air at the $999 price point

- Function keys and Touch ID, let's get this as an option everywhere!

- Why did they lie about quadrupling the pixels on the display?

When they said quadrupling it would have meant boosting the density of the Mac laptop retina displays. This is the same 2560x1600 display size used in the 13" MacBook Pros. The non-retina is 1440x900, so actual quadrupling would have been 2880x1800.

Phil Dokas:

If the present MacBook and MacBook Air only had their names swapped the entire lineup would make so much more sense.

MB: Default

MBA: A price/performance tradeoff for a smaller machine

MBP: Have at it, power users

Joe Cieplinski:

Macs are literally being made from the scraps of iOS devices now.

Paul Haddad:

The question I keep asking myself, “Buy Mac Mini now or hope that the Mac Pro next year isn’t another trash can?”

Erik Berlin:

MacBook vs. MacBook Air (both upgraded to 512GB SSD for an apples-to-apples comparison).

MacBook Air has:

- faster CPU

- faster GPU

- larger display with IPS

- two Thunderbolt ports

- latest-generation keyboard

- longer battery life

- TouchID

- FaceTime HD camera

- $150 cheaper

Dr. Drang:

Mac sales are down. So if 51% of Mac buyers are new to the Mac, doesn’t that suggest that old Mac users have really slowed down their buying?

Kuba Suder:

Quick spec comparison - MacBook Air / Pro / 12”

Daniel Rubino:

New MacBook Air maxed out with a (squints) dual-core (Y-series?) Core i5 processor, Intel UHD 617, 16GB RAM, 1.5TB is $2,699

Surface Laptop 2 with Core i7 quad-core processor, Intel UHD 620, 16GB RAM and 1TB is also $2,699.

TB3 for MBA; Touchscreen for Laptop 2. Same weight.

Guess that “Apple tax” is still real and even more than “Surface tax”.

I kind of feel that calling your laptop “Air” in 2018 when it weighs 2.75lbs is a bit rich considering many 13-inch laptops are either at that or below (XPS 13 is 2.65lbs).

Acer Swift 5 15-inch is supposed to weigh 2.2lbs.

I feel “Air” better applies to something like the HP Spectre 13t, which is a ridiculous feat of engineering (2.45lbs)

Rich Woods:

Let’s not forget that it’s not just about cores either. Surface Laptop 2 has a full 15W U-series processor. MacBook Air is a 5W Y-series processor, the rebranded Core m5. so yea, the Surface Laptop 2 is a much better value.

Dan Masters:

Apple’s insistence on this keyboard design is indicative of Ive’s unchecked control within the company. They tweaked the “problematic” iPhone 4 design mid-cycle with the Verizon variant; meanwhile, here we are with virtually the same keyboard 3 yrs later.

Sebastiaan de With:

Man this new iPad Pro looks so fantastic. I can’t wait to buy one and then almost never use it like all my previous iPads.

Joe Fabisevich:

The cheapest iPad Pro with a Pencil and a cover (not even the keyboard) is $1,000 before tax…

Brain Hamilton:

For the things that Apple is promoting the iPad for, you need both headphones and a constant source of power. One USB-C port for both is unacceptable.

Apple need to do more to make USB-C a viable ecosystem than make products that use it.

Karissa Bell:

A 1TB iPad Pro w/ cellular, Apple Care, Apple Pencil and Smart Keyboard is actually $2356 (the 15-inch MacBook Pro starts at $2399 by comparison)

Steve Troughton-Smith:

Apple’s specs page is less confident that the new iPad Pros can output 5K than the marketing press release & John Ternus. Do they mean 4K upscaled to 5K displays?

Steve Troughton-Smith:

The new iPad Pros both have 6GB of RAM, according to Xcode (technically the kCoreThemeMemoryClass enum doesn’t map 1:1 but CoreUI only knows about 6GB devices so the iPad must be 6GB if not any prior value)

6GB of RAM is a lot of future-proofing for these iPads. It’s 50% more than before, which was already nowhere near saturated by the apps we use

…actually it looks like not all SKUs are gonna get the 6GB of RAM, and the breakdown might make you mad

Multiple people are telling me that only the 1TB iPad Pros get 6GB RAM. … So that’s a thing.

Hey Apple this would have been a useful piece of information to know before iPad orders went live

Jeff Gamet:

Following the introduction of the new iPad Pro with Face ID and USB-C, Apple added USB-C to 3.5mm headphone and USB-C SD card reader adapters to its online store. That’s a good thing, because the new iPad Pro models don’t include a headphone jack.

Guilherme Rambo:

iOS is ready to tell you that even tho the ports are the same, the technology is not

Joe Fabisevich:

The new iPad Pro scrolljacking sideways is the worst thing Apple shipped today.

Marco Arment:

Interesting: the 11” iPad is the first (and only so far) iPad to NOT have a 4:3 screen aspect ratio.

Maxwell:

That’s not full size... where is ESC?

Arno Appenzeller:

Wow @AppleSupport in Apple Stores becoming more and more ridiculous. Getting an appointment at Genius Bar is very difficult and then you have to wait 2 weeks for a keyboard replacement. Store Manager‘s advice was to buy a new MacBook for the wait and then return it

At least after talking to a manager on the Apple Care Hotline they offered me some options. But still angry that I wasted a 2,5h drive to the AppleStore and that the Store Manager was very unfriendly

Update (2018-10-31): Zac Cichy:

I won’t miss this charging method.

Juli Clover:

Though the MacBook Air is now using a lower power Y-series chip, because the previous-generation MacBook Air was still equipped with a Broadwell chip, the new model is still going to see significant performance improvements. Unfortunately, the performance gain isn’t going to be as impressive as it would have been had Apple stuck with U-series chips.

Horace Dediu:

iPad Pro vs. original iPad. 8.5 years of engineering:

50% thinner
30% lighter
35x faster CPU
1000x faster graphics
5x pixels
25% greater color saturation
50% brighter
5x faster WiFi
23x faster LTEa
16x storage

Dan Masters:

I was thinking that, but they recognised that MacBook Air is a longer-standing (as far as recent memory is concerned), very valuable brand, with fond memories attached to it – hence, they didn’t bother changing them and confusing customers in the process.

Adam Engst:

In its press release, Apple talks about performance only generally, saying “delivering the performance you need for everyday activities like organizing your photos, browsing the Web, creating presentations or viewing and editing videos.” Reading between the lines, that says to me that the new MacBook Air isn’t any faster than the previous model when it comes to pure processing power.

Steve Troughton-Smith:

The first two MacBook Air designs were breakthrough products. Size/weight, then power/performance/design/battery life. Today’s MacBook Air pushes no envelope, and merely exists as a concession to the market. Apple’s portable flagship in this era is the iPad, make no mistake

Steve Troughton-Smith:

It does seem crazy that the iPad hardware team can constantly out-ship the sw team (always designed for next year’s OS), yet Macs are left languishing for 5 years between updates.

Benjamin Mayo:

Weird that the new iPad Pro back camera loses optical image stabilisation and has one less element in its lens.

Rodrigo Araujo:

Yesterday price surges:
MacBook Air: 999 -> 1199 (+20%)
Mac Mini: 499 -> 799 (+60%)
iPad Pro 10.5: 649 -> 799 (+23%)
iPad Pro 12.9: 799 -> 999 (+25%)

This is unreal. I find it hard to believe that only a handful of people are talking about this.

Fraser Speirs:

Even the cellular premium has gone up from +£130 on the 6th gen and 10.5" iPad Pro to +£150 on the new Pros.....

Sam Rutherford:

All told, the “new” MacBook Air is something Apple could have made last year or even in 2016. But it didn’t, and we’ll probably never know why.

Dave Mark:

One tiny announcement at yesterday’s event, that had huge implications to me:

AutoCad has been ported to the iPad Pro.

Previously: Discontinuation of Mac Support for Autodesk Alias and VRED.

Steven Sinofsky:

Some suitably freaked out or annoyed by Apple’s marketing slide on iPad “versus” notebooks. A couple of notes here because I think it is important to consider iPads in the context of the massive shift of where computing happens.

Nick Heer:

Looking beyond that, though, at what is plausibly within reach in the next few years is a culmination of efforts to overhaul the way we think about computers. Apple has, for years, been touting the iPad as the computer of the future — the pioneer in the post-PC era. But the product has not necessarily matched the company’s rhetoric, largely because it’s still trying to grow out of the smartphone-based constraints that are primarily exposed in software; that’s the root of where most of its limitations still lie.

If the scenario I outlined above is, indeed, the way Apple sees the future of this product line, there’s still a long way to go: multitasking isn’t there yet, the keyboard remains an afterthought, an iPad isn’t as information-dense because its controls still need to be touch-friendly, and so on. But there are clues that Apple is very serious about the iPad as a replacement computer. USB-C and the singling-out of external display support is one such indicator, I feel; iOS 11 brought the Dock to the iPad, which makes it feel much faster for switching between apps; and there are some iPad-specific Springboard improvements destined for iOS 13 that ought to shake things up.

Jeremy Burge:

That’s not to say Apple is doing the wrong thing here. USB-A and SD are clearly less important with each year. But the reason the old MBA sold and continues to sell is for the masses who want to just get on with their work for a fair price. Not because of the name or form factor.

Speculation: Apple, 3-4 years ago, decided iPad & iPhone are the future. Macs are a tiny % of the business. So:

- Remove high + low end Macs
- Move to simple premium-only Mac lineup:
- MacBook
- MacBook Pro
- iMac
- iMac Pro

Low-end goes to iOS. High-end can manage w iMac Pro

Update (2018-11-01): Ryan Jones:

100% wrong on MBA popularity. Love Jeremy, but:

1. Cheap
2. Cheap
3. Cheap
4. Cool factor
...
10. Old USB
...
20. SD card slot
...
30. Performance

How Apple got in this Mac situation:

1. iPhone
2. iPad
3. Apple Watch
4. Services
5. There’s only so much attention
6. Macs were doing “fine”
7. 2 1/2 bad big bets: Mac Pro, Touch Bar, USB-C (and MacBook to an extent)
8. Customers spoke up

Ben Brooks:

Apple produced everything I was hoping for in an iPad Pro — except a kickstand, I mean what are they waiting for — and I feel completely ambivalent about upgrading. I’ve not ordered one, and might not for a few days, weeks, months, ever.

Jason Snell:

Apple made a bunch of announcements about the iPad Pro that I could summarize as: “Yes, this is a computer.”

[…]

As someone who has taken to clipping my iPad Pro into a metal shell in order to get a laptop-style feel, I’m fascinated by Apple’s new approach here. I’m going to need to use it in my lap before I decide how I feel, but I’m optimistic? It’s funny that Apple, after going entirely away from the front-and-back case approach in recent iPad generations, has apparently embraced it again with these models. I really like the Smart Cover, though, and I’m going to miss it if these models truly don’t have magnets in the right places to make a simple front cover work.

Jason Snell:

So now there’s a new Air, plus the MacBook, plus the MacBook Escape, plus the 13- and 15-inch MacBook Pro with Touch Bar, and the old $999 MacBook Air is still being sold! The MacBook and Escape didn’t get updated, either. Things are clear as mud.

[…]

So the real question is, why did people keep buying the MacBook Air all this time? Was it that $999 price? Was it the design? The size? The fact that it was the last Apple laptop without the new butterfly keyboard design?

[…]

This is the next-generation Air that I wished Apple had made in 2015. It didn’t then, but here it is now.

Juli Clover:

With the updating of the Mac mini and MacBook Air this morning, here's a list of the wide range of Macs that Apple offers, from the new $799 mini up to the fully loaded iMac Pro at a credit-card busting price of $13,199.

Michael Simon:

We’re still waiting for a truly new Mac mini. The new model might come in space gray now, but it’s a small consolation to those of us who were waiting for Apple to truly rethink and reimagine its tiniest Mac. Just like it has been for the past eight years, the Mac mini is 7.7 inches square and 1.4 inches thin. The placement of the ports have shifted and the rear vent is slightly bigger, but for the most part, the new Mac mini is merely a darker version of the old Mac mini.

What the heck took so long?

[…]

Pardon me if I’m a little concerned about the Mac Pro. A lot is riding on the redesign and while I was once confident that the extra time Apple is taking means it is tweaking, fine-tuning, and refining the design, the Mac mini makes me skeptical.

See also: Accidental Tech Podcast

Update (2018-11-05): Uluroo:

The price, the ports, and the keyboard are the only things Uluroo imagines could be obstacles to the MacBook Air’s success (it has two USB-C ports and the third-generation butterfly keyboard from the latest MacBook Pros). If it cost $999, it would be a massive hit. Again, we’ll have to wait and see how things turn out.

[…]

It’s also becoming clear that Apple is preparing for the drastic shift from Intel processors on Macs to chips designed in-house. If Uluroo remembers correctly, the name “Intel” was spoken once in the entire presentation. The A12X chip is insanely powerful, and performance tests have shown that it gives the MacBook Pro a run for its money. Apple’s silicon is getting close to outpacing Intel’s; it’s certainly improving at a much quicker rate.

Andy Hansen:

Apple’s pricing is high, no doubt. But 8 weeks ago I got called by 2 tech vendors telling me OEMs are raising prices up to 25% in 2019 due to tariffs. I’ve been in a purchasing role at my org. for almost 9 years, never before received a call like this.

Update (2018-11-06): John Gruber:

When has Apple ever had a different strategy than focusing on dominating the higher end of its markets and ignoring sheer market share? The iPod — maybe — was a market share leader, depending on how you defined its category. But even with iPods Apple clearly was determined to dominate the higher end of the market.

Update (2018-11-12): See also: The Talk Show.

Update (2018-11-15): Paul Kafasis:

Still, Apple is now offering a solid lineup of truly new Macs to purchase, and that’s no small thing. The quality of these recent updates also gives us hope that the new Mac Pro will be well designed too.

Monday, October 29, 2018 [Tweets] [Favorites]

Business Licensing for Omni’s iOS Apps

Ken Case:

In 2016, we started switching our apps over to free downloads with in-app purchases. This solved a lot of problems for consumers who purchase our apps through the App Store, by enabling free trials, upgrade discounts, and free upgrades for recent purchases. Unfortunately, switching to in-app purchases made it much more difficult for businesses and schools to purchase our apps through the App Store, since Apple’s Volume Purchase Program (which lets organizations purchase apps) doesn’t support in-app purchases.

[…]

Looking around at how other people have solved this problem, one of the better approaches is to offer a single sign-on based licensing solution. (This is an approach Microsoft supports for licensing Office 365, for example.) The idea is that an organization will purchase licenses for use by a team, and the app will offer to let team members sign in with a set of credentials which will be verified by that organization using their single sign-on server. This lets the organization be responsible for purchasing and distributing their team’s licenses—including redistributing licenses when appropriate.

So, in other words, licensing has to completely bypass the App Store. I guess Apple allows this because you can still purchase in-app. But there must be restrictions or else we would already see a parallel app economy with discounts and upgrades purchased directly from the developer.

Update (2018-11-13): Ken Case:

To be clear, we do offer IAP. Unfortunately, IAP doesn’t support business purchases (which I filed a few years ago as radar 29148022). Before implementing this option, we had no mechanism for businesses to purchases licenses at all (they could only reimburse personal purchases).

NSMutableDictionary’s Practical Limit

Vincent Bénony:

Pro tip: if your Objective-C application deals with a huge collection of objects, avoid relying on NSMutableDictionary as the “count” method returns the number of objects… modulo 0x2000000 “allKeys” and “allValues” are also affected…

Greg Titus:

Fun fact! If you make your dictionary with 0x2000001 objects in Swift and then cast it to an NSDictionary, then it works just fine from Objective-C. Can’t be a mutable dictionary that way, though.

Update (2018-10-31): Vincent Bénony:

It depends on the private class used by Foundation. For instance, if I build the dictionary with « dictionaryWithObjects:forKeys: » it works perfectly, but as soon as I create a mutable copy, it fails.

NSKeyValueObservingCustomization Is Fundamentally Broken

Lily Ballard (tweet):

The breakage is the fact that implementing it relies on being able to do equality testing on key paths, but equality testing on key paths doesn’t work in the face of subclassing. By that I mean given the following code

class Foo: NSObject {
    @objc dynamic var name: String?
}
class Bar: Foo {}

The expression \Foo.name == \Bar.name returns false even though Bar is just inheriting its property from Foo. This means that an implementation of NSKeyValueObservingCustomization cannot possibly work properly on anything besides a non-final class. Even if keypath construction in this instance were changed such that \Bar.name returns the same thing as \Foo.name, the same cannot be done for the more complicated case[…]

I guess the workaround is to use the string-based Objective-C methods instead of the AnyKeyPath Swift ones.

See also: SR-9077.

NSKeyValueObservingCustomization relies on a global table to map String key paths back into AnyKeyPath values. However, as the string keypath does not include the root type, this means that observing properties with the same name on separate objects will overwrite each other in the global table. In a single-threaded scenario this is acceptable as the NSKeyValueObservingCustomization methods are invoked synchronously when the observation is created, and the global table is populated immediately prior to creating the observation. However, in a multithreaded scenario, the global keypath table could be overwritten with a different keypath prior to invoking the NSKeyValueObservingCustomization method.

App Stores No Longer Listing All In-App Purchases

Jim Tanous (via Bryan Chaffin):

A concerning change was quietly pushed to the iOS App Store recently. Users this week noticed that Apple is no longer listing all in-app purchases and their prices for apps and games that offer them.

[…]

The problem with this new policy is that the nature and prices of in-app purchases vary wildly depending on the developer and type of app or game. Users could previously check out the description and prices of the in-app purchases to determine if they were reasonable before downloading or buying an app. Now, it seems, users must download and launch the app to see the same information.

This results in not only an inconvenience for the user, but it also inflates download statistics for app developers and potentially exposes user information as well.

The Early Days of GitHub

EnterpriseReady Podcast (via Hacker News):

In episode 2 of EnterpriseReady, Grant chats with Tom Preston-Werner about how the open source company he co-founded, GitHub, rose up to become an essential coding resource for developers everywhere.

[…]

As we approached all of the enterprise problems, we take it from that approach, we were learning what enterprises needed at the time. Like I said before, I hadn’t ever made software for enterprises. I had no idea what features they wanted.

[…]

That choice is one that everyone’s faced with which is, “Do we create a fork of our repository and build enterprise features there? Because we don’t need them in the SaaS products, so let’s not complicate the SaaS product with them. We’ll build those features in the enterprise model only, and then we’ll port all of the new stuff from the SaaS model into the enterprise codebase. Because Git can do that. It’s good at merging stuff.” So that’s what we did, we had a separate repository.

We forked off GitHub.com SaaS model repository, and new enterprise features went in there. We hired a person specifically to do this merge process, which was a thankless horrible task, and we did it for a while and it was just extremely slow. Merging is not amazing, ever. If you have conflicts it’s a nightmare. It’s a never-ending nightmare.

Friday, October 26, 2018 [Tweets] [Favorites]

Flattening Nested Optionals Resulting From try?

SE-230:

Swift’s try? statement currently makes it easy to introduce a nested optional. Nested optionals are difficult for users to reason about, and Swift tries to avoid producing them in other common cases.

This document proposes giving try? the same optional-flattening behavior found in other common Swift features, to avoid the common occurrence of a nested optional.

John McCall:

How important is this problem to fix? It arises from a combination of two things: using the try? operator on a result that is already optional. This is, perhaps, not very common; it probably reflects two different methods of failure being used in one expression. But when it does happen, the extra optionality is almost always unwanted and causes significant friction for the programmer, demanding awkward workarounds: code like try? foo() has to be turned into something like (try? foo()) as? T. By forcing programmers to deal with the awkwardness of nested optionals more often, it raises the overall perceived complexity of working with optionals in Swift, and it makes try? feel unintuitive.

The Core Team does not want to make source-incompatible changes lightly, but we also want to leave room to improve the language for future users of Swift. We don’t have a bright-line rule for when a change crosses the line to become unacceptable, but the key consideration in our analysis is the change’s apparent impact in practice on existing code more than its hypothetical risks. In this case, we are convinced that the change leads to fairly inarguably better results.

I concur.

John McCall:

Casting doesn’t really “flatten”; it looks for any way in which it can interpret the operand value as the target type, and then wraps in a level of optionality to represent that that search can fail. But it’ll happily look through protocol types and so on. Any static behavior is going to seem inconsistent compared to that if you think of it as flattening, including the current behavior of try?.

Mysterious Reduced iPhone Battery Life

I’m not sure what’s changed other than iOS 12, but my iPhone’s battery is draining like never before. It can now drop from 100% to 50% sitting on my nightstand overnight. I thought maybe an app was doing something in the background, but the Battery area of Settings shows no activity whatsoever during that time.

And, for many years, I’ve been taking my iPhone on day hikes and recording a GPS track with MotionX-GPS. I carry an external Jackery battery just in case, but the internal one usually lasts the whole day, six hours or so of camera and background GPS use. No longer. On my last two hikes, the battery drained to zero in under an hour. The Battery screen simply shows that MotionX-GPS was running; nothing looks out of the ordinary.

The Battery Health display shows that Maximum Capacity is still 100% on this 18-month-old iPhone SE, although it notes that performance management has been applied due to an unexpected shutdown.

Previously: Battery Health and Peak Performance Capacity.

Update (2018-10-29): Rob Mathers:

My SE started draining more heavily earlier this year. Not to the extent of yours, but still bad. I got the battery replaced, with small improvements, but eventually caved and went to the XS, which is way better.

I do still wonder what changed…

Jeff Baxendale:

My 6s battery is at 88% max capacity (replaced last year for free) and says the performance throttling has been applied.

I’ve (+ my fam) generally noticed it draining faster too… trying to see what is doing it, but also hard to argue with how much more responsive the OS feels.

I’ve found that disabling Screen Time helped a lot. My iPhone is now at 75-80% in the morning (still lower than with iOS 11). I’ve also noticed that turning Screen Time on makes the battery start draining quickly. I also tried turning off Compass Calibration, but that didn’t seem to make a difference.

Apple on the “Radical” Use of Humans to Edit the News

Chrysanthe Tenentes:

This is an interesting look at how Apple News approaches curating their product, which reaches 90 million people. Unlike other algorithm-focused Silicon Valley giants, Apple uses human editors to surface news stories. They layer those hand-picked stories, some of which will get a million views each, with trending and topic-based stories via algorithm.

Apple (surprisingly) gave access to their News editor in chief, Lauren Kern, who weighs accuracy above speed.

Mitchel Broussard:

Some publishers remain concerned with Apple News’ future, particularly because of Apple’s ad revenue policies. For one, readers on Apple News stay inside of Apple’s app for the most part, curbing ad revenue for the publisher of the article and limiting data from direct clicks to the sites. While publishers can sell ads on their stories in Apple News, most say the process is complicated and that advertiser interest was low because of the lack of consumer data.

Apps Can Track You Even After You Uninstall Them

Gerrit De Vynck:

Uninstall tracking exploits a core element of Apple Inc.’s and Google’s mobile operating systems: push notifications. Developers have always been able to use so-called silent push notifications to ping installed apps at regular intervals without alerting the user—to refresh an inbox or social media feed while the app is running in the background, for example. But if the app doesn’t ping the developer back, the app is logged as uninstalled, and the uninstall tracking tools add those changes to the file associated with the given mobile device’s unique advertising ID, details that make it easy to identify just who’s holding the phone and advertise the app to them wherever they go.

The tools violate Apple and Google policies against using silent push notifications to build advertising audiences, says Alex Austin, CEO of Branch Metrics Inc., which makes software for developers but chose not to create an uninstall tracker. “It’s just generally sketchy to track people around the internet after they’ve opted out of using your product,” he says, adding that he expects Apple and Google to crack down on the practice soon. Apple and Google didn’t respond to requests for comment.

Previously: Push Notifications to Send Promotions.

Update (2018-11-06): Tanner Bennett:

I got fed up with this the other day. There’s all sorts of public APIs, few of which should be public imo, that allow companies to fingerprint devices.

To name a few, apps can see your connected WiFi SSID, the name of your device (“Tanner’s iPhone”), and the device model.

It was fun writing a tweak to randomize all of these and see which apps broke because of it.

Custom Icons for Quick Actions

Matthias Gansrigler:

The trick is to have the file end in ‘Template’, like ‘MyWorkflowIconTemplate.tiff’. But that’s not all there is to it. When you add a custom icon through Automator, it automatically gets renamed into ‘workflowCustomImage.png’. So no matter what you name your file, it won’t matter.

To fix this, add a custom icon to your Quick Action in Automator, save, switch to Finder and navigate to /Users/yourname/Library/Services/, where your newly saved Quick Action will end up. There, right-click your Quick Action, select ‘Show Package Contents’, and navigate into Resources, where your icon file will be. Rename it to ‘workflowCustomImageTemplate.png’. Now, navigate into Contents and open Info.plist. Look for <key>NSIconName</key> and change ‘workflowCustomImage’ to ‘workflowCustomImageTemplate’. Save.

You can use Quick Actions with both DropDMG and EagleFiler. The main catch, from my perspective, is that Finder accepts click-through for them. So if you have a habit of bringing Finder windows to the front by clicking near the bottom-right, be aware that you may accidentally invoke a Quick Action.

Gansrigler also has a tip for making the right kind of TIFF file for the Touch Bar. However, you don’t have to write code to do this. You can make a multi-representation TIFF using tiffutil.

The Problem with Facebook and Virtual Reality

Ben Thompson:

Anything made by Facebook is necessarily biased towards being accessible by everyone, which is a problem when creating a new market. Before technology is mature integrated products advance more rapidly, and can be sold at a premium; it follows that market makers are more likely to have hardware-based business models that segment the market, not service-based ones that try and reach everyone.

To that end, it is hard to not feel optimistic about Apple’s chances at eventually surpassing Oculus and everyone else. The best way to think about Apple has always been as a personal computer company; the only difference over time is that computers have grown ever more personal, moving from the desk to the lap to the pocket and today to the wrist (and ears). The face is a logical next step, and no company has proven itself better at the sort of hardware engineering necessary to make it happen.

Critically, Apple also has the right business model: it can sell barely good-enough devices at a premium to a userbase that will buy simply because it is from Apple, and from there figure out a use case without the need to reach everyone.

Thursday, October 25, 2018 [Tweets] [Favorites]

Arq Cloud Backup 1.0

Haystack Software:

Arq Cloud Backup is now available! It comes with its own cloud storage, for folks who don’t want to manage the storage separately from the app. Plus it’s super fast!

I like and use regular Arq, but it’s too hard for less technical users to set up. Arq Cloud Backup is a completely separate app that uses its own cloud service, like CrashPlan or Backblaze. And, like those services, you can restore files from a Web interface, which is not possible with regular Arq.

The price is $5.99/month per computer or 1 TB. I did not see any information about the cloud storage provider.

Update (2018-10-26): The cloud provider is Wasabi.

Previously: Arq 5.9 Adds Backblaze B2 and Wasabi Support.

Update (2018-10-31): Haystack Software:

Just changed Arq Cloud Backup pricing to unlimited computers. Just pay $5.99/month per TB of total backups across all your computers

Mojave Fixes QuickLook Cache Vulnerability With a DataVault

Howard Oakley:

I’m delighted to report that Apple has responded to this issue in macOS 10.14 Mojave, and made the QuickLook cache altogether inaccessible, although I wait for news from Wojciech and/or Patrick that they’ve managed to wheedle their way around the new defences! So you can now trash those two apps, which have also been deprived of any access to the QuickLook cache.

What has Apple done? It has locked the QuickLook cache folder away from apps using sandboxing.

[…]

“/var/folders/t9/[long ID]/C/com.apple.QuickLook.thumbnailcache” is a DataVault, which is a new type of privacy container that Apple introduced sometime around 10.13.4. These files/folders are identified by the “UF_DATAVAULT” file flag. These are implemented via SIP (not technically sandboxing, but the same gist). Applications need an entitlement to make or access specific data vaults, or even to stat() a DataVault folder.

These devices are worth some deeper investigation. Apple doesn’t (and apparently has no plans to) issue these entitlements to third-parties. Consider the implications of that – Apple is creating a platform where only data created in Apple applications gets the highest level of security.

Also consider that you (the user) can’t see what’s in these DataVaults without turning off SIP. It’s hard to tell what Apple is keeping in these, but some of them are a bit alarming.

It seems like this fix can still leak private data. If you use Quick Look to view files on an encrypted volume, they could be cached in the DataVault on the boot volume. They could then be exposed by turning off SIP, which only requires the password to the Mac, not the password to the encrypted volume.

Note that DataVaults are not accessible to the user or regular apps, even if you give them Full Disk Access. So their contents are not backed up and can’t be cloned.

Howard Oakley:

macOS Mojave is Apple’s most complex Mac operating system in terms of the controls which it places over access to files and folders. If you still think that this is all done by regular POSIX permissions, you may find this article illuminating, if not downright scary.

Previously: Quick Look Cache Reveals Sensitive Data From Encrypted Drives, Mojave’s New Security and Privacy Protections Face Usability Challenges.

Update (2018-11-05): My guess is that Core Spotlight, whose index is stored in the user’s home folder (and not in a data vault), may also leak private data.

Android App Ad Fraud

Craig Silverman:

But an investigation by BuzzFeed News reveals that these seemingly separate apps and companies are today part of a massive, sophisticated digital advertising fraud scheme involving more than 125 Android apps and websites connected to a network of front and shell companies in Cyprus, Malta, British Virgin Islands, Croatia, Bulgaria, and elsewhere. More than a dozen of the affected apps are targeted at kids or teens, and a person involved in the scheme estimates it has stolen hundreds of millions of dollars from brands whose ads were shown to bots instead of actual humans. (A full list of the apps, the websites, and their associated companies connected to the scheme can be found in this spreadsheet.)

One way the fraudsters find apps for their scheme is to acquire legitimate apps through We Purchase Apps and transfer them to shell companies. They then capture the behavior of the app’s human users and program a vast network of bots to mimic it, according to analysis from Protected Media, a cybersecurity and fraud detection firm that analyzed the apps and websites at BuzzFeed News’ request.

Robin Kurzer:

In its response to the BuzzFeed report, Google explained how the botnet — dubbed TechSnab — works to inflate ad revenue by creating botnets to visit web pages.

[…]

Ad fraud hits marketers directly in the wallet. BuzzFeed reports that the potential for stolen ad revenue related to this scheme could be as high as $750 million. One app connected to the scheme has been installed more than 20 million times.

John Gruber:

The bottom line: if the metric used for charging for advertising can be faked, it will be faked. Ad tracking is both an invasion of privacy and an open invitation to fraud.

Tim Cook Calls for Strong US Privacy Law

Jon Brodkin:

Apple CEO Tim Cook today called on the US government to pass “a comprehensive federal privacy law,” saying that tech companies that collect wide swaths of user data are engaging in surveillance.

Speaking at the International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Brussels, Cook said that businesses are creating “an enduring digital profile” of each user and that the trade of such data “has exploded into a data-industrial complex.”

[…]

Former Facebook security chief Alex Stamos responded to Cook on Twitter today, questioning Apple’s commitment to privacy in China. “Apple needs to document how they protect data stored by a PRC-owned cloud provider,” Stamos wrote. “In particular, Apple should explain under what circumstances [the Chinese state-owned company] can access iCloud backups. iMessage is the only E2E [end-to-end] encrypted app allowed by the Great Firewall; what was required to get this concession from the Ministry of State Security?”

Update (2018-10-26): Alex Stamos:

The missing context? Apple uses hardware-rooted DRM to deny Chinese users the ability to install the VPN and E2E messaging apps that would allow them to avoid pervasive censorship and surveillance. Apple moved iCloud data into a PRC-controlled joint venture with unclear impacts.

Ole Begemann:

Tim Cook on iCloud encryption: “We can decrypt iCloud data because some users expect us to help them when they lose or forget their password. It’s hard to say when, but I believe we will change this practice in the future, and we won’t have a key for user data in iCloud anymore.”

Deep-dive Into the AirPower Charging Animation

Guilherme Rambo:

ChargingViewService is the process responsible for showing the cool animation. When the device is connected to power, a daemon called sharingd detects the presence of a power source for the device, it then checks to see if the power source is a wireless charger manufactured by Apple and then triggers the presentation of the charging UI.

[…]

The most important asset for the animation is a video file, usually called Charging.mov (AirPods have other video files for Left-only, Right-only and Right+Left). This video file consists of two videos side-by-side: one of them is the color video of the 3D device animating into the screen and then rotating and the other one is the same content, but represented as an alpha mask.

Another asset is a SceneKit scene file that contains a plane matching the position of the device’s screen throughout the animation (it lines up with the video). When the engagement animation is presented, the video is sliced in half and is used as a texture in a SceneKit scene, with the color part being used as the diffuse texture and the alpha part being used as the transparency texture, resulting in a video with a transparent background. The wallpaper is composed on top of the video with the plane provided by the scene.

[…]

That “flying back” animation is configured through a series of plist files which are also a part of the assets downloaded from mesu. There are different permutations of the files for each iPhone screen size and also variants for right-to-left languages.

Wednesday, October 24, 2018 [Tweets] [Favorites]

iPhone XR Reviews

Juli Clover:

The iPhone XR will be available for pre-order at 12:01 a.m. Pacific Time on October 19, and ahead of when pre-orders go live, the first iPhone XR reviews have been published on YouTube.

Apple appears to have provided several YouTubers and media sites with iPhone XR review units, with a list of some of the available review videos embedded below.

John Gruber:

Weird thing about iPhone XR — no first-party cases from Apple (yet?). Only cases they’re promoting with pre-orders are from Otterbox, of all places.

Ryan Jones:

And cases on Day 1 are critical. No one that wants a case waits - gotta have it.

Steve Troughton-Smith:

Unlike with the iPhone 5c at its launch, I feel like the iPhone XR is the star of this year’s lineup. It’ll be interesting to see how it fares; carriers here instantly went out of stock for preorders, but that happens every year so can’t glean anything from that

Chris Velazco (via MacRumors):

To add to the curiosity of it all, the R doesn’t mean much either. Phil Schiller, gingerly gripping a cup of coffee across from me, said the letters Apple uses never stand for something specific. But then his voice softened a little as he started to tell me about what the letters mean to him.

“I love cars and things that go fast, and R and S are both letters used to denote sport cars that are really extra special,” he said with a smile.

[…]

Devices like the iPhone X, iPhone XS and basically every nice Android phone this year have screens that run at resolutions at or much higher than 1080p. (If you’re not much of a phone person, this basically means they’re very crisp.) The iPhone XR’s screen isn’t as high-res as those screens, and some people are upset about that. A handful of reports also suggested that the complexities of building these specific kinds of LCD displays on a large scale are why Apple is releasing the iPhone XR a month after its two more-premium XS models.

At least with respect to the first point, Schiller believes this is a case of what’s on paper not doing justice to reality. “I think the only way to judge a display is to look at it,” he told me, adding that Apple calls these screens “retina displays” because your eye can’t discern individual pixels unless you press your face up right against the glass. “If you can’t see the pixels, at some point the numbers don’t mean anything. They’re fairly arbitrary.” And when asked if the screen was to blame for the XR’s staggered release, he simply said, “This is when it’s ready.”

Joe Rossignol:

iPhone XR pre-order demand in the first three days of the device’s availability was “better than that” of the iPhone 8 and iPhone 8 Plus during the same period last year, according to Apple analyst Ming-Chi Kuo.

John Gruber:

The iPhone XR is everything Apple says it is, and it’s the new iPhone most people should buy. I’ve been using one as my primary phone for the last week, and it’s a lovely, exciting device. Even some of the things I thought were compromises don’t feel like compromises at all in practice. Overall, yes, the XS and XS Max are better devices, but in a few regards the XR is actually better.

[…]

By using the camera with the faster lens and bigger sensor, Portrait Mode on the iPhone XR works significantly better than on the XS in very low light scenarios.

[…]

With plenty of light, Portrait Mode is much better on the XS than the XR, simply because the XS telephoto lens is a much more appropriate focal length for portraits.

[…]

But LCD has advantages — most noticeably energy consumption. Apple goes out of its way to disguise this in its iPhone tech spec comparisons, but the iPhone XR has the longest battery life of any iPhone ever made. The primary reason is that the XS and XS Max’s OLED displays use more power.

[…]

To my eyes, the biggest difference between the XR and XS displays is the slightly larger bezel around the XR display — not the displays themselves.

[…]

The XR is also less dense — about 9 percent less dense than the XS and 7.5 percent less dense than the XS Max. There could be internal components that contribute to this, but the obvious explanation is that aluminum weighs less than stainless steel. I think this lower density works in the XR’s favor — it feels better, weight-wise.

[…]

The XR uses some lesser quality glass on the back. Still supposedly scratch and crack resistant, but not as durable as the glass on the front.

Benjamin Mayo:

Anandtech says the 8 LCD is more efficient at showing black, too.

Joachim Bondo:

Another advantage X🅁 has over X🅂 is that it looks better on the back. The circular lens is simply more attractive than the tall double-lens housing.

Ben Bajarin:

The Xr feels more premium than all its high-end Android competitors which bodes well for Apple.

No company has experimented more with material science/metals than Apple to get to where they are today.

John Gruber:

IMO the 128 GB iPhone XR is by far the best value in the entire iPhone lineup. Apple could have easily only offered 64 and 256 GB.

Hedwig Guerra:

The lineup makes more sense when you factor in all models (Delta between 64 GB and 256 GB is consistent at $150, Delta between 32 GB and 128 GB is $100).

Matt Birchler:

The greatest trick Apple ever pulled was raising the entry price of their lineup $150 and getting people to call it “affordable.”

I think the new phones are great, but $649 used to be premium device territory and $800 was “OMG THAT’S A CRAZY PHONE” territory.

Joe Rossignol:

Haptic Touch is simply a marketing name for a long press combined with haptic feedback from the Taptic Engine. The feature is a substitute for 3D Touch, which Apple wasn’t able to include on the iPhone XR in order to achieve a nearly edge-to-edge LCD screen, a remarkable engineering feat.

Nick Heer:

But there is one thing eating at me with this new iPhone lineup: the starting price for a current model year iPhone is now $50 more than last year, and $100 more than two years’ prior. It’s as though they’ve dropped the entry-level model and are starting at what was previously Plus model pricing. In Canada, the difference is even more pronounced — for the first time, you cannot get a current model year iPhone for under $1,000. The iPhone XR might be the least-expensive iPhone Apple launched this year, but it is by no means a budget device.

[…]

There are two ways of looking at this: Apple has made more affordable the iPhone X design and features, and Apple has dramatically increased the base price of an iPhone.

See also: Nilay Patel, Matthew Panzarino, Rene Ritchie, and Lauren Goode, and roundups from Apple, John Voorhees, and Tim Hardwick.

Update (2018-10-25): Jason Snell (tweet):

My lock screen image is the picture of an astronaut taken from the surface of the moon, so there’s a lot of dynamic range. When you look at that image on an iPhone XS, the blackness of space is absolute. On the XR, it’s more of a… space gray?

Still, when you’re not comparing the phones directly side by side, it’s a lot less noticeable.

[…]

Finally, there’s no 3D Touch. This is an underutilized part of iOS, and has been since the beginning. But Apple has converted many of the 3D Touch gestures on iOS into new press-and-hold “Haptic Touch” equivalents. Not everything has made the move—some press-and-hold gestures already have meaning, so they can’t be remapped for Haptic Touch—but a bunch of them have. (In the end I’m not sure 3D Touch is going to be anything but a footnote. But if you’re a 3D Touch fan, the iPhone XR might not be your best choice.)

Rene Ritchie:

With all previous Portraits Mode, from iPhone 7 Plus to iPhone XS and XS Max, you were shooting with the effectively 52mm telephoto lens. With iPhone XR, you’re shooting with the effectively 26mm wide angle lens. Switching from one to the other is like swapping glass on a traditional camera.

That’s especially true because, instead of just slapping on a custom gaussian or disc blur over the background and calling it a day, which is what Apple used to do and, I think, pretty much every other camera phone maker still does, this year Apple examined a bunch of high-end cameras and lenses and created a virtual model for both the iPhone XS and iPhone XR.

That means, it ingests the scene with computer vision, makes sense of everything it sees, and then renders the bokeh, including lights, overlapping lights, and the kind of distortions real glass physics produces in the real world.

And, when you slide the new Depth Control back and forth between f/1.4 and f.16, it re-calculates and re-renders the virtual lens model.

The result is the same kind of character and, yeah, personality you get with real-world lenses. And that means shooting with iPhone XS vs. iPhone XR gives you photos with different character and, yeah, personality.

Update (2018-10-26): Uluroo:

This chart shows the pricing and storage tiers of each new iPhone model, along with the price per gigabyte.

[…]

The iPhone XR should not be seen as the cheaper alternative to the iPhones XS and XS Max; they should be seen as a more luxurious alternative to the XR.

Update (2018-10-29): Benjamin Mayo:

The XR doesn’t let you long-press on a lock screen notification to view the rich content + action buttons. iPad doesn’t have 3D Touch, but it lets you access it with a long press. The XR makes you swipe the notification to the side and then tap the View button.

Mike Rundle:

I’m embarrassed to admit it, but this morning I returned my XR to Apple because of this specific reason. I use this functionality all day long and assumed Apple made it work on the XR. I got the Max instead. Super lame.

Chris Welch:

For the first time in years, a new iPhone has hit the market without any first-party Apple cases for the company to sell alongside it. The lack of such an obvious accessory is odd. Apple has made no public comment on why it hasn’t prepped its usual silicone and leather case options for the XR’s launch.

Mark Gurman:

Especially since they announced a clear case in their press release

Update (2018-10-31): Rui Carmo:

I went into a store to try out the XR thinking there was a 70% chance of walking out with one, and was shocked at how large, heavy and unwieldy it actually is compared to my iPhone 6, even with its aluminum and glass body.

Pics don’t do it justice, nor does Apple’s comparison page—I can’t hold it comfortably to take a call single-handed, never mind using it for anything more complex, since it is much larger, thicker and heavier than the 6/8 form factor.

Update (2018-11-01): John Gruber:

To my knowledge, iPhone XR is the only LCD phone ever made, by anyone, with no chin or forehead. With the display controller underneath the display, the Lightning port had to be pushed down. It is absolutely a compromise, but well worth it for the overall look of the device. Everyone would notice if the XR had a chin; almost no one is going to notice the Lightning port is top-aligned rather than centered with the screws and speakers.

Ken Segall:

It’s been disappointing to see Apple struggle with iPhone naming for so many years. With XS, XS Max and XR, we now have a family of iPhone names Gil Amelio would be proud of.

[…]

I foolishly cling to the idealistic notion that a company’s values really do determine its long-term success. So I find it unsettling when Phil Schiller innocently tosses out the comment that the letters in an iPhone name have no meaning.

What he’s doing is casually tossing aside one of the values that has always set Apple apart.

Jason Snell:

The iPhone XS models are better phones than the iPhone XR in pretty much every way (except color). But are they better enough to matter for most people? I doubt it.

Juli Clover:

In our latest YouTube video, we compared the cameras of the iPhone XR and the iPhone XS Max to see how much of a difference you’re really going to see with the single lens camera vs. the dual-lens camera.

Update (2018-11-05): Adam Clark Estes:

Remember how tech bloggers seemed so jazzed about the iPhone XR because it was like the very expensive iPhone XS but incredibly cheaper? It looks like the public is not as jazzed. Nikkei Asian Review reports that Apple has canceled a production boost for the iPhone XR, which is apparently not selling as well as the company had originally anticipated. The iPhone 8, however, is selling better than expected. Maybe people like the Home button!

I recently tried several iPhone XRs and was impressed. It feels much better in the hand than an iPhone 6–8 and, I think, better than an iPhone X. I don’t know whether it was just the display models in the store that I was in, but the colors with the gray aluminum sides seemed much more grippy than the ones with colored (black or red) sides. The two main issues for me:

Update (2018-12-06): Rene Ritchie:

The truth is, Apple’s display team has gotten so good at everything from color calibration to color management that you can put an LCD iPhone XR next to an OLED iPhone XS and, unless you’re looking for deep, deep black and can discern high contrast ratios, scarcely tell the difference. Which is insane, given how different the two display technologies are.

Since filming my initial review, I’ve also heard from a lot of people who suffer varying degrees of vertigo from the variable refresh rates on OLED but who don’t have that problem with LCD, and so are super happy Apple is offering both in the new design.

[…]

Stereo playback is also great. I’ve watched a ton of shows and films with the new wide stereo speakers and it’s the first time I’ve felt I didn’t need to where headphones to actually enjoy what I’m listening to, and I’ve never been particularly fussy about audio.

John Gruber:

Feel-wise [the Apple clear case is] sort of half plastic-y, half rubbery. Plastic-y enough that it doesn’t stretch from the edges of the phone. Rubbery enough that it feels nice and grippy without being too grippy — it slides in and out of a jeans pocket easier than an Apple silicone case. Unlike any of Apple’s other iPhone cases, there is a very slight lip around the camera cutout on this case. I don’t know why, but it means the phone doesn’t quite sit flush back-down on a flat surface.

Update (2018-12-07): Paul Carroll (via Phil Schiller):

Apple chose to include much of the same advanced software and image processing algorithms as in their flagship devices, and in many ways the photographic capabilities of the iPhone XR are broadly similar to those of the XS/XS Max — excellent exposure in all lighting conditions, wide dynamic range, and an excellent noise-versus-detail trade-off. The autofocus system is also excellent in all conditions.

Where the XR falls down compared to its more expensive siblings is when the addition of a second sensor coupled to a tele-lens comes into play. So don’t expect the same quality for zoom shots. Bokeh simulation in the XR’s Portrait mode isn’t brilliant either, with the pictures having something of an artificial feel; moreover, the 26mm lens’s wider field of view isn’t generally ideal for portraits, and bokeh mode doesn’t work with objects.

Compared to the Google Pixel 2, which is the best single-cam smartphone we’d tested up until now, the results are very comparable in many areas, but thanks to improved results for noise and particularly for artifacts, the iPhone XR just nudges it out of first place to become our top-ranked single-cam smartphone.

Safari Technology Preview Adds Dark Mode CSS

Jon Davis:

Safari Technology Preview Release 68 is now available for download for macOS Mojave and macOS High Sierra.

[…]

Added prefers-color-scheme media query support for styling dark mode content (r237156)

W3C:

The prefers-color-scheme media feature is used to detect if the user has requested the system use a light or dark color theme.

no-preference
Indicates that the user has made no preference known to the system. This keyword value evaluates as false in the boolean context.
light
Indicates that user has notified the system that they prefer an interface that has a light theme.
dark
Indicates that user has notified the system that they prefer an interface that has a dark theme.

Previously: Supporting Dark Mode.

Update (2018-10-25): Craig Hockenberry:

After downloading Release 68 and making sure that Dark Mode CSS Support is turned on in the Develop > Experimental Features menu, you can do this in your CSS:

div {
  background-color: pink;
}

@media (prefers-color-scheme: light) {
  div {
    background-color: yellow;
  }
}

@media (prefers-color-scheme: dark) {
  div {
    background-color: purple;
  }
}

As you switch in and out of Dark Mode, the div will change color. If you need a more interactive approach, say to show a theme-switching control at page load, you can use JavaScript to check the media query string:

var inDarkMode = window.matchMedia('(prefers-color-scheme: dark)').matches;

Dragon Speech Recognition Software for Mac Discontinued

Nuance:

Nuance is constantly evaluating its product portfolio to see how we can best meet the needs of our customers and business. After much consideration, we have made the difficult decision to discontinue the Dragon Professional Individual for Mac line-up.

Via Kirk McElhearn:

The software was very good, but the company was always plagued by poor support, expensive upgrades, and a general disdain for the Mac platform.

[…]

The only solution for Mac users in the future is to buy the Windows version of Dragon and use it in a virtual machine (with VMware Fusion or Parallels), which is not ideal.

Previously: Discontinuation of Mac Support for Autodesk Alias and VRED.

UI Browser 2.8

PFiddlesoft:

UI Browser helps you to explore, manipulate, and monitor the user interface of most macOS applications running on your computer. With the push of a button, it also generates AppleScript statements to control any application using GUI Scripting, even applications that are not otherwise scriptable. No other utility provides all of the information you need in order to write scripts using GUI Scripting.

Version 2.8.0 of UI Browser adds support for new Accessibility features introduced in macOS Mojave 10.14.

[…]

UI Browser’s Target menu now includes Apple’s new Script Menu application in Mojave. The Script Menu application handles the Script menu extra if Script Editor preferences are set to show it in the menu bar.

[…]

AppleScript statements generated by UI Browser can now be sent to Script Debugger 7 from Late Night Software, as well as Script Editor, Smile and earlier versions of Script Debugger.

Mark Alldritt:

Sooner or later you are going to face the problem of automating an application that either isn’t scriptable or that fails to expose some important feature to scripting. When that happens, AppleScript GUI Scripting is your only alternative and UIBrowser will be the best money you’ve ever spent.

Xcode’s Alignment of Objective-C Dictionary Literals

Tanner Bennett:

Xcode 10 debuted this year and it still aligns Objc braces and brackets in the most unhelpful way possible.

And it does this for C functions, too, so I don’t think it’s related to lining up the colons in the method name. It’s almost enough to make me go back to creating dictionaries using a macro.

Surely there are people within Apple using Objective-C…

Monday, October 22, 2018 [Tweets] [Favorites]

Document Versions and iCloud

Howard Oakley:

As we work more collaboratively, not just with others, but across our own range of different devices, iCloud’s lack of support for document versions has become more than just a nuisance. I might work on a report on my iMac, then want to make some corrections when I am out and only have my iPad with me. It is galling that I can run the same app, such as Pages, on the same document, but can’t rely on document versions.

[…]

When that iMac is working on documents in iCloud which it owns, it continues to store generated versions in its local store. But when I work on the same document on my iPad, it doesn’t have access to those versions, so just sees the current document. Then when I return to access it using my iMac, the previous version stored there is from my last editing session on the iMac, not from my iPad.

It makes it impossible to switch seamlessly between platforms, and working on documents in the cloud becomes half-baked and clumsy.

[…]

When you edit a document using an app which has been built against the macOS 10.14 SDK, even though you may not be running it on Mojave, if that app uses Apple’s built-in support for document versions accessed using the Browse All Versions command, and you save your edits to a document stored in iCloud Drive, macOS will make its versions available to other macOS and iOS systems able to access that document in iCloud Drive.

Howard Oakley:

There appear to be two distinct issues causing these problems: the need to sync new versions, and duplication occurring between local and iCloud versions.

Ordinarily, with asynchronous tasks such as saving a new version of a document to cloud storage, each task would be added to a queue, and the syncs in that queue performed in sequence until the queue becomes empty. This doesn’t appear to happen when saving versions to iCloud Drive: if the next version is ready to sync, then prior version syncs for that document are cancelled or lost. If you overload the sync process, then only the last sync is performed, and versions which should have been ahead of it in the queue are never synchronised, and appear lost to other systems sharing that account. They are, though, still stored in the local versions database.

[…]

Users cannot (ordinarily) turn versions off in Apple’s iWork apps, nor can they stop the versioning system locally, or that in iCloud. Perhaps the best strategy is to see this as an added bonus, on which you cannot rely, nor can you disable or remove. Apple needs to address these issues if it intends users to edit iWork documents shared in iCloud Drive.

Howard Oakley:

Versioning is the cloud equivalent of Undo, at its best when you’re working in short bouts but require access to that document’s editing history.

[…]

When you view or retrieve those versions using the Browse All Versions… command, you are offered all locally-stored versions, and all those found in iCloud, delivering two copies of most.

Update (2018-11-09): Howard Oakley:

What I hadn’t tested until recently was version management when using Handoff. This doesn’t work through iCloud, but can be used to edit documents stored in iCloud, and appears to save versions reliably. Indeed, it poses a different problem for version management: what happens when the same document is open on two systems, and different changes are made in each?

The Handoff solution is to prompt the user to choose between the two versions, forcing them to delete one of them. There doesn’t appear to be any way, automatically or manually, of merging the changes. With autosave in operation, a user who is editing the same document on two systems will rapidly realise that is a bad idea. With existing non-matching versions on the two systems, it can only add to user confusion, particularly if the user closes the document on one system, then later opens it using the versions stored in iCloud.

At the moment, versions in iCloud and Handoff can lead to great confusion and missing versions. The bugs in the current implementation of versions in iCloud need to be fixed, and until they are, versions in iCloud simply can’t be trusted.

Android Phone Manufacturers to Pay for Google Play Store

Benjamin Mayo:

The EU has ruled that Google can no longer require manufacturers to pre-install Google Chrome and Google search in order to feature the official Android app store, the Google Play Store. It views the entanglement as anticompetitive.

Naturally, Google is appealing the decision but it must comply in the meantime. The new European license will require manufacturers to pay a per-device free for the rights to pre-install the Play Store and other apps. If the hardware companies choose to install Google search and Chrome, a revenue sharing deal will let them recoup some of the costs of the Google Mobile Services license.

[…]

Under the leaked terms, Samsung would save $30 in licensing costs on every device, if they made the hardware resolution match the default software configuration.

But it sounds like the they’ll still have to pay a significant amount even if they do install Chrome. This seems like a really big deal.

Apple Pulling High-Grossing Scammy Subscription Apps Off the App Store

John Koetsier (via Hacker News):

“It seems they are automatically pulling any and every non-big-name app that has a high IAS [in-app subscription revenue],” Albert Renshaw posted on Facebook.

The trial button is the key.

“They’ve been pulling apps and rejecting apps that have a massive button that says ‘X days free” without the price inside that button,” another developer said. “People don’t read the fine print and that’s who they’re after. Before they were lenient but with the negative publicity they’re strict as hell now.”

[…]

Today, most of the apps mentioned in my original story are now no-longer available.

Why didn’t Apple enforce its guidelines from the beginning? Or, afterwards, notice apps with suspicious revenue?

Previously: Weather Alarms Scam.

Update (2018-10-25): John Gruber:

I can see how a new app with a malicious IAP scam might slip through review, but once an app is generating tens of thousands of dollars a month, it ought to get a thorough review from the App Store.

Update (2018-10-29): Apps Exposed:

I have been investigating these apps for a year and reported them to @Apple but they haven’t taken any actions so far, letting this scammers making hundreds of thousands of dollars. Please take a careful look at the list below[…]

It’s a long list.

Update (2018-11-19): David Barnard:

The App of the Day on iPad today is one of Apalon’s apps (thread). Their paywall has the price and trial duration far removed from the trial button and a quarterly subscription (preying on people who don’t know what that means? And/or can’t do math?).

App Review told us that in Weather Up we had to put the price on the button. So, next time Apalon submits an update to that app they’ll presumably be forced to do the same. But you’d think Apple wouldn’t feature apps that aren’t current in compliance with App Review guidelines

It’s also App of the Day on iPhone. And I almost forgot… it’s one of the apps recently caught selling user location data. For all Apple’s talk of protecting users, I still can’t believe they allow apps to sell location data much less feature those apps

I hadn’t used that app in a while, so I decided to check it out & figure out what Apple saw worth the honor of App of the Day. Alerts promoting other apps. Full screen adds every couple minutes. Subscription page pops up randomly. Sells user location data. “Creedon Republic”?!

I can’t think of a bigger than seeing that specific app featured a few days after @Weather_Up_ was released. I’ve tried so hard to create a great experience around weather maps, respect user privacy, add unique features like Event Forecasts, and not trick/annoy users.

Ryan Jones:

Good summary of what we mean when we say “scam apps”.

It’s not one thing; it’s a combination of willfully barely nefarious tactics that Apple’s walled garden should catch or fold up shop. Any one complaint looks petty by design, but the whole picture is a clear scam.

Tweetbot 5 for iOS

Tapbots (tweet):

  • GIF support in compose view (Powered by Giphy).
  • Redesigned profiles.
  • Redesigned tweet status details.
  • New iconography and app icon.
  • Optimized dark theme for OLED displays.
  • Support for haptic feedback.
  • Auto video playback in the timeline (which can be disabled in the settings).

Surprisingly, this is a free update, though they’ve added a tip jar. I like the new design except that the timeline scroll thumb seems to be invisible in the dark theme.

Christopher Lawley:

With some major design changes it feels like a whole new app. There’s some hidden easter eggs as well that I’ve noticed people may have missed. If you go into setting, tap Support Tweetbot, and give them a tip you can unlock different themes. After that go into display and you can now change your themes. My personal favorite is Pumpkin.

Friday, October 19, 2018 [Tweets] [Favorites]

Reduce Transparency and Reduce Motion in macOS Mojave

Craig Grannell:

What you’d expect to happen is for macOS to remove the semi-transparent bits. So instead of Finder sidebars or the macOS app switcher showing what’s beneath them, they’d just have a neutral solid background. Nope. Instead, in its infinite wisdom, Apple’s decided those components should instead be coloured by your Desktop background.

This makes no logical sense. Why should the colour of an interface component be influenced by elements that may be several layers beneath them? Also, this decision can make interface elements less accessible, because you end up with an inconsistent interface (colours shifting as you move a window around the screen) and can impact on legibility (such as when moving a Finder window to the right on the default background, whereupon the sidebar goes a weird brown colour).

Craig Grannell:

So, anyway, I just opened the App Store app on macOS Mojave, and I had the audacity to click on something that was featured and looked quite interesting. WHOOSH went the full-window slide transition. BLORCH went my innards. Through squinting eyes I then did a bit more testing. Clicking Done made the window zoom downwards again. And then I clicked a standard list item. WHOOSH went the full-window slide transition, but, excitingly, in a different direction this time (horizontally). GAH went my brain, asking me to JUST SODDING STOP WITH THIS STUPID EXPERIMENT ALREADY.

This is with Reduce Motion on.

Previously: Is There Hope for the Mac App Store?.

It’s Like @2x for Color

Gus Mueller:

At any rate, I filed it this past summer as radar://41731847: Mojave does not support writing 16bpc/deep color HEIC images.

The format supports it, and we’ve got DP3 color profiles on iOS and MacOS now. We just need the encoders to catch up.

Ironically, the introduction of a wider color gamut such as Display P3 will increase the amount of banding in our images, unless you move from 8 to 16bpc.

Previously: Improving Color on the Web.

Paul Buchheit on Joining and Leaving Google

Paul Buchheit (via Hacker News):

I didn’t believe in the business or think the company would be a huge success, though. I thought they were going to be roadkill and would get squashed by one of the big internet companies. By then, Yahoo was already a behemoth, and Alta Vista had so much money. I didn’t understand how this little startup would be able to compete. But I decided I didn’t care. I wanted to go work on Linux stuff and figured I’d at least meet some smart people there, and maybe they’d later start a company that would actually be successful.

In hindsight, I realize the early team at Google was actually quite remarkable. I think they made a real point of hiring smart people. In part, that was because they were working on really interesting problems and smart people want to work on interesting problems. I remember Jeff Dean had gone to work at another startup before Google and immediately fixed all of their problems. When he asked, “Now what do I do?,” it turned out that they had nothing else interesting to work on, so he left. He was drawn into Google because of the interesting systems problems there.

[…]

Partially I think Google had grown so much in my absence, but it was also partly a “boiling the frog” effect: before I spent time away, I hadn’t noticed things slowly changing, but when I got back I realized, “Oh wow, here I am in a meeting with a bunch of people I don’t know who are telling me to do stuff that I don’t care about.” I knew immediately that if I stayed at Google, and wanted to be successful and influential, I would have to become more of a big company person. I knew that I had the capacity to do that, but I didn’t want to. I wanted to do something else, so I left.

Lawsuit Alleges Facebook Inflated Video Ad Viewing Times

Rachel England (via Nick Heer):

After reviewing some 80,000 pages of internal Facebook records, obtained as part of court proceedings, Crowd Siren now claims that Facebook had not only known about the issue for over a year, but had massively underestimated its miscalculations. The company told some advertisers it overestimated average time spent watching videos by 60% to 80%. The plaintiffs, however, believe that figure is much larger, and that average viewership metrics had been inflated by as much as 900%.

John Gruber:

If true, Facebook’s big “pivot” to video was really a scam.

Thursday, October 18, 2018 [Tweets] [Favorites]

App Bundles Now Support Mac Apps

Apple:

App bundles make it easy for customers to buy up to 10 of your apps in a single purchase. And now, you can create app bundles for Mac apps or free apps that offer an auto-renewable subscription to access all apps in the bundle.

This is 4+ years after iOS apps could be bundled. It would be interesting if companion iOS and Mac apps could be bundled together, but as far as I can tell all the apps in the bundle have to be for the same platform.

Previously: App Store Bundles as an Upgrade Path.

Update (2018-10-24): Jeff Johnson:

Mac app bundles appear to be live now but only available in Mojave App Store.

How do you even advertise that when pre-Mojave customers click on the link and get “Cannot Connect to the App Store”??

Update (2018-11-01): Jeff Johnson:

I submitted my Mac app bundle on October 16, the day Apple announced bundles. It went into review the next day. However, the bundle sat in review until the evening of October 23, when it was rejected for metadata. App Store review didn’t like the name of the bundle “Please Pass The Madness Pack”, which was based on the idea “PassTheMadness, please” suggested by a friend. I thought this was clever and amusing, but apparently App Store review has no sense of humor or whimsy. So I changed names to the boring “StopTheMadness Underpass Bundle” and re-submitted within a couple hours. The next day, bundles went live in the Mac App Store, but mine was still waiting for review, so I requested an expedited review. Three days later I received an email denying my request for an expedited review. The day after that, though, on the evening of October 28, my bundle went into review again, and it was approved within 10 minutes. Despite being approved, the bundle did not appear in the Mac App Store the next day. Or the next day.

Fraser Speirs Switches to a Google Pixel

Canvas:

Fraser has picked up a Google Pixel 2XL as his next smartphone. The reasons are explained inside but the episode turns into a reflection on just how similar and different the two main smartphone platforms are in 2018. There is some discussion of Google using their apps as an Android ‘beachhead’ on iOS and the implications of Apple’s pricing strategy.

Fraser Speirs:

So far, the most surprising thing about being on Android is how familiar it feels. Almost every app that exists on both platforms is not just feature-compatible but virtually pixel-identical to its iOS counterpart.

Fraser Speirs:

Firstly, the whole thing is way more notification-driven than iOS. The notification screen is much more like an ‘activity inbox’ than it is on iOS. Sometimes, this is great, other times annoying.

It’s great to see things like completion of background activities in there. On the other hand, I’ve had notifications for things that are literally happening on the screen right in front of me. Needs quite a lot of tuning.

Previously: Advantages of Android, Android Oreo Review: An iOS User’s Review, Why Apple Should Copy the Android P Notification Shade.

Apple Stops Maintaining Its Printer Compatibility List

Howard Oakley:

One of the standard questions I get asked is whether macOS 10.x supports printer Y, or sometimes scanner Z. Users like to know such basic facts, which can save them messing about trying to get an unsupported printer working. For several years, Apple has maintained a Support Note which details all those models for which you can expect macOS to obtain drivers through software update.

Apparently, the effort of letting us know this valuable practical information is now too much.

Update (2018-10-22): Miles Wolbe:

I scoured support.apple.com for the final printer driver versions, preferring to archive them locally rather than rely on Software Update.

Mojave and MDM

Victor Vrantchan:

So this is a configuration update which includes information about the Mojave installer, with both the product version and the Mac App Store ItemID. Neat. Normally you don’t see the full OS installer when running softwareupdate. It’s in the App store and you have to download it like you would download an app. This must be a shim Apple is using to enable a MDM only feature.

A curious side effect of having the notification bundle come from the Software Update catalog, is that it’s responsible for this notification, which shows up on user machines regardless of whether you have devices enrolled in MDM[…]

Via mikeymikey:

It’s not our fault Apple has tied their upsell nag to MDM based OS upgrades.

The feature needs to be split or they need to modify their upsell nag to include NotBefore date for the nag itself so the ConfigData can at least go out day 1.

Tuesday, October 16, 2018 [Tweets] [Favorites]

Swift Language Server Protocol Service

Argyrios Kyrtzidis:

I’m excited to announce that we are going to start a new open-source project for a Swift and C-family language service based on the Language Server Protocol. We’ve chosen to adopt LSP so we can benefit from its active community and wide adoption across other editors and platforms. This means that Visual Studio Code, Atom, Sublime Text, or whatever your favorite editor happens to be, can use the same service as Xcode, and any improvements we make to the service will benefit them all.

[…]

We are also going to make the necessary changes for Xcode to use this new LSP-based language service. Similar to how you can load an OSS toolchain in Xcode to try it out now, in the future you will be able to load a build of the OSS LSP service in your installed Xcode and test any fixes or enhancements you make.

This sounds great. It will be written in Swift but work with C/C++/ObjC, too.

Bringing Photoshop to the iPad

Adobe:

Adobe previewed two future mobile apps designed to usher in a new era of multi-surface creation while complementing workflows across Adobe’s existing flagship desktop applications:

  • Photoshop CC on iPad: Redesigned for a modern touch experience, Photoshop CC on iPad will deliver the power and precision of its desktop counterpart. Photoshop CC on iPad will let users open and edit native PSD files using Photoshop’s industry-standard image-editing tools and will feature the familiar Photoshop layers panel. With Photoshop CC across devices, coming first to iPad in 2019, you will be able to start your work on an iPad and seamlessly roundtrip all of your edits with Photoshop CC on the desktop via Creative Cloud.
  • Project Gemini: A new app designed to accelerate drawing and painting workflows across devices, Project Gemini, coming first to iPad in 2019, combines raster, vector and new dynamic brushes into a single app experience built for drawing. Project Gemini enables artists to use and sync their favorite Photoshop brushes and works seamlessly with Photoshop CC.

Dami Lee:

Adobe really wants you to know that the upcoming Photoshop CC for the iPad, which was announced today and is set to be released sometime in 2019, is “real Photoshop.”

The phrase “real Photoshop” came up several times during my week-long preview of an early version of the software giant’s long-awaited app. The underlying code is the same as desktop Photoshop, and although the interface has been rethought for the iPad, the same core tools line the edges of the screen.

Scott Belsky:

I’m going to go on a limb here and say that the era of the file is over. I think that a creation is really a combination of components. Look at a Photoshop “file.” What is it really? It’s a collection of fonts, images and layers of edits and other things taken in from other places, composited together. It’s a collection. All those components, those ingredients of that composition both still exist in their original form as well as their combined altered form, which is ultimately the composition you’re making in a PSD.

What we’ve done — what powers Photoshop on iPad — is what we call the Cloud PSD. The Cloud PSD is in a sense, a manifest of all of these ingredients together.

Underneath the hood, this is a manifest of all the components that you sourced from original sources and then altered into this composition that is what you visually see in Photoshop and iPad, and Photoshop on desktop when you open it. When we ship Photoshop on iPad, [Cloud PSDs] will also run and automatically show up on your desktop product. Suddenly, you’ll have this cloud-powered roundtrip experience akin to a Google Docs experience, where literally the source of truth of your Photoshop creation is in the cloud.

Michael Steeber (MacRumors):

When questioned by Belsky about the role of a creative professional at Apple today, Schiller said creativity has been the foundation of Apple from the very beginning. While the company’s dedication to creativity and the arts hasn’t changed, the technology has, he added. “We never envisioned this would happen,” said Schiller in reference to Photoshop on the iPad.

John Gruber:

The “touch modifier” button is a great idea. It’s a button in the corner that you can press and hold to toggle the current tool. E.g. if you’re using a paintbrush, you can press the touch modifier button to turn it into the eraser. Let go of the button and your tool is back to the paintbrush.

Colin Cornaby:

I think Photoshop on iPad is cool. I also think too many of the hot takes today ignore that professionals use workflows that are a combination of lots of hardware and software. Not just a single application.

Colin Cornaby:

Kind of surprised no one has mentioned memory in talking about Photoshop on iPad. Photoshop can typically use way more than 4 gigs (32 bit limit) on more intensive projects, which is more memory than an iPad ships with. Add in that iOS shuts down apps that use too much memory...

Maybe Adobe is adding their own virtual memory/paging system? Could still be a lot of disk.

Update (2018-10-19): See also: Accidental Tech Podcast.

Michael Steeber:

Lyell prefers the term “real Photoshop” over “full Photoshop” when describing the software. The goal isn’t to clone the app for iOS, but to replicate the core experience.

[…]

One of the features destined to migrate to the iPad is support for third-party paintbrushes. Adobe wants the brushes you already own to eventually sync right from the desktop. The Photoshop team is exploring support for actions, too, although its priority will be determined by customer demand. 3D features, largely redundant thanks to Dimension CC, may not make the cut.

Steve Troughton-Smith:

I would be surprised if the 2017 and 2018 iPads don’t get virtual memory paging. This seems to dovetail with the trajectory iPad Pro seems to be on, to become more ‘computer-y’

Joe Groff:

Even without OS swap, an app can mmap their own “swap” out of a file on disk. Older A-series chips had pretty restricted virtual address spaces in hardware though

Maxwell:

I wouldn’t do it that way, then you get 100ms uncontrollable page faults. Better to wire / unwire the regions before and after using the regions. App is always better informed than the OS at data access patterns

Greg Parker:

VM swap also quickly burns through SSD write cycles. I know that was a strike against swap back in the day; I assume it would still be a problem now.

David Smith:

Yup. The limited form of it in use now explicitly budgets write cycles.

Jeff Perry:

Despite my criticism on Apple not providing apps that are pro apps, I will say that there is no tablet in the Android, Chromebook, and probably the Windows ecosystem, that is as beautifully designed and well thought out as those on the iOS ecosystem, especially the iPad. If I were to look for something like Affinity Designer and Lumafusion in a Tablet form I sincerely doubt I would find anything that is as close to the intersection of beauty and function like those available on the iPad.

If ever there were a time to think about replacing that old MacBook Air with an iPad, I would say that time is now. With Adobe releasing more iPad apps in 2019 and almost certainly new iPads coming in the next month or two, I think right now is the perfect time to think about what you can do with the iPad and really consider if it can be a replacement for you in your day to day work and life. For me, it absolutely is.

Update (2018-10-24): Steve Troughton-Smith:

One very interesting thing that Adobe mentioned about Photoshop for iPad is that it only took two engineers to port it, as a skunkworks project. Just goes to show how one or two people can make a huge difference

Chris Johnson:

I think it’s incontrovertible that Apple’s pro design customers would have been better served by a Mac with Pencil support rather than being forced to wait for a pro apps and workflows to come to the iPad.

It’s exciting that “real” Photoshop is coming to the iPad nine years after the iPad was first released. The iPad should be able to do more things and do them well. But that’s also nine years Apple’s pro customers were left to use ungainly Wacom products if they needed a stylus.

It also remains to be seen if pro designers and artists will be happy working in the confines of iOS where file management and multitasking are still in their infancy.

Lightroom CC 2.0 and Lightroom Classic CC 8.0

Jeff Carlson:

Facial recognition is a processor-intensive task, as anyone who’s waited for Lightroom Classic to churn through a local library knows. In the new Lightroom CC People View, the library is indexed and analyzed in data centers instead of your computer. It appears as a category under My Photos, along with the All Photos, Recently Added, and By Date categories.

[…]

Tying search to Sensei, however, means there’s no local search capability. If your laptop is offline, the Search field doesn’t even work (but the Filter options do). Or, if you do have Internet access, but you’ve paused the sync feature, the search feature won’t pick up any photos you’ve imported that aren’t yet copied to Creative Cloud.

[…]

The performance of Lightroom Classic has improved over the year, but working in Lightroom CC is faster, plain and simple.

[…]

One of my favorite features of Lightroom CC is how it handles images on disk. My MacBook Pro doesn’t have enough storage for my entire library, so Lightroom invisibly removes older originals to conserve disk space, and downloads them on demand from the cloud when needed. But I also save original copies of each image to an external drive in my office. When that disk is not connected, newly-imported photos are kept on the laptop’s storage; as soon as I connect that external drive, Lightroom automatically moves the files from the MacBook Pro to the external. In Lightroom Classic, you have to manually move and copy images.

[…]

This is perhaps one of the biggest limiters for many people: To really take advantage of Lightroom CC, you need a robust, always-on Internet connection.

Plus, it seems pretty useless unless you subscribe to at least the 1 TB storage plan. When your entire library has to be in the cloud, 20 GB doesn’t go very far.

I’m still not crazy about having to pay the full subscription rate to get the the cloud version and Photoshop when I only use Lightroom Classic. The price has more than doubled since the days of standalone Lightroom, plus now it stops working if I stop paying. On the plus side, there are now improvements to Classic throughout the year, but it seems clear that Adobe’s focus is elsewhere.

Previously: New Lightroom CC and Lightroom Classic CC.

Update (2018-10-19): Jeff Carlson:

With this week’s release of version 8.0, it’s clear there’s still plenty of life in Lightroom Classic CC. It’s the choice for photographers who aren’t interested in syncing their entire libraries with other devices via Creative Cloud, or who need features such as HDR or panorama merging, printing, creating books or slideshows, and more advanced organizing and metadata wrangling. Here’s an overview of the spotlight features in this release.

The 2018 MacBook Keyboards Have the Same Old Problems

Casey Johnston (tweet):

In July, Apple slightly redesigned the very low profile butterfly keyboard on its MacBooks and MacBook Pros, not because “a small percentage” of the previous version was rendered useless by a speck of dust, the company said, but to make it quieter; it even invited the tech press to try it out. iFixit teardowns of the hardware revealed that, in fact, Apple had added a silicone membrane under the keys that looks quite a bit like it’s meant to keep dust and debris from lodging under the key and locking it up. Was that the idea? No, Apple unequivocally said.

But this was not the story I got from several Apple employees I have since spoken to at Apple stores I visited. Every time I described the 2017 MacBook Pro I sold because I couldn’t stand its non-functional keyboard and asked an Apple store employee if the new one would screw me over the same way, each assured me that Apple had changed the keyboards so that that would never happen again.

[…]

But checking around online, it appears the new keyboards have the same old issues. They may be delayed, but they happen nonetheless. The MacRumors forum has a long thread about the the “gen 3 butterfly keyboard” where users have been sharing their experiences since Apple updated the design. […] The thread goes one for 600 posts, most either posting complaints, expressing how mystified they are that the problems continue, or speculating what Apple will do now that this design has failed as well.

Previously: Mac Sales Down in Q3 2018 Amid a Lack of Updates, MacBook Pro 2018, Unreliable MacBook Pro Keyboards.

Update (2018-10-18): Nick Heer:

The nature of online reviews and Mac enthusiast forum users, in general, tends to draw out negative experiences in a sort of shared commiseration experience. There aren’t loads of people who will chime in with their flawless keyboard experience. But, even if a smaller number of 2018 MacBook Pro owners are finding their computers susceptible to dust-induced keyboard failures compared to 2016 or 2017 model year users, these problems are still unique to the ultra low profile “butterfly” mechanism used in these models and are not present in previous generations of keyboards. This a serious regression of one of its single most critical components. These are not good keyboards.

Update (2018-10-25): John Kneeland:

I’ve gone through 2 MacBook Pros at work with the new keyboard in 6 months because they keep breaking...lesson learned...for my home computer I’ll hold onto my old 2013 MacBook as long as possible

Paul Allen, RIP

Vulcan (MacRumors):

It is with deep sadness that we announce the death of our founder Paul G. Allen, co-founder of Microsoft and noted technologist, philanthropist, community builder, conservationist, musician and supporter of the arts. Mr. Allen died on Monday afternoon, October 15, 2018, from complications of non-Hodgkin’s lymphoma in Seattle. Mr. Allen was 65 years old.

Harry McCracken:

Altair BASIC’s success led to the duo starting a company called “Micro-Soft” to write BASICs for other computers. Over time, the company produced additional programming languages, operating systems, word processors, spreadsheets, email apps, accounting packages, server software, CD-ROM titles, web browsers, and . . . well, you get the idea.

[…]

Allen, who became a billionaire in 1990, was certainly involved in plenty of projects that didn’t go much of anywhere—the FlipStart PC, a tiny Windows palmtop, sticks in my mind—but that’s explained, in part, by the sheer volume of things he did. He funded companies in out-there categories such as fusion energy as well as more straightforward areas like social media, tried to turn a cable company into a next-generation communications behemoth, and pioneered private space flight. He was an exceptionally generous philanthropist in areas from ocean health to Ebola research.

Update (2018-10-18): Bill Gates (Hacker News):

In fact, Microsoft would never have happened without Paul. In December 1974, he and I were both living in the Boston area—he was working, and I was going to college. One day he came and got me, insisting that I rush over to a nearby newsstand with him. When we arrived, he showed me the cover of the January issue of Popular Electronics. It featured a new computer called the Altair 8800, which ran on a powerful new chip. Paul looked at me and said: “This is happening without us!” That moment marked the end of my college career and the beginning of our new company, Microsoft.

See also: Robert X. Cringely.

Monday, October 15, 2018 [Tweets] [Favorites]

Google Pixel 3 and 3 XL

Nicole Nguyen (via John Gruber):

The Pixel 3 starts at $799, and Pixel 3 XL at $899. They can be preordered today and ship on Oct. 18. The phones come in two storage sizes, 64GB and 128GB, and three colors: Just Black, Clearly White, and a new hue, Not Pink.

[…]

Google is selling its own wireless charger, called Pixel Stand, for $79. When the Pixel 3 is put on the stand, it goes into a “display assistant” mode and essentially turns the phone into a Google Home, where you can use voice commands to play music, see your calendar, and view photos.

[…]

The Pixel 3 doesn’t have a headphone jack, but it does come with USB-C earbuds.

[…]

But, bizarrely, the front-facing camera does have two lenses now. One is the normal 8-megapixel camera you’d expect, and the other is a wide-angle, GoPro-style lens with a 97-degree field of view (instead of 76 degrees in the normal lens).

Dieter Bohn (via David Chen):

You can see that the Pixel 3 is pulling more detail out of the shadows than the Pixel 2. It’s also going for a slightly warmer tone, especially with faces. In fact, I think it’s moved a little closer to the iPhone in terms of the image it’s trying to produce — but only a little bit. The iPhone XS is applying HDR effects too aggressively and overly brightening the shadows, as though it wants everything to be evenly lit. To me, it just looks off.

Here’s the default selfie camera, zoomed in a bit to show you some detail. Again, the Pixel 3 has much more detail while the iPhone XS feels a little bit over-smoothed. I’m not saying I’m a “Beautygate” truther here, but I definitely prefer the Pixel 3. It’s much more willing to let the light be what it’s going to be and not aggressively trying to flatten everything to the same level.

I’m still not sure what to make of the new iPhone cameras and Smart HDR feature. The failure mode is certainly bad: photos that look unnatural are way worse than photos with some areas in shadow. I’ve gone from initially being tempted to upgrade my iPhone SE mainly for the improved camera to wondering whether I should hold onto it or try to find a used iPhone X or an iPhone 8 until Apple gets its act together. We just don’t seem to have good information yet. I haven’t seen anything definitive about what the Smart HDR setting does or whether the “HDR garbage” still happens when it’s off. Reviewers have been comparing iPhone XS with Smart HDR on to other phones, rather than looking at how the same phone takes photos with different values of that setting.

Previously: iPhone XS Users Complain About Skin-Smoothing Selfie Camera.

Update (2018-10-15): See also: Josh Centers.

Update (2018-10-16): Juli Clover:

You can see all of the full resolution photos that we took with the Pixel 3 XL and the iPhone XS Max in this Imgur album that we created.

Update (2018-10-19): Mat Honan (Hacker News):

This is a great phone. I highly recommend it. But it's no longer totally clear to me that the information systems we've built to help us navigate life are net beneficial to society.

Update (2018-12-07): Matt Birchler:

As an example, here’s a selfie from the Pixel 3 with Night Sight and the iPhone Xs. The difference in some of these are pretty amazing.

Spaces, Apple’s Mostly Ignored macOS Productivity Feature

William Gallagher:

If you use Spaces on your Mac then you probably love this feature so much that you can’t imagine not having it. More likely, though, you’ve vaguely heard of it and not looked to see whether it could be of use to you.

Even Apple seems to have forgotten this feature as it received no updates at all for macOS Mojave —at least no visible ones —and unfortunately it has call to be updated. Right now certain elements feel oddly unfinished and others are downright confusing.

Spaces has been around since macOS 10.5, but it still feels unfinished. It never got full API support in Cocoa, so applications can’t really control which spaces their windows appear on, and neither can scripts. The system decides where new windows will appear, and you have to live with it.

The more complex a Spaces workflow you decide to use, the greater the chance that the system will mess it up, so it’s best to keep things simple. In general, Spaces is better at grouping windows by application rather than by task, which is unfortunate because it’s so natural to want to put separate tasks in separate spaces.

A simple case where this falls down is with state restoration. I often have Safari windows spread across multiple spaces: windows related to customer support in the first space, windows related to development in the second space, and windows related to blogging in the third space. If I quit and relaunch Safari, it restores the windows but combines them all into the current space. As far as I can tell, this is not a Safari bug; it’s just the way macOS’s window restoration feature works. And because there’s no Space API, it’s not possible for third-party apps like BBEdit—which has always had fantastic state restoration in other respects—to do it properly themselves.

Building DSLs in Swift

John Sundell:

So let’s take things one step further, and enable our above code to be used as a proper DSL. The first thing we’ll need is an execution context. One reason that DSLs can remove so much verbosity and cruft, is that they’re used in a very specific context, that itself already provides much of the information required to understand what the code does.

[…]

For our context, we’ll take some inspiration from the UIView.animate API, and use a closure to encapsulate the usage of our DSL. All we need to make that happen is a simple extension on UIView that adds a method that in turn calls our context closure.

[…]

Let’s see how we can improve our DSL using operators - starting with overloading the plus and minus operators to enable us to combine a layout anchor and a constant into a tuple - which’ll later let us act on them as one unit[…]

The Challenge of Just Fine

Chuq Von Rospach:

But the user me? I don’t care. I have an expensive Apple TV an expensive 4K monitor, and an expensive HomePod speaker, and I just want it all to work, because my expectation of Apple is to sweat the details and make it work.

And here I am, telling the TV that yes, it should use the HomePod as speakers again. For the fourth time today. That’s one of those small usability friction point that keeps me from wanting to use the Apple TV and leaves me feeling frustrated that it’s just not as good as it really is. It seems like a minor point — and again hashtag first world problems — but it’s the kind of thing that turns someone from a massive fan of a product into an “oh, it’s okay” person.

[…]

A big part of what made Apple successful in its turnaround was a commitment to sweating the details and living or dying on “it solves your problem, and it just works”. And over the last few years, Apple’s lost that level of detail and commitment to quality. It’s all about sweating the details, and bluntly Apple’s not doing a great job of that right now.

Previously: Anker SoundSync Drive Bluetooth Car Receiver.

The Modern Hackintosh

Stephen Hackett:

This video recently caught my eye[…]

In it, Quinn Nelson walks through a $1,400 machine that gives my $5,000 iMac Pro a run for its money, despite having a worse GPU and an i7 CPU.

Nelson points out that these numbers may come down to cooling. The tower in his video, complete with a liquid CPU cooler, can run its components much harder than the iMac Pro, as it has the thermal headroom to do so.

Previously: Mac Sales Down in Q3 2018 Amid a Lack of Updates, On the Sad State of Macintosh Hardware, Building a Hackintosh Pro.

Sometimes It’s Better to Just Start Over With iCloud Photo Library Syncing

John Gruber:

I did some searching on the web and eventually stumbled on a thread that suggested signing out of iCloud and then signing back in. This makes some sense, because all of these Continuity features go through iCloud. So I did that on the iPhone, and, long story short, that seemed to fix the issue. After one more reboot of the phone, Instant Hotspot was working perfectly.

[…]

Effectively, I think what happens is that when you turn off iCloud Photo Library, it leaves all the photos and videos on your phone in your local library. When you turn iCloud Photo Library back on, it has no idea which of the items in your local iPhone library are duplicates of items in your iCloud library, and so it has to check them one by one. Whatever algorithm it’s using for this is slow as molasses.

[…]

So if you temporarily turn off iCloud Photo Library and turn it back on, it might be easier to just delete all your photos from your iPhone first, and let them all sync back from iCloud.

Friday, October 12, 2018 [Tweets] [Favorites]

Anker SoundSync Drive Bluetooth Car Receiver

I’ve been using an Anker SoundSync Drive to play audio from my iPhone on my car’s speakers without needing a headphone jack (on the phone).

It’s pretty typical of Bluetooth devices in that it basically works but never feels fully reliable. After you turn on the engine, the SoundSync gets power, and you have to press a button to connect it to your phone. Press the button too quickly and nothing happens. You have to hold it down a bit in order for it to work. The required time is not consisent. Some days, you need to hold it longer than others. Some days, it doesn’t work no matter how long you press it or how many times you try, and you have to reboot the phone.

Once Bluetooth has connected, though, it works very well. I’ve never found Siri to be reliable at pausing or resuming audio, so it’s nice to have a physical button to do this. There are also buttons for switching to the next or previous track.

Initially there was a lot of static/buzzing/whistling interference noise, which was especially noticeable during quiet periods. Apparently this happens because the SoundSync and phone are plugged into the same power source. This went away when I added an Mpow Ground Loop Noise Isolator.

Compared with using a combination Lightning charge/audio dongle, the SoundSync requires an extra USB port in the car and an extra cable to manage. It also takes an extra step each time you get in the car, because you have to plug in the phone and turn on the SoundSync, rather than just plug the phone into both audio and power simultaneously.

On the other hand, for a short trip where the phone doesn’t need power and you don’t need to put it in a mount for navigation, the SoundSync lets you keep the phone in your pocket. (But good luck using Siri that way.)

Overall, I find the SoundSync more reliable than third-party Lightning dongles—Apple doesn’t make one, alas. Nothing is as reliable as using a headphone jack on the phone, though that isn’t particularly convenient. Nothing is as convenient as AirPods, though those have other limitations.

The tiny TUNAI Firefly also looks interesting, though I don’t think it would fit properly in my car.

Previously: Lightning vs. USB-C for Headphones, Removing the iPhone’s Headphone Jack.

Update (2018-10-12): See also: Isaac Halvorson.

Is There Hope for the Mac App Store?

Speaking of the Mac App Store, Paulo Andrade writes (tweet):

Since its inception the Mac App Store has lagged behind its iOS counterpart. To this day there’s still no TestFlight or App Store analytics for Mac.

[…]

But although the tendency for shorter app review times was sustained, the unpredictability was still there… at least on the Mac App Store. In the last year alone there were at least a couple of occasions where Secrets for Mac got stuck in either “Waiting for Review” or “In Review” for at least a week. In both cases, contacting App Review seemed to unblock the issue.

[…]

And it sure looks great [in 10.14]. Certainly a great improvement over what was there before, albeit sometimes it feels more like an iOS app running on the Mac than a native Mac app.

[…]

Tried submitting to the Mac App Store but failed because it refuses to accept binaries with the new com.apple.security.automation.apple-events. Since Mojave’s release is still a week and half away, I contact Apple and wait for a response.

[…]

30 days after my initial submission attempt, Secrets 2.8.0 is still not available on the Mac App Store. Besides knowing my issue was escalated, I have no idea what’s going on, why it’s taking so long or when can I expect it to be reviewed.

Lily Bradic (via Phil Schiller):

But after my initial “ooh, Dark Mode!” reaction subsided, I realised it wasn’t just the contrast between the dark backdrop and the rich illustrations that was impressive, but the design of the Mac App Store itself. For the first time ever, the App Store feels like one of the beautifully designed apps you’d go there to purchase — as well as a platform for discovering them.

[…]

Apple have recreated the Mac App Store from the ground up, and it’s a pleasure to use. There’s a joy in simply browsing: with the all-new Discover tab, Apple has introduced fascinating stories, in-depth interviews and weekly picks. These editorial features bring everything together, creating an ecosystem that celebrates the best of what app developers have to offer.

[…]

Exploring the new Mac App Store feels like an adventure, and it inspires you to make the most of what your Mac is capable of doing.

Coincidentally, Andrade and Bradic work on competing products.

Previously: AEDeterminePermissionToAutomateTarget Added, But AEpocalyse Still Looms.

Update (2018-10-19): Mark Munz:

How did Apple manage to completely rewrite Mac App Store for Mojave and STILL NOT let users to search for past purchased items?

I honestly don’t believe developers at Apple actually use Mac App Store.

Update (2018-10-22): Frank Reiff:

After the first 25 or so days of the “new Mac App Store”, I’m happy to report that sales are if anything down and there is zero sign of any sandboxing or policy changes that could have changed anybody’s mind about the Mac App Store.

Update (2018-10-25): Matthias Gansrigler:

I hope @Apple and the #Mac @AppStore team are aware that App Preview videos (adhering to Apple’s specifications) are cut off at the edges. It’s especially bad for @YoinkApp, since it appears at the edge of the screen and is now partially cut-off in the videos.

Update (2018-11-27): Howard Oakley:

Take, as an example, its Updates view. There’s so much wrong here that it is close to being functionless, and is often misleading. The previous App Store app provided a time-ordered list of (almost) all the updates that you had installed, although most recently Apple had even tampered with that record, removing old versions of macOS, for instance, without any good reason. When it comes to displaying updates, this new version has a mind of its own. It sometimes only lists a specific update there for a few minutes. It weeds the list as and when it feels like, and doesn’t pay much attention to how long ago the update was installed. Few, though, are allowed to remain longer than a few days, then apparently pass out of the scope of its very limited memory. If I can remember as far back as a week ago, why can’t this wonderful new app? Its list of updates is extremely wasteful of space. All I want to see here is the name and version of the update, and when it was installed. Yet in quite a sizeable window, the app is incapable of displaying more than about 14 updates, when it can recall them.

[…]

But its most bizarre behaviour is the way in which it calculates how long ago each update was installed. This may seem a small point, but almost every time that I look at the list of updates, it makes me stop and check. At first, I thought it might be locked into Pacific Standard Time, even though I access the UK App Store from UK local time. But when it reports that an update was installed X Days Ago, it isn’t applying a human concept, but that of a machine date calculation.

Update (2018-11-29): scott:

You can not update free software from the Mac App Store without a valid credit card on file. You can not download security patches for free software from the Mac App Store without a valid credit card on file.

Found this out after switching banks.

That is completely crazy.

Update (2018-12-05): John Gruber:

So in Mojave’s Mac App Store app, you can’t scroll anything using standard keyboard keys like Page Up, Page Down, Home, End, or the space bar?

Things like this are canaries in the coal mine regarding the state of the Mac. If even Apple doesn’t get basic fundamentals — like supporting Page Up/Down, things which should work in a scrolling view out of the box — how are we to expect any developer to?

Update (2018-12-07): Howard Oakley:

Mojave 10.14.2 update didn’t, if Apple’s release notes are to be believed, bring any changes to the Mac App Store. But after the update, it is behaving quite differently. In fact, it looks as if it’s broken, on this Mac at least.

Update (2018-12-11): Howard Oakley:

It started well after I had successfully migrated to my new Mac. One morning, there were four updates shown in the App Store. When I clicked to download and install them all, a little later the App Store had given up, and told me they had to be downloaded again from the store.

The Math Behind Project Scheduling, Bug Tracking, and Triage

Avery Pennarun (via Hacker News):

Many projects have poorly defined (and often overridden) priorities, hopelessly optimistic schedules, and overflowing bug trackers that are occasionally purged out of frustration in a mysterious process called “bug bankruptcy.” But a few projects seem to get everything right. What’s the difference? Avery collected the best advice from the best-running teams at Google, then tried to break down why that advice works—using math, psychology, an ad-hoc engineer simulator (SimSWE), and pages torn out of Agile Project Management textbooks.

We’ll answer questions like:

  • Why are my estimates always too optimistic, no matter how pessimistic I make them?
  • How many engineers have to come to the project planning meetings?
  • Why do people work on tasks that aren’t on the schedule?
  • What do I do when new bugs are filed faster than I can fix them?
  • Should I make one release with two features or two releases with one new feature each?
  • If my bug tracker is already a hopeless mess, how can I clean it up without going crazy or declaring bankruptcy?

Working Around a Swift “nonmutating” Crash

Nataliya Patsovska (via Florent Pillet):

We recently found a mysterious bug in our framework Flow present only when building with Xcode 10:

-Mutating an object on the same line it was created on would cause BAD_ACCESS crash.

-Splitting the line into 2 lines would work fine.

Of course that was a workaround, not the fix.

[…]

Turns out we were using the “nonmutating” keyword in a protocol extension and the compiler decided it is safe to deallocate the object implementing the protocol too early.

Moving the setter to the class somehow worked[…]

See also: Mutating And Nonmutating Functions.

Previously: Exploring Swift Array’s Implementation.

Update (2018-10-15): Joe Groff notes the bug page and a potential fix.

Thursday, October 11, 2018 [Tweets] [Favorites]

Mac Sales Down in Q3 2018 Amid a Lack of Updates

Juli Clover:

During the quarter, Apple shipped an estimated 4.9 million Macs, compared to 5.4 million in the third quarter of 2017 for an 8.5 percent drop. Apple’s market share also declined, dropping from 8 percent in 3Q17 to 7.3 percent in 3Q18.

[…]

Apple’s decline in Mac sales is no surprise as the company has yet to update much of its Mac lineup for 2018. The only Mac that has seen a refresh so far is the MacBook Pro, with MacBook, MacBook Air, and Mac mini updates still on the horizon for a fall launch.

Falling Mac sales come amid stagnant growth for the overall worldwide PC market. A total of 67.2 million PCs were shipped during the quarter, an 0.1 percent increase from the third quarter of 2017.

Aside from the $4,999 iMac Pro, the current Mac lineup is not very inspiring. The Mac mini and consumer notebooks haven’t been updated recently. The iMac was updated in June 2017 and still has a defective processor. The MacBook Pro was updated this July, but the keyboard remains a question mark; we don’t yet know how reliable the new design is, and it’s been reported as less pleasant to type on than the unreliable one. The Touch Bar is still mandatory.

Apple has yet to deliver on its talk about recommitting to professional users. Mojave added hurdles that make it harder to develop and use pro apps, and a prototype framework for making dumbed-down apps. At WWDC, Apple hinted that there were Mac App Store improvements for developers, but so far they are MIA like those secret Leopard features. We know very little about the forthcoming Mac Pro, which is scheduled for 2019.

Previously: Macs Lose Marketshare, On the Sad State of Macintosh Hardware, Forthcoming MacBook and Mac mini Updates.

Update (2018-10-19): Bradley Chambers:

I am specing out a new bulk Apple laptop purchase, and I couldn’t be less satisfied with the current lineup.

I really need a MacBook with 2 USB-C and 256GB storage for around $1199.

Update (2018-10-22): Bradley Chambers:

Apple used to be about premium experiences compared to the competitors, but I do not see “premium” on any products except iPhone. It seems like now they are counting on the Apple brand to sell the products versus a best in class experience. On the flip side, I feel like there are so many categories they could make a meaningful impact in (home networking, home automation products, and expanded cloud services) that it perplexes me why they don’t.

[…]

The thing I like the least about Tim Cook’s Apple is they are taking gambles on raising pricing and building accessories for iPhones where Microsoft is re-thinking the laptop, and Amazon is trying to build a world where the OS lives in the cloud. We’ve been reduced to a world of apps and digital assistants. Android has most of the core apps you’d need to switch. Alexa can do a lot more than Siri. Amazon Fire TV has very similar apps to Apple TV.

SmartBackup 4.2 Is Now Free

Solesignal:

SmartBackup uses its own custom sync engine which offers several performance advantages over other utilities. SmartBackup will immediately start copying data while it in parallel still analyses what has changed. SmartBackup’s sync engine then uses multiple threads that copy files in parallel, squeezing the fastest possible performance out of your storage. This makes it significantly faster that other utilities when cloning SSDs or syncing between fast RAID or SAN storage.

It supports bootable clones and archiving deleted files, and it claims to pass all the Backup Bouncer tests.

More about the threading:

  • If a single “spinning” harddisk is involved as a source or destination 2 copy threads will be fastest.
  • If source and destination are SSD/Flash based, or a RAID, 4 copy threads will give you optimum performance.
  • If you use a network backup, it depends on your setup and the type of data. Somewhere between 2-4 threads will be fastest.
  • On fast Xsan/Stornext volumes, choose the number of stripe groups available as the number of threads.

Max Inspect 1.0

Max Technology Labs:

Ever forgotten to remove a debugging entitlement? Signed an app with the wrong cert? Accidentally linked in an extra framework you didn't need? Don't do that.

This developer tool lets you inspect your apps for mistakes in entitlements, code signing and dependencies. Select or drag an app into Max Inspect and it will reveal useful information for you to verify the app before distribution.

It’s kind of like RB App Checker Lite, which is sadly now on hiatus. Unfortunately, it doesn’t let you drag and drop apps onto its icon in the Dock or LaunchBar.

Previously: RB App Checker Lite 1.0.

Update (2018-10-12): Maxwell:

Version 1.1 just came out, you can now drag apps onto it on the Dock icon :)

Microsoft Opens Its Patent Portfolio

Nat Friedman:

Microsoft is pledging our massive patent portfolio – over 60,000 patents – to Linux and open source by joining OIN this morning. If you're looking for signs that we are serious about being the world's largest open source company, look no further.

Erich Andersen:

We know Microsoft’s decision to join OIN may be viewed as surprising to some; it is no secret that there has been friction in the past between Microsoft and the open source community over the issue of patents. For others who have followed our evolution, we hope this announcement will be viewed as the next logical step for a company that is listening to customers and developers and is firmly committed to Linux and other open source programs.

Wednesday, October 10, 2018 [Tweets] [Favorites]

Swift Nil-coalescing Performance Trap

Ben Cohen (via Ole Begemann):

?? [] is a significant performance and correctness trap.

Not because [] creates an array unnecessarily (it doesn’t, the empty array is a static singleton in the standard library via a performance hack that gives me heartburn).

It’s because when the array isn’t nil, the presence of ?? [] affects the type checker in ways you don’t expect[…]

[…]

So what does maybeHugeRange?.reversed() ?? [] do? The ReversedCollection answer won’t type check, because the rhs of ?? can’t be one. So instead it falls back to the version on forward-only collections. That returns an array. So now, just because of that ?? [], we are attempting to allocate and fill an array of size Int.max. Which blows up.

SE-0231 (Swift Evolution):

This proposal introduces optional iteration (for?) and hence the possibility to use optional sequences as the corresponding attribute in for-in loops.

[…]

The ? notation here is a semantic emphasis rather than a functional unit: there is no for!. Syntactically marking an optional iteration is redundant, however, in constrast to switch, nil values are skipped silently. Swift strives to follow a style where silent handling of nil is acknowledged via the ? sigil, distinctly reflected in optional chaining. This decision was primarily based on inconsistency and potential confusion that an otherwise left without syntactic changes for-in loop could potentially lead to (“clarity over brevity”).

History of Uber’s Design

Eli Schiff:

Not only that, but this is a critical time in Uber’s ascendence, as it is on the precipice of going public in 2019. A lot is at stake. In that context, it makes sense why several weeks ago on September 12, 2018, Uber played the classic PR-dampening move—launching a major brand announcement during an Apple keynote.

[…]

Most publications missed the patterned 2016 icon as though Uber’s prior rebrand had never occurred. But the remaining few writers who did cover any interim icon ignored that Uber has transitioned icons not once, not even twice, but five times between 2016 and 2018.

Out of the recent icon redesigns, the first and most controversial iteration came in February 2016, featuring a bit (rounded rectangle) and atom (circle) motif overlaid on a patterned teal base. This icon bucked the trend of flatness with a minor, almost-invisible dropshadow.

[…]

This time, Khosrowshahi wasn’t going to leave anything in the rebrand to chance. Unlike in Kalanick’s 2015 “passion project,” in 2018, Khosrowshahi left design to the pros at Wolff Olins (branding), MCKL (type), Ueno (development) and R/GA (development), in collaboration with the Uber Brand Experience Team. What was the advantage of leaning on external designers? Uber itself couldn’t be blamed for any bad outcomes.

The Battle for the Home

Ben Thompson:

If the first stage of competition in consumer technology was the race to be the computer users went to (won by Microsoft and the PC), and the second was to be the computer users carried with them (won by Apple in terms of profits, and Google in terms of marketshare), the outlines of the current battle came sharply into focus over the last month: what company will win the race to be the computer within which users live?

[…]

There is one final question that overshadows all-of-this: while the home may be the current battleground in consumer technology, is it actually a distinct product area — a new epoch if you will? When it came to mobile, it didn’t matter who had won in PCs; Microsoft ended up being an also-ran.

The fortunes of Apple, in particular, depend on whether or not this is the case. If it is a truly new paradigm, than it is hard to see Apple succeeding. It has a very nice speaker, but everything else about its product is worse. On the other hand, the HomePod’s close connection to the iPhone and Apple’s overall ecosystem may be its saving grace: perhaps the smartphone is still what matters.

Previously: Initial HomePod Sales.

Update (2018-10-22): Joe Rossignol:

Apple’s HomePod is the ninth most popular smart speaker model in the United States, according to an online survey of 1,011 smart speaker users conducted by research firm Strategy Analytics in July and August.

Marco Arment:

I like my HomePod, but there are still three huge problems compared to the Echo that sits next to it:

- Siri is much slower to respond than Alexa

- Siri isn’t as reliable as Alexa

- The HomePod ecosystem is limited to a single device, and it’s too expensive.

Why Apple Doesn’t Allow Custom Watch Faces

Marco Arment:

It’s great for Apple to offer a wide variety of Apple Watch faces, but most of them are short-lived novelties at best. We’re three years and four generations into the Apple Watch, and almost every Watch owner I know still uses the same handful of “good” faces.

If you want digital time with a good deal of complications, Modular is your only good choice (or Infograph Modular on the Series 4). If you want analog time with numerals, Utility is the only good option. If you want indices instead of numerals — probably the most popular analog watch style in the world — I don’t think there is a good option.

[…]

And we’re restricted to the handful of good watch faces that Apple makes, because other developers aren’t allowed to make custom Watch faces.

[…]

In a time when personal expression and innovation in watch fashion should be booming, they’re instead being eroded, as everyone in the room is increasingly wearing the same watch with the same two faces.

Renaud Lienhart:

The simple reason why Apple doesn’t allow 3rd party watch faces: the vast majority of them would be copyright-infringing, trademark-stealing lookalikes of the mechanical watchmakers’ designs. Apple would be liable for allowing them and be drowning in lawsuits in no time.

Charles Arthur:

think Apple is wary. Got sued over Swiss clock design ripoff in iOS 6, which is a LONG time ago. Clearly hurt. it’s all fine until you get stung for a ton of money.

Jean-Louis Gassée:

True: Rolex, Omega, Patek value their “trade dress”. Recognizable, intended to say something about the wearer.

Marco Arment:

I’ve gotten this theory a lot, and it’s absolutely a valid concern.

But they already have people submitting copyright and trademark violations all the time at a much higher volume, and a process for dealing with them, with the App Store.

Update (2018-10-11): Steve Troughton-Smith:

As so many people were asking, I put my sample Apple Watch ‘face’ project on GitHub. If you want to use this as a jumping off point to prototype your own Watch faces, go nuts!

Update (2018-10-26): Uluroo:

Apple calls the Watch its most personal device ever. What a recent surge of enthusiasm — led by Marco Arment and Steve Troughton-Smith — has been all about is simple: this personal device is missing personalization in the most important, most powerful, most obvious way possible.

[…]

For an upheaval akin to the App Store to occur on the Apple Watch, the device’s key interaction point needs to be opened up, just as the iPhone’s was. And that brings us to what everyone has been begging Apple to allow since the inception of the device: third-party watch faces.

[…]

Lots of major developers have been dropping out of the Watch’s App Store; this would send them running back. Uluroo would bet money that there were some ideas for Apple Watch experiences that got scrapped because they made more sense as a watch face than as an app.

Apple’s War on iPhone Fraud in China

Wayne Ma:

Five years ago, Apple was forced to temporarily close what was then its only retail store in Shenzhen, China, after it was besieged by lines of hundreds of customers waiting to swap broken iPhones for new devices, according to two former Apple employees who were briefed about the matter. In May 2013, the Shenzhen store logged more than 2,000 warranty claims a week, more than any other Apple retail store in the world, one of those people said.

After some investigation, Apple discovered the skyrocketing requests for replacements was due to a highly sophisticated fraud scheme run by organized teams. Rings of thieves were buying or stealing iPhones and removing valuable components like CPUs, screens and logic boards, replacing them with fake components or even chewing gum wrappers, more than a half-dozen former employees familiar with the fraud said. The thieves would then return the iPhones, claiming they were broken, and receive replacements they could then resell, according to three of those people.

Joe Rossignol:

Hesitant to get Chinese authorities involved, due to the risks of public backlash and negative publicity in state-run media, Apple launched an online reservation system that required proof of ownership, and later developed diagnostic software that allowed retail employees to quickly detect fake parts in iPhones.

Fraudsters found ways to evade these tactics, however, and even went as far as obtaining Apple customer records, including serial numbers, for iPhones that had already been sold in China.

[…]

Apple also began dipping batteries in a special dye that could only be seen under a high-frequency light to authenticate them during repairs, the report says. A-series chips in iPhones are also allegedly coated in a waterproof sealant that can be seen under certain wavelengths, offering another countermeasure.

Tuesday, October 9, 2018 [Tweets] [Favorites]

Sunsetting Google Plus

Ben Smith (Hacker News):

The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations. Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+.

To give people a full opportunity to transition, we will implement this wind-down over a 10-month period, slated for completion by the end of next August. Over the coming months, we will provide consumers with additional information, including ways they can download and migrate their data.

At the same time, we have many enterprise customers who are finding great value in using Google+ within their companies. Our review showed that Google+ is better suited as an enterprise product where co-workers can engage in internal discussions on a secure corporate social network.

Scott Perry:

Eight years ago my friends at Google were having their compensation made conditional on the successful launch of Google+. This was the outcome we all predicted, but it took much longer than expected.

Dave Winer:

Google+ was unmotivated by any need for what it did. No one loved it. It was born only to slow Facebook growth. It’s like having a kid so it can beat up your neighbor’s kid. Products, to be any good, must be motivated, have a creative purpose.

Nick Statt:

Google exposed the personal information of hundreds of thousands of users of its Google+ social network, the company announced in a blog post this morning. The news, originally reported by The Wall Street Journal ahead of Google’s announcement, means that Google+ profile information like name, email address, occupation, gender, and age were exposed, even when that data was listed as private and not public. However, Google says that it has no evidence to suggest any third-party developers were aware of the bug or abused it. The bug, affecting an API that was accessed by hundreds of developers, appears to have been active between 2015 and 2018.

The company says it closed the bug in March 2018 shortly after learning of its existence. The WSJ reports that the company chose not to report it because of fear of “immediate regulatory interest” that would lump Google in with Facebook, according to one source’s description of the incident.

Nick Heer:

That this disclosure wasn’t made until today — seven months after this breach was noticed — is unconscionable. But it is outrageous that the reason for not disclosing it in the first place was because they wanted to hide it from the law and that Pichai knew about it.

By the way, because Google tried so hard to make Google Plus work, it’s possible that your Google account — if you have one — is a Google Plus profile. You can disconnect it; Google calls it “downgrading”.

Brian McCullough:

Has anyone made this point yet? Pichai refused to testify to congress because he couldn’t. He would have either had to perjure himself or reveal this bug in real time before the committee.

Update (2018-10-10): Matt Haughey:

I’ll never forget when I was on Google’s campus in 2011 and a product team told me as much as I loved Google Reader, Google+ was going to replace it with something much better.

Update (2018-10-15): Morgan Knutson:

Now that Google+ has been shuttered, I should air my dirty laundry on how awful the project and exec team was.

See also: Eli Schiff, Threader, and John Gruber.

AirPods Knockoffs Tested

Jason Cross:

It turns out that, if you poke around online, you’ll find plenty of AirPods knockoffs. I don’t mean other true wireless earbuds (of which there are plenty of good contenders), I mean products designed to completely mimic the AirPods’ unique design, stems and all.

[…]

That’s because all the store listings for these not-quite-AirPods are from intermediary companies that resell the earbuds, at least until they accumulate enough one-star ratings or complaints to shut down their Amazon shop and start up a new one. In the weeks it took to gather and test these, about half of the product pages completely disappeared, though I was often able to find them again on a different page with a differently-named seller. Most of the products don’t list using a real brand name, instead stuffing the product listing with as many keywords and other popular product names as possible.

[…]

Don’t be fooled by the sometimes slick-looking product shots, too. Many of them are fake, especially the images of people using them. You’ll see lots of earbuds badly photoshopped into the ears of obvious stock photo models, and they always make the earbuds and stems look smaller than they really are.

See also: How to Avoid Counterfeits When Looking for Deals.

Previously: Amazon Is Complicit With Counterfeiting.

Giving Obscura Away in the Apple Store App

Ben McCarthy:

IAP sales were actually lower than expected. Over the first week, about 0.5% of people bought an IAP. Over the full course of the promotion that increased to 0.75% which is still a good bit less than we were expecting. Perhaps the demographics of people who take advantage of such offers are less willing to pay for extras, or perhaps we’re just not pushing the IAPs hard enough within the app. However…

The one thing we did not account for at all in our estimations was that people would continue to buy Obscura. Not only that, but more people would buy Obscura than we’d expected without the promotion. We’re still trying to wrap our heads around it, but we’re certainly not complaining. We were featured in a number of articles as a result of the promotion which definitely introduced us to new audiences, and the increase in downloads probably improved our visibility on the App Store.

[…]

It’s very hard to communicate to people that Apple’s Apple Store app is not the same as Apple’s App Store app. We quickly lost count of the amount of times we had to point people in the right direction.

Of course people expect to find apps in the App Store app. I looked for the free Obscura there myself, but you had to get the promo code from the retail Apple Store app.

Apple Watch Daylight Saving Time Bug

Benjamin Mayo:

A bug with the complications on the new Infograph faces in Apple Watch Series 4 is causing some very unhappy Watch owners today. Users in Australia have just experienced the daylight saving time change and are finding their Watches are now stuck in reboot loops.

Specifically, it seems the large Activity complication on the Infograph Modular face is not handling the loss of an hour elegantly, and instead causing the entire device to crash and reboot …

Previously: Do Not Disturb Bug.

Monday, October 8, 2018 [Tweets] [Favorites]

Supporting Dark Mode

Daniel Jalkut:

The gist of what I have to share comes from tackling challenge after challenge in my own apps. Some interfaces adapted effortlessly to Dark Mode, some needed only a little finessing, while others demanded relatively hard-core infrastructural changes.

My advice will focus on the dichotomy of Light Mode and Dark Mode. The Mac’s appearance support is more nuanced than that. NSAppearance supports a hierarchy of appearances that build upon one another. The light and dark modes are the two most prominent user-facing examples, but variations such as high contrast modes should also be considered.

These articles are loosely organized in order from more fundamental to more arcane, with a priority on establishing knowledge and techniques in earlier articles that you may need to reference in later articles.

Previously: Dark Side of the Mac: Appearance & Materials.

Update (2018-10-09): Howard Oakley:

Dark Mode seems so simple, but turns out to be a lot more complex. Every so often I turn over a fresh stone in Mojave’s otherwise excellent implementation, and discover another crab waiting to bite.

Howard Oakley:

In Mojave, TextEdit follows Apple’s standard protocol of fixing its text display in Light Mode. When you switch to Dark Mode, the window and its controls go dark, but the view in which the document’s text is displayed remains obstinately black on white. That may be fine when you’re working on plain Rich Text, if that’s not a contradiction. But several of my tools here, like Consolation 3 and Nalaprop, now generate multicoloured Rich Text, which looks drop-dead gorgeous in Dark Mode.

Friday, October 5, 2018 [Tweets] [Favorites]

T2 Macs Require Apple-Authorized Repair

Jordan Kahn:

Apple has recently documented a new data recovery process internally for Macs that utilize its T2 chip introduced with the iMac Pro and the 2018 MacBook Pro. The new process for repair staff is being introduced due to the T2 chip’s advanced security features including hardware encryption for SSD storage that isn’t compatible with Apple’s previous data recovery methods used on older machines.

Joe Rossignol:

Due to advanced security features of the Apple T2 chip, iMac Pro and 2018 MacBook Pro models must pass Apple diagnostics for certain repairs to be completed, according to an internal document from Apple obtained by MacRumors.

[…]

If any of these parts are repaired in an iMac Pro or 2018 MacBook Pro, and the Apple diagnostics are not run, this will result in an inoperative system and an incomplete repair, according to Apple’s directive to service providers.

Jason Koebler (Hacker News):

The software lock will kick in for any repair which involves replacing a MacBook Pro’s display assembly, logic board, top case (the keyboard, touchpad, and internal housing), and Touch ID board. On iMac Pros, it will kick in if the Logic Board or flash storage are replaced. The computer will only begin functioning again after Apple or a member of one of Apple’s Authorized Service Provider repair program runs diagnostic software called Apple Service Toolkit 2.

A separate internal training presentation obtained by Motherboard about how to use the diagnostics states that the “Apple Service Toolkit and Apple Service Toolkit 2 are available only to persons working at Apple-authorized service facilities.” This means that it will become impossible for you to repair your new MacBook Pro at home, or for an independent repair provider to repair it for you.

Dave Mark:

I can’t imagine, if true, that this is an effort from Apple to keep all those sweet, sweet repair dollars all to themselves. I’d expect this has something to do with protecting the chain of security, preventing malware from somehow gaining a foothold.

Previously: Apple Fighting New “Right to Repair” Legislation.

Update (2018-10-09): Adam O’Camb (Hacker News):

This service document certainly paints a grim picture, but ever the optimists, we headed down to our friendly local Apple Store and bought a brand new 2018 13” MacBook Pro Touch Bar unit. Then we disassembled it and traded displays with our teardown unit from this summer. To our surprise, the displays and MacBooks functioned normally in every combination we tried. We also updated to Mojave and swapped logic boards with the same results.

That’s a promising sign, and it means the sky isn’t quite falling—yet. But as we’ve learned, nothing is certain.

Update (2018-10-10): Nick Heer:

Rather than compromising the security and privacy of their products, I’d like to see more progress made on certifying independent technicians and making Apple’s official tools more accessible. The security threat model isn’t the same as it once was; your phone probably has a lot more information on it than your computer of ten years ago. Yes, it’s more complicated to replace parts now, but it’s not entirely because companies like Apple want to lock out independent repair shops. Apple’s diagnostic tools could play a great role in this: imagine if you could take a printed report of a successful repair and type in a serial number on Apple’s website to verify that your device was serviced with genuine parts and passed Apple’s testing.

SMS Text Message Login Codes Autofill But Remain Insecure

Glenn Fleishman:

Sites originally chose to use SMS-based code validation for 2FA to lower the barriers to  2FA—more people understand SMS than authentication apps. And, regardless of the vulnerabilities of SMS, it’s far better to use a second factor than not, because it deters wholesale attacks against accounts. Even if an attacker gained access to all the decrypted passwords for a service, every account with 2FA enabled would still be able to resist unauthorized logins. But SMS-based 2FA is vulnerable to targeted attacks and identity theft.

Apple’s proprietary 2FA system for macOS and iOS remains extremely robust, but it still allows the use of SMS and voice calls as a backup when trusted devices aren’t available.

[…]

While it’s admirable Apple has streamlined SMS code entry, it would be even more so if the company would kickstart the move away from SMS.

Finding and Exploiting Safari Bugs Using Publicly Available Tools

Ivan Fratric (Hacker News):

The original advisories most likely didn’t include all the issues because Apple wanted to wait for the issues to also be fixed on MacOS before adding them. However, this practice is misleading because customers interested in the Apple security advisories would most likely read them only once, when they are first released and the impression they would to get is that the product updates fix far less vulnerabilities and less severe vulnerabilities than is actually the case.

Furthermore, the practice of not publishing fixes for mobile or desktop operating systems at the same time can put the desktop customers at unnecessary risk, because attackers could reverse-engineer the patches from the mobile updates and develop exploits against desktop products, while the desktop customers would have no way to update and protect themselves.

Why Matthew Green Is Done With Chrome

Matthew Green (Hacker News):

In this setting, Chrome was a beautiful solution. Even if the browser never produced a scrap of revenue for Google, it served its purpose just by keeping the Internet open to Google’s other products. As a benefit, the Internet community would receive a terrific open source browser with the best development team money could buy. This might be kind of sad for Mozilla (who have paid a high price due to Chrome) but overall it would be a good thing for Internet standards.

[…]

A few weeks ago Google shipped an update to Chrome that fundamentally changes the sign-in experience. From now on, every time you log into a Google property (for example, Gmail), Chrome will automatically sign the browser into your Google account for you. It’ll do this without asking, or even explicitly notifying you.

[…]

Nobody on the Chrome development team can provide a clear rationale for why this change was necessary, and the explanations they’ve given don’t make any sense.

This change has enormous implications for user privacy and trust, and Google seems unable to grapple with this.

Chris Siebenmann:

In theory, I’m not affected by this behavior. I almost never log into any Google site in the first place and I’m basically always doing so in incognito mode, where this doesn’t (currently) apply. In practice, this has pushed me to deciding that this is a bridge too far and I no longer want to use Chrome if I can avoid it, and fortunately I can these days.

Paul Frazee:

There’s a reason people are reacting to Chrome like this. This isn’t an overreaction over one single event. It’s a delayed reaction to a pattern of bad behavior.

It’s contextualized by the very messed-up power dynamic between Google and the open Web.

Matthew Green (Hacker News):

The tech backlash even caused Google to back down, sort of. It announced a forthcoming update last Wednesday: Chrome’s auto-sign-in feature will still be the default behavior of Chrome. But you’ll be able to turn it off through an optional switch buried in Chrome’s settings.

This pattern of behavior by tech companies is so routine that we take it for granted. Let’s call it “pulling a Facebook” in honor of the many times that Facebook has “accidentally” relaxed the privacy settings for user profile data, and then—following a bout of bad press coverage—apologized and quietly reversed course. A key feature of these episodes is that management rarely takes the blame: It’s usually laid at the feet of some anonymous engineer moving fast and breaking things.

Update (2018-10-18): Renaud Lienhart:

WTH: Chrome is now forcing you to “Hold ⌘Q to quit”, breaking one of the most sacrosanct macOS convention.

It’s not as though it will forget the open tabs when you quit.

Facebook Access Tokens Stolen

Guy Rosen (Hacker News, MacRumors):

On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.

Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.

Will Oremus:

Facebook’s Guy Rosen just confirmed that the breach would have allowed hackers to access not only your Facebook account, but your accounts on other sites where you used Facebook as your login.

Also—separate from the question of third-party apps—Facebook says users affected by the breach who have Instagram or Oculus accounts linked to their Facebook account will have to un-link and re-link them.

See also: Mike Isaac and Sheera Frenkel, Nick Heer.

Update (2018-10-16): Glenn Chapman:

Facebook said Friday that hackers accessed personal data of 29 million users in a breach at the world’s leading social network disclosed late last month.

The company had originally said up to 50 million accounts were affected in a cyberattack that exploited a trio of software flaws to steal “access tokens” that enable people to automatically log back onto the platform.

“We now know that fewer people were impacted than we originally thought,” Facebook vice president of product management Guy Rosen said in an online post.

See also: Facebook, Ryan Mac (tweet).

Thursday, October 4, 2018 [Tweets] [Favorites]

Happy 25th Birthday, AppleScript

Chris Espinosa:

On this day 25 years ago, Apple introduced AppleScript, a system and application automation system and language. It’s still shipping in Mojave and is one of the oldest code bases in continual use in macOS. Happy birthday, AppleScript!

Previously: AEDeterminePermissionToAutomateTarget Added, But AEpocalyse Still Looms.

Update (2018-10-05): Mark Alldritt:

Script Debugger 1.0 was released shortly after AppleScript 1.0 appeared. Its been a long ride as AppleScript has made its way from the Classic MacOS to MacOS X and most recently macOS Mojave.

Apple Park in LEGO

Spencer Rezkalla (via John Gruber):

With a footprint of more than 28,000 square studs this model is nearly as large as all my other LEGO skyscraper builds combined.

The model’s facade is constructed in segments using white LEGO 1x2 rail plates and trans-black plates.

A faceted approach to approximating the curvature of a round building is a traditional approach in both LEGO and in actual building construction.

The original plan was to build the campus pathways using LEGO plates set sideways into the landscape. However this approach would result in a jagged appearance as the plates stepped along the curving path trajectories.

Luckily in 2017 The LEGO Group introduced quarter circle tiles. Smoother paths are made possible with these elements, although their tight 90 degree bends cause the pathways to meander more.

The Bandwidth Needed to Restore an iPhone

Kirk McElhearn:

Because iTunes no longer manages apps, you have to redownload potentially tens of gigabytes of stuff. If you have music and photos in the cloud, you have to download some of them, but the apps alone make this process painful.

In addition, you can’t pause the process; you can only put the phone into airplane mode. So if you do need to use the phone to make calls or use data, your connection is saturate, and you’re limited for the several hours it takes to get everything downloaded.

Designed for a California network connection.

Previously: iTunes 12.7 Drops Apps and Ringtones, iCloud Photo Library Re-uploading, Most of the Web Really Sucks If You Have a Slow Connection, Protecting Your Network From Photos Uploads.

Update (2018-10-05): Brian Stucki:

Absolutely. A cache server saves the day on iOS/iPhone/iPad release days for sure.

Lee Hinde:

I blew through my ATT data allotment.

I started restore at my desk and after it was ‘done’ I left for lunch and the phone kept downloading things. Blew through 8 GB. I was both furious and stuck. ATT didn’t do anything wrong; couldn’t go to them and Apple wasn’t going to care.

Previously: When macOS High Sierra’s Content Caching Isn’t Working.

How China Used a Tiny Chip to Infiltrate U.S. Companies

Jordan Robertson and Michael Riley (Hacker News):

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

[…]

Apple made its discovery of suspicious chips inside Supermicro servers around May 2015, after detecting odd network activity and firmware problems, according to a person familiar with the timeline. Two of the senior Apple insiders say the company reported the incident to the FBI but kept details about what it had detected tightly held, even internally.

[…]

Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code. The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.

Apple’s response:

Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple. Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.

On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident.

Julie Bort (in 2016, via iStumbler):

Still, Apple is motivated to design build its own hardware, the same as Google and Amazon does, and run it on its own for one pretty scary reason: security. It suspects that the servers it has been ordering from others are being captured during shipping, and backdoors added to them that will make them susceptible to being hacked.

At one point, the company even had people taking photographs of the motherboards in the computer servers it was using, then mark down exactly what each chip was, to make sure everything was fully understood.

Update (2018-10-05): Amir Efrati (in 2017):

In early 2016, Apple discovered what it believed was a potential security vulnerability in at least one data center server it purchased from a U.S.-based manufacturer, Super Micro Computer, according to a Super Micro executive and two people who were briefed about the incident at Apple. The server was part of Apple’s technical infrastructure, which powers its web-based services and holds customer data.

Apple ended up terminating its yearslong business relationship with Super Micro, according to Tau Leng, a senior vice president of technology for Super Micro, and a person who was told about the incident by a senior infrastructure engineering executive at Apple. The tech giant even returned some of Super Micro’s servers to the company, according to one of the people briefed about the incident.

Stephen Schmidt:

Today, Bloomberg BusinessWeek published a story claiming that AWS was aware of modified hardware or malicious chips in SuperMicro motherboards in Elemental Media’s hardware at the time Amazon acquired Elemental in 2015, and that Amazon was aware of modified hardware or chips in AWS’s China Region.

As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue. At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government.

Kim Zetter:

I have to say, this is all really bizarre. The Bloomberg story is very detailed, citing documents and inside sources. But the company denials are also detailed and emphatic. You don’t often see the latter when a company is trying to hide something or be coy.

John Gruber (tweet):

I see no way around it: either Bloomberg’s report is significantly wrong, at least as pertains to Amazon and Apple, or Apple and Amazon have issued blatantly false denials.

Apple (Hacker News, MacRumors):

We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple.

[…]

Finally, in response to questions we have received from other news organizations since Businessweek published its story, we are not under any kind of gag order or other confidentiality obligations.

John Gruber:

What sense does it make that Apple discovered a profound security problem in Super Micro motherboards in May 2015, so serious that the company reported it to the FBI, but then didn’t sever ties with Supermicro until at least eight months later? That timeline makes no sense.

Matt Drance:

After reading this Bloomberg story I have two questions:

1) Why not name the “third party company” that found this hack? What security firm wouldn’t want credit for this?

2) FBI and DNI/CIA/NSA declined comment on this story primarily sourced from “US officials.” What’s left?

Zack Whittaker:

In fairness to Bloomberg, chief among Apple’s complaints is a claim that Bloomberg’s reporters were vague in their questioning. Given the magnitude of the story, you don’t want to reveal all of your cards — but still want to seek answers and clarifications without having the subject tip off another news agency — a trick sometimes employed by the government in the hope of lighter coverage.

Yet, to Apple — and Amazon and other companies implicated by the report — they too might also be in the dark. Assuming there was an active espionage investigation into the alleged actions of a foreign government, you can bet that only a handful of people at these companies will be even cursorily aware of the situation. U.S. surveillance and counter-espionage laws restrict who can be told about classified information or investigations. Only those who need to be in the know are kept in a very tight loop — typically a company’s chief counsel. Often their bosses, the chief executive or president, are not told to avoid making false or misleading statements to shareholders.

Nick Heer:

This story has been rattling around my head all day today. My early thought was that perhaps the Bloomberg reporters did a Judith Miller. Maybe their government sources had a specific angle they wished to present to create a political case against China or in favour of further sanctions — or actions far more serious — and needed a credible third-party, like a news organization, to create a story like this. But Robertson and Riley’s seventeen sources include several individuals at Amazon and Apple with intimate knowledge of the apparent discovery of unauthorized hardware modifications, something they later confirmed in a statement to Alex Cranz of Gizmodo. This doesn’t seem likely.

[…]

Indeed, Kieren McCarthy of the Register did a fine job parsing each company’s statements, albeit with his usual unique flair. But, though there is absolutely some wiggle-room in each denial, there are remarks made by each company that, were they found to be wrong, would be simple lies.

[…]

Either manufacturing of these components becomes increasingly diversified or, more likely, far greater control and oversight is required by companies and end-client governments alike.

Kieren McCarthy:

As to the reports – from both Amazon and Apple – that Bloomberg says its sources have seen. It is worth noting that Bloomberg does not claim to have seen those reports itself. How closely were its sources able to scrutinize those reports? Could they have been mistaken?

From that point, it is very possible that the other sources that Bloomberg felt were confirming its story were confirming something else: that China is trying to get into the hardware supply chain. Which is no doubt true, as US intelligence agencies have repeatedly warned in the past year, particularly with respect to mobile phones.

So it is possible that the reporters did an excellent job but ended up in the wrong place, with half a story but going down the wrong path. It is equally possible that they have got 90 per cent of the way there and Apple and Amazon are carefully using the last 10 per cent to issue careful denials.

Update (2018-10-10): Joe Rossignol:

Apple’s recently retired general counsel Bruce Sewell told Reuters he called the FBI’s then-general counsel James Baker last year after being told by Bloomberg of an open investigation into Supermicro, and was told that nobody at the federal law enforcement agency knew what the story was about.

John Paczkowski and Charlie Warzel (Hacker News):

Multiple senior Apple executives, speaking with BuzzFeed News on the condition of anonymity so that they could speak freely, all denied and expressed confusion with a report earlier this week that the company’s servers had been compromised by a Chinese intelligence operation.

Bob Burrough:

What of The Information’s article Feb ’17? I don’t think this would be a conspiracy between the two news orgs. Something’s up.

Kevin Beaumont:

Worth noting same Bloomberg reporters put out a story a few years citing multiple sources that the US knew about Heartbleed. That story was flat out wrong. Bloomberg didn’t follow it up or comment.

Joe Rossignol:

The U.S. Department of Homeland Security today said it has “no reason to doubt” the companies who denied a bombshell Bloomberg Businessweek report this week about Chinese spies using a tiny chip to infiltrate U.S. companies.

Nick Heer:

Reuters also reports that a division of GCHQ, Britain’s signals intelligence agency, does not presently doubt Apple and Amazon’s denials.

[…]

That’s a lot of reputable organisations — and the American government — who have staked their credibility on widely varying accounts of the veracity of this story.

John Gruber:

Bloomberg’s Big Hack story should eventually be fully-corroborated, if true. According to their report, there are thousands of compromised servers out there. If there are, security experts will eventually identify these rogue chips and document them.

See also: Hacker News.

SwiftOnSecurity:

The Bloomberg article has no actionable information for industry or consumers. All claimed involved parties have denied the events described ever happened.

It’s unclear what the purpose of this is.

Apple (Hacker News):

In light of your important leadership roles in Congress, we want to assure you that a recent report in Bloomberg Businessweek alleging the compromise of our servers is not true. You should know that Bloomberg provided us with no evidence to substantiate their claims and our internal investigations concluded their claims were simply wrong. We are eager to share the facts in this matter because, were this story true, it would rightly raise grave concerns.

John Gruber:

Hardware security researcher Joe Fitzpatrick was one of the very few named sources in Bloomberg’s blockbuster “The Big Hack” story. He provided only background information on the potential of hardware exploits in general — he claimed no knowledge of this specific case. On Patrick Gray’s Risky Business (great name) podcast, he expresses serious unease with the story Bloomberg published.

Jason Koebler, Joseph Cox, and Lorenzo Franceschi-Bicchierai:

Even sources used in the original story are confused about what’s going on. The cybersecurity podcast Risky Business interviewed one of the few named sources in the original Businessweek article, hardware security expert Joe Fitzpatrick, who expressed doubts about the article, and said he had never been contacted by any Bloomberg fact-checker. Fitzpatrick was used as an expert source to comment on the technical details of what Bloomberg described and does not have any firsthand knowledge of the actual alleged hack.

John Paczkowski:

what kind of source elicits so much confidence that you don’t provide evidence for review to the companies involved, single source some key details, and stand by your story when two tech bigs are shooting you in the face with both barrels while multiple telecoms say “not us”?

Nick Heer:

For what it’s worth, I don’t want Robertson and Riley to have egg on their faces. I hope the story is not entirely as described because, if it is, it is truly one of the biggest security breaches in modern history — Supermicro has supplied a lot of servers to industry giants. But I don’t want the reporters to be wrong; Bloomberg has a great reputation for publishing rigorously-researched and fact-checked longform stories; I don’t want to have lingering doubts about their future reporting. And I’m not defending the biggest corporations in the world out of loyalty or denial — they have PR teams for that, and should absolutely be criticized when relevant. And I think the central point of the article — that the supply chain of a vast majority of the world’s goods is monopolized by an authoritarian and privacy-averse government is a staggering risk — is absolutely worth taking seriously.

Joe Rossignol:

Rob Joyce, Senior Advisor for Cybersecurity Strategy at the NSA, is the latest official to question the accuracy of Bloomberg Businessweek’s bombshell “The Big Hack” report about Chinese spies compromising the U.S. tech supply chain.

“I have pretty good understanding about what we’re worried about and what we’re working on from my position. I don’t see it,” said Joyce, speaking at a U.S. Chamber of Commerce cyber summit in Washington, D.C. today, according to a subscriber-only Politico report viewed by MacRumors.

See also: Upgrade.

Update (2018-10-19): BuzzFeed (Hacker News):

Apple CEO Tim Cook, in an interview with BuzzFeed News, went on the record for the first time to deny allegations that his company was the victim of a hardware-based attack carried out by the Chinese government. And, in an unprecedented move for the company, he called for a retraction of the story that made this claim.

Update (2018-10-25): John Gruber:

The longer they drag this out before a full retraction, the more damage they’re taking to their long-term credibility. Read their statement closely — they’re not saying their story is true or that Apple and Tim Cook are wrong. All they say is they spent a year on the story and spoke to 17 sources multiple times.

Nick Heer:

This is one of the most baffling sagas I can remember. Either the supply chain is hosed and companies like Apple and Amazon really have no idea, they do know and their executives are covering it up in flagrant violation of the law, or an esteemed news organization fucked up to an immense degree.

Andy Jassy:

@tim_cook is right. Bloomberg story is wrong about Amazon, too. They offered no proof, story kept changing, and showed no interest in our answers unless we could validate their theories. Reporters got played or took liberties. Bloomberg should retract.

Jean-Louis Gassée:

Supermicro sold tens of thousands of server motherboards to the US companies mentioned in the story. Were they all infected with the offending spyware chip? Probably not, but there must have been thousands of motherboards released into the wild with the purported mission of penetrating US infrastructures. Yet, despite “more than a year of reporting” and “more than 100 interviews…including government officials and insiders at the companies” (from Bloomberg’s reply to Tim Cook), Bloomberg and its (anonymous) sources were unable to come up with a single infected motherboard.

A missing weapon doesn’t mean the crime didn’t happen. But not finding any weapons after thousands of crimes should have troubled the authors — or, more important, their hierarchy of editors.

Erik Wemple (via John Gruber):

Sources tell the Erik Wemple Blog that the New York Times, the Wall Street Journal and The Post have each sunk resources into confirming the story, only to come up empty-handed.

[…]

Bloomberg, on the other hand, gives readers virtually no road map for reproducing its scoop, which helps to explain why competitors have whiffed in their efforts to corroborate it.

Nick Heer:

Michael Riley, one of the reporters on the story, quickly asserted after the story’s publication that the physical evidence assured that corroborating stories would soon be published. Not only has that not happened, it’s the inverse that has: source after source raising doubts about the accuracy of the story’s core arguments.

Juli Clover:

Today, Supermicro Charles Liang joined Cook in calling for a retraction. In a statement shared by CNBC, Liang said that Supermicro has not found malicious hardware components in its products, nor has Bloomberg produced an affected Supermicro motherboard. Bloomberg, he says, should "act responsibly" and retract its "unsupported allegations."

Patrick Kennedy:

We have discussed two patently false technical details in the Bloomberg article. Anyone involved in the server industry will know this as they are common foundational elements regarding how servers work. Beyond the false points in the Bloomberg article, there are a number of other elements that are at best implausible.

[…]

In this article, we have shown why the technical details of the Bloomberg alleged hack are inaccurate and/or implausible. These technical details were offered to Bloomberg through anonymous sources, so we have no way of doing further fact-checking. We showed why, even if a chip can be produced and placed it would not work as Bloomberg reports.

Update (2018-12-12): Erik Wemple:

Not only did industry and government officials denounce the conclusions on the record, but the story itself was short on hard evidence of a supply-chain compromise. It relied on “17 people” who “confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information,” noted the story. What it lacked were documents, photos, reports — any of the artifacts that would logically go along with such a scary intrusion into the U.S. economy.

Despite such shortcomings, Bloomberg continues to stand by the same stand-by statement it issued weeks ago: “We stand by our story and are confident in our reporting and sources.”

Bruce Schneier:

I don’t think it’s real. Yes, it’s plausible. But first of all, if someone actually surreptitiously put malicious chips onto motherboards en masse, we would have seen a photo of the alleged chip already. And second, there are easier, more effective, and less obvious ways of adding backdoors to networking equipment.

Joseph Menn (via Rene Ritchie, Hacker News, MacRumors):

Computer hardware maker Super Micro Computer Inc told customers on Tuesday that an outside investigations firm had found no evidence of any malicious hardware in its current or older-model motherboards.

Jake Williams:

I’ve been told by reporters that they don’t have any journalistic requirement to protect sources that intentionally deceive them. Are we there yet? Because at this point, it seems like either:

1. REALLY bad reporting

2. Coordinated “leaks”

I’m guessing the latter.

Wednesday, October 3, 2018 [Tweets] [Favorites]

Wi-Fi Alliance Introduces Wi-Fi 6

Wi-Fi Alliance (Hacker News):

Wi-Fi 6 is part of a new naming approach by Wi-Fi Alliance that provides users with an easy-to-understand designation for both the Wi-Fi technology supported by their device and used in a connection the device makes with a Wi-Fi network.

The new naming system identifies Wi-Fi generations by a numerical sequence which correspond to major advancements in Wi-Fi. The generation names can be used by product vendors to identify the latest Wi-Fi technology a device supports, by OS vendors to identify the generation of Wi-Fi connection between a device and network, and by service providers to identify the capabilities of a Wi-Fi network to their customers. The generational terminology may also be used to designate previous Wi-Fi generations, such as 802.11n or 802.11ac.

Jacob Kastrenakes:

It’ll probably make more sense this way, starting with the first version of Wi-Fi, 802.11b:

Wi-Fi 1: 802.11b (1999)
Wi-Fi 2: 802.11a (1999)
Wi-Fi 3: 802.11g (2003)
Wi-Fi 4: 802.11n (2009)
Wi-Fi 5: 802.11ac (2014)

Jason Snell:

Much as I’ll miss the esoteric letters, this will be a heck of a lot easier to explain to non-techie family and friends. We’re all accustomed to version numbers these days.

The one downside (for users) is that it probably will end up making some people feel like they need to upgrade when their setup is still probably fine—the limiting factor to your Internet speeds isn’t usually your Wi-Fi setup. (Still on Wi-Fi 4 here, friends!)

Update (2018-10-09): Glenn Fleishman:

The Wi-Fi Alliance’s new numbering system focuses on generations of speed improvements but looks back only to 802.11n, which is a decade old. Given that 802.11a and 802.11b were approved at the same time, implicitly calling them Wi-Fi 1 and Wi-Fi 2, and extending Wi-Fi 3 to 802.11g, isn’t quite right. But we anticipate people will do it anyway.

Still in macOS 10.14 Mojave

Uluroo (tweet):

Finding the hidden gems of macOS is like paleontology — the old gets buried by the new, but what you can find if you dig is pretty great. At the same time that macOS has changed, aged, and buried its past, it’s left fossils behind. Not all of the old stuff is still around, but the bits that have lasted are the bits worth knowing about. You can find them if you just start digging.

[…]

⌘⇧Y: send selected text to a new Stickies note on the desktop. Uluroo is astonished that he had never known this shortcut until yesterday. Apple has let Stickies fade into the background of macOS, but at least it hasn’t killed the app completely.

[…]

⌥⇧ while changing volume and brightness: adjust those in quarter increments. This gives similar precision to that offered by the brightness and volume sliders in iOS.

[…]

Many of Dashboard’s built-in widgets have a refreshingly retro, though inconsistent, aesthetic: Stocks, Dictionary, Weather, Calculator, Calendar, and more all look like they’ve gone untouched since the days of Scott Forstall. The World Clock widget’s second hand moves in the same way as a real clock, rather than moving in a smooth, uninterrupted motion like in iOS and watchOS.

[…]

.textclipping. You can literally drag text to the desktop as a .textclipping file and AirDrop it.

Previously: Removed in macOS 10.14 Mojave.

Microsoft Is Embracing Android As the Mobile Version of Windows

Tom Warren (Hacker News):

The Android app mirroring will be part of Microsoft’s new Your Phone app for Windows 10. This app debuts this week as part of the Windows 10 October 2018 Update, but the app mirroring part won’t likely appear until next year. Microsoft briefly demonstrated how it will work, though; You’ll be able to simply mirror your phone screen straight onto Windows 10 through the Your Phone app, which will have a list of your Android apps. You can tap to access them and have them appear in the remote session of your phone.

[…]

Microsoft’s best mobile work is debuting on Android right now, and if you’re a Windows user then Google’s operating system has always felt like the natural companion anyway. As Microsoft can’t replicate a lot of Your Phone functionality on iPhones, Android now feels like the only choice if you want a close mobile connection to a Windows PC.

Previously: Microsoft Suspends Development of Touch-friendly UWP Office Apps.

Vice News Interviews Tim Cook About Privacy

Vice News:

Reeve: But haven’t they moved to China? Meaning: it’s much easier for the Chinese government to get to them.

Cook: Now, I wouldn’t get caught up in where’s the location of it?. I mean, we have servers located in many different countries in the world. They’re not easier to get data from being in one country versus the next. The key question is [sic]: how does the encryption process work? and who owns the keys, if anyone?. In most cases, for us, you and the receiver own the keys.

Via Nick Heer:

So it’s noticeable — and notable — when any Apple executive is cagey, as is the case here.

[…]

I don’t think it’s fair to say that Chinese users’ privacy is not subject to compromise. The actual method of encryption may not be any different or weaker than in other countries, but the requirement to store keys in the country behind weaker legal protections for users makes it, in practice, less strong.

See also: Apple Removes Infowars From Podcast Directory.

How App Launching Has Changed in Mojave

Howard Oakley:

This article draws comparison between what is written to the log when you open a regular developer-signed app in Sierra and Mojave, and how a new ‘notarized’ app works too. In each case, I added a quarantine extended attribute to the app before opening it, to simulate what happens when the app has been freshly downloaded from the internet. This drives macOS to perform its fullest assessment of the app before it allows it to run.

[…]

Once again, an early action is to translocate the app to a special folder, where XProtect performs its security assessment before running a malware scan on it. This initial security assessment takes just over 0.5 seconds, during which its signature is checked. As this is a first run in quarantine, this should include a deep check of the signature against blacklists.

When those are complete, LaunchServices is allowed to proceed with launching the app, but TCC, concerned with privacy protection, then runs its own assessment. Significantly, this includes checking which version of the SDK it was built against, which determines whether TCC’s strict new policies are applicable.

Previously: Mojave’s New Security and Privacy Protections Face Usability Challenges, Gatekeeper Path Randomization.

Why Apple Chooses Thin Devices

Danilo Campos:

So why is Apple making things thinner, rather than expanding battery life? Why are they sacrificing headphone ports to push their designs into thinner and thinner dimensions?

The answer is that anyone can make bulky tech with massive battery capacity.

But no one can build devices that are as miniaturized as Apple’s.

Through miniaturization, Apple creates products whose subjective experience of niceness cannot be matched.

However, there are diminishing returns and increasing tradeoffs for thinness.

Previously: Unreliable MacBook Pro Keyboards, The Impossible Dream of USB-C, Removing the iPhone’s Headphone Jack.

Tuesday, October 2, 2018 [Tweets] [Favorites]

Microsoft Suspends Development of Touch-friendly UWP Office Apps

Peter Bright (Hacker News):

Word Mobile, Excel Mobile, and PowerPoint Mobile first made their debut with Windows 8.1. Their significance is twofold: they have a user interface that’s designed to be touch-friendly, and they’re built using Microsoft’s modern UWP (Universal Windows Platform) framework. They’ve been regularly updated since their introduction, but no longer. The use of UWP meant that the same app core could be used on both desktop Windows and Windows 10 Mobile, but with Windows 10 Mobile no longer a going concern, this compatibility is no longer a priority.

[…]

Microsoft has been trying to get third-party developers to build UWP applications. UWP applications have some desirable features: they’re safer (because they’re run in sandboxes and have a phone-like security model governing their access to files, cameras, GPS, and similar sensitive capabilities), they play better with power management capabilities (the operating system has greater ability to suspend them or terminate them to free memory), and certain parts of the UWP APIs are meaningfully more modern. In general, UWP applications should play much better with high-resolution screens, for example.

Passcode Bypass Method Exposes Contacts and Photos in iOS 12

Tim Hardwick:

A passcode bypass vulnerability has been discovered in iOS 12 that potentially allows an attacker to access photos and contact details on a locked iPhone.

The rather convoluted bypass method was shared in a video by Jose Rodriguez, who has discovered iOS bugs in the past that Apple has subsequently fixed.

[…]

Concerned users can do so by navigating to Settings > Face ID & Passcode (that’s Settings > Touch ID & Passcode on iPhones with Touch ID) and disabling the Siri toggle under the "Allow access when locked" menu.

Darren Eastman Sues Apple

Thomas Claburn:

In 2009, Eastman says, Jobs made him “promise that he’d always work for Apple and indicated that a job would always be available for him.” And Jobs, he said, asked Eastman to report Mac software and hardware quality issues directly to him if the problems could not be resolved through standard channels.

These reports continued until Jobs’s death in 2011, Eastman says.

Under CEO Tim Cook, however, Eastman contends Apple’s commitment to quality has declined.

Ethan Baron:

“Many talented employees who’ve given part of their life for Apple were now regularly being disciplined and terminated for reporting issues they were expected to (report) during Mr. Jobs tenure,” Eastman alleged in the filing.

“Cronyism and a dedicated effort to ignore quality issues in current and future products became the most important projects to perpetuate the goal of ignoring the law and minimizing tax.

[…]

“Notifying Mr. Cook about issues (previously welcomed by Mr. Jobs) produces either no response, or, a threatening one later by your direct manager,” Eastman claimed.

“There’s no accountability, with attempts at doing the right thing met with swift retaliation.”

Is he alleging that engineers are tasked with helping Apple to avoid paying taxes? Or he is just adding his opinions on unrelated issues to his lawsuit while people are listening to him?

Malcolm Owen:

Darren Eastman wants to be acknowledged as an inventor for five Apple patent applications, according to filings with the U.S. District Court for the Northern District of California. Filed on Thursday, the complaint alleges how Eastman’s ideas were accepted and then employed by Apple in its products and filings, but without his crediting.

A patent application for electronic ticketing is claimed to have been taken from technology developed by Eastman before joining Apple in 2006, and was declared in an Intellectual Property Agreement he signed with the company the previous year. In February 2006, Eastman told former CEO Steve Jobs about the ticketing concept, with Jobs replying it was “insanely great” and potentially able to break a monopoly held by Ticketmaster.

For the patent application relating to Find My iPhone, Eastman claims he lost his original iPhone in 2008, inspiring him to come up with a device location system.

[…]

After joining in 2006, Eastman was fired on September 26, 2014, under claims of unprofessional and inappropriate communications. The issue is said to be due to attempts to solicit his manager to “do his job” to integrate a crucial fix to Disk Utility in Yosemite before its release.

Previously: Disk Utility in El Capitan, Apple, Ireland, and the EU.

Monday, October 1, 2018 [Tweets] [Favorites]

iOS 12 and Core Data External Binary Data Storage

rodhan:

On iOS 12, binary data stored in Core Data with the External Storage option gets corrupted/goes missing on every second save of the context.

Others seem to be encountering the same issue. External storage is so convenient, but it seems to be a continual source of problems and bugs.

Previously: Core Data, External Binary Data Storage, and Migration.

Update (2018-10-02): See also: Hacker News.

Update (2018-10-04): See also: some Twitter discussion.

McCloud:

Language bindings are a minor issue - here’s my POV: I have to ship a reliable product. With data loss like external stores disappearing I’m SOL, and it’s in a codebase that I cannot fix or guarantee a fix to. Sure, my SQLite model will be slower, but correct

McCloud:

I can live with slower, even an order of magnitude so, over data loss. The business costs are huge for the latter. Even the emotional costs, what if I lose someone’s pictures of a deceased loved one? There’s a human on the receiving end of my program most of the time...

Drew McCormack:

Ouch! Just got bitten by a serious Core Data bug in macOS 10.14 and iOS 12 with external binary storage. Firefighting all day to save my user’s data.

It’s in an old app (Studies). Created the model about 10 years ago. I’ve learnt my lesson with external binaries.

Ensembles is not affected.

Ilja A. Iwas:

There are days when I wonder if it was worth coming up with our homegrown CoreData replacement. And then there are days like today.

The Omni Group wrote OmniDataObjects because Core Data was originally not available on iOS, and OmniFocus continues to use it.

Ilja A. Iwas:

If Apple doesn’t allocate enough resources for screening incoming bug reports during their beta phase, sticking to a yearly macOS release schedule is not responsible to users and developers. Small indy devs probably don’t recover from such hits.

It looks like NSBatchDeleteRequest also doesn’t work with external binary data.

Update (2018-10-05): Colin Cornaby:

So we’ve done our best to try and repro the iOS 12/Core Data External Binary Storage bug in our apps… and we can’t.

I’m not saying the bug doesn’t exist. I know it does. I just don’t know why we can’t repro it in our apps, and it’s driving me crazy.

Forcing Suspect to Unlock iPhone With Face ID

Tim Hardwick:

A Forbes report has highlighted the first known case of law enforcement forcing a suspect to unlock an iPhone using Face ID.

[…]

Several previous cases have occurred where law enforcement has gained access to digital data by forcing people to unlock mobile devices using their fingers. One case even reportedly involved trying to use the finger of a dead person to unlock a phone, which ultimately didn’t work.

Previously: Police Can Require Cellphone Fingerprint.

Update (2018-10-15): Tim Hardwick:

Police in the United States are being advised not to look at iPhone screens secured with Face ID, because doing so could disable facial authentication and leave investigators needing a potentially harder-to-obtain passcode to gain access.

The Rise and Fall of The Learning Company

Abigail Cain:

Both Reader Rabbit and Cluefinders were the work of The Learning Company (TLC), a dominant player in the realm of educational software during its peak in the late 1980s and ’90s. At a certain point, TLC owned pretty much every computer game that mattered to millennials: The Logical Journey of the Zoombinis, Where in the World Is Carmen Sandiego?, even Oregon Trail. But by 2000, the company was in financial shambles — and, in what was labeled one of the worst business deals of all time, almost took a Fortune 500 company down with it.

[…]

SoftKey renamed itself The Learning Company to take advantage of its strong reputation, continuing to gobble up industry powerhouses including MECC, in 1995, and Brøderbund, in 1998. All told, SoftKey bought more than 20 entities, becoming the world’s second largest consumer software company after Microsoft in the process.

[…]

According to Osterwiel, the industry never fully recovered. The problems that plagued it during its previous downswing persist today, albeit with more advanced technology. Apps are the new medium for educational games — but they sell for $1 apiece, an amount that would have been “the price of postage” to mail a game on CD-ROM, Buckleitner noted wryly. Quality research and development is practically impossible with that sort of profit margin.