Archive for January 25, 2019

Friday, January 25, 2019 [Tweets] [Favorites]

Xcode 10.2 Beta Release Notes

Apple:

Resolved an issue that affected app compatibility with iOS 9.0, 9.1, and 9.2 when distributing an app for local or enterprise distribution. App asset catalogs built using Xcode 10 with a deployment target of iOS 9.0, 9.1 or 9.2 produced content incompatible with the runtimes of those iOS versions when distributed using local or enterprise distribution. Rebuilding the app with Xcode 10.2 resolves this issue.

[…]

On iOS and watchOS, Xcode shows the memory limit for running apps in the Memory Report as you approach the limit. Use Instruments and Xcode Memory Debugging to optimize your app to have the smallest possible memory footprint.

[…]

You can now use $0, $1, … shorthands in LLDB expression evaluation inside closures.

[…]

The LLDB debugger has a new command alias, v, for the “frame variable” command to print variables in the current stack frame. Because it bypasses the expression evaluator, v can be a lot faster and should be preferred over p or po.

[…]

Opening a project that uses any deprecated localization identifiers now produces a warning for each one used. Selecting one of these warnings presents an assistant for migrating files in the associated legacy “lproj” directories to “lproj” directories named for the equivalent modern identifier. If necessary, this process also updates the project’s development region to a modern identifier. Migrated projects are compatible with older versions of Xcode.

[…]

When you’re building an archive of a macOS app and using a Developer ID signing certificate, Xcode includes a secure timestamp in the archive’s signature. As a result, you can now submit an archived app to Apple’s notary service with xcrun altool without first needing to re-sign it with a timestamp.

When you’re building an archive of a macOS app, Xcode no longer injects the com.apple.security.get-task-allow entitlement into the app’s signature. As a result, you can now submit an archived app to Apple’s notary service using xcrun altool without first needing to strip this entitlement.

Jesse Squires:

Apple’s new release notes pages for Xcode are 👌

No more PDFs and not behind a login.

Let’s see whether this URL stays up. Apple’s release notes tend to disappear or move around, e.g. to here (which is hard to find in Google).

Dave DeLong:

Well hello there… #ObjectiveC #Runtime #Funtime #iOS12

[…]

Fundamentally [objc_setHook_getClass()] allows you to interpose objc_getClass() (and therefore NSClassFromString())

So yeah, you could use it for doing class posing. I was thinking it would be for decoding ancient nibs and replacing unknown classes with a generic KVC-compliant proxy

Previously:

Update (2019-01-28): Greg Parker:

You can’t use this to pose as a class: the hook is only called if the class is not already known to exist. It’s intended for Swift to register some of its classes on demand, such as instantiations of Swift generics, that the ObjC runtime can’t see up front.

Benjamin Mayo:

Fans of dark IDEs but not Mojave’s Dark Mode overall theme will be happy: Xcode 10.2 “Always use Dark”.

stephen ryner jr:

Time to upgrade to Mojave, I guess

Jeff Johnson notes that Xcode’s requirement for macOS 10.14 creates problems when deploying to an earlier macOS version. You can no longer debug your app on that version using the current version of Xcode. But if you stay with the older version of Xcode, you can’t use the new SDK. This didn’t used to a problem because Xcode used to support (and include SDKs for) multiple macOS versions.

Jim Rea:

Yes, this is a huge problem. Because of this I’m usually running a couple versions behind with both macOS and Xcode on my dev machine, currently running macOS 10.12 and Xcode 8 (my code is 100% ObjC). Not great, but it seems to be my least bad option.

Update (2019-02-04): The Xcode 10.2 beta 2 Release Notes:

The new release notes don’t seem to say what’s new in this beta. And the beta 1 release notes now redirect to the beta 2 ones, so you can’t actually compare the two pages.

So I now think this is worse than the old PDF release notes.

Malicious Shortcuts

Simeon:

I’ve just been made aware (by @AvimanyuRoy3) that it is trivially easy to steal highly sensitive & personal information from an iPhone via Shortcuts

Just browsing through the malicious Shortcut is mind blowing

You’ll be unsettled what your phone has on you

From highly personal contacts, names you’ve typed into iMessage, addresses, browsing history, app usage, file contents

I’d even loaded the entire text of Dickens’ David Copperfield into Codea recently to test editing performance. Names and places from the story were indexed

This was from a Shortcut that was disguised to look like a memory cleaner. But it really zipped the above data, uploaded it, then sent the link via iMessage to an attacker. The details were obfuscated in the shortcut through base64 encoding

You couldn’t expect a reasonable user to know what they were agreeing to run when receiving an Apple-hosted link to this shortcut

With automatic scheduling of shortcuts you could possibly trick someone into running a key logger

I’ve disclosed all the details to Apple and hope that they fix it, but the more Shortcuts becomes mainstream, the more people need to be aware of how they can be powerfully misused

WeChat’s Apps Within an App

Eustance Huang (via Jack Purcher):

The WeChat update, which came out this week, involves a redesign in the way mini-programs — apps within the app — are presented. With that change, users now “essentially have a second home screen” on their phones, said Matthew Brennan, co-founder and managing director at consultancy China Channel.

I don’t understand how this doesn’t run afoul of Apple’s guideline:

2.5.8 Apps that create alternate desktop/home screen environments or simulate multi-app widget experiences will be rejected.

Previously:

25 Years Ago: RAM Doubler Debuts

Adam Engst:

First up—check out this piece I wrote from the 1994 Macworld Expo San Francisco: “RAM Doubler” (10 January 1994). Developed by Connectix, RAM Doubler was one of the most magical utilities of the early days of the Macintosh. As its name suggested, RAM Doubler promised to double the amount of usable RAM in your Mac, and amazingly, it generally delivered.

That was a big deal back in 1994 because RAM was shockingly expensive—$300 for an 8 MB SIMM at a time when I had 20 MB in my Centris 660AV. For $50, RAM Doubler would double whatever you had: 8 MB to 16 MB, or 20 MB to 40 MB. It was astonishing.

One of the best Mac apps ever. In reading my review of RAM Doubler 2, I was amused to remember that a key feature of RAM Doubler was saving scarce hard drive space. Apple’s virtual memory required space equal to the amount of RAM, even to enable file mapping, whereas RAM Doubler could do that without needing any space. And its swap file only had to be the size of the spill, rather than the total amount of virtual memory.

Update (2019-01-28): Shawn King:

It was freaking magic.

John Gruber:

The most amazing thing, in hindsight, isn’t that compression and clever virtual memory techniques could double your memory — it’s that Mac OS was so open that something as low-level as RAM Doubler was even possible. Effectively, a Mac running RAM Doubler was running a fork of the OS — not just a subtle fork but a fork where the entire memory manager was written by a third party.

In hindsight, the lack of protected memory and disk permissions in classic Mac OS are generally only looked back upon as severe deficiencies. And there certainly were deep problems with that architecture — one app or extension crashing often resulted in the entire machine going down. But that anything goes openness also resulted in tremendous opportunities for third-party software.