Archive for January 2019

Thursday, January 31, 2019

Medium’s API Stops Working

Write.as (Hacker News):

Sometime in the past few weeks, Medium abruptly deleted third-party access to their publishing API. There was no warning before, or notice after, this happened — apps just stopped working (including ours).

[…]

We trusted that Medium might not do what many VC-funded platforms have done before: open an API, attract developers and users, grow, then shut it all down. Unfortunately, that’s exactly what they did. And unlike their previous pivots, they didn’t even give the courtesy of a small heads-up.

[…]

Update 11:33am EST: we received a response from Medium, though it’s still confusing:

We recently experienced an interruption with API, and the ability to generate new oAuth-based applications has been restricted. I have reenabled that feature.

This doesn’t really explain why our 2-year-old integration suddenly stopped working (we didn’t need to generate a new application).

Michael Love:

My general rule of thumb is that unless you’re a) paying for it and also b) those payments represent a significant source of revenue for the company offering it, it’s never worth investing significant effort to rely on a third-party API.

Previously:

Swift-ObjC Bridge Using @dynamicCallable

Helge Heß:

Of course Swift already has Objective-C integrated on the Apple platforms, directly supported by the compiler, as well as the associated bridging runtime. Yet using Dynamic Callable you can actually build something similar at the library level, and we want to show you how that would look like.

[…]

You may have wondered that arrayByAddingObject: instead of addObject: was used to demo the thing. That had a reason 😜 Our signatures deal with methods returning object values, but addObject: is a Void method. If we invoke it, we crash, because ARC will attempt to release the non-existing result.

It’s a fun demo, but real-world bridging is complicated by memory management, error parameters and exceptions, non-object types, etc.

Previously: @dynamicCallable: Unix Tools as Swift Functions.

Facebook Pays Teens to Install VPN That Spies on Them

Josh Constine:

Desperate for data on its competitors, Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms.

Previously:

Marco Arment:

This is blatantly against Apple’s rules for enterprise app distribution. It’s not arguable. It’s not even close.

Facebook is slapping Apple in the face, in broad daylight, for the world to see, because they know they’re invincible.

John Gruber:

To my eyes, this action constitutes Facebook declaring war on Apple’s iOS privacy protections. I don’t think it would be out of line for Apple to revoke Facebook’s developer certificate, maybe even pull their apps from the App Store. No regular developer would get away with this. Facebook is betting that their apps are too popular, that they can do what they want and Apple has to sit back and take it.

a f waller:

Apple must revoke Facebook’s enterprise certificate. This is a slap in the face of every honest developer, a blatant corruption of App Store rules, and a disgusting violation of user privacy.

We had an enterprise certificate, and Apple in no uncertain terms explained we could never do anything like this for any purpose, for testing or anything else. Enterprise certs may not be used on devices outside your company, or by users who aren’t your employees.

Colin Cornaby:

There is a workaround in the Enterprise signing program where if you legally make the recipient of an app an agent of your company, you’re in compliance.

I don’t know what’s in the agreement Facebook has, but they may be making the volunteers “contractors” as a workaround.

I could imagine Facebook paying these people $20 a month will be used as an argument they are actually contractors for Facebook.

Will Strafach:

here, Facebook straight up lies to @JoshConstine about this. full stop. everyone with an Enterprise Certifucate knows that it is for internal-use apps to be used only by employees. Apple even calls you and confirms that you understand this, plus it is right in the agreement.

Dave Lee:

Another update relating to consent. FB statement said teens had provided parental consent before using the program. I asked FB what exactly that meant - signed form, scanned? - they said the vendors handled it. For at least one of the vendors, consent was basically a checkbox.

Kurt Wagner:

Apple’s response, via a PR rep this morning: “We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”

David Heinemeier Hansson:

There’s nothing “aggressive” about revoking Facebook’s ability to continue to violate Apple’s direct rules. It’s literally the least they could do, and it’s not nearly enough. Facebook is testing Apple’s credibility on privacy here. So far Facebook is winning.

Marco Arment:

Let’s be clear. If any other developer did this, they wouldn’t just lose enterprise distribution — they’d lose their entire developer account and all of their apps would be removed from the Store.

Facebook gets VERY special treatment because of their size and importance.

Tom Warren and Jacob Kastrenakes:

Apple has shut down Facebook’s ability to distribute internal iOS apps, from early releases of the Facebook app to basic tools like a lunch menu. A person familiar with the situation tells The Verge that early versions of Facebook, Instagram, Messenger, and other pre-release “dogfood” (beta) apps have stopped working, as have other employee apps, like one for transportation. Facebook is treating this as a critical problem internally, we’re told, as the affected apps simply don’t launch on employees’ phones anymore.

Alex Heath:

This doesn’t mean that Facebook is being removed from the App Store. But it does mean that Facebook will no longer be able to widely distribute apps on Apple’s platform without approval.

It also means that, or now, Facebook employees can’t use unreleased apps on Apple devices. Facebook is famous in Silicon Valley for “dog fooding,” a practice in which employees internally test new features before they are released to the public. Employees use internal apps for everything from testing bugs in software to coordinating the use of private shuttle buses that take them to and from work every day.

Because of Apple’s sudden action against Facebook, people familiar with the matter told Cheddar that Facebook employees are unable to use their internal apps on Apple devices. Some Facebook employees privately voiced concern on Wednesday that Facebook is being unfairly targeted by Apple, the people said.

Dan Grover:

Use of enterprise certificates to distribute apps to public on iOS is pretty wide. I remember when I was in China, I got handed flyers for apps while walking down the street that explained how to install the cert.

Ironically, to distribute internal builds of apps, my team ended up buying random “shell” developer accounts on Taobao of random companies because getting access to the official enterprise certs was too complicated.

TechCrunch:

Google has been running an app called Screenwise Meter, which bears a strong resemblance to the app distributed by Facebook Research that has now been barred by Apple, TechCrunch has learned.

In its app, Google invites users aged 18 and up (or 13 if part of a family group) to download the app by way of a special code and registration process using an Enterprise Certificate.

[…]

After we asked Google whether its app violated Apple policy, Google announced it will remove Screenwise Meter from Apple’s Enterprise Certificate program and disable it on iOS devices.

Ryan Jones:

Guys, 10,000 apps use Enterprise Certs against the rules. Facebook’s problem was the malintent and consumer harm and PR.

Others like Google don’t have that.

Josh Constine:

Facebook threatened Research app users with legal action for publicly discussing the VPN, I’ve learned, yet it claims there was “nothing secret about it”. 🤨

Meek Geek:

Apple owns a platform that enables & profits immensely from surveillance, while we let them get away with hawking privacy as a feature as if it’s true.

Apple selling privacy as a feature is akin to vendors like McAfee & Symantec, who are basically selling FUD and making users buy expensive yearly anti-virus subscriptions for their Windows PCs, not knowing that Windows Defender exists or how poorly these software perform.

The privacy fear factor is rampant in the minds of general consumers: Someone just told me he’ll only buy iPhones because he thinks Google’s tracking in Android cannot be disabled.

Profiting from FUD works, whether it is for selling product or in politics.

Apple knows it, and is milking this to the extreme, regardless of how far they need to stretch the truth.

David Carroll:

Most tech reporters still haven’t discovered GDPR Article 8 and recitals 38 and 58. There’s no way that teens ‘consented’ to the requirements that Sandberg pledged to honor in Brussels last year.

Kyle Howells:

In Apple’s vision of the future we all work on iPads, not Macs or Windows.

In that vision Apple has the ability to shutdown that entire companies computer infrastructure at will, at any time, on a whim, and we are just supposed to accept that state of affairs.

We laugh at Facebook’s employees not being able to run their lunch booking app, or internal chat room, because Facebook is a horrible company.

But Apple shouldn’t actually have that power.

See also: Hacker News.

Tom Warren:

Apple has now shut down Google’s ability to distribute its internal iOS apps, following a similar shutdown that was issued to Facebook earlier this week.

Dan Masters:

Oh damn – Apple ain’t playin’.

I wonder if they’ll hunt down other abuses of Enterprise Certificates (of which there are many, I can assure you) – not just the ones of their highest profile enemies.

James O’Leary:

My point of sale startup had issues because competitors, including Apple’s blessed one, used Enterprise dev certificates for distribution, and Apple didn’t do anything with multiple reports.

On background, the story was that Apple understood it wasnt plausible to ship mission-criticial software on a platform with App Store review rules.

This was also why companies were allowed to circumvent IAP rules, it was silly to take 30% of software that was 4 digits

If Apple had bothered to evolve past their first draft of App Store monetizarion and adjusted to reality, all sorts of things would have been better for Apple, consumers, and developers.

Mark Gurman:

In two days, Apple has knocked out some of the business operations of two of its biggest competitors at the flick of a switch.

Also, obviously a coincidence, but nobody is talking much about the FaceTime eavesdropping bug anymore.

Update (2019-02-12): Chance Miller:

In a new statement today, Facebook says that Apple has restored its access to enterprise certificates. This means that Facebook can now use its internal applications again, which were rendered useless earlier this week when Apple barred the company’s access to enterprise certification.

[…]

In a leaked memo obtained by Business Insider, Facebook continues to defend its Research app, as well as its decision to distribute it via enterprise certificates.

Alex Fajkowski:

Hey @tim_cook and @pschiller Amazon is violating the Enterprise program with their Flex app.

Sonos distributes bets versions of their iOS app via the Enterprise program to consumers.

Also, here’s the link to DoorDash showing how they distribute an app to non-employees via the Enterprise Developer program

Peter Hosey:

There’s two things there:

- Could the Flex/DoorDash apps—for contractors—count as “enterprise” usage in a way that FB’s and Google’s “research” apps don’t?

- The impact of killing those apps goes way beyond a bunch of Googlers and FB employees—it affects people delivering food.

Juli Clover:

Apple revoked Google’s Enterprise Certificate and as a result, none of Google’s internal apps are functional. Pre-release versions of iOS apps like Google Maps, Hangouts, Gmail, and more stopped working today, along with employee transportation and cafe apps.

[…]

Apple has restored Google’s Enterprise Certificate so its internal apps now function again, TechCrunch confirmed with a source after a Bloomberg journalist reported the development.

See also: Hacker News, Accidental Tech Podcast, Exponent, The Talk Show.

Joe Rossignol:

Following last month’s revelations that Facebook and Google were using Apple’s enterprise developer program to bypass the App Store and collect analytics from participating users, TechCrunch now reports that dozens of pornography and gambling apps are abusing the program as well.

Michael Love:

Wow. TBH, this makes the case for sideloading better than anything else I can think of; despite the seeming proliferation of unapproved apps, we have yet to see them cause a single (public) security breach. People have been sideloading for years and the sky hasn’t fallen down.

John Gruber:

Either Apple has been purposefully looking the other way on this, or they’ve been asleep at the switch and a reckoning is coming.

Dell’s Massive 49-Inch 5K Ultrawide Display

Juli Clover:

Dell recently unveiled the first 49-inch ultrawide 5K monitor with a 32:9 aspect ratio, the result of which is a wide, immersive display with an impressive resolution.

In our latest YouTube video, we were able to go hands-on with Dell’s U4919DW display, putting it through its paces to see if it’s worth the $1250 asking price.

It’s actually a shockingly low price considering what displays used to cost. And 49 inches sounds huge, but it’s like having a 27-inch display next to an iMac—I’m currently using a 30-inch. So something like this could be great with a laptop or Mac mini. (Although, one advantage of a dual-display setup is that you can put the Apple menu in the middle, and the cursor will snap to the corner.) Unfortunately, it’s not Retina.

Tuesday, January 29, 2019

Google Asks for API Copyright Case to Be Reviewed

Google (via Joshua Bloch):

Today we asked the Supreme Court of the United States to review our long-running copyright dispute with Oracle over the use of software interfaces. The outcome will have a far-reaching impact on innovation across the computer industry.

Standardized software interfaces have driven innovation in software development. They let computer programs interact with each other and let developers easily build technologies for different platforms. Unless the Supreme Court steps in here, the industry will be hamstrung by court decisions finding that the use of software interfaces in creating new programs is not allowed under copyright law.

Previously:

Previously: AWS, MongoDB, and the Economic Realities of Open Source.

2018 Six Colors Apple Report Card

Jason Snell:

It’s time for our annual look back on Apple’s performance during the past year, as seen through the eyes of writers, editors, developers, podcasters, and other people who spend an awful lot of time thinking about Apple.

[…]

Since I used the same survey as in previous years, I was able to track the change in my panel’s consensus opinion compared to the previous year.

[…]

And did we mention the MacBook keyboards? Matt Deatherage said, “It defies reason for Apple [to offer] keyboards of inferior design and execution.” John Gruber said, “I may be biased as a writer and a keyboard aficionado, but it used to be the case that Apple’s notebook keyboards were widely hailed as the best in the world… that’s no longer the case and I think that’s a problem.” Shahid Kamal Ahmad said that the major failing of the keyboard was not its feel but “the inherent unreliability of the switches and their propensity to fail from the inevitable ingress of a subatomic particle.”

Most people were largely unmoved by the macOS Mojave update.

Nick Heer:

Overall, Apple’s new hardware — particularly the new Apple Watch — has generally shone in every area except reliability, software quality is up while service quality continues to be mixed, and Apple’s TV and home offerings continue to be, charitably, just getting started.

Previously:

2013 Mac Pro Launch Postponed Due to Screws

Joe Rossignol:

The New York Times today published a story explaining why Apple is unlikely to manufacture more of its products in the United States.

The report reveals an interesting anecdote about the latest Mac Pro. In late 2012, Apple CEO Tim Cook touted that the computer would be “Made in the USA,” but sales were supposedly postponed by months in part because Apple could not secure enough custom screws for the computer from U.S.-based suppliers.

Josh Centers has highlighted some interesting quotes.

Greg Koenig:

The real indictment here is about Apple’s sourcing failing them, not US manufacturing. There are well over 100 shops in the US who could knock those screws out easily. And please, I hear the nightmare stories of China sourcing…

Paul Haddad:

Why is no one asking why Apple needs custom screws for a desktop machine?

Colin Cornaby:

While I’m sure Apple is a little more over the top than others, PC workstation vendors still use a lot of custom bits including screws. People everywhere get a bit more demanding about quality when they spend $5k-$10k on a computer.

I think the difference is I’m not sure any of those vendors would have wanted to use a major upgrade as an excuse to bet everything on an experiment with vendors.

Casey Johnston:

this is letting apple off incredibly easily, like letting a child not go to school because it “can’t find” its shoes

John Gruber:

This is a perfect example of how Apple’s China-centered supply chain, built over two decades, is going to be hard to replicate anywhere else in the world — and even if it happens, it’s going to take time.

Apple Still Charging Customers for iPhone 7 Microphone Defect

Joe Rossignol:

In May of 2018, Apple acknowledged a microphone issue affecting some iPhone 7 and iPhone 7 Plus models running iOS 11.3 or later in an internal document made available to Apple Stores and Apple Authorized Service Providers.

[…]

The exemptions abruptly ended in July of 2018, though, when Apple deleted its internal document related to the microphone issue and prevented free repairs from being processed through its service portal. Since then, many Apple retail and support employees have refused to acknowledge the policy ever existed.

[…]

Apple’s out-of-warranty repair fee for this issue is over $300 in the United States, according to affected customers on the MacRumors forums and Twitter.

cfountain72:

This is absolute garbage. I recently brought my wife’s 7 to our local Apple Store (International Plaza Mall) showing these exact same microphone/speaker symptoms. After some diagnostics by the Genius, I was told that the repair would cost $300+...or they would take it in trade for $250 it in trade for a new iPhone Xr. I assumed it was just the result of an older phone, and might be a warning sign of more issues down the road. She did mention it was related to a recent iOS upgrade, but that it only effected a small number of phones and that, since we were out of warranty, we’d have to pay for the repair if we wanted to keep using this model, or trade it in on a newer one. We chose to pay off the remaining balance and trade it in for the Xr. Had we known about this crap, we would’ve definitely lobbied to get the repair and keep the 7. Not sure how effective it would be, but I’d encourage anyone else with similar issues to push harder for the ‘free’ repair.

Joe Rossignol:

I keep receiving the occasional email from customers affected by this, asking for my help, but the only thing I can do is continue to bring awareness to it.

Apple has completely ignored all of my requests for comment.

It’s not right.

Major FaceTime Privacy Bug

MGT7:

My teen found a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval. I have video. Submitted bug report to @AppleSupport...waiting to hear back to provide details. Scary stuff!

Benjamin Mayo (Hacker News, MacRumors):

The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their phone — before the person on the other end has accepted or rejected the incoming call. Apple says the issue will be addressed in a software update “later this week”.

Naturally, this poses a pretty big privacy problem as you can essentially listen in on any iOS user, although it still rings like normal, so you can’t be 100% covert about it. Nevertheless, there is no indication on the recipient’s side that you could hear any of their audio.

Dieter Bohn:

The bug requires you have an OS that supports Group FaceTime to work, of course.

What’s more, if one of these “fake” conference calls is happening, if the recipient hits the power or volume button to ignore the call, it not only broadcasts audio to your phone but video as well.

Brian Tong:

This didn’t age well...Three weeks later.👿🍎

Federico Viticci:

This is one of the worst Apple bugs I’ve ever seen.

Please be aware of this and consider disabling FaceTime everywhere (including iPad and Mac) until a fix is out. I disabled mine everywhere.

Perhaps not as bad as the two in High Sierra, but it’s bad.

Wil Shipley:

The FaceTime vulnerability is def. bad but keep in mind you have a record of anyone who tries it on you and when they did so like it’s not a GREAT way to spy on people. (AFAIK you can’t #-spoof FaceTime.)

Marco Arment:

I don’t know how it’s implemented, but possible server-side fixes:

- disabling adding oneself to a group FaceTime
- disabling group FaceTime
- disabling FaceTime

Waiting for a client-side fix is too costly: spying en masse, or people disabling FaceTime and never re-enabling it.

Chance Miller:

Following the exposure of a major FaceTime security hole earlier today, Apple has now taken Group FaceTime completely offline.

Juli Clover:

Hopefully we’re getting more explanation than just a simple fix. How is it even possible for someone to access my camera/mic sans connection/permission? Exactly how long has this been going on?

Josh Centers:

Even after a lot of improvements, Group FaceTime was a hot mess. It works okay with just three people, but the more people you add, the more of a mess it is.

The worst part is the floating face tiles, which make even me, a seasoned FPS player, motion sick. Everyone on the test calls was getting motion sick.

Previously: Group FaceTime Delayed.

Update (2019-01-29): Joe Rossignol:

Once the bug started making headlines on Monday, the Twitter user then shared additional tweets claiming that they had also emailed Apple’s product security team over a week ago. A screenshot of the email was shared, and it appears the team did respond, but what they said is not visible in the screenshot.

The user acknowledges having wanted to receive a monetary reward under Apple’s bug bounty program, but she claims she still proceeded to alert Apple to the bug by phone, fax, and with an official bug report nonetheless. She also wanted to keep the bug private, but she did tweet Fox News about it.

All in all, there is evidence that Apple Support was tagged about an eavesdropping bug eight days before it made headlines, and if the rest of the tweets are truthful, the company was also alerted about the bug via several other avenues.

James Thompson:

I wonder, when they switch on the servers again, if they can block group calls based on OS version number? Otherwise people who don’t update will still be unprotected…

Put it this way, if it’s not part of the protocol already, maybe do that in the future :)

Rich Mogull:

The FaceTime vulnerability was bad. It was quickly blocked. You don’t need to turn FaceTime off. We should all wait to see what Apple says next about how they handled the initial bug report before rushing to judgement

Then judge away, but at least wait a few days for info.

Jeff Rogers:

I would still turn it off so you can wait for feedback and evaluate when it’s ready to be turned back on, rather than letting Apple decide when to turn yours back on.

Josh Centers:

I questioned this in editing and apparently some people have replicated the exploit even after Apple disabled Group FaceTime.

Update (2019-01-31): Bruce Schneier:

This is definitely an embarrassment, and Apple was right to disable Group FaceTime until it’s fixed. But it’s hard to imagine how an adversary can operationalize this in any useful way.

Lloyd Chambers:

You can’t keep making all this stuff up—no one would believe you.

Thomas Reed:

The bug relied entirely on a feature of iOS 12.1 and macOS 10.14.1 called Group FaceTime. If you are using an older version of iOS or macOS, you have nothing to fear.

[…]

There will be some who cite this as a reason to delay installing system updates. They will say that you should wait and let others work out the bugs. However, this is questionable advice. If you stay on an old version of iOS or macOS, you are using a system that has known security issues. That’s a far riskier proposition than updating to a newer version of the system where there aren’t (yet) any known security issues. From a security perspective, you should always install updates in a timely fashion.

In a way, it’s a shame that Apple is now adding big features in point updates throughout the year. This means that it’s not always possible to update in order to get one bug fix without also getting a new feature that potentially adds additional bugs.

John H. Meyer:

Here is a video, recorded & sent to Apple by a 14 yr old & his mom, on JAN 23rd, alerting them to the dangerous #FaceTime bug, that has threatened the privacy of millions.

Ryan Jones:

She demo’ed the entire bug for Apple on Jan 23rd → aka she wasn’t demanding money first.

John H. Meyer:

A quote from the mother of the 14 yr old who discovered the FaceTime bug on 1/19/19…

John H. Meyer:

Here is the mom’s official bug report to Apple. Note that the mom self-describes as “not at all techy” and was baffled that Apple Support asked her, an average citizen, to sign up for an Apple developer account to then submit an official bug report, in order to be taken seriously

josh avant:

Apparently the person who discovered the FaceTime bug was literally told by Apple to ‘File A Radar’ (they’re not devs). Everyone jokes about ‘File A Radar’ but, honestly, Apple’s approach to this is annoyingly tone deaf and needs to be improved already.

Dan Masters:

This perfectly sums Apple up.

And even after she did file it, it was marked as duplicate.

See also: Chris Welch (Hacker New).

Meek Geek:

Reproduced the FaceTime privacy hole with a friend.

Went home hours later to find my iPad burning hot. The bug turned on the iPad screen, even though a Smart Cover was over it, perpetually showing the incoming FaceTime call overlay with video from the front camera.

Michael Love:

Actually, now that we know that Facebook pulled this in response to Apple revoking their certificate last night, the timing on Apple’s part does seem at least a little bit suspicious. (awfully “convenient”, at any rate)

it’s amazing that for once, Apple had an enormous embarrassing privacy bug and FB could take some cover from press

less than 24 hours later….back to the latest Facebook thing

If Apple a) knew about this bug for a few weeks, b) has been scrambling to fix it, c) didn’t want to disable Group FaceTime in the meantime because that would reveal it, but d) feared getting caught anyway, it would be logical to have a distraction like this FB story ready to go.

It would also explain their failure to respond to the woman filing all of those desperate bug reports - they knew about the bug already, but if they’d written back to her it would have instantly blown up into a major story, and they thought they might get a fix in under the wire.

Is there another explanation for the bug being a duplicate besides Apple already knowing about the issue? Why didn’t Apple disable Group FaceTime as soon as they learned of the issue, rather than after it hit the press? Wouldn’t it be much worse for someone to exploit it than for people to wonder why (only Group) FaceTime was down for a while? Waiting to disable Group FaceTime makes it look as though Apple was hoping to silently fix the bug without anyone knowing about it. But I don’t really understand that because I thought they are supposed to disclose all security bugs, anyway.

See also: Facebook Pays Teens to Install VPN That Spies on Them.

Update (2019-02-01): Joe Rossignol:

Apple issued the following statement to MacRumors today in which it apologized for a major FaceTime eavesdropping bug:

We have fixed the Group FaceTime security bug on Apple’s servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone’s patience as we complete this process.

We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us.

This is a bit strange. It implies that the bug was only on the servers, but that is hard to believe given what we know about it and that a client software update will be needed. Earlier this week, Apple said that the bug would be fixed this week, but now the update is not coming until next week. Is Apple claiming it’s a server bug in order to not miss its self-imposed deadline?

The second paragraph at first sounds like Apple acted quickly, but it’s actually a roundabout way of saying that it took a long time for the bug to get routed to the proper team.

John Gruber:

Good on Apple for thanking the Thompson family, and for acknowledging that something is wrong with their process for escalating critical bugs reported by regular customers.

Joe Rossignol:

For absolute clarity, we’ve since confirmed that this means Group FaceTime will remain permanently disabled on iOS 12.1 through iOS 12.1.3. To access Group FaceTime, users will need to update their iPhone, iPad, or iPod touch to a software update coming next week that is likely to be iOS 12.1.4.

Peter Cao:

While we originally reported on the bug, a 14-year-old actually discovered it nearly a week beforehand. High school freshman, Grant Thompson, said in an interview with MarketWatch, that he was surprised that “this glitch happened in the first place” and shared “I found it by accident.”

Update (2019-02-04): Benjamin Mayo:

CNBC reports that an unnamed “high-level Apple executive” met with the Thompsons at their home in Tucson, Arizona on Friday. They apparently discussed how Apple could improve its bug reporting process and indicated that Grant would be eligible for the Apple bug bounty program.

[…]

Apple’s bug bounty system is typically invite-only and limited to specific categories of security flaws, like accessing iCloud account data or demonstrating ways for iPhone apps to escape the security sandbox of iOS. Monetary rewards are not given out to any random individual who happens to find a bug in Apple software.

Update (2019-02-07): Juli Clover:

The U.S. Committee on Energy & Commerce is now seeking answers from Apple over the Group FaceTime flaw that allowed people to eavesdrop on conversations.

Juli Clover:

Apple is today releasing an updated version of iOS 12.1.4, which is designed to address a major FaceTime bug that was widely publicized last Monday.

Juli Clover:

Apple today released a new version of macOS 10.14.3, which is designed to address a major Group FaceTime bug affecting both iOS and macOS.

See also Natalie Silvanovich:

Using this setup, I was able to fuzz FaceTime calls and reproduce the crashes. I reported three bugs in FaceTime based on this work. All these issues have been fixed in recent updates.

Update (2019-02-11): Nick Heer:

The way this bug presented itself caused me to think that video and microphone data was being transmitted from the device before the recipient answered the call. Apple’s phrasing in the “Impact” section here means that I misinterpreted how this bug behaved.

Reuters (Hacker News):

The technology giant said it would compensate the Thompson family and make an additional gift toward 14-year-old Grant’s education.

Joe Rossignol:

The Wall Street Journal today shared a few details about Morris, noting he is a 27-year-old software engineer who reported the bug to Apple on January 27, several days after the Thompsons but one day before it made headlines. He apparently discovered the bug a week earlier while planning a group trip with friends.

Update (2019-02-13): See also: Accidental Tech Podcast.

Update (2019-02-18): MacRumors:

Unfortunately, Group FaceTime even under iOS 12.1.4 hasn’t quite been restored to its former functionality. A MacRumors forum thread started the day after 12.1.4's release revealed users who found themselves unable to add more users to a FaceTime call. As it turns out, it appears that users are no longer able to add a person to a one-on-one FaceTime call. The “Add Person” button remains greyed out and inactive in this situation. The only way to add another person to a Group FaceTime call at this time is to start the call with at least two other people. This slight distinction appears to be the source of confusion for many users.

MacRumors forum user Bob-K persisted in his support calls with Apple, and was finally told that the “Add Person” button not working in that situation was a known issue and that they didn’t know when it would be fixed.

Monday, January 28, 2019

People Don’t Read Similar Dialogs

Jon Gotow:

See a problem there? Well, I didn’t, and neither did my testers. But the dialogs are very similar – same heading text, same buttons – the fine print is different and the Default Folder X icons are in different places, but they’re a lot alike. The first dialog pops up, and after you follow its instructions, it is automatically replaced by the second one. Because they look alike, a lot of people thought that the instructions hadn’t changed and that they were stuck, with no option but to hit the “Quit Without Authorizing” button. And send me a freakin’ email… I got lots of email.

I’ve seen this type of thing with my apps, as well.

He has an interesting solution to the problem of requesting Full Disk Access: an icon in the app’s dialog that the user can drag and drop into the System Preferences window. I’ve had issues with customers not seeing + button to manually add an app and not being able to find the desired app, e.g. because the Applications folder was sorted by date instead of by name. This avoids those problems, however I’ve also seen people get confused when asked to drag between two windows, particularly when one may be partially on top of the other. I wish macOS had an API to request Full Disk Access. The current approach is sort of like security through obscurity.

Previously: Mojave’s New Security and Privacy Protections Face Usability Challenges.

iMac and MacBook Last Updated 602 Days Ago

Joe Rossignol:

As noted in the MacRumors Buyer’s Guide and discussed in the MacRumors forums, it has now been 602 days since Apple last updated its iMac lineup, a new record for the longest span between iMac refreshes ever. The previous record was 601 days between October 2015 and June 2017 refreshes.

The MacBook was also last updated then; it still has the (even more) problematic butterfly keyboard.

The iMac, as far as I know, still ships with defective Kaby Lake processors.

Friday, January 25, 2019

Xcode 10.2 Beta Release Notes

Apple:

Resolved an issue that affected app compatibility with iOS 9.0, 9.1, and 9.2 when distributing an app for local or enterprise distribution. App asset catalogs built using Xcode 10 with a deployment target of iOS 9.0, 9.1 or 9.2 produced content incompatible with the runtimes of those iOS versions when distributed using local or enterprise distribution. Rebuilding the app with Xcode 10.2 resolves this issue.

[…]

On iOS and watchOS, Xcode shows the memory limit for running apps in the Memory Report as you approach the limit. Use Instruments and Xcode Memory Debugging to optimize your app to have the smallest possible memory footprint.

[…]

You can now use $0, $1, … shorthands in LLDB expression evaluation inside closures.

[…]

The LLDB debugger has a new command alias, v, for the “frame variable” command to print variables in the current stack frame. Because it bypasses the expression evaluator, v can be a lot faster and should be preferred over p or po.

[…]

Opening a project that uses any deprecated localization identifiers now produces a warning for each one used. Selecting one of these warnings presents an assistant for migrating files in the associated legacy “lproj” directories to “lproj” directories named for the equivalent modern identifier. If necessary, this process also updates the project’s development region to a modern identifier. Migrated projects are compatible with older versions of Xcode.

[…]

When you’re building an archive of a macOS app and using a Developer ID signing certificate, Xcode includes a secure timestamp in the archive’s signature. As a result, you can now submit an archived app to Apple’s notary service with xcrun altool without first needing to re-sign it with a timestamp.

When you’re building an archive of a macOS app, Xcode no longer injects the com.apple.security.get-task-allow entitlement into the app’s signature. As a result, you can now submit an archived app to Apple’s notary service using xcrun altool without first needing to strip this entitlement.

Jesse Squires:

Apple’s new release notes pages for Xcode are 👌

No more PDFs and not behind a login.

Let’s see whether this URL stays up. Apple’s release notes tend to disappear or move around, e.g. to here (which is hard to find in Google).

Dave DeLong:

Well hello there… #ObjectiveC #Runtime #Funtime #iOS12

[…]

Fundamentally [objc_setHook_getClass()] allows you to interpose objc_getClass() (and therefore NSClassFromString())

So yeah, you could use it for doing class posing. I was thinking it would be for decoding ancient nibs and replacing unknown classes with a generic KVC-compliant proxy

Previously:

Update (2019-01-28): Greg Parker:

You can’t use this to pose as a class: the hook is only called if the class is not already known to exist. It’s intended for Swift to register some of its classes on demand, such as instantiations of Swift generics, that the ObjC runtime can’t see up front.

Benjamin Mayo:

Fans of dark IDEs but not Mojave’s Dark Mode overall theme will be happy: Xcode 10.2 “Always use Dark”.

stephen ryner jr:

Time to upgrade to Mojave, I guess

Jeff Johnson notes that Xcode’s requirement for macOS 10.14 creates problems when deploying to an earlier macOS version. You can no longer debug your app on that version using the current version of Xcode. But if you stay with the older version of Xcode, you can’t use the new SDK. This didn’t used to a problem because Xcode used to support (and include SDKs for) multiple macOS versions.

Jim Rea:

Yes, this is a huge problem. Because of this I’m usually running a couple versions behind with both macOS and Xcode on my dev machine, currently running macOS 10.12 and Xcode 8 (my code is 100% ObjC). Not great, but it seems to be my least bad option.

Update (2019-02-04): The Xcode 10.2 beta 2 Release Notes:

The new release notes don’t seem to say what’s new in this beta. And the beta 1 release notes now redirect to the beta 2 ones, so you can’t actually compare the two pages.

So I now think this is worse than the old PDF release notes.

Malicious Shortcuts

Simeon:

I’ve just been made aware (by @AvimanyuRoy3) that it is trivially easy to steal highly sensitive & personal information from an iPhone via Shortcuts

Just browsing through the malicious Shortcut is mind blowing

You’ll be unsettled what your phone has on you

From highly personal contacts, names you’ve typed into iMessage, addresses, browsing history, app usage, file contents

I’d even loaded the entire text of Dickens’ David Copperfield into Codea recently to test editing performance. Names and places from the story were indexed

This was from a Shortcut that was disguised to look like a memory cleaner. But it really zipped the above data, uploaded it, then sent the link via iMessage to an attacker. The details were obfuscated in the shortcut through base64 encoding

You couldn’t expect a reasonable user to know what they were agreeing to run when receiving an Apple-hosted link to this shortcut

With automatic scheduling of shortcuts you could possibly trick someone into running a key logger

I’ve disclosed all the details to Apple and hope that they fix it, but the more Shortcuts becomes mainstream, the more people need to be aware of how they can be powerfully misused

WeChat’s Apps Within an App

Eustance Huang (via Jack Purcher):

The WeChat update, which came out this week, involves a redesign in the way mini-programs — apps within the app — are presented. With that change, users now “essentially have a second home screen” on their phones, said Matthew Brennan, co-founder and managing director at consultancy China Channel.

I don’t understand how this doesn’t run afoul of Apple’s guideline:

2.5.8 Apps that create alternate desktop/home screen environments or simulate multi-app widget experiences will be rejected.

Previously:

25 Years Ago: RAM Doubler Debuts

Adam Engst:

First up—check out this piece I wrote from the 1994 Macworld Expo San Francisco: “RAM Doubler” (10 January 1994). Developed by Connectix, RAM Doubler was one of the most magical utilities of the early days of the Macintosh. As its name suggested, RAM Doubler promised to double the amount of usable RAM in your Mac, and amazingly, it generally delivered.

That was a big deal back in 1994 because RAM was shockingly expensive—$300 for an 8 MB SIMM at a time when I had 20 MB in my Centris 660AV. For $50, RAM Doubler would double whatever you had: 8 MB to 16 MB, or 20 MB to 40 MB. It was astonishing.

One of the best Mac apps ever. In reading my review of RAM Doubler 2, I was amused to remember that a key feature of RAM Doubler was saving scarce hard drive space. Apple’s virtual memory required space equal to the amount of RAM, even to enable file mapping, whereas RAM Doubler could do that without needing any space. And its swap file only had to be the size of the spill, rather than the total amount of virtual memory.

Update (2019-01-28): Shawn King:

It was freaking magic.

John Gruber:

The most amazing thing, in hindsight, isn’t that compression and clever virtual memory techniques could double your memory — it’s that Mac OS was so open that something as low-level as RAM Doubler was even possible. Effectively, a Mac running RAM Doubler was running a fork of the OS — not just a subtle fork but a fork where the entire memory manager was written by a third party.

In hindsight, the lack of protected memory and disk permissions in classic Mac OS are generally only looked back upon as severe deficiencies. And there certainly were deep problems with that architecture — one app or extension crashing often resulted in the entire machine going down. But that anything goes openness also resulted in tremendous opportunities for third-party software.

Thursday, January 24, 2019

Swift 5 Release Notes for Xcode 10.2 Beta

Apple:

Swift apps no longer include dynamically linked libraries for the Swift standard library and Swift SDK overlays in build variants for devices running iOS 12.2, watchOS 5.2, and tvOS 12.2. As a result, Swift apps can be smaller when deployed for testing using TestFlight, or when thinning an app archive for local development distribution.

[…]

Key paths now support the identity keypath (\.self), a WritableKeyPath that refers to its entire input value (SE-0227)[…]

[…]

In Swift 5 mode, switches over enumerations that are declared in Objective-C or that come from system frameworks are required to handle unknown cases—cases that might be added in the future, or that may be defined privately in an Objective-C implementation file. Formally, Objective-C allows storing any value in an enumeration as long as it fits in the underlying type. These unknown cases can be handled by using the new @unknown default case, which still provides warnings if any known cases are omitted from the switch. They can also be handled using a normal default case.

Previously:

Update (2019-01-25): Patrick Balestra:

Created a new empty Swift project to see how much difference not including the dynamically linked Swift libraries made, and oh my god.

From 2,4MB to 24KB compressed IPA, users on iOS 12.2 are gonna love this!

And this is without importing any Swift library! The improvement is much bigger in real apps obviously.

Microsoft Office in the Mac App Store

Microsoft:

We’re committed to delivering the power and simplicity of Office in an experience designed specifically for Mac, and we continue to make significant investments in the platform. Today, we’re excited to announce that Office 365 is now available on the newly redesigned Mac App Store. With one click, Mac users can download the cloud-connected, always-up-to-date version of the Office suite—including full installs of Word, Excel, PowerPoint, Outlook, OneNote, and OneDrive.

Mitchel Broussard:

Microsoft Office apps have been available on Mac for years, but users have had to download them from the web or in physical retail boxes since Apple has never offered them directly in its Mac App Store. This should make the process of getting programs like Microsoft Word, PowerPoint, and Excel much easier for Mac owners.

Like other versions of Office, you’ll need a subscription to Office 365 to gain access to the full features of each app.

Erik Schwiebert:

the only thing different is that the apps from the MAS are signed by Apple’s App Store cert instead of Microsoft’s corporate developer cert. That means some saved keychain access will break if you mix apps from the two sources, because the code signatures are different.

Apple:

In business, as at home, employees want access to the best devices and apps to do their work. With Office 365 on the Mac App Store, these apps can now be easily distributed to employees using Apple Business Manager, a central dashboard where IT can deploy devices, apps and licenses. Now IT can quickly enable employees to get to work with their favorite Office tools across Mac, iPad and iPhone, with great new features designed specifically for Apple devices.

Microsoft:

This article covers frequently asked questions about the availability of Office from the Mac App Store, and the differences between downloading Office apps directly from Microsoft.

Clearly, the best part is not having to use the annoying Microsoft AutoUpdate app.

Previously:

Update (2019-01-25): Christopher P. Atlan:

Interesting that they choose to use the same bundle identifier.

davidkocher:

Wondering if Microsoft is paying the same 30% commission.

My guess is that they are for IAP. But, because Office is a cross-platform app, they can use their own payment processing like Netflix and bypass Apple’s commission entirely:

3.1.3(b) Multiplatform Services: Apps that operate across multiple platforms may allow users to access content, subscriptions, or features they have acquired elsewhere, including consumable items in multi-platform games, provided those items are also available as in-app purchases within the app. You must not directly or indirectly target iOS users to use a purchasing method other than in-app purchase, and your general communications about other purchasing methods must not discourage use of in-app purchase.

In a way, Apple is disincentivising exclusive apps. Make a Mac app? Apple takes 30%. Add a Windows version? Now Apple gives you free distribution.

But, unlike Netflix, Microsoft lets you subscribe via IAP. So you can manage it along with your other subscriptions and pay for it using discounted iTunes gift cards. In that case, after a year, Microsoft is getting 85%, and I’m paying only 80%, so I wonder if that means Apple is actually paying Microsoft.

Erik Schwiebert:

Bundles don’t have metadata entries for minimum OS, and I suspect the MAS code fills in “missing”metadata with that old minimum version string. I argue it should report the newest minimum version of all the apps in the bundle. But that’s up to Apple to fix (Radar 47520238).

John Gruber:

I’d bet a fortune Microsoft isn’t paying Apple the standard 70/30 split for the first year of a subscription. Maybe they’ve jumped right to 85/15? Maybe even more favorable to Microsoft? I’d love to know.

35 Years of Mac

Tim Cook:

35 years ago, Macintosh said hello. It changed the way we think about computers and went on to change the world. We love the Mac, and today we’re proud that more people than ever are using it to follow their passions and create the future.

As of this writing, he’s getting a fair amount of criticism in the Twitter replies.

Joe Rossignol:

Jobs pulled the Macintosh out of a bag during Apple’s annual shareholders meeting on January 24, 1984 at the Flint Center in Cupertino, California, grinning from ear to ear as the crowd erupted in applause.

[…]

Two days earlier, Apple teased the Macintosh’s introduction with its iconic “1984" ad during Super Bowl XVIII on CBS[…]

Here’s a video of the introduction (via John Gruber).

Update (2019-01-25): Walt Mossberg:

An early Mac ad, worth viewing today, the 35th anniversary of the original Mac going on sale. I love the headline.

ExpressibleByStringInterpolation in Swift 5

SE-0228:

String interpolation is a simple and powerful feature for expressing complex, runtime-created strings, but the current version of the ExpressibleByStringInterpolation protocol has been deprecated since Swift 3. We propose a new design that improves its performance, clarity, and efficiency.

Olivier Halligon (tweet):

The fact that you can implement whatever appendInterpolation(…) method you like means that you can choose what interpolation to support. This is a super powerful feature that opens a large range of possibilities!

For example, if you implement func appendInterpolation(_ string: String, pad: Int) that means that you’ll be able to build your type using an interpolation like: "Hello \(name, pad: 10), how are you?". The interpolation just has to match one of the appendInterpolation signatures that your StringInterpolation subtype support.

Olivier Halligon:

In this second part, I’ll focus on one application of that new ExpressibleByStringInterpolation, to make NSAttributedString prettier.

Erica Sadun:

Consider printing optionals.

Erica Sadun:

Today’s extension enables (optionally padded) radix-based interpolation. You interpolate a number and specify a radix, the numerical base used to present it.

Erica Sadun:

Consider formatters. Both Swift and Cocoa/Cocoa touch support a number of these, ranging from numbers and currency to dates and times. They are a natural interpolation fit.

Ravi Kandhadai Madhavan (via Ben Cohen):

This post presents an overview of our plan for creating a customizable interface for Apple’s logging system. Our proposal uses custom string interpolation, which is a recently-improved language feature, and compile-time interpretation, which is a compiler technology that is in the process of being upstreamed as an experimental feature.

Update (2019-02-05): Mattt Thompson:

For a simple example of this, consider a custom type that escapes values in XML, similar to one of the loggers that we described last week. Our goal: to provide a nice templating API that allows us to write XML / HTML and interpolate values in a way that automatically escapes characters like < and >.

Update (2019-02-18): Mattt Thompson:

RegularExpressionDecoder provides a convenient solution to constructing Decodable objects from regular expression matches by automatically matching coding keys to capture group names. And it can do so safely, thanks to the new ExpressibleByStringInterpolation protocol in Swift 5.

Mojave Software Update Issues

Howard Oakley:

During downloading of the update, it appeared that the progress bar had been shifted to the left, relative to the stated time to download the new update. As seen above, with just 7 seconds to go, the progress bar was only just over 80% complete.

Once the download had apparently completed, the progress bar slowly progressed to completion. But the text above it still referred to downloading, and didn’t, for example, change to report that the update was being prepared. Furthermore, there was no estimate of the time to completion, although significant additional time was taken at this stage.

I like having it back in System Preferences instead of the App Store app. But it still has the same old problems, like checking online and then telling you that your OS is up-to-date when it’s obviously not (then, sometimes, refreshing again to show the update a few seconds later).

I also ran into a bunch of problems when my father got a new MacBook Air and it wanted to update macOS during the setup process before proceeding with Migration Assistant. For example, the progress bar showed that it was finished, but the text didn’t say it was done. Seemingly the only thing to do was click a button to move on to the next step, but I later found that it hadn’t actually installed the update—and it had to download it all over again.

Jeff Johnson:

The links [in the release notes] are neither clickable nor selectable.

Update (2019-01-25): Thomas Brand:

Just like diskutil the cli softwareupdate command is the answer to getting reliable Mac OS updates in the background; even while running the Setup Assistant.

Wednesday, January 23, 2019

Mojave Finder’s Preview Column Shouldn’t Prioritize Thumbnail Size

Howard Oakley:

Mojave puts a lot of information at your fingertips in Finder windows. However, the priority given to different components isn’t currently right. In particular, too much vertical space is reserved for QuickLook thumbnails (icons).

Even in a very deep Finder window in Column mode, a shallow QuickLook thumbnail is given so much space that you have to scroll in order to be able to see that file’s metadata and the Quick Actions bar below it. This is in a Finder window on a 5K display at ‘looks like 2880 x 1620’ mode: it gets much worse on a laptop.

This is in response to some tweets of mine. I like to use two relatively short (but wide) Finder windows stacked on top of each other. With this arrangement, I can’t see any of the metadata list (dates, the app version, image dimensions) without scrolling unless I hide the Quick Actions. There’s no way to hide the preview, make it smaller, or replace it with just an icon.

Update (2019-01-28): Another issue is that it’s hard to scroll to see the metadata because the swipe scrolling gesture is inoperative when the cursor is over the thumbnail. So you have to find the little strip of the window below the thumbnail but above the Quick Actions and scroll that.

App Store Refunds and Reviews

Luc Vandal:

I purchased a 99¢ app and asked Apple for a refund a few hours later via https://reportaproblem.apple.com

Prior to the refund, I wrote a (5-star) review on the App Store.

The refund was approved the same day and this morning the app is still on my device and still functional but I can no longer review the app and my review is still visible.

I was and some fellow devs were under the impression that reviews were removed when a user was refunded but apparently not?

[…]

I forgot to mention that the app no longer appears in the Purchases section of the App Store app.

[…]

App Store does show an update for the refunded app but tapping Update does nothing.

One annoying side-effect is that having that refunded app in the updates will mess up the update process for other apps when tapping Update All.

David Barnard:

TIL “You can’t request refunds for recurring charges…” So all those apps that tricked people into high priced subscriptions get to keep all the revenue AND the subscriptions keep renewing because the UI to cancel subscriptions is buried.

It’s hard to conclude anything other than Apple is willfully being customer hostile to save on customer support and reduce returns. They still haven’t even fixed the App Store purchase flow to prevent accidental purchases via Touch ID. That should’ve been a rush fix.

Previously:

Update (2019-03-04): Dave Wood:

Remember when anyone could review an app, regardless of whether they bought it or not. Then it was changed so they had to buy the app before reviewing. Then every app went free with IAP, and now everyone reviews apps they haven’t bought again. Apple should fix that again.

France Fines Google for GDPR Violation

Jon Porter:

France’s data protection regulator, CNIL, has issued Google a €50 million fine (around $56.8 million USD) for failing to comply with its GDPR obligations. This is the biggest GDPR fine yet to be issued by a European regulator and the first time one of the tech giants has been found to fall foul of the tough new regulations that came into force in May last year.

John Gruber:

Is this sort of penalty effective, or does Google just shrug it off? Last quarter Google reported $33 billion in revenue and over $8 billion in profit. €50 million is not nothing, but is it enough to give Google pause?

David Heinemeier Hansson:

Should Google not remedy its behavior, GDPR ultimately allows for fines up to 4% of global turnover.

[…]

What’s striking about this judgement is just how plainly the violations are detailed, and how clear it is that Google is not going to weasel out of compliance by evading informed consent by its normal tactics of obfuscation. This is a potential game changer for online privacy.

If GDPR is actually going to be enforce like this going forward, and it’s not just a one-off French expedition, the entire business model of Google and Facebook as it pertains to using personal information for ad targeting is in doubt.

Colin Lecher (Hacker News):

A series of complaints brought under Europe’s General Data Protection Regulation (GDPR), filed by an Austrian privacy activist, accuse eight major streaming companies of failing to comply with European Union law.

[…]

Under GDPR, consumers are allowed to request data that companies hold on them. As a test, noyb says it asked eight major streaming media providers, including YouTube, Netflix, Spotify, Apple, and Amazon, to provide consumer data.

But the companies, noyb argues in its complaints, failed the test. SoundCloud and UK sports streaming service DAZN failed to provide the data, while six other companies did not provide adequate data under the law, noyb says. In most cases, the complaints argue, the companies failed to provide relevant background information meant to help consumers understand how their data is used, even though that information is required.

Python Gets a New Governance Model

Jake Edge (via Hacker News):

There were six Python Enhancement Proposals (PEPs) under consideration that would be ranked by voters in a two-week period ending December 1; instant-runoff voting would be used to determine the winner. In the interim, though, much of that changed; the voting period, winner-determination mechanism, and number of PEPs under consideration are all different. But the voting concluded on December 16 and a winner has been declared; PEP 8016 (“The Steering Council Model”), which was added to the mix in early November, came out on top.

[…]

As with most of the other proposals, PEP 8016 creates a council. Various sizes were proposed in the other PEPs, but the steering council of PEP 8016 consists of five people elected by the core team. The definition of the core team is somewhat different than today’s core developers or committers. The PEP explicitly states that roles other than “developer” could qualify for the core team. Becoming a member of the team simply requires a two-thirds majority vote of the existing members—and no veto by the steering council.

Previously: Guido van Rossum Steps Down as Python BDFL.

Tuesday, January 22, 2019

Will Apple Fill the Speech Recognition Void?

Adam Engst:

This move is a blow to professional users—such as doctors, lawyers, and law enforcement—who depended on Dragon for dictating to their Macs, but the community most significantly affected are those who can control their Macs only with their voices.

[…]

TidBITS reader Todd Scheresky is a software engineer who relies on Dragon Professional Individual for his work because he’s a quadriplegic and has no use of his arms. He has suggested several ways that Apple needs to improve macOS speech recognition to make it a viable alternative to Dragon Professional Individual[…]

Previously: Dragon Speech Recognition Software for Mac Discontinued.

Kick-ass CLI Tools In Swift

Daniel Duan:

Programmers whine about ergonomics partially because we are previlidged and spoiled. But mostly because our attention is a limited resources. Mixing API conventions distracts us from solving the problem at hand. Bad ergonomics, therefore, drives away a good potion of users who cares about quality of their tools.

[…]

File system APIs being in Foundation as opposed to the standard library is probably a temporary condition. Nevertheless, it has at least the following implications[…]

[…]

The next killer CLI tool is still more likely to be written in Go or Rust, than in Swift. Hopefully, somewhere in these speculations is a true cause of this phenomena. Maybe someone reading this will be inspired to accelerate change that will eventually revert the condition.

Still, Swift+Foundation works pretty well for writing simple CLI tools to aid in my Mac development and maintenance. And swift-sh (via Mattt Thompson) looks like it will help.

Previously: @dynamicCallable: Unix Tools as Swift Functions.

Update (2019-01-24): Florent Pillet:

So Vapor has another hidden gem: a pretty cool framework to build CLI apps, so I can reuse Vapor add-ons from the ecosystem to write my own local tools.

No terribly well documented, but worth a look.

Flexgate: Display Issues With 2016 and Newer MacBook Pros

Joe Rossignol (9to5Mac):

An increasing number of users have experienced backlight issues on 2016 and newer MacBook Pro models, particularly those with the Touch Bar, often resulting in a so-called “stage light effect” along the bottom of the display.

According to the repair website iFixit, which highlighted the issue today, the underlying cause is Apple’s use of thin, fragile flex cables that connect the display with the display controller board on 2016 and newer MacBook Pro models, as opposed to the more durable wire cables used in previous generations.

Taylor Dixon:

But the bigger problem is that, in an apparent effort to make the display as thin as possible, Apple designed the cables as part of the display, so cannot be replaced. This means that when (not if) those cables start to fail, the entire display unit needs to be replaced, as opposed to one or two little cables—effectively turning a $6 problem into a $600 disaster.

Wojtek Pietrusiewicz:

Imagine if you had to replace half of your car because a cable stopped working. This is simply horrible design.

This is just not a good generation of Mac notebooks.

Update (2019-01-23): Dan Masters:

Design is not just what a product looks and feels like. It’s also how it fails.

Update (2019-02-04): See also: Juli Clover.

Update (2019-03-05): Whitson Gordon (Hacker News, MacRumors):

Since we were just wrapping up writing the repair manual for the 2018 model anyway, we checked inside our 2018 15” MacBook Pro again to measure its cable against its 2016 predecessor—and found the 2018 cable was, in fact, a full 2mm longer. Since this change appears in both our 15” model and Olivia88’s 13” model, it’s plausible this change is present in multiple, if not all, 2018 MacBook Pros.

[…]

Worst of all, this implies that Apple knew about the flexgate issues before public backlash hit its fever pitch, and still refuses to even acknowledge the issue, let alone take responsibility and offer free repairs. In fact, multiple people claim Apple has deleted support threads regarding the issue on Apple.com, attempting to sweep this under the rug rather than offer an extended warranty program to those affected. You can sign this petition to try and get their attention, or fill out their feedback form here.

iPhone XS Fails After Quick Drop in Water

YoungPatrickBateman:

I purchased an iPhone XS in September of last year. The first week of December I accidentally dropped it in my sisters swimming pool at the shallow end - a depth of approximately 1.10m. Immediately, I jumped in an pulled the phone out, switched it off and let it dry for a few hours (as indicated in the steps of what to do when your phone gets wet on the Apple website). A few hours later I turned the phone back on and all was good. Fantastic!

A few weeks later, the Sunday before Christmas, my phone started bugging out restarting itself every 3-5 minutes.

[…]

I take it back to Apple and they say they need to open it up and see if there is any internal damage.

Two hours later I come back and they say the Liquid Contact Indicators have been activated, which means there is internal liquid damage and they won’t cover liquid damage under warranty.

I spoke with the store manager on duty for about 45 minutes because I disagreed with this policy given Phil Schiller, head of worldwide marketing for Apple, literally said you can drop it in the pool and it will be fine (jump to 40:40). It was not fine. This was the only time my phone had been in or near water.

Apple’s specs page says:

Rated IP68 (maximum depth of 2 meters up to 30 minutes) under IEC standard 60529

Apple did eventually replace the phone after he filed a complaint through the Australian government. In theory, with IP68 I should be able to walk around in a swimming pool and take photo, and the phone should be fine even if I accidentally drop it. But I haven’t done that because I’m not sure I can really trust the water resistance or how Apple will react when they find out it got wet. It sounds like the liquid contact indicators can’t tell how long the phone was underwater, so you have no way of proving that your use was in line with what Apple claims to support.

Previously: iPhone 7 Notes.

Update (2019-01-23): scott:

I used to use my waterproof iPhone in the shower until the speakers stopped working because of contact with light shower spray.

fyi, water damage isn’t covered for your waterproof phone.

duardo Pontes:

Same here

Update (2019-01-24): John Gruber’s Apple Watch broke after getting wet, and Apple replaced it.

Michael Kummer:

Hmm…I have been taking my iPhone underwater since the iPhone 7 - guess I got lucky :)

Phased vs. Regular Update Adoption Rates

David Smith:

For several years now Apple has offered Phased Rollouts for app updates in the App Store. This lets you slow down the adoption of a new update to your users by limiting the number of users who are offered it as an automatic update each day.

[…]

I was very pleased to see the system work so well. The rollout was slow and measured. It let me find a few things I needed to fix before the update got out to all my users.

Also remarkable to me is how quickly the ‘immediate rollout’ really is. With around 80% adoption in just a couple of days.

Of course, phased releases are not supported by the Mac App Store.

Update (2019-03-20): Apple:

You can now release an update to your macOS app in stages by enabling Phased Release for Automatic Updates in App Store Connect.

Friday, January 18, 2019

Even More About Swift’s Codable

Ben Scheirman (via Kuba Suder):

Instead, we can use a special method to get a super-class ready encoder that already has a container attached to it[…]

[…]

Here we have a migration_date field that has a different date format than the created_at field. Let’s also assume that the name property has since been changed to just name.

This is obviously not an ideal situation, but real-life happens and sometimes you inherit a messy API.

[…]

This is a listing of beer styles, but the keys are actually the name of the style. We could not represent every possible case with an enum as it could change or grow over time.

Instead, we can create a more dynamic implementation of CodingKey for this.

This is the most comprehensive guide to Codable and JSON that I’ve seen.

Russ Bishop:

The new Codable protocol is flexible enough to allow a different encoded representation from the in-memory representation which is a nice property to have in a serialization mechanism. Today I’m going to build SingleValueCodable to automate that work when dealing with RawRepresentable types.

Ole Begemann:

So Dictionary seems to behave differently depending on its Key type, even though the enum values are ultimately encoded as strings. What’s going on here? We can find the answer in Dictionary’s implementation for the Encodable protocol.

[…]

There are three branches: only if the dictionary’s key type is String or Int does it use a keyed container. Any other key type triggers results in an unkeyed container of alternating keys and values.

SE-0239:

SE-0167 introduced Codable conformance for some types in the standard library, but not the Range family of types. This proposal adds that conformance.

There’s quite an interesting discussion about this, because the details of how it works will end up affecting databases and APIs outside of Swift itself.

Paul Samuels:

The two key takeaways here are

  • If you need to represent a collection that can have multiple types then you’ll need some form of wrapper and enums can perform that duty well when it makes sense.

  • Swift’s Codable is really powerful and helped remove a heap of issues that arise from manually parsing/creating objects.

Removing optionality, reifying types and using compiler generated code are great ways of simplifying our code. In some cases this also helps move runtime crashes into compile time issues, which is generally making our code safer. The benefits here are great and it shows that it’s really worth taking time to model your data correctly and then use tools like Codable to munge between representations.

Paul Samuels:

Testing Codable implementations isn’t particularly hard but the boilerplate code required can get out of hand pretty quickly. I thought I’d run through a TDD process to get to the final solution as I find this stuff personally interesting and hopefully someone else might to. Hopefully I’ve highlighted some basic stuff to test when looking at custom Decodable implementations and shown that it’s useful to refactor not only the production code but the test code as well.

The challenge I see is how to make sure that you don’t break compatibility as you evolve your data model.

Update (2019-01-24): itaiferber:

Hello, everyone! As part of the review thread for SE-0239, we received a lot of helpful feedback that’s highlighted areas where we thing Codable can improve, and we wanted to take the time after the holidays to split that conversation aside and help carry it along in a more targeted thread. We think there are a lot of potential improvements to be made, and we’re really interested in getting community feedback and contributions to help us get closer to where we’ve always wanted Codable to be.

Stop Google Search Results Tracking

Jeff Johnson:

When you click on the link, the onmousedown action runs some JavaScript that swaps the original URL with a new tracking URL. Google does this as you click, right under your nose. Or finger.

By default, StopTheMadness has ⌘-Click and Drag and Drop protections enabled. A side effect of these protections is that you’re also protected from link hijacking. Why? Clicking on a link in a browser is preceded and triggered by mousedown and mouseup events. Thus, if a web site could hijack these events, it could prevent the link click from working as expected. This is why StopTheMadness prevents mousedown and mouseup events from getting hijacked when you ⌘-click on a link. But what about clicks without the ⌘ key? StopTheMadness prevents mousedown from getting hijacked whenever you click on a link, even without the ⌘ key, because dragging a link in a browser is preceded and triggered by a mousedown event. For full protection against link hijacking, then, you need both ⌘-Click and Drag and Drop protections enabled (as they both are by default).

I’ve stopped using Ghostery and other content-blocking/anti-tracking Safari plug-ins because I’m tired of them breaking sites. StopTheMadness provides less privacy protection, but it fixes the really annoying things that sites do while causing far fewer problems.

Airbnb and Security Camera Disclosure

Jeffrey P. Bigham (via Hacker News):

When my family and I stayed in an AirBnB this past winter break, we discovered this camera and another about a day into our stay. I was shocked, and immediately unplugged them. I don’t think we did anything particularly weird in front of that camera, but it’s very likely that my 2-year-old ran in front of this camera naked (the field of view of the camera was close to the exit of the bathroom).

[…]

A lot of other weird stuff happened during this trip stemming from this -- AirBnB told my host we asked about the cameras, he sent someone to snoop on us, he left us a bad review, etc.

[…]

Airbnb has re-re-re-reviewed my case, and now they agree that the cameras were not properly disclosed. Their position seems to be that the customer service representative(s) did not understand my concern, and/or they gave inaccurate information. While the reps I talked to before today repeatedly said that photo constituted disclosure, the senior person who reviewed the case says that it does not. 🤷

You can review Airbnb’s trust standards here.

Previously:

Haptic Touch Bar

Bopsoft:

Haptic Touch Bar provides actual feedback when pressing buttons on your Touch Bar

Brings back the full Escape key experience!

Get back to touch typing—no more glancing at the Touch Bar as you type

Stop the self-doubt (did I hit the key?) with tactile & audible feedback

Configurable for intensity of feedback & sound

It vibrates the trackpad when you press a key on the Touch Bar. Of course, you still can’t actually feel where the keys are.

Thursday, January 17, 2019

Stack Allocation for Non-Escaping Swift Closures

aschwaighofer has a pull request for stack-allocating Swift closures.

Slava Pestov:

Short history of non-escaping functions:

- Swift 4.1 and earlier: type checker enforcement; same ABI as escaping
- Swift 4.2: new ABI - the context is a trivial pointer and not ref-counted like with escaping
- now: non-escaping contexts allocated on stack

The ABI change was key here - Arnold frontloaded the changes before we started locking down, now stack-allocation is “just” an optimization

And ancient pre-history for those who weren’t around at the time:

- Swift 2.2 and earlier: all function values escaping by default, opt-in @noescape attribute for parameter types
- Swift 3: @noescape becomes default for function parameters, @escaping added to opt-in

More trivia: In ancient Swift the accepted idiom to turn a non-escaping function into an escaping one was unfortunately an unsafeBitCast(). The compiler added a special withoutActuallyEscaping form and started screaming about casts in 4.0 so that we could stage in the ABI change

Previously: Optional Non-Escaping Swift Closures.

Update (2019-01-23): Matt Gallagher:

I played around with Swift master’s new stack allocated closure contexts today. My “capturing closure” mutex test case from this article improved 10x from 2.051 seconds to 0.212 seconds. Putting it within 20% of the inlined version.

Unfortunately, I needed to disable runtime exclusivity checking to get this performance. With exclusivity on, performance was 0.384 seconds (nearly 100% slower). Seems like this code should be statically checkable for exclusivity. Hope this improves.

Another unfortunate point: DispatchQueue.sync’s closure still isn’t optimized to the stack. I think this is a consequence of the stdlib’s interface around dispatch_queue_sync. I hope it gets resolved soon. I’d rather just use DispatchQueue.sync and not worry about performance.

Ole Begemann:

Stack allocation doesn’t work yet for Objective-C blocks. I suspect that also applies to wrappers like DispatchQueue.sync.

Acorn 6.3 Postmortem

Gus Mueller:

Apple added a new feature to its latest iPhones in the iOS 12 update called “Portrait Matte”. It’s a special image embedded in HEIC images which is based off the depth data and some machine learning in your photo. You can then use this image as a mask to blur parts of your image (which is what the iOS “Portrait” camera setting does), or you can use this data to remove backgrounds.

But how should Acorn expose this matte? My first stab was to have Acorn add the matte as an additional layer. After playing with it a bit, it just felt off. So I ended up adding the matte as a mask to the main layer when opening the image. But folks are obviously going to want to do more than just mask out the background so I added new features to Acorn where you could easily drag and drop the layer mask into into its own layer. I also made it easy to move an existing layer to another layer’s mask via drag and drop. I can’t predict what people are going to want to do with the mask, but I might as well make it easy to move around.

It was also during this development that I found some bugs in Apple’s My Photo Stream. The matte was showing up rotated incorrectly when opening images out of Photos. At first I figured I was just reading the data wrong, but nope- under certain conditions when images with the portrait mask were uploaded to MPS, the rotation data from the camera went missing. After some communication and a Radar filed at Apple, this bug was fixed in an OS update. Bug fixes like this don’t happen very often, but when they do it makes filing all the other Radars worth it. Mostly.

Big Win for Web Accessibility in Domino’s Pizza Case

Lainey Feingold (via Jared Spool):

Circuit Court of Appeals gave a big win to digital accessibility in a case against Domino’s Pizza. The lower court had ruled for Domino’s and tossed the case out of court. The appeals court reversed, ruling that the ADA covers websites and mobile applications and the case can stay in court.

[…]

The case will now go back to the lower federal court in California. As the appellate judges concluded, “We leave it to the district court, after discovery, to decide in the first instance whether Domino’s website and app provide the blind with effective communication and full and equal enjoyment of its products and services as the ADA mandates.”

Update (2019-01-23): Eli Schiff:

The US Department of Justice is insane. They require your site to be “Accessible” But provide zero guidelines. And then they laugh at you for not being in compliance even though there is no standard!

Ryan Rich:

Surprisingly this is how the majority of compliance works. No framework or regime is going to tell you exactly what to do. It’s why we have 3rd party auditing firms. Maybe there’s an opportunity in there for accessibility auditing. I doubt it though. No one cares enough.

Update (2019-01-28): See also: Ashley Bischoff and Eli Schiff.

How Facebook Keeps Messenger from Crashing on New Year’s Eve

Amy Nordrum (via Hacker News):

In addition to shifting loads, the Messenger team has developed other levers that it can pull “if things get really bad,” says Ahdout. Every new message sent to a server goes into a queue as part of a service called Iris. There, messages are assigned a timeout—a period of time after which, that message will drop out of the queue to make room for new messages. During a high-volume event, this allows the team to quickly discard certain types of messages, such as read receipts, to focus its resources on delivering ones that users have composed.

[…]

Georgiou says the group can also sacrifice the accuracy of the green dot displayed in the Messenger app that indicates a friend is currently online. Slowing the frequency at which the dot is updated can relieve network congestion. Or, the team could instruct the system to temporarily delay certain functions—such as deleting information about old messages—for a few hours to free up CPUs that would ordinarily perform that task, in order to process more messages in the moment.

[…]

“You can bundle some of those together into a single large request before you send it downstream. Doing that, you reduce the computational load on downstream systems.”

Batches are formed based on a principle called affinity, which can be derived from a variety of characteristics. For example, two messages may have higher affinity if they are traveling to the same recipient, or require similar resources from the back end. As traffic increases, the Messenger team can have the system batch more aggressively. Doing so will increase latency (a message’s roundtrip delay) by a few milliseconds, but makes it more likely that all messages will get through.

Wednesday, January 16, 2019

Google Pixel’s Night Sight

Jeremy Burge:

Whatever Apple does with the iPhone camera this year, they need to be able to compete with Pixel night mode. All taken on 18 month old Pixel 2 in challenging / dark conditions, and no iPhone photo at night comes close[…]

[…]

Seriously Google camera team: great job. You took a tiny sensor, put magic in the software and the results are unbelievable for a phone camera.

[…]

For those who haven’t used night sight on Pixel, it’s not ~just~ the magic in software. Pics also look better because the mode takes 2-5 seconds to take a photo. More light is captured, and movement stabilised. That’s what gives it the edge. That’s why iOS should offer this mode

[…]

No before/after pics online will do justice to photographing a near pitch-black room and getting a usable photo. Genuinely mind blowing.

Vlad Savov:

Google’s Pixel phones have already changed and improved smartphone photography dramatically, but the latest addition to them might be the biggest leap forward yet. Night Sight is the next evolution of Google’s computational photography, combining machine learning, clever algorithms, and up to four seconds of exposure to generate shockingly good low-light images. I’ve tried it ahead of its upcoming release, courtesy of a camera app tweak released by XDA Developers user cstark27, and the results are nothing short of amazing. Even in its pre-official state before Google is officially happy enough to ship it, this new night mode makes any Pixel phone that uses it the best low-light camera.

Previously: Google Pixel 3 and 3 XL, iPhone XS Users Complain About Skin-Smoothing Selfie Camera, The iPhone XS and Its Camera, iPhone and Android Cameras.

Update (2019-02-05): Stephen Sullivan:

As for a Night Sight comparison:

no flash was used, one photo is from the iPhone XR and one from the Pixel 3 with Night Sight feature on. 😯

Swift Community Podcast

Episode 1 (tweet):

Welcome to the Swift Community Podcast — a podcast for the Swift community, by the Swift community. On this initial episode, John Sundell, Garric Nahapetian and Chris Lattner introduce the concept of the show and why it was created — and recount their first impressions of Swift and the evolution of the community, starting with Chris’ initial prototype back in 2010.

Update (2019-02-18): Ole Begemann:

This is a transcript (edited for readability) of the parts I found most interesting. You’ll see I mainly quoted Chris Lattner because I think his account of how Swift was created is the most relevant to preserve for posterity.

[…]

John Sundell: And then he brought you out, right? That was the classic line: the “Objective-C without the C”.

Chris Lattner: Which honestly I have mixed feelings about, because that’s really not what it’s about.

John Sundell: It’s a good tagline.

Chris Lattner: It was the right thing to say to the community at the time.

[…]

Chris Lattner: The reason it is conflicting to me is that from the beginning of the project, my goal was to build a full-stack system. It was to look at all the existing systems out there, see what’s good or bad about each of them, and then cherry-pick the best ideas from systems wherever they come from. And the goal was really to build something that you could write firmware in or that you could do scripting in, that you could write mobile apps or server apps or low-level systems code, and have it be great at all of those, not just some terrible compromise.

So that positioning was absolutely the right thing to do [at the time]. But hopefully, Swift will grow over time in kinds of what it is able to do.

Previously:

Turning Type Sideways

Jonathan Hoefler (via John Gruber):

This month, researchers made official something that typeface designers have long known: that horizontal lines appear thicker than vertical ones. At left, a square made from equally thick strokes; at right, the one that feels equally weighted, its vertical strokes nearly 7% thicker than the horizontals. This phenomenon, central to typeface design, has implications for the design of logos, interfaces, diagrams, and wayfinding systems, indeed anywhere a reader is likely to encounter a box, an arrow, or a line.

[…]

Is it possible that all of typography’s many optical illusions can be correlated with misapplied learning from our experience of the real world? So much of perception involves reflexively adjusting for the effects of context, light, or perspective, in order to make quick judgments about size, distance, color, or mass. Do we perceive round letters as shorter than flat ones because we intuitively understand something about the weight of cubes and spheres? Is it a lifetime of looking at foreshortened things above us that leads us to expect a well-balanced letterform to be smaller on top than on the bottom?

On Public Bug Trackers

Brent Simmons:

Decisions about what to work on — and when, and by whom — are complicated. From the outside it might look like it’s as simple as picking the next feature request with the most votes, but it’s not that simple.

[…]

But if you have a public bug tracker, you’d likely find that you’re having to explain your decisions all the time. You’d be constantly defending your plans to people who remind you that Feature X has all these votes, so why hasn’t it shipped yet?

Smokey Ardisson:

Sadly, this is just as true for open-source software projects as for commercial ones, but there’s no way around it in an open-source case (there are, of course, some ways to ameliorate the effects). But at least now you can point everyone to Simmons’s list of reasons why you might not be working on that thing they’re interested in, instead of having to type out the reason(s) yourself ☺︎

Customer Support for Failing App Downloads

Bruno Virlet (tweet):

On reportaproblem.apple.com, if the customer selects the option “App fails to install or won’t download”, the customer receives the suggestion to contact the app developer correctly:

If you’re having issues with this app, please contact the app’s developer directly, they may have more specific troubleshooting steps for their app. Click on the App Site button to open the developer’s support page.

Of course, this isn’t due to a bug in the app because the App Store hasn’t even downloaded it yet. Despite my selling far more software through direct downloads than through the Mac App Store, customers report more download/installation problems when using the store. Another case where the App Store reality is not what one would have predicted. It’s galling that this remains unreliable when Apple controls every aspect of the process—and then blames the developer. These are some of the worst e-mails to get. The customer is rightly upset that I’ve just taken their money, yet they can’t download the app, and there’s not a lot I can do to help them.

Previously: Apple Support Tells Customers to Ask Developer for Refund.

Tuesday, January 15, 2019

DuckDuckGo Switches to Apple Maps for Location Searches

DuckDuckGo:

We’re excited to announce that map and address-related searches on DuckDuckGo for mobile and desktop are now powered by Apple’s MapKit JS framework, giving you a valuable combination of mapping and privacy. As one of the first global companies using Apple MapKit JS, we can now offer users improved address searches, additional visual features, enhanced satellite imagery, and continually updated maps already in use on billions of Apple devices worldwide.

Dieter Bohn:

Before today, DuckDuckGo used a mix of different services to power its results: sidebars and boxes used OpenStreetMap, while asking for directions meant getting a drop-down menu with options from Bing, Here maps, and Google. DuckDuckGo says that “Apple is providing all of the maps for our new maps experience,” though it will “continue to use a variety of providers to add additional data to these results, such as a direct integration with Yelp.”

John Voorhees:

DuckDuckGo explains elsewhere on its site that it uses GEO::IP lookup to determine users’ location by default. For better results, users can grant DuckDuckGo permission to use their browser location data, in which case DuckDuckGo says searches are still anonymous because the company does not store location data on its servers.

Previously: WWDC 2018 Links.

Signal v Noise Exits Medium

David Heinemeier Hansson:

Three years ago we embraced an exciting new publishing platform called Medium. It felt like a new start for a writing community, and we benefitted immensely from the boost in reach and readership those early days brought. But alas it was not to last.

[…]

These days Medium is focused on their membership offering, though. Trying to aggregate writing from many sources and sell a broad subscription on top of that. And it’s a neat model, and it’s wonderful to see Medium try something different. But it’s not for us, and it’s not for Signal v Noise.

[…]

Traditional blogs might have swung out of favor, as we all discovered the benefits of social media and aggregating platforms, but we think they’re about to swing back in style, as we all discover the real costs and problems brought by such centralization.

David Heinemeier Hansson:

Nice bonus from leaving @medium is to finally be able to kick those fucking Facebook like buttons off our posts

Previously: Moving to Medium, Preserving Permalinks.

Save Changes Before Quitting?

Niko Kitsakis:

This “Mac-like” feeling was at the core of the classic Mac OS era. It’s what gave the Mac its legendary status and its place in history. And while the first versions of OS X broke with some conventions, things became better as OS X progressed. That is to say, until 10.7 came out and started a trend of questionable design decisions that has been continuing ever since.

But it’s not only Apple that seems to have forgotten its own roots in making good Human Interfaces, the rest of the software industry too seems strangely preoccupied with reinventing the wheel while making it worse with every iteration.

[…]

But unfortunately, these things do not only evolve, sometimes they devolve. Fast forward around 25 years to 2018 and you’ll find this in Adobe Premiere[…] No icon, no verbs and the unsafe option is right in between the safe ones.

Previously: The Lost Art of Legendary Apple UX.

Update (2019-01-17): Dave Mark:

The Mac design language was so powerful, and so widely adopted, that any app that did not follow the rules stood out like a sore thumb. Mac applications were instantly recognizable, and apps from outsiders tended to look ugly, in comparison, as those outsiders did not know the rules to follow.

Does the modern macOS and iOS app universe still hew to a common standard? Are Apple’s Human Interface Guidelines lost in the incredible complexity of application creation?

Update (2019-01-18): Niko Kitsakis:

My english language version of Photoshop tells me in german that it can’t open .psd files because they are in “Adobe Photoshop preference file format”

Announcing the FoundationDB Record Layer

FoundationDB (via Will Wilson, Hacker News):

The Record Layer stores structured data, just like a relational database. Databases managed by the Record Layer support records with fields and types, an evolving schema, complex primary and secondary indexes, and declarative query execution. The Record Layer also includes features not typically found in a traditional relational database, such as support for complex nested data types, indexes on the commit-time of records, and indexes and queries that span different types of records.

Built on top of FoundationDB, the Record Layer inherits FoundationDB’s strong ACID semantics, reliability, and performance in a distributed setting. The Record Layer also uses FoundationDB’s transactional semantics to provide features similar to a traditional relational database, but in a distributed setting. For example, the Record Layer’s secondary indexes are maintained transactionally, so they’re always up-to-date with the latest changes to the data. Transactions reduce the number of bugs in application code and greatly simplify application development.

[…]

Together, the Record Layer and FoundationDB form the backbone of Apple’s CloudKit. We wrote a paper describing how we built the Record Layer to run at massive scale and how CloudKit uses it. Today, you can read the preprint to learn more.

Previously: Apple Open Sources FoundationDB, Exploring the New iWork File Formats, Swift Protobuf.

Monday, January 14, 2019

AWS, MongoDB, and the Economic Realities of Open Source

Ben Thompson:

Basically, MongoDB sells three things on top of its open source database server:

  • Additional tools for enterprise companies to implement MongoDB
  • A hosted service for smaller companies to use MongoDB
  • Legal certainty

[…]

This leaves MongoDB Inc. not unlike the record companies after the advent of downloads: what they sold was not software but rather the tools that made that software usable, but those tools are increasingly obsolete as computing moves to the cloud. And now AWS is selling what enterprises really want.

Worse, because AWS doesn’t have access to MongoDB (it is only matching the API) it only supports MongoDB 3.6; the current version is 4.0.5.

[…]

This tradeoff is inescapable, and it is fair to wonder if the golden age of VC-funded open source companies will start to fade (although not open source generally). The monetization model depends on the friction of on-premise software; once cloud computing is dominant, the economic model is much more challenging.

Update (2019-01-23): Exponent:

Ben and James discuss open source in a cloud world, how enterprise value chains have changed, and AWS versus Microsoft.

Update (2019-02-14): Bryan Cantrill:

So those are the two cases, and they are both essentially bad for the open source project. Now, one may notice that there is a choice missing, and for those open source companies that still harbor magical beliefs, let me put this to you as directly as possible: cloud services providers are emphatically not going to license your proprietary software. I mean, you knew that, right? The whole premise with your proprietary license is that you are finding that there is no way to compete with the operational dominance of the cloud services providers; did you really believe that those same dominant cloud services providers can’t simply reimplement your LDAP integration or whatever? The cloud services providers are currently reproprietarizing all of computing — they are making their own CPUs for crying out loud! — reimplementing the bits of your software that they need in the name of the service that their customers want (and will pay for!) won’t even move the needle in terms of their effort.

[…]

As part of their quest for a business model, these companies should read Adam Jacob’s excellent blog entry on sustainable free and open source communities. Adam sees what I see (and Stephen O’Grady sees and Roman Shaposhnik sees), and he has taken a really positive action by starting the Sustainable Free and Open Source Communities project.

GoDaddy JavaScript Injection

Igor Kromin (via Hacker News):

The technology that’s in use here is called Real User Metrics and GoDaddy has a page about it here - Why am I signed up for Real User Metrics?. If you happen to be a customer in US (which I am not but the website is hosted in a US data centre) then you are automatically opted into this service and all your website’s pages will have this JavaScript injected into them.

[…]

The worst part of it is GoDaddy, in their help article, admits that this could slow down or break your site! So much for a tool that is designed to improve performance and reliability!

It sounds like this only happens if you use GoDaddy as a Web host, rather than just for DNS.

The Lost Art of Legendary Apple UX

Marcin Krzyżanowski:

iPhone X in my case is not compatible with the website of the company that iPhone business is like what… 80% of revenue?

I recorded my annoyance: the bottom part of the website covers the part where “Accept” button is located. Also, scrolling is very hard (unlike iPhone scrolling at all).

Fun part: the website suggest to open App Store Connect, yea right!

[…]

The form has some fields that I don’t understand, and error messages mention fields that are missing (find SWIFT code field mentioned in the error message).

Update (2019-01-15): Brian:

I just had that same iTunes connect issue with an internal TestFlight link at my work. The kicker was after I couldn’t accept the new T&C on my iPhone, I tried on my PC and the link had expired because I’d already redeemed it.

Closing Down Coriolis Systems

Alastair Houghton:

The shift to APFS and the continuing lock down of the platform have meant that our existing products have become obsolete and their sales have declined to a trickle. Perhaps, if the full APFS documentation had been released somewhat before users’ machines were converted over to it, things might be different — though even then I’m not sure Apple’s current focus on security is conducive to a viable market for third-party utility software, solid state storage really doesn’t require defragmenting in 99% of cases and in all likelihood the Mac line will at some point shift to ARM at which point you won’t be able to run Windows on it except through emulation, which will substantially reduce the market for partitioning tools also.

Aura, our AC-3 compatible real-time encoder, doesn’t sell in any volume, and right now Coriolis isn’t covering its costs.

Previously: iDefrag and iPartition Discontinued.

Aliases, Hard Links, Symlinks, and Copies in Mojave’s APFS

Howard Oakley:

There are now five different types of copy/clone/alias/link: the regular copy, APFS clone (copy on write clone), symbolic link (symlink), hard link, and Finder alias. I’ll tackle them in that order.

Howard Oakley:

Bookmarks are a generalisation of Aliases which allow variants, including those saved as files, both the Finder Alias and alisma’s Bookmarks, which are similar but not identical. Bookmarks have been used extensively internally in macOS and applications since at least Mavericks 10.9 in 2013. They’re now used in a lot of preference files and other places, particularly by Launch Services in its SharedFileList files stored in ~/Library/Application Support/com.apple.sharedfilelist.

[…]

The remaining issue with Bookmarks and Aliases is that they cannot ordinarily be resolved at the command line or in scripts. My free tool alisma should be a help, as it can return the absolute path from a Bookmark file or Alias.

Howard Oakley:

Here are a couple of tables which summarise the most important features of different types of copies, clones, links and aliases used in Mojave running on APFS (with a little reference to HFS+ too).

Howard Oakley:

The bug occurs if you select a Finder Alias to a missing folder in a window set in Column view. After an initial pause of a few seconds, the spinning beachball appears, and the only way to regain access to the Finder is to press Command-Option-Escape, then select Finder and restart it.

Howard Oakley:

One of the claimed advantages of Finder Aliases, and their parent Bookmarks, is their robustness in the face of change. Because they can use both an absolute path and the unique inode number to resolve the location of the item to which they point, they should be much more reliable than symbolic links, and easier to use than hard links. Indeed, since System 7 in 1991, they have been the only form of link which can be created in the GUI of Mac OS and macOS, the others requiring command line access.

[…]

When studying the contents of orphaned Finder Aliases and Bookmarks, whose original items had been removed, I noticed that some contained paths not to the original location of the item, but to it after it had been placed in the Trash, but others had retained the original location instead. A little further experimentation confirmed an interesting aspect of their behaviour: resolving an Alias or Bookmark will cause its saved paths to be updated if they have changed.

[…]

Given the information stored in an Alias about the file or folder to which it points, this is perhaps not surprising: the resolver has a lot more to work with than just the path, volume and inode number, and does appear to use that additional information to ensure that, most of the time, the link between the alias and original will work, and it won’t be fobbed off by another item posing as the original.

Howard Oakley:

QuickLook previews in other places, such as the Open File dialog, don’t appear to use the cache, though. At the same time that QuickLook was offering that thumbnail in the Finder, the preview offered in an Open File dialog was that for the imposter file which had replaced the original.

This may be related to the fact that when the resolver updates the contents of an Alias, that change isn’t readily detected by anything calling the resolver. There thus doesn’t appear to be a simple way for QuickLook to tell whether its cached data need to be refreshed because the item to which the Alias points has changed. It’s a subtlety which produces amusing demonstrations, but is of little importance to Mac users.

Howard Oakley:

The new features in this version of Precize which make this possible include separating the analysis of Alias contents from resolving them. There’s also a checkbox to avoid changing the Alias data when resolving it: although this shouldn’t make any difference, as it is working on extracted data from the Alias and not the Alias itself, I offer it as an option.

Previously: BookmarkData Exposed.

At the instigation of Thomas Tempelmann, I now offer you a free tool to check and refresh your Finder Aliases: Alifix. Those which it finds are now broken beyond automatic repair it lists, and if you want it will save an adjacent text file in which all the internal data from the Alias is decoded and displayed, so you can decide what to do with it.

Howard Oakley:

The only totally reliable method which I have discovered for forcing the Alias data to be updated is to resolve it into fresh Bookmark data, then write that Bookmark out as new data to the original Alias file, using the sequence

let theNewBMData = try URL.bookmarkData(options: [URL.BookmarkCreationOptions.suitableForBookmarkFile], includingResourceValuesForKeys: nil, relativeTo: nil)
try URL.writeBookmarkData(theNewBMData, to:)

Friday, January 11, 2019

Strangers Watching Ring Security Cameras

Sam Biddle:

But for some who’ve welcomed in Amazon’s Ring security cameras, there have been more than just algorithms watching through the lens, according to sources alarmed by Ring’s dismal privacy practices.

[…]

Despite its mission to keep people and their property secure, the company’s treatment of customer video feeds has been anything but, people familiar with the company’s practices told The Intercept. Beginning in 2016, according to one source, Ring provided its Ukraine-based research and development team virtually unfettered access to a folder on Amazon’s S3 cloud storage service that contained every video created by every Ring camera around the world. This would amount to an enormous list of highly sensitive files that could be easily browsed and viewed. Downloading and sharing these customer video files would have required little more than a click.

[…]

At the same time, the source said, Ring unnecessarily provided executives and engineers in the U.S. with highly privileged access to the company’s technical support video portal, allowing unfiltered, round-the-clock live feeds from some customer cameras, regardless of whether they needed access to this extremely sensitive data to do their jobs.

See also: Nick Heer, MacRumors.

Previously: Nest Cam Waking in the Night.

Hacking With Private APIs on iPad

Guilherme Rambo:

The best development environment to work with private APIs is still Xcode on the Mac, but there’s a lot that can be done on iOS, especially the iPad. Of the three options shown in this article, it is hard to name a favorite because each one has advantages and disadvantages, but the one I’ve been using the most, especially because of its flexibility and integration with Shortcuts, is JSBox.

iOS Games Found Talking to Golduck Malware C&C Servers

Sergiu Gatlan:

Even though Apple has always been especially proud of its App Store app review process, it seems that some apps which are not exactly malicious but do exhibit risky behavior escape its review team’s scrutiny occasionally.

This is the case of over a dozen iOS applications found in Apple’s App Store which were observed while transferring data to command-and-control servers known to have been used by the Android Golduck Loader.

Jennifer Valentino-DeVries and Natasha Singer:

The Weather Channel app deceptively collected, shared and profited from the location information of millions of American consumers, the city attorney of Los Angeles said in a lawsuit filed on Thursday.

[…]

The government said the Weather Company, the business behind the app, unfairly manipulated users into turning on location tracking by implying that the information would be used only to localize weather reports. Yet the company, which is owned by IBM, also used the data for unrelated commercial purposes, like targeted marketing and analysis for hedge funds, according to the lawsuit.

Via Andrew Pontious:

It should also get them kicked out of the App Store, if Apple is committed to evenhandedness and fairness.

Previously: How to Game the App Store.

App Discovery, Downloading, and Purchasing

Ben Bajarin:

In collaboration with a few indie app developers, we ran a study looking to see how consumers discover, decide on which app to download, and some underlying economics around the app ecosystem. This study had respondents from the US and key parts of Europe. In total, 908 consumers participated in this study.

Reviews and price are very important. Most customers did not feel tricked into paying for IAPs or subscriptions. More than 40% of iOS customers had only three or fewer paid apps.

Wednesday, January 9, 2019

Google Assistant Coming to Google Maps for iOS

Dieter Bohn (MacRumors):

Manuel Bronstein, VP of product for Google Assistant, made the case that Google is building an entire ecosystem for Assistant that’s akin to the ecosystem it’s built for Android. It’s a platform play, basically, just like Alexa. And Google wants to ensure it’s everywhere.

[…]

Beyond Android Auto, partners like Anker are making little lighter plug-ins that work with Google Assistant. A bigger deal, though, is that Google is going to bake Google Assistant into Google Maps. It may not be able to convince iPhone users to install the Google Assistant app, but it has a huge install base for Maps. Google says that Assistant in Maps will let you “share your ETA with friends and family, reply to text messages, play music and podcasts, and get information hands free.”

Elgato Thunderbolt 3 Pro Dock

Joe Rossignol:

The dock is equipped with two USB-C ports with transfer speeds up to 10Gb/s, two USB-A ports with transfer speeds up to 5 Gb/s, two Thunderbolt 3 ports with transfer speeds up to 40 Gb/s, one DisplayPort 1.2, one Gigabit Ethernet port, a 3.5mm headphone jack and audio output, and SD and microSD card readers.

Marco Arment:

Finally! Someone has made a 1-to-4 USB-C hub!

Except it costs as much as an iPad. And has a bunch of other stuff you may not need. And it won’t work with the 12-inch MacBook or iPad Pro — it’s Thunderbolt-only.

Previously: The Impossible Dream of USB-C.

Adding a Command Line Tool Helper to a Mac App Store App

Timo Perfitt:

During testing, the command line tool continually crashed with a “Illegal Instruction: 4” both in the app and when I ran the tool outside the app on the command line. Turning off code signing (or not signing the app) make the issue go way, but code signing is required for submitting to the Mac App Store.

[…]

Long and short of it:

  1. The command line tool must have a Mach-O load command for LC_VERSION_MIN_MACOSX. It can be set using the GCC flag “-mmacosx-version-min=10.12” (change 10.12 to what makes sense).
  2. Command line tools must be signed with an entitlement that has exactly 2 rules: sandbox and inherit. It can be set with the codesign command. All other rules are inherited from the main app and should be set there.
  3. Pretty sure that the command line tool must be in the MacOS folder or a perhaps a folder named “Helpers”. I put mine in the Executables folder in a Copy Files build phase[…]

The exception is if your app has a command-line tool that is meant to be invoked by the user. Then the “inherit” entitlement would get in the way because it’s not being run from your app.

The Toxic Fragility of Siri Shortcuts

Gabe Weatherhead:

I love both of these Shortcuts because I can use a simple voice command to trigger them and they make my life a tiny bit better. Well, they did until a couple of weeks ago.

[…]

Without predictable outcomes from Siri Shortcuts it might as well not exist. It’s not helpful to issue a command that worked yesterday and get a joke response back today. If I wanted that, I’d ask my kid to do it.

Via Nicholas Riley:

Very surprised this doesn’t get more press. Siri shortcuts reliability, like Siri overall, is so bad that I can’t rely on it.

Update (2019-01-11): Dave Verwer:

I hadn’t seen this until I was just catching up with @mjtsai’s blog, but this tweet thread from me sounds like the same bug.

I know it’s not good enough, but deleting the shortcut and recreating it with the same phrase does work.

No NVIDIA Drivers for Mojave

NVIDIA:

Developers using Macs with NVIDIA graphics cards are reporting that after upgrading from 10.13 to 10.14 (Mojave) they are experiencing rendering regressions and slow performance.

Apple fully controls drivers for Mac OS. Unfortunately, NVIDIA currently cannot release a driver unless it is approved by Apple.

Marco Chiappetta (via Hacker News, MacRumors):

And when Apple pushed macOS 10.14 out the door, it appears suspended support for some discrete NVIDIA GPUs. According to Apple’s website, only two aging “Mac Edition” discrete NVIDIA GPUs, the Quadro K5000 and GeForce GTX 680, are officially supported. Pre-Mojave though, many users had turned to newer, more powerful NVIDIA discrete GPUs based on the company’s Pascal architecture for workloads that can benefit from NVIDIA’s CUDA parallel computing platform and other proprietary development tools.

[…]

In the post, Diamond tags Jarred Land, a producer that also happens to be the president of RED Digital Cinema, who himself is an NVIDIA user. In fact, Land has a post on his wall showing a GeForce RTX Titan decoding 8K video in real-time at 23.98 frames per second, out to a Sharp 8K UHD TV. “Not allowing NVIDIA to put out drivers for OSX 10.14 hurts my business. We depend on NVIDIA drivers to keep our Macs flying through apps like Creative Cloud, Resolve and RED Workflows. We NEED these drivers to keep our pipelines from impacting our clients.”, said Jason.

Colin Cornaby:

I don’t really like Nvidia. But I’m tried of Apple making life difficult for GPU makers. eGPU was a great step. But now Apple is now strangling adopting by restricting GPU drivers. Apple should allow Nvidia to release their Mojave drivers, and ideally make the driver layer public

Previously: Removed in macOS 10.14 Mojave.

Update (2019-01-11): Isaiah Carew:

i gave up hope and gave my very nice 5K capable Nvidia 1080 card to my kids’ VR PC.

it’s tough to invest in a platform where the maintainer’s capricious decisions often cost you a thousand bucks.

Update (2019-03-11): See also: Accidental Tech Podcast.

Tuesday, January 8, 2019

Overcast Premium Improvements

Overcast:

Two big improvements for Overcast Premium, which lets you upload your own audio files (DRM-free audiobooks, lectures, draft podcasts, etc.) at https://overcast.fm/uploads and listen in your Overcast app:

  • More space: up from 2 GB to 10 GB
  • Multi-select file uploads! Finally!

Environmentally-Lit User Interface

Bob Burrough:

I’ve been working on an environmentally-lit user interface. It’s lit by the lighting around you rather than some arbitrary light source (or just blinding white).

Bob Burrough:

An environmentally-lit interface takes information from the environment around the device and uses it to render physically-accurate things on the screen. It appears as if the lights around you are shining on the things on the screen. If the lighting in your room is bright, then the things on your screen are brightly lit. They can even take on complex characteristics like mother-of-pearl or opal.

Now, this doesn’t mean you have to hold a flashlight over your phone to read the web in bed. What it means is designers are empowered to use the design language of the physical world to design their interfaces. Gloss, glitter, glow-in-the-dark, or any other visual quality may be used. In the case of reading a website in a darkened room, the web designer may apply elegant backlighting or glow-in-the-dark treatments to maintain legibility. This is far superior to today’s method of making your phone act like a spotlight that shines in your face.

This is really cool.

Bob Burrough:

Flat design results in higher cognitive load.

Dave Smith:

Burrough’s “Project Erasmus” is a user-interface (UI) implementation that uses the lighting in your immediate environment to light, shade, and reflect on the software elements in the device. The result is an incredible, immersive visual effect that would make you want to use your phone even more (as if that’s possible).

Andrew Orr:

For example, software toggles and menu bars develop drop shadows and highlights based on light sources in the room. He does this by attaching an Olloclip wide angle lens to capture the light, then the software renders that light as a scene. This is real-time rendering and it makes elements on the screen appear as physical objects.

See also: TMO Daily Observations.

The iOS Menu

Simon (tweet, Hacker News):

I realised six months ago as I was using my Mac, using the menus, that I need these things — menus — in Codea. I was trying to solve a problem that has been solved for decades.

So I set out to make the best menus I could make for iOS.

[…]

Compared to all the options I considered, menus are exactly that, discoverable. You pull down a list of named features complete with shortcut keys (if a keyboard is attached). Then you activate that feature by tapping on it, or by dragging your finger and releasing.

Hamburger menus, side-drawers, whatever you want to call them, are a conventional way to bury additional and often unrelated functionality into an app. But they are much heavier than the good old-fashioned menu bar. They often pull out a whole modal side-thingy, maybe they slide all your content to the right. It’s a context switch for your brain.

iOS really needs something like this. I get that Apple didn’t want to bring over everything from the Mac’s design. But, as with some other features, I feel like they’ve had their chance to show us a better way and haven’t delivered. So they may as well reinvent the wheel.

Previously: Proof That iOS Still Hasn’t Gotten Undo Right, Make the iPad More Like the Mac, Great Alternatives to Hamburger Menus.

Update (2019-01-11): Simon:

In this post I’m going to walk you through all the other details that make this work.

John Gruber:

What they’re doing here with Codea isn’t just putting the Mac menu bar on iOS. They’ve designed and built a very iOS-looking take on a menu bar, deeply informed by the aspects of the Mac menu bar that do work on a touch screen. Something like this is desperately needed as a standard interface element on iPad, and I think could work on iPhone too.

Riccardo Mori:

Speaking of iOS apps with menus, the first instance I remember seeing was TaskPaper on iOS 6. I still use this app, by the way.

Solution for Time Machine “Error While Restoring From the Backup”

Harry Fear (via Maxwell Swadling):

A few hours into the restore (about three-quarters of the way through the data transfer) the restoration would always fail with “An error occurred while restoring from the backup.”

[…]

Initially I needed a Finder and Terminal window so I had to setup the new Mac as new with no user data so I could fully access the Time Machine backup to apply the fix. Then I connected the backup to the Mac.

[…]

Then I had to delete the problematic folder that was identified in the log[…]

[…]

Then go back into Recovery mode on the Mac and reattempt to restore from the modified backup.

iCloud Leader Leaves Apple

Kevin McLaughlin (MacRumors):

Patrick Gates, an Apple senior director of engineering who led development of iCloud, FaceTime, and iMessage during nearly 14 years at the company, has left to join a stealth startup founded by two other former Apple employees. The startup, called Humane, announced Mr. Gates had joined as chief technology officer on Dec. 19.

Mr. Gates, who worked in an organization led by Internet services chief Eddy Cue, oversaw a project in 2015 that aimed to unify Apple products like iCloud and iTunes in a single cloud platform. But the effort was delayed by friction with another Apple group led by former engineering executive Eric Billingsley, who left the company last October.

Humane, co-founded by former Apple directors Imran Chaudhri and Bethany Bongiorno, is working on products that focus on “the next shift between humans and computing,” according to a note on its website.

Amir Efrati and Steve Nellis (in 2016):

Political infighting within Apple’s engineering ranks is holding back the company’s efforts to fix technical problems that have plagued iCloud and iTunes, say people with direct knowledge of the situation.

Two engineering teams working on new internal cloud-computing infrastructure to power Apple’s Web services are in open conflict, the people say. Already, the infighting has sparked at least one key employee departure, with more expected soon.

Via Dan Masters:

Noteworthy that repeated reports of dysfunction and infighting (culminating in both Apple cloud managers leaving within months of each other) aligned with personal experience of other employees as well[…]

Katharine Schwab:

Chaudhri left Apple in 2017, after spending almost two decades designing interfaces for the iPod, iPad, Apple Watch, and Apple TV as well as the iPhone, to pursue a still-under-wraps company of his own. I recently sat down with him to talk about his time at Apple, and had the chance to ask him how he views his legacy now that the downsides of smartphones have come into focus. He cited the challenges of working as a designer at a giant corporation, where his personal ethics didn’t always align with decision-making[…]

Previously: Inside the World of Eddy Cue, Apple’s Services Chief.

Monday, January 7, 2019

GitHub Now Offers Unlimited Free Private Repos

GitHub (Hacker News):

GitHub Free now includes unlimited private repositories. For the first time, developers can use GitHub for their private projects with up to three collaborators per repository for free. Many developers want to use private repos to apply for a job, work on a side project, or try something out in private before releasing it publicly. Starting today, those scenarios, and many more, are possible on GitHub at no cost. Public repositories are still free (of course—no changes there) and include unlimited collaborators.

Update (2019-01-08): Paulo Andrade:

So Microsoft bought HockeyApp and are doing a pretty good job so far of turning it into @VSAppCenter. Then they bought @github and added free private repos. At this rate it looks like I’ll be coding Swift in @code soon

My question is:

What’s Apple doing with @buddybuild?

Previously: App Center Will Take It From Here, Apple Acquires Buddybuild.

iTunes Video and AirPlay on Samsung TVs

Eric Slivka:

Samsung today announced that it has worked with Apple to integrate iTunes movies and TV shows, as well as AirPlay 2 support, into its latest smart TVs. The features will roll out to 2018 models via a firmware update this spring and will be included on new 2019 models. iTunes movie and TV show access will come via a new dedicated app for Samsung’s TV platform, available in over 100 countries.

Eric Slivka:

- Apple says “leading TV manufacturers” will be including AirPlay 2 support in their TVs, indicating that this initiative will not be a Samsung exclusive. Apple has not, however, announced additional TV partners or a timeline for when AirPlay 2 will come to these other brands. Samsung’s support is rolling out in a firmware update for 2018 TVs and built into 2019 models “beginning this spring.”

- AirPlay 2-enabled TVs will act just like any other AirPlay 2 speaker, meaning you can send many different types of audio from an iOS device or your Mac to your TV. Music being sent to your TV via AirPlay 2 can also be synced with other AirPlay 2 speakers.

Great news. I’d been hoping they’d do this for a long time. It makes my purchased content seem more secure, given that I’ve had problems with the old Apple TV hardware and don’t want to buy a new Apple TV. Less reason to make the big jump to Amazon and fragment my library.

Benjamin Mayo:

In other words, Samsung TVs will be able to watch 4K iTunes content before Macs can.

Ryan Jones:

Hm, so are cross-platform Services the entry drug to Apple or the ecosystem around iPhone? I’m not sure.

But it is hard to imagine Music and TV competing well against Spotify, Netflix, YouTube TV without a native advantage.

Ryan Jones:

They just aren’t built for any of this. Really really feels like spreadsheet growth-hunting.

Josh Centers:

Everyone says I’m wrong here, but Samsung won’t be the last smart TV platform to get iTunes. And once it’s as universal as Amazon Video, you’d be crazy to drop $180 on an Apple TV.

Mitchel Broussard (in 2016):

HTC announced its new smartphone, the HTC 10, revealing that the Android device will have the ability to wirelessly play audio through devices and speakers that support streaming via Apple’s AirPlay feature (via SlashGear).

Previously: Cultural Insularity and Apple TV, Movies Anywhere, Amazon Offering Apple Products.

Update (2019-01-08): Colin Cornaby:

Still don’t understand why Apple doesn’t offer a built in option for a Mac to become an AirPlay 2 target.

Nilay Patel:

Apple tells me that no smart TV content tracking is allowed on AirPlay 2 streams on Vizio and LG TVs, in addition to preventing Samsung from tracking the iTunes app. Sounds like they pushed this policy with the industry, good for them

The wacky part is Apple can’t prevent TV makers from content tracking on HDMI inputs, so a smart TV can track what you watch on an Apple TV!

Joe Rossignol:

A few days ago, Apple announced that AirPlay 2–enabled smart TVs are coming soon from leading manufacturers, and we’ve since seen a series of announcements from Samsung, LG, Sony, and Vizio at CES 2019.

Update (2019-01-09): Benjamin Mayo:

This is great for everyone.

[…]

If Apple had licensed AirPlay video more liberally from the get-go, every TV screen and projector would have it built in already. No need to buy a $100+ peripheral. No need to switch to the Apple TV input. No setup needed.

I am so pleased that Apple has changed their stance here. These partnerships bind Apple customers more closely to the iPhones, iPads and Macs they already own, and improve customer satisfaction and loyalty rates. It will take time for the number of AirPlay 2-enabled TVs sold to be meaningful, but in the course of time, it will be commonplace.

Rene Ritchie:

I’m keeping my Apple TV until Eddy Cue pries it from my Hulk hands.

tvOS interface is much better for me than any of the smartTV stuff, and I trust it to have better updates faster, be more secure and private, and I dream of apps taking off one day. So help me. LOL.

Kirk McElhearn:

Hell is freezing over for Apple because the company has finally accepted that it cannot make enough money from its video offerings just with Apple devices (ie, the iPhone, iPad, and Apple TV). This also suggests that the Apple TV has seen its last iteration. If Apple can put the same apps on any smart TV – which is, of course, not complicated – why have a separate device?

Lee Bennett:

Coz Apple TV provides an app experience not available anywhere else! Long Live Apple TV!

Nick Heer:

But I am not sure that necessarily leads to the end of the Apple TV. I don’t see the company abandoning dedicated hardware just because it has a services business, even for a presently lower-priority product like the Apple TV. It seems to me that it’s more likely that Apple’s TV product may morph to become a full television that they have complete control over. Why not? Most televisions look awfully cheap and are privacy nightmares.

Update (2019-01-11): Josh Centers:

The HomeKit story is a bit more interesting: supported TVs will become HomeKit devices, and as such, you’ll be able to turn them on and off or change their inputs with Siri or Apple’s Home app. You’ll also be able to create HomeKit scenes with actions to control these TVs.

[…]

What’s curious is how only Samsung gets iTunes Movies and TV Shows, but Samsung is the only vendor not providing HomeKit support. Despite that confusion, these announcements may be great news for Apple users who own or plan to buy a supported TV set, but what does it mean for the rest of us, and for Apple’s TV plans going forward?

Update (2020-02-04): Sam Byford:

LG has made the Apple TV app available on a variety of its 2019 smart TVs as promised, according to a press release from the company. The app will be on TVs in more than 80 countries and gives users access to Apple’s new Apple TV+ video subscription service as well as the ability to rent or buy movies from iTunes.

Why Doesn’t JSONEncoder Conform to the Encoder Protocol?

Kaitlin Mahar:

Inspecting the source code for JSONEncoder, we see it’s a open type that internally uses a private type _JSONEncoder, which does conform to Encoder.

[…]

But why were they designed that way? Why not just make JSONEncoder an Encoder too?

In short, the answer is that they provide very different APIs. The JSONEncoder API is designed to provide a single, simple entry point into encoding, and the Encoder protocol provides a completely different API for customizing how types are encoded.

This makes sense, though it’s kind of odd that the facade and the protocol for the private types both use the same word (Encoder/Decoder). Cocoa distinguishes between NSArchiver/NSUnarchiver, which you use directly, and NSCoder, which is passed to you. Although, that’s also a bit messy because the archivers are subclasses of NSCoder, and so all the other methods are still there.

Swift Import Declarations

Mattt Thompson:

Import declarations have a form that can specify individual structures, classes, enumerations, protocols, and type aliases as well as functions, constants, and variables declared at the top-level:

import <#kind#> <#module.symbol#>

Here, kind can be any of the following keywords[…]

[…]

In practice, isolating imported declarations and submodules doesn’t confer any real benefit beyond signaling programmer intent. Your code won’t compile any faster doing it this way. And since most submodules seem to re-import their umbrella header, this approach won’t do anything to reduce noise in autocomplete lists.

If you gave up after finding that import Module.Class doesn’t work, you actually can do it with import class Module.Class.

When to Use dispatch_async()

Pierre Habouzit:

Re the last discussions, dispatch_async() can be used for 3 different things:

(1) asynchronous state machines (onto the same queue hierarchy), which is a way to address C10k and is fast

[…]

(2) getting concurrency (a better pthread_create())

(3) parallelism (dispatch_apply()

[…]

(1) provided you use dispatch_async_f for the shortest things to avoid allocating blocks, dispatch is fast, and it’s great almost whatever the size of your workitem (assuming you do something meaningful).

(2-3) is way tricker than it looks:

your workitem needs to represent enough work (100µs at the very least, 1ms is best)

your workitems if running concurrently need not to contend, else your perf sinks dramatically.

Contention takes many forms.

[…]

As we presented in WWDC’17: go serial first, and as you find performance bottle necks, measure why, and if concurrency helps, apply with care, always validating under system pressure (such as iOS low power mode to name one).

We have repeatedly measured that inefficient concurrency is commonly a 2x cost in time to completion.

It is not a 2x cost in instructions count though, it’s just that concurrency kills your IPC rate and you spend a lot of time just waiting.

Lastly be very careful with micro benchmarks: calling your code 1M times in a loop makes the CPU ridiculously better at running it and while improving micro benchmarks is good, you should always have a macro benchmark to validate that it's a good idea.

David Smith:

What I’m getting at is that we’ve been discovering that the inherent costs of multithreading are a lot higher than they look in microbenchmarks (because microbenches hide cache effects and keep thread pools hot). A lot of iOS 12 perf wins were from daemons going single-threaded.

See also: Modernizing Grand Central Dispatch Usage.

Smartphone Facial Recognition Test

Catalin Cimpanu:

The study, carried by Consumentenbond and its international partners, found that holding up a photo of the phone’s owner is enough to unlock 42 of the tested smartphones.

Any photo will do, such as ones obtained from social media, CCTV footage, or other means.

[…]

According to Consumentenbond, models from Asus, BlackBerry, Huawei, Lenovo, LG, Nokia, Samsung, Sony, and Xiaomi failed such tests.

Apple devices, known for their strong facial recognition feature, survived the tests with their reputation intact, as expected.

The failing Samsung phones were from the cheaper A series; the S series passed, as did other HTC, Huawei, and Lenovo phones.

Friday, January 4, 2019

Mac App Store Links Prompt to Review

Jeff Johnson found that, on macOS 10.14, if you follow a Mac App Store URL that contains an affiliate token, the store will try to have you review the app. I am seeing this as well, and it’s especially annoying in the common case of an app you’ve never seen before, because then you get an alert window telling you, the dumb user, that you can’t review apps you don’t own.

It was easy for me to fix my own links to the store, since they all go through an Apache redirect. The affiliate tokens are now useless, anyway. But I can’t do anything about links that other sites have posted.

Previously: Apple Removes Apps From Their Affiliate Program, Is There Hope for the Mac App Store?.

Still funny™: all the app store links vended by appstore connect and placed by devs on their page that link directly to a review and always alert you on click that you haven’t bought the app yet to comment. #sadface

Mojave’s rsync From the Days of Tiger

Florian Dejako:

macOS Mojave from today still includes rsync 2.6.9 from 12 years ago. rsync 3.1.3 from 2018 is available with numerous improvements.

I guess this is probably a licensing issue, since rsync uses the GPL 3. But what is Apple’s long-term plan here? Continuing to ship progressively more out-of-date Unix tools? Is there no way a company with its resources could resolve the patents issue, if that is in fact the sticking point? Or find a technical solution?

Sivan Michaeli-Roimi:

The GPLv3 contains an explicit patent license, according to which people who license a program under the GPL license both copyrights as well as patents to the extent that this is necessary to use the code licensed by them. A comprehensive patent license is not thereby granted. Furthermore, the new patent clause attempts to protect the user from the consequences of agreements between patent owners and licensees of the GPL that only benefit some of the licensees (corresponding to the Microsoft/Novell deal). The licensees are required to ensure that every user enjoys such advantages (patent license or release from claims), or that no one can profit from them.

Previously: An Aging Collection of Unix Tools.

New MoneyWell Developer

MoneyWell:

MoneyWell has been taken over by Diligent Robot. We’re huge fans of MoneyWell and have been for many years, so when we heard that it had been a little neglected and needed some love, we jumped at the chance.

MoneyWell:

We would love to hear from you if you still use MoneyWell, have recently stopped or stopped long ago. What do/did you love? What needs/needed improving?

MoneyWell:

We know it’s going to take some time to regain your trust, but we hope we can return MoneyWell to its former glory.

The previous developer kept the app working, but I got worried when it started crashing for me last month and I realized that it hadn’t been updated in over a year.

I had not heard of Diligent Robot; they seem to be a small iOS consulting company. Alas, my crash logs are useless to them because the current shipping build is stripped, and they don’t have its symbols.

Previously: The Future of No Thirst Software.

Update (2019-01-18): Diligent Robot:

Our top priorities are initially: to restore syncing, fix up lots of other bugs, and to ensure compatibility with the latest devices and versions of macOS and iOS which have been released.

We’ll also be going through the large backlog of support requests and reaching out to anyone that’s contacted support who never got a reply. It’s going to take us a while to get through them all, so we hope you’ll bear with us.

They’ve already shipped 3.0.7 and 3.0.8 updates.

Throwing Storage at the Problem

Andy Ihnatko:

Someday, you’re going to spot on online deal for an external drive at a time when you happen to be flush with cash and with no financial perils on the horizon. You should buy that drive. When it arrives, stick it in a closet. Don’t even open the box.

Why? Because having a fresh, empty drive empowers so many solutions to PC problems.

Fully endorsed: you should have an extra drive—not one you are relying on for backups—that you have no hesitation in erasing so that you can use it to solve whatever problem crops up. But don’t leave it unopened. First, you want to make sure that it works, didn’t come with bad sectors, etc. Second, you can periodically prime it with a clone your boot drive. Depending on your emergency need, you can always quickly erase it if necessary. But if it turns out that you need to use it as a replacement boot drive, having even a month-old clone means you’re just a quick SuperDuper Smart Update away from being back in business.

Option 2: Skip the stopgap solution and replace the internal SSD straight away. This would have been the obvious answer if this were any other $2000 laptop. Alas, I am blessed with an Apple product. This blessing is accompanied by the unavailability of standard upgrade and replacement components.

How I miss that iBook (Dual USB), where you could literally swap in your backup drive.

Tuesday, January 1, 2019

IINA 1.0

IINA (via Martin Pittenauer):

IINA is born to be a modern macOS application, from its framework to the user interface. It adopts the post-Yosemite design language of macOS and keeps up the pace of new technologies like Force Touch, Touch Bar, and Picture-in-Picture.

[…]

Powered by the open source media player mpv, IINA can play almost every media file you have. With the support of youtube-dl and our browser extensions, you can also play a variety of online streams in IINA via one click.

[…]

Written in the Swift programming language, IINA is free and open-sourced under the GPLv3 license.

React.js and Cocoa Side by Side

Marcel Weiher:

Fortunately, the React.js team was so kind as to put their basic ideas in writing: React - Basic Theoretical Concepts (also discussed on HN). So I had a look and after a bit of reading decided it would be useful to do a side-by-side comparison with equivalents of those concepts in Cocoa as far as I understand them.

[…]

[React:] Calling the same function over and over again is wasteful if we know that the function is pure. We can create a memoized version of a function that keeps track of the last argument and last result. That way we don’t have to reexecute it if we keep using the same value.

[Cocoa:] First, we did not start with the obviously incorrect premise that the UI is a simple “pure” function of the model. Except for games, UIs are actually very stable, more stable than the model. You have chrome, viewers, tools etc. What is a (somewhat) pure mapping from the model is the data that is displayed in the UI, but not the entire UI.

So if we don’t make the incorrect assumption that UIs are unstable (pure functions of model), then we don’t have to expend additional and fragile effort to re-create that necessary stability.

[…]

Last not least, it’s probably not entirely coincidental that this idea was hatched for Facebook and Instagram feed applications. Similar to games, these sorts of apps have displays that really are determined mostly by their “model”, the stream of data coming from their feed. I am not convinced that feed application generalizes well to application.

Splitting a Swift Sequence Into Head and Tail

Ole Begemann:

One possible solution is to create an iterator to read in the first element, and then wrap the current iterator state in a new AnySequence instance[…] This code works, but it’s not a nice generic solution, especially for types that also conform to Collection. Wrapping the tail in an AnySequence is a big performance killer, and you can’t use the affordances of a collection’s proper SubSequence type.

[…]

Dennis’s trick is to call Sequence.drop(while:), which preserves the SubSequence type for the tail, and then “catch” the first element inside the drop(while:) predicate closure using a captured local variable. Nicely done!

[…]

The code above targets Swift 4.2. It will break in Swift 5 because sequences will no longer have an associated SubSequence type, only collections (Swift Evolution proposal SE-0234).

Lower Cost iOS Devices

Joe Rossignol:

The report claims that just one in four Indians own a smartphone, providing Apple with an opportunity to sell iPhones to millions of new customers in the country. The issue is that India is a very price-sensitive market, with more than 75 percent of the smartphones sold in the country costing “less than $250.”

Apple-authorized reseller Flipkart continues to sell the iPhone SE in India for around $250, but other iPhone models are priced between the equivalent of $325 and $1,950 in the country, well above the budgets of many Indian customers.

Simone Manganelli:

Apple’s incompetence here is absurd. This is so easy. Release new, low-cost, iPhone SE 2 with updated processor. You’ve already produced this phone at scale.

Nilay Patel:

Apple just dropped the price of the iPad to $229 on Amazon and Walmart. Apple just reached a deal to sell directly on Amazon, so it’s selling the iPad cheaper on Amazon than its own stores.

Michael Love:

This is a much bigger deal than the amount of coverage would suggest; Apple appear to have pulled off something with iPad that they’ve never managed with iPhone, differentiating the high-end $1000 model sufficiently that they can comfortably offer a low-end one for $200.

The iPhone 7 is currently $449 but that’s 2 years old, too expensive relative to Android + not cheap enough relative to the XR to be a game changer. Put an A12 in a 6/7/8 chassis and charge $300 and you’ll convert a lot of Android users while still making a healthy profit.

That they haven’t done this leads me to an interesting inference about services / accessories revenue, namely, it’s mostly coming from high-end users; the reason Apple doesn’t have a $300 iPhone is because they wouldn’t expect it to produce much more than that $300 in revenue.

Previously: 2018 iPhone Sales.

Update (2019-07-16): Tim Hardwick:

Apple has reportedly stopped selling iPhone SE, iPhone 6, iPhone 6 Plus, and iPhone 6s Plus in India, meaning anyone in the market for a new Apple smartphone will have to shell out more for a later model.

According to The Economic Times, the strategy indicates Apple is no longer prioritizing shifting iPhones in the country by volume and is instead refocusing efforts on increasing its revenue there.