Archive for December 2018

Monday, December 31, 2018 [Tweets] [Favorites]

The Old Guard of Mac Indy Apps

Glenn Fleishman:

The longevity of indie apps is more extraordinary when you consider the changes Apple put the Mac through from the early 1990s to 2018. Apple switched from Motorola 680x0 processors to PowerPC to Intel chips, from 32-bit to 64-bit code, and among supported coding languages. It revved System 7 to 8 to 9, then to Unix across now 15 major releases (from 10.0 to 10.14). That’s a lot for any individual programmer or small company to cope with.

[…]

But Siegel said what he would never have imagined adding is a “lorem ipsum” generator, which appeared in the recent 12.5 release. This generates placeholder text, and the option dates back decades in page-layout software. “There’s been a remarkable level of interest in that feature,” he said.

[…]

With core functionality relatively fixed—math doesn’t change over time, fortunately—Thomson has devoted efforts to make PCalc more customizable and more fun across multiple platforms. The About screen of macOS and iOS includes a banana physics simulator and a racing game. And those aren’t even Easter eggs. He’s also developed iMessage stickers using a panda motif that he adopted for PCalc along the way.

[…]

“To my surprise, Fetch flipped from being a tool that was mostly used for retrieving information to one that was mostly used for publishing information,” Matthews said.

[…]

[Lemke] said that while he developed most of the app himself, he’s relied on contract developers to handle transitions. Like most of the other long-running apps, that’s meant several, including shifting the underlying coding language from Pascal to C to the current combination of Objective-C and Apple’s newer Swift.

Previously: Congratulations.

Low Navigation Volume in Google Maps

Melvin Leng, in 2016:

I noticed that the “Guidance volume” icon under my Google Maps (iPhone App) Navigation settings is a “crossed-out” icon (with a slash across). Not sure if this is normal. I also noticed that whichever setting I choose (Soft, Normal, Louder) has no effect on the actual volume played out. It plays at the same volume regardless of setting.

The issue is that when my phone is connected to my car’s multimedia system via Bluetooth (e.g. to play music or make/receive phone calls), but I don’t want Google Maps to play the navigation instructions over my car speakers, so I set “Play voice over Bluetooth” to Off, the guidance volume from the phone speakers is very very low until it is almost inaudible. My phone speaker volume has already been set to the max, and Google Maps Guidance volume setting set to “Louder”.

I’m seeing this as well. It works OK if I have “Play voice over Bluetooth” checked. But if the iPhone is connected via Bluetooth and I want to hear Google Maps over the phone’s own speaker, it’s so quiet that I can barely tell it’s saying anything, and can’t understand it.

Dirty Dealing in the $175 Billion Amazon Marketplace

Josh Dzieza (Hacker News):

As a precaution, he reported the reviews to Amazon. Most of them vanished days later — problem solved — and Plansky reimmersed himself in the work of running a six-employee, multimillion-dollar weapons accessory business on Amazon. Then, two weeks later, the trap sprang. “You have manipulated product reviews on our site,” an email from Amazon read. “This is against our policies. As a result, you may no longer sell on Amazon.com, and your listings have been removed from our site.”

A rival had framed Plansky for buying five-star reviews, a high crime in the world of Amazon. The funds in his account were immediately frozen, and his listings were shut down.

[…]

For sellers, Amazon is a quasi-state. They rely on its infrastructure — its warehouses, shipping network, financial systems, and portal to millions of customers — and pay taxes in the form of fees. They also live in terror of its rules, which often change and are harshly enforced. A cryptic email like the one Plansky received can send a seller’s business into bankruptcy, with few avenues for appeal.

Previously: How Much of the Internet Is Fake?.

Update (2019-01-01): Rosyna Keller:

I remember an article from a leather accessories maker finding counterfeits on Amazon by stopping all shipments to Amazon for a length of time, then ordering their own “in stock” product from Amazon.

Damien Petrilli:

It’s interesting how all those big corps hates state control and taxes but enforce them on their users all the time and consider it alright.

It’s even worst as there is no appeal, no justice, no nothing.

We need new laws to take care of those state-like corporations.

Rust 2019 and Beyond: Limits to (Some) Growth

Graydon Hoare (via Alexis Gallagher):

Going back to the two areas of concern, then: I want to bring attention to these two areas where the project does not currently have adequate mechanisms or policies in place to control growth, that carry risks of eventual dysfunction or even crisis. In both, it is not clear to me how far from such crisis the project currently is; but either way I think it is worth acting sooner rather than later.

1. The language itself. Its definition. This is (unlike many parts of the project) a necessarily shared technical artifact. Everyone has a stake in it, and every change potentially effects everyone. Moreover, everyone needs to learn and understand a substantial part of it: people do not have the option to ignore parts they are not interested in. Even parts one wants to ignore will occur in shared contexts: documentation and teaching material, testsuites and validation material, compiler internals, formal models, other people’s codebases, overall maintenance burden, etc. etc.

[…]

2. The strains on the people working on the language. Some parts of the project can be delegated, de-synchronized, proceed in parallel with as many hands are available to work on them. Not so the shared technical artifacts. To some extent, many people (and an increasingly-many people) need to be involved in nearly all changes, and that means that there’s a lot of pressure both for everyone in that group-of-many to “keep up” with all the discourse occurring, and for the standard of what it means to “keep up” to gradually creep upwards as both more changes are proposed, and more voices contribute to each discussion.

Friday, December 28, 2018 [Tweets] [Favorites]

How Much of the Internet Is Fake?

Max Read:

Studies generally suggest that, year after year, less than 60 percent of web traffic is human; some years, according to some researchers, a healthy majority of it is bot. For a period of time in 2013, the Times reported this year, a full half of YouTube traffic was “bots masquerading as people,” a portion so high that employees feared an inflection point after which YouTube’s systems for detecting fraudulent traffic would begin to regard bot traffic as real and human traffic as fake. They called this hypothetical event “the Inversion.”

[…]

Take something as seemingly simple as how we measure web traffic. Metrics should be the most real thing on the internet: They are countable, trackable, and verifiable, and their existence undergirds the advertising business that drives our biggest social and search platforms. Yet not even Facebook, the world’s greatest data–gathering organization, seems able to produce genuine figures.

Via Nick Heer:

Aram Zucker-Scharff started a Twitter thread with some more indicators in the web on which you cannot rely: advertising, social media trends, readers, viewers, and more. If it’s a number that is important, you can bet that it is manipulated for a price.

[…]

The most alarming aspect of statistical fakery is not necessarily that it exists, but what will likely be done to combat it. Instead of admitting that these stats are likely to be manipulated and are, at best, wildly inaccurate estimates — and, therefore, that decisions should not be made based on what is reported — it is far more likely that this will lead to calls for more data collection. There will be attempts to make user identification more precise and more pervasive, particularly across devices.

Alan Zucconi:

If you are curious to understand how face-swap technology works, have a look at this new tutorial about #DeepFakes. 👨🔄👩

Jason Kottke:

The previous line contains two lies: this is not a photograph and that’s not a real person. It’s an image generated by an AI program developed by researchers at NVIDIA capable of borrowing styles from two actual photographs of real people to produce an infinite number of fake but human-like & photograph-like images.

Kevin Kelly:

None of these faces are real. All made up by AIs. The end of photography as evidence.

Previously: Influencers Are Faking Brand Deals.

Update (2019-01-08): Rob Pegoraro:

The Washington Post’s ad-tech director has had it with all the lies in this industry. Money quote from this lengthy thread: “The ad tech ecosystem doesn’t need to be pruned. It needs to be burned to the ground.”

Netflix No Longer Offering In-App Subscriptions

Juli Clover:

When opening up the Netflix app on an iOS device, there are no longer fields for signing up for a Netflix account within the app nor are there instructions on how to obtain a subscription, likely to avoid violating Apple’s App Store rules. The app simply offers a sign-in window and says that members who subscribe to Netflix can watch within the app.

Apple’s App Store Review Guidelines prohibit developers from asking iOS users to use a purchase method other than in-app purchase, which Netflix is skirting by offering no sign up options at all.

iPad and iPhone users who want to sign up for Netflix will now need to do so through the Netflix website rather than through the Netflix app.

Maybe Apple shouldn’t incentivize developers to provide a worse user experience. Now, customers lose, and Apple gets 15-30% of nothing instead of a smaller percentage of something.

Michael Love:

This is pretty damning; suggests that even an in-app option ended up costing them more in commissions than it made them from extra sales. (and a strong argument for why 30% is in fact rent-seeking and not Apple getting what they deserve for reducing purchase friction) Michael Love added,

Previously: Apple and Google Face Growing Revolt Over App Store “Tax”.

Update (2019-01-01): Ben Bajarin:

No doubt more companies will follow this once they get big enough that customers won’t mind jumping through hoops to get what they want.

Spotify:

It was possible to pay for Spotify Premium using Apple’s in-app payment system (iAP). However, this has been discontinued for new subscribers.

Update (2019-01-04): Shona Ghosh:

Netflix has canned the ability for iPad and iPhone users to pay for the streaming service through iTunes, depriving Apple of an estimated $256 million in annual revenue.

John Gruber (tweet):

This is a big deal. Netflix is the top-grossing app in the App Store in the U.S. […] And keep in mind that Netflix has long had a special relationship with Apple, with an 85/15 cut from the start, not just after a year.

[…]

What gets me, though, are the rules that prevent apps that eschew in-app purchases from telling users in plain language how to actually pay. Not only is Netflix not allowed to link to their website, they can’t even tell the user they need to go to netflix.com to sign up.

[…]

Apple should be earning its share of in-app subscription revenue by competing on convenience, not confusion and obfuscation.

Update (2019-01-16): The Talk Show:

Special guest Ben Thompson returns to the show. Topics include Apple’s horrible no good very bad earnings warning, the Chinese market, Apple’s push toward services for revenue growth, antitrust issues regarding the App Store, and more.

Swift 5: Raw String Literals

SE-0200:

Escape characters provide useful and necessary capabilities but strings containing many escape sequences are difficult to read. Other languages have solved this problem by providing an alternate “raw” string literal syntax which does not process escape sequences. As the name suggests, raw string literals allow you to use “raw” text, incorporating backslashes and double quotes without escaping.

We propose to alter Swift’s string literal design to do the same, using a new design which we believe fits Swift’s simple and clean syntax. This design supports both single-line and multi-line string literals, and can contain any content whatsoever.

Erica Sadun:

Those extra pounds allow you to change the way Swift interprets escape sequences. They transform escapes from simple backslashes to \#. To insert a newline into a pound-delimited string, you type \#n and not \n. Similarly, string interpolation becomes \#(...interpolation...).

This system was inspired by the Rust programming language. Rust stacks one or more pounds at each end of a string (and prefixes the letter “r”) to create what it calls “raw strings”, that is strings without further escape sequence interpretation. You cannot incorporate interpolation or coded tabs, new lines, or returns.

Swift adopts the extensible delimiters (skipping the ugly “r”) but retains its useful escapes, including string interpolation. Swift adapts each escape sequence to match the number of pound signs used at the start and end of the string. Instead of “raw strings”, Swift has, well, let’s call them “medium rare strings”. It allows you to paste and preserve raw formatting while retaining the ability to insert escape sequences.

Update (2019-02-21): Erica Sadun:

The development, refinement, and deployment of SE-0200 Enhancing String Literals Delimiters to Support Raw Text was a long and surprising journey. It ended with a uniquely Swift take on “raw strings” that focused on adding custom delimiters to string literals and escape sequences.

This post discusses what raw strings are, how Swift designed its take on this technology, and how you can use this new Swift 5 feature in your code.

Deciphering the Postcard Sized Raytracer

Fabien Sanglard:

This time Andrew produced something a little bit more verbose but with a much more interesting visual result. Since I was done with my Game Engine Black Books about Wolf3D and DOOM, I had the time to take a deep look at the internals of his mysterious code. I rapidly found myself mesmerized by the techniques I discovered. They diverged drastically from Andrew’s previous work based on a “standard” raytracer. It was an interesting experience to learn about ray marching, constructive solid geometry functions, montecarlo/path tracing rendering, and the many tricks he used to pack everything within such a small area.

Previously: Business Card Raytracer.

Fortnite Was 2018’s Most Important Social Network

Bijan Stephen (via Hacker News):

It’s easy to forget that Fortnite — a cultural phenomenon that now has over 200 million registered players — began as a failure. It was conceived as a player vs. environment game that Epic Games founder Tim Sweeney described as a cross between Minecraft and Left 4 Dead in 2015, before co-opting the last-man-standing mechanics of PlayerUnknown’s Battlegrounds and becoming the biggest game on the planet.

[…]

The game’s real achievement is subtler, though. Epic Games managed to produce a hit, sure, but the genius of it is how it’s rewritten the idea of what hanging out online can be. Fortnite is a game, but it’s also a global living room for millions of people, and a kind of codex for where culture has gone this year — it’s a cultural omnibus that’s absorbed everything from Blocboy JB’s shoot dance to John Wick. It got Ted Danson to learn how to floss. This thing is here to stay, as a new kind of social network.

Richard Leadbetter (via John Gruber):

The truth is that aside from minor modifications to unlock the frame-rate and add the option to the game’s menu system, no substantial code revamp was required at all. Fortnite on the latest iPhones runs at 60 frames per second simply by virtue of the new Apple A12 Bionic silicon - or rather its increased power and crucially, its superior thermal performance.

Update (2019-01-01): Owen Williams:

Fortnite is different, because it’s not even about the game at all: it’s a place we’re all going together.

Not only is Fortnite the new hangout spot, replacing the mall, Starbucks or just loitering in the city, it’s become the coveted ‘third place’ for millions of people around the world.

Update (2019-01-23): Chris Kerr (via Hacker News):

Streaming mogul Netflix claims Fortnite is now a bigger competitor than other media companies like Game of Thrones and True Detective producer HBO.

Thursday, December 27, 2018 [Tweets] [Favorites]

Microsoft Word for Windows 1.0 Postmortem

Opus Development Postmortem (PDF, via Hacker News):

In the summer of 1989, at a point where it seemed we might never converge, a program emphasizing quality of changes instead of quantity of changes was instituted. This program included code reviews and code ownership as well as a series of reminders and discussions to encourage people to think about and to be careful with the changes they made. This program was an attempt to instill some of the methods of zero-defects into a project that had gone a long time using an infinite-defects methodology and was too far in its development to consider starting from scratch.

[…]

The interesting thing shown by these charts is that at no time did testing find significantly more bugs than development was fixing. Yet the small difference in the find rate and fix rate caused the bug list to skyrocket[…]

[…]

During the entire period from December 1987 until September 1989 we estimated that we were between three and six months of shipping.

Why It’s Hard to Escape Amazon’s Long Reach

Paris Martineau and Louise Matsakis (tweet):

The company is known as the “everything store,” but in its dogged pursuit of growth, Amazon has come to dominate more than just ecommerce. It’s now the largest provider of cloud computing services and a maker of home security systems. Amazon is a fashion designer, advertising business, television and movie producer, book publisher, and the owner of a sprawling platform for crowdsourced micro-labor tasks. The company now occupies roughly as much space worldwide as 38 Pentagons. It has grown so large that Amazon’s many subsidiaries are difficult to track—so we catalogued them all for you. This is our exhaustive map of the Kingdom of Amazon.

@dynamicCallable: Unix Tools as Swift Functions

Helge Heß:

A new feature in Swift 5 are Dynamic Callable’s. We combine this with the related Dynamic Member Lookup feature to expose the filesystem and Unix shell commands as regular Swift objects and functions.

[…]

This is intended as a demo. It should work just fine, but in the name of error handling and proper Swift beauty, you might want to approach forking processes differently 🤓

[…]

An obvious limitation is that both features are statically typed. You can’t lookup one function thats returns an Int, and another function which returns a String. You have to tell the compiler in advance what type you expect.

[…]

Another limitation is that the reverse is not possible, i.e. you cannot lookup a Callable for a Swift function and dynamically invoke it via m.dynamicallyCall(withArguments:).

Previously: Schema-less Database With Dynamic Swift, Exploring @dynamicMemberLookup.

Shortcuts JS

Shortcuts JS (via Accidental Tech Podcast):

Shortcuts JS lets you build Shortcuts more efficiently by allowing you to leverage all of the features of JavaScript to generate a Shortcut, allowing you to create complex Shortcuts more quickly and more easily than ever before.

The JavaScript code is pretty ugly, but on the other hand you can edit it using an actual text editor on a big screen. The Shortcuts app has so much potential, but I get discouraged whenever I try to use the graphical editor—as well as when I try to run a simple shortcut from the home screen and it takes so long bouncing between apps that I don’t know whether it saved any time.

Computer Pioneers Advent Calendar

Alvaro Videla:

We just launched an advent calendar to highlight the lives of the pioneers of the computing age.

It’s called A Computer of One’s Own and features a wide range of women from early pioneers Elizabeth Holberton and Grace Hopper, to academics Barbara Liskov and Nancy Lynch, to game designer Roberta Williams.

Sunday, December 23, 2018 [Tweets] [Favorites]

Papercraft Computers

Jason Kottke:

Rocky Bergen makes paper models of vintage electronics and computing gear. And here’s the cool bit…you can download the plans to print and fold your own: Apple II, Conion C-100F boom box, Nintendo GameCube, and Commodore 64.

The Mac App Store Safari Extensions Experience

Jeff Johnson:

By widening the window, we go from seeing 12 apps to seeing 3½ apps. How is that possible? How is that good design?

[…]

Notice also that on Mojave, no ratings are shown with the apps, unlike in the High Sierra App Store. On Mojave, 5-star apps look the same as 1-star or 0-star apps in the list. This erases useful information for the customer and makes the vertical position in the list even more important.

[…]

In the Mac App Store, all of this developer’s apps have low ratings or no ratings, some of them “recently reset”, which suggests previously low ratings deleted. The customer reviews are also terrible. A lot of “does not work” and “crashes on launch”. You have to wonder how all these apps got through App Store Review, how the huge volume of apps from a single developer was not a red flag, and how Apple saw fit to prominently feature two of the apps in the Safari Extensions list. None of this reflects well on Apple’s curation of the App Store.

Previously: Is There Hope for the Mac App Store?, Stop The Madness.

Update (2018-12-23): Alex Popescu:

The Safari extensions part of the ecosystem is very broken. Not allowing a growing community of extensions is in my opinion hurting Safari usage numbers. I have Chrome on my machines because of its extensions. I would not touch it if I’d have those in Safari.

Tanner Bennett:

Extensions in Safari are so restricted that things like 1Password can’t even function as seamlessly as they do in other browsers.

Update (2018-12-27): Nick Heer:

Anyway, if you try to find every Safari Extension in the App Store, you’ll have a very difficult time. As far as I can work out, it’s completely impossible. If you search for “Safari extensions”, you’ll get a list of results that is completely different from the ones in the collection above. Just two extensions from the list of ten above are returned in the entirety of the store’s search results. Eight of them just don’t show up anywhere.

Acceptable Renewable Subscriptions Pitch Screens

Greg Pierce:

Oh, nice. App Review got me a “misleading subscription” rejection for Christmas.

It’s clear from all the rejections that App Review was tasked with auditing renewable IAP subs - which was needed and not a bad thing.

It’s not clear that they were given any better guidaince than we have on what is acceptable, so they are repeating their mistakes.

Greg Pierce:

I have created this unofficial App Review HIG addendum showing acceptable renewable subscriptions pitch screens. Hope it is helpful in developing a screen which will get through App Review - while also minimizing your conversion rate.

Tim Schmitz:

I’m really starting to agree with whoever suggested that Apple should provide a stock UI for subscription product listings. I’m sure we’d have complaints about it too, but at least it would help with some of the scams and we’d avoid this unpleasant dance.

Greg Pierce:

Yes. It’s very hard to offer the trial and be specific about the price without creating the worry that they will be charged immediately.

Luc Vandal:

They’re pushing us towards subscriptions. They should do a better job helping us accomplish this. Let’s hope they’ll improve this in 2019. To me, it’s just another level of stress that I don’t need dealing with App Store Connect at the moment.

Previously: How to Game the App Store, Apple Pulling High-Grossing Scammy Subscription Apps Off the App Store.

Update (2018-12-23): Ryan Jones:

100% true.

For those lucky enough to not deal with this: you must include all the fine print (because Apple can’t seem to bill when the trial ends), you must include the price, and the term, on the button*

*unless you’re a top app, go look, I dare you

Update (2019-01-16): Ryan Jones:

Apple gave Apple Music a special payment screen - without price or recurring subscription term.

Update (2019-01-28): Mike Stern:

New and updated subscription design guidance and App Store marketing guidance

Ryan Jones:

Notice: The Apple designers themselves can’t fit the subscription benefits and the fine print on screen IN THE SPEC.

I’ve spent 100+ hours on @FlightyApp’s screen, so I’m quite familiar.

(I hope we don’t see rejections when/if using this exact format.)

Update (2019-02-05): Kontra:

If Apple wanted to protect users from subscription scams at the App Store, it would standardize the purchase screen (with immutable embedded rules) that all devs would have to use for transaction.

(In design, purpose + constraints → clarity.)

David Barnard:

If Apple wanted to protect users from subscription scams on the App Store, it would redesign the payment confirmation screen for clarity & fix the TouchID confirmation flaw (What developers do wouldn’t matter nearly as much if Apple fixed those 2 things)

Why Instagram Is No Longer Optimized for Large Phone Screens

Guilherme Rambo (via Peter Steinberger):

The Facebook team responsible for Instagram had to use an older version of Xcode (Apple’s developer tool) to compile and submit the update to the App Store. For apps to work with the new screen size of the iPhone XS Max and XR, they must be compiled and submitted using Xcode 10, linking against the iOS 12 SDK.

[…]

From what we’ve been able to gather from sources, the Facebook team had to distribute the app with an older version of Xcode because of a common crash that can occur with apps compiled using the iOS 12 SDK but running on iOS 9, a system version which a large number of users of Instagram are still running.

Brave Rewards Update

Tom Scott (via Yan Zhu):

I don’t ask for donations or crowdfunding on any platform. If that ever changes, it’ll be incredibly obvious. If someone’s asking you for money or suggesting that you can donate to me, it’s not true and you should stay well clear.

This warning is prompted by a company called Brave, who’ve been taking cryptocurrency donations “for me”, using my name and photo, without my consent. I asked them not to, and to refund anyone who’s donated; they said “we’ll see what we can do” and that “refunds are impossible”.

[…]

Brave believes opting every creator into their system, and holding donations without consent, is ethical and in line with privacy laws. They also claim that a domain name or YouTube channel URL is not personally identifiable information. I disagree strongly with both of those.

I cannot see how ‘a YouTube URL is not personally identifiable information’ is compatible with the CEO’s statement that ‘Tom has $33 waiting for him’. Under GDPR, that’s clearly information (and money!) they’re holding that is connected to me.

Brave (tweet):

Starting tomorrow, Brave Rewards will clearly indicate which publishers and creators have not yet joined Brave Rewards, so users can better control how they donate and tip. This new message will appear in the regular donation process and in the tipping box. Moreover, creators that have not verified with Brave will no longer have their YouTube or Twitch channel images appear within Brave Rewards.

Friday, December 21, 2018 [Tweets] [Favorites]

Transitioning Capo to Subscriptions

SuperMegaUltraGroovy:

While other companies may require all their existing paid customers to subscribe in order to get future updates, we instead decided that none of our existing customers should require a subscription! Slowly, we hope to earn each one of your subscriptions by continuing to deliver great updates to the features you have, and by introducing exciting, subscriber-only features that (we hope) will be difficult for you to pass up.

I guess they’re doing this by looking at the purchase date in the Mac App Store receipt.

Previously: Productivity Apps and Subscription Pricing.

iMazing Leaves Setapp

Jason Snell:

A few Six Colors readers have pointed out that Setapp, the Mac app subscription service, has sent out an email indicating that the iPhone management utility iMazing will be leaving the service as of Dec. 27.

iMazing looks really neat. I didn’t realize it was possible for a third-party app to make wireless iPhone backups.

Stapp:

When you go, new users (and users who haven’t installed your app) cannot access your app anymore. However, those users who have already installed your app and use it, may continue doing so until they personally uninstall it. You continue receiving your share in revenue from these users, but stop getting the 20% Partner fee.

Amazon Sends Alexa Voice Recordings to a Random Person

Tara Seals (Hacker News):

In August, an Amazon customer in Germany (going by the alias “Martin Schneider” for purposes of the report) made use of his rights under the recently passed EU General Data Protection Regulation (GDPR) to ask for copies of the personal data Amazon has on file about him.

Amazon complied, sending Schneider a 100MB ZIP file which, among other things, contained about 1,700 Alexa audio files along with transcripts of Alexa voice commands. There was just one problem – Schneider doesn’t use Alexa. After listening to a few of the files, they were clearly of someone else speaking, so he concluded that Amazon sent him the data in error. But Amazon didn’t respond to his efforts to contact them about the problem, he said, so he contacted Heise Media’s c’t publication in mid-November.

[…]

“Using these files, it was fairly easy to identify the person involved and his female companion; weather queries, first names, and even someone’s last name enabled us to quickly zero in on his circle of friends,” according to the report. “Public data from Facebook and Twitter rounded out the picture.”

It’s great to have the right to see data that’s stored about you, but on the other hand I would feel safer if the policy were to never send the data to anyone.

Thursday, December 20, 2018 [Tweets] [Favorites]

My December Product Updates

As 2018 winds down, I’m pleased to announce some updates regarding my apps:

App Store Now Allows Gifting IAPs

Juli Clover:

Apple today made a tweak to its App Store Review Guidelines, allowing developers to implement a new feature that will let iOS users purchase in-app content as a gift.

Right now, iOS users can purchase paid apps as gifts for other iOS users, but there’s no way to purchase in-app content as a gift. As more and more apps work on a free-to-try or subscription basis with various content only available through an in-app purchase, this change to the in-app purchase rules makes sense.

So I assume this feature isn’t coming to the Mac App Store anytime soon. It doesn’t even support regular gifting.

Michael Love:

Question is whether they’re offering an official system for this or whether we have to hack together something of our own; if the latter, it would be yet another disappointing example of Apple punishing devs for offering non-consumable IAPs.

[…]

OTOH, the hopeful spin is that they’ve decided to start treating IAPs as equivalent to regular purchases (possibly after some back-end upgrades), in which case we might shortly see the two long-awaited feature requests of IAP Family Sharing + IAP for volume buyers come to pass.

Previously: Mac App Analytics Now Available in App Store Connect.

Apple Says Bent iPad Pros Are Not Defective

Chris Welch (Hacker News):

Apple has confirmed to The Verge that some of its 2018 iPad Pros are shipping with a very slight bend in the aluminum chassis. But according to the company, this is a side effect of the device’s manufacturing process and shouldn’t worsen over time or negatively affect the flagship iPad’s performance in any practical way. Apple does not consider it to be a defect.

[…]

And I’ve seen others from folks who are insistent their iPad came that way out of the box.

Apple is now saying that in some cases, the latter is true. And I can personally vouch for that: my 11-inch iPad Pro showed a bit of a curve after two weeks. Apple asked if I would send it their way so the engineering team could take a look. But the replacement 11-inch iPad Pro I received at Apple’s Downtown Brooklyn store exhibited a very slight bend in the aluminum as soon as I took off the wrapper.

At first, I thought this was a parody. This is what Apple wants its brand to stand for? A premium product that is bent right out of the box?

Juli Clover (tweet):

Shortly after the new 2018 11 and 12.9-inch iPad Pro models shipped out to customers, some MacRumors readers found bends in their tablets. Unsurprisingly, new iPad owners were upset and disappointed to find unwanted defects in devices that cost hundreds of dollars, but according to new information from Apple, a slight bend isn’t out of the ordinary.

[…]

The Verge suggests that those who are irritated by the bend “shouldn’t have any trouble exchanging or returning” an iPad Pro at an Apple Store, but that statement likely only applies to devices that are still under the return policy. Apple typically does not replace devices experiencing issues that are not considered manufacturing defects, so it’s not entirely clear if those with bent tablets outside of the return period will be able to get replacements.

Zac Cichy:

Something is definitely off about Apple’s wording here. I can’t imagine getting a brand new iPad at $800+ with a “slight bend” and that not being a defect. My guess is they’ll mostly replace these and their PR wording here is legally driven.

Worst case scenario: you immediately return the iPad and buy a new one.

I just seriously hope Apple stores aren’t actually telling customers that a slight bend in their very expensive new device is within the range of normal expectation.

Nut Button:

Like I’m sure that’s a manufacturing issue but Apple has earned a rep for sweating the tiniest of details so it’s a little jarring seeing stuff like that

Michael Love:

This is a pointlessly stupid response from Apple, yes - would be so easy to just say a few of them are bent by accident + welcome users to exchange bent devices within 14 days after receiving them, sounds way better + unlikely to cost them much since people would do that anyway.

If anything, encouraging people to exchange bent models would increase the odds of the people who were exchanging them anyway taking a chance on a second unit rather than just giving up on the whole thing.

Dave Mark:

Is this really normal? Look at the image in the linked article. Certainly seems like a manufacturing defect to me.

Marko Karppinen:

Apple should decide whether they want to be the company that ships iPads a little bent from the factory and calls it normal, or the company that charges up to $1899 for an iPad. Doing both seems untenable

Nick Heer:

These are thousand-dollar devices designed and engineered by a company known for its fastidious attention to detail; there is simply no excuse why they should be bent as a result of its manufacturing.

Previously: iPad Pro 2018, The Magic Keyboard With Numeric Keypad Is Apparently Bendy, iPhone 6 Bendgate and Touch Disease, Just Avoid Sitting in That Way.

Update (2018-12-23): Quinn Nelson:

Apple’s in the wrong. It’s one thing if a customer bends the device, but shipping a product bent is entirely different. It’s a defect.

Dan Riccio (9to5Mac):

Relative to the issue you referenced regarding the new iPad Pro, its unibody design meets or exceeds all of Apple’s high quality standards of design and precision manufacturing. We’ve carefully engineered it and every part of the manufacturing process is precisely measured and controlled.

Our current specification for iPad Pro flatness is up to 400 microns which is even tighter than previous generations. This 400 micron variance is less than half a millimeter (or the width of fewer than four sheets of paper at most) and this level of flatness won’t change during normal use over the lifetime of the product.

This seems like a response to an entirely different issue. Or is he implying that all the photos are fake or somehow distorted?

John Gruber:

400 microns = 0.4mm. The question is how noticeable is “up to 400 microns” of bend?

If 300-400 microns is noticeably bent, I think this is a problem. The photos of bent iPads people are sharing look like they’re bent a lot more than 0.4mm. But it’s only 5.9mm thick so maybe 0.4mm is noticeable?

Nick Heer:

I can’t remember this being an issue previously. Maybe the flat edges make it more noticeable, too?

Michael Love:

400 microns = nothing approaching the bend in this photo or the sort of bend people have been complaining about. So this definitely looks like a botched PR response rather than an actual BendGate. (which I guess is a good sign Apple-QA-wise, but still a stupid mistake)

Juli Clover:

Riccio’s email also says that a company statement was not included in the original information disseminated by The Verge, and that Apple will be reaching out to media outlets to comment officially.

Odd to provide two official responses but to postpone the official “statement” until, I guess, after the holidays.

Update (2018-12-27): Michael Simon:

In his email to a disgruntled iPad owner, Apple VP Riccio said a statement from Apple regarding the situation would be forthcoming. One might assume it would wax intellectual about acceptable microns and the “specification for iPad Pro flatness.” But a week later, the statement still hasn’t arrived, which is all you need to know about Apple’s handling of this whole situation.

With scattered reports across forums, we have no way of knowing how many iPads are affected, but even if it’s only less than 20 iPads total, Apple would be wise to recognize that any bent iPad is a problem, and offer replacement units and refunds on any AppleCare costs. This is literally about damage control, and a small token would go a long way toward protecting Apple’s premium brand promise.

Update (2018-12-28): Bob Burrough:

Here’s a render of two iPad Pro sized blocks, edge on. The block on the left is unbent. The block on the right has a 400 micron bend.

Michael Gartenberg:

Returned my iPad this morning. Perhaps it was within Apple tolerances but Apple tolerances shouldn’t allow for a clear noticeble bend. Much as monitors with noticeble dead pixels aren’t acceptable either.

Update (2019-01-01): scott:

Apple won’t replace these bent iPad’s. This is what Apple considers normal now and what the Apple press considers to be the best quality hardware in the world.

Update (2019-01-08): See also: The Talk Show.

Apple (via MacRumors):

These precision manufacturing techniques and a rigorous inspection process ensure that these new iPad Pro models meet an even tighter specification for flatness than previous generations. This flatness specification allows for no more than 400 microns of deviation across the length of any side — less than the thickness of four sheets of paper. The new straight edges and the presence of the antenna splits may make subtle deviations in flatness more visible only from certain viewing angles that are imperceptible during normal use. These small variances do not affect the strength of the enclosure or the function of the product and will not change over time through normal use.

If you believe your new iPad Pro does not meet the specifications described in this article, please contact Apple Support. Apple offers a 14-day return policy for products purchased directly from Apple.

Nick Heer:

Apple is sticking by its assertion that tolerances for flatness are finer on newer iPads than on older models. But it is equally true that we have not previously seen reports of iPads bent in this fashion.

Update (2019-02-04): Juli Clover:

Over on the MacRumors forums, our readers who have run into the bending issue have been sharing their experiences with replacements, Apple support, and more, so that thread is well worth checking out if you’ve purchased a new iPad Pro model with a bend in it.

The Case Against Marzipan

Uluroo (tweet):

Touch and cursors are diametrically opposed interface design paradigms. To prioritize one is to compromise the other. Clearly it would be a mistake to put macOS on the iPhone, or to put iOS on the Mac. You would end up with an interface that was either too dense or too spread-out for the hardware it ran on. If it’s bad for operating systems to cross the boundaries of platforms, why does anyone think it will be good for apps to? They play by the same rules as anything else.

[…]

Apple should be setting the example for third-party developers. When it’s not making good software, developers shouldn’t be expected to. Apple is the root of the problem here; its apps, the shining beacon that attracts developers to this new API, are so bad it’s not even funny.

[…]

Marzipan is the antithesis of the Mac. It is a slow venom that, if it spreads far enough, will kill everything that makes the Mac worth having. At this point, it seems unlikely that Apple will administer the antidote and give Marzipan the axe. But that’s what needs to happen.

Previously: The Mojave Marzipan Apps, Electron and the Decline of Native Apps.

Update (2018-12-23): Gregory Sapienza:

Problem is: without this initiative Apple would be handing over macOS to the world of electron indefinitely

Uluroo:

I agree that Marzipan isn’t the bottom of the scale, but that doesn’t justify its existence. Another alternative is real, good apps.

Part of what makes this annoying is Apple’s own cross-platform work. For first-party apps, Apple should not consider Marzipan acceptable.

Apple should be setting the example for developers. If News and Stocks had been well-made apps, optimized for macOS, maybe I wouldn’t be so convinced that Marzipan is bad. But Apple has not just made the development process easier — it’s lowered its own design standards.

Drew McCormack:

Don’t really get the fear mongering around Marzipan. Will the Marzipan apps be great apps? Nope. Will it mean at least we have some apps where there were none? Yep. Is there always an opportunity for a good Mac dev to make a quality product stealing the whole show? Yep.

At the micro level, this is probably true. But what about the ecosystem as a whole? It does not bode well that Apple is either unable or unwilling to do a good job—either for Apple’s commitment to the Mac platform or for the ability of Marzipan to make good apps possible. Secondly, an onslaught of these types of apps, blessed by Apple, will shift the standards of what users will put up with, reducing the taste for quality. And Apple will fill the Mac App Store with them, making it harder to find the gems.

Craig Scott:

It will result in an expectation of buy once, run everywhere - and the once will be at iOS prices. This will make Mac development less profitable - hence fewer high quality apps.

Alastair Houghton:

IMO the real worry (as a user as much as a developer) is that maybe we’re importing the obnoxious iOS ecosystem and all its sharp practices to macOS?

Update (2018-12-27): See also: The Talk Show.

Steve Troughton-Smith:

Loved the Marzipan discussion, but people really need to temper the ‘of course Marzipan isn’t the /real/ solution’ discussion. What on earth about Apple’s last decade suggests to you that they have the bandwidth for yet a third platform in the wings to be the ‘real’ way forward?

Steve Troughton-Smith:

I don’t think you could choose to make Marzipan happen today, 8 yrs after they should have started that work, w/o having spent yrs following the ideal path down the rabbit hole & leaving w/ nothing to show for it. Should have been Plan A a decade ago, but no way it’s Plan A today

Indeed, one of the most puzzling aspects of Marzipan is its timing. In 2011 or so, I thought Apple must be on the verge of introducing something like this. That it took so long and yet still seems so rough is surprising.

Steve Troughton-Smith:

Personally, I would treat Marzipan as an ‘all hands on deck’ project. Everybody across iOS and macOS at Apple needs to make this not just work, but be a great desktop platform, and the primary focus of desktop app development at Apple from now on. Dogfood the heck out of it

I’m embracing it because either this works or the Mac dies. I don’t think it’s the right solution and it’s not what I would have done at this stage of the platform’s evolution. I would have committed to killing macOS a decade ago and spent the decade making iOS fit to replace it

Francisco Tolmasky:

It’s really hard to understand what is needed from a framework if you’re not writing innovative apps. If Apple were still striving to make iWork or FCP quality apps, they’d have more insight into other paths to follow. “Pure framework” design with only toy apps is dangerous.

Riccardo Mori:

I would have committed to, you know, just make Mac OS –AND– iOS better. Apple ought to have enough resources to do just that.

Pieter Omvlee:

I think it should have started 10 years ago with unifying basic APIs and classes and then build up from that. It’s a bit too late for that now so I understand the why behind Marzipan though it saddens me

Influencers Are Faking Brand Deals

Taylor Lorenz:

A decade ago, shilling products to your fans may have been seen as selling out. Now it’s a sign of success.

[…]

But transitioning from an average Instagram or YouTube user to a professional “influencer”—that is, someone who leverages a social-media following to influence others and make money—is not easy. After archiving old photos, redefining your aesthetic, and growing your follower base to at least the quadruple digits, you’ll want to approach brands. But the hardest deal to land is your first, several influencers say; companies want to see your promotional abilities and past campaign work. So many have adopted a new strategy: Fake it until you make it.

[…]

Taylor Evans took the fake-“sponcon” game one step further, once faking the entire purpose of a trip to Miami. Technically, she was just there on vacation, paying her own way for everything, but on Instagram she positioned it as an exclusive press trip.

Wednesday, December 19, 2018 [Tweets] [Favorites]

Google Intentionally Favoring Chrome, Hurting Edge?

JoshuaJB (via comex, Catalin Cimpanu):

I very recently worked on the Edge team, and one of the reasons we decided to end EdgeHTML was because Google kept making changes to its sites that broke other browsers, and we couldn’t keep up. For example, they recently added a hidden empty div over YouTube videos that causes our hardware acceleration fast-path to bail (should now be fixed in Win10 Oct update). Prior to that, our fairly state-of-the-art video acceleration put us well ahead of Chrome on video playback time on battery, but almost the instant they broke things on YouTube, they started advertising Chrome’s dominance over Edge on video-watching battery life. What makes it so sad, is that their claimed dominance was not due to ingenious optimization work by Chrome, but due to a failure of YouTube. On the whole, they only made the web slower.

Now while I’m not sure I’m convinced that YouTube was changed intentionally to slow Edge, many of my co-workers are quite convinced - and they’re the ones who looked into it personally. To add to this all, when we asked, YouTube turned down our request to remove the hidden empty div and did not elaborate further.

And this is only one case.

Steve Troughton-Smith:

Make no mistake, Google crippling GSuite on iPad is absolutely intentional. They can singlehandedly propel the narrative that MobileSafari isn’t a good browser, especially in businesses and education. If Apple were to improve Safari, Google would just break something new

Nick Heer:

Chromium is, by all accounts, an excellent rendering engine. It is not inherently bad for Microsoft to switch its rendering engine, and it is not even necessarily bad that there is less diversity amongst rendering engines. The concern is that Google’s rendering engine is not separate from Google as a company, and its manipulative and self-preferential tactics for directing the web in a direction it favours.

Malte Ubl:

I see some folks sharing anecdotes abound Edge browser development. And boy, do I have anecdotes. The EdgeHTML side of the story is totally made up, because I have no insider knowledge whatsoever–but who would let that go in the way of a good anecdote?

[…]

I happened to work on an apparently sufficiently popular website Google+ (RIP) to make their “Must under all circumstances work” compatibility list.

First this felt pretty cool. We tested the site in Edge and it seemed to just work. Nice.

But then shit started to fall apart. Literally every day our dev team broke Edge.

It turned out the browser implemented the sparsest possible subset of the web platform to make Google and other popular websites work. And literally nothing else.

So, whenever you added code that used an API which was reasonable to assume present in a browser that managed to start up the app, that just didn’t work.

It seemed like at times they implemented web APIs in a way that only accepted exactly the arguments that we happened to pass.

Previously: Microsoft EdgeHTML Replaced by Chromium, On Switching From an iPad Pro and a MacBook to a Pixelbook.

Remote Code Execution Vulnerability in SQLite

Tencent (Hacker News):

Magellan is a remote code execution vulnerability discovered by Tencent Blade Team that exists in SQLite. As a well-known database, SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence. After testing Chromium was also affected by this vulnerability, Google has confirmed and fixed this vulnerability.

D. Richard Hipp:

Reports of an RCE vulnerability in SQLite are greatly exaggerated. Some clever gray-hats found a way to get RCE using maliciously crafted SQL. So, IF you allow random internet users to run arbitrary SQL on your system, you should upgrade. Otherwise, you are not at risk.

Patrick Walton:

Hipp (SQLite author) argued with me once, and I eventually conceded, that memory safety isn’t important if you have 100% branch coverage (and moreover that memory safety is undesirable since it slows dev velocity).

Matt Denton:

The vulnerabilities are in the FTS3 extension of SQLite, which does not have 100% branch coverage. Your argument is based on a false premise. (Not that I disagree with you)

nneonneo:

It is very likely that this bug only affects systems which accept and run arbitrary SQLite3 queries. This includes Chromium, because Chromium ships with WebSQL. The Google Home is probably vulnerable because it can be coerced to load a webpage. I doubt that this bug affects systems that merely use SQLite as a database without providing external query access.

My best guess for the bug is that arbitrary SQLite queries, prior to 3.26.0, were permitted to write to the shadow tables used by various plugins to implement features. fts3/4, prior to 3.25.3, appear to contain an integer overflow bug which can be triggered by manually modifying the fts index data. A careful application of this integer overflow appears to make it possible to truncate a writable buffer, leading to a nice heap overflow condition that can be exploited by further crafted SQL queries.

D. Richard Hipp:

The vulnerability only exists in applications that allow a potential attacker to run arbitrary SQL. If an application allows that, it is usually called an "SQL Injection" vulnerability and is the fault of the application, not the database engine. The one notable exception to this rule is WebSQL in Chrome.

[…]

Our intent is that SQLite should be secure against these kinds of attacks. We have spent years fuzzing it to try to find these problems. But the thing is, we never configured a fuzzer in such a way that it might start modifying the shadow tables of FTS3, and so we missed this one.

D. Richard Hipp:

The coverage testing used by SQLite is very good at finding problems that occur when the system is used as it was intended. Fuzz testing is better for finding vulnerabilities that can be exploited by a hacker. The 100% MC/DC testing in SQLite is very useful in ensuring that the code does what is intended for sane inputs. And 100% MC/DC helps prevent us from breaking things as we evolve and enhance the code. But the MC/DC testing is less useful at fending off attackers.

[…]

Hence my takeaways from this episode include that I need to extend 100% MC/DC testing to all commonly used extensions in SQLite, including FTS3, FTS5, and RTREE, and I need to improve fuzz testing throughout SQLite but especially in extensions.

D. Richard Hipp:

The actual standard is called “modified condition/decison coverage” or MC/DC. In languages like C, MC/DC and branch coverage, though not exactly the same, are very close.

Achieving 100% MC/DC does not prove that you always get the right answer. All it means is that your tests are so extensive that you managed to get every machine-code branch to go in both directions at least once. It is a high standard and is difficult to achieve. It does not mean that the software is perfect.

[…]

My experience is that the weird tests you end up having to write just to cause some obscure branch to go one way or another end up finding problems in totally unrelated parts of the system. One of the chief benefits of 100% MC/DC is not so much that every branch is tested, but rather that you have to write so many tests, and such strange, weird, convoluted, and stressful tests, that you randomly stumble across (and fix) lots of problems you would have never thought about otherwise.

Conversations With AI, Featuring Brian Roemmele

Vector:

Voice-first advocate Brian Roemmele returns for a chat with Rene Ritchie about the current status of Siri at Apple, and its place among other voice assistants. In January of this year, he told Rene the company’s reluctance to let the Siri feature become the SiriOS platform is holding them back. As of December 2018, let’s see where things stand now.

This was a wide ranging and very interesting conversation. I don’t really understand the context for Roemmele’s comments about Apple having an advantage in on-device voice assistants. Siri seems to be completely useless without a network connection. It can’t even add a reminder or play local music. And lately it’s been extremely unreliable for me even when connected, failing well over half the time due to a connection error when the phone reports full bars and other apps work perfectly. It’s even failing over Wi-Fi sometimes.

His breakdown of missed Apple Pay opportunities, perhaps because of corporate politics, is depressing. Apple Pay for the Web is not deployed as widely as I’d hoped, and in my experience it almost never works. I’ve seen all sorts of weird failures and errors over the years. The current one, which I ran into just hours after listening to this podcast, is that the sheet slides down in Safari and then slides right back up before I can click on anything.

Nilay Patel:

Top spot in the App Store right now is interesting

John Voorhees:

Today, Apple began promoting Apple Music’s availability on Echo devices through three different channels.

Bob Burrough:

2011: Apple introduces the world’s first voice assistant.
2018: Apple is push-advertising Amazon’s voice assistant.

Previously: More Push Notification Spam From Apple, Amazon Offering Apple Products, Apple Hires John Giannandrea.

Update (2018-12-20): Juli Clover:

Apple today announced John Giannandrea, who handles machine learning and AI for the company, has been promoted to the Apple’s executive team and is now listed on the Apple Leadership page as a senior vice president.

More Push Notification Spam From Apple

Oliver Thomas:

I just received a push notification for the offer (not an email)

Nilay Patel:

No, Apple. Bad. Desperate unsolicited push notifications are bad.

That services narrative looks a lot sketchier if it relies on the same growth hack trickery Apple forbids other people from using

Ryan Jones:

Lovely. And I do not have Apple Music.

Joe Rosensteel:

Hopefully some day Apple can afford to hire a developer that can check a list of people that are already using a feature before sending out mass, unsolicited notifications.

John Parkinson:

I like the advertising emails telling me to buy $new_product_x that I already registered on my AppleID.

Tim Schmitz:

Why am I getting spammed with push notifications about the Emmy’s? Why did I get subscribed to an Emmy news channel I don’t want, and why can’t I remove it?

Juli Clover:

Apple has recently been sending out unsolicited notifications to iOS users, promoting Carpool Karaoke episodes and the availability of Apple Music on Amazon Echo devices.

[…]

Unfortunately there’s no way to keep the TV or Music notifications you do want without also getting the unwanted notifications from Apple.

[…]

Apple’s App Store rules do not allow for apps to send notifications for advertising, promotions, or marketing purposes, but it appears those rules don’t apply to Apple’s own notifications.

Chance Miller:

In the last month, Apple has sent a flurry of push notifications to iOS users ranging from iPhone XR promotions to HomePod promotions, Carpool Karaoke episode releases, and more.

[…]

Humorously, Apple regularly touts that Apple Music has “zero ads,” though one might consider this notification an ad in and of itself.

Previously: Push Notifications to Send Promotions, Apple Pushes iPhone 6s Pop-up Ads to App Store, 2018 iPhone Sales.

Update (2018-12-21): Dave Verwer:

In response to this week’s iOS Dev Weekly comment, someone just sent me this screenshot... I think it says everything about how well respected rule 4.5.4 is...

Update (2018-12-23): Marco Arment:

App Store rule 4.5.4 is a joke. Not only is it completely unenforced, but Apple now frequently, blatantly violates it to spam us.

[…]

Apple’s non-enforcement of the rule against marketing push notifications makes iOS on most people’s iPhones feel like a cheap, spammy flea market.

Apple itself now contributing to that is a huge failure to protect their own premium brand image for short-term promotional gains.

Update (2018-12-31): Marko Karppinen:

App Store 2018

Update (2019-01-25): Dylan Seeger (via Marco Arment):

More push notification spam from Apple. Somebody better alert the app review team.

Shutting Down Apple Music Connect

Apple:

Connect posts from artists are no longer supported.

Joe Rossignol (9to5Mac):

Apple today announced that its Apple Music Connect social platform for artists is in the process of shutting down, suffering the same fate as Ping, the company’s previous social network for music removed from iTunes in October 2012.

Zac Cichy:

Apple removing Connect from Apple Music feels like the latest in a series of mistakes with the service. Don’t get me wrong: I like Apple Music, but I’m tired of them giving up where they ought to be iterating.

Zac Cichy:

Another issue I have with Apple Music: it is shockingly difficult to find out about new music from artists you definitely listen to. In theory, that stuff shows up in New Releases under For You, but it doesn’t always. And they killed “Music from artists you like” in iTunes.

So there is effectively no great way to keep up to date with new music from artists I love from Apple Music or iTunes on iOS. It’s just kind of a bummer. I stay subscribed to Apple Music for the integration, but they are sorely lacking on the little details.

Nick Heer:

Connect was a ghost town within the first ninety days of Apple Music’s launch. […] Aside from Connect, I think Apple Music’s social features have been fairly successful.

John Gruber:

Two areas where Apple has never really succeeded: serious gaming and social media. Two areas where Steve Jobs never seemed interested: serious gaming and social media. I just don’t think either of these things are in Apple’s DNA.

Kirk McElhearn:

Initially, Connect was one of the tabs at the top of the iTunes window when users were in Apple Music. It was later relegated to a tab in For You, and most likely people simply ignored it. I had followed some artists and labels, and checked it from time to time, but there was never anything interesting.

It’s worth noting that Apple has also removed the Recommendations tab in For You[…]

Previously: Apple Music Connect, Apple Music: Connect.

App Store Ratings, Reviews, and Payments Hiccups

Alexander Schuch:

Looks like roughly half of App Store ratings & reviews no longer show up. Noticed that on my own app first, but other apps seem to be affected as well.

The Apple Post:

Developers are reporting seeing a random drop in app ratings in what is believed to be a bug with the App Store Ratings & Reviews system, with some apps seeing a sharp decline in star-ratings, and others claiming to see missing written reviews and developer responses.

Joe Rossignol:

The problem was alerted to us by MacRumors reader Robin van Doorn, who noticed that his apps Centraal Beheer and Run Trainer suddenly have around 1,000 fewer ratings displayed in the App Store. Other developers have acknowledged the glitch on Twitter, although not every developer is affected.

While some developers have seen their ratings count return to normal, others have tweeted about the issue within the past few hours[…]

Dave Howell:

I‘m furious at @AppStore. They didn’t make my Dec 6 payment. I inquired on Dec 11, got a 9-word response 6 days later claiming they tried and my bank denied it. This is not true. Do better, @Apple!

Do real customer support. Apologize when you fail. Don’t lie. Pay your bills.

Update (2018-12-23): Dave Howell:

Now Apple Royalties is saying not only will they be two months late with our Oct sales (due Dec 6), but also one month late for Nov sales.

“We are unable to process any additional payments for December. The earliest available payment date is 31 January 2018.”

Unbelievable.

Mac App Analytics Now Available in App Store Connect

Apple:

Your app data from the new Mac App Store on macOS Mojave is now available in App Store Connect. Now you can find out how many times your app was seen on the Mac App Store, how many times your product page was viewed, and how many new customers downloaded your app. You can also see sales numbers for in-app purchases as well as for paying users, and more.

Kuba Suder:

Forget Mac app analytics, this is the real news - we can finally localize App Store pages to Polish It only took them 10 years

Still no gifting of Mac apps.

Max Seelemann:

No sessions and crashes it seems, but App Store Impressions is an entirely new metric to the Mac.

macOS sales numbers seem to only start somewhere midday on Friday though, so they only contain half a week.

Previously: Is There Hope for the Mac App Store?, Pre-WWDC App Store Changes.

Wednesday, December 12, 2018 [Tweets] [Favorites]

What’s Apple’s Plan for Haptic Touch and 3D Touch?

Benjamin Mayo:

iOS 12.1.1 added Haptic Touch support for notification previews on iPhone XR. It also added a new menu in Accessibility settings that lets you change the Haptic Touch settings …

[…]

Prior to this release, a third-party developer could perfectly copy the Haptic Touch experience in their own apps by setting up a long press gesture recognizer, that concludes with a haptic vibration. However, now that users can adjust the duration in this new Haptic Touch menu, a third-party app will not be able to stay in sync with the user’s preferences.

The supported API for 3D Touch allows apps to inherit the exact same behavior (including changes to 3D Touch Sensitivity) as Apple’s 3D Touch implementations, but an analogous system for Haptic Touch does not currently exist.

Nick Heer:

It is worth asking: if the same action is invoked by using 3D Touch as it is when the user simply taps and holds, then what is the clear and direct intent of 3D Touch?

However, I think it’s a feature that is made worse by its exclusion on the iPhone XR, where it is sort of replaced with Haptic Touch. Haptic Touch is like 3D Touch, except for all of the ways in which it is not. It works for the flashlight and camera buttons on the lock screen, invokes a trackpad from the onscreen keyboard’s space bar, and, as mentioned earlier, on notification bubbles. But it does not work in every place 3D Touch does: an app’s icon on the home screen does not display a menu when the user touches and holds on it, and the peek and pop gestures are unseen.

[…]

But if 3D Touch is truly on its way out, it should be a clean kill across the board. A piecemeal approach with a similar-but-not-quite-the-same feature on just one product is a confusing distraction.

Previously: What is Haptic Touch on iPhone XR?.

Australian Assistance and Access Act

Danny O’Brien:

With indecent speed, and after the barest nod to debate, the Australian Parliament has now passed the Assistance and Access Act, unopposed and unamended. The bill is a cousin to the United Kingdom’s Investigatory Powers Act, passed in 2016. The two laws vary in their details, but both now deliver a panoptic new power to their nation’s governments. Both countries now claim the right to secretly compel tech companies and individual technologists, including network administrators, sysadmins, and open source developers – to re-engineer software and hardware under their control, so that it can be used to spy on their users. Engineers can be penalized for refusing to comply with fines and prison; in Australia, even counseling a technologist to oppose these orders is a crime.

[…]

Levy explained that GCHQ wants secure messaging services, like WhatsApp, Signal, Wire, and iMessage, to create deceitful user interfaces that hide who private messages are being sent to.

In the case of Apple’s iMessage, Apple would be compelled to silently add new devices to the list apps think you own: when someone sends you a message, it will no longer just go to, say, your iPhone, your iPad, and your MacBook – it will go to those devices, and a new addition, a spying device owned by the government.

Via Jeffrey Goldberg:

One of the most disturbing things about the Assistance and Access Act is that it apparently authorizes the Australian government to compel someone subject to its laws to surreptitiously take actions that harm our customers’ privacy and security without revealing that to us. Would an Australian employee of 1Password be forced to lie to us and do something that we would definitely object to?

We do not, at this point, know whether it will be necessary or useful to place extra monitoring on people working for 1Password who may be subject to Australian laws. Our existing security and privacy design and internal controls may well be sufficient without adding additional controls on our people in Australia. Nor do we yet know to what extent we should consider Australian nationality in hiring decisions. It may be a long time before any such internal policies and practices go into place, if they ever do, but these are discussions we have been forced to have.

Update (2019-02-28): Jeff Johnson:

With Underpass, all of the app’s code is on your device. Your device is the chat server. Thus, nobody can secretly install a back door. Most chat services would be faced with the dilemma of installing a back door on their servers or shutting down service entirely in Australia. Since Underpass is peer-to-peer, it would not face this dilemma. The version of Underpass that you’ve already installed can’t ever be shut down, not by a government, not even by me. I intentionally designed it so that I can’t shut it down. Control over the app is entirely in the hands of the customers.

Bruce Schneier:

Last week, Australia passed a law giving the government the ability to demand backdoors in computers and communications systems. Details are still to be defined, but it’s really bad.

Note: Many people e-mailed me to ask why I haven’t blogged this yet. One, I was busy with other things. And two, there’s nothing I can say that I haven’t said many times before.

Previously: FBI Asks Apple for Secure Golden Key.

The Many Setups of the 2018 iPad Pro

Federico Viticci:

But what makes iPad unique is that, unlike a desktop computer or laptop, it is able to take on other forms – and thus adapt to different contexts – simply by connecting to a variety of removable accessories. The iPad can be used while relaxing on a couch or connected to a 4K display with a Bluetooth keyboard; you can work on it while waiting in a car thanks to built-in 4G LTE, or put it into a Brydge keyboard case and turn it into a quasi-MacBook laptop that will confuse a lot of your friends who aren’t familiar with iPad Pro accessories. In a way, the iPad is modern computing’s version of Kirby, the famous Nintendo character that is a blank canvas on its own, but can absorb the capabilities of other characters when necessary.

See also: Marco flies next to a Microsoft commercial.

Previously: iPad Pro 2018.

Apple Puts Third-party Screen Time Apps on Notice

Sarah Perez (via Dan Masters):

A number of app developers building third-party screen time trackers and parental control applications are worried that Apple’s increased scrutiny of their apps in recent weeks is not a coincidence. With Apple’s launch of iOS 12, the company has implemented its own built-in screen time tracking tools and controls. Not long after, developers’ third-party screen time apps came under increased review from Apple, and, in some cases, rejections and removals from the App Store.

[…]

Some of the developers, we understand, were told they were in violation of App Store developer guideline 2.5.4, which specifies when multitasking apps are allowed to use background location. Specifically, developers were told they were “misusing background location mode for purposes other than location-related features.”

[…]

In an odd turn of events, after Space and Mute published on their public company blogs to complain, they received a call from Apple and had their apps reinstated on the App Store.

Previously: Apple Removes RescueTime From the App Store.

Don’t Believe System Information’s Legacy Software

Howard Oakley:

Mojave introduces a new feature in its bundled tool System Information: in the Software section is a list of Legacy Software. According to Apple’s Support Note:

If you’re using macOS Mojave, select Legacy Software in the sidebar to see all applications that have not been updated to use 64-bit processes.

Only what you’ll see in Legacy Software is far from complete, and thoroughly misleading.

Previously: ScanSnap 64-bit Software Update, Removed in macOS 10.14 Mojave.

Tuesday, December 11, 2018 [Tweets] [Favorites]

Make the iPad More Like the Mac

Radu Dutzan (via Daniel Cohen):

Fast forward to almost-2019: the iPad is now “Pro”, the screen goes up to 13", it has an optional keyboard and pointing device, and bests over half the MacBook line in benchmarks. Yet it still runs the iPhone’s OS. Yeah, they added a fancier multitasking UI and the ability to run up to 3 apps at once in a limited set of configurations, but it still behaves like it’s a pocket-sized device for use with your imprecise fingers as you walk down the street. The home screen is still just a sparse grid of apps, a useless mess left to the user to manage. Things like Spotlight, Siri, voice calls or interacting with notifications still take up the entire screen, and so do apps (except for the highly limited and sometimes confusing floating window mode). Undo is still a mess. And text cursor behaviors are a bureaucratic hassle, even when used with a Pencil.

[…]

I’m so tired of holding my breath for Apple to release some sort of iPad Xcode, and the people at Sketch said back in 2015 that it just didn’t make financial sense for them to build a touch version, so I pulled the trigger, and got the Luna on Black Friday. It arrived yesterday, and I’ve been living my dream: I’m running macOS on my iPad. Well, not so much as running it on the iPad, more like streaming it from my Mac, but it’s pretty close.

[…]

There are so many places where the iPad could benefit from some adaptation of tap-and-drag selection. […] That same heuristic could be applied to iPad text fields and layout apps such as Keynote: after holding a touch still on a text field or on the canvas for a set amount of time, the gesture could become a selection drag, and moving your finger could begin selecting the text or objects encompassed by the net dragged distance.

Previously: iPad Pro 2018, Using an iPad as a Mac mini Display, Proof That iOS Still Hasn’t Gotten Undo Right.

Update (2018-12-12): Michael Love:

This; but, RAM is still a fundamental issue we don’t have a good solution for. Essential to iPad’s nature that it always be running / turn on instantly, but you can’t do that with 16 GB RAM without a gonzo battery.

Apple can come up with an utterly flawless desktop-replacement OS for iPad in 2019, but as long as it’s stuck at 4-6 GB of RAM it’ll never be able to run Xcode or other professional apps without offloading most of the work to a server somewhere.

Colin Cornaby:

I also want to tack onto this that iOS’s no-swap-file memory architecture is basically unacceptable for pro apps. Alone it is a blocker for things like Xcode and Final Cut Pro.

Update (2018-12-19): See also: Dave Mark.

Tracking Leakers With Watermarked Screens

Cullen (via Ryan McLeod)::

One of the most fun jobs I ever had was figuring out how to embed the serial number of your Xbox 360 into rings emanating from the bottom right, so we could track and identify leaks

Majd Taby:

In 2010 someone at MobileMe encoded the IP address into the paddings and margins of the page to track leakers.

Sendatsu:

This thread post contains detailed information on how to view a hidden watermark which has been verified to exist embeded in JPG screenshots produced by the WoW client. The watermark itself includes, encoded in unencrypted bytes, the user’s account name (\World of Warcraft\WTF\Account\), an HH:MM timestamp and the IP address of the server.

The Key From Before Enabling FileVault

Lloyd Chambers:

The behavior I observe implies that turning on FileVault and supplying a password does nothing more than encrypt the encryption key already there using the user-supplied password (and presumably a random salt value or vice versa). Because if the data is already encrypted, the decryption key and/or salt value either must remain the same, or all the data must be decrypted and re-encrypted.

Which suggests some level of security risk since that key already existed without the password protection of the user-supplied encryption password. I presume that the T4 secure enclave somehow forestalls this security risk, but I do not know the details. Maybe there is some per-chip specificity that forestalls a general security weakness. Even so, that assumes hardware invulnerability, which is not possible.

I have been wondering about that, too.

Why I’m Usually Unnerved When Modern SSDs Die on Us

Chris Siebenmann:

Like most of the SSDs deaths that we’ve had, this one was very abrupt; the drive went from perfectly fine to completely unresponsive in at most 50 seconds or so, with no advance warning in SMART or anything else. One moment it was serving read and write IO perfectly happily (from all external evidence, and ZFS wasn’t complaining about read checksums) and the next moment there was no Crucial MX300 at that SAS port any more. Or at least at very close to the next moment.

[…]

What unnerves me about these sorts of abrupt SSD failures is how inscrutable they are and how I can’t construct a story in my head of what went wrong.

Epic Removes Infinity Blade From the App Store

Eli Hodapp (tweet):

The App Store had evolved considerably over the years, but one of the most distinct divisions of time in the early days of the App Store was the release of Epic’s Infinity Blade. Our review, published almost exactly eight years ago today, does a great job of illustrating just how monumental the release of this game was. Over the next few years we’d see a sequel, and then Infinity Blade III would join the mix, turning the series into a trilogy. As of today, all three games are no longer available for purchase on the App Store. If you already own them, you can re-download them, but all the IAP has been disabled and the games should be accessible for the “foreseeable future.” The reason for their removal, according to Epic is, “it has become increasingly difficult for our team to support the Infinity Blade series at a level that meets our standards.”

[…]

The game company that has the biggest hit in the world, and is raking in so much cash that they’re even opening their own online game distribution platform for developers with absurdly generous terms can’t make sense out of continuing to maintain their mobile games.

John Voorhees:

It’s a shame that a historically important series is gone but not shocking. Epic soured on paid-up-from games long ago.

Monday, December 10, 2018 [Tweets] [Favorites]

2018 iPhone Sales

I have no idea whether this time it’s different and the reported production cuts actually do mean that sales are lower than Apple expected. But Apple itself does seem to be reacting differently than in past years.

Sean Keane:

Apple told its main phone assemblers, Foxconn and Pegatron, to stop plans for additional iPhone XR production lines, a report said Monday.

The order to the two Taiwanese companies suggests that demand for cheapest of the 2018 iPhones hasn’t lived up to Apple’s expectations, according to Nikkei, which cited anonymous sources.

Joe Rossignol:

In recent weeks, Apple slashed production orders for its latest iPhone XS, iPhone XS Max, and iPhone XR models due to “lower-than-expected demand,” among other reasons, according to unnamed sources cited by The Wall Street Journal.

Shara Tibken:

Apple’s iPhone XR has been outselling the iPhone XS and iPhone XS Max every day since the cheaper, colorful phone hit the market last month.

Greg Joswiak, Apple’s vice president of product marketing, told CNET in an interview Wednesday that the device has “been our most popular iPhone each and every day since the day it became available.”

Mark Gurman:

Apple Inc. is experimenting with iPhone marketing strategies it rarely uses -- such as discount promotions via generous device buyback terms -- to help goose sales of its flagship product.

Company executives moved some marketing staff from other projects to work on bolstering sales of the latest handsets in October, about a month after the iPhone XS went on sale and in the days around the launch of the iPhone XR, according to a person familiar with the situation. This person described it as a “fire drill,” and a possible admission that the devices may have been selling below some expectations.

Michael Steeber:

Starting this week throughout U.S. stores, Apple co-opted its Genius Bar Displays in classic locations, Apple TV demos, and Today at Apple Forum Displays to promote iPhone XS and XR deals. Rolling out Wednesday, animated video demo loops play on the displays, followed by text similar to Apple’s online copy: “Limited Time. iPhone XR from $449. Trade in your current iPhone and upgrade to a new one.” While Apple has used similar wording for in-store promotion of its Back to School offer, the advertising has traditionally been limited to desktop wallpapers on display Macs.

Until recently, Genius Bar Displays were used to showcase product tips and Apple Support videos. Last month, Apple began highlighting upcoming Today at Apple sessions on the displays. The change brought consistency to Apple’s message at every location. In updated stores, the Video Wall serves a similar role and runs playlists of curated artwork when not in use. Forum Displays, when idle between sessions, also highlight each store’s Today at Apple schedule. Marketing of limited-time offers is outside the scope of their original intended use.

Bob Burrough:

Visual comparison of iPhone sales 2015-2018.

Previously: Apple’s Q4 2018 Results, My Today at Apple Experience.

Update (2018-12-11): Tim Hardwick:

Two of Apple’s largest suppliers have reported healthy jumps in monthly revenue, suggesting fears of weak iPhone demand may be overblown (via Bloomberg).

Asian firms TSMC and Foxconn (Hon Hai) both posted a 5.6 percent rise in November sales, reversing a recent trend of Apple suppliers reducing production or revenue outlooks to reflect lowering demand for Apple’s smartphones.

Update (2018-12-12): Tim Hardwick:

Apple this morning began offering promo codes to Apple Music subscribers that allow them to buy a HomePod at a discounted price for a limited time, in a holiday-themed promotion.

Mike Murphy:

This is probably the last one of these charts I’ll ever get to make

Apple is going to stop breaking out shipment data, and it seems pretty obvious why[…]

Ryan Jones:

App Store Editorial team - told to sell hardware too.

Update (2019-01-01): Adam Clark Estes:

Apple put its brand new iPhone on sale just a few weeks after release. Well, it wasn’t an outright sale. Faced with poor sales, the company boosted trade-in values of old iPhones so that you could get an iPhone XR for up to $300 off. These slumping sales numbers are part of a trend, too. People just aren’t buying as many iPhones as they used to, so Apple has been scrambling to figure out its future.

Joe Rossignol:

iPhone XR demand has been lower than expected, according to Apple analyst Ming-Chi Kuo, who has slashed his overall iPhone shipment forecast by 20 percent for the first quarter of 2019. He now expects Apple to move 38-42 million iPhones in the quarter, down from his original estimate of 47-52 million.

Juli Clover:

The iPhone XR sold similarly to the iPhone X during its first month of availability in November 2017, but it did not match sales of the iPhone 8 and iPhone 8 Plus, which were at 39 percent in November even after two months of availability.

Although this could be because the XS and/or XS Max is selling relatively better.

Update (2019-01-02): Horace Dediu:

“A study of new activations suggests that the iPhone XR, despite rumors, had a great Christmas” (Localytics - 3 billion data points daily)

This seems like an odd chart because it only looks at the percentage bump compared with several weeks before Christmas. It says nothing about whether the actual number of sales is high or low.

Apple:

Based on these estimates, our revenue will be lower than our original guidance for the quarter, with other items remaining broadly in line with our guidance.

[…]

While we anticipated some challenges in key emerging markets, we did not foresee the magnitude of the economic deceleration, particularly in Greater China. In fact, most of our revenue shortfall to our guidance, and over 100 percent of our year-over-year worldwide revenue decline, occurred in Greater China across iPhone, Mac and iPad.

[…]

Lower than anticipated iPhone revenue, primarily in Greater China, accounts for all of our revenue shortfall to our guidance and for much more than our entire year-over-year revenue decline. In fact, categories outside of iPhone (Services, Mac, iPad, Wearables/Home/Accessories) combined to grow almost 19 percent year-over-year.

[…]

While macroeconomic challenges in some markets were a key contributor to this trend, we believe there are other factors broadly impacting our iPhone performance, including consumers adapting to a world with fewer carrier subsidies, US dollar strength-related price increases, and some customers taking advantage of significantly reduced pricing for iPhone battery replacements.

Jason Snell:

Yikes! Back in November Apple felt that the holiday season would be its best quarter ever. In the cold light of 2019, it turns out that it’s going to be down $4B year over year, and most of the reason is iPhone sales.

John Gruber:

Not sure Cook should have listed this as a reason for slower than expected iPhone sales. Sure makes it sound like the old way of handling battery degradation was intended to drive people to buy new phones.

scott:

It wasn’t because customers were told for the first time that a new battery would speed up their old phone. It was only because Apple discounted the service by $50.

Previously: Apple Confirms That It Throttles iPhones With Degraded Batteries.

Troy Gaul:

Don’t forget that this is also the year that the new iOS release made old devices faster rather than slower…

Ryan Jones:

I give Cook credit for being mostly straight shooter in the letter. But…

- “period of adversity” 😱

- Fix this with iPhone financing and easier data-transfers. 🤣

- rambling long letter with minuscule excuses 🤦‍♂️

Will Cosgrove:

The negative appearance and flimsy excuses must have out-weighted the thought of having to say ‘we priced the iPhone too high and the market is saturated.’

Damien Petrilli:

The battery program replacement is blamed for lower sales.

But instead, it made Apple keeping a lot of users.

I can tell you that with their new pricing, everybody around me is considering a switch to Android now and just didn’t because their battery was replaced.

Ryan Jones:

The hard part is the answers are very counterintuitive. Don’t squeeze more money, re-assign good people that have tried their best, charge less (App Store), give away more (iCloud), etc

Update (2019-01-04): Rene Ritchie:

CNBC interview with @tim_cook is must see TV

Bob Burrough:

Apple’s problem is they’ve been making insane money for the last decade, but they don’t use that wealth to reinforce their value proposition. For example, why shouldn’t AppleCare be included in the cost of the phone? It absolutely should be.

Ryan Jones:

OK, criticism is cheap, actual suggestions matter:

- Triple-down on customer centric
- Extreme action to increase Cloud-related reliability
- Product > 90-day growth
- Stop discount sales
- Organize the damn lineups
- Consolidate ports/dongles, fast
- Stop rent-seeking
- 50GB iCloud
- ZERO announcements until it’s ready TIM!
- 15% App Store cut
- Buy DuckDuckGo
- Buy Dropbox? (Buying your way out never works fwiw)
- Listen to your enthusiasts (NOT customers)
- Cut TouchBar
- Get AirPods in stock!
- Crush iOS 13

Previously: AirPods Shipping Delay.

Meek Geek:

Let’s talk about skimping on the product:

- 5GB iCloud storage to backup a 64/256/512GB phone
- no fast charger included
- headphone dongle pack-in removed
- mandatory performance throttling after a year, or pay to change the battery
- exorbitant back glass replacement charges

Steve Troughton-Smith:

After today’s news, do you think prospective iPhone X* users will buy now, or wait until Apple drops the prices next release? 🧐 Does anybody think the pricing will remain the same?

Marco Arment:

China, etc. are valid reasons, but we can’t ignore that, across the entire product line, there’s been a very common theme for the last few years of paying more and getting less.

When you keep tightening the screws on your customers, you’ll eventually find their breaking point.

Scott A. Bell:

If only someone had warned them...

“If you keep your eye on the profit, you’re going to skimp on the product. But if you focus on making really great products, then the profits will follow.” -- Steve Jobs

Dan Moren:

Apple’s choice to discontinue revealing unit sales was in part because it knew a slowdown in units was coming, but they didn’t expect it a) this soon, b) this significantly, or c) both.

Ryan Jones:

Not “needing" the latest iPhone is the root here.

And underneath that is the REAL terrifying thing I’ve been preaching…

Software is the new completive basis and they’re slipping.

Period.

Josh Centers:

That’d explain why Apple waged wars on refurbishers in 2018.

Bob Burrough:

If Apple can drive iPhone sales down by replacing batteries, they aren’t replacing enough batteries yet.

Josh Centers:

If a $29 battery slows down iPhone sales, then either people were only buying new iPhones because their old ones were getting slower or Apple isn’t producing interesting iPhones.

Ryan Jones:

Ahhh I know what they’re doing with the fishy af battery thing.

It’s their way of showing they take ownership of the problems and acknowledging it’s not all external, while admitting nothing.

Ahha.

The Macalope:

I haven’t bought a new iPhone since the SE first arrived. And it has nothing to do with them being too expensive or lacking “innovation”.

Zac Cichy:

Apple is an international company. When one domino falls, others are hit. It’s a constant balancing act. Right now people are using this news to justify any and all takes, and realistically: they can’t all be true. Take some time and look critically at the information.

MacJournals.com:

We read it as saying the $30 price for battery replacements was at a loss.

Tae Kim:

Apple telling Cnet on Nov. 28 that the iPhone XR was the best selling model since launch did not do investors any favors. I called out how bizarre the comparison was then

John Gordon:

Excellent news — Apple missed numbers! So they will either give us more value ... or they will squeeze us dry ...

John Gruber:

It’s easy to say “OK, it’s just China”, except that China is Apple’s only hope for iPhone sales growth. The truth seems obvious: Apple reached peak iPhone unit sales a few years ago, and now that they’ve peaked, when something goes wrong in a major market like China, it’s going to result in an overall decline in sales.

[…]

iPhone sales have effectively peaked for two reasons. First, Apple ran out of new markets to conquer years ago. The iPhone is effectively available worldwide. The astounding go-go growth of the iPhone in the early years was largely about their steady expansion into new countries around the world.

Mike Rundle:

Until a fundamentally new iPhone feature is invented, I think the sales party is over. The iPhone X is good enough and the XS is certainly good enough. Current iPhones are blazing fast with unbelievable cameras. That will still be true in September when the new iPhone comes out.

Colin Cornaby:

Reminder on Apple cutting gross profits by $5-9 Billion: Their net profit last quarter was $14.13 billion. One year ago it was $20 billion.

If spending remained comparable that’s a heck of a hole in the net profits. Still a net profit, still a lot of money in the bank though.

John Gruber:

I really don’t think the prices are too high — I think the high XS/Max prices are keeping revenue where it is. I do think market is saturated though.

This response needed to more of a story, a “Here’s where the iPhone stands” narrative. Not this blah blah blah blah response.

Thomas:

I know several Apple users of 20+ years who have switched to Windows and Android over prices in 2018. They didn’t want to but Apple pushed them too hard and 2018 finally was the tipping point.

Horace Dediu:

The Apple Watch is now a decidedly bigger business than the iPod ever was.

Horace Dediu:

This may come as a shock but Wearables will soon join Services in overtaking the Mac (and the iPad) in revenues.

Horace Dediu:

Looks like Greater China Apple revenues went from +16% y/y growth in Q3 to -40% in Q4.

John Gruber:

That’s it — that’s the entirety of this [2002 earnings] warning. Two paragraphs, under 200 words. Tim Cook’s “letter to investors” today was about 1,400 words.

[…]

Even if Jobs were still around I don’t think Apple could get away with a message so short with today’s news. But Cook’s letter was just too long. There was no story to it, no narrative.

[…]

I think Cook’s genuine and inherent humility holds Apple back on days like today. Apple needed less “I’m sorry, let me explain” and more “Fuck you, this is bullshit, let me explain”. What people took away from Cook’s letter and TV appearance today is that the iPhone laid a turd last quarter. Properly delivered, the takeaway should have been that China is crazy but the iPhone is still kicking the shit out of the entire rest of the handset industry and is only pulling further ahead.

Ryan Jones:

But I do worry the reason it wasn’t written that simple is that it’s not that simple; namely, it’s not all China.

Mark W. Yusko:

This is #ColdWarTwo propaganda BS... $AAPL isn’t even in top 10 in smart phones in #China... problem is they priced themselves out of middle market globally and top 1% all have phones that are “good enough”...

Mark Gurman (tweet):

In a memo obtained by Bloomberg News, Cook expressed his disappointment after Apple cut its revenue outlook for the first time in almost two decades.

[…]

Cook also invited employees to a rare all-hands meeting Thursday, where he intends to share more details about the quarter and take questions.

Ben Bajarin:

Another interesting dynamics of the iPhone upgrade cycle is the higher prices have moved typical carrier leasing to three years instead of two. Xr was included in this as many family members who upgraded to Xr were moved to three year leases.

3-4 year upgrades becoming the norm

Michael Love:

Also, a saturated smartphone market with slowing upgrade cycles isn’t really a bad thing at all for developers; same number of customers but less time spent dealing with the annual drumbeat of everything getting radically redesigned.

Shameer Mulji:

This is an important many don’t seem to understand. iPhone users aren’t jumping ship to Android, they’re just holding onto their iPhones for a longer time

M.G. Siegler:

The problem is that as good as the Services business is becoming for Apple, it’s unlikely to replace the iPhone as the key cog of Apple’s overall business anytime soon. And this means Apple is unlikely to grow as a whole anytime soon. Sure, there may be some quarters of growth here and there, but as this current situation makes clear, the era of unabated growth is over.

The iPhone has simply been too good of a business. And it’s hard to see what tops it. Certainly in the near term. If Services is to carry Apple in the future, it will likely be only after years of relatively stagnant iPhone revenue growth mixed with a rising overall market. In other words, time and the broader world will have to catch up. And then Apple can have their “Microsoft Moment” — a services-based resurrection of growth.

Shira Ovide:

This is a trend years in the making. But at each and every opportunity, Cook has dismissed questions about whether changes in upgrade behavior will hurt Apple’s revenue.

In an August conference call with stock analysts, one of them asked Cook whether the company could continue to sell more iPhones in a few years in light of the smartphone market’s stagnation. Cook said he thought Apple could sell more phones to people who already owned iPhones, to those who had competing devices and to people who had never owned a smartphone. It was an answer straight out of 2015, when everything Cook said was true. It’s not true anymore, and Cook should have known that.

Krzysztof Kurdyła:

I doesn’t change reality that Cook is a new John Sculley, who sacrifices market share and future of the company for extremely high today’s profits. When the real global crisis comes, Apple prices will hit the company not only in Asia.. And it does not look like Cook has a plan B

Wojtek Pietrusiewicz:

I’m curious how much more he could have grown market share by not only expanding into new markets but by letting go of some of those margins.

Benjamin Mayo:

You know, it would be easier for customers to transfer data to a new iPhone if Apple gave them more than 5 GB of iCloud storage for backups.

If you order a new phone on Apple.com , they should instantly grant your Apple ID enough iCloud space to fully backup your current phone so you can move seamlessly to the new model.

After your phone is setup, the storage boost can go away.

I mean, I wish Apple would simply raise the free tier for everyone … but that is much more of a leap than a temporary top-up to help drive iPhone upgrades.

Previously: The Missing iCloud Storage Bump.

Steven Sinofsky:

OMG, the end of good times. No more left to do. Where’s the innovation. Shocking news from Apple on revenue, but needs some context.

Maturing or mature markets are not dead markets. The world did not change overnight even with this announcement.

This isn’t this is fine.

[…]

There are many examples of mature product lines with significant growth selling into a market where the only customers left are upgrades.

Some of these are dull or make little money, some don’t. Most don’t have the moat Apple does.

Innovtors dilemma tends to make people think that businesses evaporate. This is the biggest learning over the past 20 years—established businesses seem to make more money at the “tail end” than at the rise up.

[…]

Third, just as with PCs v browsers / Linux (or servers running in cloud today) there’s a massive opportunity to be had by taking share from the free competitor.

Yes not in Apple DNA, etc—iterally how Apple lost against PCs with Mac. So maybe “this time is different”. Or not.

When I look at this it is shocking—you would have thought this had some level of predictability. One can only conclude one of two things. Either they are surprised. Or things changed more rapidly than many thought.

Seth Weintraub:

When I think about Apple iPhone prices right now, I can’t get this out of my head.

What ruined Apple wasn’t growth … They got very greedy … Instead of following the original trajectory of the original vision, which was to make the thing an appliance and get this out there to as many people as possible, they went for profits. They made outlandish profits for about four years… What that cost them was their future. What they should have been doing is making rational profits and going for market share. (Steve Jobs, 1995)

Steven Sinofsky:

Much analysis: Apple has long known it is missing the boat on providing low priced phones—strategic mistake to cede “low end” to Android. Or raised prices too much/soon. Then it must be an easy answer to just lower prices or make low priced phones. Ack! Harder than it looks.

[…]

So when people say Apple needs a cheaper phone there are many questions to answer beyond the get over yourself luxury brand issue.

What is distribution constraint? What partner absorbs some cost to leave margin? What is the branding?

Easy question — would a cheap phone be sold and supported in Apple stores side by side? How would the rest of the customers feel about more crowds and tougher appointments competing with people who paid half as much? Sell one phone against another—how?

Ryan Jones:

1) This is why Tim’s rambling-financial-engineering-solution letter is terrifying. Versus Steve’s we’re-making-awesomer-shit brief.

2) This is why Apple’s software/services is terrifying. Most of the innovation left lies there.

Uluroo:

To clarify, I agree the XS is worth at least $899 if they price it realistically. But I want them to do what they did with the XR, one step further: a “worse” phone for a better price. $649, smaller screen than XR; seems like a no-brainer upgrade for 6S people.

Update (2019-01-09): See also: Accidental Tech Podcast, The Flock, and Hacker News 2.

Benjamin Mayo:

I think if you read this report and come away with the idea that Apple’s strategy of jacking up iPhone prices to the $1000 level has backfired, you are not interpreting what Cook wrote accurately.

[…]

Nowhere does it allude to Apple pricing its products out of reach of consumers. In fact, it says “categories outside of iPhone combined to grow almost 19 percent year-over-year”. Apple raised prices on basically every product last year, and it seems to be mostly working. They are going to hit all-time revenue records in many regions, including the United States.

Christina Warren:

It feels safe to say, without breakout sales data (RIP), that the XR hasn’t met expectations. I can’t speak specifically for China, but in the US this indicates a larger issue I’ve been commenting on for two years: the growing price to be in the Apple ecosystem.

[…]

I said in another reply that I think for many users 6S was “peak iPhone” - camera was good enough (4K video, great photos), processor was fast enough, and the OS runs great. So if you got a 6S in 2015 or 2016, you might have paid $650 or so, depending on capacity.

[…]

In 2018 or 2019, to get the XR, your starting price is now $750. Now, that doesn’t feel massive, but consider that in 2015 you probably also had some option to have a subsidy. Whereas in 2018/2019, you pay upfront or on a payment/upgrade plan.

But also, the XR is seen as the “cheap” iPhone. It’s less than the XS or XS Max. It doesn’t matter how good the reviews are. Like the 5C, it is viewed as the shitty iPhone.

Steven Sinofsky:

What happens when a computer doesn’t actually get slow, wear out, get compromised, isn’t needed for new apps, and so on?

More uncharted territory for Apple—iPhone is first computer that doesn’t decay over time, works until screen breaks/battery fails.

Harry McCracken:

Interesting Apple sales pitch from my inbox, suggesting I move from an iPhone X to an XR for a lower monthly cost.

Ben Thompson:

Secondly, thanks in part to the lack of information, this miss is catnip for confirmation bias: everyone has their pet theory about what Apple is doing wrong or how they will ultimately fail, and it has been striking the degree to which this revenue warning has been breezily adapted to show that said critics were right all along (never mind that many of those critics trotted out the exact same explanations in 2013 and 2016).

Third, well, I happen to think that I am right as well: I believe that Apple’s management made three critical errors in their forecast for this last quarter that were predictable precisely because they had made the same errors before — errors that I wrote about at the time.

Yoko Kubota (Hacker News):

When Apple Inc. launched the iPhone XR in October, Tim Cook singled out the device to his more than a million followers on Weibo, China’s equivalent of Twitter. “Wonderful to see so many people in China enjoying the new iPhone XR,” he said.

The message underscored Apple’s hope that the device, the cheapest of its three iPhone releases, would be a strong seller in the world’s largest smartphone market.

Juli Clover:

When asked about reports that the iPhone XR was a flop, Cook says he calls "bologna on that." The iPhone XR has, in fact, been the most popular iPhone "every single day" since it started shipping out to customers.

Cook did, however, demure when asked about iPhone XR sales relative to other sales, saying only that he’d like to sell more, and that Apple is "working on that."

Benjamin Mayo:

The iPhone XR has firmly taken over the iPhone XS in usage, according to data from Mixpanel. Although Apple seems to be struggling to meet targets on sales across the iPhone line, the relative sales of the XR now means it has overtaken the 5.8-inch iPhone XS, which had a one month sales lead.

However, the iPhone XS Max continues to hold a sizeable lead despite being the most expensive option.

Update (2019-01-11): See also: Exponent.

Update (2019-01-15): Jean-Louis Gassée:

A more serious issue is Apple’s blind spot regarding China. I distinctly recall Cook telling analysts during a quarterly earnings call that, having studied the country for 30 years, he knew China. This is true and relevant. Cook’s ascension to the COO and, later, to the CEO job is due to his prowess building and managing Apple’s nonpareil Supply Chain Management (SCM) system. Imagine the thousands of parts inside an iPhone, and then picture building ten iPhones per second, 24 hours a day at the peak of the Holidays season, and shipping them to 130 countries… No question, one has to know China, the people, the culture, companies large and some small to make the SCM magic happen year after year, with only the rarest of hiccups.

With all of these strengths, how could Apple, which is more embedded than most Western companies, not see a Chinese economy slowdown that started well before the 2018 Holiday quarter? More specifically, what did Apple know and not know when they issued a guardedly optimistic Q1 revenue guidance in the $89B to $93B range on November 1st? What did they learn in the following 60 days, how much, how fast?

The Talk Show:

Special guest Ben Thompson returns to the show. Topics include Apple’s horrible no good very bad earnings warning, the Chinese market, Apple’s push toward services for revenue growth, antitrust issues regarding the App Store, and more.

John Gruber (MacRumors):

During Apple’s all-hands meeting January 3, Tim Cook said Apple replaced 11 million batteries under the $29 replacement program, and they’d have only anticipated about 1-2 million battery replacements normally.

[…]

But Gassée’s second point still stands: the battery replacement program ran all year long, so even if it was more popular than Apple originally expected, why wasn’t it accounted for in guidance issued on November 1 — 10 months after the program started?

Update (2019-01-23): Geoffrey Fowler and Andrew Van Dam:

Most technology products are commodities that go down in price over time. Apple has worked very hard not to become a commodity.

John Gruber:

You can certainly argue that Apple is making a strategic branding mistake by making more expensive products. But it simply wasn’t an option to sell the iPhone X/XS as it exists for iPhone 7 prices.

Update (2019-01-24): Alex Allegro:

New data from CIRP, Consumer Intelligence Research Partners, shows that iPhone XR was the best selling iPhone model in the United States over the past fiscal quarter, accounting for nearly 40% of total sales. Interestingly, the iPhone XS and XS Max combined accounted for just over 25%.

Unsurprisingly, the iPhone XS was the most unpopular new iPhone, being outsold by its Max counterpart by a “more than two-to-one ratio”.

Update (2019-01-28): Ben Bajarin:

Apple's December quarter iPhone sales are looking to be off about ~16% down from 77m to about 65/66 million.

My talks with investors have moved from the bad quarter to how bad the year may be for iPhone sales.

Services/Wearables still where growth hope comes from.

Update (2019-01-31): suyash:

I’m surprised nobody in the US Apple press has picked up on the fact that FaceID doesn’t work with facemasks. The experience is worse than any phone with a fingerprint sensor for many users in Asia, probably contributing to lower than expected sales for all X-series iPhones.

Previously: Face ID.

How Subscriptions Are Remaking Corporate America

Alex Eule (via Josh Brown):

Investors, somewhat belatedly, have discovered the subscription payoff. The market now values Microsoft at $23 for every dollar of profit it generates, while Apple’s price/earnings ratio is mired at a hardware-like 13 times.

[…]

In 2012—the last full year it sold boxed software—Adobe earned $2.35 a share. This year, the company is projected to earn $6.82, going to $7.98 next year.

It’s a stunning jump for a 36-year-old outfit. The stock’s gain has outpaced earnings growth because investors are paying more for every dollar of profit. The stock has risen 793% since Adobe outlined its subscription strategy in 2011.

[…]

“Retention is the new growth,” Narayen tells Barron’s. The subscription model, he adds, has made the company more responsive, with developers tracking customer habits and updating software in nearly real time.

Steven Sinofsky:

This is true. But it also dramatically changes product development to be more incremental and less aggressive about dealing with potentially disruptive change. It makes one think everything exists to sustain the subscription bundle.

scott:

The bigger problem is the class divide the subscription model is creating. The less well off population is now (or soon will be) unable to access tools that were available to them a few years ago.

Chuq Von Rospach:

True, which is why Lightroom has 3-4 legitimate competitors chasing its market where two years ago it has none.

Previously: Productivity Apps and Subscription Pricing.

ScanSnap 64-bit Software Update

Fujitsu (via David Sparks):

ScanSnap Home is the 64 bit application for macOS for the following ScanSnap scanner models.

[…]

The 64 bit application for macOS is not provided for the old scanner models such as ScanSnap S1500, S1500M, and etc. because their support periods have already expired. If you wish to have the 64 bit application for macOS, please consider purchasing ScanSnap products that are currently available on the market.

Unlike before, the new software really doesn’t seem to work with the old scanners, and it will remove the old software when you install it. It seems silly to replace hardware that’s still working perfectly, especially when I have doubts about the new software, so I’ll probably set up my old MacBook Pro that can’t run Mojave to use it with the old software.

Update (2018-12-11): Mark Munz:

64-bit support was WAY overdue. After taking so long, they now expect customers to buy a brand new piece of hardware ($$$$) to get it.

Kirk McElhearn:

I was planning to use a VM for that. I’m very disappointed, especially because I’ve heard a lot of bad things about the new software that ships with the newer devices.

Update (2019-01-01): Dave Howell:

Hey @scansnap … Is the ix500 compatible with eero mesh networks? I am getting a “ScanSnap could not be connected to the Internet” error. This network supports 2.4 GHz and 5.0 GHz, so it’s not that. My Mac is on Mojave if that matters. Is it a known problem?

Bill Bumgarner:

Every time I update @FujitsuAmerica’s ScanSnap Home software, IT USES A LICENSING SLOT! Looks like I can only update 2 more times. Then I’ll replace it with an Epson or any other brand that doesn’t actively crap on their users.

The Thumb Zone

Joe Cieplinski:

Unfortunately, phone manufacturers and software developers have all but thrown the one-hand principle out the window in recent years. The allure of larger and larger screens has decreased the thumb-reachable percentage of the screen significantly. And yet, much of our software, particularly on iOS, has failed to accommodate.

When the first iPhone was released, with its puny 3.5-inch screen, I could easily reach every corner with either thumb. On an iPhone XS Max, with its gargantuan 6.5-inch screen, I’m lucky to reach even 60% of the total screen area without a second hand. And yet, Navigation bars, with their all-important Cancel and Done buttons, and many other controls are still located at the top of the screen, way out of thumb’s reach.

Muting Gas Station Ads

Eric Ravenscraft (via Eric Schwarz):

Whether your pump advertises it or not, however, there’s a handy way to shut the dang thing up. There’s an array of buttons along the side of the screen. One of these buttons (usually) mutes the ads. Which one is anyone’s guess, as different companies choose a different mute button. To figure out which one, just start at the top and start pressing each button until you find the one that gives you the blissful silence you’re looking for.

Friday, December 7, 2018 [Tweets] [Favorites]

Electron and the Decline of Native Apps

John Gruber (tweet, Hacker News):

In some ways, the worst thing that ever happened to the Mac is that it got so much more popular a decade ago. In theory, that should have been nothing but good news for the platform — more users means more attention from developers. The more Mac users there are, the more Mac apps we should see. The problem is, the users who really care about good native apps — users who know HIG violations when they see them, who care about performance, who care about Mac apps being right — were mostly already on the Mac. A lot of newer Mac users either don’t know or don’t care about what makes for a good Mac app.

One could also argue that the worst thing that ever happened to the Mac was the iPhone.

As un-Mac-like as Word 6 was, it was far more Mac-like then than Google Docs running inside a Chrome tab is today. Google Docs on Chrome is an un-Mac-like word processor running inside an ever-more-un-Mac-like web browser. What the Mac market flatly rejected as un-Mac-like in 1996 was better than what the Mac market tolerates, seemingly happily, today. Software no longer needs to be Mac-like to succeed on the Mac today. That’s a tragedy.

Don’t miss his rant about Finder keyboard shortcuts in Mojave.

Previously: The Mojave Marzipan Apps, Is There Hope for the Mac App Store?.

Apple Removes Afghanistan ’11 From the App Store

Alex Allegro:

Apple has removed game developer Slitherine’s Afghanistan ’11 from the iOS App Store for using a “specific person or real entity” as the enemy of the game, even though it is touted as being entirely historically accurate in depicting the US war in Afghanistan.

Slitherine, a small UK based game developer, specializes in accurate war simulation games. With a strong emphasis placed on learning, rather than gameplay, further paired with the fact the app has been available for well over a year, it comes as a surprise that Apple chose to pull the plug here rather than giving Slitherine an outright rejection from the get-go.

The guidelines say:

Realistic portrayals of people or animals being killed, maimed, tortured, or abused, or content that encourages violence. “Enemies” within the context of a game cannot solely target a specific race, culture, real government, corporation, or any other real entity.

World War II and other historically based games remain in the store. Is that because they let you target both sides? Or because the historical enemies are no longer considered real? Or simply inconsistent reviewing?

WordPress 5.0, Gutenberg, and MarsEdit

Daniel Jalkut:

This change to the editor is part of a trend with WordPress of moving away from the dedicated purpose of blogging, towards satisfying the more general-purpose needs of a full-featured CMS.

[…]

When editing a post with block-based content in MarsEdit, you will see the raw HTML for your blocks when editing in Plain Text mode, and a rendered version of the HTML in Rich Text mode. Unlike the WordPress web-based editor, you will not see a visual representation of the blocks as separate entities in your posts. But when you edit and publish changes to your post, the block information should be preserved.

[…]

I don’t think Gutenberg threatens the MarsEdit workflow, even after it becomes the only editing framework for WordPress. The way blocks are implemented, users will have the option of simply writing “one block” per post if they feel that is sufficient. I don’t anticipate the status quo for MarsEdit users being disrupted unless they specifically choose to use themes that only work well if multiple blocks per post are used.

Update (2018-12-10): Matt Mullenweg:

The overall goal is to simplify the first-time user experience of WordPress — for those who are writing, editing, publishing, and designing web pages. The editing experience is intended to give users a better visual representation of what their post or page will look like when they hit publish. As I wrote in my post last year, “Users will finally be able to build the sites they see in their imaginations.”

[…]

Over the past several years, JavaScript-based applications have created opportunities to simplify the user experience in consumer apps and software. Users’ expectations have changed, and the bar has been raised for simplicity. It is my deep belief that WordPress must evolve to improve and simplify its own user experience for first-time users.

Mark Hughes:

All of this suggests that Gutenberg was pushed out because it was useful in business competition with SquareSpace, not because it helps any WordPress users. The classic rich text editor was fine for many newbies, and then they'd graduate to HTML or Markdown, neither of which are rocket surgery, when they needed more control.

Update (2018-12-11): Manton Reece:

Meanwhile, WordCamp US was a few days ago in Nashville. WordPress founding developer Matt Mullenweg gave his State of the Word talk to wrap up the conference. The talk + Q&A is long, over 1.5 hours, but provides a detailed overview of Gutenberg and where WordPress is going.

The Friendship That Made Google Huge

James Somers:

Jeff and Sanjay began poring over the stalled index. They discovered that some words were missing—they’d search for “mailbox” and get no results—and that others were listed out of order. For days, they looked for flaws in the code, immersing themselves in its logic. Section by section, everything checked out. They couldn’t find the bug.

[…]

On Sanjay’s monitor, a thick column of 1s and 0s appeared, each row representing an indexed word. Sanjay pointed: a digit that should have been a 0 was a 1. When Jeff and Sanjay put all the missorted words together, they saw a pattern—the same sort of glitch in every word. Their machines’ memory chips had somehow been corrupted.

[…]

When a car goes around a turn, more ground must be covered by the outside wheels; likewise, the outer edge of a spinning hard disk moves faster than the inner one. Google had moved the most frequently accessed data to the outside, so that bits could flow faster under the read-head, but had left the inner half empty; Jeff and Sanjay used the space to store preprocessed data for common search queries. Over four days in 2001, they proved that Google’s index could be stored using fast random-access memory instead of relatively slow hard drives; the discovery reshaped the company’s economics.

Facebook Was Aware That Tracking Contacts Is Creepy

Arvind Narayanan:

The internal Facebook documents released today make for an incredible read. Remember the Dark Pattern consent dialog that FB used to grab Android users' call and text history w/o alerting them? Now we can see some of the scheming that led to that decision.

zanneth:

1) How completely broken is Android’s security model if malicious apps are somehow automatically granted permissions on private data?

2) How can people at Facebook still have a conscience and do stuff like this?

Kashmir Hill (via John Gruber):

The business team wanted to get Bluetooth permissions so it could push ads to people’s phones when they walked into a store. Meanwhile, the growth team, which is responsible for getting more and more people to join Facebook, wanted to get “Read Call Log Permission” so that Facebook could track everyone whom an Android user called or texted with in order to make better friend recommendations to them. (Yes, that’s how Facebook may have historically figured out with whom you went on one bad Tinder date and then plopped them into “People You May Know.”) According to internal emails recently seized by the UK Parliament, Facebook’s business team recognized that what the growth team wanted to do was incredibly creepy and was worried it was going to cause a PR disaster.

Thursday, December 6, 2018 [Tweets] [Favorites]

Mac App Notarization and Customer Privacy

Jeff Johnson:

What does not appear to be documented is that Mojave “phones home” to Apple on first launch of every downloaded app, regardless of whether the app was notarized. […] This status is not cached.

[…]

In packet traces I see a reference to http://ocsp.apple.com, which suggests that Gatekeeper may be using some form of Online Certificate Status Protocol (OCSP), a standard method for checking whether a certificate has been revoked. The internet traffic is to api.apple-cloudkit.com on TCP port 443, in other words, https. Thus, the data is likely encrypted.

[…]

It’s important to note that no explicit consent has been given for this information to be transmitted to Apple. In System Preferences, I had disabled all of the Analytics in Security & Privacy and all of the automatic checks in Software Update, so as far as Mojave was concerned, Apple had no permission. I’m not aware of any official Apple privacy policy with regard to Gatekeeper. I have no reason to believe that Apple will use this data for competitive or marketing purposes, but… who knows? It would certainly be a gold mine of information about Mac consumer usage of third-party apps. Apple has announced that app notarization will be required for all apps in an upcoming version of macOS, so in effect Apple is forcing developers and end users to give Apple valuable business data.

I wonder how long Apple stores this data and whether anyone would be motivated to try to gain access to it.

Proof That iOS Still Hasn’t Gotten Undo Right

John Gruber (tweet, Hacker News):

There is a common convention for Undo/Redo in iOS drawing apps — circular arrow buttons, counterclockwise for Undo and clockwise for Redo. (And, thankfully, these are the same icons used for Undo/Redo on the iPad on-screen keyboard. Consistency is not completely lost.) You can see them in these screenshots from Apple Notes and Linea Go on iPhone.

But it speaks to how weak this convention is that Procreate Pocket could do something not just different but totally different — multi-finger taps with no on-screen buttons — and not just get away with it but be celebrated by Apple for it. I’m not saying Procreate’s two/three-finger taps are better or worse than on-screen buttons. (Well, stay tuned.) And I can see the thinking — screen space on an iPhone is so precious that any reduction in on-screen buttons is a win in terms of reducing UI clutter and maximizing the screen space available for showing the content of the illustration. Also, I’m sure the two/three-finger taps are very fast once you’re used to them.

[…]

What it comes down to, I think, is that the menu bar has become a vastly underestimated foundation of desktop computing. Once heralded, the menu bar is now seen as a vestige. I’m not arguing that iOS should have a Mac-style menu bar.

I think iOS could use some sort of menu bar or Start menu. There needs to be a standard place for extra commands that don’t fit as buttons and that shouldn’t be shoe-horned into the Share button.

Previously: On “Shake to Undo”.

Update (2018-12-11): Procreate:

Whether you’re one of our competitors, or in an entirely different field, please feel free to grab the project below. Take it, use it, and give your users the most instinctive Undo and Redo method available.

How OmniDiskSweeper Reports Free Space

Ken Case:

The “purgeable” space is space that the operating system knows how to reclaim when you try to create files that need that space. But it’s not truly cleared up from the disk yet and still shows up in OmniDiskSweeper’s summary list. But even though it shows up in the summary, it won’t show up when you browse the disk looking for files to delete—so OmniDiskSweeper will end up reporting different numbers for space used based on how it scans your disk.

[…]

These snapshots can take nearly zero space at the start (because their contents are exactly the same as the current files on disk), but as files get edited or removed the snapshots start to take up more and more space. In particular, when you delete huge files (because you’re trying to clear up space), they will disappear from your filesystem but will still exist in your snapshots until those are removed. This is where I usually find the bulk of the “purgeable” space reported in Disk Utility.

Also, OmniDiskSweeper doesn’t tell you about APFS cloned files. (I’m not sure how it reasonably could.) So, although it will tell you how much space a given file is using, deleting that file may only increase the free space by a fraction of that amount.

Previously: Dive Into APFS.

Update (2019-04-03): Tyler Loch:

macOS: “Whoa, buddy. You can’t do that. The drive is full!”
Me: “What? Finder says there’s still 50GB available!”
macOS: “Yeah, but that’s actually purgeable data.”
Me: “Ok, so purge it.”
macOS: “No.”

iOS and the Hassle of Dropping Your Wi-Fi As You Move Away From Your House

Dave Mark:

This happens to me all the time. I’m in an app that’s attached to my home WiFi and I walk (or drive, as a passenger) away from my house. As I move further from my house, the signal gets progressively weaker and whatever app I’m in just hangs, stuck waiting for a reply from my home WiFi that’s never coming.

[…]

Some time ago, Apple added the setting Cellular > Wi-Fi Assist (scroll down below that long list under CELLULAR DATA) that someone suggested might help with this, though I believe the intent was to help with poor WiFi, not specific to this problem. As it turns out, this is on for me. Does not make a difference.

Wednesday, December 5, 2018 [Tweets] [Favorites]

@rpath What?

Marcin Krzyżanowski:

@rpath stands for Runpath Search Path.

  • In the Xcode, it’s set with LD_RUNPATH_SEARCH_PATH setting.
  • In ld command tool it’s set with -rpath parameter when linking. So it’s a search path for the linker. Runtime Search Path instructs the dynamic linker to search a list of paths in order, to locate the dynamic library.

The value of the parameter may be an absolute path (or multiple paths) to a directory, e.g.: /usr/private/lib or @executable_path/Frameworks.

[…]

However, if we need to modify the @rpath manually, e.g., as a part of installation phase - there’s an app for that: install_name_tool.

Apple Music Analyser

Mitchel Broussard:

Following Apple’s recently launched Data and Privacy portal, which lets customers download a copy of their Apple-related data, developer Pat Murray has built a browser-based app aimed at visualizing your Apple Music activity. With the download of one file on Apple’s Data and Privacy portal, Murray’s app organizes your complete Apple Music listening history since you first started using the service.

The developer promises that none of your data ever leaves your computer in the process, and explained to me that once it’s loaded, the web app will even work offline and still be able to run all computations and present users with their data. The full source of the app is available to read on GitHub, and it’s worth pointing out that Murray’s app is only asking for access to a single CSV file related to your Apple Music activity, and nothing else.

Previously: Requesting Your Personal Data From Apple.

Amazon Offering Apple Products

Amazon:

Apple Music subscribers will be able to enjoy Apple Music’s 50 million songs on Echo devices. Customers will be able to ask Alexa to play their favorite songs, artists, and albums—or any of the playlists made by Apple Music’s editors from around the world, covering many activities and moods. Customers will also be able to ask Alexa to stream expert-made radio stations centered on popular genres like Hip-Hop, decades like the 80s, and even music from around the world, like K-Pop. Just ask Alexa to play Beats 1 to hear Apple Music’s global livestream including in-depth artist interviews— all completely ad-free. Simply enable the Apple Music skill in the Alexa app and link your account to start listening.

John Gruber:

It’s still an open question whether Apple sees subscription content (mostly music now, with more original shows and movies coming soon) as something for its own devices, or cross-platform. Making Apple Music available to Echo devices sure sounds more like the latter.

Joe Rossignol:

Nearly two weeks after Amazon reached an agreement with Apple to sell more of its products, a selection of Apple products are available on Amazon in the United States, including the latest iPad Pro, Apple Watch Series 4, MacBook, MacBook Air, MacBook Pro, iMac, iMac Pro, Mac Pro, and Mac mini models.

[…]

Amazon has yet to begin selling any new iPhones directly from Apple or its network of Apple Authorized Resellers, but the iPhone XS, iPhone XS Max, and iPhone XR are expected to be available soon as part of the deal. One product that won’t be available is the HomePod since it is an Amazon Echo competitor.

Jason Snell:

Apple has often used exclusivity to drive hardware sales, which is one reason why you can’t watch iTunes purchases on Amazon Fire TV or Roku devices. Now the HomePod needs to compete as a high-end premium speaker, rather than as literally the only option if you want to give voice commands to an Apple Music-enabled smart speaker.

This is a move that could have huge ramifications for Apple’s forthcoming TV service, which has left the Apple TV caught between Apple’s current desire to grow services revenue and its classic focus on hardware profit margins. In fact, it brings to mind a similar move from back in 2002 and 2003, when Apple made the iPod compatible with Windows PCs.

Joe Rosensteel:

Apple’s desire to grow services revenue stands in direct opposition to whatever passes for a TV hardware strategy in Cupertino. To grow subscribers they need to lower the cost of the devices required to view video service content, subsidize their sale, or make the service available on the platforms they compete with. If they don’t, then this is over a billion that they wouldn’t be able to make back as a niche, premium content provider.

Previously: Amazon Kicks Off Unauthorized Apple Refurbishers, Amazon Will Stop Selling Nest Smart Home Devices, YouTube Drops Echo Show, Amazon Adds Apple TV, Amazon Prime Video Finally Available for Apple TV, Apple TV 4K, Still a Hobby, Cultural Insularity and Apple TV, The Apple Music and HomePod Strategy.

Update (2018-12-19): JJ:

Alexa works on Sonos One
Apple Music works on Sonos One
Apple Music works with Alexa
Alexa doesn’t work with Apple Music on Sonos One

Update (2018-12-28): Upgrade:

John Siracusa joins Jason to discuss the future of Apple’s ARM processors and how they might change the Mac, Apple Music coming to the Amazon Echo and what that might mean about the future of Apple’s forthcoming TV service, whether they’re using their TiVos as much as they used to, and the prospects for an Apple-built external touchscreen display.

Finding New Ways to Spy on iPhones

Lorenzo Franceschi-Bicchierai:

Governments around the world have been willing to spend a fortune on iOS malware. Saudi Arabia paid $55 million to purchase iPhone malware made by NSO Group, according to a recent report by Israeli newspaper Haaretz. There’s several companies specializing in iOS malware, such as Azimuth, NSO Group, and some more. But despite the appearances, iOS malware isn’t only in the hands of big companies and their government customers.

[…]

Mobile Device Management or MDM is a feature in iOS that allows companies to manage and monitor devices given to their employees. By installing an MDM profile or certificate on an iPhone, a user gives the MDM owner some control over the device. This mechanism can be used by malware creators. In July, security firm Talos found that a hacking group used MDM to target a few iPhones in India (Mobile Device Management can be turned on for every iPhone.)

[…]

It’s unclear how government hackers get the malware on target’s iPhones. Kaspersky Lab researchers speculated it may be via social engineering “using fake mobile operators sites.” In other words, this malware does not leverage any bugs or exploits in iOS, but instead takes advantage of MDM, which is a specific design feature in the operating system. In this way, it relies on a tried-and-tested social hacking technique—tricking users into installing something. For many years, the average user could essentially click on any link, download any app, and otherwise use their iPhone without worrying about targeted surveillance. That may soon no longer be the case.

Thomas Reed:

Sad truth: malware for iOS exists, but there’s absolutely no way to detect that it’s installed due to sandboxing restrictions in iOS.

Patrick Wardle:

^^this 💯

I have no idea how to check if my iPhone is hacked 😰

Nation States actually ♥️ hacking iPhones - largely because once they’re in (and yes, they can get in even remotely), the chance of detection is essential 0%🤭

Custom ARM Processor for Amazon Web Services

Tom Krazit:

After years of waiting for someone to design an Arm server processor that could work at scale on the cloud, Amazon Web Services just went ahead and designed its own.

Vice president of infrastructure Peter DeSantis introduced the AWS Graviton Processor Monday night, adding a third chip option for cloud customers alongside instances that use processors from Intel and AMD. The company did not provide a lot of details about the processor itself, but DeSantis said that it was designed for scale-out workloads that benefit from a lot of servers chipping away at a problem.

The new instances will be known as EC2 A1, and they can run applications written for Amazon Linux, Red Hat Enterprise Linux, and Ubuntu.

Chris Williams:

Up until 2015, Amazon and AMD were working together on a 64-bit Arm server-grade processor to deploy in the internet titan’s data centers. However, the project fell apart when, according to one well-placed source today, “AMD failed at meeting all the performance milestones Amazon set out.”

In the end, Amazon went out and bought Arm licensee and system-on-chip designer Annapurna Labs, putting the acquired team to work designing Internet-of-Things gateways and its Nitro chipset, which handles networking and storage tasks for Amazon servers hosting EC2 virtual machines.

Update (2018-12-11): See also: Hacker News.

Starwood/Marriott and Quora Breaches

Nicole Perlroth et al. (Hacker News):

The hotel chain asked guests checking in for a treasure trove of personal information: credit cards, addresses and sometimes passport numbers. On Friday, consumers learned the risk. Marriott International revealed that hackers had breached its Starwood reservation system and had stolen the personal data of up to 500 million guests.

The assault started as far back as 2014, and was one of the largest known thefts of personal records, second only to a 2013 breach of Yahoo that affected three billion user accounts and larger than a 2017 episode involving the credit bureau Equifax.

Marriott (via Dave Kennedy):

For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken.

Bob Burrough:

Generally, business executives don’t know what questions to ask to make sure this doesn’t happen. But worse, most professional software developers don’t either.

The best way to prevent data from being leaked is to not store it.

Nick Heer:

Think about it: a breach of tens- or hundreds-of-millions of individuals’ extremely private information — including, in this case, passport numbers and hashes of credit card numbers — couldn’t happen if the system were designed to purge this information at the earliest possible chance.

Perry E. Metzger:

Today’s news about the Marriott breach should finally drive home a lesson that has been missed for years now: “we’ve been doing what every other big company does” means you are insecure and have to change your ways, because the median large company has terrible security.

Brian Krebs:

The hotel chain did not say precisely when in 2014 the breach was thought to have begun, but it’s worth noting that Starwood disclosed its own breach involving more than 50 properties in November 2015, just days after being acquired by Marriott. According to Starwood’s disclosure at the time, that earlier breach stretched back at least one year — to November 2014.

Back in 2015, Starwood said the intrusion involved malicious software installed on cash registers at some of its resort restaurants, gift shops and other payment systems that were not part of the its guest reservations or membership systems.

However, this would hardly be the first time a breach at a major hotel chain ballooned from one limited to restaurants and gift shops into a full-blown intrusion involving guest reservation data.

Brian Krebs:

But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.

[…]

This involves not only focusing on breach prevention, but at least equally on intrusion detection and response. It starts with the assumption that failing to respond quickly when an adversary gains an initial foothold is like allowing a tiny cancer cell to metastasize into a much bigger illness that — left undetected for days, months or years — can cost the entire organism dearly.

The companies with the most clueful leaders are paying threat hunters to look for signs of new intrusions. They’re reshuffling the organizational chart so that people in charge of security report to the board, the CEO, and/or chief risk officer — anyone but the Chief Technology Officer.

Adam D’Angelo (via Troy Hunt):

For approximately 100 million Quora users, the following information may have been compromised:

  • Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
  • Public content and actions, e.g. questions, answers, comments, upvotes
  • Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)

Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.

Nick Heer:

However, I want to give kudos to Quora on three fronts.

Update (2018-12-19): Bruce Schneier:

The New York Times and Reuters are reporting that China was behind the recent hack of Marriott Hotels. Note that this is still uncomfirmed, but interesting if it is true.

See also: Hacker News.

Update (2019-03-12): Catalin Cimpanu (via Hacker News):

Marriott International CEO Arne Sorenson testified in front of a US Senate subcommittee yesterday, revealing new details about a security breach the hotel chain disclosed last year.

Speaking in front of the Senate Committee on Homeland Security & Governmental Affairs Permanent Subcommittee on Investigations, Sorenson apologized to the company’s customers but also shot down rumors that China was behind the hack.

Tuesday, December 4, 2018 [Tweets] [Favorites]

Optional OmniFocus Subscriptions

Ken Case (tweet):

Beyond supporting this new service model, there are some other benefits to offering subscription pricing as an option. Some of you have told us that you’re frustrated by our current “a la carte” pricing model, where each edition of the app is purchased separately. That you would prefer the option to pay a subscription each year which covers the price of future upgrades and unlocks the app everywhere. That you’d rather not have to worry about when the next major upgrade is coming, budgeting for how much that will cost. That you don’t want to have to think about whether you’ve bought the app for Mac or for iOS; that instead, you just want to use it on whichever device you happen to be using. Offering a subscription option for our desktop and mobile apps would help with all of these requests.

[…]

The OmniFocus subscription will cost $9.99/month, giving you access to the web service as well as OmniFocus Pro on all your Mac and iOS devices. If you’ve already invested in OmniFocus 3 and just want to add the web service, the cost for that will be $4.99/month.

[…]

I should note that subscriptions do have significant downsides. The initial cost to start using the product is lower, but over time subscriptions will end up costing more—and unlike our one-time purchases, it’s not an investment: when you stop subscribing to OmniFocus you’ll lose access to the things that were being provided by that subscription.

This seems very logical and well explained. Not yet announced: who you’ll pay for the subscriptions. Presumably, Omni could sell them directly to customers, bypassing the App Store’s 30% and offering educational discounts if they want.

Previously: Business Licensing for Omni’s iOS Apps, Transmit 5 on the Mac App Store.

Update (2018-12-19): John Gruber:

I can imagine, a few years from now, an Omni suite subscription, similar to Adobe’s Creative Cloud, that covers all of their apps on all platforms. Subscriptions are the way of the future for commercial software.

Update (2019-04-04): Ken Case:

Tomorrow’s OmniFocus updates for iOS and Mac will add support for optional subscriptions! As an alternative to the existing one-time payments to unlock the app, you’ll be able to subscribe for $9.99/month to unlock OmniFocus Pro on all your devices[…]

Update (2019-04-05): See also: Brent Simmons.

iCloud Drive Stuck Uploading and Downloading Files

Matt Henderson:

To solve the problem, after moving my GitHub folder outside of Documents, I then backed up all the files in Desktop and Documents on my Mac that I need, and disabled “iCloud Drive” in the iCloud area of the system preferences, and instructed the Mac to delete all the local files.

I then went into iCloud Drive via the website, and started deleting everything from there.

[…]

So the fact that deletions are getting processed one by one in the browser, but there’s no UI to indicate that, can cause terrible confusion when trying to perform the kind of mass cleanup that I was doing.

Update (2018-12-11): Wojtek Pietrusiewicz:

I was trying to transfer an edited photo from my iPad to my MacBook Pro a few minutes ago. I saved it to iCloud Drive and went to look for it on my Mac. Not there. I checked my iPhone and verified it was synced. So I restarted my Mac. Nope, nothing.

Want to know what triggered the sync process? I created a new folder in Finder.

Microsoft EdgeHTML Replaced by Chromium

Zac Bowden (via Wojtek Pietrusiewicz):

Microsoft’s Edge web browser has seen little success since its debut on Windows 10 in 2015. Built from the ground up with a new rendering engine known as EdgeHTML, Microsoft Edge was designed to be fast, lightweight, and secure, but it launched with a plethora of issues that resulted in users rejecting it early on. Edge has since struggled to gain traction, thanks to its continued instability and lack of mindshare, from users and web developers.

Because of this, I’m told that Microsoft is throwing in the towel with EdgeHTML and is instead building a new web browser powered by Chromium, which uses a similar rendering engine first popularized by Google’s Chrome browser known as Blink. Codenamed “Anaheim,” this new browser for Windows 10 will replace Edge as the default browser on the platform, according to my sources, who wish to remain anonymous.

Update (2018-12-05): Kuba Suder:

This is so stupid, we’ve spent like a decade fighting the IE monoculture, only to replace it now with a Chrome monoculture And that basically leaves 3 engines on the market, 2 of which share common history.

Update (2018-12-06): Joe Belfiore (Hacker News):

Microsoft Edge will now be delivered and updated for all supported versions of Windows and on a more frequent cadence. We also expect this work to enable us to bring Microsoft Edge to other platforms like macOS. Improving the web-platform experience for both end users and developers requires that the web platform and the browser be consistently available to as many devices as possible. To accomplish this, we will evolve the browser code more broadly, so that our distribution model offers an updated Microsoft Edge experience + platform across all supported versions of Windows, while still maintaining the benefits of the browser’s close integration with Windows.

Steve Troughton-Smith:

Gotta wonder why Microsoft didn’t co-opt Chrome long before this; why would anybody go download Google’s Chrome if the built-in Windows browser is basically the same thing

David Heinemeier Hansson:

Sad to see Microsoft throw in the towel on their own browser rendering engine. The web doesn’t benefit when developers are encouraged to “just test in Chrome” through consolidation. We need a strong, diverse set of browsers. HANG IN THERE FIREFOX!

Steve Troughton-Smith:

Microsoft Edge coming to the Mac will be the first time Microsoft’s flagship browser has been on the platform since Internet Explorer 5.2.3, 15 years ago

Cabel Sasser:

IE Mac was the first browser to support alpha channeled png’s which we used on the Audion faces page for live previews with dragging etc.! And which Microsoft then used for press demos! What a great browser back then — incredible and groundbreaking

Steve Troughton-Smith:

IE for Mac’s download manager & progressbar icons for in-progress downloads were some of my favorite features. Took Safari a while to pick that up

John Siracusa:

It was also the first browser on the Mac to have decent CSS1 support. It was the web developer’s browser for a while.

Jimmy Grewal:

My favorite release of Mac Internet Explorer was the bootleg version 5.5 we put together at MacHack 2000 that was only available on the MacHack CD. 48 hours of caffeine & sugar fueled coding by @t, @sfalken, and @MafVosburgh...built & tested by me.

Jesse Vincent:

“Konqueror” always felt like it was a bit much for a browser name. Now I can see that it was just prescient.

See also: Zac Bowden, Tom Warren, MacRumors.

Update (2018-12-07): Chris Beard (Hacker News):

From a social, civic and individual empowerment perspective ceding control of fundamental online infrastructure to a single company is terrible. This is why Mozilla exists. We compete with Google not because it’s a good business opportunity. We compete with Google because the health of the internet and online life depend on competition and choice. They depend on consumers being able to decide we want something better and to take action.

Will Microsoft’s decision make it harder for Firefox to prosper? It could. Making Google more powerful is risky on many fronts. And a big part of the answer depends on what the web developers and businesses who create services and websites do. If one product like Chromium has enough market share, then it becomes easier for web developers and businesses to decide not to worry if their services and sites work with anything other than Chromium. That’s what happened when Microsoft had a monopoly on browsers in the early 2000s before Firefox was released. And it could happen again.

Oluseyi Sonaiya:

The ideal behind Web Standards is that the specification is implementation-independent, and that competing implementations drive different vendors to improve. If the majority of browsers coalesce around a single implementation, though, we lose that impetus.

Rui Carmo:

I’m actually kind of sad about this because it risks turning the Web into a monoculture again. Even if it does have the potential of making it substantially easier to build and maintain web sites in the long run.

John Gruber:

This is really rather stunning news, especially when you think back to the browser war in the 1990s. And I don’t think it’s a good thing for the web.

Update (2018-12-10): Owen Williams (via Meek Geek):

Yes, that’s right: not only will Microsoft shift to Chromium as its rendering engine, it’ll begin shipping Edge across all supported desktop devices on the planet, and it’ll start building it into the web platform within Windows.

This is huge news for the industry across the board, and is poised to propel the web to a first-class experience on par with native application development, as well as making it a much better experience for a broad swathe of internet users who might not have power over what browser they’re using.

The web has already swallowed native application development whole, but it’s about to get a lot better.

[…]

The strategy differences here are very different to that of Apple, which has largely ignored any feature of the open web that might threaten its own dominance. There’s no web-based notifications in Safari on iOS, or the ability to execute tasks or caching in the background, and so on.

I kind of wish Apple would switch to Chromium as well. With the rest of the world—especially on the desktop—mostly using the same browser, even popular sites can’t always be bothered to make things work well with Safari.

Dan Masters:

For all the criticism Google receives regarding Chrome, they've added some very pro-consumer features over the years.

This one is particularly interesting, as we usually associate sneaky subscription signups with native apps, but it clearly is a problem on the web too.

Update (2018-12-11): John Gruber:

Which, in turn, makes me wonder what the endgame will look like with Microsoft adopting Chrome. Is Microsoft really going to stick with Chrome, under Google’s ultimate control, or will they fork it, the way Google forked WebKit?

Dan Masters:

I’ve seen the same problem[…]

Update (2018-12-19): Jack Wellborn:

Switching to Chromium in particular contributes to the problem that gave us awfulness of Internet Explorer – lack of diversity. Chrome controls somewhere between 60 and 70% of browser share, and while that’s no where near Internet Explorer’s former dominance, there have already been a handful sites that are Chrome-only/Chrome-first. Even more worrisome is the number of other Web Developers that disdainfully treat non-Chrome browsers as aberrations.

See also: Hacker News.

Sublime Merge Build 1092

Jon Skinner:

The contents view lets you step through modified files one by one. You can get to the contents view via the Contents tab on the side bar, double-clicking on a commit, or pressing space. It’s especially handy for reviewing and creating large commits.

[…]

Word wrap is now set to Auto mode by default: text and HTML files are displayed with word wrap on, while source code is displayed with word wrap off. You can set word wrap on or off for all files from the context menu.

These were two of the biggest issues for me. A recent update also added full text search. I still think the interface feels a bit weird, and not as intuitive as Tower’s, but the speed and syntax highlighting remain great, and I like seeing such quick development progress.

Previously: New Git Client: Sublime Merge.

Monday, December 3, 2018 [Tweets] [Favorites]

On Switching From an iPad Pro and a MacBook to a Pixelbook

Fraser Speirs (tweet):

When Google Drive launched in 2012, we started making more use of it and Google Docs. In the six years since, we have really gone all-in on these apps. I was never a huge fan of web-based software but we started with one particular project where we cut so much time and effort out of the process that I couldn’t help but get interested.

[…]

Fast forward to 2018 and virtually all of the work I do at school is now in Google Docs. I don’t think I’ve created anything new outside Google Docs for a couple of years now.

[…]

My school runs on GSuite but we usually access it through iPads. What I have found, though, is that the GSuite iOS apps are not very good. They lack important (and sometimes basic) functionality found in the web version of GSuite and they take a long time to adopt iOS platform features.

[…]

The point, though, is that GSuite is so powerful and so much at the heart of everything I do at school that if you asked me to decide between giving up GSuite and giving up iPad, I’m afraid iPad has to go. It is for this reason that I have been vocally advocating that Apple make iOS Safari as close to a “desktop class” browser as it can be.

Zac Cichy:

Why does Apple get called out for how poorly G Suite works on iOS, and not Google for making sub-par iOS apps?

Foad Afshari:

It is oftentimes said to be Apple’s problem versus the users’ problem. What if I like to use iOS and G Suite? Why do I as a user have to suffer for it?

Keith Edwards:

Why does everyone accept that you can’t set default apps on iOS? Why am I given a worse experience for a premium product because I choose to use apps outside of apples services ecosystem and how it is legal to not provide an option to switch?

Update (2018-12-27): See also: Hacker News.

Interview With Ron Johnson

Without Fail (via Matt Henderson):

Twenty years ago, Steve Jobs had an idea: he wanted to build an Apple store. Something sleek and iconic and unlike anything else in retail. But he had no idea how to do it. So he called someone who might: retail genius Ron Johnson. Ron tells Alex the story of what it was like to work with Steve and help transform Apple into a household name. And Ron talks about life after Apple—which included a huge and humbling failure.

Ron Johnson is now CEO and Founder of Enjoy.

Great interview, but far too short.

Update (2018-12-06): Nick Heer:

One thing I thought about while listening to it is just how successful these stores are. To date, Apple has closed only two without a logical replacement. They are often packed with people, and Apple still has one of the best buying and support experiences in the consumer technology space. I still believe that there are elements of the store that have suffered, but they’re still leaps and bounds better than what you get anywhere else.

Why Excel for iOS Doesn’t Support VB Macros

TJ Luoma:

Finally watched that “I tried to edit a movie on the iPad Pro” and this video editing professional is amazing and amazed at what it can do.

Commenter: “Yeah but Excel on iOS can’t do macros…”

And I’m like “WELL, THEN COMPLAIN TO MICROSOFT.”

I think the hardware can handle it.

Erik Schwiebert:

VB macros on iOS are forbidden by Apple. Review guideline 2.5.2 says in part that apps may not “download, install, or execute code which introduces or changes features or functionality of the app”.

I thought maybe Google Sheets would get around this by running the macros on the server, but apparently not.

Previously: iPad Pro 2018, How to Game the App Store, Hasta La Vista, Visual Basic.

Root Certificates From Sennheiser Headphone Software

Hans-Joachim Knobloch and André Domnick (PDF)

We found that – caused by a critical implementation flaw – the secret signing key of one of the clandestine planted root certificates can be easily obtained by an attacker. This allows him or her to sign and issue technically trustworthy certificates. Users affected by this implementation bug can become victim of such a certificate forgery, allowing an attacker to send e.g. trustworthy signed software or acting as an authority authorised by Sennheiser.

[…]

According to Sennheiser, the browser must be able to access this local web socket through a trusted HTTPS connection in order to bypass cross origin resource sharing (CORS) restrictions implemented by relevant browsers. Hence, the HeadSetup SDK needs a locally trusted TLS server certificate issued to the localhost IP address (127.0.0.1) and the associated private key.

[…]

Despite its designation as CA certificate, the HeadSetup software employs it as the TLS server certificate for the local secure web socket. In order to turn it into a trusted credential, the HeadSetup installer pushes the certificate into the local machine trusted root certificate store of the Windows system on which it is installed.

Note that the HeadSetup installer must run with local administrator privileges. Once the installing user confirms the installation of the software there is no further system prompt warning about the addition of the certificate to the trusted root store and displaying the certificate’s fingerprint, like there would be if this root certificate were added manually.

Via Andrew Ayer:

Like Superfish, anyone can use this key, which is the same on all installations, to forge certificates and impersonate websites.